From 085188996c2e6d56e47e534e888768d4130fcfb1 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 14 Mar 2014 12:43:45 -0700
Subject: [PATCH 001/900] Initial port of Secuirty base package from Katana.

---
 .gitattributes                                |  50 ++++
 .gitignore                                    |  24 ++
 NuGet.Config                                  |  13 +
 Security.sln                                  |  34 +++
 build.cmd                                     |  23 ++
 global.json                                   |   3 +
 makefile.shade                                |   7 +
 .../AppBuilderSecurityExtensions.cs           |  57 ++++
 .../AuthenticationMode.cs                     |  22 ++
 .../AuthenticationOptions.cs                  |  49 ++++
 .../AuthenticationTicket.cs                   |  33 +++
 ...ertificateSubjectKeyIdentifierValidator.cs |  88 ++++++
 ...ertificateSubjectPublicKeyInfoValidator.cs | 135 ++++++++++
 .../CertificateThumbprintValidator.cs         |  81 ++++++
 src/Microsoft.AspNet.Security/Constants.cs    |  15 ++
 .../DataHandler/Encoder/Base64TextEncoder.cs  |  19 ++
 .../Encoder/Base64UrlTextEncoder.cs           |  39 +++
 .../DataHandler/Encoder/ITextEncoder.cs       |  10 +
 .../DataHandler/Encoder/TextEncodings.cs      |  20 ++
 .../DataHandler/ISecureDataFormat.cs          |  10 +
 .../DataHandler/PropertiesDataFormat.cs       |  16 ++
 .../DataHandler/SecureDataFormat.cs           |  63 +++++
 .../DataHandler/Serializer/DataSerializers.cs |  17 ++
 .../DataHandler/Serializer/IDataSerializer.cs |  10 +
 .../Serializer/PropertiesSerializer.cs        |  82 ++++++
 .../Serializer/TicketSerializer.cs            | 136 ++++++++++
 .../DataHandler/TicketDataFormat.cs           |  15 ++
 .../ICertificateValidator.cs                  |  28 ++
 .../Infrastructure/AuthenticationHandler.cs   | 252 ++++++++++++++++++
 .../Infrastructure/AuthenticationHandler`1.cs |  28 ++
 .../AuthenticationMiddleware.cs               |  39 +++
 .../AuthenticationTokenCreateContext.cs       |  49 ++++
 .../AuthenticationTokenProvider.cs            |  72 +++++
 .../AuthenticationTokenReceiveContext.cs      |  48 ++++
 .../Infrastructure/Constants.cs               |  10 +
 .../IAuthenticationTokenProvider.cs           |  14 +
 .../Infrastructure/OwinRequestExtensions.cs   |  72 +++++
 .../Infrastructure/SecurityHelper.cs          | 188 +++++++++++++
 .../AuthenticationFailedNotification.cs       |  18 ++
 .../MessageReceivedNotification.cs            |  15 ++
 ...edirectFromIdentityProviderNotification.cs |  17 ++
 .../RedirectToIdentityProviderNotification.cs |  15 ++
 .../SecurityTokenReceivedNotification.cs      |  15 ++
 .../SecurityTokenValidatedNotification.cs     |  15 ++
 .../Provider/BaseContext.cs                   |  26 ++
 .../Provider/BaseContext`1.cs                 |  32 +++
 .../Provider/EndpointContext.cs               |  21 ++
 .../Provider/EndpointContext`1.cs             |  34 +++
 .../Provider/ReturnEndpointContext.cs         |  31 +++
 .../Resources.Designer.cs                     |  99 +++++++
 src/Microsoft.AspNet.Security/Resources.resx  | 132 +++++++++
 .../SubjectPublicKeyInfoAlgorithm.cs          |  13 +
 src/Microsoft.AspNet.Security/Win32.cs        |  95 +++++++
 src/Microsoft.AspNet.Security/project.json    |  40 +++
 54 files changed, 2489 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 NuGet.Config
 create mode 100644 Security.sln
 create mode 100644 build.cmd
 create mode 100644 global.json
 create mode 100644 makefile.shade
 create mode 100644 src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security/AuthenticationMode.cs
 create mode 100644 src/Microsoft.AspNet.Security/AuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security/AuthenticationTicket.cs
 create mode 100644 src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
 create mode 100644 src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
 create mode 100644 src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
 create mode 100644 src/Microsoft.AspNet.Security/Constants.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
 create mode 100644 src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
 create mode 100644 src/Microsoft.AspNet.Security/ICertificateValidator.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security/Provider/BaseContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/Provider/BaseContext`1.cs
 create mode 100644 src/Microsoft.AspNet.Security/Provider/EndpointContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/Provider/EndpointContext`1.cs
 create mode 100644 src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security/Resources.resx
 create mode 100644 src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
 create mode 100644 src/Microsoft.AspNet.Security/Win32.cs
 create mode 100644 src/Microsoft.AspNet.Security/project.json

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000..bdaa5ba982
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,50 @@
+*.doc  diff=astextplain
+*.DOC	diff=astextplain
+*.docx	diff=astextplain
+*.DOCX	diff=astextplain
+*.dot	diff=astextplain
+*.DOT	diff=astextplain
+*.pdf	diff=astextplain
+*.PDF	diff=astextplain
+*.rtf	diff=astextplain
+*.RTF	diff=astextplain
+
+*.jpg  	binary
+*.png 	binary
+*.gif 	binary
+
+*.cs text=auto diff=csharp 
+*.vb text=auto
+*.resx text=auto
+*.c text=auto
+*.cpp text=auto
+*.cxx text=auto
+*.h text=auto
+*.hxx text=auto
+*.py text=auto
+*.rb text=auto
+*.java text=auto
+*.html text=auto
+*.htm text=auto
+*.css text=auto
+*.scss text=auto
+*.sass text=auto
+*.less text=auto
+*.js text=auto
+*.lisp text=auto
+*.clj text=auto
+*.sql text=auto
+*.php text=auto
+*.lua text=auto
+*.m text=auto
+*.asm text=auto
+*.erl text=auto
+*.fs text=auto
+*.fsx text=auto
+*.hs text=auto
+
+*.csproj text=auto
+*.vbproj text=auto
+*.fsproj text=auto
+*.dbproj text=auto
+*.sln text=auto eol=crlf
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..8bc217058d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,24 @@
+[Oo]bj/
+[Bb]in/
+TestResults/
+.nuget/
+_ReSharper.*/
+packages/
+artifacts/
+PublishProfiles/
+*.user
+*.suo
+*.cache
+*.docstates
+_ReSharper.*
+nuget.exe
+*net45.csproj
+*k10.csproj
+*.psess
+*.vsp
+*.pidb
+*.userprefs
+*DS_Store
+*.ncrunchsolution
+*.*sdf
+*.ipch
\ No newline at end of file
diff --git a/NuGet.Config b/NuGet.Config
new file mode 100644
index 0000000000..a059188b09
--- /dev/null
+++ b/NuGet.Config
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <packageSources>
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="NuGet.org" value="https://nuget.org/api/v2/" />
+  </packageSources>
+  <packageSourceCredentials>
+    <AspNetVNext>
+      <add key="Username" value="aspnetreadonly" />
+      <add key="ClearTextPassword" value="4d8a2d9c-7b80-4162-9978-47e918c9658c" />
+    </AspNetVNext>
+  </packageSourceCredentials>
+</configuration>
\ No newline at end of file
diff --git a/Security.sln b/Security.sln
new file mode 100644
index 0000000000..5a80619fc3
--- /dev/null
+++ b/Security.sln
@@ -0,0 +1,34 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.30203.2
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.net45", "src\Microsoft.AspNet.Security\Microsoft.AspNet.Security.net45.csproj", "{70640501-CCBB-4FD7-8231-329B6A436DE4}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.k10", "src\Microsoft.AspNet.Security\Microsoft.AspNet.Security.k10.csproj", "{F2391907-4463-4650-AEA4-E1B5733105C4}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F2391907-4463-4650-AEA4-E1B5733105C4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F2391907-4463-4650-AEA4-E1B5733105C4}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F2391907-4463-4650-AEA4-E1B5733105C4}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F2391907-4463-4650-AEA4-E1B5733105C4}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{70640501-CCBB-4FD7-8231-329B6A436DE4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{F2391907-4463-4650-AEA4-E1B5733105C4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+	EndGlobalSection
+EndGlobal
diff --git a/build.cmd b/build.cmd
new file mode 100644
index 0000000000..7045ee1f84
--- /dev/null
+++ b/build.cmd
@@ -0,0 +1,23 @@
+@echo off
+cd %~dp0
+
+SETLOCAL
+SET CACHED_NUGET=%LocalAppData%\NuGet\NuGet.exe
+
+IF EXIST %CACHED_NUGET% goto copynuget
+echo Downloading latest version of NuGet.exe...
+IF NOT EXIST %LocalAppData%\NuGet md %LocalAppData%\NuGet
+@powershell -NoProfile -ExecutionPolicy unrestricted -Command "$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest 'https://www.nuget.org/nuget.exe' -OutFile '%CACHED_NUGET%'"
+
+:copynuget
+IF EXIST .nuget\nuget.exe goto restore
+md .nuget
+copy %CACHED_NUGET% .nuget\nuget.exe > nul
+
+:restore
+IF EXIST packages\KoreBuild goto run
+.nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
+.nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
+
+:run
+packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
diff --git a/global.json b/global.json
new file mode 100644
index 0000000000..840c36f6ad
--- /dev/null
+++ b/global.json
@@ -0,0 +1,3 @@
+{
+    "sources": ["src"]
+}
\ No newline at end of file
diff --git a/makefile.shade b/makefile.shade
new file mode 100644
index 0000000000..6357ea2841
--- /dev/null
+++ b/makefile.shade
@@ -0,0 +1,7 @@
+
+var VERSION='0.1'
+var FULL_VERSION='0.1'
+var AUTHORS='Microsoft'
+
+use-standard-lifecycle
+k-standard-goals
diff --git a/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs b/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
new file mode 100644
index 0000000000..36c0e04ee2
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
@@ -0,0 +1,57 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+/* TODO:
+using System;
+using Owin;
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Provides extensions methods for app.Property values that are only needed by implementations of authentication middleware.
+    /// </summary>
+    public static class AppBuilderSecurityExtensions
+    {
+        /// <summary>
+        /// Returns the previously set AuthenticationType that external sign in middleware should use when the
+        /// browser navigates back to their return url.
+        /// </summary>
+        /// <param name="app">App builder passed to the application startup code</param>
+        /// <returns></returns>
+        public static string GetDefaultSignInAsAuthenticationType(this IAppBuilder app)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException("app");
+            }
+            object value;
+            if (app.Properties.TryGetValue(Constants.DefaultSignInAsAuthenticationType, out value))
+            {
+                var authenticationType = value as string;
+                if (!string.IsNullOrEmpty(authenticationType))
+                {
+                    return authenticationType;
+                }
+            }
+            throw new InvalidOperationException(Resources.Exception_MissingDefaultSignInAsAuthenticationType);
+        }
+
+        /// <summary>
+        /// Called by middleware to change the name of the AuthenticationType that external middleware should use
+        /// when the browser navigates back to their return url.
+        /// </summary>
+        /// <param name="app">App builder passed to the application startup code</param>
+        /// <param name="authenticationType">AuthenticationType that external middleware should sign in as.</param>
+        public static void SetDefaultSignInAsAuthenticationType(this IAppBuilder app, string authenticationType)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException("app");
+            }
+            if (authenticationType == null)
+            {
+                throw new ArgumentNullException("authenticationType");
+            }
+            app.Properties[Constants.DefaultSignInAsAuthenticationType] = authenticationType;
+        }
+    }
+}
+*/
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthenticationMode.cs b/src/Microsoft.AspNet.Security/AuthenticationMode.cs
new file mode 100644
index 0000000000..ba7aff904d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthenticationMode.cs
@@ -0,0 +1,22 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Controls the behavior of authentication middleware
+    /// </summary>
+    public enum AuthenticationMode
+    {
+        /// <summary>
+        /// In Active mode the authentication middleware will alter the user identity as the request arrives, and
+        /// will also alter a plain 401 as the response leaves.
+        /// </summary>
+        Active,
+
+        /// <summary>
+        /// In Passive mode the authentication middleware will only provide user identity when asked, and will only
+        /// alter 401 responses where the authentication type named in the extra challenge data.
+        /// </summary>
+        Passive
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
new file mode 100644
index 0000000000..262bce7f3e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Base Options for all authentication middleware
+    /// </summary>
+    public abstract class AuthenticationOptions
+    {
+        private string _authenticationType;
+
+        /// <summary>
+        /// Initialize properties of AuthenticationOptions base class
+        /// </summary>
+        /// <param name="authenticationType">Assigned to the AuthenticationType property</param>
+        protected AuthenticationOptions(string authenticationType)
+        {
+            Description = new AuthenticationDescription();
+            AuthenticationType = authenticationType;
+            AuthenticationMode = AuthenticationMode.Active;
+        }
+
+        /// <summary>
+        /// The AuthenticationType in the options corresponds to the IIdentity AuthenticationType property. A different
+        /// value may be assigned in order to use the same authentication middleware type more than once in a pipeline.
+        /// </summary>
+        public string AuthenticationType
+        {
+            get { return _authenticationType; }
+            set
+            {
+                _authenticationType = value;
+                Description.AuthenticationType = value;
+            }
+        }
+
+        /// <summary>
+        /// If Active the authentication middleware alter the request user coming in and
+        /// alter 401 Unauthorized responses going out. If Passive the authentication middleware will only provide
+        /// identity and alter responses when explicitly indicated by the AuthenticationType.
+        /// </summary>
+        public AuthenticationMode AuthenticationMode { get; set; }
+
+        /// <summary>
+        /// Additional information about the authentication type which is made available to the application.
+        /// </summary>
+        public AuthenticationDescription Description { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
new file mode 100644
index 0000000000..ac2e31006f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Contains user identity information as well as additional authentication state.
+    /// </summary>
+    public class AuthenticationTicket
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
+        /// </summary>
+        /// <param name="identity"></param>
+        /// <param name="properties"></param>
+        public AuthenticationTicket(ClaimsIdentity identity, AuthenticationProperties properties)
+        {
+            Identity = identity;
+            Properties = properties ?? new AuthenticationProperties();
+        }
+
+        /// <summary>
+        /// Gets the authenticated user identity.
+        /// </summary>
+        public ClaimsIdentity Identity { get; private set; }
+
+        /// <summary>
+        /// Additional state values for the authentication session.
+        /// </summary>
+        public AuthenticationProperties Properties { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
new file mode 100644
index 0000000000..8c1ade928f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
@@ -0,0 +1,88 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+/* TODO:
+using System;
+using System.Collections.Generic;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Provides pinned certificate validation based on the subject key identifier of the certificate.
+    /// </summary>
+    public class CertificateSubjectKeyIdentifierValidator : ICertificateValidator
+    {
+        private readonly HashSet<string> _validSubjectKeyIdentifiers;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CertificateSubjectKeyIdentifierValidator"/> class.
+        /// </summary>
+        /// <param name="validSubjectKeyIdentifiers">A set of subject key identifiers which are valid for an HTTPS request.</param>
+        public CertificateSubjectKeyIdentifierValidator(IEnumerable<string> validSubjectKeyIdentifiers)
+        {
+            if (validSubjectKeyIdentifiers == null)
+            {
+                throw new ArgumentNullException("validSubjectKeyIdentifiers");
+            }
+
+            _validSubjectKeyIdentifiers = new HashSet<string>(validSubjectKeyIdentifiers, StringComparer.OrdinalIgnoreCase);
+
+            if (_validSubjectKeyIdentifiers.Count == 0)
+            {
+                throw new ArgumentOutOfRangeException("validSubjectKeyIdentifiers");
+            }
+        }
+
+        /// <summary>
+        /// Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.
+        /// </summary>
+        /// <param name="sender">An object that contains state information for this validation.</param>
+        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
+        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
+        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
+        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
+        public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        {
+            if (sslPolicyErrors != SslPolicyErrors.None)
+            {
+                return false;
+            }
+
+            if (chain == null)
+            {
+                throw new ArgumentNullException("chain");
+            }
+
+            if (chain.ChainElements.Count < 2)
+            {
+                // Self signed.
+                return false;
+            }
+
+            foreach (var chainElement in chain.ChainElements)
+            {
+                string subjectKeyIdentifier = GetSubjectKeyIdentifier(chainElement.Certificate);
+                if (string.IsNullOrWhiteSpace(subjectKeyIdentifier))
+                {
+                    continue;
+                }
+
+                if (_validSubjectKeyIdentifiers.Contains(subjectKeyIdentifier))
+                {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+
+        private static string GetSubjectKeyIdentifier(X509Certificate2 certificate)
+        {
+            const string SubjectKeyIdentifierOid = "2.5.29.14";
+            var extension = certificate.Extensions[SubjectKeyIdentifierOid] as X509SubjectKeyIdentifierExtension;
+
+            return extension == null ? null : extension.SubjectKeyIdentifier;
+        }
+    }
+}
+*/
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
new file mode 100644
index 0000000000..119b553f21
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
@@ -0,0 +1,135 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+/* TODO:
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
+using System.Net.Security;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using Microsoft.Win32;
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Implements a cert pinning validator passed on 
+    /// http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/?include_text=1
+    /// </summary>
+    public class CertificateSubjectPublicKeyInfoValidator : ICertificateValidator
+    {
+        private readonly HashSet<string> _validBase64EncodedSubjectPublicKeyInfoHashes;
+
+        private readonly SubjectPublicKeyInfoAlgorithm _algorithm;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CertificateSubjectPublicKeyInfoValidator"/> class.
+        /// </summary>
+        /// <param name="validBase64EncodedSubjectPublicKeyInfoHashes">A collection of valid base64 encoded hashes of the certificate public key information blob.</param>
+        /// <param name="algorithm">The algorithm used to generate the hashes.</param>
+        public CertificateSubjectPublicKeyInfoValidator(IEnumerable<string> validBase64EncodedSubjectPublicKeyInfoHashes, SubjectPublicKeyInfoAlgorithm algorithm)
+        {
+            if (validBase64EncodedSubjectPublicKeyInfoHashes == null)
+            {
+                throw new ArgumentNullException("validBase64EncodedSubjectPublicKeyInfoHashes");
+            }
+
+            _validBase64EncodedSubjectPublicKeyInfoHashes = new HashSet<string>(validBase64EncodedSubjectPublicKeyInfoHashes);
+
+            if (_validBase64EncodedSubjectPublicKeyInfoHashes.Count == 0)
+            {
+                throw new ArgumentOutOfRangeException("validBase64EncodedSubjectPublicKeyInfoHashes");
+            }
+
+            if (_algorithm != SubjectPublicKeyInfoAlgorithm.Sha1 && _algorithm != SubjectPublicKeyInfoAlgorithm.Sha256)
+            {
+                throw new ArgumentOutOfRangeException("algorithm");
+            }
+
+            _algorithm = algorithm;
+        }
+
+        /// <summary>
+        /// Validates at least one SPKI hash is known.
+        /// </summary>
+        /// <param name="sender">An object that contains state information for this validation.</param>
+        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
+        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
+        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
+        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
+        public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        {
+            if (sslPolicyErrors != SslPolicyErrors.None)
+            {
+                return false;
+            }
+
+            if (chain == null)
+            {
+                throw new ArgumentNullException("chain");
+            }
+
+            if (chain.ChainElements.Count < 2)
+            {
+                return false;
+            }
+
+            using (HashAlgorithm algorithm = CreateHashAlgorithm())
+            {
+                foreach (var chainElement in chain.ChainElements)
+                {
+                    X509Certificate2 chainedCertificate = chainElement.Certificate;
+                    string base64Spki = Convert.ToBase64String(algorithm.ComputeHash(ExtractSpkiBlob(chainedCertificate)));
+                    if (_validBase64EncodedSubjectPublicKeyInfoHashes.Contains(base64Spki))
+                    {
+                        return true;
+                    }
+                }
+            }
+
+            return false;
+        }
+
+        private static byte[] ExtractSpkiBlob(X509Certificate2 certificate)
+        {
+            // Get a native cert_context from the managed X590Certificate2 instance.
+            var certContext = (NativeMethods.CERT_CONTEXT)Marshal.PtrToStructure(certificate.Handle, typeof(NativeMethods.CERT_CONTEXT));
+
+            // Pull the CERT_INFO structure from the context.
+            var certInfo = (NativeMethods.CERT_INFO)Marshal.PtrToStructure(certContext.pCertInfo, typeof(NativeMethods.CERT_INFO));
+
+            // And finally grab the key information, public key, algorithm and parameters from it.
+            NativeMethods.CERT_PUBLIC_KEY_INFO publicKeyInfo = certInfo.SubjectPublicKeyInfo;
+
+            // Now start encoding to ASN1.
+            // First see how large the ASN1 representation is going to be.
+            UInt32 blobSize = 0;
+            var structType = new IntPtr(NativeMethods.X509_PUBLIC_KEY_INFO);
+            if (!NativeMethods.CryptEncodeObject(NativeMethods.X509_ASN_ENCODING, structType, ref publicKeyInfo, null, ref blobSize))
+            {
+                int error = Marshal.GetLastWin32Error();
+                throw new Win32Exception(error);
+            }
+
+            // Allocate enough space.
+            var blob = new byte[blobSize];
+
+            // Finally get the ASN1 representation.
+            if (!NativeMethods.CryptEncodeObject(NativeMethods.X509_ASN_ENCODING, structType, ref publicKeyInfo, blob, ref blobSize))
+            {
+                int error = Marshal.GetLastWin32Error();
+                throw new Win32Exception(error);
+            }
+
+            return blob;
+        }
+
+        [SuppressMessage("Microsoft.Security.Cryptography", "CA5354:SHA1CannotBeUsed", Justification = "Only used to verify cert hashes.")]
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Caller is responsible for disposal.")]
+        private HashAlgorithm CreateHashAlgorithm()
+        {
+            return _algorithm == SubjectPublicKeyInfoAlgorithm.Sha1 ? (HashAlgorithm)new SHA1CryptoServiceProvider() : new SHA256CryptoServiceProvider();
+        }
+    }
+}
+*/
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
new file mode 100644
index 0000000000..cc1fddf397
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
@@ -0,0 +1,81 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+/* TODO:
+using System;
+using System.Collections.Generic;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Provides pinned certificate validation based on the certificate thumbprint.
+    /// </summary>
+    public class CertificateThumbprintValidator : ICertificateValidator
+    {
+        private readonly HashSet<string> _validCertificateThumbprints;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CertificateThumbprintValidator"/> class.
+        /// </summary>
+        /// <param name="validThumbprints">A set of thumbprints which are valid for an HTTPS request.</param>
+        public CertificateThumbprintValidator(IEnumerable<string> validThumbprints)
+        {
+            if (validThumbprints == null)
+            {
+                throw new ArgumentNullException("validThumbprints");
+            }
+
+            _validCertificateThumbprints = new HashSet<string>(validThumbprints, StringComparer.OrdinalIgnoreCase);
+
+            if (_validCertificateThumbprints.Count == 0)
+            {
+                throw new ArgumentOutOfRangeException("validThumbprints");
+            }
+        }
+
+        /// <summary>
+        /// Validates that the certificate thumbprints in the signing chain match at least one whitelisted thumbprint.
+        /// </summary>
+        /// <param name="sender">An object that contains state information for this validation.</param>
+        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
+        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
+        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
+        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
+        public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        {
+            if (sslPolicyErrors != SslPolicyErrors.None)
+            {
+                return false;
+            }
+
+            if (chain == null)
+            {
+                throw new ArgumentNullException("chain");
+            }
+
+            if (chain.ChainElements.Count < 2)
+            {
+                // Self signed.
+                return false;
+            }
+
+            foreach (var chainElement in chain.ChainElements)
+            {
+                string thumbprintToCheck = chainElement.Certificate.Thumbprint;
+
+                if (thumbprintToCheck == null)
+                {
+                    continue;
+                }
+
+                if (_validCertificateThumbprints.Contains(thumbprintToCheck))
+                {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+    }
+}
+*/
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Constants.cs b/src/Microsoft.AspNet.Security/Constants.cs
new file mode 100644
index 0000000000..50d4dfe0af
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Constants.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// String constants used only by the Security assembly
+    /// </summary>
+    internal static class Constants
+    {
+        /// <summary>
+        /// Used by middleware extension methods to coordinate the default value Options property SignInAsAuthenticationType
+        /// </summary>
+        public const string DefaultSignInAsAuthenticationType = "Microsoft.AspNet.Security.Constants.DefaultSignInAsAuthenticationType";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
new file mode 100644
index 0000000000..29acfcb207
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.DataHandler.Encoder
+{
+    public class Base64TextEncoder : ITextEncoder
+    {
+        public string Encode(byte[] data)
+        {
+            return Convert.ToBase64String(data);
+        }
+
+        public byte[] Decode(string text)
+        {
+            return Convert.FromBase64String(text);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
new file mode 100644
index 0000000000..ca377ae65e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.DataHandler.Encoder
+{
+    public class Base64UrlTextEncoder : ITextEncoder
+    {
+        public string Encode(byte[] data)
+        {
+            if (data == null)
+            {
+                throw new ArgumentNullException("data");
+            }
+
+            return Convert.ToBase64String(data).TrimEnd('=').Replace('+', '-').Replace('/', '_');
+        }
+
+        public byte[] Decode(string text)
+        {
+            if (text == null)
+            {
+                throw new ArgumentNullException("text");
+            }
+
+            return Convert.FromBase64String(Pad(text.Replace('-', '+').Replace('_', '/')));
+        }
+
+        private static string Pad(string text)
+        {
+            var padding = 3 - ((text.Length + 3) % 4);
+            if (padding == 0)
+            {
+                return text;
+            }
+            return text + new string('=', padding);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
new file mode 100644
index 0000000000..ce61e8fb9b
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.DataHandler.Encoder
+{
+    public interface ITextEncoder
+    {
+        string Encode(byte[] data);
+        byte[] Decode(string text);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
new file mode 100644
index 0000000000..45b29107d2
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.DataHandler.Encoder
+{
+    public static class TextEncodings
+    {
+        private static readonly ITextEncoder Base64Instance = new Base64TextEncoder();
+        private static readonly ITextEncoder Base64UrlInstance = new Base64UrlTextEncoder();
+
+        public static ITextEncoder Base64
+        {
+            get { return Base64Instance; }
+        }
+
+        public static ITextEncoder Base64Url
+        {
+            get { return Base64UrlInstance; }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
new file mode 100644
index 0000000000..f239150bae
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security
+{
+    public interface ISecureDataFormat<TData>
+    {
+        string Protect(TData data);
+        TData Unprotect(string protectedText);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
new file mode 100644
index 0000000000..54d69c4f57
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
@@ -0,0 +1,16 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Security.DataProtection;
+
+namespace Microsoft.AspNet.Security.DataHandler
+{
+    public class PropertiesDataFormat : SecureDataFormat<AuthenticationProperties>
+    {
+        public PropertiesDataFormat(IDataProtector protector)
+            : base(DataSerializers.Properties, protector, TextEncodings.Base64Url)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
new file mode 100644
index 0000000000..fa045e780e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
@@ -0,0 +1,63 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Security.DataProtection;
+
+namespace Microsoft.AspNet.Security.DataHandler
+{
+    public class SecureDataFormat<TData> : ISecureDataFormat<TData>
+    {
+        private readonly IDataSerializer<TData> _serializer;
+        private readonly IDataProtector _protector;
+        private readonly ITextEncoder _encoder;
+
+        public SecureDataFormat(IDataSerializer<TData> serializer, IDataProtector protector, ITextEncoder encoder)
+        {
+            _serializer = serializer;
+            _protector = protector;
+            _encoder = encoder;
+        }
+
+        public string Protect(TData data)
+        {
+            byte[] userData = _serializer.Serialize(data);
+            byte[] protectedData = _protector.Protect(userData);
+            string protectedText = _encoder.Encode(protectedData);
+            return protectedText;
+        }
+
+        [SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Exception will be traced")]
+        public TData Unprotect(string protectedText)
+        {
+            try
+            {
+                if (protectedText == null)
+                {
+                    return default(TData);
+                }
+
+                byte[] protectedData = _encoder.Decode(protectedText);
+                if (protectedData == null)
+                {
+                    return default(TData);
+                }
+
+                byte[] userData = _protector.Unprotect(protectedData);
+                if (userData == null)
+                {
+                    return default(TData);
+                }
+
+                TData model = _serializer.Deserialize(userData);
+                return model;
+            }
+            catch
+            {
+                // TODO trace exception, but do not leak other information
+                return default(TData);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
new file mode 100644
index 0000000000..59585f6f9b
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.DataHandler.Serializer
+{
+    public static class DataSerializers
+    {
+        static DataSerializers()
+        {
+            Properties = new PropertiesSerializer();
+            Ticket = new TicketSerializer();
+        }
+
+        public static IDataSerializer<AuthenticationProperties> Properties { get; set; }
+
+        public static IDataSerializer<AuthenticationTicket> Ticket { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
new file mode 100644
index 0000000000..8b9b77ae01
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.DataHandler.Serializer
+{
+    public interface IDataSerializer<TModel>
+    {
+        byte[] Serialize(TModel model);
+        TModel Deserialize(byte[] data);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
new file mode 100644
index 0000000000..2675932fc3
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
@@ -0,0 +1,82 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.IO;
+
+namespace Microsoft.AspNet.Security.DataHandler.Serializer
+{
+    public class PropertiesSerializer : IDataSerializer<AuthenticationProperties>
+    {
+        private const int FormatVersion = 1;
+
+        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
+        public byte[] Serialize(AuthenticationProperties model)
+        {
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new BinaryWriter(memory))
+                {
+                    Write(writer, model);
+                    writer.Flush();
+                    return memory.ToArray();
+                }
+            }
+        }
+
+        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
+        public AuthenticationProperties Deserialize(byte[] data)
+        {
+            using (var memory = new MemoryStream(data))
+            {
+                using (var reader = new BinaryReader(memory))
+                {
+                    return Read(reader);
+                }
+            }
+        }
+
+        public static void Write(BinaryWriter writer, AuthenticationProperties properties)
+        {
+            if (writer == null)
+            {
+                throw new ArgumentNullException("writer");
+            }
+            if (properties == null)
+            {
+                throw new ArgumentNullException("properties");
+            }
+
+            writer.Write(FormatVersion);
+            writer.Write(properties.Dictionary.Count);
+            foreach (var kv in properties.Dictionary)
+            {
+                writer.Write(kv.Key);
+                writer.Write(kv.Value);
+            }
+        }
+
+        public static AuthenticationProperties Read(BinaryReader reader)
+        {
+            if (reader == null)
+            {
+                throw new ArgumentNullException("reader");
+            }
+
+            if (reader.ReadInt32() != FormatVersion)
+            {
+                return null;
+            }
+            int count = reader.ReadInt32();
+            var extra = new Dictionary<string, string>(count);
+            for (int index = 0; index != count; ++index)
+            {
+                string key = reader.ReadString();
+                string value = reader.ReadString();
+                extra.Add(key, value);
+            }
+            return new AuthenticationProperties(extra);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
new file mode 100644
index 0000000000..4ca3c0a6af
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
@@ -0,0 +1,136 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.IO.Compression;
+using System.Linq;
+using System.Security.Claims;
+
+namespace Microsoft.AspNet.Security.DataHandler.Serializer
+{
+    public class TicketSerializer : IDataSerializer<AuthenticationTicket>
+    {
+        private const int FormatVersion = 2;
+
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
+        public virtual byte[] Serialize(AuthenticationTicket model)
+        {
+            using (var memory = new MemoryStream())
+            {
+                using (var compression = new GZipStream(memory, CompressionLevel.Optimal))
+                {
+                    using (var writer = new BinaryWriter(compression))
+                    {
+                        Write(writer, model);
+                    }
+                }
+                return memory.ToArray();
+            }
+        }
+
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
+        public virtual AuthenticationTicket Deserialize(byte[] data)
+        {
+            using (var memory = new MemoryStream(data))
+            {
+                using (var compression = new GZipStream(memory, CompressionMode.Decompress))
+                {
+                    using (var reader = new BinaryReader(compression))
+                    {
+                        return Read(reader);
+                    }
+                }
+            }
+        }
+
+        public static void Write(BinaryWriter writer, AuthenticationTicket model)
+        {
+            if (writer == null)
+            {
+                throw new ArgumentNullException("writer");
+            }
+            if (model == null)
+            {
+                throw new ArgumentNullException("model");
+            }
+
+            writer.Write(FormatVersion);
+            ClaimsIdentity identity = model.Identity;
+            writer.Write(identity.AuthenticationType);
+            WriteWithDefault(writer, identity.NameClaimType, DefaultValues.NameClaimType);
+            WriteWithDefault(writer, identity.RoleClaimType, DefaultValues.RoleClaimType);
+            writer.Write(identity.Claims.Count());
+            foreach (var claim in identity.Claims)
+            {
+                WriteWithDefault(writer, claim.Type, identity.NameClaimType);
+                writer.Write(claim.Value);
+                WriteWithDefault(writer, claim.ValueType, DefaultValues.StringValueType);
+                WriteWithDefault(writer, claim.Issuer, DefaultValues.LocalAuthority);
+                WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+            }
+            PropertiesSerializer.Write(writer, model.Properties);
+        }
+
+        public static AuthenticationTicket Read(BinaryReader reader)
+        {
+            if (reader == null)
+            {
+                throw new ArgumentNullException("reader");
+            }
+
+            if (reader.ReadInt32() != FormatVersion)
+            {
+                return null;
+            }
+
+            string authenticationType = reader.ReadString();
+            string nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
+            string roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
+            int count = reader.ReadInt32();
+            var claims = new Claim[count];
+            for (int index = 0; index != count; ++index)
+            {
+                string type = ReadWithDefault(reader, nameClaimType);
+                string value = reader.ReadString();
+                string valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
+                string issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
+                string originalIssuer = ReadWithDefault(reader, issuer);
+                claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
+            }
+            var identity = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
+            AuthenticationProperties properties = PropertiesSerializer.Read(reader);
+            return new AuthenticationTicket(identity, properties);
+        }
+
+        private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
+        {
+            if (string.Equals(value, defaultValue, StringComparison.Ordinal))
+            {
+                writer.Write(DefaultValues.DefaultStringPlaceholder);
+            }
+            else
+            {
+                writer.Write(value);
+            }
+        }
+
+        private static string ReadWithDefault(BinaryReader reader, string defaultValue)
+        {
+            string value = reader.ReadString();
+            if (string.Equals(value, DefaultValues.DefaultStringPlaceholder, StringComparison.Ordinal))
+            {
+                return defaultValue;
+            }
+            return value;
+        }
+
+        private static class DefaultValues
+        {
+            public const string DefaultStringPlaceholder = "\0";
+            public const string NameClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name";
+            public const string RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
+            public const string LocalAuthority = "LOCAL AUTHORITY";
+            public const string StringValueType = "http://www.w3.org/2001/XMLSchema#string";
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
new file mode 100644
index 0000000000..8d0d0c69f3
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Security.DataProtection;
+
+namespace Microsoft.AspNet.Security.DataHandler
+{
+    public class TicketDataFormat : SecureDataFormat<AuthenticationTicket>
+    {
+        public TicketDataFormat(IDataProtector protector) : base(DataSerializers.Ticket, protector, TextEncodings.Base64Url)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/ICertificateValidator.cs b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
new file mode 100644
index 0000000000..8d062aecfe
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+/* TODO:
+using System;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Interface for providing pinned certificate validation, which checks HTTPS 
+    /// communication against a known good list of certificates to protect against 
+    /// compromised or rogue CAs issuing certificates for hosts without the 
+    /// knowledge of the host owner.
+    /// </summary>
+    public interface ICertificateValidator
+    {
+        /// <summary>
+        /// Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.
+        /// </summary>
+        /// <param name="sender">An object that contains state information for this validation.</param>
+        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
+        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
+        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
+        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
+        bool Validate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
+    }
+}
+*/
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
new file mode 100644
index 0000000000..39d6596d3c
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -0,0 +1,252 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Security.Cryptography;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Logging;
+using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    /// <summary>
+    /// Base class for the per-request work performed by most authentication middleware.
+    /// </summary>
+    public abstract class AuthenticationHandler
+    {
+        private static readonly RNGCryptoServiceProvider Random = new RNGCryptoServiceProvider();
+
+        private object _registration;
+
+        private Task<AuthenticationTicket> _authenticate;
+        private bool _authenticateInitialized;
+        private object _authenticateSyncLock;
+
+        private Task _applyResponse;
+        private bool _applyResponseInitialized;
+        private object _applyResponseSyncLock;
+
+        private AuthenticationOptions _baseOptions;
+
+        protected HttpContext Context { get; private set; }
+
+        protected HttpRequest Request
+        {
+            get { return Context.Request; }
+        }
+
+        protected HttpResponse Response
+        {
+            get { return Context.Response; }
+        }
+
+        protected PathString RequestPathBase { get; private set; }
+        protected SecurityHelper Helper { get; private set; }
+
+        internal AuthenticationOptions BaseOptions
+        {
+            get { return _baseOptions; }
+        }
+
+        protected async Task BaseInitializeAsync(AuthenticationOptions options, HttpContext context)
+        {
+            _baseOptions = options;
+            Context = context;
+            Helper = new SecurityHelper(context);
+            RequestPathBase = Request.PathBase;
+
+            _registration = Request.RegisterAuthenticationHandler(this);
+
+            Response.OnSendingHeaders(OnSendingHeaderCallback, this);
+
+            await InitializeCoreAsync();
+
+            if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
+            {
+                AuthenticationTicket ticket = await AuthenticateAsync();
+                if (ticket != null && ticket.Identity != null)
+                {
+                    Helper.AddUserIdentity(ticket.Identity);
+                }
+            }
+        }
+
+        private static void OnSendingHeaderCallback(object state)
+        {
+            AuthenticationHandler handler = (AuthenticationHandler)state;
+            handler.ApplyResponseAsync().Wait();
+        }
+
+        protected virtual Task InitializeCoreAsync()
+        {
+            return Task.FromResult<object>(null);
+        }
+
+        /// <summary>
+        /// Called once per request after Initialize and Invoke. 
+        /// </summary>
+        /// <returns>async completion</returns>
+        internal async Task TeardownAsync()
+        {
+            await ApplyResponseAsync();
+            await TeardownCoreAsync();
+            Request.UnregisterAuthenticationHandler(_registration);
+        }
+
+        protected virtual Task TeardownCoreAsync()
+        {
+            return Task.FromResult<object>(null);
+        }
+
+        /// <summary>
+        /// Called once by common code after initialization. If an authentication middleware responds directly to
+        /// specifically known paths it must override this virtual, compare the request path to it's known paths, 
+        /// provide any response information as appropriate, and true to stop further processing.
+        /// </summary>
+        /// <returns>Returning false will cause the common code to call the next middleware in line. Returning true will
+        /// cause the common code to begin the async completion journey without calling the rest of the middleware
+        /// pipeline.</returns>
+        public virtual Task<bool> InvokeAsync()
+        {
+            return Task.FromResult<bool>(false);
+        }
+
+        /// <summary>
+        /// Causes the authentication logic in AuthenticateCore to be performed for the current request 
+        /// at most once and returns the results. Calling Authenticate more than once will always return 
+        /// the original value. 
+        /// 
+        /// This method should always be called instead of calling AuthenticateCore directly.
+        /// </summary>
+        /// <returns>The ticket data provided by the authentication logic</returns>
+        public Task<AuthenticationTicket> AuthenticateAsync()
+        {
+            return LazyInitializer.EnsureInitialized(
+                ref _authenticate,
+                ref _authenticateInitialized,
+                ref _authenticateSyncLock,
+                AuthenticateCoreAsync);
+        }
+
+        /// <summary>
+        /// The core authentication logic which must be provided by the handler. Will be invoked at most
+        /// once per request. Do not call directly, call the wrapping Authenticate method instead.
+        /// </summary>
+        /// <returns>The ticket data provided by the authentication logic</returns>
+        protected abstract Task<AuthenticationTicket> AuthenticateCoreAsync();
+
+        /// <summary>
+        /// Causes the ApplyResponseCore to be invoked at most once per request. This method will be
+        /// invoked either earlier, when the response headers are sent as a result of a response write or flush,
+        /// or later, as the last step when the original async call to the middleware is returning.
+        /// </summary>
+        /// <returns></returns>
+        private Task ApplyResponseAsync()
+        {
+            return LazyInitializer.EnsureInitialized(
+                ref _applyResponse,
+                ref _applyResponseInitialized,
+                ref _applyResponseSyncLock,
+                ApplyResponseCoreAsync);
+        }
+
+        /// <summary>
+        /// Core method that may be overridden by handler. The default behavior is to call two common response 
+        /// activities, one that deals with sign-in/sign-out concerns, and a second to deal with 401 challenges.
+        /// </summary>
+        /// <returns></returns>
+        protected virtual async Task ApplyResponseCoreAsync()
+        {
+            await ApplyResponseGrantAsync();
+            await ApplyResponseChallengeAsync();
+        }
+
+        /// <summary>
+        /// Override this method to dela with sign-in/sign-out concerns, if an authentication scheme in question
+        /// deals with grant/revoke as part of it's request flow. (like setting/deleting cookies)
+        /// </summary>
+        /// <returns></returns>
+        protected virtual Task ApplyResponseGrantAsync()
+        {
+            return Task.FromResult<object>(null);
+        }
+
+        /// <summary>
+        /// Override this method to dela with 401 challenge concerns, if an authentication scheme in question
+        /// deals an authentication interaction as part of it's request flow. (like adding a response header, or
+        /// changing the 401 result to 302 of a login page or external sign-in location.)
+        /// </summary>
+        /// <returns></returns>
+        protected virtual Task ApplyResponseChallengeAsync()
+        {
+            return Task.FromResult<object>(null);
+        }
+
+        protected void GenerateCorrelationId(AuthenticationProperties properties)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException("properties");
+            }
+
+            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
+
+            var nonceBytes = new byte[32];
+            Random.GetBytes(nonceBytes);
+            string correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsSecure
+            };
+
+            properties.Dictionary[correlationKey] = correlationId;
+
+            Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
+        }
+
+        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters",
+            MessageId = "Microsoft.Owin.Logging.LoggerExtensions.WriteWarning(Microsoft.Owin.Logging.ILogger,System.String,System.String[])",
+            Justification = "Logging is not Localized")]
+        protected bool ValidateCorrelationId(AuthenticationProperties properties, ILogger logger)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException("properties");
+            }
+
+            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
+
+            string correlationCookie = Request.Cookies[correlationKey];
+            if (string.IsNullOrWhiteSpace(correlationCookie))
+            {
+                logger.WriteWarning("{0} cookie not found.", correlationKey);
+                return false;
+            }
+
+            Response.Cookies.Delete(correlationKey);
+
+            string correlationExtra;
+            if (!properties.Dictionary.TryGetValue(
+                correlationKey,
+                out correlationExtra))
+            {
+                logger.WriteWarning("{0} state property not found.", correlationKey);
+                return false;
+            }
+
+            properties.Dictionary.Remove(correlationKey);
+
+            if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
+            {
+                logger.WriteWarning("{0} correlation cookie and state property mismatch.", correlationKey);
+                return false;
+            }
+
+            return true;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
new file mode 100644
index 0000000000..ef69d5f023
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    /// <summary>
+    /// Base class for the per-request work performed by most authentication middleware.
+    /// </summary>
+    /// <typeparam name="TOptions">Specifies which type for of AuthenticationOptions property</typeparam>
+    public abstract class AuthenticationHandler<TOptions> : AuthenticationHandler where TOptions : AuthenticationOptions
+    {
+        protected TOptions Options { get; private set; }
+
+        /// <summary>
+        /// Initialize is called once per request to contextualize this instance with appropriate state.
+        /// </summary>
+        /// <param name="options">The original options passed by the application control behavior</param>
+        /// <param name="context">The utility object to observe the current request and response</param>
+        /// <returns>async completion</returns>
+        internal Task Initialize(TOptions options, HttpContext context)
+        {
+            Options = options;
+            return BaseInitializeAsync(options, context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
new file mode 100644
index 0000000000..a77eb080e6
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions
+    {
+        private readonly RequestDelegate _next;
+
+        protected AuthenticationMiddleware(RequestDelegate next, TOptions options)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException("options");
+            }
+
+            Options = options;
+            _next = next;
+        }
+
+        public TOptions Options { get; set; }
+
+        public override async Task Invoke(HttpContext context)
+        {
+            AuthenticationHandler<TOptions> handler = CreateHandler();
+            await handler.Initialize(Options, context);
+            if (!await handler.InvokeAsync())
+            {
+                await _next(context);
+            }
+            await handler.TeardownAsync();
+        }
+
+        protected abstract AuthenticationHandler<TOptions> CreateHandler();
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
new file mode 100644
index 0000000000..228e01e1e5
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Security.Provider;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    public class AuthenticationTokenCreateContext : BaseContext
+    {
+        private readonly ISecureDataFormat<AuthenticationTicket> _secureDataFormat;
+
+        public AuthenticationTokenCreateContext(
+            HttpContext context,
+            ISecureDataFormat<AuthenticationTicket> secureDataFormat,
+            AuthenticationTicket ticket)
+            : base(context)
+        {
+            if (secureDataFormat == null)
+            {
+                throw new ArgumentNullException("secureDataFormat");
+            }
+            if (ticket == null)
+            {
+                throw new ArgumentNullException("ticket");
+            }
+            _secureDataFormat = secureDataFormat;
+            Ticket = ticket;
+        }
+
+        public string Token { get; protected set; }
+
+        public AuthenticationTicket Ticket { get; protected set; }
+
+        public string SerializeTicket()
+        {
+            return _secureDataFormat.Protect(Ticket);
+        }
+
+        public void SetToken(string tokenValue)
+        {
+            if (tokenValue == null)
+            {
+                throw new ArgumentNullException("tokenValue");
+            }
+            Token = tokenValue;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
new file mode 100644
index 0000000000..c8beb6f0b8
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
@@ -0,0 +1,72 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    public class AuthenticationTokenProvider : IAuthenticationTokenProvider
+    {
+        public Action<AuthenticationTokenCreateContext> OnCreate { get; set; }
+        public Func<AuthenticationTokenCreateContext, Task> OnCreateAsync { get; set; }
+        public Action<AuthenticationTokenReceiveContext> OnReceive { get; set; }
+        public Func<AuthenticationTokenReceiveContext, Task> OnReceiveAsync { get; set; }
+
+        public virtual void Create(AuthenticationTokenCreateContext context)
+        {
+            if (OnCreateAsync != null && OnCreate == null)
+            {
+                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
+            }
+            if (OnCreate != null)
+            {
+                OnCreate.Invoke(context);
+            }
+        }
+
+        public virtual async Task CreateAsync(AuthenticationTokenCreateContext context)
+        {
+            if (OnCreateAsync != null && OnCreate == null)
+            {
+                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
+            }
+            if (OnCreateAsync != null)
+            {
+                await OnCreateAsync.Invoke(context);
+            }
+            else
+            {
+                Create(context);
+            }
+        }
+
+        public virtual void Receive(AuthenticationTokenReceiveContext context)
+        {
+            if (OnReceiveAsync != null && OnReceive == null)
+            {
+                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
+            }
+
+            if (OnReceive != null)
+            {
+                OnReceive.Invoke(context);
+            }
+        }
+
+        public virtual async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
+        {
+            if (OnReceiveAsync != null && OnReceive == null)
+            {
+                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
+            }
+            if (OnReceiveAsync != null)
+            {
+                await OnReceiveAsync.Invoke(context);
+            }
+            else
+            {
+                Receive(context);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
new file mode 100644
index 0000000000..ccbc81f020
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
@@ -0,0 +1,48 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Security.Provider;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    public class AuthenticationTokenReceiveContext : BaseContext
+    {
+        private readonly ISecureDataFormat<AuthenticationTicket> _secureDataFormat;
+
+        public AuthenticationTokenReceiveContext(
+            HttpContext context,
+            ISecureDataFormat<AuthenticationTicket> secureDataFormat,
+            string token) : base(context)
+        {
+            if (secureDataFormat == null)
+            {
+                throw new ArgumentNullException("secureDataFormat");
+            }
+            if (token == null)
+            {
+                throw new ArgumentNullException("token");
+            }
+            _secureDataFormat = secureDataFormat;
+            Token = token;
+        }
+
+        public string Token { get; protected set; }
+
+        public AuthenticationTicket Ticket { get; protected set; }
+
+        public void DeserializeTicket(string protectedData)
+        {
+            Ticket = _secureDataFormat.Unprotect(protectedData);
+        }
+
+        public void SetTicket(AuthenticationTicket ticket)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException("ticket");
+            }
+            Ticket = ticket;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs b/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
new file mode 100644
index 0000000000..73a8f7958b
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    internal static class Constants
+    {
+        public static string SecurityAuthenticate = "security.Authenticate";
+        internal const string CorrelationPrefix = ".AspNet.Correlation.";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
new file mode 100644
index 0000000000..7bda97d3ac
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
@@ -0,0 +1,14 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    public interface IAuthenticationTokenProvider
+    {
+        void Create(AuthenticationTokenCreateContext context);
+        Task CreateAsync(AuthenticationTokenCreateContext context);
+        void Receive(AuthenticationTokenReceiveContext context);
+        Task ReceiveAsync(AuthenticationTokenReceiveContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs
new file mode 100644
index 0000000000..6fafca551d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs
@@ -0,0 +1,72 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Principal;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    // TODO: comment function documentations
+    using AuthenticateCallback = Action<IIdentity, IDictionary<string, string>, IDictionary<string, object>, object>;
+    using AuthenticateDelegate = Func<string[], Action<IIdentity, IDictionary<string, string>, IDictionary<string, object>, object>, object, Task>;
+
+    internal static class OwinRequestExtensions
+    {
+        public static object RegisterAuthenticationHandler(this HttpRequest request, AuthenticationHandler handler)
+        {
+            var chained = request.Get<AuthenticateDelegate>(Constants.SecurityAuthenticate);
+            var hook = new Hook(handler, chained);
+            request.Set<AuthenticateDelegate>(Constants.SecurityAuthenticate, hook.AuthenticateAsync);
+            return hook;
+        }
+
+        public static void UnregisterAuthenticationHandler(this HttpRequest request, object registration)
+        {
+            var hook = registration as Hook;
+            if (hook == null)
+            {
+                throw new InvalidOperationException(Resources.Exception_UnhookAuthenticationStateType);
+            }
+            request.Set(Constants.SecurityAuthenticate, hook.Chained);
+        }
+
+        private class Hook
+        {
+            private readonly AuthenticationHandler _handler;
+
+            public Hook(AuthenticationHandler handler, AuthenticateDelegate chained)
+            {
+                _handler = handler;
+                Chained = chained;
+            }
+
+            public AuthenticateDelegate Chained { get; private set; }
+
+            public async Task AuthenticateAsync(
+                string[] authenticationTypes,
+                AuthenticateCallback callback,
+                object state)
+            {
+                if (authenticationTypes == null)
+                {
+                    callback(null, null, _handler.BaseOptions.Description.Properties, state);
+                }
+                else if (authenticationTypes.Contains(_handler.BaseOptions.AuthenticationType, StringComparer.Ordinal))
+                {
+                    AuthenticationTicket ticket = await _handler.AuthenticateAsync();
+                    if (ticket != null && ticket.Identity != null)
+                    {
+                        callback(ticket.Identity, ticket.Properties.Dictionary, _handler.BaseOptions.Description.Properties, state);
+                    }
+                }
+                if (Chained != null)
+                {
+                    await Chained(authenticationTypes, callback, state);
+                }
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
new file mode 100644
index 0000000000..a24b7245fd
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
@@ -0,0 +1,188 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Security.Principal;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    /// <summary>
+    /// Helper code used when implementing authentication middleware
+    /// </summary>
+    public struct SecurityHelper
+    {
+        private readonly HttpContext _context;
+
+        /// <summary>
+        /// Helper code used when implementing authentication middleware
+        /// </summary>
+        /// <param name="context"></param>
+        public SecurityHelper(HttpContext context)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException("context");
+            }
+
+            _context = context;
+        }
+
+        /// <summary>
+        /// Add an additional ClaimsIdentity to the ClaimsPrincipal in the "server.User" environment key
+        /// </summary>
+        /// <param name="identity"></param>
+        public void AddUserIdentity(IIdentity identity)
+        {
+            if (identity == null)
+            {
+                throw new ArgumentNullException("identity");
+            }
+            var newClaimsPrincipal = new ClaimsPrincipal(identity);
+
+            IPrincipal existingPrincipal = _context.Request.User;
+            if (existingPrincipal != null)
+            {
+                var existingClaimsPrincipal = existingPrincipal as ClaimsPrincipal;
+                if (existingClaimsPrincipal == null)
+                {
+                    IIdentity existingIdentity = existingPrincipal.Identity;
+                    if (existingIdentity.IsAuthenticated)
+                    {
+                        newClaimsPrincipal.AddIdentity(existingIdentity as ClaimsIdentity ?? new ClaimsIdentity(existingIdentity));
+                    }
+                }
+                else
+                {
+                    foreach (var existingClaimsIdentity in existingClaimsPrincipal.Identities)
+                    {
+                        if (existingClaimsIdentity.IsAuthenticated)
+                        {
+                            newClaimsPrincipal.AddIdentity(existingClaimsIdentity);
+                        }
+                    }
+                }
+            }
+            _context.Request.User = newClaimsPrincipal;
+        }
+
+        /// <summary>
+        /// Find response challenge details for a specific authentication middleware
+        /// </summary>
+        /// <param name="authenticationType">The authentication type to look for</param>
+        /// <param name="authenticationMode">The authentication mode the middleware is running under</param>
+        /// <returns>The information instructing the middleware how it should behave</returns>
+        public AuthenticationResponseChallenge LookupChallenge(string authenticationType, AuthenticationMode authenticationMode)
+        {
+            if (authenticationType == null)
+            {
+                throw new ArgumentNullException("authenticationType");
+            }
+
+            AuthenticationResponseChallenge challenge = _context.Authentication.AuthenticationResponseChallenge;
+            bool challengeHasAuthenticationTypes = challenge != null && challenge.AuthenticationTypes != null && challenge.AuthenticationTypes.Length != 0;
+            if (challengeHasAuthenticationTypes == false)
+            {
+                return authenticationMode == AuthenticationMode.Active ? (challenge ?? new AuthenticationResponseChallenge(null, null)) : null;
+            }
+            foreach (var challengeType in challenge.AuthenticationTypes)
+            {
+                if (string.Equals(challengeType, authenticationType, StringComparison.Ordinal))
+                {
+                    return challenge;
+                }
+            }
+            return null;
+        }
+
+        /// <summary>
+        /// Find response sign-in details for a specific authentication middleware
+        /// </summary>
+        /// <param name="authenticationType">The authentication type to look for</param>
+        /// <returns>The information instructing the middleware how it should behave</returns>
+        public AuthenticationResponseGrant LookupSignIn(string authenticationType)
+        {
+            if (authenticationType == null)
+            {
+                throw new ArgumentNullException("authenticationType");
+            }
+
+            AuthenticationResponseGrant grant = _context.Authentication.AuthenticationResponseGrant;
+            if (grant == null)
+            {
+                return null;
+            }
+
+            foreach (var claimsIdentity in grant.Principal.Identities)
+            {
+                if (string.Equals(authenticationType, claimsIdentity.AuthenticationType, StringComparison.Ordinal))
+                {
+                    return new AuthenticationResponseGrant(claimsIdentity, grant.Properties ?? new AuthenticationProperties());
+                }
+            }
+
+            return null;
+        }
+
+        /// <summary>
+        /// Find response sign-out details for a specific authentication middleware
+        /// </summary>
+        /// <param name="authenticationType">The authentication type to look for</param>
+        /// <param name="authenticationMode">The authentication mode the middleware is running under</param>
+        /// <returns>The information instructing the middleware how it should behave</returns>
+        public AuthenticationResponseRevoke LookupSignOut(string authenticationType, AuthenticationMode authenticationMode)
+        {
+            if (authenticationType == null)
+            {
+                throw new ArgumentNullException("authenticationType");
+            }
+
+            AuthenticationResponseRevoke revoke = _context.Authentication.AuthenticationResponseRevoke;
+            if (revoke == null)
+            {
+                return null;
+            }
+            if (revoke.AuthenticationTypes == null || revoke.AuthenticationTypes.Length == 0)
+            {
+                return authenticationMode == AuthenticationMode.Active ? revoke : null;
+            }
+            for (int index = 0; index != revoke.AuthenticationTypes.Length; ++index)
+            {
+                if (String.Equals(authenticationType, revoke.AuthenticationTypes[index], StringComparison.Ordinal))
+                {
+                    return revoke;
+                }
+            }
+            return null;
+        }
+
+        #region Value-type equality
+
+        public bool Equals(SecurityHelper other)
+        {
+            return Equals(_context, other._context);
+        }
+
+        public override bool Equals(object obj)
+        {
+            return obj is SecurityHelper && Equals((SecurityHelper)obj);
+        }
+
+        public override int GetHashCode()
+        {
+            return (_context != null ? _context.GetHashCode() : 0);
+        }
+
+        public static bool operator ==(SecurityHelper left, SecurityHelper right)
+        {
+            return left.Equals(right);
+        }
+
+        public static bool operator !=(SecurityHelper left, SecurityHelper right)
+        {
+            return !left.Equals(right);
+        }
+
+        #endregion
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
new file mode 100644
index 0000000000..02bb1dbecc
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
@@ -0,0 +1,18 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public class AuthenticationFailedNotification<TMessage>
+    {
+        public AuthenticationFailedNotification()
+        {
+        }
+
+        public bool Cancel { get; set; }
+        public Exception Exception { get; set; }
+        public TMessage ProtocolMessage { get; set; }
+        public int StatusCode { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
new file mode 100644
index 0000000000..6bf2fed5ff
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public class MessageReceivedNotification<TMessage>
+    {
+        public MessageReceivedNotification()
+        {
+        }
+
+        public bool Cancel { get; set; }
+        public TMessage ProtocolMessage { get; set; }
+        public int StatusCode { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
new file mode 100644
index 0000000000..d31689aee1
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public class RedirectFromIdentityProviderNotification
+    {
+        public AuthenticationTicket AuthenticationTicket { get; set; }
+
+        public string SignInAsAuthenticationType { get; set; }
+
+        public bool Cancel { get; set; }
+
+        public int StatusCode { get; set; }
+
+        public bool IsRequestCompleted { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
new file mode 100644
index 0000000000..18d466d563
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public class RedirectToIdentityProviderNotification<TMessage>
+    {
+        public RedirectToIdentityProviderNotification()
+        {
+        }
+
+        public bool Cancel { get; set; }
+        public TMessage ProtocolMessage { get; set; }
+        public int StatusCode { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
new file mode 100644
index 0000000000..ecd03f77ac
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public class SecurityTokenReceivedNotification
+    {
+        public SecurityTokenReceivedNotification()
+        {
+        }
+
+        public bool Cancel { get; set; }
+        public string SecurityToken { get; set; }
+        public int StatusCode { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
new file mode 100644
index 0000000000..55f56cad1f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public class SecurityTokenValidatedNotification
+    {
+        public SecurityTokenValidatedNotification()
+        {
+        }
+
+        public AuthenticationTicket AuthenticationTicket { get; set; }
+        public bool Cancel { get; set; }
+        public int StatusCode { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Provider/BaseContext.cs b/src/Microsoft.AspNet.Security/Provider/BaseContext.cs
new file mode 100644
index 0000000000..c73dbf6b36
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Provider/BaseContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Provider
+{
+    public abstract class BaseContext
+    {
+        protected BaseContext(HttpContext context)
+        {
+            HttpContext = context;
+        }
+
+        public HttpContext HttpContext { get; private set; }
+
+        public HttpRequest Request
+        {
+            get { return HttpContext.Request; }
+        }
+
+        public HttpResponse Response
+        {
+            get { return HttpContext.Response; }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Provider/BaseContext`1.cs b/src/Microsoft.AspNet.Security/Provider/BaseContext`1.cs
new file mode 100644
index 0000000000..2fd3c8ae22
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Provider/BaseContext`1.cs
@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Provider
+{
+    /// <summary>
+    /// Base class used for certain event contexts
+    /// </summary>
+    public abstract class BaseContext<TOptions>
+    {
+        protected BaseContext(HttpContext context, TOptions options)
+        {
+            HttpContext = context;
+            Options = options;
+        }
+
+        public HttpContext HttpContext { get; private set; }
+
+        public TOptions Options { get; private set; }
+
+        public HttpRequest Request
+        {
+            get { return HttpContext.Request; }
+        }
+
+        public HttpResponse Response
+        {
+            get { return HttpContext.Response; }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Provider/EndpointContext.cs b/src/Microsoft.AspNet.Security/Provider/EndpointContext.cs
new file mode 100644
index 0000000000..e210296b9f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Provider/EndpointContext.cs
@@ -0,0 +1,21 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Provider
+{
+    public abstract class EndpointContext : BaseContext
+    {
+        protected EndpointContext(HttpContext context)
+            : base(context)
+        {
+        }
+
+        public bool IsRequestCompleted { get; private set; }
+
+        public void RequestCompleted()
+        {
+            IsRequestCompleted = true;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Provider/EndpointContext`1.cs b/src/Microsoft.AspNet.Security/Provider/EndpointContext`1.cs
new file mode 100644
index 0000000000..e3dd6997cd
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Provider/EndpointContext`1.cs
@@ -0,0 +1,34 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Provider
+{
+    /// <summary>
+    /// Base class used for certain event contexts
+    /// </summary>
+    public abstract class EndpointContext<TOptions> : BaseContext<TOptions>
+    {
+        /// <summary>
+        /// Creates an instance of this context
+        /// </summary>
+        protected EndpointContext(HttpContext context, TOptions options)
+            : base(context, options)
+        {
+        }
+
+        /// <summary>
+        /// True if the request should not be processed further by other components.
+        /// </summary>
+        public bool IsRequestCompleted { get; private set; }
+
+        /// <summary>
+        /// Prevents the request from being processed further by other components. 
+        /// IsRequestCompleted becomes true after calling.
+        /// </summary>
+        public void RequestCompleted()
+        {
+            IsRequestCompleted = true;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
new file mode 100644
index 0000000000..6d3e16f671
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
@@ -0,0 +1,31 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Diagnostics.CodeAnalysis;
+using System.Security.Claims;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Provider
+{
+    public abstract class ReturnEndpointContext : EndpointContext
+    {
+        protected ReturnEndpointContext(
+            HttpContext context,
+            AuthenticationTicket ticket)
+            : base(context)
+        {
+            if (ticket != null)
+            {
+                Identity = ticket.Identity;
+                Properties = ticket.Properties;
+            }
+        }
+
+        public ClaimsIdentity Identity { get; set; }
+        public AuthenticationProperties Properties { get; set; }
+
+        public string SignInAsAuthenticationType { get; set; }
+
+        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By design")]
+        public string RedirectUri { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Resources.Designer.cs b/src/Microsoft.AspNet.Security/Resources.Designer.cs
new file mode 100644
index 0000000000..f7bfbfaf71
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Resources.Designer.cs
@@ -0,0 +1,99 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.34003
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Resources", typeof(Resources).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The AuthenticationTokenProvider&apos;s required synchronous events have not been registered..
+        /// </summary>
+        internal static string Exception_AuthenticationTokenDoesNotProvideSyncMethods {
+            get {
+                return ResourceManager.GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The default data protection provider may only be used when the IAppBuilder.Properties contains an appropriate &apos;host.AppName&apos; key..
+        /// </summary>
+        internal static string Exception_DefaultDpapiRequiresAppNameKey {
+            get {
+                return ResourceManager.GetString("Exception_DefaultDpapiRequiresAppNameKey", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..
+        /// </summary>
+        internal static string Exception_MissingDefaultSignInAsAuthenticationType {
+            get {
+                return ResourceManager.GetString("Exception_MissingDefaultSignInAsAuthenticationType", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The state passed to UnhookAuthentication may only be the return value from HookAuthentication..
+        /// </summary>
+        internal static string Exception_UnhookAuthenticationStateType {
+            get {
+                return ResourceManager.GetString("Exception_UnhookAuthenticationStateType", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Resources.resx b/src/Microsoft.AspNet.Security/Resources.resx
new file mode 100644
index 0000000000..fdd0980662
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Resources.resx
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_DefaultDpapiRequiresAppNameKey" xml:space="preserve">
+    <value>The default data protection provider may only be used when the IAppBuilder.Properties contains an appropriate 'host.AppName' key.</value>
+  </data>
+  <data name="Exception_UnhookAuthenticationStateType" xml:space="preserve">
+    <value>The state passed to UnhookAuthentication may only be the return value from HookAuthentication.</value>
+  </data>
+  <data name="Exception_MissingDefaultSignInAsAuthenticationType" xml:space="preserve">
+    <value>A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.</value>
+  </data>
+  <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
+    <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs b/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
new file mode 100644
index 0000000000..2987f68745
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// The algorithm used to generate the subject public key information blob hashes.
+    /// </summary>
+    public enum SubjectPublicKeyInfoAlgorithm
+    {
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Sha", Justification = "It is correct.")] Sha1,
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Sha", Justification = "It is correct.")] Sha256
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Win32.cs b/src/Microsoft.AspNet.Security/Win32.cs
new file mode 100644
index 0000000000..fe26feb7bc
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Win32.cs
@@ -0,0 +1,95 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.ComponentModel;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.Win32
+{
+    // TODO: ? [Localizable(false)]
+    internal static class NativeMethods
+    {
+        // ReSharper disable InconsistentNaming
+        public const int X509_ASN_ENCODING = 0x00000001;
+        public const int X509_PUBLIC_KEY_INFO = 8;
+        // ReSharper restore InconsistentNaming
+
+        /// <summary>
+        /// Encodes a structure of the type indicated by the value of the lpszStructType parameter.
+        /// </summary>
+        /// <param name="dwCertEncodingType">Type of encoding used.</param>
+        /// <param name="lpszStructType">The high-order word is zero, the low-order word specifies the integer identifier for the type of the specified structure so
+        /// we can use the constants in http://msdn.microsoft.com/en-us/library/windows/desktop/aa378145%28v=vs.85%29.aspx</param>
+        /// <param name="pvStructInfo">A pointer to the structure to be encoded.</param>
+        /// <param name="pbEncoded">A pointer to a buffer to receive the encoded structure. This parameter can be NULL to retrieve the size of this information for memory allocation purposes.</param>
+        /// <param name="pcbEncoded">A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter.</param>
+        /// <returns></returns>
+        [DllImport("crypt32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool CryptEncodeObject(
+            UInt32 dwCertEncodingType,
+            IntPtr lpszStructType,
+            ref CERT_PUBLIC_KEY_INFO pvStructInfo,
+            byte[] pbEncoded,
+            ref UInt32 pcbEncoded);
+
+        // ReSharper disable InconsistentNaming
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        internal struct CRYPT_BLOB
+        {
+            public Int32 cbData;
+            public IntPtr pbData;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct CERT_CONTEXT
+        {
+            public Int32 dwCertEncodingType;
+            public IntPtr pbCertEncoded;
+            public Int32 cbCertEncoded;
+            public IntPtr pCertInfo;
+            public IntPtr hCertStore;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
+        internal struct CRYPT_ALGORITHM_IDENTIFIER
+        {
+            public string pszObjId;
+            public CRYPT_BLOB Parameters;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
+        internal struct CRYPT_BIT_BLOB
+        {
+            public Int32 cbData;
+            public IntPtr pbData;
+            public Int32 cUnusedBits;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        internal struct CERT_PUBLIC_KEY_INFO
+        {
+            public CRYPT_ALGORITHM_IDENTIFIER Algorithm;
+            public CRYPT_BIT_BLOB PublicKey;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal class CERT_INFO
+        {
+            public Int32 dwVersion;
+            public CRYPT_BLOB SerialNumber;
+            public CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
+            public CRYPT_BLOB Issuer;
+            public System.Runtime.InteropServices.ComTypes.FILETIME NotBefore;
+            public System.Runtime.InteropServices.ComTypes.FILETIME NotAfter;
+            public CRYPT_BLOB Subject;
+            public CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
+            public CRYPT_BIT_BLOB IssuerUniqueId;
+            public CRYPT_BIT_BLOB SubjectUniqueId;
+            public Int32 cExtension;
+            public IntPtr rgExtension;
+        }
+
+        // ReSharper restore InconsistentNaming
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
new file mode 100644
index 0000000000..2ef2d0bad6
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -0,0 +1,40 @@
+{
+  "version": "0.1-alpha-*",
+  "dependencies": {
+    "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
+    "Microsoft.AspNet.ConfigurationModel": "0.1-alpha-*",
+    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
+    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
+    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
+    "Microsoft.AspNet.Logging": "0.1-alpha-*",
+	"Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*"
+  },
+  "configurations": {
+    "net45": {},
+    "k10": {
+      "dependencies": {
+        "System.Collections": "4.0.0.0",
+        "System.Console": "4.0.0.0",
+        "System.ComponentModel": "4.0.0.0",
+        "System.Diagnostics.Debug": "4.0.10.0",
+        "System.Diagnostics.Tools": "4.0.0.0",
+        "System.Globalization": "4.0.10.0",
+        "System.IO": "4.0.0.0",
+        "System.IO.Compression": "4.0.0.0",
+        "System.IO.FileSystem": "4.0.0.0",
+        "System.IO.FileSystem.Primitives": "4.0.0.0",
+        "System.Linq": "4.0.0.0",
+        "System.Reflection": "4.0.10.0",
+        "System.Resources.ResourceManager": "4.0.0.0",
+        "System.Runtime": "4.0.20.0",
+        "System.Runtime.Extensions": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.10.0",
+        "System.Security.Claims": "0.1-alpha-*",
+        "System.Security.Principal" : "4.0.0.0",
+        "System.Threading": "4.0.0.0",
+        "System.Threading.Tasks": "4.0.0.0"
+      }
+    }
+  }
+}
\ No newline at end of file

From 50f4fff510426ca3a48fbb142cd60343f9c15a67 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 28 Mar 2014 09:28:23 -0700
Subject: [PATCH 002/900] Updating CoreCLR package versions

---
 src/Microsoft.AspNet.Security/project.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 2ef2d0bad6..5106bf0151 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -29,11 +29,11 @@
         "System.Resources.ResourceManager": "4.0.0.0",
         "System.Runtime": "4.0.20.0",
         "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.20.0",
         "System.Security.Claims": "0.1-alpha-*",
         "System.Security.Principal" : "4.0.0.0",
         "System.Threading": "4.0.0.0",
-        "System.Threading.Tasks": "4.0.0.0"
+        "System.Threading.Tasks": "4.0.10.0"
       }
     }
   }

From 83855f8eac067090d50d4fb882c88e2ad8177737 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 27 Mar 2014 15:48:57 -0700
Subject: [PATCH 003/900] Redesign security contracts.

---
 Security.sln                                  |  23 ++
 samples/CookieSample/Startup.cs               |  42 +++
 samples/CookieSample/project.json             |  39 +++
 .../CookieAuthenticationDefaults.cs           |  42 +++
 .../CookieAuthenticationExtensions.cs         |  53 ++++
 .../CookieAuthenticationHandler.cs            | 249 ++++++++++++++++++
 .../CookieAuthenticationMiddleware.cs         |  39 +++
 .../CookieAuthenticationOptions.cs            | 137 ++++++++++
 .../CookieSecureOption.cs                     |  33 +++
 .../Provider/CookieApplyRedirectContext.cs    |  33 +++
 .../Provider/CookieAuthenticationProvider.cs  |  83 ++++++
 .../Provider/CookieResponseSignInContext.cs   |  62 +++++
 .../Provider/CookieResponseSignOutContext.cs  |  35 +++
 .../Provider/CookieValidateIdentityContext.cs |  67 +++++
 .../Provider/DefaultBehavior.cs               |  55 ++++
 .../Provider/ICookieAuthenticationProvider.cs |  39 +++
 .../project.json                              |  42 +++
 .../AuthenticationOptions.cs                  |   6 +
 .../AuthenticationTicket.cs                   |   6 +
 ...ertificateSubjectKeyIdentifierValidator.cs |   4 +-
 ...ertificateSubjectPublicKeyInfoValidator.cs |   4 +-
 .../CertificateThumbprintValidator.cs         |   4 +-
 .../DataHandler/PropertiesDataFormat.cs       |   1 +
 .../DataHandler/Serializer/DataSerializers.cs |   2 +
 .../Serializer/PropertiesSerializer.cs        |   1 +
 .../Serializer/TicketSerializer.cs            |   3 +-
 .../ICertificateValidator.cs                  |   4 +-
 .../Infrastructure/AuthenticationHandler.cs   | 189 +++++++++++--
 .../AuthenticationMiddleware.cs               |   2 +-
 .../Infrastructure/HttpContextExtensions.cs   |  20 ++
 .../Infrastructure/ISystemClock.cs            |  17 ++
 .../Infrastructure/OwinRequestExtensions.cs   |  72 -----
 .../Infrastructure/SecurityHelper.cs          | 154 ++---------
 .../Infrastructure/SignInIdentityContext.cs   |  17 ++
 .../Infrastructure/SystemClock.cs             |  26 ++
 .../AuthenticationFailedNotification.cs       |   1 -
 .../MessageReceivedNotification.cs            |   1 -
 ...edirectFromIdentityProviderNotification.cs |   2 -
 .../RedirectToIdentityProviderNotification.cs |   1 -
 .../SecurityTokenReceivedNotification.cs      |   1 -
 .../SecurityTokenValidatedNotification.cs     |   1 -
 .../Provider/ReturnEndpointContext.cs         |   1 +
 .../Resources.Designer.cs                     |   2 +-
 src/Microsoft.AspNet.Security/project.json    |   2 +-
 44 files changed, 1381 insertions(+), 236 deletions(-)
 create mode 100644 samples/CookieSample/Startup.cs
 create mode 100644 samples/CookieSample/project.json
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Provider/CookieApplyRedirectContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Provider/CookieAuthenticationProvider.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignInContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignOutContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Provider/CookieValidateIdentityContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Provider/DefaultBehavior.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Provider/ICookieAuthenticationProvider.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/project.json
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
 delete mode 100644 src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs

diff --git a/Security.sln b/Security.sln
index 5a80619fc3..7628374e9f 100644
--- a/Security.sln
+++ b/Security.sln
@@ -9,6 +9,14 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.k10", "src\Microsoft.AspNet.Security\Microsoft.AspNet.Security.k10.csproj", "{F2391907-4463-4650-AEA4-E1B5733105C4}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.Cookies.net45", "src\Microsoft.AspNet.Security.Cookies\Microsoft.AspNet.Security.Cookies.net45.csproj", "{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.Cookies.k10", "src\Microsoft.AspNet.Security.Cookies\Microsoft.AspNet.Security.Cookies.k10.csproj", "{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CookieSample.net45", "samples\CookieSample\CookieSample.net45.csproj", "{3C25520E-1AF0-4535-A111-6A1C04D31364}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -23,6 +31,18 @@ Global
 		{F2391907-4463-4650-AEA4-E1B5733105C4}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{F2391907-4463-4650-AEA4-E1B5733105C4}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{F2391907-4463-4650-AEA4-E1B5733105C4}.Release|Any CPU.Build.0 = Release|Any CPU
+		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -30,5 +50,8 @@ Global
 	GlobalSection(NestedProjects) = preSolution
 		{70640501-CCBB-4FD7-8231-329B6A436DE4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{F2391907-4463-4650-AEA4-E1B5733105C4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{3C25520E-1AF0-4535-A111-6A1C04D31364} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
new file mode 100644
index 0000000000..9c2c29e185
--- /dev/null
+++ b/samples/CookieSample/Startup.cs
@@ -0,0 +1,42 @@
+using System;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNet;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.Security;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.Infrastructure;
+
+namespace CookieSample
+{
+    public class Startup
+    {
+        public void Configuration(IBuilder app)
+        {
+            Console.WriteLine("Attach");
+            Console.ReadKey();
+
+            app.UseCookieAuthentication(new CookieAuthenticationOptions()
+                {
+
+                });
+
+            app.Run(async context =>
+            {
+                if (context.User == null || !context.User.Identity.IsAuthenticated)
+                {
+                    context.Authentication.SignIn(new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "bob") }, CookieAuthenticationDefaults.AuthenticationType)));                    
+
+                    context.Response.ContentType = "text/plain";
+                    await context.Response.WriteAsync("Hello First timer");
+                    return;
+                }
+
+                context.Response.ContentType = "text/plain";
+                await context.Response.WriteAsync("Hello old timer");
+            });
+        }
+    }
+}
\ No newline at end of file
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
new file mode 100644
index 0000000000..b25b4148d6
--- /dev/null
+++ b/samples/CookieSample/project.json
@@ -0,0 +1,39 @@
+{
+  "version": "0.1-alpha-*",
+  "dependencies": {
+    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.Security": "",
+    "Microsoft.AspNet.Security.Cookies": "",
+    "Microsoft.AspNet.Hosting": "0.1-alpha-*",
+    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
+    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
+    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
+    "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*"
+  },
+  "commands": { "web": "Microsoft.AspNet.Hosting server.name=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
+  "configurations": {
+    "net45": {
+    },
+    "k10": {
+      "dependencies": {
+        "System.Console": "4.0.0.0",
+        "System.Collections": "4.0.0.0",
+        "System.Diagnostics.Debug": "4.0.10.0",
+        "System.Diagnostics.Tools": "4.0.0.0",
+        "System.Globalization": "4.0.10.0",
+        "System.IO": "4.0.0.0",
+        "System.IO.FileSystem": "4.0.0.0",
+        "System.IO.FileSystem.Primitives": "4.0.0.0",
+        "System.Linq": "4.0.0.0",
+        "System.Reflection": "4.0.10.0",
+        "System.Resources.ResourceManager": "4.0.0.0",
+        "System.Runtime": "4.0.20.0",
+        "System.Runtime.Extensions": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.10.0",
+        "System.Text.Encoding": "4.0.10.0",
+        "System.Threading.Tasks": "4.0.0.0"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
new file mode 100644
index 0000000000..8102911fd2
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
@@ -0,0 +1,42 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Default values related to cookie-based authentication middleware
+    /// </summary>
+    public static class CookieAuthenticationDefaults
+    {
+        /// <summary>
+        /// The default value used for CookieAuthenticationOptions.AuthenticationType
+        /// </summary>
+        public const string AuthenticationType = "Cookies";
+
+        /// <summary>
+        /// The prefix used to provide a default CookieAuthenticationOptions.CookieName
+        /// </summary>
+        public const string CookiePrefix = ".AspNet.";
+
+        /// <summary>
+        /// The default value used by UseApplicationSignInCookie for the
+        /// CookieAuthenticationOptions.LoginPath
+        /// </summary>
+        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
+        public static readonly PathString LoginPath = new PathString("/Account/Login");
+
+        /// <summary>
+        /// The default value used by UseApplicationSignInCookie for the
+        /// CookieAuthenticationOptions.LogoutPath
+        /// </summary>
+        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "By design")]
+        public static readonly PathString LogoutPath = new PathString("/Account/Logout");
+
+        /// <summary>
+        /// The default value of the CookieAuthenticationOptions.ReturnUrlParameter
+        /// </summary>
+        public const string ReturnUrlParameter = "ReturnUrl";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
new file mode 100644
index 0000000000..91d926ab95
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -0,0 +1,53 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Logging;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+
+namespace Microsoft.AspNet
+{
+    /// <summary>
+    /// Extension methods provided by the cookies authentication middleware
+    /// </summary>
+    public static class CookieAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds a cookie-based authentication middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IAppBuilder passed to your configuration method</param>
+        /// <param name="options">An options class that controls the middleware behavior</param>
+        /// <returns>The original app parameter</returns>
+        public static IBuilder UseCookieAuthentication(this IBuilder app, CookieAuthenticationOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException("app");
+            }
+            /*
+            // TODO: Extension methods for this?
+            var loggerFactory = (ILoggerFactory)app.ServiceProvider.GetService(typeof(ILoggerFactory));
+            ILogger logger = loggerFactory.Create(typeof(CookieAuthenticationMiddleware).FullName);
+            */
+            ILogger logger = null;
+
+            if (options.TicketDataFormat == null)
+            {
+                /* TODO: Add DPP extensions
+                IDataProtector dataProtector = app.CreateDataProtector(
+                    typeof(CookieAuthenticationMiddleware).FullName,
+                    options.AuthenticationType, "v1");
+                */
+                var dataProtectionProvider = (IDataProtectionProvider)app.ServiceProvider.GetService(typeof(IDataProtectionProvider));
+                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(string.Join(";", typeof(CookieAuthenticationMiddleware).FullName, options.AuthenticationType, "v1"));
+                options.TicketDataFormat = new TicketDataFormat(dataProtector);
+            }
+
+            app.Use(next => new CookieAuthenticationMiddleware(next, logger, options).Invoke);
+            // TODO: ? app.UseStageMarker(PipelineStage.Authenticate);
+            return app;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
new file mode 100644
index 0000000000..5378223c14
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -0,0 +1,249 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Logging;
+using Microsoft.AspNet.PipelineCore.Collections;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.HttpFeature.Security;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    internal class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
+    {
+        private const string HeaderNameCacheControl = "Cache-Control";
+        private const string HeaderNamePragma = "Pragma";
+        private const string HeaderNameExpires = "Expires";
+        private const string HeaderValueNoCache = "no-cache";
+        private const string HeaderValueMinusOne = "-1";
+
+        private readonly ILogger _logger;
+
+        private bool _shouldRenew;
+        private DateTimeOffset _renewIssuedUtc;
+        private DateTimeOffset _renewExpiresUtc;
+
+        public CookieAuthenticationHandler(ILogger logger)
+        {
+            /*
+            if (logger == null)
+            {
+                throw new ArgumentNullException("logger");
+            }*/
+            _logger = logger;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().Result;
+        }
+
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            IReadableStringCollection cookies = Request.Cookies;
+            string cookie = cookies[Options.CookieName];
+            if (string.IsNullOrWhiteSpace(cookie))
+            {
+                return null;
+            }
+
+            AuthenticationTicket ticket = Options.TicketDataFormat.Unprotect(cookie);
+
+            if (ticket == null)
+            {
+                // TODO: _logger.WriteWarning(@"Unprotect ticket failed");
+                return null;
+            }
+
+            DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
+            DateTimeOffset? issuedUtc = ticket.Properties.IssuedUtc;
+            DateTimeOffset? expiresUtc = ticket.Properties.ExpiresUtc;
+
+            if (expiresUtc != null && expiresUtc.Value < currentUtc)
+            {
+                return null;
+            }
+
+            if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration)
+            {
+                TimeSpan timeElapsed = currentUtc.Subtract(issuedUtc.Value);
+                TimeSpan timeRemaining = expiresUtc.Value.Subtract(currentUtc);
+
+                if (timeRemaining < timeElapsed)
+                {
+                    _shouldRenew = true;
+                    _renewIssuedUtc = currentUtc;
+                    TimeSpan timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
+                    _renewExpiresUtc = currentUtc.Add(timeSpan);
+                }
+            }
+
+            var context = new CookieValidateIdentityContext(Context, ticket, Options);
+
+            await Options.Provider.ValidateIdentity(context);
+
+            return new AuthenticationTicket(context.Identity, context.Properties);
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            ApplyResponseGrantAsync().Wait();
+        }
+
+        protected override async Task ApplyResponseGrantAsync()
+        {
+            var signin = SignInIdentityContext;
+            bool shouldSignin = signin != null;
+            var signout = SignOutContext;
+            bool shouldSignout = signout != null;
+
+            if (shouldSignin || shouldSignout || _shouldRenew)
+            {
+                var cookieOptions = new CookieOptions
+                {
+                    Domain = Options.CookieDomain,
+                    HttpOnly = Options.CookieHttpOnly,
+                    Path = Options.CookiePath ?? "/",
+                };
+                if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
+                {
+                    cookieOptions.Secure = Request.IsSecure;
+                }
+                else
+                {
+                    cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
+                }
+
+                if (shouldSignin)
+                {
+                    var context = new CookieResponseSignInContext(
+                        Context,
+                        Options,
+                        Options.AuthenticationType,
+                        signin.Identity,
+                        signin.Properties,
+                        cookieOptions);
+
+                    DateTimeOffset issuedUtc = Options.SystemClock.UtcNow;
+                    DateTimeOffset expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
+
+                    context.Properties.IssuedUtc = issuedUtc;
+                    context.Properties.ExpiresUtc = expiresUtc;
+
+                    Options.Provider.ResponseSignIn(context);
+
+                    if (context.Properties.IsPersistent)
+                    {
+                        cookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
+                    }
+
+                    var model = new AuthenticationTicket(context.Identity, context.Properties);
+                    string cookieValue = Options.TicketDataFormat.Protect(model);
+
+                    Response.Cookies.Append(
+                        Options.CookieName,
+                        cookieValue,
+                        cookieOptions);
+                }
+                else if (shouldSignout)
+                {
+                    var context = new CookieResponseSignOutContext(
+                        Context,
+                        Options,
+                        cookieOptions);
+                    
+                    Options.Provider.ResponseSignOut(context);
+
+                    Response.Cookies.Delete(
+                        Options.CookieName,
+                        cookieOptions);
+                }
+                else if (_shouldRenew)
+                {
+                    AuthenticationTicket model = await AuthenticateAsync();
+
+                    model.Properties.IssuedUtc = _renewIssuedUtc;
+                    model.Properties.ExpiresUtc = _renewExpiresUtc;
+
+                    string cookieValue = Options.TicketDataFormat.Protect(model);
+
+                    if (model.Properties.IsPersistent)
+                    {
+                        cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
+                    }
+
+                    Response.Cookies.Append(
+                        Options.CookieName,
+                        cookieValue,
+                        cookieOptions);
+                }
+
+                Response.Headers.Set(
+                    HeaderNameCacheControl,
+                    HeaderValueNoCache);
+
+                Response.Headers.Set(
+                    HeaderNamePragma,
+                    HeaderValueNoCache);
+
+                Response.Headers.Set(
+                    HeaderNameExpires,
+                    HeaderValueMinusOne);
+
+                bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
+                bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
+
+                if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
+                {
+                    IReadableStringCollection query = Request.Query;
+                    string redirectUri = query.Get(Options.ReturnUrlParameter);
+                    if (!string.IsNullOrWhiteSpace(redirectUri)
+                        && IsHostRelative(redirectUri))
+                    {
+                        var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
+                        Options.Provider.ApplyRedirect(redirectContext);
+                    }
+                }
+            }
+        }
+
+        private static bool IsHostRelative(string path)
+        {
+            if (string.IsNullOrEmpty(path))
+            {
+                return false;
+            }
+            if (path.Length == 1)
+            {
+                return path[0] == '/';
+            }
+            return path[0] == '/' && path[1] != '/' && path[1] != '\\';
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            if (Response.StatusCode != 401 || !Options.LoginPath.HasValue || ChallengeContext == null)
+            {
+                return;
+            }
+
+            string currentUri = 
+                Request.PathBase + 
+                Request.Path + 
+                Request.QueryString;
+                
+            string loginUri = 
+                Request.Scheme + 
+                "://" + 
+                Request.Host + 
+                Request.PathBase + 
+                Options.LoginPath + 
+                new QueryString(Options.ReturnUrlParameter, currentUri);
+
+            var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
+            Options.Provider.ApplyRedirect(redirectContext);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..b0ad64125f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Logging;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    internal class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+
+        public CookieAuthenticationMiddleware(RequestDelegate next, ILogger logger, CookieAuthenticationOptions options)
+            : base(next, options)
+        {
+            if (Options.Provider == null)
+            {
+                Options.Provider = new CookieAuthenticationProvider();
+            }
+            if (String.IsNullOrEmpty(Options.CookieName))
+            {
+                Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationType;
+            }/*
+            if (logger == null)
+            {
+                throw new ArgumentNullException("logger");
+            }*/
+            _logger = logger;
+        }
+
+        protected override AuthenticationHandler<CookieAuthenticationOptions> CreateHandler()
+        {
+            return new CookieAuthenticationHandler(_logger);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
new file mode 100644
index 0000000000..389a611c33
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -0,0 +1,137 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Security.Infrastructure;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Contains the options used by the CookiesAuthenticationMiddleware
+    /// </summary>
+    public class CookieAuthenticationOptions : AuthenticationOptions
+    {
+        private string _cookieName;
+
+        /// <summary>
+        /// Create an instance of the options initialized with the default values
+        /// </summary>
+        public CookieAuthenticationOptions()
+            : base(CookieAuthenticationDefaults.AuthenticationType)
+        {
+            ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
+            CookiePath = "/";
+            ExpireTimeSpan = TimeSpan.FromDays(14);
+            SlidingExpiration = true;
+            CookieHttpOnly = true;
+            CookieSecure = CookieSecureOption.SameAsRequest;
+            SystemClock = new SystemClock();
+            Provider = new CookieAuthenticationProvider();
+        }
+
+        /// <summary>
+        /// Determines the cookie name used to persist the identity. The default value is ".AspNet.Cookies".
+        /// This value should be changed if you change the name of the AuthenticationType, especially if your
+        /// system uses the cookie authentication middleware multiple times.
+        /// </summary>
+        public string CookieName
+        {
+            get { return _cookieName; }
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("value");
+                }
+                _cookieName = value;
+            }
+        }
+
+        /// <summary>
+        /// Determines the domain used to create the cookie. Is not provided by default.
+        /// </summary>
+        public string CookieDomain { get; set; }
+
+        /// <summary>
+        /// Determines the path used to create the cookie. The default value is "/" for highest browser compatability.
+        /// </summary>
+        public string CookiePath { get; set; }
+
+        /// <summary>
+        /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
+        /// default is true, which means the cookie will only be passed to http requests and is not made available
+        /// to script on the page.
+        /// </summary>
+        public bool CookieHttpOnly { get; set; }
+
+        /// <summary>
+        /// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie
+        /// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
+        /// and portions of your site are HTTP you may need to change this value.
+        /// </summary>
+        public CookieSecureOption CookieSecure { get; set; }
+
+        /// <summary>
+        /// Controls how much time the cookie will remain valid from the point it is created. The expiration
+        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored 
+        /// even if it is passed to the server after the browser should have purged it 
+        /// </summary>
+        public TimeSpan ExpireTimeSpan { get; set; }
+
+        /// <summary>
+        /// The SlidingExpiration is set to true to instruct the middleware to re-issue a new cookie with a new
+        /// expiration time any time it processes a request which is more than halfway through the expiration window.
+        /// </summary>
+        public bool SlidingExpiration { get; set; }
+
+        /// <summary>
+        /// The LoginPath property informs the middleware that it should change an outgoing 401 Unauthorized status
+        /// code into a 302 redirection onto the given login path. The current url which generated the 401 is added
+        /// to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the
+        /// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back  
+        /// to the url which caused the original unauthorized status code.
+        /// 
+        /// If the LoginPath is null or empty, the middleware will not look for 401 Unauthorized status codes, and it will
+        /// not redirect automatically when a login occurs.
+        /// </summary>
+        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
+        public PathString LoginPath { get; set; }
+
+        /// <summary>
+        /// If the LogoutPath is provided the middleware then a request to that path will redirect based on the ReturnUrlParameter.
+        /// </summary>
+        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "By design")]
+        public PathString LogoutPath { get; set; }
+
+        /// <summary>
+        /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the middleware
+        /// when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query 
+        /// string parameter looked for when a request arrives on the login path or logout path, in order to return to the 
+        /// original url after the action is performed.
+        /// </summary>
+        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "ReturnUrl is the name of a querystring parameter")]
+        public string ReturnUrlParameter { get; set; }
+
+        /// <summary>
+        /// The Provider may be assigned to an instance of an object created by the application at startup time. The middleware
+        /// calls methods on the provider which give the application control at certain points where processing is occuring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        public ICookieAuthenticationProvider Provider { get; set; }
+
+        /// <summary>
+        /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
+        /// cookie value. If it is not provided a default data handler is created using the data protection service contained
+        /// in the IAppBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET, 
+        /// and on DPAPI when running in a different process.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
+
+        /// <summary>
+        /// The SystemClock provides access to the system's current time coordinates. If it is not provided a default instance is
+        /// used which calls DateTimeOffset.UtcNow. This is typically not replaced except for unit testing. 
+        /// </summary>
+        public ISystemClock SystemClock { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
new file mode 100644
index 0000000000..19efae749b
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Determines how the identity cookie's security property is set.
+    /// </summary>
+    public enum CookieSecureOption
+    {
+        /// <summary>
+        /// If the URI that provides the cookie is HTTPS, then the cookie will only be returned to the server on 
+        /// subsequent HTTPS requests. Otherwise if the URI that provides the cookie is HTTP, then the cookie will 
+        /// be returned to the server on all HTTP and HTTPS requests. This is the default value because it ensures
+        /// HTTPS for all authenticated requests on deployed servers, and also supports HTTP for localhost development 
+        /// and for servers that do not have HTTPS support.
+        /// </summary>
+        SameAsRequest,
+
+        /// <summary>
+        /// CookieOptions.Secure is never marked true. Use this value when your login page is HTTPS, but other pages
+        /// on the site which are HTTP also require authentication information. This setting is not recommended because
+        /// the authentication information provided with an HTTP request may be observed and used by other computers
+        /// on your local network or wireless connection.
+        /// </summary>
+        Never,
+
+        /// <summary>
+        /// CookieOptions.Secure is always marked true. Use this value when your login page and all subsequent pages
+        /// requiring the authenticated identity are HTTPS. Local development will also need to be done with HTTPS urls.
+        /// </summary>
+        Always,
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieApplyRedirectContext.cs
new file mode 100644
index 0000000000..69ccc0c386
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieApplyRedirectContext.cs
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Security.Provider;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware 
+    /// </summary>
+    public class CookieApplyRedirectContext : BaseContext<CookieAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context">The OWIN request context</param>
+        /// <param name="options">The cookie middleware options</param>
+        /// <param name="redirectUri">The initial redirect URI</param>
+        [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "Represents header value")]
+        public CookieApplyRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri)
+            : base(context, options)
+        {
+            RedirectUri = redirectUri;
+        }
+
+        /// <summary>
+        /// Gets or Sets the URI used for the redirect operation.
+        /// </summary>
+        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Represents header value")]
+        public string RedirectUri { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieAuthenticationProvider.cs b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieAuthenticationProvider.cs
new file mode 100644
index 0000000000..6b434c0b2b
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieAuthenticationProvider.cs
@@ -0,0 +1,83 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// This default implementation of the ICookieAuthenticationProvider may be used if the 
+    /// application only needs to override a few of the interface methods. This may be used as a base class
+    /// or may be instantiated directly.
+    /// </summary>
+    public class CookieAuthenticationProvider : ICookieAuthenticationProvider
+    {
+        /// <summary>
+        /// Create a new instance of the default provider.
+        /// </summary>
+        public CookieAuthenticationProvider()
+        {
+            OnValidateIdentity = context => Task.FromResult(0);
+            OnResponseSignIn = context => { };
+            OnResponseSignOut = context => { };
+            OnApplyRedirect = DefaultBehavior.ApplyRedirect;
+        }
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Func<CookieValidateIdentityContext, Task> OnValidateIdentity { get; set; }
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Action<CookieResponseSignInContext> OnResponseSignIn { get; set; }
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Action<CookieResponseSignOutContext> OnResponseSignOut { get; set; }
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Action<CookieApplyRedirectContext> OnApplyRedirect { get; set; }
+
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        public virtual Task ValidateIdentity(CookieValidateIdentityContext context)
+        {
+            return OnValidateIdentity.Invoke(context);
+        }
+
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context"></param>
+        public virtual void ResponseSignIn(CookieResponseSignInContext context)
+        {
+            OnResponseSignIn.Invoke(context);
+        }
+
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context"></param>
+        public virtual void ResponseSignOut(CookieResponseSignOutContext context)
+        {
+            OnResponseSignOut.Invoke(context);
+        }
+
+        /// <summary>
+        /// Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        public void ApplyRedirect(CookieApplyRedirectContext context)
+        {
+            OnApplyRedirect.Invoke(context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignInContext.cs
new file mode 100644
index 0000000000..e3098e3590
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignInContext.cs
@@ -0,0 +1,62 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Security.Provider;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Context object passed to the ICookieAuthenticationProvider method ResponseSignIn.
+    /// </summary>    
+    public class CookieResponseSignInContext : BaseContext<CookieAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new instance of the context object.
+        /// </summary>
+        /// <param name="context">The OWIN request context</param>
+        /// <param name="options">The middleware options</param>
+        /// <param name="authenticationType">Initializes AuthenticationType property</param>
+        /// <param name="identity">Initializes Identity property</param>
+        /// <param name="properties">Initializes Extra property</param>
+        /// <param name="cookieOptions">Initializes options for the authentication cookie.</param>
+        public CookieResponseSignInContext(
+            HttpContext context,
+            CookieAuthenticationOptions options,
+            string authenticationType,
+            ClaimsIdentity identity,
+            AuthenticationProperties properties,
+            CookieOptions cookieOptions)
+            : base(context, options)
+        {
+            AuthenticationType = authenticationType;
+            Identity = identity;
+            Properties = properties;
+            CookieOptions = cookieOptions;
+        }
+
+        /// <summary>
+        /// The name of the AuthenticationType creating a cookie
+        /// </summary>
+        public string AuthenticationType { get; private set; }
+
+        /// <summary>
+        /// Contains the claims about to be converted into the outgoing cookie.
+        /// May be replaced or altered during the ResponseSignIn call.
+        /// </summary>
+        public ClaimsIdentity Identity { get; set; }
+
+        /// <summary>
+        /// Contains the extra data about to be contained in the outgoing cookie.
+        /// May be replaced or altered during the ResponseSignIn call.
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+
+        /// <summary>
+        /// The options for creating the outgoing cookie.
+        /// May be replace or altered during the ResponseSignIn call.
+        /// </summary>
+        public CookieOptions CookieOptions { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignOutContext.cs
new file mode 100644
index 0000000000..e17028982a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignOutContext.cs
@@ -0,0 +1,35 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Security.Provider;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Context object passed to the ICookieAuthenticationProvider method ResponseSignOut    
+    /// </summary>
+    public class CookieResponseSignOutContext : BaseContext<CookieAuthenticationOptions>
+    {
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="options"></param>
+        /// <param name="cookieOptions"></param>
+        public CookieResponseSignOutContext(HttpContext context, CookieAuthenticationOptions options, CookieOptions cookieOptions)
+            : base(context, options)
+        {
+            CookieOptions = cookieOptions;
+        }
+
+        /// <summary>
+        /// The options for creating the outgoing cookie.
+        /// May be replace or altered during the ResponseSignIn call.
+        /// </summary>
+        public CookieOptions CookieOptions
+        {
+            get;
+            set;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieValidateIdentityContext.cs
new file mode 100644
index 0000000000..4487582209
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Provider/CookieValidateIdentityContext.cs
@@ -0,0 +1,67 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Security.Principal;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.Provider;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Context object passed to the ICookieAuthenticationProvider method ValidateIdentity.
+    /// </summary>
+    public class CookieValidateIdentityContext : BaseContext<CookieAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new instance of the context object.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="ticket">Contains the initial values for identity and extra data</param>
+        /// <param name="options"></param>
+        public CookieValidateIdentityContext(HttpContext context, AuthenticationTicket ticket, CookieAuthenticationOptions options)
+            : base(context, options)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException("ticket");
+            }
+
+            Identity = ticket.Identity;
+            Properties = ticket.Properties;
+        }
+
+        /// <summary>
+        /// Contains the claims identity arriving with the request. May be altered to change the 
+        /// details of the authenticated user.
+        /// </summary>
+        public ClaimsIdentity Identity { get; private set; }
+
+        /// <summary>
+        /// Contains the extra meta-data arriving with the request ticket. May be altered.
+        /// </summary>
+        public AuthenticationProperties Properties { get; private set; }
+
+        /// <summary>
+        /// Called to replace the claims identity. The supplied identity will replace the value of the 
+        /// Identity property, which determines the identity of the authenticated request.
+        /// </summary>
+        /// <param name="identity">The identity used as the replacement</param>
+        public void ReplaceIdentity(IIdentity identity)
+        {
+            Identity = new ClaimsIdentity(identity);
+        }
+
+        /// <summary>
+        /// Called to reject the incoming identity. This may be done if the application has determined the
+        /// account is no longer active, and the request should be treated as if it was anonymous.
+        /// </summary>
+        public void RejectIdentity()
+        {
+            Identity = null;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/DefaultBehavior.cs b/src/Microsoft.AspNet.Security.Cookies/Provider/DefaultBehavior.cs
new file mode 100644
index 0000000000..d90acf62ff
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Provider/DefaultBehavior.cs
@@ -0,0 +1,55 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Abstractions;
+using Newtonsoft.Json;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    internal static class DefaultBehavior
+    {
+        internal static readonly Action<CookieApplyRedirectContext> ApplyRedirect = context =>
+        {
+            if (IsAjaxRequest(context.Request))
+            {
+                string jsonResponse = JsonConvert.SerializeObject(new
+                {
+                    status = context.Response.StatusCode,
+                    headers = new
+                    {
+                        location = context.RedirectUri
+                    }
+                }, Formatting.None);
+
+                context.Response.StatusCode = 200;
+                context.Response.Headers.Append("X-Responded-JSON", jsonResponse);
+            }
+            else
+            {
+                context.Response.Redirect(context.RedirectUri);
+            }
+        };
+
+        private static bool IsAjaxRequest(HttpRequest request)
+        {
+            IReadableStringCollection query = request.Query;
+            if (query != null)
+            {
+                if (query["X-Requested-With"] == "XMLHttpRequest")
+                {
+                    return true;
+                }
+            }
+
+            IHeaderDictionary headers = request.Headers;
+            if (headers != null)
+            {
+                if (headers["X-Requested-With"] == "XMLHttpRequest")
+                {
+                    return true;
+                }
+            }
+            return false;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/ICookieAuthenticationProvider.cs b/src/Microsoft.AspNet.Security.Cookies/Provider/ICookieAuthenticationProvider.cs
new file mode 100644
index 0000000000..f33a22259f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Provider/ICookieAuthenticationProvider.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Specifies callback methods which the <see cref="CookieAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// </summary>
+    public interface ICookieAuthenticationProvider
+    {
+        /// <summary>
+        /// Called each time a request identity has been validated by the middleware. By implementing this method the
+        /// application may alter or reject the identity which has arrived with the request.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ValidateIdentity(CookieValidateIdentityContext context);
+
+        /// <summary>
+        /// Called when an endpoint has provided sign in information before it is converted into a cookie. By
+        /// implementing this method the claims and extra information that go into the ticket may be altered.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        void ResponseSignIn(CookieResponseSignInContext context);
+
+        /// <summary>
+        /// Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        void ApplyRedirect(CookieApplyRedirectContext context);
+
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as information about the authentication cookie.</param>
+        void ResponseSignOut(CookieResponseSignOutContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
new file mode 100644
index 0000000000..ee461aabbd
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -0,0 +1,42 @@
+{
+  "version": "0.1-alpha-*",
+  "dependencies": {
+    "Newtonsoft.Json": "5.0.8",
+    "Microsoft.AspNet.Security": "0.1-alpha-*",
+    "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
+    "Microsoft.AspNet.ConfigurationModel": "0.1-alpha-*",
+    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
+    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
+    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
+    "Microsoft.AspNet.Logging": "0.1-alpha-*",
+    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*"
+  },
+  "configurations": {
+    "net45": {},
+    "k10": {
+      "dependencies": {
+        "System.Collections": "4.0.0.0",
+        "System.Console": "4.0.0.0",
+        "System.ComponentModel": "4.0.0.0",
+        "System.Diagnostics.Debug": "4.0.10.0",
+        "System.Diagnostics.Tools": "4.0.0.0",
+        "System.Globalization": "4.0.10.0",
+        "System.IO": "4.0.0.0",
+        "System.IO.Compression": "4.0.0.0",
+        "System.IO.FileSystem": "4.0.0.0",
+        "System.IO.FileSystem.Primitives": "4.0.0.0",
+        "System.Linq": "4.0.0.0",
+        "System.Reflection": "4.0.10.0",
+        "System.Resources.ResourceManager": "4.0.0.0",
+        "System.Runtime": "4.0.20.0",
+        "System.Runtime.Extensions": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.10.0",
+        "System.Security.Claims": "0.1-alpha-*",
+        "System.Security.Principal" : "4.0.0.0",
+        "System.Threading": "4.0.0.0",
+        "System.Threading.Tasks": "4.0.0.0"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
index 262bce7f3e..bfd63df993 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
@@ -1,5 +1,11 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
+using System;
+using System.Collections.Generic;
+using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.PipelineCore.Security;
+
 namespace Microsoft.AspNet.Security
 {
     /// <summary>
diff --git a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
index ac2e31006f..2b910d9445 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
@@ -1,6 +1,12 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
+using System;
+using System.Collections.Generic;
 using System.Security.Claims;
+using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.PipelineCore.Security;
+using Microsoft.AspNet.Security.Infrastructure;
 
 namespace Microsoft.AspNet.Security
 {
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
index 8c1ade928f..a549c3740d 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
@@ -1,5 +1,5 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
-/* TODO:
+#if NET45
 using System;
 using System.Collections.Generic;
 using System.Net.Security;
@@ -85,4 +85,4 @@ namespace Microsoft.AspNet.Security
         }
     }
 }
-*/
\ No newline at end of file
+#endif
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
index 119b553f21..0896c72d97 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
@@ -1,5 +1,5 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
-/* TODO:
+#if NET45
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
@@ -132,4 +132,4 @@ namespace Microsoft.AspNet.Security
         }
     }
 }
-*/
\ No newline at end of file
+#endif
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
index cc1fddf397..464d579011 100644
--- a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
@@ -1,5 +1,5 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
-/* TODO:
+#if NET45
 using System;
 using System.Collections.Generic;
 using System.Net.Security;
@@ -78,4 +78,4 @@ namespace Microsoft.AspNet.Security
         }
     }
 }
-*/
\ No newline at end of file
+#endif
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
index 54d69c4f57..43aab1c990 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
@@ -1,5 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Abstractions.Security;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
 using Microsoft.AspNet.Security.DataProtection;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
index 59585f6f9b..b46f5dcb98 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
@@ -1,5 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Abstractions.Security;
+
 namespace Microsoft.AspNet.Security.DataHandler.Serializer
 {
     public static class DataSerializers
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
index 2675932fc3..1ba7164059 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
@@ -4,6 +4,7 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
+using Microsoft.AspNet.Abstractions.Security;
 
 namespace Microsoft.AspNet.Security.DataHandler.Serializer
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
index 4ca3c0a6af..de3abbd92e 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.IO;
 using System.IO.Compression;
 using System.Linq;
@@ -98,7 +99,7 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
                 claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
             }
             var identity = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
-            AuthenticationProperties properties = PropertiesSerializer.Read(reader);
+            var properties = PropertiesSerializer.Read(reader);
             return new AuthenticationTicket(identity, properties);
         }
 
diff --git a/src/Microsoft.AspNet.Security/ICertificateValidator.cs b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
index 8d062aecfe..3b84fb4850 100644
--- a/src/Microsoft.AspNet.Security/ICertificateValidator.cs
+++ b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
@@ -1,5 +1,5 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
-/* TODO:
+#if NET45
 using System;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
@@ -25,4 +25,4 @@ namespace Microsoft.AspNet.Security
         bool Validate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
     }
 }
-*/
\ No newline at end of file
+#endif
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 39d6596d3c..986826f792 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -1,25 +1,29 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
+using System.Linq;
+using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
-using Microsoft.AspNet.Abstractions;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
     /// <summary>
     /// Base class for the per-request work performed by most authentication middleware.
     /// </summary>
-    public abstract class AuthenticationHandler
+    public abstract class AuthenticationHandler : IAuthenticationHandler
     {
+#if NET45
         private static readonly RNGCryptoServiceProvider Random = new RNGCryptoServiceProvider();
-
-        private object _registration;
-
+#endif
         private Task<AuthenticationTicket> _authenticate;
         private bool _authenticateInitialized;
         private object _authenticateSyncLock;
@@ -30,6 +34,10 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         private AuthenticationOptions _baseOptions;
 
+        protected IChallengeContext ChallengeContext { get; set; }
+        protected SignInIdentityContext SignInIdentityContext { get; set; }
+        protected ISignOutContext SignOutContext { get; set; }
+
         protected HttpContext Context { get; private set; }
 
         protected HttpRequest Request
@@ -43,21 +51,21 @@ namespace Microsoft.AspNet.Security.Infrastructure
         }
 
         protected PathString RequestPathBase { get; private set; }
-        protected SecurityHelper Helper { get; private set; }
 
         internal AuthenticationOptions BaseOptions
         {
             get { return _baseOptions; }
         }
 
+        public IAuthenticationHandler PriorHandler { get; set; }
+
         protected async Task BaseInitializeAsync(AuthenticationOptions options, HttpContext context)
         {
             _baseOptions = options;
             Context = context;
-            Helper = new SecurityHelper(context);
             RequestPathBase = Request.PathBase;
 
-            _registration = Request.RegisterAuthenticationHandler(this);
+            RegisterAuthenticationHandler();
 
             Response.OnSendingHeaders(OnSendingHeaderCallback, this);
 
@@ -68,7 +76,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 AuthenticationTicket ticket = await AuthenticateAsync();
                 if (ticket != null && ticket.Identity != null)
                 {
-                    Helper.AddUserIdentity(ticket.Identity);
+                    Context.AddUserIdentity(ticket.Identity);
                 }
             }
         }
@@ -76,12 +84,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
         private static void OnSendingHeaderCallback(object state)
         {
             AuthenticationHandler handler = (AuthenticationHandler)state;
-            handler.ApplyResponseAsync().Wait();
+            handler.ApplyResponse();
         }
 
         protected virtual Task InitializeCoreAsync()
         {
-            return Task.FromResult<object>(null);
+            return Task.FromResult(0);
         }
 
         /// <summary>
@@ -92,12 +100,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
         {
             await ApplyResponseAsync();
             await TeardownCoreAsync();
-            Request.UnregisterAuthenticationHandler(_registration);
+            UnregisterAuthenticationHandler();
         }
 
         protected virtual Task TeardownCoreAsync()
         {
-            return Task.FromResult<object>(null);
+            return Task.FromResult(0);
         }
 
         /// <summary>
@@ -113,6 +121,63 @@ namespace Microsoft.AspNet.Security.Infrastructure
             return Task.FromResult<bool>(false);
         }
 
+        public virtual void GetDescriptions(DescriptionDelegate callback, object state)
+        {
+            callback(BaseOptions.Description.Dictionary, state);
+            if (PriorHandler != null)
+            {
+                PriorHandler.GetDescriptions(callback, state);
+            }
+        }
+
+        public virtual void Authenticate(IAuthenticateContext context)
+        {
+            if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
+            {
+                AuthenticationTicket ticket = Authenticate();
+                if (ticket != null && ticket.Identity != null)
+                {
+                    context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
+                }
+            }
+
+            if (PriorHandler != null)
+            {
+                PriorHandler.Authenticate(context);
+            }
+        }
+
+        public AuthenticationTicket Authenticate()
+        {
+            return LazyInitializer.EnsureInitialized(
+                ref _authenticate,
+                ref _authenticateInitialized,
+                ref _authenticateSyncLock,
+                () =>
+                {
+                    return Task.FromResult(AuthenticateCore());
+                }).Result;
+        }
+
+        protected abstract AuthenticationTicket AuthenticateCore();
+
+        public virtual async Task AuthenticateAsync(IAuthenticateContext context)
+        {
+            if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
+            {
+                AuthenticationTicket ticket = await AuthenticateAsync();
+                if (ticket != null && ticket.Identity != null)
+                {
+                    context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
+                }
+            }
+
+            if (PriorHandler != null)
+            {
+                await PriorHandler.AuthenticateAsync(context);
+            }
+        }
+
         /// <summary>
         /// Causes the authentication logic in AuthenticateCore to be performed for the current request 
         /// at most once and returns the results. Calling Authenticate more than once will always return 
@@ -135,7 +200,29 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// once per request. Do not call directly, call the wrapping Authenticate method instead.
         /// </summary>
         /// <returns>The ticket data provided by the authentication logic</returns>
-        protected abstract Task<AuthenticationTicket> AuthenticateCoreAsync();
+        protected virtual Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            return Task.FromResult(AuthenticateCore());
+        }
+
+        private void ApplyResponse()
+        {
+            LazyInitializer.EnsureInitialized(
+                ref _applyResponse,
+                ref _applyResponseInitialized,
+                ref _applyResponseSyncLock,
+                () =>
+                {
+                    ApplyResponseCore();
+                    return Task.FromResult(0);
+                }).Wait(); // Block if the async version is in progress.
+        }
+
+        protected virtual void ApplyResponseCore()
+        {
+            ApplyResponseGrant();
+            ApplyResponseChallenge();
+        }
 
         /// <summary>
         /// Causes the ApplyResponseCore to be invoked at most once per request. This method will be
@@ -163,6 +250,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
             await ApplyResponseChallengeAsync();
         }
 
+        protected abstract void ApplyResponseGrant();
+
         /// <summary>
         /// Override this method to dela with sign-in/sign-out concerns, if an authentication scheme in question
         /// deals with grant/revoke as part of it's request flow. (like setting/deleting cookies)
@@ -170,18 +259,67 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// <returns></returns>
         protected virtual Task ApplyResponseGrantAsync()
         {
-            return Task.FromResult<object>(null);
+            ApplyResponseGrant();
+            return Task.FromResult(0);
         }
 
+        public virtual void SignIn(ISignInContext context)
+        {
+            ClaimsIdentity identity;
+            if (SecurityHelper.LookupSignIn(context.User, BaseOptions.AuthenticationType, out identity))
+            {
+                SignInIdentityContext = new SignInIdentityContext(identity, new AuthenticationProperties(context.Properties));
+                SignOutContext = null;
+                context.Ack(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+            }
+
+            if (PriorHandler != null)
+            {
+                PriorHandler.SignIn(context);
+            }
+        }
+
+        public virtual void SignOut(ISignOutContext context)
+        {
+            if (SecurityHelper.LookupSignOut(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
+            {
+                SignInIdentityContext = null;
+                SignOutContext = context;
+                context.Ack(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+            }
+
+            if (PriorHandler != null)
+            {
+                PriorHandler.SignOut(context);
+            }
+        }
+
+        public virtual void Challenge(IChallengeContext context)
+        {
+            if (SecurityHelper.LookupChallenge(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
+            {
+                ChallengeContext = context;
+                context.Ack(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+            }
+
+            if (PriorHandler != null)
+            {
+                PriorHandler.Challenge(context);
+            }
+        }
+
+        protected abstract void ApplyResponseChallenge();
+
         /// <summary>
-        /// Override this method to dela with 401 challenge concerns, if an authentication scheme in question
+        /// Override this method to deal with 401 challenge concerns, if an authentication scheme in question
         /// deals an authentication interaction as part of it's request flow. (like adding a response header, or
         /// changing the 401 result to 302 of a login page or external sign-in location.)
         /// </summary>
         /// <returns></returns>
         protected virtual Task ApplyResponseChallengeAsync()
         {
-            return Task.FromResult<object>(null);
+            ApplyResponseChallenge();
+            return Task.FromResult(0);
         }
 
         protected void GenerateCorrelationId(AuthenticationProperties properties)
@@ -194,7 +332,11 @@ namespace Microsoft.AspNet.Security.Infrastructure
             string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
 
             var nonceBytes = new byte[32];
+#if NET45
             Random.GetBytes(nonceBytes);
+#else
+            Microsoft.AspNet.Security.DataProtection.CryptRand.FillBuffer(new ArraySegment<byte>(nonceBytes));
+#endif
             string correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
 
             var cookieOptions = new CookieOptions
@@ -248,5 +390,18 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
             return true;
         }
+
+        private void RegisterAuthenticationHandler()
+        {
+            var auth = Context.GetAuthentication();
+            PriorHandler = auth.Handler;
+            auth.Handler = this;
+        }
+
+        private void UnregisterAuthenticationHandler()
+        {
+            var auth = Context.GetAuthentication();
+            auth.Handler = PriorHandler;
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index a77eb080e6..c50afdc3c7 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -23,7 +23,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public TOptions Options { get; set; }
 
-        public override async Task Invoke(HttpContext context)
+        public async Task Invoke(HttpContext context)
         {
             AuthenticationHandler<TOptions> handler = CreateHandler();
             await handler.Initialize(Options, context);
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
new file mode 100644
index 0000000000..a46ef4079c
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
@@ -0,0 +1,20 @@
+using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.PipelineCore.Security;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    internal static class HttpContextExtensions
+    {
+        internal static IHttpAuthentication GetAuthentication(this HttpContext context)
+        {
+            var auth = context.GetFeature<IHttpAuthentication>();
+            if (auth == null)
+            {
+                auth = new DefaultHttpAuthentication();
+                context.SetFeature<IHttpAuthentication>(auth);
+            }
+            return auth;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs b/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
new file mode 100644
index 0000000000..cca20fbcb1
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    /// <summary>
+    /// Abstracts the system clock to facilitate testing.
+    /// </summary>
+    public interface ISystemClock
+    {
+        /// <summary>
+        /// Retrieves the current system time in UTC.
+        /// </summary>
+        DateTimeOffset UtcNow { get; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs
deleted file mode 100644
index 6fafca551d..0000000000
--- a/src/Microsoft.AspNet.Security/Infrastructure/OwinRequestExtensions.cs
+++ /dev/null
@@ -1,72 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Principal;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Abstractions;
-
-namespace Microsoft.AspNet.Security.Infrastructure
-{
-    // TODO: comment function documentations
-    using AuthenticateCallback = Action<IIdentity, IDictionary<string, string>, IDictionary<string, object>, object>;
-    using AuthenticateDelegate = Func<string[], Action<IIdentity, IDictionary<string, string>, IDictionary<string, object>, object>, object, Task>;
-
-    internal static class OwinRequestExtensions
-    {
-        public static object RegisterAuthenticationHandler(this HttpRequest request, AuthenticationHandler handler)
-        {
-            var chained = request.Get<AuthenticateDelegate>(Constants.SecurityAuthenticate);
-            var hook = new Hook(handler, chained);
-            request.Set<AuthenticateDelegate>(Constants.SecurityAuthenticate, hook.AuthenticateAsync);
-            return hook;
-        }
-
-        public static void UnregisterAuthenticationHandler(this HttpRequest request, object registration)
-        {
-            var hook = registration as Hook;
-            if (hook == null)
-            {
-                throw new InvalidOperationException(Resources.Exception_UnhookAuthenticationStateType);
-            }
-            request.Set(Constants.SecurityAuthenticate, hook.Chained);
-        }
-
-        private class Hook
-        {
-            private readonly AuthenticationHandler _handler;
-
-            public Hook(AuthenticationHandler handler, AuthenticateDelegate chained)
-            {
-                _handler = handler;
-                Chained = chained;
-            }
-
-            public AuthenticateDelegate Chained { get; private set; }
-
-            public async Task AuthenticateAsync(
-                string[] authenticationTypes,
-                AuthenticateCallback callback,
-                object state)
-            {
-                if (authenticationTypes == null)
-                {
-                    callback(null, null, _handler.BaseOptions.Description.Properties, state);
-                }
-                else if (authenticationTypes.Contains(_handler.BaseOptions.AuthenticationType, StringComparer.Ordinal))
-                {
-                    AuthenticationTicket ticket = await _handler.AuthenticateAsync();
-                    if (ticket != null && ticket.Identity != null)
-                    {
-                        callback(ticket.Identity, ticket.Properties.Dictionary, _handler.BaseOptions.Description.Properties, state);
-                    }
-                }
-                if (Chained != null)
-                {
-                    await Chained(authenticationTypes, callback, state);
-                }
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
index a24b7245fd..7275da262c 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
 using Microsoft.AspNet.Abstractions;
@@ -10,29 +12,13 @@ namespace Microsoft.AspNet.Security.Infrastructure
     /// <summary>
     /// Helper code used when implementing authentication middleware
     /// </summary>
-    public struct SecurityHelper
+    public static class SecurityHelper
     {
-        private readonly HttpContext _context;
-
         /// <summary>
-        /// Helper code used when implementing authentication middleware
-        /// </summary>
-        /// <param name="context"></param>
-        public SecurityHelper(HttpContext context)
-        {
-            if (context == null)
-            {
-                throw new ArgumentNullException("context");
-            }
-
-            _context = context;
-        }
-
-        /// <summary>
-        /// Add an additional ClaimsIdentity to the ClaimsPrincipal in the "server.User" environment key
+        /// Add an additional ClaimsIdentity to the ClaimsPrincipal
         /// </summary>
         /// <param name="identity"></param>
-        public void AddUserIdentity(IIdentity identity)
+        public static void AddUserIdentity(this HttpContext context, IIdentity identity)
         {
             if (identity == null)
             {
@@ -40,88 +26,46 @@ namespace Microsoft.AspNet.Security.Infrastructure
             }
             var newClaimsPrincipal = new ClaimsPrincipal(identity);
 
-            IPrincipal existingPrincipal = _context.Request.User;
+            ClaimsPrincipal existingPrincipal = context.User;
             if (existingPrincipal != null)
             {
-                var existingClaimsPrincipal = existingPrincipal as ClaimsPrincipal;
-                if (existingClaimsPrincipal == null)
+                foreach (var existingClaimsIdentity in existingPrincipal.Identities)
                 {
-                    IIdentity existingIdentity = existingPrincipal.Identity;
-                    if (existingIdentity.IsAuthenticated)
+                    if (existingClaimsIdentity.IsAuthenticated)
                     {
-                        newClaimsPrincipal.AddIdentity(existingIdentity as ClaimsIdentity ?? new ClaimsIdentity(existingIdentity));
-                    }
-                }
-                else
-                {
-                    foreach (var existingClaimsIdentity in existingClaimsPrincipal.Identities)
-                    {
-                        if (existingClaimsIdentity.IsAuthenticated)
-                        {
-                            newClaimsPrincipal.AddIdentity(existingClaimsIdentity);
-                        }
+                        newClaimsPrincipal.AddIdentity(existingClaimsIdentity);
                     }
                 }
             }
-            _context.Request.User = newClaimsPrincipal;
+            context.User = newClaimsPrincipal;
         }
 
-        /// <summary>
-        /// Find response challenge details for a specific authentication middleware
-        /// </summary>
-        /// <param name="authenticationType">The authentication type to look for</param>
-        /// <param name="authenticationMode">The authentication mode the middleware is running under</param>
-        /// <returns>The information instructing the middleware how it should behave</returns>
-        public AuthenticationResponseChallenge LookupChallenge(string authenticationType, AuthenticationMode authenticationMode)
+        public static bool LookupChallenge(IList<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
         {
-            if (authenticationType == null)
+            bool challengeHasAuthenticationTypes = authenticationTypes != null && authenticationTypes.Any();
+            if (!challengeHasAuthenticationTypes)
             {
-                throw new ArgumentNullException("authenticationType");
+                return authenticationMode == AuthenticationMode.Active;
             }
-
-            AuthenticationResponseChallenge challenge = _context.Authentication.AuthenticationResponseChallenge;
-            bool challengeHasAuthenticationTypes = challenge != null && challenge.AuthenticationTypes != null && challenge.AuthenticationTypes.Length != 0;
-            if (challengeHasAuthenticationTypes == false)
-            {
-                return authenticationMode == AuthenticationMode.Active ? (challenge ?? new AuthenticationResponseChallenge(null, null)) : null;
-            }
-            foreach (var challengeType in challenge.AuthenticationTypes)
-            {
-                if (string.Equals(challengeType, authenticationType, StringComparison.Ordinal))
-                {
-                    return challenge;
-                }
-            }
-            return null;
+            return authenticationTypes.Contains(authenticationType, StringComparer.Ordinal);
         }
 
         /// <summary>
         /// Find response sign-in details for a specific authentication middleware
         /// </summary>
         /// <param name="authenticationType">The authentication type to look for</param>
-        /// <returns>The information instructing the middleware how it should behave</returns>
-        public AuthenticationResponseGrant LookupSignIn(string authenticationType)
+        public static bool LookupSignIn(ClaimsPrincipal user, string authenticationType, out ClaimsIdentity identity)
         {
-            if (authenticationType == null)
-            {
-                throw new ArgumentNullException("authenticationType");
-            }
-
-            AuthenticationResponseGrant grant = _context.Authentication.AuthenticationResponseGrant;
-            if (grant == null)
-            {
-                return null;
-            }
-
-            foreach (var claimsIdentity in grant.Principal.Identities)
+            identity = null;
+            foreach (var claimsIdentity in user.Identities)
             {
                 if (string.Equals(authenticationType, claimsIdentity.AuthenticationType, StringComparison.Ordinal))
                 {
-                    return new AuthenticationResponseGrant(claimsIdentity, grant.Properties ?? new AuthenticationProperties());
+                    identity = claimsIdentity;
+                    return true;
                 }
             }
-
-            return null;
+            return false;
         }
 
         /// <summary>
@@ -129,60 +73,14 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// </summary>
         /// <param name="authenticationType">The authentication type to look for</param>
         /// <param name="authenticationMode">The authentication mode the middleware is running under</param>
-        /// <returns>The information instructing the middleware how it should behave</returns>
-        public AuthenticationResponseRevoke LookupSignOut(string authenticationType, AuthenticationMode authenticationMode)
+        public static bool LookupSignOut(IList<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
         {
-            if (authenticationType == null)
+            bool singOutHasAuthenticationTypes = authenticationTypes != null && authenticationTypes.Any();
+            if (!singOutHasAuthenticationTypes)
             {
-                throw new ArgumentNullException("authenticationType");
+                return authenticationMode == AuthenticationMode.Active;
             }
-
-            AuthenticationResponseRevoke revoke = _context.Authentication.AuthenticationResponseRevoke;
-            if (revoke == null)
-            {
-                return null;
-            }
-            if (revoke.AuthenticationTypes == null || revoke.AuthenticationTypes.Length == 0)
-            {
-                return authenticationMode == AuthenticationMode.Active ? revoke : null;
-            }
-            for (int index = 0; index != revoke.AuthenticationTypes.Length; ++index)
-            {
-                if (String.Equals(authenticationType, revoke.AuthenticationTypes[index], StringComparison.Ordinal))
-                {
-                    return revoke;
-                }
-            }
-            return null;
+            return authenticationTypes.Contains(authenticationType, StringComparer.Ordinal);            
         }
-
-        #region Value-type equality
-
-        public bool Equals(SecurityHelper other)
-        {
-            return Equals(_context, other._context);
-        }
-
-        public override bool Equals(object obj)
-        {
-            return obj is SecurityHelper && Equals((SecurityHelper)obj);
-        }
-
-        public override int GetHashCode()
-        {
-            return (_context != null ? _context.GetHashCode() : 0);
-        }
-
-        public static bool operator ==(SecurityHelper left, SecurityHelper right)
-        {
-            return left.Equals(right);
-        }
-
-        public static bool operator !=(SecurityHelper left, SecurityHelper right)
-        {
-            return !left.Equals(right);
-        }
-
-        #endregion
     }
 }
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
new file mode 100644
index 0000000000..087de642c6
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
@@ -0,0 +1,17 @@
+using System.Security.Claims;
+using Microsoft.AspNet.Abstractions.Security;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    public class SignInIdentityContext
+    {
+        public SignInIdentityContext(ClaimsIdentity identity, AuthenticationProperties properties)
+        {
+            Identity = identity;
+            Properties = properties;
+        }
+
+        public ClaimsIdentity Identity { get; private set; }
+        public AuthenticationProperties Properties { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs b/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs
new file mode 100644
index 0000000000..2dcbca0fe9
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.Infrastructure
+{
+    /// <summary>
+    /// Provides access to the normal system clock.
+    /// </summary>
+    public class SystemClock : ISystemClock
+    {
+        /// <summary>
+        /// Retrieves the current system time in UTC.
+        /// </summary>
+        public DateTimeOffset UtcNow
+        {
+            get
+            {
+                // the clock measures whole seconds only, to have integral expires_in results, and
+                // because milliseconds do not round-trip serialization formats
+                DateTimeOffset utcNow = DateTimeOffset.UtcNow;
+                return utcNow.AddMilliseconds(-utcNow.Millisecond);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
index 02bb1dbecc..77c193bb47 100644
--- a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
@@ -13,6 +13,5 @@ namespace Microsoft.AspNet.Security.Notifications
         public bool Cancel { get; set; }
         public Exception Exception { get; set; }
         public TMessage ProtocolMessage { get; set; }
-        public int StatusCode { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
index 6bf2fed5ff..af81a2dbff 100644
--- a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
@@ -10,6 +10,5 @@ namespace Microsoft.AspNet.Security.Notifications
 
         public bool Cancel { get; set; }
         public TMessage ProtocolMessage { get; set; }
-        public int StatusCode { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
index d31689aee1..a8a1dcfd57 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
@@ -10,8 +10,6 @@ namespace Microsoft.AspNet.Security.Notifications
 
         public bool Cancel { get; set; }
 
-        public int StatusCode { get; set; }
-
         public bool IsRequestCompleted { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
index 18d466d563..91dfb87938 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
@@ -10,6 +10,5 @@ namespace Microsoft.AspNet.Security.Notifications
 
         public bool Cancel { get; set; }
         public TMessage ProtocolMessage { get; set; }
-        public int StatusCode { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
index ecd03f77ac..2ac5c33684 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
@@ -10,6 +10,5 @@ namespace Microsoft.AspNet.Security.Notifications
 
         public bool Cancel { get; set; }
         public string SecurityToken { get; set; }
-        public int StatusCode { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
index 55f56cad1f..963266e935 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
@@ -10,6 +10,5 @@ namespace Microsoft.AspNet.Security.Notifications
 
         public AuthenticationTicket AuthenticationTicket { get; set; }
         public bool Cancel { get; set; }
-        public int StatusCode { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
index 6d3e16f671..13e712eb9f 100644
--- a/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
@@ -3,6 +3,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
 using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Abstractions.Security;
 
 namespace Microsoft.AspNet.Security.Provider
 {
diff --git a/src/Microsoft.AspNet.Security/Resources.Designer.cs b/src/Microsoft.AspNet.Security/Resources.Designer.cs
index f7bfbfaf71..26e74bb6c0 100644
--- a/src/Microsoft.AspNet.Security/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Security/Resources.Designer.cs
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Resources", typeof(Resources).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 5106bf0151..dab15d9534 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -8,7 +8,7 @@
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
     "Microsoft.AspNet.Logging": "0.1-alpha-*",
-	"Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*"
+    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*"
   },
   "configurations": {
     "net45": {},

From 2b226c936f11527238cdc5c87710363347d77393 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 1 Apr 2014 17:18:37 -0700
Subject: [PATCH 004/900] Update for latest abstraction contracts.

---
 samples/CookieSample/Startup.cs                   |  2 +-
 .../project.json                                  |  4 ++--
 .../Infrastructure/AuthenticationHandler.cs       | 15 ++++++++-------
 .../Infrastructure/SecurityHelper.cs              |  4 ++--
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 9c2c29e185..35aa1f5d35 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -27,7 +27,7 @@ namespace CookieSample
             {
                 if (context.User == null || !context.User.Identity.IsAuthenticated)
                 {
-                    context.Authentication.SignIn(new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "bob") }, CookieAuthenticationDefaults.AuthenticationType)));                    
+                    context.Response.SignIn(new ClaimsIdentity(new[] { new Claim("name", "bob") }, CookieAuthenticationDefaults.AuthenticationType));                    
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index ee461aabbd..d446612a1e 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -31,11 +31,11 @@
         "System.Resources.ResourceManager": "4.0.0.0",
         "System.Runtime": "4.0.20.0",
         "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.20.0",
         "System.Security.Claims": "0.1-alpha-*",
         "System.Security.Principal" : "4.0.0.0",
         "System.Threading": "4.0.0.0",
-        "System.Threading.Tasks": "4.0.0.0"
+        "System.Threading.Tasks": "4.0.10.0"
       }
     }
   }
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 986826f792..3efed452ab 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -121,12 +121,13 @@ namespace Microsoft.AspNet.Security.Infrastructure
             return Task.FromResult<bool>(false);
         }
 
-        public virtual void GetDescriptions(DescriptionDelegate callback, object state)
+        public virtual void GetDescriptions(IAuthTypeContext authTypeContext)
         {
-            callback(BaseOptions.Description.Dictionary, state);
+            authTypeContext.Accept(BaseOptions.Description.Dictionary);
+
             if (PriorHandler != null)
             {
-                PriorHandler.GetDescriptions(callback, state);
+                PriorHandler.GetDescriptions(authTypeContext);
             }
         }
 
@@ -266,11 +267,11 @@ namespace Microsoft.AspNet.Security.Infrastructure
         public virtual void SignIn(ISignInContext context)
         {
             ClaimsIdentity identity;
-            if (SecurityHelper.LookupSignIn(context.User, BaseOptions.AuthenticationType, out identity))
+            if (SecurityHelper.LookupSignIn(context.Identities, BaseOptions.AuthenticationType, out identity))
             {
                 SignInIdentityContext = new SignInIdentityContext(identity, new AuthenticationProperties(context.Properties));
                 SignOutContext = null;
-                context.Ack(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
             }
 
             if (PriorHandler != null)
@@ -285,7 +286,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
             {
                 SignInIdentityContext = null;
                 SignOutContext = context;
-                context.Ack(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
             }
 
             if (PriorHandler != null)
@@ -299,7 +300,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
             if (SecurityHelper.LookupChallenge(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
             {
                 ChallengeContext = context;
-                context.Ack(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
             }
 
             if (PriorHandler != null)
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
index 7275da262c..0337c4f481 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
@@ -54,10 +54,10 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// Find response sign-in details for a specific authentication middleware
         /// </summary>
         /// <param name="authenticationType">The authentication type to look for</param>
-        public static bool LookupSignIn(ClaimsPrincipal user, string authenticationType, out ClaimsIdentity identity)
+        public static bool LookupSignIn(IList<ClaimsIdentity> identities, string authenticationType, out ClaimsIdentity identity)
         {
             identity = null;
-            foreach (var claimsIdentity in user.Identities)
+            foreach (var claimsIdentity in identities)
             {
                 if (string.Equals(authenticationType, claimsIdentity.AuthenticationType, StringComparison.Ordinal))
                 {

From d83d2e98d69a6f9beb29d33f89363109eeee44d6 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 3 Apr 2014 10:43:11 -0700
Subject: [PATCH 005/900] Review cleanup, fallback logger, CreateDataProtecter
 extension.

---
 samples/CookieSample/Startup.cs               |  3 --
 .../CookieAuthenticationExtensions.cs         | 31 ++++++++++++-------
 .../CookieAuthenticationHandler.cs            |  5 ++-
 .../CookieAuthenticationMiddleware.cs         |  4 +--
 .../DataProtection/BuilderExtensions.cs       | 26 ++++++++++++++++
 .../Infrastructure/AuthenticationHandler.cs   | 11 ++-----
 src/Microsoft.AspNet.Security/project.json    |  1 +
 7 files changed, 54 insertions(+), 27 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 35aa1f5d35..a465d7884c 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -15,9 +15,6 @@ namespace CookieSample
     {
         public void Configuration(IBuilder app)
         {
-            Console.WriteLine("Attach");
-            Console.ReadKey();
-
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
                 {
 
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 91d926ab95..3afed37607 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -26,28 +26,37 @@ namespace Microsoft.AspNet
             {
                 throw new ArgumentNullException("app");
             }
-            /*
+
             // TODO: Extension methods for this?
-            var loggerFactory = (ILoggerFactory)app.ServiceProvider.GetService(typeof(ILoggerFactory));
+            var loggerFactory = (ILoggerFactory)app.ServiceProvider.GetService(typeof(ILoggerFactory)) ?? new NullLoggerFactory();
             ILogger logger = loggerFactory.Create(typeof(CookieAuthenticationMiddleware).FullName);
-            */
-            ILogger logger = null;
 
             if (options.TicketDataFormat == null)
             {
-                /* TODO: Add DPP extensions
                 IDataProtector dataProtector = app.CreateDataProtector(
                     typeof(CookieAuthenticationMiddleware).FullName,
                     options.AuthenticationType, "v1");
-                */
-                var dataProtectionProvider = (IDataProtectionProvider)app.ServiceProvider.GetService(typeof(IDataProtectionProvider));
-                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(string.Join(";", typeof(CookieAuthenticationMiddleware).FullName, options.AuthenticationType, "v1"));
                 options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
 
-            app.Use(next => new CookieAuthenticationMiddleware(next, logger, options).Invoke);
-            // TODO: ? app.UseStageMarker(PipelineStage.Authenticate);
-            return app;
+            return app.Use(next => new CookieAuthenticationMiddleware(next, logger, options).Invoke);
+        }
+
+        // TODO: Temp workaround until the host reliably provides logging.
+        private class NullLoggerFactory : ILoggerFactory
+        {
+            public ILogger Create(string name)
+            {
+                return new NullLongger();
+            }
+        }
+
+        private class NullLongger : ILogger
+        {
+            public bool WriteCore(TraceType eventType, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
+            {
+                return false;
+            }
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 5378223c14..0c8bc2b3f3 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -27,11 +27,10 @@ namespace Microsoft.AspNet.Security.Cookies
 
         public CookieAuthenticationHandler(ILogger logger)
         {
-            /*
             if (logger == null)
             {
                 throw new ArgumentNullException("logger");
-            }*/
+            }
             _logger = logger;
         }
 
@@ -53,7 +52,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
             if (ticket == null)
             {
-                // TODO: _logger.WriteWarning(@"Unprotect ticket failed");
+                _logger.WriteWarning(@"Unprotect ticket failed");
                 return null;
             }
 
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index b0ad64125f..0435a127ef 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -23,11 +23,11 @@ namespace Microsoft.AspNet.Security.Cookies
             if (String.IsNullOrEmpty(Options.CookieName))
             {
                 Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationType;
-            }/*
+            }
             if (logger == null)
             {
                 throw new ArgumentNullException("logger");
-            }*/
+            }
             _logger = logger;
         }
 
diff --git a/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs b/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs
new file mode 100644
index 0000000000..f441afdb78
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Abstractions;
+
+namespace Microsoft.AspNet.Security.DataProtection
+{
+    public static class BuilderExtensions
+    {
+        public static IDataProtector CreateDataProtector(this IBuilder app, params string[] purposes)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException("app");
+            }
+
+            var dataProtectionProvider = (IDataProtectionProvider)app.ServiceProvider.GetService(typeof(IDataProtectionProvider));
+            if (dataProtectionProvider == null)
+            {
+                dataProtectionProvider = DataProtectionProvider.CreateFromDpapi();
+            }
+
+            return dataProtectionProvider.CreateProtector(string.Join(";", purposes));
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 3efed452ab..f27c4d41b6 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -21,9 +21,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
     /// </summary>
     public abstract class AuthenticationHandler : IAuthenticationHandler
     {
-#if NET45
-        private static readonly RNGCryptoServiceProvider Random = new RNGCryptoServiceProvider();
-#endif
+        private static readonly RNGCryptoServiceProvider CryptoRandom = new RNGCryptoServiceProvider();
+
         private Task<AuthenticationTicket> _authenticate;
         private bool _authenticateInitialized;
         private object _authenticateSyncLock;
@@ -333,11 +332,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
             string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
 
             var nonceBytes = new byte[32];
-#if NET45
-            Random.GetBytes(nonceBytes);
-#else
-            Microsoft.AspNet.Security.DataProtection.CryptRand.FillBuffer(new ArraySegment<byte>(nonceBytes));
-#endif
+            CryptoRandom.GetBytes(nonceBytes);
             string correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
 
             var cookieOptions = new CookieOptions
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index dab15d9534..ded011e117 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -31,6 +31,7 @@
         "System.Runtime.Extensions": "4.0.10.0",
         "System.Runtime.InteropServices": "4.0.20.0",
         "System.Security.Claims": "0.1-alpha-*",
+        "System.Security.Cryptography.RandomNumberGenerator" : "4.0.0.0",
         "System.Security.Principal" : "4.0.0.0",
         "System.Threading": "4.0.0.0",
         "System.Threading.Tasks": "4.0.10.0"

From 551fca35d32f4d4c6e9ee121cbac0a3aa20caeb9 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 8 Apr 2014 11:28:08 -0700
Subject: [PATCH 006/900] Review cleanup, rename Provider to Notifications, use
 NotNull.

---
 samples/CookieSample/Startup.cs               | 31 ++++++++++---
 samples/CookieSample/project.json             |  2 +
 .../CookieAuthenticationExtensions.cs         | 44 +++----------------
 .../CookieAuthenticationHandler.cs            | 16 +++----
 .../CookieAuthenticationMiddleware.cs         | 15 ++++---
 .../CookieAuthenticationOptions.cs            |  4 +-
 .../NotNullAttribute.cs                       |  9 ++++
 .../CookieApplyRedirectContext.cs             |  2 +-
 .../CookieAuthenticationNotifications.cs}     |  8 ++--
 .../CookieResponseSignInContext.cs            |  2 +-
 .../CookieResponseSignOutContext.cs           |  2 +-
 .../CookieValidateIdentityContext.cs          |  9 +---
 .../DefaultBehavior.cs                        |  0
 .../ICookieAuthenticationNotifications.cs}    |  2 +-
 .../AppBuilderSecurityExtensions.cs           | 16 +------
 ...ertificateSubjectKeyIdentifierValidator.cs | 14 +-----
 ...ertificateSubjectPublicKeyInfoValidator.cs | 14 +-----
 .../CertificateThumbprintValidator.cs         | 14 +-----
 .../Encoder/Base64UrlTextEncoder.cs           | 14 +-----
 .../Serializer/PropertiesSerializer.cs        | 18 +-------
 .../Serializer/TicketSerializer.cs            | 18 +-------
 ...Extensions.cs => DataProtectionHelpers.cs} | 10 +----
 .../Infrastructure/AuthenticationHandler.cs   | 16 ++-----
 .../AuthenticationMiddleware.cs               |  7 +--
 .../AuthenticationTokenCreateContext.cs       | 22 +++-------
 .../AuthenticationTokenReceiveContext.cs      | 23 +++-------
 .../Infrastructure/NotNullAttribute.cs        |  9 ++++
 .../Infrastructure/SecurityHelper.cs          |  6 +--
 .../BaseContext.cs                            |  2 +-
 .../BaseContext`1.cs                          |  2 +-
 .../EndpointContext.cs                        |  2 +-
 .../EndpointContext`1.cs                      |  2 +-
 .../ReturnEndpointContext.cs                  |  2 +-
 33 files changed, 116 insertions(+), 241 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
 rename src/Microsoft.AspNet.Security.Cookies/{Provider => Notifications}/CookieApplyRedirectContext.cs (96%)
 rename src/Microsoft.AspNet.Security.Cookies/{Provider/CookieAuthenticationProvider.cs => Notifications/CookieAuthenticationNotifications.cs} (92%)
 rename src/Microsoft.AspNet.Security.Cookies/{Provider => Notifications}/CookieResponseSignInContext.cs (98%)
 rename src/Microsoft.AspNet.Security.Cookies/{Provider => Notifications}/CookieResponseSignOutContext.cs (96%)
 rename src/Microsoft.AspNet.Security.Cookies/{Provider => Notifications}/CookieValidateIdentityContext.cs (88%)
 rename src/Microsoft.AspNet.Security.Cookies/{Provider => Notifications}/DefaultBehavior.cs (100%)
 rename src/Microsoft.AspNet.Security.Cookies/{Provider/ICookieAuthenticationProvider.cs => Notifications/ICookieAuthenticationNotifications.cs} (97%)
 rename src/Microsoft.AspNet.Security/DataProtection/{BuilderExtensions.cs => DataProtectionHelpers.cs} (57%)
 create mode 100644 src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
 rename src/Microsoft.AspNet.Security/{Provider => Notifications}/BaseContext.cs (92%)
 rename src/Microsoft.AspNet.Security/{Provider => Notifications}/BaseContext`1.cs (94%)
 rename src/Microsoft.AspNet.Security/{Provider => Notifications}/EndpointContext.cs (91%)
 rename src/Microsoft.AspNet.Security/{Provider => Notifications}/EndpointContext`1.cs (95%)
 rename src/Microsoft.AspNet.Security/{Provider => Notifications}/ReturnEndpointContext.cs (95%)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index a465d7884c..cac42ca38d 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,13 +1,11 @@
 using System;
-using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet;
 using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Abstractions.Security;
-using Microsoft.AspNet.HttpFeature.Security;
-using Microsoft.AspNet.Security;
+using Microsoft.AspNet.DependencyInjection;
+using Microsoft.AspNet.DependencyInjection.Fallback;
+using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.Infrastructure;
 
 namespace CookieSample
 {
@@ -15,6 +13,11 @@ namespace CookieSample
     {
         public void Configuration(IBuilder app)
         {
+            // TODO: Move to host.
+            var serviceCollection = new ServiceCollection();
+            serviceCollection.AddInstance<ILoggerFactory>(new NullLoggerFactory());
+            app.ServiceProvider = serviceCollection.BuildServiceProvider(app.ServiceProvider);
+
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
                 {
 
@@ -35,5 +38,23 @@ namespace CookieSample
                 await context.Response.WriteAsync("Hello old timer");
             });
         }
+
+        // TODO: Temp workaround until the host reliably provides logging.
+        // If ILoggerFactory is never guaranteed, move this fallback into Microsoft.AspNet.Logging.
+        private class NullLoggerFactory : ILoggerFactory
+        {
+            public ILogger Create(string name)
+            {
+                return new NullLongger();
+            }
+        }
+
+        private class NullLongger : ILogger
+        {
+            public bool WriteCore(TraceType eventType, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
+            {
+                return false;
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index b25b4148d6..c5d7dde2cc 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -2,6 +2,7 @@
   "version": "0.1-alpha-*",
   "dependencies": {
     "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
     "Microsoft.AspNet.Security": "",
     "Microsoft.AspNet.Security.Cookies": "",
     "Microsoft.AspNet.Hosting": "0.1-alpha-*",
@@ -9,6 +10,7 @@
     "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
+    "Microsoft.AspNet.Logging": "0.1-alpha-*",
     "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*"
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server.name=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 3afed37607..c32f3e7b80 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -1,10 +1,9 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using System;
 using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.DependencyInjection;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet
@@ -20,43 +19,12 @@ namespace Microsoft.AspNet
         /// <param name="app">The IAppBuilder passed to your configuration method</param>
         /// <param name="options">An options class that controls the middleware behavior</param>
         /// <returns>The original app parameter</returns>
-        public static IBuilder UseCookieAuthentication(this IBuilder app, CookieAuthenticationOptions options)
+        public static IBuilder UseCookieAuthentication([NotNull] this IBuilder app, [NotNull] CookieAuthenticationOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException("app");
-            }
-
-            // TODO: Extension methods for this?
-            var loggerFactory = (ILoggerFactory)app.ServiceProvider.GetService(typeof(ILoggerFactory)) ?? new NullLoggerFactory();
-            ILogger logger = loggerFactory.Create(typeof(CookieAuthenticationMiddleware).FullName);
-
-            if (options.TicketDataFormat == null)
-            {
-                IDataProtector dataProtector = app.CreateDataProtector(
-                    typeof(CookieAuthenticationMiddleware).FullName,
-                    options.AuthenticationType, "v1");
-                options.TicketDataFormat = new TicketDataFormat(dataProtector);
-            }
-
-            return app.Use(next => new CookieAuthenticationMiddleware(next, logger, options).Invoke);
-        }
-
-        // TODO: Temp workaround until the host reliably provides logging.
-        private class NullLoggerFactory : ILoggerFactory
-        {
-            public ILogger Create(string name)
-            {
-                return new NullLongger();
-            }
-        }
-
-        private class NullLongger : ILogger
-        {
-            public bool WriteCore(TraceType eventType, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
-            {
-                return false;
-            }
+            // TODO: Use UseMiddleware to inject dependencies once it can discover Invoke from a base class.
+            var dataProtectionProvider = app.ServiceProvider.GetService<IDataProtectionProvider>();
+            var loggerFactory = app.ServiceProvider.GetService<ILoggerFactory>();
+            return app.Use(next => new CookieAuthenticationMiddleware(next, dataProtectionProvider, loggerFactory, options).Invoke);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 0c8bc2b3f3..b03e8a2e2a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -25,12 +25,8 @@ namespace Microsoft.AspNet.Security.Cookies
         private DateTimeOffset _renewIssuedUtc;
         private DateTimeOffset _renewExpiresUtc;
 
-        public CookieAuthenticationHandler(ILogger logger)
+        public CookieAuthenticationHandler([NotNull] ILogger logger)
         {
-            if (logger == null)
-            {
-                throw new ArgumentNullException("logger");
-            }
             _logger = logger;
         }
 
@@ -81,7 +77,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
             var context = new CookieValidateIdentityContext(Context, ticket, Options);
 
-            await Options.Provider.ValidateIdentity(context);
+            await Options.Notifications.ValidateIdentity(context);
 
             return new AuthenticationTicket(context.Identity, context.Properties);
         }
@@ -131,7 +127,7 @@ namespace Microsoft.AspNet.Security.Cookies
                     context.Properties.IssuedUtc = issuedUtc;
                     context.Properties.ExpiresUtc = expiresUtc;
 
-                    Options.Provider.ResponseSignIn(context);
+                    Options.Notifications.ResponseSignIn(context);
 
                     if (context.Properties.IsPersistent)
                     {
@@ -153,7 +149,7 @@ namespace Microsoft.AspNet.Security.Cookies
                         Options,
                         cookieOptions);
                     
-                    Options.Provider.ResponseSignOut(context);
+                    Options.Notifications.ResponseSignOut(context);
 
                     Response.Cookies.Delete(
                         Options.CookieName,
@@ -202,7 +198,7 @@ namespace Microsoft.AspNet.Security.Cookies
                         && IsHostRelative(redirectUri))
                     {
                         var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
-                        Options.Provider.ApplyRedirect(redirectContext);
+                        Options.Notifications.ApplyRedirect(redirectContext);
                     }
                 }
             }
@@ -242,7 +238,7 @@ namespace Microsoft.AspNet.Security.Cookies
                 new QueryString(Options.ReturnUrlParameter, currentUri);
 
             var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
-            Options.Provider.ApplyRedirect(redirectContext);
+            Options.Notifications.ApplyRedirect(redirectContext);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 0435a127ef..7b1919c910 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -13,22 +13,25 @@ namespace Microsoft.AspNet.Security.Cookies
     {
         private readonly ILogger _logger;
 
-        public CookieAuthenticationMiddleware(RequestDelegate next, ILogger logger, CookieAuthenticationOptions options)
+        public CookieAuthenticationMiddleware(RequestDelegate next, IDataProtectionProvider dataProtectionProvider, ILoggerFactory loggerFactory, CookieAuthenticationOptions options)
             : base(next, options)
         {
-            if (Options.Provider == null)
+            if (Options.Notifications == null)
             {
-                Options.Provider = new CookieAuthenticationProvider();
+                Options.Notifications = new CookieAuthenticationNotifications();
             }
             if (String.IsNullOrEmpty(Options.CookieName))
             {
                 Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationType;
             }
-            if (logger == null)
+            if (options.TicketDataFormat == null)
             {
-                throw new ArgumentNullException("logger");
+                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                    typeof(CookieAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
+                options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
-            _logger = logger;
+
+            _logger = loggerFactory.Create(typeof(CookieAuthenticationMiddleware).FullName);
         }
 
         protected override AuthenticationHandler<CookieAuthenticationOptions> CreateHandler()
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index 389a611c33..e865ad68ee 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Security.Cookies
             CookieHttpOnly = true;
             CookieSecure = CookieSecureOption.SameAsRequest;
             SystemClock = new SystemClock();
-            Provider = new CookieAuthenticationProvider();
+            Notifications = new CookieAuthenticationNotifications();
         }
 
         /// <summary>
@@ -118,7 +118,7 @@ namespace Microsoft.AspNet.Security.Cookies
         /// calls methods on the provider which give the application control at certain points where processing is occuring. 
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
-        public ICookieAuthenticationProvider Provider { get; set; }
+        public ICookieAuthenticationNotifications Notifications { get; set; }
 
         /// <summary>
         /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
diff --git a/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
new file mode 100644
index 0000000000..b3b1edcbdb
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
@@ -0,0 +1,9 @@
+using System;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.Cookies/Provider/CookieApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
index 69ccc0c386..14c96dbe09 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -2,7 +2,7 @@
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Security.Provider;
+using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieAuthenticationProvider.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.Cookies/Provider/CookieAuthenticationProvider.cs
rename to src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
index 6b434c0b2b..f3496bbc73 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieAuthenticationProvider.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -6,16 +6,16 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Security.Cookies
 {
     /// <summary>
-    /// This default implementation of the ICookieAuthenticationProvider may be used if the 
+    /// This default implementation of the ICookieAuthenticationNotifications may be used if the 
     /// application only needs to override a few of the interface methods. This may be used as a base class
     /// or may be instantiated directly.
     /// </summary>
-    public class CookieAuthenticationProvider : ICookieAuthenticationProvider
+    public class CookieAuthenticationNotifications : ICookieAuthenticationNotifications
     {
         /// <summary>
-        /// Create a new instance of the default provider.
+        /// Create a new instance of the default notifications.
         /// </summary>
-        public CookieAuthenticationProvider()
+        public CookieAuthenticationNotifications()
         {
             OnValidateIdentity = context => Task.FromResult(0);
             OnResponseSignIn = context => { };
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignInContext.cs
rename to src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
index e3098e3590..4fefed2d9c 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -3,7 +3,7 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Abstractions;
 using Microsoft.AspNet.Abstractions.Security;
-using Microsoft.AspNet.Security.Provider;
+using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignOutContext.cs
rename to src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
index e17028982a..e7d808c35b 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Security.Provider;
+using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security.Cookies/Provider/CookieValidateIdentityContext.cs
rename to src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
index 4487582209..e48facc5b2 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Provider/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -7,7 +7,7 @@ using Microsoft.AspNet.Abstractions;
 using Microsoft.AspNet.Abstractions.Security;
 using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.Provider;
+using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
@@ -22,14 +22,9 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <param name="context"></param>
         /// <param name="ticket">Contains the initial values for identity and extra data</param>
         /// <param name="options"></param>
-        public CookieValidateIdentityContext(HttpContext context, AuthenticationTicket ticket, CookieAuthenticationOptions options)
+        public CookieValidateIdentityContext([NotNull] HttpContext context, [NotNull] AuthenticationTicket ticket, [NotNull] CookieAuthenticationOptions options)
             : base(context, options)
         {
-            if (ticket == null)
-            {
-                throw new ArgumentNullException("ticket");
-            }
-
             Identity = ticket.Identity;
             Properties = ticket.Properties;
         }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/DefaultBehavior.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.Cookies/Provider/DefaultBehavior.cs
rename to src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
diff --git a/src/Microsoft.AspNet.Security.Cookies/Provider/ICookieAuthenticationProvider.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.Cookies/Provider/ICookieAuthenticationProvider.cs
rename to src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index f33a22259f..c9c07d227b 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Provider/ICookieAuthenticationProvider.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -7,7 +7,7 @@ namespace Microsoft.AspNet.Security.Cookies
     /// <summary>
     /// Specifies callback methods which the <see cref="CookieAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
     /// </summary>
-    public interface ICookieAuthenticationProvider
+    public interface ICookieAuthenticationNotifications
     {
         /// <summary>
         /// Called each time a request identity has been validated by the middleware. By implementing this method the
diff --git a/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs b/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
index 36c0e04ee2..077cdbd53f 100644
--- a/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
+++ b/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
@@ -16,12 +16,8 @@ namespace Microsoft.AspNet.Security
         /// </summary>
         /// <param name="app">App builder passed to the application startup code</param>
         /// <returns></returns>
-        public static string GetDefaultSignInAsAuthenticationType(this IAppBuilder app)
+        public static string GetDefaultSignInAsAuthenticationType([NotNull] this IAppBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException("app");
-            }
             object value;
             if (app.Properties.TryGetValue(Constants.DefaultSignInAsAuthenticationType, out value))
             {
@@ -40,16 +36,8 @@ namespace Microsoft.AspNet.Security
         /// </summary>
         /// <param name="app">App builder passed to the application startup code</param>
         /// <param name="authenticationType">AuthenticationType that external middleware should sign in as.</param>
-        public static void SetDefaultSignInAsAuthenticationType(this IAppBuilder app, string authenticationType)
+        public static void SetDefaultSignInAsAuthenticationType([NotNull] this IAppBuilder app, [NotNull] string authenticationType)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException("app");
-            }
-            if (authenticationType == null)
-            {
-                throw new ArgumentNullException("authenticationType");
-            }
             app.Properties[Constants.DefaultSignInAsAuthenticationType] = authenticationType;
         }
     }
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
index a549c3740d..d25bb72239 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
@@ -18,13 +18,8 @@ namespace Microsoft.AspNet.Security
         /// Initializes a new instance of the <see cref="CertificateSubjectKeyIdentifierValidator"/> class.
         /// </summary>
         /// <param name="validSubjectKeyIdentifiers">A set of subject key identifiers which are valid for an HTTPS request.</param>
-        public CertificateSubjectKeyIdentifierValidator(IEnumerable<string> validSubjectKeyIdentifiers)
+        public CertificateSubjectKeyIdentifierValidator([NotNull] IEnumerable<string> validSubjectKeyIdentifiers)
         {
-            if (validSubjectKeyIdentifiers == null)
-            {
-                throw new ArgumentNullException("validSubjectKeyIdentifiers");
-            }
-
             _validSubjectKeyIdentifiers = new HashSet<string>(validSubjectKeyIdentifiers, StringComparer.OrdinalIgnoreCase);
 
             if (_validSubjectKeyIdentifiers.Count == 0)
@@ -41,18 +36,13 @@ namespace Microsoft.AspNet.Security
         /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
         /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
         /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
-        public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        public bool Validate(object sender, X509Certificate certificate, [NotNull] X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
             if (sslPolicyErrors != SslPolicyErrors.None)
             {
                 return false;
             }
 
-            if (chain == null)
-            {
-                throw new ArgumentNullException("chain");
-            }
-
             if (chain.ChainElements.Count < 2)
             {
                 // Self signed.
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
index 0896c72d97..79645c50de 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
@@ -27,13 +27,8 @@ namespace Microsoft.AspNet.Security
         /// </summary>
         /// <param name="validBase64EncodedSubjectPublicKeyInfoHashes">A collection of valid base64 encoded hashes of the certificate public key information blob.</param>
         /// <param name="algorithm">The algorithm used to generate the hashes.</param>
-        public CertificateSubjectPublicKeyInfoValidator(IEnumerable<string> validBase64EncodedSubjectPublicKeyInfoHashes, SubjectPublicKeyInfoAlgorithm algorithm)
+        public CertificateSubjectPublicKeyInfoValidator([NotNull] IEnumerable<string> validBase64EncodedSubjectPublicKeyInfoHashes, SubjectPublicKeyInfoAlgorithm algorithm)
         {
-            if (validBase64EncodedSubjectPublicKeyInfoHashes == null)
-            {
-                throw new ArgumentNullException("validBase64EncodedSubjectPublicKeyInfoHashes");
-            }
-
             _validBase64EncodedSubjectPublicKeyInfoHashes = new HashSet<string>(validBase64EncodedSubjectPublicKeyInfoHashes);
 
             if (_validBase64EncodedSubjectPublicKeyInfoHashes.Count == 0)
@@ -57,18 +52,13 @@ namespace Microsoft.AspNet.Security
         /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
         /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
         /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
-        public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        public bool Validate(object sender, X509Certificate certificate, [NotNull] X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
             if (sslPolicyErrors != SslPolicyErrors.None)
             {
                 return false;
             }
 
-            if (chain == null)
-            {
-                throw new ArgumentNullException("chain");
-            }
-
             if (chain.ChainElements.Count < 2)
             {
                 return false;
diff --git a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
index 464d579011..5661d55915 100644
--- a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
@@ -18,13 +18,8 @@ namespace Microsoft.AspNet.Security
         /// Initializes a new instance of the <see cref="CertificateThumbprintValidator"/> class.
         /// </summary>
         /// <param name="validThumbprints">A set of thumbprints which are valid for an HTTPS request.</param>
-        public CertificateThumbprintValidator(IEnumerable<string> validThumbprints)
+        public CertificateThumbprintValidator([NotNull] IEnumerable<string> validThumbprints)
         {
-            if (validThumbprints == null)
-            {
-                throw new ArgumentNullException("validThumbprints");
-            }
-
             _validCertificateThumbprints = new HashSet<string>(validThumbprints, StringComparer.OrdinalIgnoreCase);
 
             if (_validCertificateThumbprints.Count == 0)
@@ -41,18 +36,13 @@ namespace Microsoft.AspNet.Security
         /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
         /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
         /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
-        public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        public bool Validate(object sender, X509Certificate certificate, [NotNull] X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
             if (sslPolicyErrors != SslPolicyErrors.None)
             {
                 return false;
             }
 
-            if (chain == null)
-            {
-                throw new ArgumentNullException("chain");
-            }
-
             if (chain.ChainElements.Count < 2)
             {
                 // Self signed.
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
index ca377ae65e..250ea7019c 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
@@ -6,23 +6,13 @@ namespace Microsoft.AspNet.Security.DataHandler.Encoder
 {
     public class Base64UrlTextEncoder : ITextEncoder
     {
-        public string Encode(byte[] data)
+        public string Encode([NotNull] byte[] data)
         {
-            if (data == null)
-            {
-                throw new ArgumentNullException("data");
-            }
-
             return Convert.ToBase64String(data).TrimEnd('=').Replace('+', '-').Replace('/', '_');
         }
 
-        public byte[] Decode(string text)
+        public byte[] Decode([NotNull] string text)
         {
-            if (text == null)
-            {
-                throw new ArgumentNullException("text");
-            }
-
             return Convert.FromBase64String(Pad(text.Replace('-', '+').Replace('_', '/')));
         }
 
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
index 1ba7164059..0ea3a4ba30 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
@@ -38,17 +38,8 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
             }
         }
 
-        public static void Write(BinaryWriter writer, AuthenticationProperties properties)
+        public static void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationProperties properties)
         {
-            if (writer == null)
-            {
-                throw new ArgumentNullException("writer");
-            }
-            if (properties == null)
-            {
-                throw new ArgumentNullException("properties");
-            }
-
             writer.Write(FormatVersion);
             writer.Write(properties.Dictionary.Count);
             foreach (var kv in properties.Dictionary)
@@ -58,13 +49,8 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
             }
         }
 
-        public static AuthenticationProperties Read(BinaryReader reader)
+        public static AuthenticationProperties Read([NotNull] BinaryReader reader)
         {
-            if (reader == null)
-            {
-                throw new ArgumentNullException("reader");
-            }
-
             if (reader.ReadInt32() != FormatVersion)
             {
                 return null;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
index de3abbd92e..70406d1d95 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
@@ -44,17 +44,8 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
             }
         }
 
-        public static void Write(BinaryWriter writer, AuthenticationTicket model)
+        public static void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationTicket model)
         {
-            if (writer == null)
-            {
-                throw new ArgumentNullException("writer");
-            }
-            if (model == null)
-            {
-                throw new ArgumentNullException("model");
-            }
-
             writer.Write(FormatVersion);
             ClaimsIdentity identity = model.Identity;
             writer.Write(identity.AuthenticationType);
@@ -72,13 +63,8 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
             PropertiesSerializer.Write(writer, model.Properties);
         }
 
-        public static AuthenticationTicket Read(BinaryReader reader)
+        public static AuthenticationTicket Read([NotNull] BinaryReader reader)
         {
-            if (reader == null)
-            {
-                throw new ArgumentNullException("reader");
-            }
-
             if (reader.ReadInt32() != FormatVersion)
             {
                 return null;
diff --git a/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
similarity index 57%
rename from src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs
rename to src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
index f441afdb78..8ed6c5db21 100644
--- a/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
@@ -5,16 +5,10 @@ using Microsoft.AspNet.Abstractions;
 
 namespace Microsoft.AspNet.Security.DataProtection
 {
-    public static class BuilderExtensions
+    public static class DataProtectionHelpers
     {
-        public static IDataProtector CreateDataProtector(this IBuilder app, params string[] purposes)
+        public static IDataProtector CreateDataProtector(IDataProtectionProvider dataProtectionProvider, params string[] purposes)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException("app");
-            }
-
-            var dataProtectionProvider = (IDataProtectionProvider)app.ServiceProvider.GetService(typeof(IDataProtectionProvider));
             if (dataProtectionProvider == null)
             {
                 dataProtectionProvider = DataProtectionProvider.CreateFromDpapi();
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index f27c4d41b6..5b7f1e2106 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 AuthenticationTicket ticket = await AuthenticateAsync();
                 if (ticket != null && ticket.Identity != null)
                 {
-                    Context.AddUserIdentity(ticket.Identity);
+                    SecurityHelper.AddUserIdentity(Context, ticket.Identity);
                 }
             }
         }
@@ -322,13 +322,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
             return Task.FromResult(0);
         }
 
-        protected void GenerateCorrelationId(AuthenticationProperties properties)
+        protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
         {
-            if (properties == null)
-            {
-                throw new ArgumentNullException("properties");
-            }
-
             string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
 
             var nonceBytes = new byte[32];
@@ -349,13 +344,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
         [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters",
             MessageId = "Microsoft.Owin.Logging.LoggerExtensions.WriteWarning(Microsoft.Owin.Logging.ILogger,System.String,System.String[])",
             Justification = "Logging is not Localized")]
-        protected bool ValidateCorrelationId(AuthenticationProperties properties, ILogger logger)
+        protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties, [NotNull] ILogger logger)
         {
-            if (properties == null)
-            {
-                throw new ArgumentNullException("properties");
-            }
-
             string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
 
             string correlationCookie = Request.Cookies[correlationKey];
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index c50afdc3c7..f4fecd5231 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -10,13 +10,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
     {
         private readonly RequestDelegate _next;
 
-        protected AuthenticationMiddleware(RequestDelegate next, TOptions options)
+        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] TOptions options)
         {
-            if (options == null)
-            {
-                throw new ArgumentNullException("options");
-            }
-
             Options = options;
             _next = next;
         }
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
index 228e01e1e5..e418a113fe 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
@@ -2,7 +2,7 @@
 
 using System;
 using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Security.Provider;
+using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
@@ -11,19 +11,11 @@ namespace Microsoft.AspNet.Security.Infrastructure
         private readonly ISecureDataFormat<AuthenticationTicket> _secureDataFormat;
 
         public AuthenticationTokenCreateContext(
-            HttpContext context,
-            ISecureDataFormat<AuthenticationTicket> secureDataFormat,
-            AuthenticationTicket ticket)
+            [NotNull] HttpContext context,
+            [NotNull] ISecureDataFormat<AuthenticationTicket> secureDataFormat,
+            [NotNull] AuthenticationTicket ticket)
             : base(context)
         {
-            if (secureDataFormat == null)
-            {
-                throw new ArgumentNullException("secureDataFormat");
-            }
-            if (ticket == null)
-            {
-                throw new ArgumentNullException("ticket");
-            }
             _secureDataFormat = secureDataFormat;
             Ticket = ticket;
         }
@@ -37,12 +29,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
             return _secureDataFormat.Protect(Ticket);
         }
 
-        public void SetToken(string tokenValue)
+        public void SetToken([NotNull] string tokenValue)
         {
-            if (tokenValue == null)
-            {
-                throw new ArgumentNullException("tokenValue");
-            }
             Token = tokenValue;
         }
     }
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
index ccbc81f020..7e4f840277 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
@@ -2,7 +2,7 @@
 
 using System;
 using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Security.Provider;
+using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
@@ -11,18 +11,11 @@ namespace Microsoft.AspNet.Security.Infrastructure
         private readonly ISecureDataFormat<AuthenticationTicket> _secureDataFormat;
 
         public AuthenticationTokenReceiveContext(
-            HttpContext context,
-            ISecureDataFormat<AuthenticationTicket> secureDataFormat,
-            string token) : base(context)
+            [NotNull] HttpContext context,
+            [NotNull] ISecureDataFormat<AuthenticationTicket> secureDataFormat,
+            [NotNull] string token)
+            : base(context)
         {
-            if (secureDataFormat == null)
-            {
-                throw new ArgumentNullException("secureDataFormat");
-            }
-            if (token == null)
-            {
-                throw new ArgumentNullException("token");
-            }
             _secureDataFormat = secureDataFormat;
             Token = token;
         }
@@ -36,12 +29,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
             Ticket = _secureDataFormat.Unprotect(protectedData);
         }
 
-        public void SetTicket(AuthenticationTicket ticket)
+        public void SetTicket([NotNull] AuthenticationTicket ticket)
         {
-            if (ticket == null)
-            {
-                throw new ArgumentNullException("ticket");
-            }
             Ticket = ticket;
         }
     }
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs b/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
new file mode 100644
index 0000000000..131cec58eb
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
@@ -0,0 +1,9 @@
+using System;
+
+namespace Microsoft.AspNet.Security
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
index 0337c4f481..a4e42b92d8 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
@@ -18,12 +18,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// Add an additional ClaimsIdentity to the ClaimsPrincipal
         /// </summary>
         /// <param name="identity"></param>
-        public static void AddUserIdentity(this HttpContext context, IIdentity identity)
+        public static void AddUserIdentity([NotNull] HttpContext context, [NotNull] IIdentity identity)
         {
-            if (identity == null)
-            {
-                throw new ArgumentNullException("identity");
-            }
             var newClaimsPrincipal = new ClaimsPrincipal(identity);
 
             ClaimsPrincipal existingPrincipal = context.User;
diff --git a/src/Microsoft.AspNet.Security/Provider/BaseContext.cs b/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security/Provider/BaseContext.cs
rename to src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
index c73dbf6b36..57b50ed364 100644
--- a/src/Microsoft.AspNet.Security/Provider/BaseContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
@@ -2,7 +2,7 @@
 
 using Microsoft.AspNet.Abstractions;
 
-namespace Microsoft.AspNet.Security.Provider
+namespace Microsoft.AspNet.Security.Notifications
 {
     public abstract class BaseContext
     {
diff --git a/src/Microsoft.AspNet.Security/Provider/BaseContext`1.cs b/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security/Provider/BaseContext`1.cs
rename to src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
index 2fd3c8ae22..be656e4c24 100644
--- a/src/Microsoft.AspNet.Security/Provider/BaseContext`1.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
@@ -2,7 +2,7 @@
 
 using Microsoft.AspNet.Abstractions;
 
-namespace Microsoft.AspNet.Security.Provider
+namespace Microsoft.AspNet.Security.Notifications
 {
     /// <summary>
     /// Base class used for certain event contexts
diff --git a/src/Microsoft.AspNet.Security/Provider/EndpointContext.cs b/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security/Provider/EndpointContext.cs
rename to src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
index e210296b9f..58c175326e 100644
--- a/src/Microsoft.AspNet.Security/Provider/EndpointContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
@@ -2,7 +2,7 @@
 
 using Microsoft.AspNet.Abstractions;
 
-namespace Microsoft.AspNet.Security.Provider
+namespace Microsoft.AspNet.Security.Notifications
 {
     public abstract class EndpointContext : BaseContext
     {
diff --git a/src/Microsoft.AspNet.Security/Provider/EndpointContext`1.cs b/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/Provider/EndpointContext`1.cs
rename to src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
index e3dd6997cd..15c7a64780 100644
--- a/src/Microsoft.AspNet.Security/Provider/EndpointContext`1.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
@@ -2,7 +2,7 @@
 
 using Microsoft.AspNet.Abstractions;
 
-namespace Microsoft.AspNet.Security.Provider
+namespace Microsoft.AspNet.Security.Notifications
 {
     /// <summary>
     /// Base class used for certain event contexts
diff --git a/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
index 13e712eb9f..ce1f309a11 100644
--- a/src/Microsoft.AspNet.Security/Provider/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
@@ -5,7 +5,7 @@ using System.Security.Claims;
 using Microsoft.AspNet.Abstractions;
 using Microsoft.AspNet.Abstractions.Security;
 
-namespace Microsoft.AspNet.Security.Provider
+namespace Microsoft.AspNet.Security.Notifications
 {
     public abstract class ReturnEndpointContext : EndpointContext
     {

From 9281e7e67a32a50ef9de94b11f48a1818c906fe6 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 10 Apr 2014 14:11:22 -0700
Subject: [PATCH 007/900] Update System.Runtime.InteropServices dependency.

---
 samples/CookieSample/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index c5d7dde2cc..ea527d21dd 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -32,7 +32,7 @@
         "System.Resources.ResourceManager": "4.0.0.0",
         "System.Runtime": "4.0.20.0",
         "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.20.0",
         "System.Text.Encoding": "4.0.10.0",
         "System.Threading.Tasks": "4.0.0.0"
       }

From b889e456666a7ee907443db149bef14c87cdbe77 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 10 Apr 2014 14:20:43 -0700
Subject: [PATCH 008/900] Update sample dependencies.

---
 samples/CookieSample/project.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index ea527d21dd..bfffda8541 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -33,8 +33,7 @@
         "System.Runtime": "4.0.20.0",
         "System.Runtime.Extensions": "4.0.10.0",
         "System.Runtime.InteropServices": "4.0.20.0",
-        "System.Text.Encoding": "4.0.10.0",
-        "System.Threading.Tasks": "4.0.0.0"
+        "System.Threading.Tasks": "4.0.10.0"
       }
     }
   }

From 7edb32f52666d9f13e41a75bbf9aa890116b824f Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 10 Apr 2014 16:32:44 -0700
Subject: [PATCH 009/900] Cookies: Do redirects for 401s if Active, regardless
 of challenges.

---
 .../CookieAuthenticationHandler.cs                        | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index b03e8a2e2a..cbf1120403 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -219,7 +219,13 @@ namespace Microsoft.AspNet.Security.Cookies
 
         protected override void ApplyResponseChallenge()
         {
-            if (Response.StatusCode != 401 || !Options.LoginPath.HasValue || ChallengeContext == null)
+            if (Response.StatusCode != 401 || !Options.LoginPath.HasValue )
+            {
+                return;
+            }
+
+            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
             {
                 return;
             }

From a748266eb67cddd563f11e6deb4e1cd4cd4de109 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 16 Apr 2014 15:57:28 -0700
Subject: [PATCH 010/900] Update to use new tooling.

---
 Security.sln                                  | 78 ++++++++++--------
 samples/CookieSample/CookieSample.kproj       | 29 +++++++
 .../Microsoft.AspNet.Security.Cookies.kproj   | 42 ++++++++++
 .../Microsoft.AspNet.Security.kproj           | 79 +++++++++++++++++++
 4 files changed, 193 insertions(+), 35 deletions(-)
 create mode 100644 samples/CookieSample/CookieSample.kproj
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
 create mode 100644 src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj

diff --git a/Security.sln b/Security.sln
index 7628374e9f..8cd81e5086 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,57 +1,65 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 2013
-VisualStudioVersion = 12.0.30203.2
+VisualStudioVersion = 12.0.30401.0
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.net45", "src\Microsoft.AspNet.Security\Microsoft.AspNet.Security.net45.csproj", "{70640501-CCBB-4FD7-8231-329B6A436DE4}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.k10", "src\Microsoft.AspNet.Security\Microsoft.AspNet.Security.k10.csproj", "{F2391907-4463-4650-AEA4-E1B5733105C4}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.Cookies.net45", "src\Microsoft.AspNet.Security.Cookies\Microsoft.AspNet.Security.Cookies.net45.csproj", "{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.AspNet.Security.Cookies.k10", "src\Microsoft.AspNet.Security.Cookies\Microsoft.AspNet.Security.Cookies.k10.csproj", "{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CookieSample.net45", "samples\CookieSample\CookieSample.net45.csproj", "{3C25520E-1AF0-4535-A111-6A1C04D31364}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security", "src\Microsoft.AspNet.Security\Microsoft.AspNet.Security.kproj", "{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Cookies", "src\Microsoft.AspNet.Security.Cookies\Microsoft.AspNet.Security.Cookies.kproj", "{15F1211B-B695-4A1C-B730-1AC58FC91090}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSample", "samples\CookieSample\CookieSample.kproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
+		Debug|Mixed Platforms = Debug|Mixed Platforms
+		Debug|x86 = Debug|x86
 		Release|Any CPU = Release|Any CPU
+		Release|Mixed Platforms = Release|Mixed Platforms
+		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{70640501-CCBB-4FD7-8231-329B6A436DE4}.Release|Any CPU.Build.0 = Release|Any CPU
-		{F2391907-4463-4650-AEA4-E1B5733105C4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{F2391907-4463-4650-AEA4-E1B5733105C4}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{F2391907-4463-4650-AEA4-E1B5733105C4}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{F2391907-4463-4650-AEA4-E1B5733105C4}.Release|Any CPU.Build.0 = Release|Any CPU
-		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D}.Release|Any CPU.Build.0 = Release|Any CPU
-		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E}.Release|Any CPU.Build.0 = Release|Any CPU
-		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{3C25520E-1AF0-4535-A111-6A1C04D31364}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Any CPU.ActiveCfg = Debug|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.Build.0 = Debug|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|x86.ActiveCfg = Debug|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|x86.Build.0 = Debug|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Any CPU.ActiveCfg = Release|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.ActiveCfg = Release|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.Build.0 = Release|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|x86.ActiveCfg = Release|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|x86.Build.0 = Release|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Any CPU.ActiveCfg = Debug|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.Build.0 = Debug|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|x86.ActiveCfg = Debug|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|x86.Build.0 = Debug|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Any CPU.ActiveCfg = Release|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.ActiveCfg = Release|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.Build.0 = Release|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|x86.ActiveCfg = Release|x86
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|x86.Build.0 = Release|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.ActiveCfg = Debug|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.Build.0 = Debug|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x86.ActiveCfg = Debug|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x86.Build.0 = Debug|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.ActiveCfg = Release|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.ActiveCfg = Release|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.Build.0 = Release|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.ActiveCfg = Release|x86
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.Build.0 = Release|x86
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
-		{70640501-CCBB-4FD7-8231-329B6A436DE4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{F2391907-4463-4650-AEA4-E1B5733105C4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{4579FEC1-3C4C-4F56-ADDB-850F947FDC2D} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{17DD587C-CFB8-407C-A674-1C99F5CE9C7E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{3C25520E-1AF0-4535-A111-6A1C04D31364} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{15F1211B-B695-4A1C-B730-1AC58FC91090} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
new file mode 100644
index 0000000000..82e4d079fa
--- /dev/null
+++ b/samples/CookieSample/CookieSample.kproj
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>558c2c2a-aed8-49de-bb60-d5f8ae06c714</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Content Include="Project.json" />
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Startup.cs" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
new file mode 100644
index 0000000000..0206ede384
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>15f1211b-b695-4a1c-b730-1ac58fc91090</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Content Include="Project.json" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="CookieAuthenticationDefaults.cs" />
+    <Compile Include="CookieAuthenticationExtensions.cs" />
+    <Compile Include="CookieAuthenticationHandler.cs" />
+    <Compile Include="CookieAuthenticationMiddleware.cs" />
+    <Compile Include="CookieAuthenticationOptions.cs" />
+    <Compile Include="CookieSecureOption.cs" />
+    <Compile Include="Notifications\CookieApplyRedirectContext.cs" />
+    <Compile Include="Notifications\CookieAuthenticationNotifications.cs" />
+    <Compile Include="Notifications\CookieResponseSignInContext.cs" />
+    <Compile Include="Notifications\CookieResponseSignOutContext.cs" />
+    <Compile Include="Notifications\CookieValidateIdentityContext.cs" />
+    <Compile Include="Notifications\DefaultBehavior.cs" />
+    <Compile Include="Notifications\ICookieAuthenticationNotifications.cs" />
+    <Compile Include="NotNullAttribute.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
new file mode 100644
index 0000000000..e7d1d9b856
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>0f174c63-1898-4024-9a3c-3fdf5cae5c68</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Content Include="Project.json" />
+    <Content Include="Resources.resx" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="AppBuilderSecurityExtensions.cs" />
+    <Compile Include="AuthenticationMode.cs" />
+    <Compile Include="AuthenticationOptions.cs" />
+    <Compile Include="AuthenticationTicket.cs" />
+    <Compile Include="CertificateSubjectKeyIdentifierValidator.cs" />
+    <Compile Include="CertificateSubjectPublicKeyInfoValidator.cs" />
+    <Compile Include="CertificateThumbprintValidator.cs" />
+    <Compile Include="Constants.cs" />
+    <Compile Include="DataHandler\Encoder\Base64TextEncoder.cs" />
+    <Compile Include="DataHandler\Encoder\Base64UrlTextEncoder.cs" />
+    <Compile Include="DataHandler\Encoder\ITextEncoder.cs" />
+    <Compile Include="DataHandler\Encoder\TextEncodings.cs" />
+    <Compile Include="DataHandler\ISecureDataFormat.cs" />
+    <Compile Include="DataHandler\PropertiesDataFormat.cs" />
+    <Compile Include="DataHandler\SecureDataFormat.cs" />
+    <Compile Include="DataHandler\Serializer\DataSerializers.cs" />
+    <Compile Include="DataHandler\Serializer\IDataSerializer.cs" />
+    <Compile Include="DataHandler\Serializer\PropertiesSerializer.cs" />
+    <Compile Include="DataHandler\Serializer\TicketSerializer.cs" />
+    <Compile Include="DataHandler\TicketDataFormat.cs" />
+    <Compile Include="DataProtection\DataProtectionHelpers.cs" />
+    <Compile Include="ICertificateValidator.cs" />
+    <Compile Include="Infrastructure\AuthenticationHandler.cs" />
+    <Compile Include="Infrastructure\AuthenticationHandler`1.cs" />
+    <Compile Include="Infrastructure\AuthenticationMiddleware.cs" />
+    <Compile Include="Infrastructure\AuthenticationTokenCreateContext.cs" />
+    <Compile Include="Infrastructure\AuthenticationTokenProvider.cs" />
+    <Compile Include="Infrastructure\AuthenticationTokenReceiveContext.cs" />
+    <Compile Include="Infrastructure\Constants.cs" />
+    <Compile Include="Infrastructure\HttpContextExtensions.cs" />
+    <Compile Include="Infrastructure\IAuthenticationTokenProvider.cs" />
+    <Compile Include="Infrastructure\ISystemClock.cs" />
+    <Compile Include="Infrastructure\NotNullAttribute.cs" />
+    <Compile Include="Infrastructure\SecurityHelper.cs" />
+    <Compile Include="Infrastructure\SignInIdentityContext.cs" />
+    <Compile Include="Infrastructure\SystemClock.cs" />
+    <Compile Include="Notifications\AuthenticationFailedNotification.cs" />
+    <Compile Include="Notifications\BaseContext.cs" />
+    <Compile Include="Notifications\BaseContext`1.cs" />
+    <Compile Include="Notifications\EndpointContext.cs" />
+    <Compile Include="Notifications\EndpointContext`1.cs" />
+    <Compile Include="Notifications\MessageReceivedNotification.cs" />
+    <Compile Include="Notifications\RedirectFromIdentityProviderNotification.cs" />
+    <Compile Include="Notifications\RedirectToIdentityProviderNotification.cs" />
+    <Compile Include="Notifications\ReturnEndpointContext.cs" />
+    <Compile Include="Notifications\SecurityTokenReceivedNotification.cs" />
+    <Compile Include="Notifications\SecurityTokenValidatedNotification.cs" />
+    <Compile Include="Resources.Designer.cs" />
+    <Compile Include="SubjectPublicKeyInfoAlgorithm.cs" />
+    <Compile Include="Win32.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file

From 689bdf20725a5808d32f186c390478c3ee2bf365 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Thu, 17 Apr 2014 22:20:40 -0700
Subject: [PATCH 011/900] Removed properties folder

---
 samples/CookieSample/CookieSample.kproj                        | 3 ---
 .../Microsoft.AspNet.Security.Cookies.kproj                    | 3 ---
 src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj  | 3 ---
 3 files changed, 9 deletions(-)

diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
index 82e4d079fa..7d88de92e6 100644
--- a/samples/CookieSample/CookieSample.kproj
+++ b/samples/CookieSample/CookieSample.kproj
@@ -19,9 +19,6 @@
   <ItemGroup>
     <Content Include="Project.json" />
   </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
   <ItemGroup>
     <Compile Include="Startup.cs" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
index 0206ede384..b5ae96ed09 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
+++ b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
@@ -35,8 +35,5 @@
     <Compile Include="Notifications\ICookieAuthenticationNotifications.cs" />
     <Compile Include="NotNullAttribute.cs" />
   </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
   <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index e7d1d9b856..26a8109a53 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -72,8 +72,5 @@
     <Compile Include="SubjectPublicKeyInfoAlgorithm.cs" />
     <Compile Include="Win32.cs" />
   </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
   <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file

From 9726a260565f29487b4da496c551c9782b4bcd5a Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Thu, 17 Apr 2014 22:25:17 -0700
Subject: [PATCH 012/900] Update based on new API changes

---
 samples/CookieSample/Startup.cs                    | 14 ++++++++------
 samples/CookieSample/project.json                  |  1 +
 .../CookieAuthenticationExtensions.cs              |  4 ++--
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index cac42ca38d..917eca2ea6 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -6,6 +6,7 @@ using Microsoft.AspNet.DependencyInjection;
 using Microsoft.AspNet.DependencyInjection.Fallback;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.RequestContainer;
 
 namespace CookieSample
 {
@@ -13,15 +14,16 @@ namespace CookieSample
     {
         public void Configuration(IBuilder app)
         {
-            // TODO: Move to host.
-            var serviceCollection = new ServiceCollection();
-            serviceCollection.AddInstance<ILoggerFactory>(new NullLoggerFactory());
-            app.ServiceProvider = serviceCollection.BuildServiceProvider(app.ServiceProvider);
+            app.UseServices(services =>
+            {
+                // TODO: Move to host.
+                services.AddInstance<ILoggerFactory>(new NullLoggerFactory());
+            });
 
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
-                {
+            {
 
-                });
+            });
 
             app.Run(async context =>
             {
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index bfffda8541..656b0a6e20 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -6,6 +6,7 @@
     "Microsoft.AspNet.Security": "",
     "Microsoft.AspNet.Security.Cookies": "",
     "Microsoft.AspNet.Hosting": "0.1-alpha-*",
+    "Microsoft.AspNet.RequestContainer": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
     "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index c32f3e7b80..6c7e7e6bd7 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -22,8 +22,8 @@ namespace Microsoft.AspNet
         public static IBuilder UseCookieAuthentication([NotNull] this IBuilder app, [NotNull] CookieAuthenticationOptions options)
         {
             // TODO: Use UseMiddleware to inject dependencies once it can discover Invoke from a base class.
-            var dataProtectionProvider = app.ServiceProvider.GetService<IDataProtectionProvider>();
-            var loggerFactory = app.ServiceProvider.GetService<ILoggerFactory>();
+            var dataProtectionProvider = app.ApplicationServices.GetService<IDataProtectionProvider>();
+            var loggerFactory = app.ApplicationServices.GetService<ILoggerFactory>();
             return app.Use(next => new CookieAuthenticationMiddleware(next, dataProtectionProvider, loggerFactory, options).Invoke);
         }
     }

From f5200a1d55e625fbe122c30664c5021cde8d645c Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebastien.ros@microsoft.com>
Date: Thu, 24 Apr 2014 16:16:15 -0700
Subject: [PATCH 013/900] Implementing IAuthorizationService

#7
---
 Security.sln                                  |  17 +-
 .../AuthorizationPolicyContext.cs             |  46 +++
 .../DefaultAuthorizationService.cs            |  92 ++++++
 .../Authorization/IAuthorizationPolicy.cs     |  13 +
 .../Authorization/IAuthorizationService.cs    |  49 ++++
 .../Microsoft.AspNet.Security.kproj           |   4 +
 .../DefaultAuthorizationServiceTests.cs       | 276 ++++++++++++++++++
 .../FakePolicy.cs                             |  49 ++++
 .../Microsoft.AspNet.Security.kproj           |  29 ++
 .../project.json                              |  25 ++
 10 files changed, 599 insertions(+), 1 deletion(-)
 create mode 100644 src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
 create mode 100644 src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs
 create mode 100644 src/Microsoft.AspNet.Security/Authorization/IAuthorizationService.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/FakePolicy.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
 create mode 100644 test/Microsoft.AspNet.Security.Test/project.json

diff --git a/Security.sln b/Security.sln
index 8cd81e5086..752ce9ab0c 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 2013
-VisualStudioVersion = 12.0.30401.0
+VisualStudioVersion = 12.0.30411.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -13,6 +13,10 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.C
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSample", "samples\CookieSample\CookieSample.kproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{7BF11F3A-60B6-4796-B504-579C67FFBA34}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security", "test\Microsoft.AspNet.Security.Test\Microsoft.AspNet.Security.kproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -53,6 +57,16 @@ Global
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.Build.0 = Release|x86
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.ActiveCfg = Release|x86
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.Build.0 = Release|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.ActiveCfg = Debug|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.Build.0 = Debug|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.ActiveCfg = Debug|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.Build.0 = Debug|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.ActiveCfg = Release|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|x86
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.Build.0 = Release|x86
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -61,5 +75,6 @@ Global
 		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{15F1211B-B695-4A1C-B730-1AC58FC91090} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs b/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
new file mode 100644
index 0000000000..ab65513ab5
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
@@ -0,0 +1,46 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Linq;
+
+namespace Microsoft.AspNet.Security.Authorization
+{
+    /// <summary>
+    /// Contains authorization information used by <see cref="IAuthorizationPolicy"/>.
+    /// </summary>
+    public class AuthorizationPolicyContext
+    {
+        public AuthorizationPolicyContext(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource )
+        {
+            Claims = (claims ?? Enumerable.Empty<Claim>()).ToList();
+            User = user;
+            Resource = resource;
+        }
+
+        /// <summary>
+        /// The list of claims the <see cref="IAuthorizationService"/> is checking.
+        /// </summary>
+        public IList<Claim> Claims { get; private set; }
+
+        /// <summary>
+        /// The user to check the claims against.
+        /// </summary>
+        public ClaimsPrincipal User { get; private set; }
+
+        /// <summary>
+        /// An optional resource associated to the check.
+        /// </summary>
+        public object Resource { get; private set; }
+
+        /// <summary>
+        /// Gets or set whether the permission will be granted to the user.
+        /// </summary>
+        public bool Authorized { get; set; }
+
+        /// <summary>
+        /// When set to <value>true</value>, the authorization check will be processed again.
+        /// </summary>
+        public bool Retry { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
new file mode 100644
index 0000000000..7faf3430e3
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
@@ -0,0 +1,92 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Authorization
+{
+    public class DefaultAuthorizationService : IAuthorizationService
+    {
+        private readonly IList<IAuthorizationPolicy> _policies;
+        public int MaxRetries = 99;
+
+        public DefaultAuthorizationService(IEnumerable<IAuthorizationPolicy> policies)
+        {
+            _policies = policies.OrderBy(x => x.Order).ToArray();
+        }
+
+        public async Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user)
+        {
+            return await AuthorizeAsync(claims, user, null);
+        }
+
+        public bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user)
+        {
+            return  AuthorizeAsync(claims, user, null).Result;
+        }
+
+        public async Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource)
+        {
+            var context = new AuthorizationPolicyContext(claims, user, resource);
+
+            foreach (var policy in _policies)
+            {
+                await policy.ApplyingAsync(context);
+            }
+
+            // we only apply the policies for a limited number of times to prevent
+            // infinite loops
+
+            int retries;
+            for (retries = 0; retries < MaxRetries; retries++)
+            {
+                // we don't need to check for owned claims if the permission is already granted
+                if (!context.Authorized)
+                {
+                    if (context.User != null)
+                    {
+                        if (context.Claims.Any(claim => user.HasClaim(claim.Type, claim.Value)))
+                        {
+                            context.Authorized = true;
+                        }
+                    }
+                }
+
+                // reset the retry flag
+                context.Retry = false;
+
+                // give a chance for policies to change claims or the grant
+                foreach (var policy in _policies)
+                {
+                    await policy.ApplyAsync(context);
+                }
+
+                // if no policies have changed the context, stop checking
+                if (!context.Retry)
+                {
+                    break;
+                }
+            }
+
+            if (retries == MaxRetries)
+            {
+                throw new InvalidOperationException("Too many authorization retries.");
+            }
+
+            foreach (var policy in _policies)
+            {
+                await policy.AppliedAsync(context);
+            }
+
+            return context.Authorized;
+        }
+
+        public bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource)
+        {
+            return AuthorizeAsync(claims, user, resource).Result;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs
new file mode 100644
index 0000000000..8100ae32f1
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+namespace Microsoft.AspNet.Security.Authorization
+{
+    public interface IAuthorizationPolicy
+    {
+        int Order { get; set; }
+        Task ApplyingAsync(AuthorizationPolicyContext context);
+        Task ApplyAsync(AuthorizationPolicyContext context);
+        Task AppliedAsync(AuthorizationPolicyContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Authorization/IAuthorizationService.cs b/src/Microsoft.AspNet.Security/Authorization/IAuthorizationService.cs
new file mode 100644
index 0000000000..30284e4c54
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Authorization/IAuthorizationService.cs
@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Authorization
+{
+    /// <summary>
+    /// Checks claims based permissions for a user.
+    /// </summary>
+    public interface IAuthorizationService
+    {
+        /// <summary>
+        /// Checks if a user has specific claims.
+        /// </summary>
+        /// <param name="claims">The claims to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user);
+
+        /// <summary>
+        /// Checks if a user has specific claims.
+        /// </summary>
+        /// <param name="claims">The claims to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user);
+
+        /// <summary>
+        /// Checks if a user has specific claims for a specific context obj.
+        /// </summary>
+        /// <param name="claims">The claims to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <param name="resource">The resource the claims should be check with.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource);
+
+        /// <summary>
+        /// Checks if a user has specific claims for a specific context obj.
+        /// </summary>
+        /// <param name="claims">The claims to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <param name="resource">The resource the claims should be check with.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource);
+
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index 26a8109a53..37943b7510 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -25,6 +25,10 @@
     <Compile Include="AuthenticationMode.cs" />
     <Compile Include="AuthenticationOptions.cs" />
     <Compile Include="AuthenticationTicket.cs" />
+    <Compile Include="Authorization\AuthorizationPolicyContext.cs" />
+    <Compile Include="Authorization\DefaultAuthorizationService.cs" />
+    <Compile Include="Authorization\IAuthorizationPolicy.cs" />
+    <Compile Include="Authorization\IAuthorizationService.cs" />
     <Compile Include="CertificateSubjectKeyIdentifierValidator.cs" />
     <Compile Include="CertificateSubjectPublicKeyInfoValidator.cs" />
     <Compile Include="CertificateThumbprintValidator.cs" />
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
new file mode 100644
index 0000000000..8be366974b
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -0,0 +1,276 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Security.Authorization;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Test
+{
+    public class DefaultAuthorizationServiceTests
+    {
+        [Fact]
+        public void Check_ShouldAllowIfClaimIsPresent()
+        {
+            // Arrange
+            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic")
+                );
+
+            // Act
+            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public void Check_ShouldAllowIfClaimIsAmongValues()
+        {
+            // Arrange
+            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] { 
+                        new Claim("Permission", "CanViewPage"), 
+                        new Claim("Permission", "CanViewAnything")
+                    }, 
+                    "Basic")
+                );
+
+            // Act
+            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public void Check_ShouldNotAllowIfClaimTypeIsNotPresent()
+        {
+            // Arrange
+            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] { 
+                        new Claim("SomethingElse", "CanViewPage"), 
+                    },
+                    "Basic")
+                );
+
+            // Act
+            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public void Check_ShouldNotAllowIfClaimValueIsNotPresent()
+        {
+            // Arrange
+            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] { 
+                        new Claim("Permission", "CanViewComment"), 
+                    },
+                    "Basic")
+                );
+
+            // Act
+            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public void Check_ShouldNotAllowIfNoClaims()
+        {
+            // Arrange
+            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[0],
+                    "Basic")
+                );
+
+            // Act
+            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public void Check_ShouldNotAllowIfUserIsNull()
+        {
+            // Arrange
+            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
+            ClaimsPrincipal user = null;
+
+            // Act
+            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public void Check_ShouldNotAllowIfUserIsNotAuthenticated()
+        {
+            // Arrange
+            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] { 
+                        new Claim("Permission", "CanViewComment"), 
+                    },
+                    null)
+                );
+
+            // Act
+            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public void Check_ShouldApplyPoliciesInOrder()
+        {
+            // Arrange
+            string result = "";
+            var policies = new IAuthorizationPolicy[] {
+                new FakePolicy() {
+                    Order = 20,
+                    ApplyingAsyncAction = (context) => { result += "20"; }
+                },
+                new FakePolicy() {
+                    Order = -1,
+                    ApplyingAsyncAction = (context) => { result += "-1"; }
+                },
+                new FakePolicy() {
+                    Order = 30,
+                    ApplyingAsyncAction = (context) => { result += "30"; }
+                },
+            };
+
+            var authorizationService = new DefaultAuthorizationService(policies);
+            
+            // Act
+            var allowed = authorizationService.Authorize(null, null);
+
+            // Assert
+            Assert.Equal("-12030", result);
+        }
+
+        [Fact]
+        public void Check_ShouldInvokeApplyingApplyAppliedInOrder()
+        {
+            // Arrange
+            string result = "";
+            var policies = new IAuthorizationPolicy[] {
+                new FakePolicy() {
+                    Order = 20,
+                    ApplyingAsyncAction = (context) => { result += "Applying20"; },
+                    ApplyAsyncAction = (context) => { result += "Apply20"; },
+                    AppliedAsyncAction = (context) => { result += "Applied20"; }
+                },
+                new FakePolicy() {
+                    Order = -1,
+                    ApplyingAsyncAction = (context) => { result += "Applying-1"; },
+                    ApplyAsyncAction = (context) => { result += "Apply-1"; },
+                    AppliedAsyncAction = (context) => { result += "Applied-1"; }
+                },
+                new FakePolicy() {
+                    Order = 30,
+                    ApplyingAsyncAction = (context) => { result += "Applying30"; },
+                    ApplyAsyncAction = (context) => { result += "Apply30"; },
+                    AppliedAsyncAction = (context) => { result += "Applied30"; }
+                },
+            };
+
+            var authorizationService = new DefaultAuthorizationService(policies);
+            
+            // Act
+            var allowed = authorizationService.Authorize(null, null);
+
+            // Assert
+            Assert.Equal("Applying-1Applying20Applying30Apply-1Apply20Apply30Applied-1Applied20Applied30", result);
+        }
+
+        [Fact]
+        public void Check_ShouldConvertNullClaimsToEmptyList()
+        {
+            // Arrange
+            IList<Claim> claims = null;
+            var policies = new IAuthorizationPolicy[] {
+                new FakePolicy() {
+                    Order = 20,
+                    ApplyingAsyncAction = (context) => { claims = context.Claims; }
+                }
+            };
+
+            var authorizationService = new DefaultAuthorizationService(policies);
+            
+            // Act
+            var allowed = authorizationService.Authorize(null, null);
+
+            // Assert
+            Assert.NotNull(claims);
+            Assert.Equal(0, claims.Count);
+        }
+
+        [Fact]
+        public void Check_ShouldThrowWhenPoliciesDontStop()
+        {
+            // Arrange
+            var policies = new IAuthorizationPolicy[] {
+                new FakePolicy() {
+                    ApplyAsyncAction = (context) => { context.Retry = true; }
+                }
+            };
+
+            var authorizationService = new DefaultAuthorizationService(policies);
+
+            // Act
+            // Assert
+            Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(null, null));
+        }
+ 
+        [Fact]
+        public void Check_ApplyCanMutateClaims()
+        {
+
+            // Arrange
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic")
+                );
+
+            var policies = new IAuthorizationPolicy[] {
+                new FakePolicy() {
+                    ApplyAsyncAction = (context) => { 
+                        // for instance, if user owns the comment
+                        if(!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments"))
+                        {
+                            context.Claims.Add(new Claim("Permission", "CanDeleteComments")); 
+                            context.Retry = true;
+                        }
+                    }
+                }
+            };
+
+            var authorizationService = new DefaultAuthorizationService(policies);
+            
+            // Act
+            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), user);
+
+            // Assert
+            Assert.True(allowed);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/FakePolicy.cs b/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
new file mode 100644
index 0000000000..a3bdf8c1f9
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
@@ -0,0 +1,49 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Security.Authorization;
+
+namespace Microsoft.AspNet.Security.Test 
+{
+    public class FakePolicy : IAuthorizationPolicy
+    {
+            
+        public int Order { get; set; }
+
+        public Task ApplyingAsync(AuthorizationPolicyContext context) 
+        {
+            if (ApplyingAsyncAction != null)
+            {
+                ApplyingAsyncAction(context);
+            }
+
+            return Task.FromResult(0);
+        }
+        
+        public Task ApplyAsync(AuthorizationPolicyContext context) 
+        {
+            if (ApplyAsyncAction != null)
+            {
+                ApplyAsyncAction(context);
+            }
+            
+            return Task.FromResult(0);
+
+        }
+        
+        public Task AppliedAsync(AuthorizationPolicyContext context) 
+        {
+            if (AppliedAsyncAction != null)
+            {
+                AppliedAsyncAction(context);
+            }
+            
+            return Task.FromResult(0);
+        }
+
+        public Action<AuthorizationPolicyContext> ApplyingAsyncAction { get; set;}
+
+        public Action<AuthorizationPolicyContext> ApplyAsyncAction { get; set;}
+
+        public Action<AuthorizationPolicyContext> AppliedAsyncAction { get; set;}
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
new file mode 100644
index 0000000000..8f60c5ab82
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>8da26cd1-1302-4cfd-9270-9fa1b7c6138b</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Content Include="Project.json" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="DefaultAuthorizationServiceTests.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
new file mode 100644
index 0000000000..cfdc5ed7f9
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -0,0 +1,25 @@
+{
+  "version" : "0.1-alpha-*",
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Security" : "0.1-alpha-*",
+    "Moq": "4.2.1312.1622",
+    "Xunit.KRunner": "0.1-alpha-*",
+    "xunit.abstractions": "2.0.0-aspnet-*",
+    "xunit.assert": "2.0.0-aspnet-*",
+    "xunit.core": "2.0.0-aspnet-*",
+    "xunit.execution": "2.0.0-aspnet-*"
+  },
+  "commands": {
+    "test": "Xunit.KRunner"
+  },
+  "configurations": {
+    "net45": { 
+      "dependencies": {
+          "System.Runtime": ""
+      }
+    }
+  }
+}

From 4568e7495455dd5f8887a511a6a33c58b02d0aec Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebastien.ros@microsoft.com>
Date: Mon, 28 Apr 2014 10:44:18 -0700
Subject: [PATCH 014/900] Adding null check in ctor

---
 .../Authorization/DefaultAuthorizationService.cs         | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
index 7faf3430e3..09a4d9a95b 100644
--- a/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
@@ -15,7 +15,14 @@ namespace Microsoft.AspNet.Security.Authorization
 
         public DefaultAuthorizationService(IEnumerable<IAuthorizationPolicy> policies)
         {
-            _policies = policies.OrderBy(x => x.Order).ToArray();
+            if (policies == null)
+            {
+                _policies = Enumerable.Empty<IAuthorizationPolicy>().ToArray();
+            } 
+            else 
+            {
+                _policies = policies.OrderBy(x => x.Order).ToArray();
+            }
         }
 
         public async Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user)

From 3a5ad14fe0eb7896a7e983af0e600261a95ac9a2 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 1 May 2014 12:46:10 -0700
Subject: [PATCH 015/900] Remove unused filesystem dependencies.

---
 samples/CookieSample/project.json                  | 2 --
 src/Microsoft.AspNet.Security.Cookies/project.json | 2 --
 src/Microsoft.AspNet.Security/project.json         | 2 --
 3 files changed, 6 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 656b0a6e20..7d5e652710 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -26,8 +26,6 @@
         "System.Diagnostics.Tools": "4.0.0.0",
         "System.Globalization": "4.0.10.0",
         "System.IO": "4.0.0.0",
-        "System.IO.FileSystem": "4.0.0.0",
-        "System.IO.FileSystem.Primitives": "4.0.0.0",
         "System.Linq": "4.0.0.0",
         "System.Reflection": "4.0.10.0",
         "System.Resources.ResourceManager": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index d446612a1e..2838ae822a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -24,8 +24,6 @@
         "System.Globalization": "4.0.10.0",
         "System.IO": "4.0.0.0",
         "System.IO.Compression": "4.0.0.0",
-        "System.IO.FileSystem": "4.0.0.0",
-        "System.IO.FileSystem.Primitives": "4.0.0.0",
         "System.Linq": "4.0.0.0",
         "System.Reflection": "4.0.10.0",
         "System.Resources.ResourceManager": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index ded011e117..ee02d0cfe5 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -22,8 +22,6 @@
         "System.Globalization": "4.0.10.0",
         "System.IO": "4.0.0.0",
         "System.IO.Compression": "4.0.0.0",
-        "System.IO.FileSystem": "4.0.0.0",
-        "System.IO.FileSystem.Primitives": "4.0.0.0",
         "System.Linq": "4.0.0.0",
         "System.Reflection": "4.0.10.0",
         "System.Resources.ResourceManager": "4.0.0.0",

From c64934ad53f5de4d2fd0b6dc0c1c70b6111b3eb6 Mon Sep 17 00:00:00 2001
From: Louis DeJardin <louis.dejardin@gmail.com>
Date: Fri, 2 May 2014 16:19:37 -0700
Subject: [PATCH 016/900] Updating build scripts

---
 .gitignore |  1 +
 build.cmd  |  3 +++
 build.sh   | 30 ++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+)
 create mode 100644 build.sh

diff --git a/.gitignore b/.gitignore
index 8bc217058d..aba9c594d7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ PublishProfiles/
 _ReSharper.*
 nuget.exe
 *net45.csproj
+*net451.csproj
 *k10.csproj
 *.psess
 *.vsp
diff --git a/build.cmd b/build.cmd
index 7045ee1f84..903d532df3 100644
--- a/build.cmd
+++ b/build.cmd
@@ -18,6 +18,9 @@ copy %CACHED_NUGET% .nuget\nuget.exe > nul
 IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
+CALL packages\KoreBuild\build\kvm upgrade -svr50 -x86
+CALL packages\KoreBuild\build\kvm install default -svrc50 -x86
 
 :run
+CALL packages\KoreBuild\build\kvm use default -svr50 -x86
 packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
diff --git a/build.sh b/build.sh
new file mode 100644
index 0000000000..db1e0c3dde
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+if test `uname` = Darwin; then
+    cachedir=~/Library/Caches/KBuild
+else
+    if x$XDG_DATA_HOME = x; then
+	cachedir=$HOME/.local/share
+    else
+	cachedir=$XDG_DATA_HOME;
+    fi
+fi
+mkdir -p $cachedir
+
+url=https://www.nuget.org/nuget.exe
+
+if test ! -f $cachedir/nuget.exe; then
+    wget -o $cachedir/nuget.exe $url 2>/dev/null || curl -o $cachedir/nuget.exe --location $url /dev/null
+fi
+
+if test ! -e .nuget; then
+    mkdir .nuget
+    cp $cachedir/nuget.exe .nuget
+fi
+
+if test ! -d packages/KoreBuild; then
+    mono .nuget/nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
+    mono .nuget/nuget.exe install Sake -version 0.2 -o packages -ExcludeVersion
+fi
+
+mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"
\ No newline at end of file

From b7ed0faa332af054a3e0d594ffd5663389398cb5 Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebastien.ros@microsoft.com>
Date: Mon, 5 May 2014 14:29:13 -0700
Subject: [PATCH 017/900] Adding AuthorizationPolicy and mutable user claims

#13
---
 .../Authorization/AuthorizationPolicy.cs      | 46 +++++++++++++++
 .../AuthorizationPolicyContext.cs             | 13 ++++
 .../AuthorizationServiceExtensions.cs         | 59 +++++++++++++++++++
 .../DefaultAuthorizationService.cs            | 13 +++-
 .../DefaultAuthorizationServiceTests.cs       | 32 +++++++++-
 5 files changed, 161 insertions(+), 2 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicy.cs
 create mode 100644 src/Microsoft.AspNet.Security/Authorization/AuthorizationServiceExtensions.cs

diff --git a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicy.cs
new file mode 100644
index 0000000000..505f873aac
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicy.cs
@@ -0,0 +1,46 @@
+// Copyright (c) Microsoft Open Technologies, Inc.
+// All Rights Reserved
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
+// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
+// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
+// NON-INFRINGEMENT.
+// See the Apache 2 License for the specific language governing
+// permissions and limitations under the License.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Authorization
+{
+    /// <summary>
+    /// This class provides a base implementation for <see cref="IAuthorizationPolicy" />
+    /// </summary>
+    public abstract class AuthorizationPolicy : IAuthorizationPolicy
+    {
+        public int Order { get; set; }
+        
+        public virtual Task ApplyingAsync(AuthorizationPolicyContext context)
+        {
+            return Task.FromResult(0);
+        }
+
+        public virtual Task ApplyAsync(AuthorizationPolicyContext context) 
+        {
+            return Task.FromResult(0);
+        }
+
+        public virtual Task AppliedAsync(AuthorizationPolicyContext context)
+        {
+            return Task.FromResult(0);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs b/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
index ab65513ab5..fabc41d05d 100644
--- a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
+++ b/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
@@ -16,6 +16,11 @@ namespace Microsoft.AspNet.Security.Authorization
             Claims = (claims ?? Enumerable.Empty<Claim>()).ToList();
             User = user;
             Resource = resource;
+
+            // user claims are copied to a new and mutable list
+            UserClaims = user != null
+                ? user.Claims.ToList()
+                : new List<Claim>();
         }
 
         /// <summary>
@@ -28,6 +33,14 @@ namespace Microsoft.AspNet.Security.Authorization
         /// </summary>
         public ClaimsPrincipal User { get; private set; }
 
+        /// <summary>
+        /// The claims of the user.
+        /// </summary>
+        /// <remarks>
+        /// This list can be modified by policies for retries.
+        /// </remarks>
+        public IList<Claim> UserClaims { get; private set; }
+
         /// <summary>
         /// An optional resource associated to the check.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Security/Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Security/Authorization/AuthorizationServiceExtensions.cs
new file mode 100644
index 0000000000..70d52bf8d1
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Authorization/AuthorizationServiceExtensions.cs
@@ -0,0 +1,59 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Authorization
+{
+    public static class AuthorizationServiceExtensions
+    {
+        /// <summary>
+        /// Checks if a user has specific claims.
+        /// </summary>
+        /// <param name="claim">The claim to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
+        {
+            return service.AuthorizeAsync(new Claim[] { claim }, user);
+        }
+
+        /// <summary>
+        /// Checks if a user has specific claims.
+        /// </summary>
+        /// <param name="claim">The claim to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        public static bool Authorize(this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
+        {
+            return service.Authorize(new Claim[] { claim }, user);
+        }
+
+        /// <summary>
+        /// Checks if a user has specific claims for a specific context obj.
+        /// </summary>
+        /// <param name="claim">The claim to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <param name="resource">The resource the claims should be check with.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
+        {
+            return service.AuthorizeAsync(new Claim[] { claim }, user, resource);
+        }
+
+        /// <summary>
+        /// Checks if a user has specific claims for a specific context obj.
+        /// </summary>
+        /// <param name="claim">The claimsto check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <param name="resource">The resource the claims should be check with.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        public static bool Authorize(this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
+        {
+            return service.Authorize(new Claim[] { claim }, user, resource);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
index 09a4d9a95b..544caac07f 100644
--- a/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
@@ -55,7 +55,7 @@ namespace Microsoft.AspNet.Security.Authorization
                 {
                     if (context.User != null)
                     {
-                        if (context.Claims.Any(claim => user.HasClaim(claim.Type, claim.Value)))
+                        if (ClaimsMatch(context.Claims, context.UserClaims))
                         {
                             context.Authorized = true;
                         }
@@ -95,5 +95,16 @@ namespace Microsoft.AspNet.Security.Authorization
         {
             return AuthorizeAsync(claims, user, resource).Result;
         }
+
+        private bool ClaimsMatch([NotNull] IEnumerable<Claim> x, [NotNull] IEnumerable<Claim> y)
+        {
+            return x.Any(claim => 
+                        y.Any(userClaim => 
+                            string.Equals(claim.Type, userClaim.Type, StringComparison.OrdinalIgnoreCase) &&
+                            string.Equals(claim.Value, userClaim.Value, StringComparison.Ordinal)
+                        )
+                    );
+
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index 8be366974b..9c36c54bf6 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -243,7 +243,7 @@ namespace Microsoft.AspNet.Security.Test
         }
  
         [Fact]
-        public void Check_ApplyCanMutateClaims()
+        public void Check_ApplyCanMutateCheckedClaims()
         {
 
             // Arrange
@@ -272,5 +272,35 @@ namespace Microsoft.AspNet.Security.Test
             // Assert
             Assert.True(allowed);
         }
+
+        [Fact]
+        public void Check_PoliciesCanMutateUsersClaims()
+        {
+
+            // Arrange
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(new Claim[0], "Basic")
+                );
+
+            var policies = new IAuthorizationPolicy[] {
+                new FakePolicy() {
+                    ApplyAsyncAction = (context) => { 
+                        if (!context.Authorized) 
+                        {
+                            context.UserClaims.Add(new Claim("Permission", "CanDeleteComments")); 
+                            context.Retry = true;
+                        }
+                    }
+                }
+            };
+
+            var authorizationService = new DefaultAuthorizationService(policies);
+            
+            // Act
+            var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user);
+
+            // Assert
+            Assert.True(allowed);
+        }
     }
 }

From 05b091ee66b3448aab801db32012c4fd8000a7e8 Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebastien.ros@microsoft.com>
Date: Mon, 5 May 2014 15:37:36 -0700
Subject: [PATCH 018/900] Removing Authorization namespace

---
 .../Authorization/IAuthorizationPolicy.cs     | 13 ---------
 .../AuthorizationPolicy.cs                    |  2 +-
 .../AuthorizationPolicyContext.cs             | 19 ++++++++++--
 .../AuthorizationServiceExtensions.cs         | 19 ++++++++++--
 .../DefaultAuthorizationService.cs            | 19 ++++++++++--
 .../IAuthorizationPolicy.cs                   | 29 +++++++++++++++++++
 .../IAuthorizationService.cs                  | 19 ++++++++++--
 .../Microsoft.AspNet.Security.kproj           | 10 ++++---
 .../DefaultAuthorizationServiceTests.cs       |  2 +-
 .../FakePolicy.cs                             |  2 +-
 10 files changed, 106 insertions(+), 28 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs
 rename src/Microsoft.AspNet.Security/{Authorization => }/AuthorizationPolicy.cs (96%)
 rename src/Microsoft.AspNet.Security/{Authorization => }/AuthorizationPolicyContext.cs (71%)
 rename src/Microsoft.AspNet.Security/{Authorization => }/AuthorizationServiceExtensions.cs (79%)
 rename src/Microsoft.AspNet.Security/{Authorization => }/DefaultAuthorizationService.cs (82%)
 create mode 100644 src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
 rename src/Microsoft.AspNet.Security/{Authorization => }/IAuthorizationService.cs (76%)

diff --git a/src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs
deleted file mode 100644
index 8100ae32f1..0000000000
--- a/src/Microsoft.AspNet.Security/Authorization/IAuthorizationPolicy.cs
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-namespace Microsoft.AspNet.Security.Authorization
-{
-    public interface IAuthorizationPolicy
-    {
-        int Order { get; set; }
-        Task ApplyingAsync(AuthorizationPolicyContext context);
-        Task ApplyAsync(AuthorizationPolicyContext context);
-        Task AppliedAsync(AuthorizationPolicyContext context);
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicy.cs
rename to src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
index 505f873aac..157b71047a 100644
--- a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
@@ -19,7 +19,7 @@ using System.Collections.Generic;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Authorization
+namespace Microsoft.AspNet.Security
 {
     /// <summary>
     /// This class provides a base implementation for <see cref="IAuthorizationPolicy" />
diff --git a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
similarity index 71%
rename from src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
rename to src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
index fabc41d05d..4055fddbd8 100644
--- a/src/Microsoft.AspNet.Security/Authorization/AuthorizationPolicyContext.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
@@ -1,10 +1,25 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc.
+// All Rights Reserved
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
+// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
+// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
+// NON-INFRINGEMENT.
+// See the Apache 2 License for the specific language governing
+// permissions and limitations under the License.
 
 using System.Collections.Generic;
 using System.Security.Claims;
 using System.Linq;
 
-namespace Microsoft.AspNet.Security.Authorization
+namespace Microsoft.AspNet.Security
 {
     /// <summary>
     /// Contains authorization information used by <see cref="IAuthorizationPolicy"/>.
diff --git a/src/Microsoft.AspNet.Security/Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
similarity index 79%
rename from src/Microsoft.AspNet.Security/Authorization/AuthorizationServiceExtensions.cs
rename to src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
index 70d52bf8d1..158314a155 100644
--- a/src/Microsoft.AspNet.Security/Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
@@ -1,4 +1,19 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc.
+// All Rights Reserved
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
+// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
+// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
+// NON-INFRINGEMENT.
+// See the Apache 2 License for the specific language governing
+// permissions and limitations under the License.
 
 using System;
 using System.Collections.Generic;
@@ -6,7 +21,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Authorization
+namespace Microsoft.AspNet.Security
 {
     public static class AuthorizationServiceExtensions
     {
diff --git a/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
similarity index 82%
rename from src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
rename to src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
index 544caac07f..1292901522 100644
--- a/src/Microsoft.AspNet.Security/Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
@@ -1,4 +1,19 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc.
+// All Rights Reserved
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
+// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
+// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
+// NON-INFRINGEMENT.
+// See the Apache 2 License for the specific language governing
+// permissions and limitations under the License.
 
 using System;
 using System.Collections.Generic;
@@ -6,7 +21,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Authorization
+namespace Microsoft.AspNet.Security
 {
     public class DefaultAuthorizationService : IAuthorizationService
     {
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
new file mode 100644
index 0000000000..395549065a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
@@ -0,0 +1,29 @@
+// Copyright (c) Microsoft Open Technologies, Inc.
+// All Rights Reserved
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
+// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
+// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
+// NON-INFRINGEMENT.
+// See the Apache 2 License for the specific language governing
+// permissions and limitations under the License.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security
+{
+    public interface IAuthorizationPolicy
+    {
+        int Order { get; set; }
+        Task ApplyingAsync(AuthorizationPolicyContext context);
+        Task ApplyAsync(AuthorizationPolicyContext context);
+        Task AppliedAsync(AuthorizationPolicyContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Authorization/IAuthorizationService.cs b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
similarity index 76%
rename from src/Microsoft.AspNet.Security/Authorization/IAuthorizationService.cs
rename to src/Microsoft.AspNet.Security/IAuthorizationService.cs
index 30284e4c54..cbd705c8fa 100644
--- a/src/Microsoft.AspNet.Security/Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
@@ -1,10 +1,25 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc.
+// All Rights Reserved
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
+// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
+// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
+// NON-INFRINGEMENT.
+// See the Apache 2 License for the specific language governing
+// permissions and limitations under the License.
 
 using System.Collections.Generic;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Authorization
+namespace Microsoft.AspNet.Security
 {
     /// <summary>
     /// Checks claims based permissions for a user.
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index 37943b7510..fa845e638d 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -25,10 +25,12 @@
     <Compile Include="AuthenticationMode.cs" />
     <Compile Include="AuthenticationOptions.cs" />
     <Compile Include="AuthenticationTicket.cs" />
-    <Compile Include="Authorization\AuthorizationPolicyContext.cs" />
-    <Compile Include="Authorization\DefaultAuthorizationService.cs" />
-    <Compile Include="Authorization\IAuthorizationPolicy.cs" />
-    <Compile Include="Authorization\IAuthorizationService.cs" />
+    <Compile Include="AuthorizationPolicy.cs" />
+    <Compile Include="AuthorizationPolicyContext.cs" />
+    <Compile Include="AuthorizationServiceExtensions.cs" />
+    <Compile Include="DefaultAuthorizationService.cs" />
+    <Compile Include="IAuthorizationPolicy.cs" />
+    <Compile Include="IAuthorizationService.cs" />
     <Compile Include="CertificateSubjectKeyIdentifierValidator.cs" />
     <Compile Include="CertificateSubjectPublicKeyInfoValidator.cs" />
     <Compile Include="CertificateThumbprintValidator.cs" />
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index 9c36c54bf6..7d439897b4 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -3,7 +3,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.Authorization;
+using Microsoft.AspNet.Security;
 using Xunit;
 
 namespace Microsoft.AspNet.Security.Test
diff --git a/test/Microsoft.AspNet.Security.Test/FakePolicy.cs b/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
index a3bdf8c1f9..3e365cde2b 100644
--- a/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
+++ b/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
@@ -1,6 +1,6 @@
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.Authorization;
+using Microsoft.AspNet.Security;
 
 namespace Microsoft.AspNet.Security.Test 
 {

From 14205d1708ff3478c17505642e62d37fde57c72b Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebastien.ros@microsoft.com>
Date: Mon, 5 May 2014 17:01:57 -0700
Subject: [PATCH 019/900] Applying IHttpAuthenticationFeature renaming

---
 .../Infrastructure/HttpContextExtensions.cs               | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
index a46ef4079c..3f0be6f882 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
@@ -6,13 +6,13 @@ namespace Microsoft.AspNet.Security.Infrastructure
 {
     internal static class HttpContextExtensions
     {
-        internal static IHttpAuthentication GetAuthentication(this HttpContext context)
+        internal static IHttpAuthenticationFeature GetAuthentication(this HttpContext context)
         {
-            var auth = context.GetFeature<IHttpAuthentication>();
+            var auth = context.GetFeature<IHttpAuthenticationFeature>();
             if (auth == null)
             {
-                auth = new DefaultHttpAuthentication();
-                context.SetFeature<IHttpAuthentication>(auth);
+                auth = new HttpAuthenticationFeature();
+                context.SetFeature<IHttpAuthenticationFeature>(auth);
             }
             return auth;
         }

From 34b4c7e3a77613f8469d6ec6dc6cb4403a17ac35 Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Mon, 5 May 2014 20:15:50 -0700
Subject: [PATCH 020/900] Remove unused dependency

---
 src/Microsoft.AspNet.Security.Cookies/project.json | 1 -
 src/Microsoft.AspNet.Security/project.json         | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 2838ae822a..f73ba62d84 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -4,7 +4,6 @@
     "Newtonsoft.Json": "5.0.8",
     "Microsoft.AspNet.Security": "0.1-alpha-*",
     "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
-    "Microsoft.AspNet.ConfigurationModel": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
     "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index ee02d0cfe5..b14e7de2f9 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -2,7 +2,6 @@
   "version": "0.1-alpha-*",
   "dependencies": {
     "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
-    "Microsoft.AspNet.ConfigurationModel": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
     "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",

From 1235ea1a6fd214d8ce0b3416a3f45d02ab3fd837 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 5 May 2014 18:11:22 -0700
Subject: [PATCH 021/900] Fix HttpAbstractions dependency renames.

---
 samples/CookieSample/Startup.cs                            | 1 +
 samples/CookieSample/project.json                          | 3 +--
 .../CookieAuthenticationDefaults.cs                        | 2 +-
 .../CookieAuthenticationExtensions.cs                      | 2 +-
 .../CookieAuthenticationHandler.cs                         | 7 ++-----
 .../CookieAuthenticationMiddleware.cs                      | 2 +-
 .../CookieAuthenticationOptions.cs                         | 2 +-
 .../Notifications/CookieApplyRedirectContext.cs            | 2 +-
 .../Notifications/CookieResponseSignInContext.cs           | 4 ++--
 .../Notifications/CookieResponseSignOutContext.cs          | 2 +-
 .../Notifications/CookieValidateIdentityContext.cs         | 4 ++--
 .../Notifications/DefaultBehavior.cs                       | 2 +-
 src/Microsoft.AspNet.Security.Cookies/project.json         | 2 +-
 src/Microsoft.AspNet.Security/AuthenticationOptions.cs     | 2 +-
 src/Microsoft.AspNet.Security/AuthenticationTicket.cs      | 2 +-
 .../DataHandler/PropertiesDataFormat.cs                    | 2 +-
 .../DataHandler/Serializer/DataSerializers.cs              | 2 +-
 .../DataHandler/Serializer/PropertiesSerializer.cs         | 2 +-
 .../DataProtection/DataProtectionHelpers.cs                | 2 +-
 .../Infrastructure/AuthenticationHandler.cs                | 4 ++--
 .../Infrastructure/AuthenticationHandler`1.cs              | 2 +-
 .../Infrastructure/AuthenticationMiddleware.cs             | 2 +-
 .../Infrastructure/AuthenticationTokenCreateContext.cs     | 2 +-
 .../Infrastructure/AuthenticationTokenReceiveContext.cs    | 2 +-
 .../Infrastructure/HttpContextExtensions.cs                | 2 +-
 .../Infrastructure/SecurityHelper.cs                       | 2 +-
 .../Infrastructure/SignInIdentityContext.cs                | 2 +-
 src/Microsoft.AspNet.Security/Notifications/BaseContext.cs | 2 +-
 .../Notifications/BaseContext`1.cs                         | 2 +-
 .../Notifications/EndpointContext.cs                       | 2 +-
 .../Notifications/EndpointContext`1.cs                     | 2 +-
 .../Notifications/ReturnEndpointContext.cs                 | 4 ++--
 src/Microsoft.AspNet.Security/project.json                 | 2 +-
 33 files changed, 38 insertions(+), 41 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 917eca2ea6..510a76f4b6 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Security.Claims;
 using Microsoft.AspNet;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Abstractions;
 using Microsoft.AspNet.DependencyInjection;
 using Microsoft.AspNet.DependencyInjection.Fallback;
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 7d5e652710..9608352500 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,14 +1,13 @@
 {
   "version": "0.1-alpha-*",
   "dependencies": {
-    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
     "Microsoft.AspNet.Security": "",
     "Microsoft.AspNet.Security.Cookies": "",
     "Microsoft.AspNet.Hosting": "0.1-alpha-*",
     "Microsoft.AspNet.RequestContainer": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
     "Microsoft.AspNet.Logging": "0.1-alpha-*",
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
index 8102911fd2..3ea10afb90 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System.Diagnostics.CodeAnalysis;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 6c7e7e6bd7..4a97317398 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions;
 using Microsoft.AspNet.DependencyInjection;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.DataProtection;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index cbf1120403..714d9fae1b 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -1,13 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Logging;
-using Microsoft.AspNet.PipelineCore.Collections;
-using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.Security.Infrastructure;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 7b1919c910..8fc9ea28c3 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index e865ad68ee..3fa5cb5e89 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -2,7 +2,7 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Infrastructure;
 
 namespace Microsoft.AspNet.Security.Cookies
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
index 14c96dbe09..9d0aca22ca 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System.Diagnostics.CodeAnalysis;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Cookies
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
index 4fefed2d9c..375c851819 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Cookies
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
index e7d808c35b..7dbd451377 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Cookies
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
index e48facc5b2..3996a9585d 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -3,8 +3,8 @@
 using System;
 using System.Security.Claims;
 using System.Security.Principal;
-using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.Notifications;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
index d90acf62ff..98b7da1c8b 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Newtonsoft.Json;
 
 namespace Microsoft.AspNet.Security.Cookies
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index f73ba62d84..4b97e21842 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -5,7 +5,7 @@
     "Microsoft.AspNet.Security": "0.1-alpha-*",
     "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
     "Microsoft.AspNet.Logging": "0.1-alpha-*",
diff --git a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
index bfd63df993..719132212a 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
@@ -2,7 +2,7 @@
 
 using System;
 using System.Collections.Generic;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.PipelineCore.Security;
 
diff --git a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
index 2b910d9445..5adb20b7ee 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
@@ -3,7 +3,7 @@
 using System;
 using System.Collections.Generic;
 using System.Security.Claims;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.PipelineCore.Security;
 using Microsoft.AspNet.Security.Infrastructure;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
index 43aab1c990..4c41223502 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
 using Microsoft.AspNet.Security.DataProtection;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
index b46f5dcb98..faf395aab5 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http.Security;
 
 namespace Microsoft.AspNet.Security.DataHandler.Serializer
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
index 0ea3a4ba30..d8bfc7209b 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
@@ -4,7 +4,7 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http.Security;
 
 namespace Microsoft.AspNet.Security.DataHandler.Serializer
 {
diff --git a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
index 8ed6c5db21..96b151e818 100644
--- a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
+++ b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.DataProtection
 {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 5b7f1e2106..03229baee8 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -8,8 +8,8 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
index ef69d5f023..80944261c7 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index f4fecd5231..7ad8d931eb 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -2,7 +2,7 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
index e418a113fe..3a96006c50 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Infrastructure
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
index 7e4f840277..0f6d6bce02 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Notifications;
 
 namespace Microsoft.AspNet.Security.Infrastructure
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
index 3f0be6f882..4336544d34 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
@@ -1,4 +1,4 @@
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.PipelineCore.Security;
 
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
index a4e42b92d8..436101fa9b 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
@@ -5,7 +5,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
index 087de642c6..52c2ddff1b 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
@@ -1,5 +1,5 @@
 using System.Security.Claims;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http.Security;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs b/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
index 57b50ed364..2ad464e37f 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs b/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
index be656e4c24..5073cd183e 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs b/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
index 58c175326e..214a724a42 100644
--- a/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs b/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
index 15c7a64780..80b5c2c554 100644
--- a/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Abstractions;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
index ce1f309a11..ff88098f57 100644
--- a/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
@@ -2,8 +2,8 @@
 
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
-using Microsoft.AspNet.Abstractions;
-using Microsoft.AspNet.Abstractions.Security;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index b14e7de2f9..77a720e041 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -3,7 +3,7 @@
   "dependencies": {
     "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.Abstractions": "0.1-alpha-*",
+    "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
     "Microsoft.AspNet.Logging": "0.1-alpha-*",

From d916a6d66a17354fb8cf24d127495443a37b0d04 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Tue, 6 May 2014 01:04:17 -0700
Subject: [PATCH 022/900] React to renames

---
 samples/CookieSample/Startup.cs                               | 2 +-
 .../CookieAuthenticationExtensions.cs                         | 2 +-
 .../CookieAuthenticationMiddleware.cs                         | 1 +
 .../Infrastructure/AuthenticationMiddleware.cs                | 1 +
 .../Microsoft.AspNet.Security.kproj                           | 4 +---
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 510a76f4b6..7dbb26e6d6 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -2,12 +2,12 @@ using System;
 using System.Security.Claims;
 using Microsoft.AspNet;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Abstractions;
 using Microsoft.AspNet.DependencyInjection;
 using Microsoft.AspNet.DependencyInjection.Fallback;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.RequestContainer;
+using Microsoft.AspNet.Builder;
 
 namespace CookieSample
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 4a97317398..a6fc420630 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -6,7 +6,7 @@ using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.DataProtection;
 
-namespace Microsoft.AspNet
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Extension methods provided by the cookies authentication middleware
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 8fc9ea28c3..44d1f10600 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.DataHandler;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index 7ad8d931eb..726028c6d2 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -2,6 +2,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Infrastructure
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
index 8f60c5ab82..3a317e7f39 100644
--- a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
@@ -21,9 +21,7 @@
   </ItemGroup>
   <ItemGroup>
     <Compile Include="DefaultAuthorizationServiceTests.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
+    <Compile Include="FakePolicy.cs" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file

From 08929a6e99a5a49c3a1234657fc51f76acc9d46e Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Tue, 6 May 2014 12:16:15 -0700
Subject: [PATCH 023/900] Fix dependency issues

---
 samples/CookieSample/Startup.cs                           | 8 ++++----
 samples/CookieSample/project.json                         | 6 +++---
 .../CookieAuthenticationExtensions.cs                     | 4 ++--
 .../CookieAuthenticationHandler.cs                        | 2 +-
 .../CookieAuthenticationMiddleware.cs                     | 2 +-
 src/Microsoft.AspNet.Security.Cookies/project.json        | 6 +++---
 .../Infrastructure/AuthenticationHandler.cs               | 2 +-
 src/Microsoft.AspNet.Security/project.json                | 6 +++---
 8 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 7dbb26e6d6..71386c068e 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -2,12 +2,12 @@ using System;
 using System.Security.Claims;
 using Microsoft.AspNet;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.DependencyInjection;
-using Microsoft.AspNet.DependencyInjection.Fallback;
-using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.RequestContainer;
 using Microsoft.AspNet.Builder;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.DependencyInjection.Fallback;
+using Microsoft.Framework.Logging;
 
 namespace CookieSample
 {
@@ -43,7 +43,7 @@ namespace CookieSample
         }
 
         // TODO: Temp workaround until the host reliably provides logging.
-        // If ILoggerFactory is never guaranteed, move this fallback into Microsoft.AspNet.Logging.
+        // If ILoggerFactory is never guaranteed, move this fallback into Microsoft.Framework.Logging.
         private class NullLoggerFactory : ILoggerFactory
         {
             public ILogger Create(string name)
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 9608352500..22f33b30b0 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -2,7 +2,6 @@
   "version": "0.1-alpha-*",
   "dependencies": {
     "Microsoft.AspNet.Http": "0.1-alpha-*",
-    "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
     "Microsoft.AspNet.Security": "",
     "Microsoft.AspNet.Security.Cookies": "",
     "Microsoft.AspNet.Hosting": "0.1-alpha-*",
@@ -10,8 +9,9 @@
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
-    "Microsoft.AspNet.Logging": "0.1-alpha-*",
-    "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*"
+    "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*",
+    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
+    "Microsoft.Framework.Logging": "0.1-alpha-*"
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server.name=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
   "configurations": {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index a6fc420630..5df523161e 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.DependencyInjection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Builder
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 714d9fae1b..03ad97927a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -3,8 +3,8 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 44d1f10600..9fde9e7d8c 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -3,10 +3,10 @@
 using System;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 4b97e21842..98cfc52a34 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -3,13 +3,13 @@
   "dependencies": {
     "Newtonsoft.Json": "5.0.8",
     "Microsoft.AspNet.Security": "0.1-alpha-*",
-    "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
     "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
-    "Microsoft.AspNet.Logging": "0.1-alpha-*",
-    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*"
+    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*",
+    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
+    "Microsoft.Framework.Logging": "0.1-alpha-*"
   },
   "configurations": {
     "net45": {},
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 03229baee8..313038e268 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -11,8 +11,8 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.HttpFeature.Security;
-using Microsoft.AspNet.Logging;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 77a720e041..6501b3e770 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,13 +1,13 @@
 {
   "version": "0.1-alpha-*",
   "dependencies": {
-    "Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
     "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
-    "Microsoft.AspNet.Logging": "0.1-alpha-*",
-    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*"
+    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*",
+    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
+    "Microsoft.Framework.Logging": "0.1-alpha-*"
   },
   "configurations": {
     "net45": {},

From b1acd991979c44367aeea12912b852c4f5d64d18 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 7 May 2014 11:35:42 -0700
Subject: [PATCH 024/900] Remove NullLoggerFactory workaround from the sample.

---
 samples/CookieSample/Startup.cs   | 25 -------------------------
 samples/CookieSample/project.json |  3 +--
 2 files changed, 1 insertion(+), 27 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 71386c068e..cd8bf76211 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -7,7 +7,6 @@ using Microsoft.AspNet.RequestContainer;
 using Microsoft.AspNet.Builder;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.DependencyInjection.Fallback;
-using Microsoft.Framework.Logging;
 
 namespace CookieSample
 {
@@ -15,12 +14,6 @@ namespace CookieSample
     {
         public void Configuration(IBuilder app)
         {
-            app.UseServices(services =>
-            {
-                // TODO: Move to host.
-                services.AddInstance<ILoggerFactory>(new NullLoggerFactory());
-            });
-
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
             {
 
@@ -41,23 +34,5 @@ namespace CookieSample
                 await context.Response.WriteAsync("Hello old timer");
             });
         }
-
-        // TODO: Temp workaround until the host reliably provides logging.
-        // If ILoggerFactory is never guaranteed, move this fallback into Microsoft.Framework.Logging.
-        private class NullLoggerFactory : ILoggerFactory
-        {
-            public ILogger Create(string name)
-            {
-                return new NullLongger();
-            }
-        }
-
-        private class NullLongger : ILogger
-        {
-            public bool WriteCore(TraceType eventType, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
-            {
-                return false;
-            }
-        }
     }
 }
\ No newline at end of file
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 22f33b30b0..81321a825b 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -10,8 +10,7 @@
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
     "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*",
-    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
-    "Microsoft.Framework.Logging": "0.1-alpha-*"
+    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*"
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server.name=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
   "configurations": {

From f8f3e3498672b73753034b1552bb4cedd5f730d1 Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Wed, 7 May 2014 18:04:18 -0700
Subject: [PATCH 025/900] Sort dependencies and remove duplicates in
 dependencies

---
 samples/CookieSample/project.json                  | 12 ++++++------
 src/Microsoft.AspNet.Security.Cookies/project.json | 12 ++++++------
 src/Microsoft.AspNet.Security/project.json         |  6 +++---
 test/Microsoft.AspNet.Security.Test/project.json   |  4 ++--
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 81321a825b..5b4245f7c6 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,14 +1,14 @@
 {
   "version": "0.1-alpha-*",
   "dependencies": {
+    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
+    "Microsoft.AspNet.Hosting": "0.1-alpha-*",
     "Microsoft.AspNet.Http": "0.1-alpha-*",
+    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
+    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
+    "Microsoft.AspNet.RequestContainer": "0.1-alpha-*",
     "Microsoft.AspNet.Security": "",
     "Microsoft.AspNet.Security.Cookies": "",
-    "Microsoft.AspNet.Hosting": "0.1-alpha-*",
-    "Microsoft.AspNet.RequestContainer": "0.1-alpha-*",
-    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
-    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
     "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*",
     "Microsoft.Framework.DependencyInjection": "0.1-alpha-*"
   },
@@ -18,8 +18,8 @@
     },
     "k10": {
       "dependencies": {
-        "System.Console": "4.0.0.0",
         "System.Collections": "4.0.0.0",
+        "System.Console": "4.0.0.0",
         "System.Diagnostics.Debug": "4.0.10.0",
         "System.Diagnostics.Tools": "4.0.0.0",
         "System.Globalization": "4.0.10.0",
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 98cfc52a34..f16f0f5d02 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,23 +1,23 @@
 {
   "version": "0.1-alpha-*",
   "dependencies": {
-    "Newtonsoft.Json": "5.0.8",
-    "Microsoft.AspNet.Security": "0.1-alpha-*",
-    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
+    "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
+    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
+    "Microsoft.AspNet.Security": "0.1-alpha-*",
     "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*",
     "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
-    "Microsoft.Framework.Logging": "0.1-alpha-*"
+    "Microsoft.Framework.Logging": "0.1-alpha-*",
+    "Newtonsoft.Json": "5.0.8"
   },
   "configurations": {
     "net45": {},
     "k10": {
       "dependencies": {
         "System.Collections": "4.0.0.0",
-        "System.Console": "4.0.0.0",
         "System.ComponentModel": "4.0.0.0",
+        "System.Console": "4.0.0.0",
         "System.Diagnostics.Debug": "4.0.10.0",
         "System.Diagnostics.Tools": "4.0.0.0",
         "System.Globalization": "4.0.10.0",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 6501b3e770..b790dc9422 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,10 +1,10 @@
 {
   "version": "0.1-alpha-*",
   "dependencies": {
-    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
+    "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
+    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
     "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*",
     "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
     "Microsoft.Framework.Logging": "0.1-alpha-*"
@@ -14,8 +14,8 @@
     "k10": {
       "dependencies": {
         "System.Collections": "4.0.0.0",
-        "System.Console": "4.0.0.0",
         "System.ComponentModel": "4.0.0.0",
+        "System.Console": "4.0.0.0",
         "System.Diagnostics.Debug": "4.0.10.0",
         "System.Diagnostics.Tools": "4.0.0.0",
         "System.Globalization": "4.0.10.0",
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index cfdc5ed7f9..a7587932d1 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -6,11 +6,11 @@
   "dependencies": {
     "Microsoft.AspNet.Security" : "0.1-alpha-*",
     "Moq": "4.2.1312.1622",
-    "Xunit.KRunner": "0.1-alpha-*",
     "xunit.abstractions": "2.0.0-aspnet-*",
     "xunit.assert": "2.0.0-aspnet-*",
     "xunit.core": "2.0.0-aspnet-*",
-    "xunit.execution": "2.0.0-aspnet-*"
+    "xunit.execution": "2.0.0-aspnet-*",
+    "Xunit.KRunner": "0.1-alpha-*"
   },
   "commands": {
     "test": "Xunit.KRunner"

From 9d0de16073b74a7df11ac3f6d502a2a7abfa4d46 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <elipton@microsoft.com>
Date: Thu, 8 May 2014 16:35:28 -0700
Subject: [PATCH 026/900] Create LICENSE.txt

---
 LICENSE.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 LICENSE.txt

diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000000..d85a1524ad
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,12 @@
+Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+these files except in compliance with the License. You may obtain a copy of the
+License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.

From d02f76a2fd11508dc3eccdc99c4610fefb17e66d Mon Sep 17 00:00:00 2001
From: Andrew Peters <anpete@microsoft.com>
Date: Thu, 8 May 2014 23:01:33 -0700
Subject: [PATCH 027/900] Updating copyright headers

---
 .../CookieAuthenticationDefaults.cs            |  4 +++-
 .../CookieAuthenticationExtensions.cs          |  4 +++-
 .../CookieAuthenticationHandler.cs             |  4 +++-
 .../CookieAuthenticationMiddleware.cs          |  4 +++-
 .../CookieAuthenticationOptions.cs             |  4 +++-
 .../CookieSecureOption.cs                      |  4 +++-
 .../NotNullAttribute.cs                        |  5 ++++-
 .../CookieApplyRedirectContext.cs              |  4 +++-
 .../CookieAuthenticationNotifications.cs       |  4 +++-
 .../CookieResponseSignInContext.cs             |  4 +++-
 .../CookieResponseSignOutContext.cs            |  4 +++-
 .../CookieValidateIdentityContext.cs           |  4 +++-
 .../Notifications/DefaultBehavior.cs           |  4 +++-
 .../ICookieAuthenticationNotifications.cs      |  4 +++-
 .../AppBuilderSecurityExtensions.cs            |  4 +++-
 .../AuthenticationMode.cs                      |  4 +++-
 .../AuthenticationOptions.cs                   |  4 +++-
 .../AuthenticationTicket.cs                    |  4 +++-
 .../AuthorizationPolicy.cs                     | 18 ++----------------
 .../AuthorizationPolicyContext.cs              | 18 ++----------------
 .../AuthorizationServiceExtensions.cs          | 18 ++----------------
 ...CertificateSubjectKeyIdentifierValidator.cs |  4 +++-
 ...CertificateSubjectPublicKeyInfoValidator.cs |  4 +++-
 .../CertificateThumbprintValidator.cs          |  4 +++-
 src/Microsoft.AspNet.Security/Constants.cs     |  4 +++-
 .../DataHandler/Encoder/Base64TextEncoder.cs   |  4 +++-
 .../Encoder/Base64UrlTextEncoder.cs            |  4 +++-
 .../DataHandler/Encoder/ITextEncoder.cs        |  4 +++-
 .../DataHandler/Encoder/TextEncodings.cs       |  4 +++-
 .../DataHandler/ISecureDataFormat.cs           |  4 +++-
 .../DataHandler/PropertiesDataFormat.cs        |  4 +++-
 .../DataHandler/SecureDataFormat.cs            |  4 +++-
 .../DataHandler/Serializer/DataSerializers.cs  |  4 +++-
 .../DataHandler/Serializer/IDataSerializer.cs  |  4 +++-
 .../Serializer/PropertiesSerializer.cs         |  4 +++-
 .../DataHandler/Serializer/TicketSerializer.cs |  4 +++-
 .../DataHandler/TicketDataFormat.cs            |  4 +++-
 .../DataProtection/DataProtectionHelpers.cs    |  4 +++-
 .../DefaultAuthorizationService.cs             | 18 ++----------------
 .../IAuthorizationPolicy.cs                    | 18 ++----------------
 .../IAuthorizationService.cs                   | 18 ++----------------
 .../ICertificateValidator.cs                   |  4 +++-
 .../Infrastructure/AuthenticationHandler.cs    |  4 +++-
 .../Infrastructure/AuthenticationHandler`1.cs  |  4 +++-
 .../Infrastructure/AuthenticationMiddleware.cs |  4 +++-
 .../AuthenticationTokenCreateContext.cs        |  4 +++-
 .../AuthenticationTokenProvider.cs             |  4 +++-
 .../AuthenticationTokenReceiveContext.cs       |  4 +++-
 .../Infrastructure/Constants.cs                |  4 +++-
 .../Infrastructure/HttpContextExtensions.cs    |  5 ++++-
 .../IAuthenticationTokenProvider.cs            |  4 +++-
 .../Infrastructure/ISystemClock.cs             |  4 +++-
 .../Infrastructure/NotNullAttribute.cs         |  5 ++++-
 .../Infrastructure/SecurityHelper.cs           |  4 +++-
 .../Infrastructure/SignInIdentityContext.cs    |  5 ++++-
 .../Infrastructure/SystemClock.cs              |  4 +++-
 .../AuthenticationFailedNotification.cs        |  4 +++-
 .../Notifications/BaseContext.cs               |  4 +++-
 .../Notifications/BaseContext`1.cs             |  4 +++-
 .../Notifications/EndpointContext.cs           |  4 +++-
 .../Notifications/EndpointContext`1.cs         |  4 +++-
 .../MessageReceivedNotification.cs             |  4 +++-
 ...RedirectFromIdentityProviderNotification.cs |  4 +++-
 .../RedirectToIdentityProviderNotification.cs  |  4 +++-
 .../Notifications/ReturnEndpointContext.cs     |  4 +++-
 .../SecurityTokenReceivedNotification.cs       |  4 +++-
 .../SecurityTokenValidatedNotification.cs      |  4 +++-
 .../SubjectPublicKeyInfoAlgorithm.cs           |  4 +++-
 src/Microsoft.AspNet.Security/Win32.cs         |  4 +++-
 .../DefaultAuthorizationServiceTests.cs        |  5 ++++-
 .../FakePolicy.cs                              |  3 +++
 71 files changed, 212 insertions(+), 160 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
index 3ea10afb90..6ee3c8c5b9 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 5df523161e..91109f4cef 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 03ad97927a..44d81db7f2 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 9fde9e7d8c..423ec040b8 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using Microsoft.AspNet.Builder;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index 3fa5cb5e89..60565c812f 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Diagnostics.CodeAnalysis;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
index 19efae749b..c98ae07511 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
index b3b1edcbdb..0460d00166 100644
--- a/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
@@ -1,4 +1,7 @@
-using System;
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
index 9d0aca22ca..28cdf713c9 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
index f3496bbc73..79b7e5bd99 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
index 375c851819..598f985f54 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
index 7dbd451377..b484b74365 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Notifications;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
index 3996a9585d..ea16822042 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
index 98b7da1c8b..65515c3296 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index c9c07d227b..f97a4546e3 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Threading.Tasks;
 
diff --git a/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs b/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
index 077cdbd53f..ca9c394275 100644
--- a/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
+++ b/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 /* TODO:
 using System;
 using Owin;
diff --git a/src/Microsoft.AspNet.Security/AuthenticationMode.cs b/src/Microsoft.AspNet.Security/AuthenticationMode.cs
index ba7aff904d..2b36dc9734 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationMode.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationMode.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security
 {
diff --git a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
index 719132212a..77e8fa03a4 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
index 5adb20b7ee..b9457aa91f 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
index 157b71047a..a58ae858ae 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
@@ -1,19 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc.
-// All Rights Reserved
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
-// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
-// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
-// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
-// NON-INFRINGEMENT.
-// See the Apache 2 License for the specific language governing
-// permissions and limitations under the License.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
index 4055fddbd8..b394bfcb68 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
@@ -1,19 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc.
-// All Rights Reserved
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
-// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
-// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
-// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
-// NON-INFRINGEMENT.
-// See the Apache 2 License for the specific language governing
-// permissions and limitations under the License.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
index 158314a155..b26c636e75 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
@@ -1,19 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc.
-// All Rights Reserved
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
-// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
-// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
-// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
-// NON-INFRINGEMENT.
-// See the Apache 2 License for the specific language governing
-// permissions and limitations under the License.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
index d25bb72239..d91311202b 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 #if NET45
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
index 79645c50de..a0ba223103 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 #if NET45
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
index 5661d55915..9a9dadf60c 100644
--- a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 #if NET45
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/Constants.cs b/src/Microsoft.AspNet.Security/Constants.cs
index 50d4dfe0af..1758c84800 100644
--- a/src/Microsoft.AspNet.Security/Constants.cs
+++ b/src/Microsoft.AspNet.Security/Constants.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
index 29acfcb207..9a208979d9 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
index 250ea7019c..b57fb51d9a 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
index ce61e8fb9b..6ee681475c 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.DataHandler.Encoder
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs b/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
index 45b29107d2..67b2333769 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.DataHandler.Encoder
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
index f239150bae..eae66197fc 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
index 4c41223502..42f71728c4 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
index fa045e780e..e10d17db12 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
index faf395aab5..476fe7bb7d 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http.Security;
 
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
index 8b9b77ae01..60bd25bdab 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.DataHandler.Serializer
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
index d8bfc7209b..66dcdfe3a9 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
index 70406d1d95..c6dbfc1324 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
index 8d0d0c69f3..acc731e0ba 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
diff --git a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
index 96b151e818..a043bb83b9 100644
--- a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
+++ b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
index 1292901522..578671e95b 100644
--- a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
@@ -1,19 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc.
-// All Rights Reserved
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
-// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
-// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
-// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
-// NON-INFRINGEMENT.
-// See the Apache 2 License for the specific language governing
-// permissions and limitations under the License.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
index 395549065a..0f121d558a 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
@@ -1,19 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc.
-// All Rights Reserved
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
-// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
-// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
-// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
-// NON-INFRINGEMENT.
-// See the Apache 2 License for the specific language governing
-// permissions and limitations under the License.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
 
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationService.cs b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
index cbd705c8fa..2063ae6468 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
@@ -1,19 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc.
-// All Rights Reserved
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR
-// CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
-// WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF
-// TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR
-// NON-INFRINGEMENT.
-// See the Apache 2 License for the specific language governing
-// permissions and limitations under the License.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Security/ICertificateValidator.cs b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
index 3b84fb4850..3157a5c5aa 100644
--- a/src/Microsoft.AspNet.Security/ICertificateValidator.cs
+++ b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 #if NET45
 using System;
 using System.Net.Security;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 313038e268..45dadda9e1 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
index 80944261c7..7d8fb07262 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index 726028c6d2..8077b22d63 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
index 3a96006c50..47815bbcde 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
index c8beb6f0b8..7fb4fb4984 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
index 0f6d6bce02..af077b551d 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs b/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
index 73a8f7958b..26cfa103ce 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
index 4336544d34..59c29fe82b 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
@@ -1,4 +1,7 @@
-using Microsoft.AspNet.Http;
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.HttpFeature.Security;
 using Microsoft.AspNet.PipelineCore.Security;
 
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
index 7bda97d3ac..2edcb42b22 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Threading.Tasks;
 
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs b/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
index cca20fbcb1..4f799dc98b 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs b/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
index 131cec58eb..24f5509452 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
@@ -1,4 +1,7 @@
-using System;
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
 
 namespace Microsoft.AspNet.Security
 {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
index 436101fa9b..7a8456d5e1 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
index 52c2ddff1b..309e04892a 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
@@ -1,4 +1,7 @@
-using System.Security.Claims;
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
 using Microsoft.AspNet.Http.Security;
 
 namespace Microsoft.AspNet.Security.Infrastructure
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs b/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs
index 2dcbca0fe9..0c800d3fd5 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
index 77c193bb47..9e50ecf4f7 100644
--- a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs b/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
index 2ad464e37f..3ae13a76dc 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http;
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs b/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
index 5073cd183e..e0ad306265 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http;
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs b/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
index 214a724a42..fd8251e139 100644
--- a/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http;
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs b/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
index 80b5c2c554..7b0b415e85 100644
--- a/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http;
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
index af81a2dbff..e270289179 100644
--- a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
index a8a1dcfd57..d0bd97a76b 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
index 91dfb87938..467731fa0c 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
index ff88098f57..6d15d02fa2 100644
--- a/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
index 2ac5c33684..f8aa2adef0 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
index 963266e935..400b8b5814 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security.Notifications
 {
diff --git a/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs b/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
index 2987f68745..aefe5ef766 100644
--- a/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
+++ b/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 namespace Microsoft.AspNet.Security
 {
diff --git a/src/Microsoft.AspNet.Security/Win32.cs b/src/Microsoft.AspNet.Security/Win32.cs
index fe26feb7bc..fe817e92d5 100644
--- a/src/Microsoft.AspNet.Security/Win32.cs
+++ b/src/Microsoft.AspNet.Security/Win32.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using System;
 using System.ComponentModel;
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index 7d439897b4..7fbacd02a3 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -1,4 +1,7 @@
-using System;
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
diff --git a/test/Microsoft.AspNet.Security.Test/FakePolicy.cs b/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
index 3e365cde2b..be9139b89d 100644
--- a/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
+++ b/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
@@ -1,3 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Security;

From e2d359843840837533ee35426cdf907ffd1cb7ee Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 8 May 2014 15:05:38 -0700
Subject: [PATCH 028/900] Create cookie auth middleware with DI.

---
 .../CookieAuthenticationExtensions.cs                      | 7 ++-----
 src/Microsoft.AspNet.Security.Cookies/project.json         | 3 ++-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 91109f4cef..ad683ac21f 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -18,15 +18,12 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Adds a cookie-based authentication middleware to your web application pipeline.
         /// </summary>
-        /// <param name="app">The IAppBuilder passed to your configuration method</param>
+        /// <param name="app">The IBuilder passed to your configuration method</param>
         /// <param name="options">An options class that controls the middleware behavior</param>
         /// <returns>The original app parameter</returns>
         public static IBuilder UseCookieAuthentication([NotNull] this IBuilder app, [NotNull] CookieAuthenticationOptions options)
         {
-            // TODO: Use UseMiddleware to inject dependencies once it can discover Invoke from a base class.
-            var dataProtectionProvider = app.ApplicationServices.GetService<IDataProtectionProvider>();
-            var loggerFactory = app.ApplicationServices.GetService<ILoggerFactory>();
-            return app.Use(next => new CookieAuthenticationMiddleware(next, dataProtectionProvider, loggerFactory, options).Invoke);
+            return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index f16f0f5d02..01d75ff080 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -5,7 +5,8 @@
     "Microsoft.AspNet.Http": "0.1-alpha-*",
     "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
     "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.Security": "0.1-alpha-*",
+    "Microsoft.AspNet.RequestContainer": "0.1-alpha-*",
+    "Microsoft.AspNet.Security": "",
     "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*",
     "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
     "Microsoft.Framework.Logging": "0.1-alpha-*",

From cf7ffe1a75a29f77f578c7f789a5053155693a3f Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 9 May 2014 11:19:54 -0700
Subject: [PATCH 029/900] Fix sample.

---
 samples/CookieSample/Startup.cs   | 10 ++--------
 samples/CookieSample/project.json |  2 +-
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index cd8bf76211..d648a15235 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,18 +1,12 @@
-using System;
 using System.Security.Claims;
-using Microsoft.AspNet;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.RequestContainer;
 using Microsoft.AspNet.Builder;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.DependencyInjection.Fallback;
+using Microsoft.AspNet.Security.Cookies;
 
 namespace CookieSample
 {
     public class Startup
     {
-        public void Configuration(IBuilder app)
+        public void Configure(IBuilder app)
         {
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
             {
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 5b4245f7c6..c3378914be 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -12,7 +12,7 @@
     "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*",
     "Microsoft.Framework.DependencyInjection": "0.1-alpha-*"
   },
-  "commands": { "web": "Microsoft.AspNet.Hosting server.name=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
+  "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
   "configurations": {
     "net45": {
     },

From d9502923f892a8f80ff71ed586070f406e75ff10 Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebastien.ros@microsoft.com>
Date: Mon, 5 May 2014 15:38:49 -0700
Subject: [PATCH 030/900] Moving interface members to extension methods

---
 .../AuthorizationServiceExtensions.cs         | 30 ++++++++++++++++---
 .../DefaultAuthorizationService.cs            | 10 -------
 .../IAuthorizationService.cs                  | 16 ----------
 .../DefaultAuthorizationServiceTests.cs       |  8 ++---
 4 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
index b26c636e75..17ec58196d 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Security
         /// <param name="claim">The claim to check against a specific user.</param>
         /// <param name="user">The user to check claims against.</param>
         /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
+        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
         {
             return service.AuthorizeAsync(new Claim[] { claim }, user);
         }
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Security
         /// <param name="claim">The claim to check against a specific user.</param>
         /// <param name="user">The user to check claims against.</param>
         /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static bool Authorize(this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
+        public static bool Authorize([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
         {
             return service.Authorize(new Claim[] { claim }, user);
         }
@@ -40,7 +40,7 @@ namespace Microsoft.AspNet.Security
         /// <param name="user">The user to check claims against.</param>
         /// <param name="resource">The resource the claims should be check with.</param>
         /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
+        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
         {
             return service.AuthorizeAsync(new Claim[] { claim }, user, resource);
         }
@@ -52,9 +52,31 @@ namespace Microsoft.AspNet.Security
         /// <param name="user">The user to check claims against.</param>
         /// <param name="resource">The resource the claims should be check with.</param>
         /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static bool Authorize(this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
+        public static bool Authorize([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
         {
             return service.Authorize(new Claim[] { claim }, user, resource);
         }
+
+        /// <summary>
+        /// Checks if a user has specific claims.
+        /// </summary>
+        /// <param name="claims">The claims to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, IEnumerable<Claim> claims, ClaimsPrincipal user)
+        {
+            return service.AuthorizeAsync(claims, user, null);
+        }
+
+        /// <summary>
+        /// Checks if a user has specific claims.
+        /// </summary>
+        /// <param name="claims">The claims to check against a specific user.</param>
+        /// <param name="user">The user to check claims against.</param>
+        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
+        public static  bool Authorize([NotNull] this IAuthorizationService service, IEnumerable<Claim> claims, ClaimsPrincipal user)
+        {
+            return service.Authorize(claims, user, null);
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
index 578671e95b..aaa1dbc103 100644
--- a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
@@ -26,16 +26,6 @@ namespace Microsoft.AspNet.Security
             }
         }
 
-        public async Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user)
-        {
-            return await AuthorizeAsync(claims, user, null);
-        }
-
-        public bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user)
-        {
-            return  AuthorizeAsync(claims, user, null).Result;
-        }
-
         public async Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource)
         {
             var context = new AuthorizationPolicyContext(claims, user, resource);
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationService.cs b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
index 2063ae6468..9fcef75a2f 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
@@ -12,22 +12,6 @@ namespace Microsoft.AspNet.Security
     /// </summary>
     public interface IAuthorizationService
     {
-        /// <summary>
-        /// Checks if a user has specific claims.
-        /// </summary>
-        /// <param name="claims">The claims to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user);
-
-        /// <summary>
-        /// Checks if a user has specific claims.
-        /// </summary>
-        /// <param name="claims">The claims to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user);
-
         /// <summary>
         /// Checks if a user has specific claims for a specific context obj.
         /// </summary>
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index 7fbacd02a3..fd3a668a25 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -165,7 +165,7 @@ namespace Microsoft.AspNet.Security.Test
             var authorizationService = new DefaultAuthorizationService(policies);
             
             // Act
-            var allowed = authorizationService.Authorize(null, null);
+            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
 
             // Assert
             Assert.Equal("-12030", result);
@@ -200,7 +200,7 @@ namespace Microsoft.AspNet.Security.Test
             var authorizationService = new DefaultAuthorizationService(policies);
             
             // Act
-            var allowed = authorizationService.Authorize(null, null);
+            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
 
             // Assert
             Assert.Equal("Applying-1Applying20Applying30Apply-1Apply20Apply30Applied-1Applied20Applied30", result);
@@ -221,7 +221,7 @@ namespace Microsoft.AspNet.Security.Test
             var authorizationService = new DefaultAuthorizationService(policies);
             
             // Act
-            var allowed = authorizationService.Authorize(null, null);
+            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
 
             // Assert
             Assert.NotNull(claims);
@@ -242,7 +242,7 @@ namespace Microsoft.AspNet.Security.Test
 
             // Act
             // Assert
-            Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(null, null));
+            Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null));
         }
  
         [Fact]

From de9769baa5fa9e2d09d5cc490da65c0630c5ca16 Mon Sep 17 00:00:00 2001
From: Glenn <glennc@microsoft.com>
Date: Mon, 12 May 2014 17:52:35 -0700
Subject: [PATCH 031/900] Create README.md

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000000..ab7b29e979
--- /dev/null
+++ b/README.md
@@ -0,0 +1,6 @@
+ASP.NET Security
+========
+
+ASP.NET Security contains the security and authorization middlewares for ASP.NET vNext.
+
+This project is part of ASP.NET vNext. You can find samples, documentation and getting started instructions for ASP.NET vNext at the [Home](https://github.com/aspnet/home) repo.

From 823eead066fbec468608386b14038ac1b369b44a Mon Sep 17 00:00:00 2001
From: Eilon Lipton <elipton@microsoft.com>
Date: Tue, 13 May 2014 01:02:53 -0700
Subject: [PATCH 032/900] Create CONTRIBUTING.md

---
 CONTRIBUTING.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 CONTRIBUTING.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000000..eac4268e4c
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,4 @@
+Contributing
+======
+
+Information on contributing to this repo is in the [Contributing Guide](https://github.com/aspnet/Home/blob/master/CONTRIBUTING.md) in the Home repo.

From 75759dae9c7da2e4f32942633f58fa91171a244e Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Sun, 18 May 2014 20:13:57 -0700
Subject: [PATCH 033/900] Updating kproj file to match tooling changes

---
 .gitignore                                                  | 3 ++-
 samples/CookieSample/CookieSample.kproj                     | 6 +++---
 .../Microsoft.AspNet.Security.Cookies.kproj                 | 6 +++---
 .../Microsoft.AspNet.Security.kproj                         | 6 +++---
 .../Microsoft.AspNet.Security.kproj                         | 6 +++---
 5 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/.gitignore b/.gitignore
index aba9c594d7..08e21e25bf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,4 +22,5 @@ nuget.exe
 *DS_Store
 *.ncrunchsolution
 *.*sdf
-*.ipch
\ No newline at end of file
+*.ipch
+*.sln.ide
\ No newline at end of file
diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
index 7d88de92e6..e72eaf6490 100644
--- a/samples/CookieSample/CookieSample.kproj
+++ b/samples/CookieSample/CookieSample.kproj
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>558c2c2a-aed8-49de-bb60-d5f8ae06c714</ProjectGuid>
     <OutputType>Library</OutputType>
@@ -22,5 +22,5 @@
   <ItemGroup>
     <Compile Include="Startup.cs" />
   </ItemGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
index b5ae96ed09..5319a794ed 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
+++ b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>15f1211b-b695-4a1c-b730-1ac58fc91090</ProjectGuid>
     <OutputType>Library</OutputType>
@@ -35,5 +35,5 @@
     <Compile Include="Notifications\ICookieAuthenticationNotifications.cs" />
     <Compile Include="NotNullAttribute.cs" />
   </ItemGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index fa845e638d..5b1563b504 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>0f174c63-1898-4024-9a3c-3fdf5cae5c68</ProjectGuid>
     <OutputType>Library</OutputType>
@@ -78,5 +78,5 @@
     <Compile Include="SubjectPublicKeyInfoAlgorithm.cs" />
     <Compile Include="Win32.cs" />
   </ItemGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
index 3a317e7f39..8e155aa9a7 100644
--- a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8da26cd1-1302-4cfd-9270-9fa1b7c6138b</ProjectGuid>
     <OutputType>Library</OutputType>
@@ -23,5 +23,5 @@
     <Compile Include="DefaultAuthorizationServiceTests.cs" />
     <Compile Include="FakePolicy.cs" />
   </ItemGroup>
-  <Import Project="$(VSToolsPath)\ProjectK\Microsoft.Web.ProjectK.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file

From ba6488fb6a8095c18284f680c6f3ac43f4293eff Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Mon, 26 May 2014 02:52:29 -0700
Subject: [PATCH 034/900] Fixed project.json casing

---
 samples/CookieSample/CookieSample.kproj                     | 6 +++---
 .../Microsoft.AspNet.Security.Cookies.kproj                 | 6 +++---
 .../Microsoft.AspNet.Security.kproj                         | 6 +++---
 .../Microsoft.AspNet.Security.kproj                         | 6 +++---
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
index e72eaf6490..efb2d4d770 100644
--- a/samples/CookieSample/CookieSample.kproj
+++ b/samples/CookieSample/CookieSample.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
@@ -17,10 +17,10 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <ItemGroup>
-    <Content Include="Project.json" />
+    <Content Include="project.json" />
   </ItemGroup>
   <ItemGroup>
     <Compile Include="Startup.cs" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
index 5319a794ed..1b82715c3e 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
+++ b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
@@ -17,7 +17,7 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <ItemGroup>
-    <Content Include="Project.json" />
+    <Content Include="project.json" />
   </ItemGroup>
   <ItemGroup>
     <Compile Include="CookieAuthenticationDefaults.cs" />
@@ -36,4 +36,4 @@
     <Compile Include="NotNullAttribute.cs" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index 5b1563b504..c774d797ed 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
@@ -17,7 +17,7 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <ItemGroup>
-    <Content Include="Project.json" />
+    <Content Include="project.json" />
     <Content Include="Resources.resx" />
   </ItemGroup>
   <ItemGroup>
@@ -79,4 +79,4 @@
     <Compile Include="Win32.cs" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
index 8e155aa9a7..62a9b7453a 100644
--- a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
@@ -17,11 +17,11 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <ItemGroup>
-    <Content Include="Project.json" />
+    <Content Include="project.json" />
   </ItemGroup>
   <ItemGroup>
     <Compile Include="DefaultAuthorizationServiceTests.cs" />
     <Compile Include="FakePolicy.cs" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>

From 8d43a4fac2f22532b0b62230c729e4208e4010e8 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 3 Jun 2014 10:16:50 -0700
Subject: [PATCH 035/900] Adding switch to build.cmd to skip KRE install

---
 build.cmd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/build.cmd b/build.cmd
index 903d532df3..3aaf957583 100644
--- a/build.cmd
+++ b/build.cmd
@@ -18,6 +18,8 @@ copy %CACHED_NUGET% .nuget\nuget.exe > nul
 IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
+
+IF "%SKIP_KRE_INSTALL%"=="1" goto run
 CALL packages\KoreBuild\build\kvm upgrade -svr50 -x86
 CALL packages\KoreBuild\build\kvm install default -svrc50 -x86
 

From e740d0799ff75ddc9e0f4d4f188452f4db6ae031 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 10 Jun 2014 17:24:24 -0700
Subject: [PATCH 036/900] Updating build.sh based on KRuntime changes

---
 build.sh | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/build.sh b/build.sh
index db1e0c3dde..4323aefc48 100644
--- a/build.sh
+++ b/build.sh
@@ -3,10 +3,10 @@
 if test `uname` = Darwin; then
     cachedir=~/Library/Caches/KBuild
 else
-    if x$XDG_DATA_HOME = x; then
-	cachedir=$HOME/.local/share
+    if [ -z $XDG_DATA_HOME ]; then
+        cachedir=$HOME/.local/share
     else
-	cachedir=$XDG_DATA_HOME;
+        cachedir=$XDG_DATA_HOME;
     fi
 fi
 mkdir -p $cachedir
@@ -14,12 +14,12 @@ mkdir -p $cachedir
 url=https://www.nuget.org/nuget.exe
 
 if test ! -f $cachedir/nuget.exe; then
-    wget -o $cachedir/nuget.exe $url 2>/dev/null || curl -o $cachedir/nuget.exe --location $url /dev/null
+    wget -O $cachedir/nuget.exe $url 2>/dev/null || curl -o $cachedir/nuget.exe --location $url /dev/null
 fi
 
 if test ! -e .nuget; then
     mkdir .nuget
-    cp $cachedir/nuget.exe .nuget
+    cp $cachedir/nuget.exe .nuget/nuget.exe
 fi
 
 if test ! -d packages/KoreBuild; then
@@ -27,4 +27,12 @@ if test ! -d packages/KoreBuild; then
     mono .nuget/nuget.exe install Sake -version 0.2 -o packages -ExcludeVersion
 fi
 
-mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"
\ No newline at end of file
+if ! type k > /dev/null 2>&1; then
+    source setup/kvm.sh
+fi
+
+if ! type k > /dev/null 2>&1; then
+    kvm upgrade
+fi
+
+mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"

From 8841f642fb2e435c3f406d3f0eb1447ca4928c2f Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Wed, 18 Jun 2014 16:42:27 -0700
Subject: [PATCH 037/900] Change the default author in makefile.shade

---
 makefile.shade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefile.shade b/makefile.shade
index 6357ea2841..562494d144 100644
--- a/makefile.shade
+++ b/makefile.shade
@@ -1,7 +1,7 @@
 
 var VERSION='0.1'
 var FULL_VERSION='0.1'
-var AUTHORS='Microsoft'
+var AUTHORS='Microsoft Open Technologies, Inc.'
 
 use-standard-lifecycle
 k-standard-goals

From faf98f8bb0dd304aa25e59e5eb08682acd8a92ce Mon Sep 17 00:00:00 2001
From: Brice Lambson <bricelam@microsoft.com>
Date: Thu, 19 Jun 2014 11:36:56 -0700
Subject: [PATCH 038/900] Bump version to 1.0.0-*

---
 samples/CookieSample/project.json             | 17 ++++++++--------
 .../project.json                              | 20 +++++++++----------
 src/Microsoft.AspNet.Security/project.json    | 18 ++++++++---------
 .../project.json                              |  9 ++-------
 4 files changed, 29 insertions(+), 35 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index c3378914be..bf8d85053d 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,16 +1,15 @@
 {
-  "version": "0.1-alpha-*",
   "dependencies": {
-    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
-    "Microsoft.AspNet.Hosting": "0.1-alpha-*",
-    "Microsoft.AspNet.Http": "0.1-alpha-*",
-    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
-    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.RequestContainer": "0.1-alpha-*",
+    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
+    "Microsoft.AspNet.Hosting": "1.0.0-*",
+    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
+    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
+    "Microsoft.AspNet.RequestContainer": "1.0.0-*",
     "Microsoft.AspNet.Security": "",
     "Microsoft.AspNet.Security.Cookies": "",
-    "Microsoft.AspNet.Server.WebListener": "0.1-alpha-*",
-    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*"
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Framework.DependencyInjection": "1.0.0-*"
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
   "configurations": {
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 01d75ff080..ebf68d5646 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,15 +1,15 @@
 {
-  "version": "0.1-alpha-*",
+  "version": "1.0.0-*",
   "dependencies": {
-    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
-    "Microsoft.AspNet.Http": "0.1-alpha-*",
-    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
-    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.RequestContainer": "0.1-alpha-*",
+    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
+    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
+    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
+    "Microsoft.AspNet.RequestContainer": "1.0.0-*",
     "Microsoft.AspNet.Security": "",
-    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*",
-    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
-    "Microsoft.Framework.Logging": "0.1-alpha-*",
+    "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+    "Microsoft.Framework.Logging": "1.0.0-*",
     "Newtonsoft.Json": "5.0.8"
   },
   "configurations": {
@@ -30,7 +30,7 @@
         "System.Runtime": "4.0.20.0",
         "System.Runtime.Extensions": "4.0.10.0",
         "System.Runtime.InteropServices": "4.0.20.0",
-        "System.Security.Claims": "0.1-alpha-*",
+        "System.Security.Claims": "1.0.0-*",
         "System.Security.Principal" : "4.0.0.0",
         "System.Threading": "4.0.0.0",
         "System.Threading.Tasks": "4.0.10.0"
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index b790dc9422..ee4318a1d6 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,13 +1,13 @@
 {
-  "version": "0.1-alpha-*",
+  "version": "1.0.0-*",
   "dependencies": {
-    "Microsoft.AspNet.FeatureModel": "0.1-alpha-*",
-    "Microsoft.AspNet.Http": "0.1-alpha-*",
-    "Microsoft.AspNet.HttpFeature": "0.1-alpha-*",
-    "Microsoft.AspNet.PipelineCore": "0.1-alpha-*",
-    "Microsoft.AspNet.Security.DataProtection": "0.1-alpha-*",
-    "Microsoft.Framework.DependencyInjection": "0.1-alpha-*",
-    "Microsoft.Framework.Logging": "0.1-alpha-*"
+    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
+    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
+    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
+    "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+    "Microsoft.Framework.Logging": "1.0.0-*"
   },
   "configurations": {
     "net45": {},
@@ -27,7 +27,7 @@
         "System.Runtime": "4.0.20.0",
         "System.Runtime.Extensions": "4.0.10.0",
         "System.Runtime.InteropServices": "4.0.20.0",
-        "System.Security.Claims": "0.1-alpha-*",
+        "System.Security.Claims": "1.0.0-*",
         "System.Security.Cryptography.RandomNumberGenerator" : "4.0.0.0",
         "System.Security.Principal" : "4.0.0.0",
         "System.Threading": "4.0.0.0",
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index a7587932d1..0341eef070 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -1,16 +1,11 @@
 {
-  "version" : "0.1-alpha-*",
   "compilationOptions": {
     "warningsAsErrors": true
   },
   "dependencies": {
-    "Microsoft.AspNet.Security" : "0.1-alpha-*",
+    "Microsoft.AspNet.Security" : "",
     "Moq": "4.2.1312.1622",
-    "xunit.abstractions": "2.0.0-aspnet-*",
-    "xunit.assert": "2.0.0-aspnet-*",
-    "xunit.core": "2.0.0-aspnet-*",
-    "xunit.execution": "2.0.0-aspnet-*",
-    "Xunit.KRunner": "0.1-alpha-*"
+    "Xunit.KRunner": "1.0.0-*"
   },
   "commands": {
     "test": "Xunit.KRunner"

From 4ca0a78bbd54fac1a027ae2adbb793ef262a1f30 Mon Sep 17 00:00:00 2001
From: Brice Lambson <bricelam@microsoft.com>
Date: Fri, 20 Jun 2014 14:33:41 -0700
Subject: [PATCH 039/900] Updating release Nuget.config

---
 NuGet.Config | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index a059188b09..1ce6b9e257 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,13 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
-  <packageSourceCredentials>
-    <AspNetVNext>
-      <add key="Username" value="aspnetreadonly" />
-      <add key="ClearTextPassword" value="4d8a2d9c-7b80-4162-9978-47e918c9658c" />
-    </AspNetVNext>
-  </packageSourceCredentials>
-</configuration>
\ No newline at end of file
+</configuration>

From 779de7ae36671dfe6f2870d4c9f682c1c17bd5aa Mon Sep 17 00:00:00 2001
From: Brice Lambson <bricelam@microsoft.com>
Date: Fri, 20 Jun 2014 14:33:42 -0700
Subject: [PATCH 040/900] Updating dev Nuget.config

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 1ce6b9e257..f41e9c631d 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From 81c06fa558926118e966e6b89092ecb64e45a2a4 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 30 Jun 2014 14:12:55 -0700
Subject: [PATCH 041/900] Make middleware report when auth fails.

---
 .../Infrastructure/AuthenticationHandler.cs                   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 45dadda9e1..6c8da45c65 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -141,6 +141,10 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 {
                     context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
                 }
+                else
+                {
+                    context.NotAuthenticated(BaseOptions.AuthenticationType, properties: null, description: BaseOptions.Description.Dictionary);
+                }
             }
 
             if (PriorHandler != null)

From 287eebe2442d25ee4ba1d9d55f66363507df8bfd Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 3 Jul 2014 10:12:15 -0700
Subject: [PATCH 042/900] Handle change from IList to IEnumerable.

---
 .../Infrastructure/SecurityHelper.cs                        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
index 7a8456d5e1..876d5342f7 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
             context.User = newClaimsPrincipal;
         }
 
-        public static bool LookupChallenge(IList<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
+        public static bool LookupChallenge(IEnumerable<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
         {
             bool challengeHasAuthenticationTypes = authenticationTypes != null && authenticationTypes.Any();
             if (!challengeHasAuthenticationTypes)
@@ -52,7 +52,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// Find response sign-in details for a specific authentication middleware
         /// </summary>
         /// <param name="authenticationType">The authentication type to look for</param>
-        public static bool LookupSignIn(IList<ClaimsIdentity> identities, string authenticationType, out ClaimsIdentity identity)
+        public static bool LookupSignIn(IEnumerable<ClaimsIdentity> identities, string authenticationType, out ClaimsIdentity identity)
         {
             identity = null;
             foreach (var claimsIdentity in identities)
@@ -71,7 +71,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// </summary>
         /// <param name="authenticationType">The authentication type to look for</param>
         /// <param name="authenticationMode">The authentication mode the middleware is running under</param>
-        public static bool LookupSignOut(IList<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
+        public static bool LookupSignOut(IEnumerable<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
         {
             bool singOutHasAuthenticationTypes = authenticationTypes != null && authenticationTypes.Any();
             if (!singOutHasAuthenticationTypes)

From ea98a50e43759da81c61af1d9a461cb8484a93f3 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Sun, 13 Jul 2014 22:01:33 -0700
Subject: [PATCH 043/900] Renamed configurations to frameworks in project.json

---
 samples/CookieSample/project.json                  | 6 +++---
 src/Microsoft.AspNet.Security.Cookies/project.json | 6 +++---
 src/Microsoft.AspNet.Security/project.json         | 6 +++---
 test/Microsoft.AspNet.Security.Test/project.json   | 4 ++--
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index bf8d85053d..ca0d99be0f 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,4 +1,4 @@
-{
+{
   "dependencies": {
     "Microsoft.AspNet.FeatureModel": "1.0.0-*",
     "Microsoft.AspNet.Hosting": "1.0.0-*",
@@ -12,7 +12,7 @@
     "Microsoft.Framework.DependencyInjection": "1.0.0-*"
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
-  "configurations": {
+  "frameworks": {
     "net45": {
     },
     "k10": {
@@ -33,4 +33,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index ebf68d5646..00ff14a94c 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,4 +1,4 @@
-{
+{
   "version": "1.0.0-*",
   "dependencies": {
     "Microsoft.AspNet.FeatureModel": "1.0.0-*",
@@ -12,7 +12,7 @@
     "Microsoft.Framework.Logging": "1.0.0-*",
     "Newtonsoft.Json": "5.0.8"
   },
-  "configurations": {
+  "frameworks": {
     "net45": {},
     "k10": {
       "dependencies": {
@@ -37,4 +37,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index ee4318a1d6..6bbc65fc8a 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,4 +1,4 @@
-{
+{
   "version": "1.0.0-*",
   "dependencies": {
     "Microsoft.AspNet.FeatureModel": "1.0.0-*",
@@ -9,7 +9,7 @@
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",
     "Microsoft.Framework.Logging": "1.0.0-*"
   },
-  "configurations": {
+  "frameworks": {
     "net45": {},
     "k10": {
       "dependencies": {
@@ -35,4 +35,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 0341eef070..68837d5bea 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -1,4 +1,4 @@
-{
+{
   "compilationOptions": {
     "warningsAsErrors": true
   },
@@ -10,7 +10,7 @@
   "commands": {
     "test": "Xunit.KRunner"
   },
-  "configurations": {
+  "frameworks": {
     "net45": { 
       "dependencies": {
           "System.Runtime": ""

From 8307e9b1f3a2d7cdf148967a7485e9dc5f1ec2b3 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 14 Jul 2014 16:48:04 -0700
Subject: [PATCH 044/900] Reacting to System.Collections versioning change

---
 samples/CookieSample/project.json                  | 4 ++--
 src/Microsoft.AspNet.Security.Cookies/project.json | 4 ++--
 src/Microsoft.AspNet.Security/project.json         | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index ca0d99be0f..e51b35e481 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,4 +1,4 @@
-{
+{
   "dependencies": {
     "Microsoft.AspNet.FeatureModel": "1.0.0-*",
     "Microsoft.AspNet.Hosting": "1.0.0-*",
@@ -17,7 +17,7 @@
     },
     "k10": {
       "dependencies": {
-        "System.Collections": "4.0.0.0",
+        "System.Collections": "4.0.10.0",
         "System.Console": "4.0.0.0",
         "System.Diagnostics.Debug": "4.0.10.0",
         "System.Diagnostics.Tools": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 00ff14a94c..01a7751fb5 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,4 +1,4 @@
-{
+{
   "version": "1.0.0-*",
   "dependencies": {
     "Microsoft.AspNet.FeatureModel": "1.0.0-*",
@@ -16,7 +16,7 @@
     "net45": {},
     "k10": {
       "dependencies": {
-        "System.Collections": "4.0.0.0",
+        "System.Collections": "4.0.10.0",
         "System.ComponentModel": "4.0.0.0",
         "System.Console": "4.0.0.0",
         "System.Diagnostics.Debug": "4.0.10.0",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 6bbc65fc8a..4eae846bfc 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,4 +1,4 @@
-{
+{
   "version": "1.0.0-*",
   "dependencies": {
     "Microsoft.AspNet.FeatureModel": "1.0.0-*",
@@ -13,7 +13,7 @@
     "net45": {},
     "k10": {
       "dependencies": {
-        "System.Collections": "4.0.0.0",
+        "System.Collections": "4.0.10.0",
         "System.ComponentModel": "4.0.0.0",
         "System.Console": "4.0.0.0",
         "System.Diagnostics.Debug": "4.0.10.0",

From 8b46d43dcba91b385a7e0393d858d114ee1e9622 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 16 Jul 2014 14:44:42 -0700
Subject: [PATCH 045/900] Make middleware report when auth fails (async).

---
 .../Infrastructure/AuthenticationHandler.cs   | 38 ++++++++++---------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 6c8da45c65..3526d1e5b9 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -153,6 +153,27 @@ namespace Microsoft.AspNet.Security.Infrastructure
             }
         }
 
+        public virtual async Task AuthenticateAsync(IAuthenticateContext context)
+        {
+            if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
+            {
+                AuthenticationTicket ticket = await AuthenticateAsync();
+                if (ticket != null && ticket.Identity != null)
+                {
+                    context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
+                }
+                else
+                {
+                    context.NotAuthenticated(BaseOptions.AuthenticationType, properties: null, description: BaseOptions.Description.Dictionary);
+                }
+            }
+
+            if (PriorHandler != null)
+            {
+                await PriorHandler.AuthenticateAsync(context);
+            }
+        }
+
         public AuthenticationTicket Authenticate()
         {
             return LazyInitializer.EnsureInitialized(
@@ -167,23 +188,6 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         protected abstract AuthenticationTicket AuthenticateCore();
 
-        public virtual async Task AuthenticateAsync(IAuthenticateContext context)
-        {
-            if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
-            {
-                AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket != null && ticket.Identity != null)
-                {
-                    context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
-                }
-            }
-
-            if (PriorHandler != null)
-            {
-                await PriorHandler.AuthenticateAsync(context);
-            }
-        }
-
         /// <summary>
         /// Causes the authentication logic in AuthenticateCore to be performed for the current request 
         /// at most once and returns the results. Calling Authenticate more than once will always return 

From fadf6ae5e2bc4d19eff47d1a4e92412f116301eb Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 16 Jul 2014 14:44:57 -0700
Subject: [PATCH 046/900] Add missing sample namespace.

---
 samples/CookieSample/Startup.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index d648a15235..2a01fc0b26 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,5 +1,6 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
 
 namespace CookieSample

From e09448a3831baf99da53dd87f3e1128579daaab7 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 16 Jul 2014 14:45:13 -0700
Subject: [PATCH 047/900] Update solution.

---
 Security.sln | 84 ++++++++++++++++++++++++++--------------------------
 1 file changed, 42 insertions(+), 42 deletions(-)

diff --git a/Security.sln b/Security.sln
index 752ce9ab0c..39d830ee21 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 2013
-VisualStudioVersion = 12.0.30411.0
+# Visual Studio 14
+VisualStudioVersion = 14.0.21813.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -27,46 +27,46 @@ Global
 		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Any CPU.ActiveCfg = Debug|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.Build.0 = Debug|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|x86.ActiveCfg = Debug|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|x86.Build.0 = Debug|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Any CPU.ActiveCfg = Release|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.ActiveCfg = Release|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.Build.0 = Release|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|x86.ActiveCfg = Release|x86
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|x86.Build.0 = Release|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Any CPU.ActiveCfg = Debug|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.Build.0 = Debug|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|x86.ActiveCfg = Debug|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|x86.Build.0 = Debug|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Any CPU.ActiveCfg = Release|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.ActiveCfg = Release|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.Build.0 = Release|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|x86.ActiveCfg = Release|x86
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|x86.Build.0 = Release|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.ActiveCfg = Debug|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.Build.0 = Debug|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x86.ActiveCfg = Debug|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x86.Build.0 = Debug|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.ActiveCfg = Release|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.ActiveCfg = Release|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.Build.0 = Release|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.ActiveCfg = Release|x86
-		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.Build.0 = Release|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.ActiveCfg = Debug|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.Build.0 = Debug|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.ActiveCfg = Debug|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.Build.0 = Debug|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.ActiveCfg = Release|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|x86
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.Build.0 = Release|x86
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|x86.ActiveCfg = Release|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Any CPU.Build.0 = Release|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|x86.ActiveCfg = Release|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.Build.0 = Release|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.ActiveCfg = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

From 8b0500dacfb81470eb97c7432cdb722b52ace757 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 17 Jul 2014 09:19:22 -0700
Subject: [PATCH 048/900] Replace RNGCryptoServiceProvider with
 RandomNumberGenerator

---
 .../Infrastructure/AuthenticationHandler.cs                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 3526d1e5b9..57c1931f9c 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -23,7 +23,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
     /// </summary>
     public abstract class AuthenticationHandler : IAuthenticationHandler
     {
-        private static readonly RNGCryptoServiceProvider CryptoRandom = new RNGCryptoServiceProvider();
+        private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
         private Task<AuthenticationTicket> _authenticate;
         private bool _authenticateInitialized;

From c733aa880478ba45029a4686b62d174bade3ab23 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 25 Jul 2014 15:43:38 -0700
Subject: [PATCH 049/900] #28 - Use a GZipStream constructor that's supported
 on Mono.

---
 .../DataHandler/Serializer/TicketSerializer.cs      | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
index c6dbfc1324..7bfa9a1e6e 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
@@ -13,6 +13,7 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
 {
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
+        private static readonly bool IsMono = Type.GetType("Mono.Runtime") != null;
         private const int FormatVersion = 2;
 
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
@@ -20,7 +21,17 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
         {
             using (var memory = new MemoryStream())
             {
-                using (var compression = new GZipStream(memory, CompressionLevel.Optimal))
+                GZipStream compression;
+                if (IsMono)
+                {
+                    // The other constructor is not currently supported on Mono.
+                    compression = new GZipStream(memory, CompressionMode.Compress);
+                }
+                else
+                {
+                    compression = new GZipStream(memory, CompressionLevel.Optimal);
+                }
+                using (compression)
                 {
                     using (var writer = new BinaryWriter(compression))
                     {

From 382573a6dc5e44692b6038299b7d97702ca39e2a Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 5 Aug 2014 15:50:34 -0700
Subject: [PATCH 050/900] Updating release Nuget.config

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index f41e9c631d..1ce6b9e257 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From d5ce9fe736f7e5b9f54b40a7b8271409133b561d Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 6 Aug 2014 12:30:49 -0700
Subject: [PATCH 051/900] Updating dev Nuget.config

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 1ce6b9e257..f41e9c631d 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From 05804c78dbdf70da1f201ca7008a93f4720148c2 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 6 Aug 2014 15:28:09 -0700
Subject: [PATCH 052/900] Port more security tests from Katana.

---
 Security.sln                                  |  10 +-
 .../CookieAuthenticationHandler.cs            |  55 +-
 ...icateSubjectKeyIdentifierValidatorTests.cs | 123 +++++
 ...icateSubjectPublicKeyInfoValidatorTests.cs | 173 +++++++
 .../CertificateThumbprintValidatorTests.cs    | 121 +++++
 .../Cookies/CookieMiddlewareTests.cs          | 479 ++++++++++++++++++
 .../Encoder/Base64UrlTextEncoderTests.cs      |  32 ++
 ... => Microsoft.AspNet.Security.Tests.kproj} |  11 +-
 .../SecurityHelperTests.cs                    | 103 ++++
 .../TestClock.cs                              |  23 +
 .../katanatest.redmond.corp.microsoft.com.cer | Bin 0 -> 1462 bytes
 .../project.json                              |   8 +-
 .../selfSigned.cer                            | Bin 0 -> 762 bytes
 13 files changed, 1117 insertions(+), 21 deletions(-)
 create mode 100644 test/Microsoft.AspNet.Security.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/CertificateThumbprintValidatorTests.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
 rename test/Microsoft.AspNet.Security.Test/{Microsoft.AspNet.Security.kproj => Microsoft.AspNet.Security.Tests.kproj} (70%)
 create mode 100644 test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/TestClock.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/katanatest.redmond.corp.microsoft.com.cer
 create mode 100644 test/Microsoft.AspNet.Security.Test/selfSigned.cer

diff --git a/Security.sln b/Security.sln
index 39d830ee21..268ecf4a6c 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.21813.0
+VisualStudioVersion = 14.0.21916.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -15,7 +15,13 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSample", "samples\Coo
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{7BF11F3A-60B6-4796-B504-579C67FFBA34}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security", "test\Microsoft.AspNet.Security.Test\Microsoft.AspNet.Security.kproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Tests", "test\Microsoft.AspNet.Security.Test\Microsoft.AspNet.Security.Tests.kproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{C40A5A3B-ABA3-4819-9C44-D821E6DA1BA1}"
+	ProjectSection(SolutionItems) = preProject
+		global.json = global.json
+	EndProjectSection
+EndProject
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 44d81db7f2..1e21937fab 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -5,6 +5,7 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 
@@ -120,17 +121,28 @@ namespace Microsoft.AspNet.Security.Cookies
                         signin.Properties,
                         cookieOptions);
 
-                    DateTimeOffset issuedUtc = Options.SystemClock.UtcNow;
-                    DateTimeOffset expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
+                    DateTimeOffset issuedUtc;
+                    if (signin.Properties.IssuedUtc.HasValue)
+                    {
+                        issuedUtc = signin.Properties.IssuedUtc.Value;
+                    }
+                    else
+                    {
+                        issuedUtc = Options.SystemClock.UtcNow;
+                        signin.Properties.IssuedUtc = issuedUtc;
+                    }
 
-                    context.Properties.IssuedUtc = issuedUtc;
-                    context.Properties.ExpiresUtc = expiresUtc;
+                    if (!signin.Properties.ExpiresUtc.HasValue)
+                    {
+                        signin.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
+                    }
 
                     Options.Notifications.ResponseSignIn(context);
 
                     if (context.Properties.IsPersistent)
                     {
-                        cookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
+                        DateTimeOffset expiresUtc = context.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
+                        context.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
                     }
 
                     var model = new AuthenticationTicket(context.Identity, context.Properties);
@@ -229,18 +241,27 @@ namespace Microsoft.AspNet.Security.Cookies
                 return;
             }
 
-            string currentUri = 
-                Request.PathBase + 
-                Request.Path + 
-                Request.QueryString;
-                
-            string loginUri = 
-                Request.Scheme + 
-                "://" + 
-                Request.Host + 
-                Request.PathBase + 
-                Options.LoginPath + 
-                new QueryString(Options.ReturnUrlParameter, currentUri);
+            string loginUri = string.Empty;
+            if (ChallengeContext != null)
+            {
+                loginUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
+            }
+
+            if (string.IsNullOrWhiteSpace(loginUri))
+            {
+                string currentUri =
+                    Request.PathBase +
+                    Request.Path +
+                    Request.QueryString;
+
+                loginUri =
+                    Request.Scheme +
+                    "://" +
+                    Request.Host +
+                    Request.PathBase +
+                    Options.LoginPath +
+                    new QueryString(Options.ReturnUrlParameter, currentUri);
+            }
 
             var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
             Options.Notifications.ApplyRedirect(redirectContext);
diff --git a/test/Microsoft.AspNet.Security.Test/CertificateSubjectKeyIdentifierValidatorTests.cs b/test/Microsoft.AspNet.Security.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
new file mode 100644
index 0000000000..4771b98308
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
@@ -0,0 +1,123 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security
+{
+    public class CertificateSubjectKeyIdentifierValidatorTests
+    {
+        private static readonly X509Certificate2 SelfSigned = new X509Certificate2("selfSigned.cer");
+        private static readonly X509Certificate2 Chained = new X509Certificate2("katanatest.redmond.corp.microsoft.com.cer");
+
+        // The Katana test cert has a valid full chain
+        // katanatest.redmond.corp.microsoft.com -> MSIT Machine Auth CA2 -> Microsoft Internet Authority -> Baltimore CyberTrustRoot
+
+        private const string KatanaTestKeyIdentifier = "d964b2941aaf3e62761041b1f3db098edfa3270a";
+        private const string MicrosoftInternetAuthorityKeyIdentifier = "2a4d97955d347e9db6e633be9c27c1707e67dbc1";
+
+        [Fact]
+        public void ConstructorShouldNotThrowWithValidValues()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
+
+            instance.ShouldNotBe(null);
+        }
+
+        [Fact]
+        public void ConstructorShouldThrownWhenTheValidHashEnumerableIsNull()
+        {
+            Should.Throw<ArgumentNullException>(() =>
+                new CertificateSubjectKeyIdentifierValidator(null));
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateChainErrors()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateChainErrors);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNameMismatch()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNameMismatch);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNotAvailable()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNotAvailable);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
+            var certificateChain = new X509Chain();
+            certificateChain.Build(SelfSigned);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, SelfSigned, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedSubjectKeyIdentifier()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsSubjectKeyIdentifierWhiteListed()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(
+                new[]
+                {
+                    KatanaTestKeyIdentifier
+                });
+
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementSubjectKeyIdentifierWhiteListed()
+        {
+            var instance = new CertificateSubjectKeyIdentifierValidator(
+                new[]
+                {
+                    MicrosoftInternetAuthorityKeyIdentifier
+                });
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs b/test/Microsoft.AspNet.Security.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
new file mode 100644
index 0000000000..28270cd480
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
@@ -0,0 +1,173 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security
+{
+    public class CertificateSubjectPublicKeyInfoValidatorTests
+    {
+        private static readonly X509Certificate2 SelfSigned = new X509Certificate2("selfSigned.cer");
+        private static readonly X509Certificate2 Chained = new X509Certificate2("katanatest.redmond.corp.microsoft.com.cer");
+
+        // The Katana test cert has a valid full chain
+        // katanatest.redmond.corp.microsoft.com -> MSIT Machine Auth CA2 -> Microsoft Internet Authority -> Baltimore CyberTrustRoot
+
+        // The following fingerprints were generated using the go program in appendix A of the Public Key Pinning Extension for HTTP
+        // draft-ietf-websec-key-pinning-05
+
+        private const string KatanaTestSha1Hash = "xvNsCWwxvL3qsCYChZLiwNm1D6o=";
+        private const string KatanaTestSha256Hash = "AhR1Y/xhxK2uD7YJ0xKUPq8tYrWm4+F7DgO2wUOqB+4=";
+
+        private const string MicrosoftInternetAuthoritySha1Hash = "Z3HnseSVDEPu5hZoj05/bBSnT/s=";
+        private const string MicrosoftInternetAuthoritySha256Hash = "UQTPeq/Tlg/vLt2ijtl7qlMFBFkbGG9aAWJbQMOMWFg=";
+
+        [Fact]
+        public void ConstructorShouldNotThrowWithValidValues()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
+
+            instance.ShouldNotBe(null);
+        }
+
+        [Fact]
+        public void ConstructorShouldThrownWhenTheValidHashEnumerableIsNull()
+        {
+            Should.Throw<ArgumentNullException>(() =>
+                new CertificateSubjectPublicKeyInfoValidator(null, SubjectPublicKeyInfoAlgorithm.Sha1));
+        }
+
+        [Fact]
+        public void ConstructorShouldThrowWhenTheHashEnumerableContainsNoHashes()
+        {
+            Should.Throw<ArgumentOutOfRangeException>(() =>
+                new CertificateSubjectPublicKeyInfoValidator(new string[0], SubjectPublicKeyInfoAlgorithm.Sha1));
+        }
+
+        [Fact]
+        public void ConstructorShouldThrowIfAnInvalidAlgorithmIsPassed()
+        {
+            Should.Throw<ArgumentOutOfRangeException>(() =>
+                new CertificateSubjectPublicKeyInfoValidator(new string[0], (SubjectPublicKeyInfoAlgorithm)2));
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateChainErrors()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateChainErrors);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNameMismatch()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNameMismatch);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNotAvailable()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNotAvailable);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(SelfSigned);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, SelfSigned, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedSha1Spki()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsSha1SpkiWhiteListed()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { KatanaTestSha1Hash }, SubjectPublicKeyInfoAlgorithm.Sha1);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementSha1SpkiWhiteListed()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { MicrosoftInternetAuthoritySha1Hash }, SubjectPublicKeyInfoAlgorithm.Sha1);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedSha256Spki()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha256);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsSha256SpkiWhiteListed()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { KatanaTestSha256Hash }, SubjectPublicKeyInfoAlgorithm.Sha256);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementSha256SpkiWhiteListed()
+        {
+            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { MicrosoftInternetAuthoritySha256Hash }, SubjectPublicKeyInfoAlgorithm.Sha256);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/CertificateThumbprintValidatorTests.cs b/test/Microsoft.AspNet.Security.Test/CertificateThumbprintValidatorTests.cs
new file mode 100644
index 0000000000..82e4a3a3dc
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/CertificateThumbprintValidatorTests.cs
@@ -0,0 +1,121 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security
+{
+    public class CertificateThumbprintValidatorTests
+    {
+        private static readonly X509Certificate2 SelfSigned = new X509Certificate2("selfSigned.cer");
+        private static readonly X509Certificate2 Chained = new X509Certificate2("katanatest.redmond.corp.microsoft.com.cer");
+
+        // The Katana test cert has a valid full chain
+        // katanatest.redmond.corp.microsoft.com -> MSIT Machine Auth CA2 -> Microsoft Internet Authority -> Baltimore CyberTrustRoot
+
+        private const string KatanaTestThumbprint = "a9894c464b260cac3f5b91cece33b3c55e82e61c";
+        private const string MicrosoftInternetAuthorityThumbprint = "992ad44d7dce298de17e6f2f56a7b9caa41db93f";
+
+        [Fact]
+        public void ConstructorShouldNotThrowWithValidValues()
+        {
+            var instance = new CertificateThumbprintValidator(new string[1]);
+
+            instance.ShouldNotBe(null);
+        }
+
+        [Fact]
+        public void ConstructorShouldThrownWhenTheValidHashEnumerableIsNull()
+        {
+            Should.Throw<ArgumentNullException>(() =>
+                new CertificateThumbprintValidator(null));
+        }
+
+        [Fact]
+        public void ConstructorShouldThrowWhenTheHashEnumerableContainsNoHashes()
+        {
+            Should.Throw<ArgumentOutOfRangeException>(() =>
+                new CertificateThumbprintValidator(new string[0]));
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateChainErrors()
+        {
+            var instance = new CertificateThumbprintValidator(new string[1]);
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateChainErrors);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNameMismatch()
+        {
+            var instance = new CertificateThumbprintValidator(new string[1]);
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNameMismatch);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNotAvailable()
+        {
+            var instance = new CertificateThumbprintValidator(new string[1]);
+            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNotAvailable);
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate()
+        {
+            var instance = new CertificateThumbprintValidator(new string[1]);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(SelfSigned);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, SelfSigned, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedThumbprint()
+        {
+            var instance = new CertificateThumbprintValidator(new string[1]);
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(false);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsThumbprintWhiteListed()
+        {
+            var instance = new CertificateThumbprintValidator(new[] { KatanaTestThumbprint });
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+
+        [Fact]
+        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementThumbprintWhiteListed()
+        {
+            var instance = new CertificateThumbprintValidator(new[] { MicrosoftInternetAuthorityThumbprint });
+            var certificateChain = new X509Chain();
+            certificateChain.Build(Chained);
+            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+
+            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
+
+            result.ShouldBe(true);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
new file mode 100644
index 0000000000..6578ba6004
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -0,0 +1,479 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Security.Principal;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.TestHost;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    public class CookieMiddlewareTests
+    {
+        [Fact]
+        public async Task NormalRequestPassesThrough()
+        {
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+            });
+            HttpResponseMessage response = await server.CreateClient().GetAsync("http://example.com/normal");
+            response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task ProtectedRequestShouldRedirectToLogin()
+        {
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                LoginPath = new PathString("/login")
+            });
+
+            Transaction transaction = await SendAsync(server, "http://example.com/protected");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            Uri location = transaction.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/login");
+            location.Query.ShouldBe("?ReturnUrl=%2Fprotected");
+        }
+
+        [Fact]
+        public async Task ProtectedCustomRequestShouldRedirectToCustomLogin()
+        {
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                LoginPath = new PathString("/login")
+            });
+
+            Transaction transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            Uri location = transaction.Response.Headers.Location;
+            location.ToString().ShouldBe("/CustomRedirect");
+        }
+
+        private Task SignInAsAlice(HttpContext context)
+        {
+            context.Response.SignIn(
+                new AuthenticationProperties(),
+                new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")));
+            return Task.FromResult<object>(null);
+        }
+
+        [Fact]
+        public async Task SignInCausesDefaultCookieToBeCreated()
+        {
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                LoginPath = new PathString("/login"),
+                CookieName = "TestCookie",
+            }, SignInAsAlice);
+
+            Transaction transaction = await SendAsync(server, "http://example.com/testpath");
+
+            string setCookie = transaction.SetCookie;
+            setCookie.ShouldStartWith("TestCookie=");
+            setCookie.ShouldContain("; path=/");
+            setCookie.ShouldContain("; HttpOnly");
+            setCookie.ShouldNotContain("; expires=");
+            setCookie.ShouldNotContain("; domain=");
+            setCookie.ShouldNotContain("; secure");
+        }
+
+        [Theory]
+        [InlineData(CookieSecureOption.Always, "http://example.com/testpath", true)]
+        [InlineData(CookieSecureOption.Always, "https://example.com/testpath", true)]
+        [InlineData(CookieSecureOption.Never, "http://example.com/testpath", false)]
+        [InlineData(CookieSecureOption.Never, "https://example.com/testpath", false)]
+        [InlineData(CookieSecureOption.SameAsRequest, "http://example.com/testpath", false)]
+        [InlineData(CookieSecureOption.SameAsRequest, "https://example.com/testpath", true)]
+        public async Task SecureSignInCausesSecureOnlyCookieByDefault(
+            CookieSecureOption cookieSecureOption,
+            string requestUri,
+            bool shouldBeSecureOnly)
+        {
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                LoginPath = new PathString("/login"),
+                CookieName = "TestCookie",
+                CookieSecure = cookieSecureOption
+            }, SignInAsAlice);
+
+            Transaction transaction = await SendAsync(server, requestUri);
+            string setCookie = transaction.SetCookie;
+
+            if (shouldBeSecureOnly)
+            {
+                setCookie.ShouldContain("; secure");
+            }
+            else
+            {
+                setCookie.ShouldNotContain("; secure");
+            }
+        }
+
+        [Fact]
+        public async Task CookieOptionsAlterSetCookieHeader()
+        {
+            TestServer server1 = CreateServer(new CookieAuthenticationOptions
+            {
+                CookieName = "TestCookie",
+                CookiePath = "/foo",
+                CookieDomain = "another.com",
+                CookieSecure = CookieSecureOption.Always,
+                CookieHttpOnly = true,
+            }, SignInAsAlice);
+
+            Transaction transaction1 = await SendAsync(server1, "http://example.com/testpath");
+
+            TestServer server2 = CreateServer(new CookieAuthenticationOptions
+            {
+                CookieName = "SecondCookie",
+                CookieSecure = CookieSecureOption.Never,
+                CookieHttpOnly = false,
+            }, SignInAsAlice);
+
+            Transaction transaction2 = await SendAsync(server2, "http://example.com/testpath");
+
+            string setCookie1 = transaction1.SetCookie;
+            string setCookie2 = transaction2.SetCookie;
+
+            setCookie1.ShouldContain("TestCookie=");
+            setCookie1.ShouldContain(" path=/foo");
+            setCookie1.ShouldContain(" domain=another.com");
+            setCookie1.ShouldContain(" secure");
+            setCookie1.ShouldContain(" HttpOnly");
+
+            setCookie2.ShouldContain("SecondCookie=");
+            setCookie2.ShouldNotContain(" domain=");
+            setCookie2.ShouldNotContain(" secure");
+            setCookie2.ShouldNotContain(" HttpOnly");
+        }
+
+        [Fact]
+        public async Task CookieContainsIdentity()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                SystemClock = clock
+            }, SignInAsAlice);
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+        }
+
+        [Fact]
+        public async Task CookieStopsWorkingAfterExpiration()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false,
+            }, SignInAsAlice);
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(7));
+
+            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(7));
+
+            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            transaction2.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            transaction3.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            transaction4.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+        }
+
+        [Fact]
+        public async Task CookieExpirationCanBeOverridenInSignin()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false,
+            },
+            context =>
+            {
+                context.Response.SignIn(
+                    new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) },
+                    new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")));
+                return Task.FromResult<object>(null);
+            });
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(3));
+
+            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(3));
+
+            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            transaction2.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            transaction3.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            transaction4.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+        }
+
+        [Fact]
+        public async Task CookieExpirationCanBeOverridenInEvent()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false,
+                Notifications = new CookieAuthenticationNotifications()
+                {
+                    OnResponseSignIn = context =>
+                    {
+                        context.Properties.ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5));
+                    }
+                }
+            }, SignInAsAlice);
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(3));
+
+            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(3));
+
+            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            transaction2.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            transaction3.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            transaction4.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+        }
+
+        [Fact]
+        public async Task CookieIsRenewedWithSlidingExpiration()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = true,
+            }, SignInAsAlice);
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(4));
+
+            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(4));
+
+            // transaction4 should arrive with a new SetCookie value
+            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            clock.Add(TimeSpan.FromMinutes(4));
+
+            Transaction transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
+
+            transaction2.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            transaction3.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            transaction4.SetCookie.ShouldNotBe(null);
+            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("Alice");
+            transaction5.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("Alice");
+        }
+
+        [Fact]
+        public async Task AjaxRedirectsAsExtraHeaderOnTwoHundred()
+        {
+            TestServer server = CreateServer(new CookieAuthenticationOptions
+            {
+                LoginPath = new PathString("/login")
+            });
+
+            Transaction transaction = await SendAsync(server, "http://example.com/protected", ajaxRequest: true);
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            var responded = transaction.Response.Headers.GetValues("X-Responded-JSON");
+
+            responded.Count().ShouldBe(1);
+            responded.Single().ShouldContain("\"location\"");
+        }
+
+        private static string FindClaimValue(Transaction transaction, string claimType)
+        {
+            XElement claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+            if (claim == null)
+            {
+                return null;
+            }
+            return claim.Attribute("value").Value;
+        }
+
+        private static async Task<XElement> GetAuthData(TestServer server, string url, string cookie)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, url);
+            request.Headers.Add("Cookie", cookie);
+
+            HttpResponseMessage response2 = await server.CreateClient().SendAsync(request);
+            string text = await response2.Content.ReadAsStringAsync();
+            XElement me = XElement.Parse(text);
+            return me;
+        }
+
+        private static TestServer CreateServer(CookieAuthenticationOptions options, Func<HttpContext, Task> testpath = null)
+        {
+            return TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options);
+                app.Use(async (context, next) =>
+                {
+                    var req = context.Request;
+                    var res = context.Response;
+                    PathString remainder;
+                    if (req.Path == new PathString("/normal"))
+                    {
+                        res.StatusCode = 200;
+                    }
+                    else if (req.Path == new PathString("/protected"))
+                    {
+                        res.StatusCode = 401;
+                    }
+                    else if (req.Path == new PathString("/protected/CustomRedirect"))
+                    {
+                        context.Response.Challenge(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
+                    }
+                    else if (req.Path == new PathString("/me"))
+                    {
+                        Describe(res, new AuthenticationResult(context.User.Identity, new AuthenticationProperties(), new AuthenticationDescription()));
+                    }
+                    else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
+                    {
+                        var result = await context.AuthenticateAsync(remainder.Value.Substring(1));
+                        Describe(res, result);
+                    }
+                    else if (req.Path == new PathString("/testpath") && testpath != null)
+                    {
+                        await testpath(context);
+                    }
+                    else
+                    {
+                        await next();
+                    }
+                });
+            });
+        }
+
+        private static void Describe(HttpResponse res, AuthenticationResult result)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (result != null && result.Identity != null)
+            {
+                xml.Add(result.Identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+            }
+            if (result != null && result.Properties != null)
+            {
+                xml.Add(result.Properties.Dictionary.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null, bool ajaxRequest = false)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            if (ajaxRequest)
+            {
+                request.Headers.Add("X-Requested-With", "XMLHttpRequest");
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").SingleOrDefault();
+            }
+            if (!string.IsNullOrEmpty(transaction.SetCookie))
+            {
+                transaction.CookieNameValue = transaction.SetCookie.Split(new[] { ';' }, 2).First();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+
+            public string SetCookie { get; set; }
+            public string CookieNameValue { get; set; }
+
+            public string ResponseText { get; set; }
+            public XElement ResponseElement { get; set; }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNet.Security.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
new file mode 100644
index 0000000000..be97f2f12c
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.DataHandler.Encoder
+{
+    public class Base64UrlTextEncoderTests
+    {
+        [Fact]
+        public void DataOfVariousLengthRoundTripCorrectly()
+        {
+            var encoder = new Base64UrlTextEncoder();
+            for (int length = 0; length != 256; ++length)
+            {
+                var data = new byte[length];
+                for (int index = 0; index != length; ++index)
+                {
+                    data[index] = (byte)(5 + length + (index * 23));
+                }
+                string text = encoder.Encode(data);
+                byte[] result = encoder.Decode(text);
+
+                for (int index = 0; index != length; ++index)
+                {
+                    result[index].ShouldBe(data[index]);
+                }
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
similarity index 70%
rename from test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
rename to test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
index 62a9b7453a..903c63d854 100644
--- a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.kproj
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
@@ -17,11 +17,20 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <ItemGroup>
+    <Content Include="katanatest.redmond.corp.microsoft.com.cer" />
     <Content Include="project.json" />
+    <Content Include="selfSigned.cer" />
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="CertificateSubjectKeyIdentifierValidatorTests.cs" />
+    <Compile Include="CertificateSubjectPublicKeyInfoValidatorTests.cs" />
+    <Compile Include="CertificateThumbprintValidatorTests.cs" />
+    <Compile Include="Cookies\CookieMiddlewareTests.cs" />
+    <Compile Include="DataHandler\Encoder\Base64UrlTextEncoderTests.cs" />
     <Compile Include="DefaultAuthorizationServiceTests.cs" />
     <Compile Include="FakePolicy.cs" />
+    <Compile Include="SecurityHelperTests.cs" />
+    <Compile Include="TestClock.cs" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
new file mode 100644
index 0000000000..76f8f6e0a7
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
@@ -0,0 +1,103 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Security.Principal;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.PipelineCore;
+using Microsoft.AspNet.Security.Infrastructure;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security
+{
+    public class SecurityHelperTests
+    {
+        [Fact]
+        public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.User.ShouldNotBe(null);
+            context.User.Identity.IsAuthenticated.ShouldBe(false);
+
+            SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test1", "Alpha"));
+
+            context.User.ShouldNotBe(null);
+            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
+            context.User.Identity.Name.ShouldBe("Test1");
+
+            context.User.ShouldBeTypeOf<ClaimsPrincipal>();
+            context.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
+
+            ((ClaimsPrincipal)context.User).Identities.Count().ShouldBe(1);
+        }
+
+        [Fact]
+        public void AddingExistingIdentityChangesDefaultButPreservesPrior()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
+
+            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
+            context.User.Identity.Name.ShouldBe("Test1");
+
+            SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test2", "Beta"));
+
+            context.User.Identity.AuthenticationType.ShouldBe("Beta");
+            context.User.Identity.Name.ShouldBe("Test2");
+
+            SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test3", "Gamma"));
+
+            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
+            context.User.Identity.Name.ShouldBe("Test3");
+
+            var principal = context.User;
+            principal.Identities.Count().ShouldBe(3);
+            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
+            principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
+            principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
+        }
+
+        [Fact]
+        public void NoChallengesMeansLookupsAreDeterminedOnlyByActiveOrPassiveMode()
+        {
+            HttpContext context = new DefaultHttpContext();
+
+            bool activeNoChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Active);
+            bool passiveNoChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Passive);
+
+            context.Response.StatusCode = 401;
+
+            bool activeEmptyChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Active);
+            bool passiveEmptyChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Passive);
+
+            Assert.True(activeNoChallenge);
+            Assert.False(passiveNoChallenge);
+            Assert.True(activeEmptyChallenge);
+            Assert.False(passiveEmptyChallenge);
+        }
+
+        [Fact]
+        public void WithChallengesMeansLookupsAreDeterminedOnlyByMatchingAuthenticationType()
+        {
+            HttpContext context = new DefaultHttpContext();
+            
+            IEnumerable<string> challengeTypes = new[] { "Beta", "Gamma" };
+
+            bool activeNoMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Active);
+            bool passiveNoMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Passive);
+
+            challengeTypes = new[] { "Beta", "Alpha" };
+
+            bool activeWithMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Active);
+            bool passiveWithMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Passive);
+
+            Assert.False(activeNoMatch);
+            Assert.False(passiveNoMatch);
+            Assert.True(activeWithMatch);
+            Assert.True(passiveWithMatch);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/TestClock.cs b/test/Microsoft.AspNet.Security.Test/TestClock.cs
new file mode 100644
index 0000000000..cd8f998397
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/TestClock.cs
@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Security.Infrastructure;
+
+namespace Microsoft.AspNet.Security
+{
+    public class TestClock : ISystemClock
+    {
+        public TestClock()
+        {
+            UtcNow = new DateTimeOffset(2013, 6, 11, 12, 34, 56, 789, TimeSpan.Zero);
+        }
+
+        public DateTimeOffset UtcNow { get; set; }
+
+        public void Add(TimeSpan timeSpan)
+        {
+            UtcNow = UtcNow + timeSpan;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/katanatest.redmond.corp.microsoft.com.cer b/test/Microsoft.AspNet.Security.Test/katanatest.redmond.corp.microsoft.com.cer
new file mode 100644
index 0000000000000000000000000000000000000000..bfd5220e2cf5a9f6d78145f62d2031a44ef50e59
GIT binary patch
literal 1462
zcmXqLV%=oW#4>9EGZP~d6IaOeUIzw728M=S170>xtu~Lg@4SqRtgH+MjSYsv27+u{
zoRic#Cx6mOVU!eOPR`FYlr#`W5#-FxOfJeV&QB{b6fqD&kzz^CFDft;HxNY;WiLui
z$<5D8F_bruWn&IyVHOti4fYIC@J&q4$jnPsa4ap!P;hosFfx!6=QT7oFf%eUv@|p~
zHj4ssO_8_;28MbDIuIjNvlB}a^Abx^i%ayN=IeoM*Mqwb$jvoqVpKx*CnGBZa}y&!
z15licsfm%1;iL7N%^!0Xs~;%IKiIkMIp=T7M)sAbvfm5&d=}rTo8T~e-4vB`Z<@Tn
z6m~?%cKum?@SLe?cETkEm1i*<mri-bKecC`8|TeUrgqD^1z%T&vxuJ0nZM`+H<L@q
z+IuU?=Ei0m+Epv7#uVA&c6EP;!)8$p-S;=X$e3*p+xCWy@8uu4tNhldHplxfG?jZ6
zpSO&KK|Jh)k?OVVQ@l@XD|*)~dFyd{TJVvX{k~GKr+*b<Z0R}Xav)^CmN)asPs^ql
z9eP)mvd6iLC(*m*%9}Y&3p0byEpnW4I@{}b`<;f9&x%$kJv!=ZC3?MTZ;wUU<Jk%-
zmD?Zh`uC>G#e7wJ^UKTx=NA{5m>C%u7dJ6g8#FPMgQG{5k420{<YvmIDN^h0lF9@e
zH-5g&*>``jI+p=AFz99ZSy-5vST-2QgE-185(Z)oBCl@?#{J-&cjH>poWDtPAGdgE
zJXAMmd<Rk?&(iqJpz*Om<AVi_cNa9?YV*%1DJihh*Uv3ZF3LfTE&YP*OprJ*8ufva
z`k+*zYGeRSCqNb`r2r{sM<8LOVW_DGRMqASHIPciS-^|~x&q`Lq8(z;xR#AWn+=$k
z*clmF8W$Ke&NT>yi5M`oc|r{?FE7XKZDPD!V&H;gEV_FWGZTplxDo?<Hcp^(Ss0tl
zMcG-53=G&bU|f#o^PRqHKQXl~oX^wr>r`#y!`~&1{>_KpwsQ2XywsY^#F)aw$OTC*
zsw`p#A~5$bGr?Jm2I>g&xmctOBn-IVl1xZ!M&t|%EQo*^l#wC&=)e2#45dUlzKJv5
z`Rj3z&983bHLa%~FD?D`EY4xsTQ{$lvFl9Nx}NawQM%N_d4GZD^$zDH%lCXdVcdQv
zDa^cgx{JY*=A+_En>a2Ce`)<SbHSC*pA^b(AKU-;M#i478_zpuig{Z(ck&#on~);K
zTt9`g?eYDBi;4_dX8*00HL{xh`p9Ab%&w^{@WteuZ!gYnbiT{0XjV{RwQ$P4oorRJ
zSZ3}NWN+t}F5jWf72qbva(ZI=%C@5uIgJ%|J-K^McbTovnJY6>KfLw&_ciFG);W)r
z(-!=F7v-`+iP<lK``VI2&UZ`}Uzo9=bUvTpGg~*sCI2^FIxS<$zl8tchd0u1>Td%8
Dk#GvE

literal 0
HcmV?d00001

diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 68837d5bea..b46b261dec 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -4,6 +4,9 @@
   },
   "dependencies": {
     "Microsoft.AspNet.Security" : "",
+    "Microsoft.AspNet.Security.Cookies" : "",
+    "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "System.Net.Http": "4.0.0.0",
     "Moq": "4.2.1312.1622",
     "Xunit.KRunner": "1.0.0-*"
   },
@@ -13,7 +16,10 @@
   "frameworks": {
     "net45": { 
       "dependencies": {
-          "System.Runtime": ""
+        "Shouldly": "1.1.1.1",
+        "System.Runtime": "",
+        "System.Xml":  "",
+        "System.Xml.Linq":  ""
       }
     }
   }
diff --git a/test/Microsoft.AspNet.Security.Test/selfSigned.cer b/test/Microsoft.AspNet.Security.Test/selfSigned.cer
new file mode 100644
index 0000000000000000000000000000000000000000..6acc7af5a606916b16c00aef0177b1e4858d7290
GIT binary patch
literal 762
zcmXqLV)|y##Q10dGZP~dlR(?zA3ry9D6e$iICaDG9g9C1aI&##^D#5YvN9Nm8VVZ-
zvN4CUFbi{eCzd4UC5EIHml(*2^BNi(7y_ZW0T4uq^BN&@acOH}R5IXY<J4;NX#38~
z$jHdbz}&>h&j54_7gG}>Bg5p{Ygf8TXGs{Hj>&cCUVOqs?tZJ;an`>l62y1kxZk6~
zuFIUiZ%3bNU>xhe=(iubQr+ix=sr_x=xJE8NI2KLQqo;fd(Gz=2b$I#RQrBm>AH-i
zkKf$$tG(O&CFSU}8}lEB&lieWTW|EsKf7PUZrb(3?pt$Kb!0z}5Q&rz6-jM78g4V|
zOK9EiW0L}SKCE8V|6ZL*&v??tg-6}5K9j#b@qni1DwnHlCKc7!6%DNGq>`U}x_Bt*
z&8)Xu?r^5BnZzWM9eH~B>Cf(NE)%mvtAm{1mu~zL*wWUgc+@e<UdmN;+O9iMKP^|)
zU1q=GcFk4HwpDL#>EXB)@~?%T%FSzNdgJwziJ6gsaj}<yhk+X~%w-u_><w%i1l*(+
z{{0@FEx)1p#OhtM5;PZz;|Sj-d{GGuX+{R?6N!SKnXjL7?`&yadfUUP(Cw4HXY-ST
zJIXGJ>N};q$PvEvyx^x#(Bl{N+D2**46g^?wC$QZC9<=OZR2BCf#b{zy(PLnRJ+Rx
zZ+pk)db%T3<H4K6npV!^U+nk}xc~V$KPBSoS6elUxWw8G=UHY|6$_u_SjjBJ_jlPo
z|5?{J`LH;(9h#71oRMX^JpTI(|EmoGo3<=f_FfvW+u=k{MwW890prC>^V#*QS2}P!
z;rBeTSMJYZ-nthS6M6nGRag<dMtXbFCL7(=^{cWQ#VphUPHMcnzQ2g0;;vw{!v05&
o`>%U<EL*s;IG`%gIjHu_%(~NCt~5KY+vs0+J>ASt!}7{?02=i_8vp<R

literal 0
HcmV?d00001


From c74e583ec90db0d6bd82674651c752257556f194 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Fri, 15 Aug 2014 09:27:27 -0700
Subject: [PATCH 053/900] Removed source files from the project

---
 samples/CookieSample/CookieSample.kproj       |  8 +--
 .../Microsoft.AspNet.Security.Cookies.kproj   | 21 +-----
 .../Microsoft.AspNet.Security.kproj           | 64 +------------------
 .../Microsoft.AspNet.Security.Tests.kproj     | 16 -----
 4 files changed, 3 insertions(+), 106 deletions(-)

diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
index efb2d4d770..3f91733529 100644
--- a/samples/CookieSample/CookieSample.kproj
+++ b/samples/CookieSample/CookieSample.kproj
@@ -16,11 +16,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <ItemGroup>
-    <Content Include="project.json" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Startup.cs" />
-  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
index 1b82715c3e..75aae6178d 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
+++ b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
@@ -16,24 +16,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <ItemGroup>
-    <Content Include="project.json" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="CookieAuthenticationDefaults.cs" />
-    <Compile Include="CookieAuthenticationExtensions.cs" />
-    <Compile Include="CookieAuthenticationHandler.cs" />
-    <Compile Include="CookieAuthenticationMiddleware.cs" />
-    <Compile Include="CookieAuthenticationOptions.cs" />
-    <Compile Include="CookieSecureOption.cs" />
-    <Compile Include="Notifications\CookieApplyRedirectContext.cs" />
-    <Compile Include="Notifications\CookieAuthenticationNotifications.cs" />
-    <Compile Include="Notifications\CookieResponseSignInContext.cs" />
-    <Compile Include="Notifications\CookieResponseSignOutContext.cs" />
-    <Compile Include="Notifications\CookieValidateIdentityContext.cs" />
-    <Compile Include="Notifications\DefaultBehavior.cs" />
-    <Compile Include="Notifications\ICookieAuthenticationNotifications.cs" />
-    <Compile Include="NotNullAttribute.cs" />
-  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index c774d797ed..923789fb16 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -16,67 +16,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <ItemGroup>
-    <Content Include="project.json" />
-    <Content Include="Resources.resx" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="AppBuilderSecurityExtensions.cs" />
-    <Compile Include="AuthenticationMode.cs" />
-    <Compile Include="AuthenticationOptions.cs" />
-    <Compile Include="AuthenticationTicket.cs" />
-    <Compile Include="AuthorizationPolicy.cs" />
-    <Compile Include="AuthorizationPolicyContext.cs" />
-    <Compile Include="AuthorizationServiceExtensions.cs" />
-    <Compile Include="DefaultAuthorizationService.cs" />
-    <Compile Include="IAuthorizationPolicy.cs" />
-    <Compile Include="IAuthorizationService.cs" />
-    <Compile Include="CertificateSubjectKeyIdentifierValidator.cs" />
-    <Compile Include="CertificateSubjectPublicKeyInfoValidator.cs" />
-    <Compile Include="CertificateThumbprintValidator.cs" />
-    <Compile Include="Constants.cs" />
-    <Compile Include="DataHandler\Encoder\Base64TextEncoder.cs" />
-    <Compile Include="DataHandler\Encoder\Base64UrlTextEncoder.cs" />
-    <Compile Include="DataHandler\Encoder\ITextEncoder.cs" />
-    <Compile Include="DataHandler\Encoder\TextEncodings.cs" />
-    <Compile Include="DataHandler\ISecureDataFormat.cs" />
-    <Compile Include="DataHandler\PropertiesDataFormat.cs" />
-    <Compile Include="DataHandler\SecureDataFormat.cs" />
-    <Compile Include="DataHandler\Serializer\DataSerializers.cs" />
-    <Compile Include="DataHandler\Serializer\IDataSerializer.cs" />
-    <Compile Include="DataHandler\Serializer\PropertiesSerializer.cs" />
-    <Compile Include="DataHandler\Serializer\TicketSerializer.cs" />
-    <Compile Include="DataHandler\TicketDataFormat.cs" />
-    <Compile Include="DataProtection\DataProtectionHelpers.cs" />
-    <Compile Include="ICertificateValidator.cs" />
-    <Compile Include="Infrastructure\AuthenticationHandler.cs" />
-    <Compile Include="Infrastructure\AuthenticationHandler`1.cs" />
-    <Compile Include="Infrastructure\AuthenticationMiddleware.cs" />
-    <Compile Include="Infrastructure\AuthenticationTokenCreateContext.cs" />
-    <Compile Include="Infrastructure\AuthenticationTokenProvider.cs" />
-    <Compile Include="Infrastructure\AuthenticationTokenReceiveContext.cs" />
-    <Compile Include="Infrastructure\Constants.cs" />
-    <Compile Include="Infrastructure\HttpContextExtensions.cs" />
-    <Compile Include="Infrastructure\IAuthenticationTokenProvider.cs" />
-    <Compile Include="Infrastructure\ISystemClock.cs" />
-    <Compile Include="Infrastructure\NotNullAttribute.cs" />
-    <Compile Include="Infrastructure\SecurityHelper.cs" />
-    <Compile Include="Infrastructure\SignInIdentityContext.cs" />
-    <Compile Include="Infrastructure\SystemClock.cs" />
-    <Compile Include="Notifications\AuthenticationFailedNotification.cs" />
-    <Compile Include="Notifications\BaseContext.cs" />
-    <Compile Include="Notifications\BaseContext`1.cs" />
-    <Compile Include="Notifications\EndpointContext.cs" />
-    <Compile Include="Notifications\EndpointContext`1.cs" />
-    <Compile Include="Notifications\MessageReceivedNotification.cs" />
-    <Compile Include="Notifications\RedirectFromIdentityProviderNotification.cs" />
-    <Compile Include="Notifications\RedirectToIdentityProviderNotification.cs" />
-    <Compile Include="Notifications\ReturnEndpointContext.cs" />
-    <Compile Include="Notifications\SecurityTokenReceivedNotification.cs" />
-    <Compile Include="Notifications\SecurityTokenValidatedNotification.cs" />
-    <Compile Include="Resources.Designer.cs" />
-    <Compile Include="SubjectPublicKeyInfoAlgorithm.cs" />
-    <Compile Include="Win32.cs" />
-  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
index 903c63d854..54191c08d1 100644
--- a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
@@ -16,21 +16,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <ItemGroup>
-    <Content Include="katanatest.redmond.corp.microsoft.com.cer" />
-    <Content Include="project.json" />
-    <Content Include="selfSigned.cer" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="CertificateSubjectKeyIdentifierValidatorTests.cs" />
-    <Compile Include="CertificateSubjectPublicKeyInfoValidatorTests.cs" />
-    <Compile Include="CertificateThumbprintValidatorTests.cs" />
-    <Compile Include="Cookies\CookieMiddlewareTests.cs" />
-    <Compile Include="DataHandler\Encoder\Base64UrlTextEncoderTests.cs" />
-    <Compile Include="DefaultAuthorizationServiceTests.cs" />
-    <Compile Include="FakePolicy.cs" />
-    <Compile Include="SecurityHelperTests.cs" />
-    <Compile Include="TestClock.cs" />
-  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file

From fabdb3b9dfcd0b678e9c04fa718af03d2d3530e8 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 20 Aug 2014 06:56:36 -0700
Subject: [PATCH 054/900] Reacting to System.IO package version change

---
 samples/CookieSample/project.json                  | 2 +-
 src/Microsoft.AspNet.Security.Cookies/project.json | 2 +-
 src/Microsoft.AspNet.Security/project.json         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index e51b35e481..85f8a1e331 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -22,7 +22,7 @@
         "System.Diagnostics.Debug": "4.0.10.0",
         "System.Diagnostics.Tools": "4.0.0.0",
         "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.0.0",
+        "System.IO": "4.0.10.0",
         "System.Linq": "4.0.0.0",
         "System.Reflection": "4.0.10.0",
         "System.Resources.ResourceManager": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 01a7751fb5..59c8b666fb 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -22,7 +22,7 @@
         "System.Diagnostics.Debug": "4.0.10.0",
         "System.Diagnostics.Tools": "4.0.0.0",
         "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.0.0",
+        "System.IO": "4.0.10.0",
         "System.IO.Compression": "4.0.0.0",
         "System.Linq": "4.0.0.0",
         "System.Reflection": "4.0.10.0",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 4eae846bfc..e79296344e 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -19,7 +19,7 @@
         "System.Diagnostics.Debug": "4.0.10.0",
         "System.Diagnostics.Tools": "4.0.0.0",
         "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.0.0",
+        "System.IO": "4.0.10.0",
         "System.IO.Compression": "4.0.0.0",
         "System.Linq": "4.0.0.0",
         "System.Reflection": "4.0.10.0",

From 919fa0c195d3990953bc70b04db9300a11bc4c1c Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 7 Aug 2014 17:19:59 -0700
Subject: [PATCH 055/900] Port Facebook middleware from Katana.

---
 Security.sln                                  |  27 +-
 samples/SocialSample/Project.json             |  33 ++
 samples/SocialSample/SocialSample.kproj       |  32 ++
 samples/SocialSample/Startup.cs               |  39 +++
 .../CookieAuthenticationExtensions.cs         |   5 -
 .../project.json                              |   2 +-
 .../FacebookAuthenticationDefaults.cs         |  10 +
 .../FacebookAuthenticationExtensions.cs       |  44 +++
 .../FacebookAuthenticationHandler.cs          | 293 ++++++++++++++++++
 .../FacebookAuthenticationMiddleware.cs       |  97 ++++++
 .../FacebookAuthenticationOptions.cs          | 112 +++++++
 .../Microsoft.AspNet.Security.Facebook.kproj  |  20 ++
 .../NotNullAttribute.cs                       |  12 +
 .../FacebookApplyRedirectContext.cs           |  43 +++
 .../FacebookAuthenticatedContext.cs           |  98 ++++++
 .../FacebookAuthenticationNotifications.cs    |  69 +++++
 .../FacebookReturnEndpointContext.cs          |  26 ++
 .../IFacebookAuthenticationNotifications.cs   |  33 ++
 .../Project.json                              |  44 +++
 .../Resources.Designer.cs                     |  81 +++++
 .../Resources.resx                            | 126 ++++++++
 ...nsions.cs => BuilderSecurityExtensions.cs} |  14 +-
 src/Microsoft.AspNet.Security/Constants.cs    |   2 +-
 .../DataHandler/PropertiesDataFormat.cs       |   1 -
 .../Facebook/FacebookMiddlewareTests.cs       | 124 ++++++++
 .../project.json                              |   3 +
 26 files changed, 1373 insertions(+), 17 deletions(-)
 create mode 100644 samples/SocialSample/Project.json
 create mode 100644 samples/SocialSample/SocialSample.kproj
 create mode 100644 samples/SocialSample/Startup.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/NotNullAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Project.json
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security.Facebook/Resources.resx
 rename src/Microsoft.AspNet.Security/{AppBuilderSecurityExtensions.cs => BuilderSecurityExtensions.cs} (89%)
 create mode 100644 test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs

diff --git a/Security.sln b/Security.sln
index 268ecf4a6c..0d249fe568 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.21916.0
+VisualStudioVersion = 14.0.22013.1
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -22,6 +22,9 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		global.json = global.json
 	EndProjectSection
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Facebook", "src\Microsoft.AspNet.Security.Facebook\Microsoft.AspNet.Security.Facebook.kproj", "{3984651C-FD44-4394-8793-3D14EE348C04}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "SocialSample", "samples\SocialSample\SocialSample.kproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -73,6 +76,26 @@ Global
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Any CPU.Build.0 = Release|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|x86.ActiveCfg = Release|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x86.ActiveCfg = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -82,5 +105,7 @@ Global
 		{15F1211B-B695-4A1C-B730-1AC58FC91090} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+		{3984651C-FD44-4394-8793-3D14EE348C04} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/SocialSample/Project.json b/samples/SocialSample/Project.json
new file mode 100644
index 0000000000..f5434cb1c4
--- /dev/null
+++ b/samples/SocialSample/Project.json
@@ -0,0 +1,33 @@
+{
+  "dependencies": {
+    "Microsoft.AspNet.Hosting": "1.0.0-*",
+    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.AspNet.Diagnostics": "1.0.0-*",
+    "Microsoft.AspNet.Security": "1.0.0-*",
+    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Framework.DependencyInjection": "1.0.0-*"
+  },
+  "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
+  "frameworks": {
+    "net45": {
+    },
+    "k10": {
+      "dependencies": {
+        "System.Collections": "4.0.10.0",
+        "System.Console": "4.0.0.0",
+        "System.Diagnostics.Debug": "4.0.10.0",
+        "System.Diagnostics.Tools": "4.0.0.0",
+        "System.Globalization": "4.0.10.0",
+        "System.IO": "4.0.0.0",
+        "System.Linq": "4.0.0.0",
+        "System.Resources.ResourceManager": "4.0.0.0",
+        "System.Runtime": "4.0.20.0",
+        "System.Runtime.Extensions": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.20.0",
+        "System.Threading.Tasks": "4.0.10.0"
+      }
+    }
+  }
+}
diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.kproj
new file mode 100644
index 0000000000..c4ab469bfd
--- /dev/null
+++ b/samples/SocialSample/SocialSample.kproj
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>8c73d216-332d-41d8-bfd0-45bc4bc36552</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+  <PropertyGroup Condition="$(OutputType) == 'Console'">
+    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="$(OutputType) == 'Web'">
+    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Content Include="Project.json" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Startup.cs" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
new file mode 100644
index 0000000000..aec06926ea
--- /dev/null
+++ b/samples/SocialSample/Startup.cs
@@ -0,0 +1,39 @@
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.Facebook;
+
+namespace CookieSample
+{
+    public class Startup
+    {
+        public void Configure(IBuilder app)
+        {
+            app.UseErrorPage();
+
+            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
+
+            app.UseCookieAuthentication(new CookieAuthenticationOptions()
+            {
+            });
+
+            app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
+            {
+                AppId = "569522623154478",
+                AppSecret = "a124463c4719c94b4228d9a240e5dc1a",
+            });
+
+            app.Run(async context =>
+            {
+                if (!context.User.Identity.IsAuthenticated)
+                {
+                    context.Response.Challenge("Facebook");
+                    return;
+                }
+
+                context.Response.ContentType = "text/plain";
+                await context.Response.WriteAsync("Hello " + context.User.Identity.Name);
+            });
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index ad683ac21f..eb4f64903a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -1,12 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataProtection;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Builder
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 59c8b666fb..0336d73e9f 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -6,7 +6,7 @@
     "Microsoft.AspNet.HttpFeature": "1.0.0-*",
     "Microsoft.AspNet.PipelineCore": "1.0.0-*",
     "Microsoft.AspNet.RequestContainer": "1.0.0-*",
-    "Microsoft.AspNet.Security": "",
+    "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",
     "Microsoft.Framework.Logging": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
new file mode 100644
index 0000000000..a9d35151c8
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    public static class FacebookAuthenticationDefaults
+    {
+        public const string AuthenticationType = "Facebook";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
new file mode 100644
index 0000000000..cdaade1205
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
@@ -0,0 +1,44 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.Facebook;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods for using <see cref="FacebookAuthenticationMiddleware"/>
+    /// </summary>
+    public static class FacebookAuthenticationExtensions
+    {
+        /// <summary>
+        /// Authenticate users using Facebook
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="appId">The appId assigned by Facebook</param>
+        /// <param name="appSecret">The appSecret assigned by Facebook</param>
+        /// <returns>The updated <see cref="IBuilder"/></returns>
+        public static IBuilder UseFacebookAuthentication([NotNull] this IBuilder app, [NotNull] string appId, [NotNull] string appSecret)
+        {
+            return app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
+            {
+                AppId = appId,
+                AppSecret = appSecret,
+            });
+        }
+
+        /// <summary>
+        /// Authenticate users using Facebook
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="options">Middleware configuration options</param>
+        /// <returns>The updated <see cref="IBuilder"/></returns>
+        public static IBuilder UseFacebookAuthentication([NotNull] this IBuilder app, [NotNull] FacebookAuthenticationOptions options)
+        {
+            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
+            {
+                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
+            }
+            return app.UseMiddleware<FacebookAuthenticationMiddleware>(options);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
new file mode 100644
index 0000000000..4dde8b75dc
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
@@ -0,0 +1,293 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Logging;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    internal class FacebookAuthenticationHandler : AuthenticationHandler<FacebookAuthenticationOptions>
+    {
+        private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string";
+        private const string TokenEndpoint = "https://graph.facebook.com/oauth/access_token";
+        private const string GraphApiEndpoint = "https://graph.facebook.com/me";
+        private const string AuthorizationEndpoint = "https://www.facebook.com/dialog/oauth";
+
+        private readonly ILogger _logger;
+        private readonly HttpClient _httpClient;
+
+        public FacebookAuthenticationHandler(HttpClient httpClient, ILogger logger)
+        {
+            _httpClient = httpClient;
+            _logger = logger;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().Result;
+        }
+
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            AuthenticationProperties properties = null;
+
+            try
+            {
+                string code = null;
+                string state = null;
+
+                IReadableStringCollection query = Request.Query;
+
+                IList<string> values = query.GetValues("error");
+                if (values != null && values.Count >= 1)
+                {
+                    _logger.WriteVerbose("Remote server returned an error: " + Request.QueryString);
+                }
+
+                values = query.GetValues("code");
+                if (values != null && values.Count == 1)
+                {
+                    code = values[0];
+                }
+                values = query.GetValues("state");
+                if (values != null && values.Count == 1)
+                {
+                    state = values[0];
+                }
+
+                properties = Options.StateDataFormat.Unprotect(state);
+                if (properties == null)
+                {
+                    return null;
+                }
+
+                // OAuth2 10.12 CSRF
+                if (!ValidateCorrelationId(properties, _logger))
+                {
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                if (code == null)
+                {
+                    // Null if the remote server returns an error.
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                string requestPrefix = Request.Scheme + "://" + Request.Host;
+                string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
+
+                string tokenRequest = "grant_type=authorization_code" +
+                    "&code=" + Uri.EscapeDataString(code) +
+                    "&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
+                    "&client_id=" + Uri.EscapeDataString(Options.AppId) +
+                    "&client_secret=" + Uri.EscapeDataString(Options.AppSecret);
+
+                var tokenResponse = await _httpClient.GetAsync(TokenEndpoint + "?" + tokenRequest, Context.RequestAborted);
+                tokenResponse.EnsureSuccessStatusCode();
+                string text = await tokenResponse.Content.ReadAsStringAsync();
+                IFormCollection form = FormHelpers.ParseForm(text);
+
+                string accessToken = form["access_token"];
+                string expires = form["expires"];
+                string graphAddress = GraphApiEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken);
+                if (Options.SendAppSecretProof)
+                {
+                    graphAddress += "&appsecret_proof=" + GenerateAppSecretProof(accessToken);
+                }
+
+                var graphResponse = await _httpClient.GetAsync(graphAddress, Context.RequestAborted);
+                graphResponse.EnsureSuccessStatusCode();
+                text = await graphResponse.Content.ReadAsStringAsync();
+                JObject user = JObject.Parse(text);
+
+                var context = new FacebookAuthenticatedContext(Context, user, accessToken, expires);
+                context.Identity = new ClaimsIdentity(
+                    Options.AuthenticationType,
+                    ClaimsIdentity.DefaultNameClaimType,
+                    ClaimsIdentity.DefaultRoleClaimType);
+                if (!string.IsNullOrEmpty(context.Id))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType));
+                }
+                if (!string.IsNullOrEmpty(context.UserName))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, XmlSchemaString, Options.AuthenticationType));
+                }
+                if (!string.IsNullOrEmpty(context.Email))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType));
+                }
+                if (!string.IsNullOrEmpty(context.Name))
+                {
+                    context.Identity.AddClaim(new Claim("urn:facebook:name", context.Name, XmlSchemaString, Options.AuthenticationType));
+
+                    // Many Facebook accounts do not set the UserName field.  Fall back to the Name field instead.
+                    if (string.IsNullOrEmpty(context.UserName))
+                    {
+                        context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, XmlSchemaString, Options.AuthenticationType));
+                    }
+                }
+                if (!string.IsNullOrEmpty(context.Link))
+                {
+                    context.Identity.AddClaim(new Claim("urn:facebook:link", context.Link, XmlSchemaString, Options.AuthenticationType));
+                }
+                context.Properties = properties;
+
+                await Options.Notifications.Authenticated(context);
+
+                return new AuthenticationTicket(context.Identity, context.Properties);
+            }
+            catch (Exception ex)
+            {
+                _logger.WriteError("Authentication failed", ex);
+                return new AuthenticationTicket(null, properties);
+            }
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            if (Response.StatusCode != 401)
+            {
+                return;
+            }
+
+            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            {
+                return;
+            }
+
+            string baseUri = 
+                Request.Scheme + 
+                "://" + 
+                Request.Host +
+                Request.PathBase;
+
+            string currentUri =
+                baseUri + 
+                Request.Path +
+                Request.QueryString;
+
+            string redirectUri =
+                baseUri + 
+                Options.CallbackPath;
+
+            AuthenticationProperties properties;
+            if (ChallengeContext == null)
+            {
+                properties = new AuthenticationProperties();
+            }
+            else
+            {
+                properties = new AuthenticationProperties(ChallengeContext.Properties);
+            }
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = currentUri;
+            }
+
+            // OAuth2 10.12 CSRF
+            GenerateCorrelationId(properties);
+
+            // comma separated
+            string scope = string.Join(",", Options.Scope);
+
+            string state = Options.StateDataFormat.Protect(properties);
+
+            string authorizationEndpoint =
+                    AuthorizationEndpoint +
+                    "?response_type=code" +
+                    "&client_id=" + Uri.EscapeDataString(Options.AppId) +
+                    "&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
+                    "&scope=" + Uri.EscapeDataString(scope) +
+                    "&state=" + Uri.EscapeDataString(state);
+
+            var redirectContext = new FacebookApplyRedirectContext(Context, Options, properties, authorizationEndpoint);
+            Options.Notifications.ApplyRedirect(redirectContext);
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            // N/A
+        }
+
+        public override async Task<bool> InvokeAsync()
+        {
+            return await InvokeReplyPathAsync();
+        }
+
+        private async Task<bool> InvokeReplyPathAsync()
+        {
+            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
+            {
+                // TODO: error responses
+
+                AuthenticationTicket ticket = await AuthenticateAsync();
+                if (ticket == null)
+                {
+                    _logger.WriteWarning("Invalid return state, unable to redirect.");
+                    Response.StatusCode = 500;
+                    return true;
+                }
+
+                var context = new FacebookReturnEndpointContext(Context, ticket);
+                context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
+                context.RedirectUri = ticket.Properties.RedirectUri;
+
+                await Options.Notifications.ReturnEndpoint(context);
+
+                if (context.SignInAsAuthenticationType != null &&
+                    context.Identity != null)
+                {
+                    ClaimsIdentity grantIdentity = context.Identity;
+                    if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
+                    {
+                        grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
+                    }
+                    Context.Response.SignIn(context.Properties, grantIdentity);
+                }
+
+                if (!context.IsRequestCompleted && context.RedirectUri != null)
+                {
+                    string redirectUri = context.RedirectUri;
+                    if (context.Identity == null)
+                    {
+                        // add a redirect hint that sign-in failed in some way
+                        redirectUri = QueryHelpers.AddQueryString(redirectUri, "error", "access_denied");
+                    }
+                    Response.Redirect(redirectUri);
+                    context.RequestCompleted();
+                }
+
+                return context.IsRequestCompleted;
+            }
+            return false;
+        }
+
+        private string GenerateAppSecretProof(string accessToken)
+        {
+            using (HMACSHA256 algorithm = new HMACSHA256(Encoding.ASCII.GetBytes(Options.AppSecret)))
+            {
+                byte[] hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
+                StringBuilder builder = new StringBuilder();
+                for (int i = 0; i < hash.Length; i++)
+                {
+                    builder.Append(hash[i].ToString("x2", CultureInfo.InvariantCulture));
+                }
+                return builder.ToString();
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..895c7b08d8
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -0,0 +1,97 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Globalization;
+using System.Net.Http;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    /// <summary>
+    /// ASP.NET middleware for authenticating users using Facebook
+    /// </summary>
+    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware is not disposable.")]
+    public class FacebookAuthenticationMiddleware : AuthenticationMiddleware<FacebookAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+        private readonly HttpClient _httpClient;
+
+        /// <summary>
+        /// Initializes a <see cref="FacebookAuthenticationMiddleware"/>
+        /// </summary>
+        /// <param name="next">The next middleware in the application pipeline to invoke</param>
+        /// <param name="options">Configuration options for the middleware</param>
+        public FacebookAuthenticationMiddleware(
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IServiceProvider services,
+            FacebookAuthenticationOptions options)
+            : base(next, options)
+        {
+            if (string.IsNullOrWhiteSpace(Options.AppId))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AppId"));
+            }
+            if (string.IsNullOrWhiteSpace(Options.AppSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AppSecret"));
+            }
+
+            _logger = loggerFactory.Create(typeof(FacebookAuthenticationMiddleware).FullName);
+
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new FacebookAuthenticationNotifications();
+            }
+            if (Options.StateDataFormat == null)
+            {
+                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                    typeof(FacebookAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
+                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+
+            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+            _httpClient.Timeout = Options.BackchannelTimeout;
+            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+        }
+
+        /// <summary>
+        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// </summary>
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="FacebookAuthenticationOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<FacebookAuthenticationOptions> CreateHandler()
+        {
+            return new FacebookAuthenticationHandler(_httpClient, _logger);
+        }
+
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        private static HttpMessageHandler ResolveHttpMessageHandler(FacebookAuthenticationOptions options)
+        {
+            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+#if NET45
+                new WebRequestHandler();
+            // If they provided a validator, apply it or fail.
+            if (options.BackchannelCertificateValidator != null)
+            {
+                // Set the cert validate callback
+                var webRequestHandler = handler as WebRequestHandler;
+                if (webRequestHandler == null)
+                {
+                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                }
+                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
+            }
+#else
+                new WinHttpHandler();
+#endif
+            return handler;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
new file mode 100644
index 0000000000..9832734460
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
@@ -0,0 +1,112 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.Net.Http;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    /// <summary>
+    /// Configuration options for <see cref="FacebookAuthenticationMiddleware"/>
+    /// </summary>
+    public class FacebookAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// Initializes a new <see cref="FacebookAuthenticationOptions"/>
+        /// </summary>
+        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters",
+            MessageId = "Microsoft.AspNet.Security.Facebook.FacebookAuthenticationOptions.set_Caption(System.String)", Justification = "Not localizable.")]
+        public FacebookAuthenticationOptions()
+            : base(FacebookAuthenticationDefaults.AuthenticationType)
+        {
+            Caption = FacebookAuthenticationDefaults.AuthenticationType;
+            CallbackPath = new PathString("/signin-facebook");
+            AuthenticationMode = AuthenticationMode.Passive;
+            Scope = new List<string>();
+            BackchannelTimeout = TimeSpan.FromSeconds(60);
+            SendAppSecretProof = true;
+        }
+
+        /// <summary>
+        /// Gets or sets the Facebook-assigned appId
+        /// </summary>
+        public string AppId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Facebook-assigned app secret
+        /// </summary>
+        public string AppSecret { get; set; }
+#if NET45
+        /// <summary>
+        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
+        /// in back channel communications belong to Facebook.
+        /// </summary>
+        /// <value>
+        /// The pinned certificate validator.
+        /// </value>
+        /// <remarks>If this property is null then the default certificate checks are performed,
+        /// validating the subject name and if the signing chain is a trusted party.</remarks>
+        public ICertificateValidator BackchannelCertificateValidator { get; set; }
+#endif
+        /// <summary>
+        /// Gets or sets timeout value in milliseconds for back channel communications with Facebook.
+        /// </summary>
+        /// <value>
+        /// The back channel timeout in milliseconds.
+        /// </value>
+        public TimeSpan BackchannelTimeout { get; set; }
+
+        /// <summary>
+        /// The HttpMessageHandler used to communicate with Facebook.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
+        /// can be downcast to a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// Get or sets the text that the user can display on a sign in user interface.
+        /// </summary>
+        public string Caption
+        {
+            get { return Description.Caption; }
+            set { Description.Caption = value; }
+        }
+
+        /// <summary>
+        /// The request path within the application's base path where the user-agent will be returned.
+        /// The middleware will process this request when it arrives.
+        /// Default value is "/signin-facebook".
+        /// </summary>
+        public PathString CallbackPath { get; set; }
+
+        /// <summary>
+        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// </summary>
+        public string SignInAsAuthenticationType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="IFacebookAuthenticationNotifications"/> used to handle authentication events.
+        /// </summary>
+        public IFacebookAuthenticationNotifications Notifications { get; set; }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data handled by the middleware.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+
+        /// <summary>
+        /// A list of permissions to request.
+        /// </summary>
+        public IList<string> Scope { get; private set; }
+
+        /// <summary>
+        /// Gets or sets if the appsecret_proof should be generated and sent with Facebook API calls.
+        /// This is enabled by default.
+        /// </summary>
+        public bool SendAppSecretProof { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj b/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
new file mode 100644
index 0000000000..c576730aa7
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>3984651c-fd44-4394-8793-3d14ee348c04</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Facebook/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.Facebook/NotNullAttribute.cs
new file mode 100644
index 0000000000..6a4d82b169
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
new file mode 100644
index 0000000000..020e2d32ee
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
@@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    /// <summary>
+    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Facebook middleware
+    /// </summary>
+    public class FacebookApplyRedirectContext : BaseContext<FacebookAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context">The http request context</param>
+        /// <param name="options">The Facebook middleware options</param>
+        /// <param name="properties">The authenticaiton properties of the challenge</param>
+        /// <param name="redirectUri">The initial redirect URI</param>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "3#",
+            Justification = "Represents header value")]
+        public FacebookApplyRedirectContext(HttpContext context, FacebookAuthenticationOptions options,
+            AuthenticationProperties properties, string redirectUri)
+            : base(context, options)
+        {
+            RedirectUri = redirectUri;
+            Properties = properties;
+        }
+
+        /// <summary>
+        /// Gets the URI used for the redirect operation.
+        /// </summary>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Represents header value")]
+        public string RedirectUri { get; private set; }
+
+        /// <summary>
+        /// Gets the authentication properties of the challenge
+        /// </summary>
+        public AuthenticationProperties Properties { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
new file mode 100644
index 0000000000..c173dfde89
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
@@ -0,0 +1,98 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    /// <summary>
+    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+    /// </summary>
+    public class FacebookAuthenticatedContext : BaseContext
+    {
+        /// <summary>
+        /// Initializes a <see cref="FacebookAuthenticatedContext"/>
+        /// </summary>
+        /// <param name="context">The http environment</param>
+        /// <param name="user">The JSON-serialized user</param>
+        /// <param name="accessToken">Facebook Access token</param>
+        /// <param name="expires">Seconds until expiration</param>
+        public FacebookAuthenticatedContext(HttpContext context, JObject user, string accessToken, string expires)
+            : base(context)
+        {
+            User = user;
+            AccessToken = accessToken;
+
+            int expiresValue;
+            if (Int32.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
+            {
+                ExpiresIn = TimeSpan.FromSeconds(expiresValue);
+            }
+
+            Id = TryGetValue(user, "id");
+            Name = TryGetValue(user, "name");
+            Link = TryGetValue(user, "link");
+            UserName = TryGetValue(user, "username");
+            Email = TryGetValue(user, "email");
+        }
+
+        /// <summary>
+        /// Gets the JSON-serialized user
+        /// </summary>
+        public JObject User { get; private set; }
+
+        /// <summary>
+        /// Gets the Facebook access token
+        /// </summary>
+        public string AccessToken { get; private set; }
+
+        /// <summary>
+        /// Gets the Facebook access token expiration time
+        /// </summary>
+        public TimeSpan? ExpiresIn { get; set; }
+
+        /// <summary>
+        /// Gets the Facebook user ID
+        /// </summary>
+        public string Id { get; private set; }
+
+        /// <summary>
+        /// Gets the user's name
+        /// </summary>
+        public string Name { get; private set; }
+
+        public string Link { get; private set; }
+
+        /// <summary>
+        /// Gets the Facebook username
+        /// </summary>
+        public string UserName { get; private set; }
+
+        /// <summary>
+        /// Gets the Facebook email
+        /// </summary>
+        public string Email { get; private set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user
+        /// </summary>
+        public ClaimsIdentity Identity { get; set; }
+
+        /// <summary>
+        /// Gets or sets a property bag for common authentication properties
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+
+        private static string TryGetValue(JObject user, string propertyName)
+        {
+            JToken value;
+            return user.TryGetValue(propertyName, out value) ? value.ToString() : null;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
new file mode 100644
index 0000000000..22dbcfcc02
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    /// <summary>
+    /// Default <see cref="IFacebookAuthenticationProvider"/> implementation.
+    /// </summary>
+    public class FacebookAuthenticationNotifications : IFacebookAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a <see cref="FacebookAuthenticationNotifications"/>
+        /// </summary>
+        public FacebookAuthenticationNotifications()
+        {
+            OnAuthenticated = context => Task.FromResult<object>(null);
+            OnReturnEndpoint = context => Task.FromResult<object>(null);
+            OnApplyRedirect = context =>
+                context.Response.Redirect(context.RedirectUri);
+        }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
+        /// </summary>
+        public Func<FacebookAuthenticatedContext, Task> OnAuthenticated { get; set; }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
+        /// </summary>
+        public Func<FacebookReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
+        /// </summary>
+        public Action<FacebookApplyRedirectContext> OnApplyRedirect { get; set; }
+
+        /// <summary>
+        /// Invoked whenever Facebook succesfully authenticates a user
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task Authenticated(FacebookAuthenticatedContext context)
+        {
+            return OnAuthenticated(context);
+        }
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task ReturnEndpoint(FacebookReturnEndpointContext context)
+        {
+            return OnReturnEndpoint(context);
+        }
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        public virtual void ApplyRedirect(FacebookApplyRedirectContext context)
+        {
+            OnApplyRedirect(context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
new file mode 100644
index 0000000000..e32cad4ee2
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    /// <summary>
+    /// Provides context information to middleware providers.
+    /// </summary>
+    public class FacebookReturnEndpointContext : ReturnEndpointContext
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context">The http environment</param>
+        /// <param name="ticket">The authentication ticket</param>
+        public FacebookReturnEndpointContext(
+            HttpContext context,
+            AuthenticationTicket ticket)
+            : base(context, ticket)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
new file mode 100644
index 0000000000..530ea65057
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    /// <summary>
+    /// Specifies callback methods which the <see cref="FacebookAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// </summary>
+    public interface IFacebookAuthenticationNotifications
+    {
+        /// <summary>
+        /// Invoked whenever Facebook succesfully authenticates a user
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task Authenticated(FacebookAuthenticatedContext context);
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ReturnEndpoint(FacebookReturnEndpointContext context);
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        void ApplyRedirect(FacebookApplyRedirectContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Project.json b/src/Microsoft.AspNet.Security.Facebook/Project.json
new file mode 100644
index 0000000000..b70ab4b6a4
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Project.json
@@ -0,0 +1,44 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Http": "1.0.0-*",
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Newtonsoft.Json": "5.0.8",
+        "System.Net.Http": "4.0.0.0"
+    },
+    "frameworks": {
+        "net45": {
+            "dependencies": {
+                "System.Net.Http.WebRequest": ""
+            }
+        },
+        "k10": {
+            "dependencies": {
+                "System.Collections": "4.0.10.0",
+                "System.ComponentModel": "4.0.0.0",
+                "System.Console": "4.0.0.0",
+                "System.Diagnostics.Debug": "4.0.10.0",
+                "System.Diagnostics.Tools": "4.0.0.0",
+                "System.Globalization": "4.0.10.0",
+                "System.IO": "4.0.0.0",
+                "System.IO.Compression": "4.0.0.0",
+                "System.Linq": "4.0.0.0",
+                "System.Net.Http.WinHttpHandler": "4.0.0.0",
+                "System.Reflection": "4.0.10.0",
+                "System.Resources.ResourceManager": "4.0.0.0",
+                "System.Runtime": "4.0.20.0",
+                "System.Runtime.Extensions": "4.0.10.0",
+                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
+                "System.Security.Principal": "4.0.0.0",
+                "System.Threading": "4.0.0.0",
+                "System.Threading.Tasks": "4.0.10.0"
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs b/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
new file mode 100644
index 0000000000..dca281f828
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
@@ -0,0 +1,81 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.32559
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.Facebook {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Facebook.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided {
+            get {
+                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch {
+            get {
+                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Resources.resx b/src/Microsoft.AspNet.Security.Facebook/Resources.resx
new file mode 100644
index 0000000000..2a19bea96a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Facebook/Resources.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs b/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
similarity index 89%
rename from src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
rename to src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
index ca9c394275..6043a0966c 100644
--- a/src/Microsoft.AspNet.Security/AppBuilderSecurityExtensions.cs
+++ b/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
@@ -1,16 +1,15 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-/* TODO:
 using System;
-using Owin;
+using Microsoft.AspNet.Security;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Provides extensions methods for app.Property values that are only needed by implementations of authentication middleware.
     /// </summary>
-    public static class AppBuilderSecurityExtensions
+    public static class BuilderSecurityExtensions
     {
         /// <summary>
         /// Returns the previously set AuthenticationType that external sign in middleware should use when the
@@ -18,7 +17,7 @@ namespace Microsoft.AspNet.Security
         /// </summary>
         /// <param name="app">App builder passed to the application startup code</param>
         /// <returns></returns>
-        public static string GetDefaultSignInAsAuthenticationType([NotNull] this IAppBuilder app)
+        public static string GetDefaultSignInAsAuthenticationType([NotNull] this IBuilder app)
         {
             object value;
             if (app.Properties.TryGetValue(Constants.DefaultSignInAsAuthenticationType, out value))
@@ -38,10 +37,9 @@ namespace Microsoft.AspNet.Security
         /// </summary>
         /// <param name="app">App builder passed to the application startup code</param>
         /// <param name="authenticationType">AuthenticationType that external middleware should sign in as.</param>
-        public static void SetDefaultSignInAsAuthenticationType([NotNull] this IAppBuilder app, [NotNull] string authenticationType)
+        public static void SetDefaultSignInAsAuthenticationType([NotNull] this IBuilder app, [NotNull] string authenticationType)
         {
             app.Properties[Constants.DefaultSignInAsAuthenticationType] = authenticationType;
         }
     }
-}
-*/
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Constants.cs b/src/Microsoft.AspNet.Security/Constants.cs
index 1758c84800..d1bc8f01e1 100644
--- a/src/Microsoft.AspNet.Security/Constants.cs
+++ b/src/Microsoft.AspNet.Security/Constants.cs
@@ -12,6 +12,6 @@ namespace Microsoft.AspNet.Security
         /// <summary>
         /// Used by middleware extension methods to coordinate the default value Options property SignInAsAuthenticationType
         /// </summary>
-        public const string DefaultSignInAsAuthenticationType = "Microsoft.AspNet.Security.Constants.DefaultSignInAsAuthenticationType";
+        internal const string DefaultSignInAsAuthenticationType = "Microsoft.AspNet.Security.DefaultSignInAsAuthenticationType";
     }
 }
diff --git a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
index 42f71728c4..050f9d24ee 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
new file mode 100644
index 0000000000..8538948783
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -0,0 +1,124 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Facebook
+{
+    public class FacebookMiddlewareTests
+    {
+        [Fact]
+        public async Task ChallengeWillTriggerApplyRedirectEvent()
+        {
+            var options = new FacebookAuthenticationOptions()
+            {
+                AppId = "Test App Id",
+                AppSecret = "Test App Secret",
+                Notifications = new FacebookAuthenticationNotifications
+                {
+                    OnApplyRedirect = context =>
+                    {
+                        context.Response.Redirect(context.RedirectUri + "&custom=test");
+                    }
+                }
+            };
+            var server = CreateServer(
+                app => app.UseFacebookAuthentication(options),
+                context =>
+                {
+                    context.Response.Challenge("Facebook");
+                    return true;
+                });
+            var transaction = await SendAsync(server, "http://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("custom=test");
+        }
+
+        [Fact]
+        public async Task ChallengeWillTriggerRedirection()
+        {
+            var server = CreateServer(
+                app => app.UseFacebookAuthentication("Test App Id", "Test App Secret"),
+                context =>
+                {
+                    context.Response.Challenge("Facebook");
+                    return true;
+                });
+            var transaction = await SendAsync(server, "http://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            location.ShouldContain("https://www.facebook.com/dialog/oauth");
+            location.ShouldContain("?response_type=code");
+            location.ShouldContain("&client_id=");
+            location.ShouldContain("&redirect_uri=");
+            location.ShouldContain("&scope=");
+            location.ShouldContain("&state=");
+        }
+
+        private static TestServer CreateServer(Action<IBuilder> configure, Func<HttpContext, bool> handler)
+        {
+            return TestServer.Create(app =>
+            {
+                app.SetDefaultSignInAsAuthenticationType("External");
+                app.UseCookieAuthentication(new CookieAuthenticationOptions()
+                {
+                    AuthenticationType = "External"
+                });
+                if (configure != null)
+                {
+                    configure(app);
+                }
+                app.Use(async (context, next) =>
+                {
+                    if (handler == null || !handler(context))
+                    {
+                        await next();
+                    }
+                });
+            });
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            return transaction;
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+            public IList<string> SetCookie { get; set; }
+            public string ResponseText { get; set; }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index b46b261dec..d45c84b1ff 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -3,9 +3,12 @@
     "warningsAsErrors": true
   },
   "dependencies": {
+    "Microsoft.AspNet.Http": "1.0.0-*",
     "Microsoft.AspNet.Security" : "",
     "Microsoft.AspNet.Security.Cookies" : "",
+    "Microsoft.AspNet.Security.Facebook" : "",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
     "System.Net.Http": "4.0.0.0",
     "Moq": "4.2.1312.1622",
     "Xunit.KRunner": "1.0.0-*"

From 0cc85f687ea15dcc3878048ba7a655e1221638bb Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 20 Aug 2014 15:18:29 -0700
Subject: [PATCH 056/900] Reacting to System.IO package version change

---
 src/Microsoft.AspNet.Security.Facebook/Project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.Facebook/Project.json b/src/Microsoft.AspNet.Security.Facebook/Project.json
index b70ab4b6a4..9f19015e3d 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/Project.json
@@ -24,7 +24,7 @@
                 "System.Diagnostics.Debug": "4.0.10.0",
                 "System.Diagnostics.Tools": "4.0.0.0",
                 "System.Globalization": "4.0.10.0",
-                "System.IO": "4.0.0.0",
+                "System.IO": "4.0.10.0",
                 "System.IO.Compression": "4.0.0.0",
                 "System.Linq": "4.0.0.0",
                 "System.Net.Http.WinHttpHandler": "4.0.0.0",

From 5577159453fd6f9313dc07aae21b12b79fb635e2 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 22 Aug 2014 13:39:47 -0700
Subject: [PATCH 057/900] #37 - Port the Google auth middleware from Katana.

---
 Security.sln                                  |  13 +
 samples/SocialSample/Project.json             |   1 +
 samples/SocialSample/Startup.cs               |  70 ++-
 .../CookieApplyRedirectContext.cs             |   2 +-
 .../CookieResponseSignInContext.cs            |   2 +-
 .../FacebookAuthenticationMiddleware.cs       |   3 +-
 .../GoogleAuthenticationDefaults.cs           |  10 +
 .../GoogleAuthenticationExtensions.cs         |  45 ++
 .../GoogleAuthenticationHandler.cs            | 313 ++++++++++
 .../GoogleAuthenticationMiddleware.cs         |  98 +++
 .../GoogleAuthenticationOptions.cs            | 110 ++++
 .../Microsoft.AspNet.Security.Google.kproj    |  28 +
 .../NotNullAttribute.cs                       |  12 +
 .../GoogleApplyRedirectContext.cs             |  43 ++
 .../GoogleAuthenticatedContext.cs             | 158 +++++
 .../GoogleAuthenticationNotifications.cs      |  69 +++
 .../GoogleReturnEndpointContext.cs            |  26 +
 .../IGoogleAuthenticationNotifications.cs     |  33 +
 .../Project.json                              |  44 ++
 .../Resources.Designer.cs                     |  81 +++
 .../Resources.resx                            | 126 ++++
 .../Infrastructure/AuthenticationHandler.cs   |   3 -
 .../Google/GoogleMiddlewareTests.cs           | 570 ++++++++++++++++++
 .../project.json                              |   7 +-
 24 files changed, 1854 insertions(+), 13 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
 create mode 100644 src/Microsoft.AspNet.Security.Google/NotNullAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Project.json
 create mode 100644 src/Microsoft.AspNet.Security.Google/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security.Google/Resources.resx
 create mode 100644 test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs

diff --git a/Security.sln b/Security.sln
index 0d249fe568..5ae54786fc 100644
--- a/Security.sln
+++ b/Security.sln
@@ -26,6 +26,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.F
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "SocialSample", "samples\SocialSample\SocialSample.kproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Google", "src\Microsoft.AspNet.Security.Google\Microsoft.AspNet.Security.Google.kproj", "{89BF8535-A849-458E-868A-A68FCF620486}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -96,6 +98,16 @@ Global
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x86.ActiveCfg = Release|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Any CPU.Build.0 = Release|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{89BF8535-A849-458E-868A-A68FCF620486}.Release|x86.ActiveCfg = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -107,5 +119,6 @@ Global
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{3984651C-FD44-4394-8793-3D14EE348C04} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{89BF8535-A849-458E-868A-A68FCF620486} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/SocialSample/Project.json b/samples/SocialSample/Project.json
index f5434cb1c4..525d9dd6a6 100644
--- a/samples/SocialSample/Project.json
+++ b/samples/SocialSample/Project.json
@@ -6,6 +6,7 @@
     "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
+    "Microsoft.AspNet.Security.Google": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*"
   },
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index aec06926ea..68dd967e40 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,7 +1,9 @@
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.Facebook;
+using Microsoft.AspNet.Security.Google;
 
 namespace CookieSample
 {
@@ -15,6 +17,7 @@ namespace CookieSample
 
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
             {
+                LoginPath = new PathString("/login"),
             });
 
             app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
@@ -23,16 +26,75 @@ namespace CookieSample
                 AppSecret = "a124463c4719c94b4228d9a240e5dc1a",
             });
 
-            app.Run(async context =>
+            app.UseGoogleAuthentication(new GoogleAuthenticationOptions()
+            {
+                ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
+                ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
+            });
+
+            // Choose an authentication type
+            app.Map("/login", signoutApp =>
+            {
+                signoutApp.Run(async context =>
+                {
+                    string authType = context.Request.Query["authtype"];
+                    if (!string.IsNullOrEmpty(authType))
+                    {
+                        // By default the client will be redirect back to the URL that issued the challenge (/login?authtype=foo),
+                        // send them to the home page instead (/).
+                        context.Response.Challenge(new AuthenticationProperties() { RedirectUri = "/" }, authType);
+                        return;
+                    }
+
+                    context.Response.ContentType = "text/html";
+                    await context.Response.WriteAsync("<html><body>");
+                    await context.Response.WriteAsync("Choose an authentication type: <br>");
+                    foreach (var type in context.GetAuthenticationTypes())
+                    {
+                        await context.Response.WriteAsync("<a href=\"?authtype=" + type.AuthenticationType + "\">" + (type.Caption ?? "(suppressed)") + "</a><br>");
+                    }
+                    await context.Response.WriteAsync("</body></html>");
+                });
+            });
+
+            // Sign-out to remove the user cookie.
+            app.Map("/logout", signoutApp =>
+            {
+                signoutApp.Run(async context =>
+                {
+                    context.Response.SignOut(CookieAuthenticationDefaults.AuthenticationType);
+                    context.Response.ContentType = "text/html";
+                    await context.Response.WriteAsync("<html><body>");
+                    await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
+                    await context.Response.WriteAsync("<a href=\"/\">Home</a>");
+                    await context.Response.WriteAsync("</body></html>");
+                });
+            });
+
+            // Deny anonymous request beyond this point.
+            app.Use(async (context, next) =>
             {
                 if (!context.User.Identity.IsAuthenticated)
                 {
-                    context.Response.Challenge("Facebook");
+                    // The cookie middleware will intercept this 401 and redirect to /login
+                    context.Response.Challenge();
                     return;
                 }
+                await next();
+            });
 
-                context.Response.ContentType = "text/plain";
-                await context.Response.WriteAsync("Hello " + context.User.Identity.Name);
+            // Display user information
+            app.Run(async context =>
+            {
+                context.Response.ContentType = "text/html";
+                await context.Response.WriteAsync("<html><body>");
+                await context.Response.WriteAsync("Hello " + context.User.Identity.Name + "<br>");
+                foreach (var claim in context.User.Claims)
+                {
+                    await context.Response.WriteAsync(claim.Type + ": " + claim.Value + "<br>");
+                }
+                await context.Response.WriteAsync("<a href=\"/logout\">Logout</a>");
+                await context.Response.WriteAsync("</body></html>");
             });
         }
     }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
index 28cdf713c9..34907eabab 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <summary>
         /// Creates a new context object.
         /// </summary>
-        /// <param name="context">The OWIN request context</param>
+        /// <param name="context">The HTTP request context</param>
         /// <param name="options">The cookie middleware options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
         [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "Represents header value")]
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
index 598f985f54..28b47c6fe2 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <summary>
         /// Creates a new instance of the context object.
         /// </summary>
-        /// <param name="context">The OWIN request context</param>
+        /// <param name="context">The HTTP request context</param>
         /// <param name="options">The middleware options</param>
         /// <param name="authenticationType">Initializes AuthenticationType property</param>
         /// <param name="identity">Initializes Identity property</param>
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index 895c7b08d8..5a3ef41e63 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -26,12 +26,13 @@ namespace Microsoft.AspNet.Security.Facebook
         /// Initializes a <see cref="FacebookAuthenticationMiddleware"/>
         /// </summary>
         /// <param name="next">The next middleware in the application pipeline to invoke</param>
+        /// <param name="dataProtectionProvider"></param>
+        /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware</param>
         public FacebookAuthenticationMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IServiceProvider services,
             FacebookAuthenticationOptions options)
             : base(next, options)
         {
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
new file mode 100644
index 0000000000..b135063840
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Google
+{
+    public static class GoogleAuthenticationDefaults
+    {
+        public const string AuthenticationType = "Google";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
new file mode 100644
index 0000000000..1203735352
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
@@ -0,0 +1,45 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.Google;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods for using <see cref="GoogleAuthenticationMiddleware"/>
+    /// </summary>
+    public static class GoogleAuthenticationExtensions
+    {
+        /// <summary>
+        /// Authenticate users using Google OAuth 2.0
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="clientId">The google assigned client id</param>
+        /// <param name="clientSecret">The google assigned client secret</param>
+        /// <returns>The updated <see cref="IAppBuilder"/></returns>
+        public static IBuilder UseGoogleAuthentication([NotNull] this IBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
+        {
+            return app.UseGoogleAuthentication(
+                new GoogleAuthenticationOptions
+                {
+                    ClientId = clientId,
+                    ClientSecret = clientSecret
+                });
+        }
+
+        /// <summary>
+        /// Authenticate users using Google OAuth 2.0
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="options">Middleware configuration options</param>
+        /// <returns>The updated <see cref="IBuilder"/></returns>
+        public static IBuilder UseGoogleAuthentication([NotNull] this IBuilder app, [NotNull] GoogleAuthenticationOptions options)
+        {
+            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
+            {
+                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
+            }
+            return app.UseMiddleware<GoogleAuthenticationMiddleware>(options);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
new file mode 100644
index 0000000000..fe2a4feab9
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
@@ -0,0 +1,313 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Logging;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    internal class GoogleAuthenticationHandler : AuthenticationHandler<GoogleAuthenticationOptions>
+    {
+        private const string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
+        private const string UserInfoEndpoint = "https://www.googleapis.com/plus/v1/people/me";
+        private const string AuthorizeEndpoint = "https://accounts.google.com/o/oauth2/auth";
+
+        private readonly ILogger _logger;
+        private readonly HttpClient _httpClient;
+
+        public GoogleAuthenticationHandler(HttpClient httpClient, ILogger logger)
+        {
+            _httpClient = httpClient;
+            _logger = logger;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().Result;
+        }
+
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            AuthenticationProperties properties = null;
+
+            try
+            {
+                string code = null;
+                string state = null;
+
+                IReadableStringCollection query = Request.Query;
+                IList<string> values = query.GetValues("code");
+                if (values != null && values.Count == 1)
+                {
+                    code = values[0];
+                }
+                values = query.GetValues("state");
+                if (values != null && values.Count == 1)
+                {
+                    state = values[0];
+                }
+
+                properties = Options.StateDataFormat.Unprotect(state);
+                if (properties == null)
+                {
+                    return null;
+                }
+
+                // OAuth2 10.12 CSRF
+                if (!ValidateCorrelationId(properties, _logger))
+                {
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                string requestPrefix = Request.Scheme + "://" + Request.Host;
+                string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
+
+                // Build up the body for the token request
+                var body = new List<KeyValuePair<string, string>>();
+                body.Add(new KeyValuePair<string, string>("grant_type", "authorization_code"));
+                body.Add(new KeyValuePair<string, string>("code", code));
+                body.Add(new KeyValuePair<string, string>("redirect_uri", redirectUri));
+                body.Add(new KeyValuePair<string, string>("client_id", Options.ClientId));
+                body.Add(new KeyValuePair<string, string>("client_secret", Options.ClientSecret));
+
+                // Request the token
+                HttpResponseMessage tokenResponse =
+                    await _httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body));
+                tokenResponse.EnsureSuccessStatusCode();
+                string text = await tokenResponse.Content.ReadAsStringAsync();
+
+                // Deserializes the token response
+                JObject response = JObject.Parse(text);
+                string accessToken = response.Value<string>("access_token");
+                string expires = response.Value<string>("expires_in");
+                string refreshToken = response.Value<string>("refresh_token");
+
+                if (string.IsNullOrWhiteSpace(accessToken))
+                {
+                    _logger.WriteWarning("Access token was not found");
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                // Get the Google user
+                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, UserInfoEndpoint);
+                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
+                HttpResponseMessage graphResponse = await _httpClient.SendAsync(request, Context.RequestAborted);
+                graphResponse.EnsureSuccessStatusCode();
+                text = await graphResponse.Content.ReadAsStringAsync();
+                JObject user = JObject.Parse(text);
+
+                var context = new GoogleAuthenticatedContext(Context, user, accessToken, refreshToken, expires);
+                context.Identity = new ClaimsIdentity(
+                    Options.AuthenticationType,
+                    ClaimsIdentity.DefaultNameClaimType,
+                    ClaimsIdentity.DefaultRoleClaimType);
+                if (!string.IsNullOrEmpty(context.Id))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, 
+                        ClaimValueTypes.String, Options.AuthenticationType));
+                }
+                if (!string.IsNullOrEmpty(context.GivenName))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName, 
+                        ClaimValueTypes.String, Options.AuthenticationType));
+                }
+                if (!string.IsNullOrEmpty(context.FamilyName))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName,
+                        ClaimValueTypes.String, Options.AuthenticationType));
+                }                
+                if (!string.IsNullOrEmpty(context.Name))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String,
+                        Options.AuthenticationType));
+                }
+                if (!string.IsNullOrEmpty(context.Email))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, 
+                        Options.AuthenticationType));
+                }
+                
+                if (!string.IsNullOrEmpty(context.Profile))
+                {
+                    context.Identity.AddClaim(new Claim("urn:google:profile", context.Profile, ClaimValueTypes.String, 
+                        Options.AuthenticationType));
+                }
+                context.Properties = properties;
+
+                await Options.Notifications.Authenticated(context);
+
+                return new AuthenticationTicket(context.Identity, context.Properties);
+            }
+            catch (Exception ex)
+            {
+                _logger.WriteError("Authentication failed", ex);
+                return new AuthenticationTicket(null, properties);
+            }
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            if (Response.StatusCode != 401)
+            {
+                return;
+            }
+
+            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            {
+                return;
+            }
+
+            string baseUri =
+                Request.Scheme +
+                "://" +
+                Request.Host +
+                Request.PathBase;
+
+            string currentUri =
+                baseUri +
+                Request.Path +
+                Request.QueryString;
+
+            string redirectUri =
+                baseUri +
+                Options.CallbackPath;
+
+            AuthenticationProperties properties;
+            if (ChallengeContext == null)
+            {
+                properties = new AuthenticationProperties();
+            }
+            else
+            {
+                properties = new AuthenticationProperties(ChallengeContext.Properties);
+            }
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = currentUri;
+            }
+
+            // OAuth2 10.12 CSRF
+            GenerateCorrelationId(properties);
+
+            var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+            queryStrings.Add("response_type", "code");
+            queryStrings.Add("client_id", Options.ClientId);
+            queryStrings.Add("redirect_uri", redirectUri);
+
+            // space separated
+            string scope = string.Join(" ", Options.Scope);
+            if (string.IsNullOrEmpty(scope))
+            {
+                // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to 
+                // "openid profile email" to get basic user information.
+                scope = "openid profile email";
+            }
+            AddQueryString(queryStrings, properties, "scope", scope);
+
+            AddQueryString(queryStrings, properties, "access_type", Options.AccessType);
+            AddQueryString(queryStrings, properties, "approval_prompt");
+            AddQueryString(queryStrings, properties, "login_hint");
+
+            string state = Options.StateDataFormat.Protect(properties);
+            queryStrings.Add("state", state);
+
+            string authorizationEndpoint = QueryHelpers.AddQueryString(AuthorizeEndpoint, queryStrings);
+
+            var redirectContext = new GoogleApplyRedirectContext(
+                Context, Options,
+                properties, authorizationEndpoint);
+            Options.Notifications.ApplyRedirect(redirectContext);
+        }
+
+        public override async Task<bool> InvokeAsync()
+        {
+            return await InvokeReplyPathAsync();
+        }
+
+        private async Task<bool> InvokeReplyPathAsync()
+        {
+            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
+            {
+                // TODO: error responses
+
+                AuthenticationTicket ticket = await AuthenticateAsync();
+                if (ticket == null)
+                {
+                    _logger.WriteWarning("Invalid return state, unable to redirect.");
+                    Response.StatusCode = 500;
+                    return true;
+                }
+
+                var context = new GoogleReturnEndpointContext(Context, ticket);
+                context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
+                context.RedirectUri = ticket.Properties.RedirectUri;
+
+                await Options.Notifications.ReturnEndpoint(context);
+
+                if (context.SignInAsAuthenticationType != null &&
+                    context.Identity != null)
+                {
+                    ClaimsIdentity grantIdentity = context.Identity;
+                    if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
+                    {
+                        grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
+                    }
+                    Context.Response.SignIn(context.Properties, grantIdentity);
+                }
+
+                if (!context.IsRequestCompleted && context.RedirectUri != null)
+                {
+                    string redirectUri = context.RedirectUri;
+                    if (context.Identity == null)
+                    {
+                        // add a redirect hint that sign-in failed in some way
+                        redirectUri = QueryHelpers.AddQueryString(redirectUri, "error", "access_denied");
+                    }
+                    Response.Redirect(redirectUri);
+                    context.RequestCompleted();
+                }
+
+                return context.IsRequestCompleted;
+            }
+            return false;
+        }
+
+        private static void AddQueryString(IDictionary<string, string> queryStrings, AuthenticationProperties properties,
+            string name, string defaultValue = null)
+        {
+            string value;
+            if (!properties.Dictionary.TryGetValue(name, out value))
+            {
+                value = defaultValue;
+            }
+            else
+            {
+                // Remove the parameter from AuthenticationProperties so it won't be serialized to state parameter
+                properties.Dictionary.Remove(name);
+            }
+
+            if (value == null)
+            {
+                return;
+            }
+
+            queryStrings[name] = value;
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            // N/A - No SignIn or SignOut support.
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..15c5c2a79c
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -0,0 +1,98 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Globalization;
+using System.Net.Http;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    /// <summary>
+    /// ASP.NET middleware for authenticating users using Google OAuth 2.0
+    /// </summary>
+    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
+    public class GoogleAuthenticationMiddleware : AuthenticationMiddleware<GoogleAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+        private readonly HttpClient _httpClient;
+
+        /// <summary>
+        /// Initializes a <see cref="GoogleAuthenticationMiddleware"/>
+        /// </summary>
+        /// <param name="next">The next middleware in the HTTP pipeline to invoke</param>
+        /// <param name="dataProtectionProvider"></param>
+        /// <param name="loggerFactory"></param>
+        /// <param name="options">Configuration options for the middleware</param>
+        public GoogleAuthenticationMiddleware(
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            GoogleAuthenticationOptions options)
+            : base(next, options)
+        {
+            if (string.IsNullOrWhiteSpace(Options.ClientId))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
+            }
+            if (string.IsNullOrWhiteSpace(Options.ClientSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientSecret"));
+            }
+
+            _logger = loggerFactory.Create(typeof(GoogleAuthenticationMiddleware).FullName);
+
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new GoogleAuthenticationNotifications();
+            }
+            if (Options.StateDataFormat == null)
+            {
+                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                    typeof(GoogleAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
+                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+
+            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+            _httpClient.Timeout = Options.BackchannelTimeout;
+            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+        }
+
+        /// <summary>
+        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// </summary>
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="GoogleAuthenticationOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<GoogleAuthenticationOptions> CreateHandler()
+        {
+            return new GoogleAuthenticationHandler(_httpClient, _logger);
+        }
+
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        private static HttpMessageHandler ResolveHttpMessageHandler(GoogleAuthenticationOptions options)
+        {
+            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+#if NET45
+                new WebRequestHandler();
+            // If they provided a validator, apply it or fail.
+            if (options.BackchannelCertificateValidator != null)
+            {
+                // Set the cert validate callback
+                var webRequestHandler = handler as WebRequestHandler;
+                if (webRequestHandler == null)
+                {
+                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                }
+                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
+            }
+#else
+                new WinHttpHandler();
+#endif
+            return handler;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
new file mode 100644
index 0000000000..fd7b069990
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
@@ -0,0 +1,110 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    /// <summary>
+    /// Configuration options for <see cref="GoogleAuthenticationMiddleware"/>
+    /// </summary>
+    public class GoogleAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// Initializes a new <see cref="GoogleAuthenticationOptions"/>
+        /// </summary>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", 
+            MessageId = "Microsoft.AspNet.Security.Google.GoogleAuthenticationOptions.set_Caption(System.String)", 
+            Justification = "Not localizable.")]
+        public GoogleAuthenticationOptions()
+            : base(GoogleAuthenticationDefaults.AuthenticationType)
+        {
+            Caption = GoogleAuthenticationDefaults.AuthenticationType;
+            CallbackPath = new PathString("/signin-google");
+            AuthenticationMode = AuthenticationMode.Passive;
+            Scope = new List<string>();
+            BackchannelTimeout = TimeSpan.FromSeconds(60);
+        }
+
+        /// <summary>
+        /// Gets or sets the Google-assigned client id
+        /// </summary>
+        public string ClientId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Google-assigned client secret
+        /// </summary>
+        public string ClientSecret { get; set; }
+#if NET45
+        /// <summary>
+        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
+        /// in back channel communications belong to Google.
+        /// </summary>
+        /// <value>
+        /// The pinned certificate validator.
+        /// </value>
+        /// <remarks>If this property is null then the default certificate checks are performed,
+        /// validating the subject name and if the signing chain is a trusted party.</remarks>
+        public ICertificateValidator BackchannelCertificateValidator { get; set; }
+#endif
+        /// <summary>
+        /// Gets or sets timeout value in milliseconds for back channel communications with Google.
+        /// </summary>
+        /// <value>
+        /// The back channel timeout in milliseconds.
+        /// </value>
+        public TimeSpan BackchannelTimeout { get; set; }
+
+        /// <summary>
+        /// The HttpMessageHandler used to communicate with Google.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
+        /// can be downcast to a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// Get or sets the text that the user can display on a sign in user interface.
+        /// </summary>
+        public string Caption
+        {
+            get { return Description.Caption; }
+            set { Description.Caption = value; }
+        }
+
+        /// <summary>
+        /// The request path within the application's base path where the user-agent will be returned.
+        /// The middleware will process this request when it arrives.
+        /// Default value is "/signin-google".
+        /// </summary>
+        public PathString CallbackPath { get; set; }
+
+        /// <summary>
+        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// </summary>
+        public string SignInAsAuthenticationType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="IGoogleAuthenticationNotifications"/> used to handle authentication events.
+        /// </summary>
+        public IGoogleAuthenticationNotifications Notifications { get; set; }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data handled by the middleware.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+
+        /// <summary>
+        /// A list of permissions to request.
+        /// </summary>
+        public IList<string> Scope { get; private set; }
+
+        /// <summary>
+        /// access_type. Set to 'offline' to request a refresh token.
+        /// </summary>
+        public string AccessType { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj b/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
new file mode 100644
index 0000000000..111093c645
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>89bf8535-a849-458e-868a-a68fcf620486</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="$(OutputType) == 'Console'">
+    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="$(OutputType) == 'Web'">
+    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Google/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.Google/NotNullAttribute.cs
new file mode 100644
index 0000000000..e87e361e4d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
new file mode 100644
index 0000000000..ac020b5639
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
@@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    /// <summary>
+    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware
+    /// </summary>
+    public class GoogleApplyRedirectContext : BaseContext<GoogleAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context">The HTTP request context</param>
+        /// <param name="options">The Google OAuth 2.0 middleware options</param>
+        /// <param name="properties">The authenticaiton properties of the challenge</param>
+        /// <param name="redirectUri">The initial redirect URI</param>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "3#",
+            Justification = "Represents header value")]
+        public GoogleApplyRedirectContext(HttpContext context, GoogleAuthenticationOptions options, 
+            AuthenticationProperties properties, string redirectUri)
+            : base(context, options)
+        {
+            RedirectUri = redirectUri;
+            Properties = properties;
+        }
+
+        /// <summary>
+        /// Gets the URI used for the redirect operation.
+        /// </summary>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Represents header value")]
+        public string RedirectUri { get; private set; }
+
+        /// <summary>
+        /// Gets the authenticaiton properties of the challenge
+        /// </summary>
+        public AuthenticationProperties Properties { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
new file mode 100644
index 0000000000..ca89962769
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
@@ -0,0 +1,158 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    /// <summary>
+    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+    /// </summary>
+    public class GoogleAuthenticatedContext : BaseContext
+    {
+        /// <summary>
+        /// Initializes a <see cref="GoogleAuthenticatedContext"/>
+        /// </summary>
+        /// <param name="context">The HTTP environment</param>
+        /// <param name="user">The JSON-serialized Google user info</param>
+        /// <param name="accessToken">Google OAuth 2.0 access token</param>
+        /// <param name="refreshToken">Goolge OAuth 2.0 refresh token</param>
+        /// <param name="expires">Seconds until expiration</param>
+        public GoogleAuthenticatedContext(HttpContext context, JObject user, string accessToken, 
+            string refreshToken, string expires)
+            : base(context)
+        {
+            User = user;
+            AccessToken = accessToken;
+            RefreshToken = refreshToken;
+
+            int expiresValue;
+            if (Int32.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
+            {
+                ExpiresIn = TimeSpan.FromSeconds(expiresValue);
+            }
+
+            Id = TryGetValue(user, "id");
+            Name = TryGetValue(user, "displayName");
+            GivenName = TryGetValue(user, "name", "givenName");
+            FamilyName = TryGetValue(user, "name", "familyName");
+            Profile = TryGetValue(user, "url");
+            Email = TryGetFirstValue(user, "emails", "value");
+        }
+
+        /// <summary>
+        /// Gets the JSON-serialized user
+        /// </summary>
+        /// <remarks>
+        /// Contains the Google user obtained from the endpoint https://www.googleapis.com/oauth2/v3/userinfo
+        /// </remarks>
+        public JObject User { get; private set; }
+
+        /// <summary>
+        /// Gets the Google access token
+        /// </summary>
+        public string AccessToken { get; private set; }
+
+        /// <summary>
+        /// Gets the Google refresh token
+        /// </summary>
+        /// <remarks>
+        /// This value is not null only when access_type authorize parameter is offline.
+        /// </remarks>
+        public string RefreshToken { get; private set; }
+
+        /// <summary>
+        /// Gets the Google access token expiration time
+        /// </summary>
+        public TimeSpan? ExpiresIn { get; set; }
+
+        /// <summary>
+        /// Gets the Google user ID
+        /// </summary>
+        public string Id { get; private set; }
+
+        /// <summary>
+        /// Gets the user's name
+        /// </summary>
+        public string Name { get; private set; }
+
+        /// <summary>
+        /// Gets the user's given name
+        /// </summary>
+        public string GivenName { get; set; }
+
+        /// <summary>
+        /// Gets the user's family name
+        /// </summary>
+        public string FamilyName { get; set; }
+
+        /// <summary>
+        /// Gets the user's profile link
+        /// </summary>
+        public string Profile { get; private set; }
+
+        /// <summary>
+        /// Gets the user's email
+        /// </summary>
+        public string Email { get; private set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user
+        /// </summary>
+        public ClaimsIdentity Identity { get; set; }
+
+        /// <summary>
+        /// Gets or sets a property bag for common authentication properties
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+
+        private static string TryGetValue(JObject user, string propertyName)
+        {
+            JToken value;
+            return user.TryGetValue(propertyName, out value) ? value.ToString() : null;
+        }
+
+        // Get the given subProperty from a property.
+        private static string TryGetValue(JObject user, string propertyName, string subProperty)
+        {
+            JToken value;
+            if (user.TryGetValue(propertyName, out value))
+            {
+                var subObject = JObject.Parse(value.ToString());
+                if (subObject != null && subObject.TryGetValue(subProperty, out value))
+                {
+                    return value.ToString();
+                }
+            }
+            return null;
+        }
+
+        // Get the given subProperty from a list property.
+        private static string TryGetFirstValue(JObject user, string propertyName, string subProperty)
+        {
+            JToken value;
+            if (user.TryGetValue(propertyName, out value))
+            {
+                var array = JArray.Parse(value.ToString());
+                if (array != null && array.Count > 0)
+                {
+                    var subObject = JObject.Parse(array.First.ToString());
+                    if (subObject != null)
+                    {
+                        if (subObject.TryGetValue(subProperty, out value))
+                        {
+                            return value.ToString();
+                        }
+                    }
+                }
+            }
+            return null;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
new file mode 100644
index 0000000000..af93619ed4
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    /// <summary>
+    /// Default <see cref="IGoogleAuthenticationNotifications"/> implementation.
+    /// </summary>
+    public class GoogleAuthenticationNotifications : IGoogleAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a <see cref="GoogleAuthenticationNotifications"/>
+        /// </summary>
+        public GoogleAuthenticationNotifications()
+        {
+            OnAuthenticated = context => Task.FromResult<object>(null);
+            OnReturnEndpoint = context => Task.FromResult<object>(null);
+            OnApplyRedirect = context =>
+                context.Response.Redirect(context.RedirectUri);
+        }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
+        /// </summary>
+        public Func<GoogleAuthenticatedContext, Task> OnAuthenticated { get; set; }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
+        /// </summary>
+        public Func<GoogleReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
+        /// </summary>
+        public Action<GoogleApplyRedirectContext> OnApplyRedirect { get; set; }
+
+        /// <summary>
+        /// Invoked whenever Google succesfully authenticates a user
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task Authenticated(GoogleAuthenticatedContext context)
+        {
+            return OnAuthenticated(context);
+        }
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context">Contains context information and authentication ticket of the return endpoint.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task ReturnEndpoint(GoogleReturnEndpointContext context)
+        {
+            return OnReturnEndpoint(context);
+        }
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        public virtual void ApplyRedirect(GoogleApplyRedirectContext context)
+        {
+            OnApplyRedirect(context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
new file mode 100644
index 0000000000..7172455ad2
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    /// <summary>
+    /// Provides context information to middleware notifications.
+    /// </summary>
+    public class GoogleReturnEndpointContext : ReturnEndpointContext
+    {
+        /// <summary>
+        /// Initialize a <see cref="GoogleReturnEndpointContext"/>
+        /// </summary>
+        /// <param name="context">HTTP environment</param>
+        /// <param name="ticket">The authentication ticket</param>
+        public GoogleReturnEndpointContext(
+            HttpContext context,
+            AuthenticationTicket ticket)
+            : base(context, ticket)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
new file mode 100644
index 0000000000..7bf9a34ab3
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    /// <summary>
+    /// Specifies callback methods which the <see cref="GoogleAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// </summary>
+    public interface IGoogleAuthenticationNotifications
+    {
+        /// <summary>
+        /// Invoked whenever Google succesfully authenticates a user
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task Authenticated(GoogleAuthenticatedContext context);
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context">Contains context information and authentication ticket of the return endpoint.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ReturnEndpoint(GoogleReturnEndpointContext context);
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        void ApplyRedirect(GoogleApplyRedirectContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Project.json b/src/Microsoft.AspNet.Security.Google/Project.json
new file mode 100644
index 0000000000..9f19015e3d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Project.json
@@ -0,0 +1,44 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Http": "1.0.0-*",
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Newtonsoft.Json": "5.0.8",
+        "System.Net.Http": "4.0.0.0"
+    },
+    "frameworks": {
+        "net45": {
+            "dependencies": {
+                "System.Net.Http.WebRequest": ""
+            }
+        },
+        "k10": {
+            "dependencies": {
+                "System.Collections": "4.0.10.0",
+                "System.ComponentModel": "4.0.0.0",
+                "System.Console": "4.0.0.0",
+                "System.Diagnostics.Debug": "4.0.10.0",
+                "System.Diagnostics.Tools": "4.0.0.0",
+                "System.Globalization": "4.0.10.0",
+                "System.IO": "4.0.10.0",
+                "System.IO.Compression": "4.0.0.0",
+                "System.Linq": "4.0.0.0",
+                "System.Net.Http.WinHttpHandler": "4.0.0.0",
+                "System.Reflection": "4.0.10.0",
+                "System.Resources.ResourceManager": "4.0.0.0",
+                "System.Runtime": "4.0.20.0",
+                "System.Runtime.Extensions": "4.0.10.0",
+                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
+                "System.Security.Principal": "4.0.0.0",
+                "System.Threading": "4.0.0.0",
+                "System.Threading.Tasks": "4.0.10.0"
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Resources.Designer.cs b/src/Microsoft.AspNet.Security.Google/Resources.Designer.cs
new file mode 100644
index 0000000000..235dcbeef7
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Resources.Designer.cs
@@ -0,0 +1,81 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.34003
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.Google {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Google.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided {
+            get {
+                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch {
+            get {
+                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Google/Resources.resx b/src/Microsoft.AspNet.Security.Google/Resources.resx
new file mode 100644
index 0000000000..2a19bea96a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Google/Resources.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 57c1931f9c..7970caa3a2 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -351,9 +351,6 @@ namespace Microsoft.AspNet.Security.Infrastructure
             Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
         }
 
-        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters",
-            MessageId = "Microsoft.Owin.Logging.LoggerExtensions.WriteWarning(Microsoft.Owin.Logging.ILogger,System.String,System.String[])",
-            Justification = "Logging is not Localized")]
         protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties, [NotNull] ILogger logger)
         {
             string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
new file mode 100644
index 0000000000..9dff1506d5
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -0,0 +1,570 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.TestHost;
+using Newtonsoft.Json;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Google
+{
+    public class GoogleMiddlewareTests
+    {
+        private const string CookieAuthenticationType = "Cookie";
+
+        [Fact]
+        public async Task ChallengeWillTriggerRedirection()
+        {
+            var server = CreateServer(new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
+            });
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.ToString();
+            location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
+            location.ShouldContain("&client_id=");
+            location.ShouldContain("&redirect_uri=");
+            location.ShouldContain("&scope=");
+            location.ShouldContain("&state=");
+
+            location.ShouldNotContain("access_type=");
+            location.ShouldNotContain("approval_prompt=");
+            location.ShouldNotContain("login_hint=");
+        }
+
+        [Fact]
+        public async Task Challenge401WillTriggerRedirection()
+        {
+            var server = CreateServer(new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                AuthenticationMode = AuthenticationMode.Active,
+            });
+            var transaction = await SendAsync(server, "https://example.com/401");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.ToString();
+            location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
+            location.ShouldContain("&client_id=");
+            location.ShouldContain("&redirect_uri=");
+            location.ShouldContain("&scope=");
+            location.ShouldContain("&state=");
+        }
+
+        [Fact]
+        public async Task ChallengeWillSetCorrelationCookie()
+        {
+            var server = CreateServer(new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
+            });
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            Console.WriteLine(transaction.SetCookie);
+            transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
+        }
+
+        [Fact]
+        public async Task Challenge401WillSetCorrelationCookie()
+        {
+            var server = CreateServer(new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                AuthenticationMode = AuthenticationMode.Active,
+            });
+            var transaction = await SendAsync(server, "https://example.com/401");
+            Console.WriteLine(transaction.SetCookie);
+            transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
+        }
+
+        [Fact]
+        public async Task ChallengeWillSetDefaultScope()
+        {
+            var server = CreateServer(new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
+            });
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
+        }
+
+        [Fact]
+        public async Task Challenge401WillSetDefaultScope()
+        {
+            var server = CreateServer(new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                AuthenticationMode = AuthenticationMode.Active,
+            });
+            var transaction = await SendAsync(server, "https://example.com/401");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
+        }
+
+        [Fact]
+        public async Task ChallengeWillUseOptionsScope()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+            };
+            options.Scope.Add("https://www.googleapis.com/auth/plus.login");
+            var server = CreateServer(options);
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("&scope=" + Uri.EscapeDataString("https://www.googleapis.com/auth/plus.login"));
+        }
+
+        [Fact]
+        public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
+            };
+            var server = CreateServer(options,
+                context =>
+                {
+                    var req = context.Request;
+                    var res = context.Response;
+                    if (req.Path == new PathString("/challenge2"))
+                    {
+                        res.Challenge(new AuthenticationProperties(
+                            new Dictionary<string, string>() 
+                            {
+                                { "scope", "https://www.googleapis.com/auth/plus.login" },
+                                { "access_type", "offline" },
+                                { "approval_prompt", "force" },
+                                { "login_hint", "test@example.com" }
+                            }), "Google");
+                        res.StatusCode = 401;
+                    }
+
+                    return Task.FromResult<object>(null);
+                });
+            var transaction = await SendAsync(server, "https://example.com/challenge2");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("scope=" + Uri.EscapeDataString("https://www.googleapis.com/auth/plus.login"));
+            query.ShouldContain("access_type=offline");
+            query.ShouldContain("approval_prompt=force");
+            query.ShouldContain("login_hint=" + Uri.EscapeDataString("test@example.com"));
+        }
+
+        [Fact]
+        public async Task ChallengeWillTriggerApplyRedirectEvent()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                Notifications = new GoogleAuthenticationNotifications
+                {
+                    OnApplyRedirect = context =>
+                        {
+                            context.Response.Redirect(context.RedirectUri + "&custom=test");
+                        }
+                }
+            };
+            var server = CreateServer(options);
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("custom=test");
+        }
+
+        [Fact]
+        public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
+            };
+            var server = CreateServer(options);
+            var transaction = await SendAsync(server, "https://example.com/signin-google?code=TestCode");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.InternalServerError);
+        }
+
+        [Fact]
+        public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = async req =>
+                        {
+                            if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                            {
+                                return await ReturnJsonResponse(new
+                                {
+                                    access_token = "Test Access Token",
+                                    expire_in = 3600,
+                                    token_type = "Bearer"
+                                });
+                            }
+                            else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                            {
+                                return await ReturnJsonResponse(new
+                                {
+                                    id = "Test User ID",
+                                    displayName = "Test Name",
+                                    name = new
+                                    {
+                                        familyName = "Test Family Name",
+                                        givenName = "Test Given Name"
+                                    },
+                                    url = "Profile link",
+                                    emails = new[]
+                                    {
+                                        new
+                                        {
+                                            value = "Test email",
+                                            type = "account"
+                                        }
+                                    }
+                                });
+                            }
+
+                            return null;
+                        }
+                }
+            };
+            var server = CreateServer(options);
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationValue = "TestCorrelationId";
+            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = options.StateDataFormat.Protect(properties);
+            var transaction = await SendAsync(server, 
+                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                correlationKey + "=" + correlationValue);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            transaction.SetCookie.Count.ShouldBe(2);
+            transaction.SetCookie[0].ShouldContain(correlationKey);
+            transaction.SetCookie[1].ShouldContain(".AspNet.Cookie");
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await SendAsync(server, "https://example.com/me", authCookie);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            transaction.FindClaimValue(ClaimTypes.Name).ShouldBe("Test Name");
+            transaction.FindClaimValue(ClaimTypes.NameIdentifier).ShouldBe("Test User ID");
+            transaction.FindClaimValue(ClaimTypes.GivenName).ShouldBe("Test Given Name");
+            transaction.FindClaimValue(ClaimTypes.Surname).ShouldBe("Test Family Name");
+            transaction.FindClaimValue(ClaimTypes.Email).ShouldBe("Test email");
+        }
+
+        [Fact]
+        public async Task ReplyPathWillRejectIfCodeIsInvalid()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                    {
+                        return Task.FromResult(new HttpResponseMessage(HttpStatusCode.BadRequest));
+                    }
+                }
+            };
+            var server = CreateServer(options);
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationValue = "TestCorrelationId";
+            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = options.StateDataFormat.Protect(properties);
+            var transaction = await SendAsync(server,
+                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                correlationKey + "=" + correlationValue);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.ToString().ShouldContain("error=access_denied");
+        }
+
+        [Fact]
+        public async Task ReplyPathWillRejectIfAccessTokenIsMissing()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = async req =>
+                    {
+                        return await ReturnJsonResponse(new object());
+                    }
+                }
+            };
+            var server = CreateServer(options);
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationValue = "TestCorrelationId";
+            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = options.StateDataFormat.Protect(properties);
+            var transaction = await SendAsync(server,
+                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                correlationKey + "=" + correlationValue);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.ToString().ShouldContain("error=access_denied");
+        }
+
+        [Fact]
+        public async Task AuthenticatedEventCanGetRefreshToken()
+        {
+            var options = new GoogleAuthenticationOptions()
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = async req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                        {
+                            return await ReturnJsonResponse(new
+                            {
+                                access_token = "Test Access Token",
+                                expire_in = 3600,
+                                token_type = "Bearer",
+                                refresh_token = "Test Refresh Token"
+                            });
+                        }
+                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        {
+                            return await ReturnJsonResponse(new
+                            {
+                                id = "Test User ID",
+                                displayName = "Test Name",
+                                name = new
+                                {
+                                    familyName = "Test Family Name",
+                                    givenName = "Test Given Name"
+                                },
+                                url = "Profile link",
+                                emails = new[]
+                                    {
+                                        new
+                                        {
+                                            value = "Test email",
+                                            type = "account"
+                                        }
+                                    }
+                            });
+                        }
+
+                        return null;
+                    }
+                },
+                Notifications = new GoogleAuthenticationNotifications()
+                {
+                    OnAuthenticated = context =>
+                        {
+                            var refreshToken = context.RefreshToken;
+                            context.Identity.AddClaim(new Claim("RefreshToken", refreshToken));
+                            return Task.FromResult<object>(null);
+                        }
+                }
+            };
+            var server = CreateServer(options);
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationValue = "TestCorrelationId";
+            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = options.StateDataFormat.Protect(properties);
+            var transaction = await SendAsync(server,
+                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                correlationKey + "=" + correlationValue);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            transaction.SetCookie.Count.ShouldBe(2);
+            transaction.SetCookie[0].ShouldContain(correlationKey);
+            transaction.SetCookie[1].ShouldContain(".AspNet.Cookie");
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await SendAsync(server, "https://example.com/me", authCookie);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
+        }
+
+        private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
+        {
+            var res = new HttpResponseMessage(HttpStatusCode.OK);
+            var text = await JsonConvert.SerializeObjectAsync(content);
+            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
+            return res;
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        private static TestServer CreateServer(GoogleAuthenticationOptions options, Func<HttpContext, Task> testpath = null)
+        {
+            return TestServer.Create(app =>
+            {
+                app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationType);
+                app.UseCookieAuthentication(new CookieAuthenticationOptions()
+                    {
+                        AuthenticationType = CookieAuthenticationType
+                    });
+                app.UseGoogleAuthentication(options);
+                app.Use(async (context, next) =>
+                {
+                    var req = context.Request;
+                    var res = context.Response;
+                    if (req.Path == new PathString("/challenge"))
+                    {
+                        res.Challenge("Google");
+                        res.StatusCode = 401;
+                    }
+                    else if (req.Path == new PathString("/me"))
+                    {
+                        Describe(res, (ClaimsIdentity)context.User.Identity);
+                    }
+                    else if (req.Path == new PathString("/401"))
+                    {
+                        res.StatusCode = 401;
+                    }
+                    else if (testpath != null)
+                    {
+                        await testpath(context);
+                    }
+                    else
+                    {
+                        await next();
+                    }
+                });
+            });
+        }
+
+        private static void Describe(HttpResponse res, ClaimsIdentity identity)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (identity != null)
+            {
+                xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+
+        private class TestHttpMessageHandler : HttpMessageHandler
+        {
+            public Func<HttpRequestMessage, Task<HttpResponseMessage>> Sender { get; set; }
+
+            protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+            {
+                if (Sender != null)
+                {
+                    return await Sender(request);
+                }
+
+                return null;
+            }
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+
+            public IList<string> SetCookie { get; set; }
+
+            public string ResponseText { get; set; }
+            public XElement ResponseElement { get; set; }
+
+            public string AuthenticationCookieValue
+            {
+                get
+                {
+                    if (SetCookie != null && SetCookie.Count > 0)
+                    {
+                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet.Cookie="));
+                        if (authCookie != null)
+                        {
+                            return authCookie.Substring(0, authCookie.IndexOf(';'));
+                        }
+                    }
+
+                    return null;
+                }
+            }
+
+            public string FindClaimValue(string claimType)
+            {
+                XElement claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+                if (claim == null)
+                {
+                    return null;
+                }
+                return claim.Attribute("value").Value;
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index d45c84b1ff..542d5ee259 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -4,9 +4,10 @@
   },
   "dependencies": {
     "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.Security" : "",
-    "Microsoft.AspNet.Security.Cookies" : "",
-    "Microsoft.AspNet.Security.Facebook" : "",
+    "Microsoft.AspNet.Security" : "1.0.0-*",
+    "Microsoft.AspNet.Security.Cookies" : "1.0.0-*",
+    "Microsoft.AspNet.Security.Facebook" : "1.0.0-*",
+    "Microsoft.AspNet.Security.Google" : "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",
     "System.Net.Http": "4.0.0.0",

From b9eb7ba28210528d1af66c377c967644ac582716 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 25 Aug 2014 13:50:34 -0700
Subject: [PATCH 058/900] #38 - Port the Twitter middleware from katana

---
 Security.sln                                  |  13 +
 samples/SocialSample/Project.json             |   1 +
 samples/SocialSample/Startup.cs               |   7 +
 .../Messages/AccessToken.cs                   |  21 +
 .../Messages/RequestToken.cs                  |  30 ++
 .../Messages/RequestTokenSerializer.cs        |  93 +++++
 .../Messages/Serializers.cs                   |  23 ++
 .../Microsoft.AspNet.Security.Twitter.kproj   |  28 ++
 .../NotNullAttribute.cs                       |  12 +
 .../ITwitterAuthenticationNotifications.cs    |  33 ++
 .../TwitterApplyRedirectContext.cs            |  40 ++
 .../TwitterAuthenticatedContext.cs            |  68 ++++
 .../TwitterAuthenticationNotifications.cs     |  68 ++++
 .../TwitterReturnEndpointContext.cs           |  26 ++
 .../Project.json                              |  44 ++
 .../Resources.Designer.cs                     |  81 ++++
 .../Resources.resx                            | 126 ++++++
 .../TwitterAuthenticationDefaults.cs          |  10 +
 .../TwitterAuthenticationExtensions.cs        |  45 ++
 .../TwitterAuthenticationHandler.cs           | 384 ++++++++++++++++++
 .../TwitterAuthenticationMiddleware.cs        | 106 +++++
 .../TwitterAuthenticationOptions.cs           | 107 +++++
 .../DataHandler/Serializer/DataSerializers.cs |   4 +-
 .../Twitter/TwitterMiddlewareTests.cs         | 183 +++++++++
 .../project.json                              |   1 +
 25 files changed, 1552 insertions(+), 2 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Messages/AccessToken.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Messages/RequestToken.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Messages/RequestTokenSerializer.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Messages/Serializers.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticatedContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterReturnEndpointContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Project.json
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/Resources.resx
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs

diff --git a/Security.sln b/Security.sln
index 5ae54786fc..976cfd4ea6 100644
--- a/Security.sln
+++ b/Security.sln
@@ -28,6 +28,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "SocialSample", "samples\Soc
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Google", "src\Microsoft.AspNet.Security.Google\Microsoft.AspNet.Security.Google.kproj", "{89BF8535-A849-458E-868A-A68FCF620486}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Twitter", "src\Microsoft.AspNet.Security.Twitter\Microsoft.AspNet.Security.Twitter.kproj", "{C96B77EA-4078-4C31-BDB2-878F11C5E061}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -108,6 +110,16 @@ Global
 		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{89BF8535-A849-458E-868A-A68FCF620486}.Release|x86.ActiveCfg = Release|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Any CPU.Build.0 = Release|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|x86.ActiveCfg = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -120,5 +132,6 @@ Global
 		{3984651C-FD44-4394-8793-3D14EE348C04} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{89BF8535-A849-458E-868A-A68FCF620486} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{C96B77EA-4078-4C31-BDB2-878F11C5E061} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/SocialSample/Project.json b/samples/SocialSample/Project.json
index 525d9dd6a6..1af9beef0a 100644
--- a/samples/SocialSample/Project.json
+++ b/samples/SocialSample/Project.json
@@ -7,6 +7,7 @@
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
     "Microsoft.AspNet.Security.Google": "1.0.0-*",
+    "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*"
   },
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 68dd967e40..bc2e967b3c 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -4,6 +4,7 @@ using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.Facebook;
 using Microsoft.AspNet.Security.Google;
+using Microsoft.AspNet.Security.Twitter;
 
 namespace CookieSample
 {
@@ -32,6 +33,12 @@ namespace CookieSample
                 ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
             });
 
+            app.UseTwitterAuthentication(new TwitterAuthenticationOptions()
+            {
+                ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g",
+                ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI",
+            });
+
             // Choose an authentication type
             app.Map("/login", signoutApp =>
             {
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/AccessToken.cs b/src/Microsoft.AspNet.Security.Twitter/Messages/AccessToken.cs
new file mode 100644
index 0000000000..f935da72a7
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Messages/AccessToken.cs
@@ -0,0 +1,21 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Twitter.Messages
+{
+    /// <summary>
+    /// The Twitter access token retrieved from the access token endpoint.
+    /// </summary>
+    public class AccessToken : RequestToken
+    {
+        /// <summary>
+        /// Gets or sets the Twitter User ID.
+        /// </summary>
+        public string UserId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Twitter screen name.
+        /// </summary>
+        public string ScreenName { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/RequestToken.cs b/src/Microsoft.AspNet.Security.Twitter/Messages/RequestToken.cs
new file mode 100644
index 0000000000..f801e555f7
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Messages/RequestToken.cs
@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http.Security;
+
+namespace Microsoft.AspNet.Security.Twitter.Messages
+{
+    /// <summary>
+    /// The Twitter request token obtained from the request token endpoint.
+    /// </summary>
+    public class RequestToken
+    {
+        /// <summary>
+        /// Gets or sets the Twitter request token.
+        /// </summary>
+        public string Token { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Twitter token secret.
+        /// </summary>
+        public string TokenSecret { get; set; }
+
+        public bool CallbackConfirmed { get; set; }
+
+        /// <summary>
+        /// Gets or sets a property bag for common authentication properties.
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNet.Security.Twitter/Messages/RequestTokenSerializer.cs
new file mode 100644
index 0000000000..725dcc341f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Messages/RequestTokenSerializer.cs
@@ -0,0 +1,93 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.IO;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.DataHandler.Serializer;
+
+namespace Microsoft.AspNet.Security.Twitter.Messages
+{
+    /// <summary>
+    /// Serializes and deserializes Twitter request and access tokens so that they can be used by other application components.
+    /// </summary>
+    public class RequestTokenSerializer : IDataSerializer<RequestToken>
+    {
+        private const int FormatVersion = 1;
+
+        /// <summary>
+        /// Serialize a request token.
+        /// </summary>
+        /// <param name="model">The token to serialize</param>
+        /// <returns>A byte array containing the serialized token</returns>
+        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
+        public virtual byte[] Serialize(RequestToken model)
+        {
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new BinaryWriter(memory))
+                {
+                    Write(writer, model);
+                    writer.Flush();
+                    return memory.ToArray();
+                }
+            }
+        }
+
+        /// <summary>
+        /// Deserializes a request token.
+        /// </summary>
+        /// <param name="data">A byte array containing the serialized token</param>
+        /// <returns>The Twitter request token</returns>
+        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
+        public virtual RequestToken Deserialize(byte[] data)
+        {
+            using (var memory = new MemoryStream(data))
+            {
+                using (var reader = new BinaryReader(memory))
+                {
+                    return Read(reader);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Writes a Twitter request token as a series of bytes. Used by the <see cref="Serialize"/> method.
+        /// </summary>
+        /// <param name="writer">The writer to use in writing the token</param>
+        /// <param name="token">The token to write</param>
+        public static void Write([NotNull] BinaryWriter writer, [NotNull] RequestToken token)
+        {
+            writer.Write(FormatVersion);
+            writer.Write(token.Token);
+            writer.Write(token.TokenSecret);
+            writer.Write(token.CallbackConfirmed);
+            PropertiesSerializer.Write(writer, token.Properties);
+        }
+
+        /// <summary>
+        /// Reads a Twitter request token from a series of bytes. Used by the <see cref="Deserialize"/> method.
+        /// </summary>
+        /// <param name="reader">The reader to use in reading the token bytes</param>
+        /// <returns>The token</returns>
+        public static RequestToken Read([NotNull] BinaryReader reader)
+        {
+            if (reader.ReadInt32() != FormatVersion)
+            {
+                return null;
+            }
+
+            string token = reader.ReadString();
+            string tokenSecret = reader.ReadString();
+            bool callbackConfirmed = reader.ReadBoolean();
+            AuthenticationProperties properties = PropertiesSerializer.Read(reader);
+            if (properties == null)
+            {
+                return null;
+            }
+
+            return new RequestToken { Token = token, TokenSecret = tokenSecret, CallbackConfirmed = callbackConfirmed, Properties = properties };
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/Serializers.cs b/src/Microsoft.AspNet.Security.Twitter/Messages/Serializers.cs
new file mode 100644
index 0000000000..3d2e1a458d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Messages/Serializers.cs
@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.DataHandler.Serializer;
+
+namespace Microsoft.AspNet.Security.Twitter.Messages
+{
+    /// <summary>
+    /// Provides access to a request token serializer.
+    /// </summary>
+    public static class Serializers
+    {
+        static Serializers()
+        {
+            RequestToken = new RequestTokenSerializer();
+        }
+
+        /// <summary>
+        /// Gets or sets a statically-avaliable serializer object. The value for this property will be <see cref="RequestTokenSerializer"/> by default.
+        /// </summary>
+        public static IDataSerializer<RequestToken> RequestToken { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj b/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
new file mode 100644
index 0000000000..48dfc30697
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>c96b77ea-4078-4c31-bdb2-878f11c5e061</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="$(OutputType) == 'Console'">
+    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="$(OutputType) == 'Web'">
+    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs
new file mode 100644
index 0000000000..0d6e98224d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/ITwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
new file mode 100644
index 0000000000..55fd548926
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    /// <summary>
+    /// Specifies callback methods which the <see cref="TwitterAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// </summary>
+    public interface ITwitterAuthenticationNotifications
+    {
+        /// <summary>
+        /// Invoked whenever Twitter succesfully authenticates a user
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task Authenticated(TwitterAuthenticatedContext context);
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ReturnEndpoint(TwitterReturnEndpointContext context);
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        void ApplyRedirect(TwitterApplyRedirectContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
new file mode 100644
index 0000000000..3d5ab80ffc
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
@@ -0,0 +1,40 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    /// <summary>
+    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
+    /// </summary>
+    public class TwitterApplyRedirectContext : BaseContext<TwitterAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context">The HTTP request context</param>
+        /// <param name="options">The Facebook middleware options</param>
+        /// <param name="properties">The authenticaiton properties of the challenge</param>
+        /// <param name="redirectUri">The initial redirect URI</param>
+        public TwitterApplyRedirectContext(HttpContext context, TwitterAuthenticationOptions options,
+            AuthenticationProperties properties, string redirectUri)
+            : base(context, options)
+        {
+            RedirectUri = redirectUri;
+            Properties = properties;
+        }
+
+        /// <summary>
+        /// Gets the URI used for the redirect operation.
+        /// </summary>
+        public string RedirectUri { get; private set; }
+
+        /// <summary>
+        /// Gets the authenticaiton properties of the challenge
+        /// </summary>
+        public AuthenticationProperties Properties { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticatedContext.cs
new file mode 100644
index 0000000000..0c050d9e8d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticatedContext.cs
@@ -0,0 +1,68 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    /// <summary>
+    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+    /// </summary>
+    public class TwitterAuthenticatedContext : BaseContext
+    {
+        /// <summary>
+        /// Initializes a <see cref="TwitterAuthenticatedContext"/>
+        /// </summary>
+        /// <param name="context">The HTTP environment</param>
+        /// <param name="userId">Twitter user ID</param>
+        /// <param name="screenName">Twitter screen name</param>
+        /// <param name="accessToken">Twitter access token</param>
+        /// <param name="accessTokenSecret">Twitter access token secret</param>
+        public TwitterAuthenticatedContext(
+            HttpContext context,
+            string userId,
+            string screenName,
+            string accessToken,
+            string accessTokenSecret)
+            : base(context)
+        {
+            UserId = userId;
+            ScreenName = screenName;
+            AccessToken = accessToken;
+            AccessTokenSecret = accessTokenSecret;
+        }
+
+        /// <summary>
+        /// Gets the Twitter user ID
+        /// </summary>
+        public string UserId { get; private set; }
+
+        /// <summary>
+        /// Gets the Twitter screen name
+        /// </summary>
+        public string ScreenName { get; private set; }
+
+        /// <summary>
+        /// Gets the Twitter access token
+        /// </summary>
+        public string AccessToken { get; private set; }
+
+        /// <summary>
+        /// Gets the Twitter access token secret
+        /// </summary>
+        public string AccessTokenSecret { get; private set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user
+        /// </summary>
+        public ClaimsIdentity Identity { get; set; }
+
+        /// <summary>
+        /// Gets or sets a property bag for common authentication properties
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticationNotifications.cs
new file mode 100644
index 0000000000..2c6ff19d5e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticationNotifications.cs
@@ -0,0 +1,68 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    /// <summary>
+    /// Default <see cref="ITwitterAuthenticationNotifications"/> implementation.
+    /// </summary>
+    public class TwitterAuthenticationNotifications : ITwitterAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a <see cref="TwitterAuthenticationNotifications"/>
+        /// </summary>
+        public TwitterAuthenticationNotifications()
+        {
+            OnAuthenticated = context => Task.FromResult<object>(null);
+            OnReturnEndpoint = context => Task.FromResult<object>(null);
+            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
+        }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
+        /// </summary>
+        public Func<TwitterAuthenticatedContext, Task> OnAuthenticated { get; set; }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
+        /// </summary>
+        public Func<TwitterReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
+        /// </summary>
+        public Action<TwitterApplyRedirectContext> OnApplyRedirect { get; set; }
+
+        /// <summary>
+        /// Invoked whenever Twitter succesfully authenticates a user
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task Authenticated(TwitterAuthenticatedContext context)
+        {
+            return OnAuthenticated(context);
+        }
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task ReturnEndpoint(TwitterReturnEndpointContext context)
+        {
+            return OnReturnEndpoint(context);
+        }
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        public virtual void ApplyRedirect(TwitterApplyRedirectContext context)
+        {
+            OnApplyRedirect(context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterReturnEndpointContext.cs
new file mode 100644
index 0000000000..e420b5d1fb
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterReturnEndpointContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    /// <summary>
+    /// Provides context information to middleware providers.
+    /// </summary>
+    public class TwitterReturnEndpointContext : ReturnEndpointContext
+    {
+        /// <summary>
+        /// Initializes a new <see cref="TwitterReturnEndpointContext"/>.
+        /// </summary>
+        /// <param name="context">HTTP environment</param>
+        /// <param name="ticket">The authentication ticket</param>
+        public TwitterReturnEndpointContext(
+            HttpContext context,
+            AuthenticationTicket ticket)
+            : base(context, ticket)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Project.json b/src/Microsoft.AspNet.Security.Twitter/Project.json
new file mode 100644
index 0000000000..9f19015e3d
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Project.json
@@ -0,0 +1,44 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Http": "1.0.0-*",
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Newtonsoft.Json": "5.0.8",
+        "System.Net.Http": "4.0.0.0"
+    },
+    "frameworks": {
+        "net45": {
+            "dependencies": {
+                "System.Net.Http.WebRequest": ""
+            }
+        },
+        "k10": {
+            "dependencies": {
+                "System.Collections": "4.0.10.0",
+                "System.ComponentModel": "4.0.0.0",
+                "System.Console": "4.0.0.0",
+                "System.Diagnostics.Debug": "4.0.10.0",
+                "System.Diagnostics.Tools": "4.0.0.0",
+                "System.Globalization": "4.0.10.0",
+                "System.IO": "4.0.10.0",
+                "System.IO.Compression": "4.0.0.0",
+                "System.Linq": "4.0.0.0",
+                "System.Net.Http.WinHttpHandler": "4.0.0.0",
+                "System.Reflection": "4.0.10.0",
+                "System.Resources.ResourceManager": "4.0.0.0",
+                "System.Runtime": "4.0.20.0",
+                "System.Runtime.Extensions": "4.0.10.0",
+                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
+                "System.Security.Principal": "4.0.0.0",
+                "System.Threading": "4.0.0.0",
+                "System.Threading.Tasks": "4.0.10.0"
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Resources.Designer.cs b/src/Microsoft.AspNet.Security.Twitter/Resources.Designer.cs
new file mode 100644
index 0000000000..deda3cc773
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Resources.Designer.cs
@@ -0,0 +1,81 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.32559
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.Twitter {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Twitter.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided {
+            get {
+                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch {
+            get {
+                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Resources.resx b/src/Microsoft.AspNet.Security.Twitter/Resources.resx
new file mode 100644
index 0000000000..2a19bea96a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/Resources.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationDefaults.cs
new file mode 100644
index 0000000000..1f29a04b1a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationDefaults.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    public static class TwitterAuthenticationDefaults
+    {
+        public const string AuthenticationType = "Twitter";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
new file mode 100644
index 0000000000..250c721cba
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
@@ -0,0 +1,45 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.Twitter;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods for using <see cref="TwitterAuthenticationMiddleware"/>
+    /// </summary>
+    public static class TwitterAuthenticationExtensions
+    {
+        /// <summary>
+        /// Authenticate users using Twitter
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="consumerKey">The Twitter-issued consumer key</param>
+        /// <param name="consumerSecret">The Twitter-issued consumer secret</param>
+        /// <returns>The updated <see cref="IBuilder"/></returns>
+        public static IBuilder UseTwitterAuthentication([NotNull] this IBuilder app, [NotNull] string consumerKey, [NotNull] string consumerSecret)
+        {
+            return app.UseTwitterAuthentication(
+                new TwitterAuthenticationOptions
+                {
+                    ConsumerKey = consumerKey,
+                    ConsumerSecret = consumerSecret,
+                });
+        }
+
+        /// <summary>
+        /// Authenticate users using Twitter
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="options">Middleware configuration options</param>
+        /// <returns>The updated <see cref="IBuilder"/></returns>
+        public static IBuilder UseTwitterAuthentication([NotNull] this IBuilder app, [NotNull] TwitterAuthenticationOptions options)
+        {
+            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
+            {
+                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
+            }
+            return app.UseMiddleware<TwitterAuthenticationMiddleware>(options);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
new file mode 100644
index 0000000000..b24aa71c30
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -0,0 +1,384 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.Twitter.Messages;
+using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    internal class TwitterAuthenticationHandler : AuthenticationHandler<TwitterAuthenticationOptions>
+    {
+        private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
+        private const string StateCookie = "__TwitterState";
+        private const string RequestTokenEndpoint = "https://api.twitter.com/oauth/request_token";
+        private const string AuthenticationEndpoint = "https://twitter.com/oauth/authenticate?oauth_token=";
+        private const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
+
+        private readonly HttpClient _httpClient;
+        private readonly ILogger _logger;
+
+        public TwitterAuthenticationHandler(HttpClient httpClient, ILogger logger)
+        {
+            _httpClient = httpClient;
+            _logger = logger;
+        }
+
+        public override async Task<bool> InvokeAsync()
+        {
+            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
+            {
+                return await InvokeReturnPathAsync();
+            }
+            return false;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().Result;
+        }
+
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            AuthenticationProperties properties = null;
+            try
+            {
+                IReadableStringCollection query = Request.Query;
+                string protectedRequestToken = Request.Cookies[StateCookie];
+
+                RequestToken requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
+
+                if (requestToken == null)
+                {
+                    _logger.WriteWarning("Invalid state");
+                    return null;
+                }
+
+                properties = requestToken.Properties;
+
+                string returnedToken = query.Get("oauth_token");
+                if (string.IsNullOrWhiteSpace(returnedToken))
+                {
+                    _logger.WriteWarning("Missing oauth_token");
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                if (returnedToken != requestToken.Token)
+                {
+                    _logger.WriteWarning("Unmatched token");
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                string oauthVerifier = query.Get("oauth_verifier");
+                if (string.IsNullOrWhiteSpace(oauthVerifier))
+                {
+                    _logger.WriteWarning("Missing or blank oauth_verifier");
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                AccessToken accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
+
+                var context = new TwitterAuthenticatedContext(Context, accessToken.UserId, accessToken.ScreenName, accessToken.Token, accessToken.TokenSecret);
+
+                context.Identity = new ClaimsIdentity(
+                    new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
+                        new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
+                        new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
+                        new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)
+                    },
+                    Options.AuthenticationType,
+                    ClaimsIdentity.DefaultNameClaimType,
+                    ClaimsIdentity.DefaultRoleClaimType);
+                context.Properties = requestToken.Properties;
+
+                Response.Cookies.Delete(StateCookie);
+
+                await Options.Notifications.Authenticated(context);
+
+                return new AuthenticationTicket(context.Identity, context.Properties);
+            }
+            catch (Exception ex)
+            {
+                _logger.WriteError("Authentication failed", ex);
+                return new AuthenticationTicket(null, properties);
+            }
+        }
+        protected override void ApplyResponseChallenge()
+        {
+            ApplyResponseChallengeAsync().Wait();
+        }
+
+        protected override async Task ApplyResponseChallengeAsync()
+        {
+            if (Response.StatusCode != 401)
+            {
+                return;
+            }
+
+            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            {
+                return;
+            }
+
+            string requestPrefix = Request.Scheme + "://" + Request.Host;
+            string callBackUrl = requestPrefix + RequestPathBase + Options.CallbackPath;
+
+            AuthenticationProperties properties;
+            if (ChallengeContext == null)
+            {
+                properties = new AuthenticationProperties();
+            }
+            else
+            {
+                properties = new AuthenticationProperties(ChallengeContext.Properties);
+            }
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = requestPrefix + Request.PathBase + Request.Path + Request.QueryString;
+            }
+
+            RequestToken requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, callBackUrl, properties);
+
+            if (requestToken.CallbackConfirmed)
+            {
+                string twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
+
+                var cookieOptions = new CookieOptions
+                {
+                    HttpOnly = true,
+                    Secure = Request.IsSecure
+                };
+
+                Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
+
+                var redirectContext = new TwitterApplyRedirectContext(
+                    Context, Options,
+                    properties, twitterAuthenticationEndpoint);
+                Options.Notifications.ApplyRedirect(redirectContext);
+            }
+            else
+            {
+                _logger.WriteError("requestToken CallbackConfirmed!=true");
+            }
+        }
+
+        public async Task<bool> InvokeReturnPathAsync()
+        {
+            AuthenticationTicket model = await AuthenticateAsync();
+            if (model == null)
+            {
+                _logger.WriteWarning("Invalid return state, unable to redirect.");
+                Response.StatusCode = 500;
+                return true;
+            }
+
+            var context = new TwitterReturnEndpointContext(Context, model)
+            {
+                SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
+                RedirectUri = model.Properties.RedirectUri
+            };
+            model.Properties.RedirectUri = null;
+
+            await Options.Notifications.ReturnEndpoint(context);
+
+            if (context.SignInAsAuthenticationType != null && context.Identity != null)
+            {
+                ClaimsIdentity signInIdentity = context.Identity;
+                if (!string.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
+                {
+                    signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType);
+                }
+                Context.Response.SignIn(context.Properties, signInIdentity);
+            }
+
+            if (!context.IsRequestCompleted && context.RedirectUri != null)
+            {
+                if (context.Identity == null)
+                {
+                    // add a redirect hint that sign-in failed in some way
+                    context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
+                }
+                Response.Redirect(context.RedirectUri);
+                context.RequestCompleted();
+            }
+
+            return context.IsRequestCompleted;
+        }
+
+        private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
+        {
+            _logger.WriteVerbose("ObtainRequestToken");
+
+            string nonce = Guid.NewGuid().ToString("N");
+
+            var authorizationParts = new SortedDictionary<string, string>
+            {
+                { "oauth_callback", callBackUri },
+                { "oauth_consumer_key", consumerKey },
+                { "oauth_nonce", nonce },
+                { "oauth_signature_method", "HMAC-SHA1" },
+                { "oauth_timestamp", GenerateTimeStamp() },
+                { "oauth_version", "1.0" }
+            };
+
+            var parameterBuilder = new StringBuilder();
+            foreach (var authorizationKey in authorizationParts)
+            {
+                parameterBuilder.AppendFormat("{0}={1}&", Uri.EscapeDataString(authorizationKey.Key), Uri.EscapeDataString(authorizationKey.Value));
+            }
+            parameterBuilder.Length--;
+            string parameterString = parameterBuilder.ToString();
+
+            var canonicalizedRequestBuilder = new StringBuilder();
+            canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
+            canonicalizedRequestBuilder.Append("&");
+            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(RequestTokenEndpoint));
+            canonicalizedRequestBuilder.Append("&");
+            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(parameterString));
+
+            string signature = ComputeSignature(consumerSecret, null, canonicalizedRequestBuilder.ToString());
+            authorizationParts.Add("oauth_signature", signature);
+
+            var authorizationHeaderBuilder = new StringBuilder();
+            authorizationHeaderBuilder.Append("OAuth ");
+            foreach (var authorizationPart in authorizationParts)
+            {
+                authorizationHeaderBuilder.AppendFormat(
+                    "{0}=\"{1}\", ", authorizationPart.Key, Uri.EscapeDataString(authorizationPart.Value));
+            }
+            authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
+
+            var request = new HttpRequestMessage(HttpMethod.Post, RequestTokenEndpoint);
+            request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
+
+            HttpResponseMessage response = await _httpClient.SendAsync(request, Context.RequestAborted);
+            response.EnsureSuccessStatusCode();
+            string responseText = await response.Content.ReadAsStringAsync();
+
+            IFormCollection responseParameters = FormHelpers.ParseForm(responseText);
+            if (string.Equals(responseParameters["oauth_callback_confirmed"], "true", StringComparison.Ordinal))
+            {
+                return new RequestToken { Token = Uri.UnescapeDataString(responseParameters["oauth_token"]), TokenSecret = Uri.UnescapeDataString(responseParameters["oauth_token_secret"]), CallbackConfirmed = true, Properties = properties };
+            }
+
+            return new RequestToken();
+        }
+
+        private async Task<AccessToken> ObtainAccessTokenAsync(string consumerKey, string consumerSecret, RequestToken token, string verifier)
+        {
+            // https://dev.twitter.com/docs/api/1/post/oauth/access_token
+
+            _logger.WriteVerbose("ObtainAccessToken");
+
+            string nonce = Guid.NewGuid().ToString("N");
+
+            var authorizationParts = new SortedDictionary<string, string>
+            {
+                { "oauth_consumer_key", consumerKey },
+                { "oauth_nonce", nonce },
+                { "oauth_signature_method", "HMAC-SHA1" },
+                { "oauth_token", token.Token },
+                { "oauth_timestamp", GenerateTimeStamp() },
+                { "oauth_verifier", verifier },
+                { "oauth_version", "1.0" },
+            };
+
+            var parameterBuilder = new StringBuilder();
+            foreach (var authorizationKey in authorizationParts)
+            {
+                parameterBuilder.AppendFormat("{0}={1}&", Uri.EscapeDataString(authorizationKey.Key), Uri.EscapeDataString(authorizationKey.Value));
+            }
+            parameterBuilder.Length--;
+            string parameterString = parameterBuilder.ToString();
+
+            var canonicalizedRequestBuilder = new StringBuilder();
+            canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
+            canonicalizedRequestBuilder.Append("&");
+            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(AccessTokenEndpoint));
+            canonicalizedRequestBuilder.Append("&");
+            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(parameterString));
+
+            string signature = ComputeSignature(consumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
+            authorizationParts.Add("oauth_signature", signature);
+            authorizationParts.Remove("oauth_verifier");
+
+            var authorizationHeaderBuilder = new StringBuilder();
+            authorizationHeaderBuilder.Append("OAuth ");
+            foreach (var authorizationPart in authorizationParts)
+            {
+                authorizationHeaderBuilder.AppendFormat(
+                    "{0}=\"{1}\", ", authorizationPart.Key, Uri.EscapeDataString(authorizationPart.Value));
+            }
+            authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
+
+            var request = new HttpRequestMessage(HttpMethod.Post, AccessTokenEndpoint);
+            request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
+
+            var formPairs = new List<KeyValuePair<string, string>>()
+            {
+                new KeyValuePair<string, string>("oauth_verifier", verifier)
+            };
+
+            request.Content = new FormUrlEncodedContent(formPairs);
+
+            HttpResponseMessage response = await _httpClient.SendAsync(request, Context.RequestAborted);
+
+            if (!response.IsSuccessStatusCode)
+            {
+                _logger.WriteError("AccessToken request failed with a status code of " + response.StatusCode);
+                response.EnsureSuccessStatusCode(); // throw
+            }
+
+            string responseText = await response.Content.ReadAsStringAsync();
+
+            IFormCollection responseParameters = FormHelpers.ParseForm(responseText);
+
+            return new AccessToken
+            {
+                Token = Uri.UnescapeDataString(responseParameters["oauth_token"]),
+                TokenSecret = Uri.UnescapeDataString(responseParameters["oauth_token_secret"]),
+                UserId = Uri.UnescapeDataString(responseParameters["user_id"]),
+                ScreenName = Uri.UnescapeDataString(responseParameters["screen_name"])
+            };
+        }
+
+        private static string GenerateTimeStamp()
+        {
+            TimeSpan secondsSinceUnixEpocStart = DateTime.UtcNow - Epoch;
+            return Convert.ToInt64(secondsSinceUnixEpocStart.TotalSeconds).ToString(CultureInfo.InvariantCulture);
+        }
+
+        private static string ComputeSignature(string consumerSecret, string tokenSecret, string signatureData)
+        {
+            using (var algorithm = new HMACSHA1())
+            {
+                algorithm.Key = Encoding.ASCII.GetBytes(
+                    string.Format(CultureInfo.InvariantCulture,
+                        "{0}&{1}",
+                        Uri.EscapeDataString(consumerSecret),
+                        string.IsNullOrEmpty(tokenSecret) ? string.Empty : Uri.EscapeDataString(tokenSecret)));
+                byte[] hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(signatureData));
+                return Convert.ToBase64String(hash);
+            }
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            // N/A - No SignIn or SignOut support.
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..421a685575
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
@@ -0,0 +1,106 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Globalization;
+using System.Net.Http;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.Twitter.Messages;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    /// <summary>
+    /// ASP.NET middleware for authenticating users using Twitter
+    /// </summary>
+    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
+    public class TwitterAuthenticationMiddleware : AuthenticationMiddleware<TwitterAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+        private readonly HttpClient _httpClient;
+
+        /// <summary>
+        /// Initializes a <see cref="TwitterAuthenticationMiddleware"/>
+        /// </summary>
+        /// <param name="next">The next middleware in the HTTP pipeline to invoke</param>
+        /// <param name="dataProtectionProvider"></param>
+        /// <param name="loggerFactory"></param>
+        /// <param name="options">Configuration options for the middleware</param>
+        public TwitterAuthenticationMiddleware(
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            TwitterAuthenticationOptions options)
+            : base(next, options)
+        {
+            if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ConsumerSecret"));
+            }
+            if (string.IsNullOrWhiteSpace(Options.ConsumerKey))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ConsumerKey"));
+            }
+
+            _logger = loggerFactory.Create(typeof(TwitterAuthenticationMiddleware).FullName);
+
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new TwitterAuthenticationNotifications();
+            }
+            if (Options.StateDataFormat == null)
+            {
+                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                    typeof(TwitterAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
+                Options.StateDataFormat = new SecureDataFormat<RequestToken>(
+                    Serializers.RequestToken,
+                    dataProtector,
+                    TextEncodings.Base64Url);
+            }
+
+            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+            _httpClient.Timeout = Options.BackchannelTimeout;
+            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+            _httpClient.DefaultRequestHeaders.Accept.ParseAdd("*/*");
+            _httpClient.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Twitter middleware");
+            _httpClient.DefaultRequestHeaders.ExpectContinue = false;
+        }
+
+        /// <summary>
+        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// </summary>
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="TwitterAuthenticationOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<TwitterAuthenticationOptions> CreateHandler()
+        {
+            return new TwitterAuthenticationHandler(_httpClient, _logger);
+        }
+
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        private static HttpMessageHandler ResolveHttpMessageHandler(TwitterAuthenticationOptions options)
+        {
+            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+#if NET45
+                new WebRequestHandler();
+            // If they provided a validator, apply it or fail.
+            if (options.BackchannelCertificateValidator != null)
+            {
+                // Set the cert validate callback
+                var webRequestHandler = handler as WebRequestHandler;
+                if (webRequestHandler == null)
+                {
+                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                }
+                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
+            }
+#else
+                new WinHttpHandler();
+#endif
+            return handler;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
new file mode 100644
index 0000000000..fcf307d5c4
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
@@ -0,0 +1,107 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Http;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Twitter.Messages;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    /// <summary>
+    /// Options for the Twitter authentication middleware.
+    /// </summary>
+    public class TwitterAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="TwitterAuthenticationOptions"/> class.
+        /// </summary>
+        public TwitterAuthenticationOptions()
+            : base(TwitterAuthenticationDefaults.AuthenticationType)
+        {
+            Caption = TwitterAuthenticationDefaults.AuthenticationType;
+            CallbackPath = new PathString("/signin-twitter");
+            AuthenticationMode = AuthenticationMode.Passive;
+            BackchannelTimeout = TimeSpan.FromSeconds(60);
+#if NET45
+            // Twitter lists its valid Subject Key Identifiers at https://dev.twitter.com/docs/security/using-ssl
+            BackchannelCertificateValidator = new CertificateSubjectKeyIdentifierValidator(
+                new[]
+                {
+                    "A5EF0B11CEC04103A34A659048B21CE0572D7D47", // VeriSign Class 3 Secure Server CA - G2
+                    "0D445C165344C1827E1D20AB25F40163D8BE79A5", // VeriSign Class 3 Secure Server CA - G3
+                    "5F60CF619055DF8443148A602AB2F57AF44318EF", // Symantec Class 3 Secure Server CA - G4
+                });
+#endif
+        }
+
+        /// <summary>
+        /// Gets or sets the consumer key used to communicate with Twitter.
+        /// </summary>
+        /// <value>The consumer key used to communicate with Twitter.</value>
+        public string ConsumerKey { get; set; }
+
+        /// <summary>
+        /// Gets or sets the consumer secret used to sign requests to Twitter.
+        /// </summary>
+        /// <value>The consumer secret used to sign requests to Twitter.</value>
+        public string ConsumerSecret { get; set; }
+
+        /// <summary>
+        /// Gets or sets timeout value in milliseconds for back channel communications with Twitter.
+        /// </summary>
+        /// <value>
+        /// The back channel timeout.
+        /// </value>
+        public TimeSpan BackchannelTimeout { get; set; }
+#if NET45
+        /// <summary>
+        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
+        /// in back channel communications belong to Twitter.
+        /// </summary>
+        /// <value>
+        /// The pinned certificate validator.
+        /// </value>
+        /// <remarks>If this property is null then the default certificate checks are performed,
+        /// validating the subject name and if the signing chain is a trusted party.</remarks>
+        public ICertificateValidator BackchannelCertificateValidator { get; set; }
+#endif
+        /// <summary>
+        /// The HttpMessageHandler used to communicate with Twitter.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
+        /// can be downcast to a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// Get or sets the text that the user can display on a sign in user interface.
+        /// </summary>
+        public string Caption
+        {
+            get { return Description.Caption; }
+            set { Description.Caption = value; }
+        }
+
+        /// <summary>
+        /// The request path within the application's base path where the user-agent will be returned.
+        /// The middleware will process this request when it arrives.
+        /// Default value is "/signin-twitter".
+        /// </summary>
+        public PathString CallbackPath { get; set; }
+
+        /// <summary>
+        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// </summary>
+        public string SignInAsAuthenticationType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data handled by the middleware.
+        /// </summary>
+        public ISecureDataFormat<RequestToken> StateDataFormat { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="ITwitterAuthenticationProvider"/> used to handle authentication events.
+        /// </summary>
+        public ITwitterAuthenticationNotifications Notifications { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
index 476fe7bb7d..a1864b44d0 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
@@ -14,8 +14,8 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
             Ticket = new TicketSerializer();
         }
 
-        public static IDataSerializer<AuthenticationProperties> Properties { get; set; }
+        public static IDataSerializer<AuthenticationProperties> Properties { get; private set; }
 
-        public static IDataSerializer<AuthenticationTicket> Ticket { get; set; }
+        public static IDataSerializer<AuthenticationTicket> Ticket { get; private set; }
     }
 }
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
new file mode 100644
index 0000000000..d5eb56896b
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -0,0 +1,183 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.Twitter;
+using Microsoft.AspNet.TestHost;
+using Newtonsoft.Json;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Twitter
+{
+    public class TwitterMiddlewareTests
+    {
+        [Fact]
+        public async Task ChallengeWillTriggerApplyRedirectEvent()
+        {
+            var options = new TwitterAuthenticationOptions()
+            {
+                ConsumerKey = "Test Consumer Key",
+                ConsumerSecret = "Test Consumer Secret",
+                Notifications = new TwitterAuthenticationNotifications
+                {
+                    OnApplyRedirect = context =>
+                    {
+                        context.Response.Redirect(context.RedirectUri + "&custom=test");
+                    }
+                },
+                BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                        {
+                            if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
+                            {
+                                return Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
+                                {
+                                    Content =
+                                        new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
+                                            Encoding.UTF8,
+                                            "application/x-www-form-urlencoded")
+                                });
+                            }
+                            return Task.FromResult<HttpResponseMessage>(null);
+                        }
+                },
+                BackchannelCertificateValidator = null
+            };
+            var server = CreateServer(
+                app => app.UseTwitterAuthentication(options),
+                context =>
+                {
+                    context.Response.Challenge("Twitter");
+                    return true;
+                });
+            var transaction = await SendAsync(server, "http://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("custom=test");
+        }
+
+        [Fact]
+        public async Task ChallengeWillTriggerRedirection()
+        {
+            var options = new TwitterAuthenticationOptions()
+            {
+                ConsumerKey = "Test Consumer Key",
+                ConsumerSecret = "Test Consumer Secret",
+                BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
+                        {
+                            return Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
+                            {
+                                Content =
+                                    new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
+                                        Encoding.UTF8,
+                                        "application/x-www-form-urlencoded")
+                            });
+                        }
+                        return Task.FromResult<HttpResponseMessage>(null);
+                    }
+                },
+                BackchannelCertificateValidator = null
+            };
+            var server = CreateServer(
+                app => app.UseTwitterAuthentication(options),
+                context =>
+                {
+                    context.Response.Challenge("Twitter");
+                    return true;
+                });
+            var transaction = await SendAsync(server, "http://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            location.ShouldContain("https://twitter.com/oauth/authenticate?oauth_token=");
+        }
+
+        private static TestServer CreateServer(Action<IBuilder> configure, Func<HttpContext, bool> handler)
+        {
+            return TestServer.Create(app =>
+            {
+                app.SetDefaultSignInAsAuthenticationType("External");
+                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                {
+                    AuthenticationType = "External"
+                });
+                if (configure != null)
+                {
+                    configure(app);
+                }
+                app.Use(async (context, next) =>
+                {
+                    if (handler == null || !handler(context))
+                    {
+                        await next();
+                    }
+                });
+            });
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            return transaction;
+        }
+
+        private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
+        {
+            var res = new HttpResponseMessage(HttpStatusCode.OK);
+            var text = await JsonConvert.SerializeObjectAsync(content);
+            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
+            return res;
+        }
+
+        private class TestHttpMessageHandler : HttpMessageHandler
+        {
+            public Func<HttpRequestMessage, Task<HttpResponseMessage>> Sender { get; set; }
+
+            protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+            {
+                if (Sender != null)
+                {
+                    return await Sender(request);
+                }
+
+                return null;
+            }
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+            public IList<string> SetCookie { get; set; }
+            public string ResponseText { get; set; }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 542d5ee259..976f4ef7a1 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -8,6 +8,7 @@
     "Microsoft.AspNet.Security.Cookies" : "1.0.0-*",
     "Microsoft.AspNet.Security.Facebook" : "1.0.0-*",
     "Microsoft.AspNet.Security.Google" : "1.0.0-*",
+    "Microsoft.AspNet.Security.Twitter" : "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",
     "System.Net.Http": "4.0.0.0",

From 536da0666038d824d9f374ba26001f998f143cb3 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Thu, 28 Aug 2014 23:48:55 -0700
Subject: [PATCH 059/900] Updated to use the new target framework in
 project.json

---
 samples/CookieSample/project.json                   | 2 +-
 samples/SocialSample/Project.json                   | 2 +-
 src/Microsoft.AspNet.Security.Cookies/project.json  | 2 +-
 src/Microsoft.AspNet.Security.Facebook/Project.json | 2 +-
 src/Microsoft.AspNet.Security.Google/Project.json   | 2 +-
 src/Microsoft.AspNet.Security.Twitter/Project.json  | 2 +-
 src/Microsoft.AspNet.Security/project.json          | 2 +-
 test/Microsoft.AspNet.Security.Test/project.json    | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 85f8a1e331..c405745f10 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -15,7 +15,7 @@
   "frameworks": {
     "net45": {
     },
-    "k10": {
+    "aspnetcore50": {
       "dependencies": {
         "System.Collections": "4.0.10.0",
         "System.Console": "4.0.0.0",
diff --git a/samples/SocialSample/Project.json b/samples/SocialSample/Project.json
index 1af9beef0a..1dc7c69443 100644
--- a/samples/SocialSample/Project.json
+++ b/samples/SocialSample/Project.json
@@ -15,7 +15,7 @@
   "frameworks": {
     "net45": {
     },
-    "k10": {
+    "aspnetcore50": {
       "dependencies": {
         "System.Collections": "4.0.10.0",
         "System.Console": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 0336d73e9f..0a3d6d36db 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -14,7 +14,7 @@
   },
   "frameworks": {
     "net45": {},
-    "k10": {
+    "aspnetcore50": {
       "dependencies": {
         "System.Collections": "4.0.10.0",
         "System.ComponentModel": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.Facebook/Project.json b/src/Microsoft.AspNet.Security.Facebook/Project.json
index 9f19015e3d..608aa0b6d3 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/Project.json
@@ -16,7 +16,7 @@
                 "System.Net.Http.WebRequest": ""
             }
         },
-        "k10": {
+        "aspnetcore50": {
             "dependencies": {
                 "System.Collections": "4.0.10.0",
                 "System.ComponentModel": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.Google/Project.json b/src/Microsoft.AspNet.Security.Google/Project.json
index 9f19015e3d..608aa0b6d3 100644
--- a/src/Microsoft.AspNet.Security.Google/Project.json
+++ b/src/Microsoft.AspNet.Security.Google/Project.json
@@ -16,7 +16,7 @@
                 "System.Net.Http.WebRequest": ""
             }
         },
-        "k10": {
+        "aspnetcore50": {
             "dependencies": {
                 "System.Collections": "4.0.10.0",
                 "System.ComponentModel": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.Twitter/Project.json b/src/Microsoft.AspNet.Security.Twitter/Project.json
index 9f19015e3d..608aa0b6d3 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/Project.json
@@ -16,7 +16,7 @@
                 "System.Net.Http.WebRequest": ""
             }
         },
-        "k10": {
+        "aspnetcore50": {
             "dependencies": {
                 "System.Collections": "4.0.10.0",
                 "System.ComponentModel": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index e79296344e..f328ce7501 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -11,7 +11,7 @@
   },
   "frameworks": {
     "net45": {},
-    "k10": {
+    "aspnetcore50": {
       "dependencies": {
         "System.Collections": "4.0.10.0",
         "System.ComponentModel": "4.0.0.0",
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 976f4ef7a1..4da6822916 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -1,4 +1,4 @@
-{
+{
   "compilationOptions": {
     "warningsAsErrors": true
   },

From 3a3816af412b32ff6924d9f1c70f6875616dd06f Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 29 Aug 2014 13:19:18 -0700
Subject: [PATCH 060/900] #41 - Port MicrosoftAccount middleware from Katana.

---
 Security.sln                                  |  13 +
 samples/SocialSample/Project.json             |   1 +
 samples/SocialSample/Startup.cs               |  25 ++
 .../CookieAuthenticationMiddleware.cs         |   2 +-
 .../CookieAuthenticationOptions.cs            |   2 +-
 .../FacebookAuthenticationExtensions.cs       |  20 +-
 .../FacebookAuthenticationMiddleware.cs       |   8 +-
 .../FacebookAuthenticationOptions.cs          |   8 +-
 .../FacebookApplyRedirectContext.cs           |  12 +-
 .../FacebookAuthenticatedContext.cs           |  31 +-
 .../FacebookAuthenticationNotifications.cs    |  10 +-
 .../FacebookReturnEndpointContext.cs          |   6 +-
 .../IFacebookAuthenticationNotifications.cs   |   8 +-
 .../GoogleAuthenticationExtensions.cs         |  20 +-
 .../GoogleAuthenticationMiddleware.cs         |   8 +-
 .../GoogleAuthenticationOptions.cs            |   8 +-
 .../GoogleApplyRedirectContext.cs             |  12 +-
 .../GoogleAuthenticatedContext.cs             |  38 +--
 .../GoogleAuthenticationNotifications.cs      |  13 +-
 .../GoogleReturnEndpointContext.cs            |   6 +-
 .../IGoogleAuthenticationNotifications.cs     |   8 +-
 ...oft.AspNet.Security.MicrosoftAccount.kproj |  28 ++
 .../MicrosoftAccountAuthenticationDefaults.cs |  10 +
 ...icrosoftAccountAuthenticationExtensions.cs |  45 +++
 .../MicrosoftAccountAuthenticationHandler.cs  | 257 ++++++++++++++++
 ...icrosoftAccountAuthenticationMiddleware.cs |  98 ++++++
 .../MicrosoftAccountAuthenticationOptions.cs  | 106 +++++++
 .../NotNullAttribute.cs                       |  12 +
 ...osoftAccountAuthenticationNotifications.cs |  33 ++
 .../MicrosoftAccountApplyRedirectContext.cs   |  40 +++
 .../MicrosoftAccountAuthenticatedContext.cs   | 130 ++++++++
 ...osoftAccountAuthenticationNotifications.cs |  68 +++++
 .../MicrosoftAccountReturnEndpointContext.cs  |  26 ++
 .../Resources.Designer.cs                     |  90 ++++++
 .../Resources.resx                            | 129 ++++++++
 .../project.json                              |  46 +++
 .../TwitterApplyRedirectContext.cs            |  12 +-
 .../Resources.Designer.cs                     |   4 +-
 src/Microsoft.AspNet.Security/Resources.resx  |   4 +-
 .../MicrosoftAccountMiddlewareTests.cs        | 282 ++++++++++++++++++
 .../project.json                              |   1 +
 41 files changed, 1561 insertions(+), 119 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/NotNullAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.resx
 create mode 100644 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
 create mode 100644 test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs

diff --git a/Security.sln b/Security.sln
index 976cfd4ea6..be6636fe28 100644
--- a/Security.sln
+++ b/Security.sln
@@ -30,6 +30,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.G
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Twitter", "src\Microsoft.AspNet.Security.Twitter\Microsoft.AspNet.Security.Twitter.kproj", "{C96B77EA-4078-4C31-BDB2-878F11C5E061}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.MicrosoftAccount", "src\Microsoft.AspNet.Security.MicrosoftAccount\Microsoft.AspNet.Security.MicrosoftAccount.kproj", "{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -120,6 +122,16 @@ Global
 		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|x86.ActiveCfg = Release|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|x86.ActiveCfg = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -133,5 +145,6 @@ Global
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{89BF8535-A849-458E-868A-A68FCF620486} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{C96B77EA-4078-4C31-BDB2-878F11C5E061} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/SocialSample/Project.json b/samples/SocialSample/Project.json
index 1dc7c69443..8703a24bf7 100644
--- a/samples/SocialSample/Project.json
+++ b/samples/SocialSample/Project.json
@@ -7,6 +7,7 @@
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
     "Microsoft.AspNet.Security.Google": "1.0.0-*",
+    "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
     "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*"
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index bc2e967b3c..03435fe0f6 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -4,6 +4,7 @@ using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.Facebook;
 using Microsoft.AspNet.Security.Google;
+using Microsoft.AspNet.Security.MicrosoftAccount;
 using Microsoft.AspNet.Security.Twitter;
 
 namespace CookieSample
@@ -39,6 +40,30 @@ namespace CookieSample
                 ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI",
             });
 
+            /*
+            The MicrosoftAccount service has restrictions that prevent the use of http://localhost:12345/ for test applications.
+            As such, here is how to change this sample to uses http://mssecsample.localhost.this:12345/ instead.
+
+            Edit the Project.json file and replace http://localhost:12345/ with http://mssecsample.localhost.this:12345/.
+
+            From an admin command console first enter:
+             notepad C:\Windows\System32\drivers\etc\hosts
+            and add this to the file, save, and exit (and reboot?):
+             127.0.0.1 MsSecSample.localhost.this
+
+            Then you can choose to run the app as admin (see below) or add the following ACL as admin:
+             netsh http add urlacl url=http://mssecsample.localhost.this:12345/ user=[domain\user]
+
+            The sample app can then be run via:
+             k web
+            */
+            app.UseMicrosoftAccountAuthentication(new MicrosoftAccountAuthenticationOptions()
+            {
+                Caption = "MicrosoftAccount - Requires project changes",
+                ClientId = "00000000480FF62E",
+                ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
+            });
+
             // Choose an authentication type
             app.Map("/login", signoutApp =>
             {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 423ec040b8..6f2a5dec04 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -12,7 +12,7 @@ using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
-    internal class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
+    public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
     {
         private readonly ILogger _logger;
 
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index 60565c812f..8499fa33f6 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -125,7 +125,7 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <summary>
         /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
         /// cookie value. If it is not provided a default data handler is created using the data protection service contained
-        /// in the IAppBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET, 
+        /// in the IBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET, 
         /// and on DPAPI when running in a different process.
         /// </summary>
         public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
index cdaade1205..7f7cb4ebd9 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
@@ -6,17 +6,17 @@ using Microsoft.AspNet.Security.Facebook;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="FacebookAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="FacebookAuthenticationMiddleware"/>.
     /// </summary>
     public static class FacebookAuthenticationExtensions
     {
         /// <summary>
-        /// Authenticate users using Facebook
+        /// Authenticate users using Facebook.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
-        /// <param name="appId">The appId assigned by Facebook</param>
-        /// <param name="appSecret">The appSecret assigned by Facebook</param>
-        /// <returns>The updated <see cref="IBuilder"/></returns>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="appId">The appId assigned by Facebook.</param>
+        /// <param name="appSecret">The appSecret assigned by Facebook.</param>
+        /// <returns>The updated <see cref="IBuilder"/>.</returns>
         public static IBuilder UseFacebookAuthentication([NotNull] this IBuilder app, [NotNull] string appId, [NotNull] string appSecret)
         {
             return app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
@@ -27,11 +27,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Authenticate users using Facebook
+        /// Authenticate users using Facebook.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
-        /// <param name="options">Middleware configuration options</param>
-        /// <returns>The updated <see cref="IBuilder"/></returns>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="options">The middleware configuration options.</param>
+        /// <returns>The updated <see cref="IBuilder"/>.</returns>
         public static IBuilder UseFacebookAuthentication([NotNull] this IBuilder app, [NotNull] FacebookAuthenticationOptions options)
         {
             if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index 5a3ef41e63..af1da5c300 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -14,7 +14,7 @@ using Microsoft.Framework.Logging;
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
-    /// ASP.NET middleware for authenticating users using Facebook
+    /// An ASP.NET middleware for authenticating users using Facebook.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware is not disposable.")]
     public class FacebookAuthenticationMiddleware : AuthenticationMiddleware<FacebookAuthenticationOptions>
@@ -23,12 +23,12 @@ namespace Microsoft.AspNet.Security.Facebook
         private readonly HttpClient _httpClient;
 
         /// <summary>
-        /// Initializes a <see cref="FacebookAuthenticationMiddleware"/>
+        /// Initializes a new <see cref="FacebookAuthenticationMiddleware"/>.
         /// </summary>
-        /// <param name="next">The next middleware in the application pipeline to invoke</param>
+        /// <param name="next">The next middleware in the application pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
-        /// <param name="options">Configuration options for the middleware</param>
+        /// <param name="options">Configuration options for the middleware.</param>
         public FacebookAuthenticationMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
index 9832734460..1b9d2c145e 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
@@ -11,12 +11,12 @@ using Microsoft.AspNet.Http.Security;
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
-    /// Configuration options for <see cref="FacebookAuthenticationMiddleware"/>
+    /// Configuration options for <see cref="FacebookAuthenticationMiddleware"/>.
     /// </summary>
     public class FacebookAuthenticationOptions : AuthenticationOptions
     {
         /// <summary>
-        /// Initializes a new <see cref="FacebookAuthenticationOptions"/>
+        /// Initializes a new <see cref="FacebookAuthenticationOptions"/>.
         /// </summary>
         [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters",
             MessageId = "Microsoft.AspNet.Security.Facebook.FacebookAuthenticationOptions.set_Caption(System.String)", Justification = "Not localizable.")]
@@ -32,12 +32,12 @@ namespace Microsoft.AspNet.Security.Facebook
         }
 
         /// <summary>
-        /// Gets or sets the Facebook-assigned appId
+        /// Gets or sets the Facebook-assigned appId.
         /// </summary>
         public string AppId { get; set; }
 
         /// <summary>
-        /// Gets or sets the Facebook-assigned app secret
+        /// Gets or sets the Facebook-assigned app secret.
         /// </summary>
         public string AppSecret { get; set; }
 #if NET45
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
index 020e2d32ee..e3e1b35b3e 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
@@ -8,17 +8,17 @@ using Microsoft.AspNet.Security.Notifications;
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
-    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Facebook middleware
+    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Facebook middleware.
     /// </summary>
     public class FacebookApplyRedirectContext : BaseContext<FacebookAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new context object.
         /// </summary>
-        /// <param name="context">The http request context</param>
-        /// <param name="options">The Facebook middleware options</param>
-        /// <param name="properties">The authenticaiton properties of the challenge</param>
-        /// <param name="redirectUri">The initial redirect URI</param>
+        /// <param name="context">The http request context.</param>
+        /// <param name="options">The Facebook middleware options.</param>
+        /// <param name="properties">The authentication properties of the challenge.</param>
+        /// <param name="redirectUri">The initial redirect URI.</param>
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "3#",
             Justification = "Represents header value")]
         public FacebookApplyRedirectContext(HttpContext context, FacebookAuthenticationOptions options,
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Security.Facebook
         public string RedirectUri { get; private set; }
 
         /// <summary>
-        /// Gets the authentication properties of the challenge
+        /// Gets the authentication properties of the challenge.
         /// </summary>
         public AuthenticationProperties Properties { get; private set; }
     }
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
index c173dfde89..6797ed4959 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
@@ -17,12 +17,12 @@ namespace Microsoft.AspNet.Security.Facebook
     public class FacebookAuthenticatedContext : BaseContext
     {
         /// <summary>
-        /// Initializes a <see cref="FacebookAuthenticatedContext"/>
+        /// Initializes a new <see cref="FacebookAuthenticatedContext"/>.
         /// </summary>
-        /// <param name="context">The http environment</param>
-        /// <param name="user">The JSON-serialized user</param>
-        /// <param name="accessToken">Facebook Access token</param>
-        /// <param name="expires">Seconds until expiration</param>
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="user">The JSON-serialized user.</param>
+        /// <param name="accessToken">The Facebook Access token.</param>
+        /// <param name="expires">Seconds until expiration.</param>
         public FacebookAuthenticatedContext(HttpContext context, JObject user, string accessToken, string expires)
             : base(context)
         {
@@ -43,49 +43,52 @@ namespace Microsoft.AspNet.Security.Facebook
         }
 
         /// <summary>
-        /// Gets the JSON-serialized user
+        /// Gets the JSON-serialized user.
         /// </summary>
         public JObject User { get; private set; }
 
         /// <summary>
-        /// Gets the Facebook access token
+        /// Gets the Facebook access token.
         /// </summary>
         public string AccessToken { get; private set; }
 
         /// <summary>
-        /// Gets the Facebook access token expiration time
+        /// Gets the Facebook access token expiration time.
         /// </summary>
         public TimeSpan? ExpiresIn { get; set; }
 
         /// <summary>
-        /// Gets the Facebook user ID
+        /// Gets the Facebook user ID.
         /// </summary>
         public string Id { get; private set; }
 
         /// <summary>
-        /// Gets the user's name
+        /// Gets the user's name.
         /// </summary>
         public string Name { get; private set; }
 
+        /// <summary>
+        /// Gets the user's link.
+        /// </summary>
         public string Link { get; private set; }
 
         /// <summary>
-        /// Gets the Facebook username
+        /// Gets the Facebook username.
         /// </summary>
         public string UserName { get; private set; }
 
         /// <summary>
-        /// Gets the Facebook email
+        /// Gets the Facebook email.
         /// </summary>
         public string Email { get; private set; }
 
         /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
         /// </summary>
         public ClaimsIdentity Identity { get; set; }
 
         /// <summary>
-        /// Gets or sets a property bag for common authentication properties
+        /// Gets or sets a property bag for common authentication properties.
         /// </summary>
         public AuthenticationProperties Properties { get; set; }
 
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
index 22dbcfcc02..b9b33b1257 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
@@ -7,12 +7,12 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
-    /// Default <see cref="IFacebookAuthenticationProvider"/> implementation.
+    /// The default <see cref="IFacebookAuthenticationNotifications"/> implementation.
     /// </summary>
     public class FacebookAuthenticationNotifications : IFacebookAuthenticationNotifications
     {
         /// <summary>
-        /// Initializes a <see cref="FacebookAuthenticationNotifications"/>
+        /// Initializes a new <see cref="FacebookAuthenticationNotifications"/>.
         /// </summary>
         public FacebookAuthenticationNotifications()
         {
@@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Security.Facebook
         public Action<FacebookApplyRedirectContext> OnApplyRedirect { get; set; }
 
         /// <summary>
-        /// Invoked whenever Facebook succesfully authenticates a user
+        /// Invoked whenever Facebook succesfully authenticates a user.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
@@ -58,9 +58,9 @@ namespace Microsoft.AspNet.Security.Facebook
         }
 
         /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware.
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
         public virtual void ApplyRedirect(FacebookApplyRedirectContext context)
         {
             OnApplyRedirect(context);
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
index e32cad4ee2..29786a9068 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
@@ -7,15 +7,15 @@ using Microsoft.AspNet.Security.Notifications;
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
-    /// Provides context information to middleware providers.
+    /// Provides context information for notifications.
     /// </summary>
     public class FacebookReturnEndpointContext : ReturnEndpointContext
     {
         /// <summary>
         /// Creates a new context object.
         /// </summary>
-        /// <param name="context">The http environment</param>
-        /// <param name="ticket">The authentication ticket</param>
+        /// <param name="context">The http environment.</param>
+        /// <param name="ticket">The authentication ticket.</param>
         public FacebookReturnEndpointContext(
             HttpContext context,
             AuthenticationTicket ticket)
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
index 530ea65057..236cba3ac5 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
@@ -6,12 +6,12 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
-    /// Specifies callback methods which the <see cref="FacebookAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// Specifies callback methods which the <see cref="FacebookAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process.
     /// </summary>
     public interface IFacebookAuthenticationNotifications
     {
         /// <summary>
-        /// Invoked whenever Facebook succesfully authenticates a user
+        /// Invoked when Facebook succesfully authenticates a user.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
@@ -25,9 +25,9 @@ namespace Microsoft.AspNet.Security.Facebook
         Task ReturnEndpoint(FacebookReturnEndpointContext context);
 
         /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware.
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
         void ApplyRedirect(FacebookApplyRedirectContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
index 1203735352..cfac477731 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
@@ -6,17 +6,17 @@ using Microsoft.AspNet.Security.Google;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="GoogleAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="GoogleAuthenticationMiddleware"/>.
     /// </summary>
     public static class GoogleAuthenticationExtensions
     {
         /// <summary>
-        /// Authenticate users using Google OAuth 2.0
+        /// Authenticate users using Google OAuth 2.0.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
-        /// <param name="clientId">The google assigned client id</param>
-        /// <param name="clientSecret">The google assigned client secret</param>
-        /// <returns>The updated <see cref="IAppBuilder"/></returns>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="clientId">The google assigned client id.</param>
+        /// <param name="clientSecret">The google assigned client secret.</param>
+        /// <returns>The updated <see cref="IBuilder"/>.</returns>
         public static IBuilder UseGoogleAuthentication([NotNull] this IBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
         {
             return app.UseGoogleAuthentication(
@@ -28,11 +28,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Authenticate users using Google OAuth 2.0
+        /// Authenticate users using Google OAuth 2.0.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
-        /// <param name="options">Middleware configuration options</param>
-        /// <returns>The updated <see cref="IBuilder"/></returns>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="options">Middleware configuration options.</param>
+        /// <returns>The updated <see cref="IBuilder"/>.</returns>
         public static IBuilder UseGoogleAuthentication([NotNull] this IBuilder app, [NotNull] GoogleAuthenticationOptions options)
         {
             if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
index 15c5c2a79c..1105b149ba 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -14,7 +14,7 @@ using Microsoft.Framework.Logging;
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
-    /// ASP.NET middleware for authenticating users using Google OAuth 2.0
+    /// An ASP.NET middleware for authenticating users using Google OAuth 2.0.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class GoogleAuthenticationMiddleware : AuthenticationMiddleware<GoogleAuthenticationOptions>
@@ -23,12 +23,12 @@ namespace Microsoft.AspNet.Security.Google
         private readonly HttpClient _httpClient;
 
         /// <summary>
-        /// Initializes a <see cref="GoogleAuthenticationMiddleware"/>
+        /// Initializes a new <see cref="GoogleAuthenticationMiddleware"/>.
         /// </summary>
-        /// <param name="next">The next middleware in the HTTP pipeline to invoke</param>
+        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
-        /// <param name="options">Configuration options for the middleware</param>
+        /// <param name="options">Configuration options for the middleware.</param>
         public GoogleAuthenticationMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
index fd7b069990..f03b7d2efc 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
@@ -10,12 +10,12 @@ using Microsoft.AspNet.Http.Security;
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
-    /// Configuration options for <see cref="GoogleAuthenticationMiddleware"/>
+    /// Configuration options for <see cref="GoogleAuthenticationMiddleware"/>.
     /// </summary>
     public class GoogleAuthenticationOptions : AuthenticationOptions
     {
         /// <summary>
-        /// Initializes a new <see cref="GoogleAuthenticationOptions"/>
+        /// Initializes a new <see cref="GoogleAuthenticationOptions"/>.
         /// </summary>
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", 
             MessageId = "Microsoft.AspNet.Security.Google.GoogleAuthenticationOptions.set_Caption(System.String)", 
@@ -31,12 +31,12 @@ namespace Microsoft.AspNet.Security.Google
         }
 
         /// <summary>
-        /// Gets or sets the Google-assigned client id
+        /// Gets or sets the Google-assigned client id.
         /// </summary>
         public string ClientId { get; set; }
 
         /// <summary>
-        /// Gets or sets the Google-assigned client secret
+        /// Gets or sets the Google-assigned client secret.
         /// </summary>
         public string ClientSecret { get; set; }
 #if NET45
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
index ac020b5639..7df6358ddd 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
@@ -8,17 +8,17 @@ using Microsoft.AspNet.Security.Notifications;
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
-    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware
+    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware.
     /// </summary>
     public class GoogleApplyRedirectContext : BaseContext<GoogleAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new context object.
         /// </summary>
-        /// <param name="context">The HTTP request context</param>
-        /// <param name="options">The Google OAuth 2.0 middleware options</param>
-        /// <param name="properties">The authenticaiton properties of the challenge</param>
-        /// <param name="redirectUri">The initial redirect URI</param>
+        /// <param name="context">The HTTP request context.</param>
+        /// <param name="options">The Google OAuth 2.0 middleware options.</param>
+        /// <param name="properties">The authentication properties of the challenge.</param>
+        /// <param name="redirectUri">The initial redirect URI.</param>
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "3#",
             Justification = "Represents header value")]
         public GoogleApplyRedirectContext(HttpContext context, GoogleAuthenticationOptions options, 
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Security.Google
         public string RedirectUri { get; private set; }
 
         /// <summary>
-        /// Gets the authenticaiton properties of the challenge
+        /// Gets the authentication properties of the challenge.
         /// </summary>
         public AuthenticationProperties Properties { get; private set; }
     }
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
index ca89962769..84f535fb8d 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
@@ -17,13 +17,13 @@ namespace Microsoft.AspNet.Security.Google
     public class GoogleAuthenticatedContext : BaseContext
     {
         /// <summary>
-        /// Initializes a <see cref="GoogleAuthenticatedContext"/>
+        /// Initializes a new <see cref="GoogleAuthenticatedContext"/>.
         /// </summary>
-        /// <param name="context">The HTTP environment</param>
-        /// <param name="user">The JSON-serialized Google user info</param>
-        /// <param name="accessToken">Google OAuth 2.0 access token</param>
-        /// <param name="refreshToken">Goolge OAuth 2.0 refresh token</param>
-        /// <param name="expires">Seconds until expiration</param>
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="user">The JSON-serialized Google user info.</param>
+        /// <param name="accessToken">Google OAuth 2.0 access token.</param>
+        /// <param name="refreshToken">Goolge OAuth 2.0 refresh token.</param>
+        /// <param name="expires">Seconds until expiration.</param>
         public GoogleAuthenticatedContext(HttpContext context, JObject user, string accessToken, 
             string refreshToken, string expires)
             : base(context)
@@ -47,20 +47,20 @@ namespace Microsoft.AspNet.Security.Google
         }
 
         /// <summary>
-        /// Gets the JSON-serialized user
+        /// Gets the JSON-serialized user.
         /// </summary>
         /// <remarks>
-        /// Contains the Google user obtained from the endpoint https://www.googleapis.com/oauth2/v3/userinfo
+        /// Contains the Google user obtained from the userinfo endpoint.
         /// </remarks>
         public JObject User { get; private set; }
 
         /// <summary>
-        /// Gets the Google access token
+        /// Gets the Google access token.
         /// </summary>
         public string AccessToken { get; private set; }
 
         /// <summary>
-        /// Gets the Google refresh token
+        /// Gets the Google refresh token.
         /// </summary>
         /// <remarks>
         /// This value is not null only when access_type authorize parameter is offline.
@@ -68,47 +68,47 @@ namespace Microsoft.AspNet.Security.Google
         public string RefreshToken { get; private set; }
 
         /// <summary>
-        /// Gets the Google access token expiration time
+        /// Gets the Google access token expiration time.
         /// </summary>
         public TimeSpan? ExpiresIn { get; set; }
 
         /// <summary>
-        /// Gets the Google user ID
+        /// Gets the Google user ID.
         /// </summary>
         public string Id { get; private set; }
 
         /// <summary>
-        /// Gets the user's name
+        /// Gets the user's name.
         /// </summary>
         public string Name { get; private set; }
 
         /// <summary>
-        /// Gets the user's given name
+        /// Gets the user's given name.
         /// </summary>
         public string GivenName { get; set; }
 
         /// <summary>
-        /// Gets the user's family name
+        /// Gets the user's family name.
         /// </summary>
         public string FamilyName { get; set; }
 
         /// <summary>
-        /// Gets the user's profile link
+        /// Gets the user's profile link.
         /// </summary>
         public string Profile { get; private set; }
 
         /// <summary>
-        /// Gets the user's email
+        /// Gets the user's email.
         /// </summary>
         public string Email { get; private set; }
 
         /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
         /// </summary>
         public ClaimsIdentity Identity { get; set; }
 
         /// <summary>
-        /// Gets or sets a property bag for common authentication properties
+        /// Gets or sets a property bag for common authentication properties.
         /// </summary>
         public AuthenticationProperties Properties { get; set; }
 
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
index af93619ed4..36f9368953 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
@@ -7,19 +7,18 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
-    /// Default <see cref="IGoogleAuthenticationNotifications"/> implementation.
+    /// The default <see cref="IGoogleAuthenticationNotifications"/> implementation.
     /// </summary>
     public class GoogleAuthenticationNotifications : IGoogleAuthenticationNotifications
     {
         /// <summary>
-        /// Initializes a <see cref="GoogleAuthenticationNotifications"/>
+        /// Initializes a new <see cref="GoogleAuthenticationNotifications"/>.
         /// </summary>
         public GoogleAuthenticationNotifications()
         {
             OnAuthenticated = context => Task.FromResult<object>(null);
             OnReturnEndpoint = context => Task.FromResult<object>(null);
-            OnApplyRedirect = context =>
-                context.Response.Redirect(context.RedirectUri);
+            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
         }
 
         /// <summary>
@@ -38,7 +37,7 @@ namespace Microsoft.AspNet.Security.Google
         public Action<GoogleApplyRedirectContext> OnApplyRedirect { get; set; }
 
         /// <summary>
-        /// Invoked whenever Google succesfully authenticates a user
+        /// Invoked whenever Google succesfully authenticates a user.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
@@ -58,9 +57,9 @@ namespace Microsoft.AspNet.Security.Google
         }
 
         /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware.
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
         public virtual void ApplyRedirect(GoogleApplyRedirectContext context)
         {
             OnApplyRedirect(context);
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
index 7172455ad2..ce6a13742e 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
@@ -12,10 +12,10 @@ namespace Microsoft.AspNet.Security.Google
     public class GoogleReturnEndpointContext : ReturnEndpointContext
     {
         /// <summary>
-        /// Initialize a <see cref="GoogleReturnEndpointContext"/>
+        /// Initialize a <see cref="GoogleReturnEndpointContext"/>.
         /// </summary>
-        /// <param name="context">HTTP environment</param>
-        /// <param name="ticket">The authentication ticket</param>
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="ticket">The authentication ticket.</param>
         public GoogleReturnEndpointContext(
             HttpContext context,
             AuthenticationTicket ticket)
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
index 7bf9a34ab3..13930346c8 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
@@ -6,12 +6,12 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
-    /// Specifies callback methods which the <see cref="GoogleAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// Specifies callback methods which the <see cref="GoogleAuthenticationMiddleware" /> invokes to enable developer control over the authentication process.
     /// </summary>
     public interface IGoogleAuthenticationNotifications
     {
         /// <summary>
-        /// Invoked whenever Google succesfully authenticates a user
+        /// Invoked whenever Google succesfully authenticates a user.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
@@ -25,9 +25,9 @@ namespace Microsoft.AspNet.Security.Google
         Task ReturnEndpoint(GoogleReturnEndpointContext context);
 
         /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware.
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
         void ApplyRedirect(GoogleApplyRedirectContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj b/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
new file mode 100644
index 0000000000..dbdeeb34c6
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>1fcf26c2-a3c7-4308-b698-4afc3560bc0c</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="$(OutputType) == 'Console'">
+    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="$(OutputType) == 'Web'">
+    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
new file mode 100644
index 0000000000..8f83dac3e4
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    public static class MicrosoftAccountAuthenticationDefaults
+    {
+        public const string AuthenticationType = "Microsoft";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
new file mode 100644
index 0000000000..468d279078
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
@@ -0,0 +1,45 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.MicrosoftAccount;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods for using <see cref="MicrosoftAccountAuthenticationMiddleware"/>
+    /// </summary>
+    public static class MicrosoftAccountAuthenticationExtensions
+    {
+        /// <summary>
+        /// Authenticate users using Microsoft Account.
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="clientId">The application client ID assigned by the Microsoft authentication service.</param>
+        /// <param name="clientSecret">The application client secret assigned by the Microsoft authentication service.</param>
+        /// <returns>The updated <see cref="IBuilder"/>.</returns>
+        public static IBuilder UseMicrosoftAccountAuthentication([NotNull] this IBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
+        {
+            return app.UseMicrosoftAccountAuthentication(
+                new MicrosoftAccountAuthenticationOptions
+                {
+                    ClientId = clientId,
+                    ClientSecret = clientSecret,
+                });
+        }
+
+        /// <summary>
+        /// Authenticate users using Microsoft Account.
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="options">The middleware configuration options.</param>
+        /// <returns>The updated <see cref="IBuilder"/>.</returns>
+        public static IBuilder UseMicrosoftAccountAuthentication([NotNull] this IBuilder app, [NotNull] MicrosoftAccountAuthenticationOptions options)
+        {
+            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
+            {
+                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
+            }
+            return app.UseMiddleware<MicrosoftAccountAuthenticationMiddleware>(options);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
new file mode 100644
index 0000000000..6ee11c1d8f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -0,0 +1,257 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Logging;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    internal class MicrosoftAccountAuthenticationHandler : AuthenticationHandler<MicrosoftAccountAuthenticationOptions>
+    {
+        private const string TokenEndpoint = "https://login.live.com/oauth20_token.srf";
+        private const string GraphApiEndpoint = "https://apis.live.net/v5.0/me";
+
+        private readonly ILogger _logger;
+        private readonly HttpClient _httpClient;
+
+        public MicrosoftAccountAuthenticationHandler(HttpClient httpClient, ILogger logger)
+        {
+            _httpClient = httpClient;
+            _logger = logger;
+        }
+
+        public override async Task<bool> InvokeAsync()
+        {
+            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
+            {
+                return await InvokeReturnPathAsync();
+            }
+            return false;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().Result;
+        }
+
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            AuthenticationProperties properties = null;
+            try
+            {
+                string code = null;
+                string state = null;
+
+                IReadableStringCollection query = Request.Query;
+                IList<string> values = query.GetValues("code");
+                if (values != null && values.Count == 1)
+                {
+                    code = values[0];
+                }
+                values = query.GetValues("state");
+                if (values != null && values.Count == 1)
+                {
+                    state = values[0];
+                }
+
+                properties = Options.StateDataFormat.Unprotect(state);
+                if (properties == null)
+                {
+                    return null;
+                }
+
+                // OAuth2 10.12 CSRF
+                if (!ValidateCorrelationId(properties, _logger))
+                {
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                var tokenRequestParameters = new List<KeyValuePair<string, string>>()
+                {
+                    new KeyValuePair<string, string>("client_id", Options.ClientId),
+                    new KeyValuePair<string, string>("redirect_uri", GenerateRedirectUri()),
+                    new KeyValuePair<string, string>("client_secret", Options.ClientSecret),
+                    new KeyValuePair<string, string>("code", code),
+                    new KeyValuePair<string, string>("grant_type", "authorization_code"),
+                };
+
+                var requestContent = new FormUrlEncodedContent(tokenRequestParameters);
+
+                HttpResponseMessage response = await _httpClient.PostAsync(TokenEndpoint, requestContent, Context.RequestAborted);
+                response.EnsureSuccessStatusCode();
+                string oauthTokenResponse = await response.Content.ReadAsStringAsync();
+
+                JObject oauth2Token = JObject.Parse(oauthTokenResponse);
+                var accessToken = oauth2Token["access_token"].Value<string>();
+
+                // Refresh token is only available when wl.offline_access is request.
+                // Otherwise, it is null.
+                var refreshToken = oauth2Token.Value<string>("refresh_token");
+                var expire = oauth2Token.Value<string>("expires_in");
+
+                if (string.IsNullOrWhiteSpace(accessToken))
+                {
+                    _logger.WriteWarning("Access token was not found");
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                HttpResponseMessage graphResponse = await _httpClient.GetAsync(
+                    GraphApiEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Context.RequestAborted);
+                graphResponse.EnsureSuccessStatusCode();
+                string accountString = await graphResponse.Content.ReadAsStringAsync();
+                JObject accountInformation = JObject.Parse(accountString);
+
+                var context = new MicrosoftAccountAuthenticatedContext(Context, accountInformation, accessToken,
+                    refreshToken, expire);
+                context.Identity = new ClaimsIdentity(
+                    new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, context.Id, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
+                        new Claim(ClaimTypes.Name, context.Name, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
+                        new Claim("urn:microsoftaccount:id", context.Id, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
+                        new Claim("urn:microsoftaccount:name", context.Name, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)
+                    },
+                    Options.AuthenticationType,
+                    ClaimsIdentity.DefaultNameClaimType,
+                    ClaimsIdentity.DefaultRoleClaimType);
+                if (!string.IsNullOrWhiteSpace(context.Email))
+                {
+                    context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
+                }
+
+                await Options.Notifications.Authenticated(context);
+
+                context.Properties = properties;
+
+                return new AuthenticationTicket(context.Identity, context.Properties);
+            }
+            catch (Exception ex)
+            {
+                _logger.WriteError("Authentication failed", ex);
+                return new AuthenticationTicket(null, properties);
+            }
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            if (Response.StatusCode != 401)
+            {
+                return;
+            }
+
+            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            {
+                return;
+            }
+
+            string baseUri = Request.Scheme + "://" + Request.Host + Request.PathBase;
+
+            string currentUri = baseUri + Request.Path + Request.QueryString;
+
+            string redirectUri = baseUri + Options.CallbackPath;
+
+            AuthenticationProperties properties;
+            if (ChallengeContext == null)
+            {
+                properties = new AuthenticationProperties();
+            }
+            else
+            {
+                properties = new AuthenticationProperties(ChallengeContext.Properties);
+            }
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = currentUri;
+            }
+
+            // OAuth2 10.12 CSRF
+            GenerateCorrelationId(properties);
+
+            // OAuth2 3.3 space separated                
+            string scope = string.Join(" ", Options.Scope);
+            // LiveID requires a scope string, so if the user didn't set one we go for the least possible.
+            if (string.IsNullOrWhiteSpace(scope))
+            {
+                scope = "wl.basic";
+            }
+
+            string state = Options.StateDataFormat.Protect(properties);
+
+            string authorizationEndpoint =
+                "https://login.live.com/oauth20_authorize.srf" +
+                    "?client_id=" + Uri.EscapeDataString(Options.ClientId) +
+                    "&scope=" + Uri.EscapeDataString(scope) + 
+                    "&response_type=code" +
+                    "&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
+                    "&state=" + Uri.EscapeDataString(state);
+
+            var redirectContext = new MicrosoftAccountApplyRedirectContext(
+                Context, Options,
+                properties, authorizationEndpoint);
+            Options.Notifications.ApplyRedirect(redirectContext);
+        }
+
+        public async Task<bool> InvokeReturnPathAsync()
+        {
+            AuthenticationTicket model = await AuthenticateAsync();
+            if (model == null)
+            {
+                _logger.WriteWarning("Invalid return state, unable to redirect.");
+                Response.StatusCode = 500;
+                return true;
+            }
+
+            var context = new MicrosoftAccountReturnEndpointContext(Context, model);
+            context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
+            context.RedirectUri = model.Properties.RedirectUri;
+            model.Properties.RedirectUri = null;
+
+            await Options.Notifications.ReturnEndpoint(context);
+
+            if (context.SignInAsAuthenticationType != null && context.Identity != null)
+            {
+                ClaimsIdentity signInIdentity = context.Identity;
+                if (!string.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
+                {
+                    signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType);
+                }
+                Context.Response.SignIn(context.Properties, signInIdentity);
+            }
+
+            if (!context.IsRequestCompleted && context.RedirectUri != null)
+            {
+                if (context.Identity == null)
+                {
+                    // add a redirect hint that sign-in failed in some way
+                    context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
+                }
+                Response.Redirect(context.RedirectUri);
+                context.RequestCompleted();
+            }
+
+            return context.IsRequestCompleted;
+        }
+
+        private string GenerateRedirectUri()
+        {
+            string requestPrefix = Request.Scheme + "://" + Request.Host;
+
+            return requestPrefix + RequestPathBase + Options.CallbackPath;
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            // N/A - No SignIn or SignOut support.
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..0bd8f4c3e0
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -0,0 +1,98 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Globalization;
+using System.Net.Http;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    /// <summary>
+    /// An ASP.NET middleware for authenticating users using the Microsoft Account service.
+    /// </summary>
+    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
+    public class MicrosoftAccountAuthenticationMiddleware : AuthenticationMiddleware<MicrosoftAccountAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+        private readonly HttpClient _httpClient;
+
+        /// <summary>
+        /// Initializes a new <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
+        /// </summary>
+        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
+        /// <param name="dataProtectionProvider"></param>
+        /// <param name="loggerFactory"></param>
+        /// <param name="options">Configuration options for the middleware.</param>
+        public MicrosoftAccountAuthenticationMiddleware(
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            MicrosoftAccountAuthenticationOptions options)
+            : base(next, options)
+        {
+            if (string.IsNullOrWhiteSpace(Options.ClientId))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
+            }
+            if (string.IsNullOrWhiteSpace(Options.ClientSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientSecret"));
+            }
+
+            _logger = loggerFactory.Create(typeof(MicrosoftAccountAuthenticationMiddleware).FullName);
+
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new MicrosoftAccountAuthenticationNotifications();
+            }
+            if (Options.StateDataFormat == null)
+            {
+                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                    typeof(MicrosoftAccountAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
+                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+
+            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+            _httpClient.Timeout = Options.BackchannelTimeout;
+            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+        }
+
+        /// <summary>
+        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// </summary>
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="MicrosoftAccountAuthenticationOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<MicrosoftAccountAuthenticationOptions> CreateHandler()
+        {
+            return new MicrosoftAccountAuthenticationHandler(_httpClient, _logger);
+        }
+
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        private static HttpMessageHandler ResolveHttpMessageHandler(MicrosoftAccountAuthenticationOptions options)
+        {
+            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+#if NET45
+                new WebRequestHandler();
+            // If they provided a validator, apply it or fail.
+            if (options.BackchannelCertificateValidator != null)
+            {
+                // Set the cert validate callback
+                var webRequestHandler = handler as WebRequestHandler;
+                if (webRequestHandler == null)
+                {
+                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                }
+                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
+            }
+#else
+                new WinHttpHandler();
+#endif
+            return handler;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
new file mode 100644
index 0000000000..47ee6fe0e7
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
@@ -0,0 +1,106 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.Net.Http;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    /// <summary>
+    /// Configuration options for <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
+    /// </summary>
+    public class MicrosoftAccountAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// Initializes a new <see cref="MicrosoftAccountAuthenticationOptions"/>.
+        /// </summary>
+        public MicrosoftAccountAuthenticationOptions()
+            : base(MicrosoftAccountAuthenticationDefaults.AuthenticationType)
+        {
+            Caption = MicrosoftAccountAuthenticationDefaults.AuthenticationType;
+            CallbackPath = new PathString("/signin-microsoft");
+            AuthenticationMode = AuthenticationMode.Passive;
+            Scope = new List<string>();
+            BackchannelTimeout = TimeSpan.FromSeconds(60);
+        }
+#if NET45
+        /// <summary>
+        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
+        /// in back channel communications belong to Microsoft Account.
+        /// </summary>
+        /// <value>
+        /// The pinned certificate validator.
+        /// </value>
+        /// <remarks>If this property is null then the default certificate checks are performed,
+        /// validating the subject name and if the signing chain is a trusted party.</remarks>
+        public ICertificateValidator BackchannelCertificateValidator { get; set; }
+#endif
+        /// <summary>
+        /// Get or sets the text that the user can display on a sign in user interface.
+        /// </summary>
+        /// <remarks>
+        /// The default value is 'Microsoft'.
+        /// </remarks>
+        public string Caption
+        {
+            get { return Description.Caption; }
+            set { Description.Caption = value; }
+        }
+
+        /// <summary>
+        /// The application client ID assigned by the Microsoft authentication service.
+        /// </summary>
+        public string ClientId { get; set; }
+
+        /// <summary>
+        /// The application client secret assigned by the Microsoft authentication service.
+        /// </summary>
+        public string ClientSecret { get; set; }
+
+        /// <summary>
+        /// Gets or sets timeout value in milliseconds for back channel communications with Microsoft.
+        /// </summary>
+        /// <value>
+        /// The back channel timeout.
+        /// </value>
+        public TimeSpan BackchannelTimeout { get; set; }
+
+        /// <summary>
+        /// The HttpMessageHandler used to communicate with Microsoft.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
+        /// can be downcast to a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// A list of permissions to request.
+        /// </summary>
+        public IList<string> Scope { get; private set; }
+
+        /// <summary>
+        /// The request path within the application's base path where the user-agent will be returned.
+        /// The middleware will process this request when it arrives.
+        /// Default value is "/signin-microsoft".
+        /// </summary>
+        public PathString CallbackPath { get; set; }
+
+        /// <summary>
+        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// </summary>
+        public string SignInAsAuthenticationType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="IMicrosoftAccountAuthenticationNotifications"/> used to handle authentication events.
+        /// </summary>
+        public IMicrosoftAccountAuthenticationNotifications Notifications { get; set; }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data handled by the middleware.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/NotNullAttribute.cs
new file mode 100644
index 0000000000..f3900accc6
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
new file mode 100644
index 0000000000..d7c43a4634
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    /// <summary>
+    /// Specifies callback methods which the <see cref="MicrosoftAccountAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
+    /// </summary>
+    public interface IMicrosoftAccountAuthenticationNotifications
+    {
+        /// <summary>
+        /// Invoked whenever Microsoft succesfully authenticates a user.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task Authenticated(MicrosoftAccountAuthenticatedContext context);
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ReturnEndpoint(MicrosoftAccountReturnEndpointContext context);
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Microsoft middleware.
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
+        void ApplyRedirect(MicrosoftAccountApplyRedirectContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs
new file mode 100644
index 0000000000..f61a9eee43
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs
@@ -0,0 +1,40 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    /// <summary>
+    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Microsoft account middleware.
+    /// </summary>
+    public class MicrosoftAccountApplyRedirectContext : BaseContext<MicrosoftAccountAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context">The HTTP request context.</param>
+        /// <param name="options">The Microsoft account middleware options.</param>
+        /// <param name="properties">The authentication properties of the challenge.</param>
+        /// <param name="redirectUri">The initial redirect URI.</param>
+        public MicrosoftAccountApplyRedirectContext(HttpContext context, MicrosoftAccountAuthenticationOptions options,
+            AuthenticationProperties properties, string redirectUri)
+            : base(context, options)
+        {
+            RedirectUri = redirectUri;
+            Properties = properties;
+        }
+
+        /// <summary>
+        /// Gets the URI used for the redirect operation.
+        /// </summary>
+        public string RedirectUri { get; private set; }
+
+        /// <summary>
+        /// Gets the authentication properties of the challenge.
+        /// </summary>
+        public AuthenticationProperties Properties { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
new file mode 100644
index 0000000000..ef2b0b50f0
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
@@ -0,0 +1,130 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    /// <summary>
+    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+    /// </summary>
+    public class MicrosoftAccountAuthenticatedContext : BaseContext
+    {
+        /// <summary>
+        /// Initializes a new <see cref="MicrosoftAccountAuthenticatedContext"/>.
+        /// </summary>
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="user">The JSON-serialized user.</param>
+        /// <param name="accessToken">The access token provided by the Microsoft authentication service.</param>
+        /// <param name="refreshToken">The refresh token provided by Microsoft authentication service.</param>
+        /// <param name="expires">Seconds until expiration.</param>
+        public MicrosoftAccountAuthenticatedContext(HttpContext context, [NotNull] JObject user, string accessToken, 
+            string refreshToken, string expires)
+            : base(context)
+        {
+            IDictionary<string, JToken> userAsDictionary = user;
+
+            User = user;
+            AccessToken = accessToken;
+            RefreshToken = refreshToken;
+
+            int expiresValue;
+            if (Int32.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
+            {
+                ExpiresIn = TimeSpan.FromSeconds(expiresValue);
+            }
+
+            JToken userId = User["id"];
+            if (userId == null)
+            {
+                throw new ArgumentException(Resources.Exception_MissingId, "user");
+            }
+
+            Id = userId.ToString();
+            Name = PropertyValueIfExists("name", userAsDictionary);
+            FirstName = PropertyValueIfExists("first_name", userAsDictionary);
+            LastName = PropertyValueIfExists("last_name", userAsDictionary);
+
+            if (userAsDictionary.ContainsKey("emails"))
+            {
+                JToken emailsNode = user["emails"];
+                foreach (var childAsProperty in emailsNode.OfType<JProperty>().Where(childAsProperty => childAsProperty.Name == "preferred"))
+                {
+                    Email = childAsProperty.Value.ToString();
+                }
+            }
+        }
+
+        /// <summary>
+        /// Gets the JSON-serialized user.
+        /// </summary>
+        public JObject User { get; private set; }
+
+        /// <summary>
+        /// Gets the access token provided by the Microsoft authenication service.
+        /// </summary>
+        public string AccessToken { get; private set; }
+
+        /// <summary>
+        /// Gets the refresh token provided by Microsoft authentication service.
+        /// </summary>
+        /// <remarks>
+        /// Refresh token is only available when wl.offline_access is request.
+        /// Otherwise, it is null.
+        /// </remarks>
+        public string RefreshToken { get; private set; }
+
+        /// <summary>
+        /// Gets the Microsoft access token expiration time.
+        /// </summary>
+        public TimeSpan? ExpiresIn { get; set; }
+
+        /// <summary>
+        /// Gets the Microsoft Account user ID.
+        /// </summary>
+        public string Id { get; private set; }
+
+        /// <summary>
+        /// Gets the user's name.
+        /// </summary>
+        public string Name { get; private set; }
+
+        /// <summary>
+        /// Gets the user's first name.
+        /// </summary>
+        public string FirstName { get; private set; }
+
+        /// <summary>
+        /// Gets the user's last name.
+        /// </summary>
+        public string LastName { get; private set; }
+
+        /// <summary>
+        /// Gets the user's email address.
+        /// </summary>
+        public string Email { get; private set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
+        /// </summary>
+        public ClaimsIdentity Identity { get; set; }
+
+        /// <summary>
+        /// Gets or sets a property bag for common authentication properties.
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+
+        private static string PropertyValueIfExists(string property, IDictionary<string, JToken> dictionary)
+        {
+            return dictionary.ContainsKey(property) ? dictionary[property].ToString() : null;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
new file mode 100644
index 0000000000..deb561b941
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
@@ -0,0 +1,68 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    /// <summary>
+    /// Default <see cref="IMicrosoftAccountAuthenticationNotifications"/> implementation.
+    /// </summary>
+    public class MicrosoftAccountAuthenticationNotifications : IMicrosoftAccountAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a new <see cref="MicrosoftAccountAuthenticationNotifications"/>
+        /// </summary>
+        public MicrosoftAccountAuthenticationNotifications()
+        {
+            OnAuthenticated = context => Task.FromResult(0);
+            OnReturnEndpoint = context => Task.FromResult(0);
+            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
+        }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
+        /// </summary>
+        public Func<MicrosoftAccountAuthenticatedContext, Task> OnAuthenticated { get; set; }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
+        /// </summary>
+        public Func<MicrosoftAccountReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
+        /// </summary>
+        public Action<MicrosoftAccountApplyRedirectContext> OnApplyRedirect { get; set; }
+
+        /// <summary>
+        /// Invoked whenever Microsoft succesfully authenticates a user
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task Authenticated(MicrosoftAccountAuthenticatedContext context)
+        {
+            return OnAuthenticated(context);
+        }
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task ReturnEndpoint(MicrosoftAccountReturnEndpointContext context)
+        {
+            return OnReturnEndpoint(context);
+        }
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Microsoft account middleware.
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
+        public virtual void ApplyRedirect(MicrosoftAccountApplyRedirectContext context)
+        {
+            OnApplyRedirect(context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs
new file mode 100644
index 0000000000..93e7670248
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount
+{
+    /// <summary>
+    /// Provides context information to middleware providers.
+    /// </summary>
+    public class MicrosoftAccountReturnEndpointContext : ReturnEndpointContext
+    {
+        /// <summary>
+        /// Initializes a new <see cref="MicrosoftAccountReturnEndpointContext"/>.
+        /// </summary>
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="ticket">The authentication ticket.</param>
+        public MicrosoftAccountReturnEndpointContext(
+            HttpContext context,
+            AuthenticationTicket ticket)
+            : base(context, ticket)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.Designer.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.Designer.cs
new file mode 100644
index 0000000000..62f1707efb
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.Designer.cs
@@ -0,0 +1,90 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.33440
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.MicrosoftAccount {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.MicrosoftAccount.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The user does not have an id..
+        /// </summary>
+        internal static string Exception_MissingId {
+            get {
+                return ResourceManager.GetString("Exception_MissingId", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided {
+            get {
+                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch {
+            get {
+                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.resx b/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.resx
new file mode 100644
index 0000000000..26eb43888e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.resx
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_MissingId" xml:space="preserve">
+    <value>The user does not have an id.</value>
+  </data>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
new file mode 100644
index 0000000000..b583f1ae8c
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -0,0 +1,46 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Http": "1.0.0-*",
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Newtonsoft.Json": "5.0.8",
+        "System.Net.Http": "4.0.0.0"
+    },
+    "frameworks": {
+        "net45": {
+            "dependencies": {
+                "System.Net.Http.WebRequest": ""
+            }
+        },
+        "aspnetcore50": {
+            "dependencies": {
+                "System.Collections": "4.0.10.0",
+                "System.ComponentModel": "4.0.0.0",
+                "System.Console": "4.0.0.0",
+                "System.Diagnostics.Debug": "4.0.10.0",
+                "System.Diagnostics.Tools": "4.0.0.0",
+                "System.Dynamic.Runtime": "4.0.0.0",
+                "System.Globalization": "4.0.10.0",
+                "System.IO": "4.0.10.0",
+                "System.IO.Compression": "4.0.0.0",
+                "System.Linq": "4.0.0.0",
+                "System.Net.Http.WinHttpHandler": "4.0.0.0",
+                "System.ObjectModel": "4.0.0.0",
+                "System.Reflection": "4.0.10.0",
+                "System.Resources.ResourceManager": "4.0.0.0",
+                "System.Runtime": "4.0.20.0",
+                "System.Runtime.Extensions": "4.0.10.0",
+                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
+                "System.Security.Principal": "4.0.0.0",
+                "System.Threading": "4.0.0.0",
+                "System.Threading.Tasks": "4.0.10.0"
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
index 3d5ab80ffc..a328730ded 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
@@ -8,17 +8,17 @@ using Microsoft.AspNet.Security.Notifications;
 namespace Microsoft.AspNet.Security.Twitter
 {
     /// <summary>
-    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
+    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
     /// </summary>
     public class TwitterApplyRedirectContext : BaseContext<TwitterAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new context object.
         /// </summary>
-        /// <param name="context">The HTTP request context</param>
-        /// <param name="options">The Facebook middleware options</param>
-        /// <param name="properties">The authenticaiton properties of the challenge</param>
-        /// <param name="redirectUri">The initial redirect URI</param>
+        /// <param name="context">The HTTP request context.</param>
+        /// <param name="options">The Twitter middleware options.</param>
+        /// <param name="properties">The authentication properties of the challenge.</param>
+        /// <param name="redirectUri">The initial redirect URI.</param>
         public TwitterApplyRedirectContext(HttpContext context, TwitterAuthenticationOptions options,
             AuthenticationProperties properties, string redirectUri)
             : base(context, options)
@@ -33,7 +33,7 @@ namespace Microsoft.AspNet.Security.Twitter
         public string RedirectUri { get; private set; }
 
         /// <summary>
-        /// Gets the authenticaiton properties of the challenge
+        /// Gets the authentication properties of the challenge.
         /// </summary>
         public AuthenticationProperties Properties { get; private set; }
     }
diff --git a/src/Microsoft.AspNet.Security/Resources.Designer.cs b/src/Microsoft.AspNet.Security/Resources.Designer.cs
index 26e74bb6c0..d535265888 100644
--- a/src/Microsoft.AspNet.Security/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Security/Resources.Designer.cs
@@ -70,7 +70,7 @@ namespace Microsoft.AspNet.Security {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to The default data protection provider may only be used when the IAppBuilder.Properties contains an appropriate &apos;host.AppName&apos; key..
+        ///   Looks up a localized string similar to The default data protection provider may only be used when the IBuilder.Properties contains an appropriate &apos;host.AppName&apos; key..
         /// </summary>
         internal static string Exception_DefaultDpapiRequiresAppNameKey {
             get {
@@ -79,7 +79,7 @@ namespace Microsoft.AspNet.Security {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..
+        ///   Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..
         /// </summary>
         internal static string Exception_MissingDefaultSignInAsAuthenticationType {
             get {
diff --git a/src/Microsoft.AspNet.Security/Resources.resx b/src/Microsoft.AspNet.Security/Resources.resx
index fdd0980662..5a02ab7725 100644
--- a/src/Microsoft.AspNet.Security/Resources.resx
+++ b/src/Microsoft.AspNet.Security/Resources.resx
@@ -118,13 +118,13 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="Exception_DefaultDpapiRequiresAppNameKey" xml:space="preserve">
-    <value>The default data protection provider may only be used when the IAppBuilder.Properties contains an appropriate 'host.AppName' key.</value>
+    <value>The default data protection provider may only be used when the IBuilder.Properties contains an appropriate 'host.AppName' key.</value>
   </data>
   <data name="Exception_UnhookAuthenticationStateType" xml:space="preserve">
     <value>The state passed to UnhookAuthentication may only be the return value from HookAuthentication.</value>
   </data>
   <data name="Exception_MissingDefaultSignInAsAuthenticationType" xml:space="preserve">
-    <value>A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.</value>
+    <value>A default value for SignInAsAuthenticationType was not found in IBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.</value>
   </data>
   <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
     <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
new file mode 100644
index 0000000000..2c1da025fd
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -0,0 +1,282 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.MicrosoftAccount;
+using Microsoft.AspNet.TestHost;
+using Newtonsoft.Json;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
+{
+    public class MicrosoftAccountMiddlewareTests
+    {
+        [Fact]
+        public async Task ChallengeWillTriggerApplyRedirectEvent()
+        {
+            var options = new MicrosoftAccountAuthenticationOptions()
+            {
+                ClientId = "Test Client Id",
+                ClientSecret = "Test Client Secret",
+                Notifications = new MicrosoftAccountAuthenticationNotifications
+                {
+                    OnApplyRedirect = context =>
+                    {
+                        context.Response.Redirect(context.RedirectUri + "&custom=test");
+                    }
+                }
+            };
+            var server = CreateServer(
+                app => app.UseMicrosoftAccountAuthentication(options),
+                context =>
+                {
+                    context.Response.Challenge("Microsoft");
+                    return true;
+                });
+            var transaction = await SendAsync(server, "http://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("custom=test");
+        }
+
+        [Fact]
+        public async Task ChallengeWillTriggerRedirection()
+        {
+            var server = CreateServer(
+                app => app.UseMicrosoftAccountAuthentication("Test Client Id", "Test Client Secret"),
+                context =>
+                {
+                    context.Response.Challenge("Microsoft");
+                    return true;
+                });
+            var transaction = await SendAsync(server, "http://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            location.ShouldContain("https://login.live.com/oauth20_authorize.srf");
+            location.ShouldContain("response_type=code");
+            location.ShouldContain("client_id=");
+            location.ShouldContain("redirect_uri=");
+            location.ShouldContain("scope=");
+            location.ShouldContain("state=");
+        }
+
+        [Fact]
+        public async Task AuthenticatedEventCanGetRefreshToken()
+        {
+            var options = new MicrosoftAccountAuthenticationOptions()
+            {
+                ClientId = "Test Client Id",
+                ClientSecret = "Test Client Secret",
+                BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = async req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://login.live.com/oauth20_token.srf")
+                        {
+                            return await ReturnJsonResponse(new
+                            {
+                                access_token = "Test Access Token",
+                                expire_in = 3600,
+                                token_type = "Bearer",
+                                refresh_token = "Test Refresh Token"
+                            });
+                        }
+                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://apis.live.net/v5.0/me")
+                        {
+                            return await ReturnJsonResponse(new
+                            {
+                                id = "Test User ID",
+                                name = "Test Name",
+                                first_name = "Test Given Name",
+                                last_name = "Test Family Name",
+                                emails = new
+                                {
+                                    preferred = "Test email"
+                                }
+                            });
+                        }
+
+                        return null;
+                    }
+                },
+                Notifications = new MicrosoftAccountAuthenticationNotifications
+                {
+                    OnAuthenticated = context =>
+                    {
+                        var refreshToken = context.RefreshToken;
+                        context.Identity.AddClaim(new Claim("RefreshToken", refreshToken));
+                        return Task.FromResult<object>(null);
+                    }
+                }
+            };
+            var server = CreateServer(
+                app => app.UseMicrosoftAccountAuthentication(options),
+                context =>
+                {
+                    Describe(context.Response, (ClaimsIdentity)context.User.Identity);
+                    return true;
+                });
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Microsoft";
+            var correlationValue = "TestCorrelationId";
+            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = options.StateDataFormat.Protect(properties);
+            var transaction = await SendAsync(server,
+                "https://example.com/signin-microsoft?code=TestCode&state=" + Uri.EscapeDataString(state),
+                correlationKey + "=" + correlationValue);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            transaction.SetCookie.Count.ShouldBe(2);
+            transaction.SetCookie[0].ShouldContain(correlationKey);
+            transaction.SetCookie[1].ShouldContain(".AspNet.External");
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await SendAsync(server, "https://example.com/me", authCookie);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
+        }
+
+        private static TestServer CreateServer(Action<IBuilder> configure, Func<HttpContext, bool> handler)
+        {
+            return TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                {
+                    AuthenticationType = "External"
+                });
+                app.SetDefaultSignInAsAuthenticationType("External");
+                if (configure != null)
+                {
+                    configure(app);
+                }
+                app.Use(async (context, next) =>
+                {
+                    if (handler == null || !handler(context))
+                    {
+                        await next();
+                    }
+                });
+            });
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
+        {
+            var res = new HttpResponseMessage(HttpStatusCode.OK);
+            var text = await JsonConvert.SerializeObjectAsync(content);
+            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
+            return res;
+        }
+
+        private static void Describe(HttpResponse res, ClaimsIdentity identity)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (identity != null)
+            {
+                xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+
+        private class TestHttpMessageHandler : HttpMessageHandler
+        {
+            public Func<HttpRequestMessage, Task<HttpResponseMessage>> Sender { get; set; }
+
+            protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+            {
+                if (Sender != null)
+                {
+                    return await Sender(request);
+                }
+
+                return null;
+            }
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+            public IList<string> SetCookie { get; set; }
+            public string ResponseText { get; set; }
+            public XElement ResponseElement { get; set; }
+
+            public string AuthenticationCookieValue
+            {
+                get
+                {
+                    if (SetCookie != null && SetCookie.Count > 0)
+                    {
+                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet.External="));
+                        if (authCookie != null)
+                        {
+                            return authCookie.Substring(0, authCookie.IndexOf(';'));
+                        }
+                    }
+
+                    return null;
+                }
+            }
+
+            public string FindClaimValue(string claimType)
+            {
+                XElement claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+                if (claim == null)
+                {
+                    return null;
+                }
+                return claim.Attribute("value").Value;
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 4da6822916..4cfa4fb96a 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -8,6 +8,7 @@
     "Microsoft.AspNet.Security.Cookies" : "1.0.0-*",
     "Microsoft.AspNet.Security.Facebook" : "1.0.0-*",
     "Microsoft.AspNet.Security.Google" : "1.0.0-*",
+    "Microsoft.AspNet.Security.MicrosoftAccount" : "1.0.0-*",
     "Microsoft.AspNet.Security.Twitter" : "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",

From 6b0c51a5310ff9f38567573ee2b7a7719324c762 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 29 Aug 2014 13:26:14 -0700
Subject: [PATCH 061/900] Renamed Project.json to Project.json2

---
 samples/SocialSample/{Project.json => Project.json2}              | 0
 .../{Project.json => Project.json2}                               | 0
 .../{Project.json => Project.json2}                               | 0
 .../{Project.json => Project.json2}                               | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 rename samples/SocialSample/{Project.json => Project.json2} (100%)
 rename src/Microsoft.AspNet.Security.Facebook/{Project.json => Project.json2} (100%)
 rename src/Microsoft.AspNet.Security.Google/{Project.json => Project.json2} (100%)
 rename src/Microsoft.AspNet.Security.Twitter/{Project.json => Project.json2} (100%)

diff --git a/samples/SocialSample/Project.json b/samples/SocialSample/Project.json2
similarity index 100%
rename from samples/SocialSample/Project.json
rename to samples/SocialSample/Project.json2
diff --git a/src/Microsoft.AspNet.Security.Facebook/Project.json b/src/Microsoft.AspNet.Security.Facebook/Project.json2
similarity index 100%
rename from src/Microsoft.AspNet.Security.Facebook/Project.json
rename to src/Microsoft.AspNet.Security.Facebook/Project.json2
diff --git a/src/Microsoft.AspNet.Security.Google/Project.json b/src/Microsoft.AspNet.Security.Google/Project.json2
similarity index 100%
rename from src/Microsoft.AspNet.Security.Google/Project.json
rename to src/Microsoft.AspNet.Security.Google/Project.json2
diff --git a/src/Microsoft.AspNet.Security.Twitter/Project.json b/src/Microsoft.AspNet.Security.Twitter/Project.json2
similarity index 100%
rename from src/Microsoft.AspNet.Security.Twitter/Project.json
rename to src/Microsoft.AspNet.Security.Twitter/Project.json2

From 06bdcebf631ed9574db1c3329ee82caa1f64e811 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 29 Aug 2014 13:29:29 -0700
Subject: [PATCH 062/900] Fixed project.json casing

---
 samples/SocialSample/SocialSample.kproj                     | 6 ------
 samples/SocialSample/{Project.json2 => project.json}        | 0
 .../{Project.json2 => project.json}                         | 0
 .../{Project.json2 => project.json}                         | 0
 .../{Project.json2 => project.json}                         | 0
 5 files changed, 6 deletions(-)
 rename samples/SocialSample/{Project.json2 => project.json} (100%)
 rename src/Microsoft.AspNet.Security.Facebook/{Project.json2 => project.json} (100%)
 rename src/Microsoft.AspNet.Security.Google/{Project.json2 => project.json} (100%)
 rename src/Microsoft.AspNet.Security.Twitter/{Project.json2 => project.json} (100%)

diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.kproj
index c4ab469bfd..4447d1b1d7 100644
--- a/samples/SocialSample/SocialSample.kproj
+++ b/samples/SocialSample/SocialSample.kproj
@@ -22,11 +22,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <ItemGroup>
-    <Content Include="Project.json" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Startup.cs" />
-  </ItemGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/SocialSample/Project.json2 b/samples/SocialSample/project.json
similarity index 100%
rename from samples/SocialSample/Project.json2
rename to samples/SocialSample/project.json
diff --git a/src/Microsoft.AspNet.Security.Facebook/Project.json2 b/src/Microsoft.AspNet.Security.Facebook/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Security.Facebook/Project.json2
rename to src/Microsoft.AspNet.Security.Facebook/project.json
diff --git a/src/Microsoft.AspNet.Security.Google/Project.json2 b/src/Microsoft.AspNet.Security.Google/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Security.Google/Project.json2
rename to src/Microsoft.AspNet.Security.Google/project.json
diff --git a/src/Microsoft.AspNet.Security.Twitter/Project.json2 b/src/Microsoft.AspNet.Security.Twitter/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Security.Twitter/Project.json2
rename to src/Microsoft.AspNet.Security.Twitter/project.json

From 565fde51878fb84d1cc325680cbbfa07f3b2286d Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Tue, 2 Sep 2014 21:29:07 -0700
Subject: [PATCH 063/900] Fixed packages

---
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index b583f1ae8c..3457c15c99 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -29,7 +29,7 @@
                 "System.IO.Compression": "4.0.0.0",
                 "System.Linq": "4.0.0.0",
                 "System.Net.Http.WinHttpHandler": "4.0.0.0",
-                "System.ObjectModel": "4.0.0.0",
+                "System.ObjectModel": "4.0.10.0",
                 "System.Reflection": "4.0.10.0",
                 "System.Resources.ResourceManager": "4.0.0.0",
                 "System.Runtime": "4.0.20.0",

From 810c96e9397720e2696127939cbcab10796c26f4 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Thu, 4 Sep 2014 01:47:16 -0700
Subject: [PATCH 064/900] Updated to use the new target framework in
 project.json

---
 samples/CookieSample/project.json                           | 2 +-
 samples/SocialSample/project.json                           | 2 +-
 src/Microsoft.AspNet.Security.Cookies/project.json          | 2 +-
 .../FacebookAuthenticationMiddleware.cs                     | 4 ++--
 .../FacebookAuthenticationOptions.cs                        | 2 +-
 src/Microsoft.AspNet.Security.Facebook/project.json         | 2 +-
 .../GoogleAuthenticationMiddleware.cs                       | 4 ++--
 .../GoogleAuthenticationOptions.cs                          | 4 ++--
 src/Microsoft.AspNet.Security.Google/project.json           | 2 +-
 .../MicrosoftAccountAuthenticationMiddleware.cs             | 4 ++--
 .../MicrosoftAccountAuthenticationOptions.cs                | 4 ++--
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 .../TwitterAuthenticationMiddleware.cs                      | 4 ++--
 .../TwitterAuthenticationOptions.cs                         | 6 +++---
 src/Microsoft.AspNet.Security.Twitter/project.json          | 2 +-
 .../CertificateSubjectKeyIdentifierValidator.cs             | 4 ++--
 .../CertificateSubjectPublicKeyInfoValidator.cs             | 4 ++--
 .../CertificateThumbprintValidator.cs                       | 4 ++--
 src/Microsoft.AspNet.Security/ICertificateValidator.cs      | 4 ++--
 src/Microsoft.AspNet.Security/project.json                  | 2 +-
 test/Microsoft.AspNet.Security.Test/project.json            | 2 +-
 21 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index c405745f10..c8eabcb68c 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -13,7 +13,7 @@
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
   "frameworks": {
-    "net45": {
+    "aspnet50": {
     },
     "aspnetcore50": {
       "dependencies": {
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 8703a24bf7..ed77607d2b 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -14,7 +14,7 @@
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
   "frameworks": {
-    "net45": {
+    "aspnet50": {
     },
     "aspnetcore50": {
       "dependencies": {
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 0a3d6d36db..9d9e58616a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -13,7 +13,7 @@
     "Newtonsoft.Json": "5.0.8"
   },
   "frameworks": {
-    "net45": {},
+    "aspnet50": {},
     "aspnetcore50": {
       "dependencies": {
         "System.Collections": "4.0.10.0",
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index af1da5c300..e67abf1c91 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -76,7 +76,7 @@ namespace Microsoft.AspNet.Security.Facebook
         private static HttpMessageHandler ResolveHttpMessageHandler(FacebookAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if NET45
+#if ASPNET50
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
index 1b9d2c145e..1d4fa9a54c 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
@@ -40,7 +40,7 @@ namespace Microsoft.AspNet.Security.Facebook
         /// Gets or sets the Facebook-assigned app secret.
         /// </summary>
         public string AppSecret { get; set; }
-#if NET45
+#if ASPNET50
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// in back channel communications belong to Facebook.
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 608aa0b6d3..bf9da22531 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -11,7 +11,7 @@
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
-        "net45": {
+        "aspnet50": {
             "dependencies": {
                 "System.Net.Http.WebRequest": ""
             }
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
index 1105b149ba..66768cbb84 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -76,7 +76,7 @@ namespace Microsoft.AspNet.Security.Google
         private static HttpMessageHandler ResolveHttpMessageHandler(GoogleAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if NET45
+#if ASPNET50
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
index f03b7d2efc..1ede9f0425 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.Google
         /// Gets or sets the Google-assigned client secret.
         /// </summary>
         public string ClientSecret { get; set; }
-#if NET45
+#if ASPNET50
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// in back channel communications belong to Google.
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 608aa0b6d3..bf9da22531 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -11,7 +11,7 @@
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
-        "net45": {
+        "aspnet50": {
             "dependencies": {
                 "System.Net.Http.WebRequest": ""
             }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 0bd8f4c3e0..3f5e24cecf 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -76,7 +76,7 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         private static HttpMessageHandler ResolveHttpMessageHandler(MicrosoftAccountAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if NET45
+#if ASPNET50
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
index 47ee6fe0e7..7668b0d085 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
             Scope = new List<string>();
             BackchannelTimeout = TimeSpan.FromSeconds(60);
         }
-#if NET45
+#if ASPNET50
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// in back channel communications belong to Microsoft Account.
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 3457c15c99..83bc4823bd 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -11,7 +11,7 @@
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
-        "net45": {
+        "aspnet50": {
             "dependencies": {
                 "System.Net.Http.WebRequest": ""
             }
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
index 421a685575..5961762191 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -84,7 +84,7 @@ namespace Microsoft.AspNet.Security.Twitter
         private static HttpMessageHandler ResolveHttpMessageHandler(TwitterAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if NET45
+#if ASPNET50
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
index fcf307d5c4..043911e759 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -23,7 +23,7 @@ namespace Microsoft.AspNet.Security.Twitter
             CallbackPath = new PathString("/signin-twitter");
             AuthenticationMode = AuthenticationMode.Passive;
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-#if NET45
+#if ASPNET50
             // Twitter lists its valid Subject Key Identifiers at https://dev.twitter.com/docs/security/using-ssl
             BackchannelCertificateValidator = new CertificateSubjectKeyIdentifierValidator(
                 new[]
@@ -54,7 +54,7 @@ namespace Microsoft.AspNet.Security.Twitter
         /// The back channel timeout.
         /// </value>
         public TimeSpan BackchannelTimeout { get; set; }
-#if NET45
+#if ASPNET50
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// in back channel communications belong to Twitter.
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index 608aa0b6d3..bf9da22531 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -11,7 +11,7 @@
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
-        "net45": {
+        "aspnet50": {
             "dependencies": {
                 "System.Net.Http.WebRequest": ""
             }
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
index d91311202b..68cf5abd28 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if NET45
+#if ASPNET50
 using System;
 using System.Collections.Generic;
 using System.Net.Security;
@@ -77,4 +77,4 @@ namespace Microsoft.AspNet.Security
         }
     }
 }
-#endif
\ No newline at end of file
+#endif
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
index a0ba223103..4ad5ee81c6 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if NET45
+#if ASPNET50
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
@@ -124,4 +124,4 @@ namespace Microsoft.AspNet.Security
         }
     }
 }
-#endif
\ No newline at end of file
+#endif
diff --git a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
index 9a9dadf60c..a276536a70 100644
--- a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if NET45
+#if ASPNET50
 using System;
 using System.Collections.Generic;
 using System.Net.Security;
@@ -70,4 +70,4 @@ namespace Microsoft.AspNet.Security
         }
     }
 }
-#endif
\ No newline at end of file
+#endif
diff --git a/src/Microsoft.AspNet.Security/ICertificateValidator.cs b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
index 3157a5c5aa..26756324ff 100644
--- a/src/Microsoft.AspNet.Security/ICertificateValidator.cs
+++ b/src/Microsoft.AspNet.Security/ICertificateValidator.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if NET45
+#if ASPNET50
 using System;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
@@ -27,4 +27,4 @@ namespace Microsoft.AspNet.Security
         bool Validate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
     }
 }
-#endif
\ No newline at end of file
+#endif
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index f328ce7501..d547252967 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -10,7 +10,7 @@
     "Microsoft.Framework.Logging": "1.0.0-*"
   },
   "frameworks": {
-    "net45": {},
+    "aspnet50": {},
     "aspnetcore50": {
       "dependencies": {
         "System.Collections": "4.0.10.0",
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 4cfa4fb96a..49f7858ad5 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -20,7 +20,7 @@
     "test": "Xunit.KRunner"
   },
   "frameworks": {
-    "net45": { 
+    "aspnet50": { 
       "dependencies": {
         "Shouldly": "1.1.1.1",
         "System.Runtime": "",

From 214b82ea01291bd0f511c1036e960a6524e2948f Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Fri, 5 Sep 2014 01:52:04 -0700
Subject: [PATCH 065/900] Updated build.cmd

---
 build.cmd | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build.cmd b/build.cmd
index 3aaf957583..86ca5bbbf1 100644
--- a/build.cmd
+++ b/build.cmd
@@ -20,9 +20,9 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
 IF "%SKIP_KRE_INSTALL%"=="1" goto run
-CALL packages\KoreBuild\build\kvm upgrade -svr50 -x86
-CALL packages\KoreBuild\build\kvm install default -svrc50 -x86
+CALL packages\KoreBuild\build\kvm upgrade -runtime CLR -x86
+CALL packages\KoreBuild\build\kvm install default -runtime CoreCLR -x86
 
 :run
-CALL packages\KoreBuild\build\kvm use default -svr50 -x86
+CALL packages\KoreBuild\build\kvm use default -runtime CLR -x86
 packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*

From 80c8891c0854edaecf658f6972c524ef21cd15fa Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 3 Sep 2014 11:48:38 -0700
Subject: [PATCH 066/900] #49 - OAuth base middleware.

---
 Security.sln                                  |  13 +
 samples/SocialSample/Startup.cs               |  93 ++++++
 .../FacebookAuthenticationDefaults.cs         |   6 +
 .../FacebookAuthenticationHandler.cs          | 302 ++++-------------
 .../FacebookAuthenticationMiddleware.cs       |  49 +--
 .../FacebookAuthenticationOptions.cs          |  89 +----
 .../FacebookApplyRedirectContext.cs           |  43 ---
 .../FacebookAuthenticatedContext.cs           |  50 +--
 .../FacebookAuthenticationNotifications.cs    |  35 +-
 .../FacebookReturnEndpointContext.cs          |  26 --
 .../IFacebookAuthenticationNotifications.cs   |  16 +-
 .../Resources.Designer.cs                     |   9 -
 .../Resources.resx                            |   3 -
 .../project.json                              |   3 +-
 .../GoogleAuthenticationDefaults.cs           |   6 +
 .../GoogleAuthenticationHandler.cs            | 306 ++++--------------
 .../GoogleAuthenticationMiddleware.cs         |  62 +---
 .../GoogleAuthenticationOptions.cs            |  85 +----
 .../GoogleApplyRedirectContext.cs             |  43 ---
 .../GoogleAuthenticatedContext.cs             |  60 +---
 .../GoogleAuthenticationNotifications.cs      |  34 +-
 .../GoogleReturnEndpointContext.cs            |  26 --
 .../IGoogleAuthenticationNotifications.cs     |  16 +-
 .../project.json                              |   3 +-
 .../MicrosoftAccountAuthenticationDefaults.cs |   6 +
 .../MicrosoftAccountAuthenticationHandler.cs  | 251 ++------------
 ...icrosoftAccountAuthenticationMiddleware.cs |  60 +---
 .../MicrosoftAccountAuthenticationOptions.cs  |  90 +-----
 ...osoftAccountAuthenticationNotifications.cs |  16 +-
 .../MicrosoftAccountAuthenticatedContext.cs   |  61 +---
 ...osoftAccountAuthenticationNotifications.cs |  34 +-
 .../project.json                              |   3 +-
 .../Microsoft.AspNet.Security.OAuth.kproj     |  28 ++
 .../NotNullAttribute.cs                       |  12 +
 .../IOAuthAuthenticationNotifications.cs      |  34 ++
 .../OAuthApplyRedirectContext.cs}             |   8 +-
 .../OAuthAuthenticatedContext.cs              |  77 +++++
 .../OAuthAuthenticationNotifications.cs       |  68 ++++
 .../OAuthGetUserInformationContext.cs         |  76 +++++
 .../OAuthReturnEndpointContext.cs}            |   8 +-
 .../OAuthAuthenticationDefaults.cs            |  39 +++
 .../OAuthAuthenticationExtensions.cs          |  34 ++
 .../OAuthAuthenticationHandler.cs             | 253 +++++++++++++++
 .../OAuthAuthenticationMiddleware.cs          | 105 ++++++
 .../OAuthAuthenticationOptions.cs             | 117 +++++++
 .../OAuthAuthenticationOptions`1.cs           |  24 ++
 .../Resources.Designer.cs                     |  83 +++++
 .../Resources.resx                            | 126 ++++++++
 .../TokenResponse.cs                          |  25 ++
 .../project.json                              |  46 +++
 .../TwitterAuthenticationHandler.cs           |   4 +-
 .../Facebook/FacebookMiddlewareTests.cs       |  10 +-
 52 files changed, 1519 insertions(+), 1557 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
 delete mode 100644 src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
 delete mode 100644 src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
 delete mode 100644 src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/NotNullAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs => Microsoft.AspNet.Security.OAuth/Notifications/OAuthApplyRedirectContext.cs} (74%)
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs => Microsoft.AspNet.Security.OAuth/Notifications/OAuthReturnEndpointContext.cs} (71%)
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Resources.resx
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/TokenResponse.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/project.json

diff --git a/Security.sln b/Security.sln
index be6636fe28..c9951b0ddf 100644
--- a/Security.sln
+++ b/Security.sln
@@ -32,6 +32,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.T
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.MicrosoftAccount", "src\Microsoft.AspNet.Security.MicrosoftAccount\Microsoft.AspNet.Security.MicrosoftAccount.kproj", "{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.OAuth", "src\Microsoft.AspNet.Security.OAuth\Microsoft.AspNet.Security.OAuth.kproj", "{4A636011-68EE-4CE5-836D-EA8E13CF71E4}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -132,6 +134,16 @@ Global
 		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|x86.ActiveCfg = Release|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Any CPU.Build.0 = Release|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|x86.ActiveCfg = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -146,5 +158,6 @@ Global
 		{89BF8535-A849-458E-868A-A68FCF620486} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{C96B77EA-4078-4C31-BDB2-878F11C5E061} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{4A636011-68EE-4CE5-836D-EA8E13CF71E4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 03435fe0f6..f3aff738d8 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,11 +1,19 @@
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.Facebook;
 using Microsoft.AspNet.Security.Google;
 using Microsoft.AspNet.Security.MicrosoftAccount;
+using Microsoft.AspNet.Security.OAuth;
 using Microsoft.AspNet.Security.Twitter;
+using Newtonsoft.Json.Linq;
 
 namespace CookieSample
 {
@@ -28,6 +36,16 @@ namespace CookieSample
                 AppSecret = "a124463c4719c94b4228d9a240e5dc1a",
             });
 
+            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("Google-AccessToken")
+            {
+                ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
+                ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
+                CallbackPath = new PathString("/signin-google-token"),
+                AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint,
+                TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint,
+                Scope = { "openid", "profile", "email" },
+            });
+
             app.UseGoogleAuthentication(new GoogleAuthenticationOptions()
             {
                 ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
@@ -57,6 +75,17 @@ namespace CookieSample
             The sample app can then be run via:
              k web
             */
+            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("Microsoft-AccessToken")
+            {
+                Caption = "MicrosoftAccount-AccessToken - Requires project changes",
+                ClientId = "00000000480FF62E",
+                ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
+                CallbackPath = new PathString("/signin-microsoft-token"),
+                AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint,
+                TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint,
+                Scope = { "wl.basic" },
+            });
+
             app.UseMicrosoftAccountAuthentication(new MicrosoftAccountAuthenticationOptions()
             {
                 Caption = "MicrosoftAccount - Requires project changes",
@@ -64,6 +93,70 @@ namespace CookieSample
                 ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
             });
 
+            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("GitHub-AccessToken")
+            {
+                ClientId = "8c0c5a572abe8fe89588",
+                ClientSecret = "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda",
+                CallbackPath = new PathString("/signin-github-token"),
+                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
+                TokenEndpoint = "https://github.com/login/oauth/access_token",
+            });
+
+            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("GitHub")
+            {
+                ClientId = "49e302895d8b09ea5656",
+                ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b",
+                CallbackPath = new PathString("/signin-github"),
+                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
+                TokenEndpoint = "https://github.com/login/oauth/access_token",
+                UserInformationEndpoint = "https://api.github.com/user",
+                // Retrieving user information is unique to each provider.
+                Notifications = new OAuthAuthenticationNotifications()
+                {
+                    OnGetUserInformationAsync = async (context) =>
+                    {
+                        // Get the GitHub user
+                        HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
+                        userRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
+                        userRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+                        userRequest.Headers.UserAgent.ParseAdd("Microsoft ASP.NET OAuth middleware for GitHub");
+                        HttpResponseMessage userResponse = await context.Backchannel.SendAsync(userRequest, context.HttpContext.RequestAborted);
+                        userResponse.EnsureSuccessStatusCode();
+                        var text = await userResponse.Content.ReadAsStringAsync();
+                        JObject user = JObject.Parse(text);
+
+                        var identity = new ClaimsIdentity(
+                            context.Options.AuthenticationType,
+                            ClaimsIdentity.DefaultNameClaimType,
+                            ClaimsIdentity.DefaultRoleClaimType);
+
+                        JToken value;
+                        var id = user.TryGetValue("id", out value) ? value.ToString() : null;
+                        if (!string.IsNullOrEmpty(id))
+                        {
+                            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, id, ClaimValueTypes.String, context.Options.AuthenticationType));
+                        }
+                        var userName = user.TryGetValue("login", out value) ? value.ToString() : null;
+                        if (!string.IsNullOrEmpty(userName))
+                        {
+                            identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, context.Options.AuthenticationType));
+                        }
+                        var name = user.TryGetValue("name", out value) ? value.ToString() : null;
+                        if (!string.IsNullOrEmpty(name))
+                        {
+                            identity.AddClaim(new Claim("urn:github:name", name, ClaimValueTypes.String, context.Options.AuthenticationType));
+                        }
+                        var link = user.TryGetValue("url", out value) ? value.ToString() : null;
+                        if (!string.IsNullOrEmpty(link))
+                        {
+                            identity.AddClaim(new Claim("urn:github:url", link, ClaimValueTypes.String, context.Options.AuthenticationType));
+                        }
+
+                        context.Identity = identity;
+                    },
+                },
+            });
+
             // Choose an authentication type
             app.Map("/login", signoutApp =>
             {
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
index a9d35151c8..19cc380749 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
@@ -6,5 +6,11 @@ namespace Microsoft.AspNet.Security.Facebook
     public static class FacebookAuthenticationDefaults
     {
         public const string AuthenticationType = "Facebook";
+
+        public const string AuthorizationEndpoint = "https://www.facebook.com/dialog/oauth";
+
+        public const string TokenEndpoint = "https://graph.facebook.com/oauth/access_token";
+
+        public const string UserInformationEndpoint = "https://graph.facebook.com/me";
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
index 4dde8b75dc..6520902559 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
@@ -11,269 +10,94 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.OAuth;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Security.Facebook
 {
-    internal class FacebookAuthenticationHandler : AuthenticationHandler<FacebookAuthenticationOptions>
+    internal class FacebookAuthenticationHandler : OAuthAuthenticationHandler<FacebookAuthenticationOptions, IFacebookAuthenticationNotifications>
     {
-        private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string";
-        private const string TokenEndpoint = "https://graph.facebook.com/oauth/access_token";
-        private const string GraphApiEndpoint = "https://graph.facebook.com/me";
-        private const string AuthorizationEndpoint = "https://www.facebook.com/dialog/oauth";
-
-        private readonly ILogger _logger;
-        private readonly HttpClient _httpClient;
-
         public FacebookAuthenticationHandler(HttpClient httpClient, ILogger logger)
+            : base(httpClient, logger)
         {
-            _httpClient = httpClient;
-            _logger = logger;
         }
 
-        protected override AuthenticationTicket AuthenticateCore()
+        protected override async Task<TokenResponse> ExchangeCodeAsync(string code, string redirectUri)
         {
-            return AuthenticateCoreAsync().Result;
+            var queryBuilder = new QueryBuilder()
+            {
+                { "grant_type", "authorization_code" },
+                { "code", code },
+                { "redirect_uri", redirectUri },
+                { "client_id", Options.AppId },
+                { "client_secret", Options.AppSecret },
+            };
+
+            var tokenResponse = await Backchannel.GetAsync(Options.TokenEndpoint + queryBuilder.ToString(), Context.RequestAborted);
+            tokenResponse.EnsureSuccessStatusCode();
+            string oauthTokenResponse = await tokenResponse.Content.ReadAsStringAsync();
+
+            IFormCollection form = FormHelpers.ParseForm(oauthTokenResponse);
+            var response = new JObject();
+            foreach (string key in form.Keys)
+            {
+                response.Add(string.Equals(key, "expires", StringComparison.OrdinalIgnoreCase) ? "expires_in" : key, form[key]);
+            }
+            // The refresh token is not available.
+            return new TokenResponse(response);
         }
 
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
         {
-            AuthenticationProperties properties = null;
-
-            try
+            string graphAddress = Options.UserInformationEndpoint + "?access_token=" + Uri.EscapeDataString(tokens.AccessToken);
+            if (Options.SendAppSecretProof)
             {
-                string code = null;
-                string state = null;
-
-                IReadableStringCollection query = Request.Query;
-
-                IList<string> values = query.GetValues("error");
-                if (values != null && values.Count >= 1)
-                {
-                    _logger.WriteVerbose("Remote server returned an error: " + Request.QueryString);
-                }
-
-                values = query.GetValues("code");
-                if (values != null && values.Count == 1)
-                {
-                    code = values[0];
-                }
-                values = query.GetValues("state");
-                if (values != null && values.Count == 1)
-                {
-                    state = values[0];
-                }
-
-                properties = Options.StateDataFormat.Unprotect(state);
-                if (properties == null)
-                {
-                    return null;
-                }
-
-                // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties, _logger))
-                {
-                    return new AuthenticationTicket(null, properties);
-                }
-
-                if (code == null)
-                {
-                    // Null if the remote server returns an error.
-                    return new AuthenticationTicket(null, properties);
-                }
-
-                string requestPrefix = Request.Scheme + "://" + Request.Host;
-                string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
-
-                string tokenRequest = "grant_type=authorization_code" +
-                    "&code=" + Uri.EscapeDataString(code) +
-                    "&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
-                    "&client_id=" + Uri.EscapeDataString(Options.AppId) +
-                    "&client_secret=" + Uri.EscapeDataString(Options.AppSecret);
-
-                var tokenResponse = await _httpClient.GetAsync(TokenEndpoint + "?" + tokenRequest, Context.RequestAborted);
-                tokenResponse.EnsureSuccessStatusCode();
-                string text = await tokenResponse.Content.ReadAsStringAsync();
-                IFormCollection form = FormHelpers.ParseForm(text);
-
-                string accessToken = form["access_token"];
-                string expires = form["expires"];
-                string graphAddress = GraphApiEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken);
-                if (Options.SendAppSecretProof)
-                {
-                    graphAddress += "&appsecret_proof=" + GenerateAppSecretProof(accessToken);
-                }
-
-                var graphResponse = await _httpClient.GetAsync(graphAddress, Context.RequestAborted);
-                graphResponse.EnsureSuccessStatusCode();
-                text = await graphResponse.Content.ReadAsStringAsync();
-                JObject user = JObject.Parse(text);
-
-                var context = new FacebookAuthenticatedContext(Context, user, accessToken, expires);
-                context.Identity = new ClaimsIdentity(
-                    Options.AuthenticationType,
-                    ClaimsIdentity.DefaultNameClaimType,
-                    ClaimsIdentity.DefaultRoleClaimType);
-                if (!string.IsNullOrEmpty(context.Id))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType));
-                }
-                if (!string.IsNullOrEmpty(context.UserName))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, XmlSchemaString, Options.AuthenticationType));
-                }
-                if (!string.IsNullOrEmpty(context.Email))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType));
-                }
-                if (!string.IsNullOrEmpty(context.Name))
-                {
-                    context.Identity.AddClaim(new Claim("urn:facebook:name", context.Name, XmlSchemaString, Options.AuthenticationType));
-
-                    // Many Facebook accounts do not set the UserName field.  Fall back to the Name field instead.
-                    if (string.IsNullOrEmpty(context.UserName))
-                    {
-                        context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, XmlSchemaString, Options.AuthenticationType));
-                    }
-                }
-                if (!string.IsNullOrEmpty(context.Link))
-                {
-                    context.Identity.AddClaim(new Claim("urn:facebook:link", context.Link, XmlSchemaString, Options.AuthenticationType));
-                }
-                context.Properties = properties;
-
-                await Options.Notifications.Authenticated(context);
-
-                return new AuthenticationTicket(context.Identity, context.Properties);
-            }
-            catch (Exception ex)
-            {
-                _logger.WriteError("Authentication failed", ex);
-                return new AuthenticationTicket(null, properties);
-            }
-        }
-
-        protected override void ApplyResponseChallenge()
-        {
-            if (Response.StatusCode != 401)
-            {
-                return;
+                graphAddress += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken);
             }
 
-            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            var graphResponse = await Backchannel.GetAsync(graphAddress, Context.RequestAborted);
+            graphResponse.EnsureSuccessStatusCode();
+            string text = await graphResponse.Content.ReadAsStringAsync();
+            JObject user = JObject.Parse(text);
+
+            var context = new FacebookAuthenticatedContext(Context, Options, user, tokens);
+            context.Identity = new ClaimsIdentity(
+                Options.AuthenticationType,
+                ClaimsIdentity.DefaultNameClaimType,
+                ClaimsIdentity.DefaultRoleClaimType);
+            if (!string.IsNullOrEmpty(context.Id))
             {
-                return;
+                context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationType));
             }
-
-            string baseUri = 
-                Request.Scheme + 
-                "://" + 
-                Request.Host +
-                Request.PathBase;
-
-            string currentUri =
-                baseUri + 
-                Request.Path +
-                Request.QueryString;
-
-            string redirectUri =
-                baseUri + 
-                Options.CallbackPath;
-
-            AuthenticationProperties properties;
-            if (ChallengeContext == null)
+            if (!string.IsNullOrEmpty(context.UserName))
             {
-                properties = new AuthenticationProperties();
+                context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, ClaimValueTypes.String, Options.AuthenticationType));
             }
-            else
+            if (!string.IsNullOrEmpty(context.Email))
             {
-                properties = new AuthenticationProperties(ChallengeContext.Properties);
+                context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationType));
             }
-            if (string.IsNullOrEmpty(properties.RedirectUri))
+            if (!string.IsNullOrEmpty(context.Name))
             {
-                properties.RedirectUri = currentUri;
-            }
+                context.Identity.AddClaim(new Claim("urn:facebook:name", context.Name, ClaimValueTypes.String, Options.AuthenticationType));
 
-            // OAuth2 10.12 CSRF
-            GenerateCorrelationId(properties);
-
-            // comma separated
-            string scope = string.Join(",", Options.Scope);
-
-            string state = Options.StateDataFormat.Protect(properties);
-
-            string authorizationEndpoint =
-                    AuthorizationEndpoint +
-                    "?response_type=code" +
-                    "&client_id=" + Uri.EscapeDataString(Options.AppId) +
-                    "&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
-                    "&scope=" + Uri.EscapeDataString(scope) +
-                    "&state=" + Uri.EscapeDataString(state);
-
-            var redirectContext = new FacebookApplyRedirectContext(Context, Options, properties, authorizationEndpoint);
-            Options.Notifications.ApplyRedirect(redirectContext);
-        }
-
-        protected override void ApplyResponseGrant()
-        {
-            // N/A
-        }
-
-        public override async Task<bool> InvokeAsync()
-        {
-            return await InvokeReplyPathAsync();
-        }
-
-        private async Task<bool> InvokeReplyPathAsync()
-        {
-            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
-            {
-                // TODO: error responses
-
-                AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket == null)
+                // Many Facebook accounts do not set the UserName field.  Fall back to the Name field instead.
+                if (string.IsNullOrEmpty(context.UserName))
                 {
-                    _logger.WriteWarning("Invalid return state, unable to redirect.");
-                    Response.StatusCode = 500;
-                    return true;
+                    context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, ClaimValueTypes.String, Options.AuthenticationType));
                 }
-
-                var context = new FacebookReturnEndpointContext(Context, ticket);
-                context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
-                context.RedirectUri = ticket.Properties.RedirectUri;
-
-                await Options.Notifications.ReturnEndpoint(context);
-
-                if (context.SignInAsAuthenticationType != null &&
-                    context.Identity != null)
-                {
-                    ClaimsIdentity grantIdentity = context.Identity;
-                    if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
-                    {
-                        grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
-                    }
-                    Context.Response.SignIn(context.Properties, grantIdentity);
-                }
-
-                if (!context.IsRequestCompleted && context.RedirectUri != null)
-                {
-                    string redirectUri = context.RedirectUri;
-                    if (context.Identity == null)
-                    {
-                        // add a redirect hint that sign-in failed in some way
-                        redirectUri = QueryHelpers.AddQueryString(redirectUri, "error", "access_denied");
-                    }
-                    Response.Redirect(redirectUri);
-                    context.RequestCompleted();
-                }
-
-                return context.IsRequestCompleted;
             }
-            return false;
+            if (!string.IsNullOrEmpty(context.Link))
+            {
+                context.Identity.AddClaim(new Claim("urn:facebook:link", context.Link, ClaimValueTypes.String, Options.AuthenticationType));
+            }
+            context.Properties = properties;
+
+            await Options.Notifications.Authenticated(context);
+
+            return new AuthenticationTicket(context.Identity, context.Properties);
         }
 
         private string GenerateAppSecretProof(string accessToken)
@@ -289,5 +113,13 @@ namespace Microsoft.AspNet.Security.Facebook
                 return builder.ToString();
             }
         }
+
+        protected override string FormatScope()
+        {
+            // Facebook deviates from the OAuth spec here. They require comma separated instead of space separated.
+            // https://developers.facebook.com/docs/reference/dialogs/oauth
+            // http://tools.ietf.org/html/rfc6749#section-3.3
+            return string.Join(",", Options.Scope);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index e67abf1c91..2d653d7c28 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -2,13 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
-using System.Net.Http;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Security.Facebook
@@ -16,12 +14,8 @@ namespace Microsoft.AspNet.Security.Facebook
     /// <summary>
     /// An ASP.NET middleware for authenticating users using Facebook.
     /// </summary>
-    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware is not disposable.")]
-    public class FacebookAuthenticationMiddleware : AuthenticationMiddleware<FacebookAuthenticationOptions>
+    public class FacebookAuthenticationMiddleware : OAuthAuthenticationMiddleware<FacebookAuthenticationOptions, IFacebookAuthenticationNotifications>
     {
-        private readonly ILogger _logger;
-        private readonly HttpClient _httpClient;
-
         /// <summary>
         /// Initializes a new <see cref="FacebookAuthenticationMiddleware"/>.
         /// </summary>
@@ -34,7 +28,7 @@ namespace Microsoft.AspNet.Security.Facebook
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             FacebookAuthenticationOptions options)
-            : base(next, options)
+            : base(next, dataProtectionProvider, loggerFactory, options)
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
             {
@@ -45,22 +39,10 @@ namespace Microsoft.AspNet.Security.Facebook
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AppSecret"));
             }
 
-            _logger = loggerFactory.Create(typeof(FacebookAuthenticationMiddleware).FullName);
-
             if (Options.Notifications == null)
             {
                 Options.Notifications = new FacebookAuthenticationNotifications();
             }
-            if (Options.StateDataFormat == null)
-            {
-                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
-                    typeof(FacebookAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
-                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
-            }
-
-            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
-            _httpClient.Timeout = Options.BackchannelTimeout;
-            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
         }
 
         /// <summary>
@@ -69,30 +51,7 @@ namespace Microsoft.AspNet.Security.Facebook
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="FacebookAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<FacebookAuthenticationOptions> CreateHandler()
         {
-            return new FacebookAuthenticationHandler(_httpClient, _logger);
-        }
-
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(FacebookAuthenticationOptions options)
-        {
-            HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if ASPNET50
-                new WebRequestHandler();
-            // If they provided a validator, apply it or fail.
-            if (options.BackchannelCertificateValidator != null)
-            {
-                // Set the cert validate callback
-                var webRequestHandler = handler as WebRequestHandler;
-                if (webRequestHandler == null)
-                {
-                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
-                }
-                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
-            }
-#else
-                new WinHttpHandler();
-#endif
-            return handler;
+            return new FacebookAuthenticationHandler(Backchannel, Logger);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
index 1d4fa9a54c..7f1199a086 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
@@ -1,108 +1,49 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
-using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
     /// Configuration options for <see cref="FacebookAuthenticationMiddleware"/>.
     /// </summary>
-    public class FacebookAuthenticationOptions : AuthenticationOptions
+    public class FacebookAuthenticationOptions : OAuthAuthenticationOptions<IFacebookAuthenticationNotifications>
     {
         /// <summary>
         /// Initializes a new <see cref="FacebookAuthenticationOptions"/>.
         /// </summary>
-        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters",
-            MessageId = "Microsoft.AspNet.Security.Facebook.FacebookAuthenticationOptions.set_Caption(System.String)", Justification = "Not localizable.")]
         public FacebookAuthenticationOptions()
             : base(FacebookAuthenticationDefaults.AuthenticationType)
         {
-            Caption = FacebookAuthenticationDefaults.AuthenticationType;
             CallbackPath = new PathString("/signin-facebook");
-            AuthenticationMode = AuthenticationMode.Passive;
-            Scope = new List<string>();
-            BackchannelTimeout = TimeSpan.FromSeconds(60);
             SendAppSecretProof = true;
+            AuthorizationEndpoint = FacebookAuthenticationDefaults.AuthorizationEndpoint;
+            TokenEndpoint = FacebookAuthenticationDefaults.TokenEndpoint;
+            UserInformationEndpoint = FacebookAuthenticationDefaults.UserInformationEndpoint;
         }
 
+        // Facebook uses a non-standard term for this field.
         /// <summary>
         /// Gets or sets the Facebook-assigned appId.
         /// </summary>
-        public string AppId { get; set; }
+        public string AppId
+        {
+            get { return ClientId; }
+            set { ClientId = value; }
+        }
 
+        // Facebook uses a non-standard term for this field.
         /// <summary>
         /// Gets or sets the Facebook-assigned app secret.
         /// </summary>
-        public string AppSecret { get; set; }
-#if ASPNET50
-        /// <summary>
-        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
-        /// in back channel communications belong to Facebook.
-        /// </summary>
-        /// <value>
-        /// The pinned certificate validator.
-        /// </value>
-        /// <remarks>If this property is null then the default certificate checks are performed,
-        /// validating the subject name and if the signing chain is a trusted party.</remarks>
-        public ICertificateValidator BackchannelCertificateValidator { get; set; }
-#endif
-        /// <summary>
-        /// Gets or sets timeout value in milliseconds for back channel communications with Facebook.
-        /// </summary>
-        /// <value>
-        /// The back channel timeout in milliseconds.
-        /// </value>
-        public TimeSpan BackchannelTimeout { get; set; }
-
-        /// <summary>
-        /// The HttpMessageHandler used to communicate with Facebook.
-        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
-        /// can be downcast to a WebRequestHandler.
-        /// </summary>
-        public HttpMessageHandler BackchannelHttpHandler { get; set; }
-
-        /// <summary>
-        /// Get or sets the text that the user can display on a sign in user interface.
-        /// </summary>
-        public string Caption
+        public string AppSecret
         {
-            get { return Description.Caption; }
-            set { Description.Caption = value; }
+            get { return ClientSecret; }
+            set { ClientSecret = value; }
         }
 
-        /// <summary>
-        /// The request path within the application's base path where the user-agent will be returned.
-        /// The middleware will process this request when it arrives.
-        /// Default value is "/signin-facebook".
-        /// </summary>
-        public PathString CallbackPath { get; set; }
-
-        /// <summary>
-        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
-        /// </summary>
-        public string SignInAsAuthenticationType { get; set; }
-
-        /// <summary>
-        /// Gets or sets the <see cref="IFacebookAuthenticationNotifications"/> used to handle authentication events.
-        /// </summary>
-        public IFacebookAuthenticationNotifications Notifications { get; set; }
-
-        /// <summary>
-        /// Gets or sets the type used to secure data handled by the middleware.
-        /// </summary>
-        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
-
-        /// <summary>
-        /// A list of permissions to request.
-        /// </summary>
-        public IList<string> Scope { get; private set; }
-
         /// <summary>
         /// Gets or sets if the appsecret_proof should be generated and sent with Facebook API calls.
         /// This is enabled by default.
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
deleted file mode 100644
index e3e1b35b3e..0000000000
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookApplyRedirectContext.cs
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
-
-namespace Microsoft.AspNet.Security.Facebook
-{
-    /// <summary>
-    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Facebook middleware.
-    /// </summary>
-    public class FacebookApplyRedirectContext : BaseContext<FacebookAuthenticationOptions>
-    {
-        /// <summary>
-        /// Creates a new context object.
-        /// </summary>
-        /// <param name="context">The http request context.</param>
-        /// <param name="options">The Facebook middleware options.</param>
-        /// <param name="properties">The authentication properties of the challenge.</param>
-        /// <param name="redirectUri">The initial redirect URI.</param>
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "3#",
-            Justification = "Represents header value")]
-        public FacebookApplyRedirectContext(HttpContext context, FacebookAuthenticationOptions options,
-            AuthenticationProperties properties, string redirectUri)
-            : base(context, options)
-        {
-            RedirectUri = redirectUri;
-            Properties = properties;
-        }
-
-        /// <summary>
-        /// Gets the URI used for the redirect operation.
-        /// </summary>
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Represents header value")]
-        public string RedirectUri { get; private set; }
-
-        /// <summary>
-        /// Gets the authentication properties of the challenge.
-        /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
index 6797ed4959..aa4e07daaf 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
@@ -1,12 +1,9 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Globalization;
-using System.Security.Claims;
+using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Security.OAuth;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Security.Facebook
@@ -14,27 +11,17 @@ namespace Microsoft.AspNet.Security.Facebook
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class FacebookAuthenticatedContext : BaseContext
+    public class FacebookAuthenticatedContext : OAuthAuthenticatedContext
     {
         /// <summary>
         /// Initializes a new <see cref="FacebookAuthenticatedContext"/>.
         /// </summary>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="user">The JSON-serialized user.</param>
-        /// <param name="accessToken">The Facebook Access token.</param>
-        /// <param name="expires">Seconds until expiration.</param>
-        public FacebookAuthenticatedContext(HttpContext context, JObject user, string accessToken, string expires)
-            : base(context)
+        /// <param name="tokens">The Facebook Access token.</param>
+        public FacebookAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, JObject user, TokenResponse tokens)
+            : base(context, options, user, tokens)
         {
-            User = user;
-            AccessToken = accessToken;
-
-            int expiresValue;
-            if (Int32.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
-            {
-                ExpiresIn = TimeSpan.FromSeconds(expiresValue);
-            }
-
             Id = TryGetValue(user, "id");
             Name = TryGetValue(user, "name");
             Link = TryGetValue(user, "link");
@@ -42,21 +29,6 @@ namespace Microsoft.AspNet.Security.Facebook
             Email = TryGetValue(user, "email");
         }
 
-        /// <summary>
-        /// Gets the JSON-serialized user.
-        /// </summary>
-        public JObject User { get; private set; }
-
-        /// <summary>
-        /// Gets the Facebook access token.
-        /// </summary>
-        public string AccessToken { get; private set; }
-
-        /// <summary>
-        /// Gets the Facebook access token expiration time.
-        /// </summary>
-        public TimeSpan? ExpiresIn { get; set; }
-
         /// <summary>
         /// Gets the Facebook user ID.
         /// </summary>
@@ -82,16 +54,6 @@ namespace Microsoft.AspNet.Security.Facebook
         /// </summary>
         public string Email { get; private set; }
 
-        /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
-        /// </summary>
-        public ClaimsIdentity Identity { get; set; }
-
-        /// <summary>
-        /// Gets or sets a property bag for common authentication properties.
-        /// </summary>
-        public AuthenticationProperties Properties { get; set; }
-
         private static string TryGetValue(JObject user, string propertyName)
         {
             JToken value;
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
index b9b33b1257..f86287cc11 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
@@ -3,13 +3,14 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
     /// The default <see cref="IFacebookAuthenticationNotifications"/> implementation.
     /// </summary>
-    public class FacebookAuthenticationNotifications : IFacebookAuthenticationNotifications
+    public class FacebookAuthenticationNotifications : OAuthAuthenticationNotifications, IFacebookAuthenticationNotifications
     {
         /// <summary>
         /// Initializes a new <see cref="FacebookAuthenticationNotifications"/>.
@@ -17,9 +18,6 @@ namespace Microsoft.AspNet.Security.Facebook
         public FacebookAuthenticationNotifications()
         {
             OnAuthenticated = context => Task.FromResult<object>(null);
-            OnReturnEndpoint = context => Task.FromResult<object>(null);
-            OnApplyRedirect = context =>
-                context.Response.Redirect(context.RedirectUri);
         }
 
         /// <summary>
@@ -27,16 +25,6 @@ namespace Microsoft.AspNet.Security.Facebook
         /// </summary>
         public Func<FacebookAuthenticatedContext, Task> OnAuthenticated { get; set; }
 
-        /// <summary>
-        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
-        /// </summary>
-        public Func<FacebookReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
-
-        /// <summary>
-        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
-        /// </summary>
-        public Action<FacebookApplyRedirectContext> OnApplyRedirect { get; set; }
-
         /// <summary>
         /// Invoked whenever Facebook succesfully authenticates a user.
         /// </summary>
@@ -46,24 +34,5 @@ namespace Microsoft.AspNet.Security.Facebook
         {
             return OnAuthenticated(context);
         }
-
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task ReturnEndpoint(FacebookReturnEndpointContext context)
-        {
-            return OnReturnEndpoint(context);
-        }
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware.
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        public virtual void ApplyRedirect(FacebookApplyRedirectContext context)
-        {
-            OnApplyRedirect(context);
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
deleted file mode 100644
index 29786a9068..0000000000
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookReturnEndpointContext.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
-
-namespace Microsoft.AspNet.Security.Facebook
-{
-    /// <summary>
-    /// Provides context information for notifications.
-    /// </summary>
-    public class FacebookReturnEndpointContext : ReturnEndpointContext
-    {
-        /// <summary>
-        /// Creates a new context object.
-        /// </summary>
-        /// <param name="context">The http environment.</param>
-        /// <param name="ticket">The authentication ticket.</param>
-        public FacebookReturnEndpointContext(
-            HttpContext context,
-            AuthenticationTicket ticket)
-            : base(context, ticket)
-        {
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
index 236cba3ac5..0849a84a06 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
@@ -2,13 +2,14 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.Facebook
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="FacebookAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IFacebookAuthenticationNotifications
+    public interface IFacebookAuthenticationNotifications : IOAuthAuthenticationNotifications
     {
         /// <summary>
         /// Invoked when Facebook succesfully authenticates a user.
@@ -16,18 +17,5 @@ namespace Microsoft.AspNet.Security.Facebook
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         Task Authenticated(FacebookAuthenticatedContext context);
-
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ReturnEndpoint(FacebookReturnEndpointContext context);
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Facebook middleware.
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        void ApplyRedirect(FacebookApplyRedirectContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs b/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
index dca281f828..18a738d708 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
@@ -68,14 +68,5 @@ namespace Microsoft.AspNet.Security.Facebook {
                 return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
             }
         }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
-        /// </summary>
-        internal static string Exception_ValidatorHandlerMismatch {
-            get {
-                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
-            }
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/Resources.resx b/src/Microsoft.AspNet.Security.Facebook/Resources.resx
index 2a19bea96a..56ef7f56bd 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Resources.resx
+++ b/src/Microsoft.AspNet.Security.Facebook/Resources.resx
@@ -120,7 +120,4 @@
   <data name="Exception_OptionMustBeProvided" xml:space="preserve">
     <value>The '{0}' option must be provided.</value>
   </data>
-  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
-    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
-  </data>
 </root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index bf9da22531..fbbb32c78a 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -5,6 +5,7 @@
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
         "Newtonsoft.Json": "5.0.8",
@@ -13,7 +14,6 @@
     "frameworks": {
         "aspnet50": {
             "dependencies": {
-                "System.Net.Http.WebRequest": ""
             }
         },
         "aspnetcore50": {
@@ -27,7 +27,6 @@
                 "System.IO": "4.0.10.0",
                 "System.IO.Compression": "4.0.0.0",
                 "System.Linq": "4.0.0.0",
-                "System.Net.Http.WinHttpHandler": "4.0.0.0",
                 "System.Reflection": "4.0.10.0",
                 "System.Resources.ResourceManager": "4.0.0.0",
                 "System.Runtime": "4.0.20.0",
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
index b135063840..acf982906b 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
@@ -6,5 +6,11 @@ namespace Microsoft.AspNet.Security.Google
     public static class GoogleAuthenticationDefaults
     {
         public const string AuthenticationType = "Google";
+
+        public const string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
+
+        public const string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
+
+        public const string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
index fe2a4feab9..1d75c889f3 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
@@ -7,212 +7,84 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.OAuth;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Security.Google
 {
-    internal class GoogleAuthenticationHandler : AuthenticationHandler<GoogleAuthenticationOptions>
+    internal class GoogleAuthenticationHandler : OAuthAuthenticationHandler<GoogleAuthenticationOptions, IGoogleAuthenticationNotifications>
     {
-        private const string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
-        private const string UserInfoEndpoint = "https://www.googleapis.com/plus/v1/people/me";
-        private const string AuthorizeEndpoint = "https://accounts.google.com/o/oauth2/auth";
-
-        private readonly ILogger _logger;
-        private readonly HttpClient _httpClient;
-
         public GoogleAuthenticationHandler(HttpClient httpClient, ILogger logger)
+            : base(httpClient, logger)
         {
-            _httpClient = httpClient;
-            _logger = logger;
         }
 
-        protected override AuthenticationTicket AuthenticateCore()
+        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
         {
-            return AuthenticateCoreAsync().Result;
+            // Get the Google user
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+            HttpResponseMessage graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
+            graphResponse.EnsureSuccessStatusCode();
+            var text = await graphResponse.Content.ReadAsStringAsync();
+            JObject user = JObject.Parse(text);
+
+            var context = new GoogleAuthenticatedContext(Context, Options, user, tokens);
+            context.Identity = new ClaimsIdentity(
+                Options.AuthenticationType,
+                ClaimsIdentity.DefaultNameClaimType,
+                ClaimsIdentity.DefaultRoleClaimType);
+
+            if (!string.IsNullOrEmpty(context.Id))
+            {
+                context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id,
+                    ClaimValueTypes.String, Options.AuthenticationType));
+            }
+            if (!string.IsNullOrEmpty(context.GivenName))
+            {
+                context.Identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName,
+                    ClaimValueTypes.String, Options.AuthenticationType));
+            }
+            if (!string.IsNullOrEmpty(context.FamilyName))
+            {
+                context.Identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName,
+                    ClaimValueTypes.String, Options.AuthenticationType));
+            }
+            if (!string.IsNullOrEmpty(context.Name))
+            {
+                context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String,
+                    Options.AuthenticationType));
+            }
+            if (!string.IsNullOrEmpty(context.Email))
+            {
+                context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String,
+                    Options.AuthenticationType));
+            }
+            if (!string.IsNullOrEmpty(context.Profile))
+            {
+                context.Identity.AddClaim(new Claim("urn:google:profile", context.Profile, ClaimValueTypes.String,
+                    Options.AuthenticationType));
+            }
+            context.Properties = properties;
+
+            await Options.Notifications.Authenticated(context);
+
+            return new AuthenticationTicket(context.Identity, context.Properties);
         }
 
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        // TODO: Abstract this properties override pattern into the base class?
+        protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
         {
-            AuthenticationProperties properties = null;
-
-            try
-            {
-                string code = null;
-                string state = null;
-
-                IReadableStringCollection query = Request.Query;
-                IList<string> values = query.GetValues("code");
-                if (values != null && values.Count == 1)
-                {
-                    code = values[0];
-                }
-                values = query.GetValues("state");
-                if (values != null && values.Count == 1)
-                {
-                    state = values[0];
-                }
-
-                properties = Options.StateDataFormat.Unprotect(state);
-                if (properties == null)
-                {
-                    return null;
-                }
-
-                // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties, _logger))
-                {
-                    return new AuthenticationTicket(null, properties);
-                }
-
-                string requestPrefix = Request.Scheme + "://" + Request.Host;
-                string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
-
-                // Build up the body for the token request
-                var body = new List<KeyValuePair<string, string>>();
-                body.Add(new KeyValuePair<string, string>("grant_type", "authorization_code"));
-                body.Add(new KeyValuePair<string, string>("code", code));
-                body.Add(new KeyValuePair<string, string>("redirect_uri", redirectUri));
-                body.Add(new KeyValuePair<string, string>("client_id", Options.ClientId));
-                body.Add(new KeyValuePair<string, string>("client_secret", Options.ClientSecret));
-
-                // Request the token
-                HttpResponseMessage tokenResponse =
-                    await _httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body));
-                tokenResponse.EnsureSuccessStatusCode();
-                string text = await tokenResponse.Content.ReadAsStringAsync();
-
-                // Deserializes the token response
-                JObject response = JObject.Parse(text);
-                string accessToken = response.Value<string>("access_token");
-                string expires = response.Value<string>("expires_in");
-                string refreshToken = response.Value<string>("refresh_token");
-
-                if (string.IsNullOrWhiteSpace(accessToken))
-                {
-                    _logger.WriteWarning("Access token was not found");
-                    return new AuthenticationTicket(null, properties);
-                }
-
-                // Get the Google user
-                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, UserInfoEndpoint);
-                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
-                HttpResponseMessage graphResponse = await _httpClient.SendAsync(request, Context.RequestAborted);
-                graphResponse.EnsureSuccessStatusCode();
-                text = await graphResponse.Content.ReadAsStringAsync();
-                JObject user = JObject.Parse(text);
-
-                var context = new GoogleAuthenticatedContext(Context, user, accessToken, refreshToken, expires);
-                context.Identity = new ClaimsIdentity(
-                    Options.AuthenticationType,
-                    ClaimsIdentity.DefaultNameClaimType,
-                    ClaimsIdentity.DefaultRoleClaimType);
-                if (!string.IsNullOrEmpty(context.Id))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, 
-                        ClaimValueTypes.String, Options.AuthenticationType));
-                }
-                if (!string.IsNullOrEmpty(context.GivenName))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName, 
-                        ClaimValueTypes.String, Options.AuthenticationType));
-                }
-                if (!string.IsNullOrEmpty(context.FamilyName))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName,
-                        ClaimValueTypes.String, Options.AuthenticationType));
-                }                
-                if (!string.IsNullOrEmpty(context.Name))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String,
-                        Options.AuthenticationType));
-                }
-                if (!string.IsNullOrEmpty(context.Email))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, 
-                        Options.AuthenticationType));
-                }
-                
-                if (!string.IsNullOrEmpty(context.Profile))
-                {
-                    context.Identity.AddClaim(new Claim("urn:google:profile", context.Profile, ClaimValueTypes.String, 
-                        Options.AuthenticationType));
-                }
-                context.Properties = properties;
-
-                await Options.Notifications.Authenticated(context);
-
-                return new AuthenticationTicket(context.Identity, context.Properties);
-            }
-            catch (Exception ex)
-            {
-                _logger.WriteError("Authentication failed", ex);
-                return new AuthenticationTicket(null, properties);
-            }
-        }
-
-        protected override void ApplyResponseChallenge()
-        {
-            if (Response.StatusCode != 401)
-            {
-                return;
-            }
-
-            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
-            {
-                return;
-            }
-
-            string baseUri =
-                Request.Scheme +
-                "://" +
-                Request.Host +
-                Request.PathBase;
-
-            string currentUri =
-                baseUri +
-                Request.Path +
-                Request.QueryString;
-
-            string redirectUri =
-                baseUri +
-                Options.CallbackPath;
-
-            AuthenticationProperties properties;
-            if (ChallengeContext == null)
-            {
-                properties = new AuthenticationProperties();
-            }
-            else
-            {
-                properties = new AuthenticationProperties(ChallengeContext.Properties);
-            }
-            if (string.IsNullOrEmpty(properties.RedirectUri))
-            {
-                properties.RedirectUri = currentUri;
-            }
-
-            // OAuth2 10.12 CSRF
-            GenerateCorrelationId(properties);
+            string scope = FormatScope();
 
             var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
             queryStrings.Add("response_type", "code");
             queryStrings.Add("client_id", Options.ClientId);
             queryStrings.Add("redirect_uri", redirectUri);
 
-            // space separated
-            string scope = string.Join(" ", Options.Scope);
-            if (string.IsNullOrEmpty(scope))
-            {
-                // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to 
-                // "openid profile email" to get basic user information.
-                scope = "openid profile email";
-            }
             AddQueryString(queryStrings, properties, "scope", scope);
 
             AddQueryString(queryStrings, properties, "access_type", Options.AccessType);
@@ -222,65 +94,8 @@ namespace Microsoft.AspNet.Security.Google
             string state = Options.StateDataFormat.Protect(properties);
             queryStrings.Add("state", state);
 
-            string authorizationEndpoint = QueryHelpers.AddQueryString(AuthorizeEndpoint, queryStrings);
-
-            var redirectContext = new GoogleApplyRedirectContext(
-                Context, Options,
-                properties, authorizationEndpoint);
-            Options.Notifications.ApplyRedirect(redirectContext);
-        }
-
-        public override async Task<bool> InvokeAsync()
-        {
-            return await InvokeReplyPathAsync();
-        }
-
-        private async Task<bool> InvokeReplyPathAsync()
-        {
-            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
-            {
-                // TODO: error responses
-
-                AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket == null)
-                {
-                    _logger.WriteWarning("Invalid return state, unable to redirect.");
-                    Response.StatusCode = 500;
-                    return true;
-                }
-
-                var context = new GoogleReturnEndpointContext(Context, ticket);
-                context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
-                context.RedirectUri = ticket.Properties.RedirectUri;
-
-                await Options.Notifications.ReturnEndpoint(context);
-
-                if (context.SignInAsAuthenticationType != null &&
-                    context.Identity != null)
-                {
-                    ClaimsIdentity grantIdentity = context.Identity;
-                    if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
-                    {
-                        grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
-                    }
-                    Context.Response.SignIn(context.Properties, grantIdentity);
-                }
-
-                if (!context.IsRequestCompleted && context.RedirectUri != null)
-                {
-                    string redirectUri = context.RedirectUri;
-                    if (context.Identity == null)
-                    {
-                        // add a redirect hint that sign-in failed in some way
-                        redirectUri = QueryHelpers.AddQueryString(redirectUri, "error", "access_denied");
-                    }
-                    Response.Redirect(redirectUri);
-                    context.RequestCompleted();
-                }
-
-                return context.IsRequestCompleted;
-            }
-            return false;
+            string authorizationEndpoint = QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, queryStrings);
+            return authorizationEndpoint;
         }
 
         private static void AddQueryString(IDictionary<string, string> queryStrings, AuthenticationProperties properties,
@@ -304,10 +119,5 @@ namespace Microsoft.AspNet.Security.Google
 
             queryStrings[name] = value;
         }
-
-        protected override void ApplyResponseGrant()
-        {
-            // N/A - No SignIn or SignOut support.
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
index 66768cbb84..08d7610fa0 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -9,6 +9,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Security.Google
@@ -17,11 +18,8 @@ namespace Microsoft.AspNet.Security.Google
     /// An ASP.NET middleware for authenticating users using Google OAuth 2.0.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
-    public class GoogleAuthenticationMiddleware : AuthenticationMiddleware<GoogleAuthenticationOptions>
+    public class GoogleAuthenticationMiddleware : OAuthAuthenticationMiddleware<GoogleAuthenticationOptions, IGoogleAuthenticationNotifications>
     {
-        private readonly ILogger _logger;
-        private readonly HttpClient _httpClient;
-
         /// <summary>
         /// Initializes a new <see cref="GoogleAuthenticationMiddleware"/>.
         /// </summary>
@@ -34,33 +32,22 @@ namespace Microsoft.AspNet.Security.Google
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             GoogleAuthenticationOptions options)
-            : base(next, options)
+            : base(next, dataProtectionProvider, loggerFactory, options)
         {
-            if (string.IsNullOrWhiteSpace(Options.ClientId))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
-            }
-            if (string.IsNullOrWhiteSpace(Options.ClientSecret))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientSecret"));
-            }
-
-            _logger = loggerFactory.Create(typeof(GoogleAuthenticationMiddleware).FullName);
-
             if (Options.Notifications == null)
             {
                 Options.Notifications = new GoogleAuthenticationNotifications();
             }
-            if (Options.StateDataFormat == null)
-            {
-                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
-                    typeof(GoogleAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
-                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
-            }
 
-            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
-            _httpClient.Timeout = Options.BackchannelTimeout;
-            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+            if (Options.Scope.Count == 0)
+            {
+                // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to 
+                // "openid profile email" to get basic user information.
+                // TODO: Should we just add these by default when we create the Options?
+                Options.Scope.Add("openid");
+                Options.Scope.Add("profile");
+                Options.Scope.Add("email");
+            }
         }
 
         /// <summary>
@@ -69,30 +56,7 @@ namespace Microsoft.AspNet.Security.Google
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="GoogleAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<GoogleAuthenticationOptions> CreateHandler()
         {
-            return new GoogleAuthenticationHandler(_httpClient, _logger);
-        }
-
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(GoogleAuthenticationOptions options)
-        {
-            HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if ASPNET50
-                new WebRequestHandler();
-            // If they provided a validator, apply it or fail.
-            if (options.BackchannelCertificateValidator != null)
-            {
-                // Set the cert validate callback
-                var webRequestHandler = handler as WebRequestHandler;
-                if (webRequestHandler == null)
-                {
-                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
-                }
-                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
-            }
-#else
-                new WinHttpHandler();
-#endif
-            return handler;
+            return new GoogleAuthenticationHandler(Backchannel, Logger);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
index 1ede9f0425..0b8e3ab091 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
@@ -6,102 +6,27 @@ using System.Collections.Generic;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
     /// Configuration options for <see cref="GoogleAuthenticationMiddleware"/>.
     /// </summary>
-    public class GoogleAuthenticationOptions : AuthenticationOptions
+    public class GoogleAuthenticationOptions : OAuthAuthenticationOptions<IGoogleAuthenticationNotifications>
     {
         /// <summary>
         /// Initializes a new <see cref="GoogleAuthenticationOptions"/>.
         /// </summary>
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", 
-            MessageId = "Microsoft.AspNet.Security.Google.GoogleAuthenticationOptions.set_Caption(System.String)", 
-            Justification = "Not localizable.")]
         public GoogleAuthenticationOptions()
             : base(GoogleAuthenticationDefaults.AuthenticationType)
         {
-            Caption = GoogleAuthenticationDefaults.AuthenticationType;
             CallbackPath = new PathString("/signin-google");
-            AuthenticationMode = AuthenticationMode.Passive;
-            Scope = new List<string>();
-            BackchannelTimeout = TimeSpan.FromSeconds(60);
+            AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint;
+            TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint;
+            UserInformationEndpoint = GoogleAuthenticationDefaults.UserInformationEndpoint;
         }
 
-        /// <summary>
-        /// Gets or sets the Google-assigned client id.
-        /// </summary>
-        public string ClientId { get; set; }
-
-        /// <summary>
-        /// Gets or sets the Google-assigned client secret.
-        /// </summary>
-        public string ClientSecret { get; set; }
-#if ASPNET50
-        /// <summary>
-        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
-        /// in back channel communications belong to Google.
-        /// </summary>
-        /// <value>
-        /// The pinned certificate validator.
-        /// </value>
-        /// <remarks>If this property is null then the default certificate checks are performed,
-        /// validating the subject name and if the signing chain is a trusted party.</remarks>
-        public ICertificateValidator BackchannelCertificateValidator { get; set; }
-#endif
-        /// <summary>
-        /// Gets or sets timeout value in milliseconds for back channel communications with Google.
-        /// </summary>
-        /// <value>
-        /// The back channel timeout in milliseconds.
-        /// </value>
-        public TimeSpan BackchannelTimeout { get; set; }
-
-        /// <summary>
-        /// The HttpMessageHandler used to communicate with Google.
-        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
-        /// can be downcast to a WebRequestHandler.
-        /// </summary>
-        public HttpMessageHandler BackchannelHttpHandler { get; set; }
-
-        /// <summary>
-        /// Get or sets the text that the user can display on a sign in user interface.
-        /// </summary>
-        public string Caption
-        {
-            get { return Description.Caption; }
-            set { Description.Caption = value; }
-        }
-
-        /// <summary>
-        /// The request path within the application's base path where the user-agent will be returned.
-        /// The middleware will process this request when it arrives.
-        /// Default value is "/signin-google".
-        /// </summary>
-        public PathString CallbackPath { get; set; }
-
-        /// <summary>
-        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
-        /// </summary>
-        public string SignInAsAuthenticationType { get; set; }
-
-        /// <summary>
-        /// Gets or sets the <see cref="IGoogleAuthenticationNotifications"/> used to handle authentication events.
-        /// </summary>
-        public IGoogleAuthenticationNotifications Notifications { get; set; }
-
-        /// <summary>
-        /// Gets or sets the type used to secure data handled by the middleware.
-        /// </summary>
-        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
-
-        /// <summary>
-        /// A list of permissions to request.
-        /// </summary>
-        public IList<string> Scope { get; private set; }
-
         /// <summary>
         /// access_type. Set to 'offline' to request a refresh token.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
deleted file mode 100644
index 7df6358ddd..0000000000
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleApplyRedirectContext.cs
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
-
-namespace Microsoft.AspNet.Security.Google
-{
-    /// <summary>
-    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware.
-    /// </summary>
-    public class GoogleApplyRedirectContext : BaseContext<GoogleAuthenticationOptions>
-    {
-        /// <summary>
-        /// Creates a new context object.
-        /// </summary>
-        /// <param name="context">The HTTP request context.</param>
-        /// <param name="options">The Google OAuth 2.0 middleware options.</param>
-        /// <param name="properties">The authentication properties of the challenge.</param>
-        /// <param name="redirectUri">The initial redirect URI.</param>
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "3#",
-            Justification = "Represents header value")]
-        public GoogleApplyRedirectContext(HttpContext context, GoogleAuthenticationOptions options, 
-            AuthenticationProperties properties, string redirectUri)
-            : base(context, options)
-        {
-            RedirectUri = redirectUri;
-            Properties = properties;
-        }
-
-        /// <summary>
-        /// Gets the URI used for the redirect operation.
-        /// </summary>
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Represents header value")]
-        public string RedirectUri { get; private set; }
-
-        /// <summary>
-        /// Gets the authentication properties of the challenge.
-        /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
index 84f535fb8d..10fa2b3706 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
@@ -3,10 +3,11 @@
 
 using System;
 using System.Globalization;
+using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Security.OAuth;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Security.Google
@@ -14,30 +15,17 @@ namespace Microsoft.AspNet.Security.Google
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class GoogleAuthenticatedContext : BaseContext
+    public class GoogleAuthenticatedContext : OAuthAuthenticatedContext
     {
         /// <summary>
         /// Initializes a new <see cref="GoogleAuthenticatedContext"/>.
         /// </summary>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="user">The JSON-serialized Google user info.</param>
-        /// <param name="accessToken">Google OAuth 2.0 access token.</param>
-        /// <param name="refreshToken">Goolge OAuth 2.0 refresh token.</param>
-        /// <param name="expires">Seconds until expiration.</param>
-        public GoogleAuthenticatedContext(HttpContext context, JObject user, string accessToken, 
-            string refreshToken, string expires)
-            : base(context)
+        /// <param name="tokens">Google OAuth 2.0 access token, refresh token, etc.</param>
+        public GoogleAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, JObject user, TokenResponse tokens)
+            : base(context, options, user, tokens)
         {
-            User = user;
-            AccessToken = accessToken;
-            RefreshToken = refreshToken;
-
-            int expiresValue;
-            if (Int32.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
-            {
-                ExpiresIn = TimeSpan.FromSeconds(expiresValue);
-            }
-
             Id = TryGetValue(user, "id");
             Name = TryGetValue(user, "displayName");
             GivenName = TryGetValue(user, "name", "givenName");
@@ -46,32 +34,6 @@ namespace Microsoft.AspNet.Security.Google
             Email = TryGetFirstValue(user, "emails", "value");
         }
 
-        /// <summary>
-        /// Gets the JSON-serialized user.
-        /// </summary>
-        /// <remarks>
-        /// Contains the Google user obtained from the userinfo endpoint.
-        /// </remarks>
-        public JObject User { get; private set; }
-
-        /// <summary>
-        /// Gets the Google access token.
-        /// </summary>
-        public string AccessToken { get; private set; }
-
-        /// <summary>
-        /// Gets the Google refresh token.
-        /// </summary>
-        /// <remarks>
-        /// This value is not null only when access_type authorize parameter is offline.
-        /// </remarks>
-        public string RefreshToken { get; private set; }
-
-        /// <summary>
-        /// Gets the Google access token expiration time.
-        /// </summary>
-        public TimeSpan? ExpiresIn { get; set; }
-
         /// <summary>
         /// Gets the Google user ID.
         /// </summary>
@@ -102,16 +64,6 @@ namespace Microsoft.AspNet.Security.Google
         /// </summary>
         public string Email { get; private set; }
 
-        /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
-        /// </summary>
-        public ClaimsIdentity Identity { get; set; }
-
-        /// <summary>
-        /// Gets or sets a property bag for common authentication properties.
-        /// </summary>
-        public AuthenticationProperties Properties { get; set; }
-
         private static string TryGetValue(JObject user, string propertyName)
         {
             JToken value;
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
index 36f9368953..ef2e5d3cec 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
@@ -3,13 +3,14 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
     /// The default <see cref="IGoogleAuthenticationNotifications"/> implementation.
     /// </summary>
-    public class GoogleAuthenticationNotifications : IGoogleAuthenticationNotifications
+    public class GoogleAuthenticationNotifications : OAuthAuthenticationNotifications, IGoogleAuthenticationNotifications
     {
         /// <summary>
         /// Initializes a new <see cref="GoogleAuthenticationNotifications"/>.
@@ -17,8 +18,6 @@ namespace Microsoft.AspNet.Security.Google
         public GoogleAuthenticationNotifications()
         {
             OnAuthenticated = context => Task.FromResult<object>(null);
-            OnReturnEndpoint = context => Task.FromResult<object>(null);
-            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
         }
 
         /// <summary>
@@ -26,16 +25,6 @@ namespace Microsoft.AspNet.Security.Google
         /// </summary>
         public Func<GoogleAuthenticatedContext, Task> OnAuthenticated { get; set; }
 
-        /// <summary>
-        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
-        /// </summary>
-        public Func<GoogleReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
-
-        /// <summary>
-        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
-        /// </summary>
-        public Action<GoogleApplyRedirectContext> OnApplyRedirect { get; set; }
-
         /// <summary>
         /// Invoked whenever Google succesfully authenticates a user.
         /// </summary>
@@ -45,24 +34,5 @@ namespace Microsoft.AspNet.Security.Google
         {
             return OnAuthenticated(context);
         }
-
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context">Contains context information and authentication ticket of the return endpoint.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task ReturnEndpoint(GoogleReturnEndpointContext context)
-        {
-            return OnReturnEndpoint(context);
-        }
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware.
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        public virtual void ApplyRedirect(GoogleApplyRedirectContext context)
-        {
-            OnApplyRedirect(context);
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
deleted file mode 100644
index ce6a13742e..0000000000
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleReturnEndpointContext.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
-
-namespace Microsoft.AspNet.Security.Google
-{
-    /// <summary>
-    /// Provides context information to middleware notifications.
-    /// </summary>
-    public class GoogleReturnEndpointContext : ReturnEndpointContext
-    {
-        /// <summary>
-        /// Initialize a <see cref="GoogleReturnEndpointContext"/>.
-        /// </summary>
-        /// <param name="context">The HTTP environment.</param>
-        /// <param name="ticket">The authentication ticket.</param>
-        public GoogleReturnEndpointContext(
-            HttpContext context,
-            AuthenticationTicket ticket)
-            : base(context, ticket)
-        {
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
index 13930346c8..9cf9d2dd53 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
@@ -2,13 +2,14 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.Google
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="GoogleAuthenticationMiddleware" /> invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IGoogleAuthenticationNotifications
+    public interface IGoogleAuthenticationNotifications : IOAuthAuthenticationNotifications
     {
         /// <summary>
         /// Invoked whenever Google succesfully authenticates a user.
@@ -16,18 +17,5 @@ namespace Microsoft.AspNet.Security.Google
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         Task Authenticated(GoogleAuthenticatedContext context);
-
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context">Contains context information and authentication ticket of the return endpoint.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ReturnEndpoint(GoogleReturnEndpointContext context);
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Google OAuth 2.0 middleware.
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        void ApplyRedirect(GoogleApplyRedirectContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index bf9da22531..fbbb32c78a 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -5,6 +5,7 @@
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
         "Newtonsoft.Json": "5.0.8",
@@ -13,7 +14,6 @@
     "frameworks": {
         "aspnet50": {
             "dependencies": {
-                "System.Net.Http.WebRequest": ""
             }
         },
         "aspnetcore50": {
@@ -27,7 +27,6 @@
                 "System.IO": "4.0.10.0",
                 "System.IO.Compression": "4.0.0.0",
                 "System.Linq": "4.0.0.0",
-                "System.Net.Http.WinHttpHandler": "4.0.0.0",
                 "System.Reflection": "4.0.10.0",
                 "System.Resources.ResourceManager": "4.0.0.0",
                 "System.Runtime": "4.0.20.0",
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
index 8f83dac3e4..825ab41216 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
@@ -6,5 +6,11 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
     public static class MicrosoftAccountAuthenticationDefaults
     {
         public const string AuthenticationType = "Microsoft";
+
+        public const string AuthorizationEndpoint = "https://login.live.com/oauth20_authorize.srf";
+
+        public const string TokenEndpoint = "https://login.live.com/oauth20_token.srf";
+
+        public const string UserInformationEndpoint = "https://apis.live.net/v5.0/me";
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index 6ee11c1d8f..502eaec13d 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -4,254 +4,55 @@
 using System;
 using System.Collections.Generic;
 using System.Net.Http;
+using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.WebUtilities;
+using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Security.MicrosoftAccount
 {
-    internal class MicrosoftAccountAuthenticationHandler : AuthenticationHandler<MicrosoftAccountAuthenticationOptions>
+    internal class MicrosoftAccountAuthenticationHandler : OAuthAuthenticationHandler<MicrosoftAccountAuthenticationOptions, IMicrosoftAccountAuthenticationNotifications>
     {
-        private const string TokenEndpoint = "https://login.live.com/oauth20_token.srf";
-        private const string GraphApiEndpoint = "https://apis.live.net/v5.0/me";
-
-        private readonly ILogger _logger;
-        private readonly HttpClient _httpClient;
-
         public MicrosoftAccountAuthenticationHandler(HttpClient httpClient, ILogger logger)
+            : base(httpClient, logger)
         {
-            _httpClient = httpClient;
-            _logger = logger;
         }
 
-        public override async Task<bool> InvokeAsync()
+        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
         {
-            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
-            {
-                return await InvokeReturnPathAsync();
-            }
-            return false;
-        }
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
+            HttpResponseMessage graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
+            graphResponse.EnsureSuccessStatusCode();
+            string accountString = await graphResponse.Content.ReadAsStringAsync();
+            JObject accountInformation = JObject.Parse(accountString);
 
-        protected override AuthenticationTicket AuthenticateCore()
-        {
-            return AuthenticateCoreAsync().Result;
-        }
-
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
-        {
-            AuthenticationProperties properties = null;
-            try
-            {
-                string code = null;
-                string state = null;
-
-                IReadableStringCollection query = Request.Query;
-                IList<string> values = query.GetValues("code");
-                if (values != null && values.Count == 1)
-                {
-                    code = values[0];
-                }
-                values = query.GetValues("state");
-                if (values != null && values.Count == 1)
-                {
-                    state = values[0];
-                }
-
-                properties = Options.StateDataFormat.Unprotect(state);
-                if (properties == null)
-                {
-                    return null;
-                }
-
-                // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties, _logger))
-                {
-                    return new AuthenticationTicket(null, properties);
-                }
-
-                var tokenRequestParameters = new List<KeyValuePair<string, string>>()
-                {
-                    new KeyValuePair<string, string>("client_id", Options.ClientId),
-                    new KeyValuePair<string, string>("redirect_uri", GenerateRedirectUri()),
-                    new KeyValuePair<string, string>("client_secret", Options.ClientSecret),
-                    new KeyValuePair<string, string>("code", code),
-                    new KeyValuePair<string, string>("grant_type", "authorization_code"),
-                };
-
-                var requestContent = new FormUrlEncodedContent(tokenRequestParameters);
-
-                HttpResponseMessage response = await _httpClient.PostAsync(TokenEndpoint, requestContent, Context.RequestAborted);
-                response.EnsureSuccessStatusCode();
-                string oauthTokenResponse = await response.Content.ReadAsStringAsync();
-
-                JObject oauth2Token = JObject.Parse(oauthTokenResponse);
-                var accessToken = oauth2Token["access_token"].Value<string>();
-
-                // Refresh token is only available when wl.offline_access is request.
-                // Otherwise, it is null.
-                var refreshToken = oauth2Token.Value<string>("refresh_token");
-                var expire = oauth2Token.Value<string>("expires_in");
-
-                if (string.IsNullOrWhiteSpace(accessToken))
-                {
-                    _logger.WriteWarning("Access token was not found");
-                    return new AuthenticationTicket(null, properties);
-                }
-
-                HttpResponseMessage graphResponse = await _httpClient.GetAsync(
-                    GraphApiEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Context.RequestAborted);
-                graphResponse.EnsureSuccessStatusCode();
-                string accountString = await graphResponse.Content.ReadAsStringAsync();
-                JObject accountInformation = JObject.Parse(accountString);
-
-                var context = new MicrosoftAccountAuthenticatedContext(Context, accountInformation, accessToken,
-                    refreshToken, expire);
-                context.Identity = new ClaimsIdentity(
-                    new[]
+            var context = new MicrosoftAccountAuthenticatedContext(Context, Options, accountInformation, tokens);
+            context.Properties = properties;
+            context.Identity = new ClaimsIdentity(
+                new[]
                     {
-                        new Claim(ClaimTypes.NameIdentifier, context.Id, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
-                        new Claim(ClaimTypes.Name, context.Name, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
-                        new Claim("urn:microsoftaccount:id", context.Id, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
-                        new Claim("urn:microsoftaccount:name", context.Name, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)
+                        new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationType),
+                        new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String, Options.AuthenticationType),
+                        new Claim("urn:microsoftaccount:id", context.Id, ClaimValueTypes.String, Options.AuthenticationType),
+                        new Claim("urn:microsoftaccount:name", context.Name, ClaimValueTypes.String, Options.AuthenticationType)
                     },
-                    Options.AuthenticationType,
-                    ClaimsIdentity.DefaultNameClaimType,
-                    ClaimsIdentity.DefaultRoleClaimType);
-                if (!string.IsNullOrWhiteSpace(context.Email))
-                {
-                    context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
-                }
+                Options.AuthenticationType,
+                ClaimsIdentity.DefaultNameClaimType,
+                ClaimsIdentity.DefaultRoleClaimType);
 
-                await Options.Notifications.Authenticated(context);
-
-                context.Properties = properties;
-
-                return new AuthenticationTicket(context.Identity, context.Properties);
-            }
-            catch (Exception ex)
+            if (!string.IsNullOrWhiteSpace(context.Email))
             {
-                _logger.WriteError("Authentication failed", ex);
-                return new AuthenticationTicket(null, properties);
-            }
-        }
-
-        protected override void ApplyResponseChallenge()
-        {
-            if (Response.StatusCode != 401)
-            {
-                return;
+                context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationType));
             }
 
-            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
-            {
-                return;
-            }
+            await Options.Notifications.Authenticated(context);
 
-            string baseUri = Request.Scheme + "://" + Request.Host + Request.PathBase;
-
-            string currentUri = baseUri + Request.Path + Request.QueryString;
-
-            string redirectUri = baseUri + Options.CallbackPath;
-
-            AuthenticationProperties properties;
-            if (ChallengeContext == null)
-            {
-                properties = new AuthenticationProperties();
-            }
-            else
-            {
-                properties = new AuthenticationProperties(ChallengeContext.Properties);
-            }
-            if (string.IsNullOrEmpty(properties.RedirectUri))
-            {
-                properties.RedirectUri = currentUri;
-            }
-
-            // OAuth2 10.12 CSRF
-            GenerateCorrelationId(properties);
-
-            // OAuth2 3.3 space separated                
-            string scope = string.Join(" ", Options.Scope);
-            // LiveID requires a scope string, so if the user didn't set one we go for the least possible.
-            if (string.IsNullOrWhiteSpace(scope))
-            {
-                scope = "wl.basic";
-            }
-
-            string state = Options.StateDataFormat.Protect(properties);
-
-            string authorizationEndpoint =
-                "https://login.live.com/oauth20_authorize.srf" +
-                    "?client_id=" + Uri.EscapeDataString(Options.ClientId) +
-                    "&scope=" + Uri.EscapeDataString(scope) + 
-                    "&response_type=code" +
-                    "&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
-                    "&state=" + Uri.EscapeDataString(state);
-
-            var redirectContext = new MicrosoftAccountApplyRedirectContext(
-                Context, Options,
-                properties, authorizationEndpoint);
-            Options.Notifications.ApplyRedirect(redirectContext);
-        }
-
-        public async Task<bool> InvokeReturnPathAsync()
-        {
-            AuthenticationTicket model = await AuthenticateAsync();
-            if (model == null)
-            {
-                _logger.WriteWarning("Invalid return state, unable to redirect.");
-                Response.StatusCode = 500;
-                return true;
-            }
-
-            var context = new MicrosoftAccountReturnEndpointContext(Context, model);
-            context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
-            context.RedirectUri = model.Properties.RedirectUri;
-            model.Properties.RedirectUri = null;
-
-            await Options.Notifications.ReturnEndpoint(context);
-
-            if (context.SignInAsAuthenticationType != null && context.Identity != null)
-            {
-                ClaimsIdentity signInIdentity = context.Identity;
-                if (!string.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
-                {
-                    signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType);
-                }
-                Context.Response.SignIn(context.Properties, signInIdentity);
-            }
-
-            if (!context.IsRequestCompleted && context.RedirectUri != null)
-            {
-                if (context.Identity == null)
-                {
-                    // add a redirect hint that sign-in failed in some way
-                    context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
-                }
-                Response.Redirect(context.RedirectUri);
-                context.RequestCompleted();
-            }
-
-            return context.IsRequestCompleted;
-        }
-
-        private string GenerateRedirectUri()
-        {
-            string requestPrefix = Request.Scheme + "://" + Request.Host;
-
-            return requestPrefix + RequestPathBase + Options.CallbackPath;
-        }
-
-        protected override void ApplyResponseGrant()
-        {
-            // N/A - No SignIn or SignOut support.
+            return new AuthenticationTicket(context.Identity, context.Properties);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 3f5e24cecf..29ad5c5efb 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -2,13 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
-using System.Net.Http;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Security.MicrosoftAccount
@@ -16,12 +14,8 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
     /// <summary>
     /// An ASP.NET middleware for authenticating users using the Microsoft Account service.
     /// </summary>
-    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
-    public class MicrosoftAccountAuthenticationMiddleware : AuthenticationMiddleware<MicrosoftAccountAuthenticationOptions>
+    public class MicrosoftAccountAuthenticationMiddleware : OAuthAuthenticationMiddleware<MicrosoftAccountAuthenticationOptions, IMicrosoftAccountAuthenticationNotifications>
     {
-        private readonly ILogger _logger;
-        private readonly HttpClient _httpClient;
-
         /// <summary>
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
         /// </summary>
@@ -34,33 +28,18 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             MicrosoftAccountAuthenticationOptions options)
-            : base(next, options)
+            : base(next, dataProtectionProvider, loggerFactory, options)
         {
-            if (string.IsNullOrWhiteSpace(Options.ClientId))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
-            }
-            if (string.IsNullOrWhiteSpace(Options.ClientSecret))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientSecret"));
-            }
-
-            _logger = loggerFactory.Create(typeof(MicrosoftAccountAuthenticationMiddleware).FullName);
-
             if (Options.Notifications == null)
             {
                 Options.Notifications = new MicrosoftAccountAuthenticationNotifications();
             }
-            if (Options.StateDataFormat == null)
+            if (Options.Scope.Count == 0)
             {
-                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
-                    typeof(MicrosoftAccountAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
-                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+                // LiveID requires a scope string, so if the user didn't set one we go for the least possible.
+                // TODO: Should we just add these by default when we create the Options?
+                Options.Scope.Add("wl.basic");
             }
-
-            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
-            _httpClient.Timeout = Options.BackchannelTimeout;
-            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
         }
 
         /// <summary>
@@ -69,30 +48,7 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="MicrosoftAccountAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<MicrosoftAccountAuthenticationOptions> CreateHandler()
         {
-            return new MicrosoftAccountAuthenticationHandler(_httpClient, _logger);
-        }
-
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(MicrosoftAccountAuthenticationOptions options)
-        {
-            HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if ASPNET50
-                new WebRequestHandler();
-            // If they provided a validator, apply it or fail.
-            if (options.BackchannelCertificateValidator != null)
-            {
-                // Set the cert validate callback
-                var webRequestHandler = handler as WebRequestHandler;
-                if (webRequestHandler == null)
-                {
-                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
-                }
-                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
-            }
-#else
-                new WinHttpHandler();
-#endif
-            return handler;
+            return new MicrosoftAccountAuthenticationHandler(Backchannel, Logger);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
index 7668b0d085..24d2599cb2 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
@@ -1,19 +1,15 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
-using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.MicrosoftAccount
 {
     /// <summary>
     /// Configuration options for <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
     /// </summary>
-    public class MicrosoftAccountAuthenticationOptions : AuthenticationOptions
+    public class MicrosoftAccountAuthenticationOptions : OAuthAuthenticationOptions<IMicrosoftAccountAuthenticationNotifications>
     {
         /// <summary>
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationOptions"/>.
@@ -21,86 +17,10 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         public MicrosoftAccountAuthenticationOptions()
             : base(MicrosoftAccountAuthenticationDefaults.AuthenticationType)
         {
-            Caption = MicrosoftAccountAuthenticationDefaults.AuthenticationType;
             CallbackPath = new PathString("/signin-microsoft");
-            AuthenticationMode = AuthenticationMode.Passive;
-            Scope = new List<string>();
-            BackchannelTimeout = TimeSpan.FromSeconds(60);
+            AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint;
+            TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint;
+            UserInformationEndpoint = MicrosoftAccountAuthenticationDefaults.UserInformationEndpoint;
         }
-#if ASPNET50
-        /// <summary>
-        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
-        /// in back channel communications belong to Microsoft Account.
-        /// </summary>
-        /// <value>
-        /// The pinned certificate validator.
-        /// </value>
-        /// <remarks>If this property is null then the default certificate checks are performed,
-        /// validating the subject name and if the signing chain is a trusted party.</remarks>
-        public ICertificateValidator BackchannelCertificateValidator { get; set; }
-#endif
-        /// <summary>
-        /// Get or sets the text that the user can display on a sign in user interface.
-        /// </summary>
-        /// <remarks>
-        /// The default value is 'Microsoft'.
-        /// </remarks>
-        public string Caption
-        {
-            get { return Description.Caption; }
-            set { Description.Caption = value; }
-        }
-
-        /// <summary>
-        /// The application client ID assigned by the Microsoft authentication service.
-        /// </summary>
-        public string ClientId { get; set; }
-
-        /// <summary>
-        /// The application client secret assigned by the Microsoft authentication service.
-        /// </summary>
-        public string ClientSecret { get; set; }
-
-        /// <summary>
-        /// Gets or sets timeout value in milliseconds for back channel communications with Microsoft.
-        /// </summary>
-        /// <value>
-        /// The back channel timeout.
-        /// </value>
-        public TimeSpan BackchannelTimeout { get; set; }
-
-        /// <summary>
-        /// The HttpMessageHandler used to communicate with Microsoft.
-        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
-        /// can be downcast to a WebRequestHandler.
-        /// </summary>
-        public HttpMessageHandler BackchannelHttpHandler { get; set; }
-
-        /// <summary>
-        /// A list of permissions to request.
-        /// </summary>
-        public IList<string> Scope { get; private set; }
-
-        /// <summary>
-        /// The request path within the application's base path where the user-agent will be returned.
-        /// The middleware will process this request when it arrives.
-        /// Default value is "/signin-microsoft".
-        /// </summary>
-        public PathString CallbackPath { get; set; }
-
-        /// <summary>
-        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
-        /// </summary>
-        public string SignInAsAuthenticationType { get; set; }
-
-        /// <summary>
-        /// Gets or sets the <see cref="IMicrosoftAccountAuthenticationNotifications"/> used to handle authentication events.
-        /// </summary>
-        public IMicrosoftAccountAuthenticationNotifications Notifications { get; set; }
-
-        /// <summary>
-        /// Gets or sets the type used to secure data handled by the middleware.
-        /// </summary>
-        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
index d7c43a4634..d6eb0f642b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
@@ -2,13 +2,14 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.MicrosoftAccount
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="MicrosoftAccountAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IMicrosoftAccountAuthenticationNotifications
+    public interface IMicrosoftAccountAuthenticationNotifications : IOAuthAuthenticationNotifications
     {
         /// <summary>
         /// Invoked whenever Microsoft succesfully authenticates a user.
@@ -16,18 +17,5 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         Task Authenticated(MicrosoftAccountAuthenticatedContext context);
-
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ReturnEndpoint(MicrosoftAccountReturnEndpointContext context);
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Microsoft middleware.
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        void ApplyRedirect(MicrosoftAccountApplyRedirectContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
index ef2b0b50f0..8b1a533123 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
@@ -3,12 +3,10 @@
 
 using System;
 using System.Collections.Generic;
-using System.Globalization;
 using System.Linq;
-using System.Security.Claims;
+using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Security.OAuth;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Security.MicrosoftAccount
@@ -16,32 +14,19 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class MicrosoftAccountAuthenticatedContext : BaseContext
+    public class MicrosoftAccountAuthenticatedContext : OAuthAuthenticatedContext
     {
         /// <summary>
         /// Initializes a new <see cref="MicrosoftAccountAuthenticatedContext"/>.
         /// </summary>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="user">The JSON-serialized user.</param>
-        /// <param name="accessToken">The access token provided by the Microsoft authentication service.</param>
-        /// <param name="refreshToken">The refresh token provided by Microsoft authentication service.</param>
-        /// <param name="expires">Seconds until expiration.</param>
-        public MicrosoftAccountAuthenticatedContext(HttpContext context, [NotNull] JObject user, string accessToken, 
-            string refreshToken, string expires)
-            : base(context)
+        /// <param name="tokens">The access token provided by the Microsoft authentication service.</param>
+        public MicrosoftAccountAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, [NotNull] JObject user, TokenResponse tokens)
+            : base(context, options, user, tokens)
         {
             IDictionary<string, JToken> userAsDictionary = user;
 
-            User = user;
-            AccessToken = accessToken;
-            RefreshToken = refreshToken;
-
-            int expiresValue;
-            if (Int32.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
-            {
-                ExpiresIn = TimeSpan.FromSeconds(expiresValue);
-            }
-
             JToken userId = User["id"];
             if (userId == null)
             {
@@ -63,30 +48,6 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
             }
         }
 
-        /// <summary>
-        /// Gets the JSON-serialized user.
-        /// </summary>
-        public JObject User { get; private set; }
-
-        /// <summary>
-        /// Gets the access token provided by the Microsoft authenication service.
-        /// </summary>
-        public string AccessToken { get; private set; }
-
-        /// <summary>
-        /// Gets the refresh token provided by Microsoft authentication service.
-        /// </summary>
-        /// <remarks>
-        /// Refresh token is only available when wl.offline_access is request.
-        /// Otherwise, it is null.
-        /// </remarks>
-        public string RefreshToken { get; private set; }
-
-        /// <summary>
-        /// Gets the Microsoft access token expiration time.
-        /// </summary>
-        public TimeSpan? ExpiresIn { get; set; }
-
         /// <summary>
         /// Gets the Microsoft Account user ID.
         /// </summary>
@@ -112,16 +73,6 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         /// </summary>
         public string Email { get; private set; }
 
-        /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
-        /// </summary>
-        public ClaimsIdentity Identity { get; set; }
-
-        /// <summary>
-        /// Gets or sets a property bag for common authentication properties.
-        /// </summary>
-        public AuthenticationProperties Properties { get; set; }
-
         private static string PropertyValueIfExists(string property, IDictionary<string, JToken> dictionary)
         {
             return dictionary.ContainsKey(property) ? dictionary[property].ToString() : null;
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
index deb561b941..26db09d15f 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
@@ -3,13 +3,14 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Security.OAuth;
 
 namespace Microsoft.AspNet.Security.MicrosoftAccount
 {
     /// <summary>
     /// Default <see cref="IMicrosoftAccountAuthenticationNotifications"/> implementation.
     /// </summary>
-    public class MicrosoftAccountAuthenticationNotifications : IMicrosoftAccountAuthenticationNotifications
+    public class MicrosoftAccountAuthenticationNotifications : OAuthAuthenticationNotifications, IMicrosoftAccountAuthenticationNotifications
     {
         /// <summary>
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationNotifications"/>
@@ -17,8 +18,6 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         public MicrosoftAccountAuthenticationNotifications()
         {
             OnAuthenticated = context => Task.FromResult(0);
-            OnReturnEndpoint = context => Task.FromResult(0);
-            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
         }
 
         /// <summary>
@@ -26,16 +25,6 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         /// </summary>
         public Func<MicrosoftAccountAuthenticatedContext, Task> OnAuthenticated { get; set; }
 
-        /// <summary>
-        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
-        /// </summary>
-        public Func<MicrosoftAccountReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
-
-        /// <summary>
-        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
-        /// </summary>
-        public Action<MicrosoftAccountApplyRedirectContext> OnApplyRedirect { get; set; }
-
         /// <summary>
         /// Invoked whenever Microsoft succesfully authenticates a user
         /// </summary>
@@ -45,24 +34,5 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         {
             return OnAuthenticated(context);
         }
-
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task ReturnEndpoint(MicrosoftAccountReturnEndpointContext context)
-        {
-            return OnReturnEndpoint(context);
-        }
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Microsoft account middleware.
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        public virtual void ApplyRedirect(MicrosoftAccountApplyRedirectContext context)
-        {
-            OnApplyRedirect(context);
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 83bc4823bd..d452d0121d 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -5,6 +5,7 @@
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
         "Newtonsoft.Json": "5.0.8",
@@ -13,7 +14,6 @@
     "frameworks": {
         "aspnet50": {
             "dependencies": {
-                "System.Net.Http.WebRequest": ""
             }
         },
         "aspnetcore50": {
@@ -28,7 +28,6 @@
                 "System.IO": "4.0.10.0",
                 "System.IO.Compression": "4.0.0.0",
                 "System.Linq": "4.0.0.0",
-                "System.Net.Http.WinHttpHandler": "4.0.0.0",
                 "System.ObjectModel": "4.0.10.0",
                 "System.Reflection": "4.0.10.0",
                 "System.Resources.ResourceManager": "4.0.0.0",
diff --git a/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj b/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
new file mode 100644
index 0000000000..f0c8d7b472
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>4a636011-68ee-4ce5-836d-ea8e13cf71e4</ProjectGuid>
+    <OutputType>Library</OutputType>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="$(OutputType) == 'Console'">
+    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="$(OutputType) == 'Web'">
+    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuth/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.OAuth/NotNullAttribute.cs
new file mode 100644
index 0000000000..3f56c41518
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
new file mode 100644
index 0000000000..b00b0175ea
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
@@ -0,0 +1,34 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Specifies callback methods which the <see cref="OAuthAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
+    /// </summary>
+    public interface IOAuthAuthenticationNotifications
+    {
+        /// <summary>
+        /// Invoked after the provider successfully authenticates a user. This can be used to retrieve user information.
+        /// This notification may not be invoked by sub-classes of OAuthAuthenticationHandler if they override GetUserInformationAsync.
+        /// </summary>
+        /// <param name="context">Contains information about the login session.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task GetUserInformationAsync(OAuthGetUserInformationContext context);
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ReturnEndpoint(OAuthReturnEndpointContext context);
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Microsoft middleware.
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
+        void ApplyRedirect(OAuthApplyRedirectContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthApplyRedirectContext.cs
similarity index 74%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthApplyRedirectContext.cs
index f61a9eee43..df1f6a424b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthApplyRedirectContext.cs
@@ -5,22 +5,20 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Notifications;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Security.OAuth
 {
     /// <summary>
     /// Context passed when a Challenge causes a redirect to authorize endpoint in the Microsoft account middleware.
     /// </summary>
-    public class MicrosoftAccountApplyRedirectContext : BaseContext<MicrosoftAccountAuthenticationOptions>
+    public class OAuthApplyRedirectContext : BaseContext<OAuthAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new context object.
         /// </summary>
         /// <param name="context">The HTTP request context.</param>
-        /// <param name="options">The Microsoft account middleware options.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
-        public MicrosoftAccountApplyRedirectContext(HttpContext context, MicrosoftAccountAuthenticationOptions options,
-            AuthenticationProperties properties, string redirectUri)
+        public OAuthApplyRedirectContext(HttpContext context, OAuthAuthenticationOptions options, AuthenticationProperties properties, string redirectUri)
             : base(context, options)
         {
             RedirectUri = redirectUri;
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
new file mode 100644
index 0000000000..a651767e8e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
@@ -0,0 +1,77 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using System.Net.Http;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+    /// </summary>
+    public class OAuthAuthenticatedContext : BaseContext<OAuthAuthenticationOptions>
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthAuthenticatedContext"/>.
+        /// </summary>
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="user">The JSON-serialized user.</param>
+        /// <param name="tokens">The tokens returned from the token endpoint.</param>
+        public OAuthAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, JObject user,
+            TokenResponse tokens)
+            : base(context, options)
+        {
+            User = user;
+            AccessToken = tokens.AccessToken;
+            TokenType = tokens.TokenType;
+            RefreshToken = tokens.RefreshToken;
+
+            int expiresInValue;
+            if (Int32.TryParse(tokens.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresInValue))
+            {
+                ExpiresIn = TimeSpan.FromSeconds(expiresInValue);
+            }
+        }
+
+        /// <summary>
+        /// Gets the JSON-serialized user.
+        /// </summary>
+        public JObject User { get; protected set; }
+
+        /// <summary>
+        /// Gets the access token provided by the authentication service.
+        /// </summary>
+        public string AccessToken { get; protected set; }
+
+        /// <summary>
+        /// Gets the access token type provided by the authentication service.
+        /// </summary>
+        public string TokenType { get; protected set; }
+
+        /// <summary>
+        /// Gets the refresh token provided by the authentication service.
+        /// </summary>
+        public string RefreshToken { get; protected set; }
+
+        /// <summary>
+        /// Gets the access token expiration time.
+        /// </summary>
+        public TimeSpan? ExpiresIn { get; protected set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
+        /// </summary>
+        public ClaimsIdentity Identity { get; set; }
+
+        /// <summary>
+        /// Gets or sets a property bag for common authentication properties.
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticationNotifications.cs
new file mode 100644
index 0000000000..a91f8f0b0c
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticationNotifications.cs
@@ -0,0 +1,68 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Default <see cref="IOAuthAuthenticationNotifications"/> implementation.
+    /// </summary>
+    public class OAuthAuthenticationNotifications : IOAuthAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthAuthenticationNotifications"/>
+        /// </summary>
+        public OAuthAuthenticationNotifications()
+        {
+            OnGetUserInformationAsync = OAuthAuthenticationDefaults.DefaultOnGetUserInformationAsync;
+            OnReturnEndpoint = context => Task.FromResult(0);
+            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
+        }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
+        /// </summary>
+        public Func<OAuthGetUserInformationContext, Task> OnGetUserInformationAsync { get; set; }
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
+        /// </summary>
+        public Func<OAuthReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
+        /// </summary>
+        public Action<OAuthApplyRedirectContext> OnApplyRedirect { get; set; }
+
+        /// <summary>
+        /// Invoked after the provider successfully authenticates a user.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task GetUserInformationAsync(OAuthGetUserInformationContext context)
+        {
+            return OnGetUserInformationAsync(context);
+        }
+
+        /// <summary>
+        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/></param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task ReturnEndpoint(OAuthReturnEndpointContext context)
+        {
+            return OnReturnEndpoint(context);
+        }
+
+        /// <summary>
+        /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
+        /// </summary>
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
+        public virtual void ApplyRedirect(OAuthApplyRedirectContext context)
+        {
+            OnApplyRedirect(context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
new file mode 100644
index 0000000000..5886d1b546
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
@@ -0,0 +1,76 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using System.Net.Http;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+    /// </summary>
+    public class OAuthGetUserInformationContext : BaseContext<OAuthAuthenticationOptions>
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthGetUserInformationContext"/>.
+        /// </summary>
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="user">The JSON-serialized user.</param>
+        /// <param name="tokens">The tokens returned from the token endpoint.</param>
+        public OAuthGetUserInformationContext(HttpContext context, OAuthAuthenticationOptions options, HttpClient backchannel, TokenResponse tokens)
+            : base(context, options)
+        {
+            AccessToken = tokens.AccessToken;
+            TokenType = tokens.TokenType;
+            RefreshToken = tokens.RefreshToken;
+            Backchannel = backchannel;
+
+            int expiresInValue;
+            if (Int32.TryParse(tokens.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresInValue))
+            {
+                ExpiresIn = TimeSpan.FromSeconds(expiresInValue);
+            }
+        }
+
+        /// <summary>
+        /// Gets the access token provided by the authentication service.
+        /// </summary>
+        public string AccessToken { get; protected set; }
+
+        /// <summary>
+        /// Gets the access token type provided by the authentication service.
+        /// </summary>
+        public string TokenType { get; protected set; }
+
+        /// <summary>
+        /// Gets the refresh token provided by the authentication service.
+        /// </summary>
+        public string RefreshToken { get; protected set; }
+
+        /// <summary>
+        /// Gets the access token expiration time.
+        /// </summary>
+        public TimeSpan? ExpiresIn { get; protected set; }
+
+        /// <summary>
+        /// Gets the backchannel used to communicate with the provider.
+        /// </summary>
+        public HttpClient Backchannel { get; protected set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
+        /// </summary>
+        public ClaimsIdentity Identity { get; set; }
+
+        /// <summary>
+        /// Gets or sets a property bag for common authentication properties.
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthReturnEndpointContext.cs
similarity index 71%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthReturnEndpointContext.cs
index 93e7670248..6f465ef3d2 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthReturnEndpointContext.cs
@@ -4,19 +4,19 @@
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Notifications;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Security.OAuth
 {
     /// <summary>
     /// Provides context information to middleware providers.
     /// </summary>
-    public class MicrosoftAccountReturnEndpointContext : ReturnEndpointContext
+    public class OAuthReturnEndpointContext : ReturnEndpointContext
     {
         /// <summary>
-        /// Initializes a new <see cref="MicrosoftAccountReturnEndpointContext"/>.
+        /// Initializes a new <see cref="OAuthReturnEndpointContext"/>.
         /// </summary>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="ticket">The authentication ticket.</param>
-        public MicrosoftAccountReturnEndpointContext(
+        public OAuthReturnEndpointContext(
             HttpContext context,
             AuthenticationTicket ticket)
             : base(context, ticket)
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationDefaults.cs
new file mode 100644
index 0000000000..758417ecfd
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationDefaults.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    public static class OAuthAuthenticationDefaults
+    {
+        public static readonly Func<OAuthGetUserInformationContext, Task> DefaultOnGetUserInformationAsync = context =>
+        {
+            // If the developer doesn't specify a user-info callback, just give them the tokens.
+            var identity = new ClaimsIdentity(
+                    context.Options.AuthenticationType,
+                    ClaimsIdentity.DefaultNameClaimType,
+                    ClaimsIdentity.DefaultRoleClaimType);
+
+            identity.AddClaim(new Claim("access_token", context.AccessToken, ClaimValueTypes.String, context.Options.AuthenticationType));
+            if (!string.IsNullOrEmpty(context.RefreshToken))
+            {
+                identity.AddClaim(new Claim("refresh_token", context.RefreshToken, ClaimValueTypes.String, context.Options.AuthenticationType));
+            }
+            if (!string.IsNullOrEmpty(context.TokenType))
+            {
+                identity.AddClaim(new Claim("token_type", context.TokenType, ClaimValueTypes.String, context.Options.AuthenticationType));
+            }
+            if (context.ExpiresIn.HasValue)
+            {
+                identity.AddClaim(new Claim("expires_in", context.ExpiresIn.Value.TotalSeconds.ToString(CultureInfo.InvariantCulture),
+                    ClaimValueTypes.String, context.Options.AuthenticationType));
+            }
+            context.Identity = identity;
+            return Task.FromResult(0);
+        };
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
new file mode 100644
index 0000000000..e140620e65
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
@@ -0,0 +1,34 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using Microsoft.AspNet.Security.OAuth;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods for using <see cref="OAuthAuthenticationMiddleware"/>
+    /// </summary>
+    public static class OAuthAuthenticationExtensions
+    {
+        /// <summary>
+        /// Authenticate users using OAuth.
+        /// </summary>
+        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="options">The middleware configuration options.</param>
+        /// <returns>The updated <see cref="IBuilder"/>.</returns>
+        public static IBuilder UseOAuthAuthentication([NotNull] this IBuilder app, [NotNull] OAuthAuthenticationOptions<IOAuthAuthenticationNotifications> options)
+        {
+            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
+            {
+                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
+            }
+            if (options.Notifications == null)
+            {
+                options.Notifications = new OAuthAuthenticationNotifications();
+            }
+            return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>, IOAuthAuthenticationNotifications>>(options);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
new file mode 100644
index 0000000000..eae1463638
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
@@ -0,0 +1,253 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Logging;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    public class OAuthAuthenticationHandler<TOptions, TNotifications> : AuthenticationHandler<TOptions>
+        where TOptions : OAuthAuthenticationOptions<TNotifications>
+        where TNotifications : IOAuthAuthenticationNotifications
+    {
+        public OAuthAuthenticationHandler(HttpClient backchannel, ILogger logger)
+        {
+            Backchannel = backchannel;
+            Logger = logger;
+        }
+
+        protected HttpClient Backchannel { get; private set; }
+
+        protected ILogger Logger { get; private set; }
+
+        public override async Task<bool> InvokeAsync()
+        {
+            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
+            {
+                return await InvokeReturnPathAsync();
+            }
+            return false;
+        }
+
+        public async Task<bool> InvokeReturnPathAsync()
+        {
+            AuthenticationTicket ticket = await AuthenticateAsync();
+            if (ticket == null)
+            {
+                Logger.WriteWarning("Invalid return state, unable to redirect.");
+                Response.StatusCode = 500;
+                return true;
+            }
+
+            var context = new OAuthReturnEndpointContext(Context, ticket)
+            {
+                SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
+                RedirectUri = ticket.Properties.RedirectUri,
+            };
+            ticket.Properties.RedirectUri = null;
+
+            await Options.Notifications.ReturnEndpoint(context);
+
+            if (context.SignInAsAuthenticationType != null && context.Identity != null)
+            {
+                ClaimsIdentity signInIdentity = context.Identity;
+                if (!string.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
+                {
+                    signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType);
+                }
+                Context.Response.SignIn(context.Properties, signInIdentity);
+            }
+
+            if (!context.IsRequestCompleted && context.RedirectUri != null)
+            {
+                if (context.Identity == null)
+                {
+                    // add a redirect hint that sign-in failed in some way
+                    context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
+                }
+                Response.Redirect(context.RedirectUri);
+                context.RequestCompleted();
+            }
+
+            return context.IsRequestCompleted;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().Result;
+        }
+
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            AuthenticationProperties properties = null;
+            try
+            {
+                IReadableStringCollection query = Request.Query;
+
+                // TODO: Is this a standard error returned by servers?
+                var value = query.Get("error");
+                if (!string.IsNullOrEmpty(value))
+                {
+                    Logger.WriteVerbose("Remote server returned an error: " + Request.QueryString);
+                    // TODO: Fail request rather than passing through?
+                    return null;
+                }
+
+                string code = query.Get("code");
+                string state = query.Get("state");
+
+                properties = Options.StateDataFormat.Unprotect(state);
+                if (properties == null)
+                {
+                    return null;
+                }
+
+                // OAuth2 10.12 CSRF
+                if (!ValidateCorrelationId(properties, Logger))
+                {
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                if (string.IsNullOrEmpty(code))
+                {
+                    // Null if the remote server returns an error.
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                string requestPrefix = Request.Scheme + "://" + Request.Host;
+                string redirectUri = requestPrefix + RequestPathBase + Options.CallbackPath;
+
+                var tokens = await ExchangeCodeAsync(code, redirectUri);
+
+                if (string.IsNullOrWhiteSpace(tokens.AccessToken))
+                {
+                    Logger.WriteWarning("Access token was not found");
+                    return new AuthenticationTicket(null, properties);
+                }
+
+                return await GetUserInformationAsync(properties, tokens);
+            }
+            catch (Exception ex)
+            {
+                Logger.WriteError("Authentication failed", ex);
+                return new AuthenticationTicket(null, properties);
+            }
+        }
+
+        protected virtual async Task<TokenResponse> ExchangeCodeAsync(string code, string redirectUri)
+        {
+            var tokenRequestParameters = new Dictionary<string, string>()
+            {
+                { "client_id", Options.ClientId },
+                { "redirect_uri", redirectUri },
+                { "client_secret", Options.ClientSecret },
+                { "code", code },
+                { "grant_type", "authorization_code" },
+            };
+
+            var requestContent = new FormUrlEncodedContent(tokenRequestParameters);
+
+            var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.TokenEndpoint);
+            requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+            requestMessage.Content = requestContent;
+            HttpResponseMessage response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
+            response.EnsureSuccessStatusCode();
+            string oauthTokenResponse = await response.Content.ReadAsStringAsync();
+
+            JObject oauth2Token = JObject.Parse(oauthTokenResponse);
+            return new TokenResponse(oauth2Token);
+        }
+
+        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
+        {
+            var context = new OAuthGetUserInformationContext(Context, Options, Backchannel, tokens)
+            {
+                Properties = properties,
+            };
+            await Options.Notifications.GetUserInformationAsync(context);
+            return new AuthenticationTicket(context.Identity, context.Properties);
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            if (Response.StatusCode != 401)
+            {
+                return;
+            }
+
+            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            {
+                return;
+            }
+
+            string baseUri = Request.Scheme + "://" + Request.Host + Request.PathBase;
+
+            string currentUri = baseUri + Request.Path + Request.QueryString;
+
+            string redirectUri = baseUri + Options.CallbackPath;
+
+            AuthenticationProperties properties;
+            if (ChallengeContext == null)
+            {
+                properties = new AuthenticationProperties();
+            }
+            else
+            {
+                properties = new AuthenticationProperties(ChallengeContext.Properties);
+            }
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = currentUri;
+            }
+
+            // OAuth2 10.12 CSRF
+            GenerateCorrelationId(properties);
+
+            string authorizationEndpoint = BuildChallengeUrl(properties, redirectUri);
+
+            var redirectContext = new OAuthApplyRedirectContext(
+                Context, Options,
+                properties, authorizationEndpoint);
+            Options.Notifications.ApplyRedirect(redirectContext);
+        }
+
+        protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
+        {
+            string scope = FormatScope();
+
+            string state = Options.StateDataFormat.Protect(properties);
+
+            var queryBuilder = new QueryBuilder()
+            {
+                { "client_id", Options.ClientId },
+                { "scope", scope },
+                { "response_type", "code" },
+                { "redirect_uri", redirectUri },
+                { "state", state },
+            };
+            return Options.AuthorizationEndpoint + queryBuilder.ToString();
+        }
+
+        protected virtual string FormatScope()
+        {
+            // OAuth2 3.3 space separated
+            return string.Join(" ", Options.Scope);
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            // N/A - No SignIn or SignOut support.
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..3dd00f4b0e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -0,0 +1,105 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Globalization;
+using System.Net.Http;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// An ASP.NET middleware for authenticating users using OAuth services.
+    /// </summary>
+    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
+    public class OAuthAuthenticationMiddleware<TOptions, TNotifications> : AuthenticationMiddleware<TOptions>
+        where TOptions : OAuthAuthenticationOptions<TNotifications>
+        where TNotifications : IOAuthAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthAuthenticationMiddleware"/>.
+        /// </summary>
+        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
+        /// <param name="dataProtectionProvider"></param>
+        /// <param name="loggerFactory"></param>
+        /// <param name="options">Configuration options for the middleware.</param>
+        public OAuthAuthenticationMiddleware(
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            TOptions options)
+            : base(next, options)
+        {
+            if (string.IsNullOrWhiteSpace(Options.ClientId))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
+            }
+            if (string.IsNullOrWhiteSpace(Options.ClientSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientSecret"));
+            }
+            if (string.IsNullOrWhiteSpace(Options.AuthorizationEndpoint))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthorizationEndpoint"));
+            }
+            if (string.IsNullOrWhiteSpace(Options.TokenEndpoint))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "TokenEndpoint"));
+            }
+
+            Logger = loggerFactory.Create(this.GetType().FullName);
+
+            if (Options.StateDataFormat == null)
+            {
+                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                    this.GetType().FullName, options.AuthenticationType, "v1");
+                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+
+            Backchannel = new HttpClient(ResolveHttpMessageHandler(Options));
+            Backchannel.Timeout = Options.BackchannelTimeout;
+            Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+        }
+
+        protected HttpClient Backchannel { get; private set; }
+
+        protected ILogger Logger { get; private set; }
+
+        /// <summary>
+        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// </summary>
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OAuthAuthenticationOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<TOptions> CreateHandler()
+        {
+            return new OAuthAuthenticationHandler<TOptions, TNotifications>(Backchannel, Logger);
+        }
+
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        private static HttpMessageHandler ResolveHttpMessageHandler(OAuthAuthenticationOptions<TNotifications> options)
+        {
+            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+#if ASPNET50
+                new WebRequestHandler();
+            // If they provided a validator, apply it or fail.
+            if (options.BackchannelCertificateValidator != null)
+            {
+                // Set the cert validate callback
+                var webRequestHandler = handler as WebRequestHandler;
+                if (webRequestHandler == null)
+                {
+                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                }
+                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
+            }
+#else
+                new WinHttpHandler();
+#endif
+            return handler;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
new file mode 100644
index 0000000000..69e8897448
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
@@ -0,0 +1,117 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Configuration options for <see cref="OAuthAuthenticationMiddleware"/>.
+    /// </summary>
+    public class OAuthAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthAuthenticationOptions"/>.
+        /// </summary>
+        public OAuthAuthenticationOptions([NotNull] string authenticationType)
+            : base(authenticationType)
+        {
+            Caption = authenticationType;
+            AuthenticationMode = AuthenticationMode.Passive;
+            Scope = new List<string>();
+            BackchannelTimeout = TimeSpan.FromSeconds(60);
+        }
+
+        /// <summary>
+        /// Gets or sets the provider-assigned client id.
+        /// </summary>
+        public string ClientId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the provider-assigned client secret.
+        /// </summary>
+        public string ClientSecret { get; set; }
+
+        /// <summary>
+        /// Gets or sets the URI where the client will be redirected to authenticate.
+        /// </summary>
+        public string AuthorizationEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the URI the middleware will access to exchange the OAuth token.
+        /// </summary>
+        public string TokenEndpoint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the URI the middleware will access to obtain the user information.
+        /// This value is not used in the default implementation, it is for use in custom implementations of
+        /// IOAuthAuthenticationNotifications.GetUserInformationAsync or OAuthAuthenticationHandler.GetUserInformationAsync.
+        /// </summary>
+        public string UserInformationEndpoint { get; set; }
+
+#if ASPNET50
+        /// <summary>
+        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
+        /// in back channel communications belong to the auth provider.
+        /// </summary>
+        /// <value>
+        /// The pinned certificate validator.
+        /// </value>
+        /// <remarks>If this property is null then the default certificate checks are performed,
+        /// validating the subject name and if the signing chain is a trusted party.</remarks>
+        public ICertificateValidator BackchannelCertificateValidator { get; set; }
+#endif
+        /// <summary>
+        /// Get or sets the text that the user can display on a sign in user interface.
+        /// </summary>
+        /// <remarks>
+        /// The default value is the authentication type.
+        /// </remarks>
+        public string Caption
+        {
+            get { return Description.Caption; }
+            set { Description.Caption = value; }
+        }
+
+        /// <summary>
+        /// Gets or sets timeout value in milliseconds for back channel communications with the auth provider.
+        /// </summary>
+        /// <value>
+        /// The back channel timeout.
+        /// </value>
+        public TimeSpan BackchannelTimeout { get; set; }
+
+        /// <summary>
+        /// The HttpMessageHandler used to communicate with the auth provider.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
+        /// can be downcast to a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// A list of permissions to request.
+        /// </summary>
+        public IList<string> Scope { get; private set; }
+
+        /// <summary>
+        /// The request path within the application's base path where the user-agent will be returned.
+        /// The middleware will process this request when it arrives.
+        /// </summary>
+        public PathString CallbackPath { get; set; }
+
+        /// <summary>
+        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// </summary>
+        public string SignInAsAuthenticationType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data handled by the middleware.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
new file mode 100644
index 0000000000..65f01b5b82
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
@@ -0,0 +1,24 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Configuration options for <see cref="OAuthAuthenticationMiddleware"/>.
+    /// </summary>
+    public class OAuthAuthenticationOptions<TNotifications> : OAuthAuthenticationOptions where TNotifications : IOAuthAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthAuthenticationOptions"/>.
+        /// </summary>
+        public OAuthAuthenticationOptions([NotNull] string authenticationType)
+            : base(authenticationType)
+        {
+        }
+
+        /// <summary>
+        /// Gets or sets the <see cref="IOAuthAuthenticationNotifications"/> used to handle authentication events.
+        /// </summary>
+        public TNotifications Notifications { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Resources.Designer.cs b/src/Microsoft.AspNet.Security.OAuth/Resources.Designer.cs
new file mode 100644
index 0000000000..892b42b5fc
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Resources.Designer.cs
@@ -0,0 +1,83 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.33440
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.OAuth {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+
+        /// <summary>
+        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get
+            {
+                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
+            }
+        }
+
+        /// <summary>
+        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch {
+            get {
+                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Resources.resx b/src/Microsoft.AspNet.Security.OAuth/Resources.resx
new file mode 100644
index 0000000000..2a19bea96a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Resources.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuth/TokenResponse.cs b/src/Microsoft.AspNet.Security.OAuth/TokenResponse.cs
new file mode 100644
index 0000000000..84c3e95aa6
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/TokenResponse.cs
@@ -0,0 +1,25 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    public class TokenResponse
+    {
+        public TokenResponse(JObject response)
+        {
+            Response = response;
+            AccessToken = response.Value<string>("access_token");
+            TokenType = response.Value<string>("token_type");
+            RefreshToken = response.Value<string>("refresh_token");
+            ExpiresIn = response.Value<string>("expires_in");
+        }
+
+        public JObject Response { get; set; }
+        public string AccessToken { get; set; }
+        public string TokenType { get; set; }
+        public string RefreshToken { get; set; }
+        public string ExpiresIn { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
new file mode 100644
index 0000000000..b6ccd3fe50
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -0,0 +1,46 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Http": "1.0.0-*",
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Newtonsoft.Json": "5.0.8",
+        "System.Net.Http": "4.0.0.0"
+    },
+    "frameworks": {
+        "aspnet50": {
+            "dependencies": {
+                "System.Net.Http.WebRequest": ""
+            }
+        },
+        "aspnetcore50": {
+            "dependencies": {
+                "System.Collections": "4.0.10.0",
+                "System.ComponentModel": "4.0.0.0",
+                "System.Console": "4.0.0.0",
+                "System.Diagnostics.Debug": "4.0.10.0",
+                "System.Diagnostics.Tools": "4.0.0.0",
+                "System.Dynamic.Runtime": "4.0.0.0",
+                "System.Globalization": "4.0.10.0",
+                "System.IO": "4.0.10.0",
+                "System.IO.Compression": "4.0.0.0",
+                "System.Linq": "4.0.0.0",
+                "System.Net.Http.WinHttpHandler": "4.0.0.0",
+                "System.ObjectModel": "4.0.0.0",
+                "System.Reflection": "4.0.10.0",
+                "System.Resources.ResourceManager": "4.0.0.0",
+                "System.Runtime": "4.0.20.0",
+                "System.Runtime.Extensions": "4.0.10.0",
+                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
+                "System.Security.Principal": "4.0.0.0",
+                "System.Threading": "4.0.0.0",
+                "System.Threading.Tasks": "4.0.10.0"
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
index b24aa71c30..7fbb4fbc3a 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -328,9 +328,9 @@ namespace Microsoft.AspNet.Security.Twitter
             var request = new HttpRequestMessage(HttpMethod.Post, AccessTokenEndpoint);
             request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
 
-            var formPairs = new List<KeyValuePair<string, string>>()
+            var formPairs = new Dictionary<string, string>()
             {
-                new KeyValuePair<string, string>("oauth_verifier", verifier)
+                { "oauth_verifier", verifier },
             };
 
             request.Content = new FormUrlEncodedContent(formPairs);
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 8538948783..56467a7601 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -62,11 +62,11 @@ namespace Microsoft.AspNet.Security.Facebook
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
             location.ShouldContain("https://www.facebook.com/dialog/oauth");
-            location.ShouldContain("?response_type=code");
-            location.ShouldContain("&client_id=");
-            location.ShouldContain("&redirect_uri=");
-            location.ShouldContain("&scope=");
-            location.ShouldContain("&state=");
+            location.ShouldContain("response_type=code");
+            location.ShouldContain("client_id=");
+            location.ShouldContain("redirect_uri=");
+            location.ShouldContain("scope=");
+            location.ShouldContain("state=");
         }
 
         private static TestServer CreateServer(Action<IBuilder> configure, Func<HttpContext, bool> handler)

From 77f9fc496df73ca8575148566d26e5a6a320a91e Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 8 Sep 2014 13:50:14 -0700
Subject: [PATCH 067/900] Update dependecy versions.

---
 src/Microsoft.AspNet.Security.OAuth/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index b6ccd3fe50..83bc4823bd 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -29,7 +29,7 @@
                 "System.IO.Compression": "4.0.0.0",
                 "System.Linq": "4.0.0.0",
                 "System.Net.Http.WinHttpHandler": "4.0.0.0",
-                "System.ObjectModel": "4.0.0.0",
+                "System.ObjectModel": "4.0.10.0",
                 "System.Reflection": "4.0.10.0",
                 "System.Resources.ResourceManager": "4.0.0.0",
                 "System.Runtime": "4.0.20.0",

From 43fdf2a460f5a90bfd85f8bbbcc71e70b72852f7 Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Tue, 9 Sep 2014 20:42:41 -0700
Subject: [PATCH 068/900] Upgrade Newtonsoft.Json to 6.0.4 version

---
 src/Microsoft.AspNet.Security.Cookies/project.json          | 2 +-
 src/Microsoft.AspNet.Security.Facebook/project.json         | 2 +-
 src/Microsoft.AspNet.Security.Google/project.json           | 2 +-
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 src/Microsoft.AspNet.Security.OAuth/project.json            | 2 +-
 src/Microsoft.AspNet.Security.Twitter/project.json          | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 9d9e58616a..715a02a7e9 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -10,7 +10,7 @@
     "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",
     "Microsoft.Framework.Logging": "1.0.0-*",
-    "Newtonsoft.Json": "5.0.8"
+    "Newtonsoft.Json": "6.0.4"
   },
   "frameworks": {
     "aspnet50": {},
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index fbbb32c78a..eeba5b2d22 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -8,7 +8,7 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "5.0.8",
+        "Newtonsoft.Json": "6.0.4",
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index fbbb32c78a..eeba5b2d22 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -8,7 +8,7 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "5.0.8",
+        "Newtonsoft.Json": "6.0.4",
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index d452d0121d..cf6a2e96a8 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -8,7 +8,7 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "5.0.8",
+        "Newtonsoft.Json": "6.0.4",
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 83bc4823bd..f81cf844e8 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -7,7 +7,7 @@
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "5.0.8",
+        "Newtonsoft.Json": "6.0.4",
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index bf9da22531..f8498191be 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -7,7 +7,7 @@
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "5.0.8",
+        "Newtonsoft.Json": "6.0.4",
         "System.Net.Http": "4.0.0.0"
     },
     "frameworks": {

From 13adde63fa2bf2c8b8ec8c253a5a9c18d01a1156 Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Wed, 10 Sep 2014 09:13:22 -0700
Subject: [PATCH 069/900] Update the method used to read JSON asynchronously

---
 .../Google/GoogleMiddlewareTests.cs                             | 2 +-
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs         | 2 +-
 .../Twitter/TwitterMiddlewareTests.cs                           | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index 9dff1506d5..e12def60fa 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -424,7 +424,7 @@ namespace Microsoft.AspNet.Security.Google
         private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
         {
             var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = await JsonConvert.SerializeObjectAsync(content);
+            var text = await Task.Factory.StartNew(() => JsonConvert.SerializeObject(content));
             res.Content = new StringContent(text, Encoding.UTF8, "application/json");
             return res;
         }
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 2c1da025fd..7bfb0d4491 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -204,7 +204,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
         private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
         {
             var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = await JsonConvert.SerializeObjectAsync(content);
+            var text = await Task.Factory.StartNew(() => JsonConvert.SerializeObject(content));
             res.Content = new StringContent(text, Encoding.UTF8, "application/json");
             return res;
         }
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index d5eb56896b..75f7ebbfd3 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -152,7 +152,7 @@ namespace Microsoft.AspNet.Security.Twitter
         private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
         {
             var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = await JsonConvert.SerializeObjectAsync(content);
+            var text = await Task.Factory.StartNew(() => JsonConvert.SerializeObject(content));
             res.Content = new StringContent(text, Encoding.UTF8, "application/json");
             return res;
         }

From 51c3dc98dc08a1e4a761bb77469a45b3b33271c2 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 10 Sep 2014 12:27:01 -0700
Subject: [PATCH 070/900] Handle IBuilder rename to IApplicationBuilder.

---
 samples/CookieSample/Startup.cs                      |  2 +-
 samples/SocialSample/Startup.cs                      |  2 +-
 .../CookieAuthenticationExtensions.cs                |  4 ++--
 .../CookieAuthenticationOptions.cs                   |  2 +-
 .../FacebookAuthenticationExtensions.cs              | 12 ++++++------
 .../GoogleAuthenticationExtensions.cs                | 12 ++++++------
 .../MicrosoftAccountAuthenticationExtensions.cs      | 12 ++++++------
 .../OAuthAuthenticationExtensions.cs                 |  6 +++---
 .../TwitterAuthenticationExtensions.cs               | 12 ++++++------
 .../BuilderSecurityExtensions.cs                     |  4 ++--
 src/Microsoft.AspNet.Security/Resources.Designer.cs  |  4 ++--
 src/Microsoft.AspNet.Security/Resources.resx         |  4 ++--
 .../Facebook/FacebookMiddlewareTests.cs              |  2 +-
 .../MicrosoftAccountMiddlewareTests.cs               |  2 +-
 .../Twitter/TwitterMiddlewareTests.cs                |  2 +-
 15 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 2a01fc0b26..2e5602b9c4 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -7,7 +7,7 @@ namespace CookieSample
 {
     public class Startup
     {
-        public void Configure(IBuilder app)
+        public void Configure(IApplicationBuilder app)
         {
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
             {
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index f3aff738d8..5fbb8887a4 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -19,7 +19,7 @@ namespace CookieSample
 {
     public class Startup
     {
-        public void Configure(IBuilder app)
+        public void Configure(IApplicationBuilder app)
         {
             app.UseErrorPage();
 
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index eb4f64903a..03af44a43d 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -13,10 +13,10 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Adds a cookie-based authentication middleware to your web application pipeline.
         /// </summary>
-        /// <param name="app">The IBuilder passed to your configuration method</param>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
         /// <param name="options">An options class that controls the middleware behavior</param>
         /// <returns>The original app parameter</returns>
-        public static IBuilder UseCookieAuthentication([NotNull] this IBuilder app, [NotNull] CookieAuthenticationOptions options)
+        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, [NotNull] CookieAuthenticationOptions options)
         {
             return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
         }
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index 8499fa33f6..f04c51264b 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -125,7 +125,7 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <summary>
         /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
         /// cookie value. If it is not provided a default data handler is created using the data protection service contained
-        /// in the IBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET, 
+        /// in the IApplicationBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET, 
         /// and on DPAPI when running in a different process.
         /// </summary>
         public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
index 7f7cb4ebd9..5438272090 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
@@ -13,11 +13,11 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Facebook.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="appId">The appId assigned by Facebook.</param>
         /// <param name="appSecret">The appSecret assigned by Facebook.</param>
-        /// <returns>The updated <see cref="IBuilder"/>.</returns>
-        public static IBuilder UseFacebookAuthentication([NotNull] this IBuilder app, [NotNull] string appId, [NotNull] string appSecret)
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string appId, [NotNull] string appSecret)
         {
             return app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
             {
@@ -29,10 +29,10 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Facebook.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
-        /// <returns>The updated <see cref="IBuilder"/>.</returns>
-        public static IBuilder UseFacebookAuthentication([NotNull] this IBuilder app, [NotNull] FacebookAuthenticationOptions options)
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, [NotNull] FacebookAuthenticationOptions options)
         {
             if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
             {
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
index cfac477731..571ff5ffe3 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
@@ -13,11 +13,11 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Google OAuth 2.0.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="clientId">The google assigned client id.</param>
         /// <param name="clientSecret">The google assigned client secret.</param>
-        /// <returns>The updated <see cref="IBuilder"/>.</returns>
-        public static IBuilder UseGoogleAuthentication([NotNull] this IBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
         {
             return app.UseGoogleAuthentication(
                 new GoogleAuthenticationOptions
@@ -30,10 +30,10 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Google OAuth 2.0.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">Middleware configuration options.</param>
-        /// <returns>The updated <see cref="IBuilder"/>.</returns>
-        public static IBuilder UseGoogleAuthentication([NotNull] this IBuilder app, [NotNull] GoogleAuthenticationOptions options)
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, [NotNull] GoogleAuthenticationOptions options)
         {
             if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
             {
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
index 468d279078..9963abf1d6 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
@@ -13,11 +13,11 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Microsoft Account.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="clientId">The application client ID assigned by the Microsoft authentication service.</param>
         /// <param name="clientSecret">The application client secret assigned by the Microsoft authentication service.</param>
-        /// <returns>The updated <see cref="IBuilder"/>.</returns>
-        public static IBuilder UseMicrosoftAccountAuthentication([NotNull] this IBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
         {
             return app.UseMicrosoftAccountAuthentication(
                 new MicrosoftAccountAuthenticationOptions
@@ -30,10 +30,10 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Microsoft Account.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
-        /// <returns>The updated <see cref="IBuilder"/>.</returns>
-        public static IBuilder UseMicrosoftAccountAuthentication([NotNull] this IBuilder app, [NotNull] MicrosoftAccountAuthenticationOptions options)
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, [NotNull] MicrosoftAccountAuthenticationOptions options)
         {
             if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
             {
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
index e140620e65..0b6f0ddec6 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
@@ -15,10 +15,10 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using OAuth.
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
-        /// <returns>The updated <see cref="IBuilder"/>.</returns>
-        public static IBuilder UseOAuthAuthentication([NotNull] this IBuilder app, [NotNull] OAuthAuthenticationOptions<IOAuthAuthenticationNotifications> options)
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OAuthAuthenticationOptions<IOAuthAuthenticationNotifications> options)
         {
             if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
             {
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
index 250c721cba..aa56249cca 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
@@ -13,11 +13,11 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Twitter
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method</param>
         /// <param name="consumerKey">The Twitter-issued consumer key</param>
         /// <param name="consumerSecret">The Twitter-issued consumer secret</param>
-        /// <returns>The updated <see cref="IBuilder"/></returns>
-        public static IBuilder UseTwitterAuthentication([NotNull] this IBuilder app, [NotNull] string consumerKey, [NotNull] string consumerSecret)
+        /// <returns>The updated <see cref="IApplicationBuilder"/></returns>
+        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string consumerKey, [NotNull] string consumerSecret)
         {
             return app.UseTwitterAuthentication(
                 new TwitterAuthenticationOptions
@@ -30,10 +30,10 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Authenticate users using Twitter
         /// </summary>
-        /// <param name="app">The <see cref="IBuilder"/> passed to the configure method</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method</param>
         /// <param name="options">Middleware configuration options</param>
-        /// <returns>The updated <see cref="IBuilder"/></returns>
-        public static IBuilder UseTwitterAuthentication([NotNull] this IBuilder app, [NotNull] TwitterAuthenticationOptions options)
+        /// <returns>The updated <see cref="IApplicationBuilder"/></returns>
+        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, [NotNull] TwitterAuthenticationOptions options)
         {
             if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
             {
diff --git a/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs b/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
index 6043a0966c..5a9aec367f 100644
--- a/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
+++ b/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">App builder passed to the application startup code</param>
         /// <returns></returns>
-        public static string GetDefaultSignInAsAuthenticationType([NotNull] this IBuilder app)
+        public static string GetDefaultSignInAsAuthenticationType([NotNull] this IApplicationBuilder app)
         {
             object value;
             if (app.Properties.TryGetValue(Constants.DefaultSignInAsAuthenticationType, out value))
@@ -37,7 +37,7 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">App builder passed to the application startup code</param>
         /// <param name="authenticationType">AuthenticationType that external middleware should sign in as.</param>
-        public static void SetDefaultSignInAsAuthenticationType([NotNull] this IBuilder app, [NotNull] string authenticationType)
+        public static void SetDefaultSignInAsAuthenticationType([NotNull] this IApplicationBuilder app, [NotNull] string authenticationType)
         {
             app.Properties[Constants.DefaultSignInAsAuthenticationType] = authenticationType;
         }
diff --git a/src/Microsoft.AspNet.Security/Resources.Designer.cs b/src/Microsoft.AspNet.Security/Resources.Designer.cs
index d535265888..485da1825d 100644
--- a/src/Microsoft.AspNet.Security/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Security/Resources.Designer.cs
@@ -70,7 +70,7 @@ namespace Microsoft.AspNet.Security {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to The default data protection provider may only be used when the IBuilder.Properties contains an appropriate &apos;host.AppName&apos; key..
+        ///   Looks up a localized string similar to The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate &apos;host.AppName&apos; key..
         /// </summary>
         internal static string Exception_DefaultDpapiRequiresAppNameKey {
             get {
@@ -79,7 +79,7 @@ namespace Microsoft.AspNet.Security {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..
+        ///   Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IApplicationBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..
         /// </summary>
         internal static string Exception_MissingDefaultSignInAsAuthenticationType {
             get {
diff --git a/src/Microsoft.AspNet.Security/Resources.resx b/src/Microsoft.AspNet.Security/Resources.resx
index 5a02ab7725..f0765cc325 100644
--- a/src/Microsoft.AspNet.Security/Resources.resx
+++ b/src/Microsoft.AspNet.Security/Resources.resx
@@ -118,13 +118,13 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="Exception_DefaultDpapiRequiresAppNameKey" xml:space="preserve">
-    <value>The default data protection provider may only be used when the IBuilder.Properties contains an appropriate 'host.AppName' key.</value>
+    <value>The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.</value>
   </data>
   <data name="Exception_UnhookAuthenticationStateType" xml:space="preserve">
     <value>The state passed to UnhookAuthentication may only be the return value from HookAuthentication.</value>
   </data>
   <data name="Exception_MissingDefaultSignInAsAuthenticationType" xml:space="preserve">
-    <value>A default value for SignInAsAuthenticationType was not found in IBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.</value>
+    <value>A default value for SignInAsAuthenticationType was not found in IApplicationBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.</value>
   </data>
   <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
     <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 56467a7601..672dc04ac9 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -69,7 +69,7 @@ namespace Microsoft.AspNet.Security.Facebook
             location.ShouldContain("state=");
         }
 
-        private static TestServer CreateServer(Action<IBuilder> configure, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
         {
             return TestServer.Create(app =>
             {
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 7bfb0d4491..a19aeae05c 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -151,7 +151,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
             transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
         }
 
-        private static TestServer CreateServer(Action<IBuilder> configure, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
         {
             return TestServer.Create(app =>
             {
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index 75f7ebbfd3..461e541845 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -105,7 +105,7 @@ namespace Microsoft.AspNet.Security.Twitter
             location.ShouldContain("https://twitter.com/oauth/authenticate?oauth_token=");
         }
 
-        private static TestServer CreateServer(Action<IBuilder> configure, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
         {
             return TestServer.Create(app =>
             {

From f6d6f3141400bef8c53e56d1eec683a2c7713826 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 9 Sep 2014 10:38:39 -0700
Subject: [PATCH 071/900] #32 - Port Cookie chunking from Katana.

---
 .../CookieAuthenticationHandler.cs            |  12 +-
 .../CookieAuthenticationMiddleware.cs         |   5 +
 .../CookieAuthenticationOptions.cs            |   8 +
 .../Infrastructure/ChunkingCookieManager.cs   | 310 ++++++++++++++++++
 .../Infrastructure/Constants.cs               |  13 +
 .../Infrastructure/ICookieManager.cs          |  39 +++
 .../Resources.Designer.cs                     |  85 +++++
 .../Resources.resx                            | 126 +++++++
 .../Infrastructure/CookieChunkingTests.cs     | 168 ++++++++++
 9 files changed, 761 insertions(+), 5 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Infrastructure/Constants.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Infrastructure/ICookieManager.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Resources.resx
 create mode 100644 test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 1e21937fab..23f66b6c5b 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -37,8 +37,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
         {
-            IReadableStringCollection cookies = Request.Cookies;
-            string cookie = cookies[Options.CookieName];
+            string cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
             if (string.IsNullOrWhiteSpace(cookie))
             {
                 return null;
@@ -148,7 +147,8 @@ namespace Microsoft.AspNet.Security.Cookies
                     var model = new AuthenticationTicket(context.Identity, context.Properties);
                     string cookieValue = Options.TicketDataFormat.Protect(model);
 
-                    Response.Cookies.Append(
+                    Options.CookieManager.AppendResponseCookie(
+                        Context,
                         Options.CookieName,
                         cookieValue,
                         cookieOptions);
@@ -162,7 +162,8 @@ namespace Microsoft.AspNet.Security.Cookies
                     
                     Options.Notifications.ResponseSignOut(context);
 
-                    Response.Cookies.Delete(
+                    Options.CookieManager.DeleteCookie(
+                        Context,
                         Options.CookieName,
                         cookieOptions);
                 }
@@ -180,7 +181,8 @@ namespace Microsoft.AspNet.Security.Cookies
                         cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
                     }
 
-                    Response.Cookies.Append(
+                    Options.CookieManager.AppendResponseCookie(
+                        Context,
                         Options.CookieName,
                         cookieValue,
                         cookieOptions);
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 6f2a5dec04..1349ccadeb 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -5,6 +5,7 @@
 using System;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Cookies.Infrastructure;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
@@ -33,6 +34,10 @@ namespace Microsoft.AspNet.Security.Cookies
                     typeof(CookieAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
                 options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = new ChunkingCookieManager();
+            }
 
             _logger = loggerFactory.Create(typeof(CookieAuthenticationMiddleware).FullName);
         }
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index f04c51264b..0b6ef879e9 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -5,6 +5,7 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Cookies.Infrastructure;
 using Microsoft.AspNet.Security.Infrastructure;
 
 namespace Microsoft.AspNet.Security.Cookies
@@ -135,5 +136,12 @@ namespace Microsoft.AspNet.Security.Cookies
         /// used which calls DateTimeOffset.UtcNow. This is typically not replaced except for unit testing. 
         /// </summary>
         public ISystemClock SystemClock { get; set; }
+
+        /// <summary>
+        /// The component used to get cookies from the request or set them on the response.
+        ///
+        /// ChunkingCookieManager will be used by default.
+        /// </summary>
+        public ICookieManager CookieManager { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
new file mode 100644
index 0000000000..d5e48c1983
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
@@ -0,0 +1,310 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+{
+    /// <summary>
+    /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
+    /// from requests.
+    /// </summary>
+    public class ChunkingCookieManager : ICookieManager
+    {
+        public ChunkingCookieManager()
+        {
+            ChunkSize = 4090;
+            ThrowForPartialCookies = true;
+        }
+
+        /// <summary>
+        /// The maximum size of cookie to send back to the client. If a cookie exceeds this size it will be broken down into multiple
+        /// cookies. Set this value to null to disable this behavior. The default is 4090 characters, which is supported by all
+        /// common browsers.
+        ///
+        /// Note that browsers may also have limits on the total size of all cookies per domain, and on the number of cookies per domain.
+        /// </summary>
+        public int? ChunkSize { get; set; }
+
+        /// <summary>
+        /// Throw if not all chunks of a cookie are available on a request for re-assembly.
+        /// </summary>
+        public bool ThrowForPartialCookies { get; set; }
+
+        // Parse the "chunks:XX" to determine how many chunks there should be.
+        private static int ParseChunksCount(string value)
+        {
+            if (value != null && value.StartsWith("chunks:", StringComparison.Ordinal))
+            {
+                string chunksCountString = value.Substring("chunks:".Length);
+                int chunksCount;
+                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out chunksCount))
+                {
+                    return chunksCount;
+                }
+            }
+            return 0;
+        }
+
+        /// <summary>
+        /// Get the reassembled cookie. Non chunked cookies are returned normally.
+        /// Cookies with missing chunks just have their "chunks:XX" header returned.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <returns>The reassembled cookie, if any, or null.</returns>
+        public string GetRequestCookie(HttpContext context, string key)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException("context");
+            }
+
+            IReadableStringCollection requestCookies = context.Request.Cookies;
+            string value = requestCookies[key];
+            int chunksCount = ParseChunksCount(value);
+            if (chunksCount > 0)
+            {
+                bool quoted = false;
+                string[] chunks = new string[chunksCount];
+                for (int chunkId = 1; chunkId <= chunksCount; chunkId++)
+                {
+                    string chunk = requestCookies[key + "C" + chunkId.ToString(CultureInfo.InvariantCulture)];
+                    if (chunk == null)
+                    {
+                        if (ThrowForPartialCookies)
+                        {
+                            int totalSize = 0;
+                            for (int i = 0; i < chunkId - 1; i++)
+                            {
+                                totalSize += chunks[i].Length;
+                            }
+                            throw new FormatException(
+                                string.Format(CultureInfo.CurrentCulture, Resources.Exception_ImcompleteChunkedCookie, chunkId - 1, chunksCount, totalSize));
+                        }
+                        // Missing chunk, abort by returning the original cookie value. It may have been a false positive?
+                        return value;
+                    }
+                    if (IsQuoted(chunk))
+                    {
+                        // Note: Since we assume these cookies were generated by our code, then we can assume that if one cookie has quotes then they all do.
+                        quoted = true;
+                        chunk = RemoveQuotes(chunk);
+                    }
+                    chunks[chunkId - 1] = chunk;
+                }
+                string merged = string.Join(string.Empty, chunks);
+                if (quoted)
+                {
+                    merged = Quote(merged);
+                }
+                return merged;
+            }
+            return value;
+        }
+
+        /// <summary>
+        /// Appends a new response cookie to the Set-Cookie header. If the cookie is larger than the given size limit
+        /// then it will be broken down into multiple cookies as follows:
+        /// Set-Cookie: CookieName=chunks:3; path=/
+        /// Set-Cookie: CookieNameC1=Segment1; path=/
+        /// Set-Cookie: CookieNameC2=Segment2; path=/
+        /// Set-Cookie: CookieNameC3=Segment3; path=/
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="value"></param>
+        /// <param name="options"></param>
+        public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException("context");
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException("options");
+            }
+
+            bool domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            bool pathHasValue = !string.IsNullOrEmpty(options.Path);
+            bool expiresHasValue = options.Expires.HasValue;
+
+            string escapedKey = Uri.EscapeDataString(key);
+            string prefix = escapedKey + "=";
+
+            string suffix = string.Concat(
+                !domainHasValue ? null : "; domain=",
+                !domainHasValue ? null : options.Domain,
+                !pathHasValue ? null : "; path=",
+                !pathHasValue ? null : options.Path,
+                !expiresHasValue ? null : "; expires=",
+                !expiresHasValue ? null : options.Expires.Value.ToString("ddd, dd-MMM-yyyy HH:mm:ss ", CultureInfo.InvariantCulture) + "GMT",
+                !options.Secure ? null : "; secure",
+                !options.HttpOnly ? null : "; HttpOnly");
+
+            value = value ?? string.Empty;
+            bool quoted = false;
+            if (IsQuoted(value))
+            {
+                quoted = true;
+                value = RemoveQuotes(value);
+            }
+            string escapedValue = Uri.EscapeDataString(value);
+
+            // Normal cookie
+            IHeaderDictionary responseHeaders = context.Response.Headers;
+            if (!ChunkSize.HasValue || ChunkSize.Value > prefix.Length + escapedValue.Length + suffix.Length + (quoted ? 2 : 0))
+            {
+                string setCookieValue = string.Concat(
+                    prefix,
+                    quoted ? Quote(escapedValue) : escapedValue,
+                    suffix);
+                responseHeaders.AppendValues(Constants.Headers.SetCookie, setCookieValue);
+            }
+            else if (ChunkSize.Value < prefix.Length + suffix.Length + (quoted ? 2 : 0) + 10)
+            {
+                // 10 is the minimum data we want to put in an individual cookie, including the cookie chunk identifier "CXX".
+                // No room for data, we can't chunk the options and name
+                throw new InvalidOperationException(Resources.Exception_CookieLimitTooSmall);
+            }
+            else
+            {
+                // Break the cookie down into multiple cookies.
+                // Key = CookieName, value = "Segment1Segment2Segment2"
+                // Set-Cookie: CookieName=chunks:3; path=/
+                // Set-Cookie: CookieNameC1="Segment1"; path=/
+                // Set-Cookie: CookieNameC2="Segment2"; path=/
+                // Set-Cookie: CookieNameC3="Segment3"; path=/
+                int dataSizePerCookie = ChunkSize.Value - prefix.Length - suffix.Length - (quoted ? 2 : 0) - 3; // Budget 3 chars for the chunkid.
+                int cookieChunkCount = (int)Math.Ceiling(escapedValue.Length * 1.0 / dataSizePerCookie);
+
+                responseHeaders.AppendValues(Constants.Headers.SetCookie, prefix + "chunks:" + cookieChunkCount.ToString(CultureInfo.InvariantCulture) + suffix);
+                
+                string[] chunks = new string[cookieChunkCount];
+                int offset = 0;
+                for (int chunkId = 1; chunkId <= cookieChunkCount; chunkId++)
+                {
+                    int remainingLength = escapedValue.Length - offset;
+                    int length = Math.Min(dataSizePerCookie, remainingLength);
+                    string segment = escapedValue.Substring(offset, length);
+                    offset += length;
+
+                    chunks[chunkId - 1] = string.Concat(
+                                            escapedKey,
+                                            "C",
+                                            chunkId.ToString(CultureInfo.InvariantCulture),
+                                            "=",
+                                            quoted ? "\"" : string.Empty,
+                                            segment,
+                                            quoted ? "\"" : string.Empty,
+                                            suffix);
+                }
+                responseHeaders.AppendValues(Constants.Headers.SetCookie, chunks);
+            }
+        }
+
+        /// <summary>
+        /// Deletes the cookie with the given key by setting an expired state. If a matching chunked cookie exists on
+        /// the request, delete each chunk.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="options"></param>
+        public void DeleteCookie(HttpContext context, string key, CookieOptions options)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException("context");
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException("options");
+            }
+
+            string escapedKey = Uri.EscapeDataString(key);
+            List<string> keys = new List<string>();
+            keys.Add(escapedKey + "=");
+
+            string requestCookie = context.Request.Cookies[key];
+            int chunks = ParseChunksCount(requestCookie);
+            if (chunks > 0)
+            {
+                for (int i = 1; i <= chunks + 1; i++)
+                {
+                    string subkey = escapedKey + "C" + i.ToString(CultureInfo.InvariantCulture);
+                    keys.Add(subkey + "=");
+                }
+            }
+
+            bool domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            bool pathHasValue = !string.IsNullOrEmpty(options.Path);
+
+            Func<string, bool> rejectPredicate;
+            Func<string, bool> predicate = value => keys.Any(k => value.StartsWith(k, StringComparison.OrdinalIgnoreCase));
+            if (domainHasValue)
+            {
+                rejectPredicate = value => predicate(value) && value.IndexOf("domain=" + options.Domain, StringComparison.OrdinalIgnoreCase) != -1;
+            }
+            else if (pathHasValue)
+            {
+                rejectPredicate = value => predicate(value) && value.IndexOf("path=" + options.Path, StringComparison.OrdinalIgnoreCase) != -1;
+            }
+            else
+            {
+                rejectPredicate = value => predicate(value);
+            }
+
+            IHeaderDictionary responseHeaders = context.Response.Headers;
+            IList<string> existingValues = responseHeaders.GetValues(Constants.Headers.SetCookie);
+            if (existingValues != null)
+            {
+                responseHeaders.SetValues(Constants.Headers.SetCookie, existingValues.Where(value => !rejectPredicate(value)).ToArray());
+            }
+
+            AppendResponseCookie(
+                context,
+                key,
+                string.Empty,
+                new CookieOptions
+                {
+                    Path = options.Path,
+                    Domain = options.Domain,
+                    Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
+                });
+
+            for (int i = 1; i <= chunks; i++)
+            {
+                AppendResponseCookie(
+                    context, 
+                    key + "C" + i.ToString(CultureInfo.InvariantCulture),
+                    string.Empty,
+                    new CookieOptions
+                    {
+                        Path = options.Path,
+                        Domain = options.Domain,
+                        Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
+                    });
+            }
+        }
+
+        private static bool IsQuoted(string value)
+        {
+            return value.Length >= 2 && value[0] == '"' && value[value.Length - 1] == '"';
+        }
+
+        private static string RemoveQuotes(string value)
+        {
+            return value.Substring(1, value.Length - 2);
+        }
+
+        private static string Quote(string value)
+        {
+            return '"' + value + '"';
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/Constants.cs b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/Constants.cs
new file mode 100644
index 0000000000..ef8db8e9e0
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/Constants.cs
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+{
+    internal static class Constants
+    {
+        internal static class Headers
+        {
+            internal const string SetCookie = "Set-Cookie";
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ICookieManager.cs b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ICookieManager.cs
new file mode 100644
index 0000000000..b523b1bad7
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ICookieManager.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+{
+    /// <summary>
+    /// This is used by the CookieAuthenticationMiddleware to process request and response cookies.
+    /// It is abstracted from the normal cookie APIs to allow for complex operations like chunking.
+    /// </summary>
+    public interface ICookieManager
+    {
+        /// <summary>
+        /// Retrieve a cookie of the given name from the request.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <returns></returns>
+        string GetRequestCookie(HttpContext context, string key);
+
+        /// <summary>
+        /// Append the given cookie to the response.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="value"></param>
+        /// <param name="options"></param>
+        void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options);
+
+        /// <summary>
+        /// Append a delete cookie to the response.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="options"></param>
+        void DeleteCookie(HttpContext context, string key, CookieOptions options);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Resources.Designer.cs b/src/Microsoft.AspNet.Security.Cookies/Resources.Designer.cs
new file mode 100644
index 0000000000..1a0258ba66
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Resources.Designer.cs
@@ -0,0 +1,85 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.34003
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.Cookies {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Cookies.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+
+        /// <summary>
+        ///   Looks up a localized string similar to The cookie key and options are larger than ChunksSize, leaving no room for data..
+        /// </summary>
+        internal static string Exception_CookieLimitTooSmall
+        {
+            get
+            {
+                return ResourceManager.GetString("Exception_CookieLimitTooSmall", resourceCulture);
+            }
+        }
+
+        /// <summary>
+        ///   Looks up a localized string similar to The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded..
+        /// </summary>
+        internal static string Exception_ImcompleteChunkedCookie
+        {
+            get
+            {
+                return ResourceManager.GetString("Exception_ImcompleteChunkedCookie", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Resources.resx b/src/Microsoft.AspNet.Security.Cookies/Resources.resx
new file mode 100644
index 0000000000..71debecfa3
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Resources.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_CookieLimitTooSmall" xml:space="preserve">
+    <value>The cookie key and options are larger than ChunksSize, leaving no room for data.</value>
+  </data>
+  <data name="Exception_ImcompleteChunkedCookie" xml:space="preserve">
+    <value>The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs
new file mode 100644
index 0000000000..4df8763bd9
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -0,0 +1,168 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.PipelineCore;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+{
+    public class CookieChunkingTests
+    {
+        [Fact]
+        public void AppendLargeCookie_Appended()
+        {
+            HttpContext context = new DefaultHttpContext();
+
+            string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+            new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
+            Assert.Equal(1, values.Count);
+            Assert.Equal("TestCookie=" + testString + "; path=/", values[0]);
+        }
+
+        [Fact]
+        public void AppendLargeCookieWithLimit_Chunked()
+        {
+            HttpContext context = new DefaultHttpContext();
+
+            string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+            new ChunkingCookieManager() { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
+            Assert.Equal(9, values.Count);
+            Assert.Equal(new[]
+            {
+                "TestCookie=chunks:8; path=/",
+                "TestCookieC1=abcdefgh; path=/",
+                "TestCookieC2=ijklmnop; path=/",
+                "TestCookieC3=qrstuvwx; path=/",
+                "TestCookieC4=yz012345; path=/",
+                "TestCookieC5=6789ABCD; path=/",
+                "TestCookieC6=EFGHIJKL; path=/",
+                "TestCookieC7=MNOPQRST; path=/",
+                "TestCookieC8=UVWXYZ; path=/",
+            }, values);
+        }
+
+        [Fact]
+        public void AppendLargeQuotedCookieWithLimit_QuotedChunked()
+        {
+            HttpContext context = new DefaultHttpContext();
+
+            string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
+            new ChunkingCookieManager() { ChunkSize = 32 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
+            Assert.Equal(9, values.Count);
+            Assert.Equal(new[]
+            {
+                "TestCookie=chunks:8; path=/",
+                "TestCookieC1=\"abcdefgh\"; path=/",
+                "TestCookieC2=\"ijklmnop\"; path=/",
+                "TestCookieC3=\"qrstuvwx\"; path=/",
+                "TestCookieC4=\"yz012345\"; path=/",
+                "TestCookieC5=\"6789ABCD\"; path=/",
+                "TestCookieC6=\"EFGHIJKL\"; path=/",
+                "TestCookieC7=\"MNOPQRST\"; path=/",
+                "TestCookieC8=\"UVWXYZ\"; path=/",
+            }, values);
+        }
+
+        [Fact]
+        public void GetLargeChunkedCookie_Reassembled()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.Request.Headers.AppendValues("Cookie",
+                "TestCookie=chunks:7",
+                "TestCookieC1=abcdefghi",
+                "TestCookieC2=jklmnopqr",
+                "TestCookieC3=stuvwxyz0",
+                "TestCookieC4=123456789",
+                "TestCookieC5=ABCDEFGHI",
+                "TestCookieC6=JKLMNOPQR",
+                "TestCookieC7=STUVWXYZ");
+
+            string result = new ChunkingCookieManager().GetRequestCookie(context, "TestCookie");
+            string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+            Assert.Equal(testString, result);
+        }
+
+        [Fact]
+        public void GetLargeChunkedCookieWithQuotes_Reassembled()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.Request.Headers.AppendValues("Cookie",
+                "TestCookie=chunks:7",
+                "TestCookieC1=\"abcdefghi\"",
+                "TestCookieC2=\"jklmnopqr\"",
+                "TestCookieC3=\"stuvwxyz0\"",
+                "TestCookieC4=\"123456789\"",
+                "TestCookieC5=\"ABCDEFGHI\"",
+                "TestCookieC6=\"JKLMNOPQR\"",
+                "TestCookieC7=\"STUVWXYZ\"");
+
+            string result = new ChunkingCookieManager().GetRequestCookie(context, "TestCookie");
+            string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
+            Assert.Equal(testString, result);
+        }
+
+        [Fact]
+        public void GetLargeChunkedCookieWithMissingChunk_ThrowingEnabled_Throws()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.Request.Headers.AppendValues("Cookie",
+                "TestCookie=chunks:7",
+                "TestCookieC1=abcdefghi",
+                // Missing chunk "TestCookieC2=jklmnopqr",
+                "TestCookieC3=stuvwxyz0",
+                "TestCookieC4=123456789",
+                "TestCookieC5=ABCDEFGHI",
+                "TestCookieC6=JKLMNOPQR",
+                "TestCookieC7=STUVWXYZ");
+
+            Assert.Throws<FormatException>(() => new ChunkingCookieManager().GetRequestCookie(context, "TestCookie"));
+        }
+
+        [Fact]
+        public void GetLargeChunkedCookieWithMissingChunk_ThrowingDisabled_NotReassembled()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.Request.Headers.AppendValues("Cookie",
+                "TestCookie=chunks:7",
+                "TestCookieC1=abcdefghi",
+                // Missing chunk "TestCookieC2=jklmnopqr",
+                "TestCookieC3=stuvwxyz0",
+                "TestCookieC4=123456789",
+                "TestCookieC5=ABCDEFGHI",
+                "TestCookieC6=JKLMNOPQR",
+                "TestCookieC7=STUVWXYZ");
+
+            string result = new ChunkingCookieManager() { ThrowForPartialCookies = false }.GetRequestCookie(context, "TestCookie");
+            string testString = "chunks:7";
+            Assert.Equal(testString, result);
+        }
+
+        [Fact]
+        public void DeleteChunkedCookieWithOptions_AllDeleted()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.Request.Headers.AppendValues("Cookie", "TestCookie=chunks:7");
+
+            new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
+            var cookies = context.Response.Headers.GetValues("Set-Cookie");
+            Assert.Equal(8, cookies.Count);
+            Assert.Equal(new[]
+            {
+                "TestCookie=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookieC1=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookieC2=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookieC3=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookieC4=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookieC5=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookieC6=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookieC7=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+            }, cookies);
+        }
+    }
+}

From d6b82b87993489d5be1b48d6f46ee6d5cc034a9e Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 9 Sep 2014 15:25:39 -0700
Subject: [PATCH 072/900] #32 - Port cookie auth session store from Katana. Add
 MemoryCache sample.

---
 Security.sln                                  | 13 +++++
 samples/CookieSample/project.json             |  4 +-
 .../CookieSessionSample.kproj                 | 32 +++++++++++
 .../MemoryCacheSessionStore.cs                | 56 +++++++++++++++++++
 samples/CookieSessionSample/Startup.cs        | 41 ++++++++++++++
 samples/CookieSessionSample/project.json      | 37 ++++++++++++
 .../CookieAuthenticationHandler.cs            | 56 ++++++++++++++++++-
 .../CookieAuthenticationOptions.cs            |  6 ++
 .../IAuthenticationSessionStore.cs            | 43 ++++++++++++++
 9 files changed, 283 insertions(+), 5 deletions(-)
 create mode 100644 samples/CookieSessionSample/CookieSessionSample.kproj
 create mode 100644 samples/CookieSessionSample/MemoryCacheSessionStore.cs
 create mode 100644 samples/CookieSessionSample/Startup.cs
 create mode 100644 samples/CookieSessionSample/project.json
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Infrastructure/IAuthenticationSessionStore.cs

diff --git a/Security.sln b/Security.sln
index c9951b0ddf..2cc23038e0 100644
--- a/Security.sln
+++ b/Security.sln
@@ -34,6 +34,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.M
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.OAuth", "src\Microsoft.AspNet.Security.OAuth\Microsoft.AspNet.Security.OAuth.kproj", "{4A636011-68EE-4CE5-836D-EA8E13CF71E4}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSessionSample", "samples\CookieSessionSample\CookieSessionSample.kproj", "{19711880-46DA-4A26-9E0F-9B2E41D27651}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -144,6 +146,16 @@ Global
 		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|x86.ActiveCfg = Release|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Any CPU.Build.0 = Release|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x86.ActiveCfg = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -159,5 +171,6 @@ Global
 		{C96B77EA-4078-4C31-BDB2-878F11C5E061} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{4A636011-68EE-4CE5-836D-EA8E13CF71E4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{19711880-46DA-4A26-9E0F-9B2E41D27651} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index c8eabcb68c..405e3ba0d0 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -6,8 +6,8 @@
     "Microsoft.AspNet.HttpFeature": "1.0.0-*",
     "Microsoft.AspNet.PipelineCore": "1.0.0-*",
     "Microsoft.AspNet.RequestContainer": "1.0.0-*",
-    "Microsoft.AspNet.Security": "",
-    "Microsoft.AspNet.Security.Cookies": "",
+    "Microsoft.AspNet.Security": "1.0.0-*",
+    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*"
   },
diff --git a/samples/CookieSessionSample/CookieSessionSample.kproj b/samples/CookieSessionSample/CookieSessionSample.kproj
new file mode 100644
index 0000000000..951ff1cc56
--- /dev/null
+++ b/samples/CookieSessionSample/CookieSessionSample.kproj
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+  </PropertyGroup>
+
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>19711880-46da-4a26-9e0f-9b2e41d27651</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <RootNamespace>CookieSessionSample</RootNamespace>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="$(OutputType) == 'Console'">
+    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="$(OutputType) == 'Web'">
+    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
+  </PropertyGroup>
+
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'" Label="Configuration">
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
new file mode 100644
index 0000000000..07adddd048
--- /dev/null
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -0,0 +1,56 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.MemoryCache;
+using Microsoft.AspNet.Security;
+using Microsoft.AspNet.Security.Cookies.Infrastructure;
+
+namespace CookieSessionSample
+{
+    public class MemoryCacheSessionStore : IAuthenticationSessionStore
+    {
+        private const string KeyPrefix = "AuthSessionStore-";
+        private IMemoryCache _cache;
+
+        public MemoryCacheSessionStore()
+        {
+            _cache = new MemoryCache();
+        }
+
+        public async Task<string> StoreAsync(AuthenticationTicket ticket)
+        {
+            var guid = Guid.NewGuid();
+            var key = KeyPrefix + guid.ToString();
+            await RenewAsync(key, ticket);
+            return key;
+        }
+
+        public Task RenewAsync(string key, AuthenticationTicket ticket)
+        {
+            _cache.Set(key, ticket, context =>
+            {
+                var expiresUtc = ticket.Properties.ExpiresUtc;
+                if (expiresUtc.HasValue)
+                {
+                    context.SetAbsoluteExpiration(expiresUtc.Value);
+                }
+                context.SetSlidingExpiraiton(TimeSpan.FromHours(1)); // TODO: configurable.
+
+                return (AuthenticationTicket)context.State;
+            });
+            return Task.FromResult(0);
+        }
+
+        public Task<AuthenticationTicket> RetrieveAsync(string key)
+        {
+            AuthenticationTicket ticket;
+            _cache.TryGetValue(key, out ticket);
+            return Task.FromResult(ticket);
+        }
+
+        public Task RemoveAsync(string key)
+        {
+            _cache.Remove(key);
+            return Task.FromResult(0);
+        }
+    }
+}
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
new file mode 100644
index 0000000000..c5359a05f3
--- /dev/null
+++ b/samples/CookieSessionSample/Startup.cs
@@ -0,0 +1,41 @@
+using System.Collections.Generic;
+using System.Security.Claims;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Cookies;
+
+namespace CookieSessionSample
+{
+    public class Startup
+    {
+        public void Configure(IBuilder app)
+        {
+            app.UseCookieAuthentication(new CookieAuthenticationOptions()
+            {
+                SessionStore = new MemoryCacheSessionStore(),
+            });
+
+            app.Run(async context =>
+            {
+                if (context.User == null || !context.User.Identity.IsAuthenticated)
+                {
+                    // Make a large identity
+                    var claims = new List<Claim>(1001);
+                    claims.Add(new Claim("name", "bob"));
+                    for (int i = 0; i < 1000; i++)
+                    {
+                        claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
+                    }
+                    context.Response.SignIn(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType));                    
+
+                    context.Response.ContentType = "text/plain";
+                    await context.Response.WriteAsync("Hello First timer");
+                    return;
+                }
+
+                context.Response.ContentType = "text/plain";
+                await context.Response.WriteAsync("Hello old timer");
+            });
+        }
+    }
+}
\ No newline at end of file
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
new file mode 100644
index 0000000000..7299177120
--- /dev/null
+++ b/samples/CookieSessionSample/project.json
@@ -0,0 +1,37 @@
+{
+  "dependencies": {
+    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
+    "Microsoft.AspNet.Hosting": "1.0.0-*",
+    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
+    "Microsoft.AspNet.MemoryCache": "1.0.0-*",
+    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
+    "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+    "Microsoft.AspNet.Security": "1.0.0-*",
+    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Framework.DependencyInjection": "1.0.0-*"
+  },
+  "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
+  "frameworks": {
+    "aspnet50": {
+    },
+    "aspnetcore50": {
+      "dependencies": {
+        "System.Collections": "4.0.10.0",
+        "System.Console": "4.0.0.0",
+        "System.Diagnostics.Debug": "4.0.10.0",
+        "System.Diagnostics.Tools": "4.0.0.0",
+        "System.Globalization": "4.0.10.0",
+        "System.IO": "4.0.10.0",
+        "System.Linq": "4.0.0.0",
+        "System.Reflection": "4.0.10.0",
+        "System.Resources.ResourceManager": "4.0.0.0",
+        "System.Runtime": "4.0.20.0",
+        "System.Runtime.Extensions": "4.0.10.0",
+        "System.Runtime.InteropServices": "4.0.20.0",
+        "System.Threading.Tasks": "4.0.10.0"
+      }
+    }
+  }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 23f66b6c5b..317c27d21a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -3,6 +3,8 @@
 
 
 using System;
+using System.Linq;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
@@ -18,12 +20,14 @@ namespace Microsoft.AspNet.Security.Cookies
         private const string HeaderNameExpires = "Expires";
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueMinusOne = "-1";
+        private const string SessionIdClaim = "Microsoft.AspNet.Security.Cookies-SessionId";
 
         private readonly ILogger _logger;
 
         private bool _shouldRenew;
         private DateTimeOffset _renewIssuedUtc;
         private DateTimeOffset _renewExpiresUtc;
+        private string _sessionKey;
 
         public CookieAuthenticationHandler([NotNull] ILogger logger)
         {
@@ -51,12 +55,33 @@ namespace Microsoft.AspNet.Security.Cookies
                 return null;
             }
 
+            if (Options.SessionStore != null)
+            {
+                Claim claim = ticket.Identity.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
+                if (claim == null)
+                {
+                    _logger.WriteWarning(@"SessoinId missing");
+                    return null;
+                }
+                _sessionKey = claim.Value;
+                ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
+                if (ticket == null)
+                {
+                    _logger.WriteWarning(@"Identity missing in session store");
+                    return null;
+                }
+            }
+
             DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
             DateTimeOffset? issuedUtc = ticket.Properties.IssuedUtc;
             DateTimeOffset? expiresUtc = ticket.Properties.ExpiresUtc;
 
             if (expiresUtc != null && expiresUtc.Value < currentUtc)
             {
+                if (Options.SessionStore != null)
+                {
+                    await Options.SessionStore.RemoveAsync(_sessionKey);
+                }
                 return null;
             }
 
@@ -95,6 +120,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
             if (shouldSignin || shouldSignout || _shouldRenew)
             {
+                AuthenticationTicket model = await AuthenticateAsync();
                 var cookieOptions = new CookieOptions
                 {
                     Domain = Options.CookieDomain,
@@ -144,7 +170,19 @@ namespace Microsoft.AspNet.Security.Cookies
                         context.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
                     }
 
-                    var model = new AuthenticationTicket(context.Identity, context.Properties);
+                    model = new AuthenticationTicket(context.Identity, context.Properties);
+                    if (Options.SessionStore != null)
+                    {
+                        if (_sessionKey != null)
+                        {
+                            await Options.SessionStore.RemoveAsync(_sessionKey);
+                        }
+                        _sessionKey = await Options.SessionStore.StoreAsync(model);
+                        ClaimsIdentity identity = new ClaimsIdentity(
+                            new[] { new Claim(SessionIdClaim, _sessionKey) },
+                            Options.AuthenticationType);
+                        model = new AuthenticationTicket(identity, null);
+                    }
                     string cookieValue = Options.TicketDataFormat.Protect(model);
 
                     Options.CookieManager.AppendResponseCookie(
@@ -155,6 +193,11 @@ namespace Microsoft.AspNet.Security.Cookies
                 }
                 else if (shouldSignout)
                 {
+                    if (Options.SessionStore != null && _sessionKey != null)
+                    {
+                        await Options.SessionStore.RemoveAsync(_sessionKey);
+                    }
+
                     var context = new CookieResponseSignOutContext(
                         Context,
                         Options,
@@ -169,11 +212,18 @@ namespace Microsoft.AspNet.Security.Cookies
                 }
                 else if (_shouldRenew)
                 {
-                    AuthenticationTicket model = await AuthenticateAsync();
-
                     model.Properties.IssuedUtc = _renewIssuedUtc;
                     model.Properties.ExpiresUtc = _renewExpiresUtc;
 
+                    if (Options.SessionStore != null && _sessionKey != null)
+                    {
+                        await Options.SessionStore.RenewAsync(_sessionKey, model);
+                        ClaimsIdentity identity = new ClaimsIdentity(
+                            new[] { new Claim(SessionIdClaim, _sessionKey) },
+                            Options.AuthenticationType);
+                        model = new AuthenticationTicket(identity, null);
+                    }
+
                     string cookieValue = Options.TicketDataFormat.Protect(model);
 
                     if (model.Properties.IsPersistent)
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index 0b6ef879e9..c6373a0ec9 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -143,5 +143,11 @@ namespace Microsoft.AspNet.Security.Cookies
         /// ChunkingCookieManager will be used by default.
         /// </summary>
         public ICookieManager CookieManager { get; set; }
+
+        /// <summary>
+        /// An optional container in which to store the identity across requests. When used, only a session identifier is sent
+        /// to the client. This can be used to mitigate potential problems with very large identities.
+        /// </summary>
+        public IAuthenticationSessionStore SessionStore { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/IAuthenticationSessionStore.cs b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/IAuthenticationSessionStore.cs
new file mode 100644
index 0000000000..9f449b098b
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/IAuthenticationSessionStore.cs
@@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+{
+    /// <summary>
+    /// This provides an abstract storage mechanic to preserve identity information on the server
+    /// while only sending a simple identifier key to the client. This is most commonly used to mitigate
+    /// issues with serializing large identities into cookies.
+    /// </summary>
+    public interface IAuthenticationSessionStore
+    {
+        /// <summary>
+        /// Store the identity ticket and return the associated key.
+        /// </summary>
+        /// <param name="ticket">The identity information to store.</param>
+        /// <returns>The key that can be used to retrieve the identity later.</returns>
+        Task<string> StoreAsync(AuthenticationTicket ticket);
+
+        /// <summary>
+        /// Tells the store that the given identity should be updated.
+        /// </summary>
+        /// <param name="key"></param>
+        /// <param name="ticket"></param>
+        /// <returns></returns>
+        Task RenewAsync(string key, AuthenticationTicket ticket);
+
+        /// <summary>
+        /// Retrieves an identity from the store for the given key.
+        /// </summary>
+        /// <param name="key">The key associated with the identity.</param>
+        /// <returns>The identity associated with the given key, or if not found.</returns>
+        Task<AuthenticationTicket> RetrieveAsync(string key);
+
+        /// <summary>
+        /// Remove the identity associated with the given key.
+        /// </summary>
+        /// <param name="key">The key associated with the identity.</param>
+        /// <returns></returns>
+        Task RemoveAsync(string key);
+    }
+}

From 83bffe35421c2096155f345cb0dff5beb0c98050 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 9 Sep 2014 15:26:50 -0700
Subject: [PATCH 073/900] #32 - Port Cookies OnSignedIn notification from
 Katana.

---
 .../CookieAuthenticationHandler.cs            | 21 +++++---
 .../CookieAuthenticationNotifications.cs      | 15 ++++++
 .../CookieResponseSignedInContext.cs          | 52 +++++++++++++++++++
 .../ICookieAuthenticationNotifications.cs     |  6 +++
 4 files changed, 88 insertions(+), 6 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignedInContext.cs

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 317c27d21a..b83835affc 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -138,7 +138,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
                 if (shouldSignin)
                 {
-                    var context = new CookieResponseSignInContext(
+                    var signInContext = new CookieResponseSignInContext(
                         Context,
                         Options,
                         Options.AuthenticationType,
@@ -162,15 +162,15 @@ namespace Microsoft.AspNet.Security.Cookies
                         signin.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
                     }
 
-                    Options.Notifications.ResponseSignIn(context);
+                    Options.Notifications.ResponseSignIn(signInContext);
 
-                    if (context.Properties.IsPersistent)
+                    if (signInContext.Properties.IsPersistent)
                     {
-                        DateTimeOffset expiresUtc = context.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
-                        context.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
+                        DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
+                        signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
                     }
 
-                    model = new AuthenticationTicket(context.Identity, context.Properties);
+                    model = new AuthenticationTicket(signInContext.Identity, signInContext.Properties);
                     if (Options.SessionStore != null)
                     {
                         if (_sessionKey != null)
@@ -190,6 +190,15 @@ namespace Microsoft.AspNet.Security.Cookies
                         Options.CookieName,
                         cookieValue,
                         cookieOptions);
+
+                    var signedInContext = new CookieResponseSignedInContext(
+                        Context,
+                        Options,
+                        Options.AuthenticationType,
+                        signInContext.Identity,
+                        signInContext.Properties);
+
+                    Options.Notifications.ResponseSignedIn(signedInContext);
                 }
                 else if (shouldSignout)
                 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
index 79b7e5bd99..efa30c02e2 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -21,6 +21,7 @@ namespace Microsoft.AspNet.Security.Cookies
         {
             OnValidateIdentity = context => Task.FromResult(0);
             OnResponseSignIn = context => { };
+            OnResponseSignedIn = context => { };
             OnResponseSignOut = context => { };
             OnApplyRedirect = DefaultBehavior.ApplyRedirect;
         }
@@ -35,6 +36,11 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         public Action<CookieResponseSignInContext> OnResponseSignIn { get; set; }
 
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Action<CookieResponseSignedInContext> OnResponseSignedIn { get; set; }
+
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
@@ -64,6 +70,15 @@ namespace Microsoft.AspNet.Security.Cookies
             OnResponseSignIn.Invoke(context);
         }
 
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context"></param>
+        public virtual void ResponseSignedIn(CookieResponseSignedInContext context)
+        {
+            OnResponseSignedIn.Invoke(context);
+        }
+
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignedInContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignedInContext.cs
new file mode 100644
index 0000000000..3366fb9f71
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignedInContext.cs
@@ -0,0 +1,52 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Context object passed to the ICookieAuthenticationNotifications method ResponseSignedIn.
+    /// </summary>    
+    public class CookieResponseSignedInContext : BaseContext<CookieAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new instance of the context object.
+        /// </summary>
+        /// <param name="context">The HTTP request context</param>
+        /// <param name="options">The middleware options</param>
+        /// <param name="authenticationType">Initializes AuthenticationType property</param>
+        /// <param name="identity">Initializes Identity property</param>
+        /// <param name="properties">Initializes Properties property</param>
+        public CookieResponseSignedInContext(
+            HttpContext context,
+            CookieAuthenticationOptions options,
+            string authenticationType,
+            ClaimsIdentity identity,
+            AuthenticationProperties properties)
+            : base(context, options)
+        {
+            AuthenticationType = authenticationType;
+            Identity = identity;
+            Properties = properties;
+        }
+
+        /// <summary>
+        /// The name of the AuthenticationType creating a cookie
+        /// </summary>
+        public string AuthenticationType { get; private set; }
+
+        /// <summary>
+        /// Contains the claims that were converted into the outgoing cookie.
+        /// </summary>
+        public ClaimsIdentity Identity { get; private set; }
+
+        /// <summary>
+        /// Contains the extra data that was contained in the outgoing cookie.
+        /// </summary>
+        public AuthenticationProperties Properties { get; private set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index f97a4546e3..046dcd1538 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -26,6 +26,12 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         void ResponseSignIn(CookieResponseSignInContext context);
 
+        /// <summary>
+        /// Called when an endpoint has provided sign in information after it is converted into a cookie.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        void ResponseSignedIn(CookieResponseSignedInContext context);
+
         /// <summary>
         /// Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
         /// </summary>

From b10cda80a7b8f496d3c24b904e983dc662402776 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 9 Sep 2014 16:12:19 -0700
Subject: [PATCH 074/900] #32 - Port Cookies OnException notification from
 Katana.

---
 .../CookieAuthenticationHandler.cs            | 169 +++++++++++-------
 .../CookieAuthenticationNotifications.cs      |  15 ++
 .../Notifications/CookieExceptionContext.cs   |  83 +++++++++
 .../ICookieAuthenticationNotifications.cs     |   6 +
 4 files changed, 210 insertions(+), 63 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.Cookies/Notifications/CookieExceptionContext.cs

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index b83835affc..db5ea054c4 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -41,69 +41,84 @@ namespace Microsoft.AspNet.Security.Cookies
 
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
         {
-            string cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
-            if (string.IsNullOrWhiteSpace(cookie))
+            AuthenticationTicket ticket = null;
+            try
             {
-                return null;
-            }
-
-            AuthenticationTicket ticket = Options.TicketDataFormat.Unprotect(cookie);
-
-            if (ticket == null)
-            {
-                _logger.WriteWarning(@"Unprotect ticket failed");
-                return null;
-            }
-
-            if (Options.SessionStore != null)
-            {
-                Claim claim = ticket.Identity.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
-                if (claim == null)
+                string cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
+                if (string.IsNullOrWhiteSpace(cookie))
                 {
-                    _logger.WriteWarning(@"SessoinId missing");
                     return null;
                 }
-                _sessionKey = claim.Value;
-                ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
+
+                ticket = Options.TicketDataFormat.Unprotect(cookie);
+
                 if (ticket == null)
                 {
-                    _logger.WriteWarning(@"Identity missing in session store");
+                    _logger.WriteWarning(@"Unprotect ticket failed");
                     return null;
                 }
-            }
 
-            DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
-            DateTimeOffset? issuedUtc = ticket.Properties.IssuedUtc;
-            DateTimeOffset? expiresUtc = ticket.Properties.ExpiresUtc;
-
-            if (expiresUtc != null && expiresUtc.Value < currentUtc)
-            {
                 if (Options.SessionStore != null)
                 {
-                    await Options.SessionStore.RemoveAsync(_sessionKey);
+                    Claim claim = ticket.Identity.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
+                    if (claim == null)
+                    {
+                        _logger.WriteWarning(@"SessoinId missing");
+                        return null;
+                    }
+                    _sessionKey = claim.Value;
+                    ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
+                    if (ticket == null)
+                    {
+                        _logger.WriteWarning(@"Identity missing in session store");
+                        return null;
+                    }
                 }
-                return null;
-            }
 
-            if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration)
-            {
-                TimeSpan timeElapsed = currentUtc.Subtract(issuedUtc.Value);
-                TimeSpan timeRemaining = expiresUtc.Value.Subtract(currentUtc);
+                DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
+                DateTimeOffset? issuedUtc = ticket.Properties.IssuedUtc;
+                DateTimeOffset? expiresUtc = ticket.Properties.ExpiresUtc;
 
-                if (timeRemaining < timeElapsed)
+                if (expiresUtc != null && expiresUtc.Value < currentUtc)
                 {
-                    _shouldRenew = true;
-                    _renewIssuedUtc = currentUtc;
-                    TimeSpan timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
-                    _renewExpiresUtc = currentUtc.Add(timeSpan);
+                    if (Options.SessionStore != null)
+                    {
+                        await Options.SessionStore.RemoveAsync(_sessionKey);
+                    }
+                    return null;
                 }
+
+                if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration)
+                {
+                    TimeSpan timeElapsed = currentUtc.Subtract(issuedUtc.Value);
+                    TimeSpan timeRemaining = expiresUtc.Value.Subtract(currentUtc);
+
+                    if (timeRemaining < timeElapsed)
+                    {
+                        _shouldRenew = true;
+                        _renewIssuedUtc = currentUtc;
+                        TimeSpan timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
+                        _renewExpiresUtc = currentUtc.Add(timeSpan);
+                    }
+                }
+
+                var context = new CookieValidateIdentityContext(Context, ticket, Options);
+
+                await Options.Notifications.ValidateIdentity(context);
+
+                return new AuthenticationTicket(context.Identity, context.Properties);
+            }
+            catch (Exception exception)
+            {
+                CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
+                    CookieExceptionContext.ExceptionLocation.Authenticate, exception, ticket);
+                Options.Notifications.Exception(exceptionContext);
+                if (exceptionContext.Rethrow)
+                {
+                    throw;
+                }
+                return exceptionContext.Ticket;
             }
-
-            var context = new CookieValidateIdentityContext(Context, ticket, Options);
-
-            await Options.Notifications.ValidateIdentity(context);
-
-            return new AuthenticationTicket(context.Identity, context.Properties);
         }
 
         protected override void ApplyResponseGrant()
@@ -118,9 +133,14 @@ namespace Microsoft.AspNet.Security.Cookies
             var signout = SignOutContext;
             bool shouldSignout = signout != null;
 
-            if (shouldSignin || shouldSignout || _shouldRenew)
+            if (!(shouldSignin || shouldSignout || _shouldRenew))
+            {
+                return;
+            }
+
+            AuthenticationTicket model = await AuthenticateAsync();
+            try
             {
-                AuthenticationTicket model = await AuthenticateAsync();
                 var cookieOptions = new CookieOptions
                 {
                     Domain = Options.CookieDomain,
@@ -274,6 +294,16 @@ namespace Microsoft.AspNet.Security.Cookies
                     }
                 }
             }
+            catch (Exception exception)
+            {
+                CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
+                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
+                Options.Notifications.Exception(exceptionContext);
+                if (exceptionContext.Rethrow)
+                {
+                    throw;
+                }
+            }
         }
 
         private static bool IsHostRelative(string path)
@@ -308,24 +338,37 @@ namespace Microsoft.AspNet.Security.Cookies
                 loginUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
             }
 
-            if (string.IsNullOrWhiteSpace(loginUri))
+            try
             {
-                string currentUri =
-                    Request.PathBase +
-                    Request.Path +
-                    Request.QueryString;
+                if (string.IsNullOrWhiteSpace(loginUri))
+                {
+                    string currentUri =
+                        Request.PathBase +
+                        Request.Path +
+                        Request.QueryString;
 
-                loginUri =
-                    Request.Scheme +
-                    "://" +
-                    Request.Host +
-                    Request.PathBase +
-                    Options.LoginPath +
-                    new QueryString(Options.ReturnUrlParameter, currentUri);
+                    loginUri =
+                        Request.Scheme +
+                        "://" +
+                        Request.Host +
+                        Request.PathBase +
+                        Options.LoginPath +
+                        new QueryString(Options.ReturnUrlParameter, currentUri);
+                }
+
+                var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
+                Options.Notifications.ApplyRedirect(redirectContext);
+            }
+            catch (Exception exception)
+            {
+                CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
+                    CookieExceptionContext.ExceptionLocation.ApplyResponseChallenge, exception, ticket: null);
+                Options.Notifications.Exception(exceptionContext);
+                if (exceptionContext.Rethrow)
+                {
+                    throw;
+                }
             }
-
-            var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
-            Options.Notifications.ApplyRedirect(redirectContext);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
index efa30c02e2..e378a08c17 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -24,6 +24,7 @@ namespace Microsoft.AspNet.Security.Cookies
             OnResponseSignedIn = context => { };
             OnResponseSignOut = context => { };
             OnApplyRedirect = DefaultBehavior.ApplyRedirect;
+            OnException = context => { };
         }
 
         /// <summary>
@@ -51,6 +52,11 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         public Action<CookieApplyRedirectContext> OnApplyRedirect { get; set; }
 
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Action<CookieExceptionContext> OnException { get; set; }
+
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
@@ -96,5 +102,14 @@ namespace Microsoft.AspNet.Security.Cookies
         {
             OnApplyRedirect.Invoke(context);
         }
+
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        public virtual void Exception(CookieExceptionContext context)
+        {
+            OnException.Invoke(context);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieExceptionContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieExceptionContext.cs
new file mode 100644
index 0000000000..e8e4fc80bb
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieExceptionContext.cs
@@ -0,0 +1,83 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.Cookies
+{
+    /// <summary>
+    /// Context object passed to the ICookieAuthenticationProvider method Exception.
+    /// </summary>    
+    public class CookieExceptionContext : BaseContext<CookieAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a new instance of the context object.
+        /// </summary>
+        /// <param name="context">The HTTP request context</param>
+        /// <param name="options">The middleware options</param>
+        /// <param name="location">The location of the exception</param>
+        /// <param name="exception">The exception thrown.</param>
+        /// <param name="ticket">The current ticket, if any.</param>
+        public CookieExceptionContext(
+            HttpContext context,
+            CookieAuthenticationOptions options,
+            ExceptionLocation location,
+            Exception exception,
+            AuthenticationTicket ticket)
+            : base(context, options)
+        {
+            Location = location;
+            Exception = exception;
+            Rethrow = true;
+            Ticket = ticket;
+        }
+
+        /// <summary>
+        /// The code paths where exceptions may be reported.
+        /// </summary>
+        [SuppressMessage("Microsoft.Design", "CA1034:NestedTypesShouldNotBeVisible", Scope = "type",
+            Target = "Microsoft.Owin.Security.Cookies.CookieExceptionContext+ExceptionLocation", Justification = "It is a directly related option.")]
+        public enum ExceptionLocation
+        {
+            /// <summary>
+            /// The exception was reported in the Authenticate code path.
+            /// </summary>
+            Authenticate,
+
+            /// <summary>
+            /// The exception was reported in the ApplyResponseGrant code path, during sign-in, sign-out, or refresh.
+            /// </summary>
+            ApplyResponseGrant,
+
+            /// <summary>
+            /// The exception was reported in the ApplyResponseChallenge code path, during redirect generation.
+            /// </summary>
+            ApplyResponseChallenge,
+        }
+
+        /// <summary>
+        /// The code path the exception occurred in.
+        /// </summary>
+        public ExceptionLocation Location { get; private set; }
+
+        /// <summary>
+        /// The exception thrown.
+        /// </summary>
+        public Exception Exception { get; private set; }
+
+        /// <summary>
+        /// True if the exception should be re-thrown (default), false if it should be suppressed. 
+        /// </summary>
+        public bool Rethrow { get; set; }
+
+        /// <summary>
+        /// The current authentication ticket, if any.
+        /// In the AuthenticateAsync code path, if the given exception is not re-thrown then this ticket
+        /// will be returned to the application. The ticket may be replaced if needed.
+        /// </summary>
+        public AuthenticationTicket Ticket { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index 046dcd1538..b6ced343f4 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -43,5 +43,11 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         /// <param name="context">Contains information about the login session as well as information about the authentication cookie.</param>
         void ResponseSignOut(CookieResponseSignOutContext context);
+
+        /// <summary>
+        /// Called when an exception occurs during request or response processing.
+        /// </summary>
+        /// <param name="context">Contains information about the exception that occurred</param>
+        void Exception(CookieExceptionContext context);
     }
 }

From a9e40ac895cadf4bea118c1e6eee69d1434db1cb Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 9 Sep 2014 16:17:46 -0700
Subject: [PATCH 075/900] Properly delete the correlation cookie. See Katana
 #230.

---
 .../Infrastructure/AuthenticationHandler.cs                | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 7970caa3a2..f7e5adc342 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -362,7 +362,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 return false;
             }
 
-            Response.Cookies.Delete(correlationKey);
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsSecure
+            };
+            Response.Cookies.Delete(correlationKey, cookieOptions);
 
             string correlationExtra;
             if (!properties.Dictionary.TryGetValue(

From f258724cbd355a8097c88bf87eeb056ede378609 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 9 Sep 2014 16:38:06 -0700
Subject: [PATCH 076/900] #32 - Honor AuthenticationProperties.AllowRefresh.

---
 .../CookieAuthenticationHandler.cs                             | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index db5ea054c4..45ee685990 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -88,7 +88,8 @@ namespace Microsoft.AspNet.Security.Cookies
                     return null;
                 }
 
-                if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration)
+                bool allowRefresh = ticket.Properties.AllowRefresh ?? true;
+                if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration && allowRefresh)
                 {
                     TimeSpan timeElapsed = currentUtc.Subtract(issuedUtc.Value);
                     TimeSpan timeRemaining = expiresUtc.Value.Subtract(currentUtc);

From 55f8b9d41ddabaf7158e41b3bdfceeee96f3cfbc Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 12 Sep 2014 14:32:35 -0700
Subject: [PATCH 077/900] Rebase.

---
 samples/CookieSessionSample/Startup.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index c5359a05f3..32721afb05 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -8,7 +8,7 @@ namespace CookieSessionSample
 {
     public class Startup
     {
-        public void Configure(IBuilder app)
+        public void Configure(IApplicationBuilder app)
         {
             app.UseCookieAuthentication(new CookieAuthenticationOptions()
             {

From 07b3fe213595ab99c3e74919c71b496311bac560 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 12 Sep 2014 14:42:55 -0700
Subject: [PATCH 078/900] #32 - Port comment and flow cleanup from Katana.

---
 .../CookieAuthenticationHandler.cs                            | 4 ++--
 .../Notifications/CookieAuthenticationNotifications.cs        | 4 ++--
 .../Notifications/CookieResponseSignOutContext.cs             | 2 +-
 .../Notifications/ICookieAuthenticationNotifications.cs       | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 45ee685990..1a2b7eeb82 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -210,7 +210,7 @@ namespace Microsoft.AspNet.Security.Cookies
                         Context,
                         Options.CookieName,
                         cookieValue,
-                        cookieOptions);
+                        signInContext.CookieOptions);
 
                     var signedInContext = new CookieResponseSignedInContext(
                         Context,
@@ -238,7 +238,7 @@ namespace Microsoft.AspNet.Security.Cookies
                     Options.CookieManager.DeleteCookie(
                         Context,
                         Options.CookieName,
-                        cookieOptions);
+                        context.CookieOptions);
                 }
                 else if (_shouldRenew)
                 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
index e378a08c17..c38489ed83 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -95,10 +95,10 @@ namespace Microsoft.AspNet.Security.Cookies
         }
 
         /// <summary>
-        /// Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
+        /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public void ApplyRedirect(CookieApplyRedirectContext context)
+        public virtual void ApplyRedirect(CookieApplyRedirectContext context)
         {
             OnApplyRedirect.Invoke(context);
         }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
index b484b74365..a7cf4129ac 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
         /// <summary>
         /// The options for creating the outgoing cookie.
-        /// May be replace or altered during the ResponseSignIn call.
+        /// May be replace or altered during the ResponseSignOut call.
         /// </summary>
         public CookieOptions CookieOptions
         {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index b6ced343f4..edfb6b69cc 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.Cookies
         void ApplyRedirect(CookieApplyRedirectContext context);
 
         /// <summary>
-        /// 
+        /// Called during the sign-out flow to augment the cookie cleanup process.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as information about the authentication cookie.</param>
         void ResponseSignOut(CookieResponseSignOutContext context);

From 35ad3ec7bb5cdbd7091c6fbcf912f25131e65d7d Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 15 Sep 2014 09:35:55 -0700
Subject: [PATCH 079/900] Code cleanup.

---
 .../MemoryCacheSessionStore.cs                |   4 +-
 samples/CookieSessionSample/Startup.cs        |   2 +-
 samples/CookieSessionSample/project.json      |   2 +-
 .../CookieAuthenticationHandler.cs            |   2 +-
 .../CookieAuthenticationMiddleware.cs         |   1 -
 .../Infrastructure/ChunkingCookieManager.cs   | 120 +++++++-----------
 6 files changed, 54 insertions(+), 77 deletions(-)

diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
index 07adddd048..e452683d41 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -1,8 +1,8 @@
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.MemoryCache;
 using Microsoft.AspNet.Security;
 using Microsoft.AspNet.Security.Cookies.Infrastructure;
+using Microsoft.Framework.Cache.Memory;
 
 namespace CookieSessionSample
 {
@@ -33,7 +33,7 @@ namespace CookieSessionSample
                 {
                     context.SetAbsoluteExpiration(expiresUtc.Value);
                 }
-                context.SetSlidingExpiraiton(TimeSpan.FromHours(1)); // TODO: configurable.
+                context.SetSlidingExpiration(TimeSpan.FromHours(1)); // TODO: configurable.
 
                 return (AuthenticationTicket)context.State;
             });
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 32721afb05..890e63116f 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -17,7 +17,7 @@ namespace CookieSessionSample
 
             app.Run(async context =>
             {
-                if (context.User == null || !context.User.Identity.IsAuthenticated)
+                if (context.User.Identity == null || !context.User.Identity.IsAuthenticated)
                 {
                     // Make a large identity
                     var claims = new List<Claim>(1001);
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 7299177120..c5aca5588a 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -4,12 +4,12 @@
     "Microsoft.AspNet.Hosting": "1.0.0-*",
     "Microsoft.AspNet.Http": "1.0.0-*",
     "Microsoft.AspNet.HttpFeature": "1.0.0-*",
-    "Microsoft.AspNet.MemoryCache": "1.0.0-*",
     "Microsoft.AspNet.PipelineCore": "1.0.0-*",
     "Microsoft.AspNet.RequestContainer": "1.0.0-*",
     "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Framework.Cache.Memory": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*"
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 1a2b7eeb82..4a43b58be4 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -63,7 +63,7 @@ namespace Microsoft.AspNet.Security.Cookies
                     Claim claim = ticket.Identity.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
                     if (claim == null)
                     {
-                        _logger.WriteWarning(@"SessoinId missing");
+                        _logger.WriteWarning(@"SessionId missing");
                         return null;
                     }
                     _sessionKey = claim.Value;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 1349ccadeb..92ab1b1225 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -4,7 +4,6 @@
 
 using System;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies.Infrastructure;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
index d5e48c1983..f4d893bd58 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
@@ -17,6 +17,8 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
     {
         public ChunkingCookieManager()
         {
+            // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
+            // See http://browsercookielimits.x64.me/.
             ChunkSize = 4090;
             ThrowForPartialCookies = true;
         }
@@ -40,9 +42,8 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
         {
             if (value != null && value.StartsWith("chunks:", StringComparison.Ordinal))
             {
-                string chunksCountString = value.Substring("chunks:".Length);
-                int chunksCount;
-                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out chunksCount))
+                var chunksCountString = value.Substring("chunks:".Length);
+                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out var chunksCount))
                 {
                     return chunksCount;
                 }
@@ -57,28 +58,23 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
         /// <param name="context"></param>
         /// <param name="key"></param>
         /// <returns>The reassembled cookie, if any, or null.</returns>
-        public string GetRequestCookie(HttpContext context, string key)
+        public string GetRequestCookie([NotNull] HttpContext context, [NotNull] string key)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException("context");
-            }
-
-            IReadableStringCollection requestCookies = context.Request.Cookies;
-            string value = requestCookies[key];
-            int chunksCount = ParseChunksCount(value);
+            var requestCookies = context.Request.Cookies;
+            var value = requestCookies[key];
+            var chunksCount = ParseChunksCount(value);
             if (chunksCount > 0)
             {
-                bool quoted = false;
-                string[] chunks = new string[chunksCount];
-                for (int chunkId = 1; chunkId <= chunksCount; chunkId++)
+                var quoted = false;
+                var chunks = new string[chunksCount];
+                for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
                 {
-                    string chunk = requestCookies[key + "C" + chunkId.ToString(CultureInfo.InvariantCulture)];
+                    var chunk = requestCookies[key + "C" + chunkId.ToString(CultureInfo.InvariantCulture)];
                     if (chunk == null)
                     {
                         if (ThrowForPartialCookies)
                         {
-                            int totalSize = 0;
+                            var totalSize = 0;
                             for (int i = 0; i < chunkId - 1; i++)
                             {
                                 totalSize += chunks[i].Length;
@@ -97,7 +93,7 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
                     }
                     chunks[chunkId - 1] = chunk;
                 }
-                string merged = string.Join(string.Empty, chunks);
+                var merged = string.Join(string.Empty, chunks);
                 if (quoted)
                 {
                     merged = Quote(merged);
@@ -119,25 +115,16 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
         /// <param name="key"></param>
         /// <param name="value"></param>
         /// <param name="options"></param>
-        public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
+        public void AppendResponseCookie([NotNull] HttpContext context, [NotNull] string key, string value, [NotNull] CookieOptions options)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException("context");
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException("options");
-            }
+            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            var pathHasValue = !string.IsNullOrEmpty(options.Path);
+            var expiresHasValue = options.Expires.HasValue;
 
-            bool domainHasValue = !string.IsNullOrEmpty(options.Domain);
-            bool pathHasValue = !string.IsNullOrEmpty(options.Path);
-            bool expiresHasValue = options.Expires.HasValue;
+            var escapedKey = Uri.EscapeDataString(key);
+            var prefix = escapedKey + "=";
 
-            string escapedKey = Uri.EscapeDataString(key);
-            string prefix = escapedKey + "=";
-
-            string suffix = string.Concat(
+            var suffix = string.Concat(
                 !domainHasValue ? null : "; domain=",
                 !domainHasValue ? null : options.Domain,
                 !pathHasValue ? null : "; path=",
@@ -148,19 +135,19 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
                 !options.HttpOnly ? null : "; HttpOnly");
 
             value = value ?? string.Empty;
-            bool quoted = false;
+            var quoted = false;
             if (IsQuoted(value))
             {
                 quoted = true;
                 value = RemoveQuotes(value);
             }
-            string escapedValue = Uri.EscapeDataString(value);
+            var escapedValue = Uri.EscapeDataString(value);
 
             // Normal cookie
-            IHeaderDictionary responseHeaders = context.Response.Headers;
+            var responseHeaders = context.Response.Headers;
             if (!ChunkSize.HasValue || ChunkSize.Value > prefix.Length + escapedValue.Length + suffix.Length + (quoted ? 2 : 0))
             {
-                string setCookieValue = string.Concat(
+                var setCookieValue = string.Concat(
                     prefix,
                     quoted ? Quote(escapedValue) : escapedValue,
                     suffix);
@@ -180,18 +167,18 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
                 // Set-Cookie: CookieNameC1="Segment1"; path=/
                 // Set-Cookie: CookieNameC2="Segment2"; path=/
                 // Set-Cookie: CookieNameC3="Segment3"; path=/
-                int dataSizePerCookie = ChunkSize.Value - prefix.Length - suffix.Length - (quoted ? 2 : 0) - 3; // Budget 3 chars for the chunkid.
-                int cookieChunkCount = (int)Math.Ceiling(escapedValue.Length * 1.0 / dataSizePerCookie);
+                var dataSizePerCookie = ChunkSize.Value - prefix.Length - suffix.Length - (quoted ? 2 : 0) - 3; // Budget 3 chars for the chunkid.
+                var cookieChunkCount = (int)Math.Ceiling(escapedValue.Length * 1.0 / dataSizePerCookie);
 
                 responseHeaders.AppendValues(Constants.Headers.SetCookie, prefix + "chunks:" + cookieChunkCount.ToString(CultureInfo.InvariantCulture) + suffix);
-                
-                string[] chunks = new string[cookieChunkCount];
-                int offset = 0;
-                for (int chunkId = 1; chunkId <= cookieChunkCount; chunkId++)
+
+                var chunks = new string[cookieChunkCount];
+                var offset = 0;
+                for (var chunkId = 1; chunkId <= cookieChunkCount; chunkId++)
                 {
-                    int remainingLength = escapedValue.Length - offset;
-                    int length = Math.Min(dataSizePerCookie, remainingLength);
-                    string segment = escapedValue.Substring(offset, length);
+                    var remainingLength = escapedValue.Length - offset;
+                    var length = Math.Min(dataSizePerCookie, remainingLength);
+                    var segment = escapedValue.Substring(offset, length);
                     offset += length;
 
                     chunks[chunkId - 1] = string.Concat(
@@ -215,34 +202,25 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
         /// <param name="context"></param>
         /// <param name="key"></param>
         /// <param name="options"></param>
-        public void DeleteCookie(HttpContext context, string key, CookieOptions options)
+        public void DeleteCookie([NotNull] HttpContext context, [NotNull] string key, [NotNull] CookieOptions options)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException("context");
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException("options");
-            }
-
-            string escapedKey = Uri.EscapeDataString(key);
-            List<string> keys = new List<string>();
+            var escapedKey = Uri.EscapeDataString(key);
+            var keys = new List<string>();
             keys.Add(escapedKey + "=");
 
-            string requestCookie = context.Request.Cookies[key];
-            int chunks = ParseChunksCount(requestCookie);
+            var requestCookie = context.Request.Cookies[key];
+            var chunks = ParseChunksCount(requestCookie);
             if (chunks > 0)
             {
                 for (int i = 1; i <= chunks + 1; i++)
                 {
-                    string subkey = escapedKey + "C" + i.ToString(CultureInfo.InvariantCulture);
+                    var subkey = escapedKey + "C" + i.ToString(CultureInfo.InvariantCulture);
                     keys.Add(subkey + "=");
                 }
             }
 
-            bool domainHasValue = !string.IsNullOrEmpty(options.Domain);
-            bool pathHasValue = !string.IsNullOrEmpty(options.Path);
+            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            var pathHasValue = !string.IsNullOrEmpty(options.Path);
 
             Func<string, bool> rejectPredicate;
             Func<string, bool> predicate = value => keys.Any(k => value.StartsWith(k, StringComparison.OrdinalIgnoreCase));
@@ -259,8 +237,8 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
                 rejectPredicate = value => predicate(value);
             }
 
-            IHeaderDictionary responseHeaders = context.Response.Headers;
-            IList<string> existingValues = responseHeaders.GetValues(Constants.Headers.SetCookie);
+            var responseHeaders = context.Response.Headers;
+            var existingValues = responseHeaders.GetValues(Constants.Headers.SetCookie);
             if (existingValues != null)
             {
                 responseHeaders.SetValues(Constants.Headers.SetCookie, existingValues.Where(value => !rejectPredicate(value)).ToArray());
@@ -270,7 +248,7 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
                 context,
                 key,
                 string.Empty,
-                new CookieOptions
+                new CookieOptions()
                 {
                     Path = options.Path,
                     Domain = options.Domain,
@@ -283,7 +261,7 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
                     context, 
                     key + "C" + i.ToString(CultureInfo.InvariantCulture),
                     string.Empty,
-                    new CookieOptions
+                    new CookieOptions()
                     {
                         Path = options.Path,
                         Domain = options.Domain,
@@ -292,17 +270,17 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
             }
         }
 
-        private static bool IsQuoted(string value)
+        private static bool IsQuoted([NotNull] string value)
         {
             return value.Length >= 2 && value[0] == '"' && value[value.Length - 1] == '"';
         }
 
-        private static string RemoveQuotes(string value)
+        private static string RemoveQuotes([NotNull] string value)
         {
             return value.Substring(1, value.Length - 2);
         }
 
-        private static string Quote(string value)
+        private static string Quote([NotNull] string value)
         {
             return '"' + value + '"';
         }

From b832636484d85a3bfb6962d05c9835b931185e8b Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 15 Sep 2014 16:09:14 -0700
Subject: [PATCH 080/900] Clean sample dependencies.

---
 samples/CookieSample/project.json        | 15 ---------------
 samples/CookieSessionSample/project.json | 15 ---------------
 samples/SocialSample/project.json        | 14 --------------
 3 files changed, 44 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 405e3ba0d0..9d6c8a5348 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -16,21 +16,6 @@
     "aspnet50": {
     },
     "aspnetcore50": {
-      "dependencies": {
-        "System.Collections": "4.0.10.0",
-        "System.Console": "4.0.0.0",
-        "System.Diagnostics.Debug": "4.0.10.0",
-        "System.Diagnostics.Tools": "4.0.0.0",
-        "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.10.0",
-        "System.Linq": "4.0.0.0",
-        "System.Reflection": "4.0.10.0",
-        "System.Resources.ResourceManager": "4.0.0.0",
-        "System.Runtime": "4.0.20.0",
-        "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.20.0",
-        "System.Threading.Tasks": "4.0.10.0"
-      }
     }
   }
 }
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index c5aca5588a..9e72b7aca0 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -17,21 +17,6 @@
     "aspnet50": {
     },
     "aspnetcore50": {
-      "dependencies": {
-        "System.Collections": "4.0.10.0",
-        "System.Console": "4.0.0.0",
-        "System.Diagnostics.Debug": "4.0.10.0",
-        "System.Diagnostics.Tools": "4.0.0.0",
-        "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.10.0",
-        "System.Linq": "4.0.0.0",
-        "System.Reflection": "4.0.10.0",
-        "System.Resources.ResourceManager": "4.0.0.0",
-        "System.Runtime": "4.0.20.0",
-        "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.20.0",
-        "System.Threading.Tasks": "4.0.10.0"
-      }
     }
   }
 }
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index ed77607d2b..3909b91623 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -17,20 +17,6 @@
     "aspnet50": {
     },
     "aspnetcore50": {
-      "dependencies": {
-        "System.Collections": "4.0.10.0",
-        "System.Console": "4.0.0.0",
-        "System.Diagnostics.Debug": "4.0.10.0",
-        "System.Diagnostics.Tools": "4.0.0.0",
-        "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.0.0",
-        "System.Linq": "4.0.0.0",
-        "System.Resources.ResourceManager": "4.0.0.0",
-        "System.Runtime": "4.0.20.0",
-        "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.20.0",
-        "System.Threading.Tasks": "4.0.10.0"
-      }
     }
   }
 }

From 1a6b6fdd911643ef9cd9a21f36bea460148d2ecb Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 17 Sep 2014 09:59:12 -0700
Subject: [PATCH 081/900] Updating release NuGet.config

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index f41e9c631d..1ce6b9e257 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From ffedd046571d3c7014853fb4e59d92ab681b27eb Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 17 Sep 2014 09:59:14 -0700
Subject: [PATCH 082/900] Updating dev NuGet.config

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 1ce6b9e257..f41e9c631d 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From 43cdd54c16481244e7836a427bc90e89bcf1828d Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 1 Oct 2014 14:47:27 -0700
Subject: [PATCH 083/900] Removing declaration expressions

---
 .../Infrastructure/ChunkingCookieManager.cs                    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
index f4d893bd58..07fc0db347 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
@@ -43,7 +43,8 @@ namespace Microsoft.AspNet.Security.Cookies.Infrastructure
             if (value != null && value.StartsWith("chunks:", StringComparison.Ordinal))
             {
                 var chunksCountString = value.Substring("chunks:".Length);
-                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out var chunksCount))
+                int chunksCount;
+                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out chunksCount))
                 {
                     return chunksCount;
                 }

From 0f9ac1f84fa31083f154c20f924d32855f3b11dd Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 24 Sep 2014 12:13:33 -0700
Subject: [PATCH 084/900] #52 - Set a default user-agent for the OAuth
 backchannel.

---
 samples/SocialSample/Startup.cs                                  | 1 -
 .../OAuthAuthenticationMiddleware.cs                             | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 5fbb8887a4..06309f541b 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -119,7 +119,6 @@ namespace CookieSample
                         HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
                         userRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
                         userRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
-                        userRequest.Headers.UserAgent.ParseAdd("Microsoft ASP.NET OAuth middleware for GitHub");
                         HttpResponseMessage userResponse = await context.Backchannel.SendAsync(userRequest, context.HttpContext.RequestAborted);
                         userResponse.EnsureSuccessStatusCode();
                         var text = await userResponse.Content.ReadAsStringAsync();
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
index 3dd00f4b0e..009b025488 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -62,6 +62,7 @@ namespace Microsoft.AspNet.Security.OAuth
             }
 
             Backchannel = new HttpClient(ResolveHttpMessageHandler(Options));
+            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET OAuth middleware");
             Backchannel.Timeout = Options.BackchannelTimeout;
             Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
         }

From 23c024ef4112f12ea4e107ceee7a0ee30ae4fb61 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Sun, 5 Oct 2014 12:26:17 -0700
Subject: [PATCH 085/900] Fixup references

---
 samples/CookieSample/project.json             |  5 --
 samples/CookieSessionSample/project.json      |  7 --
 samples/SocialSample/project.json             | 34 +++++-----
 .../project.json                              |  4 --
 .../project.json                              | 10 +--
 .../project.json                              | 10 +--
 .../project.json                              | 10 +--
 .../project.json                              | 12 ++--
 .../project.json                              | 12 ++--
 src/Microsoft.AspNet.Security/project.json    | 68 +++++++++----------
 .../project.json                              | 57 ++++++++--------
 11 files changed, 104 insertions(+), 125 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 9d6c8a5348..a962cc9626 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,10 +1,5 @@
 {
   "dependencies": {
-    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
-    "Microsoft.AspNet.Hosting": "1.0.0-*",
-    "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
-    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
     "Microsoft.AspNet.RequestContainer": "1.0.0-*",
     "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 9e72b7aca0..660715f5f1 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,12 +1,5 @@
 {
   "dependencies": {
-    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
-    "Microsoft.AspNet.Hosting": "1.0.0-*",
-    "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
-    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
-    "Microsoft.AspNet.RequestContainer": "1.0.0-*",
-    "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Framework.Cache.Memory": "1.0.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 3909b91623..b1942aa64d 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,22 +1,20 @@
 {
-  "dependencies": {
-    "Microsoft.AspNet.Hosting": "1.0.0-*",
-    "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.Diagnostics": "1.0.0-*",
-    "Microsoft.AspNet.Security": "1.0.0-*",
-    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
-    "Microsoft.AspNet.Security.Google": "1.0.0-*",
-    "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
-    "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-    "Microsoft.Framework.DependencyInjection": "1.0.0-*"
-  },
-  "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
-  "frameworks": {
-    "aspnet50": {
+    "dependencies": {
+        "Microsoft.AspNet.Diagnostics": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
+        "Microsoft.AspNet.Security.Google": "1.0.0-*",
+        "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
+        "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.Framework.DependencyInjection": "1.0.0-*"
     },
-    "aspnetcore50": {
+    "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
+    "frameworks": {
+        "aspnet50": {
+        },
+        "aspnetcore50": {
+        }
     }
-  }
 }
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 715a02a7e9..154d018216 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,10 +1,6 @@
 {
   "version": "1.0.0-*",
   "dependencies": {
-    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
-    "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
-    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
     "Microsoft.AspNet.RequestContainer": "1.0.0-*",
     "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index eeba5b2d22..6ad815156a 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -1,19 +1,18 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4",
-        "System.Net.Http": "4.0.0.0"
+        "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
         "aspnet50": {
-            "dependencies": {
+            "frameworkAssemblies": {
+                "System.Net.Http": "4.0.0.0"
             }
         },
         "aspnetcore50": {
@@ -36,7 +35,8 @@
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
                 "System.Security.Principal": "4.0.0.0",
                 "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0"
+                "System.Threading.Tasks": "4.0.10.0",
+                "System.Net.Http": "4.0.0.0"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index eeba5b2d22..6ad815156a 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -1,19 +1,18 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4",
-        "System.Net.Http": "4.0.0.0"
+        "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
         "aspnet50": {
-            "dependencies": {
+            "frameworkAssemblies": {
+                "System.Net.Http": "4.0.0.0"
             }
         },
         "aspnetcore50": {
@@ -36,7 +35,8 @@
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
                 "System.Security.Principal": "4.0.0.0",
                 "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0"
+                "System.Threading.Tasks": "4.0.10.0",
+                "System.Net.Http": "4.0.0.0"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index cf6a2e96a8..c0c9fa2067 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -1,19 +1,18 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4",
-        "System.Net.Http": "4.0.0.0"
+        "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
         "aspnet50": {
-            "dependencies": {
+            "frameworkAssemblies": {
+                "System.Net.Http": "4.0.0.0"
             }
         },
         "aspnetcore50": {
@@ -38,7 +37,8 @@
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
                 "System.Security.Principal": "4.0.0.0",
                 "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0"
+                "System.Threading.Tasks": "4.0.10.0",
+                "System.Net.Http": "4.0.0.0"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index f81cf844e8..0d4766cadb 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -1,19 +1,18 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4",
-        "System.Net.Http": "4.0.0.0"
+        "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
         "aspnet50": {
-            "dependencies": {
-                "System.Net.Http.WebRequest": ""
+            "frameworkAssemblies": {
+                "System.Net.Http.WebRequest": "4.0.0.0",
+                "System.Net.Http": "4.0.0.0"
             }
         },
         "aspnetcore50": {
@@ -39,7 +38,8 @@
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
                 "System.Security.Principal": "4.0.0.0",
                 "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0"
+                "System.Threading.Tasks": "4.0.10.0",
+                "System.Net.Http": "4.0.0.0"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index f8498191be..5f1c34c942 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -1,19 +1,18 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4",
-        "System.Net.Http": "4.0.0.0"
+        "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
         "aspnet50": {
-            "dependencies": {
-                "System.Net.Http.WebRequest": ""
+            "frameworkAssemblies": {
+                "System.Net.Http.WebRequest": "4.0.0.0",
+                "System.Net.Http": "4.0.0.0"
             }
         },
         "aspnetcore50": {
@@ -37,7 +36,8 @@
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
                 "System.Security.Principal": "4.0.0.0",
                 "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0"
+                "System.Threading.Tasks": "4.0.10.0",
+                "System.Net.Http": "4.0.0.0"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index d547252967..11854a0e14 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,38 +1,36 @@
 {
-  "version": "1.0.0-*",
-  "dependencies": {
-    "Microsoft.AspNet.FeatureModel": "1.0.0-*",
-    "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.HttpFeature": "1.0.0-*",
-    "Microsoft.AspNet.PipelineCore": "1.0.0-*",
-    "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-    "Microsoft.Framework.Logging": "1.0.0-*"
-  },
-  "frameworks": {
-    "aspnet50": {},
-    "aspnetcore50": {
-      "dependencies": {
-        "System.Collections": "4.0.10.0",
-        "System.ComponentModel": "4.0.0.0",
-        "System.Console": "4.0.0.0",
-        "System.Diagnostics.Debug": "4.0.10.0",
-        "System.Diagnostics.Tools": "4.0.0.0",
-        "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.10.0",
-        "System.IO.Compression": "4.0.0.0",
-        "System.Linq": "4.0.0.0",
-        "System.Reflection": "4.0.10.0",
-        "System.Resources.ResourceManager": "4.0.0.0",
-        "System.Runtime": "4.0.20.0",
-        "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.20.0",
-        "System.Security.Claims": "1.0.0-*",
-        "System.Security.Cryptography.RandomNumberGenerator" : "4.0.0.0",
-        "System.Security.Principal" : "4.0.0.0",
-        "System.Threading": "4.0.0.0",
-        "System.Threading.Tasks": "4.0.10.0"
-      }
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.HttpFeature": { "version": "1.0.0-*", "type": "build" },
+        "Microsoft.AspNet.PipelineCore": "1.0.0-*",
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*"
+    },
+    "frameworks": {
+        "aspnet50": { },
+        "aspnetcore50": {
+            "dependencies": {
+                "System.Collections": "4.0.10.0",
+                "System.ComponentModel": "4.0.0.0",
+                "System.Console": "4.0.0.0",
+                "System.Diagnostics.Debug": "4.0.10.0",
+                "System.Diagnostics.Tools": "4.0.0.0",
+                "System.Globalization": "4.0.10.0",
+                "System.IO": "4.0.10.0",
+                "System.IO.Compression": "4.0.0.0",
+                "System.Linq": "4.0.0.0",
+                "System.Reflection": "4.0.10.0",
+                "System.Resources.ResourceManager": "4.0.0.0",
+                "System.Runtime": "4.0.20.0",
+                "System.Runtime.Extensions": "4.0.10.0",
+                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Cryptography.RandomNumberGenerator": "4.0.0.0",
+                "System.Security.Principal": "4.0.0.0",
+                "System.Threading": "4.0.0.0",
+                "System.Threading.Tasks": "4.0.10.0"
+            }
+        }
     }
-  }
 }
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 49f7858ad5..c3b4a4b2c9 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -1,32 +1,31 @@
 {
-  "compilationOptions": {
-    "warningsAsErrors": true
-  },
-  "dependencies": {
-    "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.Security" : "1.0.0-*",
-    "Microsoft.AspNet.Security.Cookies" : "1.0.0-*",
-    "Microsoft.AspNet.Security.Facebook" : "1.0.0-*",
-    "Microsoft.AspNet.Security.Google" : "1.0.0-*",
-    "Microsoft.AspNet.Security.MicrosoftAccount" : "1.0.0-*",
-    "Microsoft.AspNet.Security.Twitter" : "1.0.0-*",
-    "Microsoft.AspNet.TestHost": "1.0.0-*",
-    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-    "System.Net.Http": "4.0.0.0",
-    "Moq": "4.2.1312.1622",
-    "Xunit.KRunner": "1.0.0-*"
-  },
-  "commands": {
-    "test": "Xunit.KRunner"
-  },
-  "frameworks": {
-    "aspnet50": { 
-      "dependencies": {
-        "Shouldly": "1.1.1.1",
-        "System.Runtime": "",
-        "System.Xml":  "",
-        "System.Xml.Linq":  ""
-      }
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
+    "dependencies": {
+        "Microsoft.AspNet.Http": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
+        "Microsoft.AspNet.Security.Google": "1.0.0-*",
+        "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
+        "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.TestHost": "1.0.0-*",
+        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+        "Moq": "4.2.1312.1622",
+        "Xunit.KRunner": "1.0.0-*"
+    },
+    "commands": {
+        "test": "Xunit.KRunner"
+    },
+    "frameworks": {
+        "aspnet50": {
+            "dependencies": {
+                "Shouldly": "1.1.1.1"
+            },
+            "frameworkAssemblies": {
+                "System.Net.Http": "4.0.0.0"
+            }
+        }
     }
-  }
 }

From 3426034bcb0f5ab114031cee74a528d8fe163ab5 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 8 Oct 2014 13:02:08 -0700
Subject: [PATCH 086/900] Use DI activated options for auth middlewares

UseXXX() now use DI activated options
Use ExternalAuthenticationOptions instead of DefaultSignInAs
---
 samples/CookieSample/Startup.cs               |   4 +-
 samples/CookieSessionSample/Startup.cs        |   5 +-
 samples/SocialSample/SocialSample.kproj       |   3 +-
 samples/SocialSample/Startup.cs               | 104 ++++----
 samples/SocialSample/project.json             |   3 +-
 .../CookieAuthenticationExtensions.cs         |  19 +-
 .../CookieAuthenticationMiddleware.cs         |  15 +-
 .../CookieAuthenticationOptions.cs            |   2 +-
 .../FacebookAuthenticationExtensions.cs       |  31 +--
 .../FacebookAuthenticationMiddleware.cs       |   7 +-
 .../FacebookAuthenticationOptions.cs          |   3 +-
 .../project.json                              |   1 +
 .../GoogleAuthenticationExtensions.cs         |  34 +--
 .../GoogleAuthenticationMiddleware.cs         |   7 +-
 .../GoogleAuthenticationOptions.cs            |   3 +-
 .../project.json                              |   3 +-
 ...icrosoftAccountAuthenticationExtensions.cs |  37 +--
 ...icrosoftAccountAuthenticationMiddleware.cs |   7 +-
 .../MicrosoftAccountAuthenticationOptions.cs  |   3 +-
 .../project.json                              |   1 +
 .../OAuthAuthenticationExtensions.cs          |  26 +-
 .../OAuthAuthenticationMiddleware.cs          |  25 +-
 .../OAuthAuthenticationOptions.cs             |   7 +-
 .../OAuthAuthenticationOptions`1.cs           |   8 -
 .../TwitterAuthenticationExtensions.cs        |  38 +--
 .../TwitterAuthenticationMiddleware.cs        |  18 +-
 .../TwitterAuthenticationOptions.cs           |   4 +-
 .../project.json                              |   1 +
 .../AuthenticationOptions.cs                  |  15 +-
 .../BuilderSecurityExtensions.cs              |  45 ----
 src/Microsoft.AspNet.Security/Constants.cs    |  17 --
 .../ExternalAuthenticationOptions.cs          |  13 +
 .../AuthenticationMiddleware.cs               |  17 +-
 src/Microsoft.AspNet.Security/Resources.resx  |   3 -
 src/Microsoft.AspNet.Security/project.json    |   3 +-
 .../Cookies/CookieMiddlewareTests.cs          |  95 +++----
 .../Facebook/FacebookMiddlewareTests.cs       |  69 +++--
 .../Google/GoogleMiddlewareTests.cs           | 244 +++++++++---------
 .../MicrosoftAccountMiddlewareTests.cs        | 148 ++++++-----
 .../Twitter/TwitterMiddlewareTests.cs         |  94 +++----
 .../project.json                              |   1 +
 41 files changed, 606 insertions(+), 577 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
 delete mode 100644 src/Microsoft.AspNet.Security/Constants.cs
 create mode 100644 src/Microsoft.AspNet.Security/ExternalAuthenticationOptions.cs

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 2e5602b9c4..fc78aec37d 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -9,9 +9,9 @@ namespace CookieSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UseCookieAuthentication(new CookieAuthenticationOptions()
+            app.UseServices(services => { });
+            app.UseCookieAuthentication(options =>
             {
-
             });
 
             app.Run(async context =>
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 890e63116f..a4217e6d2b 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -10,9 +10,10 @@ namespace CookieSessionSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UseCookieAuthentication(new CookieAuthenticationOptions()
+            app.UseServices(services => { });
+            app.UseCookieAuthentication(options => 
             {
-                SessionStore = new MemoryCacheSessionStore(),
+                options.SessionStore = new MemoryCacheSessionStore();
             });
 
             app.Run(async context =>
diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.kproj
index 4447d1b1d7..982c0c8f5f 100644
--- a/samples/SocialSample/SocialSample.kproj
+++ b/samples/SocialSample/SocialSample.kproj
@@ -7,7 +7,7 @@
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8c73d216-332d-41d8-bfd0-45bc4bc36552</ProjectGuid>
-    <OutputType>Library</OutputType>
+    <OutputType>Web</OutputType>
   </PropertyGroup>
   <PropertyGroup Condition="$(OutputType) == 'Console'">
     <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
@@ -21,6 +21,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
+    <DevelopmentServerPort>50113</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 06309f541b..35480c1cc3 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -14,6 +14,7 @@ using Microsoft.AspNet.Security.MicrosoftAccount;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.AspNet.Security.Twitter;
 using Newtonsoft.Json.Linq;
+using Microsoft.Framework.DependencyInjection;
 
 namespace CookieSample
 {
@@ -23,39 +24,48 @@ namespace CookieSample
         {
             app.UseErrorPage();
 
-            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
-
-            app.UseCookieAuthentication(new CookieAuthenticationOptions()
+            app.UseServices(services =>
             {
-                LoginPath = new PathString("/login"),
+                services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                {
+
+                    options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+                });
             });
 
-            app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
+            app.UseCookieAuthentication(options =>
+                {
+                    options.LoginPath = new PathString("/login");
+                });
+
+            app.UseFacebookAuthentication(options =>
             {
-                AppId = "569522623154478",
-                AppSecret = "a124463c4719c94b4228d9a240e5dc1a",
+                options.AppId = "569522623154478";
+                options.AppSecret = "a124463c4719c94b4228d9a240e5dc1a";
             });
 
-            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("Google-AccessToken")
+            app.UseOAuthAuthentication("Google-AccessToken", options =>
             {
-                ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
-                ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
-                CallbackPath = new PathString("/signin-google-token"),
-                AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint,
-                TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint,
-                Scope = { "openid", "profile", "email" },
+                options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
+                options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
+                options.CallbackPath = new PathString("/signin-google-token");
+                options.AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint;
+                options.TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint;
+                options.Scope.Add("openid");
+                options.Scope.Add("profile");
+                options.Scope.Add("email");
             });
 
-            app.UseGoogleAuthentication(new GoogleAuthenticationOptions()
+            app.UseGoogleAuthentication(options =>
             {
-                ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
-                ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
+                options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
+                options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
             });
 
-            app.UseTwitterAuthentication(new TwitterAuthenticationOptions()
+            app.UseTwitterAuthentication(options =>
             {
-                ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g",
-                ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI",
+                options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g";
+                options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
             });
 
             /*
@@ -75,43 +85,43 @@ namespace CookieSample
             The sample app can then be run via:
              k web
             */
-            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("Microsoft-AccessToken")
+            app.UseOAuthAuthentication("Microsoft-AccessToken", options =>
             {
-                Caption = "MicrosoftAccount-AccessToken - Requires project changes",
-                ClientId = "00000000480FF62E",
-                ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
-                CallbackPath = new PathString("/signin-microsoft-token"),
-                AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint,
-                TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint,
-                Scope = { "wl.basic" },
+                options.Caption = "MicrosoftAccount-AccessToken - Requires project changes";
+                options.ClientId = "00000000480FF62E";
+                options.ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr";
+                options.CallbackPath = new PathString("/signin-microsoft-token");
+                options.AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint;
+                options.TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint;
+                options.Scope.Add("wl.basic");
             });
 
-            app.UseMicrosoftAccountAuthentication(new MicrosoftAccountAuthenticationOptions()
+            app.UseMicrosoftAccountAuthentication(options =>
             {
-                Caption = "MicrosoftAccount - Requires project changes",
-                ClientId = "00000000480FF62E",
-                ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
+                options.Caption = "MicrosoftAccount - Requires project changes";
+                options.ClientId = "00000000480FF62E";
+                options.ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr";
             });
 
-            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("GitHub-AccessToken")
+            app.UseOAuthAuthentication("GitHub-AccessToken", options =>
             {
-                ClientId = "8c0c5a572abe8fe89588",
-                ClientSecret = "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda",
-                CallbackPath = new PathString("/signin-github-token"),
-                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
-                TokenEndpoint = "https://github.com/login/oauth/access_token",
+                options.ClientId = "8c0c5a572abe8fe89588";
+                options.ClientSecret = "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda";
+                options.CallbackPath = new PathString("/signin-github-token");
+                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
+                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
             });
 
-            app.UseOAuthAuthentication(new OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>("GitHub")
+            app.UseOAuthAuthentication("GitHub", options =>
             {
-                ClientId = "49e302895d8b09ea5656",
-                ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b",
-                CallbackPath = new PathString("/signin-github"),
-                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
-                TokenEndpoint = "https://github.com/login/oauth/access_token",
-                UserInformationEndpoint = "https://api.github.com/user",
+                options.ClientId = "49e302895d8b09ea5656";
+                options.ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b";
+                options.CallbackPath = new PathString("/signin-github");
+                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
+                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
+                options.UserInformationEndpoint = "https://api.github.com/user";
                 // Retrieving user information is unique to each provider.
-                Notifications = new OAuthAuthenticationNotifications()
+                options.Notifications = new OAuthAuthenticationNotifications()
                 {
                     OnGetUserInformationAsync = async (context) =>
                     {
@@ -153,7 +163,7 @@ namespace CookieSample
 
                         context.Identity = identity;
                     },
-                },
+                };
             });
 
             // Choose an authentication type
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index b1942aa64d..84bb6d1c95 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -8,7 +8,8 @@
         "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.DependencyInjection": "1.0.0-*"
+        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+        "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
     "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 03af44a43d..98d39cca71 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -2,6 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Security.Cookies;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
+using System;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -10,15 +13,25 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class CookieAuthenticationExtensions
     {
+        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
+        {
+            return services.ConfigureOptions(configure);
+        }
+
         /// <summary>
         /// Adds a cookie-based authentication middleware to your web application pipeline.
         /// </summary>
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="options">An options class that controls the middleware behavior</param>
+        /// <param name="configureOptions">Used to configure the options for the middleware</param>
+        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, [NotNull] CookieAuthenticationOptions options)
+        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
-            return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
+            return app.UseMiddleware<CookieAuthenticationMiddleware>(
+                new OptionsAction<CookieAuthenticationOptions>(configureOptions ?? (o => { }))
+                {
+                    Name = optionsName
+                });
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 92ab1b1225..fff6906658 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -9,6 +9,7 @@ using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
@@ -16,8 +17,12 @@ namespace Microsoft.AspNet.Security.Cookies
     {
         private readonly ILogger _logger;
 
-        public CookieAuthenticationMiddleware(RequestDelegate next, IDataProtectionProvider dataProtectionProvider, ILoggerFactory loggerFactory, CookieAuthenticationOptions options)
-            : base(next, options)
+        public CookieAuthenticationMiddleware(RequestDelegate next, 
+            IDataProtectionProvider dataProtectionProvider, 
+            ILoggerFactory loggerFactory, 
+            IOptionsAccessor<CookieAuthenticationOptions> options,
+            IOptionsAction<CookieAuthenticationOptions> configureOptions)
+            : base(next, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
@@ -27,11 +32,11 @@ namespace Microsoft.AspNet.Security.Cookies
             {
                 Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationType;
             }
-            if (options.TicketDataFormat == null)
+            if (Options.TicketDataFormat == null)
             {
                 IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
-                    typeof(CookieAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
-                options.TicketDataFormat = new TicketDataFormat(dataProtector);
+                    typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1");
+                Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
             if (Options.CookieManager == null)
             {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index c6373a0ec9..121ff409b2 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -21,8 +21,8 @@ namespace Microsoft.AspNet.Security.Cookies
         /// Create an instance of the options initialized with the default values
         /// </summary>
         public CookieAuthenticationOptions()
-            : base(CookieAuthenticationDefaults.AuthenticationType)
         {
+            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             CookiePath = "/";
             ExpireTimeSpan = TimeSpan.FromDays(14);
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
index 5438272090..aa59e2efee 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
@@ -2,6 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Security.Facebook;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
+using System;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -10,35 +13,23 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class FacebookAuthenticationExtensions
     {
-        /// <summary>
-        /// Authenticate users using Facebook.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="appId">The appId assigned by Facebook.</param>
-        /// <param name="appSecret">The appSecret assigned by Facebook.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string appId, [NotNull] string appSecret)
+        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
         {
-            return app.UseFacebookAuthentication(new FacebookAuthenticationOptions()
-            {
-                AppId = appId,
-                AppSecret = appSecret,
-            });
+            return services.ConfigureOptions(configure);
         }
 
         /// <summary>
         /// Authenticate users using Facebook.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, [NotNull] FacebookAuthenticationOptions options)
+        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
-            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
-            {
-                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
-            }
-            return app.UseMiddleware<FacebookAuthenticationMiddleware>(options);
+            return app.UseMiddleware<FacebookAuthenticationMiddleware>(
+                 new OptionsAction<FacebookAuthenticationOptions>(configureOptions ?? (o => { }))
+                 {
+                     Name = optionsName
+                 });
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index 2d653d7c28..a453e085a0 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -8,6 +8,7 @@ using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.Facebook
 {
@@ -27,8 +28,10 @@ namespace Microsoft.AspNet.Security.Facebook
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            FacebookAuthenticationOptions options)
-            : base(next, dataProtectionProvider, loggerFactory, options)
+            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
+            IOptionsAccessor<FacebookAuthenticationOptions> options,
+            IOptionsAction<FacebookAuthenticationOptions> configureOptions = null)
+            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
             {
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
index 7f1199a086..1720571843 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
@@ -15,8 +15,9 @@ namespace Microsoft.AspNet.Security.Facebook
         /// Initializes a new <see cref="FacebookAuthenticationOptions"/>.
         /// </summary>
         public FacebookAuthenticationOptions()
-            : base(FacebookAuthenticationDefaults.AuthenticationType)
         {
+            AuthenticationType = FacebookAuthenticationDefaults.AuthenticationType;
+            Caption = AuthenticationType;
             CallbackPath = new PathString("/signin-facebook");
             SendAppSecretProof = true;
             AuthorizationEndpoint = FacebookAuthenticationDefaults.AuthorizationEndpoint;
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 6ad815156a..06da113a74 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -7,6 +7,7 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
index 571ff5ffe3..7bb4a24e25 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
@@ -2,6 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Security.Google;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
+using System;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -10,36 +13,25 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class GoogleAuthenticationExtensions
     {
-        /// <summary>
-        /// Authenticate users using Google OAuth 2.0.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="clientId">The google assigned client id.</param>
-        /// <param name="clientSecret">The google assigned client secret.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
+        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
         {
-            return app.UseGoogleAuthentication(
-                new GoogleAuthenticationOptions
-                {
-                    ClientId = clientId,
-                    ClientSecret = clientSecret
-                });
+            return services.ConfigureOptions(configure);
         }
 
         /// <summary>
         /// Authenticate users using Google OAuth 2.0.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="options">Middleware configuration options.</param>
+        /// <param name="configureOptions">Used to configure Middleware options.</param>
+        /// <param name="optionsName">Name of the options instance to be used</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, [NotNull] GoogleAuthenticationOptions options)
+        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
-            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
-            {
-                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
-            }
-            return app.UseMiddleware<GoogleAuthenticationMiddleware>(options);
+            return app.UseMiddleware<GoogleAuthenticationMiddleware>(
+                 new OptionsAction<GoogleAuthenticationOptions>(configureOptions ?? (o => { }))
+                 {
+                     Name = optionsName
+                 });
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
index 08d7610fa0..66cef2e2a0 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -11,6 +11,7 @@ using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.Google
 {
@@ -31,8 +32,10 @@ namespace Microsoft.AspNet.Security.Google
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            GoogleAuthenticationOptions options)
-            : base(next, dataProtectionProvider, loggerFactory, options)
+            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
+            IOptionsAccessor<GoogleAuthenticationOptions> options,
+            IOptionsAction<GoogleAuthenticationOptions> configureOptions = null)
+            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
index 0b8e3ab091..4cfb97bbb2 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
@@ -19,8 +19,9 @@ namespace Microsoft.AspNet.Security.Google
         /// Initializes a new <see cref="GoogleAuthenticationOptions"/>.
         /// </summary>
         public GoogleAuthenticationOptions()
-            : base(GoogleAuthenticationDefaults.AuthenticationType)
         {
+            AuthenticationType = GoogleAuthenticationDefaults.AuthenticationType;
+            Caption = AuthenticationType;
             CallbackPath = new PathString("/signin-google");
             AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 6ad815156a..0cc8fa1188 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -7,7 +7,8 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4"
+        "Microsoft.Framework.OptionsModel": "1.0.0-*",
+        "Newtonsoft.Json": "6.0.4",
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
index 9963abf1d6..64ec369ab5 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
@@ -2,6 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Security.MicrosoftAccount;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
+using System;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -10,36 +13,18 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class MicrosoftAccountAuthenticationExtensions
     {
-        /// <summary>
-        /// Authenticate users using Microsoft Account.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="clientId">The application client ID assigned by the Microsoft authentication service.</param>
-        /// <param name="clientSecret">The application client secret assigned by the Microsoft authentication service.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string clientId, [NotNull] string clientSecret)
+        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
         {
-            return app.UseMicrosoftAccountAuthentication(
-                new MicrosoftAccountAuthenticationOptions
-                {
-                    ClientId = clientId,
-                    ClientSecret = clientSecret,
-                });
+            return services.ConfigureOptions(configure);
         }
 
-        /// <summary>
-        /// Authenticate users using Microsoft Account.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="options">The middleware configuration options.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, [NotNull] MicrosoftAccountAuthenticationOptions options)
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
-            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
-            {
-                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
-            }
-            return app.UseMiddleware<MicrosoftAccountAuthenticationMiddleware>(options);
+            return app.UseMiddleware<MicrosoftAccountAuthenticationMiddleware>(
+                 new OptionsAction<MicrosoftAccountAuthenticationOptions>(configureOptions ?? (o => { }))
+                 {
+                     Name = optionsName
+                 });
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 29ad5c5efb..c36ad16de2 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -8,6 +8,7 @@ using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.MicrosoftAccount
 {
@@ -27,8 +28,10 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            MicrosoftAccountAuthenticationOptions options)
-            : base(next, dataProtectionProvider, loggerFactory, options)
+            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
+            IOptionsAccessor<MicrosoftAccountAuthenticationOptions> options,
+            IOptionsAction<MicrosoftAccountAuthenticationOptions> configureOptions = null)
+            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
index 24d2599cb2..8755de63ba 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
@@ -15,8 +15,9 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationOptions"/>.
         /// </summary>
         public MicrosoftAccountAuthenticationOptions()
-            : base(MicrosoftAccountAuthenticationDefaults.AuthenticationType)
         {
+            AuthenticationType = MicrosoftAccountAuthenticationDefaults.AuthenticationType;
+            Caption = AuthenticationType;
             CallbackPath = new PathString("/signin-microsoft");
             AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index c0c9fa2067..08fee1520f 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -7,6 +7,7 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
index 0b6f0ddec6..bdbc3c9ee5 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
@@ -4,6 +4,8 @@
 using System;
 using System.Globalization;
 using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -18,17 +20,21 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OAuthAuthenticationOptions<IOAuthAuthenticationNotifications> options)
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string authenticationType, Action<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>> configureOptions = null)
         {
-            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
-            {
-                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
-            }
-            if (options.Notifications == null)
-            {
-                options.Notifications = new OAuthAuthenticationNotifications();
-            }
-            return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>, IOAuthAuthenticationNotifications>>(options);
+            return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>, IOAuthAuthenticationNotifications>>(
+                new OptionsAction<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>>(options =>
+                {
+                    options.AuthenticationType = authenticationType;
+                    options.Caption = authenticationType;
+                    if (configureOptions != null)
+                    {
+                        configureOptions(options);
+                    }
+                }) 
+                {
+                    Name = authenticationType,
+                });
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
index 009b025488..e3d65c55bd 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -10,6 +10,7 @@ using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.OAuth
 {
@@ -18,7 +19,7 @@ namespace Microsoft.AspNet.Security.OAuth
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class OAuthAuthenticationMiddleware<TOptions, TNotifications> : AuthenticationMiddleware<TOptions>
-        where TOptions : OAuthAuthenticationOptions<TNotifications>
+        where TOptions : OAuthAuthenticationOptions<TNotifications>, new()
         where TNotifications : IOAuthAuthenticationNotifications
     {
         /// <summary>
@@ -32,9 +33,16 @@ namespace Microsoft.AspNet.Security.OAuth
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            TOptions options)
-            : base(next, options)
+            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
+            IOptionsAccessor<TOptions> options,
+            IOptionsAction<TOptions> configureOptions = null)
+            : base(next, options, configureOptions)
         {
+            // todo: review error handling
+            if (string.IsNullOrWhiteSpace(Options.AuthenticationType))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthenticationType"));
+            }
             if (string.IsNullOrWhiteSpace(Options.ClientId))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
@@ -57,7 +65,7 @@ namespace Microsoft.AspNet.Security.OAuth
             if (Options.StateDataFormat == null)
             {
                 IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
-                    this.GetType().FullName, options.AuthenticationType, "v1");
+                    this.GetType().FullName, Options.AuthenticationType, "v1");
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
 
@@ -65,6 +73,15 @@ namespace Microsoft.AspNet.Security.OAuth
             Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET OAuth middleware");
             Backchannel.Timeout = Options.BackchannelTimeout;
             Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+
+            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            {
+                Options.SignInAsAuthenticationType = externalOptions.Options.SignInAsAuthenticationType;
+            }
+            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInAsAuthenticationType"));
+            }
         }
 
         protected HttpClient Backchannel { get; private set; }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
index 69e8897448..cee784185d 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
@@ -18,10 +18,8 @@ namespace Microsoft.AspNet.Security.OAuth
         /// <summary>
         /// Initializes a new <see cref="OAuthAuthenticationOptions"/>.
         /// </summary>
-        public OAuthAuthenticationOptions([NotNull] string authenticationType)
-            : base(authenticationType)
+        public OAuthAuthenticationOptions()
         {
-            Caption = authenticationType;
             AuthenticationMode = AuthenticationMode.Passive;
             Scope = new List<string>();
             BackchannelTimeout = TimeSpan.FromSeconds(60);
@@ -69,9 +67,6 @@ namespace Microsoft.AspNet.Security.OAuth
         /// <summary>
         /// Get or sets the text that the user can display on a sign in user interface.
         /// </summary>
-        /// <remarks>
-        /// The default value is the authentication type.
-        /// </remarks>
         public string Caption
         {
             get { return Description.Caption; }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
index 65f01b5b82..2eb1bfb89a 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
@@ -8,14 +8,6 @@ namespace Microsoft.AspNet.Security.OAuth
     /// </summary>
     public class OAuthAuthenticationOptions<TNotifications> : OAuthAuthenticationOptions where TNotifications : IOAuthAuthenticationNotifications
     {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthAuthenticationOptions"/>.
-        /// </summary>
-        public OAuthAuthenticationOptions([NotNull] string authenticationType)
-            : base(authenticationType)
-        {
-        }
-
         /// <summary>
         /// Gets or sets the <see cref="IOAuthAuthenticationNotifications"/> used to handle authentication events.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
index aa56249cca..9f2c54ce1f 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
@@ -1,7 +1,11 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.Twitter;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
+using System;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -10,36 +14,18 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class TwitterAuthenticationExtensions
     {
-        /// <summary>
-        /// Authenticate users using Twitter
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method</param>
-        /// <param name="consumerKey">The Twitter-issued consumer key</param>
-        /// <param name="consumerSecret">The Twitter-issued consumer secret</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/></returns>
-        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string consumerKey, [NotNull] string consumerSecret)
+        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
         {
-            return app.UseTwitterAuthentication(
-                new TwitterAuthenticationOptions
-                {
-                    ConsumerKey = consumerKey,
-                    ConsumerSecret = consumerSecret,
-                });
+            return services.ConfigureOptions(configure);
         }
 
-        /// <summary>
-        /// Authenticate users using Twitter
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method</param>
-        /// <param name="options">Middleware configuration options</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/></returns>
-        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, [NotNull] TwitterAuthenticationOptions options)
+        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
-            if (string.IsNullOrEmpty(options.SignInAsAuthenticationType))
-            {
-                options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
-            }
-            return app.UseMiddleware<TwitterAuthenticationMiddleware>(options);
+            return app.UseMiddleware<TwitterAuthenticationMiddleware>(
+                 new OptionsAction<TwitterAuthenticationOptions>(configureOptions ?? (o => { }))
+                 {
+                     Name = optionsName
+                 });
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
index 5961762191..ffa9b9bb69 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
@@ -12,6 +12,7 @@ using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.Twitter.Messages;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.Twitter
 {
@@ -35,8 +36,10 @@ namespace Microsoft.AspNet.Security.Twitter
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            TwitterAuthenticationOptions options)
-            : base(next, options)
+            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
+            IOptionsAccessor<TwitterAuthenticationOptions> options,
+            IOptionsAction<TwitterAuthenticationOptions> configureOptions = null)
+            : base(next, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
             {
@@ -56,13 +59,22 @@ namespace Microsoft.AspNet.Security.Twitter
             if (Options.StateDataFormat == null)
             {
                 IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
-                    typeof(TwitterAuthenticationMiddleware).FullName, options.AuthenticationType, "v1");
+                    typeof(TwitterAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1");
                 Options.StateDataFormat = new SecureDataFormat<RequestToken>(
                     Serializers.RequestToken,
                     dataProtector,
                     TextEncodings.Base64Url);
             }
 
+            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            {
+                Options.SignInAsAuthenticationType = externalOptions.Options.SignInAsAuthenticationType;
+            }
+            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInAsAuthenticationType"));
+            }
+
             _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
             _httpClient.Timeout = Options.BackchannelTimeout;
             _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
index 043911e759..91207863d5 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
@@ -17,9 +17,9 @@ namespace Microsoft.AspNet.Security.Twitter
         /// Initializes a new instance of the <see cref="TwitterAuthenticationOptions"/> class.
         /// </summary>
         public TwitterAuthenticationOptions()
-            : base(TwitterAuthenticationDefaults.AuthenticationType)
         {
-            Caption = TwitterAuthenticationDefaults.AuthenticationType;
+            AuthenticationType = TwitterAuthenticationDefaults.AuthenticationType;
+            Caption = AuthenticationType;
             CallbackPath = new PathString("/signin-twitter");
             AuthenticationMode = AuthenticationMode.Passive;
             BackchannelTimeout = TimeSpan.FromSeconds(60);
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index 5f1c34c942..f5e8ef324d 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -6,6 +6,7 @@
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Newtonsoft.Json": "6.0.4"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
index 77e8fa03a4..e25383cfe3 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
@@ -17,17 +17,6 @@ namespace Microsoft.AspNet.Security
     {
         private string _authenticationType;
 
-        /// <summary>
-        /// Initialize properties of AuthenticationOptions base class
-        /// </summary>
-        /// <param name="authenticationType">Assigned to the AuthenticationType property</param>
-        protected AuthenticationOptions(string authenticationType)
-        {
-            Description = new AuthenticationDescription();
-            AuthenticationType = authenticationType;
-            AuthenticationMode = AuthenticationMode.Active;
-        }
-
         /// <summary>
         /// The AuthenticationType in the options corresponds to the IIdentity AuthenticationType property. A different
         /// value may be assigned in order to use the same authentication middleware type more than once in a pipeline.
@@ -47,11 +36,11 @@ namespace Microsoft.AspNet.Security
         /// alter 401 Unauthorized responses going out. If Passive the authentication middleware will only provide
         /// identity and alter responses when explicitly indicated by the AuthenticationType.
         /// </summary>
-        public AuthenticationMode AuthenticationMode { get; set; }
+        public AuthenticationMode AuthenticationMode { get; set; } = AuthenticationMode.Active;
 
         /// <summary>
         /// Additional information about the authentication type which is made available to the application.
         /// </summary>
-        public AuthenticationDescription Description { get; set; }
+        public AuthenticationDescription Description { get; set; } = new AuthenticationDescription();
     }
 }
diff --git a/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs b/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
deleted file mode 100644
index 5a9aec367f..0000000000
--- a/src/Microsoft.AspNet.Security/BuilderSecurityExtensions.cs
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Security;
-
-namespace Microsoft.AspNet.Builder
-{
-    /// <summary>
-    /// Provides extensions methods for app.Property values that are only needed by implementations of authentication middleware.
-    /// </summary>
-    public static class BuilderSecurityExtensions
-    {
-        /// <summary>
-        /// Returns the previously set AuthenticationType that external sign in middleware should use when the
-        /// browser navigates back to their return url.
-        /// </summary>
-        /// <param name="app">App builder passed to the application startup code</param>
-        /// <returns></returns>
-        public static string GetDefaultSignInAsAuthenticationType([NotNull] this IApplicationBuilder app)
-        {
-            object value;
-            if (app.Properties.TryGetValue(Constants.DefaultSignInAsAuthenticationType, out value))
-            {
-                var authenticationType = value as string;
-                if (!string.IsNullOrEmpty(authenticationType))
-                {
-                    return authenticationType;
-                }
-            }
-            throw new InvalidOperationException(Resources.Exception_MissingDefaultSignInAsAuthenticationType);
-        }
-
-        /// <summary>
-        /// Called by middleware to change the name of the AuthenticationType that external middleware should use
-        /// when the browser navigates back to their return url.
-        /// </summary>
-        /// <param name="app">App builder passed to the application startup code</param>
-        /// <param name="authenticationType">AuthenticationType that external middleware should sign in as.</param>
-        public static void SetDefaultSignInAsAuthenticationType([NotNull] this IApplicationBuilder app, [NotNull] string authenticationType)
-        {
-            app.Properties[Constants.DefaultSignInAsAuthenticationType] = authenticationType;
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Constants.cs b/src/Microsoft.AspNet.Security/Constants.cs
deleted file mode 100644
index d1bc8f01e1..0000000000
--- a/src/Microsoft.AspNet.Security/Constants.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNet.Security
-{
-    /// <summary>
-    /// String constants used only by the Security assembly
-    /// </summary>
-    internal static class Constants
-    {
-        /// <summary>
-        /// Used by middleware extension methods to coordinate the default value Options property SignInAsAuthenticationType
-        /// </summary>
-        internal const string DefaultSignInAsAuthenticationType = "Microsoft.AspNet.Security.DefaultSignInAsAuthenticationType";
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/ExternalAuthenticationOptions.cs b/src/Microsoft.AspNet.Security/ExternalAuthenticationOptions.cs
new file mode 100644
index 0000000000..671020b2b6
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/ExternalAuthenticationOptions.cs
@@ -0,0 +1,13 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+
+using System;
+
+namespace Microsoft.AspNet.Security
+{
+    public class ExternalAuthenticationOptions
+    {
+        public string SignInAsAuthenticationType { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index 8077b22d63..1ea787fce8 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -6,19 +6,30 @@ using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
-    public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions
+    public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions, new()
     {
         private readonly RequestDelegate _next;
 
-        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] TOptions options)
+        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] IOptionsAccessor<TOptions> options, IOptionsAction<TOptions> configureOptions)
         {
-            Options = options;
+            if (configureOptions != null)
+            {
+                Options = options.GetNamedOptions(configureOptions.Name);
+                configureOptions.Invoke(Options);
+            }
+            else
+            {
+                Options = options.Options;
+            }
             _next = next;
         }
 
+        public string AuthenticationType { get; set; }
+
         public TOptions Options { get; set; }
 
         public async Task Invoke(HttpContext context)
diff --git a/src/Microsoft.AspNet.Security/Resources.resx b/src/Microsoft.AspNet.Security/Resources.resx
index f0765cc325..77060045e0 100644
--- a/src/Microsoft.AspNet.Security/Resources.resx
+++ b/src/Microsoft.AspNet.Security/Resources.resx
@@ -123,9 +123,6 @@
   <data name="Exception_UnhookAuthenticationStateType" xml:space="preserve">
     <value>The state passed to UnhookAuthentication may only be the return value from HookAuthentication.</value>
   </data>
-  <data name="Exception_MissingDefaultSignInAsAuthenticationType" xml:space="preserve">
-    <value>A default value for SignInAsAuthenticationType was not found in IApplicationBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.</value>
-  </data>
   <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
     <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
   </data>
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 11854a0e14..502d45043f 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -5,7 +5,8 @@
         "Microsoft.AspNet.PipelineCore": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*"
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": { },
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index 6578ba6004..a02dc14752 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -18,6 +18,8 @@ using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.TestHost;
 using Shouldly;
 using Xunit;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.DependencyInjection;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
@@ -26,7 +28,7 @@ namespace Microsoft.AspNet.Security.Cookies
         [Fact]
         public async Task NormalRequestPassesThrough()
         {
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
             });
             HttpResponseMessage response = await server.CreateClient().GetAsync("http://example.com/normal");
@@ -36,9 +38,9 @@ namespace Microsoft.AspNet.Security.Cookies
         [Fact]
         public async Task ProtectedRequestShouldRedirectToLogin()
         {
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                LoginPath = new PathString("/login")
+                options.LoginPath = new PathString("/login");
             });
 
             Transaction transaction = await SendAsync(server, "http://example.com/protected");
@@ -53,9 +55,9 @@ namespace Microsoft.AspNet.Security.Cookies
         [Fact]
         public async Task ProtectedCustomRequestShouldRedirectToCustomLogin()
         {
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                LoginPath = new PathString("/login")
+                options.LoginPath = new PathString("/login");
             });
 
             Transaction transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
@@ -77,10 +79,10 @@ namespace Microsoft.AspNet.Security.Cookies
         [Fact]
         public async Task SignInCausesDefaultCookieToBeCreated()
         {
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                LoginPath = new PathString("/login"),
-                CookieName = "TestCookie",
+                options.LoginPath = new PathString("/login");
+                options.CookieName = "TestCookie";
             }, SignInAsAlice);
 
             Transaction transaction = await SendAsync(server, "http://example.com/testpath");
@@ -106,11 +108,11 @@ namespace Microsoft.AspNet.Security.Cookies
             string requestUri,
             bool shouldBeSecureOnly)
         {
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                LoginPath = new PathString("/login"),
-                CookieName = "TestCookie",
-                CookieSecure = cookieSecureOption
+                options.LoginPath = new PathString("/login");
+                options.CookieName = "TestCookie";
+                options.CookieSecure = cookieSecureOption;
             }, SignInAsAlice);
 
             Transaction transaction = await SendAsync(server, requestUri);
@@ -129,22 +131,22 @@ namespace Microsoft.AspNet.Security.Cookies
         [Fact]
         public async Task CookieOptionsAlterSetCookieHeader()
         {
-            TestServer server1 = CreateServer(new CookieAuthenticationOptions
+            TestServer server1 = CreateServer(options =>
             {
-                CookieName = "TestCookie",
-                CookiePath = "/foo",
-                CookieDomain = "another.com",
-                CookieSecure = CookieSecureOption.Always,
-                CookieHttpOnly = true,
+                options.CookieName = "TestCookie";
+                options.CookiePath = "/foo";
+                options.CookieDomain = "another.com";
+                options.CookieSecure = CookieSecureOption.Always;
+                options.CookieHttpOnly = true;
             }, SignInAsAlice);
 
             Transaction transaction1 = await SendAsync(server1, "http://example.com/testpath");
 
-            TestServer server2 = CreateServer(new CookieAuthenticationOptions
+            TestServer server2 = CreateServer(options =>
             {
-                CookieName = "SecondCookie",
-                CookieSecure = CookieSecureOption.Never,
-                CookieHttpOnly = false,
+                options.CookieName = "SecondCookie";
+                options.CookieSecure = CookieSecureOption.Never;
+                options.CookieHttpOnly = false;
             }, SignInAsAlice);
 
             Transaction transaction2 = await SendAsync(server2, "http://example.com/testpath");
@@ -168,9 +170,9 @@ namespace Microsoft.AspNet.Security.Cookies
         public async Task CookieContainsIdentity()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                SystemClock = clock
+                options.SystemClock = clock;
             }, SignInAsAlice);
 
             Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -184,11 +186,11 @@ namespace Microsoft.AspNet.Security.Cookies
         public async Task CookieStopsWorkingAfterExpiration()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false,
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = false;
             }, SignInAsAlice);
 
             Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -215,11 +217,11 @@ namespace Microsoft.AspNet.Security.Cookies
         public async Task CookieExpirationCanBeOverridenInSignin()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false,
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = false;
             },
             context =>
             {
@@ -253,18 +255,18 @@ namespace Microsoft.AspNet.Security.Cookies
         public async Task CookieExpirationCanBeOverridenInEvent()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false,
-                Notifications = new CookieAuthenticationNotifications()
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = false;
+                options.Notifications = new CookieAuthenticationNotifications()
                 {
                     OnResponseSignIn = context =>
                     {
                         context.Properties.ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5));
                     }
-                }
+                };
             }, SignInAsAlice);
 
             Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -291,11 +293,11 @@ namespace Microsoft.AspNet.Security.Cookies
         public async Task CookieIsRenewedWithSlidingExpiration()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = true,
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = true;
             }, SignInAsAlice);
 
             Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -328,9 +330,9 @@ namespace Microsoft.AspNet.Security.Cookies
         [Fact]
         public async Task AjaxRedirectsAsExtraHeaderOnTwoHundred()
         {
-            TestServer server = CreateServer(new CookieAuthenticationOptions
+            TestServer server = CreateServer(options =>
             {
-                LoginPath = new PathString("/login")
+                options.LoginPath = new PathString("/login");
             });
 
             Transaction transaction = await SendAsync(server, "http://example.com/protected", ajaxRequest: true);
@@ -363,11 +365,12 @@ namespace Microsoft.AspNet.Security.Cookies
             return me;
         }
 
-        private static TestServer CreateServer(CookieAuthenticationOptions options, Func<HttpContext, Task> testpath = null)
+        private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
             return TestServer.Create(app =>
             {
-                app.UseCookieAuthentication(options);
+                app.UseServices(services => { });
+                app.UseCookieAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
                     var req = context.Request;
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 672dc04ac9..2f800c4933 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -13,6 +13,7 @@ using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
 using Shouldly;
 using Xunit;
 
@@ -23,20 +24,35 @@ namespace Microsoft.AspNet.Security.Facebook
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var options = new FacebookAuthenticationOptions()
-            {
-                AppId = "Test App Id",
-                AppSecret = "Test App Secret",
-                Notifications = new FacebookAuthenticationNotifications
-                {
-                    OnApplyRedirect = context =>
-                    {
-                        context.Response.Redirect(context.RedirectUri + "&custom=test");
-                    }
-                }
-            };
             var server = CreateServer(
-                app => app.UseFacebookAuthentication(options),
+                app =>
+                {
+                    app.UseServices(services =>
+                    {
+                        services.ConfigureFacebookAuthentication(options =>
+                        {
+                            options.AppId = "Test App Id";
+                            options.AppSecret = "Test App Secret";
+                            options.Notifications = new FacebookAuthenticationNotifications
+                            {
+                                OnApplyRedirect = context =>
+                                {
+                                    context.Response.Redirect(context.RedirectUri + "&custom=test");
+                                }
+                            };
+                        });
+                        services.ConfigureCookieAuthentication(options =>
+                        {
+                            options.AuthenticationType = "External";
+                        });
+                        services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                        {
+                            options.SignInAsAuthenticationType = "External";
+                        });
+                    });
+                    app.UseFacebookAuthentication();
+                    app.UseCookieAuthentication();
+                },
                 context =>
                 {
                     context.Response.Challenge("Facebook");
@@ -52,7 +68,27 @@ namespace Microsoft.AspNet.Security.Facebook
         public async Task ChallengeWillTriggerRedirection()
         {
             var server = CreateServer(
-                app => app.UseFacebookAuthentication("Test App Id", "Test App Secret"),
+                app =>
+                {
+                    app.UseServices(services =>
+                    {
+                        services.ConfigureFacebookAuthentication(options =>
+                        {
+                            options.AppId = "Test App Id";
+                            options.AppSecret = "Test App Secret";
+                        });
+                        services.ConfigureCookieAuthentication(options =>
+                        {
+                            options.AuthenticationType = "External";
+                        });
+                        services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                        {
+                            options.SignInAsAuthenticationType = "External";
+                        });
+                    });
+                    app.UseFacebookAuthentication();
+                    app.UseCookieAuthentication();
+                },
                 context =>
                 {
                     context.Response.Challenge("Facebook");
@@ -73,11 +109,6 @@ namespace Microsoft.AspNet.Security.Facebook
         {
             return TestServer.Create(app =>
             {
-                app.SetDefaultSignInAsAuthenticationType("External");
-                app.UseCookieAuthentication(new CookieAuthenticationOptions()
-                {
-                    AuthenticationType = "External"
-                });
                 if (configure != null)
                 {
                     configure(app);
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index e12def60fa..2a58baf167 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -19,6 +19,10 @@ using Microsoft.AspNet.TestHost;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.DataHandler;
 
 namespace Microsoft.AspNet.Security.Google
 {
@@ -29,10 +33,10 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
-            var server = CreateServer(new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
             });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -51,11 +55,11 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task Challenge401WillTriggerRedirection()
         {
-            var server = CreateServer(new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                AuthenticationMode = AuthenticationMode.Active,
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.AuthenticationMode = AuthenticationMode.Active;
             });
             var transaction = await SendAsync(server, "https://example.com/401");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -70,10 +74,10 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ChallengeWillSetCorrelationCookie()
         {
-            var server = CreateServer(new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
             });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             Console.WriteLine(transaction.SetCookie);
@@ -83,11 +87,11 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task Challenge401WillSetCorrelationCookie()
         {
-            var server = CreateServer(new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                AuthenticationMode = AuthenticationMode.Active,
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.AuthenticationMode = AuthenticationMode.Active;
             });
             var transaction = await SendAsync(server, "https://example.com/401");
             Console.WriteLine(transaction.SetCookie);
@@ -97,10 +101,11 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ChallengeWillSetDefaultScope()
         {
-            var server = CreateServer(new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.AuthenticationMode = AuthenticationMode.Active;
             });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -111,11 +116,11 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task Challenge401WillSetDefaultScope()
         {
-            var server = CreateServer(new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                AuthenticationMode = AuthenticationMode.Active,
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.AuthenticationMode = AuthenticationMode.Active;
             });
             var transaction = await SendAsync(server, "https://example.com/401");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -126,13 +131,12 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ChallengeWillUseOptionsScope()
         {
-            var options = new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-            };
-            options.Scope.Add("https://www.googleapis.com/auth/plus.login");
-            var server = CreateServer(options);
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.Scope.Add("https://www.googleapis.com/auth/plus.login");
+            });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
@@ -142,13 +146,12 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
         {
-            var options = new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
-            };
-            var server = CreateServer(options,
-                context =>
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            },
+            context =>
                 {
                     var req = context.Request;
                     var res = context.Response;
@@ -179,19 +182,18 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var options = new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                Notifications = new GoogleAuthenticationNotifications
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.Notifications = new GoogleAuthenticationNotifications
                 {
                     OnApplyRedirect = context =>
                         {
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
                         }
-                }
-            };
-            var server = CreateServer(options);
+                };
+            });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
@@ -201,12 +203,11 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
         {
-            var options = new GoogleAuthenticationOptions()
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
-            };
-            var server = CreateServer(options);
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
             var transaction = await SendAsync(server, "https://example.com/signin-google?code=TestCode");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.InternalServerError);
         }
@@ -214,57 +215,58 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState()
         {
-            var options = new GoogleAuthenticationOptions()
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.StateDataFormat = stateFormat;
+                options.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = async req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
                         {
-                            if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                            return await ReturnJsonResponse(new
                             {
-                                return await ReturnJsonResponse(new
-                                {
-                                    access_token = "Test Access Token",
-                                    expire_in = 3600,
-                                    token_type = "Bearer"
-                                });
-                            }
-                            else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
-                            {
-                                return await ReturnJsonResponse(new
-                                {
-                                    id = "Test User ID",
-                                    displayName = "Test Name",
-                                    name = new
-                                    {
-                                        familyName = "Test Family Name",
-                                        givenName = "Test Given Name"
-                                    },
-                                    url = "Profile link",
-                                    emails = new[]
-                                    {
-                                        new
-                                        {
-                                            value = "Test email",
-                                            type = "account"
-                                        }
-                                    }
-                                });
-                            }
-
-                            return null;
+                                access_token = "Test Access Token",
+                                expire_in = 3600,
+                                token_type = "Bearer"
+                            });
                         }
-                }
-            };
-            var server = CreateServer(options);
+                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        {
+                            return await ReturnJsonResponse(new
+                            {
+                                id = "Test User ID",
+                                displayName = "Test Name",
+                                name = new
+                                {
+                                    familyName = "Test Family Name",
+                                    givenName = "Test Given Name"
+                                },
+                                url = "Profile link",
+                                emails = new[]
+                                {
+                                    new
+                                    {
+                                        value = "Test email",
+                                        type = "account"
+                                    }
+                                }
+                            });
+                        }
+
+                        return null;
+                    }
+                };
+            });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Dictionary.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
-            var state = options.StateDataFormat.Protect(properties);
+            var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server, 
                 "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
                 correlationKey + "=" + correlationValue);
@@ -287,25 +289,26 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ReplyPathWillRejectIfCodeIsInvalid()
         {
-            var options = new GoogleAuthenticationOptions()
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.StateDataFormat = stateFormat;
+                options.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
                         return Task.FromResult(new HttpResponseMessage(HttpStatusCode.BadRequest));
                     }
-                }
-            };
-            var server = CreateServer(options);
+                };
+            });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Dictionary.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
-            var state = options.StateDataFormat.Protect(properties);
+            var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
                 "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
                 correlationKey + "=" + correlationValue);
@@ -316,25 +319,26 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ReplyPathWillRejectIfAccessTokenIsMissing()
         {
-            var options = new GoogleAuthenticationOptions()
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.StateDataFormat = stateFormat;
+                options.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
-                    Sender = async req =>
+                    Sender = req =>
                     {
-                        return await ReturnJsonResponse(new object());
+                        return ReturnJsonResponse(new object());
                     }
-                }
-            };
-            var server = CreateServer(options);
+                };
+            });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Dictionary.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
-            var state = options.StateDataFormat.Protect(properties);
+            var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
                 "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
                 correlationKey + "=" + correlationValue);
@@ -345,11 +349,13 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            var options = new GoogleAuthenticationOptions()
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.StateDataFormat = stateFormat;
+                options.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = async req =>
                     {
@@ -388,8 +394,8 @@ namespace Microsoft.AspNet.Security.Google
 
                         return null;
                     }
-                },
-                Notifications = new GoogleAuthenticationNotifications()
+                };
+                options.Notifications = new GoogleAuthenticationNotifications()
                 {
                     OnAuthenticated = context =>
                         {
@@ -397,15 +403,14 @@ namespace Microsoft.AspNet.Security.Google
                             context.Identity.AddClaim(new Claim("RefreshToken", refreshToken));
                             return Task.FromResult<object>(null);
                         }
-                }
-            };
-            var server = CreateServer(options);
+                };
+            });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Dictionary.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
-            var state = options.StateDataFormat.Protect(properties);
+            var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
                 "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
                 correlationKey + "=" + correlationValue);
@@ -456,16 +461,19 @@ namespace Microsoft.AspNet.Security.Google
             return transaction;
         }
 
-        private static TestServer CreateServer(GoogleAuthenticationOptions options, Func<HttpContext, Task> testpath = null)
+        private static TestServer CreateServer(Action<GoogleAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
             return TestServer.Create(app =>
             {
-                app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationType);
-                app.UseCookieAuthentication(new CookieAuthenticationOptions()
+                app.UseServices(services =>
+                {
+                    services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
                     {
-                        AuthenticationType = CookieAuthenticationType
+                        options.SignInAsAuthenticationType = CookieAuthenticationType;
                     });
-                app.UseGoogleAuthentication(options);
+                });
+                app.UseCookieAuthentication(options => options.AuthenticationType = CookieAuthenticationType);
+                app.UseGoogleAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
                     var req = context.Request;
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index a19aeae05c..3a90d5fc51 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -20,6 +20,10 @@ using Microsoft.AspNet.TestHost;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
 {
@@ -28,20 +32,19 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var options = new MicrosoftAccountAuthenticationOptions()
-            {
-                ClientId = "Test Client Id",
-                ClientSecret = "Test Client Secret",
-                Notifications = new MicrosoftAccountAuthenticationNotifications
-                {
-                    OnApplyRedirect = context =>
-                    {
-                        context.Response.Redirect(context.RedirectUri + "&custom=test");
-                    }
-                }
-            };
             var server = CreateServer(
-                app => app.UseMicrosoftAccountAuthentication(options),
+                options =>
+                {
+                    options.ClientId = "Test Client Id";
+                    options.ClientSecret = "Test Client Secret";
+                    options.Notifications = new MicrosoftAccountAuthenticationNotifications
+                    {
+                        OnApplyRedirect = context =>
+                        {
+                            context.Response.Redirect(context.RedirectUri + "&custom=test");
+                        }
+                    };
+                },
                 context =>
                 {
                     context.Response.Challenge("Microsoft");
@@ -57,7 +60,11 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
         public async Task ChallengeWillTriggerRedirection()
         {
             var server = CreateServer(
-                app => app.UseMicrosoftAccountAuthentication("Test Client Id", "Test Client Secret"),
+                options =>
+                {
+                    options.ClientId = "Test Client Id";
+                    options.ClientSecret = "Test Client Secret";
+                },
                 context =>
                 {
                     context.Response.Challenge("Microsoft");
@@ -77,54 +84,55 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            var options = new MicrosoftAccountAuthenticationOptions()
-            {
-                ClientId = "Test Client Id",
-                ClientSecret = "Test Client Secret",
-                BackchannelHttpHandler = new TestHttpMessageHandler
-                {
-                    Sender = async req =>
-                    {
-                        if (req.RequestUri.AbsoluteUri == "https://login.live.com/oauth20_token.srf")
-                        {
-                            return await ReturnJsonResponse(new
-                            {
-                                access_token = "Test Access Token",
-                                expire_in = 3600,
-                                token_type = "Bearer",
-                                refresh_token = "Test Refresh Token"
-                            });
-                        }
-                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://apis.live.net/v5.0/me")
-                        {
-                            return await ReturnJsonResponse(new
-                            {
-                                id = "Test User ID",
-                                name = "Test Name",
-                                first_name = "Test Given Name",
-                                last_name = "Test Family Name",
-                                emails = new
-                                {
-                                    preferred = "Test email"
-                                }
-                            });
-                        }
-
-                        return null;
-                    }
-                },
-                Notifications = new MicrosoftAccountAuthenticationNotifications
-                {
-                    OnAuthenticated = context =>
-                    {
-                        var refreshToken = context.RefreshToken;
-                        context.Identity.AddClaim(new Claim("RefreshToken", refreshToken));
-                        return Task.FromResult<object>(null);
-                    }
-                }
-            };
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("MsftTest"));
             var server = CreateServer(
-                app => app.UseMicrosoftAccountAuthentication(options),
+                options =>
+                {
+                    options.ClientId = "Test Client Id";
+                    options.ClientSecret = "Test Client Secret";
+                    options.StateDataFormat = stateFormat;
+                    options.BackchannelHttpHandler = new TestHttpMessageHandler
+                    {
+                        Sender = async req =>
+                        {
+                            if (req.RequestUri.AbsoluteUri == "https://login.live.com/oauth20_token.srf")
+                            {
+                                return await ReturnJsonResponse(new
+                                {
+                                    access_token = "Test Access Token",
+                                    expire_in = 3600,
+                                    token_type = "Bearer",
+                                    refresh_token = "Test Refresh Token"
+                                });
+                            }
+                            else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://apis.live.net/v5.0/me")
+                            {
+                                return await ReturnJsonResponse(new
+                                {
+                                    id = "Test User ID",
+                                    name = "Test Name",
+                                    first_name = "Test Given Name",
+                                    last_name = "Test Family Name",
+                                    emails = new
+                                    {
+                                        preferred = "Test email"
+                                    }
+                                });
+                            }
+
+                            return null;
+                        }
+                    };
+                    options.Notifications = new MicrosoftAccountAuthenticationNotifications
+                    {
+                        OnAuthenticated = context =>
+                        {
+                            var refreshToken = context.RefreshToken;
+                            context.Identity.AddClaim(new Claim("RefreshToken", refreshToken));
+                            return Task.FromResult<object>(null);
+                        }
+                    };
+                },
                 context =>
                 {
                     Describe(context.Response, (ClaimsIdentity)context.User.Identity);
@@ -135,7 +143,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
             var correlationValue = "TestCorrelationId";
             properties.Dictionary.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
-            var state = options.StateDataFormat.Protect(properties);
+            var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
                 "https://example.com/signin-microsoft?code=TestCode&state=" + Uri.EscapeDataString(state),
                 correlationKey + "=" + correlationValue);
@@ -151,19 +159,19 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
             transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
         }
 
-        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<MicrosoftAccountAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler)
         {
             return TestServer.Create(app =>
             {
-                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                app.UseServices(services =>
                 {
-                    AuthenticationType = "External"
+                    services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                    {
+                        options.SignInAsAuthenticationType = "External";
+                    });
                 });
-                app.SetDefaultSignInAsAuthenticationType("External");
-                if (configure != null)
-                {
-                    configure(app);
-                }
+                app.UseCookieAuthentication(options => options.AuthenticationType = "External");
+                app.UseMicrosoftAccountAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
                     if (handler == null || !handler(context))
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index 461e541845..31afcfa7a9 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -15,6 +15,8 @@ using Microsoft.AspNet.TestHost;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.DependencyInjection;
 
 namespace Microsoft.AspNet.Security.Twitter
 {
@@ -23,20 +25,21 @@ namespace Microsoft.AspNet.Security.Twitter
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var options = new TwitterAuthenticationOptions()
-            {
-                ConsumerKey = "Test Consumer Key",
-                ConsumerSecret = "Test Consumer Secret",
-                Notifications = new TwitterAuthenticationNotifications
+            var server = CreateServer(
+                app => app.UseTwitterAuthentication(options =>
                 {
-                    OnApplyRedirect = context =>
+                    options.ConsumerKey = "Test Consumer Key";
+                    options.ConsumerSecret = "Test Consumer Secret";
+                    options.Notifications = new TwitterAuthenticationNotifications
                     {
-                        context.Response.Redirect(context.RedirectUri + "&custom=test");
-                    }
-                },
-                BackchannelHttpHandler = new TestHttpMessageHandler
-                {
-                    Sender = req =>
+                        OnApplyRedirect = context =>
+                        {
+                            context.Response.Redirect(context.RedirectUri + "&custom=test");
+                        }
+                    };
+                    options.BackchannelHttpHandler = new TestHttpMessageHandler
+                    {
+                        Sender = req =>
                         {
                             if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
                             {
@@ -50,11 +53,9 @@ namespace Microsoft.AspNet.Security.Twitter
                             }
                             return Task.FromResult<HttpResponseMessage>(null);
                         }
-                },
-                BackchannelCertificateValidator = null
-            };
-            var server = CreateServer(
-                app => app.UseTwitterAuthentication(options),
+                    };
+                    options.BackchannelCertificateValidator = null;
+                }),
                 context =>
                 {
                     context.Response.Challenge("Twitter");
@@ -69,31 +70,30 @@ namespace Microsoft.AspNet.Security.Twitter
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
-            var options = new TwitterAuthenticationOptions()
-            {
-                ConsumerKey = "Test Consumer Key",
-                ConsumerSecret = "Test Consumer Secret",
-                BackchannelHttpHandler = new TestHttpMessageHandler
-                {
-                    Sender = req =>
-                    {
-                        if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
-                        {
-                            return Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
-                            {
-                                Content =
-                                    new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
-                                        Encoding.UTF8,
-                                        "application/x-www-form-urlencoded")
-                            });
-                        }
-                        return Task.FromResult<HttpResponseMessage>(null);
-                    }
-                },
-                BackchannelCertificateValidator = null
-            };
             var server = CreateServer(
-                app => app.UseTwitterAuthentication(options),
+                app => app.UseTwitterAuthentication(options =>
+                {
+                    options.ConsumerKey = "Test Consumer Key";
+                    options.ConsumerSecret = "Test Consumer Secret";
+                    options.BackchannelHttpHandler = new TestHttpMessageHandler
+                    {
+                        Sender = req =>
+                        {
+                            if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
+                            {
+                                return Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
+                                {
+                                    Content =
+                                        new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
+                                            Encoding.UTF8,
+                                            "application/x-www-form-urlencoded")
+                                });
+                            }
+                            return Task.FromResult<HttpResponseMessage>(null);
+                        }
+                    };
+                    options.BackchannelCertificateValidator = null;
+                }),
                 context =>
                 {
                     context.Response.Challenge("Twitter");
@@ -109,10 +109,16 @@ namespace Microsoft.AspNet.Security.Twitter
         {
             return TestServer.Create(app =>
             {
-                app.SetDefaultSignInAsAuthenticationType("External");
-                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                app.UseServices(services =>
                 {
-                    AuthenticationType = "External"
+                    services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                    {
+                        options.SignInAsAuthenticationType = "External";
+                    });
+                });
+                app.UseCookieAuthentication(options =>
+                {
+                    options.AuthenticationType = "External";
                 });
                 if (configure != null)
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index c3b4a4b2c9..7fa89c00ce 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -12,6 +12,7 @@
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.TestHost": "1.0.0-*",
         "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+        "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Moq": "4.2.1312.1622",
         "Xunit.KRunner": "1.0.0-*"
     },

From 485355414719014008bf4d8bbbd8c8bb445dce43 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 7 Oct 2014 12:42:42 -0700
Subject: [PATCH 087/900] #39 - Port the OAuth Bearer middleware from Katana.

---
 samples/SocialSample/SocialSample.kproj       |   2 +-
 samples/SocialSample/Startup.cs               |   1 -
 samples/SocialSample/project.json             |   1 +
 .../Notifications/BaseValidatingContext.cs    | 114 ++++++++++++++++
 .../BaseValidatingTicketContext.cs            |  58 ++++++++
 ...IOAuthBearerAuthenticationNotifications.cs |  37 +++++
 .../OAuthAuthenticatedContext.cs              |   1 -
 .../OAuthBearerAuthenticationNotifications.cs |  73 ++++++++++
 .../Notifications/OAuthChallengeContext.cs    |  32 +++++
 .../OAuthGetUserInformationContext.cs         |   1 -
 .../Notifications/OAuthRequestTokenContext.cs |  32 +++++
 .../OAuthValidateIdentityContext.cs           |  26 ++++
 .../OAuthBearerAuthenticationDefaults.cs      |  17 +++
 .../OAuthBearerAuthenticationExtensions.cs    |  41 ++++++
 .../OAuthBearerAuthenticationHandler.cs       | 126 ++++++++++++++++++
 .../OAuthBearerAuthenticationMiddleware.cs    |  79 +++++++++++
 .../OAuthBearerAuthenticationOptions.cs       |  66 +++++++++
 17 files changed, 703 insertions(+), 4 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingTicketContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthChallengeContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthRequestTokenContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs

diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.kproj
index 982c0c8f5f..2d3d1caf5f 100644
--- a/samples/SocialSample/SocialSample.kproj
+++ b/samples/SocialSample/SocialSample.kproj
@@ -21,7 +21,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>50113</DevelopmentServerPort>
+    <DevelopmentServerPort>12345</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 35480c1cc3..18f17ac0f7 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -28,7 +28,6 @@ namespace CookieSample
             {
                 services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
                 {
-
                     options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
                 });
             });
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 84bb6d1c95..40f05e17c5 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -7,6 +7,7 @@
         "Microsoft.AspNet.Security.Google": "1.0.0-*",
         "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.DependencyInjection": "1.0.0-*",
         "Microsoft.Framework.OptionsModel": "1.0.0-*"
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingContext.cs
new file mode 100644
index 0000000000..0957d9fd61
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingContext.cs
@@ -0,0 +1,114 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Base class used for certain event contexts
+    /// </summary>
+    public abstract class BaseValidatingContext<TOptions> : BaseContext<TOptions>
+    {
+        /// <summary>
+        /// Initializes base class used for certain event contexts
+        /// </summary>
+        protected BaseValidatingContext(
+            HttpContext context,
+            TOptions options)
+            : base(context, options)
+        {
+        }
+
+        /// <summary>
+        /// True if application code has called any of the Validate methods on this context.
+        /// </summary>
+        public bool IsValidated { get; private set; }
+
+        /// <summary>
+        /// True if application code has called any of the SetError methods on this context.
+        /// </summary>
+        public bool HasError { get; private set; }
+
+        /// <summary>
+        /// The error argument provided when SetError was called on this context. This is eventually
+        /// returned to the client app as the OAuth "error" parameter.
+        /// </summary>
+        public string Error { get; private set; }
+
+        /// <summary>
+        /// The optional errorDescription argument provided when SetError was called on this context. This is eventually
+        /// returned to the client app as the OAuth "error_description" parameter.
+        /// </summary>
+        public string ErrorDescription { get; private set; }
+
+        /// <summary>
+        /// The optional errorUri argument provided when SetError was called on this context. This is eventually
+        /// returned to the client app as the OAuth "error_uri" parameter.
+        /// </summary>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "error_uri is a string value in the protocol")]
+        public string ErrorUri { get; private set; }
+
+        /// <summary>
+        /// Marks this context as validated by the application. IsValidated becomes true and HasError becomes false as a result of calling.
+        /// </summary>
+        /// <returns>True if the validation has taken effect.</returns>
+        public virtual bool Validated()
+        {
+            IsValidated = true;
+            HasError = false;
+            return true;
+        }
+
+        /// <summary>
+        /// Marks this context as not validated by the application. IsValidated and HasError become false as a result of calling.
+        /// </summary>
+        public virtual void Rejected()
+        {
+            IsValidated = false;
+            HasError = false;
+        }
+
+        /// <summary>
+        /// Marks this context as not validated by the application and assigns various error information properties. 
+        /// HasError becomes true and IsValidated becomes false as a result of calling.
+        /// </summary>
+        /// <param name="error">Assigned to the Error property</param>
+        public void SetError(string error)
+        {
+            SetError(error, null);
+        }
+
+        /// <summary>
+        /// Marks this context as not validated by the application and assigns various error information properties. 
+        /// HasError becomes true and IsValidated becomes false as a result of calling.
+        /// </summary>
+        /// <param name="error">Assigned to the Error property</param>
+        /// <param name="errorDescription">Assigned to the ErrorDescription property</param>
+        public void SetError(string error,
+            string errorDescription)
+        {
+            SetError(error, errorDescription, null);
+        }
+
+        /// <summary>
+        /// Marks this context as not validated by the application and assigns various error information properties. 
+        /// HasError becomes true and IsValidated becomes false as a result of calling.
+        /// </summary>
+        /// <param name="error">Assigned to the Error property</param>
+        /// <param name="errorDescription">Assigned to the ErrorDescription property</param>
+        /// <param name="errorUri">Assigned to the ErrorUri property</param>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "error_uri is a string value in the protocol")]
+        public void SetError(string error,
+            string errorDescription,
+            string errorUri)
+        {
+            Error = error;
+            ErrorDescription = errorDescription;
+            ErrorUri = errorUri;
+            Rejected();
+            HasError = true;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingTicketContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingTicketContext.cs
new file mode 100644
index 0000000000..c6528619bc
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingTicketContext.cs
@@ -0,0 +1,58 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Base class used for certain event contexts
+    /// </summary>
+    public abstract class BaseValidatingTicketContext<TOptions> : BaseValidatingContext<TOptions>
+    {
+        /// <summary>
+        /// Initializes base class used for certain event contexts
+        /// </summary>
+        protected BaseValidatingTicketContext(
+            HttpContext context,
+            TOptions options,
+            AuthenticationTicket ticket)
+            : base(context, options)
+        {
+            Ticket = ticket;
+        }
+
+        /// <summary>
+        /// Contains the identity and properties for the application to authenticate. If the Validated method
+        /// is invoked with an AuthenticationTicket or ClaimsIdentity argument, that new value is assigned to 
+        /// this property in addition to changing IsValidated to true.
+        /// </summary>
+        public AuthenticationTicket Ticket { get; private set; }
+
+        /// <summary>
+        /// Replaces the ticket information on this context and marks it as as validated by the application. 
+        /// IsValidated becomes true and HasError becomes false as a result of calling.
+        /// </summary>
+        /// <param name="ticket">Assigned to the Ticket property</param>
+        /// <returns>True if the validation has taken effect.</returns>
+        public bool Validated(AuthenticationTicket ticket)
+        {
+            Ticket = ticket;
+            return Validated();
+        }
+
+        /// <summary>
+        /// Alters the ticket information on this context and marks it as as validated by the application. 
+        /// IsValidated becomes true and HasError becomes false as a result of calling.
+        /// </summary>
+        /// <param name="identity">Assigned to the Ticket.Identity property</param>
+        /// <returns>True if the validation has taken effect.</returns>
+        public bool Validated(ClaimsIdentity identity)
+        {
+            AuthenticationProperties properties = Ticket != null ? Ticket.Properties : new AuthenticationProperties();
+            return Validated(new AuthenticationTicket(identity, properties));
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs
new file mode 100644
index 0000000000..048d8f2927
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs
@@ -0,0 +1,37 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Specifies callback methods which the <see cref="OAuthBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// </summary>
+    public interface IOAuthBearerAuthenticationNotifications
+    {
+        /// <summary>
+        /// Invoked before the <see cref="System.Security.Claims.ClaimsIdentity"/> is created. Gives the application an 
+        /// opportunity to find the identity from a different location, adjust, or reject the token.
+        /// </summary>
+        /// <param name="context">Contains the token string.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task RequestToken(OAuthRequestTokenContext context);
+
+        /// <summary>
+        /// Called each time a request identity has been validated by the middleware. By implementing this method the
+        /// application may alter or reject the identity which has arrived with the request.
+        /// </summary>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ValidateIdentity(OAuthValidateIdentityContext context);
+
+        /// <summary>
+        /// Called each time a challenge is being sent to the client. By implementing this method the application
+        /// may modify the challenge as needed.
+        /// </summary>
+        /// <param name="context">Contains the default challenge.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        Task ApplyChallenge(OAuthChallengeContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
index a651767e8e..5817071536 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Globalization;
-using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs
new file mode 100644
index 0000000000..2c24f3ff1f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs
@@ -0,0 +1,73 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// OAuth bearer token middleware provider
+    /// </summary>
+    public class OAuthBearerAuthenticationNotifications : IOAuthBearerAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="OAuthBearerAuthenticationProvider"/> class
+        /// </summary>
+        public OAuthBearerAuthenticationNotifications()
+        {
+            OnRequestToken = context => Task.FromResult<object>(null);
+            OnValidateIdentity = context => Task.FromResult<object>(null);
+            OnApplyChallenge = context =>
+            {
+                context.HttpContext.Response.Headers.AppendValues("WWW-Authenticate", context.Challenge);
+                return Task.FromResult(0);
+            };
+        }
+
+        /// <summary>
+        /// Handles processing OAuth bearer token.
+        /// </summary>
+        public Func<OAuthRequestTokenContext, Task> OnRequestToken { get; set; }
+
+        /// <summary>
+        /// Handles validating the identity produced from an OAuth bearer token.
+        /// </summary>
+        public Func<OAuthValidateIdentityContext, Task> OnValidateIdentity { get; set; }
+
+        /// <summary>
+        /// Handles applying the authentication challenge to the response message.
+        /// </summary>
+        public Func<OAuthChallengeContext, Task> OnApplyChallenge { get; set; }
+
+        /// <summary>
+        /// Handles processing OAuth bearer token.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        public virtual Task RequestToken(OAuthRequestTokenContext context)
+        {
+            return OnRequestToken(context);
+        }
+
+        /// <summary>
+        /// Handles validating the identity produced from an OAuth bearer token.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        public virtual Task ValidateIdentity(OAuthValidateIdentityContext context)
+        {
+            return OnValidateIdentity.Invoke(context);
+        }
+
+        /// <summary>
+        /// Handles applying the authentication challenge to the response message.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        public Task ApplyChallenge(OAuthChallengeContext context)
+        {
+            return OnApplyChallenge(context);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthChallengeContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthChallengeContext.cs
new file mode 100644
index 0000000000..6f50169143
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthChallengeContext.cs
@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Specifies the HTTP response header for the bearer authentication scheme.
+    /// </summary>
+    public class OAuthChallengeContext : BaseContext
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthRequestTokenContext"/>
+        /// </summary>
+        /// <param name="context">HTTP environment</param>
+        /// <param name="challenge">The www-authenticate header value.</param>
+        public OAuthChallengeContext(
+            HttpContext context,
+            string challenge)
+            : base(context)
+        {
+            Challenge = challenge;
+        }
+
+        /// <summary>
+        /// The www-authenticate header value.
+        /// </summary>
+        public string Challenge { get; protected set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
index 5886d1b546..15d76c6eb3 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
@@ -8,7 +8,6 @@ using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Notifications;
-using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Security.OAuth
 {
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthRequestTokenContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthRequestTokenContext.cs
new file mode 100644
index 0000000000..785fa175d8
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthRequestTokenContext.cs
@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Specifies the HTTP request header for the bearer authentication scheme.
+    /// </summary>
+    public class OAuthRequestTokenContext : BaseContext
+    {
+        /// <summary>
+        /// Initializes a new <see cref="OAuthRequestTokenContext"/>
+        /// </summary>
+        /// <param name="context">HTTP environment</param>
+        /// <param name="token">The authorization header value.</param>
+        public OAuthRequestTokenContext(
+            HttpContext context,
+            string token)
+            : base(context)
+        {
+            Token = token;
+        }
+
+        /// <summary>
+        /// The authorization header value
+        /// </summary>
+        public string Token { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs
new file mode 100644
index 0000000000..5dc04ffb40
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Contains the authentication ticket data from an OAuth bearer token.
+    /// </summary>
+    public class OAuthValidateIdentityContext : BaseValidatingTicketContext<OAuthBearerAuthenticationOptions>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="OAuthValidateIdentityContext"/> class
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="options"></param>
+        /// <param name="ticket"></param>
+        public OAuthValidateIdentityContext(
+            HttpContext context,
+            OAuthBearerAuthenticationOptions options,
+            AuthenticationTicket ticket) : base(context, options, ticket)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationDefaults.cs
new file mode 100644
index 0000000000..70f1f1e616
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationDefaults.cs
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Default values used by authorization server and bearer authentication.
+    /// </summary>
+    public static class OAuthBearerAuthenticationDefaults
+    {
+        /// <summary>
+        /// Default value for AuthenticationType property in the OAuthBearerAuthenticationOptions and
+        /// OAuthAuthorizationServerOptions.
+        /// </summary>
+        public const string AuthenticationType = "Bearer";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
new file mode 100644
index 0000000000..118598120e
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
@@ -0,0 +1,41 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Security.OAuth;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods to add OAuth Bearer authentication capabilities to an HTTP application pipeline
+    /// </summary>
+    public static class OAuthBearerAuthenticationExtensions
+    {
+        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OAuthBearerAuthenticationOptions> configure)
+        {
+            return services.ConfigureOptions(configure);
+        }
+
+        /// <summary>
+        /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
+        /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
+        /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
+        /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
+        /// any time to obtain the claims from the request's bearer token.
+        /// See also http://tools.ietf.org/html/rfc6749
+        /// </summary>
+        /// <param name="app">The application builder</param>
+        /// <param name="options">Options which control the processing of the bearer header.</param>
+        /// <returns>The application builder</returns>
+        public static IApplicationBuilder UseOAuthBearerAuthentication([NotNull] this IApplicationBuilder app, Action<OAuthBearerAuthenticationOptions> configureOptions = null, string optionsName = "")
+        {
+            return app.UseMiddleware<OAuthBearerAuthenticationMiddleware>(
+                new OptionsAction<OAuthBearerAuthenticationOptions>(configureOptions ?? (o => { }))
+                {
+                    Name = optionsName
+                });
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
new file mode 100644
index 0000000000..b49db1f715
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
@@ -0,0 +1,126 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    internal class OAuthBearerAuthenticationHandler : AuthenticationHandler<OAuthBearerAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+        private readonly string _challenge;
+
+        public OAuthBearerAuthenticationHandler(ILogger logger, string challenge)
+        {
+            _logger = logger;
+            _challenge = challenge;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().Result;
+        }
+
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            try
+            {
+                // Find token in default location
+                string requestToken = null;
+                string authorization = Request.Headers.Get("Authorization");
+                if (!string.IsNullOrEmpty(authorization))
+                {
+                    if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
+                    {
+                        requestToken = authorization.Substring("Bearer ".Length).Trim();
+                    }
+                }
+
+                // Give application opportunity to find from a different location, adjust, or reject token
+                var requestTokenContext = new OAuthRequestTokenContext(Context, requestToken);
+                await Options.Notifications.RequestToken(requestTokenContext);
+
+                // If no token found, no further work possible
+                if (string.IsNullOrEmpty(requestTokenContext.Token))
+                {
+                    return null;
+                }
+
+                // Call provider to process the token into data
+                var tokenReceiveContext = new AuthenticationTokenReceiveContext(
+                    Context,
+                    Options.AccessTokenFormat,
+                    requestTokenContext.Token);
+
+                await Options.AccessTokenProvider.ReceiveAsync(tokenReceiveContext);
+                if (tokenReceiveContext.Ticket == null)
+                {
+                    tokenReceiveContext.DeserializeTicket(tokenReceiveContext.Token);
+                }
+
+                AuthenticationTicket ticket = tokenReceiveContext.Ticket;
+                if (ticket == null)
+                {
+                    _logger.WriteWarning("invalid bearer token received");
+                    return null;
+                }
+
+                // Validate expiration time if present
+                DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
+
+                if (ticket.Properties.ExpiresUtc.HasValue &&
+                    ticket.Properties.ExpiresUtc.Value < currentUtc)
+                {
+                    _logger.WriteWarning("expired bearer token received");
+                    return null;
+                }
+
+                // Give application final opportunity to override results
+                var context = new OAuthValidateIdentityContext(Context, Options, ticket);
+                if (ticket != null &&
+                    ticket.Identity != null &&
+                    ticket.Identity.IsAuthenticated)
+                {
+                    // bearer token with identity starts validated
+                    context.Validated();
+                }
+
+                await Options.Notifications.ValidateIdentity(context);
+                if (!context.IsValidated)
+                {
+                    return null;
+                }
+
+                // resulting identity values go back to caller
+                return context.Ticket;
+            }
+            catch (Exception ex)
+            {
+                _logger.WriteError("Authentication failed", ex);
+                return null;
+            }
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            if (Response.StatusCode != 401)
+            {
+                return;
+            }
+
+            if (ChallengeContext != null)
+            {
+                OAuthChallengeContext challengeContext = new OAuthChallengeContext(Context, _challenge);
+                Options.Notifications.ApplyChallenge(challengeContext);
+            }
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            // N/A
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..715d43b13f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
@@ -0,0 +1,79 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
+    /// created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication
+    /// extension method.
+    /// </summary>
+    public class OAuthBearerAuthenticationMiddleware : AuthenticationMiddleware<OAuthBearerAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+
+        private readonly string _challenge;
+
+        /// <summary>
+        /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
+        /// called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication 
+        /// extension method.
+        /// </summary>
+        public OAuthBearerAuthenticationMiddleware(
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IOptionsAccessor<OAuthBearerAuthenticationOptions> options,
+            IOptionsAction<OAuthBearerAuthenticationOptions> configureOptions)
+            : base(next, options, configureOptions)
+        {
+            _logger = loggerFactory.Create<OAuthBearerAuthenticationMiddleware>();
+
+            if (!string.IsNullOrWhiteSpace(Options.Challenge))
+            {
+                _challenge = Options.Challenge;
+            }
+            else if (string.IsNullOrWhiteSpace(Options.Realm))
+            {
+                _challenge = "Bearer";
+            }
+            else
+            {
+                _challenge = "Bearer realm=\"" + Options.Realm + "\"";
+            }
+
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new OAuthBearerAuthenticationNotifications();
+            }
+
+            if (Options.AccessTokenFormat == null)
+            {
+                var dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                    this.GetType().FullName, Options.AuthenticationType, "v1");
+                Options.AccessTokenFormat = new TicketDataFormat(dataProtector);
+            }
+
+            if (Options.AccessTokenProvider == null)
+            {
+                Options.AccessTokenProvider = new AuthenticationTokenProvider();
+            }
+        }
+
+        /// <summary>
+        /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
+        /// </summary>
+        /// <returns>A new instance of the request handler</returns>
+        protected override AuthenticationHandler<OAuthBearerAuthenticationOptions> CreateHandler()
+        {
+            return new OAuthBearerAuthenticationHandler(_logger, _challenge);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs
new file mode 100644
index 0000000000..d2f9b9190b
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs
@@ -0,0 +1,66 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security.Infrastructure;
+
+namespace Microsoft.AspNet.Security.OAuth
+{
+    /// <summary>
+    /// Options class provides information needed to control Bearer Authentication middleware behavior
+    /// </summary>
+    public class OAuthBearerAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// Creates an instance of bearer authentication options with default values.
+        /// </summary>
+        public OAuthBearerAuthenticationOptions() : base()
+        {
+            SystemClock = new SystemClock();
+            AuthenticationType = OAuthBearerAuthenticationDefaults.AuthenticationType;
+        }
+
+        /// <summary>
+        /// Determines what realm value is included when the bearer middleware adds a response header to an unauthorized request.
+        /// If not assigned, the response header does not have a realm.
+        /// </summary>
+        public string Realm { get; set; }
+
+        /// <summary>
+        /// Specifies the full challenge to send to the client, and should start with "Bearer". If a challenge is provided then the
+        /// Realm property is ignored. If no challenge is specified then one is created using "Bearer" and the value of the Realm
+        /// property.
+        /// </summary>
+        public string Challenge { get; set; }
+
+        /// <summary>
+        /// The object provided by the application to process events raised by the bearer authentication middleware.
+        /// The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider
+        /// and assign delegates only to the events it wants to process.
+        /// </summary>
+        public IOAuthBearerAuthenticationNotifications Notifications { get; set; }
+
+        /// <summary>
+        /// The data format used to un-protect the information contained in the access token.
+        /// If not provided by the application the default data protection provider depends on the host server. 
+        /// The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted
+        /// servers will use DPAPI data protection. If a different access token
+        /// provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider 
+        /// and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorization server.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationTicket> AccessTokenFormat { get; set; }
+
+        /// <summary>
+        /// Receives the bearer token the client application will be providing to web application. If not provided the token 
+        /// produced on the server's default data protection by using the AccessTokenFormat. If a different access token
+        /// provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider 
+        /// and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorization server.
+        /// </summary>
+        public IAuthenticationTokenProvider AccessTokenProvider { get; set; }
+
+        /// <summary>
+        /// Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on
+        /// DateTimeOffset.UtcNow. This is typically needed only for unit testing.
+        /// </summary>
+        public ISystemClock SystemClock { get; set; }
+    }
+}

From e9038b40f1ba2d3f27833307bc7805ba6d20fa86 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 9 Oct 2014 14:15:58 -0700
Subject: [PATCH 088/900] React to UsePerRequestServices

---
 samples/CookieSample/Startup.cs                               | 2 +-
 samples/CookieSessionSample/Startup.cs                        | 2 +-
 samples/SocialSample/Startup.cs                               | 2 +-
 .../Cookies/CookieMiddlewareTests.cs                          | 2 +-
 .../Facebook/FacebookMiddlewareTests.cs                       | 4 ++--
 .../Google/GoogleMiddlewareTests.cs                           | 2 +-
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs       | 2 +-
 .../Twitter/TwitterMiddlewareTests.cs                         | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index fc78aec37d..48c05fb7d6 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -9,7 +9,7 @@ namespace CookieSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UseServices(services => { });
+            app.UsePerRequestServices(services => { });
             app.UseCookieAuthentication(options =>
             {
             });
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index a4217e6d2b..7772a392e6 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -10,7 +10,7 @@ namespace CookieSessionSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UseServices(services => { });
+            app.UsePerRequestServices(services => { });
             app.UseCookieAuthentication(options => 
             {
                 options.SessionStore = new MemoryCacheSessionStore();
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 18f17ac0f7..1836cc02ae 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -24,7 +24,7 @@ namespace CookieSample
         {
             app.UseErrorPage();
 
-            app.UseServices(services =>
+            app.UsePerRequestServices(services =>
             {
                 services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index a02dc14752..63b2c0f72d 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -369,7 +369,7 @@ namespace Microsoft.AspNet.Security.Cookies
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services => { });
+                app.UsePerRequestServices(services => { });
                 app.UseCookieAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 2f800c4933..5e78bccda4 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Security.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseServices(services =>
+                    app.UsePerRequestServices(services =>
                     {
                         services.ConfigureFacebookAuthentication(options =>
                         {
@@ -70,7 +70,7 @@ namespace Microsoft.AspNet.Security.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseServices(services =>
+                    app.UsePerRequestServices(services =>
                     {
                         services.ConfigureFacebookAuthentication(options =>
                         {
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index 2a58baf167..1993a56aea 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -465,7 +465,7 @@ namespace Microsoft.AspNet.Security.Google
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
+                app.UsePerRequestServices(services =>
                 {
                     services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
                     {
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 3a90d5fc51..d2372cc0a5 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -163,7 +163,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
+                app.UsePerRequestServices(services =>
                 {
                     services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
                     {
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index 31afcfa7a9..0fe4a82300 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -109,7 +109,7 @@ namespace Microsoft.AspNet.Security.Twitter
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
+                app.UsePerRequestServices(services =>
                 {
                     services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
                     {

From d598b83e33d407a8a150761b71f9d182015c8836 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 10 Oct 2014 10:34:22 -0700
Subject: [PATCH 089/900] Reacting to CLR package versioning changes

---
 samples/CookieSessionSample/project.json      |  2 +-
 .../project.json                              | 34 ++++++-------
 .../project.json                              | 40 ++++++++--------
 .../project.json                              | 40 ++++++++--------
 .../project.json                              | 44 ++++++++---------
 .../project.json                              | 48 +++++++++----------
 .../project.json                              | 44 ++++++++---------
 src/Microsoft.AspNet.Security/project.json    | 36 +++++++-------
 .../project.json                              |  2 +-
 9 files changed, 145 insertions(+), 145 deletions(-)

diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 660715f5f1..9e28721e3f 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,4 +1,4 @@
-{
+{
   "dependencies": {
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 154d018216..c9e89b1c4c 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -12,24 +12,24 @@
     "aspnet50": {},
     "aspnetcore50": {
       "dependencies": {
-        "System.Collections": "4.0.10.0",
-        "System.ComponentModel": "4.0.0.0",
-        "System.Console": "4.0.0.0",
-        "System.Diagnostics.Debug": "4.0.10.0",
-        "System.Diagnostics.Tools": "4.0.0.0",
-        "System.Globalization": "4.0.10.0",
-        "System.IO": "4.0.10.0",
-        "System.IO.Compression": "4.0.0.0",
-        "System.Linq": "4.0.0.0",
-        "System.Reflection": "4.0.10.0",
-        "System.Resources.ResourceManager": "4.0.0.0",
-        "System.Runtime": "4.0.20.0",
-        "System.Runtime.Extensions": "4.0.10.0",
-        "System.Runtime.InteropServices": "4.0.20.0",
+        "System.Collections": "4.0.10-beta-*",
+        "System.ComponentModel": "4.0.0-beta-*",
+        "System.Console": "4.0.0-beta-*",
+        "System.Diagnostics.Debug": "4.0.10-beta-*",
+        "System.Diagnostics.Tools": "4.0.0-beta-*",
+        "System.Globalization": "4.0.10-beta-*",
+        "System.IO": "4.0.10-beta-*",
+        "System.IO.Compression": "4.0.0-beta-*",
+        "System.Linq": "4.0.0-beta-*",
+        "System.Reflection": "4.0.10-beta-*",
+        "System.Resources.ResourceManager": "4.0.0-beta-*",
+        "System.Runtime": "4.0.20-beta-*",
+        "System.Runtime.Extensions": "4.0.10-beta-*",
+        "System.Runtime.InteropServices": "4.0.20-beta-*",
         "System.Security.Claims": "1.0.0-*",
-        "System.Security.Principal" : "4.0.0.0",
-        "System.Threading": "4.0.0.0",
-        "System.Threading.Tasks": "4.0.10.0"
+        "System.Security.Principal" : "4.0.0-beta-*",
+        "System.Threading": "4.0.0-beta-*",
+        "System.Threading.Tasks": "4.0.10-beta-*"
       }
     }
   }
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 06da113a74..81ff96e818 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -13,31 +13,31 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0.0"
+                "System.Net.Http": "4.0.0-beta-*"
             }
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10.0",
-                "System.ComponentModel": "4.0.0.0",
-                "System.Console": "4.0.0.0",
-                "System.Diagnostics.Debug": "4.0.10.0",
-                "System.Diagnostics.Tools": "4.0.0.0",
-                "System.Globalization": "4.0.10.0",
-                "System.IO": "4.0.10.0",
-                "System.IO.Compression": "4.0.0.0",
-                "System.Linq": "4.0.0.0",
-                "System.Reflection": "4.0.10.0",
-                "System.Resources.ResourceManager": "4.0.0.0",
-                "System.Runtime": "4.0.20.0",
-                "System.Runtime.Extensions": "4.0.10.0",
-                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Collections": "4.0.10-beta-*",
+                "System.ComponentModel": "4.0.0-beta-*",
+                "System.Console": "4.0.0-beta-*",
+                "System.Diagnostics.Debug": "4.0.10-beta-*",
+                "System.Diagnostics.Tools": "4.0.0-beta-*",
+                "System.Globalization": "4.0.10-beta-*",
+                "System.IO": "4.0.10-beta-*",
+                "System.IO.Compression": "4.0.0-beta-*",
+                "System.Linq": "4.0.0-beta-*",
+                "System.Reflection": "4.0.10-beta-*",
+                "System.Resources.ResourceManager": "4.0.0-beta-*",
+                "System.Runtime": "4.0.20-beta-*",
+                "System.Runtime.Extensions": "4.0.10-beta-*",
+                "System.Runtime.InteropServices": "4.0.20-beta-*",
                 "System.Security.Claims": "1.0.0-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
-                "System.Security.Principal": "4.0.0.0",
-                "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0",
-                "System.Net.Http": "4.0.0.0"
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
+                "System.Security.Principal": "4.0.0-beta-*",
+                "System.Threading": "4.0.0-beta-*",
+                "System.Threading.Tasks": "4.0.10-beta-*",
+                "System.Net.Http": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 0cc8fa1188..8317a9d149 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -13,31 +13,31 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0.0"
+                "System.Net.Http": "4.0.0-beta-*"
             }
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10.0",
-                "System.ComponentModel": "4.0.0.0",
-                "System.Console": "4.0.0.0",
-                "System.Diagnostics.Debug": "4.0.10.0",
-                "System.Diagnostics.Tools": "4.0.0.0",
-                "System.Globalization": "4.0.10.0",
-                "System.IO": "4.0.10.0",
-                "System.IO.Compression": "4.0.0.0",
-                "System.Linq": "4.0.0.0",
-                "System.Reflection": "4.0.10.0",
-                "System.Resources.ResourceManager": "4.0.0.0",
-                "System.Runtime": "4.0.20.0",
-                "System.Runtime.Extensions": "4.0.10.0",
-                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Collections": "4.0.10-beta-*",
+                "System.ComponentModel": "4.0.0-beta-*",
+                "System.Console": "4.0.0-beta-*",
+                "System.Diagnostics.Debug": "4.0.10-beta-*",
+                "System.Diagnostics.Tools": "4.0.0-beta-*",
+                "System.Globalization": "4.0.10-beta-*",
+                "System.IO": "4.0.10-beta-*",
+                "System.IO.Compression": "4.0.0-beta-*",
+                "System.Linq": "4.0.0-beta-*",
+                "System.Reflection": "4.0.10-beta-*",
+                "System.Resources.ResourceManager": "4.0.0-beta-*",
+                "System.Runtime": "4.0.20-beta-*",
+                "System.Runtime.Extensions": "4.0.10-beta-*",
+                "System.Runtime.InteropServices": "4.0.20-beta-*",
                 "System.Security.Claims": "1.0.0-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
-                "System.Security.Principal": "4.0.0.0",
-                "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0",
-                "System.Net.Http": "4.0.0.0"
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
+                "System.Security.Principal": "4.0.0-beta-*",
+                "System.Threading": "4.0.0-beta-*",
+                "System.Threading.Tasks": "4.0.10-beta-*",
+                "System.Net.Http": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 08fee1520f..6c3046d7c2 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -13,33 +13,33 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0.0"
+                "System.Net.Http": "4.0.0-beta-*"
             }
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10.0",
-                "System.ComponentModel": "4.0.0.0",
-                "System.Console": "4.0.0.0",
-                "System.Diagnostics.Debug": "4.0.10.0",
-                "System.Diagnostics.Tools": "4.0.0.0",
-                "System.Dynamic.Runtime": "4.0.0.0",
-                "System.Globalization": "4.0.10.0",
-                "System.IO": "4.0.10.0",
-                "System.IO.Compression": "4.0.0.0",
-                "System.Linq": "4.0.0.0",
-                "System.ObjectModel": "4.0.10.0",
-                "System.Reflection": "4.0.10.0",
-                "System.Resources.ResourceManager": "4.0.0.0",
-                "System.Runtime": "4.0.20.0",
-                "System.Runtime.Extensions": "4.0.10.0",
-                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Collections": "4.0.10-beta-*",
+                "System.ComponentModel": "4.0.0-beta-*",
+                "System.Console": "4.0.0-beta-*",
+                "System.Diagnostics.Debug": "4.0.10-beta-*",
+                "System.Diagnostics.Tools": "4.0.0-beta-*",
+                "System.Dynamic.Runtime": "4.0.0-beta-*",
+                "System.Globalization": "4.0.10-beta-*",
+                "System.IO": "4.0.10-beta-*",
+                "System.IO.Compression": "4.0.0-beta-*",
+                "System.Linq": "4.0.0-beta-*",
+                "System.ObjectModel": "4.0.10-beta-*",
+                "System.Reflection": "4.0.10-beta-*",
+                "System.Resources.ResourceManager": "4.0.0-beta-*",
+                "System.Runtime": "4.0.20-beta-*",
+                "System.Runtime.Extensions": "4.0.10-beta-*",
+                "System.Runtime.InteropServices": "4.0.20-beta-*",
                 "System.Security.Claims": "1.0.0-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
-                "System.Security.Principal": "4.0.0.0",
-                "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0",
-                "System.Net.Http": "4.0.0.0"
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
+                "System.Security.Principal": "4.0.0-beta-*",
+                "System.Threading": "4.0.0-beta-*",
+                "System.Threading.Tasks": "4.0.10-beta-*",
+                "System.Net.Http": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 0d4766cadb..4e7a3227e6 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -11,35 +11,35 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http.WebRequest": "4.0.0.0",
-                "System.Net.Http": "4.0.0.0"
+                "System.Net.Http.WebRequest": "4.0.0-beta-*",
+                "System.Net.Http": "4.0.0-beta-*"
             }
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10.0",
-                "System.ComponentModel": "4.0.0.0",
-                "System.Console": "4.0.0.0",
-                "System.Diagnostics.Debug": "4.0.10.0",
-                "System.Diagnostics.Tools": "4.0.0.0",
-                "System.Dynamic.Runtime": "4.0.0.0",
-                "System.Globalization": "4.0.10.0",
-                "System.IO": "4.0.10.0",
-                "System.IO.Compression": "4.0.0.0",
-                "System.Linq": "4.0.0.0",
-                "System.Net.Http.WinHttpHandler": "4.0.0.0",
-                "System.ObjectModel": "4.0.10.0",
-                "System.Reflection": "4.0.10.0",
-                "System.Resources.ResourceManager": "4.0.0.0",
-                "System.Runtime": "4.0.20.0",
-                "System.Runtime.Extensions": "4.0.10.0",
-                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Collections": "4.0.10-beta-*",
+                "System.ComponentModel": "4.0.0-beta-*",
+                "System.Console": "4.0.0-beta-*",
+                "System.Diagnostics.Debug": "4.0.10-beta-*",
+                "System.Diagnostics.Tools": "4.0.0-beta-*",
+                "System.Dynamic.Runtime": "4.0.0-beta-*",
+                "System.Globalization": "4.0.10-beta-*",
+                "System.IO": "4.0.10-beta-*",
+                "System.IO.Compression": "4.0.0-beta-*",
+                "System.Linq": "4.0.0-beta-*",
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
+                "System.ObjectModel": "4.0.10-beta-*",
+                "System.Reflection": "4.0.10-beta-*",
+                "System.Resources.ResourceManager": "4.0.0-beta-*",
+                "System.Runtime": "4.0.20-beta-*",
+                "System.Runtime.Extensions": "4.0.10-beta-*",
+                "System.Runtime.InteropServices": "4.0.20-beta-*",
                 "System.Security.Claims": "1.0.0-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
-                "System.Security.Principal": "4.0.0.0",
-                "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0",
-                "System.Net.Http": "4.0.0.0"
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
+                "System.Security.Principal": "4.0.0-beta-*",
+                "System.Threading": "4.0.0-beta-*",
+                "System.Threading.Tasks": "4.0.10-beta-*",
+                "System.Net.Http": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index f5e8ef324d..f838f0dc29 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -12,33 +12,33 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http.WebRequest": "4.0.0.0",
-                "System.Net.Http": "4.0.0.0"
+                "System.Net.Http.WebRequest": "4.0.0-beta-*",
+                "System.Net.Http": "4.0.0-beta-*"
             }
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10.0",
-                "System.ComponentModel": "4.0.0.0",
-                "System.Console": "4.0.0.0",
-                "System.Diagnostics.Debug": "4.0.10.0",
-                "System.Diagnostics.Tools": "4.0.0.0",
-                "System.Globalization": "4.0.10.0",
-                "System.IO": "4.0.10.0",
-                "System.IO.Compression": "4.0.0.0",
-                "System.Linq": "4.0.0.0",
-                "System.Net.Http.WinHttpHandler": "4.0.0.0",
-                "System.Reflection": "4.0.10.0",
-                "System.Resources.ResourceManager": "4.0.0.0",
-                "System.Runtime": "4.0.20.0",
-                "System.Runtime.Extensions": "4.0.10.0",
-                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Collections": "4.0.10-beta-*",
+                "System.ComponentModel": "4.0.0-beta-*",
+                "System.Console": "4.0.0-beta-*",
+                "System.Diagnostics.Debug": "4.0.10-beta-*",
+                "System.Diagnostics.Tools": "4.0.0-beta-*",
+                "System.Globalization": "4.0.10-beta-*",
+                "System.IO": "4.0.10-beta-*",
+                "System.IO.Compression": "4.0.0-beta-*",
+                "System.Linq": "4.0.0-beta-*",
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
+                "System.Reflection": "4.0.10-beta-*",
+                "System.Resources.ResourceManager": "4.0.0-beta-*",
+                "System.Runtime": "4.0.20-beta-*",
+                "System.Runtime.Extensions": "4.0.10-beta-*",
+                "System.Runtime.InteropServices": "4.0.20-beta-*",
                 "System.Security.Claims": "1.0.0-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0.0",
-                "System.Security.Principal": "4.0.0.0",
-                "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0",
-                "System.Net.Http": "4.0.0.0"
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
+                "System.Security.Principal": "4.0.0-beta-*",
+                "System.Threading": "4.0.0-beta-*",
+                "System.Threading.Tasks": "4.0.10-beta-*",
+                "System.Net.Http": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 502d45043f..176c631f7b 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -12,25 +12,25 @@
         "aspnet50": { },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10.0",
-                "System.ComponentModel": "4.0.0.0",
-                "System.Console": "4.0.0.0",
-                "System.Diagnostics.Debug": "4.0.10.0",
-                "System.Diagnostics.Tools": "4.0.0.0",
-                "System.Globalization": "4.0.10.0",
-                "System.IO": "4.0.10.0",
-                "System.IO.Compression": "4.0.0.0",
-                "System.Linq": "4.0.0.0",
-                "System.Reflection": "4.0.10.0",
-                "System.Resources.ResourceManager": "4.0.0.0",
-                "System.Runtime": "4.0.20.0",
-                "System.Runtime.Extensions": "4.0.10.0",
-                "System.Runtime.InteropServices": "4.0.20.0",
+                "System.Collections": "4.0.10-beta-*",
+                "System.ComponentModel": "4.0.0-beta-*",
+                "System.Console": "4.0.0-beta-*",
+                "System.Diagnostics.Debug": "4.0.10-beta-*",
+                "System.Diagnostics.Tools": "4.0.0-beta-*",
+                "System.Globalization": "4.0.10-beta-*",
+                "System.IO": "4.0.10-beta-*",
+                "System.IO.Compression": "4.0.0-beta-*",
+                "System.Linq": "4.0.0-beta-*",
+                "System.Reflection": "4.0.10-beta-*",
+                "System.Resources.ResourceManager": "4.0.0-beta-*",
+                "System.Runtime": "4.0.20-beta-*",
+                "System.Runtime.Extensions": "4.0.10-beta-*",
+                "System.Runtime.InteropServices": "4.0.20-beta-*",
                 "System.Security.Claims": "1.0.0-*",
-                "System.Security.Cryptography.RandomNumberGenerator": "4.0.0.0",
-                "System.Security.Principal": "4.0.0.0",
-                "System.Threading": "4.0.0.0",
-                "System.Threading.Tasks": "4.0.10.0"
+                "System.Security.Cryptography.RandomNumberGenerator": "4.0.0-beta-*",
+                "System.Security.Principal": "4.0.0-beta-*",
+                "System.Threading": "4.0.0-beta-*",
+                "System.Threading.Tasks": "4.0.10-beta-*"
             }
         }
     }
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 7fa89c00ce..a46009cb1f 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -25,7 +25,7 @@
                 "Shouldly": "1.1.1.1"
             },
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0.0"
+                "System.Net.Http": "4.0.0-beta-*"
             }
         }
     }

From 9e2f9924792da1c19f3b3ae37b292b1070c52686 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 10 Oct 2014 10:57:33 -0700
Subject: [PATCH 090/900] Removing version from framework assemblies node

---
 src/Microsoft.AspNet.Security.Facebook/project.json         | 2 +-
 src/Microsoft.AspNet.Security.Google/project.json           | 2 +-
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 src/Microsoft.AspNet.Security.OAuth/project.json            | 4 ++--
 src/Microsoft.AspNet.Security.Twitter/project.json          | 4 ++--
 test/Microsoft.AspNet.Security.Test/project.json            | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 81ff96e818..a4442582a9 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -13,7 +13,7 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0-beta-*"
+                "System.Net.Http": ""
             }
         },
         "aspnetcore50": {
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 8317a9d149..b50bcd27cb 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -13,7 +13,7 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0-beta-*"
+                "System.Net.Http": ""
             }
         },
         "aspnetcore50": {
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 6c3046d7c2..f85c94de79 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -13,7 +13,7 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0-beta-*"
+                "System.Net.Http": ""
             }
         },
         "aspnetcore50": {
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 4e7a3227e6..7cf7c0fc82 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -11,8 +11,8 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http.WebRequest": "4.0.0-beta-*",
-                "System.Net.Http": "4.0.0-beta-*"
+                "System.Net.Http.WebRequest": "",
+                "System.Net.Http": ""
             }
         },
         "aspnetcore50": {
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index f838f0dc29..f48ebe5ab4 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -12,8 +12,8 @@
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
-                "System.Net.Http.WebRequest": "4.0.0-beta-*",
-                "System.Net.Http": "4.0.0-beta-*"
+                "System.Net.Http.WebRequest": "",
+                "System.Net.Http": ""
             }
         },
         "aspnetcore50": {
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index a46009cb1f..bcff7a978e 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -25,7 +25,7 @@
                 "Shouldly": "1.1.1.1"
             },
             "frameworkAssemblies": {
-                "System.Net.Http": "4.0.0-beta-*"
+                "System.Net.Http": ""
             }
         }
     }

From 2e65a405552395f6e742906b574405a6a5003e05 Mon Sep 17 00:00:00 2001
From: Levi B <levib@yahoo.com>
Date: Fri, 10 Oct 2014 12:21:08 -0700
Subject: [PATCH 091/900] Update Security to account for DataProtector API
 changes.

---
 .../DataProtection/DataProtectionHelpers.cs               | 3 ++-
 .../Google/GoogleMiddlewareTests.cs                       | 8 ++++----
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs   | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
index a043bb83b9..eba80e708a 100644
--- a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
+++ b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
@@ -13,7 +13,8 @@ namespace Microsoft.AspNet.Security.DataProtection
         {
             if (dataProtectionProvider == null)
             {
-                dataProtectionProvider = DataProtectionProvider.CreateFromDpapi();
+                // TODO: Get this from the environment.
+                dataProtectionProvider = new EphemeralDataProtectionProvider();
             }
 
             return dataProtectionProvider.CreateProtector(string.Join(";", purposes));
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index 1993a56aea..c7c931067a 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -215,7 +215,7 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -289,7 +289,7 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ReplyPathWillRejectIfCodeIsInvalid()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -319,7 +319,7 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task ReplyPathWillRejectIfAccessTokenIsMissing()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -349,7 +349,7 @@ namespace Microsoft.AspNet.Security.Google
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("GoogleTest"));
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index d2372cc0a5..2b39e43525 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -84,7 +84,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(DataProtectionProvider.CreateNew().CreateProtector("MsftTest"));
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("MsftTest"));
             var server = CreateServer(
                 options =>
                 {

From 3e88f44552da8e5395cc80d390ce1c9407408e16 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 10 Oct 2014 11:54:26 -0700
Subject: [PATCH 092/900] #69 - Properly delete Twitter state cookie.

---
 .../TwitterAuthenticationHandler.cs                       | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
index 7fbb4fbc3a..7eeac5702d 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -104,7 +104,13 @@ namespace Microsoft.AspNet.Security.Twitter
                     ClaimsIdentity.DefaultRoleClaimType);
                 context.Properties = requestToken.Properties;
 
-                Response.Cookies.Delete(StateCookie);
+                var cookieOptions = new CookieOptions
+                {
+                    HttpOnly = true,
+                    Secure = Request.IsSecure
+                };
+
+                Response.Cookies.Delete(StateCookie, cookieOptions);
 
                 await Options.Notifications.Authenticated(context);
 

From e315a545cb37c6a1a410313dc19c4908eff2ff30 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 10 Oct 2014 12:05:34 -0700
Subject: [PATCH 093/900] #61 - Unit test cleanup.

---
 .../Google/GoogleMiddlewareTests.cs           | 26 ++++++++---------
 .../MicrosoftAccountMiddlewareTests.cs        | 18 ++++++------
 .../Twitter/TwitterMiddlewareTests.cs         | 28 +++++++------------
 3 files changed, 32 insertions(+), 40 deletions(-)

diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index c7c931067a..564935496c 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -223,11 +223,11 @@ namespace Microsoft.AspNet.Security.Google
                 options.StateDataFormat = stateFormat;
                 options.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
-                    Sender = async req =>
+                    Sender = req =>
                     {
                         if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
                         {
-                            return await ReturnJsonResponse(new
+                            return ReturnJsonResponse(new
                             {
                                 access_token = "Test Access Token",
                                 expire_in = 3600,
@@ -236,7 +236,7 @@ namespace Microsoft.AspNet.Security.Google
                         }
                         else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
                         {
-                            return await ReturnJsonResponse(new
+                            return ReturnJsonResponse(new
                             {
                                 id = "Test User ID",
                                 displayName = "Test Name",
@@ -299,7 +299,7 @@ namespace Microsoft.AspNet.Security.Google
                 {
                     Sender = req =>
                     {
-                        return Task.FromResult(new HttpResponseMessage(HttpStatusCode.BadRequest));
+                        return new HttpResponseMessage(HttpStatusCode.BadRequest);
                     }
                 };
             });
@@ -357,11 +357,11 @@ namespace Microsoft.AspNet.Security.Google
                 options.StateDataFormat = stateFormat;
                 options.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
-                    Sender = async req =>
+                    Sender = req =>
                     {
                         if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
                         {
-                            return await ReturnJsonResponse(new
+                            return ReturnJsonResponse(new
                             {
                                 access_token = "Test Access Token",
                                 expire_in = 3600,
@@ -371,7 +371,7 @@ namespace Microsoft.AspNet.Security.Google
                         }
                         else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
                         {
-                            return await ReturnJsonResponse(new
+                            return ReturnJsonResponse(new
                             {
                                 id = "Test User ID",
                                 displayName = "Test Name",
@@ -426,10 +426,10 @@ namespace Microsoft.AspNet.Security.Google
             transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
         }
 
-        private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
+        private static HttpResponseMessage ReturnJsonResponse(object content)
         {
             var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = await Task.Factory.StartNew(() => JsonConvert.SerializeObject(content));
+            var text = JsonConvert.SerializeObject(content);
             res.Content = new StringContent(text, Encoding.UTF8, "application/json");
             return res;
         }
@@ -524,16 +524,16 @@ namespace Microsoft.AspNet.Security.Google
 
         private class TestHttpMessageHandler : HttpMessageHandler
         {
-            public Func<HttpRequestMessage, Task<HttpResponseMessage>> Sender { get; set; }
+            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
 
-            protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
             {
                 if (Sender != null)
                 {
-                    return await Sender(request);
+                    return Task.FromResult(Sender(request));
                 }
 
-                return null;
+                return Task.FromResult<HttpResponseMessage>(null);
             }
         }
 
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 2b39e43525..c42ec18513 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -93,11 +93,11 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
                     options.StateDataFormat = stateFormat;
                     options.BackchannelHttpHandler = new TestHttpMessageHandler
                     {
-                        Sender = async req =>
+                        Sender = req =>
                         {
                             if (req.RequestUri.AbsoluteUri == "https://login.live.com/oauth20_token.srf")
                             {
-                                return await ReturnJsonResponse(new
+                                return ReturnJsonResponse(new
                                 {
                                     access_token = "Test Access Token",
                                     expire_in = 3600,
@@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
                             }
                             else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://apis.live.net/v5.0/me")
                             {
-                                return await ReturnJsonResponse(new
+                                return ReturnJsonResponse(new
                                 {
                                     id = "Test User ID",
                                     name = "Test Name",
@@ -209,10 +209,10 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
             return transaction;
         }
 
-        private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
+        private static HttpResponseMessage ReturnJsonResponse(object content)
         {
             var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = await Task.Factory.StartNew(() => JsonConvert.SerializeObject(content));
+            var text = JsonConvert.SerializeObject(content);
             res.Content = new StringContent(text, Encoding.UTF8, "application/json");
             return res;
         }
@@ -238,16 +238,16 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
 
         private class TestHttpMessageHandler : HttpMessageHandler
         {
-            public Func<HttpRequestMessage, Task<HttpResponseMessage>> Sender { get; set; }
+            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
 
-            protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
             {
                 if (Sender != null)
                 {
-                    return await Sender(request);
+                    return Task.FromResult(Sender(request));
                 }
 
-                return null;
+                return Task.FromResult<HttpResponseMessage>(null);
             }
         }
 
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index 0fe4a82300..e9b54e4bc3 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -43,15 +43,15 @@ namespace Microsoft.AspNet.Security.Twitter
                         {
                             if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
                             {
-                                return Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
+                                return new HttpResponseMessage(HttpStatusCode.OK)
                                 {
                                     Content =
                                         new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
                                             Encoding.UTF8,
                                             "application/x-www-form-urlencoded")
-                                });
+                                };
                             }
-                            return Task.FromResult<HttpResponseMessage>(null);
+                            return null;
                         }
                     };
                     options.BackchannelCertificateValidator = null;
@@ -81,15 +81,15 @@ namespace Microsoft.AspNet.Security.Twitter
                         {
                             if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
                             {
-                                return Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
+                                return new HttpResponseMessage(HttpStatusCode.OK)
                                 {
                                     Content =
                                         new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
                                             Encoding.UTF8,
                                             "application/x-www-form-urlencoded")
-                                });
+                                };
                             }
-                            return Task.FromResult<HttpResponseMessage>(null);
+                            return null;
                         }
                     };
                     options.BackchannelCertificateValidator = null;
@@ -155,26 +155,18 @@ namespace Microsoft.AspNet.Security.Twitter
             return transaction;
         }
 
-        private static async Task<HttpResponseMessage> ReturnJsonResponse(object content)
-        {
-            var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = await Task.Factory.StartNew(() => JsonConvert.SerializeObject(content));
-            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
-            return res;
-        }
-
         private class TestHttpMessageHandler : HttpMessageHandler
         {
-            public Func<HttpRequestMessage, Task<HttpResponseMessage>> Sender { get; set; }
+            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
 
-            protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
             {
                 if (Sender != null)
                 {
-                    return await Sender(request);
+                    return Task.FromResult(Sender(request));
                 }
 
-                return null;
+                return Task.FromResult<HttpResponseMessage>(null);
             }
         }
 

From 6965a66f18a6229a1f7bee76b4b2c499f44b1ca1 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 10 Oct 2014 12:12:48 -0700
Subject: [PATCH 094/900] #59 - Use Task.GetAwaiter().GetResult() instead of
 Task.Result.

---
 .../CookieAuthenticationHandler.cs                            | 4 ++--
 .../OAuthAuthenticationHandler.cs                             | 2 +-
 .../OAuthBearerAuthenticationHandler.cs                       | 2 +-
 .../TwitterAuthenticationHandler.cs                           | 4 ++--
 src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs  | 2 +-
 .../Infrastructure/AuthenticationHandler.cs                   | 4 ++--
 .../DefaultAuthorizationServiceTests.cs                       | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 4a43b58be4..63c524afa6 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
         protected override AuthenticationTicket AuthenticateCore()
         {
-            return AuthenticateCoreAsync().Result;
+            return AuthenticateCoreAsync().GetAwaiter().GetResult();
         }
 
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
@@ -124,7 +124,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
         protected override void ApplyResponseGrant()
         {
-            ApplyResponseGrantAsync().Wait();
+            ApplyResponseGrantAsync().GetAwaiter().GetResult();
         }
 
         protected override async Task ApplyResponseGrantAsync()
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
index eae1463638..5a4ffebbd2 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
@@ -84,7 +84,7 @@ namespace Microsoft.AspNet.Security.OAuth
 
         protected override AuthenticationTicket AuthenticateCore()
         {
-            return AuthenticateCoreAsync().Result;
+            return AuthenticateCoreAsync().GetAwaiter().GetResult();
         }
 
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
index b49db1f715..406085b670 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
@@ -21,7 +21,7 @@ namespace Microsoft.AspNet.Security.OAuth
 
         protected override AuthenticationTicket AuthenticateCore()
         {
-            return AuthenticateCoreAsync().Result;
+            return AuthenticateCoreAsync().GetAwaiter().GetResult();
         }
 
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
index 7eeac5702d..7717642a1d 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -46,7 +46,7 @@ namespace Microsoft.AspNet.Security.Twitter
 
         protected override AuthenticationTicket AuthenticateCore()
         {
-            return AuthenticateCoreAsync().Result;
+            return AuthenticateCoreAsync().GetAwaiter().GetResult();
         }
 
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
@@ -124,7 +124,7 @@ namespace Microsoft.AspNet.Security.Twitter
         }
         protected override void ApplyResponseChallenge()
         {
-            ApplyResponseChallengeAsync().Wait();
+            ApplyResponseChallengeAsync().GetAwaiter().GetResult();
         }
 
         protected override async Task ApplyResponseChallengeAsync()
diff --git a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
index aaa1dbc103..0b05a6d3dd 100644
--- a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
@@ -84,7 +84,7 @@ namespace Microsoft.AspNet.Security
 
         public bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource)
         {
-            return AuthorizeAsync(claims, user, resource).Result;
+            return AuthorizeAsync(claims, user, resource).GetAwaiter().GetResult();
         }
 
         private bool ClaimsMatch([NotNull] IEnumerable<Claim> x, [NotNull] IEnumerable<Claim> y)
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index f7e5adc342..a5fd9876cb 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -183,7 +183,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 () =>
                 {
                     return Task.FromResult(AuthenticateCore());
-                }).Result;
+                }).GetAwaiter().GetResult();
         }
 
         protected abstract AuthenticationTicket AuthenticateCore();
@@ -225,7 +225,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 {
                     ApplyResponseCore();
                     return Task.FromResult(0);
-                }).Wait(); // Block if the async version is in progress.
+                }).GetAwaiter().GetResult(); // Block if the async version is in progress.
         }
 
         protected virtual void ApplyResponseCore()
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index fd3a668a25..a5a003b801 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -242,7 +242,7 @@ namespace Microsoft.AspNet.Security.Test
 
             // Act
             // Assert
-            Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null));
+            Exception ex = Assert.Throws<InvalidOperationException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null));
         }
  
         [Fact]

From 84dfcf5258b12607656edae79fd4dcf9802a3b05 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 14 Oct 2014 19:14:54 -0700
Subject: [PATCH 095/900] React to Options and Hosting changes

---
 samples/CookieSample/Startup.cs                           | 2 +-
 samples/CookieSessionSample/Startup.cs                    | 2 +-
 samples/SocialSample/Startup.cs                           | 2 +-
 .../CookieAuthenticationExtensions.cs                     | 4 ++--
 .../CookieAuthenticationMiddleware.cs                     | 4 ++--
 .../FacebookAuthenticationExtensions.cs                   | 4 ++--
 .../FacebookAuthenticationMiddleware.cs                   | 6 +++---
 .../GoogleAuthenticationExtensions.cs                     | 4 ++--
 .../GoogleAuthenticationMiddleware.cs                     | 6 +++---
 .../MicrosoftAccountAuthenticationExtensions.cs           | 4 ++--
 .../MicrosoftAccountAuthenticationMiddleware.cs           | 6 +++---
 .../OAuthAuthenticationExtensions.cs                      | 2 +-
 .../OAuthAuthenticationMiddleware.cs                      | 6 +++---
 .../OAuthBearerAuthenticationExtensions.cs                | 2 +-
 .../OAuthBearerAuthenticationMiddleware.cs                | 4 ++--
 .../TwitterAuthenticationExtensions.cs                    | 4 ++--
 .../TwitterAuthenticationMiddleware.cs                    | 6 +++---
 .../Infrastructure/AuthenticationMiddleware.cs            | 4 ++--
 .../Cookies/CookieMiddlewareTests.cs                      | 2 +-
 .../Facebook/FacebookMiddlewareTests.cs                   | 8 ++++----
 .../Google/GoogleMiddlewareTests.cs                       | 4 ++--
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs   | 4 ++--
 .../Twitter/TwitterMiddlewareTests.cs                     | 4 ++--
 23 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 48c05fb7d6..fc78aec37d 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -9,7 +9,7 @@ namespace CookieSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UsePerRequestServices(services => { });
+            app.UseServices(services => { });
             app.UseCookieAuthentication(options =>
             {
             });
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 7772a392e6..a4217e6d2b 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -10,7 +10,7 @@ namespace CookieSessionSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UsePerRequestServices(services => { });
+            app.UseServices(services => { });
             app.UseCookieAuthentication(options => 
             {
                 options.SessionStore = new MemoryCacheSessionStore();
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 1836cc02ae..18f17ac0f7 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -24,7 +24,7 @@ namespace CookieSample
         {
             app.UseErrorPage();
 
-            app.UsePerRequestServices(services =>
+            app.UseServices(services =>
             {
                 services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
                 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
index 98d39cca71..191d44da82 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNet.Builder
     {
         public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
         {
-            return services.ConfigureOptions(configure);
+            return services.Configure(configure);
         }
 
         /// <summary>
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Builder
         public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<CookieAuthenticationMiddleware>(
-                new OptionsAction<CookieAuthenticationOptions>(configureOptions ?? (o => { }))
+                new ConfigureOptions<CookieAuthenticationOptions>(configureOptions ?? (o => { }))
                 {
                     Name = optionsName
                 });
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index fff6906658..087820e295 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -20,8 +20,8 @@ namespace Microsoft.AspNet.Security.Cookies
         public CookieAuthenticationMiddleware(RequestDelegate next, 
             IDataProtectionProvider dataProtectionProvider, 
             ILoggerFactory loggerFactory, 
-            IOptionsAccessor<CookieAuthenticationOptions> options,
-            IOptionsAction<CookieAuthenticationOptions> configureOptions)
+            IOptions<CookieAuthenticationOptions> options,
+            ConfigureOptions<CookieAuthenticationOptions> configureOptions)
             : base(next, options, configureOptions)
         {
             if (Options.Notifications == null)
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
index aa59e2efee..51c5eac0e8 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNet.Builder
     {
         public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
         {
-            return services.ConfigureOptions(configure);
+            return services.Configure(configure);
         }
 
         /// <summary>
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Builder
         public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<FacebookAuthenticationMiddleware>(
-                 new OptionsAction<FacebookAuthenticationOptions>(configureOptions ?? (o => { }))
+                 new ConfigureOptions<FacebookAuthenticationOptions>(configureOptions ?? (o => { }))
                  {
                      Name = optionsName
                  });
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index a453e085a0..b7891d139d 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -28,9 +28,9 @@ namespace Microsoft.AspNet.Security.Facebook
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
-            IOptionsAccessor<FacebookAuthenticationOptions> options,
-            IOptionsAction<FacebookAuthenticationOptions> configureOptions = null)
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<FacebookAuthenticationOptions> options,
+            ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
index 7bb4a24e25..474df5e322 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNet.Builder
     {
         public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
         {
-            return services.ConfigureOptions(configure);
+            return services.Configure(configure);
         }
 
         /// <summary>
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Builder
         public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<GoogleAuthenticationMiddleware>(
-                 new OptionsAction<GoogleAuthenticationOptions>(configureOptions ?? (o => { }))
+                 new ConfigureOptions<GoogleAuthenticationOptions>(configureOptions ?? (o => { }))
                  {
                      Name = optionsName
                  });
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
index 66cef2e2a0..51072c65c4 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -32,9 +32,9 @@ namespace Microsoft.AspNet.Security.Google
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
-            IOptionsAccessor<GoogleAuthenticationOptions> options,
-            IOptionsAction<GoogleAuthenticationOptions> configureOptions = null)
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<GoogleAuthenticationOptions> options,
+            ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
index 64ec369ab5..912271da61 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
@@ -15,13 +15,13 @@ namespace Microsoft.AspNet.Builder
     {
         public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
         {
-            return services.ConfigureOptions(configure);
+            return services.Configure(configure);
         }
 
         public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<MicrosoftAccountAuthenticationMiddleware>(
-                 new OptionsAction<MicrosoftAccountAuthenticationOptions>(configureOptions ?? (o => { }))
+                 new ConfigureOptions<MicrosoftAccountAuthenticationOptions>(configureOptions ?? (o => { }))
                  {
                      Name = optionsName
                  });
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index c36ad16de2..26c80bac4b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -28,9 +28,9 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
-            IOptionsAccessor<MicrosoftAccountAuthenticationOptions> options,
-            IOptionsAction<MicrosoftAccountAuthenticationOptions> configureOptions = null)
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<MicrosoftAccountAuthenticationOptions> options,
+            ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
index bdbc3c9ee5..55ac54ca65 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
@@ -23,7 +23,7 @@ namespace Microsoft.AspNet.Builder
         public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string authenticationType, Action<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>> configureOptions = null)
         {
             return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>, IOAuthAuthenticationNotifications>>(
-                new OptionsAction<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>>(options =>
+                new ConfigureOptions<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>>(options =>
                 {
                     options.AuthenticationType = authenticationType;
                     options.Caption = authenticationType;
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
index e3d65c55bd..23160b0532 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -33,9 +33,9 @@ namespace Microsoft.AspNet.Security.OAuth
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
-            IOptionsAccessor<TOptions> options,
-            IOptionsAction<TOptions> configureOptions = null)
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<TOptions> options,
+            ConfigureOptions<TOptions> configureOptions = null)
             : base(next, options, configureOptions)
         {
             // todo: review error handling
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
index 118598120e..b5512d01cd 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
@@ -32,7 +32,7 @@ namespace Microsoft.AspNet.Builder
         public static IApplicationBuilder UseOAuthBearerAuthentication([NotNull] this IApplicationBuilder app, Action<OAuthBearerAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<OAuthBearerAuthenticationMiddleware>(
-                new OptionsAction<OAuthBearerAuthenticationOptions>(configureOptions ?? (o => { }))
+                new ConfigureOptions<OAuthBearerAuthenticationOptions>(configureOptions ?? (o => { }))
                 {
                     Name = optionsName
                 });
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
index 715d43b13f..8993e107cd 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
@@ -30,8 +30,8 @@ namespace Microsoft.AspNet.Security.OAuth
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IOptionsAccessor<OAuthBearerAuthenticationOptions> options,
-            IOptionsAction<OAuthBearerAuthenticationOptions> configureOptions)
+            IOptions<OAuthBearerAuthenticationOptions> options,
+            ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
             : base(next, options, configureOptions)
         {
             _logger = loggerFactory.Create<OAuthBearerAuthenticationMiddleware>();
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
index 9f2c54ce1f..5e97d82245 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
@@ -16,13 +16,13 @@ namespace Microsoft.AspNet.Builder
     {
         public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
         {
-            return services.ConfigureOptions(configure);
+            return services.Configure(configure);
         }
 
         public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<TwitterAuthenticationMiddleware>(
-                 new OptionsAction<TwitterAuthenticationOptions>(configureOptions ?? (o => { }))
+                 new ConfigureOptions<TwitterAuthenticationOptions>(configureOptions ?? (o => { }))
                  {
                      Name = optionsName
                  });
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
index ffa9b9bb69..7ca77a9c1f 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
@@ -36,9 +36,9 @@ namespace Microsoft.AspNet.Security.Twitter
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IOptionsAccessor<ExternalAuthenticationOptions> externalOptions,
-            IOptionsAccessor<TwitterAuthenticationOptions> options,
-            IOptionsAction<TwitterAuthenticationOptions> configureOptions = null)
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<TwitterAuthenticationOptions> options,
+            ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
             : base(next, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index 1ea787fce8..86c2fb921f 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -14,12 +14,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
     {
         private readonly RequestDelegate _next;
 
-        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] IOptionsAccessor<TOptions> options, IOptionsAction<TOptions> configureOptions)
+        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] IOptions<TOptions> options, ConfigureOptions<TOptions> configureOptions)
         {
             if (configureOptions != null)
             {
                 Options = options.GetNamedOptions(configureOptions.Name);
-                configureOptions.Invoke(Options);
+                configureOptions.Configure(Options, configureOptions.Name);
             }
             else
             {
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index 63b2c0f72d..a02dc14752 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -369,7 +369,7 @@ namespace Microsoft.AspNet.Security.Cookies
         {
             return TestServer.Create(app =>
             {
-                app.UsePerRequestServices(services => { });
+                app.UseServices(services => { });
                 app.UseCookieAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 5e78bccda4..f3e0bf703b 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Security.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UsePerRequestServices(services =>
+                    app.UseServices(services =>
                     {
                         services.ConfigureFacebookAuthentication(options =>
                         {
@@ -45,7 +45,7 @@ namespace Microsoft.AspNet.Security.Facebook
                         {
                             options.AuthenticationType = "External";
                         });
-                        services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                        services.Configure<ExternalAuthenticationOptions>(options =>
                         {
                             options.SignInAsAuthenticationType = "External";
                         });
@@ -70,7 +70,7 @@ namespace Microsoft.AspNet.Security.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UsePerRequestServices(services =>
+                    app.UseServices(services =>
                     {
                         services.ConfigureFacebookAuthentication(options =>
                         {
@@ -81,7 +81,7 @@ namespace Microsoft.AspNet.Security.Facebook
                         {
                             options.AuthenticationType = "External";
                         });
-                        services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                        services.Configure<ExternalAuthenticationOptions>(options =>
                         {
                             options.SignInAsAuthenticationType = "External";
                         });
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index 564935496c..3a1113d7f8 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -465,9 +465,9 @@ namespace Microsoft.AspNet.Security.Google
         {
             return TestServer.Create(app =>
             {
-                app.UsePerRequestServices(services =>
+                app.UseServices(services =>
                 {
-                    services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                    services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = CookieAuthenticationType;
                     });
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index c42ec18513..d055df748c 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -163,9 +163,9 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
         {
             return TestServer.Create(app =>
             {
-                app.UsePerRequestServices(services =>
+                app.UseServices(services =>
                 {
-                    services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                    services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = "External";
                     });
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index e9b54e4bc3..5505f97542 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -109,9 +109,9 @@ namespace Microsoft.AspNet.Security.Twitter
         {
             return TestServer.Create(app =>
             {
-                app.UsePerRequestServices(services =>
+                app.UseServices(services =>
                 {
-                    services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                    services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = "External";
                     });

From 45836c8041129b116d8761727808d9b45e79c835 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 15 Oct 2014 15:56:08 -0700
Subject: [PATCH 096/900] Update UseMiddleware dependencies.

---
 samples/CookieSessionSample/Startup.cs        |  2 +-
 samples/CookieSessionSample/project.json      | 21 +++++++++----------
 samples/SocialSample/Startup.cs               |  2 +-
 .../project.json                              |  2 +-
 .../project.json                              |  2 +-
 .../project.json                              |  2 +-
 .../project.json                              |  2 +-
 .../project.json                              |  2 +-
 .../project.json                              |  2 +-
 .../project.json                              |  1 +
 10 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index a4217e6d2b..e03c034f37 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -10,7 +10,7 @@ namespace CookieSessionSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UseServices(services => { });
+            app.UseRequestServices();
             app.UseCookieAuthentication(options => 
             {
                 options.SessionStore = new MemoryCacheSessionStore();
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 9e28721e3f..ebfb92a062 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,15 +1,14 @@
 {
-  "dependencies": {
-    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-    "Microsoft.Framework.Cache.Memory": "1.0.0-*",
-    "Microsoft.Framework.DependencyInjection": "1.0.0-*"
-  },
-  "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
-  "frameworks": {
-    "aspnet50": {
+    "dependencies": {
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.Framework.Cache.Memory": "1.0.0-*",
+        "Microsoft.Framework.DependencyInjection": "1.0.0-*"
     },
-    "aspnetcore50": {
+    "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
+    "frameworks": {
+        "aspnet50": { },
+        "aspnetcore50": { }
     }
-  }
 }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 18f17ac0f7..3ddba6fb4d 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -26,7 +26,7 @@ namespace CookieSample
 
             app.UseServices(services =>
             {
-                services.ConfigureOptions<ExternalAuthenticationOptions>(options =>
+                services.Configure<ExternalAuthenticationOptions>(options =>
                 {
                     options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
                 });
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index c9e89b1c4c..8c824d8764 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,7 +1,7 @@
 {
   "version": "1.0.0-*",
   "dependencies": {
-    "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+    "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
     "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index a4442582a9..22e59b7f4d 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -1,7 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index b50bcd27cb..b8e38ecf32 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -1,7 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index f85c94de79..9e5091b73a 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -1,7 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 7cf7c0fc82..288c925364 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -1,7 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index f48ebe5ab4..7caac86cff 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -1,7 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index bcff7a978e..886baff988 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -4,6 +4,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Http": "1.0.0-*",
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Security.Facebook": "1.0.0-*",

From 78f472fd205599850119dfbd70f46b7334c06936 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 15 Oct 2014 23:42:45 -0700
Subject: [PATCH 097/900] Switch to automatically ensure request services

---
 samples/CookieSample/Startup.cs               |  1 -
 samples/CookieSessionSample/Startup.cs        |  1 -
 .../CookieAuthenticationMiddleware.cs         |  3 ++-
 .../FacebookAuthenticationMiddleware.cs       |  3 ++-
 .../GoogleAuthenticationMiddleware.cs         |  4 +++-
 ...icrosoftAccountAuthenticationMiddleware.cs |  4 +++-
 .../OAuthAuthenticationMiddleware.cs          |  4 +++-
 .../OAuthBearerAuthenticationMiddleware.cs    |  4 +++-
 .../TwitterAuthenticationMiddleware.cs        |  4 +++-
 .../AuthenticationMiddleware.cs               | 20 ++++++++++++-------
 src/Microsoft.AspNet.Security/project.json    |  1 +
 .../Cookies/CookieMiddlewareTests.cs          |  1 -
 12 files changed, 33 insertions(+), 17 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index fc78aec37d..cff673d752 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -9,7 +9,6 @@ namespace CookieSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UseServices(services => { });
             app.UseCookieAuthentication(options =>
             {
             });
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index e03c034f37..2b6cfd8464 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -10,7 +10,6 @@ namespace CookieSessionSample
     {
         public void Configure(IApplicationBuilder app)
         {
-            app.UseRequestServices();
             app.UseCookieAuthentication(options => 
             {
                 options.SessionStore = new MemoryCacheSessionStore();
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 087820e295..fdbd3cc081 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -18,11 +18,12 @@ namespace Microsoft.AspNet.Security.Cookies
         private readonly ILogger _logger;
 
         public CookieAuthenticationMiddleware(RequestDelegate next, 
+            IServiceProvider services,
             IDataProtectionProvider dataProtectionProvider, 
             ILoggerFactory loggerFactory, 
             IOptions<CookieAuthenticationOptions> options,
             ConfigureOptions<CookieAuthenticationOptions> configureOptions)
-            : base(next, options, configureOptions)
+            : base(next, services, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index b7891d139d..5f6eb525eb 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -26,12 +26,13 @@ namespace Microsoft.AspNet.Security.Facebook
         /// <param name="options">Configuration options for the middleware.</param>
         public FacebookAuthenticationMiddleware(
             RequestDelegate next,
+            IServiceProvider services,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IOptions<ExternalAuthenticationOptions> externalOptions,
             IOptions<FacebookAuthenticationOptions> options,
             ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
             {
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
index 51072c65c4..7de2530704 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -25,17 +25,19 @@ namespace Microsoft.AspNet.Security.Google
         /// Initializes a new <see cref="GoogleAuthenticationMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
+        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public GoogleAuthenticationMiddleware(
             RequestDelegate next,
+            IServiceProvider services,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IOptions<ExternalAuthenticationOptions> externalOptions,
             IOptions<GoogleAuthenticationOptions> options,
             ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 26c80bac4b..ce50b7033e 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -21,17 +21,19 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
+        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public MicrosoftAccountAuthenticationMiddleware(
             RequestDelegate next,
+            IServiceProvider services,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IOptions<ExternalAuthenticationOptions> externalOptions,
             IOptions<MicrosoftAccountAuthenticationOptions> options,
             ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
index 23160b0532..1f9eace704 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -26,17 +26,19 @@ namespace Microsoft.AspNet.Security.OAuth
         /// Initializes a new <see cref="OAuthAuthenticationMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
+        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public OAuthAuthenticationMiddleware(
             RequestDelegate next,
+            IServiceProvider services,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IOptions<ExternalAuthenticationOptions> externalOptions,
             IOptions<TOptions> options,
             ConfigureOptions<TOptions> configureOptions = null)
-            : base(next, options, configureOptions)
+            : base(next, services, options, configureOptions)
         {
             // todo: review error handling
             if (string.IsNullOrWhiteSpace(Options.AuthenticationType))
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
index 8993e107cd..eaa862a280 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
@@ -7,6 +7,7 @@ using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using System;
 
 namespace Microsoft.AspNet.Security.OAuth
 {
@@ -28,11 +29,12 @@ namespace Microsoft.AspNet.Security.OAuth
         /// </summary>
         public OAuthBearerAuthenticationMiddleware(
             RequestDelegate next,
+            IServiceProvider services,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IOptions<OAuthBearerAuthenticationOptions> options,
             ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
-            : base(next, options, configureOptions)
+            : base(next, services, options, configureOptions)
         {
             _logger = loggerFactory.Create<OAuthBearerAuthenticationMiddleware>();
 
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
index 7ca77a9c1f..e3a56efab5 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
@@ -29,17 +29,19 @@ namespace Microsoft.AspNet.Security.Twitter
         /// Initializes a <see cref="TwitterAuthenticationMiddleware"/>
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke</param>
+        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware</param>
         public TwitterAuthenticationMiddleware(
             RequestDelegate next,
+            IServiceProvider services,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IOptions<ExternalAuthenticationOptions> externalOptions,
             IOptions<TwitterAuthenticationOptions> options,
             ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
-            : base(next, options, configureOptions)
+            : base(next, services, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
             {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index 86c2fb921f..b7fb77fe81 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -6,6 +6,7 @@ using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.RequestContainer;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.Infrastructure
@@ -13,8 +14,9 @@ namespace Microsoft.AspNet.Security.Infrastructure
     public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions, new()
     {
         private readonly RequestDelegate _next;
+        private readonly IServiceProvider _services;
 
-        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] IOptions<TOptions> options, ConfigureOptions<TOptions> configureOptions)
+        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] IServiceProvider services, [NotNull] IOptions<TOptions> options, ConfigureOptions<TOptions> configureOptions)
         {
             if (configureOptions != null)
             {
@@ -26,6 +28,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
                 Options = options.Options;
             }
             _next = next;
+            _services = services;
         }
 
         public string AuthenticationType { get; set; }
@@ -34,15 +37,18 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public async Task Invoke(HttpContext context)
         {
-            AuthenticationHandler<TOptions> handler = CreateHandler();
-            await handler.Initialize(Options, context);
-            if (!await handler.InvokeAsync())
+            using (RequestServicesContainer.EnsureRequestServices(context, _services))
             {
-                await _next(context);
+                AuthenticationHandler<TOptions> handler = CreateHandler();
+                await handler.Initialize(Options, context);
+                if (!await handler.InvokeAsync())
+                {
+                    await _next(context);
+                }
+                await handler.TeardownAsync();
             }
-            await handler.TeardownAsync();
         }
 
         protected abstract AuthenticationHandler<TOptions> CreateHandler();
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 176c631f7b..160e03b519 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,6 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.HttpFeature": { "version": "1.0.0-*", "type": "build" },
         "Microsoft.AspNet.PipelineCore": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index a02dc14752..fc101faaa5 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -369,7 +369,6 @@ namespace Microsoft.AspNet.Security.Cookies
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services => { });
                 app.UseCookieAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {

From 89ade800c48834e9feef876709fcf1fc29f12838 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 17 Oct 2014 09:49:04 -0700
Subject: [PATCH 098/900] Update Claims dependency.

---
 src/Microsoft.AspNet.Security.Cookies/project.json          | 2 +-
 src/Microsoft.AspNet.Security.Facebook/project.json         | 2 +-
 src/Microsoft.AspNet.Security.Google/project.json           | 2 +-
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 src/Microsoft.AspNet.Security.OAuth/project.json            | 2 +-
 src/Microsoft.AspNet.Security.Twitter/project.json          | 2 +-
 src/Microsoft.AspNet.Security/project.json                  | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 8c824d8764..a3fca67013 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -26,7 +26,7 @@
         "System.Runtime": "4.0.20-beta-*",
         "System.Runtime.Extensions": "4.0.10-beta-*",
         "System.Runtime.InteropServices": "4.0.20-beta-*",
-        "System.Security.Claims": "1.0.0-*",
+        "System.Security.Claims": "4.0.0-beta-*",
         "System.Security.Principal" : "4.0.0-beta-*",
         "System.Threading": "4.0.0-beta-*",
         "System.Threading.Tasks": "4.0.10-beta-*"
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 22e59b7f4d..4f74026f68 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -32,7 +32,7 @@
                 "System.Runtime": "4.0.20-beta-*",
                 "System.Runtime.Extensions": "4.0.10-beta-*",
                 "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Claims": "4.0.0-beta-*",
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
                 "System.Security.Principal": "4.0.0-beta-*",
                 "System.Threading": "4.0.0-beta-*",
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index b8e38ecf32..59ba01fb3c 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -32,7 +32,7 @@
                 "System.Runtime": "4.0.20-beta-*",
                 "System.Runtime.Extensions": "4.0.10-beta-*",
                 "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Claims": "4.0.0-beta-*",
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
                 "System.Security.Principal": "4.0.0-beta-*",
                 "System.Threading": "4.0.0-beta-*",
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 9e5091b73a..7e97b89e0a 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -34,7 +34,7 @@
                 "System.Runtime": "4.0.20-beta-*",
                 "System.Runtime.Extensions": "4.0.10-beta-*",
                 "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Claims": "4.0.0-beta-*",
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
                 "System.Security.Principal": "4.0.0-beta-*",
                 "System.Threading": "4.0.0-beta-*",
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 288c925364..d839749777 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -34,7 +34,7 @@
                 "System.Runtime": "4.0.20-beta-*",
                 "System.Runtime.Extensions": "4.0.10-beta-*",
                 "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Claims": "4.0.0-beta-*",
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
                 "System.Security.Principal": "4.0.0-beta-*",
                 "System.Threading": "4.0.0-beta-*",
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index 7caac86cff..a487d802ab 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -33,7 +33,7 @@
                 "System.Runtime": "4.0.20-beta-*",
                 "System.Runtime.Extensions": "4.0.10-beta-*",
                 "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Claims": "4.0.0-beta-*",
                 "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
                 "System.Security.Principal": "4.0.0-beta-*",
                 "System.Threading": "4.0.0-beta-*",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 160e03b519..8d1f81def1 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -27,7 +27,7 @@
                 "System.Runtime": "4.0.20-beta-*",
                 "System.Runtime.Extensions": "4.0.10-beta-*",
                 "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "1.0.0-*",
+                "System.Security.Claims": "4.0.0-beta-*",
                 "System.Security.Cryptography.RandomNumberGenerator": "4.0.0-beta-*",
                 "System.Security.Principal": "4.0.0-beta-*",
                 "System.Threading": "4.0.0-beta-*",

From 2c64ebdbc234b6c08be3ad917e36d1e5f0a20b91 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 21 Oct 2014 12:47:26 -0700
Subject: [PATCH 099/900] Updating build.sh to work on Mono

---
 build.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.sh b/build.sh
index 4323aefc48..c7873ef58e 100644
--- a/build.sh
+++ b/build.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 if test `uname` = Darwin; then
     cachedir=~/Library/Caches/KBuild
@@ -28,7 +28,7 @@ if test ! -d packages/KoreBuild; then
 fi
 
 if ! type k > /dev/null 2>&1; then
-    source setup/kvm.sh
+    source packages/KoreBuild/build/kvm.sh
 fi
 
 if ! type k > /dev/null 2>&1; then

From 95f19407fc0a3f4c49f8ad618d8a3452b3474ee4 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 21 Oct 2014 14:00:49 -0700
Subject: [PATCH 100/900] #74 - Clean up data protection provider helper.

---
 .../CookieSessionSample/MemoryCacheSessionStore.cs   |  2 +-
 .../CookieAuthenticationMiddleware.cs                |  2 +-
 .../OAuthAuthenticationMiddleware.cs                 |  2 +-
 .../OAuthBearerAuthenticationMiddleware.cs           |  2 +-
 .../TwitterAuthenticationMiddleware.cs               |  2 +-
 .../DataProtection/DataProtectionHelpers.cs          | 12 +-----------
 6 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
index e452683d41..9877ded68d 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -13,7 +13,7 @@ namespace CookieSessionSample
 
         public MemoryCacheSessionStore()
         {
-            _cache = new MemoryCache();
+            _cache = new MemoryCache(new MemoryCacheOptions());
         }
 
         public async Task<string> StoreAsync(AuthenticationTicket ticket)
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index fdbd3cc081..482f43b373 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -35,7 +35,7 @@ namespace Microsoft.AspNet.Security.Cookies
             }
             if (Options.TicketDataFormat == null)
             {
-                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
                     typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1");
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
index 1f9eace704..2628d38491 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -66,7 +66,7 @@ namespace Microsoft.AspNet.Security.OAuth
 
             if (Options.StateDataFormat == null)
             {
-                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
                     this.GetType().FullName, Options.AuthenticationType, "v1");
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
index eaa862a280..0661c4fede 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
@@ -58,7 +58,7 @@ namespace Microsoft.AspNet.Security.OAuth
 
             if (Options.AccessTokenFormat == null)
             {
-                var dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
                     this.GetType().FullName, Options.AuthenticationType, "v1");
                 Options.AccessTokenFormat = new TicketDataFormat(dataProtector);
             }
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
index e3a56efab5..6c4204a4b6 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
@@ -60,7 +60,7 @@ namespace Microsoft.AspNet.Security.Twitter
             }
             if (Options.StateDataFormat == null)
             {
-                IDataProtector dataProtector = DataProtectionHelpers.CreateDataProtector(dataProtectionProvider,
+                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
                     typeof(TwitterAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1");
                 Options.StateDataFormat = new SecureDataFormat<RequestToken>(
                     Serializers.RequestToken,
diff --git a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
index eba80e708a..986bc8dc80 100644
--- a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
+++ b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
@@ -1,22 +1,12 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using System;
-using Microsoft.AspNet.Http;
-
 namespace Microsoft.AspNet.Security.DataProtection
 {
     public static class DataProtectionHelpers
     {
-        public static IDataProtector CreateDataProtector(IDataProtectionProvider dataProtectionProvider, params string[] purposes)
+        public static IDataProtector CreateDataProtector([NotNull] this IDataProtectionProvider dataProtectionProvider, params string[] purposes)
         {
-            if (dataProtectionProvider == null)
-            {
-                // TODO: Get this from the environment.
-                dataProtectionProvider = new EphemeralDataProtectionProvider();
-            }
-
             return dataProtectionProvider.CreateProtector(string.Join(";", purposes));
         }
     }

From a492b8fcbdc0e13bb842d6315bf7622966bc2382 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 27 Oct 2014 16:01:31 -0700
Subject: [PATCH 101/900] #84 - Fix regression with OAuth Notifications.

---
 samples/SocialSample/project.json                             | 3 ++-
 .../OAuthAuthenticationExtensions.cs                          | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 40f05e17c5..5be1930c00 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -18,5 +18,6 @@
         },
         "aspnetcore50": {
         }
-    }
+    },
+    "webroot": "wwwroot"
 }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
index 55ac54ca65..3e4947de2b 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
@@ -31,6 +31,10 @@ namespace Microsoft.AspNet.Builder
                     {
                         configureOptions(options);
                     }
+                    if (options.Notifications == null)
+                    {
+                        options.Notifications = new OAuthAuthenticationNotifications();
+                    }
                 }) 
                 {
                     Name = authenticationType,

From edefdf6b2f19a10edd64b2e2447a757a928536ee Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 29 Oct 2014 10:32:37 -0700
Subject: [PATCH 102/900] Updating Newtonsoft.json version to 6.0.6

---
 src/Microsoft.AspNet.Security.Cookies/project.json          | 2 +-
 src/Microsoft.AspNet.Security.Facebook/project.json         | 2 +-
 src/Microsoft.AspNet.Security.Google/project.json           | 2 +-
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 src/Microsoft.AspNet.Security.OAuth/project.json            | 2 +-
 src/Microsoft.AspNet.Security.Twitter/project.json          | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index a3fca67013..06074c5d47 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -6,7 +6,7 @@
     "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection": "1.0.0-*",
     "Microsoft.Framework.Logging": "1.0.0-*",
-    "Newtonsoft.Json": "6.0.4"
+    "Newtonsoft.Json": "6.0.6"
   },
   "frameworks": {
     "aspnet50": {},
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 4f74026f68..4d95af136e 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -8,7 +8,7 @@
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4"
+        "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 59ba01fb3c..01b6c030a7 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -8,7 +8,7 @@
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4",
+        "Newtonsoft.Json": "6.0.6",
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 7e97b89e0a..634cd05ae9 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -8,7 +8,7 @@
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4"
+        "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index d839749777..b55368c09f 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -6,7 +6,7 @@
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4"
+        "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index a487d802ab..2d50576821 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -7,7 +7,7 @@
         "Microsoft.AspNet.WebUtilities": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4"
+        "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
         "aspnet50": {

From 2934bb866ddc54e5a29bb5ab65295deb1c143afa Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 29 Oct 2014 11:23:57 -0700
Subject: [PATCH 103/900] Removing transitive dependencies from project.json

---
 samples/CookieSample/project.json             |  5 +--
 samples/CookieSessionSample/project.json      |  4 +-
 samples/SocialSample/project.json             |  5 +--
 .../project.json                              | 27 +------------
 .../project.json                              | 40 ++-----------------
 .../project.json                              | 40 ++-----------------
 .../project.json                              | 40 +------------------
 .../project.json                              | 28 +------------
 src/Microsoft.AspNet.Security/project.json    | 24 +----------
 .../project.json                              |  8 ----
 10 files changed, 15 insertions(+), 206 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index a962cc9626..e84a83269e 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,10 +1,7 @@
 {
   "dependencies": {
-    "Microsoft.AspNet.RequestContainer": "1.0.0-*",
-    "Microsoft.AspNet.Security": "1.0.0-*",
     "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-    "Microsoft.Framework.DependencyInjection": "1.0.0-*"
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
   },
   "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
   "frameworks": {
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index ebfb92a062..ff8e88be02 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,10 +1,8 @@
 {
     "dependencies": {
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.Cache.Memory": "1.0.0-*",
-        "Microsoft.Framework.DependencyInjection": "1.0.0-*"
+        "Microsoft.Framework.Cache.Memory": "1.0.0-*"
     },
     "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
     "frameworks": {
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 5be1930c00..9a47104e23 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,16 +1,13 @@
 {
     "dependencies": {
         "Microsoft.AspNet.Diagnostics": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
         "Microsoft.AspNet.Security.Google": "1.0.0-*",
         "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*"
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
     },
     "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 06074c5d47..7ef42a5bea 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,36 +1,11 @@
 {
   "version": "1.0.0-*",
   "dependencies": {
-    "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
     "Microsoft.AspNet.Security": "1.0.0-*",
-    "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-    "Microsoft.Framework.Logging": "1.0.0-*",
     "Newtonsoft.Json": "6.0.6"
   },
   "frameworks": {
     "aspnet50": {},
-    "aspnetcore50": {
-      "dependencies": {
-        "System.Collections": "4.0.10-beta-*",
-        "System.ComponentModel": "4.0.0-beta-*",
-        "System.Console": "4.0.0-beta-*",
-        "System.Diagnostics.Debug": "4.0.10-beta-*",
-        "System.Diagnostics.Tools": "4.0.0-beta-*",
-        "System.Globalization": "4.0.10-beta-*",
-        "System.IO": "4.0.10-beta-*",
-        "System.IO.Compression": "4.0.0-beta-*",
-        "System.Linq": "4.0.0-beta-*",
-        "System.Reflection": "4.0.10-beta-*",
-        "System.Resources.ResourceManager": "4.0.0-beta-*",
-        "System.Runtime": "4.0.20-beta-*",
-        "System.Runtime.Extensions": "4.0.10-beta-*",
-        "System.Runtime.InteropServices": "4.0.20-beta-*",
-        "System.Security.Claims": "4.0.0-beta-*",
-        "System.Security.Principal" : "4.0.0-beta-*",
-        "System.Threading": "4.0.0-beta-*",
-        "System.Threading.Tasks": "4.0.10-beta-*"
-      }
-    }
+    "aspnetcore50": {}
   }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 4d95af136e..bd8c42fe15 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -1,44 +1,10 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
-        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6"
+        "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "aspnetcore50": {
-            "dependencies": {
-                "System.Collections": "4.0.10-beta-*",
-                "System.ComponentModel": "4.0.0-beta-*",
-                "System.Console": "4.0.0-beta-*",
-                "System.Diagnostics.Debug": "4.0.10-beta-*",
-                "System.Diagnostics.Tools": "4.0.0-beta-*",
-                "System.Globalization": "4.0.10-beta-*",
-                "System.IO": "4.0.10-beta-*",
-                "System.IO.Compression": "4.0.0-beta-*",
-                "System.Linq": "4.0.0-beta-*",
-                "System.Reflection": "4.0.10-beta-*",
-                "System.Resources.ResourceManager": "4.0.0-beta-*",
-                "System.Runtime": "4.0.20-beta-*",
-                "System.Runtime.Extensions": "4.0.10-beta-*",
-                "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "4.0.0-beta-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
-                "System.Security.Principal": "4.0.0-beta-*",
-                "System.Threading": "4.0.0-beta-*",
-                "System.Threading.Tasks": "4.0.10-beta-*",
-                "System.Net.Http": "4.0.0-beta-*"
-            }
-        }
+        "aspnet50": {},
+        "aspnetcore50": {}
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 01b6c030a7..bd8c42fe15 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -1,44 +1,10 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
-        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6",
+        "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "aspnetcore50": {
-            "dependencies": {
-                "System.Collections": "4.0.10-beta-*",
-                "System.ComponentModel": "4.0.0-beta-*",
-                "System.Console": "4.0.0-beta-*",
-                "System.Diagnostics.Debug": "4.0.10-beta-*",
-                "System.Diagnostics.Tools": "4.0.0-beta-*",
-                "System.Globalization": "4.0.10-beta-*",
-                "System.IO": "4.0.10-beta-*",
-                "System.IO.Compression": "4.0.0-beta-*",
-                "System.Linq": "4.0.0-beta-*",
-                "System.Reflection": "4.0.10-beta-*",
-                "System.Resources.ResourceManager": "4.0.0-beta-*",
-                "System.Runtime": "4.0.20-beta-*",
-                "System.Runtime.Extensions": "4.0.10-beta-*",
-                "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "4.0.0-beta-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
-                "System.Security.Principal": "4.0.0-beta-*",
-                "System.Threading": "4.0.0-beta-*",
-                "System.Threading.Tasks": "4.0.10-beta-*",
-                "System.Net.Http": "4.0.0-beta-*"
-            }
-        }
+        "aspnet50": {},
+        "aspnetcore50": {}
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 634cd05ae9..581fc6c2fc 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -1,46 +1,10 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
-        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
-        "aspnet50": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "aspnetcore50": {
-            "dependencies": {
-                "System.Collections": "4.0.10-beta-*",
-                "System.ComponentModel": "4.0.0-beta-*",
-                "System.Console": "4.0.0-beta-*",
-                "System.Diagnostics.Debug": "4.0.10-beta-*",
-                "System.Diagnostics.Tools": "4.0.0-beta-*",
-                "System.Dynamic.Runtime": "4.0.0-beta-*",
-                "System.Globalization": "4.0.10-beta-*",
-                "System.IO": "4.0.10-beta-*",
-                "System.IO.Compression": "4.0.0-beta-*",
-                "System.Linq": "4.0.0-beta-*",
-                "System.ObjectModel": "4.0.10-beta-*",
-                "System.Reflection": "4.0.10-beta-*",
-                "System.Resources.ResourceManager": "4.0.0-beta-*",
-                "System.Runtime": "4.0.20-beta-*",
-                "System.Runtime.Extensions": "4.0.10-beta-*",
-                "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "4.0.0-beta-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
-                "System.Security.Principal": "4.0.0-beta-*",
-                "System.Threading": "4.0.0-beta-*",
-                "System.Threading.Tasks": "4.0.10-beta-*",
-                "System.Net.Http": "4.0.0-beta-*"
-            }
-        }
+        "aspnet50": {},
+        "aspnetcore50": {}
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index 2d50576821..41557ab400 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -1,13 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6"
+        "Microsoft.AspNet.Security": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": {
@@ -18,27 +12,7 @@
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10-beta-*",
-                "System.ComponentModel": "4.0.0-beta-*",
-                "System.Console": "4.0.0-beta-*",
-                "System.Diagnostics.Debug": "4.0.10-beta-*",
-                "System.Diagnostics.Tools": "4.0.0-beta-*",
-                "System.Globalization": "4.0.10-beta-*",
-                "System.IO": "4.0.10-beta-*",
-                "System.IO.Compression": "4.0.0-beta-*",
-                "System.Linq": "4.0.0-beta-*",
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
-                "System.Reflection": "4.0.10-beta-*",
-                "System.Resources.ResourceManager": "4.0.0-beta-*",
-                "System.Runtime": "4.0.20-beta-*",
-                "System.Runtime.Extensions": "4.0.10-beta-*",
-                "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "4.0.0-beta-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
-                "System.Security.Principal": "4.0.0-beta-*",
-                "System.Threading": "4.0.0-beta-*",
-                "System.Threading.Tasks": "4.0.10-beta-*",
-                "System.Net.Http": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 8d1f81def1..a06583787a 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -5,33 +5,13 @@
         "Microsoft.AspNet.HttpFeature": { "version": "1.0.0-*", "type": "build" },
         "Microsoft.AspNet.PipelineCore": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*"
+        "Microsoft.Framework.Logging": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": { },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10-beta-*",
-                "System.ComponentModel": "4.0.0-beta-*",
-                "System.Console": "4.0.0-beta-*",
-                "System.Diagnostics.Debug": "4.0.10-beta-*",
-                "System.Diagnostics.Tools": "4.0.0-beta-*",
-                "System.Globalization": "4.0.10-beta-*",
-                "System.IO": "4.0.10-beta-*",
-                "System.IO.Compression": "4.0.0-beta-*",
-                "System.Linq": "4.0.0-beta-*",
-                "System.Reflection": "4.0.10-beta-*",
-                "System.Resources.ResourceManager": "4.0.0-beta-*",
-                "System.Runtime": "4.0.20-beta-*",
-                "System.Runtime.Extensions": "4.0.10-beta-*",
-                "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "4.0.0-beta-*",
-                "System.Security.Cryptography.RandomNumberGenerator": "4.0.0-beta-*",
-                "System.Security.Principal": "4.0.0-beta-*",
-                "System.Threading": "4.0.0-beta-*",
-                "System.Threading.Tasks": "4.0.10-beta-*"
+                "System.IO.Compression": "4.0.0-beta-*"
             }
         }
     }
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 886baff988..affdcafebd 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -3,17 +3,12 @@
         "warningsAsErrors": true
     },
     "dependencies": {
-        "Microsoft.AspNet.Http": "1.0.0-*",
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*",
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
         "Microsoft.AspNet.Security.Google": "1.0.0-*",
         "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.TestHost": "1.0.0-*",
-        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Moq": "4.2.1312.1622",
         "Xunit.KRunner": "1.0.0-*"
     },
@@ -24,9 +19,6 @@
         "aspnet50": {
             "dependencies": {
                 "Shouldly": "1.1.1.1"
-            },
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
             }
         }
     }

From a5bd9d29e54738cbde64d6598c9c0b32b9c9a2f1 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Fri, 31 Oct 2014 02:11:42 -0700
Subject: [PATCH 104/900] Added package descriptions

---
 src/Microsoft.AspNet.Security.Cookies/project.json          | 1 +
 src/Microsoft.AspNet.Security.Facebook/project.json         | 1 +
 src/Microsoft.AspNet.Security.Google/project.json           | 1 +
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 1 +
 src/Microsoft.AspNet.Security.OAuth/project.json            | 1 +
 src/Microsoft.AspNet.Security.Twitter/project.json          | 1 +
 src/Microsoft.AspNet.Security/project.json                  | 1 +
 7 files changed, 7 insertions(+)

diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index 06074c5d47..801141cafe 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,5 +1,6 @@
 {
   "version": "1.0.0-*",
+  "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
   "dependencies": {
     "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
     "Microsoft.AspNet.Security": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index 4d95af136e..09d55389fe 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0.0-*",
+    "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 01b6c030a7..276f5b4495 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0.0-*",
+    "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
     "dependencies": {
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 634cd05ae9..d63b67608b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0.0-*",
+    "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index b55368c09f..bae60ec0b8 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0.0-*",
+    "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index 2d50576821..442ce80bee 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0.0-*",
+    "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 8d1f81def1..fd79fde8e7 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0.0-*",
+    "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.HttpFeature": { "version": "1.0.0-*", "type": "build" },

From 32a967d58f6746b23b3d2c89c923fbbaafd3224d Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 6 Nov 2014 10:49:29 -0800
Subject: [PATCH 105/900] Updating to release NuGet.config

---
 NuGet.Config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index f41e9c631d..2d3b0cb857 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From ee162013a5c9f4ff94fe3aa7ef5560cf46e8d103 Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Wed, 12 Nov 2014 15:33:16 -0800
Subject: [PATCH 106/900] Update KProj to the latest format

---
 samples/CookieSample/CookieSample.kproj       | 18 ++++-------
 .../CookieSessionSample.kproj                 | 30 ++++---------------
 samples/SocialSample/SocialSample.kproj       | 25 ++++------------
 .../Microsoft.AspNet.Security.Cookies.kproj   | 18 ++++-------
 .../Microsoft.AspNet.Security.Facebook.kproj  | 18 ++++-------
 .../Microsoft.AspNet.Security.Google.kproj    | 26 ++++------------
 ...oft.AspNet.Security.MicrosoftAccount.kproj | 26 ++++------------
 .../Microsoft.AspNet.Security.OAuth.kproj     | 26 ++++------------
 .../Microsoft.AspNet.Security.Twitter.kproj   | 26 ++++------------
 .../Microsoft.AspNet.Security.kproj           | 18 ++++-------
 .../Microsoft.AspNet.Security.Tests.kproj     | 18 ++++-------
 11 files changed, 66 insertions(+), 183 deletions(-)

diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
index 3f91733529..86a746ad6c 100644
--- a/samples/CookieSample/CookieSample.kproj
+++ b/samples/CookieSample/CookieSample.kproj
@@ -1,20 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>558c2c2a-aed8-49de-bb60-d5f8ae06c714</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.kproj b/samples/CookieSessionSample/CookieSessionSample.kproj
index 951ff1cc56..81e25a7fc4 100644
--- a/samples/CookieSessionSample/CookieSessionSample.kproj
+++ b/samples/CookieSessionSample/CookieSessionSample.kproj
@@ -1,32 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-  </PropertyGroup>
-
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>19711880-46da-4a26-9e0f-9b2e41d27651</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <RootNamespace>CookieSessionSample</RootNamespace>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="$(OutputType) == 'Console'">
-    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
-  </PropertyGroup>
-  <PropertyGroup Condition="$(OutputType) == 'Web'">
-    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.kproj
index 2d3d1caf5f..358b0923ff 100644
--- a/samples/SocialSample/SocialSample.kproj
+++ b/samples/SocialSample/SocialSample.kproj
@@ -1,27 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8c73d216-332d-41d8-bfd0-45bc4bc36552</ProjectGuid>
-    <OutputType>Web</OutputType>
-  </PropertyGroup>
-  <PropertyGroup Condition="$(OutputType) == 'Console'">
-    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
-  </PropertyGroup>
-  <PropertyGroup Condition="$(OutputType) == 'Web'">
-    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>12345</DevelopmentServerPort>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
index 75aae6178d..6f29892441 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
+++ b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
@@ -1,20 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>15f1211b-b695-4a1c-b730-1ac58fc91090</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj b/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
index c576730aa7..b4d1603634 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
+++ b/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
@@ -1,20 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>3984651c-fd44-4394-8793-3d14ee348c04</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj b/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
index 111093c645..93e3716ced 100644
--- a/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
+++ b/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
@@ -1,28 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>89bf8535-a849-458e-868a-a68fcf620486</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="$(OutputType) == 'Console'">
-    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
-  </PropertyGroup>
-  <PropertyGroup Condition="$(OutputType) == 'Web'">
-    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj b/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
index dbdeeb34c6..439829d54b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
@@ -1,28 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>1fcf26c2-a3c7-4308-b698-4afc3560bc0c</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="$(OutputType) == 'Console'">
-    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
-  </PropertyGroup>
-  <PropertyGroup Condition="$(OutputType) == 'Web'">
-    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj b/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
index f0c8d7b472..32d728261b 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
+++ b/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
@@ -1,28 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>4a636011-68ee-4ce5-836d-ea8e13cf71e4</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="$(OutputType) == 'Console'">
-    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
-  </PropertyGroup>
-  <PropertyGroup Condition="$(OutputType) == 'Web'">
-    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj b/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
index 48dfc30697..980720b3f5 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
+++ b/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
@@ -1,28 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>c96b77ea-4078-4c31-bdb2-878f11c5e061</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="$(OutputType) == 'Console'">
-    <DebuggerFlavor>ConsoleDebugger</DebuggerFlavor>
-  </PropertyGroup>
-  <PropertyGroup Condition="$(OutputType) == 'Web'">
-    <DebuggerFlavor>WebDebugger</DebuggerFlavor>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index 923789fb16..9a1e957279 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -1,20 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>0f174c63-1898-4024-9a3c-3fdf5cae5c68</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
index 54191c08d1..a989127e44 100644
--- a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
@@ -1,20 +1,14 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="__ToolsVersion__" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">12.0</VisualStudioVersion>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8da26cd1-1302-4cfd-9270-9fa1b7c6138b</ProjectGuid>
-    <OutputType>Library</OutputType>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'" Label="Configuration">
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>

From 0815681a9551ddc65213449e73306e89476d801c Mon Sep 17 00:00:00 2001
From: Suhas Joshi <suhasbjoshi@hotmail.com>
Date: Thu, 13 Nov 2014 11:16:36 -0800
Subject: [PATCH 107/900] Added kestrel to run samples on Mono

---
 samples/CookieSample/project.json        | 22 +++++++++++++---------
 samples/CookieSessionSample/project.json |  8 ++++++--
 samples/SocialSample/project.json        |  8 ++++++--
 3 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index e84a83269e..0cc0dd1f4b 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,13 +1,17 @@
 {
-  "dependencies": {
-    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
-  },
-  "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
-  "frameworks": {
-    "aspnet50": {
+    "dependencies": {
+        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Kestrel": "1.0.0-*"
     },
-    "aspnetcore50": {
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
+    },
+    "frameworks": {
+        "aspnet50": {
+        },
+        "aspnetcore50": {
+        }
     }
-  }
 }
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index ff8e88be02..7ef0f4e969 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -2,9 +2,13 @@
     "dependencies": {
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.Cache.Memory": "1.0.0-*"
+        "Microsoft.Framework.Cache.Memory": "1.0.0-*",
+        "Kestrel": "1.0.0-*"
+    },
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
     },
-    "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
     "frameworks": {
         "aspnet50": { },
         "aspnetcore50": { }
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 9a47104e23..737c6638e8 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -7,9 +7,13 @@
         "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Kestrel": "1.0.0-*"
+    },
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
     },
-    "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
     "frameworks": {
         "aspnet50": {
         },

From 2f7c186b24eb7c76f2610bc935f9c553d61906c4 Mon Sep 17 00:00:00 2001
From: Suhas Joshi <suhasbjoshi@hotmail.com>
Date: Thu, 13 Nov 2014 12:57:01 -0800
Subject: [PATCH 108/900] Adding necesary files for IIS hosting

---
 samples/CookieSample/project.json            | 4 +++-
 samples/CookieSample/wwwroot/.gitkeep        | 0
 samples/CookieSessionSample/project.json     | 6 ++++--
 samples/CookieSessionSample/wwwroot/.gitkeep | 0
 samples/SocialSample/wwwroot/.gitkeep        | 0
 5 files changed, 7 insertions(+), 3 deletions(-)
 create mode 100644 samples/CookieSample/wwwroot/.gitkeep
 create mode 100644 samples/CookieSessionSample/wwwroot/.gitkeep
 create mode 100644 samples/SocialSample/wwwroot/.gitkeep

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 0cc0dd1f4b..2cda02680e 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -2,6 +2,7 @@
     "dependencies": {
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Kestrel": "1.0.0-*"
     },
     "commands": {
@@ -13,5 +14,6 @@
         },
         "aspnetcore50": {
         }
-    }
+    },
+    "webroot":"wwwroot"
 }
diff --git a/samples/CookieSample/wwwroot/.gitkeep b/samples/CookieSample/wwwroot/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 7ef0f4e969..684c765174 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -3,7 +3,8 @@
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Cache.Memory": "1.0.0-*",
-        "Kestrel": "1.0.0-*"
+        "Kestrel": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*"
     },
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
@@ -12,5 +13,6 @@
     "frameworks": {
         "aspnet50": { },
         "aspnetcore50": { }
-    }
+    },
+    "webroot": "wwwroot"
 }
diff --git a/samples/CookieSessionSample/wwwroot/.gitkeep b/samples/CookieSessionSample/wwwroot/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/samples/SocialSample/wwwroot/.gitkeep b/samples/SocialSample/wwwroot/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2

From 4f90920b6d02af885371b9f24c660a175c71f293 Mon Sep 17 00:00:00 2001
From: Suhas Joshi <suhasbjoshi@hotmail.com>
Date: Thu, 13 Nov 2014 11:16:36 -0800
Subject: [PATCH 109/900] Added kestrel and running on IIS support

---
 samples/CookieSample/project.json            | 26 ++++++++++++--------
 samples/CookieSample/wwwroot/.gitkeep        |  0
 samples/CookieSessionSample/project.json     | 12 ++++++---
 samples/CookieSessionSample/wwwroot/.gitkeep |  0
 samples/SocialSample/project.json            |  8 ++++--
 samples/SocialSample/wwwroot/.gitkeep        |  0
 6 files changed, 31 insertions(+), 15 deletions(-)
 create mode 100644 samples/CookieSample/wwwroot/.gitkeep
 create mode 100644 samples/CookieSessionSample/wwwroot/.gitkeep
 create mode 100644 samples/SocialSample/wwwroot/.gitkeep

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index e84a83269e..2cda02680e 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,13 +1,19 @@
 {
-  "dependencies": {
-    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
-  },
-  "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
-  "frameworks": {
-    "aspnet50": {
+    "dependencies": {
+        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+        "Kestrel": "1.0.0-*"
     },
-    "aspnetcore50": {
-    }
-  }
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
+    },
+    "frameworks": {
+        "aspnet50": {
+        },
+        "aspnetcore50": {
+        }
+    },
+    "webroot":"wwwroot"
 }
diff --git a/samples/CookieSample/wwwroot/.gitkeep b/samples/CookieSample/wwwroot/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index ff8e88be02..684c765174 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -2,11 +2,17 @@
     "dependencies": {
         "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.Cache.Memory": "1.0.0-*"
+        "Microsoft.Framework.Cache.Memory": "1.0.0-*",
+        "Kestrel": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*"
+    },
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
     },
-    "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
     "frameworks": {
         "aspnet50": { },
         "aspnetcore50": { }
-    }
+    },
+    "webroot": "wwwroot"
 }
diff --git a/samples/CookieSessionSample/wwwroot/.gitkeep b/samples/CookieSessionSample/wwwroot/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 9a47104e23..737c6638e8 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -7,9 +7,13 @@
         "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Kestrel": "1.0.0-*"
+    },
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
     },
-    "commands": { "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345" },
     "frameworks": {
         "aspnet50": {
         },
diff --git a/samples/SocialSample/wwwroot/.gitkeep b/samples/SocialSample/wwwroot/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2

From 0fee3c87a0359dad9df0e5a519b8b0673b8d8540 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 14 Nov 2014 15:05:31 -0800
Subject: [PATCH 110/900] #85 - Update the targeted Facebook API version to
 v2.2.

---
 samples/CookieSample/CookieSample.kproj            |  5 +++--
 .../CookieSessionSample/CookieSessionSample.kproj  |  5 +++--
 samples/SocialSample/SocialSample.kproj            |  7 +++++--
 samples/SocialSample/Startup.cs                    | 14 +++++++++-----
 samples/SocialSample/project.json                  |  5 +++--
 .../FacebookAuthenticationDefaults.cs              |  6 +++---
 .../Facebook/FacebookMiddlewareTests.cs            |  2 +-
 7 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
index 86a746ad6c..3afd3733f3 100644
--- a/samples/CookieSample/CookieSample.kproj
+++ b/samples/CookieSample/CookieSample.kproj
@@ -1,8 +1,9 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+    <DevelopmentServerPort>54539</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
@@ -11,4 +12,4 @@
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/CookieSessionSample.kproj b/samples/CookieSessionSample/CookieSessionSample.kproj
index 81e25a7fc4..954c473e9a 100644
--- a/samples/CookieSessionSample/CookieSessionSample.kproj
+++ b/samples/CookieSessionSample/CookieSessionSample.kproj
@@ -1,8 +1,9 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+    <DevelopmentServerPort>54541</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
@@ -11,4 +12,4 @@
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.kproj
index 358b0923ff..1fbca3ad0e 100644
--- a/samples/SocialSample/SocialSample.kproj
+++ b/samples/SocialSample/SocialSample.kproj
@@ -1,8 +1,11 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+    <DevelopmentServerPort>54540</DevelopmentServerPort>
+    <CommandLineArguments />
+    <DebugTarget />
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
@@ -11,4 +14,4 @@
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 3ddba6fb4d..162a1b5539 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -37,6 +37,7 @@ namespace CookieSample
                     options.LoginPath = new PathString("/login");
                 });
 
+            // https://developers.facebook.com/apps/
             app.UseFacebookAuthentication(options =>
             {
                 options.AppId = "569522623154478";
@@ -55,23 +56,25 @@ namespace CookieSample
                 options.Scope.Add("email");
             });
 
+            // https://console.developers.google.com/project
             app.UseGoogleAuthentication(options =>
             {
                 options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
                 options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
             });
 
+            // https://apps.twitter.com/
             app.UseTwitterAuthentication(options =>
             {
                 options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g";
                 options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
             });
 
-            /*
-            The MicrosoftAccount service has restrictions that prevent the use of http://localhost:12345/ for test applications.
-            As such, here is how to change this sample to uses http://mssecsample.localhost.this:12345/ instead.
+            /* https://account.live.com/developers/applications
+            The MicrosoftAccount service has restrictions that prevent the use of http://localhost:54540/ for test applications.
+            As such, here is how to change this sample to uses http://mssecsample.localhost.this:54540/ instead.
 
-            Edit the Project.json file and replace http://localhost:12345/ with http://mssecsample.localhost.this:12345/.
+            Edit the Project.json file and replace http://localhost:54540/ with http://mssecsample.localhost.this:54540/.
 
             From an admin command console first enter:
              notepad C:\Windows\System32\drivers\etc\hosts
@@ -79,7 +82,7 @@ namespace CookieSample
              127.0.0.1 MsSecSample.localhost.this
 
             Then you can choose to run the app as admin (see below) or add the following ACL as admin:
-             netsh http add urlacl url=http://mssecsample.localhost.this:12345/ user=[domain\user]
+             netsh http add urlacl url=http://mssecsample.localhost.this:54540/ user=[domain\user]
 
             The sample app can then be run via:
              k web
@@ -102,6 +105,7 @@ namespace CookieSample
                 options.ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr";
             });
 
+            // https://github.com/settings/applications/
             app.UseOAuthAuthentication("GitHub-AccessToken", options =>
             {
                 options.ClientId = "8c0c5a572abe8fe89588";
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 737c6638e8..f457d3a9d4 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -11,8 +11,9 @@
         "Kestrel": "1.0.0-*"
     },
     "commands": {
-        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
-        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
+        /* Note all servers must use the same address and port because these are pre-registered with the various providers. */
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:54540",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:54540"
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
index 19cc380749..72addbef8b 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNet.Security.Facebook
     {
         public const string AuthenticationType = "Facebook";
 
-        public const string AuthorizationEndpoint = "https://www.facebook.com/dialog/oauth";
+        public const string AuthorizationEndpoint = "https://www.facebook.com/v2.2/dialog/oauth";
 
-        public const string TokenEndpoint = "https://graph.facebook.com/oauth/access_token";
+        public const string TokenEndpoint = "https://graph.facebook.com/v2.2/oauth/access_token";
 
-        public const string UserInformationEndpoint = "https://graph.facebook.com/me";
+        public const string UserInformationEndpoint = "https://graph.facebook.com/v2.2/me";
     }
 }
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index f3e0bf703b..6120b82c44 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -97,7 +97,7 @@ namespace Microsoft.AspNet.Security.Facebook
             var transaction = await SendAsync(server, "http://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            location.ShouldContain("https://www.facebook.com/dialog/oauth");
+            location.ShouldContain("https://www.facebook.com/v2.2/dialog/oauth");
             location.ShouldContain("response_type=code");
             location.ShouldContain("client_id=");
             location.ShouldContain("redirect_uri=");

From b37966f7ef7a34437e02c8347f8eb6fe57368f18 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 18 Nov 2014 14:51:36 -0800
Subject: [PATCH 111/900] Fix DataProtection DI dependencies.

---
 .../Cookies/CookieMiddlewareTests.cs          |  4 +-
 .../Facebook/FacebookMiddlewareTests.cs       |  2 +-
 .../Google/GoogleMiddlewareTests.cs           |  2 +-
 .../MicrosoftAccountMiddlewareTests.cs        |  2 +-
 .../TestApplicationEnvironment.cs             | 37 +++++++++++++++++++
 .../TestServices.cs                           | 22 +++++++++++
 .../Twitter/TwitterMiddlewareTests.cs         |  2 +-
 7 files changed, 64 insertions(+), 7 deletions(-)
 create mode 100644 test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/TestServices.cs

diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index fc101faaa5..dbf470f839 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -18,8 +18,6 @@ using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.TestHost;
 using Shouldly;
 using Xunit;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.DependencyInjection;
 
 namespace Microsoft.AspNet.Security.Cookies
 {
@@ -367,7 +365,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
         private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
-            return TestServer.Create(app =>
+            return TestServer.Create(TestServices.CreateTestServices(), app =>
             {
                 app.UseCookieAuthentication(configureOptions);
                 app.Use(async (context, next) =>
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 6120b82c44..08c5e1ed43 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Security.Facebook
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
         {
-            return TestServer.Create(app =>
+            return TestServer.Create(TestServices.CreateTestServices(), app =>
             {
                 if (configure != null)
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index 3a1113d7f8..b6945d4c5e 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -463,7 +463,7 @@ namespace Microsoft.AspNet.Security.Google
 
         private static TestServer CreateServer(Action<GoogleAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
-            return TestServer.Create(app =>
+            return TestServer.Create(TestServices.CreateTestServices(), app =>
             {
                 app.UseServices(services =>
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index d055df748c..5b01da6c09 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -161,7 +161,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
 
         private static TestServer CreateServer(Action<MicrosoftAccountAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler)
         {
-            return TestServer.Create(app =>
+            return TestServer.Create(TestServices.CreateTestServices(), app =>
             {
                 app.UseServices(services =>
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs b/test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs
new file mode 100644
index 0000000000..01ef364c1d
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs
@@ -0,0 +1,37 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Runtime.Versioning;
+using Microsoft.Framework.Runtime;
+
+namespace Microsoft.AspNet.Security
+{
+    public class TestApplicationEnvironment : IApplicationEnvironment
+    {
+        public string ApplicationBasePath
+        {
+            get { return Environment.CurrentDirectory; }
+        }
+
+        public string ApplicationName
+        {
+            get { return "Test App environment"; }
+        }
+
+        public string Configuration
+        {
+            get { return "Test"; }
+        }
+
+        public FrameworkName RuntimeFramework
+        {
+            get { return new FrameworkName(".NETFramework", new Version(4, 5)); }
+        }
+
+        public string Version
+        {
+            get { return "1.0.0"; }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/TestServices.cs b/test/Microsoft.AspNet.Security.Test/TestServices.cs
new file mode 100644
index 0000000000..ea3b392ce7
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/TestServices.cs
@@ -0,0 +1,22 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.DependencyInjection.Fallback;
+using Microsoft.Framework.Runtime;
+
+namespace Microsoft.AspNet.Security
+{
+    public static class TestServices
+    {
+        public static IServiceProvider CreateTestServices()
+        {
+            var collection = new ServiceCollection();
+            collection.AddSingleton<IApplicationEnvironment, TestApplicationEnvironment>();
+            collection.Add(DataProtectionServices.GetDefaultServices());
+            return collection.BuildServiceProvider();
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index 5505f97542..ab24c00747 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Security.Twitter
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
         {
-            return TestServer.Create(app =>
+            return TestServer.Create(TestServices.CreateTestServices(), app =>
             {
                 app.UseServices(services =>
                 {

From 977a08ddca8698ea80b5e0b61ff35014357f3c05 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 18 Nov 2014 14:59:56 -0800
Subject: [PATCH 112/900] Add DataProtection to samples.

---
 samples/CookieSample/Startup.cs        | 6 ++++++
 samples/CookieSessionSample/Startup.cs | 6 ++++++
 samples/SocialSample/Startup.cs        | 8 +++-----
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index cff673d752..aae3191ac2 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -2,6 +2,7 @@ using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.DataProtection;
 
 namespace CookieSample
 {
@@ -9,6 +10,11 @@ namespace CookieSample
     {
         public void Configure(IApplicationBuilder app)
         {
+            app.UseServices(services =>
+            {
+                services.Add(DataProtectionServices.GetDefaultServices());
+            });
+
             app.UseCookieAuthentication(options =>
             {
             });
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 2b6cfd8464..72a5c1ff97 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -3,6 +3,7 @@ using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.DataProtection;
 
 namespace CookieSessionSample
 {
@@ -10,6 +11,11 @@ namespace CookieSessionSample
     {
         public void Configure(IApplicationBuilder app)
         {
+            app.UseServices(services =>
+            {
+                services.Add(DataProtectionServices.GetDefaultServices());
+            });
+
             app.UseCookieAuthentication(options => 
             {
                 options.SessionStore = new MemoryCacheSessionStore();
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 162a1b5539..f6070b9ff7 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,5 +1,3 @@
-using System;
-using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
@@ -8,13 +6,12 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security;
 using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.Facebook;
+using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Google;
 using Microsoft.AspNet.Security.MicrosoftAccount;
 using Microsoft.AspNet.Security.OAuth;
-using Microsoft.AspNet.Security.Twitter;
-using Newtonsoft.Json.Linq;
 using Microsoft.Framework.DependencyInjection;
+using Newtonsoft.Json.Linq;
 
 namespace CookieSample
 {
@@ -26,6 +23,7 @@ namespace CookieSample
 
             app.UseServices(services =>
             {
+                services.Add(DataProtectionServices.GetDefaultServices());
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
                     options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;

From 5f06906087b71cf587dce0f4ef3e1a1f84d5348d Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 20 Nov 2014 17:25:16 -0800
Subject: [PATCH 113/900] React to fallback changes

---
 .../Cookies/CookieMiddlewareTests.cs          |  4 +++-
 .../Facebook/FacebookMiddlewareTests.cs       |  8 +++----
 .../Google/GoogleMiddlewareTests.cs           |  3 ++-
 .../MicrosoftAccountMiddlewareTests.cs        |  3 ++-
 .../TestServices.cs                           | 22 -------------------
 .../Twitter/TwitterMiddlewareTests.cs         |  4 +++-
 6 files changed, 14 insertions(+), 30 deletions(-)
 delete mode 100644 test/Microsoft.AspNet.Security.Test/TestServices.cs

diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index dbf470f839..a5ca8bcaf7 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -15,6 +15,7 @@ using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.TestHost;
 using Shouldly;
 using Xunit;
@@ -365,8 +366,9 @@ namespace Microsoft.AspNet.Security.Cookies
 
         private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
-            return TestServer.Create(TestServices.CreateTestServices(), app =>
+            return TestServer.Create(app =>
             {
+                app.UseServices(services => services.Add(DataProtectionServices.GetDefaultServices()));
                 app.UseCookieAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 08c5e1ed43..1749a6ffe3 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -9,11 +9,9 @@ using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.OptionsModel;
 using Shouldly;
 using Xunit;
 
@@ -29,6 +27,7 @@ namespace Microsoft.AspNet.Security.Facebook
                 {
                     app.UseServices(services =>
                     {
+                        services.Add(DataProtectionServices.GetDefaultServices());
                         services.ConfigureFacebookAuthentication(options =>
                         {
                             options.AppId = "Test App Id";
@@ -72,6 +71,7 @@ namespace Microsoft.AspNet.Security.Facebook
                 {
                     app.UseServices(services =>
                     {
+                        services.Add(DataProtectionServices.GetDefaultServices());
                         services.ConfigureFacebookAuthentication(options =>
                         {
                             options.AppId = "Test App Id";
@@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Security.Facebook
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
         {
-            return TestServer.Create(TestServices.CreateTestServices(), app =>
+            return TestServer.Create(app =>
             {
                 if (configure != null)
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index b6945d4c5e..e9169baf3c 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -463,10 +463,11 @@ namespace Microsoft.AspNet.Security.Google
 
         private static TestServer CreateServer(Action<GoogleAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
-            return TestServer.Create(TestServices.CreateTestServices(), app =>
+            return TestServer.Create(app =>
             {
                 app.UseServices(services =>
                 {
+                    services.Add(DataProtectionServices.GetDefaultServices());
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = CookieAuthenticationType;
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 5b01da6c09..6a5cb84f39 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -161,10 +161,11 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
 
         private static TestServer CreateServer(Action<MicrosoftAccountAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler)
         {
-            return TestServer.Create(TestServices.CreateTestServices(), app =>
+            return TestServer.Create(app =>
             {
                 app.UseServices(services =>
                 {
+                    services.Add(DataProtectionServices.GetDefaultServices());
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = "External";
diff --git a/test/Microsoft.AspNet.Security.Test/TestServices.cs b/test/Microsoft.AspNet.Security.Test/TestServices.cs
deleted file mode 100644
index ea3b392ce7..0000000000
--- a/test/Microsoft.AspNet.Security.Test/TestServices.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Security.DataProtection;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.DependencyInjection.Fallback;
-using Microsoft.Framework.Runtime;
-
-namespace Microsoft.AspNet.Security
-{
-    public static class TestServices
-    {
-        public static IServiceProvider CreateTestServices()
-        {
-            var collection = new ServiceCollection();
-            collection.AddSingleton<IApplicationEnvironment, TestApplicationEnvironment>();
-            collection.Add(DataProtectionServices.GetDefaultServices());
-            return collection.BuildServiceProvider();
-        }
-    }
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index ab24c00747..a1d6c095fe 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -17,6 +17,7 @@ using Shouldly;
 using Xunit;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet.Security.Twitter
 {
@@ -107,10 +108,11 @@ namespace Microsoft.AspNet.Security.Twitter
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
         {
-            return TestServer.Create(TestServices.CreateTestServices(), app =>
+            return TestServer.Create(app =>
             {
                 app.UseServices(services =>
                 {
+                    services.Add(DataProtectionServices.GetDefaultServices());
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = "External";

From 240ed82b31493f4ccf78e4327bdc5d7a557a43e9 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 24 Nov 2014 16:32:33 -0800
Subject: [PATCH 114/900] React to AddDataProtection change

---
 samples/CookieSample/Startup.cs                               | 4 ++--
 samples/CookieSessionSample/Startup.cs                        | 4 ++--
 samples/SocialSample/Startup.cs                               | 2 +-
 .../Cookies/CookieMiddlewareTests.cs                          | 4 ++--
 .../Facebook/FacebookMiddlewareTests.cs                       | 4 ++--
 .../Google/GoogleMiddlewareTests.cs                           | 2 +-
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs       | 2 +-
 .../Twitter/TwitterMiddlewareTests.cs                         | 2 +-
 8 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index aae3191ac2..7e481c220e 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -2,7 +2,7 @@ using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.Framework.DependencyInjection;
 
 namespace CookieSample
 {
@@ -12,7 +12,7 @@ namespace CookieSample
         {
             app.UseServices(services =>
             {
-                services.Add(DataProtectionServices.GetDefaultServices());
+                services.AddDataProtection();
             });
 
             app.UseCookieAuthentication(options =>
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 72a5c1ff97..ff72c04694 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -3,7 +3,7 @@ using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.Framework.DependencyInjection;
 
 namespace CookieSessionSample
 {
@@ -13,7 +13,7 @@ namespace CookieSessionSample
         {
             app.UseServices(services =>
             {
-                services.Add(DataProtectionServices.GetDefaultServices());
+                services.AddDataProtection();
             });
 
             app.UseCookieAuthentication(options => 
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index f6070b9ff7..6e7b5c6323 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -23,7 +23,7 @@ namespace CookieSample
 
             app.UseServices(services =>
             {
-                services.Add(DataProtectionServices.GetDefaultServices());
+                services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
                     options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index a5ca8bcaf7..b103a7c757 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -15,8 +15,8 @@ using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
 using Shouldly;
 using Xunit;
 
@@ -368,7 +368,7 @@ namespace Microsoft.AspNet.Security.Cookies
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services => services.Add(DataProtectionServices.GetDefaultServices()));
+                app.UseServices(services => services.AddDataProtection());
                 app.UseCookieAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 1749a6ffe3..7377d1a1f1 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Security.Facebook
                 {
                     app.UseServices(services =>
                     {
-                        services.Add(DataProtectionServices.GetDefaultServices());
+                        services.AddDataProtection();
                         services.ConfigureFacebookAuthentication(options =>
                         {
                             options.AppId = "Test App Id";
@@ -71,7 +71,7 @@ namespace Microsoft.AspNet.Security.Facebook
                 {
                     app.UseServices(services =>
                     {
-                        services.Add(DataProtectionServices.GetDefaultServices());
+                        services.AddDataProtection();
                         services.ConfigureFacebookAuthentication(options =>
                         {
                             options.AppId = "Test App Id";
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index e9169baf3c..5b6046aa9c 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -467,7 +467,7 @@ namespace Microsoft.AspNet.Security.Google
             {
                 app.UseServices(services =>
                 {
-                    services.Add(DataProtectionServices.GetDefaultServices());
+                    services.AddDataProtection();
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = CookieAuthenticationType;
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 6a5cb84f39..8fd06d8c97 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -165,7 +165,7 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
             {
                 app.UseServices(services =>
                 {
-                    services.Add(DataProtectionServices.GetDefaultServices());
+                    services.AddDataProtection();
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = "External";
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index a1d6c095fe..36a829404b 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -112,7 +112,7 @@ namespace Microsoft.AspNet.Security.Twitter
             {
                 app.UseServices(services =>
                 {
-                    services.Add(DataProtectionServices.GetDefaultServices());
+                    services.AddDataProtection();
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
                         options.SignInAsAuthenticationType = "External";

From 0a719735135c0e49ec024d377fc086e628f635bd Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Tue, 25 Nov 2014 11:03:55 -0800
Subject: [PATCH 115/900] Add schema version to kproj files

---
 samples/CookieSample/CookieSample.kproj                |  8 +++++---
 samples/CookieSessionSample/CookieSessionSample.kproj  |  8 +++++---
 samples/SocialSample/SocialSample.kproj                | 10 +++++-----
 .../Microsoft.AspNet.Security.Cookies.kproj            |  3 +++
 .../Microsoft.AspNet.Security.Facebook.kproj           |  3 +++
 .../Microsoft.AspNet.Security.Google.kproj             |  3 +++
 .../Microsoft.AspNet.Security.MicrosoftAccount.kproj   |  3 +++
 .../Microsoft.AspNet.Security.OAuth.kproj              |  3 +++
 .../Microsoft.AspNet.Security.Twitter.kproj            |  3 +++
 .../Microsoft.AspNet.Security.kproj                    |  3 +++
 .../Microsoft.AspNet.Security.Tests.kproj              |  3 +++
 11 files changed, 39 insertions(+), 11 deletions(-)

diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.kproj
index 3afd3733f3..0cc8921558 100644
--- a/samples/CookieSample/CookieSample.kproj
+++ b/samples/CookieSample/CookieSample.kproj
@@ -1,9 +1,8 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-    <DevelopmentServerPort>54539</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
@@ -11,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.kproj b/samples/CookieSessionSample/CookieSessionSample.kproj
index 954c473e9a..3dde446f74 100644
--- a/samples/CookieSessionSample/CookieSessionSample.kproj
+++ b/samples/CookieSessionSample/CookieSessionSample.kproj
@@ -1,9 +1,8 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-    <DevelopmentServerPort>54541</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
@@ -11,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.kproj
index 1fbca3ad0e..640b2404b4 100644
--- a/samples/SocialSample/SocialSample.kproj
+++ b/samples/SocialSample/SocialSample.kproj
@@ -1,11 +1,8 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-    <DevelopmentServerPort>54540</DevelopmentServerPort>
-    <CommandLineArguments />
-    <DebugTarget />
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
@@ -13,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
index 6f29892441..31c09ed577 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
+++ b/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
diff --git a/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj b/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
index b4d1603634..8a4224835e 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
+++ b/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
diff --git a/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj b/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
index 93e3716ced..32f8d92b26 100644
--- a/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
+++ b/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj b/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
index 439829d54b..88701bdb38 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
diff --git a/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj b/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
index 32d728261b..abcb5afdeb 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
+++ b/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
diff --git a/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj b/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
index 980720b3f5..e073a505c9 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
+++ b/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
index 9a1e957279..6262851a78 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
index a989127e44..77ea1e71cf 100644
--- a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
+++ b/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
@@ -10,5 +10,8 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>

From 184233af61978c0769714e804c15154551a07287 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 5 Dec 2014 10:40:46 -0800
Subject: [PATCH 116/900] #79: Remove cookie compression.

---
 .../CookieAuthenticationMiddleware.cs         |  2 +-
 .../project.json                              |  1 -
 .../Serializer/TicketSerializer.cs            | 30 +++----------------
 src/Microsoft.AspNet.Security/project.json    |  6 +---
 4 files changed, 6 insertions(+), 33 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 482f43b373..8f1cc4b542 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Security.Cookies
             if (Options.TicketDataFormat == null)
             {
                 IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
-                    typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1");
+                    typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationType, "v2");
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
             if (Options.CookieManager == null)
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index bae60ec0b8..0c44ae0cff 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -26,7 +26,6 @@
                 "System.Dynamic.Runtime": "4.0.0-beta-*",
                 "System.Globalization": "4.0.10-beta-*",
                 "System.IO": "4.0.10-beta-*",
-                "System.IO.Compression": "4.0.0-beta-*",
                 "System.Linq": "4.0.0-beta-*",
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
                 "System.ObjectModel": "4.0.10-beta-*",
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
index 7bfa9a1e6e..9fe982ee82 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
@@ -1,11 +1,8 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
-using System.Collections.Generic;
 using System.IO;
-using System.IO.Compression;
 using System.Linq;
 using System.Security.Claims;
 
@@ -13,46 +10,27 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
 {
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
-        private static readonly bool IsMono = Type.GetType("Mono.Runtime") != null;
         private const int FormatVersion = 2;
 
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
         public virtual byte[] Serialize(AuthenticationTicket model)
         {
             using (var memory = new MemoryStream())
             {
-                GZipStream compression;
-                if (IsMono)
+                using (var writer = new BinaryWriter(memory))
                 {
-                    // The other constructor is not currently supported on Mono.
-                    compression = new GZipStream(memory, CompressionMode.Compress);
-                }
-                else
-                {
-                    compression = new GZipStream(memory, CompressionLevel.Optimal);
-                }
-                using (compression)
-                {
-                    using (var writer = new BinaryWriter(compression))
-                    {
-                        Write(writer, model);
-                    }
+                    Write(writer, model);
                 }
                 return memory.ToArray();
             }
         }
 
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
         public virtual AuthenticationTicket Deserialize(byte[] data)
         {
             using (var memory = new MemoryStream(data))
             {
-                using (var compression = new GZipStream(memory, CompressionMode.Decompress))
+                using (var reader = new BinaryReader(memory))
                 {
-                    using (var reader = new BinaryReader(compression))
-                    {
-                        return Read(reader);
-                    }
+                    return Read(reader);
                 }
             }
         }
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 5ffa51a5c2..cac89fbad7 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -10,10 +10,6 @@
     },
     "frameworks": {
         "aspnet50": { },
-        "aspnetcore50": {
-            "dependencies": {
-                "System.IO.Compression": "4.0.0-beta-*"
-            }
-        }
+        "aspnetcore50": { }
     }
 }

From 23ce588f7bf7d6131c1cd1999e00847b46f4f91e Mon Sep 17 00:00:00 2001
From: Suhas Joshi <suhasbjoshi@hotmail.com>
Date: Mon, 8 Dec 2014 15:15:31 -0800
Subject: [PATCH 117/900] Updating to release NuGet.config

---
 NuGet.Config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index f41e9c631d..2d3b0cb857 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From 915d3a6b16f72a354e8169c335c0a1e37faa768e Mon Sep 17 00:00:00 2001
From: Suhas Joshi <suhasbjoshi@hotmail.com>
Date: Mon, 8 Dec 2014 15:24:57 -0800
Subject: [PATCH 118/900] Updating to dev NuGet.config

---
 NuGet.Config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index 2d3b0cb857..f41e9c631d 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From 20f21aa57f0c2141a4bed09db6e1ae403873beb3 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 15 Dec 2014 15:04:48 -0800
Subject: [PATCH 119/900] Removing transitive dependencies from
 Microsoft.AspNet.Security.OAuth

---
 .../project.json                              |  7 ++++-
 .../project.json                              | 29 ++-----------------
 2 files changed, 8 insertions(+), 28 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 5d7e261368..358d4515bf 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -6,6 +6,11 @@
     },
     "frameworks": {
         "aspnet50": {},
-        "aspnetcore50": {}
+        "aspnetcore50": {
+            "dependencies": {
+                "System.Dynamic.Runtime": "4.0.0-beta-*",
+                "System.ObjectModel": "4.0.0-beta-*"
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 0c44ae0cff..6a2eed249f 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -2,12 +2,8 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6"
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": {
@@ -18,28 +14,7 @@
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Collections": "4.0.10-beta-*",
-                "System.ComponentModel": "4.0.0-beta-*",
-                "System.Console": "4.0.0-beta-*",
-                "System.Diagnostics.Debug": "4.0.10-beta-*",
-                "System.Diagnostics.Tools": "4.0.0-beta-*",
-                "System.Dynamic.Runtime": "4.0.0-beta-*",
-                "System.Globalization": "4.0.10-beta-*",
-                "System.IO": "4.0.10-beta-*",
-                "System.Linq": "4.0.0-beta-*",
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
-                "System.ObjectModel": "4.0.10-beta-*",
-                "System.Reflection": "4.0.10-beta-*",
-                "System.Resources.ResourceManager": "4.0.0-beta-*",
-                "System.Runtime": "4.0.20-beta-*",
-                "System.Runtime.Extensions": "4.0.10-beta-*",
-                "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "4.0.0-beta-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
-                "System.Security.Principal": "4.0.0-beta-*",
-                "System.Threading": "4.0.0-beta-*",
-                "System.Threading.Tasks": "4.0.10-beta-*",
-                "System.Net.Http": "4.0.0-beta-*"
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
         }
     }

From fcf2f93aa3d811c2fed8b6e73fb0edfd376eae25 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 15 Dec 2014 16:50:13 -0800
Subject: [PATCH 120/900] Updating System.ObjectModel version that was copied
 incorrectly

---
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 358d4515bf..530d34c575 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -9,7 +9,7 @@
         "aspnetcore50": {
             "dependencies": {
                 "System.Dynamic.Runtime": "4.0.0-beta-*",
-                "System.ObjectModel": "4.0.0-beta-*"
+                "System.ObjectModel": "4.0.10-beta-*"
             }
         }
     }

From 2d2eedf89e0524ea255a4e68881dcfe43c764687 Mon Sep 17 00:00:00 2001
From: Brennan <brecon@microsoft.com>
Date: Mon, 15 Dec 2014 14:43:54 -0800
Subject: [PATCH 121/900] Update tests to use official xunit

---
 test/Microsoft.AspNet.Security.Test/project.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index affdcafebd..305fe5528e 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -10,10 +10,10 @@
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.TestHost": "1.0.0-*",
         "Moq": "4.2.1312.1622",
-        "Xunit.KRunner": "1.0.0-*"
+        "xunit.runner.kre": "1.0.0-*"
     },
     "commands": {
-        "test": "Xunit.KRunner"
+        "test": "xunit.runner.kre"
     },
     "frameworks": {
         "aspnet50": {

From 8b7d33baaf3ee2a99ca27ca91a4068e78c48cc66 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 18 Dec 2014 14:41:16 -0800
Subject: [PATCH 122/900] #63 - Use the PathBase in the Cookie path by default.

---
 .../CookieAuthenticationHandler.cs            |  2 +-
 .../CookieAuthenticationOptions.cs            |  1 -
 .../Cookies/CookieMiddlewareTests.cs          | 51 ++++++++++++++-----
 3 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index 63c524afa6..e290232575 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -146,7 +146,7 @@ namespace Microsoft.AspNet.Security.Cookies
                 {
                     Domain = Options.CookieDomain,
                     HttpOnly = Options.CookieHttpOnly,
-                    Path = Options.CookiePath ?? "/",
+                    Path = Options.CookiePath ?? (RequestPathBase.HasValue ? RequestPathBase.ToString() : "/"),
                 };
                 if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
                 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
index 121ff409b2..ec6e102063 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
@@ -24,7 +24,6 @@ namespace Microsoft.AspNet.Security.Cookies
         {
             AuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
-            CookiePath = "/";
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
             CookieHttpOnly = true;
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
index b103a7c757..c66d571b28 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
@@ -137,21 +137,11 @@ namespace Microsoft.AspNet.Security.Cookies
                 options.CookieDomain = "another.com";
                 options.CookieSecure = CookieSecureOption.Always;
                 options.CookieHttpOnly = true;
-            }, SignInAsAlice);
+            }, SignInAsAlice, new Uri("http://example.com/base"));
 
-            Transaction transaction1 = await SendAsync(server1, "http://example.com/testpath");
-
-            TestServer server2 = CreateServer(options =>
-            {
-                options.CookieName = "SecondCookie";
-                options.CookieSecure = CookieSecureOption.Never;
-                options.CookieHttpOnly = false;
-            }, SignInAsAlice);
-
-            Transaction transaction2 = await SendAsync(server2, "http://example.com/testpath");
+            Transaction transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
 
             string setCookie1 = transaction1.SetCookie;
-            string setCookie2 = transaction2.SetCookie;
 
             setCookie1.ShouldContain("TestCookie=");
             setCookie1.ShouldContain(" path=/foo");
@@ -159,7 +149,19 @@ namespace Microsoft.AspNet.Security.Cookies
             setCookie1.ShouldContain(" secure");
             setCookie1.ShouldContain(" HttpOnly");
 
+            TestServer server2 = CreateServer(options =>
+            {
+                options.CookieName = "SecondCookie";
+                options.CookieSecure = CookieSecureOption.Never;
+                options.CookieHttpOnly = false;
+            }, SignInAsAlice, new Uri("http://example.com/base"));
+
+            Transaction transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
+
+            string setCookie2 = transaction2.SetCookie;
+
             setCookie2.ShouldContain("SecondCookie=");
+            setCookie2.ShouldContain(" path=/base");
             setCookie2.ShouldNotContain(" domain=");
             setCookie2.ShouldNotContain(" secure");
             setCookie2.ShouldNotContain(" HttpOnly");
@@ -343,6 +345,25 @@ namespace Microsoft.AspNet.Security.Cookies
             responded.Single().ShouldContain("\"location\"");
         }
 
+        [Fact]
+        public async Task CookieUsesPathBaseByDefault()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(options =>
+            {
+            },
+            context =>
+            {
+                Assert.Equal(new PathString("/base"), context.Request.PathBase);
+                context.Response.SignIn(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")));
+                return Task.FromResult<object>(null);
+            },
+            new Uri("http://example.com/base"));
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/base/testpath");
+            Assert.True(transaction1.SetCookie.Contains("path=/base"));
+        }
+
         private static string FindClaimValue(Transaction transaction, string claimType)
         {
             XElement claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
@@ -364,9 +385,9 @@ namespace Microsoft.AspNet.Security.Cookies
             return me;
         }
 
-        private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
+        private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null, Uri baseAddress = null)
         {
-            return TestServer.Create(app =>
+            var server = TestServer.Create(app =>
             {
                 app.UseServices(services => services.AddDataProtection());
                 app.UseCookieAuthentication(configureOptions);
@@ -406,6 +427,8 @@ namespace Microsoft.AspNet.Security.Cookies
                     }
                 });
             });
+            server.BaseAddress = baseAddress;
+            return server;
         }
 
         private static void Describe(HttpResponse res, AuthenticationResult result)

From fec32f6746df5f01e650deb468686f184a59cf95 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 20 Nov 2014 16:14:10 -0800
Subject: [PATCH 123/900] #82 - Improve error handling mechanics.

---
 .../Infrastructure/AuthenticationHandler.cs   | 79 +++++++++++++++----
 .../AuthenticationMiddleware.cs               | 20 ++++-
 2 files changed, 81 insertions(+), 18 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index a5fd9876cb..2c9691c489 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -60,6 +60,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public IAuthenticationHandler PriorHandler { get; set; }
 
+        public bool Faulted { get; set; }
+
         protected async Task BaseInitializeAsync(AuthenticationOptions options, HttpContext context)
         {
             _baseOptions = options;
@@ -94,12 +96,29 @@ namespace Microsoft.AspNet.Security.Infrastructure
         }
 
         /// <summary>
-        /// Called once per request after Initialize and Invoke. 
+        /// Called once per request after Initialize and Invoke.
         /// </summary>
         /// <returns>async completion</returns>
         internal async Task TeardownAsync()
         {
-            await ApplyResponseAsync();
+            try
+            {
+                await ApplyResponseAsync();
+            }
+            catch (Exception)
+            {
+                try
+                {
+                    await TeardownCoreAsync();
+                }
+                catch (Exception)
+                {
+                    // Don't mask the original exception
+                }
+                UnregisterAuthenticationHandler();
+                throw;
+            }
+
             await TeardownCoreAsync();
             UnregisterAuthenticationHandler();
         }
@@ -217,15 +236,29 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         private void ApplyResponse()
         {
-            LazyInitializer.EnsureInitialized(
-                ref _applyResponse,
-                ref _applyResponseInitialized,
-                ref _applyResponseSyncLock,
-                () =>
+            // If ApplyResponse already failed in the OnSendingHeaderCallback or TeardownAsync code path then a
+            // failed task is cached. If called again the same error will be re-thrown. This breaks error handling
+            // scenarios like the ability to display the error page or re-execute the request.
+            try
+            {
+                if (!Faulted)
                 {
-                    ApplyResponseCore();
-                    return Task.FromResult(0);
-                }).GetAwaiter().GetResult(); // Block if the async version is in progress.
+                    LazyInitializer.EnsureInitialized(
+                        ref _applyResponse,
+                        ref _applyResponseInitialized,
+                        ref _applyResponseSyncLock,
+                        () =>
+                        {
+                            ApplyResponseCore();
+                            return Task.FromResult(0);
+                        }).GetAwaiter().GetResult(); // Block if the async version is in progress.
+                }
+            }
+            catch (Exception)
+            {
+                Faulted = true;
+                throw;
+            }
         }
 
         protected virtual void ApplyResponseCore()
@@ -240,13 +273,27 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// or later, as the last step when the original async call to the middleware is returning.
         /// </summary>
         /// <returns></returns>
-        private Task ApplyResponseAsync()
+        private async Task ApplyResponseAsync()
         {
-            return LazyInitializer.EnsureInitialized(
-                ref _applyResponse,
-                ref _applyResponseInitialized,
-                ref _applyResponseSyncLock,
-                ApplyResponseCoreAsync);
+            // If ApplyResponse already failed in the OnSendingHeaderCallback or TeardownAsync code path then a
+            // failed task is cached. If called again the same error will be re-thrown. This breaks error handling
+            // scenarios like the ability to display the error page or re-execute the request.
+            try
+            {
+                if (!Faulted)
+                {
+                    await LazyInitializer.EnsureInitialized(
+                        ref _applyResponse,
+                        ref _applyResponseInitialized,
+                        ref _applyResponseSyncLock,
+                        ApplyResponseCoreAsync);
+                }
+            }
+            catch (Exception)
+            {
+                Faulted = true;
+                throw;
+            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
index b7fb77fe81..a703619de6 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
@@ -41,9 +41,25 @@ namespace Microsoft.AspNet.Security.Infrastructure
             {
                 AuthenticationHandler<TOptions> handler = CreateHandler();
                 await handler.Initialize(Options, context);
-                if (!await handler.InvokeAsync())
+                try
                 {
-                    await _next(context);
+                    if (!await handler.InvokeAsync())
+                    {
+                        await _next(context);
+                    }
+                }
+                catch (Exception)
+                {
+                    try
+                    {
+                        handler.Faulted = true;
+                        await handler.TeardownAsync();
+                    }
+                    catch (Exception)
+                    {
+                        // Don't mask the original exception
+                    }
+                    throw;
                 }
                 await handler.TeardownAsync();
             }

From e6218c0429c4ee9f371e76cd8226724fde1312c5 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 7 Jan 2015 17:06:22 -0800
Subject: [PATCH 124/900] React to ReadFor breaking change.

---
 .../FacebookAuthenticationHandler.cs                           | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
index 6520902559..455cf1a4c2 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
@@ -10,6 +10,7 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.PipelineCore.Collections;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
@@ -39,7 +40,7 @@ namespace Microsoft.AspNet.Security.Facebook
             tokenResponse.EnsureSuccessStatusCode();
             string oauthTokenResponse = await tokenResponse.Content.ReadAsStringAsync();
 
-            IFormCollection form = FormHelpers.ParseForm(oauthTokenResponse);
+            IFormCollection form = new FormCollection(FormReader.ReadForm(oauthTokenResponse));
             var response = new JObject();
             foreach (string key in form.Keys)
             {

From fbe80ee64ee1e675f5b5e926c0c4afe858efdd9d Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 7 Jan 2015 18:10:42 -0800
Subject: [PATCH 125/900] Handle ReadFormAsync breaking changes.

---
 .../TwitterAuthenticationHandler.cs                          | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
index 7717642a1d..de4dee266f 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -11,6 +11,7 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.PipelineCore.Collections;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.Twitter.Messages;
 using Microsoft.AspNet.WebUtilities;
@@ -275,7 +276,7 @@ namespace Microsoft.AspNet.Security.Twitter
             response.EnsureSuccessStatusCode();
             string responseText = await response.Content.ReadAsStringAsync();
 
-            IFormCollection responseParameters = FormHelpers.ParseForm(responseText);
+            IFormCollection responseParameters = new FormCollection(FormReader.ReadForm(responseText));
             if (string.Equals(responseParameters["oauth_callback_confirmed"], "true", StringComparison.Ordinal))
             {
                 return new RequestToken { Token = Uri.UnescapeDataString(responseParameters["oauth_token"]), TokenSecret = Uri.UnescapeDataString(responseParameters["oauth_token_secret"]), CallbackConfirmed = true, Properties = properties };
@@ -351,7 +352,7 @@ namespace Microsoft.AspNet.Security.Twitter
 
             string responseText = await response.Content.ReadAsStringAsync();
 
-            IFormCollection responseParameters = FormHelpers.ParseForm(responseText);
+            IFormCollection responseParameters = new FormCollection(FormReader.ReadForm(responseText));
 
             return new AccessToken
             {

From 49e66f03110b486f8dd9959dd2cee802d676c28f Mon Sep 17 00:00:00 2001
From: BrentSchmaltz <brentschmaltz@hotmail.com>
Date: Mon, 12 Jan 2015 08:59:24 -0800
Subject: [PATCH 126/900] Additions for OpenIdConnectMiddleware and OAuthBearer
 Beta1.

---
 NuGet.Config                                  |   1 +
 Security.sln                                  |  47 +-
 .../OpenIdConnectSample.kproj                 |  30 +
 samples/OpenIDConnectSample/Startup.cs        |  56 ++
 samples/OpenIDConnectSample/project.json      |  18 +
 ...IOAuthBearerAuthenticationNotifications.cs |  37 --
 .../OAuthBearerAuthenticationNotifications.cs |  73 ---
 .../OAuthValidateIdentityContext.cs           |  26 -
 .../OAuthAuthenticationMiddleware.cs          |  12 +-
 .../OAuthBearerAuthenticationHandler.cs       | 126 ----
 .../OAuthBearerAuthenticationMiddleware.cs    |  81 ---
 .../OAuthBearerAuthenticationOptions.cs       |  66 --
 .../project.json                              |   2 +-
 ...icrosoft.AspNet.Security.OAuthBearer.kproj |  22 +
 .../NotNullAttribute.cs                       |  12 +
 .../AuthenticationChallengeNotification.cs    |  15 +
 .../OAuthBearerAuthenticationNotifications.cs |  56 ++
 .../OAuthBearerAuthenticationDefaults.cs      |   2 +-
 .../OAuthBearerAuthenticationExtensions.cs    |   2 +-
 .../OAuthBearerAuthenticationHandler.cs       | 200 ++++++
 .../OAuthBearerAuthenticationMiddleware.cs    | 116 ++++
 .../OAuthBearerAuthenticationOptions.cs       | 159 +++++
 .../Resources.Designer.cs                     |  83 +++
 .../Resources.resx                            | 126 ++++
 .../project.json                              |  22 +
 ...rosoft.AspNet.Security.OpenIdConnect.kproj |  29 +
 .../NonceCache.cs                             |  11 +
 .../AuthorizationCodeReceivedNotification.cs  |  45 ++
 .../OpenIdConnectAuthenticationDefaults.cs    |  41 ++
 .../OpenIdConnectAuthenticationExtensions.cs  |  29 +
 .../OpenIdConnectAuthenticationMiddleware.cs  | 173 ++++++
 ...penIdConnectAuthenticationNotifications.cs |  59 ++
 .../OpenIdConnectAuthenticationOptions.cs     | 337 ++++++++++
 .../OpenidConnectAuthenticationHandler.cs     | 577 ++++++++++++++++++
 .../Project.json                              |  48 ++
 .../Resources.Designer.cs                     | 101 +++
 .../AuthenticationTicket.cs                   |  29 +-
 .../AuthenticationTokenReceiveContext.cs      |  11 -
 .../AuthenticationFailedNotification.cs       |   8 +-
 .../Notifications/BaseNotification.cs         |  49 ++
 .../MessageReceivedNotification.cs            |   6 +-
 .../Notifications/NotificationResultState.cs  |  22 +
 ...edirectFromIdentityProviderNotification.cs |  12 +-
 .../RedirectToIdentityProviderNotification.cs |   8 +-
 .../SecurityTokenReceivedNotification.cs      |  10 +-
 .../SecurityTokenValidatedNotification.cs     |  10 +-
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs | 237 +++++++
 .../OpenIdConnectMiddlewareTests.cs           | 361 +++++++++++
 .../project.json                              |   5 +-
 49 files changed, 3149 insertions(+), 459 deletions(-)
 create mode 100644 samples/OpenIDConnectSample/OpenIdConnectSample.kproj
 create mode 100644 samples/OpenIDConnectSample/Startup.cs
 create mode 100644 samples/OpenIDConnectSample/project.json
 delete mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs
 delete mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs
 delete mode 100644 src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs
 delete mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
 delete mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
 delete mode 100644 src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Security.OAuthBearer}/OAuthBearerAuthenticationDefaults.cs (92%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Security.OAuthBearer}/OAuthBearerAuthenticationExtensions.cs (97%)
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/Resources.resx
 create mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/project.json
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/NonceCache.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/Notifications/AuthorizationCodeReceivedNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationDefaults.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/OpenidConnectAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/Project.json
 create mode 100644 src/Microsoft.AspNet.Security.OpenIDConnect/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
 create mode 100644 src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/OpenIdConnectMiddlewareTests/OpenIdConnectMiddlewareTests.cs

diff --git a/NuGet.Config b/NuGet.Config
index f41e9c631d..4ee105534c 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -3,5 +3,6 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
+    <add key="AzureADNighty" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
 </configuration>
diff --git a/Security.sln b/Security.sln
index 2cc23038e0..ccddd42c7a 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.22013.1
+VisualStudioVersion = 14.0.22422.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -36,6 +36,12 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.O
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSessionSample", "samples\CookieSessionSample\CookieSessionSample.kproj", "{19711880-46DA-4A26-9E0F-9B2E41D27651}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnectSample", "samples\OpenIdConnectSample\OpenIdConnectSample.kproj", "{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.OAuthBearer", "src\Microsoft.AspNet.Security.OAuthBearer\Microsoft.AspNet.Security.OAuthBearer.kproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.OpenIdConnect", "src\Microsoft.AspNet.Security.OpenIdConnect\Microsoft.AspNet.Security.OpenIdConnect.kproj", "{674D128E-83BB-481A-A9D9-6D47872E1FC8}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -156,6 +162,42 @@ Global
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x86.ActiveCfg = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x86.Build.0 = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.ActiveCfg = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.Build.0 = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.Build.0 = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|x86.Build.0 = Debug|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Any CPU.Build.0 = Release|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|x86.ActiveCfg = Release|Any CPU
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -172,5 +214,8 @@ Global
 		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{4A636011-68EE-4CE5-836D-EA8E13CF71E4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{19711880-46DA-4A26-9E0F-9B2E41D27651} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{674D128E-83BB-481A-A9D9-6D47872E1FC8} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/OpenIDConnectSample/OpenIdConnectSample.kproj b/samples/OpenIDConnectSample/OpenIdConnectSample.kproj
new file mode 100644
index 0000000000..c6ab693ae7
--- /dev/null
+++ b/samples/OpenIDConnectSample/OpenIdConnectSample.kproj
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>bef0f5c3-ef4e-4649-9c49-d5e279a3ca2b</ProjectGuid>
+    <RootNamespace>OpenIDConnectSample</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <AssemblyName>OpenIDConnectSample</AssemblyName>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+    <DevelopmentServerPort>42023</DevelopmentServerPort>
+    <CommandLineArguments />
+    <DebugTarget>
+    </DebugTarget>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <ProjectExtensions>
+    <VisualStudio>
+      <UserProperties project_1json__JSONSchema="http://www.asp.net/media/4878834/project.json" />
+    </VisualStudio>
+  </ProjectExtensions>
+</Project>
\ No newline at end of file
diff --git a/samples/OpenIDConnectSample/Startup.cs b/samples/OpenIDConnectSample/Startup.cs
new file mode 100644
index 0000000000..17850d03b2
--- /dev/null
+++ b/samples/OpenIDConnectSample/Startup.cs
@@ -0,0 +1,56 @@
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security;
+
+namespace OpenIdConnectSample
+{
+    public class Startup
+    {
+        public void Configure(IApplicationBuilder app)
+        {
+            app.UseServices(services =>
+            {
+                services.AddDataProtection();
+                services.Configure<ExternalAuthenticationOptions>(options =>
+                {
+                    options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+                });
+
+            });
+
+            app.UseCookieAuthentication(options =>
+            {
+                options.AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+            });
+
+            app.UseOpenIdConnectAuthentication(options =>
+                {
+                    options.ClientId = "fe78e0b4-6fe7-47e6-812c-fb75cee266a4";
+                    options.Authority = "https://login.windows.net/cyrano.onmicrosoft.com";
+                    options.RedirectUri = "http://localhost:42023";
+                    options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+                    options.AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+                });
+
+            app.Run(async context =>
+            {
+                if (context.User == null || !context.User.Identity.IsAuthenticated)
+                {
+                    context.Response.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
+
+                    context.Response.ContentType = "text/plain";
+                    await context.Response.WriteAsync("Hello First timer");
+                    return;
+                }
+
+                context.Response.ContentType = "text/plain";
+                await context.Response.WriteAsync("Hello Authenticated User");
+            });
+
+
+        }
+    }
+}
diff --git a/samples/OpenIDConnectSample/project.json b/samples/OpenIDConnectSample/project.json
new file mode 100644
index 0000000000..65652110bb
--- /dev/null
+++ b/samples/OpenIDConnectSample/project.json
@@ -0,0 +1,18 @@
+{
+    "dependencies": {
+        "Kestrel": "1.0.0-*",
+        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+        "Microsoft.AspNet.Security.OpenIdConnect": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
+    },
+    "frameworks": {
+        "aspnet50": { },
+        "aspnetcore50": { }
+    },
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
+        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
+    },    
+    "webroot": "wwwroot"
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs
deleted file mode 100644
index 048d8f2927..0000000000
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthBearerAuthenticationNotifications.cs
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNet.Security.OAuth
-{
-    /// <summary>
-    /// Specifies callback methods which the <see cref="OAuthBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
-    /// </summary>
-    public interface IOAuthBearerAuthenticationNotifications
-    {
-        /// <summary>
-        /// Invoked before the <see cref="System.Security.Claims.ClaimsIdentity"/> is created. Gives the application an 
-        /// opportunity to find the identity from a different location, adjust, or reject the token.
-        /// </summary>
-        /// <param name="context">Contains the token string.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task RequestToken(OAuthRequestTokenContext context);
-
-        /// <summary>
-        /// Called each time a request identity has been validated by the middleware. By implementing this method the
-        /// application may alter or reject the identity which has arrived with the request.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ValidateIdentity(OAuthValidateIdentityContext context);
-
-        /// <summary>
-        /// Called each time a challenge is being sent to the client. By implementing this method the application
-        /// may modify the challenge as needed.
-        /// </summary>
-        /// <param name="context">Contains the default challenge.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ApplyChallenge(OAuthChallengeContext context);
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs
deleted file mode 100644
index 2c24f3ff1f..0000000000
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthBearerAuthenticationNotifications.cs
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNet.Security.OAuth
-{
-    /// <summary>
-    /// OAuth bearer token middleware provider
-    /// </summary>
-    public class OAuthBearerAuthenticationNotifications : IOAuthBearerAuthenticationNotifications
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="OAuthBearerAuthenticationProvider"/> class
-        /// </summary>
-        public OAuthBearerAuthenticationNotifications()
-        {
-            OnRequestToken = context => Task.FromResult<object>(null);
-            OnValidateIdentity = context => Task.FromResult<object>(null);
-            OnApplyChallenge = context =>
-            {
-                context.HttpContext.Response.Headers.AppendValues("WWW-Authenticate", context.Challenge);
-                return Task.FromResult(0);
-            };
-        }
-
-        /// <summary>
-        /// Handles processing OAuth bearer token.
-        /// </summary>
-        public Func<OAuthRequestTokenContext, Task> OnRequestToken { get; set; }
-
-        /// <summary>
-        /// Handles validating the identity produced from an OAuth bearer token.
-        /// </summary>
-        public Func<OAuthValidateIdentityContext, Task> OnValidateIdentity { get; set; }
-
-        /// <summary>
-        /// Handles applying the authentication challenge to the response message.
-        /// </summary>
-        public Func<OAuthChallengeContext, Task> OnApplyChallenge { get; set; }
-
-        /// <summary>
-        /// Handles processing OAuth bearer token.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns></returns>
-        public virtual Task RequestToken(OAuthRequestTokenContext context)
-        {
-            return OnRequestToken(context);
-        }
-
-        /// <summary>
-        /// Handles validating the identity produced from an OAuth bearer token.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns></returns>
-        public virtual Task ValidateIdentity(OAuthValidateIdentityContext context)
-        {
-            return OnValidateIdentity.Invoke(context);
-        }
-
-        /// <summary>
-        /// Handles applying the authentication challenge to the response message.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns></returns>
-        public Task ApplyChallenge(OAuthChallengeContext context)
-        {
-            return OnApplyChallenge(context);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs b/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs
deleted file mode 100644
index 5dc04ffb40..0000000000
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthValidateIdentityContext.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Security.OAuth
-{
-    /// <summary>
-    /// Contains the authentication ticket data from an OAuth bearer token.
-    /// </summary>
-    public class OAuthValidateIdentityContext : BaseValidatingTicketContext<OAuthBearerAuthenticationOptions>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="OAuthValidateIdentityContext"/> class
-        /// </summary>
-        /// <param name="context"></param>
-        /// <param name="options"></param>
-        /// <param name="ticket"></param>
-        public OAuthValidateIdentityContext(
-            HttpContext context,
-            OAuthBearerAuthenticationOptions options,
-            AuthenticationTicket ticket) : base(context, options, ticket)
-        {
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
index 2628d38491..18dd9c9a86 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -1,16 +1,16 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Diagnostics.CodeAnalysis;
-using System.Globalization;
-using System.Net.Http;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Globalization;
+using System.Net.Http;
 
 namespace Microsoft.AspNet.Security.OAuth
 {
@@ -45,18 +45,22 @@ namespace Microsoft.AspNet.Security.OAuth
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthenticationType"));
             }
+
             if (string.IsNullOrWhiteSpace(Options.ClientId))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
             }
+
             if (string.IsNullOrWhiteSpace(Options.ClientSecret))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientSecret"));
             }
+
             if (string.IsNullOrWhiteSpace(Options.AuthorizationEndpoint))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthorizationEndpoint"));
             }
+
             if (string.IsNullOrWhiteSpace(Options.TokenEndpoint))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "TokenEndpoint"));
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
deleted file mode 100644
index 406085b670..0000000000
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationHandler.cs
+++ /dev/null
@@ -1,126 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.Framework.Logging;
-
-namespace Microsoft.AspNet.Security.OAuth
-{
-    internal class OAuthBearerAuthenticationHandler : AuthenticationHandler<OAuthBearerAuthenticationOptions>
-    {
-        private readonly ILogger _logger;
-        private readonly string _challenge;
-
-        public OAuthBearerAuthenticationHandler(ILogger logger, string challenge)
-        {
-            _logger = logger;
-            _challenge = challenge;
-        }
-
-        protected override AuthenticationTicket AuthenticateCore()
-        {
-            return AuthenticateCoreAsync().GetAwaiter().GetResult();
-        }
-
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
-        {
-            try
-            {
-                // Find token in default location
-                string requestToken = null;
-                string authorization = Request.Headers.Get("Authorization");
-                if (!string.IsNullOrEmpty(authorization))
-                {
-                    if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
-                    {
-                        requestToken = authorization.Substring("Bearer ".Length).Trim();
-                    }
-                }
-
-                // Give application opportunity to find from a different location, adjust, or reject token
-                var requestTokenContext = new OAuthRequestTokenContext(Context, requestToken);
-                await Options.Notifications.RequestToken(requestTokenContext);
-
-                // If no token found, no further work possible
-                if (string.IsNullOrEmpty(requestTokenContext.Token))
-                {
-                    return null;
-                }
-
-                // Call provider to process the token into data
-                var tokenReceiveContext = new AuthenticationTokenReceiveContext(
-                    Context,
-                    Options.AccessTokenFormat,
-                    requestTokenContext.Token);
-
-                await Options.AccessTokenProvider.ReceiveAsync(tokenReceiveContext);
-                if (tokenReceiveContext.Ticket == null)
-                {
-                    tokenReceiveContext.DeserializeTicket(tokenReceiveContext.Token);
-                }
-
-                AuthenticationTicket ticket = tokenReceiveContext.Ticket;
-                if (ticket == null)
-                {
-                    _logger.WriteWarning("invalid bearer token received");
-                    return null;
-                }
-
-                // Validate expiration time if present
-                DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
-
-                if (ticket.Properties.ExpiresUtc.HasValue &&
-                    ticket.Properties.ExpiresUtc.Value < currentUtc)
-                {
-                    _logger.WriteWarning("expired bearer token received");
-                    return null;
-                }
-
-                // Give application final opportunity to override results
-                var context = new OAuthValidateIdentityContext(Context, Options, ticket);
-                if (ticket != null &&
-                    ticket.Identity != null &&
-                    ticket.Identity.IsAuthenticated)
-                {
-                    // bearer token with identity starts validated
-                    context.Validated();
-                }
-
-                await Options.Notifications.ValidateIdentity(context);
-                if (!context.IsValidated)
-                {
-                    return null;
-                }
-
-                // resulting identity values go back to caller
-                return context.Ticket;
-            }
-            catch (Exception ex)
-            {
-                _logger.WriteError("Authentication failed", ex);
-                return null;
-            }
-        }
-
-        protected override void ApplyResponseChallenge()
-        {
-            if (Response.StatusCode != 401)
-            {
-                return;
-            }
-
-            if (ChallengeContext != null)
-            {
-                OAuthChallengeContext challengeContext = new OAuthChallengeContext(Context, _challenge);
-                Options.Notifications.ApplyChallenge(challengeContext);
-            }
-        }
-
-        protected override void ApplyResponseGrant()
-        {
-            // N/A
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
deleted file mode 100644
index 0661c4fede..0000000000
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationMiddleware.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataProtection;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using System;
-
-namespace Microsoft.AspNet.Security.OAuth
-{
-    /// <summary>
-    /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
-    /// created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication
-    /// extension method.
-    /// </summary>
-    public class OAuthBearerAuthenticationMiddleware : AuthenticationMiddleware<OAuthBearerAuthenticationOptions>
-    {
-        private readonly ILogger _logger;
-
-        private readonly string _challenge;
-
-        /// <summary>
-        /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
-        /// called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication 
-        /// extension method.
-        /// </summary>
-        public OAuthBearerAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IOptions<OAuthBearerAuthenticationOptions> options,
-            ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
-            : base(next, services, options, configureOptions)
-        {
-            _logger = loggerFactory.Create<OAuthBearerAuthenticationMiddleware>();
-
-            if (!string.IsNullOrWhiteSpace(Options.Challenge))
-            {
-                _challenge = Options.Challenge;
-            }
-            else if (string.IsNullOrWhiteSpace(Options.Realm))
-            {
-                _challenge = "Bearer";
-            }
-            else
-            {
-                _challenge = "Bearer realm=\"" + Options.Realm + "\"";
-            }
-
-            if (Options.Notifications == null)
-            {
-                Options.Notifications = new OAuthBearerAuthenticationNotifications();
-            }
-
-            if (Options.AccessTokenFormat == null)
-            {
-                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
-                    this.GetType().FullName, Options.AuthenticationType, "v1");
-                Options.AccessTokenFormat = new TicketDataFormat(dataProtector);
-            }
-
-            if (Options.AccessTokenProvider == null)
-            {
-                Options.AccessTokenProvider = new AuthenticationTokenProvider();
-            }
-        }
-
-        /// <summary>
-        /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
-        /// </summary>
-        /// <returns>A new instance of the request handler</returns>
-        protected override AuthenticationHandler<OAuthBearerAuthenticationOptions> CreateHandler()
-        {
-            return new OAuthBearerAuthenticationHandler(_logger, _challenge);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs
deleted file mode 100644
index d2f9b9190b..0000000000
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationOptions.cs
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Security.Infrastructure;
-
-namespace Microsoft.AspNet.Security.OAuth
-{
-    /// <summary>
-    /// Options class provides information needed to control Bearer Authentication middleware behavior
-    /// </summary>
-    public class OAuthBearerAuthenticationOptions : AuthenticationOptions
-    {
-        /// <summary>
-        /// Creates an instance of bearer authentication options with default values.
-        /// </summary>
-        public OAuthBearerAuthenticationOptions() : base()
-        {
-            SystemClock = new SystemClock();
-            AuthenticationType = OAuthBearerAuthenticationDefaults.AuthenticationType;
-        }
-
-        /// <summary>
-        /// Determines what realm value is included when the bearer middleware adds a response header to an unauthorized request.
-        /// If not assigned, the response header does not have a realm.
-        /// </summary>
-        public string Realm { get; set; }
-
-        /// <summary>
-        /// Specifies the full challenge to send to the client, and should start with "Bearer". If a challenge is provided then the
-        /// Realm property is ignored. If no challenge is specified then one is created using "Bearer" and the value of the Realm
-        /// property.
-        /// </summary>
-        public string Challenge { get; set; }
-
-        /// <summary>
-        /// The object provided by the application to process events raised by the bearer authentication middleware.
-        /// The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider
-        /// and assign delegates only to the events it wants to process.
-        /// </summary>
-        public IOAuthBearerAuthenticationNotifications Notifications { get; set; }
-
-        /// <summary>
-        /// The data format used to un-protect the information contained in the access token.
-        /// If not provided by the application the default data protection provider depends on the host server. 
-        /// The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted
-        /// servers will use DPAPI data protection. If a different access token
-        /// provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider 
-        /// and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorization server.
-        /// </summary>
-        public ISecureDataFormat<AuthenticationTicket> AccessTokenFormat { get; set; }
-
-        /// <summary>
-        /// Receives the bearer token the client application will be providing to web application. If not provided the token 
-        /// produced on the server's default data protection by using the AccessTokenFormat. If a different access token
-        /// provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider 
-        /// and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorization server.
-        /// </summary>
-        public IAuthenticationTokenProvider AccessTokenProvider { get; set; }
-
-        /// <summary>
-        /// Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on
-        /// DateTimeOffset.UtcNow. This is typically needed only for unit testing.
-        /// </summary>
-        public ISystemClock SystemClock { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 6a2eed249f..39ba020fc7 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*"
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj b/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj
new file mode 100644
index 0000000000..55d65389e4
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>2755BFE5-7421-4A31-A644-F817DF5CAA98</ProjectGuid>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <ProjectExtensions>
+    <VisualStudio>
+      <UserProperties project_1json__JSONSchema="http://www.asp.net/media/4878834/project.json" />
+    </VisualStudio>
+  </ProjectExtensions>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs
new file mode 100644
index 0000000000..29f5827495
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security.OAuthBearer
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs b/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
new file mode 100644
index 0000000000..f2685af0c5
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+namespace Microsoft.AspNet.Security.OAuthBearer
+{
+    public class AuthenticationChallengeNotification<TOptions> : BaseNotification<TOptions>
+    {
+        public AuthenticationChallengeNotification(HttpContext context, TOptions options) : base(context, options)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
new file mode 100644
index 0000000000..808615e1d4
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
@@ -0,0 +1,56 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+
+/// <summary>
+/// Specifies events which the <see cref="OAuthBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+/// </summary>
+namespace Microsoft.AspNet.Security.OAuthBearer
+{
+    /// <summary>
+    /// OAuth bearer token middleware provider
+    /// </summary>
+    public class OAuthBearerAuthenticationNotifications
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="OAuthBearerAuthenticationProvider"/> class
+        /// </summary>
+        public OAuthBearerAuthenticationNotifications()
+        {
+            ApplyChallenge = notification => { notification.HttpContext.Response.Headers.AppendValues("WWW-Authenticate", notification.Options.Challenge); return Task.FromResult(0); };
+            AuthenticationFailed = notification => Task.FromResult(0);
+            MessageReceived = notification => Task.FromResult(0);
+            SecurityTokenReceived = notification => Task.FromResult(0);
+            SecurityTokenValidated = notification => Task.FromResult(0);
+        }
+
+        /// <summary>
+        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// </summary>
+        public Func<AuthenticationFailedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
+
+        /// <summary>
+        /// Invoked when a protocol message is first received.
+        /// </summary>
+        public Func<MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> MessageReceived { get; set; }
+
+        /// <summary>
+        /// Invoked with the security token that has been extracted from the protocol message.
+        /// </summary>
+        public Func<SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
+
+        /// <summary>
+        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        public Func<SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
+
+        /// <summary>
+        /// Invoked to apply a challenge sent back to the caller.
+        /// </summary>
+        public Func<AuthenticationChallengeNotification<OAuthBearerAuthenticationOptions>, Task> ApplyChallenge { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
index 70f1f1e616..5b62827cc7 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Security.OAuthBearer
 {
     /// <summary>
     /// Default values used by authorization server and bearer authentication.
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
index b5512d01cd..0f31dfaf8a 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthBearerAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Security.OAuthBearer;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
new file mode 100644
index 0000000000..1c2eb287ae
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -0,0 +1,200 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens;
+using System.Linq;
+using System.Runtime.ExceptionServices;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.Notifications;
+using Microsoft.Framework.Logging;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Security.OAuthBearer
+{
+    public class OAuthBearerAuthenticationHandler : AuthenticationHandler<OAuthBearerAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+        private OpenIdConnectConfiguration _configuration;
+
+        public OAuthBearerAuthenticationHandler(ILogger logger)
+        {
+            _logger = logger;
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().GetAwaiter().GetResult();
+        }
+
+        /// <summary>
+        /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
+        /// </summary>
+        /// <returns></returns>
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            ExceptionDispatchInfo authFailedEx = null;
+            string token = null;
+            try
+            {
+                // Give application opportunity to find from a different location, adjust, or reject token
+                var messageReceivedNotification =
+                    new MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                    {
+                        ProtocolMessage = Context,
+                    };
+
+                // notification can set the token
+                await Options.Notifications.MessageReceived(messageReceivedNotification);
+                if (messageReceivedNotification.HandledResponse)
+                {
+                    return messageReceivedNotification.AuthenticationTicket;
+                }
+
+                if (messageReceivedNotification.Skipped)
+                {
+                    return null;
+                }
+
+                string authorization = Request.Headers.Get("Authorization");
+                if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
+                {
+                     token = authorization.Substring("Bearer ".Length).Trim();
+                }
+
+                // If no token found, no further work possible
+                if (string.IsNullOrEmpty(token))
+                {
+                    return null;
+                }
+
+                // notify user token was received
+                var securityTokenReceivedNotification =
+                new SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = Context,
+                    SecurityToken = token,
+                };
+
+                await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
+                if (securityTokenReceivedNotification.HandledResponse)
+                {
+                    return securityTokenReceivedNotification.AuthenticationTicket;
+                }
+
+                if (securityTokenReceivedNotification.Skipped)
+                {
+                    return null;
+                }
+
+                if (_configuration == null && Options.ConfigurationManager != null)
+                {
+                    _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+                }
+
+                var validationParameters = Options.TokenValidationParameters.Clone();
+                if (_configuration != null)
+                {
+                    if (validationParameters.ValidIssuer == null && !string.IsNullOrWhiteSpace(_configuration.Issuer))
+                    {
+                        validationParameters.ValidIssuer = _configuration.Issuer;
+                    }
+                    else
+                    {
+                        IEnumerable<string> issuers = new[] { _configuration.Issuer };
+                        validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers));
+                    }
+
+                    validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
+                }
+
+                SecurityToken validatedToken;
+                foreach (var validator in Options.SecurityTokenValidators)
+                {
+                    if (validator.CanReadToken(token))
+                    {
+                        ClaimsPrincipal principal = validator.ValidateToken(token, validationParameters, out validatedToken);
+                        AuthenticationTicket ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationType);
+                        var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                        {
+                            ProtocolMessage = Context,
+                            AuthenticationTicket = ticket
+                        };
+
+                        if (securityTokenReceivedNotification.HandledResponse)
+                        {
+                            return securityTokenValidatedNotification.AuthenticationTicket;
+                        }
+
+                        if (securityTokenReceivedNotification.Skipped)
+                        {
+                            return null;
+                        }
+
+                        return ticket;
+                    }
+                }
+
+                throw new InvalidOperationException("No SecurityTokenValidator available for token: " + token ?? "null");
+            }
+            catch (Exception ex)
+            {
+                // We can't await inside a catch block, capture and handle outside.
+                authFailedEx = ExceptionDispatchInfo.Capture(ex);
+            }
+
+            if (authFailedEx != null)
+            {
+                _logger.WriteError("Exception occurred while processing message", authFailedEx.SourceException);
+
+                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                if (Options.RefreshOnIssuerKeyNotFound && authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                {
+                    Options.ConfigurationManager.RequestRefresh();
+                }
+
+                var authenticationFailedNotification =
+                    new AuthenticationFailedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                    {
+                        ProtocolMessage = Context,
+                        Exception = authFailedEx.SourceException
+                    };
+
+                await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
+                if (authenticationFailedNotification.HandledResponse)
+                {
+                    return authenticationFailedNotification.AuthenticationTicket;
+                }
+
+                if (authenticationFailedNotification.Skipped)
+                {
+                    return null;
+                }
+
+                authFailedEx.Throw();
+            }
+
+            return null;
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            ApplyResponseChallengeAsync().GetAwaiter().GetResult();
+        }
+
+        protected override async Task ApplyResponseChallengeAsync()
+        {
+            await Options.Notifications.ApplyChallenge(new AuthenticationChallengeNotification<OAuthBearerAuthenticationOptions>(Context, Options));
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            // N/A
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..0403896ae2
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -0,0 +1,116 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Tokens;
+using System.Net.Http;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Security.OAuthBearer
+{
+    /// <summary>
+    /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
+    /// created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication
+    /// extension method.
+    /// </summary>
+    public class OAuthBearerAuthenticationMiddleware : AuthenticationMiddleware<OAuthBearerAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+
+        /// <summary>
+        /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
+        /// called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication 
+        /// extension method.
+        /// </summary>
+        public OAuthBearerAuthenticationMiddleware(
+            RequestDelegate next,
+            IServiceProvider services,
+            ILoggerFactory loggerFactory,
+            IOptions<OAuthBearerAuthenticationOptions> options,
+            ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
+            : base(next, services, options, configureOptions)
+        {
+            _logger = loggerFactory.Create<OAuthBearerAuthenticationMiddleware>();
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new OAuthBearerAuthenticationNotifications();
+            }
+
+            if (Options.SecurityTokenValidators == null)
+            {
+                Options.SecurityTokenValidators = new List<ISecurityTokenValidator> { new JwtSecurityTokenHandler() };
+            }
+
+            if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrWhiteSpace(Options.Audience))
+            {
+                Options.TokenValidationParameters.ValidAudience = Options.Audience;
+            }
+
+            if (Options.ConfigurationManager == null)
+            {
+                if (Options.Configuration != null)
+                {
+                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
+                }
+                else if (!(string.IsNullOrWhiteSpace(Options.MetadataAddress) && string.IsNullOrWhiteSpace(Options.Authority)))
+                {
+                    if (string.IsNullOrWhiteSpace(Options.MetadataAddress) && !string.IsNullOrWhiteSpace(Options.Authority))
+                    {
+                        Options.MetadataAddress = Options.Authority;
+                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+                        {
+                            Options.MetadataAddress += "/";
+                        }
+
+                        Options.MetadataAddress += ".well-known/openid-configuration";
+                    }
+
+                    HttpClient httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+                    httpClient.Timeout = Options.BackchannelTimeout;
+                    httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, httpClient);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
+        /// </summary>
+        /// <returns>A new instance of the request handler</returns>
+        protected override AuthenticationHandler<OAuthBearerAuthenticationOptions> CreateHandler()
+        {
+            return new OAuthBearerAuthenticationHandler(_logger);
+        }
+
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        private static HttpMessageHandler ResolveHttpMessageHandler(OAuthBearerAuthenticationOptions options)
+        {
+            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+#if ASPNET50
+            new WebRequestHandler();
+            // If they provided a validator, apply it or fail.
+            if (options.BackchannelCertificateValidator != null)
+            {
+                // Set the cert validate callback
+                var webRequestHandler = handler as WebRequestHandler;
+                if (webRequestHandler == null)
+                {
+                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                }
+                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
+            }
+#else
+            new WinHttpHandler();
+#endif
+            return handler;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationOptions.cs
new file mode 100644
index 0000000000..08acf5bf45
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -0,0 +1,159 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens;
+using System.Net.Http;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Security.OAuthBearer
+{
+    /// <summary>
+    /// Options class provides information needed to control Bearer Authentication middleware behavior
+    /// </summary>
+    public class OAuthBearerAuthenticationOptions : AuthenticationOptions
+    {
+        private ICollection<ISecurityTokenValidator> _securityTokenValidators;
+        private TokenValidationParameters _tokenValidationParameters;
+
+        /// <summary>
+        /// Creates an instance of bearer authentication options with default values.
+        /// </summary>
+        public OAuthBearerAuthenticationOptions() : base()
+        {
+            AuthenticationType = OAuthBearerAuthenticationDefaults.AuthenticationType;
+            BackchannelTimeout = TimeSpan.FromMinutes(1);
+            Challenge = OAuthBearerAuthenticationDefaults.AuthenticationType;
+            Notifications = new OAuthBearerAuthenticationNotifications();
+            RefreshOnIssuerKeyNotFound = true;
+            SystemClock = new SystemClock();
+            TokenValidationParameters = new TokenValidationParameters();
+        }
+
+        /// <summary>
+        /// Gets or sets the discovery endpoint for obtaining metadata
+        /// </summary>
+        public string MetadataAddress { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Authority to use when making OpenIdConnect calls.
+        /// </summary>
+        public string Authority { get; set; }
+
+        /// <summary>
+        /// Gets or sets the audience for any received JWT token.
+        /// </summary>
+        /// <value>
+        /// The expected audience for any received JWT token.
+        /// </value>
+        public string Audience { get; set; }
+
+        /// <summary>
+        /// Gets or sets the challenge to put in the "WWW-Authenticate" header.
+        /// </summary>
+        /// TODO - brentschmaltz, should not be null.
+        public string Challenge { get; set; }
+
+        /// <summary>
+        /// The object provided by the application to process events raised by the bearer authentication middleware.
+        /// The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider
+        /// and assign delegates only to the events it wants to process.
+        /// </summary>
+        public OAuthBearerAuthenticationNotifications Notifications { get; set; }
+
+        /// <summary>
+        /// The HttpMessageHandler used to retrieve metadata.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value
+        /// is a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// Gets or sets the timeout when using the backchannel to make an http call.
+        /// </summary>
+        public TimeSpan BackchannelTimeout { get; set; }
+
+#if ASPNET50
+        /// <summary>
+        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
+        /// when retrieving metadata.
+        /// </summary>
+        /// <value>
+        /// The pinned certificate validator.
+        /// </value>
+        /// <remarks>If this property is null then the default certificate checks are performed,
+        /// validating the subject name and if the signing chain is a trusted party.</remarks>
+        public ICertificateValidator BackchannelCertificateValidator { get; set; }
+#endif
+        /// <summary>
+        /// Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties
+        /// will not be used. This information should not be updated during request processing.
+        /// </summary>
+        public OpenIdConnectConfiguration Configuration { get; set; }
+
+        /// <summary>
+        /// Responsible for retrieving, caching, and refreshing the configuration from metadata.
+        /// If not provided, then one will be created using the MetadataAddress and Backchannel properties.
+        /// </summary>
+        public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }
+
+        /// <summary>
+        /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
+        /// recovery in the event of a signature key rollover. This is enabled by default.
+        /// </summary>
+        public bool RefreshOnIssuerKeyNotFound { get; set; }
+
+        /// <summary>
+        /// Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on
+        /// DateTimeOffset.UtcNow. This is typically needed only for unit testing.
+        /// </summary>
+        public ISystemClock SystemClock { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="SecurityTokenValidators"/> for validating tokens.
+        /// </summary>
+        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
+        public ICollection<ISecurityTokenValidator> SecurityTokenValidators
+        {
+            get
+            {
+                return _securityTokenValidators;
+            }
+
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("SecurityTokenValidators");
+                }
+
+                _securityTokenValidators = value;
+            }
+        }
+
+        /// <summary>
+        /// Gets or sets the TokenValidationParameters
+        /// </summary>
+        /// <remarks>Contains the types and definitions required for validating a token.</remarks>
+        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
+        public TokenValidationParameters TokenValidationParameters
+        {
+            get
+            {
+                return _tokenValidationParameters;
+            }
+
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("TokenValidationParameters");
+                }
+
+                _tokenValidationParameters = value;
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Resources.Designer.cs b/src/Microsoft.AspNet.Security.OAuthBearer/Resources.Designer.cs
new file mode 100644
index 0000000000..37abb160e5
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/Resources.Designer.cs
@@ -0,0 +1,83 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.33440
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.OAuthBearer {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+
+        /// <summary>
+        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get
+            {
+                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
+            }
+        }
+
+        /// <summary>
+        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch {
+            get {
+                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Resources.resx b/src/Microsoft.AspNet.Security.OAuthBearer/Resources.resx
new file mode 100644
index 0000000000..2a19bea96a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/Resources.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/project.json b/src/Microsoft.AspNet.Security.OAuthBearer/project.json
new file mode 100644
index 0000000000..affb7e5b11
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/project.json
@@ -0,0 +1,22 @@
+{
+    "version": "1.0.0-*",
+    "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
+    "dependencies": {
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*",
+        "System.IdentityModel.Tokens": "5.0.0-beta1-*"
+    },
+    "frameworks": {
+        "aspnet50": {
+            "frameworkAssemblies": {
+                "System.Net.Http.WebRequest": "",
+                "System.Net.Http": ""
+            }
+        },
+        "aspnetcore50": {
+            "dependencies": {
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj b/src/Microsoft.AspNet.Security.OpenIDConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
new file mode 100644
index 0000000000..ed1a12239f
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>674d128e-83bb-481a-a9d9-6d47872e1fc8</ProjectGuid>
+    <RootNamespace>Microsoft.AspNet.Security.OpenIdConnect</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
+    <ProduceOutputsOnBuild>True</ProduceOutputsOnBuild>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <ProduceOutputsOnBuild>True</ProduceOutputsOnBuild>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <ProjectExtensions>
+    <VisualStudio>
+      <UserProperties Project_1json__JSONSchema="http://www.asp.net/media/4878834/project.json" />
+    </VisualStudio>
+  </ProjectExtensions>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/NonceCache.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/NonceCache.cs
new file mode 100644
index 0000000000..11c09b3457
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/NonceCache.cs
@@ -0,0 +1,11 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security.OpenIdConnect
+{
+    public interface INonceCache
+    {
+        string AddNonce(string nonce);
+        bool TryRemoveNonce(string nonce);
+        bool HasNonce(string nonce);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/Notifications/AuthorizationCodeReceivedNotification.cs
new file mode 100644
index 0000000000..cbcdc06183
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/Notifications/AuthorizationCodeReceivedNotification.cs
@@ -0,0 +1,45 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.IdentityModel.Protocols;
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Tokens;
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    /// <summary>
+    /// This Notification can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
+    /// </summary>
+    public class AuthorizationCodeReceivedNotification : BaseNotification<OpenIdConnectAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a <see cref="AuthorizationCodeReceivedNotification"/>
+        /// </summary>
+        public AuthorizationCodeReceivedNotification(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
+        { 
+        }
+
+        /// <summary>
+        /// Gets or sets the 'code'.
+        /// </summary>
+        public string Code { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="JwtSecurityToken"/> that was received in the id_token + code OpenIdConnectRequest.
+        /// </summary>
+        public JwtSecurityToken JwtSecurityToken { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
+        /// </summary>
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// Gets or sets the 'redirect_uri'.
+        /// </summary>
+        /// <remarks>This is the redirect_uri that was sent in the id_token + code OpenIdConnectRequest.</remarks>
+        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "user controlled, not necessarily a URI")]
+        public string RedirectUri { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationDefaults.cs
new file mode 100644
index 0000000000..d6271488a9
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationDefaults.cs
@@ -0,0 +1,41 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+
+namespace Microsoft.AspNet.Security.OpenIdConnect
+{
+    /// <summary>
+    /// Default values related to OpenIdConnect authentication middleware
+    /// </summary>
+    public static class OpenIdConnectAuthenticationDefaults
+    {
+        /// <summary>
+        /// The default value used for OpenIdConnectAuthenticationOptions.AuthenticationType
+        /// </summary>
+        public const string AuthenticationType = "OpenIdConnect";
+
+        /// <summary>
+        /// The prefix used to provide a default OpenIdConnectAuthenticationOptions.CookieName
+        /// </summary>
+        public const string CookiePrefix = ".AspNet.OpenIdConnect.";
+
+        /// <summary>
+        /// The default value for OpenIdConnectAuthenticationOptions.Caption.
+        /// </summary>
+        public const string Caption = "OpenIdConnect";
+
+        /// <summary>
+        /// The prefix used to for the a nonce in the cookie
+        /// </summary>
+        internal const string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
+
+        /// <summary>
+        /// The property for the RedirectUri that was used when asking for a 'authorizationCode'
+        /// </summary>
+        public const string RedirectUriUsedForCodeKey = "OpenIdConnect.Code.RedirectUri";
+
+        /// <summary>
+        /// Constant used to identify state in openIdConnect protocal message
+        /// </summary>
+        internal const string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationExtensions.cs
new file mode 100644
index 0000000000..81a74b65ca
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationExtensions.cs
@@ -0,0 +1,29 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.Framework.OptionsModel;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods for using <see cref="OpenIdConnectAuthenticationMiddleware"/>
+    /// </summary>
+    public static class OpenIdConnectAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
+        /// </summary>
+        /// <param name="app">The application builder</param>
+        /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
+        /// <returns>The application builder</returns>
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectAuthenticationOptions> configureOptions = null, string optionsName = "")
+        {
+            return app.UseMiddleware<OpenIdConnectAuthenticationMiddleware>(
+                 new ConfigureOptions<OpenIdConnectAuthenticationOptions>(configureOptions ?? (o => { }))
+                 {
+                     Name = optionsName
+                 });
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationMiddleware.cs
new file mode 100644
index 0000000000..bfe82b51f0
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -0,0 +1,173 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.ObjectModel;
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Tokens;
+using System.Net.Http;
+using System.Text;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Security.OpenIdConnect
+{
+    /// <summary>
+    /// ASP.NET middleware for obtaining identities using OpenIdConnect protocol.
+    /// </summary>
+    public class OpenIdConnectAuthenticationMiddleware : AuthenticationMiddleware<OpenIdConnectAuthenticationOptions>
+    {
+        private readonly ILogger _logger;
+
+        /// <summary>
+        /// Initializes a <see cref="OpenIdConnectAuthenticationMiddleware"/>
+        /// </summary>
+        /// <param name="next">The next middleware in the ASP.NET pipeline to invoke</param>
+        /// <param name="app">The ASP.NET application</param>
+        /// <param name="options">Configuration options for the middleware</param>
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        public OpenIdConnectAuthenticationMiddleware(
+            RequestDelegate next,
+            IServiceProvider services,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<OpenIdConnectAuthenticationOptions> options,
+            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions)
+            : base(next, services, options, configureOptions)
+        {
+            _logger = loggerFactory.Create<OpenIdConnectAuthenticationMiddleware>();
+
+            if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType))
+            {
+                Options.TokenValidationParameters.AuthenticationType = externalOptions.Options.SignInAsAuthenticationType;
+            }
+
+            if (Options.StateDataFormat == null)
+            {
+                var dataProtector = dataProtectionProvider.CreateDataProtector(
+                    typeof(OpenIdConnectAuthenticationMiddleware).FullName, 
+					typeof(string).FullName,
+                    Options.AuthenticationType,
+					"v1");
+
+                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+
+            if (Options.StringDataFormat == null)
+            {
+                var dataProtector = dataProtectionProvider.CreateDataProtector(
+                    typeof(OpenIdConnectAuthenticationMiddleware).FullName,
+                    typeof(string).FullName,
+                    Options.AuthenticationType,
+                    "v1");
+
+                Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector, TextEncodings.Base64Url);
+            }
+
+            if (Options.SecurityTokenValidators == null)
+            {
+                Options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { new JwtSecurityTokenHandler() };
+            }
+            
+            // if the user has not set the AuthorizeCallback, set it from the redirect_uri
+            if (!Options.CallbackPath.HasValue)
+            {
+                Uri redirectUri;
+                if (!string.IsNullOrEmpty(Options.RedirectUri) && Uri.TryCreate(Options.RedirectUri, UriKind.Absolute, out redirectUri))
+                {
+                    // Redirect_Uri must be a very specific, case sensitive value, so we can't generate it. Instead we generate AuthorizeCallback from it.
+                    Options.CallbackPath = PathString.FromUriComponent(redirectUri);
+                }
+            }
+
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new OpenIdConnectAuthenticationNotifications();
+            }
+
+            if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrWhiteSpace(Options.ClientId))
+            {
+                Options.TokenValidationParameters.ValidAudience = Options.ClientId;
+            }
+
+            if (Options.ConfigurationManager == null)
+            {
+                if (Options.Configuration != null)
+                {
+                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
+                }
+                else if (!(string.IsNullOrWhiteSpace(Options.MetadataAddress) && string.IsNullOrWhiteSpace(Options.Authority)))
+                {
+                    if (string.IsNullOrWhiteSpace(Options.MetadataAddress) && !string.IsNullOrWhiteSpace(Options.Authority))
+                    {
+                        Options.MetadataAddress = Options.Authority;
+                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+                        {
+                            Options.MetadataAddress += "/";
+                        }
+
+                        Options.MetadataAddress += ".well-known/openid-configuration";
+                    }
+
+                    HttpClient httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+                    httpClient.Timeout = Options.BackchannelTimeout;
+                    httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, httpClient);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// </summary>
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OpenIdConnectAuthenticationOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
+        {
+            return new OpenIdConnectAuthenticationHandler(_logger);
+        }
+
+        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
+        private static HttpMessageHandler ResolveHttpMessageHandler(OpenIdConnectAuthenticationOptions options)
+        {
+            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+#if ASPNET50
+                new WebRequestHandler();
+            // If they provided a validator, apply it or fail.
+            if (options.BackchannelCertificateValidator != null)
+            {
+                // Set the cert validate callback
+                var webRequestHandler = handler as WebRequestHandler;
+                if (webRequestHandler == null)
+                {
+                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                }
+                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
+            }
+#else
+                new WinHttpHandler();
+#endif
+            return handler;
+        }
+
+        private class StringSerializer : IDataSerializer<string>
+        {
+            public string Deserialize(byte[] data)
+            {
+                return Encoding.UTF8.GetString(data);
+            }
+
+            public byte[] Serialize(string model)
+            {
+                return Encoding.UTF8.GetBytes(model);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationNotifications.cs
new file mode 100644
index 0000000000..36ee2fd25a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationNotifications.cs
@@ -0,0 +1,59 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Security.Notifications;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Security.OpenIdConnect
+{
+    /// <summary>
+    /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
+    /// </summary>
+    public class OpenIdConnectAuthenticationNotifications
+    {
+        /// <summary>
+        /// Creates a new set of notifications. Each notification has a default no-op behavior unless otherwise documented.
+        /// </summary>
+        public OpenIdConnectAuthenticationNotifications()
+        {
+            AuthenticationFailed = notification => Task.FromResult(0);
+            AuthorizationCodeReceived = notification => Task.FromResult(0);
+            MessageReceived = notification => Task.FromResult(0);
+            SecurityTokenReceived = notification => Task.FromResult(0);
+            SecurityTokenValidated = notification => Task.FromResult(0);
+            RedirectToIdentityProvider = notification => Task.FromResult(0);
+        }
+
+        /// <summary>
+        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// </summary>
+        public Func<AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
+
+        /// <summary>
+        /// Invoked after security token validation if an authorization code is present in the protocol message.
+        /// </summary>
+        public Func<AuthorizationCodeReceivedNotification, Task> AuthorizationCodeReceived { get; set; }
+
+        /// <summary>
+        /// Invoked when a protocol message is first received.
+        /// </summary>
+        public Func<MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> MessageReceived { get; set; }
+
+        /// <summary>
+        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// </summary>
+        public Func<RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> RedirectToIdentityProvider { get; set; }
+
+        /// <summary>
+        /// Invoked with the security token that has been extracted from the protocol message.
+        /// </summary>
+        public Func<SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
+
+        /// <summary>
+        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        public Func<SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
+
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationOptions.cs
new file mode 100644
index 0000000000..5022cbf3c4
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationOptions.cs
@@ -0,0 +1,337 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Tokens;
+using System.Net.Http;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Security.OpenIdConnect
+{
+    /// <summary>
+    /// Configuration options for <see cref="OpenIdConnectAuthenticationOptions"/>
+    /// </summary>
+    public class OpenIdConnectAuthenticationOptions : AuthenticationOptions
+    {
+        private TimeSpan _backchannelTimeout;
+        private OpenIdConnectProtocolValidator _protocolValidator;
+        private ICollection<ISecurityTokenValidator> _securityTokenValidators;
+        private ISecureDataFormat<AuthenticationProperties> _stateDataFormat;
+        private ISecureDataFormat<string> _stringDataFormat;
+        private TokenValidationParameters _tokenValidationParameters;
+
+        /// <summary>
+        /// Initializes a new <see cref="OpenIdConnectAuthenticationOptions"/>
+        /// </summary>
+        public OpenIdConnectAuthenticationOptions()
+            : this(OpenIdConnectAuthenticationDefaults.AuthenticationType)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new <see cref="OpenIdConnectAuthenticationOptions"/>
+        /// </summary>
+        /// <remarks>
+        /// Defaults:
+        /// <para>AddNonceToRequest: true.</para>
+        /// <para>AuthenticationMode: <see cref="AuthenticationMode.Active"/>.</para>
+        /// <para>BackchannelTimeout: 1 minute.</para>
+        /// <para>Caption: <see cref="OpenIdConnectAuthenticationDefaults.Caption"/>.</para>
+        /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para>
+        /// <para>RefreshOnIssuerKeyNotFound: true</para>
+        /// <para>ResponseType: <see cref="OpenIdConnectResponseTypes.CodeIdToken"/></para>
+        /// <para>Scope: <see cref="OpenIdConnectScopes.OpenIdProfile"/>.</para>
+        /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationType = authenticationType.</para>
+        /// <para>UseTokenLifetime: true.</para>
+        /// </remarks>
+        /// <param name="authenticationType"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationType property.</param>
+        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions.set_Caption(System.String)", Justification = "Not a LOC field")]
+        public OpenIdConnectAuthenticationOptions(string authenticationType)
+        {
+            AuthenticationMode = AuthenticationMode.Active;
+            AuthenticationType = authenticationType;
+            BackchannelTimeout = TimeSpan.FromMinutes(1);
+            Caption = OpenIdConnectAuthenticationDefaults.Caption;
+            ProtocolValidator = new OpenIdConnectProtocolValidator();
+            RefreshOnIssuerKeyNotFound = true;
+            ResponseType = OpenIdConnectResponseTypes.CodeIdToken;
+            Scope = OpenIdConnectScopes.OpenIdProfile;
+            TokenValidationParameters = new TokenValidationParameters();
+            UseTokenLifetime = true;
+        }
+
+        /// <summary>
+        /// Gets or sets the Authority to use when making OpenIdConnect calls.
+        /// </summary>
+        public string Authority { get; set; }
+
+        /// <summary>
+        /// An optional constrained path on which to process the authentication callback.
+        /// If not provided and RedirectUri is available, this value will be generated from RedirectUri.
+        /// </summary>
+        /// <remarks>If you set this value, then the <see cref="OpenIdConnectAuthenticationHandler"/> will only listen for posts at this address. 
+        /// If the IdentityProvider does not post to this address, you may end up in a 401 -> IdentityProvider -> Client -> 401 -> ...</remarks>
+        public PathString CallbackPath { get; set; }
+
+#if ASPNET50
+        /// <summary>
+        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
+        /// when retrieving metadata.
+        /// </summary>
+        /// <value>
+        /// The pinned certificate validator.
+        /// </value>
+        /// <remarks>If this property is null then the default certificate checks are performed,
+        /// validating the subject name and if the signing chain is a trusted party.</remarks>
+        public ICertificateValidator BackchannelCertificateValidator { get; set; }
+#endif
+        /// <summary>
+        /// The HttpMessageHandler used to retrieve metadata.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value
+        /// is a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// Gets or sets the timeout when using the backchannel to make an http call.
+        /// </summary>
+        [SuppressMessage("Microsoft.Usage", "CA2208:InstantiateArgumentExceptionsCorrectly", Justification = "By design we use the property name in the exception")]
+        public TimeSpan BackchannelTimeout
+        {
+            get
+            {
+                return _backchannelTimeout;
+            }
+
+            set
+            {
+                if (value <= TimeSpan.Zero)
+                {
+                    throw new ArgumentOutOfRangeException("BackchannelTimeout", value, Resources.ArgsException_BackchallelLessThanZero);
+                }
+
+                _backchannelTimeout = value;
+            }
+        }
+
+        /// <summary>
+        /// Get or sets the text that the user can display on a sign in user interface.
+        /// </summary>
+        public string Caption
+        {
+            get { return Description.Caption; }
+            set { Description.Caption = value; }
+        }
+
+        /// <summary>
+        /// Gets or sets the 'client_id'.
+        /// </summary>
+        public string ClientId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the 'client_secret'.
+        /// </summary>
+        public string ClientSecret { get; set; }
+
+        /// <summary>
+        /// Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties
+        /// will not be used. This information should not be updated during request processing.
+        /// </summary>
+        public OpenIdConnectConfiguration Configuration { get; set; }
+
+        /// <summary>
+        /// The OpenIdConnect protocol http://openid.net/specs/openid-connect-core-1_0.html
+        /// recommends adding a nonce to a request as a mitigation against replay attacks when requesting id_tokens.
+        /// By default the runtime uses cookies with unique names generated from a hash of the nonce.
+        /// </summary>
+        public INonceCache NoneCache { get; set; }
+
+        /// <summary>
+        /// Gets or sets the discovery endpoint for obtaining metadata
+        /// </summary>
+        public string MetadataAddress { get; set; }
+
+        /// <summary>
+        /// Gets or sets the expected audience for any received JWT token.
+        /// </summary>
+        /// <value>
+        /// The expected audience for any received JWT token.
+        /// </value>
+        public string Audience { get; set; }
+
+        /// <summary>
+        /// Responsible for retrieving, caching, and refreshing the configuration from metadata.
+        /// If not provided, then one will be created using the MetadataAddress and Backchannel properties.
+        /// </summary>
+        public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }
+
+        /// <summary>
+        /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
+        /// recovery in the event of a signature key rollover. This is enabled by default.
+        /// </summary>
+        public bool RefreshOnIssuerKeyNotFound { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectAuthenticationNotifications"/> to notify when processing OpenIdConnect messages.
+        /// </summary>
+        public OpenIdConnectAuthenticationNotifications Notifications { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used ensure the 'id_token' received
+        /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 
+        /// </summary>
+        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
+        public OpenIdConnectProtocolValidator ProtocolValidator
+        {
+            get
+            {
+                return _protocolValidator;
+            }
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("value");
+                }
+
+                _protocolValidator = value;
+            }
+        }
+
+        /// <summary>
+        /// Gets or sets the 'post_logout_redirect_uri'
+        /// </summary>
+        /// <remarks>This is sent to the OP as the redirect for the user-agent.</remarks>
+        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By design")]
+        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "This is the term used in the spec.")]
+        public string PostLogoutRedirectUri { get; set; }
+
+        /// <summary>
+        /// Gets or sets the 'redirect_uri'.
+        /// </summary>
+        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By Design")]
+        public string RedirectUri { get; set; }
+
+        /// <summary>
+        /// Gets or sets the 'resource'.
+        /// </summary>
+        public string Resource { get; set; }
+
+        /// <summary>
+        /// Gets or sets the 'response_type'.
+        /// </summary>
+        public string ResponseType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the 'scope'.
+        /// </summary>
+        public string Scope { get; set; }
+
+        /// <summary>
+        /// Gets or sets the AuthenticationType used when creating the <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// </summary>
+        public string SignInAsAuthenticationType
+        {
+            get { return TokenValidationParameters.AuthenticationType; }
+            set { TokenValidationParameters.AuthenticationType = value; }
+        }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data handled by the middleware.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat
+        {
+            get
+            {
+                return _stateDataFormat;
+            }
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("value");
+                }
+
+                _stateDataFormat = value;
+            }
+        }
+
+        /// <summary>
+        /// Gets or sets the type used to secure strings used by the middleware.
+         // </summary>
+        public ISecureDataFormat<string> StringDataFormat
+        {
+            get
+            {
+                return _stringDataFormat;
+            }
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("value");
+                }
+
+                _stringDataFormat = value;
+            }
+        }
+
+        /// <summary>
+        /// Gets or sets the <see cref="SecurityTokenValidators"/> for validating tokens.
+        /// </summary>
+        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
+        public ICollection<ISecurityTokenValidator> SecurityTokenValidators
+        {
+            get
+            {
+                return _securityTokenValidators;
+            }
+
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("SecurityTokenValidators");
+                }
+
+                _securityTokenValidators = value;
+            }
+        }
+
+        /// <summary>
+        /// Gets or sets the TokenValidationParameters
+        /// </summary>
+        /// <remarks>Contains the types and definitions required for validating a token.</remarks>
+        public TokenValidationParameters TokenValidationParameters
+        {
+            get
+            {
+                return _tokenValidationParameters;
+            }
+
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("value");
+                }
+
+                _tokenValidationParameters = value;
+            }
+        }
+
+        /// <summary>
+        /// Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token.
+        /// If the token does not provide lifetime information then normal session lifetimes will be used.
+        /// This is enabled by default.
+        /// </summary>
+        public bool UseTokenLifetime
+        {
+            get;
+            set;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenidConnectAuthenticationHandler.cs
new file mode 100644
index 0000000000..5305039106
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/OpenidConnectAuthenticationHandler.cs
@@ -0,0 +1,577 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using System.IdentityModel.Tokens;
+using System.IO;
+using System.Linq;
+using System.Runtime.ExceptionServices;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Security.Notifications;
+using Microsoft.Framework.Logging;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Security.OpenIdConnect
+{
+    /// <summary>
+    /// A per-request authentication handler for the OpenIdConnectAuthenticationMiddleware.
+    /// </summary>
+    public class OpenIdConnectAuthenticationHandler : AuthenticationHandler<OpenIdConnectAuthenticationOptions>
+    {
+        private const string NonceProperty = "N";
+        private const string UriSchemeDelimiter = "://";
+        private readonly ILogger _logger;
+        private OpenIdConnectConfiguration _configuration;
+
+        /// <summary>
+        /// Creates a new OpenIdConnectAuthenticationHandler
+        /// </summary>
+        /// <param name="logger"></param>
+        public OpenIdConnectAuthenticationHandler(ILogger logger)
+        {
+            _logger = logger;
+        }
+
+        private string CurrentUri
+        {
+            get
+            {
+                return Request.Scheme +
+                       UriSchemeDelimiter +
+                       Request.Host +
+                       Request.PathBase +
+                       Request.Path +
+                       Request.QueryString;
+            }
+        }
+
+        protected override void ApplyResponseGrant()
+        {
+            ApplyResponseGrantAsync().GetAwaiter().GetResult();
+        }
+
+        /// <summary>
+        /// Handles Signout
+        /// </summary>
+        /// <returns></returns>
+        protected override async Task ApplyResponseGrantAsync()
+        {
+            var signout = SignOutContext;
+            if (signout != null)
+            {
+                if (_configuration == null && Options.ConfigurationManager != null)
+                {
+                    _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+                }
+
+                OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage()
+                {
+                    IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
+                    RequestType = OpenIdConnectRequestType.LogoutRequest,
+                };
+
+                // Set End_Session_Endpoint in order:
+                // 1. properties.Redirect
+                // 2. Options.Wreply
+                AuthenticationProperties properties = new AuthenticationProperties(); // TODO signout.Properties;
+                if (properties != null && !string.IsNullOrEmpty(properties.RedirectUri))
+                {
+                    openIdConnectMessage.PostLogoutRedirectUri = properties.RedirectUri;
+                }
+                else if (!string.IsNullOrWhiteSpace(Options.PostLogoutRedirectUri))
+                {
+                    openIdConnectMessage.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
+                }
+
+                var notification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = openIdConnectMessage
+                };
+                await Options.Notifications.RedirectToIdentityProvider(notification);
+
+                if (!notification.HandledResponse)
+                {
+                    string redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
+                    if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                    {
+                        _logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
+                    }
+                    Response.Redirect(redirectUri);
+                }
+            }
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+            ApplyResponseChallengeAsync().GetAwaiter().GetResult();
+        }
+
+        /// <summary>
+        /// Responds to a 401 Challenge sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
+        /// </summary>
+        /// <returns></returns>
+        protected override async Task ApplyResponseChallengeAsync()
+        {
+            if ((Response.StatusCode != 401) || (ChallengeContext == null))
+            {
+                return;
+            }
+
+            // order for redirect_uri
+            // 1. challenge.Properties.RedirectUri  
+            // 2. CurrentUri
+            AuthenticationProperties properties = new AuthenticationProperties(ChallengeContext.Properties);
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = CurrentUri;
+            }
+
+            // this value will be passed to the AuthorizationCodeReceivedNotification
+            if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
+            {
+                properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri);
+            }
+
+            if (_configuration == null && Options.ConfigurationManager != null)
+            {
+                _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+            }
+
+            OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage
+            {
+                ClientId = Options.ClientId,
+                IssuerAddress = _configuration == null ? string.Empty : (_configuration.AuthorizationEndpoint ?? string.Empty),
+                RedirectUri = Options.RedirectUri,
+                RequestType = OpenIdConnectRequestType.AuthenticationRequest,
+                Resource = Options.Resource,
+                ResponseMode = OpenIdConnectResponseModes.FormPost,
+                ResponseType = Options.ResponseType,
+                Scope = Options.Scope,
+                State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
+            };
+
+            // TODO - brentschmaltz, if INonceCache is set should we even consider if ProtocolValidator is set?
+            if (Options.ProtocolValidator.RequireNonce)
+            {
+                openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
+                if (Options.NoneCache != null)
+                {
+                    Options.NoneCache.AddNonce(openIdConnectMessage.Nonce);
+                }
+                else
+                {
+                    RememberNonce(openIdConnectMessage.Nonce);
+                }
+            }
+
+            var notification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            {
+                ProtocolMessage = openIdConnectMessage
+            };
+
+            await Options.Notifications.RedirectToIdentityProvider(notification);
+            if (!notification.HandledResponse)
+            {
+                string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
+                if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                {
+                    _logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri);
+                }
+
+                Response.Redirect(redirectUri);
+            }
+        }
+
+        protected override AuthenticationTicket AuthenticateCore()
+        {
+            return AuthenticateCoreAsync().GetAwaiter().GetResult();
+        }
+
+        /// <summary>
+        /// Invoked to process incoming OpenIdConnect messages.
+        /// </summary>
+        /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
+        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        {
+            // Allow login to be constrained to a specific path. Need to make this runtime configurable.
+            if (Options.CallbackPath.HasValue && Options.CallbackPath != (Request.PathBase + Request.Path))
+            {
+                return null;
+            }
+
+            OpenIdConnectMessage openIdConnectMessage = null;
+
+            // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
+            if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
+              && !string.IsNullOrWhiteSpace(Request.ContentType)
+                // May have media/type; charset=utf-8, allow partial match.
+              && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
+              && Request.Body.CanRead)
+            {
+                IFormCollection form = await Request.ReadFormAsync();
+                Request.Body.Seek(0, SeekOrigin.Begin);
+
+                // TODO: a delegate on OpenIdConnectAuthenticationOptions would allow for users to hook their own custom message.
+                openIdConnectMessage = new OpenIdConnectMessage(form);
+            }
+
+            if (openIdConnectMessage == null)
+            {
+                return null;
+            }
+
+            ExceptionDispatchInfo authFailedEx = null;
+            try
+            {
+                var messageReceivedNotification = new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = openIdConnectMessage
+                };
+
+                await Options.Notifications.MessageReceived(messageReceivedNotification);
+                if (messageReceivedNotification.HandledResponse)
+                {
+                    return messageReceivedNotification.AuthenticationTicket;
+                }
+
+                if (messageReceivedNotification.Skipped)
+                {
+                    return null;
+                }
+
+                // runtime always adds state, if we don't find it OR we failed to 'unprotect' it this is not a message we
+                // should process.
+                AuthenticationProperties properties = GetPropertiesFromState(openIdConnectMessage.State);
+                if (properties == null)
+                {
+                    _logger.WriteWarning("The state field is missing or invalid.");
+                    return null;
+                }
+
+                // devs will need to hook AuthenticationFailedNotification to avoid having 'raw' runtime errors displayed to users.
+                if (!string.IsNullOrWhiteSpace(openIdConnectMessage.Error))
+                {
+                    throw new OpenIdConnectProtocolException(
+                        string.Format(CultureInfo.InvariantCulture,
+                                      openIdConnectMessage.Error,
+                                      Resources.Exception_OpenIdConnectMessageError, openIdConnectMessage.ErrorDescription ?? string.Empty, openIdConnectMessage.ErrorUri ?? string.Empty));
+                }
+
+                // code is only accepted with id_token, in this version, hence check for code is inside this if
+                // OpenIdConnect protocol allows a Code to be received without the id_token
+                if (string.IsNullOrWhiteSpace(openIdConnectMessage.IdToken))
+                {
+                    _logger.WriteWarning("The id_token is missing.");
+                    return null;
+                }
+
+                var securityTokenReceivedNotification = new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = openIdConnectMessage
+                };
+
+                await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
+                if (securityTokenReceivedNotification.HandledResponse)
+                {
+                    return securityTokenReceivedNotification.AuthenticationTicket;
+                }
+
+                if (securityTokenReceivedNotification.Skipped)
+                {
+                    return null;
+                }
+
+                if (_configuration == null && Options.ConfigurationManager != null)
+                {
+                    _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+                }
+
+                // Copy and augment to avoid cross request race conditions for updated configurations.
+                TokenValidationParameters validationParameters = Options.TokenValidationParameters.Clone();
+                if (_configuration != null)
+                {
+                    if (string.IsNullOrWhiteSpace(validationParameters.ValidIssuer))
+                    {
+                        validationParameters.ValidIssuer = _configuration.Issuer;
+                    }
+                    else if (!string.IsNullOrWhiteSpace(_configuration.Issuer))
+                    {
+                        validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? new[] { _configuration.Issuer } : validationParameters.ValidIssuers.Concat(new[] { _configuration.Issuer }));
+                    }
+
+                    validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
+                }
+
+                AuthenticationTicket ticket;
+                SecurityToken validatedToken = null;
+                ClaimsPrincipal principal = null;
+                JwtSecurityToken jwt = null;
+
+                foreach (var validator in Options.SecurityTokenValidators)
+                {
+                    if (validator.CanReadToken(openIdConnectMessage.IdToken))
+                    {
+                        principal = validator.ValidateToken(openIdConnectMessage.IdToken, validationParameters, out validatedToken);
+                        jwt = validatedToken as JwtSecurityToken;
+                        if (jwt == null)
+                        {
+                            throw new InvalidOperationException("Validated Security Token must be a JwtSecurityToken was: " + (validatedToken == null ? "null" : validatedToken.GetType().ToString()));
+                        }
+                    }
+                }
+
+                if (validatedToken == null)
+                {
+                    throw new InvalidOperationException("No SecurityTokenValidator found for token: " + openIdConnectMessage.IdToken);
+                }
+
+                ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationType);
+                if (!string.IsNullOrWhiteSpace(openIdConnectMessage.SessionState))
+                {
+                    ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = openIdConnectMessage.SessionState;
+                }
+
+                if (_configuration != null && !string.IsNullOrWhiteSpace(_configuration.CheckSessionIframe))
+                {
+                    ticket.Properties.Dictionary[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
+                }
+
+                if (Options.UseTokenLifetime)
+                {
+                    // Override any session persistence to match the token lifetime.
+                    DateTime issued = validatedToken.ValidFrom;
+                    if (issued != DateTime.MinValue)
+                    {
+                        ticket.Properties.IssuedUtc = issued;
+                    }
+
+                    DateTime expires = validatedToken.ValidTo;
+                    if (expires != DateTime.MinValue)
+                    {
+                        ticket.Properties.ExpiresUtc = expires;
+                    }
+
+                    ticket.Properties.AllowRefresh = false;
+                }
+
+                var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    AuthenticationTicket = ticket,
+                    ProtocolMessage = openIdConnectMessage
+                };
+
+                await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
+                if (securityTokenValidatedNotification.HandledResponse)
+                {
+                    return securityTokenValidatedNotification.AuthenticationTicket;
+                }
+
+                if (securityTokenValidatedNotification.Skipped)
+                {
+                    return null;
+                }
+
+                var protocolValidationContext = new OpenIdConnectProtocolValidationContext
+                {
+                    AuthorizationCode = openIdConnectMessage.Code,
+                    Nonce = RetrieveNonce(jwt.Payload.Nonce),
+                };
+
+                Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
+                if (openIdConnectMessage.Code != null)
+                {
+                    var authorizationCodeReceivedNotification = new AuthorizationCodeReceivedNotification(Context, Options)
+                    {
+                        AuthenticationTicket = ticket,
+                        Code = openIdConnectMessage.Code,
+                        JwtSecurityToken = jwt,
+                        ProtocolMessage = openIdConnectMessage,
+                        RedirectUri = ticket.Properties.Dictionary.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey) ?
+                                      ticket.Properties.Dictionary[OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey] : string.Empty,
+                    };
+
+                    await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
+                    if (authorizationCodeReceivedNotification.HandledResponse)
+                    {
+                        return authorizationCodeReceivedNotification.AuthenticationTicket;
+                    }
+
+                    if (authorizationCodeReceivedNotification.Skipped)
+                    {
+                        return null;
+                    }
+                }
+
+                return ticket;
+            }
+            catch (Exception exception)
+            {
+                // We can't await inside a catch block, capture and handle outside.
+                authFailedEx = ExceptionDispatchInfo.Capture(exception);
+            }
+
+            if (authFailedEx != null)
+            {
+                _logger.WriteError("Exception occurred while processing message", authFailedEx.SourceException);
+
+                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                if (Options.RefreshOnIssuerKeyNotFound && authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                {
+                    Options.ConfigurationManager.RequestRefresh();
+                }
+
+                var authenticationFailedNotification = new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = openIdConnectMessage,
+                    Exception = authFailedEx.SourceException
+                };
+
+                await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
+                if (authenticationFailedNotification.HandledResponse)
+                {
+                    return authenticationFailedNotification.AuthenticationTicket;
+                }
+
+                if (authenticationFailedNotification.Skipped)
+                {
+                    return null;
+                }
+
+                authFailedEx.Throw();
+            }
+
+            return null;
+        }
+
+        /// <summary>
+        /// Adds the nonce to <see cref="HttpResponse.Cookies"/>.
+        /// </summary>
+        /// <param name="nonce">the nonce to remember.</param>
+        /// <remarks><see cref="HttpResponse.Cookies.Append"/>is called to add a cookie with the name: 'OpenIdConnectAuthenticationDefaults.Nonce + <see cref="OpenIdConnectAuthenticationOptions.StringDataFormat.Protect"/>(nonce)'.
+        /// The value of the cookie is: "N".</remarks>
+        private void RememberNonce(string nonce)
+        {
+            if (string.IsNullOrWhiteSpace(nonce))
+            {
+                throw new ArgumentNullException("nonce");
+            }
+
+            Response.Cookies.Append(
+                OpenIdConnectAuthenticationDefaults.CookieNoncePrefix + Options.StringDataFormat.Protect(nonce),
+                NonceProperty,
+                new CookieOptions
+                {
+                    HttpOnly = true,
+                    Secure = Request.IsSecure
+                });
+        }
+
+        /// <summary>
+        /// Searches <see cref="HttpRequest.Cookies"/> for a matching nonce.
+        /// </summary>
+        /// <param name="nonceExpectedValue">the nonce that was found in the jwt token.</param>
+        /// <returns>'nonceExpectedValue' if a cookie is found that matches, null otherwise.</returns>
+        /// <remarks>Examins <see cref="HttpRequest.Cookies.Keys"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
+        /// <see cref="OpenIdConnectAuthenticationOptions.StringDataFormat.Unprotect"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="HttpResponse.Cookies.Delete"/> is called.</remarks>
+        private string RetrieveNonce(string nonceExpectedValue)
+        {
+            if (nonceExpectedValue == null)
+            {
+                return null;
+            }
+
+            foreach (var nonceKey in Request.Cookies.Keys)
+            {
+                if (nonceKey.StartsWith(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix))
+                {
+                    try
+                    {
+                        string nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length, nonceKey.Length - OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length));
+                        if (nonceDecodedValue == nonceExpectedValue)
+                        {
+                            var cookieOptions = new CookieOptions
+                            {
+                                HttpOnly = true,
+                                Secure = Request.IsSecure
+                            };
+
+                            Response.Cookies.Delete(nonceKey, cookieOptions);
+                            return nonceExpectedValue;
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        _logger.WriteWarning("Failed to un-protect the nonce cookie.", ex);
+                    }
+                }
+            }
+
+            return null;
+        }
+
+        private AuthenticationProperties GetPropertiesFromState(string state)
+        {
+            // assume a well formed query string: <a=b&>OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey=kasjd;fljasldkjflksdj<&c=d>
+            int startIndex = 0;
+            if (string.IsNullOrWhiteSpace(state) || (startIndex = state.IndexOf(OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey, StringComparison.Ordinal)) == -1)
+            {
+                return null;
+            }
+
+            int authenticationIndex = startIndex + OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey.Length;
+            if (authenticationIndex == -1 || authenticationIndex == state.Length || state[authenticationIndex] != '=')
+            {
+                return null;
+            }
+
+            // scan rest of string looking for '&'
+            authenticationIndex++;
+            int endIndex = state.Substring(authenticationIndex, state.Length - authenticationIndex).IndexOf("&", StringComparison.Ordinal);
+
+            // -1 => no other parameters are after the AuthenticationPropertiesKey
+            if (endIndex == -1)
+            {
+                return Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(state.Substring(authenticationIndex).Replace('+', ' ')));
+            }
+            else
+            {
+                return Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(state.Substring(authenticationIndex, endIndex).Replace('+', ' ')));
+            }
+        }
+
+        /// <summary>
+        /// Calls InvokeReplyPathAsync
+        /// </summary>
+        /// <returns>True if the request was handled, false if the next middleware should be invoked.</returns>
+        public override Task<bool> InvokeAsync()
+        {
+            return InvokeReplyPathAsync();
+        }
+
+        private async Task<bool> InvokeReplyPathAsync()
+        {
+            AuthenticationTicket ticket = await AuthenticateAsync();
+
+            if (ticket != null)
+            {
+                if (ticket.Principal != null)
+                {
+                    Request.HttpContext.Response.SignIn(ticket.Properties, ticket.Principal.Identities);
+                }
+
+                // Redirect back to the original secured resource, if any.
+                if (!string.IsNullOrWhiteSpace(ticket.Properties.RedirectUri))
+                {
+                    Response.Redirect(ticket.Properties.RedirectUri);
+                    return true;
+                }
+            }
+
+            return false;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Project.json b/src/Microsoft.AspNet.Security.OpenIDConnect/Project.json
new file mode 100644
index 0000000000..7a6d95a056
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/Project.json
@@ -0,0 +1,48 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Newtonsoft.Json": "6.0.4",
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0.0-beta1-*",
+        "System.IdentityModel.Tokens": "5.0.0.0-beta1-*"
+    },
+    "frameworks": {
+        "aspnet50": {
+            "frameworkAssemblies": {
+                "System.Net.Http": "",
+                "System.Net.Http.WebRequest": ""
+            }
+        },
+        "aspnetcore50": {
+            "dependencies": {
+                "System.Collections": "4.0.10-beta-*",
+                "System.ComponentModel": "4.0.0-beta-*",
+                "System.Console": "4.0.0-beta-*",
+                "System.Diagnostics.Debug": "4.0.10-beta-*",
+                "System.Diagnostics.Tools": "4.0.0-beta-*",
+                "System.Dynamic.Runtime": "4.0.0-beta-*",
+                "System.Globalization": "4.0.10-beta-*",
+                "System.IO": "4.0.10-beta-*",
+                "System.IO.Compression": "4.0.0-beta-*",
+                "System.Linq": "4.0.0-beta-*",
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
+                "System.ObjectModel": "4.0.10-beta-*",
+                "System.Reflection": "4.0.10-beta-*",
+                "System.Resources.ResourceManager": "4.0.0-beta-*",
+                "System.Runtime": "4.0.20-beta-*",
+                "System.Runtime.Extensions": "4.0.10-beta-*",
+                "System.Runtime.InteropServices": "4.0.20-beta-*",
+                "System.Security.Claims": "4.0.0-beta-*",
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
+                "System.Security.Principal": "4.0.0-beta-*",
+                "System.Threading": "4.0.0-beta-*",
+                "System.Threading.Tasks": "4.0.10-beta-*",
+                "System.Net.Http": "4.0.0-*"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Security.OpenIDConnect/Resources.Designer.cs
new file mode 100644
index 0000000000..f5bfc6044a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIDConnect/Resources.Designer.cs
@@ -0,0 +1,101 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.34014
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace Microsoft.AspNet.Security.OpenIdConnect {
+    using System;
+    using System.Reflection;
+
+
+
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resources {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resources() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.Owin.Security.OpenIdConnect.Resources", IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to BackchannelTimeout cannot be less or equal to TimeSpan.Zero..
+        /// </summary>
+        internal static string ArgsException_BackchallelLessThanZero {
+            get {
+                return ResourceManager.GetString("ArgsException_BackchallelLessThanZero", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to &quot;OpenIdConnectMessage.Error was not null, indicating an error. Error: &apos;{0}&apos;. Error_Description (may be empty): &apos;{1}&apos;. Error_Uri (may be empty): &apos;{2}&apos;.&quot;.
+        /// </summary>
+        internal static string Exception_OpenIdConnectMessageError {
+            get {
+                return ResourceManager.GetString("Exception_OpenIdConnectMessageError", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to OIDC_20001: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: &apos;{0}&apos;..
+        /// </summary>
+        internal static string Exception_RedirectUri_LogoutQueryString_IsNotWellFormed {
+            get {
+                return ResourceManager.GetString("Exception_RedirectUri_LogoutQueryString_IsNotWellFormed", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch {
+            get {
+                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
index b9457aa91f..7b7e50998b 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
@@ -1,14 +1,8 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using System;
-using System.Collections.Generic;
 using System.Security.Claims;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.HttpFeature.Security;
-using Microsoft.AspNet.PipelineCore.Security;
-using Microsoft.AspNet.Security.Infrastructure;
 
 namespace Microsoft.AspNet.Security
 {
@@ -28,11 +22,34 @@ namespace Microsoft.AspNet.Security
             Properties = properties ?? new AuthenticationProperties();
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
+        /// </summary>
+        /// <param name="identity">the <see cref="ClaimsPrincipal"/> that represents the authenticated user.</param>
+        /// <param name="properties">additional properties that can be consumed by the user or runtims.</param>
+        /// <param name="authenticationType">the authentication middleware that was responsible for this ticket.</param>
+        public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties properties, string authenticationType)
+        {
+            AuthenticationType = authenticationType;
+            Principal = principal;
+            Properties = properties ?? new AuthenticationProperties();
+        }
+
+        /// <summary>
+        /// Gets the authenticated user identity.
+        /// </summary>
+        public string AuthenticationType { get; private set; }
+
         /// <summary>
         /// Gets the authenticated user identity.
         /// </summary>
         public ClaimsIdentity Identity { get; private set; }
 
+        /// <summary>
+        /// Gets the authenticated user identity.
+        /// </summary>
+        public ClaimsPrincipal Principal{ get; private set; }
+
         /// <summary>
         /// Additional state values for the authentication session.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
index af077b551d..2e68dc3080 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
@@ -1,8 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using System;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Notifications;
 
@@ -10,15 +8,11 @@ namespace Microsoft.AspNet.Security.Infrastructure
 {
     public class AuthenticationTokenReceiveContext : BaseContext
     {
-        private readonly ISecureDataFormat<AuthenticationTicket> _secureDataFormat;
-
         public AuthenticationTokenReceiveContext(
             [NotNull] HttpContext context,
-            [NotNull] ISecureDataFormat<AuthenticationTicket> secureDataFormat,
             [NotNull] string token)
             : base(context)
         {
-            _secureDataFormat = secureDataFormat;
             Token = token;
         }
 
@@ -26,11 +20,6 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public AuthenticationTicket Ticket { get; protected set; }
 
-        public void DeserializeTicket(string protectedData)
-        {
-            Ticket = _secureDataFormat.Unprotect(protectedData);
-        }
-
         public void SetTicket([NotNull] AuthenticationTicket ticket)
         {
             Ticket = ticket;
diff --git a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
index 9e50ecf4f7..5d232426f6 100644
--- a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
@@ -1,19 +1,19 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
-    public class AuthenticationFailedNotification<TMessage>
+    public class AuthenticationFailedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
-        public AuthenticationFailedNotification()
+        public AuthenticationFailedNotification(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
-        public bool Cancel { get; set; }
         public Exception Exception { get; set; }
+
         public TMessage ProtocolMessage { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs b/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
new file mode 100644
index 0000000000..1ef13e2dc5
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public class BaseNotification<TOptions> : BaseContext<TOptions>
+    {
+        protected BaseNotification(HttpContext context, TOptions options) : base(context, options)
+        {
+        }
+
+        public NotificationResultState State { get; set; }
+
+        public bool HandledResponse
+        {
+            get { return State == NotificationResultState.HandledResponse; }
+        }
+
+        public bool Skipped
+        {
+            get { return State == NotificationResultState.Skipped; }
+        }
+
+        /// <summary>
+        /// Discontinue all processing for this request and return to the client.
+        /// The caller is responsible for generating the full response.
+        /// Set the <see cref="AuthenticationTicket"/> to trigger SignIn.
+        /// </summary>
+        public void HandleResponse()
+        {
+            State = NotificationResultState.HandledResponse;
+        }
+
+        /// <summary>
+        /// Discontinue processing the request in the current middleware and pass control to the next one.
+        /// SignIn will not be called.
+        /// </summary>
+        public void SkipToNextMiddleware()
+        {
+            State = NotificationResultState.Skipped;
+        }
+
+        /// <summary>
+        /// Gets or set the <see cref="AuthenticationTicket"/> to return if this notification signals it handled the notification.
+        /// </summary>
+        public AuthenticationTicket AuthenticationTicket { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
index e270289179..1b1f599881 100644
--- a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
@@ -1,16 +1,16 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
-    public class MessageReceivedNotification<TMessage>
+    public class MessageReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
-        public MessageReceivedNotification()
+        public MessageReceivedNotification(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
-        public bool Cancel { get; set; }
         public TMessage ProtocolMessage { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs b/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
new file mode 100644
index 0000000000..1f48e25b39
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
@@ -0,0 +1,22 @@
+using System;
+
+namespace Microsoft.AspNet.Security.Notifications
+{
+    public enum NotificationResultState
+    {
+        /// <summary>
+        /// Continue with normal processing.
+        /// </summary>
+        Continue,
+
+        /// <summary>
+        /// Discontinue processing the request in the current middleware and pass control to the next one.
+        /// </summary>
+        Skipped,
+
+        /// <summary>
+        /// Discontinue all processing for this request.
+        /// </summary>
+        HandledResponse
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
index d0bd97a76b..768b384a9d 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
@@ -1,17 +1,21 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
-    public class RedirectFromIdentityProviderNotification
+    public class RedirectFromIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
-        public AuthenticationTicket AuthenticationTicket { get; set; }
+        public RedirectFromIdentityProviderNotification(HttpContext context, TOptions options)
+            : base(context, options)
+        {
+        }
 
         public string SignInAsAuthenticationType { get; set; }
 
-        public bool Cancel { get; set; }
-
         public bool IsRequestCompleted { get; set; }
+
+        public TMessage ProtocolMessage { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
index 467731fa0c..524664d7ed 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
@@ -1,16 +1,16 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
-    public class RedirectToIdentityProviderNotification<TMessage>
+    public class RedirectToIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
-        public RedirectToIdentityProviderNotification()
+        public RedirectToIdentityProviderNotification(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
-        public bool Cancel { get; set; }
         public TMessage ProtocolMessage { get; set; }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
index f8aa2adef0..7db29788a2 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
@@ -1,16 +1,18 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
-    public class SecurityTokenReceivedNotification
+    public class SecurityTokenReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
-        public SecurityTokenReceivedNotification()
+        public SecurityTokenReceivedNotification(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
-        public bool Cancel { get; set; }
         public string SecurityToken { get; set; }
+
+        public TMessage ProtocolMessage { get; set; }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
index 400b8b5814..bdef232a71 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
@@ -1,16 +1,16 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security.Notifications
 {
-    public class SecurityTokenValidatedNotification
+    public class SecurityTokenValidatedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
-        public SecurityTokenValidatedNotification()
+        public SecurityTokenValidatedNotification(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
-        public AuthenticationTicket AuthenticationTicket { get; set; }
-        public bool Cancel { get; set; }
+        public TMessage ProtocolMessage { get; set; }
     }
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
new file mode 100644
index 0000000000..6fa8b7afd4
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -0,0 +1,237 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using System.Xml.Linq;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.OAuthBearer
+{
+    public class OAuthBearerMiddlewareTests
+    {
+        [Fact]
+        public async Task BearerTokenValidation()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
+                options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
+                options.TokenValidationParameters = new TokenValidationParameters
+                {
+                    ValidateLifetime = false
+                };
+            });
+            string newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
+            var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task CustomHeaderReceived()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Notifications.MessageReceived = HeaderReceived;
+            });
+
+            var response = await SendAsync(server, "http://example.com/oauth", "someHeader someblob");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        private static Task HeaderReceived(MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
+        {
+            List<Claim> claims =
+                new List<Claim>
+                {
+                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
+                };
+
+            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(claims, notification.Options.AuthenticationType), new Http.Security.AuthenticationProperties());
+            notification.HandleResponse();
+
+            return Task.FromResult<object>(null);
+        }
+
+        [Fact]
+        public async Task CustomTokenReceived()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+            });
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        private static Task SecurityTokenReceived(SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
+        {
+            List<Claim> claims =
+                new List<Claim>
+                {
+                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
+                };
+
+            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(claims, notification.Options.AuthenticationType), new Http.Security.AuthenticationProperties());
+            notification.HandleResponse();
+
+            return Task.FromResult<object>(null);
+        }
+
+        [Fact]
+        public async Task CustomTokenValidated()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Notifications.SecurityTokenValidated = SecurityTokenValidated;
+                options.SecurityTokenValidators = new List<ISecurityTokenValidator>{new BlobTokenValidator(options.AuthenticationType)};
+            });
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        private static Task SecurityTokenValidated(SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
+        {
+            List<Claim> claims =
+                new List<Claim>
+                {
+                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
+                };
+
+            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(claims, notification.Options.AuthenticationType), new Http.Security.AuthenticationProperties());
+            notification.HandleResponse();
+
+            return Task.FromResult<object>(null);
+        }
+
+        class BlobTokenValidator : ISecurityTokenValidator
+        {
+
+            public BlobTokenValidator(string authenticationType)
+            {
+                AuthenticationType = authenticationType;
+            }
+
+            public string AuthenticationType { get; set; }
+
+            public bool CanValidateToken
+            {
+                get
+                {
+                    return true;
+                }
+            }
+
+            public int MaximumTokenSizeInBytes
+            {
+                get
+                {
+                    return 2*2*1024;
+                }
+
+                set
+                {
+                    throw new NotImplementedException();
+                }
+            }
+
+            public bool CanReadToken(string securityToken)
+            {
+                return true;
+            }
+
+            public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
+            {
+                validatedToken = null;
+                List<Claim> claims =
+                    new List<Claim>
+                    {
+                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
+                    };
+
+                return new ClaimsPrincipal(new ClaimsIdentity(claims, AuthenticationType));
+            }
+        }
+
+        private static TestServer CreateServer(Action<OAuthBearerAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler = null)
+        {
+            return TestServer.Create(app =>
+            {
+                app.UseServices(services =>
+                {
+                    services.AddDataProtection();
+                });
+
+                if (configureOptions != null)
+                {
+                    app.UseOAuthBearerAuthentication(configureOptions);
+                }
+                app.Use(async (context, next) =>
+                {
+                    var req = context.Request;
+                    var res = context.Response;
+                    if (req.Path == new PathString("/oauth"))
+                    {
+                    }
+                    else
+                    {
+                        await next();
+                    }
+
+                });
+            });
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string authorizationHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(authorizationHeader))
+            {
+                request.Headers.Add("Authorization", authorizationHeader);
+            }
+
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+
+            return transaction;
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+            public IList<string> SetCookie { get; set; }
+            public string ResponseText { get; set; }
+            public XElement ResponseElement { get; set; }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/OpenIdConnectMiddlewareTests/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OpenIdConnectMiddlewareTests/OpenIdConnectMiddlewareTests.cs
new file mode 100644
index 0000000000..652c295ec1
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/OpenIdConnectMiddlewareTests/OpenIdConnectMiddlewareTests.cs
@@ -0,0 +1,361 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Newtonsoft.Json;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Tests.OpenIdConnect
+{
+    public class OpenIdConnectMiddlewareTests
+    {
+        static string noncePrefix = "OpenIdConnect." + "Nonce.";
+        static string nonceDelimiter = ".";
+
+        [Fact]
+        public async Task ChallengeWillTriggerRedirect()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+                options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+            });
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.ToString();
+            location.ShouldContain("https://login.windows.net/common/oauth2/authorize?");
+            location.ShouldContain("client_id=");
+            location.ShouldContain("&response_type=");
+            location.ShouldContain("&scope=");
+            location.ShouldContain("&state=");
+            location.ShouldContain("&response_mode=");
+        }
+
+        [Fact]
+        public async Task ChallengeWillSetNonceCookie()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+            });
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.SetCookie.Single().ShouldContain("OpenIdConnect.nonce.");
+        }
+
+        [Fact]
+        public async Task ChallengeWillSetDefaultScope()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+            });
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.Query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile"));
+        }
+
+        [Fact]
+        public async Task ChallengeWillUseOptionsProperties()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+                options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+                options.Scope = "https://www.googleapis.com/auth/plus.login";
+                options.ResponseType = "id_token";
+            });
+            var transaction = await SendAsync(server, "https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var query = transaction.Response.Headers.Location.Query;
+            query.ShouldContain("scope=" + Uri.EscapeDataString("https://www.googleapis.com/auth/plus.login"));
+            query.ShouldContain("response_type=" + Uri.EscapeDataString("id_token"));
+        }
+
+        [Fact]
+        public async Task ChallengeWillUseNotifications()
+        {
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+                options.Notifications = new OpenIdConnectAuthenticationNotifications
+                {
+                    MessageReceived = notification =>
+                        {
+                            notification.ProtocolMessage.Scope = "test openid profile";
+                            notification.HandleResponse();
+                            return Task.FromResult<object>(null);
+                        }
+                };
+            });
+
+            var properties = new AuthenticationProperties();
+            var state = stateFormat.Protect(properties);
+            var transaction = await SendAsync(server,"https://example.com/challenge");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+        }
+
+
+        [Fact]
+        public async Task SignOutWithDefaultRedirectUri()
+        {
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+            });
+
+            var transaction = await SendAsync(server, "https://example.com/signout");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.AbsoluteUri.ShouldBe("https://login.windows.net/common/oauth2/logout");
+        }
+
+        [Fact]
+        public async Task SignOutWithCustomRedirectUri()
+        {
+            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+                options.PostLogoutRedirectUri = "https://example.com/logout";
+            });
+
+            var transaction = await SendAsync(server, "https://example.com/signout");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(Uri.EscapeDataString("https://example.com/logout"));
+        }
+
+        [Fact]
+        // Test Cases for calculating the expiration time of cookie from cookie name
+        public void NonceCookieExpirationTime()
+        {
+            DateTime utcNow = DateTime.UtcNow;
+
+            GetNonceExpirationTime(noncePrefix + DateTime.MaxValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MaxValue);
+
+            GetNonceExpirationTime(noncePrefix + DateTime.MinValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue + TimeSpan.FromHours(1));
+
+            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
+
+            GetNonceExpirationTime(noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+
+            GetNonceExpirationTime("", TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+
+            GetNonceExpirationTime(noncePrefix + noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+
+            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
+
+            GetNonceExpirationTime(utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+        }
+
+        private static TestServer CreateServer(Action<OpenIdConnectAuthenticationOptions> configureOptions, Func<HttpContext, Task> handler = null)
+        {
+            return TestServer.Create(app =>
+            {
+                app.UseServices(services =>
+                {
+                    services.AddDataProtection();
+                    services.Configure<ExternalAuthenticationOptions>(options =>
+                    {
+                        options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+                    });
+                });
+
+                app.UseCookieAuthentication(options =>
+                {
+                    options.AuthenticationType = "OpenIdConnect";
+                });
+                app.UseOpenIdConnectAuthentication(configureOptions);
+                app.Use(async (context, next) =>
+                {
+                    var req = context.Request;
+                    var res = context.Response;
+                    if (req.Path == new PathString("/challenge"))
+                    {
+                        res.Challenge("OpenIdConnect");
+                        res.StatusCode = 401;
+                    }
+                    else if (req.Path == new PathString("/signin"))
+                    {
+                        res.SignIn();
+                    }
+                    else if (req.Path == new PathString("/signout"))
+                    {
+                        res.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationType);
+                    }
+                    else if (handler != null)
+                    {
+                        await handler(context);
+                    }
+                    else
+                    {
+                        await next();
+                    }
+                });
+            });
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+
+            public IList<string> SetCookie { get; set; }
+
+            public string ResponseText { get; set; }
+            public XElement ResponseElement { get; set; }
+
+            public string AuthenticationCookieValue
+            {
+                get
+                {
+                    if (SetCookie != null && SetCookie.Count > 0)
+                    {
+                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet.Cookie="));
+                        if (authCookie != null)
+                        {
+                            return authCookie.Substring(0, authCookie.IndexOf(';'));
+                        }
+                    }
+
+                    return null;
+                }
+            }
+
+            public string FindClaimValue(string claimType)
+            {
+                XElement claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+                if (claim == null)
+                {
+                    return null;
+                }
+                return claim.Attribute("value").Value;
+            }
+        }
+        private static void Describe(HttpResponse res, ClaimsIdentity identity)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (identity != null)
+            {
+                xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+
+        private class TestHttpMessageHandler : HttpMessageHandler
+        {
+            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
+
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+            {
+                if (Sender != null)
+                {
+                    return Task.FromResult(Sender(request));
+                }
+
+                return Task.FromResult<HttpResponseMessage>(null);
+            }
+        }
+
+        private static HttpResponseMessage ReturnJsonResponse(object content)
+        {
+            var res = new HttpResponseMessage(HttpStatusCode.OK);
+            var text = JsonConvert.SerializeObject(content);
+            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
+            return res;
+        }
+
+        private static DateTime GetNonceExpirationTime(string keyname, TimeSpan nonceLifetime)
+        {
+            DateTime nonceTime = DateTime.MinValue;
+            string timestamp = null;
+            int endOfTimestamp;
+            if (keyname.StartsWith(noncePrefix, StringComparison.Ordinal))
+            {
+                timestamp = keyname.Substring(noncePrefix.Length);
+                endOfTimestamp = timestamp.IndexOf('.');
+
+                if (endOfTimestamp != -1)
+                {
+                    timestamp = timestamp.Substring(0, endOfTimestamp);
+                    try
+                    {
+                        nonceTime = DateTime.FromBinary(Convert.ToInt64(timestamp, CultureInfo.InvariantCulture));
+                        if ((nonceTime >= DateTime.UtcNow) && ((DateTime.MaxValue - nonceTime) < nonceLifetime))
+                            nonceTime = DateTime.MaxValue;
+                        else
+                            nonceTime += nonceLifetime;
+                    }
+                    catch
+                    {
+                    }
+                }
+            }
+            return nonceTime;
+        }
+
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 305fe5528e..504d228b6e 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -7,6 +7,8 @@
         "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
         "Microsoft.AspNet.Security.Google": "1.0.0-*",
         "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
+        "Microsoft.AspNet.Security.OAuthBearer": "1.0.0-*",
+        "Microsoft.AspNet.Security.OpenIdConnect": "1.0.0-*",
         "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
         "Microsoft.AspNet.TestHost": "1.0.0-*",
         "Moq": "4.2.1312.1622",
@@ -18,7 +20,8 @@
     "frameworks": {
         "aspnet50": {
             "dependencies": {
-                "Shouldly": "1.1.1.1"
+                "Shouldly": "1.1.1.1",
+                "System.Security.Claims": "1.0.0-*"
             }
         }
     }

From 8e6e7f9590eb7a8225c9a9d61892539515f55f26 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 14 Jan 2015 14:53:51 -0800
Subject: [PATCH 127/900] Fix directory casing, part1.

---
 .../OpenIdConnectSample.kproj                                     | 0
 .../Startup.cs                                                    | 0
 .../project.json                                                  | 0
 .../Microsoft.AspNet.Security.OpenIdConnect.kproj                 | 0
 .../NonceCache.cs                                                 | 0
 .../Notifications/AuthorizationCodeReceivedNotification.cs        | 0
 .../OpenIdConnectAuthenticationDefaults.cs                        | 0
 .../OpenIdConnectAuthenticationExtensions.cs                      | 0
 .../OpenIdConnectAuthenticationMiddleware.cs                      | 0
 .../OpenIdConnectAuthenticationNotifications.cs                   | 0
 .../OpenIdConnectAuthenticationOptions.cs                         | 0
 .../OpenidConnectAuthenticationHandler.cs                         | 0
 .../Project.json                                                  | 0
 .../Resources.Designer.cs                                         | 0
 14 files changed, 0 insertions(+), 0 deletions(-)
 rename samples/{OpenIDConnectSample => OpenIdConnectSample_casing}/OpenIdConnectSample.kproj (100%)
 rename samples/{OpenIDConnectSample => OpenIdConnectSample_casing}/Startup.cs (100%)
 rename samples/{OpenIDConnectSample => OpenIdConnectSample_casing}/project.json (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/Microsoft.AspNet.Security.OpenIdConnect.kproj (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/NonceCache.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/Notifications/AuthorizationCodeReceivedNotification.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/OpenIdConnectAuthenticationDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/OpenIdConnectAuthenticationExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/OpenIdConnectAuthenticationMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/OpenIdConnectAuthenticationNotifications.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/OpenIdConnectAuthenticationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/OpenidConnectAuthenticationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/Project.json (100%)
 rename src/{Microsoft.AspNet.Security.OpenIDConnect => Microsoft.AspNet.Security.OpenIdConnect_casing}/Resources.Designer.cs (100%)

diff --git a/samples/OpenIDConnectSample/OpenIdConnectSample.kproj b/samples/OpenIdConnectSample_casing/OpenIdConnectSample.kproj
similarity index 100%
rename from samples/OpenIDConnectSample/OpenIdConnectSample.kproj
rename to samples/OpenIdConnectSample_casing/OpenIdConnectSample.kproj
diff --git a/samples/OpenIDConnectSample/Startup.cs b/samples/OpenIdConnectSample_casing/Startup.cs
similarity index 100%
rename from samples/OpenIDConnectSample/Startup.cs
rename to samples/OpenIdConnectSample_casing/Startup.cs
diff --git a/samples/OpenIDConnectSample/project.json b/samples/OpenIdConnectSample_casing/project.json
similarity index 100%
rename from samples/OpenIDConnectSample/project.json
rename to samples/OpenIdConnectSample_casing/project.json
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Microsoft.AspNet.Security.OpenIdConnect.kproj
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/Microsoft.AspNet.Security.OpenIdConnect.kproj
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/NonceCache.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/NonceCache.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/NonceCache.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/NonceCache.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Notifications/AuthorizationCodeReceivedNotification.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/Notifications/AuthorizationCodeReceivedNotification.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/Notifications/AuthorizationCodeReceivedNotification.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationDefaults.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationExtensions.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationMiddleware.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationNotifications.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationNotifications.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/OpenIdConnectAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenidConnectAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/OpenidConnectAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenidConnectAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Project.json b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Project.json
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/Project.json
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/Project.json
diff --git a/src/Microsoft.AspNet.Security.OpenIDConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIDConnect/Resources.Designer.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect_casing/Resources.Designer.cs

From 91242245f3b99d0cee574f7100e3b264c5732775 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 14 Jan 2015 14:54:47 -0800
Subject: [PATCH 128/900] Fix directory casing, part 2.

---
 .../OpenIdConnectSample.kproj                                     | 0
 .../Startup.cs                                                    | 0
 .../project.json                                                  | 0
 .../Microsoft.AspNet.Security.OpenIdConnect.kproj                 | 0
 .../NonceCache.cs                                                 | 0
 .../Notifications/AuthorizationCodeReceivedNotification.cs        | 0
 .../OpenIdConnectAuthenticationDefaults.cs                        | 0
 .../OpenIdConnectAuthenticationExtensions.cs                      | 0
 .../OpenIdConnectAuthenticationMiddleware.cs                      | 0
 .../OpenIdConnectAuthenticationNotifications.cs                   | 0
 .../OpenIdConnectAuthenticationOptions.cs                         | 0
 .../OpenidConnectAuthenticationHandler.cs                         | 0
 .../Project.json                                                  | 0
 .../Resources.Designer.cs                                         | 0
 14 files changed, 0 insertions(+), 0 deletions(-)
 rename samples/{OpenIdConnectSample_casing => OpenIdConnectSample}/OpenIdConnectSample.kproj (100%)
 rename samples/{OpenIdConnectSample_casing => OpenIdConnectSample}/Startup.cs (100%)
 rename samples/{OpenIdConnectSample_casing => OpenIdConnectSample}/project.json (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/Microsoft.AspNet.Security.OpenIdConnect.kproj (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/NonceCache.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/Notifications/AuthorizationCodeReceivedNotification.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/OpenIdConnectAuthenticationDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/OpenIdConnectAuthenticationExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/OpenIdConnectAuthenticationMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/OpenIdConnectAuthenticationNotifications.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/OpenIdConnectAuthenticationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/OpenidConnectAuthenticationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/Project.json (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect_casing => Microsoft.AspNet.Security.OpenIdConnect}/Resources.Designer.cs (100%)

diff --git a/samples/OpenIdConnectSample_casing/OpenIdConnectSample.kproj b/samples/OpenIdConnectSample/OpenIdConnectSample.kproj
similarity index 100%
rename from samples/OpenIdConnectSample_casing/OpenIdConnectSample.kproj
rename to samples/OpenIdConnectSample/OpenIdConnectSample.kproj
diff --git a/samples/OpenIdConnectSample_casing/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
similarity index 100%
rename from samples/OpenIdConnectSample_casing/Startup.cs
rename to samples/OpenIdConnectSample/Startup.cs
diff --git a/samples/OpenIdConnectSample_casing/project.json b/samples/OpenIdConnectSample/project.json
similarity index 100%
rename from samples/OpenIdConnectSample_casing/project.json
rename to samples/OpenIdConnectSample/project.json
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Microsoft.AspNet.Security.OpenIdConnect.kproj b/src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/Microsoft.AspNet.Security.OpenIdConnect.kproj
rename to src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/NonceCache.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/NonceCache.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/NonceCache.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/NonceCache.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/Notifications/AuthorizationCodeReceivedNotification.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenIdConnectAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/OpenidConnectAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Project.json b/src/Microsoft.AspNet.Security.OpenIdConnect/Project.json
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/Project.json
rename to src/Microsoft.AspNet.Security.OpenIdConnect/Project.json
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect_casing/Resources.Designer.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect_casing/Resources.Designer.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/Resources.Designer.cs

From 38fb911afc8f44fdbebb63efa36e8ffdc7e0a213 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 14 Jan 2015 15:13:24 -0800
Subject: [PATCH 129/900] Clean up auth types, copywrite headers, file names,
 exceptions.

---
 samples/OpenIdConnectSample/Startup.cs        | 10 ++++----
 .../OAuthBearerAuthenticationHandler.cs       | 23 ++++++++-----------
 .../{NonceCache.cs => INonceCache.cs}         |  3 ++-
 .../AuthorizationCodeReceivedNotification.cs  |  3 ++-
 .../OpenIdConnectAuthenticationDefaults.cs    |  4 ++--
 .../OpenIdConnectAuthenticationExtensions.cs  |  3 ++-
 .../OpenIdConnectAuthenticationMiddleware.cs  |  3 ++-
 ...penIdConnectAuthenticationNotifications.cs |  3 ++-
 .../OpenIdConnectAuthenticationOptions.cs     |  3 ++-
 .../OpenidConnectAuthenticationHandler.cs     | 23 ++++++-------------
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |  3 ++-
 .../OpenIdConnectMiddlewareTests.cs           |  3 ++-
 12 files changed, 38 insertions(+), 46 deletions(-)
 rename src/Microsoft.AspNet.Security.OpenIdConnect/{NonceCache.cs => INonceCache.cs} (69%)
 rename test/Microsoft.AspNet.Security.Test/{OpenIdConnectMiddlewareTests => OpenIdConnect}/OpenIdConnectMiddlewareTests.cs (99%)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 17850d03b2..bd443424ef 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,9 +1,10 @@
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.AspNet.Security.OpenIdConnect;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security;
+using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.Framework.DependencyInjection;
 
 namespace OpenIdConnectSample
 {
@@ -16,14 +17,13 @@ namespace OpenIdConnectSample
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
-                    options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+                    options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
                 });
 
             });
 
             app.UseCookieAuthentication(options =>
             {
-                options.AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
             });
 
             app.UseOpenIdConnectAuthentication(options =>
@@ -31,8 +31,6 @@ namespace OpenIdConnectSample
                     options.ClientId = "fe78e0b4-6fe7-47e6-812c-fb75cee266a4";
                     options.Authority = "https://login.windows.net/cyrano.onmicrosoft.com";
                     options.RedirectUri = "http://localhost:42023";
-                    options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
-                    options.AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
                 });
 
             app.Run(async context =>
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index 1c2eb287ae..b81af0c735 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -5,7 +5,6 @@ using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.Linq;
-using System.Runtime.ExceptionServices;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
@@ -38,7 +37,6 @@ namespace Microsoft.AspNet.Security.OAuthBearer
         /// <returns></returns>
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
         {
-            ExceptionDispatchInfo authFailedEx = null;
             string token = null;
             try
             {
@@ -144,16 +142,10 @@ namespace Microsoft.AspNet.Security.OAuthBearer
             }
             catch (Exception ex)
             {
-                // We can't await inside a catch block, capture and handle outside.
-                authFailedEx = ExceptionDispatchInfo.Capture(ex);
-            }
-
-            if (authFailedEx != null)
-            {
-                _logger.WriteError("Exception occurred while processing message", authFailedEx.SourceException);
+                _logger.WriteError("Exception occurred while processing message", ex);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
-                if (Options.RefreshOnIssuerKeyNotFound && authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
                     Options.ConfigurationManager.RequestRefresh();
                 }
@@ -162,7 +154,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     new AuthenticationFailedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
                     {
                         ProtocolMessage = Context,
-                        Exception = authFailedEx.SourceException
+                        Exception = ex
                     };
 
                 await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
@@ -176,10 +168,8 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     return null;
                 }
 
-                authFailedEx.Throw();
+                throw;
             }
-
-            return null;
         }
 
         protected override void ApplyResponseChallenge()
@@ -189,6 +179,11 @@ namespace Microsoft.AspNet.Security.OAuthBearer
 
         protected override async Task ApplyResponseChallengeAsync()
         {
+            if ((Response.StatusCode != 401) || (ChallengeContext == null))
+            {
+                return;
+            }
+
             await Options.Notifications.ApplyChallenge(new AuthenticationChallengeNotification<OAuthBearerAuthenticationOptions>(Context, Options));
         }
 
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/NonceCache.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/INonceCache.cs
similarity index 69%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/NonceCache.cs
rename to src/Microsoft.AspNet.Security.OpenIdConnect/INonceCache.cs
index 11c09b3457..3f5255f56d 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/NonceCache.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/INonceCache.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Security.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
index cbcdc06183..9c7694e560 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.OpenIdConnect;
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
index d6271488a9..5942efb4dc 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
@@ -1,5 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
-
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Security.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
index 81a74b65ca..5d4a72b217 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNet.Security.OpenIdConnect;
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index bfe82b51f0..bbe59f50d2 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.ObjectModel;
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
index 36ee2fd25a..327bbfa599 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 5022cbf3c4..5f1b5077ec 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 5305039106..317cd42e8b 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -1,11 +1,11 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Globalization;
 using System.IdentityModel.Tokens;
 using System.IO;
 using System.Linq;
-using System.Runtime.ExceptionServices;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
@@ -122,7 +122,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
             }
 
             // order for redirect_uri
-            // 1. challenge.Properties.RedirectUri  
+            // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri
             AuthenticationProperties properties = new AuthenticationProperties(ChallengeContext.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
@@ -224,7 +224,6 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 return null;
             }
 
-            ExceptionDispatchInfo authFailedEx = null;
             try
             {
                 var messageReceivedNotification = new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
@@ -410,16 +409,10 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
             }
             catch (Exception exception)
             {
-                // We can't await inside a catch block, capture and handle outside.
-                authFailedEx = ExceptionDispatchInfo.Capture(exception);
-            }
-
-            if (authFailedEx != null)
-            {
-                _logger.WriteError("Exception occurred while processing message", authFailedEx.SourceException);
+                _logger.WriteError("Exception occurred while processing message", exception);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
-                if (Options.RefreshOnIssuerKeyNotFound && authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
                     Options.ConfigurationManager.RequestRefresh();
                 }
@@ -427,7 +420,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 var authenticationFailedNotification = new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = openIdConnectMessage,
-                    Exception = authFailedEx.SourceException
+                    Exception = exception
                 };
 
                 await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
@@ -441,10 +434,8 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                     return null;
                 }
 
-                authFailedEx.Throw();
+                throw;
             }
-
-            return null;
         }
 
         /// <summary>
diff --git a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index 6fa8b7afd4..eff8e28841 100644
--- a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
diff --git a/test/Microsoft.AspNet.Security.Test/OpenIdConnectMiddlewareTests/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
similarity index 99%
rename from test/Microsoft.AspNet.Security.Test/OpenIdConnectMiddlewareTests/OpenIdConnectMiddlewareTests.cs
rename to test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 652c295ec1..e3a5df4718 100644
--- a/test/Microsoft.AspNet.Security.Test/OpenIdConnectMiddlewareTests/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -1,4 +1,5 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;

From 61bdaec1e2631ce68e057d044697ad2b1507aa5a Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Wed, 14 Jan 2015 17:04:10 -0800
Subject: [PATCH 130/900] Handle QueryBuilder namespace change.

---
 .../FacebookAuthenticationHandler.cs                             | 1 +
 .../OAuthAuthenticationHandler.cs                                | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
index 455cf1a4c2..dd2b43ffe8 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
@@ -9,6 +9,7 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.PipelineCore.Collections;
 using Microsoft.AspNet.Security.OAuth;
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
index 5a4ffebbd2..b165ca41c0 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
@@ -8,6 +8,7 @@ using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.WebUtilities;

From 123e649ee2888d3d51012f8edafdfd843b20472f Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 15 Jan 2015 07:54:10 -0800
Subject: [PATCH 131/900] * Removing transitive dependencies from project.json
 * Fix casing for project.json

---
 .../Project.json                              | 48 -------------------
 .../project.json                              | 19 ++++++++
 .../project.json                              |  3 +-
 3 files changed, 20 insertions(+), 50 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Security.OpenIdConnect/Project.json
 create mode 100644 src/Microsoft.AspNet.Security.OpenIdConnect/project.json

diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Project.json b/src/Microsoft.AspNet.Security.OpenIdConnect/Project.json
deleted file mode 100644
index 7a6d95a056..0000000000
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/Project.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-    "version": "1.0.0-*",
-    "dependencies": {
-        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.4",
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0.0-beta1-*",
-        "System.IdentityModel.Tokens": "5.0.0.0-beta1-*"
-    },
-    "frameworks": {
-        "aspnet50": {
-            "frameworkAssemblies": {
-                "System.Net.Http": "",
-                "System.Net.Http.WebRequest": ""
-            }
-        },
-        "aspnetcore50": {
-            "dependencies": {
-                "System.Collections": "4.0.10-beta-*",
-                "System.ComponentModel": "4.0.0-beta-*",
-                "System.Console": "4.0.0-beta-*",
-                "System.Diagnostics.Debug": "4.0.10-beta-*",
-                "System.Diagnostics.Tools": "4.0.0-beta-*",
-                "System.Dynamic.Runtime": "4.0.0-beta-*",
-                "System.Globalization": "4.0.10-beta-*",
-                "System.IO": "4.0.10-beta-*",
-                "System.IO.Compression": "4.0.0-beta-*",
-                "System.Linq": "4.0.0-beta-*",
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
-                "System.ObjectModel": "4.0.10-beta-*",
-                "System.Reflection": "4.0.10-beta-*",
-                "System.Resources.ResourceManager": "4.0.0-beta-*",
-                "System.Runtime": "4.0.20-beta-*",
-                "System.Runtime.Extensions": "4.0.10-beta-*",
-                "System.Runtime.InteropServices": "4.0.20-beta-*",
-                "System.Security.Claims": "4.0.0-beta-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*",
-                "System.Security.Principal": "4.0.0-beta-*",
-                "System.Threading": "4.0.0-beta-*",
-                "System.Threading.Tasks": "4.0.10-beta-*",
-                "System.Net.Http": "4.0.0-*"
-            }
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/project.json b/src/Microsoft.AspNet.Security.OpenIdConnect/project.json
new file mode 100644
index 0000000000..728e82b194
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/project.json
@@ -0,0 +1,19 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0.0-beta1-*"
+    },
+    "frameworks": {
+        "aspnet50": {
+            "frameworkAssemblies": {
+                "System.Net.Http.WebRequest": ""
+            }
+        },
+        "aspnetcore50": {
+            "dependencies": {
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
index 504d228b6e..1ab85d5840 100644
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ b/test/Microsoft.AspNet.Security.Test/project.json
@@ -20,8 +20,7 @@
     "frameworks": {
         "aspnet50": {
             "dependencies": {
-                "Shouldly": "1.1.1.1",
-                "System.Security.Claims": "1.0.0-*"
+                "Shouldly": "1.1.1.1"
             }
         }
     }

From f7c502a9e6150e07499c048cb2d92086f2e0f531 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 15 Jan 2015 13:57:07 -0800
Subject: [PATCH 132/900] Handle PipelineCore rename.

---
 .../FacebookAuthenticationHandler.cs                         | 2 +-
 .../TwitterAuthenticationHandler.cs                          | 2 +-
 src/Microsoft.AspNet.Security/AuthenticationOptions.cs       | 5 -----
 .../Infrastructure/HttpContextExtensions.cs                  | 2 +-
 src/Microsoft.AspNet.Security/project.json                   | 2 +-
 .../Cookies/Infrastructure/CookieChunkingTests.cs            | 2 +-
 test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs   | 2 +-
 7 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
index dd2b43ffe8..7eabae1019 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
@@ -9,9 +9,9 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Core.Collections;
 using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.PipelineCore.Collections;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
index de4dee266f..46dcd43f4c 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -10,8 +10,8 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Core.Collections;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.PipelineCore.Collections;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.Twitter.Messages;
 using Microsoft.AspNet.WebUtilities;
diff --git a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
index e25383cfe3..411e134819 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
@@ -1,12 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using System;
-using System.Collections.Generic;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.HttpFeature.Security;
-using Microsoft.AspNet.PipelineCore.Security;
 
 namespace Microsoft.AspNet.Security
 {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
index 59c29fe82b..642809e18c 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Core.Security;
 using Microsoft.AspNet.HttpFeature.Security;
-using Microsoft.AspNet.PipelineCore.Security;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index cac89fbad7..6e7c66c598 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -4,7 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.HttpFeature": { "version": "1.0.0-*", "type": "build" },
-        "Microsoft.AspNet.PipelineCore": "1.0.0-*",
+        "Microsoft.AspNet.Http.Core": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*"
     },
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 4df8763bd9..04bbadf68a 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.PipelineCore;
+using Microsoft.AspNet.Http.Core;
 using Xunit;
 
 namespace Microsoft.AspNet.Security.Cookies.Infrastructure
diff --git a/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
index 76f8f6e0a7..dae0aed318 100644
--- a/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
@@ -6,7 +6,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.PipelineCore;
+using Microsoft.AspNet.Http.Core;
 using Microsoft.AspNet.Security.Infrastructure;
 using Shouldly;
 using Xunit;

From 4a635835af1049679103fdca97716e814408addc Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 15 Jan 2015 23:37:35 -0800
Subject: [PATCH 133/900] Initial iteration of new Authorization Service

---
 .../AuthorizationContext.cs                   |  61 ++
 .../AuthorizationHandler.cs                   |  58 ++
 .../AuthorizationOptions.cs                   |  23 +
 .../AuthorizationPolicy.cs                    |  25 +-
 .../AuthorizationPolicyBuilder.cs             |  58 ++
 .../AuthorizationPolicyContext.cs             |  60 --
 .../AuthorizationServiceExtensions.cs         |  82 ---
 .../ClaimsAuthorizationHandler.cs             |  32 +
 .../ClaimsAuthorizationRequirement.cs         |  15 +
 .../DefaultAuthorizationService.cs            |  98 +--
 .../DenyAnonymousAuthorizationHandler.cs      |  20 +
 .../DenyAnonymousAuthorizationRequirement.cs  |   9 +
 ...tionPolicy.cs => IAuthorizationHandler.cs} |   8 +-
 .../IAuthorizationRequirement.cs              |   9 +
 .../IAuthorizationService.cs                  |  30 +-
 .../PassThroughAuthorizationHandler.cs        |  20 +
 .../ServiceCollectionExtensions.cs            |  32 +
 .../DefaultAuthorizationServiceTests.cs       | 649 +++++++++++++-----
 .../FakePolicy.cs                             |  52 --
 .../TestApplicationEnvironment.cs             |  37 -
 20 files changed, 857 insertions(+), 521 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security/AuthorizationContext.cs
 create mode 100644 src/Microsoft.AspNet.Security/AuthorizationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security/AuthorizationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
 delete mode 100644 src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
 delete mode 100644 src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security/ClaimsAuthorizationRequirement.cs
 create mode 100644 src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationRequirement.cs
 rename src/Microsoft.AspNet.Security/{IAuthorizationPolicy.cs => IAuthorizationHandler.cs} (50%)
 create mode 100644 src/Microsoft.AspNet.Security/IAuthorizationRequirement.cs
 create mode 100644 src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
 delete mode 100644 test/Microsoft.AspNet.Security.Test/FakePolicy.cs
 delete mode 100644 test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs

diff --git a/src/Microsoft.AspNet.Security/AuthorizationContext.cs b/src/Microsoft.AspNet.Security/AuthorizationContext.cs
new file mode 100644
index 0000000000..0c6dc06197
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthorizationContext.cs
@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Security
+{
+    /// <summary>
+    /// Contains authorization information used by <see cref="IAuthorizationPolicyHandler"/>.
+    /// </summary>
+    public class AuthorizationContext
+    {
+        private HashSet<IAuthorizationRequirement> _pendingRequirements = new HashSet<IAuthorizationRequirement>();
+        private bool _failCalled;
+        private bool _succeedCalled;
+
+        public AuthorizationContext(
+            [NotNull] AuthorizationPolicy policy, 
+            HttpContext context,
+            object resource)
+        {
+            Policy = policy;
+            Context = context;
+            Resource = resource;
+            foreach (var req in Policy.Requirements)
+            {
+                _pendingRequirements.Add(req);
+            }
+        }
+
+        public AuthorizationPolicy Policy { get; private set; }
+        public ClaimsPrincipal User { get { return Context.User; } }
+        public HttpContext Context { get; private set; }
+        public object Resource { get; private set; }
+
+        public IEnumerable<IAuthorizationRequirement> PendingRequirements { get { return _pendingRequirements; } }
+
+        public bool HasFailed { get { return _failCalled; } }
+
+        public bool HasSucceeded {
+            get
+            {
+                return !_failCalled && _succeedCalled && !PendingRequirements.Any();
+            }
+        }
+
+        public void Fail()
+        {
+            _failCalled = true;
+        }
+
+        public void Succeed(IAuthorizationRequirement requirement)
+        {
+            _succeedCalled = true;
+            _pendingRequirements.Remove(requirement);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthorizationHandler.cs b/src/Microsoft.AspNet.Security/AuthorizationHandler.cs
new file mode 100644
index 0000000000..d913318700
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthorizationHandler.cs
@@ -0,0 +1,58 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security
+{
+    // Music store use case
+
+    // await AuthorizeAsync<Album>(user, "Edit", albumInstance);
+
+    // No policy name needed because this is auto based on resource (operation is the policy name)
+    //RegisterOperation which auto generates the policy for Authorize<T>
+    //bool AuthorizeAsync<TResource>(ClaimsPrincipal, string operation, TResource instance)
+    //bool AuthorizeAsync<TResource>(IAuthorization, ClaimsPrincipal, string operation, TResource instance)
+    public abstract class AuthorizationHandler<TRequirement> : IAuthorizationHandler
+        where TRequirement : IAuthorizationRequirement
+    {
+        public async Task HandleAsync(AuthorizationContext context)
+        {
+            foreach (var req in context.Policy.Requirements.OfType<TRequirement>())
+            {
+                if (await CheckAsync(context, req))
+                {
+                    context.Succeed(req);
+                }
+                else
+                {
+                    context.Fail();
+                }
+            }
+        }
+
+        public abstract Task<bool> CheckAsync(AuthorizationContext context, TRequirement requirement);
+    }
+
+    // TODO: 
+    //public abstract class AuthorizationHandler<TRequirement, TResource> : AuthorizationHandler<TRequirement>
+    //    where TResource : class
+    //    where TRequirement : IAuthorizationRequirement
+    //{
+    //    public override Task HandleAsync(AuthorizationContext context)
+    //    {
+    //        var resource = context.Resource as TResource;
+    //        if (resource != null)
+    //        {
+    //            return HandleAsync(context, resource);
+    //        }
+
+    //        return Task.FromResult(0);
+
+    //    }
+
+    //    public abstract Task HandleAsync(AuthorizationContext context, TResource resource);
+    //}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthorizationOptions.cs b/src/Microsoft.AspNet.Security/AuthorizationOptions.cs
new file mode 100644
index 0000000000..667ee4fcba
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthorizationOptions.cs
@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+
+namespace Microsoft.AspNet.Security
+{
+    public class AuthorizationOptions
+    {
+        // TODO: make this case insensitive
+        private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>();
+
+        public void AddPolicy([NotNull] string name, [NotNull] AuthorizationPolicy policy)
+        {
+            PolicyMap[name] = policy;
+        }
+
+        public AuthorizationPolicy GetPolicy([NotNull] string name)
+        {
+            return PolicyMap.ContainsKey(name) ? PolicyMap[name] : null;
+        }
+   }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
index a58ae858ae..d142eb1b60 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
@@ -2,31 +2,18 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
-using System.Security.Claims;
-using System.Threading.Tasks;
 
 namespace Microsoft.AspNet.Security
 {
-    /// <summary>
-    /// This class provides a base implementation for <see cref="IAuthorizationPolicy" />
-    /// </summary>
-    public abstract class AuthorizationPolicy : IAuthorizationPolicy
+    public class AuthorizationPolicy
     {
-        public int Order { get; set; }
-        
-        public virtual Task ApplyingAsync(AuthorizationPolicyContext context)
+        public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> activeAuthenticationTypes)
         {
-            return Task.FromResult(0);
+            Requirements = requirements;
+            ActiveAuthenticationTypes = activeAuthenticationTypes;
         }
 
-        public virtual Task ApplyAsync(AuthorizationPolicyContext context) 
-        {
-            return Task.FromResult(0);
-        }
-
-        public virtual Task AppliedAsync(AuthorizationPolicyContext context)
-        {
-            return Task.FromResult(0);
-        }
+        public IEnumerable<IAuthorizationRequirement> Requirements { get; private set; }
+        public IEnumerable<string> ActiveAuthenticationTypes { get; private set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
new file mode 100644
index 0000000000..520bc77460
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
@@ -0,0 +1,58 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+
+namespace Microsoft.AspNet.Security
+{
+    public class AuthorizationPolicyBuilder
+    {
+        public AuthorizationPolicyBuilder(params string[] activeAuthenticationTypes)
+        {
+            foreach (var authType in activeAuthenticationTypes) {
+                ActiveAuthenticationTypes.Add(authType);
+            }
+        }
+
+        public IList<IAuthorizationRequirement> Requirements { get; set; } = new List<IAuthorizationRequirement>();
+        public IList<string> ActiveAuthenticationTypes { get; set; } = new List<string>();
+
+        public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType, params string[] requiredValues)
+        {
+            Requirements.Add(new ClaimsAuthorizationRequirement
+            {
+                ClaimType = claimType,
+                AllowedValues = requiredValues
+            });
+            return this;
+        }
+
+        public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType)
+        {
+            Requirements.Add(new ClaimsAuthorizationRequirement
+            {
+                ClaimType = claimType,
+                AllowedValues = null
+            });
+            return this;
+        }
+
+        public AuthorizationPolicyBuilder RequiresRole([NotNull] params string[] roles)
+        {
+            RequiresClaim(ClaimTypes.Role, roles);
+            return this;
+        }
+
+        public AuthorizationPolicyBuilder RequireAuthenticatedUser()
+        {
+            Requirements.Add(new DenyAnonymousAuthorizationRequirement());
+            return this;
+        }
+
+        public AuthorizationPolicy Build()
+        {
+            return new AuthorizationPolicy(Requirements, ActiveAuthenticationTypes);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
deleted file mode 100644
index b394bfcb68..0000000000
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicyContext.cs
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Collections.Generic;
-using System.Security.Claims;
-using System.Linq;
-
-namespace Microsoft.AspNet.Security
-{
-    /// <summary>
-    /// Contains authorization information used by <see cref="IAuthorizationPolicy"/>.
-    /// </summary>
-    public class AuthorizationPolicyContext
-    {
-        public AuthorizationPolicyContext(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource )
-        {
-            Claims = (claims ?? Enumerable.Empty<Claim>()).ToList();
-            User = user;
-            Resource = resource;
-
-            // user claims are copied to a new and mutable list
-            UserClaims = user != null
-                ? user.Claims.ToList()
-                : new List<Claim>();
-        }
-
-        /// <summary>
-        /// The list of claims the <see cref="IAuthorizationService"/> is checking.
-        /// </summary>
-        public IList<Claim> Claims { get; private set; }
-
-        /// <summary>
-        /// The user to check the claims against.
-        /// </summary>
-        public ClaimsPrincipal User { get; private set; }
-
-        /// <summary>
-        /// The claims of the user.
-        /// </summary>
-        /// <remarks>
-        /// This list can be modified by policies for retries.
-        /// </remarks>
-        public IList<Claim> UserClaims { get; private set; }
-
-        /// <summary>
-        /// An optional resource associated to the check.
-        /// </summary>
-        public object Resource { get; private set; }
-
-        /// <summary>
-        /// Gets or set whether the permission will be granted to the user.
-        /// </summary>
-        public bool Authorized { get; set; }
-
-        /// <summary>
-        /// When set to <value>true</value>, the authorization check will be processed again.
-        /// </summary>
-        public bool Retry { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
deleted file mode 100644
index 17ec58196d..0000000000
--- a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Claims;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNet.Security
-{
-    public static class AuthorizationServiceExtensions
-    {
-        /// <summary>
-        /// Checks if a user has specific claims.
-        /// </summary>
-        /// <param name="claim">The claim to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
-        {
-            return service.AuthorizeAsync(new Claim[] { claim }, user);
-        }
-
-        /// <summary>
-        /// Checks if a user has specific claims.
-        /// </summary>
-        /// <param name="claim">The claim to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static bool Authorize([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user)
-        {
-            return service.Authorize(new Claim[] { claim }, user);
-        }
-
-        /// <summary>
-        /// Checks if a user has specific claims for a specific context obj.
-        /// </summary>
-        /// <param name="claim">The claim to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <param name="resource">The resource the claims should be check with.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
-        {
-            return service.AuthorizeAsync(new Claim[] { claim }, user, resource);
-        }
-
-        /// <summary>
-        /// Checks if a user has specific claims for a specific context obj.
-        /// </summary>
-        /// <param name="claim">The claimsto check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <param name="resource">The resource the claims should be check with.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static bool Authorize([NotNull] this IAuthorizationService service, Claim claim, ClaimsPrincipal user, object resource)
-        {
-            return service.Authorize(new Claim[] { claim }, user, resource);
-        }
-
-        /// <summary>
-        /// Checks if a user has specific claims.
-        /// </summary>
-        /// <param name="claims">The claims to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, IEnumerable<Claim> claims, ClaimsPrincipal user)
-        {
-            return service.AuthorizeAsync(claims, user, null);
-        }
-
-        /// <summary>
-        /// Checks if a user has specific claims.
-        /// </summary>
-        /// <param name="claims">The claims to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        public static  bool Authorize([NotNull] this IAuthorizationService service, IEnumerable<Claim> claims, ClaimsPrincipal user)
-        {
-            return service.Authorize(claims, user, null);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
new file mode 100644
index 0000000000..9f3f58c3ac
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security
+{
+    public class ClaimsAuthorizationHandler : AuthorizationHandler<ClaimsAuthorizationRequirement>
+    {
+        public override Task<bool> CheckAsync(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
+        {
+            if (context.Context.User == null)
+            {
+                return Task.FromResult(false);
+            }
+
+            bool found = false;
+            if (requirement.AllowedValues == null || !requirement.AllowedValues.Any())
+            {
+                found = context.Context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase));
+            }
+            else
+            {
+                found = context.Context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)
+                                                    && requirement.AllowedValues.Contains(c.Value, StringComparer.Ordinal));
+            }
+            return Task.FromResult(found);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Security/ClaimsAuthorizationRequirement.cs
new file mode 100644
index 0000000000..8ec5e7c7e1
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/ClaimsAuthorizationRequirement.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+
+namespace Microsoft.AspNet.Security
+{
+    // Must contain a claim with the specified name, and at least one of the required values
+    // If AllowedValues is null or empty, that means any claim is valid
+    public class ClaimsAuthorizationRequirement : IAuthorizationRequirement
+    {
+        public string ClaimType { get; set; }
+        public IEnumerable<string> AllowedValues { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
index 0b05a6d3dd..d20cf65445 100644
--- a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
@@ -1,101 +1,67 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security
 {
     public class DefaultAuthorizationService : IAuthorizationService
     {
-        private readonly IList<IAuthorizationPolicy> _policies;
-        public int MaxRetries = 99;
+        private readonly IList<IAuthorizationHandler> _handlers;
+        private readonly AuthorizationOptions _options;
 
-        public DefaultAuthorizationService(IEnumerable<IAuthorizationPolicy> policies)
+        public DefaultAuthorizationService(IOptions<AuthorizationOptions> options, IEnumerable<IAuthorizationHandler> handlers)
         {
-            if (policies == null)
-            {
-                _policies = Enumerable.Empty<IAuthorizationPolicy>().ToArray();
-            } 
-            else 
-            {
-                _policies = policies.OrderBy(x => x.Order).ToArray();
-            }
+            _handlers = handlers.ToArray();
+            _options = options.Options;
         }
 
-        public async Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource)
+        public Task<bool> AuthorizeAsync([NotNull] string policyName, HttpContext context, object resource = null)
         {
-            var context = new AuthorizationPolicyContext(claims, user, resource);
-
-            foreach (var policy in _policies)
+            var policy = _options.GetPolicy(policyName);
+            if (policy == null)
             {
-                await policy.ApplyingAsync(context);
+                return Task.FromResult(false);
             }
+            return AuthorizeAsync(policy, context, resource);
+        }
 
-            // we only apply the policies for a limited number of times to prevent
-            // infinite loops
-
-            int retries;
-            for (retries = 0; retries < MaxRetries; retries++)
+        public async Task<bool> AuthorizeAsync([NotNull] AuthorizationPolicy policy, [NotNull] HttpContext context, object resource = null)
+        {
+            var user = context.User;
+            try
             {
-                // we don't need to check for owned claims if the permission is already granted
-                if (!context.Authorized)
+                // Generate the user identities if policy specified the AuthTypes
+                if (policy.ActiveAuthenticationTypes != null && policy.ActiveAuthenticationTypes.Any() )
                 {
-                    if (context.User != null)
+                    var principal = new ClaimsPrincipal();
+
+                    var results = await context.AuthenticateAsync(policy.ActiveAuthenticationTypes);
+                    // REVIEW: re requesting the identities fails for MVC currently, so we only request if not found
+                    foreach (var result in results)
                     {
-                        if (ClaimsMatch(context.Claims, context.UserClaims))
-                        {
-                            context.Authorized = true;
-                        }
+                        principal.AddIdentity(result.Identity);
                     }
+                    context.User = principal;
                 }
 
-                // reset the retry flag
-                context.Retry = false;
+                var authContext = new AuthorizationContext(policy, context, resource);
 
-                // give a chance for policies to change claims or the grant
-                foreach (var policy in _policies)
+                foreach (var handler in _handlers)
                 {
-                    await policy.ApplyAsync(context);
-                }
-
-                // if no policies have changed the context, stop checking
-                if (!context.Retry)
-                {
-                    break;
+                    await handler.HandleAsync(authContext);
                 }
+                return authContext.HasSucceeded;
             }
-
-            if (retries == MaxRetries)
+            finally
             {
-                throw new InvalidOperationException("Too many authorization retries.");
+                context.User = user;
             }
-
-            foreach (var policy in _policies)
-            {
-                await policy.AppliedAsync(context);
-            }
-
-            return context.Authorized;
-        }
-
-        public bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource)
-        {
-            return AuthorizeAsync(claims, user, resource).GetAwaiter().GetResult();
-        }
-
-        private bool ClaimsMatch([NotNull] IEnumerable<Claim> x, [NotNull] IEnumerable<Claim> y)
-        {
-            return x.Any(claim => 
-                        y.Any(userClaim => 
-                            string.Equals(claim.Type, userClaim.Type, StringComparison.OrdinalIgnoreCase) &&
-                            string.Equals(claim.Value, userClaim.Value, StringComparison.Ordinal)
-                        )
-                    );
-
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
new file mode 100644
index 0000000000..878a32ec92
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security
+{
+    public class DenyAnonymousAuthorizationHandler : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>
+    {
+        public override Task<bool> CheckAsync(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
+        {
+            var user = context.User;
+            var userIsAnonymous =
+                user == null ||
+                user.Identity == null ||
+                !user.Identity.IsAuthenticated;
+            return Task.FromResult(!userIsAnonymous);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationRequirement.cs
new file mode 100644
index 0000000000..286d5fd69a
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationRequirement.cs
@@ -0,0 +1,9 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Security;
+
+namespace Microsoft.AspNet.Security
+{
+    public class DenyAnonymousAuthorizationRequirement : IAuthorizationRequirement { }
+}
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
similarity index 50%
rename from src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
rename to src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
index 0f121d558a..975a305b86 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
@@ -5,11 +5,9 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNet.Security
 {
-    public interface IAuthorizationPolicy
+    public interface IAuthorizationHandler
     {
-        int Order { get; set; }
-        Task ApplyingAsync(AuthorizationPolicyContext context);
-        Task ApplyAsync(AuthorizationPolicyContext context);
-        Task AppliedAsync(AuthorizationPolicyContext context);
+        Task HandleAsync(AuthorizationContext context);
+        //void Handle(AuthorizationContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationRequirement.cs b/src/Microsoft.AspNet.Security/IAuthorizationRequirement.cs
new file mode 100644
index 0000000000..bd25247df2
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/IAuthorizationRequirement.cs
@@ -0,0 +1,9 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security
+{
+    public interface IAuthorizationRequirement
+    {
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationService.cs b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
index 9fcef75a2f..8bcafda3d7 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
@@ -1,34 +1,32 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Collections.Generic;
-using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security
 {
     /// <summary>
-    /// Checks claims based permissions for a user.
+    /// Checks policy based permissions for a user
     /// </summary>
     public interface IAuthorizationService
     {
         /// <summary>
-        /// Checks if a user has specific claims for a specific context obj.
+        /// Checks if a user meets a specific authorization policy
         /// </summary>
-        /// <param name="claims">The claims to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <param name="resource">The resource the claims should be check with.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        Task<bool> AuthorizeAsync(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource);
+        /// <param name="policy">The policy to check against a specific context.</param>
+        /// <param name="context">The HttpContext to check the policy against.</param>
+        /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        Task<bool> AuthorizeAsync(string policyName, HttpContext context, object resource = null);
 
         /// <summary>
-        /// Checks if a user has specific claims for a specific context obj.
+        /// Checks if a user meets a specific authorization policy
         /// </summary>
-        /// <param name="claims">The claims to check against a specific user.</param>
-        /// <param name="user">The user to check claims against.</param>
-        /// <param name="resource">The resource the claims should be check with.</param>
-        /// <returns><value>true</value> when the user fulfills one of the claims, <value>false</value> otherwise.</returns>
-        bool Authorize(IEnumerable<Claim> claims, ClaimsPrincipal user, object resource);
-
+        /// <param name="policy">The policy to check against a specific context.</param>
+        /// <param name="context">The HttpContext to check the policy against.</param>
+        /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        Task<bool> AuthorizeAsync(AuthorizationPolicy policy, HttpContext context, object resource = null);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
new file mode 100644
index 0000000000..0dfc6ab289
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security
+{
+    public class PassThroughAuthorizationHandler : IAuthorizationHandler
+    {
+        public async Task HandleAsync(AuthorizationContext context)
+        {
+            foreach (var handler in context.Policy.Requirements.OfType<IAuthorizationHandler>())
+            {
+                await handler.HandleAsync(context);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..cceec4cc28
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Security;
+using Microsoft.Framework.ConfigurationModel;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    public static class ServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+
+        // Review: Need UseDefaultSubkey parameter?
+        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, IConfiguration config = null, Action<AuthorizationOptions> configureOptions = null)
+        {
+            var describe = new ServiceDescriber(config);
+            services.AddOptions(config);
+            services.TryAdd(describe.Transient<IAuthorizationService, DefaultAuthorizationService>());
+            services.Add(describe.Transient<IAuthorizationHandler, ClaimsAuthorizationHandler>());
+            services.Add(describe.Transient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>());
+            if (configureOptions != null)
+            {
+                services.Configure(configureOptions);
+            }
+            return services;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index a5a003b801..00f6cde0aa 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -3,307 +3,588 @@
 
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Security;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.DependencyInjection.Fallback;
+using Microsoft.Framework.OptionsModel;
+using Moq;
 using Xunit;
 
 namespace Microsoft.AspNet.Security.Test
 {
     public class DefaultAuthorizationServiceTests
     {
+        private IAuthorizationService BuildAuthorizationService(Action<IServiceCollection> setupServices = null)
+        {
+            var services = new ServiceCollection();
+            services.AddAuthorization();
+            if (setupServices != null)
+            {
+                setupServices(services);
+            }
+            return services.BuildServiceProvider().GetRequiredService<IAuthorizationService>();
+        }
+
+        private Mock<HttpContext> SetupContext(params ClaimsIdentity[] ids)
+        {
+            var context = new Mock<HttpContext>();
+            context.SetupProperty(c => c.User);
+            var user = new ClaimsPrincipal();
+            user.AddIdentities(ids);
+            context.Object.User = user;
+            if (ids != null)
+            {
+                var results = new List<AuthenticationResult>();
+                foreach (var id in ids)
+                {
+                    results.Add(new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription()));
+                }
+                context.Setup(c => c.AuthenticateAsync(It.IsAny<IEnumerable<string>>())).ReturnsAsync(results).Verifiable();
+            }
+            return context;
+        }
+
         [Fact]
-        public void Check_ShouldAllowIfClaimIsPresent()
+        public async Task Authorize_ShouldAllowIfClaimIsPresent()
         {
             // Arrange
-            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
-            var user = new ClaimsPrincipal(
-                new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic")
-                );
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    options.AddPolicy("Basic", new AuthorizationPolicyBuilder()
+                        .RequiresClaim("Permission", "CanViewPage")
+                        .Build());
+                });
+            });
+            var context = SetupContext(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
 
             // Act
-            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
 
             // Assert
             Assert.True(allowed);
         }
 
         [Fact]
-        public void Check_ShouldAllowIfClaimIsAmongValues()
+        public async Task Authorize_ShouldAllowIfClaimIsPresentWithSpecifiedAuthType()
         {
             // Arrange
-            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
-            var user = new ClaimsPrincipal(
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder("Basic").RequiresClaim("Permission", "CanViewPage");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task Authorize_ShouldAllowIfClaimIsAmongValues()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage", "CanViewAnything");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
                 new ClaimsIdentity(
-                    new Claim[] { 
-                        new Claim("Permission", "CanViewPage"), 
+                    new Claim[] {
+                        new Claim("Permission", "CanViewPage"),
                         new Claim("Permission", "CanViewAnything")
-                    }, 
+                    },
                     "Basic")
                 );
 
             // Act
-            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
 
             // Assert
             Assert.True(allowed);
         }
 
         [Fact]
-        public void Check_ShouldNotAllowIfClaimTypeIsNotPresent()
+        public async Task Authorize_ShouldFailWhenAllRequirementsNotHandled()
         {
             // Arrange
-            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
-            var user = new ClaimsPrincipal(
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage", "CanViewAnything");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
                 new ClaimsIdentity(
-                    new Claim[] { 
-                        new Claim("SomethingElse", "CanViewPage"), 
+                    new Claim[] {
+                        new Claim("SomethingElse", "CanViewPage"),
                     },
                     "Basic")
                 );
 
             // Act
-            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
 
             // Assert
             Assert.False(allowed);
         }
 
         [Fact]
-        public void Check_ShouldNotAllowIfClaimValueIsNotPresent()
+        public async Task Authorize_ShouldNotAllowIfClaimTypeIsNotPresent()
         {
             // Arrange
-            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
-            var user = new ClaimsPrincipal(
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage", "CanViewAnything");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
                 new ClaimsIdentity(
-                    new Claim[] { 
-                        new Claim("Permission", "CanViewComment"), 
+                    new Claim[] {
+                        new Claim("SomethingElse", "CanViewPage"),
                     },
                     "Basic")
                 );
 
             // Act
-            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
 
             // Assert
             Assert.False(allowed);
         }
 
         [Fact]
-        public void Check_ShouldNotAllowIfNoClaims()
+        public async Task Authorize_ShouldNotAllowIfClaimValueIsNotPresent()
         {
             // Arrange
-            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
-            var user = new ClaimsPrincipal(
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("Permission", "CanViewComment"),
+                    },
+                    "Basic")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public async Task Authorize_ShouldNotAllowIfNoClaims()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
                 new ClaimsIdentity(
                     new Claim[0],
                     "Basic")
                 );
 
             // Act
-            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
 
             // Assert
             Assert.False(allowed);
         }
 
         [Fact]
-        public void Check_ShouldNotAllowIfUserIsNull()
+        public async Task Authorize_ShouldNotAllowIfUserIsNull()
         {
             // Arrange
-            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
-            ClaimsPrincipal user = null;
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext();
+            context.Object.User = null;
 
             // Act
-            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
 
             // Assert
             Assert.False(allowed);
         }
 
         [Fact]
-        public void Check_ShouldNotAllowIfUserIsNotAuthenticated()
+        public async Task Authorize_ShouldNotAllowIfNotCorrectAuthType()
         {
             // Arrange
-            var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
-            var user = new ClaimsPrincipal(
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder("Basic").RequiresClaim("Permission", "CanViewPage");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(new ClaimsIdentity());
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public async Task Authorize_ShouldAllowWithNoAuthType()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
                 new ClaimsIdentity(
-                    new Claim[] { 
-                        new Claim("Permission", "CanViewComment"), 
+                    new Claim[] {
+                        new Claim("Permission", "CanViewPage"),
+                    },
+                    "Basic")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task Authorize_ShouldNotAllowIfUnknownPolicy()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService();
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("Permission", "CanViewComment"),
                     },
                     null)
                 );
 
             // Act
-            var allowed = authorizationService.Authorize(new Claim[] { new Claim("Permission", "CanViewPage") }, user);
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
 
             // Assert
             Assert.False(allowed);
         }
 
         [Fact]
-        public void Check_ShouldApplyPoliciesInOrder()
+        public async Task Authorize_CustomRolePolicy()
         {
             // Arrange
-            string result = "";
-            var policies = new IAuthorizationPolicy[] {
-                new FakePolicy() {
-                    Order = 20,
-                    ApplyingAsyncAction = (context) => { result += "20"; }
-                },
-                new FakePolicy() {
-                    Order = -1,
-                    ApplyingAsyncAction = (context) => { result += "-1"; }
-                },
-                new FakePolicy() {
-                    Order = 30,
-                    ApplyingAsyncAction = (context) => { result += "30"; }
-                },
-            };
-
-            var authorizationService = new DefaultAuthorizationService(policies);
-            
-            // Act
-            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
-
-            // Assert
-            Assert.Equal("-12030", result);
-        }
-
-        [Fact]
-        public void Check_ShouldInvokeApplyingApplyAppliedInOrder()
-        {
-            // Arrange
-            string result = "";
-            var policies = new IAuthorizationPolicy[] {
-                new FakePolicy() {
-                    Order = 20,
-                    ApplyingAsyncAction = (context) => { result += "Applying20"; },
-                    ApplyAsyncAction = (context) => { result += "Apply20"; },
-                    AppliedAsyncAction = (context) => { result += "Applied20"; }
-                },
-                new FakePolicy() {
-                    Order = -1,
-                    ApplyingAsyncAction = (context) => { result += "Applying-1"; },
-                    ApplyAsyncAction = (context) => { result += "Apply-1"; },
-                    AppliedAsyncAction = (context) => { result += "Applied-1"; }
-                },
-                new FakePolicy() {
-                    Order = 30,
-                    ApplyingAsyncAction = (context) => { result += "Applying30"; },
-                    ApplyAsyncAction = (context) => { result += "Apply30"; },
-                    AppliedAsyncAction = (context) => { result += "Applied30"; }
-                },
-            };
-
-            var authorizationService = new DefaultAuthorizationService(policies);
-            
-            // Act
-            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
-
-            // Assert
-            Assert.Equal("Applying-1Applying20Applying30Apply-1Apply20Apply30Applied-1Applied20Applied30", result);
-        }
-
-        [Fact]
-        public void Check_ShouldConvertNullClaimsToEmptyList()
-        {
-            // Arrange
-            IList<Claim> claims = null;
-            var policies = new IAuthorizationPolicy[] {
-                new FakePolicy() {
-                    Order = 20,
-                    ApplyingAsyncAction = (context) => { claims = context.Claims; }
-                }
-            };
-
-            var authorizationService = new DefaultAuthorizationService(policies);
-            
-            // Act
-            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null);
-
-            // Assert
-            Assert.NotNull(claims);
-            Assert.Equal(0, claims.Count);
-        }
-
-        [Fact]
-        public void Check_ShouldThrowWhenPoliciesDontStop()
-        {
-            // Arrange
-            var policies = new IAuthorizationPolicy[] {
-                new FakePolicy() {
-                    ApplyAsyncAction = (context) => { context.Retry = true; }
-                }
-            };
-
-            var authorizationService = new DefaultAuthorizationService(policies);
-
-            // Act
-            // Assert
-            Exception ex = Assert.Throws<InvalidOperationException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null));
-        }
- 
-        [Fact]
-        public void Check_ApplyCanMutateCheckedClaims()
-        {
-
-            // Arrange
-            var user = new ClaimsPrincipal(
-                new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic")
+            var policy = new AuthorizationPolicyBuilder().RequiresRole("Administrator")
+                .RequiresClaim(ClaimTypes.Role, "User");
+            var authorizationService = BuildAuthorizationService();
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim(ClaimTypes.Role, "User"),
+                        new Claim(ClaimTypes.Role, "Administrator")
+                    },
+                    "Basic")
                 );
 
-            var policies = new IAuthorizationPolicy[] {
-                new FakePolicy() {
-                    ApplyAsyncAction = (context) => { 
-                        // for instance, if user owns the comment
-                        if(!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments"))
-                        {
-                            context.Claims.Add(new Claim("Permission", "CanDeleteComments")); 
-                            context.Retry = true;
-                        }
-                    }
-                }
-            };
-
-            var authorizationService = new DefaultAuthorizationService(policies);
-            
             // Act
-            var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), user);
+            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
 
             // Assert
             Assert.True(allowed);
         }
 
         [Fact]
-        public void Check_PoliciesCanMutateUsersClaims()
+        public async Task Authorize_HasAnyClaimOfTypePolicy()
         {
-
             // Arrange
-            var user = new ClaimsPrincipal(
-                new ClaimsIdentity(new Claim[0], "Basic")
+            var policy = new AuthorizationPolicyBuilder().RequiresClaim(ClaimTypes.Role);
+            var authorizationService = BuildAuthorizationService();
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim(ClaimTypes.Role, ""),
+                    },
+                    "Basic")
                 );
 
-            var policies = new IAuthorizationPolicy[] {
-                new FakePolicy() {
-                    ApplyAsyncAction = (context) => { 
-                        if (!context.Authorized) 
-                        {
-                            context.UserClaims.Add(new Claim("Permission", "CanDeleteComments")); 
-                            context.Retry = true;
-                        }
-                    }
-                }
-            };
-
-            var authorizationService = new DefaultAuthorizationService(policies);
-            
             // Act
-            var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user);
+            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
 
             // Assert
             Assert.True(allowed);
         }
+
+        [Fact]
+        public async Task Authorize_PolicyCanAuthenticationTypeWithNameClaim()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder("AuthType").RequiresClaim(ClaimTypes.Name);
+            var authorizationService = BuildAuthorizationService();
+            var context = SetupContext(
+                new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Name") }, "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task RolePolicyCanRequireSingleRole()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder("AuthType").RequiresRole("Admin");
+            var authorizationService = BuildAuthorizationService();
+            var context = SetupContext(
+                new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, "Admin") }, "AuthType")
+            );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task RolePolicyCanRequireOneOfManyRoles()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder("AuthType").RequiresRole("Admin", "Users");
+            var authorizationService = BuildAuthorizationService();
+            var context = SetupContext(
+                new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, "Users") }, "AuthType"));
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task RolePolicyCanBlockWrongRole()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
+            var authorizationService = BuildAuthorizationService();
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim(ClaimTypes.Role, "Nope"),
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public async Task RolePolicyCanBlockNoRole()
+        {
+            // Arrange
+
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequiresRole("Admin", "Users");
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public async Task PolicyFailsWithNoRequirements()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder();
+                    options.AddPolicy("Basic", policy.Build());
+                });
+            });
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim(ClaimTypes.Name, "Name"),
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public async Task CanApproveAnyAuthenticatedUser()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser();
+                    options.AddPolicy("Any", policy.Build());
+                });
+            });
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim(ClaimTypes.Name, "Name"),
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Any", context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task CanBlockNonAuthenticatedUser()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser();
+                    options.AddPolicy("Any", policy.Build());
+                });
+            });
+            var context = SetupContext(new ClaimsIdentity());
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Any", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        public class CustomRequirement : IAuthorizationRequirement { }
+        public class CustomHandler : AuthorizationHandler<CustomRequirement>
+        {
+            public override Task<bool> CheckAsync(AuthorizationContext context, CustomRequirement requirement)
+            {
+                return Task.FromResult(true);
+            }
+        }
+
+        [Fact]
+        public async Task CustomReqWithNoHandlerFails()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder();
+                    policy.Requirements.Add(new CustomRequirement());
+                    options.AddPolicy("Custom", policy.Build());
+                });
+            });
+            var context = SetupContext();
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Custom", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+
+        [Fact]
+        public async Task CustomReqWithHandlerSucceeds()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddTransient<IAuthorizationHandler, CustomHandler>();
+                services.Configure<AuthorizationOptions>(options =>
+                {
+                    var policy = new AuthorizationPolicyBuilder();
+                    policy.Requirements.Add(new CustomRequirement());
+                    options.AddPolicy("Custom", policy.Build());
+                });
+            });
+            var context = SetupContext();
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Custom", context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
     }
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/FakePolicy.cs b/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
deleted file mode 100644
index be9139b89d..0000000000
--- a/test/Microsoft.AspNet.Security.Test/FakePolicy.cs
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Security;
-
-namespace Microsoft.AspNet.Security.Test 
-{
-    public class FakePolicy : IAuthorizationPolicy
-    {
-            
-        public int Order { get; set; }
-
-        public Task ApplyingAsync(AuthorizationPolicyContext context) 
-        {
-            if (ApplyingAsyncAction != null)
-            {
-                ApplyingAsyncAction(context);
-            }
-
-            return Task.FromResult(0);
-        }
-        
-        public Task ApplyAsync(AuthorizationPolicyContext context) 
-        {
-            if (ApplyAsyncAction != null)
-            {
-                ApplyAsyncAction(context);
-            }
-            
-            return Task.FromResult(0);
-
-        }
-        
-        public Task AppliedAsync(AuthorizationPolicyContext context) 
-        {
-            if (AppliedAsyncAction != null)
-            {
-                AppliedAsyncAction(context);
-            }
-            
-            return Task.FromResult(0);
-        }
-
-        public Action<AuthorizationPolicyContext> ApplyingAsyncAction { get; set;}
-
-        public Action<AuthorizationPolicyContext> ApplyAsyncAction { get; set;}
-
-        public Action<AuthorizationPolicyContext> AppliedAsyncAction { get; set;}
-    }
-}
diff --git a/test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs b/test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs
deleted file mode 100644
index 01ef364c1d..0000000000
--- a/test/Microsoft.AspNet.Security.Test/TestApplicationEnvironment.cs
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Runtime.Versioning;
-using Microsoft.Framework.Runtime;
-
-namespace Microsoft.AspNet.Security
-{
-    public class TestApplicationEnvironment : IApplicationEnvironment
-    {
-        public string ApplicationBasePath
-        {
-            get { return Environment.CurrentDirectory; }
-        }
-
-        public string ApplicationName
-        {
-            get { return "Test App environment"; }
-        }
-
-        public string Configuration
-        {
-            get { return "Test"; }
-        }
-
-        public FrameworkName RuntimeFramework
-        {
-            get { return new FrameworkName(".NETFramework", new Version(4, 5)); }
-        }
-
-        public string Version
-        {
-            get { return "1.0.0"; }
-        }
-    }
-}
\ No newline at end of file

From de56109c160dd0b870ecce582ee36d98f5516a29 Mon Sep 17 00:00:00 2001
From: tushar gupta <tushargupta51@gmail.com>
Date: Thu, 15 Jan 2015 17:21:00 -0800
Subject: [PATCH 134/900] Fixing Issue #120

---
 .../OAuthBearerAuthenticationHandler.cs        |  7 +++++++
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs  | 18 +++++++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index b81af0c735..c1f03a074c 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -60,6 +60,13 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                 }
 
                 string authorization = Request.Headers.Get("Authorization");
+
+                // If no authorization header found, nothing to process further
+                if (String.IsNullOrEmpty(authorization))
+                {
+                    return null;
+                }
+
                 if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
                 {
                      token = authorization.Substring("Bearer ".Length).Trim();
diff --git a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index eff8e28841..2139f56306 100644
--- a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -66,6 +66,22 @@ namespace Microsoft.AspNet.Security.OAuthBearer
             return Task.FromResult<object>(null);
         }
 
+        [Fact]
+        public async Task NoHeaderReceived()
+        {
+            var server = CreateServer(options => { });
+            var response = await SendAsync(server, "http://example.com/oauth");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task HeaderWithoutBearerReceived()
+        {
+            var server = CreateServer(options => { });
+            var response = await SendAsync(server, "http://example.com/oauth","Token");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
         [Fact]
         public async Task CustomTokenReceived()
         {
@@ -235,4 +251,4 @@ namespace Microsoft.AspNet.Security.OAuthBearer
             public XElement ResponseElement { get; set; }
         }
     }
-}
\ No newline at end of file
+}

From cdbd003bb1753b524ca52f9da8cd5848b9e6863d Mon Sep 17 00:00:00 2001
From: tushar gupta <tushargupta51@gmail.com>
Date: Fri, 16 Jan 2015 11:49:57 -0800
Subject: [PATCH 135/900] Adding token property to MessageReceivedNotification

---
 .../OAuthBearerAuthenticationHandler.cs       | 34 +++++++++++--------
 .../MessageReceivedNotification.cs            |  5 +++
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs | 17 ++++++++++
 3 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index c1f03a074c..a4555790dc 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -59,23 +59,29 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     return null;
                 }
 
-                string authorization = Request.Headers.Get("Authorization");
+                // If application retrieved token from somewhere else, use that.
+                token = messageReceivedNotification.Token;
 
-                // If no authorization header found, nothing to process further
-                if (String.IsNullOrEmpty(authorization))
-                {
-                    return null;
-                }
-
-                if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
-                {
-                     token = authorization.Substring("Bearer ".Length).Trim();
-                }
-
-                // If no token found, no further work possible
                 if (string.IsNullOrEmpty(token))
                 {
-                    return null;
+                    string authorization = Request.Headers.Get("Authorization");
+
+                    // If no authorization header found, nothing to process further
+                    if (string.IsNullOrEmpty(authorization))
+                    {
+                        return null;
+                    }
+
+                    if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
+                    {
+                        token = authorization.Substring("Bearer ".Length).Trim();
+                    }
+
+                    // If no token found, no further work possible
+                    if (string.IsNullOrEmpty(token))
+                    {
+                        return null;
+                    }
                 }
 
                 // notify user token was received
diff --git a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
index 1b1f599881..f583746c3c 100644
--- a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
@@ -12,5 +12,10 @@ namespace Microsoft.AspNet.Security.Notifications
         }
 
         public TMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
+        /// </summary>
+        public string Token { get; set; }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index 2139f56306..26f202e08e 100644
--- a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -137,6 +137,23 @@ namespace Microsoft.AspNet.Security.OAuthBearer
             return Task.FromResult<object>(null);
         }
 
+        [Fact]
+        public async Task RetrievingTokenFromAlternateLocation()
+        {
+            var server = CreateServer(options => {
+                options.Notifications.MessageReceived = MessageReceived;
+                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+            });
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        private static Task MessageReceived(MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
+        {
+            notification.Token = "CustomToken";
+            return Task.FromResult<object>(null);
+        }
+
         class BlobTokenValidator : ISecurityTokenValidator
         {
 

From c53394e847f3959c1002a20ce581ac4f978e8c5b Mon Sep 17 00:00:00 2001
From: tushar gupta <tushargupta51@gmail.com>
Date: Fri, 16 Jan 2015 14:35:11 -0800
Subject: [PATCH 136/900] Cleaning up comments and some TODOs.

---
 .../OpenIdConnectAuthenticationOptions.cs             |  6 +++---
 .../OpenidConnectAuthenticationHandler.cs             | 11 +++++------
 src/Microsoft.AspNet.Security/AuthenticationTicket.cs |  6 +++---
 .../Notifications/BaseNotification.cs                 |  4 +++-
 .../Notifications/NotificationResultState.cs          |  6 +++++-
 5 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 5f1b5077ec..a5f1bcd303 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -148,7 +148,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         /// recommends adding a nonce to a request as a mitigation against replay attacks when requesting id_tokens.
         /// By default the runtime uses cookies with unique names generated from a hash of the nonce.
         /// </summary>
-        public INonceCache NoneCache { get; set; }
+        public INonceCache NonceCache { get; set; }
 
         /// <summary>
         /// Gets or sets the discovery endpoint for obtaining metadata
@@ -181,7 +181,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         public OpenIdConnectAuthenticationNotifications Notifications { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used ensure the 'id_token' received
+        /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
         /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 
         /// </summary>
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
@@ -262,7 +262,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
 
         /// <summary>
         /// Gets or sets the type used to secure strings used by the middleware.
-         // </summary>
+        /// </summary>
         public ISecureDataFormat<string> StringDataFormat
         {
             get
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 317cd42e8b..96156f6534 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -77,7 +77,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 // Set End_Session_Endpoint in order:
                 // 1. properties.Redirect
                 // 2. Options.Wreply
-                AuthenticationProperties properties = new AuthenticationProperties(); // TODO signout.Properties;
+                AuthenticationProperties properties = new AuthenticationProperties();
                 if (properties != null && !string.IsNullOrEmpty(properties.RedirectUri))
                 {
                     openIdConnectMessage.PostLogoutRedirectUri = properties.RedirectUri;
@@ -111,7 +111,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         }
 
         /// <summary>
-        /// Responds to a 401 Challenge sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
+        /// Responds to a 401 Challenge. Sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
         /// </summary>
         /// <returns></returns>
         protected override async Task ApplyResponseChallengeAsync()
@@ -158,9 +158,9 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
             if (Options.ProtocolValidator.RequireNonce)
             {
                 openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
-                if (Options.NoneCache != null)
+                if (Options.NonceCache != null)
                 {
-                    Options.NoneCache.AddNonce(openIdConnectMessage.Nonce);
+                    Options.NonceCache.AddNonce(openIdConnectMessage.Nonce);
                 }
                 else
                 {
@@ -215,7 +215,6 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 IFormCollection form = await Request.ReadFormAsync();
                 Request.Body.Seek(0, SeekOrigin.Begin);
 
-                // TODO: a delegate on OpenIdConnectAuthenticationOptions would allow for users to hook their own custom message.
                 openIdConnectMessage = new OpenIdConnectMessage(form);
             }
 
@@ -466,7 +465,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         /// </summary>
         /// <param name="nonceExpectedValue">the nonce that was found in the jwt token.</param>
         /// <returns>'nonceExpectedValue' if a cookie is found that matches, null otherwise.</returns>
-        /// <remarks>Examins <see cref="HttpRequest.Cookies.Keys"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
+        /// <remarks>Examine <see cref="HttpRequest.Cookies.Keys"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
         /// <see cref="OpenIdConnectAuthenticationOptions.StringDataFormat.Unprotect"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="HttpResponse.Cookies.Delete"/> is called.</remarks>
         private string RetrieveNonce(string nonceExpectedValue)
         {
diff --git a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
index 7b7e50998b..82128f10cd 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Security
         /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
         /// </summary>
         /// <param name="identity">the <see cref="ClaimsPrincipal"/> that represents the authenticated user.</param>
-        /// <param name="properties">additional properties that can be consumed by the user or runtims.</param>
+        /// <param name="properties">additional properties that can be consumed by the user or runtime.</param>
         /// <param name="authenticationType">the authentication middleware that was responsible for this ticket.</param>
         public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties properties, string authenticationType)
         {
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Security
         }
 
         /// <summary>
-        /// Gets the authenticated user identity.
+        /// Gets the authentication type.
         /// </summary>
         public string AuthenticationType { get; private set; }
 
@@ -46,7 +46,7 @@ namespace Microsoft.AspNet.Security
         public ClaimsIdentity Identity { get; private set; }
 
         /// <summary>
-        /// Gets the authenticated user identity.
+        /// Gets the claims-principal with authenticated user identities.
         /// </summary>
         public ClaimsPrincipal Principal{ get; private set; }
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs b/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
index 1ef13e2dc5..d1ea6fef75 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
@@ -1,4 +1,6 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 
 using Microsoft.AspNet.Http;
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs b/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
index 1f48e25b39..78d6c85caa 100644
--- a/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
@@ -1,4 +1,8 @@
-using System;
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+
+using System;
 
 namespace Microsoft.AspNet.Security.Notifications
 {

From 123065c0ae9e069714c08b8511aa7ea9a6ccbde5 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Sat, 17 Jan 2015 17:11:34 -0800
Subject: [PATCH 137/900] Add some sugar for AuthZ

- Register passthrough handler by default
- AddPolicy overload that takesAction<AuthorizationPolicyBuilder>
- Chaining policy overloads/methods
- More fluent apis for PolicyBuilder
Fixes #122, #114
---
 .../AuthorizationOptions.cs                   |   8 +
 .../AuthorizationPolicyBuilder.cs             |  37 +++-
 .../PassThroughAuthorizationHandler.cs        |   1 -
 .../ServiceCollectionExtensions.cs            |   1 +
 .../DefaultAuthorizationServiceTests.cs       | 201 +++++++++++++-----
 5 files changed, 189 insertions(+), 59 deletions(-)

diff --git a/src/Microsoft.AspNet.Security/AuthorizationOptions.cs b/src/Microsoft.AspNet.Security/AuthorizationOptions.cs
index 667ee4fcba..8a53e574d2 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationOptions.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 
 namespace Microsoft.AspNet.Security
@@ -15,6 +16,13 @@ namespace Microsoft.AspNet.Security
             PolicyMap[name] = policy;
         }
 
+        public void AddPolicy([NotNull] string name, [NotNull] Action<AuthorizationPolicyBuilder> configurePolicy)
+        {
+            var policyBuilder = new AuthorizationPolicyBuilder();
+            configurePolicy(policyBuilder);
+            PolicyMap[name] = policyBuilder.Build();
+        }
+
         public AuthorizationPolicy GetPolicy([NotNull] string name)
         {
             return PolicyMap.ContainsKey(name) ? PolicyMap[name] : null;
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
index 520bc77460..7b8617f543 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
+using System.Linq;
 using System.Security.Claims;
 
 namespace Microsoft.AspNet.Security
@@ -10,14 +11,42 @@ namespace Microsoft.AspNet.Security
     {
         public AuthorizationPolicyBuilder(params string[] activeAuthenticationTypes)
         {
-            foreach (var authType in activeAuthenticationTypes) {
-                ActiveAuthenticationTypes.Add(authType);
-            }
+            AddAuthenticationTypes(activeAuthenticationTypes);
+        }
+
+        public AuthorizationPolicyBuilder(AuthorizationPolicy policy)
+        {
+            Combine(policy);
         }
 
         public IList<IAuthorizationRequirement> Requirements { get; set; } = new List<IAuthorizationRequirement>();
         public IList<string> ActiveAuthenticationTypes { get; set; } = new List<string>();
 
+        public AuthorizationPolicyBuilder AddAuthenticationTypes(params string[] activeAuthTypes)
+        {
+            foreach (var authType in activeAuthTypes)
+            {
+                ActiveAuthenticationTypes.Add(authType);
+            }
+            return this;
+        }
+
+        public AuthorizationPolicyBuilder AddRequirements(params IAuthorizationRequirement[] requirements)
+        {
+            foreach (var req in requirements)
+            {
+                Requirements.Add(req);
+            }
+            return this;
+        }
+
+        public AuthorizationPolicyBuilder Combine(AuthorizationPolicy policy)
+        {
+            AddAuthenticationTypes(policy.ActiveAuthenticationTypes.ToArray());
+            AddRequirements(policy.Requirements.ToArray());
+            return this;
+        }
+
         public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType, params string[] requiredValues)
         {
             Requirements.Add(new ClaimsAuthorizationRequirement
@@ -55,4 +84,4 @@ namespace Microsoft.AspNet.Security
             return new AuthorizationPolicy(Requirements, ActiveAuthenticationTypes);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
index 0dfc6ab289..837b2f2676 100644
--- a/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Linq;
 using System.Threading.Tasks;
 
diff --git a/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
index cceec4cc28..41b0978cdf 100644
--- a/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
@@ -22,6 +22,7 @@ namespace Microsoft.Framework.DependencyInjection
             services.TryAdd(describe.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.Add(describe.Transient<IAuthorizationHandler, ClaimsAuthorizationHandler>());
             services.Add(describe.Transient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>());
+            services.Add(describe.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             if (configureOptions != null)
             {
                 services.Configure(configureOptions);
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index 00f6cde0aa..1ba7054390 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -9,7 +9,6 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.DependencyInjection.Fallback;
-using Microsoft.Framework.OptionsModel;
 using Moq;
 using Xunit;
 
@@ -53,11 +52,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", new AuthorizationPolicyBuilder()
-                        .RequiresClaim("Permission", "CanViewPage")
-                        .Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
             var context = SetupContext(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
@@ -75,10 +72,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder("Basic").RequiresClaim("Permission", "CanViewPage");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
             var context = SetupContext(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
@@ -96,10 +92,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage", "CanViewAnything");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
             var context = SetupContext(
@@ -124,10 +119,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage", "CanViewAnything");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
             var context = SetupContext(
@@ -151,10 +145,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage", "CanViewAnything");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
             var context = SetupContext(
@@ -178,10 +171,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
             var context = SetupContext(
@@ -205,10 +197,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
             var context = SetupContext(
@@ -230,10 +221,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
             var context = SetupContext();
@@ -252,10 +242,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder("Basic").RequiresClaim("Permission", "CanViewPage");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
             var context = SetupContext(new ClaimsIdentity());
@@ -273,10 +262,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
             var context = SetupContext(
@@ -433,13 +421,11 @@ namespace Microsoft.AspNet.Security.Test
         public async Task RolePolicyCanBlockNoRole()
         {
             // Arrange
-
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequiresRole("Admin", "Users");
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => policy.RequiresRole("Admin", "Users"));
                 });
             });
             var context = SetupContext(
@@ -462,10 +448,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder();
-                    options.AddPolicy("Basic", policy.Build());
+                    options.AddPolicy("Basic", policy => { });
                 });
             });
             var context = SetupContext(
@@ -489,10 +474,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser();
-                    options.AddPolicy("Any", policy.Build());
+                    options.AddPolicy("Any", policy => policy.RequireAuthenticatedUser());
                 });
             });
             var context = SetupContext(
@@ -516,10 +500,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser();
-                    options.AddPolicy("Any", policy.Build());
+                    options.AddPolicy("Any", policy => policy.RequireAuthenticatedUser());
                 });
             });
             var context = SetupContext(new ClaimsIdentity());
@@ -546,11 +529,9 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder();
-                    policy.Requirements.Add(new CustomRequirement());
-                    options.AddPolicy("Custom", policy.Build());
+                    options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
                 });
             });
             var context = SetupContext();
@@ -562,7 +543,6 @@ namespace Microsoft.AspNet.Security.Test
             Assert.False(allowed);
         }
 
-
         [Fact]
         public async Task CustomReqWithHandlerSucceeds()
         {
@@ -570,11 +550,9 @@ namespace Microsoft.AspNet.Security.Test
             var authorizationService = BuildAuthorizationService(services =>
             {
                 services.AddTransient<IAuthorizationHandler, CustomHandler>();
-                services.Configure<AuthorizationOptions>(options =>
+                services.ConfigureAuthorization(options =>
                 {
-                    var policy = new AuthorizationPolicyBuilder();
-                    policy.Requirements.Add(new CustomRequirement());
-                    options.AddPolicy("Custom", policy.Build());
+                    options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
                 });
             });
             var context = SetupContext();
@@ -586,5 +564,120 @@ namespace Microsoft.AspNet.Security.Test
             Assert.True(allowed);
         }
 
+        public class PassThroughRequirement : AuthorizationHandler<PassThroughRequirement>, IAuthorizationRequirement
+        {
+            public PassThroughRequirement(bool succeed)
+            {
+                Succeed = succeed;
+            }
+
+            public bool Succeed { get; set; }
+
+            public override Task<bool> CheckAsync(AuthorizationContext context, PassThroughRequirement requirement)
+            {
+                return Task.FromResult(Succeed);
+            }
+        }
+
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task PassThroughRequirementWillSucceedWithoutCustomHandler(bool shouldSucceed)
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    options.AddPolicy("Passthrough", policy => policy.Requirements.Add(new PassThroughRequirement(shouldSucceed)));
+                });
+            });
+            var context = SetupContext();
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Passthrough", context.Object);
+
+            // Assert
+            Assert.Equal(shouldSucceed, allowed);
+        }
+
+        public async Task CanCombinePolicies()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    var basePolicy = new AuthorizationPolicyBuilder().RequiresClaim("Base", "Value").Build();
+                    options.AddPolicy("Combineed", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
+                });
+            });
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("Base", "Value"),
+                        new Claim("Claim", "Exists")
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Combined", context.Object);
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        public async Task CombinePoliciesWillFailIfBasePolicyFails()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    var basePolicy = new AuthorizationPolicyBuilder().RequiresClaim("Base", "Value").Build();
+                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
+                });
+            });
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("Claim", "Exists")
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Combined", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        public async Task CombinedPoliciesWillFailIfExtraRequirementFails()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    var basePolicy = new AuthorizationPolicyBuilder().RequiresClaim("Base", "Value").Build();
+                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
+                });
+            });
+            var context = SetupContext(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("Base", "Value"),
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync("Combined", context.Object);
+
+            // Assert
+            Assert.False(allowed);
+        }
     }
 }
\ No newline at end of file

From ac03ad3edfdb08341aa4b176744ab0244b59677a Mon Sep 17 00:00:00 2001
From: Stephen Halter <halter73@gmail.com>
Date: Sun, 18 Jan 2015 20:55:49 -0800
Subject: [PATCH 138/900] Handle HttpFeature rename

---
 .../Notifications/CookieValidateIdentityContext.cs              | 2 +-
 .../Infrastructure/AuthenticationHandler.cs                     | 2 +-
 .../Infrastructure/HttpContextExtensions.cs                     | 2 +-
 src/Microsoft.AspNet.Security/project.json                      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
index ea16822042..771d75d40c 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -7,7 +7,7 @@ using System.Security.Claims;
 using System.Security.Principal;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.Http.Interfaces.Security;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.Notifications;
 
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index 2c9691c489..d7a0db8fcd 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -12,7 +12,7 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.Http.Interfaces.Security;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.Framework.Logging;
 
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
index 642809e18c..5ba7a9ce4f 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Core.Security;
-using Microsoft.AspNet.HttpFeature.Security;
+using Microsoft.AspNet.Http.Interfaces.Security;
 
 namespace Microsoft.AspNet.Security.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index 6e7c66c598..b147d3031c 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
-        "Microsoft.AspNet.HttpFeature": { "version": "1.0.0-*", "type": "build" },
+        "Microsoft.AspNet.Http.Interfaces": { "version": "1.0.0-*", "type": "build" },
         "Microsoft.AspNet.Http.Core": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*"

From 1f14d9aa503a8b70a72fc06a92151abd542e90b0 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 20 Jan 2015 01:36:43 -0800
Subject: [PATCH 139/900] Updating build.cmd and build.sh to use dotnetsdk

---
 build.cmd | 6 +++---
 build.sh  | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/build.cmd b/build.cmd
index 86ca5bbbf1..c8041fdd9d 100644
--- a/build.cmd
+++ b/build.cmd
@@ -20,9 +20,9 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
 IF "%SKIP_KRE_INSTALL%"=="1" goto run
-CALL packages\KoreBuild\build\kvm upgrade -runtime CLR -x86
-CALL packages\KoreBuild\build\kvm install default -runtime CoreCLR -x86
+CALL packages\KoreBuild\build\dotnetsdk upgrade -runtime CLR -x86
+CALL packages\KoreBuild\build\dotnetsdk install default -runtime CoreCLR -x86
 
 :run
-CALL packages\KoreBuild\build\kvm use default -runtime CLR -x86
+CALL packages\KoreBuild\build\dotnetsdk use default -runtime CLR -x86
 packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
diff --git a/build.sh b/build.sh
index c7873ef58e..350d7e389a 100644
--- a/build.sh
+++ b/build.sh
@@ -28,11 +28,11 @@ if test ! -d packages/KoreBuild; then
 fi
 
 if ! type k > /dev/null 2>&1; then
-    source packages/KoreBuild/build/kvm.sh
+    source packages/KoreBuild/build/dotnetsdk.sh
 fi
 
 if ! type k > /dev/null 2>&1; then
-    kvm upgrade
+    dotnetsdk upgrade
 fi
 
 mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"

From de5c079bf0587ce33865595205dfb5562eacf583 Mon Sep 17 00:00:00 2001
From: Suhas Joshi <suhasbjoshi@hotmail.com>
Date: Tue, 20 Jan 2015 17:25:24 -0800
Subject: [PATCH 140/900] Updating NuGet.config

---
 NuGet.Config | 1 -
 1 file changed, 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index 2d3b0cb857..53454b2000 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
   </packageSources>
 </configuration>

From 231994217b1bfbd7506362c625822380a7ec03e0 Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Tue, 20 Jan 2015 18:34:21 -0800
Subject: [PATCH 141/900] Rename SKIP_KRE_INSTALL to SKIP_DOTNET_INSTALL

---
 build.cmd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.cmd b/build.cmd
index c8041fdd9d..220a1ff561 100644
--- a/build.cmd
+++ b/build.cmd
@@ -19,7 +19,7 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
-IF "%SKIP_KRE_INSTALL%"=="1" goto run
+IF "%SKIP_DOTNET_INSTALL%"=="1" goto run
 CALL packages\KoreBuild\build\dotnetsdk upgrade -runtime CLR -x86
 CALL packages\KoreBuild\build\dotnetsdk install default -runtime CoreCLR -x86
 

From 5328c7f53945e614529b168f2a95fdc844ac43f8 Mon Sep 17 00:00:00 2001
From: Aligned <logankd@users.noreply.github.com>
Date: Wed, 21 Jan 2015 11:55:35 -0600
Subject: [PATCH 142/900] Change ASP.NET vNext to ASP.Net 5 in the Readme.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ab7b29e979..06a74de411 100644
--- a/README.md
+++ b/README.md
@@ -3,4 +3,4 @@ ASP.NET Security
 
 ASP.NET Security contains the security and authorization middlewares for ASP.NET vNext.
 
-This project is part of ASP.NET vNext. You can find samples, documentation and getting started instructions for ASP.NET vNext at the [Home](https://github.com/aspnet/home) repo.
+This project is part of ASP.NET 5. You can find samples, documentation and getting started instructions for ASP.NET 5 at the [Home](https://github.com/aspnet/home) repo.

From 4193fa29b7f0e1238411197fc0988c419167724a Mon Sep 17 00:00:00 2001
From: Suhas Joshi <suhasbjoshi@hotmail.com>
Date: Wed, 21 Jan 2015 15:52:54 -0800
Subject: [PATCH 143/900] Updating to release NuGet.config

---
 NuGet.Config | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 4ee105534c..2d3b0cb857 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,8 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
-    <add key="AzureADNighty" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
 </configuration>

From d7b389e595a6a79793548e4d3671141d3e1fed48 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 21 Jan 2015 16:53:45 -0800
Subject: [PATCH 144/900] Updating release NuGet.config to include
 AzureADNighty feed

---
 NuGet.Config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/NuGet.Config b/NuGet.Config
index 2d3b0cb857..d699f07ad6 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -3,5 +3,6 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
+    <add key="AzureADNighty" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
 </configuration>

From e5518e6fc25874920e203dfcd923868ad5de6cbb Mon Sep 17 00:00:00 2001
From: BrentSchmaltz <brentschmaltz@hotmail.com>
Date: Tue, 27 Jan 2015 08:15:28 -0800
Subject: [PATCH 145/900] ChallengeContext will be null with [Authorize]
 attribute OpenIdConnect set Ticket.Principal, get identity from there.

---
 .../OpenidConnectAuthenticationHandler.cs     | 24 +++++++++++++++----
 .../Infrastructure/AuthenticationHandler.cs   |  7 ++++--
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 96156f6534..b237b6be97 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -91,6 +91,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 {
                     ProtocolMessage = openIdConnectMessage
                 };
+
                 await Options.Notifications.RedirectToIdentityProvider(notification);
 
                 if (!notification.HandledResponse)
@@ -100,6 +101,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                     {
                         _logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
                     }
+
                     Response.Redirect(redirectUri);
                 }
             }
@@ -116,7 +118,13 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         /// <returns></returns>
         protected override async Task ApplyResponseChallengeAsync()
         {
-            if ((Response.StatusCode != 401) || (ChallengeContext == null))
+            if (Response.StatusCode != 401)
+            {
+                return;
+            }
+
+            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
             {
                 return;
             }
@@ -124,7 +132,16 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
             // order for redirect_uri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri
-            AuthenticationProperties properties = new AuthenticationProperties(ChallengeContext.Properties);
+            AuthenticationProperties properties;
+            if (ChallengeContext == null)
+            {
+                properties = new AuthenticationProperties();
+            }
+            else
+            {
+                properties = new AuthenticationProperties(ChallengeContext.Properties);
+            }
+
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
@@ -154,7 +171,6 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
             };
 
-            // TODO - brentschmaltz, if INonceCache is set should we even consider if ProtocolValidator is set?
             if (Options.ProtocolValidator.RequireNonce)
             {
                 openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
@@ -179,7 +195,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
                 if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                 {
-                    _logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri);
+                    _logger.WriteWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: " + (redirectUri ?? "null"));
                 }
 
                 Response.Redirect(redirectUri);
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index d7a0db8fcd..fc847f4fa9 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -77,9 +77,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
             if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
             {
                 AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket != null && ticket.Identity != null)
+                if (ticket != null)
                 {
-                    SecurityHelper.AddUserIdentity(Context, ticket.Identity);
+                    if ( ticket.Identity != null)
+                        SecurityHelper.AddUserIdentity(Context, ticket.Identity);
+                    else if (ticket.Principal != null)
+                        SecurityHelper.AddUserIdentity(Context, ticket.Principal.Identity);
                 }
             }
         }

From e04358f7f92f709cfb235ab48967d38e4c6b4535 Mon Sep 17 00:00:00 2001
From: BrentSchmaltz <brentschmaltz@hotmail.com>
Date: Tue, 27 Jan 2015 09:58:47 -0800
Subject: [PATCH 146/900] Missing resource file.

---
 .../Resources.resx                            | 132 ++++++++++++++++++
 1 file changed, 132 insertions(+)
 create mode 100644 src/Microsoft.AspNet.Security.OpenIdConnect/Resources.resx

diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Security.OpenIdConnect/Resources.resx
new file mode 100644
index 0000000000..7abad90eb0
--- /dev/null
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/Resources.resx
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="ArgsException_BackchallelLessThanZero" xml:space="preserve">
+    <value>BackchannelTimeout cannot be less or equal to TimeSpan.Zero.</value>
+  </data>
+  <data name="Exception_OpenIdConnectMessageError" xml:space="preserve">
+    <value>"OpenIdConnectMessage.Error was not null, indicating an error. Error: '{0}'. Error_Description (may be empty): '{1}'. Error_Uri (may be empty): '{2}'."</value>
+  </data>
+  <data name="Exception_RedirectUri_LogoutQueryString_IsNotWellFormed" xml:space="preserve">
+    <value>OIDC_20001: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+</root>
\ No newline at end of file

From 3483842ab76d4198fc230c7a1905b0ada9b4bf89 Mon Sep 17 00:00:00 2001
From: BrentSchmaltz <brentschmaltz@hotmail.com>
Date: Wed, 28 Jan 2015 10:27:55 -0800
Subject: [PATCH 147/900] Rollback of setting Principal on
 AuthenticationTicket. adjust formating of messages.

---
 .../OpenidConnectAuthenticationHandler.cs                   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index b237b6be97..94fe211475 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -99,7 +99,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                     string redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
                     if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                     {
-                        _logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
+                        _logger.WriteWarning("The logout redirect URI is malformed: {0}", (redirectUri ?? "null"));
                     }
 
                     Response.Redirect(redirectUri);
@@ -195,7 +195,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
                 if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                 {
-                    _logger.WriteWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: " + (redirectUri ?? "null"));
+                    _logger.WriteWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"));
                 }
 
                 Response.Redirect(redirectUri);
@@ -343,7 +343,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                     throw new InvalidOperationException("No SecurityTokenValidator found for token: " + openIdConnectMessage.IdToken);
                 }
 
-                ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationType);
+                ticket = new AuthenticationTicket(principal.Identity as ClaimsIdentity, properties);
                 if (!string.IsNullOrWhiteSpace(openIdConnectMessage.SessionState))
                 {
                     ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = openIdConnectMessage.SessionState;

From 6367c0d2494cbb3d709c8ca1806bcb83759b34aa Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Wed, 28 Jan 2015 18:30:59 -0800
Subject: [PATCH 148/900] Update build.cmd and build.sh to use kvm

---
 build.cmd | 6 +++---
 build.sh  | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/build.cmd b/build.cmd
index 220a1ff561..5885abe388 100644
--- a/build.cmd
+++ b/build.cmd
@@ -20,9 +20,9 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
 IF "%SKIP_DOTNET_INSTALL%"=="1" goto run
-CALL packages\KoreBuild\build\dotnetsdk upgrade -runtime CLR -x86
-CALL packages\KoreBuild\build\dotnetsdk install default -runtime CoreCLR -x86
+CALL packages\KoreBuild\build\kvm upgrade -runtime CLR -x86
+CALL packages\KoreBuild\build\kvm install default -runtime CoreCLR -x86
 
 :run
-CALL packages\KoreBuild\build\dotnetsdk use default -runtime CLR -x86
+CALL packages\KoreBuild\build\kvm use default -runtime CLR -x86
 packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
diff --git a/build.sh b/build.sh
index 350d7e389a..c7873ef58e 100644
--- a/build.sh
+++ b/build.sh
@@ -28,11 +28,11 @@ if test ! -d packages/KoreBuild; then
 fi
 
 if ! type k > /dev/null 2>&1; then
-    source packages/KoreBuild/build/dotnetsdk.sh
+    source packages/KoreBuild/build/kvm.sh
 fi
 
 if ! type k > /dev/null 2>&1; then
-    dotnetsdk upgrade
+    kvm upgrade
 fi
 
 mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"

From 24e68d81ea4cba4157aca19b7b4bd81a3d56e873 Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Wed, 28 Jan 2015 18:31:11 -0800
Subject: [PATCH 149/900] Change SKIP_DOTNET_INSTALL to SKIP_KRE_INSTALL

---
 build.cmd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.cmd b/build.cmd
index 5885abe388..86ca5bbbf1 100644
--- a/build.cmd
+++ b/build.cmd
@@ -19,7 +19,7 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
-IF "%SKIP_DOTNET_INSTALL%"=="1" goto run
+IF "%SKIP_KRE_INSTALL%"=="1" goto run
 CALL packages\KoreBuild\build\kvm upgrade -runtime CLR -x86
 CALL packages\KoreBuild\build\kvm install default -runtime CoreCLR -x86
 

From f9d3f6fe173bccab15dabc33065cacd680ec9b96 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 29 Jan 2015 18:12:51 -0800
Subject: [PATCH 150/900] Fixing release NuGet.config

---
 NuGet.Config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/NuGet.Config b/NuGet.Config
index ee06e90062..d699f07ad6 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
     <add key="AzureADNighty" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>

From 4e83a678c03492a4913258be6eb16cecaff80d5e Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Mon, 2 Feb 2015 13:46:28 -0800
Subject: [PATCH 151/900] Creating authentication ticket by passing in a
 principal

This fixes bug : https://github.com/aspnet/Security/issues/144
---
 .../OpenidConnectAuthenticationHandler.cs                     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 94fe211475..b30346e853 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -224,7 +224,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
             if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
               && !string.IsNullOrWhiteSpace(Request.ContentType)
-                // May have media/type; charset=utf-8, allow partial match.
+              // May have media/type; charset=utf-8, allow partial match.
               && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
               && Request.Body.CanRead)
             {
@@ -343,7 +343,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                     throw new InvalidOperationException("No SecurityTokenValidator found for token: " + openIdConnectMessage.IdToken);
                 }
 
-                ticket = new AuthenticationTicket(principal.Identity as ClaimsIdentity, properties);
+                ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationType);
                 if (!string.IsNullOrWhiteSpace(openIdConnectMessage.SessionState))
                 {
                     ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = openIdConnectMessage.SessionState;

From b17d718d273c99e60da961553afa012fd3bd806f Mon Sep 17 00:00:00 2001
From: Brennan <brecon@microsoft.com>
Date: Wed, 4 Feb 2015 14:24:28 -0800
Subject: [PATCH 152/900] Updating .kproj files

---
 .../OpenIdConnectSample/OpenIdConnectSample.kproj  | 14 +-------------
 .../Microsoft.AspNet.Security.OAuthBearer.kproj    |  7 +------
 .../Microsoft.AspNet.Security.OpenIdConnect.kproj  | 14 +-------------
 3 files changed, 3 insertions(+), 32 deletions(-)

diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.kproj b/samples/OpenIdConnectSample/OpenIdConnectSample.kproj
index c6ab693ae7..1f6d87ba4b 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.kproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.kproj
@@ -7,24 +7,12 @@
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>bef0f5c3-ef4e-4649-9c49-d5e279a3ca2b</ProjectGuid>
-    <RootNamespace>OpenIDConnectSample</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <AssemblyName>OpenIDConnectSample</AssemblyName>
-  </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
     <DevelopmentServerPort>42023</DevelopmentServerPort>
-    <CommandLineArguments />
-    <DebugTarget>
-    </DebugTarget>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-  <ProjectExtensions>
-    <VisualStudio>
-      <UserProperties project_1json__JSONSchema="http://www.asp.net/media/4878834/project.json" />
-    </VisualStudio>
-  </ProjectExtensions>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj b/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj
index 55d65389e4..f83bb90de3 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj
@@ -14,9 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-  <ProjectExtensions>
-    <VisualStudio>
-      <UserProperties project_1json__JSONSchema="http://www.asp.net/media/4878834/project.json" />
-    </VisualStudio>
-  </ProjectExtensions>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj b/src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
index ed1a12239f..6167f967f5 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
@@ -7,23 +7,11 @@
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>674d128e-83bb-481a-a9d9-6d47872e1fc8</ProjectGuid>
-    <RootNamespace>Microsoft.AspNet.Security.OpenIdConnect</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
-    <ProduceOutputsOnBuild>True</ProduceOutputsOnBuild>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <ProduceOutputsOnBuild>True</ProduceOutputsOnBuild>
-  </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-  <ProjectExtensions>
-    <VisualStudio>
-      <UserProperties Project_1json__JSONSchema="http://www.asp.net/media/4878834/project.json" />
-    </VisualStudio>
-  </ProjectExtensions>
-</Project>
\ No newline at end of file
+</Project>

From 710c2d7d2118e16a76da0b6d2be9583a9dfdf3da Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Thu, 5 Feb 2015 15:11:15 -0800
Subject: [PATCH 153/900] Removing the AzureAD feed from security repo

Wilson packages are now part of aspnet myget feeds. Removing azure feed from restore sources.
---
 NuGet.Config | 1 -
 1 file changed, 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index d699f07ad6..2d3b0cb857 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -3,6 +3,5 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet.org" value="https://nuget.org/api/v2/" />
-    <add key="AzureADNighty" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
 </configuration>

From 74bb8e089de5d29955c911072904a6e03c3e7f85 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 6 Feb 2015 09:55:22 -0800
Subject: [PATCH 154/900] Reacting to System.Dynamic.Runtime version changes

---
 src/Microsoft.AspNet.Security.MicrosoftAccount/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index 530d34c575..e641098e59 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -8,7 +8,7 @@
         "aspnet50": {},
         "aspnetcore50": {
             "dependencies": {
-                "System.Dynamic.Runtime": "4.0.0-beta-*",
+                "System.Dynamic.Runtime": "4.0.10-beta-*",
                 "System.ObjectModel": "4.0.10-beta-*"
             }
         }

From bb2352c638e3fafdd975296e4ae560a20ab6d5a0 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Tue, 10 Feb 2015 11:01:03 -0800
Subject: [PATCH 155/900] Remove build time deps and fixed formatting

---
 .../project.json                              | 20 +++++++++----------
 .../project.json                              |  4 ++--
 .../project.json                              |  4 ++--
 .../project.json                              |  4 ++--
 .../project.json                              |  2 +-
 src/Microsoft.AspNet.Security/project.json    |  2 +-
 6 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Security.Cookies/project.json
index ac92e94e89..82f92b75b3 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Security.Cookies/project.json
@@ -1,12 +1,12 @@
 {
-  "version": "1.0.0-*",
-  "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
-  "dependencies": {
-    "Microsoft.AspNet.Security": "1.0.0-*",
-    "Newtonsoft.Json": "6.0.6"
-  },
-  "frameworks": {
-    "aspnet50": {},
-    "aspnetcore50": {}
-  }
+    "version": "1.0.0-*",
+    "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
+    "dependencies": {
+        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Newtonsoft.Json": "6.0.6"
+    },
+    "frameworks": {
+        "aspnet50": { },
+        "aspnetcore50": { }
+    }
 }
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Security.Facebook/project.json
index a850104f74..3aad11e61d 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Security.Facebook/project.json
@@ -5,7 +5,7 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": {},
-        "aspnetcore50": {}
+        "aspnet50": { },
+        "aspnetcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Security.Google/project.json
index 84ede5d462..a4815b1815 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Security.Google/project.json
@@ -5,7 +5,7 @@
         "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": {},
-        "aspnetcore50": {}
+        "aspnet50": { },
+        "aspnetcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
index e641098e59..82c106b746 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
@@ -2,10 +2,10 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Security.OAuth": "1.0.0-*",
+        "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": {},
+        "aspnet50": { },
         "aspnetcore50": {
             "dependencies": {
                 "System.Dynamic.Runtime": "4.0.10-beta-*",
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Security.Twitter/project.json
index db7442b59a..b9eba0a305 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Security.Twitter/project.json
@@ -13,7 +13,7 @@
         },
         "aspnetcore50": {
             "dependencies": {
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index b147d3031c..af2d2fb981 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
-        "Microsoft.AspNet.Http.Interfaces": { "version": "1.0.0-*", "type": "build" },
+        "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
         "Microsoft.AspNet.Http.Core": "1.0.0-*",
         "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*"

From 04c6b1f10192a74ca82132efebd90e75c60a5777 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Tue, 10 Feb 2015 11:25:30 -0800
Subject: [PATCH 156/900] Adding necessary dependencies to OpenIdConnect
 directly

OpenIdconnect project is betting on the dependencies included by Microsoft.IdentityModel.Protocol.Extensions for the types that are referenced directly in this library but not used in Protocol.Extensions library.

This change is to enable Wilson clean up its unused dependencies.
---
 src/Microsoft.AspNet.Security.OpenIdConnect/project.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/project.json b/src/Microsoft.AspNet.Security.OpenIdConnect/project.json
index 728e82b194..a02c8145f9 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/project.json
@@ -2,16 +2,18 @@
     "version": "1.0.0-*",
     "dependencies": {
         "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0.0-beta1-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*"
     },
     "frameworks": {
         "aspnet50": {
             "frameworkAssemblies": {
+                "System.Net.Http": "",
                 "System.Net.Http.WebRequest": ""
             }
         },
         "aspnetcore50": {
             "dependencies": {
+                "System.Collections.Specialized": "4.0.0-beta-*",
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
         }

From 58661b27341aa0c29a6cc069082e24868627acca Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Mon, 16 Feb 2015 13:50:24 -0800
Subject: [PATCH 157/900] Add project.lock.json to .gitignore

---
 .gitignore | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 08e21e25bf..ac82da7568 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,4 +23,5 @@ nuget.exe
 *.ncrunchsolution
 *.*sdf
 *.ipch
-*.sln.ide
\ No newline at end of file
+*.sln.ide
+project.lock.json

From 5094b85ac92df0035f15e94b87d72cd4bc716905 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 16 Feb 2015 15:04:10 -0800
Subject: [PATCH 158/900] Latest AuthZ iteration

- Core Auth API now takes list of IAuthorizationRequirements, or policy
name.
- Overload that takes AuthorizationPolicy instance moved to extension
method.
- Remove HttpContext from API and replace with ClaimsPrincipal instead
- Add Operation requirement
- Add Sync overloads
- Add ClaimsTransformationOptions (TBD where to use this)

Fixes https://github.com/aspnet/Security/issues/132
Fixes https://github.com/aspnet/Security/issues/116
Fixes https://github.com/aspnet/Security/issues/11
Fixes https://github.com/aspnet/Security/issues/117
---
 .../AuthorizationContext.cs                   |  21 +-
 .../AuthorizationHandler.cs                   |  86 +++---
 .../AuthorizationPolicy.cs                    |  66 ++++-
 .../AuthorizationPolicyBuilder.cs             |  14 +-
 .../AuthorizationServiceExtensions.cs         |  49 ++++
 .../AuthorizeAttribute.cs                     |  25 ++
 .../ClaimsAuthorizationHandler.cs             |  32 +--
 .../ClaimsTransformationOptions.cs            |  15 +
 .../DefaultAuthorizationService.cs            |  68 +++--
 .../DenyAnonymousAuthorizationHandler.cs      |   7 +-
 .../IAuthorizationHandler.cs                  |   2 +-
 .../IAuthorizationService.cs                  |  38 ++-
 .../OperationAuthorizationRequirement.cs      |  10 +
 .../PassThroughAuthorizationHandler.cs        |  10 +-
 .../Properties/Resources.Designer.cs          |  94 +++++++
 .../Resources.Designer.cs                     |  99 -------
 src/Microsoft.AspNet.Security/Resources.resx  |   3 +
 .../ServiceCollectionExtensions.cs            |   5 +
 .../AuthorizationPolicyFacts.cs               |  37 +++
 .../DefaultAuthorizationServiceTests.cs       | 257 ++++++++++++------
 20 files changed, 637 insertions(+), 301 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Security/AuthorizeAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Security/ClaimsTransformationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Security/OperationAuthorizationRequirement.cs
 create mode 100644 src/Microsoft.AspNet.Security/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Security/Resources.Designer.cs
 create mode 100644 test/Microsoft.AspNet.Security.Test/AuthorizationPolicyFacts.cs

diff --git a/src/Microsoft.AspNet.Security/AuthorizationContext.cs b/src/Microsoft.AspNet.Security/AuthorizationContext.cs
index 0c6dc06197..81d00bdc9d 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationContext.cs
@@ -4,7 +4,6 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security
 {
@@ -13,27 +12,23 @@ namespace Microsoft.AspNet.Security
     /// </summary>
     public class AuthorizationContext
     {
-        private HashSet<IAuthorizationRequirement> _pendingRequirements = new HashSet<IAuthorizationRequirement>();
+        private HashSet<IAuthorizationRequirement> _pendingRequirements;
         private bool _failCalled;
         private bool _succeedCalled;
 
         public AuthorizationContext(
-            [NotNull] AuthorizationPolicy policy, 
-            HttpContext context,
+            [NotNull] IEnumerable<IAuthorizationRequirement> requirements, 
+            ClaimsPrincipal user,
             object resource)
         {
-            Policy = policy;
-            Context = context;
+            Requirements = requirements;
+            User = user;
             Resource = resource;
-            foreach (var req in Policy.Requirements)
-            {
-                _pendingRequirements.Add(req);
-            }
+            _pendingRequirements = new HashSet<IAuthorizationRequirement>(requirements);
         }
 
-        public AuthorizationPolicy Policy { get; private set; }
-        public ClaimsPrincipal User { get { return Context.User; } }
-        public HttpContext Context { get; private set; }
+        public IEnumerable<IAuthorizationRequirement> Requirements { get; private set; }
+        public ClaimsPrincipal User { get; private set; }
         public object Resource { get; private set; }
 
         public IEnumerable<IAuthorizationRequirement> PendingRequirements { get { return _pendingRequirements; } }
diff --git a/src/Microsoft.AspNet.Security/AuthorizationHandler.cs b/src/Microsoft.AspNet.Security/AuthorizationHandler.cs
index d913318700..e1b27e8633 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationHandler.cs
@@ -1,58 +1,68 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Linq;
 using System.Threading.Tasks;
 
 namespace Microsoft.AspNet.Security
 {
-    // Music store use case
-
-    // await AuthorizeAsync<Album>(user, "Edit", albumInstance);
-
-    // No policy name needed because this is auto based on resource (operation is the policy name)
-    //RegisterOperation which auto generates the policy for Authorize<T>
-    //bool AuthorizeAsync<TResource>(ClaimsPrincipal, string operation, TResource instance)
-    //bool AuthorizeAsync<TResource>(IAuthorization, ClaimsPrincipal, string operation, TResource instance)
     public abstract class AuthorizationHandler<TRequirement> : IAuthorizationHandler
         where TRequirement : IAuthorizationRequirement
     {
-        public async Task HandleAsync(AuthorizationContext context)
+        public void Handle(AuthorizationContext context)
         {
-            foreach (var req in context.Policy.Requirements.OfType<TRequirement>())
+            foreach (var req in context.Requirements.OfType<TRequirement>())
             {
-                if (await CheckAsync(context, req))
+                Handle(context, req);
+            }
+        }
+
+        public virtual Task HandleAsync(AuthorizationContext context)
+        {
+            Handle(context);
+            return Task.FromResult(0);
+        }
+
+        // REVIEW: do we need an async hook too?
+        public abstract void Handle(AuthorizationContext context, TRequirement requirement);
+    }
+
+    public abstract class AuthorizationHandler<TRequirement, TResource> : IAuthorizationHandler
+        where TResource : class
+        where TRequirement : IAuthorizationRequirement
+    {
+        public virtual async Task HandleAsync(AuthorizationContext context)
+        {
+            var resource = context.Resource as TResource;
+            // REVIEW: should we allow null resources?
+            if (resource != null)
+            {
+                foreach (var req in context.Requirements.OfType<TRequirement>())
                 {
-                    context.Succeed(req);
-                }
-                else
-                {
-                    context.Fail();
+                    await HandleAsync(context, req, resource);
                 }
             }
         }
 
-        public abstract Task<bool> CheckAsync(AuthorizationContext context, TRequirement requirement);
+        public virtual Task HandleAsync(AuthorizationContext context, TRequirement requirement, TResource resource)
+        {
+            Handle(context, requirement, resource);
+            return Task.FromResult(0);
+        }
+
+        public virtual void Handle(AuthorizationContext context)
+        {
+            var resource = context.Resource as TResource;
+            // REVIEW: should we allow null resources?
+            if (resource != null)
+            {
+                foreach (var req in context.Requirements.OfType<TRequirement>())
+                {
+                    Handle(context, req, resource);
+                }
+            }
+        }
+
+        public abstract void Handle(AuthorizationContext context, TRequirement requirement, TResource resource);
     }
-
-    // TODO: 
-    //public abstract class AuthorizationHandler<TRequirement, TResource> : AuthorizationHandler<TRequirement>
-    //    where TResource : class
-    //    where TRequirement : IAuthorizationRequirement
-    //{
-    //    public override Task HandleAsync(AuthorizationContext context)
-    //    {
-    //        var resource = context.Resource as TResource;
-    //        if (resource != null)
-    //        {
-    //            return HandleAsync(context, resource);
-    //        }
-
-    //        return Task.FromResult(0);
-
-    //    }
-
-    //    public abstract Task HandleAsync(AuthorizationContext context, TResource resource);
-    //}
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
index d142eb1b60..924f9dbd2b 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
@@ -1,7 +1,9 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
+using System.Linq;
 
 namespace Microsoft.AspNet.Security
 {
@@ -9,11 +11,67 @@ namespace Microsoft.AspNet.Security
     {
         public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> activeAuthenticationTypes)
         {
-            Requirements = requirements;
-            ActiveAuthenticationTypes = activeAuthenticationTypes;
+            Requirements = new List<IAuthorizationRequirement>(requirements).AsReadOnly();
+            ActiveAuthenticationTypes = new List<string>(activeAuthenticationTypes).AsReadOnly();
         }
 
-        public IEnumerable<IAuthorizationRequirement> Requirements { get; private set; }
-        public IEnumerable<string> ActiveAuthenticationTypes { get; private set; }
+        public IReadOnlyList<IAuthorizationRequirement> Requirements { get; private set; }
+        public IReadOnlyList<string> ActiveAuthenticationTypes { get; private set; }
+
+        public static AuthorizationPolicy Combine([NotNull] params AuthorizationPolicy[] policies)
+        {
+            return Combine((IEnumerable<AuthorizationPolicy>)policies);
+        }
+
+        // TODO: Add unit tests
+        public static AuthorizationPolicy Combine([NotNull] IEnumerable<AuthorizationPolicy> policies)
+        {
+            var builder = new AuthorizationPolicyBuilder();
+            foreach (var policy in policies)
+            {
+                builder.Combine(policy);
+            }
+            return builder.Build();
+        }
+
+        public static AuthorizationPolicy Combine([NotNull] AuthorizationOptions options, [NotNull] IEnumerable<AuthorizeAttribute> attributes)
+        {
+            var policyBuilder = new AuthorizationPolicyBuilder();
+            bool any = false;
+            foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>())
+            {
+                any = true;
+                var requireAnyAuthenticated = true;
+                if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy))
+                {
+                    var policy = options.GetPolicy(authorizeAttribute.Policy);
+                    if (policy == null)
+                    {
+                        throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy));
+                    }
+                    policyBuilder.Combine(policy);
+                    requireAnyAuthenticated = false;
+                }
+                var rolesSplit = authorizeAttribute.Roles?.Split(',');
+                if (rolesSplit != null && rolesSplit.Any())
+                {
+                    policyBuilder.RequiresRole(rolesSplit);
+                    requireAnyAuthenticated = false;
+                }
+                string[] authTypesSplit = authorizeAttribute.ActiveAuthenticationTypes?.Split(',');
+                if (authTypesSplit != null && authTypesSplit.Any())
+                {
+                    foreach (var authType in authTypesSplit)
+                    {
+                        policyBuilder.ActiveAuthenticationTypes.Add(authType);
+                    }
+                }
+                if (requireAnyAuthenticated)
+                {
+                    policyBuilder.RequireAuthenticatedUser();
+                }
+            }
+            return any ? policyBuilder.Build() : null;
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
index 7b8617f543..bf97fbae2c 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
@@ -40,7 +40,7 @@ namespace Microsoft.AspNet.Security
             return this;
         }
 
-        public AuthorizationPolicyBuilder Combine(AuthorizationPolicy policy)
+        public AuthorizationPolicyBuilder Combine([NotNull] AuthorizationPolicy policy)
         {
             AddAuthenticationTypes(policy.ActiveAuthenticationTypes.ToArray());
             AddRequirements(policy.Requirements.ToArray());
@@ -48,6 +48,11 @@ namespace Microsoft.AspNet.Security
         }
 
         public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType, params string[] requiredValues)
+        {
+            return RequiresClaim(claimType, (IEnumerable<string>)requiredValues);
+        }
+
+        public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType, IEnumerable<string> requiredValues)
         {
             Requirements.Add(new ClaimsAuthorizationRequirement
             {
@@ -68,6 +73,11 @@ namespace Microsoft.AspNet.Security
         }
 
         public AuthorizationPolicyBuilder RequiresRole([NotNull] params string[] roles)
+        {
+            return RequiresRole((IEnumerable<string>)roles);
+        }
+
+        public AuthorizationPolicyBuilder RequiresRole([NotNull] IEnumerable<string> roles)
         {
             RequiresClaim(ClaimTypes.Role, roles);
             return this;
@@ -81,7 +91,7 @@ namespace Microsoft.AspNet.Security
 
         public AuthorizationPolicy Build()
         {
-            return new AuthorizationPolicy(Requirements, ActiveAuthenticationTypes);
+            return new AuthorizationPolicy(Requirements, ActiveAuthenticationTypes.Distinct());
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
new file mode 100644
index 0000000000..e3e416c897
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security
+{
+    public static class AuthorizationServiceExtensions
+    {
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="service">The authorization service.</param>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <param name="policy">The policy to check against a specific context.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
+        {
+            if (policy.ActiveAuthenticationTypes != null && policy.ActiveAuthenticationTypes.Any() && user != null)
+            {
+                // Filter the user to only contain the active authentication types
+                user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationTypes.Contains(i.AuthenticationType)));
+            }
+            return service.AuthorizeAsync(user, resource, policy.Requirements.ToArray());
+        }
+
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="service">The authorization service.</param>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <param name="policy">The policy to check against a specific context.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
+        {
+            if (policy.ActiveAuthenticationTypes != null && policy.ActiveAuthenticationTypes.Any() && user != null)
+            {
+                // Filter the user to only contain the active authentication types
+                user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationTypes.Contains(i.AuthenticationType)));
+            }
+            return service.Authorize(user, resource, policy.Requirements.ToArray());
+        }
+
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthorizeAttribute.cs b/src/Microsoft.AspNet.Security/AuthorizeAttribute.cs
new file mode 100644
index 0000000000..bdaefafbf1
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/AuthorizeAttribute.cs
@@ -0,0 +1,25 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Security
+{
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
+    public class AuthorizeAttribute : Attribute
+    {
+        public AuthorizeAttribute() { }
+
+        public AuthorizeAttribute(string policy)
+        {
+            Policy = policy;
+        }
+
+        public string Policy { get; set; }
+
+        // REVIEW: can we get rid of the , deliminated in Roles/AuthTypes
+        public string Roles { get; set; }
+
+        public string ActiveAuthenticationTypes { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
index 9f3f58c3ac..9aa95ef606 100644
--- a/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
@@ -3,30 +3,30 @@
 
 using System;
 using System.Linq;
-using System.Threading.Tasks;
 
 namespace Microsoft.AspNet.Security
 {
     public class ClaimsAuthorizationHandler : AuthorizationHandler<ClaimsAuthorizationRequirement>
     {
-        public override Task<bool> CheckAsync(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
+        public override void Handle(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
         {
-            if (context.Context.User == null)
+            if (context.User != null)
             {
-                return Task.FromResult(false);
+                bool found = false;
+                if (requirement.AllowedValues == null || !requirement.AllowedValues.Any())
+                {
+                    found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase));
+                }
+                else
+                {
+                    found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)
+                                                        && requirement.AllowedValues.Contains(c.Value, StringComparer.Ordinal));
+                }
+                if (found)
+                {
+                    context.Succeed(requirement);
+                }
             }
-
-            bool found = false;
-            if (requirement.AllowedValues == null || !requirement.AllowedValues.Any())
-            {
-                found = context.Context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase));
-            }
-            else
-            {
-                found = context.Context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)
-                                                    && requirement.AllowedValues.Contains(c.Value, StringComparer.Ordinal));
-            }
-            return Task.FromResult(found);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/ClaimsTransformationOptions.cs b/src/Microsoft.AspNet.Security/ClaimsTransformationOptions.cs
new file mode 100644
index 0000000000..4684ad69d0
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/ClaimsTransformationOptions.cs
@@ -0,0 +1,15 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Security
+{
+    public class ClaimsTransformationOptions
+    {
+        public Func<ClaimsPrincipal, Task<ClaimsPrincipal>> TransformAsync { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
index d20cf65445..943fbce9fb 100644
--- a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
@@ -5,7 +5,6 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security
@@ -21,47 +20,44 @@ namespace Microsoft.AspNet.Security
             _options = options.Options;
         }
 
-        public Task<bool> AuthorizeAsync([NotNull] string policyName, HttpContext context, object resource = null)
+        public bool Authorize(ClaimsPrincipal user, object resource, string policyName)
+        {
+            var policy = _options.GetPolicy(policyName);
+            if (policy == null)
+            {
+                return false;
+            }
+            return this.Authorize(user, resource, policy);
+        }
+
+        public bool Authorize(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements)
+        {
+            var authContext = new AuthorizationContext(requirements, user, resource);
+            foreach (var handler in _handlers)
+            {
+                handler.Handle(authContext);
+            }
+            return authContext.HasSucceeded;
+        }
+
+        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements)
+        {
+            var authContext = new AuthorizationContext(requirements, user, resource);
+            foreach (var handler in _handlers)
+            {
+                await handler.HandleAsync(authContext);
+            }
+            return authContext.HasSucceeded;
+        }
+
+        public Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
         {
             var policy = _options.GetPolicy(policyName);
             if (policy == null)
             {
                 return Task.FromResult(false);
             }
-            return AuthorizeAsync(policy, context, resource);
-        }
-
-        public async Task<bool> AuthorizeAsync([NotNull] AuthorizationPolicy policy, [NotNull] HttpContext context, object resource = null)
-        {
-            var user = context.User;
-            try
-            {
-                // Generate the user identities if policy specified the AuthTypes
-                if (policy.ActiveAuthenticationTypes != null && policy.ActiveAuthenticationTypes.Any() )
-                {
-                    var principal = new ClaimsPrincipal();
-
-                    var results = await context.AuthenticateAsync(policy.ActiveAuthenticationTypes);
-                    // REVIEW: re requesting the identities fails for MVC currently, so we only request if not found
-                    foreach (var result in results)
-                    {
-                        principal.AddIdentity(result.Identity);
-                    }
-                    context.User = principal;
-                }
-
-                var authContext = new AuthorizationContext(policy, context, resource);
-
-                foreach (var handler in _handlers)
-                {
-                    await handler.HandleAsync(authContext);
-                }
-                return authContext.HasSucceeded;
-            }
-            finally
-            {
-                context.User = user;
-            }
+            return this.AuthorizeAsync(user, resource, policy);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
index 878a32ec92..952ed30b86 100644
--- a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
@@ -7,14 +7,17 @@ namespace Microsoft.AspNet.Security
 {
     public class DenyAnonymousAuthorizationHandler : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>
     {
-        public override Task<bool> CheckAsync(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
+        public override void Handle(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
         {
             var user = context.User;
             var userIsAnonymous =
                 user == null ||
                 user.Identity == null ||
                 !user.Identity.IsAuthenticated;
-            return Task.FromResult(!userIsAnonymous);
+            if (!userIsAnonymous)
+            {
+                context.Succeed(requirement);
+            }
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
index 975a305b86..82eea9ff2f 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
@@ -8,6 +8,6 @@ namespace Microsoft.AspNet.Security
     public interface IAuthorizationHandler
     {
         Task HandleAsync(AuthorizationContext context);
-        //void Handle(AuthorizationContext context);
+        void Handle(AuthorizationContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationService.cs b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
index 8bcafda3d7..317e1ae283 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Security/IAuthorizationService.cs
@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Security
 {
@@ -12,21 +12,39 @@ namespace Microsoft.AspNet.Security
     public interface IAuthorizationService
     {
         /// <summary>
-        /// Checks if a user meets a specific authorization policy
+        /// Checks if a user meets a specific set of requirements for the specified resource
         /// </summary>
-        /// <param name="policy">The policy to check against a specific context.</param>
-        /// <param name="context">The HttpContext to check the policy against.</param>
-        /// <param name="resource">The resource the policy should be checked with.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        Task<bool> AuthorizeAsync(string policyName, HttpContext context, object resource = null);
+        /// <param name="user"></param>
+        /// <param name="resource"></param>
+        /// <param name="requirements"></param>
+        /// <returns></returns>
+        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements);
+
+        /// <summary>
+        /// Checks if a user meets a specific set of requirements for the specified resource
+        /// </summary>
+        /// <param name="user"></param>
+        /// <param name="resource"></param>
+        /// <param name="requirements"></param>
+        /// <returns></returns>
+        bool Authorize(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements);
 
         /// <summary>
         /// Checks if a user meets a specific authorization policy
         /// </summary>
-        /// <param name="policy">The policy to check against a specific context.</param>
-        /// <param name="context">The HttpContext to check the policy against.</param>
+        /// <param name="user">The user to check the policy against.</param>
         /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        Task<bool> AuthorizeAsync(AuthorizationPolicy policy, HttpContext context, object resource = null);
+        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName);
+
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <param name="policyName">The name of the policy to check against a specific context.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        bool Authorize(ClaimsPrincipal user, object resource, string policyName);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNet.Security/OperationAuthorizationRequirement.cs
new file mode 100644
index 0000000000..e7e08d1959
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/OperationAuthorizationRequirement.cs
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Security
+{
+    public class OperationAuthorizationRequirement : IAuthorizationRequirement
+    {
+        public string Name { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
index 837b2f2676..a2173f1e02 100644
--- a/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
@@ -10,10 +10,18 @@ namespace Microsoft.AspNet.Security
     {
         public async Task HandleAsync(AuthorizationContext context)
         {
-            foreach (var handler in context.Policy.Requirements.OfType<IAuthorizationHandler>())
+            foreach (var handler in context.Requirements.OfType<IAuthorizationHandler>())
             {
                 await handler.HandleAsync(context);
             }
         }
+
+        public void Handle(AuthorizationContext context)
+        {
+            foreach (var handler in context.Requirements.OfType<IAuthorizationHandler>())
+            {
+                handler.Handle(context);
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Security/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..3490d3ea71
--- /dev/null
+++ b/src/Microsoft.AspNet.Security/Properties/Resources.Designer.cs
@@ -0,0 +1,94 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Security
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Security.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
+        /// </summary>
+        internal static string Exception_DefaultDpapiRequiresAppNameKey
+        {
+            get { return GetString("Exception_DefaultDpapiRequiresAppNameKey"); }
+        }
+
+        /// <summary>
+        /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
+        /// </summary>
+        internal static string FormatException_DefaultDpapiRequiresAppNameKey()
+        {
+            return GetString("Exception_DefaultDpapiRequiresAppNameKey");
+        }
+
+        /// <summary>
+        /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
+        /// </summary>
+        internal static string Exception_UnhookAuthenticationStateType
+        {
+            get { return GetString("Exception_UnhookAuthenticationStateType"); }
+        }
+
+        /// <summary>
+        /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
+        /// </summary>
+        internal static string FormatException_UnhookAuthenticationStateType()
+        {
+            return GetString("Exception_UnhookAuthenticationStateType");
+        }
+
+        /// <summary>
+        /// The AuthenticationTokenProvider's required synchronous events have not been registered.
+        /// </summary>
+        internal static string Exception_AuthenticationTokenDoesNotProvideSyncMethods
+        {
+            get { return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods"); }
+        }
+
+        /// <summary>
+        /// The AuthenticationTokenProvider's required synchronous events have not been registered.
+        /// </summary>
+        internal static string FormatException_AuthenticationTokenDoesNotProvideSyncMethods()
+        {
+            return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods");
+        }
+
+        /// <summary>
+        /// The AuthorizationPolicy named: '{0}' was not found.
+        /// </summary>
+        internal static string Exception_AuthorizationPolicyNotFound
+        {
+            get { return GetString("Exception_AuthorizationPolicyNotFound"); }
+        }
+
+        /// <summary>
+        /// The AuthorizationPolicy named: '{0}' was not found.
+        /// </summary>
+        internal static string FormatException_AuthorizationPolicyNotFound(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyNotFound"), p0);
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Resources.Designer.cs b/src/Microsoft.AspNet.Security/Resources.Designer.cs
deleted file mode 100644
index 485da1825d..0000000000
--- a/src/Microsoft.AspNet.Security/Resources.Designer.cs
+++ /dev/null
@@ -1,99 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.34003
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Security {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The AuthenticationTokenProvider&apos;s required synchronous events have not been registered..
-        /// </summary>
-        internal static string Exception_AuthenticationTokenDoesNotProvideSyncMethods {
-            get {
-                return ResourceManager.GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate &apos;host.AppName&apos; key..
-        /// </summary>
-        internal static string Exception_DefaultDpapiRequiresAppNameKey {
-            get {
-                return ResourceManager.GetString("Exception_DefaultDpapiRequiresAppNameKey", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IApplicationBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..
-        /// </summary>
-        internal static string Exception_MissingDefaultSignInAsAuthenticationType {
-            get {
-                return ResourceManager.GetString("Exception_MissingDefaultSignInAsAuthenticationType", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The state passed to UnhookAuthentication may only be the return value from HookAuthentication..
-        /// </summary>
-        internal static string Exception_UnhookAuthenticationStateType {
-            get {
-                return ResourceManager.GetString("Exception_UnhookAuthenticationStateType", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/Resources.resx b/src/Microsoft.AspNet.Security/Resources.resx
index 77060045e0..3e72c4a2ce 100644
--- a/src/Microsoft.AspNet.Security/Resources.resx
+++ b/src/Microsoft.AspNet.Security/Resources.resx
@@ -126,4 +126,7 @@
   <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
     <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
   </data>
+  <data name="Exception_AuthorizationPolicyNotFound" xml:space="preserve">
+    <value>The AuthorizationPolicy named: '{0}' was not found.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
index 41b0978cdf..2cb0f5aca5 100644
--- a/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
@@ -9,6 +9,11 @@ namespace Microsoft.Framework.DependencyInjection
 {
     public static class ServiceCollectionExtensions
     {
+        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+
         public static IServiceCollection ConfigureAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configure)
         {
             return services.Configure(configure);
diff --git a/test/Microsoft.AspNet.Security.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Security.Test/AuthorizationPolicyFacts.cs
new file mode 100644
index 0000000000..57c71dde40
--- /dev/null
+++ b/test/Microsoft.AspNet.Security.Test/AuthorizationPolicyFacts.cs
@@ -0,0 +1,37 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Linq;
+using Xunit;
+
+namespace Microsoft.AspNet.Security.Test
+{
+    public class AuthorizationPolicyFacts
+    {
+        [Fact]
+        public void CanCombineAuthorizeAttributes()
+        {
+            // Arrange
+            var attributes = new AuthorizeAttribute[] {
+                new AuthorizeAttribute(),
+                new AuthorizeAttribute("1") { ActiveAuthenticationTypes = "dupe" },
+                new AuthorizeAttribute("2") { ActiveAuthenticationTypes = "dupe" },
+                new AuthorizeAttribute { Roles = "r1,r2", ActiveAuthenticationTypes = "roles" },
+            };
+            var options = new AuthorizationOptions();
+            options.AddPolicy("1", policy => policy.RequiresClaim("1"));
+            options.AddPolicy("2", policy => policy.RequiresClaim("2"));
+
+            // Act
+            var combined = AuthorizationPolicy.Combine(options, attributes);
+
+            // Assert
+            Assert.Equal(2, combined.ActiveAuthenticationTypes.Count());
+            Assert.True(combined.ActiveAuthenticationTypes.Contains("dupe"));
+            Assert.True(combined.ActiveAuthenticationTypes.Contains("roles"));
+            Assert.Equal(4, combined.Requirements.Count());
+            Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
+            Assert.Equal(3, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
index 1ba7054390..9beae1c6d6 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
@@ -3,13 +3,11 @@
 
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.DependencyInjection.Fallback;
-using Moq;
 using Xunit;
 
 namespace Microsoft.AspNet.Security.Test
@@ -27,23 +25,12 @@ namespace Microsoft.AspNet.Security.Test
             return services.BuildServiceProvider().GetRequiredService<IAuthorizationService>();
         }
 
-        private Mock<HttpContext> SetupContext(params ClaimsIdentity[] ids)
+        [Fact]
+        public void AuthorizeCombineThrowsOnUnknownPolicy()
         {
-            var context = new Mock<HttpContext>();
-            context.SetupProperty(c => c.User);
-            var user = new ClaimsPrincipal();
-            user.AddIdentities(ids);
-            context.Object.User = user;
-            if (ids != null)
-            {
-                var results = new List<AuthenticationResult>();
-                foreach (var id in ids)
-                {
-                    results.Add(new AuthenticationResult(id, new AuthenticationProperties(), new AuthenticationDescription()));
-                }
-                context.Setup(c => c.AuthenticateAsync(It.IsAny<IEnumerable<string>>())).ReturnsAsync(results).Verifiable();
-            }
-            return context;
+            Assert.Throws<InvalidOperationException>(() => AuthorizationPolicy.Combine(new AuthorizationOptions(), new AuthorizeAttribute[] {
+                new AuthorizeAttribute { Policy = "Wut" }
+            }));
         }
 
         [Fact]
@@ -57,10 +44,10 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
-            var context = SetupContext(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
+            var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -77,10 +64,10 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
-            var context = SetupContext(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
+            var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -97,7 +84,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Permission", "CanViewPage"),
@@ -107,7 +94,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -124,7 +111,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("SomethingElse", "CanViewPage"),
@@ -133,7 +120,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -150,7 +137,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("SomethingElse", "CanViewPage"),
@@ -159,7 +146,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -176,7 +163,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Permission", "CanViewComment"),
@@ -185,7 +172,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -202,14 +189,14 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[0],
                     "Basic")
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -226,11 +213,9 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
-            var context = SetupContext();
-            context.Object.User = null;
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(null, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -247,10 +232,10 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
-            var context = SetupContext(new ClaimsIdentity());
+            var user = new ClaimsPrincipal(new ClaimsIdentity());
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -267,7 +252,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Permission", "CanViewPage"),
@@ -276,7 +261,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -287,7 +272,7 @@ namespace Microsoft.AspNet.Security.Test
         {
             // Arrange
             var authorizationService = BuildAuthorizationService();
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Permission", "CanViewComment"),
@@ -296,7 +281,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -309,7 +294,7 @@ namespace Microsoft.AspNet.Security.Test
             var policy = new AuthorizationPolicyBuilder().RequiresRole("Administrator")
                 .RequiresClaim(ClaimTypes.Role, "User");
             var authorizationService = BuildAuthorizationService();
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim(ClaimTypes.Role, "User"),
@@ -319,7 +304,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -331,7 +316,7 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var policy = new AuthorizationPolicyBuilder().RequiresClaim(ClaimTypes.Role);
             var authorizationService = BuildAuthorizationService();
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim(ClaimTypes.Role, ""),
@@ -340,7 +325,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -352,12 +337,46 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var policy = new AuthorizationPolicyBuilder("AuthType").RequiresClaim(ClaimTypes.Name);
             var authorizationService = BuildAuthorizationService();
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Name") }, "AuthType")
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task Authorize_PolicyWillFilterAuthenticationType()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder("Bogus").RequiresClaim(ClaimTypes.Name);
+            var authorizationService = BuildAuthorizationService();
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Name") }, "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public async Task Authorize_PolicyCanFilterMultipleAuthenticationType()
+        {
+            // Arrange
+            var policy = new AuthorizationPolicyBuilder("One", "Two").RequiresClaim(ClaimTypes.Name, "one").RequiresClaim(ClaimTypes.Name, "two");
+            var authorizationService = BuildAuthorizationService();
+            var user = new ClaimsPrincipal();
+            user.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "one") }, "One"));
+            user.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "two") }, "Two"));
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -369,12 +388,12 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var policy = new AuthorizationPolicyBuilder("AuthType").RequiresRole("Admin");
             var authorizationService = BuildAuthorizationService();
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, "Admin") }, "AuthType")
             );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -386,11 +405,11 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var policy = new AuthorizationPolicyBuilder("AuthType").RequiresRole("Admin", "Users");
             var authorizationService = BuildAuthorizationService();
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, "Users") }, "AuthType"));
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -402,7 +421,7 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
             var authorizationService = BuildAuthorizationService();
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim(ClaimTypes.Role, "Nope"),
@@ -411,7 +430,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(policy.Build(), context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
 
             // Assert
             Assert.False(allowed);
@@ -428,7 +447,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => policy.RequiresRole("Admin", "Users"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                     },
@@ -436,7 +455,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -453,7 +472,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Basic", policy => { });
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim(ClaimTypes.Name, "Name"),
@@ -462,7 +481,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Basic", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -479,7 +498,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Any", policy => policy.RequireAuthenticatedUser());
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim(ClaimTypes.Name, "Name"),
@@ -488,7 +507,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Any", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Any");
 
             // Assert
             Assert.True(allowed);
@@ -505,10 +524,10 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Any", policy => policy.RequireAuthenticatedUser());
                 });
             });
-            var context = SetupContext(new ClaimsIdentity());
+            var user = new ClaimsPrincipal(new ClaimsIdentity());
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Any", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Any");
 
             // Assert
             Assert.False(allowed);
@@ -517,9 +536,9 @@ namespace Microsoft.AspNet.Security.Test
         public class CustomRequirement : IAuthorizationRequirement { }
         public class CustomHandler : AuthorizationHandler<CustomRequirement>
         {
-            public override Task<bool> CheckAsync(AuthorizationContext context, CustomRequirement requirement)
+            public override void Handle(AuthorizationContext context, CustomRequirement requirement)
             {
-                return Task.FromResult(true);
+                context.Succeed(requirement);
             }
         }
 
@@ -534,10 +553,10 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
                 });
             });
-            var context = SetupContext();
+            var user = new ClaimsPrincipal();
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Custom", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Custom");
 
             // Assert
             Assert.False(allowed);
@@ -555,10 +574,10 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
                 });
             });
-            var context = SetupContext();
+            var user = new ClaimsPrincipal();
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Custom", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Custom");
 
             // Assert
             Assert.True(allowed);
@@ -573,9 +592,11 @@ namespace Microsoft.AspNet.Security.Test
 
             public bool Succeed { get; set; }
 
-            public override Task<bool> CheckAsync(AuthorizationContext context, PassThroughRequirement requirement)
+            public override void Handle(AuthorizationContext context, PassThroughRequirement requirement)
             {
-                return Task.FromResult(Succeed);
+                if (Succeed) {
+                    context.Succeed(requirement);
+                }
             }
         }
 
@@ -592,10 +613,10 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Passthrough", policy => policy.Requirements.Add(new PassThroughRequirement(shouldSucceed)));
                 });
             });
-            var context = SetupContext();
+            var user = new ClaimsPrincipal();
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Passthrough", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Passthrough");
 
             // Assert
             Assert.Equal(shouldSucceed, allowed);
@@ -609,10 +630,10 @@ namespace Microsoft.AspNet.Security.Test
                 services.ConfigureAuthorization(options =>
                 {
                     var basePolicy = new AuthorizationPolicyBuilder().RequiresClaim("Base", "Value").Build();
-                    options.AddPolicy("Combineed", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
+                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Base", "Value"),
@@ -622,7 +643,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Combined", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Combined");
 
             // Assert
             Assert.True(allowed);
@@ -639,7 +660,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Claim", "Exists")
@@ -648,7 +669,7 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Combined", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Combined");
 
             // Assert
             Assert.False(allowed);
@@ -665,7 +686,7 @@ namespace Microsoft.AspNet.Security.Test
                     options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
                 });
             });
-            var context = SetupContext(
+            var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Base", "Value"),
@@ -674,10 +695,88 @@ namespace Microsoft.AspNet.Security.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync("Combined", context.Object);
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Combined");
 
             // Assert
             Assert.False(allowed);
         }
+
+        public class ExpenseReport { }
+
+        public static class Operations
+        {
+            public static OperationAuthorizationRequirement Edit = new OperationAuthorizationRequirement { Name = "Edit" };
+            public static OperationAuthorizationRequirement Create = new OperationAuthorizationRequirement { Name = "Create" };
+            public static OperationAuthorizationRequirement Delete = new OperationAuthorizationRequirement { Name = "Delete" };
+        }
+
+        public class ExpenseReportAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, ExpenseReport>
+        {
+            public ExpenseReportAuthorizationHandler(IEnumerable<OperationAuthorizationRequirement> authorized)
+            {
+                _allowed = authorized;
+            }
+
+            private IEnumerable<OperationAuthorizationRequirement> _allowed;
+
+            public override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
+            {
+                if (_allowed.Contains(requirement))
+                {
+                    context.Succeed(requirement);
+                }
+            }
+        }
+
+        public class SuperUserHandler : AuthorizationHandler<OperationAuthorizationRequirement>
+        {
+            public override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement)
+            {
+                if (context.User.HasClaim("SuperUser", "yes"))
+                {
+                    context.Succeed(requirement);
+                }
+            }
+        }
+
+        public async Task CanAuthorizeAllSuperuserOperations()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddInstance<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
+                services.AddTransient<IAuthorizationHandler, SuperUserHandler>();
+            });
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("SuperUser", "yes"),
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            // Assert
+            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Edit));
+            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Delete));
+            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Create));
+        }
+
+        public async Task CanAuthorizeOnlyAllowedOperations()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddInstance<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
+                services.AddTransient<IAuthorizationHandler, SuperUserHandler>();
+            });
+            var user = new ClaimsPrincipal();
+
+            // Act
+            // Assert
+            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Edit));
+            Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Delete));
+            Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Create));
+        }
     }
 }
\ No newline at end of file

From a15cb4ffe559d2c7bb2f0e748e4a10446bd530a6 Mon Sep 17 00:00:00 2001
From: Levi B <levib@yahoo.com>
Date: Tue, 17 Feb 2015 11:08:12 -0800
Subject: [PATCH 159/900] React to HttpRequest.IsSecure renaming

---
 .../CookieAuthenticationHandler.cs                            | 2 +-
 .../OpenidConnectAuthenticationHandler.cs                     | 4 ++--
 .../TwitterAuthenticationHandler.cs                           | 4 ++--
 .../Infrastructure/AuthenticationHandler.cs                   | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
index e290232575..c8f964ee7a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
@@ -150,7 +150,7 @@ namespace Microsoft.AspNet.Security.Cookies
                 };
                 if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
                 {
-                    cookieOptions.Secure = Request.IsSecure;
+                    cookieOptions.Secure = Request.IsHttps;
                 }
                 else
                 {
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index b30346e853..b51eb59034 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -472,7 +472,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 new CookieOptions
                 {
                     HttpOnly = true,
-                    Secure = Request.IsSecure
+                    Secure = Request.IsHttps
                 });
         }
 
@@ -502,7 +502,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                             var cookieOptions = new CookieOptions
                             {
                                 HttpOnly = true,
-                                Secure = Request.IsSecure
+                                Secure = Request.IsHttps
                             };
 
                             Response.Cookies.Delete(nonceKey, cookieOptions);
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
index 46dcd43f4c..b16c4a2184 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
@@ -108,7 +108,7 @@ namespace Microsoft.AspNet.Security.Twitter
                 var cookieOptions = new CookieOptions
                 {
                     HttpOnly = true,
-                    Secure = Request.IsSecure
+                    Secure = Request.IsHttps
                 };
 
                 Response.Cookies.Delete(StateCookie, cookieOptions);
@@ -167,7 +167,7 @@ namespace Microsoft.AspNet.Security.Twitter
                 var cookieOptions = new CookieOptions
                 {
                     HttpOnly = true,
-                    Secure = Request.IsSecure
+                    Secure = Request.IsHttps
                 };
 
                 Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
index fc847f4fa9..92b7889d58 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
@@ -393,7 +393,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                Secure = Request.IsSecure
+                Secure = Request.IsHttps
             };
 
             properties.Dictionary[correlationKey] = correlationId;
@@ -415,7 +415,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                Secure = Request.IsSecure
+                Secure = Request.IsHttps
             };
             Response.Cookies.Delete(correlationKey, cookieOptions);
 

From d864b725619cedab51d625a597d5cec0ea03e77b Mon Sep 17 00:00:00 2001
From: Levi B <levib@yahoo.com>
Date: Wed, 25 Feb 2015 17:11:21 -0800
Subject: [PATCH 160/900] React to DataProtection rename

---
 samples/SocialSample/Startup.cs                    |  2 +-
 .../CookieAuthenticationMiddleware.cs              |  4 ++--
 .../FacebookAuthenticationMiddleware.cs            |  2 +-
 .../GoogleAuthenticationMiddleware.cs              |  2 +-
 .../MicrosoftAccountAuthenticationMiddleware.cs    |  2 +-
 .../OAuthAuthenticationMiddleware.cs               | 14 +++++++-------
 src/Microsoft.AspNet.Security.OAuth/project.json   |  4 ++--
 .../OAuthBearerAuthenticationMiddleware.cs         |  1 -
 .../OpenIdConnectAuthenticationMiddleware.cs       |  6 +++---
 .../TwitterAuthenticationMiddleware.cs             |  4 ++--
 .../DataHandler/PropertiesDataFormat.cs            |  2 +-
 .../DataHandler/SecureDataFormat.cs                |  2 +-
 .../DataHandler/TicketDataFormat.cs                |  2 +-
 .../DataProtection/DataProtectionHelpers.cs        | 13 -------------
 src/Microsoft.AspNet.Security/project.json         |  2 +-
 .../Facebook/FacebookMiddlewareTests.cs            |  1 -
 .../Google/GoogleMiddlewareTests.cs                |  8 ++++----
 .../MicrosoftAccountMiddlewareTests.cs             |  8 ++++----
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs  |  2 +-
 .../Twitter/TwitterMiddlewareTests.cs              |  6 +++---
 20 files changed, 36 insertions(+), 51 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 6e7b5c6323..d0b8d92801 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -2,11 +2,11 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security;
 using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Google;
 using Microsoft.AspNet.Security.MicrosoftAccount;
 using Microsoft.AspNet.Security.OAuth;
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
index 8f1cc4b542..ba81365599 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
@@ -4,9 +4,9 @@
 
 using System;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Security.Cookies.Infrastructure;
 using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
@@ -35,7 +35,7 @@ namespace Microsoft.AspNet.Security.Cookies
             }
             if (Options.TicketDataFormat == null)
             {
-                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
+                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationType, "v2");
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
index 5f6eb525eb..4873ea2fd2 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Globalization;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
index 7de2530704..a72c0524f5 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
@@ -6,8 +6,8 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index ce50b7033e..5d0afe1f35 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Globalization;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.DataProtection;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
index 18dd9c9a86..c525af881b 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
@@ -1,16 +1,16 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataProtection;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Security.OAuth
 {
@@ -70,7 +70,7 @@ namespace Microsoft.AspNet.Security.OAuth
 
             if (Options.StateDataFormat == null)
             {
-                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
+                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
                     this.GetType().FullName, Options.AuthenticationType, "v1");
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Security.OAuth/project.json
index 39ba020fc7..d29f6d9144 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Security.OAuth/project.json
@@ -2,8 +2,8 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Security": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.Security": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 0403896ae2..d1ae0ad1a8 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -7,7 +7,6 @@ using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index bbe59f50d2..9e6baf45d9 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -8,11 +8,11 @@ using System.IdentityModel.Tokens;
 using System.Net.Http;
 using System.Text;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
@@ -53,7 +53,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
 
             if (Options.StateDataFormat == null)
             {
-                var dataProtector = dataProtectionProvider.CreateDataProtector(
+                var dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(OpenIdConnectAuthenticationMiddleware).FullName, 
 					typeof(string).FullName,
                     Options.AuthenticationType,
@@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
 
             if (Options.StringDataFormat == null)
             {
-                var dataProtector = dataProtectionProvider.CreateDataProtector(
+                var dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(OpenIdConnectAuthenticationMiddleware).FullName,
                     typeof(string).FullName,
                     Options.AuthenticationType,
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
index 6c4204a4b6..98cdbdf377 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
@@ -6,9 +6,9 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.AspNet.Security.Twitter.Messages;
 using Microsoft.Framework.Logging;
@@ -60,7 +60,7 @@ namespace Microsoft.AspNet.Security.Twitter
             }
             if (Options.StateDataFormat == null)
             {
-                IDataProtector dataProtector = dataProtectionProvider.CreateDataProtector(
+                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(TwitterAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1");
                 Options.StateDataFormat = new SecureDataFormat<RequestToken>(
                     Serializers.RequestToken,
diff --git a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
index 050f9d24ee..19a11a2522 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
-using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet.Security.DataHandler
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
index e10d17db12..0c314fbf2c 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
@@ -3,9 +3,9 @@
 
 
 using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
-using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet.Security.DataHandler
 {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
index acc731e0ba..b54f166662 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Security.DataHandler.Encoder;
 using Microsoft.AspNet.Security.DataHandler.Serializer;
-using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet.Security.DataHandler
 {
diff --git a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs b/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
deleted file mode 100644
index 986bc8dc80..0000000000
--- a/src/Microsoft.AspNet.Security/DataProtection/DataProtectionHelpers.cs
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNet.Security.DataProtection
-{
-    public static class DataProtectionHelpers
-    {
-        public static IDataProtector CreateDataProtector([NotNull] this IDataProtectionProvider dataProtectionProvider, params string[] purposes)
-        {
-            return dataProtectionProvider.CreateProtector(string.Join(";", purposes));
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json
index af2d2fb981..62d2233183 100644
--- a/src/Microsoft.AspNet.Security/project.json
+++ b/src/Microsoft.AspNet.Security/project.json
@@ -2,10 +2,10 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
         "Microsoft.AspNet.Http.Core": "1.0.0-*",
-        "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*"
     },
     "frameworks": {
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
index 7377d1a1f1..42137b1426 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
@@ -9,7 +9,6 @@ using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Shouldly;
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
index 5b6046aa9c..e019512f7f 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
@@ -12,17 +12,17 @@ using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.AspNet.Security.DataProtection;
-using Microsoft.AspNet.Security.DataHandler;
 
 namespace Microsoft.AspNet.Security.Google
 {
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 8fd06d8c97..0f3a9355c2 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -12,18 +12,18 @@ using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Security.DataHandler;
 using Microsoft.AspNet.Security.MicrosoftAccount;
 using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
 {
diff --git a/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index e3a5df4718..d2d22a342c 100644
--- a/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -14,11 +14,11 @@ using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Security;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataProtection;
 using Microsoft.AspNet.Security.OpenIdConnect;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
index 36a829404b..cb98aef0ce 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
@@ -8,16 +8,16 @@ using System.Net.Http;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Security.Cookies;
 using Microsoft.AspNet.Security.Twitter;
 using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.OptionsModel;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.AspNet.Security.DataProtection;
 
 namespace Microsoft.AspNet.Security.Twitter
 {

From 775eb5ece452e10a27aa166f52b58a6c0b615d18 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 2 Mar 2015 15:33:52 -0800
Subject: [PATCH 161/900] Split Security into AuthN/AuthZ

AuthenticationType -> Scheme
Move Active/Passive into AutomaticAuthenticationHandler
Security -> Authorization/Authentication assemblies
401-403 logic
Switch from ClaimsIdentity to ClaimsPrincipal
---
 samples/CookieSample/Startup.cs               |   5 +-
 samples/CookieSample/project.json             |   2 +-
 .../MemoryCacheSessionStore.cs                |   4 +-
 samples/CookieSessionSample/Startup.cs        |   5 +-
 samples/CookieSessionSample/project.json      |   2 +-
 samples/OpenIdConnectSample/Startup.cs        |  12 +-
 samples/OpenIdConnectSample/project.json      |   4 +-
 samples/SocialSample/Startup.cs               |  37 ++---
 samples/SocialSample/project.json             |  10 +-
 .../CookieAuthenticationDefaults.cs           |   7 +-
 .../CookieAuthenticationExtensions.cs         |   4 +-
 .../CookieAuthenticationHandler.cs            |  51 +++----
 .../CookieAuthenticationMiddleware.cs         |  14 +-
 .../CookieAuthenticationOptions.cs            |  13 +-
 .../CookieSecureOption.cs                     |   2 +-
 .../Infrastructure/ChunkingCookieManager.cs   |   2 +-
 .../Infrastructure/Constants.cs               |   2 +-
 .../IAuthenticationSessionStore.cs            |   2 +-
 .../Infrastructure/ICookieManager.cs          |   2 +-
 ...osoft.AspNet.Authentication.Cookies.kproj} |   4 +-
 .../NotNullAttribute.cs                       |   2 +-
 .../CookieApplyRedirectContext.cs             |   4 +-
 .../CookieAuthenticationNotifications.cs      |  10 +-
 .../Notifications/CookieExceptionContext.cs   |   4 +-
 .../CookieResponseSignInContext.cs            |  24 ++--
 .../CookieResponseSignOutContext.cs           |   4 +-
 .../CookieResponseSignedInContext.cs          |  24 ++--
 .../CookieValidateIdentityContext.cs          |  36 +++--
 .../Notifications/DefaultBehavior.cs          |   2 +-
 .../ICookieAuthenticationNotifications.cs     |   8 +-
 .../Resources.Designer.cs                     |   4 +-
 .../Resources.resx                            |   0
 .../project.json                              |   2 +-
 .../FacebookAuthenticationDefaults.cs         |   4 +-
 .../FacebookAuthenticationExtensions.cs       |   2 +-
 .../FacebookAuthenticationHandler.cs          |  25 ++--
 .../FacebookAuthenticationMiddleware.cs       |   6 +-
 .../FacebookAuthenticationOptions.cs          |   8 +-
 ...soft.AspNet.Authentication.Facebook.kproj} |   4 +-
 .../NotNullAttribute.cs                       |  12 ++
 .../FacebookAuthenticatedContext.cs           |   4 +-
 .../FacebookAuthenticationNotifications.cs    |   4 +-
 .../IFacebookAuthenticationNotifications.cs   |   4 +-
 .../Resources.Designer.cs                     |   4 +-
 .../Resources.resx                            |   0
 .../project.json                              |   2 +-
 .../GoogleAuthenticationDefaults.cs           |   4 +-
 .../GoogleAuthenticationExtensions.cs         |   2 +-
 .../GoogleAuthenticationHandler.cs            |  37 ++---
 .../GoogleAuthenticationMiddleware.cs         |   8 +-
 .../GoogleAuthenticationOptions.cs            |  10 +-
 ...rosoft.AspNet.Authentication.Google.kproj} |   4 +-
 .../NotNullAttribute.cs                       |   2 +-
 .../GoogleAuthenticatedContext.cs             |   6 +-
 .../GoogleAuthenticationNotifications.cs      |   4 +-
 .../IGoogleAuthenticationNotifications.cs     |   4 +-
 .../Resources.Designer.cs                     |   4 +-
 .../Resources.resx                            |   0
 .../project.json                              |   2 +-
 ...Net.Authentication.MicrosoftAccount.kproj} |   0
 .../MicrosoftAccountAuthenticationDefaults.cs |   4 +-
 ...icrosoftAccountAuthenticationExtensions.cs |   2 +-
 .../MicrosoftAccountAuthenticationHandler.cs  |  23 ++--
 ...icrosoftAccountAuthenticationMiddleware.cs |   6 +-
 .../MicrosoftAccountAuthenticationOptions.cs  |   8 +-
 .../NotNullAttribute.cs                       |  12 ++
 ...osoftAccountAuthenticationNotifications.cs |   4 +-
 .../MicrosoftAccountAuthenticatedContext.cs   |   4 +-
 ...osoftAccountAuthenticationNotifications.cs |   4 +-
 .../Resources.Designer.cs                     |   4 +-
 .../Resources.resx                            |   0
 .../project.json                              |   2 +-
 ...crosoft.AspNet.Authentication.OAuth.kproj} |   4 +-
 .../NotNullAttribute.cs                       |   2 +-
 .../Notifications/BaseValidatingContext.cs    |   4 +-
 .../BaseValidatingTicketContext.cs            |   9 +-
 .../IOAuthAuthenticationNotifications.cs      |   2 +-
 .../OAuthApplyRedirectContext.cs              |   6 +-
 .../OAuthAuthenticatedContext.cs              |  10 +-
 .../OAuthAuthenticationNotifications.cs       |   2 +-
 .../Notifications/OAuthChallengeContext.cs    |   4 +-
 .../OAuthGetUserInformationContext.cs         |  10 +-
 .../Notifications/OAuthRequestTokenContext.cs |   4 +-
 .../OAuthReturnEndpointContext.cs             |   4 +-
 .../OAuthAuthenticationDefaults.cs            |  14 +-
 .../OAuthAuthenticationExtensions.cs          |  12 +-
 .../OAuthAuthenticationHandler.cs             |  33 ++---
 .../OAuthAuthenticationMiddleware.cs          |  20 +--
 .../OAuthAuthenticationOptions.cs             |  12 +-
 .../OAuthAuthenticationOptions`1.cs           |   2 +-
 .../Resources.Designer.cs                     |   4 +-
 .../Resources.resx                            |   0
 .../TokenResponse.cs                          |   2 +-
 .../project.json                              |   2 +-
 ...t.AspNet.Authentication.OAuthBearer.kproj} |   0
 .../NotNullAttribute.cs                       |   2 +-
 .../AuthenticationChallengeNotification.cs    |   4 +-
 .../OAuthBearerAuthenticationNotifications.cs |   4 +-
 .../OAuthBearerAuthenticationDefaults.cs      |   6 +-
 .../OAuthBearerAuthenticationExtensions.cs    |   2 +-
 .../OAuthBearerAuthenticationHandler.cs       |  17 ++-
 .../OAuthBearerAuthenticationMiddleware.cs    |   4 +-
 .../OAuthBearerAuthenticationOptions.cs       |  10 +-
 .../Resources.Designer.cs                     |   4 +-
 .../Resources.resx                            |   0
 .../project.json                              |   2 +-
 .../INonceCache.cs                            |   2 +-
 ...AspNet.Authentication.OpenIdConnect.kproj} |   0
 .../AuthorizationCodeReceivedNotification.cs  |   4 +-
 .../OpenIdConnectAuthenticationDefaults.cs    |   6 +-
 .../OpenIdConnectAuthenticationExtensions.cs  |   2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs  |  16 +--
 ...penIdConnectAuthenticationNotifications.cs |   4 +-
 .../OpenIdConnectAuthenticationOptions.cs     |  21 +--
 .../OpenidConnectAuthenticationHandler.cs     |  16 +--
 .../Resources.Designer.cs                     |   2 +-
 .../Resources.resx                            |   0
 .../project.json                              |   2 +-
 .../Messages/AccessToken.cs                   |   2 +-
 .../Messages/RequestToken.cs                  |   4 +-
 .../Messages/RequestTokenSerializer.cs        |   6 +-
 .../Messages/Serializers.cs                   |   4 +-
 ...osoft.AspNet.Authentication.Twitter.kproj} |   4 +-
 .../NotNullAttribute.cs                       |  12 ++
 .../ITwitterAuthenticationNotifications.cs    |   2 +-
 .../TwitterApplyRedirectContext.cs            |   6 +-
 .../TwitterAuthenticatedContext.cs            |  10 +-
 .../TwitterAuthenticationNotifications.cs     |   2 +-
 .../TwitterReturnEndpointContext.cs           |   4 +-
 .../Resources.Designer.cs                     |   4 +-
 .../Resources.resx                            |   0
 .../TwitterAuthenticationDefaults.cs          |   4 +-
 .../TwitterAuthenticationExtensions.cs        |   4 +-
 .../TwitterAuthenticationHandler.cs           |  58 ++++----
 .../TwitterAuthenticationMiddleware.cs        |  19 ++-
 .../TwitterAuthenticationOptions.cs           |  11 +-
 .../project.json                              |   2 +-
 .../AuthenticationHandler.cs                  |  84 ++++++------
 .../AuthenticationHandler`1.cs                |   5 +-
 .../AuthenticationMiddleware.cs               |   5 +-
 .../AuthenticationOptions.cs                  |  34 +++++
 .../AuthenticationTicket.cs                   |  29 ++--
 .../AuthenticationTokenCreateContext.cs       |   4 +-
 .../AuthenticationTokenProvider.cs            |   2 +-
 .../AuthenticationTokenReceiveContext.cs      |   4 +-
 .../AutomaticAuthenticationHandler.cs         | 112 +++++++++++++++
 .../AutomaticAuthenticationOptions.cs         |  20 +++
 ...ertificateSubjectKeyIdentifierValidator.cs |   2 +-
 ...ertificateSubjectPublicKeyInfoValidator.cs |   2 +-
 .../CertificateThumbprintValidator.cs         |   2 +-
 .../Constants.cs                              |   2 +-
 .../DataHandler/Encoder/Base64TextEncoder.cs  |   2 +-
 .../Encoder/Base64UrlTextEncoder.cs           |   2 +-
 .../DataHandler/Encoder/ITextEncoder.cs       |   2 +-
 .../DataHandler/Encoder/TextEncodings.cs      |   2 +-
 .../DataHandler/ISecureDataFormat.cs          |   2 +-
 .../DataHandler/PropertiesDataFormat.cs       |   8 +-
 .../DataHandler/SecureDataFormat.cs           |   8 +-
 .../DataHandler/Serializer/DataSerializers.cs |   4 +-
 .../DataHandler/Serializer/IDataSerializer.cs |   2 +-
 .../Serializer/PropertiesSerializer.cs        |   4 +-
 .../Serializer/TicketSerializer.cs            |  65 +++++----
 .../DataHandler/TicketDataFormat.cs           |   7 +-
 .../ExternalAuthenticationOptions.cs          |   4 +-
 .../HttpContextExtensions.cs                  |   6 +-
 .../IAuthenticationTokenProvider.cs           |   2 +-
 .../ICertificateValidator.cs                  |   2 +-
 .../ISystemClock.cs                           |   2 +-
 .../Microsoft.AspNet.Authentication.kproj}    |   4 +-
 .../NotNullAttribute.cs                       |   2 +-
 .../AuthenticationFailedNotification.cs       |   2 +-
 .../Notifications/BaseContext.cs              |   2 +-
 .../Notifications/BaseContext`1.cs            |   2 +-
 .../Notifications/BaseNotification.cs         |   2 +-
 .../Notifications/EndpointContext.cs          |   2 +-
 .../Notifications/EndpointContext`1.cs        |   2 +-
 .../MessageReceivedNotification.cs            |   2 +-
 .../Notifications/NotificationResultState.cs  |   2 +-
 ...edirectFromIdentityProviderNotification.cs |   4 +-
 .../RedirectToIdentityProviderNotification.cs |   2 +-
 .../Notifications/ReturnEndpointContext.cs    |  10 +-
 .../SecurityTokenReceivedNotification.cs      |   2 +-
 .../SecurityTokenValidatedNotification.cs     |   2 +-
 .../Properties/Resources.Designer.cs          |  78 +++++++++++
 .../Resources.resx                            | 129 ++++++++++++++++++
 .../SecurityHelper.cs                         |  39 ++++++
 .../SignInContext.cs}                         |  12 +-
 .../SubjectPublicKeyInfoAlgorithm.cs          |   2 +-
 .../SystemClock.cs                            |   2 +-
 .../Win32.cs                                  |   0
 .../project.json                              |   0
 .../AuthorizationContext.cs                   |   2 +-
 .../AuthorizationHandler.cs                   |   2 +-
 .../AuthorizationOptions.cs                   |   2 +-
 .../AuthorizationPolicy.cs                    |  14 +-
 .../AuthorizationPolicyBuilder.cs             |  38 +++---
 .../AuthorizationServiceExtensions.cs         |  24 ++--
 .../AuthorizeAttribute.cs                     |   4 +-
 .../ClaimsAuthorizationHandler.cs             |   2 +-
 .../ClaimsAuthorizationRequirement.cs         |   2 +-
 .../ClaimsTransformationOptions.cs            |   2 +-
 .../DefaultAuthorizationService.cs            |   2 +-
 .../DenyAnonymousAuthorizationHandler.cs      |   2 +-
 .../DenyAnonymousAuthorizationRequirement.cs  |   4 +-
 .../IAuthorizationHandler.cs                  |   2 +-
 .../IAuthorizationRequirement.cs              |   2 +-
 .../IAuthorizationService.cs                  |   2 +-
 .../Microsoft.AspNet.Authorization.kproj      |  17 +++
 .../NotNullAttribute.cs                       |   2 +-
 .../OperationAuthorizationRequirement.cs      |   2 +-
 .../PassThroughAuthorizationHandler.cs        |   2 +-
 .../Properties/Resources.Designer.cs          |   4 +-
 .../Resources.resx                            |   0
 .../ServiceCollectionExtensions.cs            |   2 +-
 .../project.json                              |  13 ++
 .../NotNullAttribute.cs                       |  12 --
 .../NotNullAttribute.cs                       |  12 --
 .../AuthenticationMode.cs                     |  24 ----
 .../AuthenticationOptions.cs                  |  41 ------
 .../Infrastructure/SecurityHelper.cs          |  84 ------------
 .../AuthenticationHandlerFacts.cs             | 110 +++++++++++++++
 ...icateSubjectKeyIdentifierValidatorTests.cs |   2 +-
 ...icateSubjectPublicKeyInfoValidatorTests.cs |   2 +-
 .../CertificateThumbprintValidatorTests.cs    |   2 +-
 .../Cookies/CookieMiddlewareTests.cs          | 104 ++++++++++++--
 .../Infrastructure/CookieChunkingTests.cs     |   2 +-
 .../Encoder/Base64UrlTextEncoderTests.cs      |   2 +-
 .../Facebook/FacebookMiddlewareTests.cs       |  10 +-
 .../Google/GoogleMiddlewareTests.cs           |  76 ++---------
 ...crosoft.AspNet.Authentication.Tests.kproj} |   0
 .../MicrosoftAccountMiddlewareTests.cs        |  27 ++--
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |  51 +++++--
 .../OpenIdConnectMiddlewareTests.cs           |  23 ++--
 .../SecurityHelperTests.cs                    |  63 +++++++++
 .../TestClock.cs                              |   4 +-
 .../Twitter/TwitterMiddlewareTests.cs         |  10 +-
 .../katanatest.redmond.corp.microsoft.com.cer | Bin
 .../project.json                              |  27 ++++
 .../selfSigned.cer                            | Bin
 .../AuthorizationPolicyFacts.cs               |  19 +--
 .../DefaultAuthorizationServiceTests.cs       | 116 +++++++++++-----
 ...Microsoft.AspNet.Authorization.Tests.kproj |  17 +++
 .../project.json                              |  20 +++
 .../SecurityHelperTests.cs                    | 103 --------------
 .../project.json                              |  27 ----
 245 files changed, 1701 insertions(+), 1169 deletions(-)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/CookieAuthenticationDefaults.cs (92%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/CookieAuthenticationExtensions.cs (97%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/CookieAuthenticationHandler.cs (87%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/CookieAuthenticationMiddleware.cs (84%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/CookieAuthenticationOptions.cs (95%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/CookieSecureOption.cs (97%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Infrastructure/ChunkingCookieManager.cs (99%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Infrastructure/Constants.cs (84%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Infrastructure/IAuthenticationSessionStore.cs (96%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Infrastructure/ICookieManager.cs (95%)
 rename src/{Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj => Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj} (95%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Cookies}/NotNullAttribute.cs (86%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/CookieApplyRedirectContext.cs (93%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/CookieAuthenticationNotifications.cs (92%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/CookieExceptionContext.cs (96%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/CookieResponseSignInContext.cs (74%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/CookieResponseSignOutContext.cs (91%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/CookieResponseSignedInContext.cs (67%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/CookieValidateIdentityContext.cs (53%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/DefaultBehavior.cs (97%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Notifications/ICookieAuthenticationNotifications.cs (88%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Cookies}/project.json (85%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/FacebookAuthenticationDefaults.cs (82%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/FacebookAuthenticationExtensions.cs (96%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/FacebookAuthenticationHandler.cs (78%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/FacebookAuthenticationMiddleware.cs (95%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/FacebookAuthenticationOptions.cs (88%)
 rename src/{Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj => Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj} (95%)
 create mode 100644 src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/Notifications/FacebookAuthenticatedContext.cs (95%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/Notifications/FacebookAuthenticationNotifications.cs (94%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/Notifications/IFacebookAuthenticationNotifications.cs (90%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/Resources.Designer.cs (94%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.Facebook => Microsoft.AspNet.Authentication.Facebook}/project.json (81%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/GoogleAuthenticationDefaults.cs (83%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/GoogleAuthenticationExtensions.cs (97%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/GoogleAuthenticationHandler.cs (78%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/GoogleAuthenticationMiddleware.cs (94%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/GoogleAuthenticationOptions.cs (81%)
 rename src/{Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj => Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj} (95%)
 rename src/{Microsoft.AspNet.Security.Cookies => Microsoft.AspNet.Authentication.Google}/NotNullAttribute.cs (87%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/Notifications/GoogleAuthenticatedContext.cs (96%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/Notifications/GoogleAuthenticationNotifications.cs (94%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/Notifications/IGoogleAuthenticationNotifications.cs (91%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.Google}/project.json (81%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj => Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj} (100%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/MicrosoftAccountAuthenticationDefaults.cs (81%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/MicrosoftAccountAuthenticationExtensions.cs (95%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/MicrosoftAccountAuthenticationHandler.cs (73%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/MicrosoftAccountAuthenticationMiddleware.cs (95%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/MicrosoftAccountAuthenticationOptions.cs (80%)
 create mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/Notifications/IMicrosoftAccountAuthenticationNotifications.cs (90%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/Notifications/MicrosoftAccountAuthenticatedContext.cs (96%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/Notifications/MicrosoftAccountAuthenticationNotifications.cs (93%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.MicrosoftAccount}/project.json (87%)
 rename src/{Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj => Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj} (95%)
 rename src/{Microsoft.AspNet.Security.Google => Microsoft.AspNet.Authentication.OAuth}/NotNullAttribute.cs (87%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/BaseValidatingContext.cs (97%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/BaseValidatingTicketContext.cs (87%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/IOAuthAuthenticationNotifications.cs (97%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/OAuthApplyRedirectContext.cs (90%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/OAuthAuthenticatedContext.cs (92%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/OAuthAuthenticationNotifications.cs (98%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/OAuthChallengeContext.cs (90%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/OAuthGetUserInformationContext.cs (90%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/OAuthRequestTokenContext.cs (90%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Notifications/OAuthReturnEndpointContext.cs (89%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/OAuthAuthenticationDefaults.cs (87%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/OAuthAuthenticationExtensions.cs (81%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/OAuthAuthenticationHandler.cs (85%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/OAuthAuthenticationMiddleware.cs (92%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/OAuthAuthenticationOptions.cs (92%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/OAuthAuthenticationOptions`1.cs (93%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuth}/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/TokenResponse.cs (94%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuth}/project.json (91%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj => Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.kproj} (100%)
 rename src/{Microsoft.AspNet.Security.MicrosoftAccount => Microsoft.AspNet.Authentication.OAuthBearer}/NotNullAttribute.cs (86%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/Notifications/AuthenticationChallengeNotification.cs (81%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/Notifications/OAuthBearerAuthenticationNotifications.cs (96%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/OAuthBearerAuthenticationDefaults.cs (68%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/OAuthBearerAuthenticationExtensions.cs (97%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/OAuthBearerAuthenticationHandler.cs (94%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/OAuthBearerAuthenticationMiddleware.cs (98%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/OAuthBearerAuthenticationOptions.cs (95%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication.OAuthBearer}/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.OAuthBearer => Microsoft.AspNet.Authentication.OAuthBearer}/project.json (92%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/INonceCache.cs (86%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj => Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj} (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/Notifications/AuthorizationCodeReceivedNotification.cs (94%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/OpenIdConnectAuthenticationDefaults.cs (90%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/OpenIdConnectAuthenticationExtensions.cs (96%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/OpenIdConnectAuthenticationMiddleware.cs (94%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/OpenIdConnectAuthenticationNotifications.cs (96%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/OpenIdConnectAuthenticationOptions.cs (94%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/OpenidConnectAuthenticationHandler.cs (97%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/Resources.Designer.cs (98%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.OpenIdConnect => Microsoft.AspNet.Authentication.OpenIdConnect}/project.json (90%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Messages/AccessToken.cs (91%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Messages/RequestToken.cs (89%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Messages/RequestTokenSerializer.cs (95%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Messages/Serializers.cs (85%)
 rename src/{Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj => Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj} (95%)
 create mode 100644 src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Notifications/ITwitterAuthenticationNotifications.cs (97%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Notifications/TwitterApplyRedirectContext.cs (91%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Notifications/TwitterAuthenticatedContext.cs (88%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Notifications/TwitterAuthenticationNotifications.cs (98%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Notifications/TwitterReturnEndpointContext.cs (88%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/TwitterAuthenticationDefaults.cs (69%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/TwitterAuthenticationExtensions.cs (93%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/TwitterAuthenticationHandler.cs (86%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/TwitterAuthenticationMiddleware.cs (90%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/TwitterAuthenticationOptions.cs (92%)
 rename src/{Microsoft.AspNet.Security.Twitter => Microsoft.AspNet.Authentication.Twitter}/project.json (90%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/AuthenticationHandler.cs (83%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/AuthenticationHandler`1.cs (90%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/AuthenticationMiddleware.cs (95%)
 create mode 100644 src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/AuthenticationTicket.cs (59%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/AuthenticationTokenCreateContext.cs (91%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/AuthenticationTokenProvider.cs (98%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/AuthenticationTokenReceiveContext.cs (88%)
 create mode 100644 src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/CertificateSubjectKeyIdentifierValidator.cs (98%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/CertificateSubjectPublicKeyInfoValidator.cs (99%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/CertificateThumbprintValidator.cs (98%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/Constants.cs (88%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Encoder/Base64TextEncoder.cs (88%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Encoder/Base64UrlTextEncoder.cs (93%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Encoder/ITextEncoder.cs (83%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Encoder/TextEncodings.cs (91%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/ISecureDataFormat.cs (88%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/PropertiesDataFormat.cs (69%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/SecureDataFormat.cs (92%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Serializer/DataSerializers.cs (84%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Serializer/IDataSerializer.cs (83%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Serializer/PropertiesSerializer.cs (95%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/Serializer/TicketSerializer.cs (52%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/DataHandler/TicketDataFormat.cs (72%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/ExternalAuthenticationOptions.cs (72%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/HttpContextExtensions.cs (82%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/IAuthenticationTokenProvider.cs (91%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/ICertificateValidator.cs (97%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/ISystemClock.cs (90%)
 rename src/{Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj => Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj} (95%)
 rename src/{Microsoft.AspNet.Security.OAuth => Microsoft.AspNet.Authentication}/NotNullAttribute.cs (88%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/AuthenticationFailedNotification.cs (91%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/BaseContext.cs (92%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/BaseContext`1.cs (93%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/BaseNotification.cs (96%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/EndpointContext.cs (90%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/EndpointContext`1.cs (95%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/MessageReceivedNotification.cs (92%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/NotificationResultState.cs (92%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/RedirectFromIdentityProviderNotification.cs (84%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/RedirectToIdentityProviderNotification.cs (90%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/ReturnEndpointContext.cs (77%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/SecurityTokenReceivedNotification.cs (91%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Notifications/SecurityTokenValidatedNotification.cs (90%)
 create mode 100644 src/Microsoft.AspNet.Authentication/Properties/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/Resources.resx
 create mode 100644 src/Microsoft.AspNet.Authentication/SecurityHelper.cs
 rename src/{Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs => Microsoft.AspNet.Authentication/SignInContext.cs} (53%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/SubjectPublicKeyInfoAlgorithm.cs (94%)
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authentication}/SystemClock.cs (94%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/Win32.cs (100%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authentication}/project.json (100%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/AuthorizationContext.cs (97%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/AuthorizationHandler.cs (98%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/AuthorizationOptions.cs (96%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/AuthorizationPolicy.cs (87%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/AuthorizationPolicyBuilder.cs (60%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/AuthorizationServiceExtensions.cs (69%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/AuthorizeAttribute.cs (86%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/ClaimsAuthorizationHandler.cs (96%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/ClaimsAuthorizationRequirement.cs (93%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/ClaimsTransformationOptions.cs (90%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/DefaultAuthorizationService.cs (98%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/DenyAnonymousAuthorizationHandler.cs (95%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/DenyAnonymousAuthorizationRequirement.cs (77%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/IAuthorizationHandler.cs (90%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/IAuthorizationRequirement.cs (85%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/IAuthorizationService.cs (98%)
 create mode 100644 src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.kproj
 rename src/{Microsoft.AspNet.Security/Infrastructure => Microsoft.AspNet.Authorization}/NotNullAttribute.cs (89%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/OperationAuthorizationRequirement.cs (88%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/PassThroughAuthorizationHandler.cs (95%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/Properties/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Security => Microsoft.AspNet.Authorization}/ServiceCollectionExtensions.cs (97%)
 create mode 100644 src/Microsoft.AspNet.Authorization/project.json
 delete mode 100644 src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Security/AuthenticationMode.cs
 delete mode 100644 src/Microsoft.AspNet.Security/AuthenticationOptions.cs
 delete mode 100644 src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/CertificateSubjectKeyIdentifierValidatorTests.cs (99%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/CertificateSubjectPublicKeyInfoValidatorTests.cs (99%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/CertificateThumbprintValidatorTests.cs (99%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/Cookies/CookieMiddlewareTests.cs (83%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/Cookies/Infrastructure/CookieChunkingTests.cs (99%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/DataHandler/Encoder/Base64UrlTextEncoderTests.cs (94%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/Facebook/FacebookMiddlewareTests.cs (94%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/Google/GoogleMiddlewareTests.cs (88%)
 rename test/{Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj => Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.kproj} (100%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs (92%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/OAuthBearer/OAuthBearerMiddlewareTests.cs (82%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/OpenIdConnect/OpenIdConnectMiddlewareTests.cs (94%)
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/TestClock.cs (86%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/Twitter/TwitterMiddlewareTests.cs (96%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/katanatest.redmond.corp.microsoft.com.cer (100%)
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/project.json
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authentication.Test}/selfSigned.cer (100%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authorization.Test}/AuthorizationPolicyFacts.cs (67%)
 rename test/{Microsoft.AspNet.Security.Test => Microsoft.AspNet.Authorization.Test}/DefaultAuthorizationServiceTests.cs (89%)
 create mode 100644 test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.kproj
 create mode 100644 test/Microsoft.AspNet.Authorization.Test/project.json
 delete mode 100644 test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
 delete mode 100644 test/Microsoft.AspNet.Security.Test/project.json

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 7e481c220e..d5b0814fa2 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,7 +1,7 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
 
 namespace CookieSample
@@ -23,8 +23,7 @@ namespace CookieSample
             {
                 if (context.User == null || !context.User.Identity.IsAuthenticated)
                 {
-                    context.Response.SignIn(new ClaimsIdentity(new[] { new Claim("name", "bob") }, CookieAuthenticationDefaults.AuthenticationType));                    
-
+                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "bob") })));
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 2cda02680e..4840de91aa 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,6 +1,6 @@
 {
     "dependencies": {
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Kestrel": "1.0.0-*"
diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
index 9877ded68d..4bb62d3aba 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -1,7 +1,7 @@
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security;
-using Microsoft.AspNet.Security.Cookies.Infrastructure;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
 using Microsoft.Framework.Cache.Memory;
 
 namespace CookieSessionSample
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index ff72c04694..dacb7956fc 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -2,7 +2,7 @@ using System.Collections.Generic;
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
 
 namespace CookieSessionSample
@@ -32,8 +32,7 @@ namespace CookieSessionSample
                     {
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                     }
-                    context.Response.SignIn(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType));                    
-
+                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(claims)));
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 684c765174..18401fb77c 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,6 +1,6 @@
 {
     "dependencies": {
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Cache.Memory": "1.0.0-*",
         "Kestrel": "1.0.0-*",
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index bd443424ef..c232bc349b 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,9 +1,9 @@
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.Framework.DependencyInjection;
 
 namespace OpenIdConnectSample
@@ -17,7 +17,7 @@ namespace OpenIdConnectSample
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
-                    options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
 
             });
@@ -37,7 +37,7 @@ namespace OpenIdConnectSample
             {
                 if (context.User == null || !context.User.Identity.IsAuthenticated)
                 {
-                    context.Response.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
+                    context.Response.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 65652110bb..382c6b1691 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,9 +1,9 @@
 {
     "dependencies": {
         "Kestrel": "1.0.0-*",
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.AspNet.Security.OpenIdConnect": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
     },
     "frameworks": {
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index d0b8d92801..dab45953da 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -4,12 +4,12 @@ using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.Google;
-using Microsoft.AspNet.Security.MicrosoftAccount;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.Google;
+using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.Framework.DependencyInjection;
 using Newtonsoft.Json.Linq;
 
@@ -26,7 +26,7 @@ namespace CookieSample
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
-                    options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
             });
 
@@ -121,6 +121,7 @@ namespace CookieSample
                 options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
                 options.TokenEndpoint = "https://github.com/login/oauth/access_token";
                 options.UserInformationEndpoint = "https://api.github.com/user";
+                options.ClaimsIssuer = "OAuth2-Github";
                 // Retrieving user information is unique to each provider.
                 options.Notifications = new OAuthAuthenticationNotifications()
                 {
@@ -136,7 +137,7 @@ namespace CookieSample
                         JObject user = JObject.Parse(text);
 
                         var identity = new ClaimsIdentity(
-                            context.Options.AuthenticationType,
+                            context.Options.AuthenticationScheme,
                             ClaimsIdentity.DefaultNameClaimType,
                             ClaimsIdentity.DefaultRoleClaimType);
 
@@ -144,25 +145,25 @@ namespace CookieSample
                         var id = user.TryGetValue("id", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(id))
                         {
-                            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, id, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, id, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                         var userName = user.TryGetValue("login", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(userName))
                         {
-                            identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                         var name = user.TryGetValue("name", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(name))
                         {
-                            identity.AddClaim(new Claim("urn:github:name", name, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim("urn:github:name", name, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                         var link = user.TryGetValue("url", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(link))
                         {
-                            identity.AddClaim(new Claim("urn:github:url", link, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim("urn:github:url", link, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
 
-                        context.Identity = identity;
+                        context.Principal = new ClaimsPrincipal(identity);
                     },
                 };
             });
@@ -172,7 +173,7 @@ namespace CookieSample
             {
                 signoutApp.Run(async context =>
                 {
-                    string authType = context.Request.Query["authtype"];
+                    string authType = context.Request.Query["authscheme"];
                     if (!string.IsNullOrEmpty(authType))
                     {
                         // By default the client will be redirect back to the URL that issued the challenge (/login?authtype=foo),
@@ -183,10 +184,10 @@ namespace CookieSample
 
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
-                    await context.Response.WriteAsync("Choose an authentication type: <br>");
-                    foreach (var type in context.GetAuthenticationTypes())
+                    await context.Response.WriteAsync("Choose an authentication scheme: <br>");
+                    foreach (var type in context.GetAuthenticationSchemes())
                     {
-                        await context.Response.WriteAsync("<a href=\"?authtype=" + type.AuthenticationType + "\">" + (type.Caption ?? "(suppressed)") + "</a><br>");
+                        await context.Response.WriteAsync("<a href=\"?authscheme=" + type.AuthenticationScheme + "\">" + (type.Caption ?? "(suppressed)") + "</a><br>");
                     }
                     await context.Response.WriteAsync("</body></html>");
                 });
@@ -197,7 +198,7 @@ namespace CookieSample
             {
                 signoutApp.Run(async context =>
                 {
-                    context.Response.SignOut(CookieAuthenticationDefaults.AuthenticationType);
+                    context.Response.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index f457d3a9d4..d925cf66b4 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,11 +1,11 @@
 {
     "dependencies": {
         "Microsoft.AspNet.Diagnostics": "1.0.0-*",
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
-        "Microsoft.AspNet.Security.Google": "1.0.0-*",
-        "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
-        "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Kestrel": "1.0.0-*"
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
index 6ee3c8c5b9..d02b337f30 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -1,11 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Default values related to cookie-based authentication middleware
@@ -13,9 +12,9 @@ namespace Microsoft.AspNet.Security.Cookies
     public static class CookieAuthenticationDefaults
     {
         /// <summary>
-        /// The default value used for CookieAuthenticationOptions.AuthenticationType
+        /// The default value used for CookieAuthenticationOptions.AuthenticationScheme
         /// </summary>
-        public const string AuthenticationType = "Cookies";
+        public const string AuthenticationScheme = "Cookies";
 
         /// <summary>
         /// The prefix used to provide a default CookieAuthenticationOptions.CookieName
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationExtensions.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationExtensions.cs
index 191d44da82..08f4cc71a6 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationExtensions.cs
@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security.Cookies;
+using System;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
-using System;
 
 namespace Microsoft.AspNet.Builder
 {
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
similarity index 87%
rename from src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index c8f964ee7a..5a72a142e7 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -7,20 +7,19 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Logging;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
-    internal class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
+    internal class CookieAuthenticationHandler : AutomaticAuthenticationHandler<CookieAuthenticationOptions>
     {
         private const string HeaderNameCacheControl = "Cache-Control";
         private const string HeaderNamePragma = "Pragma";
         private const string HeaderNameExpires = "Expires";
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueMinusOne = "-1";
-        private const string SessionIdClaim = "Microsoft.AspNet.Security.Cookies-SessionId";
+        private const string SessionIdClaim = "Microsoft.AspNet.Authentication.Cookies-SessionId";
 
         private readonly ILogger _logger;
 
@@ -60,7 +59,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
                 if (Options.SessionStore != null)
                 {
-                    Claim claim = ticket.Identity.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
+                    Claim claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
                     if (claim == null)
                     {
                         _logger.WriteWarning(@"SessionId missing");
@@ -103,11 +102,11 @@ namespace Microsoft.AspNet.Security.Cookies
                     }
                 }
 
-                var context = new CookieValidateIdentityContext(Context, ticket, Options);
+                var context = new CookieValidatePrincipalContext(Context, ticket, Options);
 
-                await Options.Notifications.ValidateIdentity(context);
+                await Options.Notifications.ValidatePrincipal(context);
 
-                return new AuthenticationTicket(context.Identity, context.Properties);
+                return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
             }
             catch (Exception exception)
             {
@@ -129,7 +128,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
         protected override async Task ApplyResponseGrantAsync()
         {
-            var signin = SignInIdentityContext;
+            var signin = SignInContext;
             bool shouldSignin = signin != null;
             var signout = SignOutContext;
             bool shouldSignout = signout != null;
@@ -162,8 +161,8 @@ namespace Microsoft.AspNet.Security.Cookies
                     var signInContext = new CookieResponseSignInContext(
                         Context,
                         Options,
-                        Options.AuthenticationType,
-                        signin.Identity,
+                        Options.AuthenticationScheme,
+                        signin.Principal,
                         signin.Properties,
                         cookieOptions);
 
@@ -191,7 +190,7 @@ namespace Microsoft.AspNet.Security.Cookies
                         signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
                     }
 
-                    model = new AuthenticationTicket(signInContext.Identity, signInContext.Properties);
+                    model = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
                     if (Options.SessionStore != null)
                     {
                         if (_sessionKey != null)
@@ -199,10 +198,11 @@ namespace Microsoft.AspNet.Security.Cookies
                             await Options.SessionStore.RemoveAsync(_sessionKey);
                         }
                         _sessionKey = await Options.SessionStore.StoreAsync(model);
-                        ClaimsIdentity identity = new ClaimsIdentity(
-                            new[] { new Claim(SessionIdClaim, _sessionKey) },
-                            Options.AuthenticationType);
-                        model = new AuthenticationTicket(identity, null);
+                        var principal = new ClaimsPrincipal(
+                            new ClaimsIdentity(
+                                new[] { new Claim(SessionIdClaim, _sessionKey) },
+                                Options.AuthenticationScheme));
+                        model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                     }
                     string cookieValue = Options.TicketDataFormat.Protect(model);
 
@@ -215,8 +215,8 @@ namespace Microsoft.AspNet.Security.Cookies
                     var signedInContext = new CookieResponseSignedInContext(
                         Context,
                         Options,
-                        Options.AuthenticationType,
-                        signInContext.Identity,
+                        Options.AuthenticationScheme,
+                        signInContext.Principal,
                         signInContext.Properties);
 
                     Options.Notifications.ResponseSignedIn(signedInContext);
@@ -248,10 +248,11 @@ namespace Microsoft.AspNet.Security.Cookies
                     if (Options.SessionStore != null && _sessionKey != null)
                     {
                         await Options.SessionStore.RenewAsync(_sessionKey, model);
-                        ClaimsIdentity identity = new ClaimsIdentity(
-                            new[] { new Claim(SessionIdClaim, _sessionKey) },
-                            Options.AuthenticationType);
-                        model = new AuthenticationTicket(identity, null);
+                        var principal = new ClaimsPrincipal(
+                            new ClaimsIdentity(
+                                new[] { new Claim(SessionIdClaim, _sessionKey) },
+                                Options.AuthenticationScheme));
+                        model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                     }
 
                     string cookieValue = Options.TicketDataFormat.Protect(model);
@@ -327,8 +328,8 @@ namespace Microsoft.AspNet.Security.Cookies
                 return;
             }
 
-            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            // Automatic middleware should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && !Options.AutomaticAuthentication)
             {
                 return;
             }
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
similarity index 84%
rename from src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index ba81365599..ba933d2358 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -1,17 +1,17 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
+using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
+using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
+using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.Cookies.Infrastructure;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
     {
@@ -31,12 +31,12 @@ namespace Microsoft.AspNet.Security.Cookies
             }
             if (String.IsNullOrEmpty(Options.CookieName))
             {
-                Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationType;
+                Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationScheme;
             }
             if (Options.TicketDataFormat == null)
             {
                 IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationType, "v2");
+                    typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
             if (Options.CookieManager == null)
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index ec6e102063..12ff4f9956 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -1,19 +1,17 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Cookies.Infrastructure;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Contains the options used by the CookiesAuthenticationMiddleware
     /// </summary>
-    public class CookieAuthenticationOptions : AuthenticationOptions
+    public class CookieAuthenticationOptions : AutomaticAuthenticationOptions
     {
         private string _cookieName;
 
@@ -22,7 +20,8 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         public CookieAuthenticationOptions()
         {
-            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+            AutomaticAuthentication = true;
+            AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
@@ -34,7 +33,7 @@ namespace Microsoft.AspNet.Security.Cookies
 
         /// <summary>
         /// Determines the cookie name used to persist the identity. The default value is ".AspNet.Cookies".
-        /// This value should be changed if you change the name of the AuthenticationType, especially if your
+        /// This value should be changed if you change the name of the AuthenticationScheme, especially if your
         /// system uses the cookie authentication middleware multiple times.
         /// </summary>
         public string CookieName
diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs
index c98ae07511..c8309612b8 100644
--- a/src/Microsoft.AspNet.Security.Cookies/CookieSecureOption.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Determines how the identity cookie's security property is set.
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
similarity index 99%
rename from src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
index 07fc0db347..1f953593b2 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
@@ -7,7 +7,7 @@ using System.Globalization;
 using System.Linq;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 {
     /// <summary>
     /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/Constants.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
similarity index 84%
rename from src/Microsoft.AspNet.Security.Cookies/Infrastructure/Constants.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
index ef8db8e9e0..b3c3bb3a71 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/Constants.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 {
     internal static class Constants
     {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/IAuthenticationSessionStore.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.Cookies/Infrastructure/IAuthenticationSessionStore.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
index 9f449b098b..6a6fa574b8 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/IAuthenticationSessionStore.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
@@ -2,7 +2,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 {
     /// <summary>
     /// This provides an abstract storage mechanic to preserve identity information on the server
diff --git a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ICookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Cookies/Infrastructure/ICookieManager.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
index b523b1bad7..966d3f9352 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Infrastructure/ICookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 {
     /// <summary>
     /// This is used by the CookieAuthenticationMiddleware to process request and response cookies.
diff --git a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj b/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj
similarity index 95%
rename from src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
rename to src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj
index 31c09ed577..3480de791a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Microsoft.AspNet.Security.Cookies.kproj
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Facebook/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Cookies/NotNullAttribute.cs
similarity index 86%
rename from src/Microsoft.AspNet.Security.Facebook/NotNullAttribute.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/NotNullAttribute.cs
index 6a4d82b169..44c9fcbb20 100644
--- a/src/Microsoft.AspNet.Security.Facebook/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/NotNullAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
     internal sealed class NotNullAttribute : Attribute
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
similarity index 93%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
index 34907eabab..877e9c5ea9 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -4,9 +4,9 @@
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware 
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
index c38489ed83..f4c29dca4a 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -5,7 +5,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// This default implementation of the ICookieAuthenticationNotifications may be used if the 
@@ -19,7 +19,7 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         public CookieAuthenticationNotifications()
         {
-            OnValidateIdentity = context => Task.FromResult(0);
+            OnValidatePrincipal = context => Task.FromResult(0);
             OnResponseSignIn = context => { };
             OnResponseSignedIn = context => { };
             OnResponseSignOut = context => { };
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Func<CookieValidateIdentityContext, Task> OnValidateIdentity { get; set; }
+        public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; }
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
@@ -62,9 +62,9 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         /// <param name="context"></param>
         /// <returns></returns>
-        public virtual Task ValidateIdentity(CookieValidateIdentityContext context)
+        public virtual Task ValidatePrincipal(CookieValidatePrincipalContext context)
         {
-            return OnValidateIdentity.Invoke(context);
+            return OnValidatePrincipal.Invoke(context);
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieExceptionContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/CookieExceptionContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
index e8e4fc80bb..852e90b68f 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieExceptionContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
@@ -4,9 +4,9 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationProvider method Exception.
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
similarity index 74%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
index 28b47c6fe2..bf448a8ddf 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -4,10 +4,10 @@
 
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationProvider method ResponseSignIn.
@@ -19,35 +19,35 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         /// <param name="context">The HTTP request context</param>
         /// <param name="options">The middleware options</param>
-        /// <param name="authenticationType">Initializes AuthenticationType property</param>
-        /// <param name="identity">Initializes Identity property</param>
+        /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param>
+        /// <param name="principal">Initializes Principal property</param>
         /// <param name="properties">Initializes Extra property</param>
         /// <param name="cookieOptions">Initializes options for the authentication cookie.</param>
         public CookieResponseSignInContext(
             HttpContext context,
             CookieAuthenticationOptions options,
-            string authenticationType,
-            ClaimsIdentity identity,
+            string authenticationScheme,
+            ClaimsPrincipal principal,
             AuthenticationProperties properties,
             CookieOptions cookieOptions)
             : base(context, options)
         {
-            AuthenticationType = authenticationType;
-            Identity = identity;
+            AuthenticationScheme = authenticationScheme;
+            Principal = principal;
             Properties = properties;
             CookieOptions = cookieOptions;
         }
 
         /// <summary>
-        /// The name of the AuthenticationType creating a cookie
+        /// The name of the AuthenticationScheme creating a cookie
         /// </summary>
-        public string AuthenticationType { get; private set; }
+        public string AuthenticationScheme { get; private set; }
 
         /// <summary>
         /// Contains the claims about to be converted into the outgoing cookie.
         /// May be replaced or altered during the ResponseSignIn call.
         /// </summary>
-        public ClaimsIdentity Identity { get; set; }
+        public ClaimsPrincipal Principal { get; set; }
 
         /// <summary>
         /// Contains the extra data about to be contained in the outgoing cookie.
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
index a7cf4129ac..4ba06bad37 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -3,9 +3,9 @@
 
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationProvider method ResponseSignOut    
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
similarity index 67%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignedInContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
index 3366fb9f71..ec0c3b876d 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieResponseSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
@@ -3,10 +3,10 @@
 
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationNotifications method ResponseSignedIn.
@@ -18,31 +18,31 @@ namespace Microsoft.AspNet.Security.Cookies
         /// </summary>
         /// <param name="context">The HTTP request context</param>
         /// <param name="options">The middleware options</param>
-        /// <param name="authenticationType">Initializes AuthenticationType property</param>
-        /// <param name="identity">Initializes Identity property</param>
+        /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param>
+        /// <param name="principal">Initializes Principal property</param>
         /// <param name="properties">Initializes Properties property</param>
         public CookieResponseSignedInContext(
             HttpContext context,
             CookieAuthenticationOptions options,
-            string authenticationType,
-            ClaimsIdentity identity,
+            string authenticationScheme,
+            ClaimsPrincipal principal,
             AuthenticationProperties properties)
             : base(context, options)
         {
-            AuthenticationType = authenticationType;
-            Identity = identity;
+            AuthenticationScheme = authenticationScheme;
+            Principal = principal;
             Properties = properties;
         }
 
         /// <summary>
-        /// The name of the AuthenticationType creating a cookie
+        /// The name of the AuthenticationScheme creating a cookie
         /// </summary>
-        public string AuthenticationType { get; private set; }
+        public string AuthenticationScheme { get; private set; }
 
         /// <summary>
         /// Contains the claims that were converted into the outgoing cookie.
         /// </summary>
-        public ClaimsIdentity Identity { get; private set; }
+        public ClaimsPrincipal Principal { get; private set; }
 
         /// <summary>
         /// Contains the extra data that was contained in the outgoing cookie.
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
similarity index 53%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
index 771d75d40c..328d93d2bb 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -1,22 +1,18 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using System;
 using System.Security.Claims;
 using System.Security.Principal;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Http.Interfaces.Security;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationProvider method ValidateIdentity.
+    /// Context object passed to the ICookieAuthenticationProvider method ValidatePrincipal.
     /// </summary>
-    public class CookieValidateIdentityContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieValidatePrincipalContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
@@ -24,18 +20,18 @@ namespace Microsoft.AspNet.Security.Cookies
         /// <param name="context"></param>
         /// <param name="ticket">Contains the initial values for identity and extra data</param>
         /// <param name="options"></param>
-        public CookieValidateIdentityContext([NotNull] HttpContext context, [NotNull] AuthenticationTicket ticket, [NotNull] CookieAuthenticationOptions options)
+        public CookieValidatePrincipalContext([NotNull] HttpContext context, [NotNull] AuthenticationTicket ticket, [NotNull] CookieAuthenticationOptions options)
             : base(context, options)
         {
-            Identity = ticket.Identity;
+            Principal = ticket.Principal;
             Properties = ticket.Properties;
         }
 
         /// <summary>
-        /// Contains the claims identity arriving with the request. May be altered to change the 
+        /// Contains the claims principal arriving with the request. May be altered to change the 
         /// details of the authenticated user.
         /// </summary>
-        public ClaimsIdentity Identity { get; private set; }
+        public ClaimsPrincipal Principal { get; private set; }
 
         /// <summary>
         /// Contains the extra meta-data arriving with the request ticket. May be altered.
@@ -43,22 +39,22 @@ namespace Microsoft.AspNet.Security.Cookies
         public AuthenticationProperties Properties { get; private set; }
 
         /// <summary>
-        /// Called to replace the claims identity. The supplied identity will replace the value of the 
-        /// Identity property, which determines the identity of the authenticated request.
+        /// Called to replace the claims principal. The supplied principal will replace the value of the 
+        /// Principal property, which determines the identity of the authenticated request.
         /// </summary>
         /// <param name="identity">The identity used as the replacement</param>
-        public void ReplaceIdentity(IIdentity identity)
+        public void ReplacePrincipal(IPrincipal principal)
         {
-            Identity = new ClaimsIdentity(identity);
+            Principal = new ClaimsPrincipal(principal);
         }
 
         /// <summary>
-        /// Called to reject the incoming identity. This may be done if the application has determined the
+        /// Called to reject the incoming principal. This may be done if the application has determined the
         /// account is no longer active, and the request should be treated as if it was anonymous.
         /// </summary>
-        public void RejectIdentity()
+        public void RejectPrincipal()
         {
-            Identity = null;
+            Principal = null;
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
index 65515c3296..0e0ed537c7 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/DefaultBehavior.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
@@ -6,7 +6,7 @@ using System;
 using Microsoft.AspNet.Http;
 using Newtonsoft.Json;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     internal static class DefaultBehavior
     {
diff --git a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index edfb6b69cc..0ede97ce6c 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -4,7 +4,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="CookieAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
@@ -12,12 +12,12 @@ namespace Microsoft.AspNet.Security.Cookies
     public interface ICookieAuthenticationNotifications
     {
         /// <summary>
-        /// Called each time a request identity has been validated by the middleware. By implementing this method the
-        /// application may alter or reject the identity which has arrived with the request.
+        /// Called each time a request principal has been validated by the middleware. By implementing this method the
+        /// application may alter or reject the principal which has arrived with the request.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ValidateIdentity(CookieValidateIdentityContext context);
+        Task ValidatePrincipal(CookieValidatePrincipalContext context);
 
         /// <summary>
         /// Called when an endpoint has provided sign in information before it is converted into a cookie. By
diff --git a/src/Microsoft.AspNet.Security.Cookies/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Cookies/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Cookies/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Resources.Designer.cs
index 1a0258ba66..ef0e62fb41 100644
--- a/src/Microsoft.AspNet.Security.Cookies/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.Cookies {
+namespace Microsoft.AspNet.Authentication.Cookies {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.Cookies {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Cookies.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Cookies.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security.Cookies/Resources.resx b/src/Microsoft.AspNet.Authentication.Cookies/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.Cookies/Resources.resx
rename to src/Microsoft.AspNet.Authentication.Cookies/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
similarity index 85%
rename from src/Microsoft.AspNet.Security.Cookies/project.json
rename to src/Microsoft.AspNet.Authentication.Cookies/project.json
index 82f92b75b3..07d23fdcaf 100644
--- a/src/Microsoft.AspNet.Security.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -2,7 +2,7 @@
     "version": "1.0.0-*",
     "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
     "dependencies": {
-        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
similarity index 82%
rename from src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
index 72addbef8b..92b56413a6 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
@@ -1,11 +1,11 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     public static class FacebookAuthenticationDefaults
     {
-        public const string AuthenticationType = "Facebook";
+        public const string AuthenticationScheme = "Facebook";
 
         public const string AuthorizationEndpoint = "https://www.facebook.com/v2.2/dialog/oauth";
 
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationExtensions.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationExtensions.cs
index 51c5eac0e8..3664bb592b 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationExtensions.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security.Facebook;
+using Microsoft.AspNet.Authentication.Facebook;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 using System;
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
similarity index 78%
rename from src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index 7eabae1019..5f2d5b886a 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -11,13 +11,13 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Core.Collections;
 using Microsoft.AspNet.Http.Extensions;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     internal class FacebookAuthenticationHandler : OAuthAuthenticationHandler<FacebookAuthenticationOptions, IFacebookAuthenticationNotifications>
     {
@@ -65,41 +65,42 @@ namespace Microsoft.AspNet.Security.Facebook
             JObject user = JObject.Parse(text);
 
             var context = new FacebookAuthenticatedContext(Context, Options, user, tokens);
-            context.Identity = new ClaimsIdentity(
-                Options.AuthenticationType,
+            var identity = new ClaimsIdentity(
+                Options.AuthenticationScheme,
                 ClaimsIdentity.DefaultNameClaimType,
                 ClaimsIdentity.DefaultRoleClaimType);
             if (!string.IsNullOrEmpty(context.Id))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.UserName))
             {
-                context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, ClaimValueTypes.String, Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.Email))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.Name))
             {
-                context.Identity.AddClaim(new Claim("urn:facebook:name", context.Name, ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim("urn:facebook:name", context.Name, ClaimValueTypes.String, Options.AuthenticationScheme));
 
                 // Many Facebook accounts do not set the UserName field.  Fall back to the Name field instead.
                 if (string.IsNullOrEmpty(context.UserName))
                 {
-                    context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, ClaimValueTypes.String, Options.AuthenticationType));
+                    identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, ClaimValueTypes.String, Options.AuthenticationScheme));
                 }
             }
             if (!string.IsNullOrEmpty(context.Link))
             {
-                context.Identity.AddClaim(new Claim("urn:facebook:link", context.Link, ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim("urn:facebook:link", context.Link, ClaimValueTypes.String, Options.AuthenticationScheme));
             }
             context.Properties = properties;
+            context.Principal = new ClaimsPrincipal(identity);
 
             await Options.Notifications.Authenticated(context);
 
-            return new AuthenticationTicket(context.Identity, context.Properties);
+            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
 
         private string GenerateAppSecretProof(string accessToken)
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index 4873ea2fd2..b74a5be1dd 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -4,13 +4,13 @@
 using System;
 using System.Globalization;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using Facebook.
diff --git a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
index 1720571843..119bd25b89 100644
--- a/src/Microsoft.AspNet.Security.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     /// <summary>
     /// Configuration options for <see cref="FacebookAuthenticationMiddleware"/>.
@@ -16,8 +16,8 @@ namespace Microsoft.AspNet.Security.Facebook
         /// </summary>
         public FacebookAuthenticationOptions()
         {
-            AuthenticationType = FacebookAuthenticationDefaults.AuthenticationType;
-            Caption = AuthenticationType;
+            AuthenticationScheme = FacebookAuthenticationDefaults.AuthenticationScheme;
+            Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-facebook");
             SendAppSecretProof = true;
             AuthorizationEndpoint = FacebookAuthenticationDefaults.AuthorizationEndpoint;
diff --git a/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj b/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj
similarity index 95%
rename from src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
rename to src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj
index 8a4224835e..ed5242e079 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Microsoft.AspNet.Security.Facebook.kproj
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs
new file mode 100644
index 0000000000..5ce6d99ddd
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Authentication.Facebook
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
index aa4e07daaf..b64f6dd38e 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
@@ -3,10 +3,10 @@
 
 using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
index f86287cc11..b89ad5c3be 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/FacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
@@ -3,9 +3,9 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     /// <summary>
     /// The default <see cref="IFacebookAuthenticationNotifications"/> implementation.
diff --git a/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
index 0849a84a06..247715f930 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="FacebookAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Facebook/Resources.Designer.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/Resources.Designer.cs
index 18a738d708..dd3f0e3fac 100644
--- a/src/Microsoft.AspNet.Security.Facebook/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.Facebook {
+namespace Microsoft.AspNet.Authentication.Facebook {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.Facebook {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Facebook.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Facebook.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security.Facebook/Resources.resx b/src/Microsoft.AspNet.Authentication.Facebook/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.Facebook/Resources.resx
rename to src/Microsoft.AspNet.Authentication.Facebook/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
similarity index 81%
rename from src/Microsoft.AspNet.Security.Facebook/project.json
rename to src/Microsoft.AspNet.Authentication.Facebook/project.json
index 3aad11e61d..fd1a44d159 100644
--- a/src/Microsoft.AspNet.Security.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -2,7 +2,7 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": { },
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
similarity index 83%
rename from src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
index acf982906b..3c163c1115 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
@@ -1,11 +1,11 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     public static class GoogleAuthenticationDefaults
     {
-        public const string AuthenticationType = "Google";
+        public const string AuthenticationScheme = "Google";
 
         public const string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
 
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationExtensions.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationExtensions.cs
index 474df5e322..fd46b062a9 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationExtensions.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security.Google;
+using Microsoft.AspNet.Authentication.Google;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 using System;
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
similarity index 78%
rename from src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
index 1d75c889f3..71e51f06ae 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
@@ -7,13 +7,13 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     internal class GoogleAuthenticationHandler : OAuthAuthenticationHandler<GoogleAuthenticationOptions, IGoogleAuthenticationNotifications>
     {
@@ -33,46 +33,47 @@ namespace Microsoft.AspNet.Security.Google
             JObject user = JObject.Parse(text);
 
             var context = new GoogleAuthenticatedContext(Context, Options, user, tokens);
-            context.Identity = new ClaimsIdentity(
-                Options.AuthenticationType,
+            var identity = new ClaimsIdentity(
+                Options.AuthenticationScheme,
                 ClaimsIdentity.DefaultNameClaimType,
                 ClaimsIdentity.DefaultRoleClaimType);
 
             if (!string.IsNullOrEmpty(context.Id))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id,
-                    ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id,
+                    ClaimValueTypes.String, Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.GivenName))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName,
-                    ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName,
+                    ClaimValueTypes.String, Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.FamilyName))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName,
-                    ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName,
+                    ClaimValueTypes.String, Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.Name))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String,
-                    Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String,
+                    Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.Email))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String,
-                    Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String,
+                    Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.Profile))
             {
-                context.Identity.AddClaim(new Claim("urn:google:profile", context.Profile, ClaimValueTypes.String,
-                    Options.AuthenticationType));
+                identity.AddClaim(new Claim("urn:google:profile", context.Profile, ClaimValueTypes.String,
+                    Options.AuthenticationScheme));
             }
             context.Properties = properties;
+            context.Principal = new ClaimsPrincipal(identity);
 
             await Options.Notifications.Authenticated(context);
 
-            return new AuthenticationTicket(context.Identity, context.Properties);
+            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
 
         // TODO: Abstract this properties override pattern into the base class?
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index a72c0524f5..0da3f49284 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -5,15 +5,15 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using Google OAuth 2.0.
diff --git a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
similarity index 81%
rename from src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
index 4cfb97bbb2..e562a8f2c7 100644
--- a/src/Microsoft.AspNet.Security.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
@@ -5,10 +5,10 @@ using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     /// <summary>
     /// Configuration options for <see cref="GoogleAuthenticationMiddleware"/>.
@@ -20,8 +20,8 @@ namespace Microsoft.AspNet.Security.Google
         /// </summary>
         public GoogleAuthenticationOptions()
         {
-            AuthenticationType = GoogleAuthenticationDefaults.AuthenticationType;
-            Caption = AuthenticationType;
+            AuthenticationScheme = GoogleAuthenticationDefaults.AuthenticationScheme;
+            Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-google");
             AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj b/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj
similarity index 95%
rename from src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
rename to src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj
index 32f8d92b26..6c85b04cef 100644
--- a/src/Microsoft.AspNet.Security.Google/Microsoft.AspNet.Security.Google.kproj
+++ b/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Google/NotNullAttribute.cs
similarity index 87%
rename from src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
rename to src/Microsoft.AspNet.Authentication.Google/NotNullAttribute.cs
index 0460d00166..504a02c4d7 100644
--- a/src/Microsoft.AspNet.Security.Cookies/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/NotNullAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Google
 {
     [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
     internal sealed class NotNullAttribute : Attribute
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
index 10fa2b3706..a18ba2040c 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
@@ -6,11 +6,11 @@ using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
index ef2e5d3cec..27d24e3cd4 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/GoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
@@ -3,9 +3,9 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     /// <summary>
     /// The default <see cref="IGoogleAuthenticationNotifications"/> implementation.
diff --git a/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
index 9cf9d2dd53..e9f7c492e5 100644
--- a/src/Microsoft.AspNet.Security.Google/Notifications/IGoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="GoogleAuthenticationMiddleware" /> invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNet.Security.Google/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Google/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Google/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.Google/Resources.Designer.cs
index 235dcbeef7..efa7d64ed4 100644
--- a/src/Microsoft.AspNet.Security.Google/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.Google {
+namespace Microsoft.AspNet.Authentication.Google {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.Google {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Google.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Google.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security.Google/Resources.resx b/src/Microsoft.AspNet.Authentication.Google/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.Google/Resources.resx
rename to src/Microsoft.AspNet.Authentication.Google/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
similarity index 81%
rename from src/Microsoft.AspNet.Security.Google/project.json
rename to src/Microsoft.AspNet.Authentication.Google/project.json
index a4815b1815..cdaa628825 100644
--- a/src/Microsoft.AspNet.Security.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -2,7 +2,7 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
     "dependencies": {
-        "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": { },
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj
similarity index 100%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Microsoft.AspNet.Security.MicrosoftAccount.kproj
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
similarity index 81%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
index 825ab41216..22ca51751b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
@@ -1,11 +1,11 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     public static class MicrosoftAccountAuthenticationDefaults
     {
-        public const string AuthenticationType = "Microsoft";
+        public const string AuthenticationScheme = "Microsoft";
 
         public const string AuthorizationEndpoint = "https://login.live.com/oauth20_authorize.srf";
 
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
index 912271da61..397a1b32b5 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security.MicrosoftAccount;
+using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 using System;
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
similarity index 73%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index 502eaec13d..bb953cc135 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -8,12 +8,12 @@ using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     internal class MicrosoftAccountAuthenticationHandler : OAuthAuthenticationHandler<MicrosoftAccountAuthenticationOptions, IMicrosoftAccountAuthenticationNotifications>
     {
@@ -33,26 +33,27 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
 
             var context = new MicrosoftAccountAuthenticatedContext(Context, Options, accountInformation, tokens);
             context.Properties = properties;
-            context.Identity = new ClaimsIdentity(
+            var identity = new ClaimsIdentity(
                 new[]
                     {
-                        new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationType),
-                        new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String, Options.AuthenticationType),
-                        new Claim("urn:microsoftaccount:id", context.Id, ClaimValueTypes.String, Options.AuthenticationType),
-                        new Claim("urn:microsoftaccount:name", context.Name, ClaimValueTypes.String, Options.AuthenticationType)
+                        new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationScheme),
+                        new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String, Options.AuthenticationScheme),
+                        new Claim("urn:microsoftaccount:id", context.Id, ClaimValueTypes.String, Options.AuthenticationScheme),
+                        new Claim("urn:microsoftaccount:name", context.Name, ClaimValueTypes.String, Options.AuthenticationScheme)
                     },
-                Options.AuthenticationType,
+                Options.AuthenticationScheme,
                 ClaimsIdentity.DefaultNameClaimType,
                 ClaimsIdentity.DefaultRoleClaimType);
 
             if (!string.IsNullOrWhiteSpace(context.Email))
             {
-                context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationType));
+                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationScheme));
             }
+            context.Principal = new ClaimsPrincipal(identity);
 
             await Options.Notifications.Authenticated(context);
 
-            return new AuthenticationTicket(context.Identity, context.Properties);
+            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 5d0afe1f35..ac2ebc1848 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -3,14 +3,14 @@
 
 using System;
 using System.Globalization;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.OAuth;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using the Microsoft Account service.
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
similarity index 80%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
index 8755de63ba..f97f84b943 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// Configuration options for <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
@@ -16,8 +16,8 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount
         /// </summary>
         public MicrosoftAccountAuthenticationOptions()
         {
-            AuthenticationType = MicrosoftAccountAuthenticationDefaults.AuthenticationType;
-            Caption = AuthenticationType;
+            AuthenticationScheme = MicrosoftAccountAuthenticationDefaults.AuthenticationScheme;
+            Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-microsoft");
             AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs
new file mode 100644
index 0000000000..f2afa991fc
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
index d6eb0f642b..f96040925b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="MicrosoftAccountAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
index 8b1a533123..50aea11a93 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
@@ -6,10 +6,10 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
similarity index 93%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
index 26db09d15f..70dc8faa51 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
@@ -3,9 +3,9 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Authentication.OAuth;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// Default <see cref="IMicrosoftAccountAuthenticationNotifications"/> implementation.
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.Designer.cs
index 62f1707efb..080d4bc077 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount {
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.MicrosoftAccount {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.MicrosoftAccount.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.MicrosoftAccount.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.resx b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/Resources.resx
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
similarity index 87%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 82c106b746..5aa85f9266 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -2,7 +2,7 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Security.OAuth": "1.0.0-*"
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": { },
diff --git a/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj b/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj
similarity index 95%
rename from src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
rename to src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj
index abcb5afdeb..868328f6de 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Microsoft.AspNet.Security.OAuth.kproj
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Google/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.OAuth/NotNullAttribute.cs
similarity index 87%
rename from src/Microsoft.AspNet.Security.Google/NotNullAttribute.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/NotNullAttribute.cs
index e87e361e4d..49f587eb50 100644
--- a/src/Microsoft.AspNet.Security.Google/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/NotNullAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
     internal sealed class NotNullAttribute : Attribute
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
index 0957d9fd61..84e8c0df45 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Base class used for certain event contexts
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs
similarity index 87%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingTicketContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs
index c6528619bc..f44af93283 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/BaseValidatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs
@@ -3,9 +3,9 @@
 
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Base class used for certain event contexts
@@ -49,10 +49,11 @@ namespace Microsoft.AspNet.Security.OAuth
         /// </summary>
         /// <param name="identity">Assigned to the Ticket.Identity property</param>
         /// <returns>True if the validation has taken effect.</returns>
-        public bool Validated(ClaimsIdentity identity)
+        public bool Validated(ClaimsPrincipal principal)
         {
             AuthenticationProperties properties = Ticket != null ? Ticket.Properties : new AuthenticationProperties();
-            return Validated(new AuthenticationTicket(identity, properties));
+            // TODO: Ticket can be null, need to revisit
+            return Validated(new AuthenticationTicket(principal, properties, Ticket.AuthenticationScheme));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
index b00b0175ea..2161d70fd9 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="OAuthAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
index df1f6a424b..070e1994eb 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Context passed when a Challenge causes a redirect to authorize endpoint in the Microsoft account middleware.
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
index 5817071536..7283a80c6d 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
@@ -5,11 +5,11 @@ using System;
 using System.Globalization;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
@@ -66,11 +66,11 @@ namespace Microsoft.AspNet.Security.OAuth
         /// <summary>
         /// Gets the <see cref="ClaimsIdentity"/> representing the user.
         /// </summary>
-        public ClaimsIdentity Identity { get; set; }
+        public ClaimsPrincipal Principal { get; set; }
 
         /// <summary>
         /// Gets or sets a property bag for common authentication properties.
         /// </summary>
         public AuthenticationProperties Properties { get; set; }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
index a91f8f0b0c..a20821889f 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Default <see cref="IOAuthAuthenticationNotifications"/> implementation.
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthChallengeContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthChallengeContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
index 6f50169143..55dd720085 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Specifies the HTTP response header for the bearer authentication scheme.
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
index 15d76c6eb3..8d2405ebfc 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthGetUserInformationContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
@@ -6,10 +6,10 @@ using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
@@ -63,9 +63,9 @@ namespace Microsoft.AspNet.Security.OAuth
         public HttpClient Backchannel { get; protected set; }
 
         /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
+        /// Gets the <see cref="ClaimsPrincipal"/> representing the user.
         /// </summary>
-        public ClaimsIdentity Identity { get; set; }
+        public ClaimsPrincipal Principal { get; set; }
 
         /// <summary>
         /// Gets or sets a property bag for common authentication properties.
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthRequestTokenContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthRequestTokenContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
index 785fa175d8..cd9294a420 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthRequestTokenContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Specifies the HTTP request header for the bearer authentication scheme.
diff --git a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
similarity index 89%
rename from src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
index 6f465ef3d2..ce9ffd4eaa 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Notifications/OAuthReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Provides context information to middleware providers.
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
similarity index 87%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
index 758417ecfd..90dc2b6166 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
@@ -6,7 +6,7 @@ using System.Globalization;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     public static class OAuthAuthenticationDefaults
     {
@@ -14,25 +14,25 @@ namespace Microsoft.AspNet.Security.OAuth
         {
             // If the developer doesn't specify a user-info callback, just give them the tokens.
             var identity = new ClaimsIdentity(
-                    context.Options.AuthenticationType,
+                    context.Options.AuthenticationScheme,
                     ClaimsIdentity.DefaultNameClaimType,
                     ClaimsIdentity.DefaultRoleClaimType);
 
-            identity.AddClaim(new Claim("access_token", context.AccessToken, ClaimValueTypes.String, context.Options.AuthenticationType));
+            identity.AddClaim(new Claim("access_token", context.AccessToken, ClaimValueTypes.String, context.Options.AuthenticationScheme));
             if (!string.IsNullOrEmpty(context.RefreshToken))
             {
-                identity.AddClaim(new Claim("refresh_token", context.RefreshToken, ClaimValueTypes.String, context.Options.AuthenticationType));
+                identity.AddClaim(new Claim("refresh_token", context.RefreshToken, ClaimValueTypes.String, context.Options.AuthenticationScheme));
             }
             if (!string.IsNullOrEmpty(context.TokenType))
             {
-                identity.AddClaim(new Claim("token_type", context.TokenType, ClaimValueTypes.String, context.Options.AuthenticationType));
+                identity.AddClaim(new Claim("token_type", context.TokenType, ClaimValueTypes.String, context.Options.AuthenticationScheme));
             }
             if (context.ExpiresIn.HasValue)
             {
                 identity.AddClaim(new Claim("expires_in", context.ExpiresIn.Value.TotalSeconds.ToString(CultureInfo.InvariantCulture),
-                    ClaimValueTypes.String, context.Options.AuthenticationType));
+                    ClaimValueTypes.String, context.Options.AuthenticationScheme));
             }
-            context.Identity = identity;
+            context.Principal = new ClaimsPrincipal(identity);
             return Task.FromResult(0);
         };
     }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
similarity index 81%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
index 3e4947de2b..903f823e1f 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
@@ -3,8 +3,8 @@
 
 using System;
 using System.Globalization;
-using Microsoft.AspNet.Security.OAuth;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Authentication;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
@@ -20,13 +20,13 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string authenticationType, Action<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>> configureOptions = null)
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string authenticationScheme, Action<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>> configureOptions = null)
         {
             return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>, IOAuthAuthenticationNotifications>>(
                 new ConfigureOptions<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>>(options =>
                 {
-                    options.AuthenticationType = authenticationType;
-                    options.Caption = authenticationType;
+                    options.AuthenticationScheme = authenticationScheme;
+                    options.Caption = authenticationScheme;
                     if (configureOptions != null)
                     {
                         configureOptions(options);
@@ -37,7 +37,7 @@ namespace Microsoft.AspNet.Builder
                     }
                 }) 
                 {
-                    Name = authenticationType,
+                    Name = authenticationScheme,
                 });
         }
     }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
similarity index 85%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index b165ca41c0..8e193befee 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -9,13 +9,13 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Extensions;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     public class OAuthAuthenticationHandler<TOptions, TNotifications> : AuthenticationHandler<TOptions>
         where TOptions : OAuthAuthenticationOptions<TNotifications>
@@ -52,26 +52,21 @@ namespace Microsoft.AspNet.Security.OAuth
 
             var context = new OAuthReturnEndpointContext(Context, ticket)
             {
-                SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
+                SignInScheme = Options.SignInScheme,
                 RedirectUri = ticket.Properties.RedirectUri,
             };
             ticket.Properties.RedirectUri = null;
 
             await Options.Notifications.ReturnEndpoint(context);
 
-            if (context.SignInAsAuthenticationType != null && context.Identity != null)
+            if (context.SignInScheme != null && context.Principal != null)
             {
-                ClaimsIdentity signInIdentity = context.Identity;
-                if (!string.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
-                {
-                    signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType);
-                }
-                Context.Response.SignIn(context.Properties, signInIdentity);
+                Context.Response.SignIn(context.SignInScheme, context.Principal, context.Properties);
             }
 
             if (!context.IsRequestCompleted && context.RedirectUri != null)
             {
-                if (context.Identity == null)
+                if (context.Principal == null)
                 {
                     // add a redirect hint that sign-in failed in some way
                     context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
@@ -116,13 +111,13 @@ namespace Microsoft.AspNet.Security.OAuth
                 // OAuth2 10.12 CSRF
                 if (!ValidateCorrelationId(properties, Logger))
                 {
-                    return new AuthenticationTicket(null, properties);
+                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 if (string.IsNullOrEmpty(code))
                 {
                     // Null if the remote server returns an error.
-                    return new AuthenticationTicket(null, properties);
+                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 string requestPrefix = Request.Scheme + "://" + Request.Host;
@@ -133,7 +128,7 @@ namespace Microsoft.AspNet.Security.OAuth
                 if (string.IsNullOrWhiteSpace(tokens.AccessToken))
                 {
                     Logger.WriteWarning("Access token was not found");
-                    return new AuthenticationTicket(null, properties);
+                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 return await GetUserInformationAsync(properties, tokens);
@@ -141,7 +136,7 @@ namespace Microsoft.AspNet.Security.OAuth
             catch (Exception ex)
             {
                 Logger.WriteError("Authentication failed", ex);
-                return new AuthenticationTicket(null, properties);
+                return new AuthenticationTicket(properties, Options.AuthenticationScheme);
             }
         }
 
@@ -176,7 +171,7 @@ namespace Microsoft.AspNet.Security.OAuth
                 Properties = properties,
             };
             await Options.Notifications.GetUserInformationAsync(context);
-            return new AuthenticationTicket(context.Identity, context.Properties);
+            return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
         }
 
         protected override void ApplyResponseChallenge()
@@ -186,8 +181,8 @@ namespace Microsoft.AspNet.Security.OAuth
                 return;
             }
 
-            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            // Only redirect on challenges
+            if (ChallengeContext == null)
             {
                 return;
             }
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index c525af881b..b8e10ff996 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -5,14 +5,14 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using OAuth services.
@@ -41,9 +41,9 @@ namespace Microsoft.AspNet.Security.OAuth
             : base(next, services, options, configureOptions)
         {
             // todo: review error handling
-            if (string.IsNullOrWhiteSpace(Options.AuthenticationType))
+            if (string.IsNullOrWhiteSpace(Options.AuthenticationScheme))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthenticationType"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthenticationScheme"));
             }
 
             if (string.IsNullOrWhiteSpace(Options.ClientId))
@@ -71,7 +71,7 @@ namespace Microsoft.AspNet.Security.OAuth
             if (Options.StateDataFormat == null)
             {
                 IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
-                    this.GetType().FullName, Options.AuthenticationType, "v1");
+                    this.GetType().FullName, Options.AuthenticationScheme, "v1");
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
 
@@ -80,13 +80,13 @@ namespace Microsoft.AspNet.Security.OAuth
             Backchannel.Timeout = Options.BackchannelTimeout;
             Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
 
-            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                Options.SignInAsAuthenticationType = externalOptions.Options.SignInAsAuthenticationType;
+                Options.SignInScheme = externalOptions.Options.SignInScheme;
             }
-            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInAsAuthenticationType"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInScheme"));
             }
         }
 
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index cee784185d..7a910e059b 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -6,9 +6,9 @@ using System.Collections.Generic;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Configuration options for <see cref="OAuthAuthenticationMiddleware"/>.
@@ -20,7 +20,6 @@ namespace Microsoft.AspNet.Security.OAuth
         /// </summary>
         public OAuthAuthenticationOptions()
         {
-            AuthenticationMode = AuthenticationMode.Passive;
             Scope = new List<string>();
             BackchannelTimeout = TimeSpan.FromSeconds(60);
         }
@@ -102,7 +101,12 @@ namespace Microsoft.AspNet.Security.OAuth
         /// <summary>
         /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
         /// </summary>
-        public string SignInAsAuthenticationType { get; set; }
+        public string SignInScheme { get; set; }
+
+        /// <summary>
+        /// Gets or sets the issuer that should be used for any claims that are created
+        /// </summary>
+        public string ClaimsIssuer { get; set; }
 
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
diff --git a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
similarity index 93%
rename from src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
index 2eb1bfb89a..2a37062d3e 100644
--- a/src/Microsoft.AspNet.Security.OAuth/OAuthAuthenticationOptions`1.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Configuration options for <see cref="OAuthAuthenticationMiddleware"/>.
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OAuth/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.OAuthBearer/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Resources.Designer.cs
index 37abb160e5..6358382740 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.OAuthBearer {
+namespace Microsoft.AspNet.Authentication.OAuth {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security.OAuth/Resources.resx b/src/Microsoft.AspNet.Authentication.OAuth/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.OAuth/Resources.resx
rename to src/Microsoft.AspNet.Authentication.OAuth/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.OAuth/TokenResponse.cs b/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.OAuth/TokenResponse.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
index 84c3e95aa6..4acc2d6e06 100644
--- a/src/Microsoft.AspNet.Security.OAuth/TokenResponse.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
@@ -3,7 +3,7 @@
 
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     public class TokenResponse
     {
diff --git a/src/Microsoft.AspNet.Security.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
similarity index 91%
rename from src/Microsoft.AspNet.Security.OAuth/project.json
rename to src/Microsoft.AspNet.Authentication.OAuth/project.json
index d29f6d9144..ea68b78fa2 100644
--- a/src/Microsoft.AspNet.Security.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Security": "1.0.0-*"
+        "Microsoft.AspNet.Authentication": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj b/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.kproj
similarity index 100%
rename from src/Microsoft.AspNet.Security.OAuthBearer/Microsoft.AspNet.Security.OAuthBearer.kproj
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.kproj
diff --git a/src/Microsoft.AspNet.Security.MicrosoftAccount/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/NotNullAttribute.cs
similarity index 86%
rename from src/Microsoft.AspNet.Security.MicrosoftAccount/NotNullAttribute.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/NotNullAttribute.cs
index f3900accc6..73b3e6c56b 100644
--- a/src/Microsoft.AspNet.Security.MicrosoftAccount/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/NotNullAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
     internal sealed class NotNullAttribute : Attribute
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
similarity index 81%
rename from src/Microsoft.AspNet.Security.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
index f2685af0c5..53e02673c1 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.OAuthBearer
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     public class AuthenticationChallengeNotification<TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
index 808615e1d4..3c87d520a9 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
@@ -4,12 +4,12 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
 /// <summary>
 /// Specifies events which the <see cref="OAuthBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Security.OAuthBearer
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     /// <summary>
     /// OAuth bearer token middleware provider
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
similarity index 68%
rename from src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
index 5b62827cc7..e16483ef00 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.OAuthBearer
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     /// <summary>
     /// Default values used by authorization server and bearer authentication.
@@ -9,9 +9,9 @@ namespace Microsoft.AspNet.Security.OAuthBearer
     public static class OAuthBearerAuthenticationDefaults
     {
         /// <summary>
-        /// Default value for AuthenticationType property in the OAuthBearerAuthenticationOptions and
+        /// Default value for AuthenticationScheme property in the OAuthBearerAuthenticationOptions and
         /// OAuthAuthorizationServerOptions.
         /// </summary>
-        public const string AuthenticationType = "Bearer";
+        public const string AuthenticationScheme = "Bearer";
     }
 }
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
index 0f31dfaf8a..b1a6293341 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Security.OAuthBearer;
+using Microsoft.AspNet.Authentication.OAuthBearer;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index a4555790dc..56d3d1025d 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -8,15 +8,15 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Security.OAuthBearer
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
-    public class OAuthBearerAuthenticationHandler : AuthenticationHandler<OAuthBearerAuthenticationOptions>
+    public class OAuthBearerAuthenticationHandler : AutomaticAuthenticationHandler<OAuthBearerAuthenticationOptions>
     {
         private readonly ILogger _logger;
         private OpenIdConnectConfiguration _configuration;
@@ -130,7 +130,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     if (validator.CanReadToken(token))
                     {
                         ClaimsPrincipal principal = validator.ValidateToken(token, validationParameters, out validatedToken);
-                        AuthenticationTicket ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationType);
+                        AuthenticationTicket ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
                         var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
                         {
                             ProtocolMessage = Context,
@@ -192,6 +192,11 @@ namespace Microsoft.AspNet.Security.OAuthBearer
 
         protected override async Task ApplyResponseChallengeAsync()
         {
+            if (ShouldConvertChallengeToForbidden())
+            {
+                Response.StatusCode = 403;
+            }
+
             if ((Response.StatusCode != 401) || (ChallengeContext == null))
             {
                 return;
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index d1ae0ad1a8..824405e0e4 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -6,13 +6,13 @@ using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
+using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Security.Infrastructure;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Security.OAuthBearer
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     /// <summary>
     /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index 08acf5bf45..64935c3848 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -5,15 +5,15 @@ using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Authentication;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Security.OAuthBearer
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
     /// </summary>
-    public class OAuthBearerAuthenticationOptions : AuthenticationOptions
+    public class OAuthBearerAuthenticationOptions : AutomaticAuthenticationOptions
     {
         private ICollection<ISecurityTokenValidator> _securityTokenValidators;
         private TokenValidationParameters _tokenValidationParameters;
@@ -23,9 +23,9 @@ namespace Microsoft.AspNet.Security.OAuthBearer
         /// </summary>
         public OAuthBearerAuthenticationOptions() : base()
         {
-            AuthenticationType = OAuthBearerAuthenticationDefaults.AuthenticationType;
+            AuthenticationScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
             BackchannelTimeout = TimeSpan.FromMinutes(1);
-            Challenge = OAuthBearerAuthenticationDefaults.AuthenticationType;
+            Challenge = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
             Notifications = new OAuthBearerAuthenticationNotifications();
             RefreshOnIssuerKeyNotFound = true;
             SystemClock = new SystemClock();
diff --git a/src/Microsoft.AspNet.Security.OAuth/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.OAuth/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.Designer.cs
index 892b42b5fc..27298f47d8 100644
--- a/src/Microsoft.AspNet.Security.OAuth/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.OAuth {
+namespace Microsoft.AspNet.Authentication.OAuthBearer {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.OAuth {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/Resources.resx b/src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.OAuthBearer/Resources.resx
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
similarity index 92%
rename from src/Microsoft.AspNet.Security.OAuthBearer/project.json
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index affb7e5b11..a6143df77d 100644
--- a/src/Microsoft.AspNet.Security.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -2,7 +2,7 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
     "dependencies": {
-        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*",
         "System.IdentityModel.Tokens": "5.0.0-beta1-*"
     },
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/INonceCache.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
similarity index 86%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/INonceCache.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
index 3f5255f56d..a1f2d35437 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/INonceCache.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.OpenIdConnect
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     public interface INonceCache
     {
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/Microsoft.AspNet.Security.OpenIdConnect.kproj
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
index 9c7694e560..167f7f8dd9 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
@@ -2,12 +2,12 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.IdentityModel.Protocols;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     /// <summary>
     /// This Notification can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
index 5942efb4dc..21dc57f482 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.OpenIdConnect
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// Default values related to OpenIdConnect authentication middleware
@@ -9,9 +9,9 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
     public static class OpenIdConnectAuthenticationDefaults
     {
         /// <summary>
-        /// The default value used for OpenIdConnectAuthenticationOptions.AuthenticationType
+        /// The default value used for OpenIdConnectAuthenticationOptions.AuthenticationScheme
         /// </summary>
-        public const string AuthenticationType = "OpenIdConnect";
+        public const string AuthenticationScheme = "OpenIdConnect";
 
         /// <summary>
         /// The prefix used to provide a default OpenIdConnectAuthenticationOptions.CookieName
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
index 5d4a72b217..989aac48e1 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 9e6baf45d9..543e8eeeb6 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -10,15 +10,15 @@ using System.Text;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataHandler.Encoder;
-using Microsoft.AspNet.Security.DataHandler.Serializer;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.DataHandler.Encoder;
+using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Security.OpenIdConnect
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// ASP.NET middleware for obtaining identities using OpenIdConnect protocol.
@@ -48,7 +48,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
 
             if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType))
             {
-                Options.TokenValidationParameters.AuthenticationType = externalOptions.Options.SignInAsAuthenticationType;
+                Options.TokenValidationParameters.AuthenticationType = externalOptions.Options.SignInScheme;
             }
 
             if (Options.StateDataFormat == null)
@@ -56,7 +56,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 var dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(OpenIdConnectAuthenticationMiddleware).FullName, 
 					typeof(string).FullName,
-                    Options.AuthenticationType,
+                    Options.AuthenticationScheme,
 					"v1");
 
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
@@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 var dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(OpenIdConnectAuthenticationMiddleware).FullName,
                     typeof(string).FullName,
-                    Options.AuthenticationType,
+                    Options.AuthenticationScheme,
                     "v1");
 
                 Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector, TextEncodings.Base64Url);
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
index 327bbfa599..a4f15d6e9f 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
@@ -3,10 +3,10 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Security.OpenIdConnect
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index a5f1bcd303..d885010864 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -7,10 +7,10 @@ using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Security.OpenIdConnect
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// Configuration options for <see cref="OpenIdConnectAuthenticationOptions"/>
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         /// Initializes a new <see cref="OpenIdConnectAuthenticationOptions"/>
         /// </summary>
         public OpenIdConnectAuthenticationOptions()
-            : this(OpenIdConnectAuthenticationDefaults.AuthenticationType)
+            : this(OpenIdConnectAuthenticationDefaults.AuthenticationScheme)
         {
         }
 
@@ -45,15 +45,16 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         /// <para>RefreshOnIssuerKeyNotFound: true</para>
         /// <para>ResponseType: <see cref="OpenIdConnectResponseTypes.CodeIdToken"/></para>
         /// <para>Scope: <see cref="OpenIdConnectScopes.OpenIdProfile"/>.</para>
-        /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationType = authenticationType.</para>
+        /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationScheme = authenticationScheme.</para>
         /// <para>UseTokenLifetime: true.</para>
         /// </remarks>
-        /// <param name="authenticationType"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationType property.</param>
+        /// <param name="authenticationScheme"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationScheme property.</param>
         [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions.set_Caption(System.String)", Justification = "Not a LOC field")]
-        public OpenIdConnectAuthenticationOptions(string authenticationType)
+        public OpenIdConnectAuthenticationOptions(string authenticationScheme)
         {
-            AuthenticationMode = AuthenticationMode.Active;
-            AuthenticationType = authenticationType;
+            // REVIEW: why was this active by default??
+            //AuthenticationMode = AuthenticationMode.Active;
+            AuthenticationScheme = authenticationScheme;
             BackchannelTimeout = TimeSpan.FromMinutes(1);
             Caption = OpenIdConnectAuthenticationDefaults.Caption;
             ProtocolValidator = new OpenIdConnectProtocolValidator();
@@ -232,9 +233,9 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
         public string Scope { get; set; }
 
         /// <summary>
-        /// Gets or sets the AuthenticationType used when creating the <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// Gets or sets the AuthenticationScheme used when creating the <see cref="System.Security.Claims.ClaimsIdentity"/>.
         /// </summary>
-        public string SignInAsAuthenticationType
+        public string SignInScheme
         {
             get { return TokenValidationParameters.AuthenticationType; }
             set { TokenValidationParameters.AuthenticationType = value; }
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index b51eb59034..67711ac5ef 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -9,13 +9,13 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Security.OpenIdConnect
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// A per-request authentication handler for the OpenIdConnectAuthenticationMiddleware.
@@ -123,8 +123,8 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                 return;
             }
 
-            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            // Only redirect on challenges
+            if (ChallengeContext == null)
             {
                 return;
             }
@@ -343,7 +343,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
                     throw new InvalidOperationException("No SecurityTokenValidator found for token: " + openIdConnectMessage.IdToken);
                 }
 
-                ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationType);
+                ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
                 if (!string.IsNullOrWhiteSpace(openIdConnectMessage.SessionState))
                 {
                     ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = openIdConnectMessage.SessionState;
@@ -566,7 +566,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
             {
                 if (ticket.Principal != null)
                 {
-                    Request.HttpContext.Response.SignIn(ticket.Properties, ticket.Principal.Identities);
+                    Request.HttpContext.Response.SignIn(ticket.AuthenticationScheme, ticket.Principal, ticket.Properties);
                 }
 
                 // Redirect back to the original secured resource, if any.
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
index f5bfc6044a..ee19db0116 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.OpenIdConnect {
+namespace Microsoft.AspNet.Authentication.OpenIdConnect {
     using System;
     using System.Reflection;
 
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/Resources.resx
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
similarity index 90%
rename from src/Microsoft.AspNet.Security.OpenIdConnect/project.json
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index a02c8145f9..c25baafc3e 100644
--- a/src/Microsoft.AspNet.Security.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -1,7 +1,7 @@
 {
     "version": "1.0.0-*",
     "dependencies": {
-        "Microsoft.AspNet.Security": "1.0.0-*",
+        "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/AccessToken.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security.Twitter/Messages/AccessToken.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
index f935da72a7..2c3351453a 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Messages/AccessToken.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter.Messages
 {
     /// <summary>
     /// The Twitter access token retrieved from the access token endpoint.
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/RequestToken.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
similarity index 89%
rename from src/Microsoft.AspNet.Security.Twitter/Messages/RequestToken.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
index f801e555f7..51c5c08e4c 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Messages/RequestToken.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter.Messages
 {
     /// <summary>
     /// The Twitter request token obtained from the request token endpoint.
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Twitter/Messages/RequestTokenSerializer.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index 725dcc341f..b575c70ee1 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -4,10 +4,10 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Security.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter.Messages
 {
     /// <summary>
     /// Serializes and deserializes Twitter request and access tokens so that they can be used by other application components.
diff --git a/src/Microsoft.AspNet.Security.Twitter/Messages/Serializers.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
similarity index 85%
rename from src/Microsoft.AspNet.Security.Twitter/Messages/Serializers.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
index 3d2e1a458d..749abaa3fd 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Messages/Serializers.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Security.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter.Messages
 {
     /// <summary>
     /// Provides access to a request token serializer.
diff --git a/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj b/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj
similarity index 95%
rename from src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
rename to src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj
index e073a505c9..fb70dba2a4 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Microsoft.AspNet.Security.Twitter.kproj
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs
new file mode 100644
index 0000000000..c961a0c8f0
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Authentication.Twitter
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/ITwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
index 55fd548926..3bf685ec33 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="TwitterAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
index a328730ded..ffac976805 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
index 0c050d9e8d..9055c809d0 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
@@ -3,10 +3,10 @@
 
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
@@ -56,9 +56,9 @@ namespace Microsoft.AspNet.Security.Twitter
         public string AccessTokenSecret { get; private set; }
 
         /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user
+        /// Gets the <see cref="ClaimsPrincipal"/> representing the user
         /// </summary>
-        public ClaimsIdentity Identity { get; set; }
+        public ClaimsPrincipal Principal { get; set; }
 
         /// <summary>
         /// Gets or sets a property bag for common authentication properties
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
index 2c6ff19d5e..492dbb7f63 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// Default <see cref="ITwitterAuthenticationNotifications"/> implementation.
diff --git a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
index e420b5d1fb..a4eb87eede 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Notifications/TwitterReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// Provides context information to middleware providers.
diff --git a/src/Microsoft.AspNet.Security.Twitter/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security.Twitter/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Resources.Designer.cs
index deda3cc773..5e6c599ae4 100644
--- a/src/Microsoft.AspNet.Security.Twitter/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Security.Twitter {
+namespace Microsoft.AspNet.Authentication.Twitter {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Security.Twitter {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Security.Twitter.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Twitter.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Security.Twitter/Resources.resx b/src/Microsoft.AspNet.Authentication.Twitter/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security.Twitter/Resources.resx
rename to src/Microsoft.AspNet.Authentication.Twitter/Resources.resx
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
similarity index 69%
rename from src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
index 1f29a04b1a..aa1faa20fb 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     public static class TwitterAuthenticationDefaults
     {
-        public const string AuthenticationType = "Twitter";
+        public const string AuthenticationScheme = "Twitter";
     }
 }
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationExtensions.cs
similarity index 93%
rename from src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationExtensions.cs
index 5e97d82245..bff1897923 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationExtensions.cs
@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.Twitter;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 using System;
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
similarity index 86%
rename from src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index b16c4a2184..c6361295b0 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -11,13 +11,13 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Core.Collections;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.Twitter.Messages;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Twitter.Messages;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     internal class TwitterAuthenticationHandler : AuthenticationHandler<TwitterAuthenticationOptions>
     {
@@ -72,37 +72,38 @@ namespace Microsoft.AspNet.Security.Twitter
                 if (string.IsNullOrWhiteSpace(returnedToken))
                 {
                     _logger.WriteWarning("Missing oauth_token");
-                    return new AuthenticationTicket(null, properties);
+                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 if (returnedToken != requestToken.Token)
                 {
                     _logger.WriteWarning("Unmatched token");
-                    return new AuthenticationTicket(null, properties);
+                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 string oauthVerifier = query.Get("oauth_verifier");
                 if (string.IsNullOrWhiteSpace(oauthVerifier))
                 {
                     _logger.WriteWarning("Missing or blank oauth_verifier");
-                    return new AuthenticationTicket(null, properties);
+                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 AccessToken accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
 
                 var context = new TwitterAuthenticatedContext(Context, accessToken.UserId, accessToken.ScreenName, accessToken.Token, accessToken.TokenSecret);
 
-                context.Identity = new ClaimsIdentity(
-                    new[]
-                    {
-                        new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
-                        new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
-                        new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
-                        new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)
-                    },
-                    Options.AuthenticationType,
-                    ClaimsIdentity.DefaultNameClaimType,
-                    ClaimsIdentity.DefaultRoleClaimType);
+                context.Principal = new ClaimsPrincipal(
+                    new ClaimsIdentity(
+                        new[]
+                        {
+                            new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme),
+                            new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme),
+                            new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme),
+                            new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme)
+                        },
+                        Options.AuthenticationScheme,
+                        ClaimsIdentity.DefaultNameClaimType,
+                        ClaimsIdentity.DefaultRoleClaimType));
                 context.Properties = requestToken.Properties;
 
                 var cookieOptions = new CookieOptions
@@ -115,12 +116,12 @@ namespace Microsoft.AspNet.Security.Twitter
 
                 await Options.Notifications.Authenticated(context);
 
-                return new AuthenticationTicket(context.Identity, context.Properties);
+                return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
             }
             catch (Exception ex)
             {
                 _logger.WriteError("Authentication failed", ex);
-                return new AuthenticationTicket(null, properties);
+                return new AuthenticationTicket(properties, Options.AuthenticationScheme);
             }
         }
         protected override void ApplyResponseChallenge()
@@ -135,8 +136,8 @@ namespace Microsoft.AspNet.Security.Twitter
                 return;
             }
 
-            // Active middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
+            // Only redirect on challenges
+            if (ChallengeContext == null)
             {
                 return;
             }
@@ -195,26 +196,21 @@ namespace Microsoft.AspNet.Security.Twitter
 
             var context = new TwitterReturnEndpointContext(Context, model)
             {
-                SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
+                SignInScheme = Options.SignInScheme,
                 RedirectUri = model.Properties.RedirectUri
             };
             model.Properties.RedirectUri = null;
 
             await Options.Notifications.ReturnEndpoint(context);
 
-            if (context.SignInAsAuthenticationType != null && context.Identity != null)
+            if (context.SignInScheme != null && context.Principal != null)
             {
-                ClaimsIdentity signInIdentity = context.Identity;
-                if (!string.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
-                {
-                    signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType);
-                }
-                Context.Response.SignIn(context.Properties, signInIdentity);
+                Context.Response.SignIn(context.SignInScheme, context.Principal, context.Properties);
             }
 
             if (!context.IsRequestCompleted && context.RedirectUri != null)
             {
-                if (context.Identity == null)
+                if (context.Principal == null)
                 {
                     // add a redirect hint that sign-in failed in some way
                     context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 98cdbdf377..6869080921 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -5,16 +5,15 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.DataHandler.Encoder;
+using Microsoft.AspNet.Authentication.Twitter.Messages;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.DataHandler.Encoder;
-using Microsoft.AspNet.Security.Infrastructure;
-using Microsoft.AspNet.Security.Twitter.Messages;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// ASP.NET middleware for authenticating users using Twitter
@@ -61,20 +60,20 @@ namespace Microsoft.AspNet.Security.Twitter
             if (Options.StateDataFormat == null)
             {
                 IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(TwitterAuthenticationMiddleware).FullName, Options.AuthenticationType, "v1");
+                    typeof(TwitterAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v1");
                 Options.StateDataFormat = new SecureDataFormat<RequestToken>(
                     Serializers.RequestToken,
                     dataProtector,
                     TextEncodings.Base64Url);
             }
 
-            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                Options.SignInAsAuthenticationType = externalOptions.Options.SignInAsAuthenticationType;
+                Options.SignInScheme = externalOptions.Options.SignInScheme;
             }
-            if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
+            if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInAsAuthenticationType"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInScheme"));
             }
 
             _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
diff --git a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index 91207863d5..30e78f2765 100644
--- a/src/Microsoft.AspNet.Security.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -4,9 +4,9 @@
 using System;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Twitter.Messages;
+using Microsoft.AspNet.Authentication.Twitter.Messages;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// Options for the Twitter authentication middleware.
@@ -18,10 +18,9 @@ namespace Microsoft.AspNet.Security.Twitter
         /// </summary>
         public TwitterAuthenticationOptions()
         {
-            AuthenticationType = TwitterAuthenticationDefaults.AuthenticationType;
-            Caption = AuthenticationType;
+            AuthenticationScheme = TwitterAuthenticationDefaults.AuthenticationScheme;
+            Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-twitter");
-            AuthenticationMode = AuthenticationMode.Passive;
             BackchannelTimeout = TimeSpan.FromSeconds(60);
 #if ASPNET50
             // Twitter lists its valid Subject Key Identifiers at https://dev.twitter.com/docs/security/using-ssl
@@ -92,7 +91,7 @@ namespace Microsoft.AspNet.Security.Twitter
         /// <summary>
         /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
         /// </summary>
-        public string SignInAsAuthenticationType { get; set; }
+        public string SignInScheme { get; set; }
 
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
diff --git a/src/Microsoft.AspNet.Security.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
similarity index 90%
rename from src/Microsoft.AspNet.Security.Twitter/project.json
rename to src/Microsoft.AspNet.Authentication.Twitter/project.json
index b9eba0a305..059a8d2574 100644
--- a/src/Microsoft.AspNet.Security.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -2,7 +2,7 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Security": "1.0.0-*"
+        "Microsoft.AspNet.Authentication": "1.0.0-*"
     },
     "frameworks": {
         "aspnet50": {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
similarity index 83%
rename from src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 92b7889d58..f3d13d33fe 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -1,22 +1,19 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
 using System.Linq;
-using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Http.Interfaces.Security;
-using Microsoft.AspNet.Security.DataHandler.Encoder;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Interfaces.Authentication;
 using Microsoft.Framework.Logging;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Base class for the per-request work performed by most authentication middleware.
@@ -36,7 +33,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
         private AuthenticationOptions _baseOptions;
 
         protected IChallengeContext ChallengeContext { get; set; }
-        protected SignInIdentityContext SignInIdentityContext { get; set; }
+        protected SignInContext SignInContext { get; set; }
         protected ISignOutContext SignOutContext { get; set; }
 
         protected HttpContext Context { get; private set; }
@@ -58,6 +55,8 @@ namespace Microsoft.AspNet.Security.Infrastructure
             get { return _baseOptions; }
         }
 
+        internal bool AuthenticateCalled { get; set; }
+
         public IAuthenticationHandler PriorHandler { get; set; }
 
         public bool Faulted { get; set; }
@@ -73,18 +72,6 @@ namespace Microsoft.AspNet.Security.Infrastructure
             Response.OnSendingHeaders(OnSendingHeaderCallback, this);
 
             await InitializeCoreAsync();
-
-            if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
-            {
-                AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket != null)
-                {
-                    if ( ticket.Identity != null)
-                        SecurityHelper.AddUserIdentity(Context, ticket.Identity);
-                    else if (ticket.Principal != null)
-                        SecurityHelper.AddUserIdentity(Context, ticket.Principal.Identity);
-                }
-            }
         }
 
         private static void OnSendingHeaderCallback(object state)
@@ -144,28 +131,29 @@ namespace Microsoft.AspNet.Security.Infrastructure
             return Task.FromResult<bool>(false);
         }
 
-        public virtual void GetDescriptions(IAuthTypeContext authTypeContext)
+        public virtual void GetDescriptions(IDescribeSchemesContext describeContext)
         {
-            authTypeContext.Accept(BaseOptions.Description.Dictionary);
+            describeContext.Accept(BaseOptions.Description.Dictionary);
 
             if (PriorHandler != null)
             {
-                PriorHandler.GetDescriptions(authTypeContext);
+                PriorHandler.GetDescriptions(describeContext);
             }
         }
 
         public virtual void Authenticate(IAuthenticateContext context)
         {
-            if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
+            if (context.AuthenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal))
             {
                 AuthenticationTicket ticket = Authenticate();
-                if (ticket != null && ticket.Identity != null)
+                if (ticket != null && ticket.Principal != null)
                 {
-                    context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
+                    AuthenticateCalled = true;
+                    context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
                 }
                 else
                 {
-                    context.NotAuthenticated(BaseOptions.AuthenticationType, properties: null, description: BaseOptions.Description.Dictionary);
+                    context.NotAuthenticated(BaseOptions.AuthenticationScheme, properties: null, description: BaseOptions.Description.Dictionary);
                 }
             }
 
@@ -177,16 +165,17 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public virtual async Task AuthenticateAsync(IAuthenticateContext context)
         {
-            if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
+            if (context.AuthenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal))
             {
                 AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket != null && ticket.Identity != null)
+                if (ticket != null && ticket.Principal != null)
                 {
-                    context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
+                    AuthenticateCalled = true;
+                    context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
                 }
                 else
                 {
-                    context.NotAuthenticated(BaseOptions.AuthenticationType, properties: null, description: BaseOptions.Description.Dictionary);
+                    context.NotAuthenticated(BaseOptions.AuthenticationScheme, properties: null, description: BaseOptions.Description.Dictionary);
                 }
             }
 
@@ -325,12 +314,11 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public virtual void SignIn(ISignInContext context)
         {
-            ClaimsIdentity identity;
-            if (SecurityHelper.LookupSignIn(context.Identities, BaseOptions.AuthenticationType, out identity))
+            if (ShouldHandleScheme(context.AuthenticationScheme))
             {
-                SignInIdentityContext = new SignInIdentityContext(identity, new AuthenticationProperties(context.Properties));
+                SignInContext = new SignInContext(context.Principal, new AuthenticationProperties(context.Properties));
                 SignOutContext = null;
-                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+                context.Accept(BaseOptions.Description.Dictionary);
             }
 
             if (PriorHandler != null)
@@ -341,11 +329,11 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public virtual void SignOut(ISignOutContext context)
         {
-            if (SecurityHelper.LookupSignOut(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
+            if (ShouldHandleScheme(context.AuthenticationScheme))
             {
-                SignInIdentityContext = null;
+                SignInContext = null;
                 SignOutContext = context;
-                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+                context.Accept();
             }
 
             if (PriorHandler != null)
@@ -356,10 +344,10 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         public virtual void Challenge(IChallengeContext context)
         {
-            if (SecurityHelper.LookupChallenge(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
+            if (ShouldHandleScheme(context.AuthenticationSchemes))
             {
                 ChallengeContext = context;
-                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
+                context.Accept(BaseOptions.AuthenticationScheme, BaseOptions.Description.Dictionary);
             }
 
             if (PriorHandler != null)
@@ -370,6 +358,18 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         protected abstract void ApplyResponseChallenge();
 
+        public virtual bool ShouldHandleScheme(IEnumerable<string> authenticationSchemes)
+        {
+            return authenticationSchemes != null &&
+                authenticationSchemes.Any() &&
+                authenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal);
+        }
+
+        public virtual bool ShouldHandleScheme(string authenticationScheme)
+        {
+            return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal);
+        }
+
         /// <summary>
         /// Override this method to deal with 401 challenge concerns, if an authentication scheme in question
         /// deals an authentication interaction as part of it's request flow. (like adding a response header, or
@@ -384,7 +384,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
         {
-            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
+            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
 
             var nonceBytes = new byte[32];
             CryptoRandom.GetBytes(nonceBytes);
@@ -403,7 +403,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
 
         protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties, [NotNull] ILogger logger)
         {
-            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType;
+            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
 
             string correlationCookie = Request.Cookies[correlationKey];
             if (string.IsNullOrWhiteSpace(correlationCookie))
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
rename to src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
index 7d8fb07262..a70b11c60a 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler`1.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
@@ -1,11 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Base class for the per-request work performed by most authentication middleware.
@@ -21,7 +20,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
         /// <param name="options">The original options passed by the application control behavior</param>
         /// <param name="context">The utility object to observe the current request and response</param>
         /// <returns>async completion</returns>
-        internal Task Initialize(TOptions options, HttpContext context)
+        public Task Initialize(TOptions options, HttpContext context)
         {
             Options = options;
             return BaseInitializeAsync(options, context);
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index a703619de6..400a6e74ad 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
@@ -9,7 +8,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.RequestContainer;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions, new()
     {
@@ -31,7 +30,7 @@ namespace Microsoft.AspNet.Security.Infrastructure
             _services = services;
         }
 
-        public string AuthenticationType { get; set; }
+        public string AuthenticationScheme { get; set; }
 
         public TOptions Options { get; set; }
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
new file mode 100644
index 0000000000..09df9e5da1
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
@@ -0,0 +1,34 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http.Authentication;
+
+namespace Microsoft.AspNet.Authentication
+{
+    /// <summary>
+    /// Base Options for all authentication middleware
+    /// </summary>
+    public abstract class AuthenticationOptions
+    {
+        private string _authenticationScheme;
+
+        /// <summary>
+        /// The AuthenticationScheme in the options corresponds to the logical name for a particular authentication scheme. A different
+        /// value may be assigned in order to use the same authentication middleware type more than once in a pipeline.
+        /// </summary>
+        public string AuthenticationScheme
+        {
+            get { return _authenticationScheme; }
+            set
+            {
+                _authenticationScheme = value;
+                Description.AuthenticationScheme = value;
+            }
+        }
+
+        /// <summary>
+        /// Additional information about the authentication type which is made available to the application.
+        /// </summary>
+        public AuthenticationDescription Description { get; set; } = new AuthenticationDescription();
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
similarity index 59%
rename from src/Microsoft.AspNet.Security/AuthenticationTicket.cs
rename to src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
index 82128f10cd..c7fb43f9a9 100644
--- a/src/Microsoft.AspNet.Security/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Contains user identity information as well as additional authentication state.
@@ -14,23 +14,19 @@ namespace Microsoft.AspNet.Security
         /// <summary>
         /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
         /// </summary>
-        /// <param name="identity"></param>
-        /// <param name="properties"></param>
-        public AuthenticationTicket(ClaimsIdentity identity, AuthenticationProperties properties)
-        {
-            Identity = identity;
-            Properties = properties ?? new AuthenticationProperties();
-        }
+        /// <param name="properties">additional properties that can be consumed by the user or runtime.</param>
+        /// <param name="authenticationScheme">the authentication middleware that was responsible for this ticket.</param>
+        public AuthenticationTicket(AuthenticationProperties properties, string authenticationScheme) : this(null, properties, authenticationScheme) { }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
         /// </summary>
-        /// <param name="identity">the <see cref="ClaimsPrincipal"/> that represents the authenticated user.</param>
+        /// <param name="principal">the <see cref="ClaimsPrincipal"/> that represents the authenticated user.</param>
         /// <param name="properties">additional properties that can be consumed by the user or runtime.</param>
-        /// <param name="authenticationType">the authentication middleware that was responsible for this ticket.</param>
-        public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties properties, string authenticationType)
+        /// <param name="authenticationScheme">the authentication middleware that was responsible for this ticket.</param>
+        public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties properties, string authenticationScheme)
         {
-            AuthenticationType = authenticationType;
+            AuthenticationScheme = authenticationScheme;
             Principal = principal;
             Properties = properties ?? new AuthenticationProperties();
         }
@@ -38,12 +34,7 @@ namespace Microsoft.AspNet.Security
         /// <summary>
         /// Gets the authentication type.
         /// </summary>
-        public string AuthenticationType { get; private set; }
-
-        /// <summary>
-        /// Gets the authenticated user identity.
-        /// </summary>
-        public ClaimsIdentity Identity { get; private set; }
+        public string AuthenticationScheme { get; private set; }
 
         /// <summary>
         /// Gets the claims-principal with authenticated user identities.
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
rename to src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
index 47815bbcde..eed3ac761a 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenCreateContext.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
@@ -4,9 +4,9 @@
 
 using System;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     public class AuthenticationTokenCreateContext : BaseContext
     {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
rename to src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
index 7fb4fb4984..7d090346fc 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenProvider.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
@@ -5,7 +5,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     public class AuthenticationTokenProvider : IAuthenticationTokenProvider
     {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
rename to src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
index 2e68dc3080..ea8e854ef2 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationTokenReceiveContext.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     public class AuthenticationTokenReceiveContext : BaseContext
     {
diff --git a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
new file mode 100644
index 0000000000..5032e47fae
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
@@ -0,0 +1,112 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http.Interfaces.Authentication;
+
+namespace Microsoft.AspNet.Authentication
+{
+    /// <summary>
+    /// Base class for the per-request work performed by automatic authentication middleware.
+    /// </summary>
+    /// <typeparam name="TOptions">Specifies which type for of AutomaticAuthenticationOptions property</typeparam>
+    public abstract class AutomaticAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : AutomaticAuthenticationOptions
+    {
+        public virtual bool ShouldConvertChallengeToForbidden()
+        {
+            // Return 403 iff 401 and this handler's authenticate was called
+            // and the challenge is for the authentication type
+            return Response.StatusCode == 401 &&
+                AuthenticateCalled &&
+                ChallengeContext != null &&
+                ShouldHandleScheme(ChallengeContext.AuthenticationSchemes);
+        }
+
+        protected async override Task InitializeCoreAsync()
+        {
+            if (Options.AutomaticAuthentication)
+            {
+                AuthenticationTicket ticket = await AuthenticateAsync();
+                if (ticket != null && ticket.Principal != null)
+                {
+                    SecurityHelper.AddUserPrincipal(Context, ticket.Principal);
+                }
+            }
+        }
+
+        public override void SignOut(ISignOutContext context)
+        {
+            // Empty or null auth scheme is allowed for automatic Authentication
+            if (Options.AutomaticAuthentication && string.IsNullOrWhiteSpace(context.AuthenticationScheme))
+            {
+                SignInContext = null;
+                SignOutContext = context;
+                context.Accept();
+            }
+
+            base.SignOut(context);
+        }
+
+        public override void Challenge(IChallengeContext context)
+        {
+            // Null or Empty scheme allowed for automatic authentication
+            if (Options.AutomaticAuthentication && 
+                (context.AuthenticationSchemes == null || !context.AuthenticationSchemes.Any()))
+            {
+                ChallengeContext = context;
+                context.Accept(BaseOptions.AuthenticationScheme, BaseOptions.Description.Dictionary);
+            }
+
+            base.Challenge(context);
+        }
+
+        /// <summary>
+        /// Automatic Authentication Handlers can handle empty authentication schemes
+        /// </summary>
+        /// <returns></returns>
+        public override bool ShouldHandleScheme(IEnumerable<string> authenticationSchemes)
+        {
+            if (base.ShouldHandleScheme(authenticationSchemes))
+            {
+                return true;
+            }
+
+            return Options.AutomaticAuthentication &&
+                (authenticationSchemes == null || !authenticationSchemes.Any());
+        }
+
+        /// <summary>
+        /// Automatic Authentication Handlers can handle empty authentication schemes
+        /// </summary>
+        /// <returns></returns>
+        public override bool ShouldHandleScheme(string authenticationScheme)
+        {
+            if (base.ShouldHandleScheme(authenticationScheme))
+            {
+                return true;
+            }
+
+            return Options.AutomaticAuthentication && string.IsNullOrWhiteSpace(authenticationScheme);
+        }
+
+        /// <summary>
+        /// Override this method to deal with 401 challenge concerns, if an authentication scheme in question
+        /// deals an authentication interaction as part of it's request flow. (like adding a response header, or
+        /// changing the 401 result to 302 of a login page or external sign-in location.)
+        /// </summary>
+        /// <returns></returns>
+        protected override Task ApplyResponseChallengeAsync()
+        {
+            // If authenticate was called and the the status is still 401, authZ failed so set 403 and stop
+            if (ShouldConvertChallengeToForbidden())
+            {
+                Response.StatusCode = 403;
+                return Task.FromResult(0);
+            }
+            return base.ApplyResponseChallengeAsync();
+        }
+
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs
new file mode 100644
index 0000000000..53af209846
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http.Authentication;
+
+namespace Microsoft.AspNet.Authentication
+{
+    /// <summary>
+    /// Base Options for all automatic authentication middleware
+    /// </summary>
+    public abstract class AutomaticAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// If true the authentication middleware alter the request user coming in and
+        /// alter 401 Unauthorized responses going out. If false the authentication middleware will only provide
+        /// identity and alter responses when explicitly indicated by the AuthenticationScheme.
+        /// </summary>
+        public bool AutomaticAuthentication { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
rename to src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
index 68cf5abd28..ca729b68f9 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
@@ -7,7 +7,7 @@ using System.Collections.Generic;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Provides pinned certificate validation based on the subject key identifier of the certificate.
diff --git a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
similarity index 99%
rename from src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
rename to src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
index 4ad5ee81c6..f2e5e9554c 100644
--- a/src/Microsoft.AspNet.Security/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
@@ -12,7 +12,7 @@ using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.Win32;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Implements a cert pinning validator passed on 
diff --git a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
rename to src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
index a276536a70..822b420140 100644
--- a/src/Microsoft.AspNet.Security/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
@@ -7,7 +7,7 @@ using System.Collections.Generic;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Provides pinned certificate validation based on the certificate thumbprint.
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs b/src/Microsoft.AspNet.Authentication/Constants.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
rename to src/Microsoft.AspNet.Authentication/Constants.cs
index 26cfa103ce..da3a23daab 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/Constants.cs
+++ b/src/Microsoft.AspNet.Authentication/Constants.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     internal static class Constants
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
index 9a208979d9..0a40564502 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64TextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
 {
     public class Base64TextEncoder : ITextEncoder
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
similarity index 93%
rename from src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
index b57fb51d9a..93dd1a057c 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
 {
     public class Base64UrlTextEncoder : ITextEncoder
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
similarity index 83%
rename from src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
index 6ee681475c..aeb577ec06 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/ITextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Security.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
 {
     public interface ITextEncoder
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
index 67b2333769..1b59cec5ce 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Encoder/TextEncodings.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Security.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
 {
     public static class TextEncodings
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
index eae66197fc..2e3f24e841 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/ISecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     public interface ISecureDataFormat<TData>
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
similarity index 69%
rename from src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
index 19a11a2522..1472dd427b 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.DataHandler.Encoder;
-using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.DataHandler.Encoder;
+using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Security.DataHandler
+namespace Microsoft.AspNet.Authentication.DataHandler
 {
     public class PropertiesDataFormat : SecureDataFormat<AuthenticationProperties>
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
index 0c314fbf2c..b7e240768b 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
@@ -4,10 +4,10 @@
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.DataHandler.Encoder;
-using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Authentication.DataHandler.Encoder;
+using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Security.DataHandler
+namespace Microsoft.AspNet.Authentication.DataHandler
 {
     public class SecureDataFormat<TData> : ISecureDataFormat<TData>
     {
@@ -62,4 +62,4 @@ namespace Microsoft.AspNet.Security.DataHandler
             }
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
similarity index 84%
rename from src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
index a1864b44d0..fd8e45fc8f 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/DataSerializers.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 {
     public static class DataSerializers
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
similarity index 83%
rename from src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
index 60bd25bdab..dc78d8c467 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/IDataSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Security.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 {
     public interface IDataSerializer<TModel>
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
index 66dcdfe3a9..836828cdaa 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
@@ -6,9 +6,9 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 {
     public class PropertiesSerializer : IDataSerializer<AuthenticationProperties>
     {
diff --git a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
similarity index 52%
rename from src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
index 9fe982ee82..9833dad54a 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
@@ -6,7 +6,7 @@ using System.IO;
 using System.Linq;
 using System.Security.Claims;
 
-namespace Microsoft.AspNet.Security.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 {
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
@@ -38,18 +38,24 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
         public static void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationTicket model)
         {
             writer.Write(FormatVersion);
-            ClaimsIdentity identity = model.Identity;
-            writer.Write(identity.AuthenticationType);
-            WriteWithDefault(writer, identity.NameClaimType, DefaultValues.NameClaimType);
-            WriteWithDefault(writer, identity.RoleClaimType, DefaultValues.RoleClaimType);
-            writer.Write(identity.Claims.Count());
-            foreach (var claim in identity.Claims)
+            writer.Write(model.AuthenticationScheme);
+            var principal = model.Principal;
+            writer.Write(principal.Identities.Count());
+            foreach (var identity in principal.Identities)
             {
-                WriteWithDefault(writer, claim.Type, identity.NameClaimType);
-                writer.Write(claim.Value);
-                WriteWithDefault(writer, claim.ValueType, DefaultValues.StringValueType);
-                WriteWithDefault(writer, claim.Issuer, DefaultValues.LocalAuthority);
-                WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+                var authenticationType = string.IsNullOrWhiteSpace(identity.AuthenticationType) ? string.Empty : identity.AuthenticationType;
+                writer.Write(authenticationType);
+                WriteWithDefault(writer, identity.NameClaimType, DefaultValues.NameClaimType);
+                WriteWithDefault(writer, identity.RoleClaimType, DefaultValues.RoleClaimType);
+                writer.Write(identity.Claims.Count());
+                foreach (var claim in identity.Claims)
+                {
+                    WriteWithDefault(writer, claim.Type, identity.NameClaimType);
+                    writer.Write(claim.Value);
+                    WriteWithDefault(writer, claim.ValueType, DefaultValues.StringValueType);
+                    WriteWithDefault(writer, claim.Issuer, DefaultValues.LocalAuthority);
+                    WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+                }
             }
             PropertiesSerializer.Write(writer, model.Properties);
         }
@@ -60,24 +66,29 @@ namespace Microsoft.AspNet.Security.DataHandler.Serializer
             {
                 return null;
             }
-
-            string authenticationType = reader.ReadString();
-            string nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
-            string roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
-            int count = reader.ReadInt32();
-            var claims = new Claim[count];
-            for (int index = 0; index != count; ++index)
+            string authenticationScheme = reader.ReadString();
+            int identityCount = reader.ReadInt32();
+            var identities = new ClaimsIdentity[identityCount];
+            for (int i = 0; i != identityCount; ++i)
             {
-                string type = ReadWithDefault(reader, nameClaimType);
-                string value = reader.ReadString();
-                string valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
-                string issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
-                string originalIssuer = ReadWithDefault(reader, issuer);
-                claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
+                string authenticationType = reader.ReadString();
+                string nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
+                string roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
+                int count = reader.ReadInt32();
+                var claims = new Claim[count];
+                for (int index = 0; index != count; ++index)
+                {
+                    string type = ReadWithDefault(reader, nameClaimType);
+                    string value = reader.ReadString();
+                    string valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
+                    string issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
+                    string originalIssuer = ReadWithDefault(reader, issuer);
+                    claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
+                }
+                identities[i] = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
             }
-            var identity = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
             var properties = PropertiesSerializer.Read(reader);
-            return new AuthenticationTicket(identity, properties);
+            return new AuthenticationTicket(new ClaimsPrincipal(identities), properties, authenticationScheme);
         }
 
         private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
diff --git a/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
similarity index 72%
rename from src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
index b54f166662..922f5c8c08 100644
--- a/src/Microsoft.AspNet.Security/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
@@ -1,12 +1,11 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Security.DataHandler.Encoder;
-using Microsoft.AspNet.Security.DataHandler.Serializer;
+using Microsoft.AspNet.Authentication.DataHandler.Encoder;
+using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Security.DataHandler
+namespace Microsoft.AspNet.Authentication.DataHandler
 {
     public class TicketDataFormat : SecureDataFormat<AuthenticationTicket>
     {
diff --git a/src/Microsoft.AspNet.Security/ExternalAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
similarity index 72%
rename from src/Microsoft.AspNet.Security/ExternalAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
index 671020b2b6..966e2cfe14 100644
--- a/src/Microsoft.AspNet.Security/ExternalAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
@@ -4,10 +4,10 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     public class ExternalAuthenticationOptions
     {
-        public string SignInAsAuthenticationType { get; set; }
+        public string SignInScheme { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
similarity index 82%
rename from src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
rename to src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
index 5ba7a9ce4f..2f6b0e4d34 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Core.Security;
-using Microsoft.AspNet.Http.Interfaces.Security;
+using Microsoft.AspNet.Http.Core.Authentication;
+using Microsoft.AspNet.Http.Interfaces.Authentication;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     internal static class HttpContextExtensions
     {
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
rename to src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
index 2edcb42b22..d0c2bf34cc 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/IAuthenticationTokenProvider.cs
+++ b/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
@@ -4,7 +4,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     public interface IAuthenticationTokenProvider
     {
diff --git a/src/Microsoft.AspNet.Security/ICertificateValidator.cs b/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security/ICertificateValidator.cs
rename to src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
index 26756324ff..fd20f70b3a 100644
--- a/src/Microsoft.AspNet.Security/ICertificateValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
@@ -6,7 +6,7 @@ using System;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Interface for providing pinned certificate validation, which checks HTTPS 
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs b/src/Microsoft.AspNet.Authentication/ISystemClock.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
rename to src/Microsoft.AspNet.Authentication/ISystemClock.cs
index 4f799dc98b..4748fb63ea 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/ISystemClock.cs
+++ b/src/Microsoft.AspNet.Authentication/ISystemClock.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Abstracts the system clock to facilitate testing.
diff --git a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj b/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj
similarity index 95%
rename from src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
rename to src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj
index 6262851a78..b1e2359004 100644
--- a/src/Microsoft.AspNet.Security/Microsoft.AspNet.Security.kproj
+++ b/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.OAuth/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication/NotNullAttribute.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security.OAuth/NotNullAttribute.cs
rename to src/Microsoft.AspNet.Authentication/NotNullAttribute.cs
index 3f56c41518..a307633176 100644
--- a/src/Microsoft.AspNet.Security.OAuth/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Authentication/NotNullAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.OAuth
+namespace Microsoft.AspNet.Authentication
 {
     [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
     internal sealed class NotNullAttribute : Attribute
diff --git a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
index 5d232426f6..16aa157517 100644
--- a/src/Microsoft.AspNet.Security/Notifications/AuthenticationFailedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
@@ -4,7 +4,7 @@
 using System;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public class AuthenticationFailedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
index 3ae13a76dc..11f65199cb 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
@@ -4,7 +4,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public abstract class BaseContext
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
similarity index 93%
rename from src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
index e0ad306265..184adfb3b0 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseContext`1.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
@@ -4,7 +4,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     /// <summary>
     /// Base class used for certain event contexts
diff --git a/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
index d1ea6fef75..1563dbb07e 100644
--- a/src/Microsoft.AspNet.Security/Notifications/BaseNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
@@ -4,7 +4,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public class BaseNotification<TOptions> : BaseContext<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
index fd8251e139..1671316d11 100644
--- a/src/Microsoft.AspNet.Security/Notifications/EndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
@@ -4,7 +4,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public abstract class EndpointContext : BaseContext
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
index 7b0b415e85..dde3a4fbb4 100644
--- a/src/Microsoft.AspNet.Security/Notifications/EndpointContext`1.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
@@ -4,7 +4,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     /// <summary>
     /// Base class used for certain event contexts
diff --git a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
index f583746c3c..08f6521c07 100644
--- a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public class MessageReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs b/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
similarity index 92%
rename from src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
index 78d6c85caa..993aa76186 100644
--- a/src/Microsoft.AspNet.Security/Notifications/NotificationResultState.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public enum NotificationResultState
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
similarity index 84%
rename from src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
index 768b384a9d..f883baf7da 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectFromIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public class RedirectFromIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
@@ -12,7 +12,7 @@ namespace Microsoft.AspNet.Security.Notifications
         {
         }
 
-        public string SignInAsAuthenticationType { get; set; }
+        public string SignInScheme { get; set; }
 
         public bool IsRequestCompleted { get; set; }
 
diff --git a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
index 524664d7ed..1c069b4e22 100644
--- a/src/Microsoft.AspNet.Security/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public class RedirectToIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
similarity index 77%
rename from src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
index 6d15d02fa2..344c56cccb 100644
--- a/src/Microsoft.AspNet.Security/Notifications/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
@@ -5,9 +5,9 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public abstract class ReturnEndpointContext : EndpointContext
     {
@@ -18,15 +18,15 @@ namespace Microsoft.AspNet.Security.Notifications
         {
             if (ticket != null)
             {
-                Identity = ticket.Identity;
+                Principal = ticket.Principal;
                 Properties = ticket.Properties;
             }
         }
 
-        public ClaimsIdentity Identity { get; set; }
+        public ClaimsPrincipal Principal { get; set; }
         public AuthenticationProperties Properties { get; set; }
 
-        public string SignInAsAuthenticationType { get; set; }
+        public string SignInScheme { get; set; }
 
         [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By design")]
         public string RedirectUri { get; set; }
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
similarity index 91%
rename from src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
index 7db29788a2..f7a0424447 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public class SecurityTokenReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
index bdef232a71..aad6d7e3a1 100644
--- a/src/Microsoft.AspNet.Security/Notifications/SecurityTokenValidatedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Notifications
+namespace Microsoft.AspNet.Authentication.Notifications
 {
     public class SecurityTokenValidatedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..b1dc46b068
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/Properties/Resources.Designer.cs
@@ -0,0 +1,78 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
+        /// </summary>
+        internal static string Exception_DefaultDpapiRequiresAppNameKey
+        {
+            get { return GetString("Exception_DefaultDpapiRequiresAppNameKey"); }
+        }
+
+        /// <summary>
+        /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
+        /// </summary>
+        internal static string FormatException_DefaultDpapiRequiresAppNameKey()
+        {
+            return GetString("Exception_DefaultDpapiRequiresAppNameKey");
+        }
+
+        /// <summary>
+        /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
+        /// </summary>
+        internal static string Exception_UnhookAuthenticationStateType
+        {
+            get { return GetString("Exception_UnhookAuthenticationStateType"); }
+        }
+
+        /// <summary>
+        /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
+        /// </summary>
+        internal static string FormatException_UnhookAuthenticationStateType()
+        {
+            return GetString("Exception_UnhookAuthenticationStateType");
+        }
+
+        /// <summary>
+        /// The AuthenticationTokenProvider's required synchronous events have not been registered.
+        /// </summary>
+        internal static string Exception_AuthenticationTokenDoesNotProvideSyncMethods
+        {
+            get { return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods"); }
+        }
+
+        /// <summary>
+        /// The AuthenticationTokenProvider's required synchronous events have not been registered.
+        /// </summary>
+        internal static string FormatException_AuthenticationTokenDoesNotProvideSyncMethods()
+        {
+            return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods");
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication/Resources.resx b/src/Microsoft.AspNet.Authentication/Resources.resx
new file mode 100644
index 0000000000..77060045e0
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/Resources.resx
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_DefaultDpapiRequiresAppNameKey" xml:space="preserve">
+    <value>The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.</value>
+  </data>
+  <data name="Exception_UnhookAuthenticationStateType" xml:space="preserve">
+    <value>The state passed to UnhookAuthentication may only be the return value from HookAuthentication.</value>
+  </data>
+  <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
+    <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
new file mode 100644
index 0000000000..1e73888c6a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Authentication
+{
+    /// <summary>
+    /// Helper code used when implementing authentication middleware
+    /// </summary>
+    public static class SecurityHelper
+    {
+        /// <summary>
+        /// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal
+        /// </summary>
+        /// <param name="identity"></param>
+        public static void AddUserPrincipal([NotNull] HttpContext context, [NotNull] ClaimsPrincipal principal)
+        {
+            ClaimsPrincipal existingPrincipal = context.User;
+            if (existingPrincipal != null)
+            {
+                foreach (var existingClaimsIdentity in existingPrincipal.Identities)
+                {
+                    // REVIEW: No longer use auth type for anything, so we could remove this check, except for the default one HttpContext.user creates
+                    // REVIEW: Need to ignore any identities that did not come from an authentication scheme?
+                    if (existingClaimsIdentity.IsAuthenticated)
+                    {
+                        principal.AddIdentity(existingClaimsIdentity);
+                    }
+                }
+            }
+            context.User = principal;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs b/src/Microsoft.AspNet.Authentication/SignInContext.cs
similarity index 53%
rename from src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
rename to src/Microsoft.AspNet.Authentication/SignInContext.cs
index 309e04892a..efe055ba83 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SignInIdentityContext.cs
+++ b/src/Microsoft.AspNet.Authentication/SignInContext.cs
@@ -2,19 +2,19 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
-    public class SignInIdentityContext
+    public class SignInContext
     {
-        public SignInIdentityContext(ClaimsIdentity identity, AuthenticationProperties properties)
+        public SignInContext(ClaimsPrincipal principal, AuthenticationProperties properties)
         {
-            Identity = identity;
+            Principal = principal;
             Properties = properties;
         }
 
-        public ClaimsIdentity Identity { get; private set; }
+        public ClaimsPrincipal Principal { get; private set; }
         public AuthenticationProperties Properties { get; private set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs b/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
rename to src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
index aefe5ef766..921abb9533 100644
--- a/src/Microsoft.AspNet.Security/SubjectPublicKeyInfoAlgorithm.cs
+++ b/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// The algorithm used to generate the subject public key information blob hashes.
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs b/src/Microsoft.AspNet.Authentication/SystemClock.cs
similarity index 94%
rename from src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs
rename to src/Microsoft.AspNet.Authentication/SystemClock.cs
index 0c800d3fd5..11c30564f8 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/SystemClock.cs
+++ b/src/Microsoft.AspNet.Authentication/SystemClock.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security.Infrastructure
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Provides access to the normal system clock.
diff --git a/src/Microsoft.AspNet.Security/Win32.cs b/src/Microsoft.AspNet.Authentication/Win32.cs
similarity index 100%
rename from src/Microsoft.AspNet.Security/Win32.cs
rename to src/Microsoft.AspNet.Authentication/Win32.cs
diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Authentication/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Security/project.json
rename to src/Microsoft.AspNet.Authentication/project.json
diff --git a/src/Microsoft.AspNet.Security/AuthorizationContext.cs b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security/AuthorizationContext.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
index 81d00bdc9d..4044b84f57 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
@@ -5,7 +5,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     /// <summary>
     /// Contains authorization information used by <see cref="IAuthorizationPolicyHandler"/>.
diff --git a/src/Microsoft.AspNet.Security/AuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security/AuthorizationHandler.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
index e1b27e8633..c05b55b9ce 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
@@ -4,7 +4,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public abstract class AuthorizationHandler<TRequirement> : IAuthorizationHandler
         where TRequirement : IAuthorizationRequirement
diff --git a/src/Microsoft.AspNet.Security/AuthorizationOptions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security/AuthorizationOptions.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
index 8a53e574d2..708ed1abc6 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationOptions
     {
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
similarity index 87%
rename from src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 924f9dbd2b..ca9fcc203a 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -5,18 +5,18 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationPolicy
     {
-        public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> activeAuthenticationTypes)
+        public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> activeAuthenticationSchemes)
         {
             Requirements = new List<IAuthorizationRequirement>(requirements).AsReadOnly();
-            ActiveAuthenticationTypes = new List<string>(activeAuthenticationTypes).AsReadOnly();
+            ActiveAuthenticationSchemes = new List<string>(activeAuthenticationSchemes).AsReadOnly();
         }
 
         public IReadOnlyList<IAuthorizationRequirement> Requirements { get; private set; }
-        public IReadOnlyList<string> ActiveAuthenticationTypes { get; private set; }
+        public IReadOnlyList<string> ActiveAuthenticationSchemes { get; private set; }
 
         public static AuthorizationPolicy Combine([NotNull] params AuthorizationPolicy[] policies)
         {
@@ -55,15 +55,15 @@ namespace Microsoft.AspNet.Security
                 var rolesSplit = authorizeAttribute.Roles?.Split(',');
                 if (rolesSplit != null && rolesSplit.Any())
                 {
-                    policyBuilder.RequiresRole(rolesSplit);
+                    policyBuilder.RequireRole(rolesSplit);
                     requireAnyAuthenticated = false;
                 }
-                string[] authTypesSplit = authorizeAttribute.ActiveAuthenticationTypes?.Split(',');
+                string[] authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
                 if (authTypesSplit != null && authTypesSplit.Any())
                 {
                     foreach (var authType in authTypesSplit)
                     {
-                        policyBuilder.ActiveAuthenticationTypes.Add(authType);
+                        policyBuilder.ActiveAuthenticationSchemes.Add(authType);
                     }
                 }
                 if (requireAnyAuthenticated)
diff --git a/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
similarity index 60%
rename from src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index bf97fbae2c..f2f24746c6 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -5,13 +5,13 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationPolicyBuilder
     {
-        public AuthorizationPolicyBuilder(params string[] activeAuthenticationTypes)
+        public AuthorizationPolicyBuilder(params string[] activeAuthenticationSchemes)
         {
-            AddAuthenticationTypes(activeAuthenticationTypes);
+            AddAuthenticationSchemes(activeAuthenticationSchemes);
         }
 
         public AuthorizationPolicyBuilder(AuthorizationPolicy policy)
@@ -20,13 +20,13 @@ namespace Microsoft.AspNet.Security
         }
 
         public IList<IAuthorizationRequirement> Requirements { get; set; } = new List<IAuthorizationRequirement>();
-        public IList<string> ActiveAuthenticationTypes { get; set; } = new List<string>();
+        public IList<string> ActiveAuthenticationSchemes { get; set; } = new List<string>();
 
-        public AuthorizationPolicyBuilder AddAuthenticationTypes(params string[] activeAuthTypes)
+        public AuthorizationPolicyBuilder AddAuthenticationSchemes(params string[] activeAuthTypes)
         {
             foreach (var authType in activeAuthTypes)
             {
-                ActiveAuthenticationTypes.Add(authType);
+                ActiveAuthenticationSchemes.Add(authType);
             }
             return this;
         }
@@ -42,17 +42,17 @@ namespace Microsoft.AspNet.Security
 
         public AuthorizationPolicyBuilder Combine([NotNull] AuthorizationPolicy policy)
         {
-            AddAuthenticationTypes(policy.ActiveAuthenticationTypes.ToArray());
+            AddAuthenticationSchemes(policy.ActiveAuthenticationSchemes.ToArray());
             AddRequirements(policy.Requirements.ToArray());
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType, params string[] requiredValues)
+        public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType, params string[] requiredValues)
         {
-            return RequiresClaim(claimType, (IEnumerable<string>)requiredValues);
+            return RequireClaim(claimType, (IEnumerable<string>)requiredValues);
         }
 
-        public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType, IEnumerable<string> requiredValues)
+        public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType, IEnumerable<string> requiredValues)
         {
             Requirements.Add(new ClaimsAuthorizationRequirement
             {
@@ -62,7 +62,7 @@ namespace Microsoft.AspNet.Security
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequiresClaim([NotNull] string claimType)
+        public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType)
         {
             Requirements.Add(new ClaimsAuthorizationRequirement
             {
@@ -72,14 +72,20 @@ namespace Microsoft.AspNet.Security
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequiresRole([NotNull] params string[] roles)
+        public AuthorizationPolicyBuilder RequireRole([NotNull] params string[] roles)
         {
-            return RequiresRole((IEnumerable<string>)roles);
+            return RequireRole((IEnumerable<string>)roles);
         }
 
-        public AuthorizationPolicyBuilder RequiresRole([NotNull] IEnumerable<string> roles)
+        public AuthorizationPolicyBuilder RequireRole([NotNull] IEnumerable<string> roles)
         {
-            RequiresClaim(ClaimTypes.Role, roles);
+            RequireClaim(ClaimTypes.Role, roles);
+            return this;
+        }
+
+        public AuthorizationPolicyBuilder RequireUserName([NotNull] string userName)
+        {
+            RequireClaim(ClaimTypes.Name, userName);
             return this;
         }
 
@@ -91,7 +97,7 @@ namespace Microsoft.AspNet.Security
 
         public AuthorizationPolicy Build()
         {
-            return new AuthorizationPolicy(Requirements, ActiveAuthenticationTypes.Distinct());
+            return new AuthorizationPolicy(Requirements, ActiveAuthenticationSchemes.Distinct());
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
similarity index 69%
rename from src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
index e3e416c897..595d88077e 100644
--- a/src/Microsoft.AspNet.Security/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
@@ -5,7 +5,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public static class AuthorizationServiceExtensions
     {
@@ -19,11 +19,12 @@ namespace Microsoft.AspNet.Security
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
         public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
         {
-            if (policy.ActiveAuthenticationTypes != null && policy.ActiveAuthenticationTypes.Any() && user != null)
-            {
-                // Filter the user to only contain the active authentication types
-                user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationTypes.Contains(i.AuthenticationType)));
-            }
+            // TODO RENABLE
+            //if (policy.ActiveAuthenticationSchemes != null && policy.ActiveAuthenticationSchemes.Any() && user != null)
+            //{
+            //    // Filter the user to only contain the active authentication types
+            //    user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationSchemes.Contains(i.AuthenticationScheme)));
+            //}
             return service.AuthorizeAsync(user, resource, policy.Requirements.ToArray());
         }
 
@@ -37,11 +38,12 @@ namespace Microsoft.AspNet.Security
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
         public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
         {
-            if (policy.ActiveAuthenticationTypes != null && policy.ActiveAuthenticationTypes.Any() && user != null)
-            {
-                // Filter the user to only contain the active authentication types
-                user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationTypes.Contains(i.AuthenticationType)));
-            }
+            // TODO: REeanble
+            //if (policy.ActiveAuthenticationSchemes != null && policy.ActiveAuthenticationSchemes.Any() && user != null)
+            //{
+            //    // Filter the user to only contain the active authentication types
+            //    user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationSchemes.Contains(i.AuthenticationScheme)));
+            //}
             return service.Authorize(user, resource, policy.Requirements.ToArray());
         }
 
diff --git a/src/Microsoft.AspNet.Security/AuthorizeAttribute.cs b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
similarity index 86%
rename from src/Microsoft.AspNet.Security/AuthorizeAttribute.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
index bdaefafbf1..15db20dbfd 100644
--- a/src/Microsoft.AspNet.Security/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
     public class AuthorizeAttribute : Attribute
@@ -20,6 +20,6 @@ namespace Microsoft.AspNet.Security
         // REVIEW: can we get rid of the , deliminated in Roles/AuthTypes
         public string Roles { get; set; }
 
-        public string ActiveAuthenticationTypes { get; set; }
+        public string ActiveAuthenticationSchemes { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
similarity index 96%
rename from src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
rename to src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
index 9aa95ef606..608b149363 100644
--- a/src/Microsoft.AspNet.Security/ClaimsAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Linq;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class ClaimsAuthorizationHandler : AuthorizationHandler<ClaimsAuthorizationRequirement>
     {
diff --git a/src/Microsoft.AspNet.Security/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
similarity index 93%
rename from src/Microsoft.AspNet.Security/ClaimsAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
index 8ec5e7c7e1..d13c9ecc95 100644
--- a/src/Microsoft.AspNet.Security/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
@@ -3,7 +3,7 @@
 
 using System.Collections.Generic;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     // Must contain a claim with the specified name, and at least one of the required values
     // If AllowedValues is null or empty, that means any claim is valid
diff --git a/src/Microsoft.AspNet.Security/ClaimsTransformationOptions.cs b/src/Microsoft.AspNet.Authorization/ClaimsTransformationOptions.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security/ClaimsTransformationOptions.cs
rename to src/Microsoft.AspNet.Authorization/ClaimsTransformationOptions.cs
index 4684ad69d0..da3a4a7bda 100644
--- a/src/Microsoft.AspNet.Security/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsTransformationOptions.cs
@@ -6,7 +6,7 @@ using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class ClaimsTransformationOptions
     {
diff --git a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
rename to src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index 943fbce9fb..d99f778d94 100644
--- a/src/Microsoft.AspNet.Security/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -7,7 +7,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.Framework.OptionsModel;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class DefaultAuthorizationService : IAuthorizationService
     {
diff --git a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
rename to src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
index 952ed30b86..4ce5d43ed3 100644
--- a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class DenyAnonymousAuthorizationHandler : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>
     {
diff --git a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
similarity index 77%
rename from src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
index 286d5fd69a..ecbee9b903 100644
--- a/src/Microsoft.AspNet.Security/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security;
+using Microsoft.AspNet.Authorization;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class DenyAnonymousAuthorizationRequirement : IAuthorizationRequirement { }
 }
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
similarity index 90%
rename from src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
rename to src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
index 82eea9ff2f..bcd0cdc2ba 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public interface IAuthorizationHandler
     {
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs
similarity index 85%
rename from src/Microsoft.AspNet.Security/IAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs
index bd25247df2..5aeef262e9 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public interface IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNet.Security/IAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
similarity index 98%
rename from src/Microsoft.AspNet.Security/IAuthorizationService.cs
rename to src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
index 317e1ae283..89215c7aaf 100644
--- a/src/Microsoft.AspNet.Security/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
@@ -4,7 +4,7 @@
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     /// <summary>
     /// Checks policy based permissions for a user
diff --git a/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.kproj b/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.kproj
new file mode 100644
index 0000000000..43b0607698
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.kproj
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>6ab3e514-5894-4131-9399-dc7d5284addb</ProjectGuid>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs b/src/Microsoft.AspNet.Authorization/NotNullAttribute.cs
similarity index 89%
rename from src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
rename to src/Microsoft.AspNet.Authorization/NotNullAttribute.cs
index 24f5509452..64ea6d5736 100644
--- a/src/Microsoft.AspNet.Security/Infrastructure/NotNullAttribute.cs
+++ b/src/Microsoft.AspNet.Authorization/NotNullAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
     internal sealed class NotNullAttribute : Attribute
diff --git a/src/Microsoft.AspNet.Security/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
similarity index 88%
rename from src/Microsoft.AspNet.Security/OperationAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
index e7e08d1959..64cd198ebc 100644
--- a/src/Microsoft.AspNet.Security/OperationAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class OperationAuthorizationRequirement : IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
rename to src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
index a2173f1e02..3ae506b2dc 100644
--- a/src/Microsoft.AspNet.Security/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
@@ -4,7 +4,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     public class PassThroughAuthorizationHandler : IAuthorizationHandler
     {
diff --git a/src/Microsoft.AspNet.Security/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Security/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
index 3490d3ea71..b8ab205960 100644
--- a/src/Microsoft.AspNet.Security/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authorization
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Security
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Security.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNet.Authorization.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
diff --git a/src/Microsoft.AspNet.Security/Resources.resx b/src/Microsoft.AspNet.Authorization/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Security/Resources.resx
rename to src/Microsoft.AspNet.Authorization/Resources.resx
diff --git a/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
similarity index 97%
rename from src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
rename to src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 2cb0f5aca5..9146c747b9 100644
--- a/src/Microsoft.AspNet.Security/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Security;
+using Microsoft.AspNet.Authorization;
 using Microsoft.Framework.ConfigurationModel;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
new file mode 100644
index 0000000000..978885f8e0
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -0,0 +1,13 @@
+{
+    "version": "1.0.0-*",
+    "description": "ASP.NET 5 authorization classes.",
+    "dependencies": {
+        "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.OptionsModel": "1.0.0-*"
+    },
+    "frameworks": {
+        "aspnet50": { },
+        "aspnetcore50": { }
+    }
+}
diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs
deleted file mode 100644
index 29f5827495..0000000000
--- a/src/Microsoft.AspNet.Security.OAuthBearer/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Security.OAuthBearer
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs b/src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs
deleted file mode 100644
index 0d6e98224d..0000000000
--- a/src/Microsoft.AspNet.Security.Twitter/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Security.Twitter
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Security/AuthenticationMode.cs b/src/Microsoft.AspNet.Security/AuthenticationMode.cs
deleted file mode 100644
index 2b36dc9734..0000000000
--- a/src/Microsoft.AspNet.Security/AuthenticationMode.cs
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNet.Security
-{
-    /// <summary>
-    /// Controls the behavior of authentication middleware
-    /// </summary>
-    public enum AuthenticationMode
-    {
-        /// <summary>
-        /// In Active mode the authentication middleware will alter the user identity as the request arrives, and
-        /// will also alter a plain 401 as the response leaves.
-        /// </summary>
-        Active,
-
-        /// <summary>
-        /// In Passive mode the authentication middleware will only provide user identity when asked, and will only
-        /// alter 401 responses where the authentication type named in the extra challenge data.
-        /// </summary>
-        Passive
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs b/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
deleted file mode 100644
index 411e134819..0000000000
--- a/src/Microsoft.AspNet.Security/AuthenticationOptions.cs
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http.Security;
-
-namespace Microsoft.AspNet.Security
-{
-    /// <summary>
-    /// Base Options for all authentication middleware
-    /// </summary>
-    public abstract class AuthenticationOptions
-    {
-        private string _authenticationType;
-
-        /// <summary>
-        /// The AuthenticationType in the options corresponds to the IIdentity AuthenticationType property. A different
-        /// value may be assigned in order to use the same authentication middleware type more than once in a pipeline.
-        /// </summary>
-        public string AuthenticationType
-        {
-            get { return _authenticationType; }
-            set
-            {
-                _authenticationType = value;
-                Description.AuthenticationType = value;
-            }
-        }
-
-        /// <summary>
-        /// If Active the authentication middleware alter the request user coming in and
-        /// alter 401 Unauthorized responses going out. If Passive the authentication middleware will only provide
-        /// identity and alter responses when explicitly indicated by the AuthenticationType.
-        /// </summary>
-        public AuthenticationMode AuthenticationMode { get; set; } = AuthenticationMode.Active;
-
-        /// <summary>
-        /// Additional information about the authentication type which is made available to the application.
-        /// </summary>
-        public AuthenticationDescription Description { get; set; } = new AuthenticationDescription();
-    }
-}
diff --git a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs b/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
deleted file mode 100644
index 876d5342f7..0000000000
--- a/src/Microsoft.AspNet.Security/Infrastructure/SecurityHelper.cs
+++ /dev/null
@@ -1,84 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Claims;
-using System.Security.Principal;
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Security.Infrastructure
-{
-    /// <summary>
-    /// Helper code used when implementing authentication middleware
-    /// </summary>
-    public static class SecurityHelper
-    {
-        /// <summary>
-        /// Add an additional ClaimsIdentity to the ClaimsPrincipal
-        /// </summary>
-        /// <param name="identity"></param>
-        public static void AddUserIdentity([NotNull] HttpContext context, [NotNull] IIdentity identity)
-        {
-            var newClaimsPrincipal = new ClaimsPrincipal(identity);
-
-            ClaimsPrincipal existingPrincipal = context.User;
-            if (existingPrincipal != null)
-            {
-                foreach (var existingClaimsIdentity in existingPrincipal.Identities)
-                {
-                    if (existingClaimsIdentity.IsAuthenticated)
-                    {
-                        newClaimsPrincipal.AddIdentity(existingClaimsIdentity);
-                    }
-                }
-            }
-            context.User = newClaimsPrincipal;
-        }
-
-        public static bool LookupChallenge(IEnumerable<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
-        {
-            bool challengeHasAuthenticationTypes = authenticationTypes != null && authenticationTypes.Any();
-            if (!challengeHasAuthenticationTypes)
-            {
-                return authenticationMode == AuthenticationMode.Active;
-            }
-            return authenticationTypes.Contains(authenticationType, StringComparer.Ordinal);
-        }
-
-        /// <summary>
-        /// Find response sign-in details for a specific authentication middleware
-        /// </summary>
-        /// <param name="authenticationType">The authentication type to look for</param>
-        public static bool LookupSignIn(IEnumerable<ClaimsIdentity> identities, string authenticationType, out ClaimsIdentity identity)
-        {
-            identity = null;
-            foreach (var claimsIdentity in identities)
-            {
-                if (string.Equals(authenticationType, claimsIdentity.AuthenticationType, StringComparison.Ordinal))
-                {
-                    identity = claimsIdentity;
-                    return true;
-                }
-            }
-            return false;
-        }
-
-        /// <summary>
-        /// Find response sign-out details for a specific authentication middleware
-        /// </summary>
-        /// <param name="authenticationType">The authentication type to look for</param>
-        /// <param name="authenticationMode">The authentication mode the middleware is running under</param>
-        public static bool LookupSignOut(IEnumerable<string> authenticationTypes, string authenticationType, AuthenticationMode authenticationMode)
-        {
-            bool singOutHasAuthenticationTypes = authenticationTypes != null && authenticationTypes.Any();
-            if (!singOutHasAuthenticationTypes)
-            {
-                return authenticationMode == AuthenticationMode.Active;
-            }
-            return authenticationTypes.Contains(authenticationType, StringComparer.Ordinal);            
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
new file mode 100644
index 0000000000..6bd62b2b8b
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -0,0 +1,110 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Http.Core;
+using Xunit;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class AuthenticationHandlerFacts
+    {
+        [Fact]
+        public void ShouldHandleSchemeAreDeterminedOnlyByMatchingAuthenticationScheme()
+        {
+            var handler = new TestHandler("Alpha");
+
+            bool passiveNoMatch = handler.ShouldHandleScheme(new[] { "Beta", "Gamma" });
+
+            handler = new TestHandler("Alpha");
+
+            bool passiveWithMatch = handler.ShouldHandleScheme(new[] { "Beta", "Alpha" });
+
+            Assert.False(passiveNoMatch);
+            Assert.True(passiveWithMatch);
+        }
+
+        [Fact]
+        public void AutomaticHandlerInAutomaticModeHandlesEmptyChallenges()
+        {
+            var handler = new TestAutoHandler("ignored", true);
+            Assert.True(handler.ShouldHandleScheme(new string[0]));
+        }
+
+        [Fact]
+        public void AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
+        {
+            var handler = new TestAutoHandler("Alpha", true);
+            Assert.True(handler.ShouldHandleScheme(new string[] { "Alpha" }));
+        }
+
+        [Fact]
+        public void AutomaticHandlerShouldNotHandleChallengeWhenSchemeDoesNotMatches()
+        {
+            var handler = new TestAutoHandler("Dog", true);
+            Assert.False(handler.ShouldHandleScheme(new string[] { "Alpha" }));
+        }
+
+        [Fact]
+        public void AutomaticHandlerShouldNotHandleChallengeWhenSchemesNotEmpty()
+        {
+            var handler = new TestAutoHandler(null, true);
+            Assert.False(handler.ShouldHandleScheme(new string[] { "Alpha" }));
+        }
+
+        private class TestHandler : AuthenticationHandler<AuthenticationOptions>
+        {
+            public TestHandler(string scheme)
+            {
+                Initialize(new TestOptions(), new DefaultHttpContext());
+                Options.AuthenticationScheme = scheme;
+            }
+
+            protected override void ApplyResponseChallenge()
+            {
+                throw new NotImplementedException();
+            }
+
+            protected override void ApplyResponseGrant()
+            {
+                throw new NotImplementedException();
+            }
+
+            protected override AuthenticationTicket AuthenticateCore()
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class TestOptions : AuthenticationOptions { }
+
+        private class TestAutoOptions : AutomaticAuthenticationOptions { }
+
+        private class TestAutoHandler : AutomaticAuthenticationHandler<AutomaticAuthenticationOptions>
+        {
+            public TestAutoHandler(string scheme, bool auto)
+            {
+                Initialize(new TestAutoOptions(), new DefaultHttpContext());
+                Options.AuthenticationScheme = scheme;
+                Options.AutomaticAuthentication = auto;
+            }
+
+            protected override void ApplyResponseChallenge()
+            {
+                throw new NotImplementedException();
+            }
+
+            protected override void ApplyResponseGrant()
+            {
+                throw new NotImplementedException();
+            }
+
+            protected override AuthenticationTicket AuthenticateCore()
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/CertificateSubjectKeyIdentifierValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
similarity index 99%
rename from test/Microsoft.AspNet.Security.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
index 4771b98308..f52e6f4aee 100644
--- a/test/Microsoft.AspNet.Security.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
@@ -7,7 +7,7 @@ using System.Security.Cryptography.X509Certificates;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     public class CertificateSubjectKeyIdentifierValidatorTests
     {
diff --git a/test/Microsoft.AspNet.Security.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
similarity index 99%
rename from test/Microsoft.AspNet.Security.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
index 28270cd480..13b9a900a0 100644
--- a/test/Microsoft.AspNet.Security.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
@@ -7,7 +7,7 @@ using System.Security.Cryptography.X509Certificates;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     public class CertificateSubjectPublicKeyInfoValidatorTests
     {
diff --git a/test/Microsoft.AspNet.Security.Test/CertificateThumbprintValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
similarity index 99%
rename from test/Microsoft.AspNet.Security.Test/CertificateThumbprintValidatorTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
index 82e4a3a3dc..145e883dc2 100644
--- a/test/Microsoft.AspNet.Security.Test/CertificateThumbprintValidatorTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
@@ -7,7 +7,7 @@ using System.Security.Cryptography.X509Certificates;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     public class CertificateThumbprintValidatorTests
     {
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
similarity index 83%
rename from test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index c66d571b28..c1d5a0c329 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -14,13 +14,13 @@ using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     public class CookieMiddlewareTests
     {
@@ -69,9 +69,23 @@ namespace Microsoft.AspNet.Security.Cookies
 
         private Task SignInAsAlice(HttpContext context)
         {
-            context.Response.SignIn(
-                new AuthenticationProperties(),
-                new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")));
+            context.Response.SignIn("Cookies",
+                new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
+                new AuthenticationProperties());
+            return Task.FromResult<object>(null);
+        }
+
+        private Task SignInAsWrong(HttpContext context)
+        {
+            context.Response.SignIn("Oops",
+                new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
+                new AuthenticationProperties());
+            return Task.FromResult<object>(null);
+        }
+
+        private Task SignOutAsWrong(HttpContext context)
+        {
+            context.Response.SignOut("Oops");
             return Task.FromResult<object>(null);
         }
 
@@ -95,6 +109,30 @@ namespace Microsoft.AspNet.Security.Cookies
             setCookie.ShouldNotContain("; secure");
         }
 
+        [Fact]
+        public async Task SignInWrongAuthTypeThrows()
+        {
+            TestServer server = CreateServer(options =>
+            {
+                options.LoginPath = new PathString("/login");
+                options.CookieName = "TestCookie";
+            }, SignInAsWrong);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
+        }
+
+        [Fact]
+        public async Task SignOutWrongAuthTypeThrows()
+        {
+            TestServer server = CreateServer(options =>
+            {
+                options.LoginPath = new PathString("/login");
+                options.CookieName = "TestCookie";
+            }, SignOutAsWrong);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
+        }
+
         [Theory]
         [InlineData(CookieSecureOption.Always, "http://example.com/testpath", true)]
         [InlineData(CookieSecureOption.Always, "https://example.com/testpath", true)]
@@ -226,10 +264,10 @@ namespace Microsoft.AspNet.Security.Cookies
             },
             context =>
             {
-                context.Response.SignIn(
-                    new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) },
-                    new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")));
-                return Task.FromResult<object>(null);
+                context.Response.SignIn("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
+                    new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) });
+                    return Task.FromResult<object>(null);
             });
 
             Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -355,7 +393,8 @@ namespace Microsoft.AspNet.Security.Cookies
             context =>
             {
                 Assert.Equal(new PathString("/base"), context.Request.PathBase);
-                context.Response.SignIn(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")));
+                context.Response.SignIn("Cookies", 
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
                 return Task.FromResult<object>(null);
             },
             new Uri("http://example.com/base"));
@@ -364,6 +403,39 @@ namespace Microsoft.AspNet.Security.Cookies
             Assert.True(transaction1.SetCookie.Contains("path=/base"));
         }
 
+        [Fact]
+        public async Task CookieTurns401To403IfAuthenticated()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+            }, 
+            SignInAsAlice);
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+
+            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+        }
+
+        [Fact]
+        public async Task CookieDoesNothingTo401IfNotAuthenticated()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+            });
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+
+            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+        }
+
         private static string FindClaimValue(Transaction transaction, string claimType)
         {
             XElement claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
@@ -404,13 +476,19 @@ namespace Microsoft.AspNet.Security.Cookies
                     {
                         res.StatusCode = 401;
                     }
+                    else if (req.Path == new PathString("/unauthorized"))
+                    {
+                        // Simulate Authorization failure 
+                        var result = await context.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                        res.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
+                    }
                     else if (req.Path == new PathString("/protected/CustomRedirect"))
                     {
                         context.Response.Challenge(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
                     }
                     else if (req.Path == new PathString("/me"))
                     {
-                        Describe(res, new AuthenticationResult(context.User.Identity, new AuthenticationProperties(), new AuthenticationDescription()));
+                        Describe(res, new AuthenticationResult(context.User, new AuthenticationProperties(), new AuthenticationDescription()));
                     }
                     else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
                     {
@@ -436,9 +514,9 @@ namespace Microsoft.AspNet.Security.Cookies
             res.StatusCode = 200;
             res.ContentType = "text/xml";
             var xml = new XElement("xml");
-            if (result != null && result.Identity != null)
+            if (result != null && result.Principal != null)
             {
-                xml.Add(result.Identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+                xml.Add(result.Principal.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
             }
             if (result != null && result.Properties != null)
             {
diff --git a/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
similarity index 99%
rename from test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 04bbadf68a..c4014ad77e 100644
--- a/test/Microsoft.AspNet.Security.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -7,7 +7,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Core;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 {
     public class CookieChunkingTests
     {
diff --git a/test/Microsoft.AspNet.Security.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
similarity index 94%
rename from test/Microsoft.AspNet.Security.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
index be97f2f12c..8183f38798 100644
--- a/test/Microsoft.AspNet.Security.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
@@ -4,7 +4,7 @@
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
 {
     public class Base64UrlTextEncoderTests
     {
diff --git a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
similarity index 94%
rename from test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 42137b1426..a0a5558e81 100644
--- a/test/Microsoft.AspNet.Security.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -14,7 +14,7 @@ using Microsoft.Framework.DependencyInjection;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Facebook
+namespace Microsoft.AspNet.Authentication.Facebook
 {
     public class FacebookMiddlewareTests
     {
@@ -41,11 +41,11 @@ namespace Microsoft.AspNet.Security.Facebook
                         });
                         services.ConfigureCookieAuthentication(options =>
                         {
-                            options.AuthenticationType = "External";
+                            options.AuthenticationScheme = "External";
                         });
                         services.Configure<ExternalAuthenticationOptions>(options =>
                         {
-                            options.SignInAsAuthenticationType = "External";
+                            options.SignInScheme = "External";
                         });
                     });
                     app.UseFacebookAuthentication();
@@ -78,11 +78,11 @@ namespace Microsoft.AspNet.Security.Facebook
                         });
                         services.ConfigureCookieAuthentication(options =>
                         {
-                            options.AuthenticationType = "External";
+                            options.AuthenticationScheme = "External";
                         });
                         services.Configure<ExternalAuthenticationOptions>(options =>
                         {
-                            options.SignInAsAuthenticationType = "External";
+                            options.SignInScheme = "External";
                         });
                     });
                     app.UseFacebookAuthentication();
diff --git a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
similarity index 88%
rename from test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index e019512f7f..13876a0aed 100644
--- a/test/Microsoft.AspNet.Security.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -11,24 +11,22 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
+using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataHandler;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.OptionsModel;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Google
+namespace Microsoft.AspNet.Authentication.Google
 {
     public class GoogleMiddlewareTests
     {
-        private const string CookieAuthenticationType = "Cookie";
+        private const string CookieAuthenticationScheme = "Cookie";
 
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
@@ -52,25 +50,6 @@ namespace Microsoft.AspNet.Security.Google
             location.ShouldNotContain("login_hint=");
         }
 
-        [Fact]
-        public async Task Challenge401WillTriggerRedirection()
-        {
-            var server = CreateServer(options =>
-            {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.AuthenticationMode = AuthenticationMode.Active;
-            });
-            var transaction = await SendAsync(server, "https://example.com/401");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            var location = transaction.Response.Headers.Location.ToString();
-            location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
-            location.ShouldContain("&client_id=");
-            location.ShouldContain("&redirect_uri=");
-            location.ShouldContain("&scope=");
-            location.ShouldContain("&state=");
-        }
-
         [Fact]
         public async Task ChallengeWillSetCorrelationCookie()
         {
@@ -84,20 +63,6 @@ namespace Microsoft.AspNet.Security.Google
             transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
         }
 
-        [Fact]
-        public async Task Challenge401WillSetCorrelationCookie()
-        {
-            var server = CreateServer(options =>
-            {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.AuthenticationMode = AuthenticationMode.Active;
-            });
-            var transaction = await SendAsync(server, "https://example.com/401");
-            Console.WriteLine(transaction.SetCookie);
-            transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
-        }
-
         [Fact]
         public async Task ChallengeWillSetDefaultScope()
         {
@@ -105,7 +70,6 @@ namespace Microsoft.AspNet.Security.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.AuthenticationMode = AuthenticationMode.Active;
             });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -113,21 +77,6 @@ namespace Microsoft.AspNet.Security.Google
             query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
         }
 
-        [Fact]
-        public async Task Challenge401WillSetDefaultScope()
-        {
-            var server = CreateServer(options =>
-            {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.AuthenticationMode = AuthenticationMode.Active;
-            });
-            var transaction = await SendAsync(server, "https://example.com/401");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
-        }
-
         [Fact]
         public async Task ChallengeWillUseOptionsScope()
         {
@@ -400,7 +349,7 @@ namespace Microsoft.AspNet.Security.Google
                     OnAuthenticated = context =>
                         {
                             var refreshToken = context.RefreshToken;
-                            context.Identity.AddClaim(new Claim("RefreshToken", refreshToken));
+                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken) }, "Google"));
                             return Task.FromResult<object>(null);
                         }
                 };
@@ -470,10 +419,10 @@ namespace Microsoft.AspNet.Security.Google
                     services.AddDataProtection();
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
-                        options.SignInAsAuthenticationType = CookieAuthenticationType;
+                        options.SignInScheme = CookieAuthenticationScheme;
                     });
                 });
-                app.UseCookieAuthentication(options => options.AuthenticationType = CookieAuthenticationType);
+                app.UseCookieAuthentication(options => options.AuthenticationScheme = CookieAuthenticationScheme);
                 app.UseGoogleAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
@@ -486,7 +435,7 @@ namespace Microsoft.AspNet.Security.Google
                     }
                     else if (req.Path == new PathString("/me"))
                     {
-                        Describe(res, (ClaimsIdentity)context.User.Identity);
+                        Describe(res, context.User);
                     }
                     else if (req.Path == new PathString("/401"))
                     {
@@ -504,14 +453,17 @@ namespace Microsoft.AspNet.Security.Google
             });
         }
 
-        private static void Describe(HttpResponse res, ClaimsIdentity identity)
+        private static void Describe(HttpResponse res, ClaimsPrincipal user)
         {
             res.StatusCode = 200;
             res.ContentType = "text/xml";
             var xml = new XElement("xml");
-            if (identity != null)
+            if (user != null)
             {
-                xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+                foreach (var identity in user.Identities)
+                {
+                    xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+                }
             }
             using (var memory = new MemoryStream())
             {
diff --git a/test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj b/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.kproj
similarity index 100%
rename from test/Microsoft.AspNet.Security.Test/Microsoft.AspNet.Security.Tests.kproj
rename to test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.kproj
diff --git a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
similarity index 92%
rename from test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 0f3a9355c2..e7a8fccd3b 100644
--- a/test/Microsoft.AspNet.Security.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -11,21 +11,19 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
+using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.MicrosoftAccount;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.OptionsModel;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
+namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
 {
     public class MicrosoftAccountMiddlewareTests
     {
@@ -128,14 +126,14 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
                         OnAuthenticated = context =>
                         {
                             var refreshToken = context.RefreshToken;
-                            context.Identity.AddClaim(new Claim("RefreshToken", refreshToken));
+                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken) }));
                             return Task.FromResult<object>(null);
                         }
                     };
                 },
                 context =>
                 {
-                    Describe(context.Response, (ClaimsIdentity)context.User.Identity);
+                    Describe(context.Response, context.User);
                     return true;
                 });
             var properties = new AuthenticationProperties();
@@ -168,10 +166,10 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
                     services.AddDataProtection();
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
-                        options.SignInAsAuthenticationType = "External";
+                        options.SignInScheme = "External";
                     });
                 });
-                app.UseCookieAuthentication(options => options.AuthenticationType = "External");
+                app.UseCookieAuthentication(options => options.AuthenticationScheme = "External");
                 app.UseMicrosoftAccountAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {
@@ -218,14 +216,17 @@ namespace Microsoft.AspNet.Security.Tests.MicrosoftAccount
             return res;
         }
 
-        private static void Describe(HttpResponse res, ClaimsIdentity identity)
+        private static void Describe(HttpResponse res, ClaimsPrincipal principal)
         {
             res.StatusCode = 200;
             res.ContentType = "text/xml";
             var xml = new XElement("xml");
-            if (identity != null)
+            if (principal != null)
             {
-                xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+                foreach (var identity in principal.Identities)
+                {
+                    xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+                }
             }
             using (var memory = new MemoryStream())
             {
diff --git a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
similarity index 82%
rename from test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index 26f202e08e..ffbc1a0a4b 100644
--- a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -12,13 +12,13 @@ using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Notifications;
+using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.OAuthBearer
+namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     public class OAuthBearerMiddlewareTests
     {
@@ -60,7 +60,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
                 };
 
-            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(claims, notification.Options.AuthenticationType), new Http.Security.AuthenticationProperties());
+            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims)), new Http.Authentication.AuthenticationProperties(), notification.Options.AuthenticationScheme);
             notification.HandleResponse();
 
             return Task.FromResult<object>(null);
@@ -103,7 +103,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
                 };
 
-            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(claims, notification.Options.AuthenticationType), new Http.Security.AuthenticationProperties());
+            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)), new Http.Authentication.AuthenticationProperties(), notification.Options.AuthenticationScheme);
             notification.HandleResponse();
 
             return Task.FromResult<object>(null);
@@ -115,7 +115,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer
             var server = CreateServer(options =>
             {
                 options.Notifications.SecurityTokenValidated = SecurityTokenValidated;
-                options.SecurityTokenValidators = new List<ISecurityTokenValidator>{new BlobTokenValidator(options.AuthenticationType)};
+                options.SecurityTokenValidators = new List<ISecurityTokenValidator>{new BlobTokenValidator(options.AuthenticationScheme)};
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
@@ -131,7 +131,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
                 };
 
-            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(claims, notification.Options.AuthenticationType), new Http.Security.AuthenticationProperties());
+            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)), new Http.Authentication.AuthenticationProperties(), notification.Options.AuthenticationScheme);
             notification.HandleResponse();
 
             return Task.FromResult<object>(null);
@@ -154,15 +154,40 @@ namespace Microsoft.AspNet.Security.OAuthBearer
             return Task.FromResult<object>(null);
         }
 
+        [Fact]
+        public async Task BearerTurns401To403IfAuthenticated()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+            });
+
+            var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+        }
+
+
+        [Fact]
+        public async Task BearerDoesNothingTo401IfNotAuthenticated()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+            });
+
+            var response = await SendAsync(server, "http://example.com/unauthorized");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+        }
+
         class BlobTokenValidator : ISecurityTokenValidator
         {
 
-            public BlobTokenValidator(string authenticationType)
+            public BlobTokenValidator(string authenticationScheme)
             {
-                AuthenticationType = authenticationType;
+                AuthenticationScheme = authenticationScheme;
             }
 
-            public string AuthenticationType { get; set; }
+            public string AuthenticationScheme { get; set; }
 
             public bool CanValidateToken
             {
@@ -200,7 +225,7 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                         new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
                     };
 
-                return new ClaimsPrincipal(new ClaimsIdentity(claims, AuthenticationType));
+                return new ClaimsPrincipal(new ClaimsIdentity(claims, AuthenticationScheme));
             }
         }
 
@@ -224,6 +249,12 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                     if (req.Path == new PathString("/oauth"))
                     {
                     }
+                    else if (req.Path == new PathString("/unauthorized"))
+                    {
+                        // Simulate Authorization failure 
+                        var result = await context.AuthenticateAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
+                        res.Challenge(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
+                    }
                     else
                     {
                         await next();
diff --git a/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
similarity index 94%
rename from test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index d2d22a342c..725c2a0735 100644
--- a/test/Microsoft.AspNet.Security.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -16,17 +16,17 @@ using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.DataHandler;
-using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Tests.OpenIdConnect
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
     public class OpenIdConnectMiddlewareTests
     {
@@ -40,7 +40,7 @@ namespace Microsoft.AspNet.Security.Tests.OpenIdConnect
             {
                 options.Authority = "https://login.windows.net/common";
                 options.ClientId = "Test Id";
-                options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+                options.SignInScheme = OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
             });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -85,7 +85,7 @@ namespace Microsoft.AspNet.Security.Tests.OpenIdConnect
             {
                 options.Authority = "https://login.windows.net/common";
                 options.ClientId = "Test Id";
-                options.SignInAsAuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType;
+                options.SignInScheme = OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
                 options.Scope = "https://www.googleapis.com/auth/plus.login";
                 options.ResponseType = "id_token";
             });
@@ -185,13 +185,13 @@ namespace Microsoft.AspNet.Security.Tests.OpenIdConnect
                     services.AddDataProtection();
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
-                        options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+                        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     });
                 });
 
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationType = "OpenIdConnect";
+                    options.AuthenticationScheme = "OpenIdConnect";
                 });
                 app.UseOpenIdConnectAuthentication(configureOptions);
                 app.Use(async (context, next) =>
@@ -205,11 +205,12 @@ namespace Microsoft.AspNet.Security.Tests.OpenIdConnect
                     }
                     else if (req.Path == new PathString("/signin"))
                     {
-                        res.SignIn();
+                        // REVIEW: this used to just be res.SignIn()
+                        res.SignIn("OpenIdConnect", new ClaimsPrincipal());
                     }
                     else if (req.Path == new PathString("/signout"))
                     {
-                        res.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationType);
+                        res.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
                     }
                     else if (handler != null)
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
new file mode 100644
index 0000000000..3d75bd0a12
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
@@ -0,0 +1,63 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Security.Principal;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Core;
+using Microsoft.AspNet.Authentication;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class SecurityHelperTests
+    {
+        [Fact]
+        public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.User.ShouldNotBe(null);
+            context.User.Identity.IsAuthenticated.ShouldBe(false);
+
+            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), new string[0]));
+
+            context.User.ShouldNotBe(null);
+            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
+            context.User.Identity.Name.ShouldBe("Test1");
+
+            context.User.ShouldBeTypeOf<ClaimsPrincipal>();
+            context.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
+
+            ((ClaimsPrincipal)context.User).Identities.Count().ShouldBe(1);
+        }
+
+        [Fact]
+        public void AddingExistingIdentityChangesDefaultButPreservesPrior()
+        {
+            HttpContext context = new DefaultHttpContext();
+            context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
+
+            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
+            context.User.Identity.Name.ShouldBe("Test1");
+
+            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test2", "Beta"), new string[0]));
+
+            context.User.Identity.AuthenticationType.ShouldBe("Beta");
+            context.User.Identity.Name.ShouldBe("Test2");
+
+            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
+
+            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
+            context.User.Identity.Name.ShouldBe("Test3");
+
+            var principal = context.User;
+            principal.Identities.Count().ShouldBe(3);
+            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
+            principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
+            principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/TestClock.cs b/test/Microsoft.AspNet.Authentication.Test/TestClock.cs
similarity index 86%
rename from test/Microsoft.AspNet.Security.Test/TestClock.cs
rename to test/Microsoft.AspNet.Authentication.Test/TestClock.cs
index cd8f998397..1b7dd1be85 100644
--- a/test/Microsoft.AspNet.Security.Test/TestClock.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/TestClock.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Security.Infrastructure;
+using Microsoft.AspNet.Authentication;
 
-namespace Microsoft.AspNet.Security
+namespace Microsoft.AspNet.Authentication
 {
     public class TestClock : ISystemClock
     {
diff --git a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
similarity index 96%
rename from test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index cb98aef0ce..6b54b6cd94 100644
--- a/test/Microsoft.AspNet.Security.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -10,8 +10,8 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.Twitter;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
@@ -19,7 +19,7 @@ using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Twitter
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     public class TwitterMiddlewareTests
     {
@@ -115,12 +115,12 @@ namespace Microsoft.AspNet.Security.Twitter
                     services.AddDataProtection();
                     services.Configure<ExternalAuthenticationOptions>(options =>
                     {
-                        options.SignInAsAuthenticationType = "External";
+                        options.SignInScheme = "External";
                     });
                 });
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationType = "External";
+                    options.AuthenticationScheme = "External";
                 });
                 if (configure != null)
                 {
diff --git a/test/Microsoft.AspNet.Security.Test/katanatest.redmond.corp.microsoft.com.cer b/test/Microsoft.AspNet.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
similarity index 100%
rename from test/Microsoft.AspNet.Security.Test/katanatest.redmond.corp.microsoft.com.cer
rename to test/Microsoft.AspNet.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
new file mode 100644
index 0000000000..7d2a50c88e
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -0,0 +1,27 @@
+{
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
+    "dependencies": {
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.OAuthBearer": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.TestHost": "1.0.0-*",
+        "Moq": "4.2.1312.1622",
+        "xunit.runner.kre": "1.0.0-*"
+    },
+    "commands": {
+        "test": "xunit.runner.kre"
+    },
+    "frameworks": {
+        "aspnet50": {
+            "dependencies": {
+                "Shouldly": "1.1.1.1"
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/selfSigned.cer b/test/Microsoft.AspNet.Authentication.Test/selfSigned.cer
similarity index 100%
rename from test/Microsoft.AspNet.Security.Test/selfSigned.cer
rename to test/Microsoft.AspNet.Authentication.Test/selfSigned.cer
diff --git a/test/Microsoft.AspNet.Security.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
similarity index 67%
rename from test/Microsoft.AspNet.Security.Test/AuthorizationPolicyFacts.cs
rename to test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 57c71dde40..eae8502ae5 100644
--- a/test/Microsoft.AspNet.Security.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -2,9 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Linq;
+using Microsoft.AspNet.Authorization;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Test
+namespace Microsoft.AspNet.Authroization.Test
 {
     public class AuthorizationPolicyFacts
     {
@@ -14,21 +15,21 @@ namespace Microsoft.AspNet.Security.Test
             // Arrange
             var attributes = new AuthorizeAttribute[] {
                 new AuthorizeAttribute(),
-                new AuthorizeAttribute("1") { ActiveAuthenticationTypes = "dupe" },
-                new AuthorizeAttribute("2") { ActiveAuthenticationTypes = "dupe" },
-                new AuthorizeAttribute { Roles = "r1,r2", ActiveAuthenticationTypes = "roles" },
+                new AuthorizeAttribute("1") { ActiveAuthenticationSchemes = "dupe" },
+                new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" },
+                new AuthorizeAttribute { Roles = "r1,r2", ActiveAuthenticationSchemes = "roles" },
             };
             var options = new AuthorizationOptions();
-            options.AddPolicy("1", policy => policy.RequiresClaim("1"));
-            options.AddPolicy("2", policy => policy.RequiresClaim("2"));
+            options.AddPolicy("1", policy => policy.RequireClaim("1"));
+            options.AddPolicy("2", policy => policy.RequireClaim("2"));
 
             // Act
             var combined = AuthorizationPolicy.Combine(options, attributes);
 
             // Assert
-            Assert.Equal(2, combined.ActiveAuthenticationTypes.Count());
-            Assert.True(combined.ActiveAuthenticationTypes.Contains("dupe"));
-            Assert.True(combined.ActiveAuthenticationTypes.Contains("roles"));
+            Assert.Equal(2, combined.ActiveAuthenticationSchemes.Count());
+            Assert.True(combined.ActiveAuthenticationSchemes.Contains("dupe"));
+            Assert.True(combined.ActiveAuthenticationSchemes.Contains("roles"));
             Assert.Equal(4, combined.Requirements.Count());
             Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
             Assert.Equal(3, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
diff --git a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
similarity index 89%
rename from test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
rename to test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 9beae1c6d6..54a4e1a7c8 100644
--- a/test/Microsoft.AspNet.Security.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -10,7 +10,7 @@ using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.DependencyInjection.Fallback;
 using Xunit;
 
-namespace Microsoft.AspNet.Security.Test
+namespace Microsoft.AspNet.Authorization.Test
 {
     public class DefaultAuthorizationServiceTests
     {
@@ -41,7 +41,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
             var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
@@ -61,7 +61,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
             var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
@@ -81,7 +81,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -108,7 +108,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -134,7 +134,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage", "CanViewAnything"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -160,7 +160,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -186,7 +186,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -210,7 +210,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
 
@@ -229,7 +229,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
             var user = new ClaimsPrincipal(new ClaimsIdentity());
@@ -249,7 +249,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -291,8 +291,8 @@ namespace Microsoft.AspNet.Security.Test
         public async Task Authorize_CustomRolePolicy()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder().RequiresRole("Administrator")
-                .RequiresClaim(ClaimTypes.Role, "User");
+            var policy = new AuthorizationPolicyBuilder().RequireRole("Administrator")
+                .RequireClaim(ClaimTypes.Role, "User");
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
@@ -314,7 +314,7 @@ namespace Microsoft.AspNet.Security.Test
         public async Task Authorize_HasAnyClaimOfTypePolicy()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder().RequiresClaim(ClaimTypes.Role);
+            var policy = new AuthorizationPolicyBuilder().RequireClaim(ClaimTypes.Role);
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
@@ -332,10 +332,10 @@ namespace Microsoft.AspNet.Security.Test
         }
 
         [Fact]
-        public async Task Authorize_PolicyCanAuthenticationTypeWithNameClaim()
+        public async Task Authorize_PolicyCanAuthenticationSchemeWithNameClaim()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder("AuthType").RequiresClaim(ClaimTypes.Name);
+            var policy = new AuthorizationPolicyBuilder("AuthType").RequireClaim(ClaimTypes.Name);
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Name") }, "AuthType")
@@ -348,11 +348,11 @@ namespace Microsoft.AspNet.Security.Test
             Assert.True(allowed);
         }
 
-        [Fact]
-        public async Task Authorize_PolicyWillFilterAuthenticationType()
+        [Fact(Skip = "Filtering TBD")]
+        public async Task Authorize_PolicyWillFilterAuthenticationScheme()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder("Bogus").RequiresClaim(ClaimTypes.Name);
+            var policy = new AuthorizationPolicyBuilder("Bogus").RequireClaim(ClaimTypes.Name);
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Name") }, "AuthType")
@@ -365,11 +365,11 @@ namespace Microsoft.AspNet.Security.Test
             Assert.False(allowed);
         }
 
-        [Fact]
-        public async Task Authorize_PolicyCanFilterMultipleAuthenticationType()
+        [Fact(Skip = "Filtering TBD")]
+        public async Task Authorize_PolicyCanFilterMultipleAuthenticationScheme()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder("One", "Two").RequiresClaim(ClaimTypes.Name, "one").RequiresClaim(ClaimTypes.Name, "two");
+            var policy = new AuthorizationPolicyBuilder("One", "Two").RequireClaim(ClaimTypes.Name, "one").RequireClaim(ClaimTypes.Name, "two");
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal();
             user.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "one") }, "One"));
@@ -386,7 +386,7 @@ namespace Microsoft.AspNet.Security.Test
         public async Task RolePolicyCanRequireSingleRole()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder("AuthType").RequiresRole("Admin");
+            var policy = new AuthorizationPolicyBuilder("AuthType").RequireRole("Admin");
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, "Admin") }, "AuthType")
@@ -403,7 +403,7 @@ namespace Microsoft.AspNet.Security.Test
         public async Task RolePolicyCanRequireOneOfManyRoles()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder("AuthType").RequiresRole("Admin", "Users");
+            var policy = new AuthorizationPolicyBuilder("AuthType").RequireRole("Admin", "Users");
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, "Users") }, "AuthType"));
@@ -419,7 +419,7 @@ namespace Microsoft.AspNet.Security.Test
         public async Task RolePolicyCanBlockWrongRole()
         {
             // Arrange
-            var policy = new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage");
+            var policy = new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage");
             var authorizationService = BuildAuthorizationService();
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
@@ -444,7 +444,7 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequiresRole("Admin", "Users"));
+                    options.AddPolicy("Basic", policy => policy.RequireRole("Admin", "Users"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -487,6 +487,58 @@ namespace Microsoft.AspNet.Security.Test
             Assert.False(allowed);
         }
 
+        [Fact]
+        public async Task RequireUserNameFailsForWrongUserName()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    options.AddPolicy("Hao", policy => policy.RequireUserName("Hao"));
+                });
+            });
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim(ClaimTypes.Name, "Tek"),
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Any");
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        [Fact]
+        public async Task CanRequireUserName()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    options.AddPolicy("Hao", policy => policy.RequireUserName("Hao"));
+                });
+            });
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim(ClaimTypes.Name, "Hao"),
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Hao");
+
+            // Assert
+            Assert.True(allowed);
+        }
+
         [Fact]
         public async Task CanApproveAnyAuthenticatedUser()
         {
@@ -629,8 +681,8 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    var basePolicy = new AuthorizationPolicyBuilder().RequiresClaim("Base", "Value").Build();
-                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
+                    var basePolicy = new AuthorizationPolicyBuilder().RequireClaim("Base", "Value").Build();
+                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequireClaim("Claim", "Exists"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -656,8 +708,8 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    var basePolicy = new AuthorizationPolicyBuilder().RequiresClaim("Base", "Value").Build();
-                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
+                    var basePolicy = new AuthorizationPolicyBuilder().RequireClaim("Base", "Value").Build();
+                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequireClaim("Claim", "Exists"));
                 });
             });
             var user = new ClaimsPrincipal(
@@ -682,8 +734,8 @@ namespace Microsoft.AspNet.Security.Test
             {
                 services.ConfigureAuthorization(options =>
                 {
-                    var basePolicy = new AuthorizationPolicyBuilder().RequiresClaim("Base", "Value").Build();
-                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequiresClaim("Claim", "Exists"));
+                    var basePolicy = new AuthorizationPolicyBuilder().RequireClaim("Base", "Value").Build();
+                    options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequireClaim("Claim", "Exists"));
                 });
             });
             var user = new ClaimsPrincipal(
diff --git a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.kproj b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.kproj
new file mode 100644
index 0000000000..316cc51775
--- /dev/null
+++ b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.kproj
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>7af5ad96-eb6e-4d0e-8abe-c0b543c0f4c2</ProjectGuid>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
new file mode 100644
index 0000000000..68f39fe36e
--- /dev/null
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -0,0 +1,20 @@
+{
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
+    "dependencies": {
+        "Microsoft.AspNet.Authorization": "1.0.0-*",
+        "Moq": "4.2.1312.1622",
+        "xunit.runner.kre": "1.0.0-*"
+    },
+    "commands": {
+        "test": "xunit.runner.kre"
+    },
+    "frameworks": {
+        "aspnet50": {
+            "dependencies": {
+                "Shouldly": "1.1.1.1"
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
deleted file mode 100644
index dae0aed318..0000000000
--- a/test/Microsoft.AspNet.Security.Test/SecurityHelperTests.cs
+++ /dev/null
@@ -1,103 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Collections.Generic;
-using System.Linq;
-using System.Security.Claims;
-using System.Security.Principal;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Core;
-using Microsoft.AspNet.Security.Infrastructure;
-using Shouldly;
-using Xunit;
-
-namespace Microsoft.AspNet.Security
-{
-    public class SecurityHelperTests
-    {
-        [Fact]
-        public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
-        {
-            HttpContext context = new DefaultHttpContext();
-            context.User.ShouldNotBe(null);
-            context.User.Identity.IsAuthenticated.ShouldBe(false);
-
-            SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test1", "Alpha"));
-
-            context.User.ShouldNotBe(null);
-            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
-            context.User.Identity.Name.ShouldBe("Test1");
-
-            context.User.ShouldBeTypeOf<ClaimsPrincipal>();
-            context.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
-
-            ((ClaimsPrincipal)context.User).Identities.Count().ShouldBe(1);
-        }
-
-        [Fact]
-        public void AddingExistingIdentityChangesDefaultButPreservesPrior()
-        {
-            HttpContext context = new DefaultHttpContext();
-            context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
-
-            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
-            context.User.Identity.Name.ShouldBe("Test1");
-
-            SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test2", "Beta"));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Beta");
-            context.User.Identity.Name.ShouldBe("Test2");
-
-            SecurityHelper.AddUserIdentity(context, new GenericIdentity("Test3", "Gamma"));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
-            context.User.Identity.Name.ShouldBe("Test3");
-
-            var principal = context.User;
-            principal.Identities.Count().ShouldBe(3);
-            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
-            principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
-            principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
-        }
-
-        [Fact]
-        public void NoChallengesMeansLookupsAreDeterminedOnlyByActiveOrPassiveMode()
-        {
-            HttpContext context = new DefaultHttpContext();
-
-            bool activeNoChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Active);
-            bool passiveNoChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Passive);
-
-            context.Response.StatusCode = 401;
-
-            bool activeEmptyChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Active);
-            bool passiveEmptyChallenge = SecurityHelper.LookupChallenge(new string[0], "Alpha", AuthenticationMode.Passive);
-
-            Assert.True(activeNoChallenge);
-            Assert.False(passiveNoChallenge);
-            Assert.True(activeEmptyChallenge);
-            Assert.False(passiveEmptyChallenge);
-        }
-
-        [Fact]
-        public void WithChallengesMeansLookupsAreDeterminedOnlyByMatchingAuthenticationType()
-        {
-            HttpContext context = new DefaultHttpContext();
-            
-            IEnumerable<string> challengeTypes = new[] { "Beta", "Gamma" };
-
-            bool activeNoMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Active);
-            bool passiveNoMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Passive);
-
-            challengeTypes = new[] { "Beta", "Alpha" };
-
-            bool activeWithMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Active);
-            bool passiveWithMatch = SecurityHelper.LookupChallenge(challengeTypes, "Alpha", AuthenticationMode.Passive);
-
-            Assert.False(activeNoMatch);
-            Assert.False(passiveNoMatch);
-            Assert.True(activeWithMatch);
-            Assert.True(passiveWithMatch);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Security.Test/project.json b/test/Microsoft.AspNet.Security.Test/project.json
deleted file mode 100644
index 1ab85d5840..0000000000
--- a/test/Microsoft.AspNet.Security.Test/project.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
-        "Microsoft.AspNet.Security.Google": "1.0.0-*",
-        "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
-        "Microsoft.AspNet.Security.OAuthBearer": "1.0.0-*",
-        "Microsoft.AspNet.Security.OpenIdConnect": "1.0.0-*",
-        "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
-        "Microsoft.AspNet.TestHost": "1.0.0-*",
-        "Moq": "4.2.1312.1622",
-        "xunit.runner.kre": "1.0.0-*"
-    },
-    "commands": {
-        "test": "xunit.runner.kre"
-    },
-    "frameworks": {
-        "aspnet50": {
-            "dependencies": {
-                "Shouldly": "1.1.1.1"
-            }
-        }
-    }
-}

From d890f49fc0cab53829b628551749071d72fb2906 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 2 Mar 2015 17:43:59 -0800
Subject: [PATCH 162/900] Fix sln and kproj

---
 Security.sln                                  | 286 ++++++++++--------
 ...rosoft.AspNet.Authentication.Cookies.kproj |   2 +-
 ...osoft.AspNet.Authentication.Facebook.kproj |   2 +-
 ...crosoft.AspNet.Authentication.Google.kproj |   2 +-
 ...pNet.Authentication.MicrosoftAccount.kproj |   6 +-
 ...icrosoft.AspNet.Authentication.OAuth.kproj |   2 +-
 ....AspNet.Authentication.OpenIdConnect.kproj |   4 +-
 ...rosoft.AspNet.Authentication.Twitter.kproj |   2 +-
 .../Microsoft.AspNet.Authentication.kproj     |   2 +-
 9 files changed, 177 insertions(+), 131 deletions(-)

diff --git a/Security.sln b/Security.sln
index ccddd42c7a..7fb0467af4 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,46 +1,50 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.22422.0
+VisualStudioVersion = 14.0.22605.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security", "src\Microsoft.AspNet.Security\Microsoft.AspNet.Security.kproj", "{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}"
-EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Cookies", "src\Microsoft.AspNet.Security.Cookies\Microsoft.AspNet.Security.Cookies.kproj", "{15F1211B-B695-4A1C-B730-1AC58FC91090}"
-EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSample", "samples\CookieSample\CookieSample.kproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{7BF11F3A-60B6-4796-B504-579C67FFBA34}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Tests", "test\Microsoft.AspNet.Security.Test\Microsoft.AspNet.Security.Tests.kproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{C40A5A3B-ABA3-4819-9C44-D821E6DA1BA1}"
 	ProjectSection(SolutionItems) = preProject
 		global.json = global.json
 	EndProjectSection
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Facebook", "src\Microsoft.AspNet.Security.Facebook\Microsoft.AspNet.Security.Facebook.kproj", "{3984651C-FD44-4394-8793-3D14EE348C04}"
-EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "SocialSample", "samples\SocialSample\SocialSample.kproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Google", "src\Microsoft.AspNet.Security.Google\Microsoft.AspNet.Security.Google.kproj", "{89BF8535-A849-458E-868A-A68FCF620486}"
-EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.Twitter", "src\Microsoft.AspNet.Security.Twitter\Microsoft.AspNet.Security.Twitter.kproj", "{C96B77EA-4078-4C31-BDB2-878F11C5E061}"
-EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.MicrosoftAccount", "src\Microsoft.AspNet.Security.MicrosoftAccount\Microsoft.AspNet.Security.MicrosoftAccount.kproj", "{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}"
-EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.OAuth", "src\Microsoft.AspNet.Security.OAuth\Microsoft.AspNet.Security.OAuth.kproj", "{4A636011-68EE-4CE5-836D-EA8E13CF71E4}"
-EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSessionSample", "samples\CookieSessionSample\CookieSessionSample.kproj", "{19711880-46DA-4A26-9E0F-9B2E41D27651}"
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnectSample", "samples\OpenIdConnectSample\OpenIdConnectSample.kproj", "{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.OAuthBearer", "src\Microsoft.AspNet.Security.OAuthBearer\Microsoft.AspNet.Security.OAuthBearer.kproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Cookies", "src\Microsoft.AspNet.Authentication.Cookies\Microsoft.AspNet.Authentication.Cookies.kproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Security.OpenIdConnect", "src\Microsoft.AspNet.Security.OpenIdConnect\Microsoft.AspNet.Security.OpenIdConnect.kproj", "{674D128E-83BB-481A-A9D9-6D47872E1FC8}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication", "src\Microsoft.AspNet.Authentication\Microsoft.AspNet.Authentication.kproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Facebook", "src\Microsoft.AspNet.Authentication.Facebook\Microsoft.AspNet.Authentication.Facebook.kproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Google", "src\Microsoft.AspNet.Authentication.Google\Microsoft.AspNet.Authentication.Google.kproj", "{76579C39-B829-490D-B8BE-1BD35FE8412E}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnect", "src\Microsoft.AspNet.Authentication.OpenIdConnect\Microsoft.AspNet.Authentication.OpenIdConnect.kproj", "{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.MicrosoftAccount", "src\Microsoft.AspNet.Authentication.MicrosoftAccount\Microsoft.AspNet.Authentication.MicrosoftAccount.kproj", "{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Twitter", "src\Microsoft.AspNet.Authentication.Twitter\Microsoft.AspNet.Authentication.Twitter.kproj", "{0330FFF6-B4B5-42DD-8C99-26A789569000}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuth", "src\Microsoft.AspNet.Authentication.OAuth\Microsoft.AspNet.Authentication.OAuth.kproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Tests", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Tests.kproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuthBearer", "src\Microsoft.AspNet.Authentication.OAuthBearer\Microsoft.AspNet.Authentication.OAuthBearer.kproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Tests", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Tests.kproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization", "src\Microsoft.AspNet.Authorization\Microsoft.AspNet.Authorization.kproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -52,26 +56,6 @@ Global
 		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Any CPU.Build.0 = Release|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68}.Release|x86.ActiveCfg = Release|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Any CPU.Build.0 = Release|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{15F1211B-B695-4A1C-B730-1AC58FC91090}.Release|x86.ActiveCfg = Release|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -82,26 +66,6 @@ Global
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.ActiveCfg = Release|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.Build.0 = Release|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Any CPU.Build.0 = Release|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{3984651C-FD44-4394-8793-3D14EE348C04}.Release|x86.ActiveCfg = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -112,46 +76,6 @@ Global
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x86.ActiveCfg = Release|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Any CPU.Build.0 = Release|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{89BF8535-A849-458E-868A-A68FCF620486}.Release|x86.ActiveCfg = Release|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Any CPU.Build.0 = Release|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061}.Release|x86.ActiveCfg = Release|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C}.Release|x86.ActiveCfg = Release|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Any CPU.Build.0 = Release|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4}.Release|x86.ActiveCfg = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -174,6 +98,114 @@ Global
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.ActiveCfg = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.Build.0 = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x86.Build.0 = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Any CPU.Build.0 = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.ActiveCfg = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.Build.0 = Release|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|x86.Build.0 = Debug|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|x86.ActiveCfg = Release|Any CPU
+		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|x86.Build.0 = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x86.Build.0 = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x86.ActiveCfg = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x86.Build.0 = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x86.Build.0 = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x86.ActiveCfg = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x86.Build.0 = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x86.Build.0 = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x86.ActiveCfg = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x86.Build.0 = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x86.Build.0 = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Any CPU.Build.0 = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x86.ActiveCfg = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x86.Build.0 = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x86.Build.0 = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x86.ActiveCfg = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x86.Build.0 = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x86.Build.0 = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Any CPU.Build.0 = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x86.ActiveCfg = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x86.Build.0 = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.Build.0 = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.Build.0 = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -186,36 +218,50 @@ Global
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Debug|x86.Build.0 = Debug|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Any CPU.Build.0 = Release|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|x86.ActiveCfg = Release|Any CPU
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8}.Release|x86.Build.0 = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x86.Build.0 = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Any CPU.Build.0 = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x86.ActiveCfg = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x86.Build.0 = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x86.Build.0 = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.ActiveCfg = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
-		{0F174C63-1898-4024-9A3C-3FDF5CAE5C68} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{15F1211B-B695-4A1C-B730-1AC58FC91090} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
-		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
-		{3984651C-FD44-4394-8793-3D14EE348C04} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
-		{89BF8535-A849-458E-868A-A68FCF620486} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{C96B77EA-4078-4C31-BDB2-878F11C5E061} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{1FCF26C2-A3C7-4308-B698-4AFC3560BC0C} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{4A636011-68EE-4CE5-836D-EA8E13CF71E4} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{19711880-46DA-4A26-9E0F-9B2E41D27651} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{FC152CC4-054B-457E-8D91-389C5DE3C561} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{2286250A-52C8-4126-9F93-B1E45F0AD078} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{76579C39-B829-490D-B8BE-1BD35FE8412E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{0330FFF6-B4B5-42DD-8C99-26A789569000} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{1657C79E-7755-4AEE-9D61-571295B69A30} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{674D128E-83BB-481A-A9D9-6D47872E1FC8} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj b/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj
index 3480de791a..10ebb695f0 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>15f1211b-b695-4a1c-b730-1ac58fc91090</ProjectGuid>
+    <ProjectGuid>fc152cc4-054b-457e-8d91-389c5de3c561</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj b/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj
index ed5242e079..608a152e26 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>3984651c-fd44-4394-8793-3d14ee348c04</ProjectGuid>
+    <ProjectGuid>eeaaee68-607b-4e33-af3e-45c66b4dba5a</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj b/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj
index 6c85b04cef..36e2cade9a 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj
+++ b/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>89bf8535-a849-458e-868a-a68fcf620486</ProjectGuid>
+    <ProjectGuid>76579c39-b829-490d-b8be-1bd35fe8412e</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj
index 88701bdb38..5935b2a134 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>1fcf26c2-a3c7-4308-b698-4afc3560bc0c</ProjectGuid>
+    <ProjectGuid>acb45e19-f520-4d0c-8916-b0ceb9c017fe</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj b/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj
index 868328f6de..667114ea56 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>4a636011-68ee-4ce5-836d-ea8e13cf71e4</ProjectGuid>
+    <ProjectGuid>1657c79e-7755-4aee-9d61-571295b69a30</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj
index 6167f967f5..4b85e6378c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>674d128e-83bb-481a-a9d9-6d47872e1fc8</ProjectGuid>
+    <ProjectGuid>35115d55-b69e-46d4-bb33-c9e9e6ec5e7a</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
@@ -14,4 +14,4 @@
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj b/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj
index fb70dba2a4..5d8846c099 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>c96b77ea-4078-4c31-bdb2-878f11c5e061</ProjectGuid>
+    <ProjectGuid>0330fff6-b4b5-42dd-8c99-26a789569000</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj b/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj
index b1e2359004..b21c7af0ed 100644
--- a/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj
+++ b/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj
@@ -6,7 +6,7 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>0f174c63-1898-4024-9a3c-3fdf5cae5c68</ProjectGuid>
+    <ProjectGuid>2286250a-52c8-4126-9f93-b1e45f0ad078</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>

From 0577454f13f6ec0e82a424225729ccb57e2911ac Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 3 Mar 2015 15:40:54 -0800
Subject: [PATCH 163/900] Fix for OpenIdConnect

---
 .../OpenidConnectAuthenticationHandler.cs                   | 4 ++--
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs           | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 67711ac5ef..884dfa733f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -220,7 +220,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
 
             OpenIdConnectMessage openIdConnectMessage = null;
-
+            
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
             if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
               && !string.IsNullOrWhiteSpace(Request.ContentType)
@@ -566,7 +566,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 if (ticket.Principal != null)
                 {
-                    Request.HttpContext.Response.SignIn(ticket.AuthenticationScheme, ticket.Principal, ticket.Properties);
+                    Request.HttpContext.Response.SignIn(Options.SignInScheme, ticket.Principal, ticket.Properties);
                 }
 
                 // Redirect back to the original secured resource, if any.
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 725c2a0735..96f17c86ea 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -13,13 +13,13 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.DataHandler;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Newtonsoft.Json;

From 329d8268576fdb192b599f35315ae4e0339d7e7d Mon Sep 17 00:00:00 2001
From: Brennan <brecon@microsoft.com>
Date: Wed, 4 Mar 2015 17:10:56 -0800
Subject: [PATCH 164/900] Logging API changes

---
 .../CookieAuthenticationHandler.cs            |  6 +++---
 .../CookieAuthenticationMiddleware.cs         |  2 +-
 .../OAuthAuthenticationHandler.cs             |  8 ++++----
 .../OAuthAuthenticationMiddleware.cs          |  2 +-
 .../OAuthBearerAuthenticationHandler.cs       |  2 +-
 .../OAuthBearerAuthenticationMiddleware.cs    |  2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs  |  2 +-
 .../OpenidConnectAuthenticationHandler.cs     | 12 +++++------
 .../TwitterAuthenticationHandler.cs           | 20 +++++++++----------
 .../TwitterAuthenticationMiddleware.cs        |  2 +-
 .../AuthenticationHandler.cs                  |  6 +++---
 11 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 5a72a142e7..f747354e7b 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -53,7 +53,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 if (ticket == null)
                 {
-                    _logger.WriteWarning(@"Unprotect ticket failed");
+                    _logger.LogWarning(@"Unprotect ticket failed");
                     return null;
                 }
 
@@ -62,14 +62,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Claim claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
                     if (claim == null)
                     {
-                        _logger.WriteWarning(@"SessionId missing");
+                        _logger.LogWarning(@"SessionId missing");
                         return null;
                     }
                     _sessionKey = claim.Value;
                     ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
                     if (ticket == null)
                     {
-                        _logger.WriteWarning(@"Identity missing in session store");
+                        _logger.LogWarning(@"Identity missing in session store");
                         return null;
                     }
                 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index ba933d2358..21df592538 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -44,7 +44,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 Options.CookieManager = new ChunkingCookieManager();
             }
 
-            _logger = loggerFactory.Create(typeof(CookieAuthenticationMiddleware).FullName);
+            _logger = loggerFactory.CreateLogger(typeof(CookieAuthenticationMiddleware).FullName);
         }
 
         protected override AuthenticationHandler<CookieAuthenticationOptions> CreateHandler()
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 8e193befee..6a51d85e97 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -45,7 +45,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             AuthenticationTicket ticket = await AuthenticateAsync();
             if (ticket == null)
             {
-                Logger.WriteWarning("Invalid return state, unable to redirect.");
+                Logger.LogWarning("Invalid return state, unable to redirect.");
                 Response.StatusCode = 500;
                 return true;
             }
@@ -94,7 +94,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 var value = query.Get("error");
                 if (!string.IsNullOrEmpty(value))
                 {
-                    Logger.WriteVerbose("Remote server returned an error: " + Request.QueryString);
+                    Logger.LogVerbose("Remote server returned an error: " + Request.QueryString);
                     // TODO: Fail request rather than passing through?
                     return null;
                 }
@@ -127,7 +127,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
                 if (string.IsNullOrWhiteSpace(tokens.AccessToken))
                 {
-                    Logger.WriteWarning("Access token was not found");
+                    Logger.LogWarning("Access token was not found");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
@@ -135,7 +135,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             }
             catch (Exception ex)
             {
-                Logger.WriteError("Authentication failed", ex);
+                Logger.LogError("Authentication failed", ex);
                 return new AuthenticationTicket(properties, Options.AuthenticationScheme);
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index b8e10ff996..8f937575f4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -66,7 +66,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "TokenEndpoint"));
             }
 
-            Logger = loggerFactory.Create(this.GetType().FullName);
+            Logger = loggerFactory.CreateLogger(this.GetType().FullName);
 
             if (Options.StateDataFormat == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index 56d3d1025d..42e6f838fb 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -155,7 +155,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             }
             catch (Exception ex)
             {
-                _logger.WriteError("Exception occurred while processing message", ex);
+                _logger.LogError("Exception occurred while processing message", ex);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
                 if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 824405e0e4..8698bf740b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
             : base(next, services, options, configureOptions)
         {
-            _logger = loggerFactory.Create<OAuthBearerAuthenticationMiddleware>();
+            _logger = loggerFactory.CreateLogger<OAuthBearerAuthenticationMiddleware>();
             if (Options.Notifications == null)
             {
                 Options.Notifications = new OAuthBearerAuthenticationNotifications();
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 543e8eeeb6..2a802ce10d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -44,7 +44,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions)
             : base(next, services, options, configureOptions)
         {
-            _logger = loggerFactory.Create<OpenIdConnectAuthenticationMiddleware>();
+            _logger = loggerFactory.CreateLogger<OpenIdConnectAuthenticationMiddleware>();
 
             if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType))
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 884dfa733f..046232b9ea 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -99,7 +99,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     string redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
                     if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                     {
-                        _logger.WriteWarning("The logout redirect URI is malformed: {0}", (redirectUri ?? "null"));
+                        _logger.LogWarning("The logout redirect URI is malformed: {0}", (redirectUri ?? "null"));
                     }
 
                     Response.Redirect(redirectUri);
@@ -195,7 +195,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
                 if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                 {
-                    _logger.WriteWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"));
+                    _logger.LogWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"));
                 }
 
                 Response.Redirect(redirectUri);
@@ -262,7 +262,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 AuthenticationProperties properties = GetPropertiesFromState(openIdConnectMessage.State);
                 if (properties == null)
                 {
-                    _logger.WriteWarning("The state field is missing or invalid.");
+                    _logger.LogWarning("The state field is missing or invalid.");
                     return null;
                 }
 
@@ -279,7 +279,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // OpenIdConnect protocol allows a Code to be received without the id_token
                 if (string.IsNullOrWhiteSpace(openIdConnectMessage.IdToken))
                 {
-                    _logger.WriteWarning("The id_token is missing.");
+                    _logger.LogWarning("The id_token is missing.");
                     return null;
                 }
 
@@ -424,7 +424,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             catch (Exception exception)
             {
-                _logger.WriteError("Exception occurred while processing message", exception);
+                _logger.LogError("Exception occurred while processing message", exception);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
                 if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
@@ -511,7 +511,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     }
                     catch (Exception ex)
                     {
-                        _logger.WriteWarning("Failed to un-protect the nonce cookie.", ex);
+                        _logger.LogWarning("Failed to un-protect the nonce cookie.", ex);
                     }
                 }
             }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index c6361295b0..355fb84b27 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
                 if (requestToken == null)
                 {
-                    _logger.WriteWarning("Invalid state");
+                    _logger.LogWarning("Invalid state");
                     return null;
                 }
 
@@ -71,20 +71,20 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 string returnedToken = query.Get("oauth_token");
                 if (string.IsNullOrWhiteSpace(returnedToken))
                 {
-                    _logger.WriteWarning("Missing oauth_token");
+                    _logger.LogWarning("Missing oauth_token");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 if (returnedToken != requestToken.Token)
                 {
-                    _logger.WriteWarning("Unmatched token");
+                    _logger.LogWarning("Unmatched token");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 string oauthVerifier = query.Get("oauth_verifier");
                 if (string.IsNullOrWhiteSpace(oauthVerifier))
                 {
-                    _logger.WriteWarning("Missing or blank oauth_verifier");
+                    _logger.LogWarning("Missing or blank oauth_verifier");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
@@ -120,7 +120,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             }
             catch (Exception ex)
             {
-                _logger.WriteError("Authentication failed", ex);
+                _logger.LogError("Authentication failed", ex);
                 return new AuthenticationTicket(properties, Options.AuthenticationScheme);
             }
         }
@@ -180,7 +180,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             }
             else
             {
-                _logger.WriteError("requestToken CallbackConfirmed!=true");
+                _logger.LogError("requestToken CallbackConfirmed!=true");
             }
         }
 
@@ -189,7 +189,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             AuthenticationTicket model = await AuthenticateAsync();
             if (model == null)
             {
-                _logger.WriteWarning("Invalid return state, unable to redirect.");
+                _logger.LogWarning("Invalid return state, unable to redirect.");
                 Response.StatusCode = 500;
                 return true;
             }
@@ -224,7 +224,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
         {
-            _logger.WriteVerbose("ObtainRequestToken");
+            _logger.LogVerbose("ObtainRequestToken");
 
             string nonce = Guid.NewGuid().ToString("N");
 
@@ -285,7 +285,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         {
             // https://dev.twitter.com/docs/api/1/post/oauth/access_token
 
-            _logger.WriteVerbose("ObtainAccessToken");
+            _logger.LogVerbose("ObtainAccessToken");
 
             string nonce = Guid.NewGuid().ToString("N");
 
@@ -342,7 +342,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             if (!response.IsSuccessStatusCode)
             {
-                _logger.WriteError("AccessToken request failed with a status code of " + response.StatusCode);
+                _logger.LogError("AccessToken request failed with a status code of " + response.StatusCode);
                 response.EnsureSuccessStatusCode(); // throw
             }
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 6869080921..2efdaff968 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -51,7 +51,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ConsumerKey"));
             }
 
-            _logger = loggerFactory.Create(typeof(TwitterAuthenticationMiddleware).FullName);
+            _logger = loggerFactory.CreateLogger(typeof(TwitterAuthenticationMiddleware).FullName);
 
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index f3d13d33fe..e2c619b39e 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -408,7 +408,7 @@ namespace Microsoft.AspNet.Authentication
             string correlationCookie = Request.Cookies[correlationKey];
             if (string.IsNullOrWhiteSpace(correlationCookie))
             {
-                logger.WriteWarning("{0} cookie not found.", correlationKey);
+                logger.LogWarning("{0} cookie not found.", correlationKey);
                 return false;
             }
 
@@ -424,7 +424,7 @@ namespace Microsoft.AspNet.Authentication
                 correlationKey,
                 out correlationExtra))
             {
-                logger.WriteWarning("{0} state property not found.", correlationKey);
+                logger.LogWarning("{0} state property not found.", correlationKey);
                 return false;
             }
 
@@ -432,7 +432,7 @@ namespace Microsoft.AspNet.Authentication
 
             if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
             {
-                logger.WriteWarning("{0} correlation cookie and state property mismatch.", correlationKey);
+                logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
                 return false;
             }
 

From 580664201c6dc5e19c1045577436f4d62f920e0a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 4 Mar 2015 18:07:34 -0800
Subject: [PATCH 165/900] React to DI changes

---
 .../ServiceCollectionExtensions.cs                    | 11 +++++------
 .../DefaultAuthorizationServiceTests.cs               |  1 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 9146c747b9..292083120b 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -22,12 +22,11 @@ namespace Microsoft.Framework.DependencyInjection
         // Review: Need UseDefaultSubkey parameter?
         public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, IConfiguration config = null, Action<AuthorizationOptions> configureOptions = null)
         {
-            var describe = new ServiceDescriber(config);
-            services.AddOptions(config);
-            services.TryAdd(describe.Transient<IAuthorizationService, DefaultAuthorizationService>());
-            services.Add(describe.Transient<IAuthorizationHandler, ClaimsAuthorizationHandler>());
-            services.Add(describe.Transient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>());
-            services.Add(describe.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
+            services.AddOptions();
+            services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
+            services.AddTransient<IAuthorizationHandler, ClaimsAuthorizationHandler>();
+            services.AddTransient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>();
+            services.AddTransient<IAuthorizationHandler, PassThroughAuthorizationHandler>();
             if (configureOptions != null)
             {
                 services.Configure(configureOptions);
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 54a4e1a7c8..4b9b5a33de 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -7,7 +7,6 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.DependencyInjection.Fallback;
 using Xunit;
 
 namespace Microsoft.AspNet.Authorization.Test

From 1459ca1edb8dad68b0e908677a3e9f5298bf864a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 4 Mar 2015 18:07:34 -0800
Subject: [PATCH 166/900] React to DI changes

---
 .../ServiceCollectionExtensions.cs                    | 11 +++++------
 .../DefaultAuthorizationServiceTests.cs               |  1 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 9146c747b9..292083120b 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -22,12 +22,11 @@ namespace Microsoft.Framework.DependencyInjection
         // Review: Need UseDefaultSubkey parameter?
         public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, IConfiguration config = null, Action<AuthorizationOptions> configureOptions = null)
         {
-            var describe = new ServiceDescriber(config);
-            services.AddOptions(config);
-            services.TryAdd(describe.Transient<IAuthorizationService, DefaultAuthorizationService>());
-            services.Add(describe.Transient<IAuthorizationHandler, ClaimsAuthorizationHandler>());
-            services.Add(describe.Transient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>());
-            services.Add(describe.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
+            services.AddOptions();
+            services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
+            services.AddTransient<IAuthorizationHandler, ClaimsAuthorizationHandler>();
+            services.AddTransient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>();
+            services.AddTransient<IAuthorizationHandler, PassThroughAuthorizationHandler>();
             if (configureOptions != null)
             {
                 services.Configure(configureOptions);
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 54a4e1a7c8..4b9b5a33de 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -7,7 +7,6 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.DependencyInjection.Fallback;
 using Xunit;
 
 namespace Microsoft.AspNet.Authorization.Test

From 08017f992ae9c408f50c6ef7f5048fc7c063bf09 Mon Sep 17 00:00:00 2001
From: Levi B <levib@yahoo.com>
Date: Wed, 4 Mar 2015 23:28:20 -0800
Subject: [PATCH 167/900] Fix build breaks caused by Options refactoring.

---
 test/Microsoft.AspNet.Authorization.Test/project.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index 68f39fe36e..3fe88159d4 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -4,6 +4,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authorization": "1.0.0-*",
+        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
         "Moq": "4.2.1312.1622",
         "xunit.runner.kre": "1.0.0-*"
     },

From e2bb76280f07404f23ecbe8f4b2481082692abc2 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 5 Mar 2015 15:01:44 -0800
Subject: [PATCH 168/900] Support AccessDeniedPath for Cookie 403 redirection

Fixes https://github.com/aspnet/Security/issues/166
---
 .../CookieAuthenticationHandler.cs            | 35 +++++++++++++++++++
 .../CookieAuthenticationMiddleware.cs         |  2 --
 .../CookieAuthenticationOptions.cs            |  9 +++++
 .../OAuthBearerAuthenticationHandler.cs       |  4 +--
 .../AutomaticAuthenticationHandler.cs         | 18 ----------
 .../Cookies/CookieMiddlewareTests.cs          | 21 +++++++++++
 6 files changed, 67 insertions(+), 22 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index f747354e7b..ae7e866fb2 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -323,6 +323,41 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override void ApplyResponseChallenge()
         {
+            if (ShouldConvertChallengeToForbidden())
+            {
+                // Handle 403 by redirecting to AccessDeniedPath if set
+                if (Options.AccessDeniedPath.HasValue)
+                {
+                    try
+                    {
+                        var accessDeniedUri =
+                            Request.Scheme +
+                            "://" +
+                            Request.Host +
+                            Request.PathBase +
+                            Options.AccessDeniedPath;
+
+                        var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
+                        Options.Notifications.ApplyRedirect(redirectContext);
+                    }
+                    catch (Exception exception)
+                    {
+                        var exceptionContext = new CookieExceptionContext(Context, Options,
+                            CookieExceptionContext.ExceptionLocation.ApplyResponseChallenge, exception, ticket: null);
+                        Options.Notifications.Exception(exceptionContext);
+                        if (exceptionContext.Rethrow)
+                        {
+                            throw;
+                        }
+                    }
+                }
+                else
+                {
+                    Response.StatusCode = 403;
+                }
+                return;
+            }
+
             if (Response.StatusCode != 401 || !Options.LoginPath.HasValue )
             {
                 return;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 21df592538..e3ef3f5700 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -4,8 +4,6 @@
 using System;
 using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
 using Microsoft.AspNet.Authentication.DataHandler;
-using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
-using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Logging;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 12ff4f9956..02e9743b4a 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -105,6 +105,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "By design")]
         public PathString LogoutPath { get; set; }
 
+        /// <summary>
+        /// The AccessDeniedPath property informs the middleware that it should change an outgoing 403 Forbidden status
+        /// code into a 302 redirection onto the given path.
+        /// 
+        /// If the AccessDeniedPath is null or empty, the middleware will not look for 403 Forbidden status codes, and it will
+        /// not redirect
+        /// </summary>
+        public PathString AccessDeniedPath { get; set; }
+
         /// <summary>
         /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the middleware
         /// when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query 
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index 42e6f838fb..7f41be810c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -7,10 +7,9 @@ using System.IdentityModel.Tokens;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
 
@@ -195,6 +194,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             if (ShouldConvertChallengeToForbidden())
             {
                 Response.StatusCode = 403;
+                return;
             }
 
             if ((Response.StatusCode != 401) || (ChallengeContext == null))
diff --git a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
index 5032e47fae..d91fadfcad 100644
--- a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
@@ -90,23 +90,5 @@ namespace Microsoft.AspNet.Authentication
 
             return Options.AutomaticAuthentication && string.IsNullOrWhiteSpace(authenticationScheme);
         }
-
-        /// <summary>
-        /// Override this method to deal with 401 challenge concerns, if an authentication scheme in question
-        /// deals an authentication interaction as part of it's request flow. (like adding a response header, or
-        /// changing the 401 result to 302 of a login page or external sign-in location.)
-        /// </summary>
-        /// <returns></returns>
-        protected override Task ApplyResponseChallengeAsync()
-        {
-            // If authenticate was called and the the status is still 401, authZ failed so set 403 and stop
-            if (ShouldConvertChallengeToForbidden())
-            {
-                Response.StatusCode = 403;
-                return Task.FromResult(0);
-            }
-            return base.ApplyResponseChallengeAsync();
-        }
-
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index c1d5a0c329..51d9a9452c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -420,6 +420,27 @@ namespace Microsoft.AspNet.Authentication.Cookies
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
         }
 
+        [Fact]
+        public async Task CookieTurns401ToAccessDeniedWhenSetAndIfAuthenticated()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+                options.AccessDeniedPath = new PathString("/accessdenied");
+            },
+            SignInAsAlice);
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+
+            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            Uri location = transaction2.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/accessdenied");
+        }
+
         [Fact]
         public async Task CookieDoesNothingTo401IfNotAuthenticated()
         {

From aacc00aaeefb64279edb4b00482fa1b6dcd6fa6c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 5 Mar 2015 16:04:57 -0800
Subject: [PATCH 169/900] Move extension methods to proper namespaces

Also add sugar for OpenIdConnect

Fixes https://github.com/aspnet/Security/issues/107
Fixes https://github.com/aspnet/Security/issues/113
---
 ...sions.cs => CookieAppBuilderExtensions.cs} |  8 +-------
 .../CookieServiceCollectionExtensions.cs      | 20 +++++++++++++++++++
 ...ons.cs => FacebookAppBuilderExtensions.cs} | 12 +++--------
 .../FacebookServiceCollectionExtensions.cs    | 20 +++++++++++++++++++
 ...sions.cs => GoogleAppBuilderExtensions.cs} | 12 +++--------
 .../GoogleServiceCollectionExtensions.cs      | 19 ++++++++++++++++++
 ...> MicrosoftAccountAppBuilderExtensions.cs} |  6 ------
 ...osoftAccountServiceCollectionExtensions.cs | 19 ++++++++++++++++++
 ....cs => OAuthBearerAppBuilderExtensions.cs} |  8 +-------
 .../OAuthBearerServiceCollectionExtensions.cs | 19 ++++++++++++++++++
 ...penIdConnectServiceCollectionExtensions.cs | 19 ++++++++++++++++++
 ...ions.cs => TwitterAppBuilderExtensions.cs} | 13 +++---------
 .../TwitterServiceCollectionExtensions.cs     | 19 ++++++++++++++++++
 .../Twitter/TwitterMiddlewareTests.cs         |  5 -----
 14 files changed, 146 insertions(+), 53 deletions(-)
 rename src/Microsoft.AspNet.Authentication.Cookies/{CookieAuthenticationExtensions.cs => CookieAppBuilderExtensions.cs} (80%)
 create mode 100644 src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
 rename src/Microsoft.AspNet.Authentication.Facebook/{FacebookAuthenticationExtensions.cs => FacebookAppBuilderExtensions.cs} (77%)
 create mode 100644 src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
 rename src/Microsoft.AspNet.Authentication.Google/{GoogleAuthenticationExtensions.cs => GoogleAppBuilderExtensions.cs} (79%)
 create mode 100644 src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
 rename src/Microsoft.AspNet.Authentication.MicrosoftAccount/{MicrosoftAccountAuthenticationExtensions.cs => MicrosoftAccountAppBuilderExtensions.cs} (77%)
 create mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
 rename src/Microsoft.AspNet.Authentication.OAuthBearer/{OAuthBearerAuthenticationExtensions.cs => OAuthBearerAppBuilderExtensions.cs} (83%)
 create mode 100644 src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
 rename src/Microsoft.AspNet.Authentication.Twitter/{TwitterAuthenticationExtensions.cs => TwitterAppBuilderExtensions.cs} (70%)
 create mode 100644 src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
similarity index 80%
rename from src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 08f4cc71a6..5a00ca2341 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
@@ -11,13 +10,8 @@ namespace Microsoft.AspNet.Builder
     /// <summary>
     /// Extension methods provided by the cookies authentication middleware
     /// </summary>
-    public static class CookieAuthenticationExtensions
+    public static class CookieAppBuilderExtensions
     {
-        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
         /// <summary>
         /// Adds a cookie-based authentication middleware to your web application pipeline.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..476dc948fa
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.Framework.DependencyInjection;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods provided by the cookies authentication middleware
+    /// </summary>
+    public static class CookieServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
similarity index 77%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 3664bb592b..c91855790c 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -1,23 +1,17 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication.Facebook;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.OptionsModel;
 using System;
+using Microsoft.AspNet.Authentication.Facebook;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Extension methods for using <see cref="FacebookAuthenticationMiddleware"/>.
     /// </summary>
-    public static class FacebookAuthenticationExtensions
+    public static class FacebookAppBuilderExtensions
     {
-        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
         /// <summary>
         /// Authenticate users using Facebook.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..8d044dd40a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -0,0 +1,20 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Authentication.Facebook;
+using Microsoft.Framework.OptionsModel;
+using System;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods for using <see cref="FacebookAuthenticationMiddleware"/>.
+    /// </summary>
+    public static class FacebookServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
similarity index 79%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index fd46b062a9..8613d4368f 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -1,23 +1,17 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication.Google;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.OptionsModel;
 using System;
+using Microsoft.AspNet.Authentication.Google;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Extension methods for using <see cref="GoogleAuthenticationMiddleware"/>.
     /// </summary>
-    public static class GoogleAuthenticationExtensions
+    public static class GoogleAppBuilderExtensions
     {
-        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
         /// <summary>
         /// Authenticate users using Google OAuth 2.0.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..a5a8b4b508
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.Google;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods for using <see cref="GoogleAuthenticationMiddleware"/>.
+    /// </summary>
+    public static class GoogleServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
similarity index 77%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 397a1b32b5..e068b5f5a1 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
-using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 using System;
 
@@ -13,11 +12,6 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class MicrosoftAccountAuthenticationExtensions
     {
-        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
         public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<MicrosoftAccountAuthenticationMiddleware>(
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..b3e1e11103
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.MicrosoftAccount;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods for using <see cref="MicrosoftAccountAuthenticationMiddleware"/>
+    /// </summary>
+    public static class MicrosoftAccountServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
index b1a6293341..88151eb160 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OAuthBearer;
-using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
@@ -11,13 +10,8 @@ namespace Microsoft.AspNet.Builder
     /// <summary>
     /// Extension methods to add OAuth Bearer authentication capabilities to an HTTP application pipeline
     /// </summary>
-    public static class OAuthBearerAuthenticationExtensions
+    public static class OAuthBearerAppBuilderExtensions
     {
-        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OAuthBearerAuthenticationOptions> configure)
-        {
-            return services.ConfigureOptions(configure);
-        }
-
         /// <summary>
         /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
         /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..5a878dcbb1
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.OAuthBearer;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to add OAuth Bearer authentication capabilities to an HTTP application pipeline
+    /// </summary>
+    public static class OAuthBearerServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OAuthBearerAuthenticationOptions> configure)
+        {
+            return services.ConfigureOptions(configure);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..390568fd3b
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to configure OpenIdConnect authentication options
+    /// </summary>
+    public static class OpenIdConnectServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureOpenIdConnect(this IServiceCollection services, Action<OpenIdConnectAuthenticationOptions> configure)
+        {
+            return services.ConfigureOptions(configure);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
similarity index 70%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index bff1897923..ce27cdadf2 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -1,24 +1,17 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Twitter;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.OptionsModel;
 using System;
+using Microsoft.AspNet.Authentication.Twitter;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Extension methods for using <see cref="TwitterAuthenticationMiddleware"/>
     /// </summary>
-    public static class TwitterAuthenticationExtensions
+    public static class TwitterAppBuilderExtensions
     {
-        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
         public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<TwitterAuthenticationMiddleware>(
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..7c25c17377
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.Twitter;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods for using <see cref="TwitterAuthenticationMiddleware"/>
+    /// </summary>
+    public static class TwitterAuthenticationExtensions
+    {
+        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 6b54b6cd94..fd281086fc 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -8,14 +8,9 @@ using System.Net.Http;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.OptionsModel;
-using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
 

From ce8caf0b9a17f459b5b601500f378b669a56bbd8 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Thu, 5 Mar 2015 16:28:18 -0800
Subject: [PATCH 170/900] Rename Microsoft.AspNet.Http.Interfaces =>
 Microsoft.AspNet.Http

---
 src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs    | 1 -
 .../AutomaticAuthenticationHandler.cs                           | 2 +-
 src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs    | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index e2c619b39e..0e768cf841 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -10,7 +10,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Interfaces.Authentication;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
index d91fadfcad..f67f2a908d 100644
--- a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
@@ -4,7 +4,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Interfaces.Authentication;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
index 2f6b0e4d34..e378934cbc 100644
--- a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Core.Authentication;
-using Microsoft.AspNet.Http.Interfaces.Authentication;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication
 {

From 5e7f1d7eff060aea0010b32b8bf68b36b51635b2 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 6 Mar 2015 12:37:34 -0800
Subject: [PATCH 171/900] Add Configure overloads for Auth for config/name

---
 .../CookieServiceCollectionExtensions.cs      | 18 +++++++++++++++-
 .../FacebookServiceCollectionExtensions.cs    | 21 ++++++++++++++++---
 .../GoogleServiceCollectionExtensions.cs      | 18 +++++++++++++++-
 ...osoftAccountServiceCollectionExtensions.cs | 18 +++++++++++++++-
 .../OAuthBearerServiceCollectionExtensions.cs | 18 +++++++++++++++-
 .../NotNullAttribute.cs                       | 12 +++++++++++
 ...penIdConnectServiceCollectionExtensions.cs | 20 ++++++++++++++++--
 .../TwitterServiceCollectionExtensions.cs     | 18 +++++++++++++++-
 8 files changed, 133 insertions(+), 10 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index 476dc948fa..03632b1a6d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.Framework.ConfigurationModel;
 using Microsoft.Framework.DependencyInjection;
 
 namespace Microsoft.Framework.DependencyInjection
@@ -14,7 +15,22 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
         {
-            return services.Configure(configure);
+            return services.ConfigureCookieAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureCookieAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<CookieAuthenticationOptions>(config, optionsName);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
index 8d044dd40a..f6117a10b9 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication.Facebook;
-using Microsoft.Framework.OptionsModel;
 using System;
+using Microsoft.AspNet.Authentication.Facebook;
+using Microsoft.Framework.ConfigurationModel;
 
 namespace Microsoft.Framework.DependencyInjection
 {
@@ -14,7 +14,22 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
         {
-            return services.Configure(configure);
+            return services.ConfigureFacebookAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureFacebookAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<FacebookAuthenticationOptions>(config, optionsName);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
index a5a8b4b508..239dbea29c 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Google;
+using Microsoft.Framework.ConfigurationModel;
 
 namespace Microsoft.Framework.DependencyInjection
 {
@@ -13,7 +14,22 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
         {
-            return services.Configure(configure);
+            return services.ConfigureGoogleAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureGoogleAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<GoogleAuthenticationOptions>(config, optionsName);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
index b3e1e11103..4fe4f12272 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.Framework.ConfigurationModel;
 
 namespace Microsoft.Framework.DependencyInjection
 {
@@ -13,7 +14,22 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
         {
-            return services.Configure(configure);
+            return services.ConfigureMicrosoftAccountAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureMicrosoftAccountAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<MicrosoftAccountAuthenticationOptions>(config, optionsName);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
index 5a878dcbb1..b195abff89 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OAuthBearer;
+using Microsoft.Framework.ConfigurationModel;
 
 namespace Microsoft.Framework.DependencyInjection
 {
@@ -13,7 +14,22 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OAuthBearerAuthenticationOptions> configure)
         {
-            return services.ConfigureOptions(configure);
+            return services.ConfigureOAuthBearerAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OAuthBearerAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureOAuthBearerAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<OAuthBearerAuthenticationOptions>(config, optionsName);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs
new file mode 100644
index 0000000000..6453923f5d
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
+    internal sealed class NotNullAttribute : Attribute
+    {
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
index 390568fd3b..eca491cd5b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.Framework.ConfigurationModel;
 
 namespace Microsoft.Framework.DependencyInjection
 {
@@ -11,9 +12,24 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class OpenIdConnectServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureOpenIdConnect(this IServiceCollection services, Action<OpenIdConnectAuthenticationOptions> configure)
+        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure)
         {
-            return services.ConfigureOptions(configure);
+            return services.ConfigureOpenIdConnectAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureOpenIdConnectAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<OpenIdConnectAuthenticationOptions>(config, optionsName);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
index 7c25c17377..dad039952c 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Twitter;
+using Microsoft.Framework.ConfigurationModel;
 
 namespace Microsoft.Framework.DependencyInjection
 {
@@ -13,7 +14,22 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
         {
-            return services.Configure(configure);
+            return services.ConfigureTwitterAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureTwitterAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<TwitterAuthenticationOptions>(config, optionsName);
         }
     }
 }

From 1bd605da5e136482cf38283e31c21208130d1d00 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Sun, 8 Mar 2015 12:56:09 -0700
Subject: [PATCH 172/900] Update aspnet50/aspnetcore50 => dnx451/dnxcore50.

---
 samples/CookieSample/project.json                         | 6 +++---
 samples/CookieSessionSample/project.json                  | 6 +++---
 samples/OpenIdConnectSample/project.json                  | 4 ++--
 samples/SocialSample/project.json                         | 6 +++---
 src/Microsoft.AspNet.Authentication.Cookies/project.json  | 6 +++---
 src/Microsoft.AspNet.Authentication.Facebook/project.json | 6 +++---
 src/Microsoft.AspNet.Authentication.Google/project.json   | 6 +++---
 .../project.json                                          | 6 +++---
 .../OAuthAuthenticationMiddleware.cs                      | 2 +-
 .../OAuthAuthenticationOptions.cs                         | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/project.json    | 6 +++---
 .../OAuthBearerAuthenticationMiddleware.cs                | 2 +-
 .../OAuthBearerAuthenticationOptions.cs                   | 4 ++--
 .../project.json                                          | 6 +++---
 .../OpenIdConnectAuthenticationMiddleware.cs              | 2 +-
 .../OpenIdConnectAuthenticationOptions.cs                 | 2 +-
 .../project.json                                          | 8 ++++----
 .../TwitterAuthenticationMiddleware.cs                    | 4 ++--
 .../TwitterAuthenticationOptions.cs                       | 6 +++---
 src/Microsoft.AspNet.Authentication.Twitter/project.json  | 6 +++---
 .../CertificateSubjectKeyIdentifierValidator.cs           | 4 ++--
 .../CertificateSubjectPublicKeyInfoValidator.cs           | 4 ++--
 .../CertificateThumbprintValidator.cs                     | 4 ++--
 .../ICertificateValidator.cs                              | 4 ++--
 src/Microsoft.AspNet.Authentication/project.json          | 6 +++---
 src/Microsoft.AspNet.Authorization/project.json           | 6 +++---
 test/Microsoft.AspNet.Authentication.Test/project.json    | 4 ++--
 test/Microsoft.AspNet.Authorization.Test/project.json     | 4 ++--
 28 files changed, 66 insertions(+), 66 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 4840de91aa..ed54e27de4 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,4 +1,4 @@
-{
+{
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
@@ -10,9 +10,9 @@
         "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
         },
-        "aspnetcore50": {
+        "dnxcore50": {
         }
     },
     "webroot":"wwwroot"
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 18401fb77c..afc5e604b1 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,4 +1,4 @@
-{
+{
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
@@ -11,8 +11,8 @@
         "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": { }
+        "dnx451": { },
+        "dnxcore50": { }
     },
     "webroot": "wwwroot"
 }
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 382c6b1691..dce6a6bb92 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -7,8 +7,8 @@
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": { }
+        "dnx451": { },
+        "dnxcore50": { }
     },
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index d925cf66b4..bb20bba576 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,4 +1,4 @@
-{
+{
     "dependencies": {
         "Microsoft.AspNet.Diagnostics": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
@@ -16,9 +16,9 @@
         "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:54540"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
         },
-        "aspnetcore50": {
+        "dnxcore50": {
         }
     },
     "webroot": "wwwroot"
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index 07d23fdcaf..331cfd3ea7 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
     "dependencies": {
@@ -6,7 +6,7 @@
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": { }
+        "dnx451": { },
+        "dnxcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index fd1a44d159..f810be04e7 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -1,11 +1,11 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": { }
+        "dnx451": { },
+        "dnxcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index cdaa628825..71b987de9a 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -1,11 +1,11 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": { }
+        "dnx451": { },
+        "dnxcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 5aa85f9266..878a7137a4 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -1,12 +1,12 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": {
+        "dnx451": { },
+        "dnxcore50": {
             "dependencies": {
                 "System.Dynamic.Runtime": "4.0.10-beta-*",
                 "System.ObjectModel": "4.0.10-beta-*"
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 8f937575f4..0d272bf1ea 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         private static HttpMessageHandler ResolveHttpMessageHandler(OAuthAuthenticationOptions<TNotifications> options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if ASPNET50
+#if DNX451
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 7a910e059b..3dda288129 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -51,7 +51,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         public string UserInformationEndpoint { get; set; }
 
-#if ASPNET50
+#if DNX451
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// in back channel communications belong to the auth provider.
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index ea68b78fa2..6b52f84f7f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
@@ -6,13 +6,13 @@
         "Microsoft.AspNet.Authentication": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
             "frameworkAssemblies": {
                 "System.Net.Http.WebRequest": "",
                 "System.Net.Http": ""
             }
         },
-        "aspnetcore50": {
+        "dnxcore50": {
             "dependencies": {
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 8698bf740b..4083af2393 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -93,7 +93,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         private static HttpMessageHandler ResolveHttpMessageHandler(OAuthBearerAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if ASPNET50
+#if DNX451
             new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index 64935c3848..ab0b833008 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// </summary>
         public TimeSpan BackchannelTimeout { get; set; }
 
-#if ASPNET50
+#if DNX451
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// when retrieving metadata.
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index a6143df77d..d2912f83e8 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
     "dependencies": {
@@ -7,13 +7,13 @@
         "System.IdentityModel.Tokens": "5.0.0-beta1-*"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
             "frameworkAssemblies": {
                 "System.Net.Http.WebRequest": "",
                 "System.Net.Http": ""
             }
         },
-        "aspnetcore50": {
+        "dnxcore50": {
             "dependencies": {
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 2a802ce10d..c316c85837 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -139,7 +139,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         private static HttpMessageHandler ResolveHttpMessageHandler(OpenIdConnectAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if ASPNET50
+#if DNX451
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index d885010864..25b70473a8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -78,7 +78,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// If the IdentityProvider does not post to this address, you may end up in a 401 -> IdentityProvider -> Client -> 401 -> ...</remarks>
         public PathString CallbackPath { get; set; }
 
-#if ASPNET50
+#if DNX451
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// when retrieving metadata.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index c25baafc3e..b677e4642b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -1,21 +1,21 @@
-{
+{
     "version": "1.0.0-*",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
             "frameworkAssemblies": {
                 "System.Net.Http": "",
                 "System.Net.Http.WebRequest": ""
             }
         },
-        "aspnetcore50": {
+        "dnxcore50": {
             "dependencies": {
                 "System.Collections.Specialized": "4.0.0-beta-*",
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 2efdaff968..4ffedd9924 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -97,7 +97,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         private static HttpMessageHandler ResolveHttpMessageHandler(TwitterAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if ASPNET50
+#if DNX451
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
             if (options.BackchannelCertificateValidator != null)
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index 30e78f2765..d17daa0e9e 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -22,7 +22,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-twitter");
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-#if ASPNET50
+#if DNX451
             // Twitter lists its valid Subject Key Identifiers at https://dev.twitter.com/docs/security/using-ssl
             BackchannelCertificateValidator = new CertificateSubjectKeyIdentifierValidator(
                 new[]
@@ -53,7 +53,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// The back channel timeout.
         /// </value>
         public TimeSpan BackchannelTimeout { get; set; }
-#if ASPNET50
+#if DNX451
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
         /// in back channel communications belong to Twitter.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index 059a8d2574..b8649b613c 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -1,17 +1,17 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
             "frameworkAssemblies": {
                 "System.Net.Http.WebRequest": "",
                 "System.Net.Http": ""
             }
         },
-        "aspnetcore50": {
+        "dnxcore50": {
             "dependencies": {
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
index ca729b68f9..efd71f9b10 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
@@ -1,7 +1,7 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if ASPNET50
+#if DNX451
 using System;
 using System.Collections.Generic;
 using System.Net.Security;
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
index f2e5e9554c..fdfb0155cb 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
@@ -1,7 +1,7 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if ASPNET50
+#if DNX451
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
diff --git a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
index 822b420140..44019b4913 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
@@ -1,7 +1,7 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if ASPNET50
+#if DNX451
 using System;
 using System.Collections.Generic;
 using System.Net.Security;
diff --git a/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs b/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
index fd20f70b3a..6cb2c4d6d4 100644
--- a/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
@@ -1,7 +1,7 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-#if ASPNET50
+#if DNX451
 using System;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 62d2233183..1cbfa5d842 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
@@ -9,7 +9,7 @@
         "Microsoft.Framework.Logging": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": { }
+        "dnx451": { },
+        "dnxcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 978885f8e0..b2038584d4 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 authorization classes.",
     "dependencies": {
@@ -7,7 +7,7 @@
         "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
     "frameworks": {
-        "aspnet50": { },
-        "aspnetcore50": { }
+        "dnx451": { },
+        "dnxcore50": { }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 7d2a50c88e..1090cbc73f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -1,4 +1,4 @@
-{
+{
     "compilationOptions": {
         "warningsAsErrors": true
     },
@@ -18,7 +18,7 @@
         "test": "xunit.runner.kre"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
             "dependencies": {
                 "Shouldly": "1.1.1.1"
             }
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index 3fe88159d4..c072be9642 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -1,4 +1,4 @@
-{
+{
     "compilationOptions": {
         "warningsAsErrors": true
     },
@@ -12,7 +12,7 @@
         "test": "xunit.runner.kre"
     },
     "frameworks": {
-        "aspnet50": {
+        "dnx451": {
             "dependencies": {
                 "Shouldly": "1.1.1.1"
             }

From dcaa51507f6b9dba9d10145027df04e3f3b1f84e Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Sun, 8 Mar 2015 12:56:13 -0700
Subject: [PATCH 173/900] Update K_BUILD_VERSION/kre/KRE/.k =>
 DNX_BUILD_VERSION/dnx/DNX/.dnx.

---
 build.cmd | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.cmd b/build.cmd
index 86ca5bbbf1..49ba0692de 100644
--- a/build.cmd
+++ b/build.cmd
@@ -1,4 +1,4 @@
-@echo off
+@echo off
 cd %~dp0
 
 SETLOCAL
@@ -19,7 +19,7 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
-IF "%SKIP_KRE_INSTALL%"=="1" goto run
+IF "%SKIP_DNX_INSTALL%"=="1" goto run
 CALL packages\KoreBuild\build\kvm upgrade -runtime CLR -x86
 CALL packages\KoreBuild\build\kvm install default -runtime CoreCLR -x86
 

From 56e3319e31364522d336028e9f6c1b366f5519cf Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Sun, 8 Mar 2015 12:56:17 -0700
Subject: [PATCH 174/900] Update kvm/KVM/Kvm => dnvm/DNVM/Dnvm.

---
 build.cmd | 6 +++---
 build.sh  | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/build.cmd b/build.cmd
index 49ba0692de..77be0a6627 100644
--- a/build.cmd
+++ b/build.cmd
@@ -20,9 +20,9 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
 IF "%SKIP_DNX_INSTALL%"=="1" goto run
-CALL packages\KoreBuild\build\kvm upgrade -runtime CLR -x86
-CALL packages\KoreBuild\build\kvm install default -runtime CoreCLR -x86
+CALL packages\KoreBuild\build\dnvm upgrade -runtime CLR -x86
+CALL packages\KoreBuild\build\dnvm install default -runtime CoreCLR -x86
 
 :run
-CALL packages\KoreBuild\build\kvm use default -runtime CLR -x86
+CALL packages\KoreBuild\build\dnvm use default -runtime CLR -x86
 packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
diff --git a/build.sh b/build.sh
index c7873ef58e..74cb3421e6 100644
--- a/build.sh
+++ b/build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash
 
 if test `uname` = Darwin; then
     cachedir=~/Library/Caches/KBuild
@@ -28,11 +28,11 @@ if test ! -d packages/KoreBuild; then
 fi
 
 if ! type k > /dev/null 2>&1; then
-    source packages/KoreBuild/build/kvm.sh
+    source packages/KoreBuild/build/dnvm.sh
 fi
 
 if ! type k > /dev/null 2>&1; then
-    kvm upgrade
+    dnvm upgrade
 fi
 
 mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"

From fb5bfb43a90a0a19857fa3c63056d404ded4a581 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Sun, 8 Mar 2015 12:56:17 -0700
Subject: [PATCH 175/900] Update build.sh to use dnvm correctly.

---
 build.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 74cb3421e6..a9ce06d087 100644
--- a/build.sh
+++ b/build.sh
@@ -27,7 +27,7 @@ if test ! -d packages/KoreBuild; then
     mono .nuget/nuget.exe install Sake -version 0.2 -o packages -ExcludeVersion
 fi
 
-if ! type k > /dev/null 2>&1; then
+if ! type dnvm > /dev/null 2>&1; then
     source packages/KoreBuild/build/dnvm.sh
 fi
 
@@ -36,3 +36,4 @@ if ! type k > /dev/null 2>&1; then
 fi
 
 mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"
+

From 08fdd7ad30702491e3ecafa2d2e553323defbc08 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Mon, 9 Mar 2015 12:59:01 -0700
Subject: [PATCH 176/900] Remove BOM from project.json, *.cmd, *.sh and *.shade
 files.

---
 build.cmd                                                       | 2 +-
 build.sh                                                        | 2 +-
 samples/CookieSample/project.json                               | 2 +-
 samples/CookieSessionSample/project.json                        | 2 +-
 samples/OpenIdConnectSample/project.json                        | 2 +-
 samples/SocialSample/project.json                               | 2 +-
 src/Microsoft.AspNet.Authentication.Cookies/project.json        | 2 +-
 src/Microsoft.AspNet.Authentication.Facebook/project.json       | 2 +-
 src/Microsoft.AspNet.Authentication.Google/project.json         | 2 +-
 .../project.json                                                | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/project.json          | 2 +-
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json    | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json  | 2 +-
 src/Microsoft.AspNet.Authentication.Twitter/project.json        | 2 +-
 src/Microsoft.AspNet.Authentication/project.json                | 2 +-
 src/Microsoft.AspNet.Authorization/project.json                 | 2 +-
 test/Microsoft.AspNet.Authentication.Test/project.json          | 2 +-
 test/Microsoft.AspNet.Authorization.Test/project.json           | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/build.cmd b/build.cmd
index 77be0a6627..68a732c182 100644
--- a/build.cmd
+++ b/build.cmd
@@ -1,4 +1,4 @@
-@echo off
+@echo off
 cd %~dp0
 
 SETLOCAL
diff --git a/build.sh b/build.sh
index a9ce06d087..ec3263114a 100644
--- a/build.sh
+++ b/build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash
 
 if test `uname` = Darwin; then
     cachedir=~/Library/Caches/KBuild
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index ed54e27de4..eea2a4c7e3 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,4 +1,4 @@
-{
+{
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index afc5e604b1..d2ffa0bcc6 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,4 +1,4 @@
-{
+{
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index dce6a6bb92..e6e8d6a7b6 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,4 +1,4 @@
-{
+{
     "dependencies": {
         "Kestrel": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index bb20bba576..30905d0b39 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,4 +1,4 @@
-{
+{
     "dependencies": {
         "Microsoft.AspNet.Diagnostics": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index 331cfd3ea7..92bf3d84e0 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index f810be04e7..2e24f747b7 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index 71b987de9a..37f9e1b2d2 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 878a7137a4..7b17282de0 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index 6b52f84f7f..2d4145986c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index d2912f83e8..53c18f6360 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index b677e4642b..9a24c6db4b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index b8649b613c..79ddb1b8bd 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 1cbfa5d842..255d92129e 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index b2038584d4..ce146a3eb9 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -1,4 +1,4 @@
-{
+{
     "version": "1.0.0-*",
     "description": "ASP.NET 5 authorization classes.",
     "dependencies": {
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 1090cbc73f..0cf6401f10 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -1,4 +1,4 @@
-{
+{
     "compilationOptions": {
         "warningsAsErrors": true
     },
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index c072be9642..4431189c79 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -1,4 +1,4 @@
-{
+{
     "compilationOptions": {
         "warningsAsErrors": true
     },

From b7c8af8503831ba4becaa93b9453510b81c4d30e Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Fri, 6 Mar 2015 17:22:49 -0800
Subject: [PATCH 177/900] Reading AuthenticationProperties from SignOutContext

This will enable users to set a specific redirect uri and call signout.
---
 .../OpenidConnectAuthenticationHandler.cs     | 11 ++++-----
 .../OpenIdConnectMiddlewareTests.cs           | 23 +++++++++++++++++--
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 046232b9ea..68e9bea24a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -8,10 +8,9 @@ using System.IO;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
 
@@ -77,8 +76,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // Set End_Session_Endpoint in order:
                 // 1. properties.Redirect
                 // 2. Options.Wreply
-                AuthenticationProperties properties = new AuthenticationProperties();
-                if (properties != null && !string.IsNullOrEmpty(properties.RedirectUri))
+                var properties = new AuthenticationProperties(signout.Properties);
+                if (!string.IsNullOrEmpty(properties.RedirectUri))
                 {
                     openIdConnectMessage.PostLogoutRedirectUri = properties.RedirectUri;
                 }
@@ -220,7 +219,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
 
             OpenIdConnectMessage openIdConnectMessage = null;
-            
+
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
             if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
               && !string.IsNullOrWhiteSpace(Request.ContentType)
@@ -580,4 +579,4 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return false;
         }
     }
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 96f17c86ea..7681d54668 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -125,7 +125,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWithDefaultRedirectUri()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.Authority = "https://login.windows.net/common";
@@ -140,7 +139,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWithCustomRedirectUri()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.Authority = "https://login.windows.net/common";
@@ -153,6 +151,21 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(Uri.EscapeDataString("https://example.com/logout"));
         }
 
+        [Fact]
+        public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Authority = "https://login.windows.net/common";
+                options.ClientId = "Test Id";
+                options.PostLogoutRedirectUri = "https://example.com/logout";
+            });
+
+            var transaction = await SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(Uri.EscapeDataString("http://www.example.com/specific_redirect_uri"));
+        }
+
         [Fact]
         // Test Cases for calculating the expiration time of cookie from cookie name
         public void NonceCookieExpirationTime()
@@ -212,6 +225,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     {
                         res.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
                     }
+                    else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
+                    {
+                        res.SignOut(
+                            OpenIdConnectAuthenticationDefaults.AuthenticationScheme, 
+                            new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
+                    }
                     else if (handler != null)
                     {
                         await handler(context);

From 1ba9e0495024dd3cba48f87018b65eddfcfdd430 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Tue, 10 Mar 2015 11:42:03 -0700
Subject: [PATCH 178/900] Renaming Nuget.org feed key name to Nuget.

fixes https://github.com/aspnet/Universe/issues/174
---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index f41e9c631d..da57d47267 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -2,6 +2,6 @@
 <configuration>
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
-    <add key="NuGet.org" value="https://nuget.org/api/v2/" />
+    <add key="NuGet" value="https://nuget.org/api/v2/" />
   </packageSources>
-</configuration>
+</configuration>
\ No newline at end of file

From 78406b411c37422f4d42593d4ddd12dab8a70d53 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 11 Mar 2015 11:43:48 -0700
Subject: [PATCH 179/900] Remove config from AddAuthorization

---
 .../ServiceCollectionExtensions.cs                 | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 292083120b..0fd1b1bb8b 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -19,19 +19,19 @@ namespace Microsoft.Framework.DependencyInjection
             return services.Configure(configure);
         }
 
-        // Review: Need UseDefaultSubkey parameter?
-        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, IConfiguration config = null, Action<AuthorizationOptions> configureOptions = null)
+        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services)
+        {
+            return services.AddAuthorization(configureOptions: null);
+        }
+
+        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, Action<AuthorizationOptions> configureOptions)
         {
             services.AddOptions();
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.AddTransient<IAuthorizationHandler, ClaimsAuthorizationHandler>();
             services.AddTransient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>();
             services.AddTransient<IAuthorizationHandler, PassThroughAuthorizationHandler>();
-            if (configureOptions != null)
-            {
-                services.Configure(configureOptions);
-            }
             return services;
         }
     }
-}
+}
\ No newline at end of file

From f8c526c12dd5d90576a3c5fbb97ffa152c361474 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Wed, 11 Mar 2015 14:04:40 -0700
Subject: [PATCH 180/900] Update .kproj => .xproj.

---
 Security.sln                                  | 32 +++++++++----------
 ...{CookieSample.kproj => CookieSample.xproj} |  0
 ...Sample.kproj => CookieSessionSample.xproj} |  0
 ...Sample.kproj => OpenIdConnectSample.xproj} |  0
 ...{SocialSample.kproj => SocialSample.xproj} |  0
 ...osoft.AspNet.Authentication.Cookies.xproj} |  0
 ...soft.AspNet.Authentication.Facebook.xproj} |  0
 ...rosoft.AspNet.Authentication.Google.xproj} |  0
 ...Net.Authentication.MicrosoftAccount.xproj} |  0
 ...crosoft.AspNet.Authentication.OAuth.xproj} |  0
 ...t.AspNet.Authentication.OAuthBearer.xproj} |  0
 ...AspNet.Authentication.OpenIdConnect.xproj} |  0
 ...osoft.AspNet.Authentication.Twitter.xproj} |  0
 ... => Microsoft.AspNet.Authentication.xproj} |  0
 ...j => Microsoft.AspNet.Authorization.xproj} |  0
 ...crosoft.AspNet.Authentication.Tests.xproj} |  0
 ...icrosoft.AspNet.Authorization.Tests.xproj} |  0
 17 files changed, 16 insertions(+), 16 deletions(-)
 rename samples/CookieSample/{CookieSample.kproj => CookieSample.xproj} (100%)
 rename samples/CookieSessionSample/{CookieSessionSample.kproj => CookieSessionSample.xproj} (100%)
 rename samples/OpenIdConnectSample/{OpenIdConnectSample.kproj => OpenIdConnectSample.xproj} (100%)
 rename samples/SocialSample/{SocialSample.kproj => SocialSample.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Microsoft.AspNet.Authentication.Cookies.kproj => Microsoft.AspNet.Authentication.Cookies.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.Facebook/{Microsoft.AspNet.Authentication.Facebook.kproj => Microsoft.AspNet.Authentication.Facebook.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.Google/{Microsoft.AspNet.Authentication.Google.kproj => Microsoft.AspNet.Authentication.Google.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.MicrosoftAccount/{Microsoft.AspNet.Authentication.MicrosoftAccount.kproj => Microsoft.AspNet.Authentication.MicrosoftAccount.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Microsoft.AspNet.Authentication.OAuth.kproj => Microsoft.AspNet.Authentication.OAuth.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.OAuthBearer/{Microsoft.AspNet.Authentication.OAuthBearer.kproj => Microsoft.AspNet.Authentication.OAuthBearer.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{Microsoft.AspNet.Authentication.OpenIdConnect.kproj => Microsoft.AspNet.Authentication.OpenIdConnect.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{Microsoft.AspNet.Authentication.Twitter.kproj => Microsoft.AspNet.Authentication.Twitter.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication/{Microsoft.AspNet.Authentication.kproj => Microsoft.AspNet.Authentication.xproj} (100%)
 rename src/Microsoft.AspNet.Authorization/{Microsoft.AspNet.Authorization.kproj => Microsoft.AspNet.Authorization.xproj} (100%)
 rename test/Microsoft.AspNet.Authentication.Test/{Microsoft.AspNet.Authentication.Tests.kproj => Microsoft.AspNet.Authentication.Tests.xproj} (100%)
 rename test/Microsoft.AspNet.Authorization.Test/{Microsoft.AspNet.Authorization.Tests.kproj => Microsoft.AspNet.Authorization.Tests.xproj} (100%)

diff --git a/Security.sln b/Security.sln
index 7fb0467af4..2d3fccf4e2 100644
--- a/Security.sln
+++ b/Security.sln
@@ -7,7 +7,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSample", "samples\CookieSample\CookieSample.kproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSample", "samples\CookieSample\CookieSample.xproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{7BF11F3A-60B6-4796-B504-579C67FFBA34}"
 EndProject
@@ -16,35 +16,35 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		global.json = global.json
 	EndProjectSection
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "SocialSample", "samples\SocialSample\SocialSample.kproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "SocialSample", "samples\SocialSample\SocialSample.xproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSessionSample", "samples\CookieSessionSample\CookieSessionSample.kproj", "{19711880-46DA-4A26-9E0F-9B2E41D27651}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSessionSample", "samples\CookieSessionSample\CookieSessionSample.xproj", "{19711880-46DA-4A26-9E0F-9B2E41D27651}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnectSample", "samples\OpenIdConnectSample\OpenIdConnectSample.kproj", "{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnectSample", "samples\OpenIdConnectSample\OpenIdConnectSample.xproj", "{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Cookies", "src\Microsoft.AspNet.Authentication.Cookies\Microsoft.AspNet.Authentication.Cookies.kproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Cookies", "src\Microsoft.AspNet.Authentication.Cookies\Microsoft.AspNet.Authentication.Cookies.xproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication", "src\Microsoft.AspNet.Authentication\Microsoft.AspNet.Authentication.kproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication", "src\Microsoft.AspNet.Authentication\Microsoft.AspNet.Authentication.xproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Facebook", "src\Microsoft.AspNet.Authentication.Facebook\Microsoft.AspNet.Authentication.Facebook.kproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Facebook", "src\Microsoft.AspNet.Authentication.Facebook\Microsoft.AspNet.Authentication.Facebook.xproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Google", "src\Microsoft.AspNet.Authentication.Google\Microsoft.AspNet.Authentication.Google.kproj", "{76579C39-B829-490D-B8BE-1BD35FE8412E}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Google", "src\Microsoft.AspNet.Authentication.Google\Microsoft.AspNet.Authentication.Google.xproj", "{76579C39-B829-490D-B8BE-1BD35FE8412E}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnect", "src\Microsoft.AspNet.Authentication.OpenIdConnect\Microsoft.AspNet.Authentication.OpenIdConnect.kproj", "{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnect", "src\Microsoft.AspNet.Authentication.OpenIdConnect\Microsoft.AspNet.Authentication.OpenIdConnect.xproj", "{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.MicrosoftAccount", "src\Microsoft.AspNet.Authentication.MicrosoftAccount\Microsoft.AspNet.Authentication.MicrosoftAccount.kproj", "{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.MicrosoftAccount", "src\Microsoft.AspNet.Authentication.MicrosoftAccount\Microsoft.AspNet.Authentication.MicrosoftAccount.xproj", "{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Twitter", "src\Microsoft.AspNet.Authentication.Twitter\Microsoft.AspNet.Authentication.Twitter.kproj", "{0330FFF6-B4B5-42DD-8C99-26A789569000}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Twitter", "src\Microsoft.AspNet.Authentication.Twitter\Microsoft.AspNet.Authentication.Twitter.xproj", "{0330FFF6-B4B5-42DD-8C99-26A789569000}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuth", "src\Microsoft.AspNet.Authentication.OAuth\Microsoft.AspNet.Authentication.OAuth.kproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuth", "src\Microsoft.AspNet.Authentication.OAuth\Microsoft.AspNet.Authentication.OAuth.xproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Tests", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Tests.kproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Tests", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Tests.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuthBearer", "src\Microsoft.AspNet.Authentication.OAuthBearer\Microsoft.AspNet.Authentication.OAuthBearer.kproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuthBearer", "src\Microsoft.AspNet.Authentication.OAuthBearer\Microsoft.AspNet.Authentication.OAuthBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Tests", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Tests.kproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Tests", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Tests.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization", "src\Microsoft.AspNet.Authorization\Microsoft.AspNet.Authorization.kproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization", "src\Microsoft.AspNet.Authorization\Microsoft.AspNet.Authorization.xproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
diff --git a/samples/CookieSample/CookieSample.kproj b/samples/CookieSample/CookieSample.xproj
similarity index 100%
rename from samples/CookieSample/CookieSample.kproj
rename to samples/CookieSample/CookieSample.xproj
diff --git a/samples/CookieSessionSample/CookieSessionSample.kproj b/samples/CookieSessionSample/CookieSessionSample.xproj
similarity index 100%
rename from samples/CookieSessionSample/CookieSessionSample.kproj
rename to samples/CookieSessionSample/CookieSessionSample.xproj
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.kproj b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
similarity index 100%
rename from samples/OpenIdConnectSample/OpenIdConnectSample.kproj
rename to samples/OpenIdConnectSample/OpenIdConnectSample.xproj
diff --git a/samples/SocialSample/SocialSample.kproj b/samples/SocialSample/SocialSample.xproj
similarity index 100%
rename from samples/SocialSample/SocialSample.kproj
rename to samples/SocialSample/SocialSample.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj b/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.kproj
rename to src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj b/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.kproj
rename to src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj b/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.kproj
rename to src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.kproj
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj b/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.kproj
rename to src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.kproj b/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.kproj
rename to src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.kproj
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj b/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.kproj
rename to src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj
diff --git a/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj b/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.kproj
rename to src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj
diff --git a/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.kproj b/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.kproj
rename to src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj
diff --git a/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.kproj b/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.kproj
rename to test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj
diff --git a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.kproj b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj
similarity index 100%
rename from test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.kproj
rename to test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj

From 36de6b99a99c9236142978deff7e055e3c93d069 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Wed, 11 Mar 2015 16:58:33 -0700
Subject: [PATCH 181/900] Do not use deprecated `dnvm -x86` switch

---
 build.cmd | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build.cmd b/build.cmd
index 68a732c182..41025afb26 100644
--- a/build.cmd
+++ b/build.cmd
@@ -20,9 +20,9 @@ IF EXIST packages\KoreBuild goto run
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
 IF "%SKIP_DNX_INSTALL%"=="1" goto run
-CALL packages\KoreBuild\build\dnvm upgrade -runtime CLR -x86
-CALL packages\KoreBuild\build\dnvm install default -runtime CoreCLR -x86
+CALL packages\KoreBuild\build\dnvm upgrade -runtime CLR -arch x86
+CALL packages\KoreBuild\build\dnvm install default -runtime CoreCLR -arch x86
 
 :run
-CALL packages\KoreBuild\build\dnvm use default -runtime CLR -x86
+CALL packages\KoreBuild\build\dnvm use default -runtime CLR -arch x86
 packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*

From eb73ad64fdcbd7bb0ccd0ef8d313fab36942e0cb Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Wed, 11 Mar 2015 17:28:30 -0700
Subject: [PATCH 182/900] React to Caching package rename

Dependent on https://github.com/aspnet/Caching/pull/49/files
---
 samples/CookieSessionSample/MemoryCacheSessionStore.cs | 2 +-
 samples/CookieSessionSample/project.json               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
index 4bb62d3aba..0ed51dfb29 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -2,7 +2,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
-using Microsoft.Framework.Cache.Memory;
+using Microsoft.Framework.Caching.Memory;
 
 namespace CookieSessionSample
 {
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index d2ffa0bcc6..253079cebb 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -2,7 +2,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.Cache.Memory": "1.0.0-*",
+        "Microsoft.Framework.Caching.Memory": "1.0.0-*",
         "Kestrel": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*"
     },

From 42436d3a7e7f467ccee22d4c54a5ed884e7530e3 Mon Sep 17 00:00:00 2001
From: Brennan <brecon@microsoft.com>
Date: Thu, 12 Mar 2015 16:18:52 -0700
Subject: [PATCH 183/900] Update xunit.runner.kre => xunit.runner.aspnet.

---
 test/Microsoft.AspNet.Authentication.Test/project.json | 4 ++--
 test/Microsoft.AspNet.Authorization.Test/project.json  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 0cf6401f10..c19e99dbc2 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -12,10 +12,10 @@
         "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
         "Microsoft.AspNet.TestHost": "1.0.0-*",
         "Moq": "4.2.1312.1622",
-        "xunit.runner.kre": "1.0.0-*"
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
     },
     "commands": {
-        "test": "xunit.runner.kre"
+        "test": "xunit.runner.aspnet"
     },
     "frameworks": {
         "dnx451": {
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index 4431189c79..11667dc4e5 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -6,10 +6,10 @@
         "Microsoft.AspNet.Authorization": "1.0.0-*",
         "Microsoft.Framework.DependencyInjection": "1.0.0-*",
         "Moq": "4.2.1312.1622",
-        "xunit.runner.kre": "1.0.0-*"
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
     },
     "commands": {
-        "test": "xunit.runner.kre"
+        "test": "xunit.runner.aspnet"
     },
     "frameworks": {
         "dnx451": {

From c4aa387cd2d4da355eb71f49b673521d84f4042a Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Fri, 13 Mar 2015 14:47:28 -0700
Subject: [PATCH 184/900] Temporarily skipping a couple of tests to work around
 Url encoder bug

https://github.com/aspnet/HttpAbstractions/issues/231
---
 .../Google/GoogleMiddlewareTests.cs                       | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 13876a0aed..4e02276be6 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -77,7 +77,7 @@ namespace Microsoft.AspNet.Authentication.Google
             query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
         }
 
-        [Fact]
+        [Fact(Skip = "Failing due to : https://github.com/aspnet/HttpAbstractions/issues/231")]
         public async Task ChallengeWillUseOptionsScope()
         {
             var server = CreateServer(options =>
@@ -92,7 +92,7 @@ namespace Microsoft.AspNet.Authentication.Google
             query.ShouldContain("&scope=" + Uri.EscapeDataString("https://www.googleapis.com/auth/plus.login"));
         }
 
-        [Fact]
+        [Fact(Skip = "Failing due to : https://github.com/aspnet/HttpAbstractions/issues/231")]
         public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
         {
             var server = CreateServer(options =>
@@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     if (req.Path == new PathString("/challenge2"))
                     {
                         res.Challenge(new AuthenticationProperties(
-                            new Dictionary<string, string>() 
+                            new Dictionary<string, string>()
                             {
                                 { "scope", "https://www.googleapis.com/auth/plus.login" },
                                 { "access_type", "offline" },
@@ -216,7 +216,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.Dictionary.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
-            var transaction = await SendAsync(server, 
+            var transaction = await SendAsync(server,
                 "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);

From bd7f07052ec9d50f7712068979eed4814ee2a304 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Sat, 14 Mar 2015 07:25:14 -0700
Subject: [PATCH 185/900] Using [NotNull] from the common package

---
 samples/CookieSample/CookieSample.xproj              |  5 +++--
 .../CookieSessionSample/CookieSessionSample.xproj    |  5 +++--
 samples/SocialSample/SocialSample.xproj              |  5 +++--
 .../CookieAppBuilderExtensions.cs                    |  1 +
 .../CookieAuthenticationHandler.cs                   |  1 +
 .../CookieServiceCollectionExtensions.cs             |  2 +-
 .../Infrastructure/ChunkingCookieManager.cs          |  1 +
 .../NotNullAttribute.cs                              | 12 ------------
 .../Notifications/CookieValidateIdentityContext.cs   |  1 +
 .../project.json                                     |  3 ++-
 .../FacebookAppBuilderExtensions.cs                  |  1 +
 .../FacebookServiceCollectionExtensions.cs           |  1 +
 .../NotNullAttribute.cs                              | 12 ------------
 .../project.json                                     |  3 ++-
 .../GoogleAppBuilderExtensions.cs                    |  1 +
 .../GoogleServiceCollectionExtensions.cs             |  1 +
 .../NotNullAttribute.cs                              | 12 ------------
 .../project.json                                     |  3 ++-
 .../MicrosoftAccountAppBuilderExtensions.cs          |  5 +++--
 .../MicrosoftAccountServiceCollectionExtensions.cs   |  1 +
 .../NotNullAttribute.cs                              | 12 ------------
 .../MicrosoftAccountAuthenticatedContext.cs          |  4 ++--
 .../project.json                                     |  3 ++-
 .../NotNullAttribute.cs                              | 12 ------------
 .../OAuthAuthenticationExtensions.cs                 |  3 +--
 .../project.json                                     |  3 ++-
 .../NotNullAttribute.cs                              | 12 ------------
 .../OAuthBearerAppBuilderExtensions.cs               |  1 +
 .../OAuthBearerServiceCollectionExtensions.cs        |  1 +
 .../project.json                                     |  1 +
 .../NotNullAttribute.cs                              | 12 ------------
 .../OpenIdConnectServiceCollectionExtensions.cs      |  1 +
 .../project.json                                     |  1 +
 .../Messages/RequestTokenSerializer.cs               |  4 ++--
 .../NotNullAttribute.cs                              | 12 ------------
 .../TwitterAppBuilderExtensions.cs                   |  1 +
 .../TwitterServiceCollectionExtensions.cs            |  1 +
 .../project.json                                     |  3 ++-
 .../AuthenticationHandler.cs                         |  1 +
 .../AuthenticationMiddleware.cs                      |  1 +
 .../AuthenticationTokenCreateContext.cs              |  1 +
 .../AuthenticationTokenReceiveContext.cs             |  1 +
 .../CertificateSubjectKeyIdentifierValidator.cs      |  1 +
 .../CertificateSubjectPublicKeyInfoValidator.cs      |  1 +
 .../CertificateThumbprintValidator.cs                |  1 +
 .../DataHandler/Encoder/Base64UrlTextEncoder.cs      |  1 +
 .../DataHandler/Serializer/PropertiesSerializer.cs   |  1 +
 .../DataHandler/Serializer/TicketSerializer.cs       |  1 +
 .../NotNullAttribute.cs                              | 12 ------------
 .../SecurityHelper.cs                                |  1 +
 src/Microsoft.AspNet.Authentication/project.json     |  3 ++-
 .../AuthorizationContext.cs                          |  1 +
 .../AuthorizationOptions.cs                          |  1 +
 .../AuthorizationPolicy.cs                           |  1 +
 .../AuthorizationPolicyBuilder.cs                    |  1 +
 .../AuthorizationServiceExtensions.cs                |  1 +
 .../NotNullAttribute.cs                              | 12 ------------
 .../ServiceCollectionExtensions.cs                   |  2 +-
 src/Microsoft.AspNet.Authorization/project.json      |  1 +
 59 files changed, 66 insertions(+), 143 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication.Cookies/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Google/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuthBearer/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/NotNullAttribute.cs
 delete mode 100644 src/Microsoft.AspNet.Authorization/NotNullAttribute.cs

diff --git a/samples/CookieSample/CookieSample.xproj b/samples/CookieSample/CookieSample.xproj
index 0cc8921558..68fbee01bf 100644
--- a/samples/CookieSample/CookieSample.xproj
+++ b/samples/CookieSample/CookieSample.xproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -12,6 +12,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
+    <DevelopmentServerPort>22569</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/CookieSessionSample.xproj b/samples/CookieSessionSample/CookieSessionSample.xproj
index 3dde446f74..1216341876 100644
--- a/samples/CookieSessionSample/CookieSessionSample.xproj
+++ b/samples/CookieSessionSample/CookieSessionSample.xproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -12,6 +12,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
+    <DevelopmentServerPort>22571</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/samples/SocialSample/SocialSample.xproj b/samples/SocialSample/SocialSample.xproj
index 640b2404b4..ce1e69ddf4 100644
--- a/samples/SocialSample/SocialSample.xproj
+++ b/samples/SocialSample/SocialSample.xproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -12,6 +12,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
+    <DevelopmentServerPort>22570</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 5a00ca2341..3af76b243e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index ae7e866fb2..808a2691a2 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -8,6 +8,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index 03632b1a6d..af6d4d3773 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -4,7 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.ConfigurationModel;
-using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
index 1f953593b2..40008e47b8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
@@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using Microsoft.AspNet.Http;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Cookies/NotNullAttribute.cs
deleted file mode 100644
index 44c9fcbb20..0000000000
--- a/src/Microsoft.AspNet.Authentication.Cookies/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.Cookies
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
index 328d93d2bb..f9574bf801 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -6,6 +6,7 @@ using System.Security.Principal;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.Notifications;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index 92bf3d84e0..c2377a44ff 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -3,10 +3,11 @@
     "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
         "dnx451": { },
         "dnxcore50": { }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index c91855790c..0758d43acd 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Facebook;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
index f6117a10b9..26ab1c0631 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication.Facebook;
 using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs
deleted file mode 100644
index 5ce6d99ddd..0000000000
--- a/src/Microsoft.AspNet.Authentication.Facebook/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.Facebook
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index 2e24f747b7..0dab9e868a 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -2,7 +2,8 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 8613d4368f..dc73a16669 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Google;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
index 239dbea29c..6928c48fc9 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication.Google;
 using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authentication.Google/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Google/NotNullAttribute.cs
deleted file mode 100644
index 504a02c4d7..0000000000
--- a/src/Microsoft.AspNet.Authentication.Google/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.Google
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index 37f9e1b2d2..72beb690aa 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -2,7 +2,8 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
     "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index e068b5f5a1..a404845c87 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -1,9 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication.MicrosoftAccount;
-using Microsoft.Framework.OptionsModel;
 using System;
+using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.Framework.Internal;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
index 4fe4f12272..8f0de07558 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs
deleted file mode 100644
index f2afa991fc..0000000000
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
index 50aea11a93..ed55b4de38 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
@@ -4,9 +4,9 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Net.Http;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.Internal;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 7b17282de0..6bd7bb3759 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -2,7 +2,8 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.OAuth/NotNullAttribute.cs
deleted file mode 100644
index 49f587eb50..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
index 903f823e1f..79e669d21b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
@@ -2,9 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Globalization;
 using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Authentication;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index 2d4145986c..ab9059a181 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -3,7 +3,8 @@
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Authentication": "1.0.0-*"
+        "Microsoft.AspNet.Authentication": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/NotNullAttribute.cs
deleted file mode 100644
index 73b3e6c56b..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.OAuthBearer
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
index 88151eb160..06be463906 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OAuthBearer;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
index b195abff89..1b1bce8146 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication.OAuthBearer;
 using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index 53c18f6360..504d1eea1f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -3,6 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*",
         "System.IdentityModel.Tokens": "5.0.0-beta1-*"
     },
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs
deleted file mode 100644
index 6453923f5d..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
index eca491cd5b..6f55448890 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 9a24c6db4b..acf34b5c2a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -2,6 +2,7 @@
     "version": "1.0.0-*",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index b575c70ee1..6305f52bd8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -1,11 +1,11 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
-using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.DataHandler.Serializer;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Twitter.Messages
 {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs
deleted file mode 100644
index c961a0c8f0..0000000000
--- a/src/Microsoft.AspNet.Authentication.Twitter/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication.Twitter
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index ce27cdadf2..e0d0e0cf78 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Twitter;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
index dad039952c..f34d22945e 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index 79ddb1b8bd..33d73fd1c2 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -2,7 +2,8 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.Authentication": "1.0.0-*"
+        "Microsoft.AspNet.Authentication": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 0e768cf841..93d1ab6298 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -10,6 +10,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index 400a6e74ad..f78eeaa55e 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -6,6 +6,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.RequestContainer;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
index eed3ac761a..1045d477fb 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
@@ -5,6 +5,7 @@
 using System;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Notifications;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
index ea8e854ef2..df309ca063 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
@@ -3,6 +3,7 @@
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Notifications;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
index efd71f9b10..5dd663ec71 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
@@ -6,6 +6,7 @@ using System;
 using System.Collections.Generic;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
index fdfb0155cb..3c04ca9d81 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
@@ -10,6 +10,7 @@ using System.Net.Security;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
+using Microsoft.Framework.Internal;
 using Microsoft.Win32;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
index 44019b4913..4392108f29 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
@@ -6,6 +6,7 @@ using System;
 using System.Collections.Generic;
 using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
index 93dd1a057c..41cb10abd2 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
@@ -3,6 +3,7 @@
 
 
 using System;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
 {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
index 836828cdaa..9b262e6c25 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
@@ -7,6 +7,7 @@ using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
index 9833dad54a..40d80c28d4 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
@@ -5,6 +5,7 @@ using System;
 using System.IO;
 using System.Linq;
 using System.Security.Claims;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 {
diff --git a/src/Microsoft.AspNet.Authentication/NotNullAttribute.cs b/src/Microsoft.AspNet.Authentication/NotNullAttribute.cs
deleted file mode 100644
index a307633176..0000000000
--- a/src/Microsoft.AspNet.Authentication/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authentication
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
index 1e73888c6a..cb1b1fe1c4 100644
--- a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
@@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 255d92129e..609f641adb 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -6,7 +6,8 @@
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
         "Microsoft.AspNet.Http.Core": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*"
+        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
index 4044b84f57..8b051fcdc0 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
@@ -4,6 +4,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
index 708ed1abc6..d23a0effe2 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index ca9fcc203a..2ade0a15fc 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index f2f24746c6..976d997cc2 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -4,6 +4,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
index 595d88077e..03f112b738 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
@@ -4,6 +4,7 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/NotNullAttribute.cs b/src/Microsoft.AspNet.Authorization/NotNullAttribute.cs
deleted file mode 100644
index 64ea6d5736..0000000000
--- a/src/Microsoft.AspNet.Authorization/NotNullAttribute.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authorization
-{
-    [AttributeUsage(AttributeTargets.Parameter, AllowMultiple = false)]
-    internal sealed class NotNullAttribute : Attribute
-    {
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 0fd1b1bb8b..e825684b3d 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authorization;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index ce146a3eb9..3a8701e86d 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -4,6 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
         "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
     "frameworks": {

From 14d1b467c69dd6f836f5683b6e1545b7f3f859ee Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 16 Mar 2015 15:14:44 -0700
Subject: [PATCH 186/900] ClaimsXform and RIP AutoAuthHandler

- Initial support for ClaimsTransformation
- merge automatic auth handler back into base
---
 .../CookieSessionSample.xproj                 |   2 +-
 samples/SocialSample/SocialSample.xproj       |   2 +-
 samples/SocialSample/Startup.cs               |   8 ++
 .../CookieAuthenticationHandler.cs            |   2 +-
 .../CookieAuthenticationMiddleware.cs         |  11 +-
 .../CookieAuthenticationOptions.cs            |   3 +-
 .../FacebookAuthenticationMiddleware.cs       |  12 +-
 .../GoogleAuthenticationMiddleware.cs         |  12 +-
 ...icrosoftAccountAuthenticationMiddleware.cs |  12 +-
 .../OAuthAuthenticationHandler.cs             |  10 +-
 .../OAuthAuthenticationMiddleware.cs          |  12 +-
 .../OAuthBearerAuthenticationHandler.cs       |   4 +-
 .../OAuthBearerAuthenticationMiddleware.cs    |   8 +-
 .../OAuthBearerAuthenticationOptions.cs       |   2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs  |  12 +-
 .../OpenidConnectAuthenticationHandler.cs     |  10 +-
 .../TwitterAuthenticationHandler.cs           |  10 +-
 .../TwitterAuthenticationMiddleware.cs        |  12 +-
 .../AuthenticationHandler.cs                  |  57 +++++++---
 .../AuthenticationMiddleware.cs               |   6 +-
 .../AuthenticationOptions.cs                  |   7 ++
 ...thenticationServiceCollectionExtensions.cs |  26 +++++
 .../AutomaticAuthenticationHandler.cs         |  94 ----------------
 .../AutomaticAuthenticationOptions.cs         |  20 ----
 ...laimsTransformationAppBuilderExtensions.cs |  26 +++++
 ...aimsTransformationAuthenticationHandler.cs | 105 +++++++++++++++++
 .../ClaimsTransformationMiddleware.cs         |  44 ++++++++
 .../ClaimsTransformationOptions.cs            |   6 +-
 .../ServiceCollectionExtensions.cs            |   5 -
 .../AuthenticationHandlerFacts.cs             |  11 +-
 .../Cookies/CookieMiddlewareTests.cs          |  86 +++++++++++---
 .../Facebook/FacebookMiddlewareTests.cs       |   1 +
 .../Google/GoogleMiddlewareTests.cs           | 106 ++++++++++++++++--
 .../MicrosoftAccountMiddlewareTests.cs        |   6 +-
 34 files changed, 523 insertions(+), 227 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNet.Authentication}/ClaimsTransformationOptions.cs (64%)

diff --git a/samples/CookieSessionSample/CookieSessionSample.xproj b/samples/CookieSessionSample/CookieSessionSample.xproj
index 1216341876..e129ba553c 100644
--- a/samples/CookieSessionSample/CookieSessionSample.xproj
+++ b/samples/CookieSessionSample/CookieSessionSample.xproj
@@ -12,7 +12,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>22571</DevelopmentServerPort>
+    <DevelopmentServerPort>36505</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/SocialSample/SocialSample.xproj b/samples/SocialSample/SocialSample.xproj
index ce1e69ddf4..74aaf1222f 100644
--- a/samples/SocialSample/SocialSample.xproj
+++ b/samples/SocialSample/SocialSample.xproj
@@ -12,7 +12,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>22570</DevelopmentServerPort>
+    <DevelopmentServerPort>36504</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index dab45953da..bc7d61b4ae 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,6 +1,7 @@
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
+using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
@@ -28,6 +29,13 @@ namespace CookieSample
                 {
                     options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
+                services.ConfigureClaimsTransformation(p =>
+                {
+                    var id = new ClaimsIdentity("xform");
+                    id.AddClaim(new Claim("ClaimsTransformation", "TransformAddedClaim"));
+                    p.AddIdentity(id);
+                    return p;
+                });
             });
 
             app.UseCookieAuthentication(options =>
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 808a2691a2..8ccbb36530 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -13,7 +13,7 @@ using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
-    internal class CookieAuthenticationHandler : AutomaticAuthenticationHandler<CookieAuthenticationOptions>
+    internal class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
     {
         private const string HeaderNameCacheControl = "Cache-Control";
         private const string HeaderNamePragma = "Pragma";
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index e3ef3f5700..cd6b53b39e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -15,11 +15,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
     {
         private readonly ILogger _logger;
 
-        public CookieAuthenticationMiddleware(RequestDelegate next, 
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider, 
-            ILoggerFactory loggerFactory, 
-            IOptions<CookieAuthenticationOptions> options,
+        public CookieAuthenticationMiddleware(
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] IDataProtectionProvider dataProtectionProvider,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<CookieAuthenticationOptions> options,
             ConfigureOptions<CookieAuthenticationOptions> configureOptions)
             : base(next, services, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 02e9743b4a..c2fc4c3a71 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Contains the options used by the CookiesAuthenticationMiddleware
     /// </summary>
-    public class CookieAuthenticationOptions : AutomaticAuthenticationOptions
+    public class CookieAuthenticationOptions : AuthenticationOptions
     {
         private string _cookieName;
 
@@ -20,7 +20,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// </summary>
         public CookieAuthenticationOptions()
         {
-            AutomaticAuthentication = true;
             AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             ExpireTimeSpan = TimeSpan.FromDays(14);
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index b74a5be1dd..506453c54c 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -25,12 +25,12 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public FacebookAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
-            IOptions<FacebookAuthenticationOptions> options,
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] IDataProtectionProvider dataProtectionProvider,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<FacebookAuthenticationOptions> options,
             ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
             : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index 0da3f49284..819642a852 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -30,12 +30,12 @@ namespace Microsoft.AspNet.Authentication.Google
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public GoogleAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
-            IOptions<GoogleAuthenticationOptions> options,
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] IDataProtectionProvider dataProtectionProvider,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<GoogleAuthenticationOptions> options,
             ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
             : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index ac2ebc1848..f0430bd724 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -26,12 +26,12 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public MicrosoftAccountAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
-            IOptions<MicrosoftAccountAuthenticationOptions> options,
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] IDataProtectionProvider dataProtectionProvider,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<MicrosoftAccountAuthenticationOptions> options,
             ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
             : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 6a51d85e97..b8696a302b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -176,13 +176,19 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected override void ApplyResponseChallenge()
         {
+            if (ShouldConvertChallengeToForbidden())
+            {
+                Response.StatusCode = 403;
+                return;
+            }
+
             if (Response.StatusCode != 401)
             {
                 return;
             }
 
-            // Only redirect on challenges
-            if (ChallengeContext == null)
+            // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && !Options.AutomaticAuthentication)
             {
                 return;
             }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 0d272bf1ea..1c96be1e49 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -31,12 +31,12 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public OAuthAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
-            IOptions<TOptions> options,
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] IDataProtectionProvider dataProtectionProvider,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<TOptions> options,
             ConfigureOptions<TOptions> configureOptions = null)
             : base(next, services, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index 7f41be810c..e2a56697d9 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -15,7 +15,7 @@ using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
-    public class OAuthBearerAuthenticationHandler : AutomaticAuthenticationHandler<OAuthBearerAuthenticationOptions>
+    public class OAuthBearerAuthenticationHandler : AuthenticationHandler<OAuthBearerAuthenticationOptions>
     {
         private readonly ILogger _logger;
         private OpenIdConnectConfiguration _configuration;
@@ -197,7 +197,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 return;
             }
 
-            if ((Response.StatusCode != 401) || (ChallengeContext == null))
+            if ((Response.StatusCode != 401) || (ChallengeContext == null && !Options.AutomaticAuthentication))
             {
                 return;
             }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 4083af2393..9b47e5c36e 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -29,10 +29,10 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// extension method.
         /// </summary>
         public OAuthBearerAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            ILoggerFactory loggerFactory,
-            IOptions<OAuthBearerAuthenticationOptions> options,
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<OAuthBearerAuthenticationOptions> options,
             ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
             : base(next, services, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index ab0b833008..9bbc6300c5 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -13,7 +13,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
     /// </summary>
-    public class OAuthBearerAuthenticationOptions : AutomaticAuthenticationOptions
+    public class OAuthBearerAuthenticationOptions : AuthenticationOptions
     {
         private ICollection<ISecurityTokenValidator> _securityTokenValidators;
         private TokenValidationParameters _tokenValidationParameters;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index c316c85837..1f4848140d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -35,12 +35,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="options">Configuration options for the middleware</param>
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         public OpenIdConnectAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
-            IOptions<OpenIdConnectAuthenticationOptions> options,
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] IDataProtectionProvider dataProtectionProvider,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions)
             : base(next, services, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
index 68e9bea24a..6a629045b8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@@ -117,13 +117,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <returns></returns>
         protected override async Task ApplyResponseChallengeAsync()
         {
+            if (ShouldConvertChallengeToForbidden())
+            {
+                Response.StatusCode = 403;
+                return;
+            }
+
             if (Response.StatusCode != 401)
             {
                 return;
             }
 
-            // Only redirect on challenges
-            if (ChallengeContext == null)
+            // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && !Options.AutomaticAuthentication)
             {
                 return;
             }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 355fb84b27..6f2aade300 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -131,13 +131,19 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         protected override async Task ApplyResponseChallengeAsync()
         {
+            if (ShouldConvertChallengeToForbidden())
+            {
+                Response.StatusCode = 403;
+                return;
+            }
+
             if (Response.StatusCode != 401)
             {
                 return;
             }
 
-            // Only redirect on challenges
-            if (ChallengeContext == null)
+            // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
+            if (ChallengeContext == null && !Options.AutomaticAuthentication)
             {
                 return;
             }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 4ffedd9924..11ae3b4bdc 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -33,12 +33,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware</param>
         public TwitterAuthenticationMiddleware(
-            RequestDelegate next,
-            IServiceProvider services,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
-            IOptions<TwitterAuthenticationOptions> options,
+            [NotNull] RequestDelegate next,
+            [NotNull] IServiceProvider services,
+            [NotNull] IDataProtectionProvider dataProtectionProvider,
+            [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<TwitterAuthenticationOptions> options,
             ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
             : base(next, services, options, configureOptions)
         {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 93d1ab6298..d54c4a3bee 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -72,6 +72,15 @@ namespace Microsoft.AspNet.Authentication
             Response.OnSendingHeaders(OnSendingHeaderCallback, this);
 
             await InitializeCoreAsync();
+
+            if (BaseOptions.AutomaticAuthentication)
+            {
+                var ticket = await AuthenticateAsync();
+                if (ticket?.Principal != null)
+                {
+                    SecurityHelper.AddUserPrincipal(Context, ticket.Principal);
+                }
+            }
         }
 
         private static void OnSendingHeaderCallback(object state)
@@ -128,7 +137,7 @@ namespace Microsoft.AspNet.Authentication
         /// pipeline.</returns>
         public virtual Task<bool> InvokeAsync()
         {
-            return Task.FromResult<bool>(false);
+            return Task.FromResult(false);
         }
 
         public virtual void GetDescriptions(IDescribeSchemesContext describeContext)
@@ -143,17 +152,17 @@ namespace Microsoft.AspNet.Authentication
 
         public virtual void Authenticate(IAuthenticateContext context)
         {
-            if (context.AuthenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal))
+            if (ShouldHandleScheme(context.AuthenticationScheme))
             {
-                AuthenticationTicket ticket = Authenticate();
-                if (ticket != null && ticket.Principal != null)
+                var ticket = Authenticate();
+                if (ticket?.Principal != null)
                 {
                     AuthenticateCalled = true;
                     context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
                 }
                 else
                 {
-                    context.NotAuthenticated(BaseOptions.AuthenticationScheme, properties: null, description: BaseOptions.Description.Dictionary);
+                    context.NotAuthenticated();
                 }
             }
 
@@ -165,17 +174,17 @@ namespace Microsoft.AspNet.Authentication
 
         public virtual async Task AuthenticateAsync(IAuthenticateContext context)
         {
-            if (context.AuthenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal))
+            if (ShouldHandleScheme(context.AuthenticationScheme))
             {
-                AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket != null && ticket.Principal != null)
+                var ticket = await AuthenticateAsync();
+                if (ticket?.Principal != null)
                 {
                     AuthenticateCalled = true;
                     context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
                 }
                 else
                 {
-                    context.NotAuthenticated(BaseOptions.AuthenticationScheme, properties: null, description: BaseOptions.Description.Dictionary);
+                    context.NotAuthenticated();
                 }
             }
 
@@ -360,14 +369,26 @@ namespace Microsoft.AspNet.Authentication
 
         public virtual bool ShouldHandleScheme(IEnumerable<string> authenticationSchemes)
         {
-            return authenticationSchemes != null &&
-                authenticationSchemes.Any() &&
-                authenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal);
+            // If there are any schemes asked for, need to match, otherwise automatic authentication matches
+            return authenticationSchemes != null && authenticationSchemes.Any()
+                ? authenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal)
+                : BaseOptions.AutomaticAuthentication;
         }
 
         public virtual bool ShouldHandleScheme(string authenticationScheme)
         {
-            return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal);
+            return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
+                (BaseOptions.AutomaticAuthentication && string.IsNullOrWhiteSpace(authenticationScheme));
+        }
+
+        public virtual bool ShouldConvertChallengeToForbidden()
+        {
+            // Return 403 iff 401 and this handler's authenticate was called
+            // and the challenge is for the authentication type
+            return Response.StatusCode == 401 &&
+                AuthenticateCalled &&
+                ChallengeContext != null &&
+                ShouldHandleScheme(ChallengeContext.AuthenticationSchemes);
         }
 
         /// <summary>
@@ -384,11 +405,11 @@ namespace Microsoft.AspNet.Authentication
 
         protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
         {
-            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
+            var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
 
             var nonceBytes = new byte[32];
             CryptoRandom.GetBytes(nonceBytes);
-            string correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
+            var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
 
             var cookieOptions = new CookieOptions
             {
@@ -403,9 +424,8 @@ namespace Microsoft.AspNet.Authentication
 
         protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties, [NotNull] ILogger logger)
         {
-            string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
-
-            string correlationCookie = Request.Cookies[correlationKey];
+            var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
+            var correlationCookie = Request.Cookies[correlationKey];
             if (string.IsNullOrWhiteSpace(correlationCookie))
             {
                 logger.LogWarning("{0} cookie not found.", correlationKey);
@@ -453,3 +473,4 @@ namespace Microsoft.AspNet.Authentication
         }
     }
 }
+
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index f78eeaa55e..a9482ed465 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -16,7 +16,11 @@ namespace Microsoft.AspNet.Authentication
         private readonly RequestDelegate _next;
         private readonly IServiceProvider _services;
 
-        protected AuthenticationMiddleware([NotNull] RequestDelegate next, [NotNull] IServiceProvider services, [NotNull] IOptions<TOptions> options, ConfigureOptions<TOptions> configureOptions)
+        protected AuthenticationMiddleware(
+            [NotNull] RequestDelegate next, 
+            [NotNull] IServiceProvider services, 
+            [NotNull] IOptions<TOptions> options, 
+            ConfigureOptions<TOptions> configureOptions)
         {
             if (configureOptions != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
index 09df9e5da1..c91a5bddf6 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
@@ -26,6 +26,13 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
+        /// <summary>
+        /// If true the authentication middleware alter the request user coming in and
+        /// alter 401 Unauthorized responses going out. If false the authentication middleware will only provide
+        /// identity and alter responses when explicitly indicated by the AuthenticationScheme.
+        /// </summary>
+        public bool AutomaticAuthentication { get; set; }
+
         /// <summary>
         /// Additional information about the authentication type which is made available to the application.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..55b82acab6
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Http.Core.Authentication;
+using Microsoft.Framework.Internal;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    public static class AuthenticationServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
+        {
+            return services.Configure(configure);
+        }
+
+        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, ClaimsPrincipal> transform)
+        {
+            return services.Configure<ClaimsTransformationOptions>(o => o.Transformation = transform);
+        }
+
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
deleted file mode 100644
index f67f2a908d..0000000000
--- a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationHandler.cs
+++ /dev/null
@@ -1,94 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Authentication;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Base class for the per-request work performed by automatic authentication middleware.
-    /// </summary>
-    /// <typeparam name="TOptions">Specifies which type for of AutomaticAuthenticationOptions property</typeparam>
-    public abstract class AutomaticAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : AutomaticAuthenticationOptions
-    {
-        public virtual bool ShouldConvertChallengeToForbidden()
-        {
-            // Return 403 iff 401 and this handler's authenticate was called
-            // and the challenge is for the authentication type
-            return Response.StatusCode == 401 &&
-                AuthenticateCalled &&
-                ChallengeContext != null &&
-                ShouldHandleScheme(ChallengeContext.AuthenticationSchemes);
-        }
-
-        protected async override Task InitializeCoreAsync()
-        {
-            if (Options.AutomaticAuthentication)
-            {
-                AuthenticationTicket ticket = await AuthenticateAsync();
-                if (ticket != null && ticket.Principal != null)
-                {
-                    SecurityHelper.AddUserPrincipal(Context, ticket.Principal);
-                }
-            }
-        }
-
-        public override void SignOut(ISignOutContext context)
-        {
-            // Empty or null auth scheme is allowed for automatic Authentication
-            if (Options.AutomaticAuthentication && string.IsNullOrWhiteSpace(context.AuthenticationScheme))
-            {
-                SignInContext = null;
-                SignOutContext = context;
-                context.Accept();
-            }
-
-            base.SignOut(context);
-        }
-
-        public override void Challenge(IChallengeContext context)
-        {
-            // Null or Empty scheme allowed for automatic authentication
-            if (Options.AutomaticAuthentication && 
-                (context.AuthenticationSchemes == null || !context.AuthenticationSchemes.Any()))
-            {
-                ChallengeContext = context;
-                context.Accept(BaseOptions.AuthenticationScheme, BaseOptions.Description.Dictionary);
-            }
-
-            base.Challenge(context);
-        }
-
-        /// <summary>
-        /// Automatic Authentication Handlers can handle empty authentication schemes
-        /// </summary>
-        /// <returns></returns>
-        public override bool ShouldHandleScheme(IEnumerable<string> authenticationSchemes)
-        {
-            if (base.ShouldHandleScheme(authenticationSchemes))
-            {
-                return true;
-            }
-
-            return Options.AutomaticAuthentication &&
-                (authenticationSchemes == null || !authenticationSchemes.Any());
-        }
-
-        /// <summary>
-        /// Automatic Authentication Handlers can handle empty authentication schemes
-        /// </summary>
-        /// <returns></returns>
-        public override bool ShouldHandleScheme(string authenticationScheme)
-        {
-            if (base.ShouldHandleScheme(authenticationScheme))
-            {
-                return true;
-            }
-
-            return Options.AutomaticAuthentication && string.IsNullOrWhiteSpace(authenticationScheme);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs
deleted file mode 100644
index 53af209846..0000000000
--- a/src/Microsoft.AspNet.Authentication/AutomaticAuthenticationOptions.cs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http.Authentication;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Base Options for all automatic authentication middleware
-    /// </summary>
-    public abstract class AutomaticAuthenticationOptions : AuthenticationOptions
-    {
-        /// <summary>
-        /// If true the authentication middleware alter the request user coming in and
-        /// alter 401 Unauthorized responses going out. If false the authentication middleware will only provide
-        /// identity and alter responses when explicitly indicated by the AuthenticationScheme.
-        /// </summary>
-        public bool AutomaticAuthentication { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
new file mode 100644
index 0000000000..79ecb38882
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods provided by the claims transformation authentication middleware
+    /// </summary>
+    public static class ClaimsTransformationAppBuilderExtensions
+    {
+        /// <summary>
+        /// Adds a claims transformation middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <param name="configureOptions">Used to configure the options for the middleware</param>
+        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app)
+        {
+            return app.UseMiddleware<ClaimsTransformationMiddleware>();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
new file mode 100644
index 0000000000..bee68e7d7c
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
@@ -0,0 +1,105 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Core.Authentication;
+
+namespace Microsoft.AspNet.Authentication
+{
+    /// <summary>
+    /// Handler that applies ClaimsTransformation to authentication
+    /// </summary>
+    public class ClaimsTransformationAuthenticationHandler : IAuthenticationHandler
+    {
+        private readonly Func<ClaimsPrincipal, ClaimsPrincipal> _transform;
+
+        public ClaimsTransformationAuthenticationHandler(Func<ClaimsPrincipal, ClaimsPrincipal> transform)
+        {
+            _transform = transform;
+        }
+
+        public IAuthenticationHandler PriorHandler { get; set; }
+
+        private void ApplyTransform(IAuthenticateContext context)
+        {
+            if (_transform != null)
+            {
+                // REVIEW: this cast seems really bad (missing interface way to get the result back out?)
+                var authContext = context as AuthenticateContext;
+                if (authContext?.Result?.Principal != null)
+                {
+                    context.Authenticated(
+                        _transform.Invoke(authContext.Result.Principal),
+                        authContext.Result.Properties.Dictionary,
+                        authContext.Result.Description.Dictionary);
+                }
+            }
+
+        }
+
+        public void Authenticate(IAuthenticateContext context)
+        {
+            if (PriorHandler != null)
+            {
+                PriorHandler.Authenticate(context);
+                ApplyTransform(context);
+            }
+        }
+
+        public async Task AuthenticateAsync(IAuthenticateContext context)
+        {
+            if (PriorHandler != null)
+            {
+                await PriorHandler.AuthenticateAsync(context);
+                ApplyTransform(context);
+            }
+        }
+
+        public void Challenge(IChallengeContext context)
+        {
+            if (PriorHandler != null)
+            {
+                PriorHandler.Challenge(context);
+            }
+        }
+
+        public void GetDescriptions(IDescribeSchemesContext context)
+        {
+            if (PriorHandler != null)
+            {
+                PriorHandler.GetDescriptions(context);
+            }
+        }
+
+        public void SignIn(ISignInContext context)
+        {
+            if (PriorHandler != null)
+            {
+                PriorHandler.SignIn(context);
+            }
+        }
+
+        public void SignOut(ISignOutContext context)
+        {
+            if (PriorHandler != null)
+            {
+                PriorHandler.SignOut(context);
+            }
+        }
+
+        public void RegisterAuthenticationHandler(IHttpAuthenticationFeature auth)
+        {
+            PriorHandler = auth.Handler;
+            auth.Handler = this;
+        }
+
+        public void UnregisterAuthenticationHandler(IHttpAuthenticationFeature auth)
+        {
+            auth.Handler = PriorHandler;
+        }
+
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
new file mode 100644
index 0000000000..cf3a58b792
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -0,0 +1,44 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.Internal;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class ClaimsTransformationMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        public ClaimsTransformationMiddleware(
+            [NotNull] RequestDelegate next,
+            [NotNull] IOptions<ClaimsTransformationOptions> options)
+        {
+            // REVIEW: do we need to take ConfigureOptions<ClaimsTransformationOptions>??
+            Options = options.Options;
+            _next = next;
+        }
+
+        public ClaimsTransformationOptions Options { get; set; }
+
+        public async Task Invoke(HttpContext context)
+        {
+            var handler = new ClaimsTransformationAuthenticationHandler(Options.Transformation);
+            handler.RegisterAuthenticationHandler(context.GetAuthentication());
+            try {
+                if (Options.Transformation != null)
+                {
+                    context.User = Options.Transformation.Invoke(context.User);
+                }
+                await _next(context);
+            }
+            finally
+            {
+                handler.UnregisterAuthenticationHandler(context.GetAuthentication());
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/ClaimsTransformationOptions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
similarity index 64%
rename from src/Microsoft.AspNet.Authorization/ClaimsTransformationOptions.cs
rename to src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
index da3a4a7bda..f8c4a3ed32 100644
--- a/src/Microsoft.AspNet.Authorization/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
@@ -1,15 +1,13 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 using System.Security.Claims;
-using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authentication
 {
     public class ClaimsTransformationOptions
     {
-        public Func<ClaimsPrincipal, Task<ClaimsPrincipal>> TransformAsync { get; set; }
+        public Func<ClaimsPrincipal, ClaimsPrincipal> Transformation { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index e825684b3d..467b36aff4 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -9,11 +9,6 @@ namespace Microsoft.Framework.DependencyInjection
 {
     public static class ServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
         public static IServiceCollection ConfigureAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configure)
         {
             return services.Configure(configure);
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index 6bd62b2b8b..8ed1063dd7 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Http.Core;
 using Xunit;
 
@@ -79,9 +78,15 @@ namespace Microsoft.AspNet.Authentication
 
         private class TestOptions : AuthenticationOptions { }
 
-        private class TestAutoOptions : AutomaticAuthenticationOptions { }
+        private class TestAutoOptions : AuthenticationOptions
+        {
+            public TestAutoOptions()
+            {
+                AutomaticAuthentication = true;
+            }
+        }
 
-        private class TestAutoHandler : AutomaticAuthenticationHandler<AutomaticAuthenticationOptions>
+        private class TestAutoHandler : AuthenticationHandler<TestAutoOptions>
         {
             public TestAutoHandler(string scheme, bool auto)
             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 51d9a9452c..ea38856504 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -34,37 +34,47 @@ namespace Microsoft.AspNet.Authentication.Cookies
             response.StatusCode.ShouldBe(HttpStatusCode.OK);
         }
 
-        [Fact]
-        public async Task ProtectedRequestShouldRedirectToLogin()
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ProtectedRequestShouldRedirectToLoginOnlyWhenAutomatic(bool auto)
         {
             TestServer server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
+                options.AutomaticAuthentication = auto;
             });
 
             Transaction transaction = await SendAsync(server, "http://example.com/protected");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-
-            Uri location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/login");
-            location.Query.ShouldBe("?ReturnUrl=%2Fprotected");
+            transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized);
+            if (auto)
+            {
+                Uri location = transaction.Response.Headers.Location;
+                location.LocalPath.ShouldBe("/login");
+                location.Query.ShouldBe("?ReturnUrl=%2Fprotected");
+            }
         }
 
-        [Fact]
-        public async Task ProtectedCustomRequestShouldRedirectToCustomLogin()
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ProtectedCustomRequestShouldRedirectToCustomLogin(bool auto)
         {
             TestServer server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
+                options.AutomaticAuthentication = auto;
             });
 
             Transaction transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-
-            Uri location = transaction.Response.Headers.Location;
-            location.ToString().ShouldBe("/CustomRedirect");
+            transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized);
+            if (auto)
+            {
+                Uri location = transaction.Response.Headers.Location;
+                location.ToString().ShouldBe("/CustomRedirect");
+            }
         }
 
         private Task SignInAsAlice(HttpContext context)
@@ -221,6 +231,37 @@ namespace Microsoft.AspNet.Authentication.Cookies
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
         }
 
+        [Fact]
+        public async Task CookieAppliesClaimsTransform()
+        {
+            var clock = new TestClock();
+            TestServer server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+            }, 
+            SignInAsAlice, 
+            baseAddress: null, 
+            claimsTransform: o => o.Transformation = (p =>
+            {
+                if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                {
+                    // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
+                    var id = new ClaimsIdentity("xform");
+                    id.AddClaim(new Claim("xform", "yup"));
+                    p.AddIdentity(id);
+                }
+                return p;
+            }));
+
+            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            FindClaimValue(transaction2, "xform").ShouldBe("yup");
+
+        }
+
         [Fact]
         public async Task CookieStopsWorkingAfterExpiration()
         {
@@ -372,6 +413,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             TestServer server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
+                options.AutomaticAuthentication = true;
             });
 
             Transaction transaction = await SendAsync(server, "http://example.com/protected", ajaxRequest: true);
@@ -478,12 +520,26 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return me;
         }
 
-        private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null, Uri baseAddress = null)
+        private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null, Uri baseAddress = null, Action<ClaimsTransformationOptions> claimsTransform = null)
         {
             var server = TestServer.Create(app =>
             {
-                app.UseServices(services => services.AddDataProtection());
+                if (claimsTransform != null)
+                {
+                    app.UseServices(services => {
+                        services.AddDataProtection();
+                        services.ConfigureClaimsTransformation(claimsTransform);
+                    });
+                }
+                else
+                {
+                    app.UseServices(services => services.AddDataProtection());
+                }
                 app.UseCookieAuthentication(configureOptions);
+                if (claimsTransform != null)
+                {
+                    app.UseClaimsTransformation();
+                }
                 app.Use(async (context, next) =>
                 {
                     var req = context.Request;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index a0a5558e81..ba00fb1253 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -42,6 +42,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                         services.ConfigureCookieAuthentication(options =>
                         {
                             options.AuthenticationScheme = "External";
+                            options.AutomaticAuthentication = true;
                         });
                         services.Configure<ExternalAuthenticationOptions>(options =>
                         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 4e02276be6..45ba05777d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -2,6 +2,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Net;
@@ -18,6 +19,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.WebEncoders;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
@@ -50,6 +52,25 @@ namespace Microsoft.AspNet.Authentication.Google
             location.ShouldNotContain("login_hint=");
         }
 
+        [Fact]
+        public async Task Challenge401WillTriggerRedirection()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.AutomaticAuthentication = true;
+            });
+            var transaction = await SendAsync(server, "https://example.com/401");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.ToString();
+            location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
+            location.ShouldContain("&client_id=");
+            location.ShouldContain("&redirect_uri=");
+            location.ShouldContain("&scope=");
+            location.ShouldContain("&state=");
+        }
+
         [Fact]
         public async Task ChallengeWillSetCorrelationCookie()
         {
@@ -63,6 +84,20 @@ namespace Microsoft.AspNet.Authentication.Google
             transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
         }
 
+        [Fact]
+        public async Task Challenge401WillSetCorrelationCookie()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.AutomaticAuthentication = true;
+            });
+            var transaction = await SendAsync(server, "https://example.com/401");
+            Console.WriteLine(transaction.SetCookie);
+            transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
+        }
+
         [Fact]
         public async Task ChallengeWillSetDefaultScope()
         {
@@ -78,18 +113,18 @@ namespace Microsoft.AspNet.Authentication.Google
         }
 
         [Fact(Skip = "Failing due to : https://github.com/aspnet/HttpAbstractions/issues/231")]
-        public async Task ChallengeWillUseOptionsScope()
+        public async Task Challenge401WillSetDefaultScope()
         {
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.Scope.Add("https://www.googleapis.com/auth/plus.login");
+                options.AutomaticAuthentication = true;
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
+            var transaction = await SendAsync(server, "https://example.com/401");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("&scope=" + Uri.EscapeDataString("https://www.googleapis.com/auth/plus.login"));
+            query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
         }
 
         [Fact(Skip = "Failing due to : https://github.com/aspnet/HttpAbstractions/issues/231")]
@@ -99,6 +134,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
+                options.AutomaticAuthentication = true;
             },
             context =>
                 {
@@ -122,10 +158,10 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await SendAsync(server, "https://example.com/challenge2");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("scope=" + Uri.EscapeDataString("https://www.googleapis.com/auth/plus.login"));
+            query.ShouldContain("scope=" + UrlEncoder.Default.UrlEncode("https://www.googleapis.com/auth/plus.login"));
             query.ShouldContain("access_type=offline");
             query.ShouldContain("approval_prompt=force");
-            query.ShouldContain("login_hint=" + Uri.EscapeDataString("test@example.com"));
+            query.ShouldContain("login_hint=" + UrlEncoder.Default.UrlEncode("test@example.com"));
         }
 
         [Fact]
@@ -149,6 +185,35 @@ namespace Microsoft.AspNet.Authentication.Google
             query.ShouldContain("custom=test");
         }
 
+        // TODO: Fix these tests to path (Need some test logic for Authenticate("Google") to return a ticket still
+        //[Fact]
+        //public async Task GoogleTurns401To403WhenAuthenticated()
+        //{
+        //    TestServer server = CreateServer(options =>
+        //    {
+        //        options.ClientId = "Test Id";
+        //        options.ClientSecret = "Test Secret";
+        //    });
+
+        //    Transaction transaction1 = await SendAsync(server, "http://example.com/unauthorized");
+        //    transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+        //}
+
+        //[Fact]
+        //public async Task GoogleTurns401To403WhenAutomatic()
+        //{
+        //    TestServer server = CreateServer(options =>
+        //    {
+        //        options.ClientId = "Test Id";
+        //        options.ClientSecret = "Test Secret";
+        //        options.AutomaticAuthentication = true;
+        //    });
+
+        //    Debugger.Launch();
+        //    Transaction transaction1 = await SendAsync(server, "http://example.com/unauthorizedAuto");
+        //    transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+        //}
+
         [Fact]
         public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
         {
@@ -233,6 +298,9 @@ namespace Microsoft.AspNet.Authentication.Google
             transaction.FindClaimValue(ClaimTypes.GivenName).ShouldBe("Test Given Name");
             transaction.FindClaimValue(ClaimTypes.Surname).ShouldBe("Test Family Name");
             transaction.FindClaimValue(ClaimTypes.Email).ShouldBe("Test email");
+
+            // Ensure claims transformation 
+            transaction.FindClaimValue("xform").ShouldBe("yup");
         }
 
         [Fact]
@@ -421,9 +489,21 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         options.SignInScheme = CookieAuthenticationScheme;
                     });
+                    services.ConfigureClaimsTransformation(p =>
+                    {
+                        var id = new ClaimsIdentity("xform");
+                        id.AddClaim(new Claim("xform", "yup"));
+                        p.AddIdentity(id);
+                        return p;
+                    });
+                });
+                app.UseCookieAuthentication(options =>
+                {
+                    options.AuthenticationScheme = CookieAuthenticationScheme;
+                    options.AutomaticAuthentication = true;
                 });
-                app.UseCookieAuthentication(options => options.AuthenticationScheme = CookieAuthenticationScheme);
                 app.UseGoogleAuthentication(configureOptions);
+                app.UseClaimsTransformation();
                 app.Use(async (context, next) =>
                 {
                     var req = context.Request;
@@ -437,6 +517,18 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         Describe(res, context.User);
                     }
+                    else if (req.Path == new PathString("/unauthorized"))
+                    {
+                        // Simulate Authorization failure 
+                        var result = await context.AuthenticateAsync("Google");
+                        res.Challenge("Google");
+                    }
+                    else if (req.Path == new PathString("/unauthorizedAuto"))
+                    {
+                        var result = await context.AuthenticateAsync("Google");
+                        res.StatusCode = 401;
+                        res.Challenge();
+                    }
                     else if (req.Path == new PathString("/401"))
                     {
                         res.StatusCode = 401;
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index e7a8fccd3b..48372859df 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -169,7 +169,11 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                         options.SignInScheme = "External";
                     });
                 });
-                app.UseCookieAuthentication(options => options.AuthenticationScheme = "External");
+                app.UseCookieAuthentication(options =>
+                {
+                    options.AuthenticationScheme = "External";
+                    options.AutomaticAuthentication = true;
+                });
                 app.UseMicrosoftAccountAuthentication(configureOptions);
                 app.Use(async (context, next) =>
                 {

From 7abccd8f2282c10ae2cb8c21908d207dadbe0d7e Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 16 Mar 2015 15:22:46 -0700
Subject: [PATCH 187/900] React to Shared NotNull

---
 .../CookieAuthenticationMiddleware.cs                      | 1 +
 .../FacebookAuthenticationMiddleware.cs                    | 4 ++--
 .../GoogleAuthenticationMiddleware.cs                      | 7 ++-----
 .../MicrosoftAccountAuthenticationMiddleware.cs            | 3 +--
 .../OAuthAuthenticationMiddleware.cs                       | 2 +-
 .../OAuthBearerAuthenticationMiddleware.cs                 | 1 +
 .../OpenIdConnectAuthenticationMiddleware.cs               | 2 +-
 .../TwitterAuthenticationMiddleware.cs                     | 1 +
 8 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index cd6b53b39e..2082f23659 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -6,6 +6,7 @@ using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
 using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index 506453c54c..d15b8d1020 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -3,10 +3,10 @@
 
 using System;
 using System.Globalization;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index 819642a852..4641bcd0ea 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -3,13 +3,10 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
-using System.Globalization;
-using System.Net.Http;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index f0430bd724..66cdde6bd3 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -2,11 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Globalization;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 1c96be1e49..ef43d309ba 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -5,10 +5,10 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 9b47e5c36e..debaf1e689 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -8,6 +8,7 @@ using System.IdentityModel.Tokens;
 using System.Net.Http;
 using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Builder;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.IdentityModel.Protocols;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 1f4848140d..0659a086ed 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -10,13 +10,13 @@ using System.Text;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 11ae3b4bdc..5e07f7eea7 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -10,6 +10,7 @@ using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Authentication.Twitter.Messages;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 

From e2a8efbb64578602828336474d7083e5f7842702 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 17 Mar 2015 11:40:58 -0700
Subject: [PATCH 188/900] Cleanup

Switch to logging interfaces reference
Tweak DenyAnonymous logic

Fixes https://github.com/aspnet/Security/issues/181
Fixes https://github.com/aspnet/Security/issues/169
---
 src/Microsoft.AspNet.Authentication/project.json |  2 +-
 .../DefaultAuthorizationService.cs               | 16 ++++++----------
 .../DenyAnonymousAuthorizationHandler.cs         |  7 +++----
 src/Microsoft.AspNet.Authorization/project.json  |  2 +-
 .../DefaultAuthorizationServiceTests.cs          | 13 ++++++-------
 5 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 609f641adb..81b89148df 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -6,7 +6,7 @@
         "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
         "Microsoft.AspNet.Http.Core": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index d99f778d94..c6e57eb549 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -23,11 +23,9 @@ namespace Microsoft.AspNet.Authorization
         public bool Authorize(ClaimsPrincipal user, object resource, string policyName)
         {
             var policy = _options.GetPolicy(policyName);
-            if (policy == null)
-            {
-                return false;
-            }
-            return this.Authorize(user, resource, policy);
+            return (policy == null) 
+                ? false 
+                : this.Authorize(user, resource, policy);
         }
 
         public bool Authorize(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements)
@@ -53,11 +51,9 @@ namespace Microsoft.AspNet.Authorization
         public Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
         {
             var policy = _options.GetPolicy(policyName);
-            if (policy == null)
-            {
-                return Task.FromResult(false);
-            }
-            return this.AuthorizeAsync(user, resource, policy);
+            return (policy == null)
+                ? Task.FromResult(false)
+                : this.AuthorizeAsync(user, resource, policy);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
index 4ce5d43ed3..0f6cb3def2 100644
--- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Threading.Tasks;
+using System.Linq;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -11,9 +11,8 @@ namespace Microsoft.AspNet.Authorization
         {
             var user = context.User;
             var userIsAnonymous =
-                user == null ||
-                user.Identity == null ||
-                !user.Identity.IsAuthenticated;
+                user?.Identity == null ||
+                !user.Identities.Any(i => i.IsAuthenticated);
             if (!userIsAnonymous)
             {
                 context.Succeed(requirement);
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 3a8701e86d..6ebb367aa1 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 authorization classes.",
     "dependencies": {
         "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
-        "Microsoft.Framework.Logging": "1.0.0-*",
+        "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 4b9b5a33de..74328a956e 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -549,13 +549,12 @@ namespace Microsoft.AspNet.Authorization.Test
                     options.AddPolicy("Any", policy => policy.RequireAuthenticatedUser());
                 });
             });
-            var user = new ClaimsPrincipal(
-                new ClaimsIdentity(
-                    new Claim[] {
-                        new Claim(ClaimTypes.Name, "Name"),
-                    },
-                    "AuthType")
-                );
+            var user = new ClaimsPrincipal(new ClaimsIdentity());
+            user.AddIdentity(new ClaimsIdentity(
+                new Claim[] {
+                    new Claim(ClaimTypes.Name, "Name"),
+                },
+                "AuthType"));
 
             // Act
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Any");

From 33e3c944d06be7453e7e53669e3915dc52ad4792 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Tue, 17 Mar 2015 17:55:13 -0700
Subject: [PATCH 189/900] Reenabling the tests

Bug https://github.com/aspnet/HttpAbstractions/issues/231 is fixed
---
 .../Google/GoogleMiddlewareTests.cs                           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 45ba05777d..c870220113 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -112,7 +112,7 @@ namespace Microsoft.AspNet.Authentication.Google
             query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
         }
 
-        [Fact(Skip = "Failing due to : https://github.com/aspnet/HttpAbstractions/issues/231")]
+        [Fact]
         public async Task Challenge401WillSetDefaultScope()
         {
             var server = CreateServer(options =>
@@ -127,7 +127,7 @@ namespace Microsoft.AspNet.Authentication.Google
             query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
         }
 
-        [Fact(Skip = "Failing due to : https://github.com/aspnet/HttpAbstractions/issues/231")]
+        [Fact]
         public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
         {
             var server = CreateServer(options =>

From 6086bb0a622312f49a09d27bf256b8807364e623 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Wed, 18 Mar 2015 15:04:58 -0700
Subject: [PATCH 190/900] Fixing the OpenIdConnect sample

---
 samples/OpenIdConnectSample/Startup.cs               |  1 +
 samples/OpenIdConnectSample/wwwroot/placeholder.html | 10 ++++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 samples/OpenIdConnectSample/wwwroot/placeholder.html

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index c232bc349b..40e0f5a77a 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -24,6 +24,7 @@ namespace OpenIdConnectSample
 
             app.UseCookieAuthentication(options =>
             {
+                options.AutomaticAuthentication = true;
             });
 
             app.UseOpenIdConnectAuthentication(options =>
diff --git a/samples/OpenIdConnectSample/wwwroot/placeholder.html b/samples/OpenIdConnectSample/wwwroot/placeholder.html
new file mode 100644
index 0000000000..125a5a8cf1
--- /dev/null
+++ b/samples/OpenIdConnectSample/wwwroot/placeholder.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8" />
+    <title></title>
+</head>
+<body>
+
+</body>
+</html>
\ No newline at end of file

From 776593ec712931140d325808dae89668e91ac258 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 19 Mar 2015 11:04:33 -0700
Subject: [PATCH 191/900] React to hosting changes

---
 samples/CookieSample/Startup.cs               | 10 +--
 samples/CookieSessionSample/Startup.cs        | 10 +--
 samples/OpenIdConnectSample/Startup.cs        | 19 ++--
 .../CookieAuthenticationMiddleware.cs         |  3 +-
 .../FacebookAuthenticationMiddleware.cs       |  3 +-
 .../FacebookAuthenticatedContext.cs           |  1 -
 .../project.json                              |  3 +-
 .../GoogleAuthenticationMiddleware.cs         |  4 +-
 ...icrosoftAccountAuthenticationMiddleware.cs |  4 +-
 .../OAuthAuthenticationHandler.cs             |  4 +-
 .../OAuthAuthenticationMiddleware.cs          |  4 +-
 .../project.json                              |  3 +-
 .../OAuthBearerAuthenticationMiddleware.cs    |  3 +-
 .../OpenIdConnectAuthenticationMiddleware.cs  |  3 +-
 .../TwitterAuthenticationMiddleware.cs        |  3 +-
 .../AuthenticationMiddleware.cs               | 37 ++++----
 .../project.json                              |  2 +-
 .../Cookies/CookieMiddlewareTests.cs          | 19 ++--
 .../Facebook/FacebookMiddlewareTests.cs       | 89 ++++++++++---------
 .../Google/GoogleMiddlewareTests.cs           | 30 +++----
 .../MicrosoftAccountMiddlewareTests.cs        | 16 ++--
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |  8 +-
 .../OpenIdConnectMiddlewareTests.cs           | 19 ++--
 .../Twitter/TwitterMiddlewareTests.cs         | 16 ++--
 24 files changed, 143 insertions(+), 170 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index d5b0814fa2..d7c3e31282 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -8,13 +8,13 @@ namespace CookieSample
 {
     public class Startup
     {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddDataProtection();
+        }
+
         public void Configure(IApplicationBuilder app)
         {
-            app.UseServices(services =>
-            {
-                services.AddDataProtection();
-            });
-
             app.UseCookieAuthentication(options =>
             {
             });
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index dacb7956fc..f93777758a 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -9,13 +9,13 @@ namespace CookieSessionSample
 {
     public class Startup
     {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddDataProtection();
+        }
+
         public void Configure(IApplicationBuilder app)
         {
-            app.UseServices(services =>
-            {
-                services.AddDataProtection();
-            });
-
             app.UseCookieAuthentication(options => 
             {
                 options.SessionStore = new MemoryCacheSessionStore();
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 40e0f5a77a..cb748b5d6d 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -10,18 +10,17 @@ namespace OpenIdConnectSample
 {
     public class Startup
     {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddDataProtection();
+            services.Configure<ExternalAuthenticationOptions>(options =>
+            {
+                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+            });
+        }
+
         public void Configure(IApplicationBuilder app)
         {
-            app.UseServices(services =>
-            {
-                services.AddDataProtection();
-                services.Configure<ExternalAuthenticationOptions>(options =>
-                {
-                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                });
-
-            });
-
             app.UseCookieAuthentication(options =>
             {
                 options.AutomaticAuthentication = true;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 2082f23659..0b4afe1257 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -18,12 +18,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         public CookieAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<CookieAuthenticationOptions> options,
             ConfigureOptions<CookieAuthenticationOptions> configureOptions)
-            : base(next, services, options, configureOptions)
+            : base(next, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index d15b8d1020..7feacb1d12 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -26,13 +26,12 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <param name="options">Configuration options for the middleware.</param>
         public FacebookAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<FacebookAuthenticationOptions> options,
             ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
-            : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
index b64f6dd38e..084b273479 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Net.Http;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.OAuth;
 using Newtonsoft.Json.Linq;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index 0dab9e868a..7bce6f458e 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -3,7 +3,8 @@
     "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index 4641bcd0ea..73e6b180b5 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -22,19 +22,17 @@ namespace Microsoft.AspNet.Authentication.Google
         /// Initializes a new <see cref="GoogleAuthenticationMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
-        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public GoogleAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<GoogleAuthenticationOptions> options,
             ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
-            : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 66cdde6bd3..7626c70619 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -20,19 +20,17 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
-        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public MicrosoftAccountAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<MicrosoftAccountAuthenticationOptions> options,
             ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
-            : base(next, services, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index b8696a302b..6389b8c1d5 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -5,12 +5,10 @@ using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index ef43d309ba..8b8e432b34 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -26,19 +26,17 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Initializes a new <see cref="OAuthAuthenticationMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
-        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public OAuthAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<TOptions> options,
             ConfigureOptions<TOptions> configureOptions = null)
-            : base(next, services, options, configureOptions)
+            : base(next, options, configureOptions)
         {
             // todo: review error handling
             if (string.IsNullOrWhiteSpace(Options.AuthenticationScheme))
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index ab9059a181..215b5155d0 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -4,7 +4,8 @@
     "dependencies": {
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index debaf1e689..9ab829c5d2 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -31,11 +31,10 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// </summary>
         public OAuthBearerAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<OAuthBearerAuthenticationOptions> options,
             ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
-            : base(next, services, options, configureOptions)
+            : base(next, options, configureOptions)
         {
             _logger = loggerFactory.CreateLogger<OAuthBearerAuthenticationMiddleware>();
             if (Options.Notifications == null)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 0659a086ed..53284a50e9 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -36,13 +36,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         public OpenIdConnectAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions)
-            : base(next, services, options, configureOptions)
+            : base(next, options, configureOptions)
         {
             _logger = loggerFactory.CreateLogger<OpenIdConnectAuthenticationMiddleware>();
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 5e07f7eea7..63534a85f5 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -35,13 +35,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <param name="options">Configuration options for the middleware</param>
         public TwitterAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IServiceProvider services,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<TwitterAuthenticationOptions> options,
             ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
-            : base(next, services, options, configureOptions)
+            : base(next, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
             {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index a9482ed465..b9eaa36f83 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -5,7 +5,6 @@ using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.RequestContainer;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
@@ -14,11 +13,9 @@ namespace Microsoft.AspNet.Authentication
     public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions, new()
     {
         private readonly RequestDelegate _next;
-        private readonly IServiceProvider _services;
 
         protected AuthenticationMiddleware(
             [NotNull] RequestDelegate next, 
-            [NotNull] IServiceProvider services, 
             [NotNull] IOptions<TOptions> options, 
             ConfigureOptions<TOptions> configureOptions)
         {
@@ -32,7 +29,6 @@ namespace Microsoft.AspNet.Authentication
                 Options = options.Options;
             }
             _next = next;
-            _services = services;
         }
 
         public string AuthenticationScheme { get; set; }
@@ -41,32 +37,29 @@ namespace Microsoft.AspNet.Authentication
 
         public async Task Invoke(HttpContext context)
         {
-            using (RequestServicesContainer.EnsureRequestServices(context, _services))
+            AuthenticationHandler<TOptions> handler = CreateHandler();
+            await handler.Initialize(Options, context);
+            try
+            {
+                if (!await handler.InvokeAsync())
+                {
+                    await _next(context);
+                }
+            }
+            catch (Exception)
             {
-                AuthenticationHandler<TOptions> handler = CreateHandler();
-                await handler.Initialize(Options, context);
                 try
                 {
-                    if (!await handler.InvokeAsync())
-                    {
-                        await _next(context);
-                    }
+                    handler.Faulted = true;
+                    await handler.TeardownAsync();
                 }
                 catch (Exception)
                 {
-                    try
-                    {
-                        handler.Faulted = true;
-                        await handler.TeardownAsync();
-                    }
-                    catch (Exception)
-                    {
-                        // Don't mask the original exception
-                    }
-                    throw;
+                    // Don't mask the original exception
                 }
-                await handler.TeardownAsync();
+                throw;
             }
+            await handler.TeardownAsync();
         }
 
         protected abstract AuthenticationHandler<TOptions> CreateHandler();
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 81b89148df..83840f36cb 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -3,9 +3,9 @@
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
         "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
         "Microsoft.AspNet.Http.Core": "1.0.0-*",
+        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
     },
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index ea38856504..0a0e5a8da3 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -524,17 +524,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
         {
             var server = TestServer.Create(app =>
             {
-                if (claimsTransform != null)
-                {
-                    app.UseServices(services => {
-                        services.AddDataProtection();
-                        services.ConfigureClaimsTransformation(claimsTransform);
-                    });
-                }
-                else
-                {
-                    app.UseServices(services => services.AddDataProtection());
-                }
                 app.UseCookieAuthentication(configureOptions);
                 if (claimsTransform != null)
                 {
@@ -581,6 +570,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         await next();
                     }
                 });
+            },
+            services =>
+            {
+                services.AddDataProtection();
+                if (claimsTransform != null)
+                {
+                    services.ConfigureClaimsTransformation(claimsTransform);
+                }
             });
             server.BaseAddress = baseAddress;
             return server;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index ba00fb1253..fd349582fb 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -24,34 +24,34 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseServices(services =>
-                    {
-                        services.AddDataProtection();
-                        services.ConfigureFacebookAuthentication(options =>
-                        {
-                            options.AppId = "Test App Id";
-                            options.AppSecret = "Test App Secret";
-                            options.Notifications = new FacebookAuthenticationNotifications
-                            {
-                                OnApplyRedirect = context =>
-                                {
-                                    context.Response.Redirect(context.RedirectUri + "&custom=test");
-                                }
-                            };
-                        });
-                        services.ConfigureCookieAuthentication(options =>
-                        {
-                            options.AuthenticationScheme = "External";
-                            options.AutomaticAuthentication = true;
-                        });
-                        services.Configure<ExternalAuthenticationOptions>(options =>
-                        {
-                            options.SignInScheme = "External";
-                        });
-                    });
                     app.UseFacebookAuthentication();
                     app.UseCookieAuthentication();
                 },
+                services =>
+                {
+                    services.AddDataProtection();
+                    services.ConfigureFacebookAuthentication(options =>
+                    {
+                        options.AppId = "Test App Id";
+                        options.AppSecret = "Test App Secret";
+                        options.Notifications = new FacebookAuthenticationNotifications
+                        {
+                            OnApplyRedirect = context =>
+                            {
+                                context.Response.Redirect(context.RedirectUri + "&custom=test");
+                            }
+                        };
+                    });
+                    services.ConfigureCookieAuthentication(options =>
+                    {
+                        options.AuthenticationScheme = "External";
+                        options.AutomaticAuthentication = true;
+                    });
+                    services.Configure<ExternalAuthenticationOptions>(options =>
+                    {
+                        options.SignInScheme = "External";
+                    });
+                },
                 context =>
                 {
                     context.Response.Challenge("Facebook");
@@ -69,26 +69,26 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseServices(services =>
-                    {
-                        services.AddDataProtection();
-                        services.ConfigureFacebookAuthentication(options =>
-                        {
-                            options.AppId = "Test App Id";
-                            options.AppSecret = "Test App Secret";
-                        });
-                        services.ConfigureCookieAuthentication(options =>
-                        {
-                            options.AuthenticationScheme = "External";
-                        });
-                        services.Configure<ExternalAuthenticationOptions>(options =>
-                        {
-                            options.SignInScheme = "External";
-                        });
-                    });
                     app.UseFacebookAuthentication();
                     app.UseCookieAuthentication();
                 },
+                services =>
+                {
+                    services.AddDataProtection();
+                    services.ConfigureFacebookAuthentication(options =>
+                    {
+                        options.AppId = "Test App Id";
+                        options.AppSecret = "Test App Secret";
+                    });
+                    services.ConfigureCookieAuthentication(options =>
+                    {
+                        options.AuthenticationScheme = "External";
+                    });
+                    services.Configure<ExternalAuthenticationOptions>(options =>
+                    {
+                        options.SignInScheme = "External";
+                    });
+                },
                 context =>
                 {
                     context.Response.Challenge("Facebook");
@@ -105,7 +105,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             location.ShouldContain("state=");
         }
 
-        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
         {
             return TestServer.Create(app =>
             {
@@ -120,7 +120,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
                         await next();
                     }
                 });
-            });
+            },
+            configureServices);
         }
 
         private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index c870220113..33612b7efc 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -482,21 +482,6 @@ namespace Microsoft.AspNet.Authentication.Google
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
-                {
-                    services.AddDataProtection();
-                    services.Configure<ExternalAuthenticationOptions>(options =>
-                    {
-                        options.SignInScheme = CookieAuthenticationScheme;
-                    });
-                    services.ConfigureClaimsTransformation(p =>
-                    {
-                        var id = new ClaimsIdentity("xform");
-                        id.AddClaim(new Claim("xform", "yup"));
-                        p.AddIdentity(id);
-                        return p;
-                    });
-                });
                 app.UseCookieAuthentication(options =>
                 {
                     options.AuthenticationScheme = CookieAuthenticationScheme;
@@ -542,6 +527,21 @@ namespace Microsoft.AspNet.Authentication.Google
                         await next();
                     }
                 });
+            },
+            services =>
+            {
+                services.AddDataProtection();
+                services.Configure<ExternalAuthenticationOptions>(options =>
+                {
+                    options.SignInScheme = CookieAuthenticationScheme;
+                });
+                services.ConfigureClaimsTransformation(p =>
+                {
+                    var id = new ClaimsIdentity("xform");
+                    id.AddClaim(new Claim("xform", "yup"));
+                    p.AddIdentity(id);
+                    return p;
+                });
             });
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 48372859df..0f22e3ac74 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -161,14 +161,6 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
-                {
-                    services.AddDataProtection();
-                    services.Configure<ExternalAuthenticationOptions>(options =>
-                    {
-                        options.SignInScheme = "External";
-                    });
-                });
                 app.UseCookieAuthentication(options =>
                 {
                     options.AuthenticationScheme = "External";
@@ -182,6 +174,14 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                         await next();
                     }
                 });
+            },
+            services =>
+            {
+                services.AddDataProtection();
+                services.Configure<ExternalAuthenticationOptions>(options =>
+                {
+                    options.SignInScheme = "External";
+                });
             });
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index ffbc1a0a4b..fcd2d411ec 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -233,11 +233,6 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
-                {
-                    services.AddDataProtection();
-                });
-
                 if (configureOptions != null)
                 {
                     app.UseOAuthBearerAuthentication(configureOptions);
@@ -261,7 +256,8 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     }
 
                 });
-            });
+            },
+            services => services.AddDataProtection());
         }
 
         private static async Task<Transaction> SendAsync(TestServer server, string uri, string authorizationHeader = null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 7681d54668..bec9f1bf3d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -193,15 +193,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
-                {
-                    services.AddDataProtection();
-                    services.Configure<ExternalAuthenticationOptions>(options =>
-                    {
-                        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                    });
-                });
-
                 app.UseCookieAuthentication(options =>
                 {
                     options.AuthenticationScheme = "OpenIdConnect";
@@ -228,7 +219,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
                     {
                         res.SignOut(
-                            OpenIdConnectAuthenticationDefaults.AuthenticationScheme, 
+                            OpenIdConnectAuthenticationDefaults.AuthenticationScheme,
                             new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
                     }
                     else if (handler != null)
@@ -240,6 +231,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                         await next();
                     }
                 });
+            },
+            services =>
+            {
+                services.AddDataProtection();
+                services.Configure<ExternalAuthenticationOptions>(options =>
+                {
+                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                });
             });
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index fd281086fc..75220f9214 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -105,14 +105,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
         {
             return TestServer.Create(app =>
             {
-                app.UseServices(services =>
-                {
-                    services.AddDataProtection();
-                    services.Configure<ExternalAuthenticationOptions>(options =>
-                    {
-                        options.SignInScheme = "External";
-                    });
-                });
                 app.UseCookieAuthentication(options =>
                 {
                     options.AuthenticationScheme = "External";
@@ -128,6 +120,14 @@ namespace Microsoft.AspNet.Authentication.Twitter
                         await next();
                     }
                 });
+            },
+            services =>
+            {
+                services.AddDataProtection();
+                services.Configure<ExternalAuthenticationOptions>(options =>
+                {
+                    options.SignInScheme = "External";
+                });
             });
         }
 

From aae2e630b40cf1c5160d3c244dde16d870d7306a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 19 Mar 2015 11:43:03 -0700
Subject: [PATCH 192/900] Fix samples

---
 samples/SocialSample/Startup.cs | 40 ++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 21 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index bc7d61b4ae..0d0c78838d 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,16 +1,14 @@
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.Google;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.DependencyInjection;
 using Newtonsoft.Json.Linq;
 
@@ -18,26 +16,26 @@ namespace CookieSample
 {
     public class Startup
     {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddDataProtection();
+            services.Configure<ExternalAuthenticationOptions>(options =>
+            {
+                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+            });
+            services.ConfigureClaimsTransformation(p =>
+            {
+                var id = new ClaimsIdentity("xform");
+                id.AddClaim(new Claim("ClaimsTransformation", "TransformAddedClaim"));
+                p.AddIdentity(id);
+                return p;
+            });
+        }
+
         public void Configure(IApplicationBuilder app)
         {
             app.UseErrorPage();
 
-            app.UseServices(services =>
-            {
-                services.AddDataProtection();
-                services.Configure<ExternalAuthenticationOptions>(options =>
-                {
-                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                });
-                services.ConfigureClaimsTransformation(p =>
-                {
-                    var id = new ClaimsIdentity("xform");
-                    id.AddClaim(new Claim("ClaimsTransformation", "TransformAddedClaim"));
-                    p.AddIdentity(id);
-                    return p;
-                });
-            });
-
             app.UseCookieAuthentication(options =>
                 {
                     options.LoginPath = new PathString("/login");

From 4a5b9f6b6ecad91d8f7461c9c8cce5f31c020a01 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Mon, 23 Mar 2015 21:34:26 -0700
Subject: [PATCH 193/900] Add a description for the OpenIdConnect package

---
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index acf34b5c2a..ec4f879b50 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -1,5 +1,6 @@
 {
     "version": "1.0.0-*",
+    "description": "ASP.NET 5 middleware that enables an application to support OpenIdConnect authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },

From 3860951100e8d542136ef5e8f22aa59e29d54928 Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Tue, 24 Mar 2015 22:35:54 -0700
Subject: [PATCH 194/900] Remove k command and use dnx instead

---
 build.sh                        | 2 +-
 samples/SocialSample/Startup.cs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.sh b/build.sh
index ec3263114a..d81164353c 100644
--- a/build.sh
+++ b/build.sh
@@ -31,7 +31,7 @@ if ! type dnvm > /dev/null 2>&1; then
     source packages/KoreBuild/build/dnvm.sh
 fi
 
-if ! type k > /dev/null 2>&1; then
+if ! type dnx > /dev/null 2>&1; then
     dnvm upgrade
 fi
 
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 0d0c78838d..ffc723126e 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -89,7 +89,7 @@ namespace CookieSample
              netsh http add urlacl url=http://mssecsample.localhost.this:54540/ user=[domain\user]
 
             The sample app can then be run via:
-             k web
+             dnx . web
             */
             app.UseOAuthAuthentication("Microsoft-AccessToken", options =>
             {

From fb871109c7cbc40535faafe3f6bb7bf92be54d09 Mon Sep 17 00:00:00 2001
From: suhasj <suhasbjoshi@hotmail.com>
Date: Wed, 25 Mar 2015 11:47:34 -0700
Subject: [PATCH 195/900] Updating to release NuGet.config

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index da57d47267..1978dc065a 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
   </packageSources>
-</configuration>
\ No newline at end of file
+</configuration>

From 101b719994ae7d4cae8adb2973277563483a02a7 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Mon, 30 Mar 2015 19:10:57 -0700
Subject: [PATCH 196/900] Changing Wilson packages to beta4

---
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json  | 4 ++--
 .../project.json                                              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index 504d1eea1f..5a4a131389 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -4,8 +4,8 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*",
-        "System.IdentityModel.Tokens": "5.0.0-beta1-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*",
+        "System.IdentityModel.Tokens": "5.0.0-beta4-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index ec4f879b50..5f8e6d67a5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -4,7 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
     },
     "frameworks": {
         "dnx451": {

From ffd2489f6cd31eb4333712008c33fdc352abd2e4 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Mon, 30 Mar 2015 19:11:44 -0700
Subject: [PATCH 197/900] Revert "Changing Wilson packages to beta4"

This reverts commit 101b719994ae7d4cae8adb2973277563483a02a7.
---
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json  | 4 ++--
 .../project.json                                              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index 5a4a131389..504d1eea1f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -4,8 +4,8 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*",
-        "System.IdentityModel.Tokens": "5.0.0-beta4-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*",
+        "System.IdentityModel.Tokens": "5.0.0-beta1-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 5f8e6d67a5..ec4f879b50 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -4,7 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*"
     },
     "frameworks": {
         "dnx451": {

From 1a37bf17475ce64bb4664aa7fb96b07cbf28eb92 Mon Sep 17 00:00:00 2001
From: Praburaj <praburaj.t@microsoft.com>
Date: Tue, 31 Mar 2015 10:34:44 -0700
Subject: [PATCH 198/900] Changing Wilson package versions to beta4

---
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json   | 3 +--
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index 504d1eea1f..570eb83469 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -4,8 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*",
-        "System.IdentityModel.Tokens": "5.0.0-beta1-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index ec4f879b50..5f8e6d67a5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -4,7 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta1-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
     },
     "frameworks": {
         "dnx451": {

From 5a6c90882a77536eca98136d68c7e4171ada534e Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Wed, 1 Apr 2015 15:55:21 -0700
Subject: [PATCH 199/900] Add travis and appveyor CI support.

---
 .travis.yml                                            | 3 +++
 appveyor.yml                                           | 5 +++++
 build.sh                                               | 0
 test/Microsoft.AspNet.Authentication.Test/project.json | 2 +-
 test/Microsoft.AspNet.Authorization.Test/project.json  | 2 +-
 5 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 .travis.yml
 create mode 100644 appveyor.yml
 mode change 100644 => 100755 build.sh

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000000..0f4cb93e59
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,3 @@
+language: csharp
+script:
+  - ./build.sh verify
\ No newline at end of file
diff --git a/appveyor.yml b/appveyor.yml
new file mode 100644
index 0000000000..88cb9ef145
--- /dev/null
+++ b/appveyor.yml
@@ -0,0 +1,5 @@
+build_script:
+  - build.cmd verify
+clone_depth: 1
+test: off
+deploy: off
\ No newline at end of file
diff --git a/build.sh b/build.sh
old mode 100644
new mode 100755
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index c19e99dbc2..2d88d7988c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -1,6 +1,6 @@
 {
     "compilationOptions": {
-        "warningsAsErrors": true
+        "warningsAsErrors": "true"
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index 11667dc4e5..065ecb7d37 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -1,6 +1,6 @@
 {
     "compilationOptions": {
-        "warningsAsErrors": true
+        "warningsAsErrors": "true"
     },
     "dependencies": {
         "Microsoft.AspNet.Authorization": "1.0.0-*",

From e25ae018c3655ae55e292f2faafccaae52fe45a4 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Wed, 1 Apr 2015 17:07:53 -0700
Subject: [PATCH 200/900] Turn off sudo for .travis.yml.

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 0f4cb93e59..5939a529e5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,3 +1,4 @@
 language: csharp
+sudo: false
 script:
   - ./build.sh verify
\ No newline at end of file

From 568a48ff83027ab0b6fd0798dcc2acd529754415 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 2 Apr 2015 09:20:31 -0700
Subject: [PATCH 201/900] Update global.json, sources=>projects

---
 global.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/global.json b/global.json
index 840c36f6ad..983ba0401e 100644
--- a/global.json
+++ b/global.json
@@ -1,3 +1,3 @@
 {
-    "sources": ["src"]
-}
\ No newline at end of file
+    "projects": ["src"]
+}

From 440e782f8b1f2c02591372d5d237749b431692e8 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Thu, 2 Apr 2015 13:49:29 -0700
Subject: [PATCH 202/900] Update .xproj files for Microsoft.Web.AspNet.* ->
 Microsoft.DNX.* rename

---
 samples/CookieSample/CookieSample.xproj                   | 4 ++--
 samples/CookieSessionSample/CookieSessionSample.xproj     | 4 ++--
 samples/OpenIdConnectSample/OpenIdConnectSample.xproj     | 6 +++---
 samples/SocialSample/SocialSample.xproj                   | 4 ++--
 .../Microsoft.AspNet.Authentication.Cookies.xproj         | 4 ++--
 .../Microsoft.AspNet.Authentication.Facebook.xproj        | 4 ++--
 .../Microsoft.AspNet.Authentication.Google.xproj          | 4 ++--
 ...Microsoft.AspNet.Authentication.MicrosoftAccount.xproj | 4 ++--
 .../Microsoft.AspNet.Authentication.OAuth.xproj           | 4 ++--
 .../Microsoft.AspNet.Authentication.OAuthBearer.xproj     | 6 +++---
 .../Microsoft.AspNet.Authentication.OpenIdConnect.xproj   | 4 ++--
 .../Microsoft.AspNet.Authentication.Twitter.xproj         | 4 ++--
 .../Microsoft.AspNet.Authentication.xproj                 | 4 ++--
 .../Microsoft.AspNet.Authorization.xproj                  | 4 ++--
 .../Microsoft.AspNet.Authentication.Tests.xproj           | 8 ++++----
 .../Microsoft.AspNet.Authorization.Tests.xproj            | 4 ++--
 16 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/samples/CookieSample/CookieSample.xproj b/samples/CookieSample/CookieSample.xproj
index 68fbee01bf..50d06f00e8 100644
--- a/samples/CookieSample/CookieSample.xproj
+++ b/samples/CookieSample/CookieSample.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>558c2c2a-aed8-49de-bb60-d5f8ae06c714</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -14,5 +14,5 @@
     <SchemaVersion>2.0</SchemaVersion>
     <DevelopmentServerPort>22569</DevelopmentServerPort>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/CookieSessionSample.xproj b/samples/CookieSessionSample/CookieSessionSample.xproj
index e129ba553c..ec3d4dd5e6 100644
--- a/samples/CookieSessionSample/CookieSessionSample.xproj
+++ b/samples/CookieSessionSample/CookieSessionSample.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>19711880-46da-4a26-9e0f-9b2e41d27651</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -14,5 +14,5 @@
     <SchemaVersion>2.0</SchemaVersion>
     <DevelopmentServerPort>36505</DevelopmentServerPort>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
index 1f6d87ba4b..1f0879ea47 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>bef0f5c3-ef4e-4649-9c49-d5e279a3ca2b</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -14,5 +14,5 @@
     <SchemaVersion>2.0</SchemaVersion>
     <DevelopmentServerPort>42023</DevelopmentServerPort>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/samples/SocialSample/SocialSample.xproj b/samples/SocialSample/SocialSample.xproj
index 74aaf1222f..d12b8fcbfe 100644
--- a/samples/SocialSample/SocialSample.xproj
+++ b/samples/SocialSample/SocialSample.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8c73d216-332d-41d8-bfd0-45bc4bc36552</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -14,5 +14,5 @@
     <SchemaVersion>2.0</SchemaVersion>
     <DevelopmentServerPort>36504</DevelopmentServerPort>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj b/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj
index 10ebb695f0..bc93d6322f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>fc152cc4-054b-457e-8d91-389c5de3c561</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj b/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj
index 608a152e26..68ee50c4b7 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>eeaaee68-607b-4e33-af3e-45c66b4dba5a</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj b/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj
index 36e2cade9a..f92646ce65 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj
+++ b/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>76579c39-b829-490d-b8be-1bd35fe8412e</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj
index 5935b2a134..c15c0534e8 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>acb45e19-f520-4d0c-8916-b0ceb9c017fe</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj b/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj
index 667114ea56..962888b9de 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>1657c79e-7755-4aee-9d61-571295b69a30</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj b/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj
index f83bb90de3..ef8673b48c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>2755BFE5-7421-4A31-A644-F817DF5CAA98</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj
index 4b85e6378c..9ae8192f24 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>35115d55-b69e-46d4-bb33-c9e9e6ec5e7a</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj b/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj
index 5d8846c099..55deb0714f 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>0330fff6-b4b5-42dd-8c99-26a789569000</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj b/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj
index b21c7af0ed..fe12613f9e 100644
--- a/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj
+++ b/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>2286250a-52c8-4126-9f93-b1e45f0ad078</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj b/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj
index 43b0607698..be8ba0e0ea 100644
--- a/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj
+++ b/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>6ab3e514-5894-4131-9399-dc7d5284addb</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj b/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj
index 77ea1e71cf..3bcf72482b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj
+++ b/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj
@@ -1,10 +1,10 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8da26cd1-1302-4cfd-9270-9fa1b7c6138b</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj
index 316cc51775..0e8a98e2a5 100644
--- a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj
+++ b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj
@@ -4,7 +4,7 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>7af5ad96-eb6e-4d0e-8abe-c0b543c0f4c2</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
@@ -13,5 +13,5 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
-  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file

From 8218a727d981b2ca2368ecaee319e1b4f785e4cd Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Thu, 2 Apr 2015 16:16:24 -0700
Subject: [PATCH 203/900] Correct .xproj filenames to match containing
 directories - these were the only two projects I found will naming
 inconsistencies

---
 ...ion.Tests.xproj => Microsoft.AspNet.Authentication.Test.xproj} | 0
 ...tion.Tests.xproj => Microsoft.AspNet.Authorization.Test.xproj} | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename test/Microsoft.AspNet.Authentication.Test/{Microsoft.AspNet.Authentication.Tests.xproj => Microsoft.AspNet.Authentication.Test.xproj} (100%)
 rename test/Microsoft.AspNet.Authorization.Test/{Microsoft.AspNet.Authorization.Tests.xproj => Microsoft.AspNet.Authorization.Test.xproj} (100%)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj b/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Tests.xproj
rename to test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj
diff --git a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj
similarity index 100%
rename from test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Tests.xproj
rename to test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj

From 3cd702d6d83381e282646b6882811e4ab6bbff22 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Fri, 3 Apr 2015 11:08:32 -0700
Subject: [PATCH 204/900] Update solution to match renamed .xproj files

---
 Security.sln | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Security.sln b/Security.sln
index 2d3fccf4e2..8f65fe16bd 100644
--- a/Security.sln
+++ b/Security.sln
@@ -38,11 +38,11 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentica
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuth", "src\Microsoft.AspNet.Authentication.OAuth\Microsoft.AspNet.Authentication.OAuth.xproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Tests", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Tests.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Test", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Test.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuthBearer", "src\Microsoft.AspNet.Authentication.OAuthBearer\Microsoft.AspNet.Authentication.OAuthBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Tests", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Tests.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Test", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Test.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization", "src\Microsoft.AspNet.Authorization\Microsoft.AspNet.Authorization.xproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
 EndProject

From 28a6ef1dc4247d7cfd75ebf02118a534b407270a Mon Sep 17 00:00:00 2001
From: Wei Wang <chengtian.wang@gmail.com>
Date: Fri, 3 Apr 2015 17:22:02 -0700
Subject: [PATCH 205/900] Fix AppVeyor git line ending config

---
 appveyor.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/appveyor.yml b/appveyor.yml
index 88cb9ef145..3fab83e134 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,3 +1,5 @@
+init:
+  - git config --global core.autocrlf true
 build_script:
   - build.cmd verify
 clone_depth: 1

From e0694a21d86c06524d516d1c0e4204c13ba64070 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Tue, 7 Apr 2015 14:50:16 -0700
Subject: [PATCH 206/900] Add serviceable attribute to projects.

aspnet/DNX#1600
---
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 .../Properties/AssemblyInfo.cs                              | 6 ++++++
 10 files changed, 60 insertions(+)
 create mode 100644 src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..f5c6f4a83a
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file

From e44fb492343cef68434b79019189c25ea75fe31a Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Tue, 7 Apr 2015 16:16:42 -0700
Subject: [PATCH 207/900] Update .travis.yml and appveyor.yml to build quietly.

---
 .travis.yml  | 2 +-
 appveyor.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 5939a529e5..947bf868ee 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,4 @@
 language: csharp
 sudo: false
 script:
-  - ./build.sh verify
\ No newline at end of file
+  - ./build.sh --quiet verify
\ No newline at end of file
diff --git a/appveyor.yml b/appveyor.yml
index 3fab83e134..636a7618d3 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,7 +1,7 @@
 init:
   - git config --global core.autocrlf true
 build_script:
-  - build.cmd verify
+  - build.cmd --quiet verify
 clone_depth: 1
 test: off
 deploy: off
\ No newline at end of file

From 4a2a742ad5e52b2f9e0529b8c6f5f9decd3e80f0 Mon Sep 17 00:00:00 2001
From: Pinpoint <kevinchalet@gmail.com>
Date: Tue, 3 Mar 2015 16:01:14 +0100
Subject: [PATCH 208/900] Fix SecurityTokenValidated and rework the different
 OAuth2 Bearer middleware tests

---
 .../OAuthBearerAuthenticationHandler.cs       |   5 +-
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs | 263 ++++++++++++------
 2 files changed, 174 insertions(+), 94 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index e2a56697d9..1f2d20b76e 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -136,12 +136,13 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                             AuthenticationTicket = ticket
                         };
 
-                        if (securityTokenReceivedNotification.HandledResponse)
+                        await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
+                        if (securityTokenValidatedNotification.HandledResponse)
                         {
                             return securityTokenValidatedNotification.AuthenticationTicket;
                         }
 
-                        if (securityTokenReceivedNotification.Skipped)
+                        if (securityTokenValidatedNotification.Skipped)
                         {
                             return null;
                         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index fcd2d411ec..e688497d9e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
-using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
@@ -12,7 +11,7 @@ using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Shouldly;
@@ -27,6 +26,8 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             var server = CreateServer(options =>
             {
+                options.AutomaticAuthentication = true;
+
                 options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
                 options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
                 options.TokenValidationParameters = new TokenValidationParameters
@@ -34,6 +35,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     ValidateLifetime = false
                 };
             });
+
             string newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
             var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
             response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
@@ -44,26 +46,30 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             var server = CreateServer(options =>
             {
-                options.Notifications.MessageReceived = HeaderReceived;
+                options.AutomaticAuthentication = true;
+
+                options.Notifications.MessageReceived = notification =>
+                {
+                    var claims = new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                    };
+
+                    notification.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+
+                    notification.HandleResponse();
+                    
+                    return Task.FromResult<object>(null);
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "someHeader someblob");
             response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-        }
-
-        private static Task HeaderReceived(MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
-        {
-            List<Claim> claims =
-                new List<Claim>
-                {
-                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
-                };
-
-            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims)), new Http.Authentication.AuthenticationProperties(), notification.Options.AuthenticationScheme);
-            notification.HandleResponse();
-
-            return Task.FromResult<object>(null);
+            response.ResponseText.ShouldBe("Bob le Magnifique");
         }
 
         [Fact]
@@ -71,7 +77,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             var server = CreateServer(options => { });
             var response = await SendAsync(server, "http://example.com/oauth");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
         }
 
         [Fact]
@@ -79,7 +85,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             var server = CreateServer(options => { });
             var response = await SendAsync(server, "http://example.com/oauth","Token");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
         }
 
         [Fact]
@@ -87,26 +93,30 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             var server = CreateServer(options =>
             {
-                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+                options.AutomaticAuthentication = true;
+
+                options.Notifications.SecurityTokenReceived = notification =>
+                {
+                    var claims = new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                    };
+
+                    notification.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+
+                    notification.HandleResponse();
+                    
+                    return Task.FromResult<object>(null);
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-        }
-
-        private static Task SecurityTokenReceived(SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
-        {
-            List<Claim> claims =
-                new List<Claim>
-                {
-                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
-                };
-
-            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)), new Http.Authentication.AuthenticationProperties(), notification.Options.AuthenticationScheme);
-            notification.HandleResponse();
-
-            return Task.FromResult<object>(null);
+            response.ResponseText.ShouldBe("Bob le Magnifique");
         }
 
         [Fact]
@@ -114,44 +124,70 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             var server = CreateServer(options =>
             {
-                options.Notifications.SecurityTokenValidated = SecurityTokenValidated;
-                options.SecurityTokenValidators = new List<ISecurityTokenValidator>{new BlobTokenValidator(options.AuthenticationScheme)};
+                options.AutomaticAuthentication = true;
+
+                options.Notifications.SecurityTokenValidated = notification =>
+                {
+                    // Retrieve the NameIdentifier claim from the identity
+                    // returned by the custom security token validator.
+                    var identity = (ClaimsIdentity) notification.AuthenticationTicket.Principal.Identity;
+                    var identifier = identity.FindFirst(ClaimTypes.NameIdentifier);
+
+                    identifier.Value.ShouldBe("Bob le Tout Puissant");
+
+                    // Remove the existing NameIdentifier claim and replace it
+                    // with a new one containing a different value.
+                    identity.RemoveClaim(identifier);
+                    // Make sure to use a different name identifier
+                    // than the one defined by BlobTokenValidator.
+                    identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"));
+
+                    return Task.FromResult<object>(null);
+                };
+
+                options.SecurityTokenValidators = new[] { new BlobTokenValidator(options.AuthenticationScheme) };
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-        }
-
-        private static Task SecurityTokenValidated(SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
-        {
-            List<Claim> claims =
-                new List<Claim>
-                {
-                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
-                };
-
-            notification.AuthenticationTicket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)), new Http.Authentication.AuthenticationProperties(), notification.Options.AuthenticationScheme);
-            notification.HandleResponse();
-
-            return Task.FromResult<object>(null);
+            response.ResponseText.ShouldBe("Bob le Magnifique");
         }
 
         [Fact]
         public async Task RetrievingTokenFromAlternateLocation()
         {
-            var server = CreateServer(options => {
-                options.Notifications.MessageReceived = MessageReceived;
-                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthentication = true;
+
+                options.Notifications.MessageReceived = notification =>
+                {
+                    notification.Token = "CustomToken";
+                    return Task.FromResult<object>(null);
+                };
+                
+                options.Notifications.SecurityTokenReceived = notification =>
+                {
+                    var claims = new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                    };
+
+                    notification.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+
+                    notification.HandleResponse();
+
+                    return Task.FromResult<object>(null);
+                };
             });
+
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
             response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-        }
-
-        private static Task MessageReceived(MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
-        {
-            notification.Token = "CustomToken";
-            return Task.FromResult<object>(null);
+            response.ResponseText.ShouldBe("Bob le Magnifique");
         }
 
         [Fact]
@@ -159,20 +195,51 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         {
             var server = CreateServer(options =>
             {
-                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+                options.Notifications.SecurityTokenReceived = notification =>
+                {
+                    var claims = new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                    };
+
+                    notification.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+
+                    notification.HandleResponse();
+
+                    return Task.FromResult<object>(null);
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
             response.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
         }
-
-
+        
         [Fact]
         public async Task BearerDoesNothingTo401IfNotAuthenticated()
         {
             var server = CreateServer(options =>
             {
-                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+                options.Notifications.SecurityTokenReceived = notification =>
+                {
+                    var claims = new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                    };
+
+                    notification.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+
+                    notification.HandleResponse();
+
+                    return Task.FromResult<object>(null);
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized");
@@ -187,21 +254,15 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 AuthenticationScheme = authenticationScheme;
             }
 
-            public string AuthenticationScheme { get; set; }
-
-            public bool CanValidateToken
-            {
-                get
-                {
-                    return true;
-                }
-            }
+            public string AuthenticationScheme { get; }
 
+            public bool CanValidateToken => true;
+            
             public int MaximumTokenSizeInBytes
             {
                 get
                 {
-                    return 2*2*1024;
+                    throw new NotImplementedException();
                 }
 
                 set
@@ -210,20 +271,20 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 }
             }
 
-            public bool CanReadToken(string securityToken)
-            {
-                return true;
-            }
+            public bool CanReadToken(string securityToken) => true;
 
             public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
             {
                 validatedToken = null;
-                List<Claim> claims =
-                    new List<Claim>
-                    {
-                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
-                    };
+
+                var claims = new[]
+                {
+                    // Make sure to use a different name identifier
+                    // than the one defined by CustomTokenValidated.
+                    new Claim(ClaimTypes.NameIdentifier, "Bob le Tout Puissant"),
+                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob"),
+                };
 
                 return new ClaimsPrincipal(new ClaimsIdentity(claims, AuthenticationScheme));
             }
@@ -237,24 +298,42 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 {
                     app.UseOAuthBearerAuthentication(configureOptions);
                 }
+
                 app.Use(async (context, next) =>
                 {
-                    var req = context.Request;
-                    var res = context.Response;
-                    if (req.Path == new PathString("/oauth"))
+                    if (context.Request.Path == new PathString("/oauth"))
                     {
+                        if (context.User == null ||
+                            context.User.Identity == null ||
+                            !context.User.Identity.IsAuthenticated)
+                        {
+                            context.Response.StatusCode = 401;
+
+                            return;
+                        }
+
+                        var identifier = context.User.FindFirst(ClaimTypes.NameIdentifier);
+                        if (identifier == null)
+                        {
+                            context.Response.StatusCode = 500;
+
+                            return;
+                        }
+
+                        await context.Response.WriteAsync(identifier.Value);
                     }
-                    else if (req.Path == new PathString("/unauthorized"))
+
+                    else if (context.Request.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
                         var result = await context.AuthenticateAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
-                        res.Challenge(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
+                        context.Response.Challenge(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
                     }
+
                     else
                     {
                         await next();
                     }
-
                 });
             },
             services => services.AddDataProtection());

From 5e03a6c1ad2d94a1e6c4757e0931d199761942a8 Mon Sep 17 00:00:00 2001
From: Pinpoint <kevinchalet@gmail.com>
Date: Tue, 3 Mar 2015 16:13:45 +0100
Subject: [PATCH 209/900] Fix incorrect handler delegation and update
 SignInScheme documentation

---
 .../OAuthAuthenticationOptions.cs                   |  5 ++++-
 ...ler.cs => OpenIdConnectAuthenticationHandler.cs} |  2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs        | 13 +++++++++----
 .../OpenIdConnectAuthenticationOptions.cs           | 11 +++++------
 .../TwitterAuthenticationOptions.cs                 |  5 ++++-
 .../ExternalAuthenticationOptions.cs                |  5 +++++
 6 files changed, 28 insertions(+), 13 deletions(-)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenidConnectAuthenticationHandler.cs => OpenIdConnectAuthenticationHandler.cs} (99%)

diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 3dda288129..bd9ab43b06 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -99,7 +99,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
         public PathString CallbackPath { get; set; }
 
         /// <summary>
-        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// Gets or sets the authentication scheme corresponding to the middleware
+        /// responsible of persisting user's identity after a successful authentication.
+        /// This value typically corresponds to a cookie middleware registered in the Startup class.
+        /// When omitted, <see cref="ExternalAuthenticationOptions.SignInScheme"/> is used as a fallback value.
         /// </summary>
         public string SignInScheme { get; set; }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
similarity index 99%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 6a629045b8..32f7a69c0f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -585,4 +585,4 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return false;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 53284a50e9..e58b7fff85 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -7,12 +7,12 @@ using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
 using System.Text;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Authentication.DataHandler.Serializer;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.IdentityModel.Protocols;
@@ -45,9 +45,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
             _logger = loggerFactory.CreateLogger<OpenIdConnectAuthenticationMiddleware>();
 
+            if (string.IsNullOrEmpty(Options.SignInScheme))
+            {
+                Options.SignInScheme = externalOptions.Options.SignInScheme;
+            }
+
             if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType))
             {
-                Options.TokenValidationParameters.AuthenticationType = externalOptions.Options.SignInScheme;
+                Options.TokenValidationParameters.AuthenticationType = Options.AuthenticationScheme;
             }
 
             if (Options.StateDataFormat == null)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 25b70473a8..f7bfde804b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -233,13 +233,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public string Scope { get; set; }
 
         /// <summary>
-        /// Gets or sets the AuthenticationScheme used when creating the <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// Gets or sets the authentication scheme corresponding to the middleware
+        /// responsible of persisting user's identity after a successful authentication.
+        /// This value typically corresponds to a cookie middleware registered in the Startup class.
+        /// When omitted, <see cref="ExternalAuthenticationOptions.SignInScheme"/> is used as a fallback value.
         /// </summary>
-        public string SignInScheme
-        {
-            get { return TokenValidationParameters.AuthenticationType; }
-            set { TokenValidationParameters.AuthenticationType = value; }
-        }
+        public string SignInScheme { get; set; }
 
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index d17daa0e9e..a3179c3867 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -89,7 +89,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         public PathString CallbackPath { get; set; }
 
         /// <summary>
-        /// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+        /// Gets or sets the authentication scheme corresponding to the middleware
+        /// responsible of persisting user's identity after a successful authentication.
+        /// This value typically corresponds to a cookie middleware registered in the Startup class.
+        /// When omitted, <see cref="ExternalAuthenticationOptions.SignInScheme"/> is used as a fallback value.
         /// </summary>
         public string SignInScheme { get; set; }
 
diff --git a/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
index 966e2cfe14..a80b80b83f 100644
--- a/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
@@ -8,6 +8,11 @@ namespace Microsoft.AspNet.Authentication
 {
     public class ExternalAuthenticationOptions
     {
+        /// <summary>
+        /// Gets or sets the authentication scheme corresponding to the default middleware
+        /// responsible of persisting user's identity after a successful authentication.
+        /// This value typically corresponds to a cookie middleware registered in the Startup class.
+        /// </summary>
         public string SignInScheme { get; set; }
     }
 }

From 9ce84d39c2c852e418eae13a6a984159343b4162 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 15 Apr 2015 11:21:32 -0700
Subject: [PATCH 210/900] React to http challenge changes

---
 .../AuthenticationHandler.cs                  | 14 ++------
 .../AuthenticationHandlerFacts.cs             | 13 ++++---
 .../DefaultAuthorizationServiceTests.cs       | 34 -------------------
 3 files changed, 9 insertions(+), 52 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index d54c4a3bee..318d0ad732 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -353,10 +353,10 @@ namespace Microsoft.AspNet.Authentication
 
         public virtual void Challenge(IChallengeContext context)
         {
-            if (ShouldHandleScheme(context.AuthenticationSchemes))
+            if (ShouldHandleScheme(context.AuthenticationScheme))
             {
                 ChallengeContext = context;
-                context.Accept(BaseOptions.AuthenticationScheme, BaseOptions.Description.Dictionary);
+                context.Accept();
             }
 
             if (PriorHandler != null)
@@ -367,14 +367,6 @@ namespace Microsoft.AspNet.Authentication
 
         protected abstract void ApplyResponseChallenge();
 
-        public virtual bool ShouldHandleScheme(IEnumerable<string> authenticationSchemes)
-        {
-            // If there are any schemes asked for, need to match, otherwise automatic authentication matches
-            return authenticationSchemes != null && authenticationSchemes.Any()
-                ? authenticationSchemes.Contains(BaseOptions.AuthenticationScheme, StringComparer.Ordinal)
-                : BaseOptions.AutomaticAuthentication;
-        }
-
         public virtual bool ShouldHandleScheme(string authenticationScheme)
         {
             return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
@@ -388,7 +380,7 @@ namespace Microsoft.AspNet.Authentication
             return Response.StatusCode == 401 &&
                 AuthenticateCalled &&
                 ChallengeContext != null &&
-                ShouldHandleScheme(ChallengeContext.AuthenticationSchemes);
+                ShouldHandleScheme(ChallengeContext.AuthenticationScheme);
         }
 
         /// <summary>
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index 8ed1063dd7..a8ec25fe06 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -14,11 +14,11 @@ namespace Microsoft.AspNet.Authentication
         {
             var handler = new TestHandler("Alpha");
 
-            bool passiveNoMatch = handler.ShouldHandleScheme(new[] { "Beta", "Gamma" });
+            bool passiveNoMatch = handler.ShouldHandleScheme("Beta");
 
             handler = new TestHandler("Alpha");
 
-            bool passiveWithMatch = handler.ShouldHandleScheme(new[] { "Beta", "Alpha" });
+            bool passiveWithMatch = handler.ShouldHandleScheme("Alpha");
 
             Assert.False(passiveNoMatch);
             Assert.True(passiveWithMatch);
@@ -28,28 +28,28 @@ namespace Microsoft.AspNet.Authentication
         public void AutomaticHandlerInAutomaticModeHandlesEmptyChallenges()
         {
             var handler = new TestAutoHandler("ignored", true);
-            Assert.True(handler.ShouldHandleScheme(new string[0]));
+            Assert.True(handler.ShouldHandleScheme(""));
         }
 
         [Fact]
         public void AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
         {
             var handler = new TestAutoHandler("Alpha", true);
-            Assert.True(handler.ShouldHandleScheme(new string[] { "Alpha" }));
+            Assert.True(handler.ShouldHandleScheme("Alpha"));
         }
 
         [Fact]
         public void AutomaticHandlerShouldNotHandleChallengeWhenSchemeDoesNotMatches()
         {
             var handler = new TestAutoHandler("Dog", true);
-            Assert.False(handler.ShouldHandleScheme(new string[] { "Alpha" }));
+            Assert.False(handler.ShouldHandleScheme("Alpha"));
         }
 
         [Fact]
         public void AutomaticHandlerShouldNotHandleChallengeWhenSchemesNotEmpty()
         {
             var handler = new TestAutoHandler(null, true);
-            Assert.False(handler.ShouldHandleScheme(new string[] { "Alpha" }));
+            Assert.False(handler.ShouldHandleScheme("Alpha"));
         }
 
         private class TestHandler : AuthenticationHandler<AuthenticationOptions>
@@ -110,6 +110,5 @@ namespace Microsoft.AspNet.Authentication
                 throw new NotImplementedException();
             }
         }
-
     }
 }
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 74328a956e..752d2383be 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -347,40 +347,6 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.True(allowed);
         }
 
-        [Fact(Skip = "Filtering TBD")]
-        public async Task Authorize_PolicyWillFilterAuthenticationScheme()
-        {
-            // Arrange
-            var policy = new AuthorizationPolicyBuilder("Bogus").RequireClaim(ClaimTypes.Name);
-            var authorizationService = BuildAuthorizationService();
-            var user = new ClaimsPrincipal(
-                new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Name") }, "AuthType")
-                );
-
-            // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
-
-            // Assert
-            Assert.False(allowed);
-        }
-
-        [Fact(Skip = "Filtering TBD")]
-        public async Task Authorize_PolicyCanFilterMultipleAuthenticationScheme()
-        {
-            // Arrange
-            var policy = new AuthorizationPolicyBuilder("One", "Two").RequireClaim(ClaimTypes.Name, "one").RequireClaim(ClaimTypes.Name, "two");
-            var authorizationService = BuildAuthorizationService();
-            var user = new ClaimsPrincipal();
-            user.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "one") }, "One"));
-            user.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "two") }, "Two"));
-
-            // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
-
-            // Assert
-            Assert.True(allowed);
-        }
-
         [Fact]
         public async Task RolePolicyCanRequireSingleRole()
         {

From 501bd4ff105ee3985219a01d772f737bffc3e563 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 16 Apr 2015 12:26:42 -0700
Subject: [PATCH 211/900] Merge https://github.com/brentschmaltz/Security

---
 .../INonceCache.cs                            |   6 +-
 .../OpenIdConnectAuthenticationDefaults.cs    |   4 +-
 .../OpenIdConnectAuthenticationExtensions.cs  |  13 +-
 .../OpenIdConnectAuthenticationHandler.cs     | 390 +++++----
 .../OpenIdConnectAuthenticationMiddleware.cs  |  22 +-
 .../OpenIdConnectAuthenticationOptions.cs     |  79 +-
 ...penIdConnectServiceCollectionExtensions.cs |   4 +-
 .../Resources.Designer.cs                     | 354 ++++++--
 .../Resources.resx                            | 111 ++-
 .../OpenIdConnectHandlerTests.cs              | 768 ++++++++++++++++++
 .../OpenIdConnect/TestUtilities.cs            | 109 +++
 11 files changed, 1587 insertions(+), 273 deletions(-)
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
index a1f2d35437..a56117560c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
@@ -5,8 +5,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     public interface INonceCache
     {
-        string AddNonce(string nonce);
+        bool TryAddNonce(string nonce);
+
         bool TryRemoveNonce(string nonce);
-        bool HasNonce(string nonce);
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
index 21dc57f482..cecc57a74e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// The prefix used to for the a nonce in the cookie
         /// </summary>
-        internal const string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
+        public const string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
 
         /// <summary>
         /// The property for the RedirectUri that was used when asking for a 'authorizationCode'
@@ -36,6 +36,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Constant used to identify state in openIdConnect protocal message
         /// </summary>
-        internal const string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
+        public const string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
index 989aac48e1..4ced947e2f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
@@ -26,5 +26,16 @@ namespace Microsoft.AspNet.Builder
                      Name = optionsName
                  });
         }
+
+        /// <summary>
+        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
+        /// </summary>
+        /// <param name="app">The application builder</param>
+        /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
+        /// <returns>The application builder</returns>
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, IOptions<OpenIdConnectAuthenticationOptions> options)
+        {
+            return app.UseMiddleware<OpenIdConnectAuthenticationMiddleware>(options);
+        }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 32f7a69c0f..c0efcd0f61 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 // Set End_Session_Endpoint in order:
                 // 1. properties.Redirect
-                // 2. Options.Wreply
+                // 2. Options.PostLogoutRedirectUri
                 var properties = new AuthenticationProperties(signout.Properties);
                 if (!string.IsNullOrEmpty(properties.RedirectUri))
                 {
@@ -98,7 +98,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     string redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
                     if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                     {
-                        _logger.LogWarning("The logout redirect URI is malformed: {0}", (redirectUri ?? "null"));
+                        _logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
                     }
 
                     Response.Redirect(redirectUri);
@@ -115,28 +115,37 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// Responds to a 401 Challenge. Sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
         /// </summary>
         /// <returns></returns>
+        /// <remarks>Uses log id's OIDCH-0026 - OIDCH-0050, next num: 37</remarks>
         protected override async Task ApplyResponseChallengeAsync()
         {
+            if (_logger.IsEnabled(LogLevel.Debug))
+            {
+                _logger.LogDebug(Resources.OIDCH_0026_ApplyResponseChallengeAsync, this.GetType());
+            }
+
             if (ShouldConvertChallengeToForbidden())
             {
+                _logger.LogDebug(Resources.OIDCH_0027_401_ConvertedTo_403);
                 Response.StatusCode = 403;
                 return;
             }
 
             if (Response.StatusCode != 401)
             {
+                _logger.LogDebug(Resources.OIDCH_0028_StatusCodeNot401, Response.StatusCode);
                 return;
             }
 
             // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
             if (ChallengeContext == null && !Options.AutomaticAuthentication)
             {
+                _logger.LogDebug(Resources.OIDCH_0029_ChallengeContextEqualsNull);
                 return;
             }
 
-            // order for redirect_uri
+            // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
-            // 2. CurrentUri
+            // 2. CurrentUri if Options.DefaultToCurrentUriOnRedirect is true)
             AuthenticationProperties properties;
             if (ChallengeContext == null)
             {
@@ -147,12 +156,22 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 properties = new AuthenticationProperties(ChallengeContext.Properties);
             }
 
-            if (string.IsNullOrEmpty(properties.RedirectUri))
+            if (!string.IsNullOrWhiteSpace(properties.RedirectUri))
             {
+                _logger.LogDebug(Resources.OIDCH_0030_Using_Properties_RedirectUri, properties.RedirectUri);
+            }
+            else if (Options.DefaultToCurrentUriOnRedirect)
+            {
+                _logger.LogDebug(Resources.OIDCH_0032_UsingCurrentUriRedirectUri, CurrentUri);
                 properties.RedirectUri = CurrentUri;
             }
 
-            // this value will be passed to the AuthorizationCodeReceivedNotification
+            if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
+            {
+                _logger.LogDebug(Resources.OIDCH_0031_Using_Options_RedirectUri, Options.RedirectUri);
+            }
+
+            // When redeeming a 'code' for an AccessToken, this value is needed
             if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
             {
                 properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri);
@@ -163,14 +182,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
             }
 
-            OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage
+            var message = new OpenIdConnectMessage
             {
                 ClientId = Options.ClientId,
-                IssuerAddress = _configuration == null ? string.Empty : (_configuration.AuthorizationEndpoint ?? string.Empty),
+                IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty,
                 RedirectUri = Options.RedirectUri,
+                // [brentschmaltz] - this should be a property on RedirectToIdentityProviderNotification not on the OIDCMessage.
                 RequestType = OpenIdConnectRequestType.AuthenticationRequest,
                 Resource = Options.Resource,
-                ResponseMode = OpenIdConnectResponseModes.FormPost,
+                ResponseMode = Options.ResponseMode,
                 ResponseType = Options.ResponseType,
                 Scope = Options.Scope,
                 State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
@@ -178,33 +198,45 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (Options.ProtocolValidator.RequireNonce)
             {
-                openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
+                message.Nonce = Options.ProtocolValidator.GenerateNonce();
                 if (Options.NonceCache != null)
                 {
-                    Options.NonceCache.AddNonce(openIdConnectMessage.Nonce);
+                    if (!Options.NonceCache.TryAddNonce(message.Nonce))
+                    {
+                        _logger.LogError(Resources.OIDCH_0033_TryAddNonceFailed, message.Nonce);
+                        throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0033_TryAddNonceFailed, message.Nonce));
+                    }
                 }
                 else
                 {
-                    RememberNonce(openIdConnectMessage.Nonce);
+                    WriteNonceCookie(message.Nonce);
                 }
             }
 
-            var notification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
             {
-                ProtocolMessage = openIdConnectMessage
+                ProtocolMessage = message
             };
 
-            await Options.Notifications.RedirectToIdentityProvider(notification);
-            if (!notification.HandledResponse)
+            await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
+            if (redirectToIdentityProviderNotification.HandledResponse)
             {
-                string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
-                if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
-                {
-                    _logger.LogWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"));
-                }
-
-                Response.Redirect(redirectUri);
+                _logger.LogInformation(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                return;
             }
+            else if (redirectToIdentityProviderNotification.Skipped)
+            {
+                _logger.LogInformation(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                return;
+            }
+
+            string redirectUri = redirectToIdentityProviderNotification.ProtocolMessage.CreateAuthenticationRequestUrl();
+            if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+            {
+                _logger.LogWarning(Resources.OIDCH_0036_UriIsNotWellFormed, redirectUri);
+            }
+
+            Response.Redirect(redirectUri);
         }
 
         protected override AuthenticationTicket AuthenticateCore()
@@ -216,15 +248,21 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// Invoked to process incoming OpenIdConnect messages.
         /// </summary>
         /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
+        /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
         {
+            if (_logger.IsEnabled(LogLevel.Debug))
+            {
+                _logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
+            }
+
             // Allow login to be constrained to a specific path. Need to make this runtime configurable.
             if (Options.CallbackPath.HasValue && Options.CallbackPath != (Request.PathBase + Request.Path))
             {
                 return null;
             }
 
-            OpenIdConnectMessage openIdConnectMessage = null;
+            OpenIdConnectMessage message = null;
 
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
             if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
@@ -235,180 +273,215 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 IFormCollection form = await Request.ReadFormAsync();
                 Request.Body.Seek(0, SeekOrigin.Begin);
-
-                openIdConnectMessage = new OpenIdConnectMessage(form);
+                message = new OpenIdConnectMessage(form);
             }
 
-            if (openIdConnectMessage == null)
+            if (message == null)
             {
                 return null;
             }
 
             try
             {
-                var messageReceivedNotification = new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                if (_logger.IsEnabled(LogLevel.Debug))
                 {
-                    ProtocolMessage = openIdConnectMessage
-                };
+                    _logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
+                }
+
+                var messageReceivedNotification =
+                    new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                    {
+                        ProtocolMessage = message
+                    };
 
                 await Options.Notifications.MessageReceived(messageReceivedNotification);
                 if (messageReceivedNotification.HandledResponse)
                 {
+                    _logger.LogInformation(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
                     return messageReceivedNotification.AuthenticationTicket;
                 }
 
                 if (messageReceivedNotification.Skipped)
                 {
+                    _logger.LogInformation(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
                     return null;
                 }
 
-                // runtime always adds state, if we don't find it OR we failed to 'unprotect' it this is not a message we
-                // should process.
-                AuthenticationProperties properties = GetPropertiesFromState(openIdConnectMessage.State);
+                // runtime always adds state, if we don't find it OR we failed to 'unprotect' it this is not a message we should process.
+                if (string.IsNullOrWhiteSpace(message.State))
+                {
+                    _logger.LogError(Resources.OIDCH_0004_MessageStateIsNullOrWhiteSpace);
+                    return null;
+                }
+
+                var properties = GetPropertiesFromState(message.State);
                 if (properties == null)
                 {
-                    _logger.LogWarning("The state field is missing or invalid.");
+                    _logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
                     return null;
                 }
 
                 // devs will need to hook AuthenticationFailedNotification to avoid having 'raw' runtime errors displayed to users.
-                if (!string.IsNullOrWhiteSpace(openIdConnectMessage.Error))
+                if (!string.IsNullOrWhiteSpace(message.Error))
                 {
-                    throw new OpenIdConnectProtocolException(
-                        string.Format(CultureInfo.InvariantCulture,
-                                      openIdConnectMessage.Error,
-                                      Resources.Exception_OpenIdConnectMessageError, openIdConnectMessage.ErrorDescription ?? string.Empty, openIdConnectMessage.ErrorUri ?? string.Empty));
+                   _logger.LogError(Resources.OIDCH_0006_MessageErrorNotNull, message.Error);
+                    throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageErrorNotNull, message.Error));
                 }
 
-                // code is only accepted with id_token, in this version, hence check for code is inside this if
-                // OpenIdConnect protocol allows a Code to be received without the id_token
-                if (string.IsNullOrWhiteSpace(openIdConnectMessage.IdToken))
-                {
-                    _logger.LogWarning("The id_token is missing.");
-                    return null;
-                }
-
-                var securityTokenReceivedNotification = new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                {
-                    ProtocolMessage = openIdConnectMessage
-                };
-
-                await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
-                if (securityTokenReceivedNotification.HandledResponse)
-                {
-                    return securityTokenReceivedNotification.AuthenticationTicket;
-                }
-
-                if (securityTokenReceivedNotification.Skipped)
-                {
-                    return null;
-                }
+                AuthenticationTicket ticket = null;
+                JwtSecurityToken jwt = null;
 
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
+                    _logger.LogDebug(Resources.OIDCH_0007_UpdatingConfiguration);
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                // Copy and augment to avoid cross request race conditions for updated configurations.
-                TokenValidationParameters validationParameters = Options.TokenValidationParameters.Clone();
-                if (_configuration != null)
+                // OpenIdConnect protocol allows a Code to be received without the id_token
+                if (!string.IsNullOrWhiteSpace(message.IdToken))
                 {
-                    if (string.IsNullOrWhiteSpace(validationParameters.ValidIssuer))
-                    {
-                        validationParameters.ValidIssuer = _configuration.Issuer;
-                    }
-                    else if (!string.IsNullOrWhiteSpace(_configuration.Issuer))
-                    {
-                        validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? new[] { _configuration.Issuer } : validationParameters.ValidIssuers.Concat(new[] { _configuration.Issuer }));
-                    }
-
-                    validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
-                }
-
-                AuthenticationTicket ticket;
-                SecurityToken validatedToken = null;
-                ClaimsPrincipal principal = null;
-                JwtSecurityToken jwt = null;
-
-                foreach (var validator in Options.SecurityTokenValidators)
-                {
-                    if (validator.CanReadToken(openIdConnectMessage.IdToken))
-                    {
-                        principal = validator.ValidateToken(openIdConnectMessage.IdToken, validationParameters, out validatedToken);
-                        jwt = validatedToken as JwtSecurityToken;
-                        if (jwt == null)
+                    _logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
+                    var securityTokenReceivedNotification =
+                        new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                         {
-                            throw new InvalidOperationException("Validated Security Token must be a JwtSecurityToken was: " + (validatedToken == null ? "null" : validatedToken.GetType().ToString()));
+                            ProtocolMessage = message
+                        };
+
+                    await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
+                    if (securityTokenReceivedNotification.HandledResponse)
+                    {
+                        _logger.LogInformation(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
+                        return securityTokenReceivedNotification.AuthenticationTicket;
+                    }
+
+                    if (securityTokenReceivedNotification.Skipped)
+                    {
+                        _logger.LogInformation(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
+                        return null;
+                    }
+
+                    // Copy and augment to avoid cross request race conditions for updated configurations.
+                    TokenValidationParameters validationParameters = Options.TokenValidationParameters.Clone();
+                    if (_configuration != null)
+                    {
+                        if (string.IsNullOrWhiteSpace(validationParameters.ValidIssuer))
+                        {
+                            validationParameters.ValidIssuer = _configuration.Issuer;
+                        }
+                        else if (!string.IsNullOrWhiteSpace(_configuration.Issuer))
+                        {
+                            validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(new[] { _configuration.Issuer }) ?? new[] { _configuration.Issuer };
+                        }
+
+                        validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys;
+                    }
+
+                    SecurityToken validatedToken = null;
+                    ClaimsPrincipal principal = null;
+                    foreach (var validator in Options.SecurityTokenValidators)
+                    {
+                        if (validator.CanReadToken(message.IdToken))
+                        {
+                            principal = validator.ValidateToken(message.IdToken, validationParameters, out validatedToken);
+                            jwt = validatedToken as JwtSecurityToken;
+                            if (jwt == null)
+                            {
+                                _logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
+                                throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
+                            }
                         }
                     }
-                }
 
-                if (validatedToken == null)
-                {
-                    throw new InvalidOperationException("No SecurityTokenValidator found for token: " + openIdConnectMessage.IdToken);
-                }
-
-                ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
-                if (!string.IsNullOrWhiteSpace(openIdConnectMessage.SessionState))
-                {
-                    ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = openIdConnectMessage.SessionState;
-                }
-
-                if (_configuration != null && !string.IsNullOrWhiteSpace(_configuration.CheckSessionIframe))
-                {
-                    ticket.Properties.Dictionary[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
-                }
-
-                if (Options.UseTokenLifetime)
-                {
-                    // Override any session persistence to match the token lifetime.
-                    DateTime issued = validatedToken.ValidFrom;
-                    if (issued != DateTime.MinValue)
+                    if (validatedToken == null)
                     {
-                        ticket.Properties.IssuedUtc = issued;
+                        _logger.LogError(Resources.OIDCH_0011_UnableToValidateToken, message.IdToken);
+                        throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0011_UnableToValidateToken, message.IdToken));
                     }
 
-                    DateTime expires = validatedToken.ValidTo;
-                    if (expires != DateTime.MinValue)
+                    ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
+                    if (!string.IsNullOrWhiteSpace(message.SessionState))
                     {
-                        ticket.Properties.ExpiresUtc = expires;
+                        ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
                     }
 
-                    ticket.Properties.AllowRefresh = false;
+                    if (_configuration != null && !string.IsNullOrWhiteSpace(_configuration.CheckSessionIframe))
+                    {
+                        ticket.Properties.Dictionary[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
+                    }
+
+                    // Rename?
+                    if (Options.UseTokenLifetime)
+                    {
+                        DateTime issued = validatedToken.ValidFrom;
+                        if (issued != DateTime.MinValue)
+                        {
+                            ticket.Properties.IssuedUtc = issued;
+                        }
+
+                        DateTime expires = validatedToken.ValidTo;
+                        if (expires != DateTime.MinValue)
+                        {
+                            ticket.Properties.ExpiresUtc = expires;
+                        }
+                    }
+
+                    var securityTokenValidatedNotification =
+                        new SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                        {
+                            AuthenticationTicket = ticket,
+                            ProtocolMessage = message
+                        };
+
+                    await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
+                    if (securityTokenValidatedNotification.HandledResponse)
+                    {
+                        _logger.LogInformation(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
+                        return securityTokenValidatedNotification.AuthenticationTicket;
+                    }
+
+                    if (securityTokenValidatedNotification.Skipped)
+                    {
+                        _logger.LogInformation(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
+                        return null;
+                    }
+
+                    string nonce = jwt.Payload.Nonce;
+                    if (Options.NonceCache != null)
+                    {
+                        // if the nonce cannot be removed, it was used
+                        if (!Options.NonceCache.TryRemoveNonce(nonce))
+                        {
+                            nonce = null;
+                        }
+                    }
+                    else
+                    {
+                        nonce = ReadNonceCookie(nonce);
+                    }
+
+                    var protocolValidationContext = new OpenIdConnectProtocolValidationContext
+                    {
+                        AuthorizationCode = message.Code,
+                        Nonce = nonce, 
+                    };
+
+                    Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
                 }
 
-                var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                if (message.Code != null)
                 {
-                    AuthenticationTicket = ticket,
-                    ProtocolMessage = openIdConnectMessage
-                };
+                    _logger.LogDebug(Resources.OIDCH_0014_CodeReceived, message.Code);
+                    if (ticket == null)
+                    {
+                        ticket = new AuthenticationTicket(properties, Options.AuthenticationScheme);
+                    }
 
-                await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
-                if (securityTokenValidatedNotification.HandledResponse)
-                {
-                    return securityTokenValidatedNotification.AuthenticationTicket;
-                }
-
-                if (securityTokenValidatedNotification.Skipped)
-                {
-                    return null;
-                }
-
-                var protocolValidationContext = new OpenIdConnectProtocolValidationContext
-                {
-                    AuthorizationCode = openIdConnectMessage.Code,
-                    Nonce = RetrieveNonce(jwt.Payload.Nonce),
-                };
-
-                Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
-                if (openIdConnectMessage.Code != null)
-                {
                     var authorizationCodeReceivedNotification = new AuthorizationCodeReceivedNotification(Context, Options)
                     {
                         AuthenticationTicket = ticket,
-                        Code = openIdConnectMessage.Code,
+                        Code = message.Code,
                         JwtSecurityToken = jwt,
-                        ProtocolMessage = openIdConnectMessage,
+                        ProtocolMessage = message,
                         RedirectUri = ticket.Properties.Dictionary.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey) ?
                                       ticket.Properties.Dictionary[OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey] : string.Empty,
                     };
@@ -416,11 +489,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
                     if (authorizationCodeReceivedNotification.HandledResponse)
                     {
+                        _logger.LogInformation(Resources.OIDCH_0015_CodeReceivedNotificationHandledResponse);
                         return authorizationCodeReceivedNotification.AuthenticationTicket;
                     }
 
                     if (authorizationCodeReceivedNotification.Skipped)
                     {
+                        _logger.LogInformation(Resources.OIDCH_0016_CodeReceivedNotificationSkipped);
                         return null;
                     }
                 }
@@ -429,7 +504,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             catch (Exception exception)
             {
-                _logger.LogError("Exception occurred while processing message", exception);
+                _logger.LogError(Resources.OIDCH_0017_ExceptionOccurredWhileProcessingMessage, exception);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
                 if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
@@ -437,20 +512,23 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     Options.ConfigurationManager.RequestRefresh();
                 }
 
-                var authenticationFailedNotification = new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                {
-                    ProtocolMessage = openIdConnectMessage,
-                    Exception = exception
-                };
+                var authenticationFailedNotification =
+                    new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                    {
+                        ProtocolMessage = message,
+                        Exception = exception
+                    };
 
                 await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
                 if (authenticationFailedNotification.HandledResponse)
                 {
+                    _logger.LogInformation(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
                     return authenticationFailedNotification.AuthenticationTicket;
                 }
 
                 if (authenticationFailedNotification.Skipped)
                 {
+                    _logger.LogInformation(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
                     return null;
                 }
 
@@ -464,7 +542,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="nonce">the nonce to remember.</param>
         /// <remarks><see cref="HttpResponse.Cookies.Append"/>is called to add a cookie with the name: 'OpenIdConnectAuthenticationDefaults.Nonce + <see cref="OpenIdConnectAuthenticationOptions.StringDataFormat.Protect"/>(nonce)'.
         /// The value of the cookie is: "N".</remarks>
-        private void RememberNonce(string nonce)
+        private void WriteNonceCookie(string nonce)
         {
             if (string.IsNullOrWhiteSpace(nonce))
             {
@@ -484,13 +562,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Searches <see cref="HttpRequest.Cookies"/> for a matching nonce.
         /// </summary>
-        /// <param name="nonceExpectedValue">the nonce that was found in the jwt token.</param>
-        /// <returns>'nonceExpectedValue' if a cookie is found that matches, null otherwise.</returns>
+        /// <param name="nonce">the nonce that we are looking for.</param>
+        /// <returns>echos 'nonce' if a cookie is found that matches, null otherwise.</returns>
         /// <remarks>Examine <see cref="HttpRequest.Cookies.Keys"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
         /// <see cref="OpenIdConnectAuthenticationOptions.StringDataFormat.Unprotect"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="HttpResponse.Cookies.Delete"/> is called.</remarks>
-        private string RetrieveNonce(string nonceExpectedValue)
+        private string ReadNonceCookie(string nonce)
         {
-            if (nonceExpectedValue == null)
+            if (nonce == null)
             {
                 return null;
             }
@@ -502,7 +580,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     try
                     {
                         string nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length, nonceKey.Length - OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length));
-                        if (nonceDecodedValue == nonceExpectedValue)
+                        if (nonceDecodedValue == nonce)
                         {
                             var cookieOptions = new CookieOptions
                             {
@@ -511,7 +589,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                             };
 
                             Response.Cookies.Delete(nonceKey, cookieOptions);
-                            return nonceExpectedValue;
+                            return nonce;
                         }
                     }
                     catch (Exception ex)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index e58b7fff85..ee8eec0e5a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -30,9 +30,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Initializes a <see cref="OpenIdConnectAuthenticationMiddleware"/>
         /// </summary>
-        /// <param name="next">The next middleware in the ASP.NET pipeline to invoke</param>
-        /// <param name="app">The ASP.NET application</param>
-        /// <param name="options">Configuration options for the middleware</param>
+        /// <param name="next">The next middleware in the ASP.NET pipeline to invoke.</param>
+        /// <param name="dataProtectionProvider"> provider for creating a data protector.</param>
+        /// <param name="loggerFactory">factory for creating a <see cref="ILogger"/>.</param>
+        /// <param name="options">a <see cref="IOptions{OpenIdConnectAuthenticationOptions}"/> instance that will supply <see cref="OpenIdConnectAuthenticationOptions"/> 
+        /// if configureOptions is null.</param>
+        /// <param name="configureOptions">a <see cref="ConfigureOptions{OpenIdConnectAuthenticationOptions}"/> instance that will be passed to an instance of <see cref="OpenIdConnectAuthenticationOptions"/>
+        /// that is retrieved by calling <see cref="IOptions{OpenIdConnectAuthenticationOptions}.GetNamedOptions(string)"/> where string == <see cref="ConfigureOptions{OpenIdConnectAuthenticationOptions}.Name"/> provides runtime configuration.</param>
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         public OpenIdConnectAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
@@ -40,21 +44,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
-            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions)
+            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null)
             : base(next, options, configureOptions)
         {
             _logger = loggerFactory.CreateLogger<OpenIdConnectAuthenticationMiddleware>();
-
-            if (string.IsNullOrEmpty(Options.SignInScheme))
+            if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(externalOptions.Options.SignInScheme))
             {
                 Options.SignInScheme = externalOptions.Options.SignInScheme;
             }
 
-            if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.AuthenticationType))
-            {
-                Options.TokenValidationParameters.AuthenticationType = Options.AuthenticationScheme;
-            }
-
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
@@ -152,7 +150,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var webRequestHandler = handler as WebRequestHandler;
                 if (webRequestHandler == null)
                 {
-                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
+                    throw new InvalidOperationException(Resources.OIDCH_0102_ExceptionValidatorHandlerMismatch);
                 }
                 webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
             }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index f7bfde804b..e5a3793d38 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -52,32 +52,31 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions.set_Caption(System.String)", Justification = "Not a LOC field")]
         public OpenIdConnectAuthenticationOptions(string authenticationScheme)
         {
-            // REVIEW: why was this active by default??
-            //AuthenticationMode = AuthenticationMode.Active;
             AuthenticationScheme = authenticationScheme;
             BackchannelTimeout = TimeSpan.FromMinutes(1);
             Caption = OpenIdConnectAuthenticationDefaults.Caption;
             ProtocolValidator = new OpenIdConnectProtocolValidator();
             RefreshOnIssuerKeyNotFound = true;
+            ResponseMode = OpenIdConnectResponseModes.FormPost;
             ResponseType = OpenIdConnectResponseTypes.CodeIdToken;
             Scope = OpenIdConnectScopes.OpenIdProfile;
             TokenValidationParameters = new TokenValidationParameters();
             UseTokenLifetime = true;
         }
 
+        /// <summary>
+        /// Gets or sets the expected audience for any received JWT token.
+        /// </summary>
+        /// <value>
+        /// The expected audience for any received JWT token.
+        /// </value>
+        public string Audience { get; set; }
+
         /// <summary>
         /// Gets or sets the Authority to use when making OpenIdConnect calls.
         /// </summary>
         public string Authority { get; set; }
 
-        /// <summary>
-        /// An optional constrained path on which to process the authentication callback.
-        /// If not provided and RedirectUri is available, this value will be generated from RedirectUri.
-        /// </summary>
-        /// <remarks>If you set this value, then the <see cref="OpenIdConnectAuthenticationHandler"/> will only listen for posts at this address. 
-        /// If the IdentityProvider does not post to this address, you may end up in a 401 -> IdentityProvider -> Client -> 401 -> ...</remarks>
-        public PathString CallbackPath { get; set; }
-
 #if DNX451
         /// <summary>
         /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
@@ -112,7 +111,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 if (value <= TimeSpan.Zero)
                 {
-                    throw new ArgumentOutOfRangeException("BackchannelTimeout", value, Resources.ArgsException_BackchallelLessThanZero);
+                    throw new ArgumentOutOfRangeException("BackchannelTimeout", value, Resources.OIDCH_0101_BackChallnelLessThanZero);
                 }
 
                 _backchannelTimeout = value;
@@ -128,6 +127,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             set { Description.Caption = value; }
         }
 
+        /// <summary>
+        /// An optional constrained path on which to process the authentication callback.
+        /// If not provided and RedirectUri is available, this value will be generated from RedirectUri.
+        /// </summary>
+        /// <remarks>If you set this value, then the <see cref="OpenIdConnectAuthenticationHandler"/> will only listen for posts at this address. 
+        /// If the IdentityProvider does not post to this address, you may end up in a 401 -> IdentityProvider -> Client -> 401 -> ...</remarks>
+        public PathString CallbackPath { get; set; }
+
         /// <summary>
         /// Gets or sets the 'client_id'.
         /// </summary>
@@ -145,11 +152,16 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public OpenIdConnectConfiguration Configuration { get; set; }
 
         /// <summary>
-        /// The OpenIdConnect protocol http://openid.net/specs/openid-connect-core-1_0.html
-        /// recommends adding a nonce to a request as a mitigation against replay attacks when requesting id_tokens.
-        /// By default the runtime uses cookies with unique names generated from a hash of the nonce.
+        /// Responsible for retrieving, caching, and refreshing the configuration from metadata.
+        /// If not provided, then one will be created using the MetadataAddress and Backchannel properties.
         /// </summary>
-        public INonceCache NonceCache { get; set; }
+        public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }
+
+        /// <summary>
+        /// Gets or sets a value controlling if the 'CurrentUri' should be used as the 'local redirect' post authentication
+        /// if AuthenticationProperties.RedirectUri is null or empty.
+        /// </summary>
+        public bool DefaultToCurrentUriOnRedirect { get; set; }
 
         /// <summary>
         /// Gets or sets the discovery endpoint for obtaining metadata
@@ -157,24 +169,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public string MetadataAddress { get; set; }
 
         /// <summary>
-        /// Gets or sets the expected audience for any received JWT token.
+        /// The OpenIdConnect protocol http://openid.net/specs/openid-connect-core-1_0.html
+        /// recommends adding a nonce to a request as a mitigation against replay attacks when requesting id_tokens.
+        /// By default the runtime uses cookies with unique names generated from a hash of the nonce.
         /// </summary>
-        /// <value>
-        /// The expected audience for any received JWT token.
-        /// </value>
-        public string Audience { get; set; }
-
-        /// <summary>
-        /// Responsible for retrieving, caching, and refreshing the configuration from metadata.
-        /// If not provided, then one will be created using the MetadataAddress and Backchannel properties.
-        /// </summary>
-        public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }
-
-        /// <summary>
-        /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
-        /// recovery in the event of a signature key rollover. This is enabled by default.
-        /// </summary>
-        public bool RefreshOnIssuerKeyNotFound { get; set; }
+        public INonceCache NonceCache { get; set; }
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectAuthenticationNotifications"/> to notify when processing OpenIdConnect messages.
@@ -217,11 +216,22 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By Design")]
         public string RedirectUri { get; set; }
 
+        /// <summary>
+        /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
+        /// recovery in the event of a signature key rollover. This is enabled by default.
+        /// </summary>
+        public bool RefreshOnIssuerKeyNotFound { get; set; }
+
         /// <summary>
         /// Gets or sets the 'resource'.
         /// </summary>
         public string Resource { get; set; }
 
+        /// <summary>
+        /// Gets or sets the 'response_mode'.
+        /// </summary>
+        public string ResponseMode { get; private set; }
+
         /// <summary>
         /// Gets or sets the 'response_type'.
         /// </summary>
@@ -233,10 +243,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public string Scope { get; set; }
 
         /// <summary>
-        /// Gets or sets the authentication scheme corresponding to the middleware
-        /// responsible of persisting user's identity after a successful authentication.
-        /// This value typically corresponds to a cookie middleware registered in the Startup class.
-        /// When omitted, <see cref="ExternalAuthenticationOptions.SignInScheme"/> is used as a fallback value.
+        /// Gets or sets the SignInScheme which will be used to set the <see cref="System.Security.Claims.ClaimsIdentity.AuthenticationType"/>.
         /// </summary>
         public string SignInScheme { get; set; }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
index 6f55448890..2e55b96fa4 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -15,7 +15,7 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure)
         {
-            return services.ConfigureOpenIdConnectAuthentication(configure, optionsName: "");
+            return ConfigureOpenIdConnectAuthentication(services, configure, null);
         }
 
         public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure, string optionsName)
@@ -25,7 +25,7 @@ namespace Microsoft.Framework.DependencyInjection
 
         public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.ConfigureOpenIdConnectAuthentication(config, optionsName: "");
+            return ConfigureOpenIdConnectAuthentication(services, config, null);
         }
 
         public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
index ee19db0116..b95de83180 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
@@ -1,18 +1,9 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.34014
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect {
-    using System;
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    using System.Globalization;
     using System.Reflection;
-
-
+    using System.Resources;
 
     /// <summary>
     ///   A strongly-typed resource class, for looking up localized strings, etc.
@@ -24,78 +15,337 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect {
     [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
+    internal class Resources
+    {
         private static global::System.Resources.ResourceManager resourceMan;
-        
+
         private static global::System.Globalization.CultureInfo resourceCulture;
-        
+
         [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
+        internal Resources()
+        {
         }
-        
+
         /// <summary>
         ///   Returns the cached ResourceManager instance used by this class.
         /// </summary>
         [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.Owin.Security.OpenIdConnect.Resources", IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+        internal static global::System.Resources.ResourceManager ResourceManager
+        {
+            get
+            {
+                if (object.ReferenceEquals(resourceMan, null))
+                {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.OpenIdConnect.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
             }
         }
-        
+
         /// <summary>
         ///   Overrides the current thread's CurrentUICulture property for all
         ///   resource lookups using this strongly typed resource class.
         /// </summary>
         [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
+        internal static global::System.Globalization.CultureInfo Culture
+        {
+            get
+            {
                 return resourceCulture;
             }
-            set {
+            set
+            {
                 resourceCulture = value;
             }
         }
-        
+
         /// <summary>
-        ///   Looks up a localized string similar to BackchannelTimeout cannot be less or equal to TimeSpan.Zero..
+        /// OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.
         /// </summary>
-        internal static string ArgsException_BackchallelLessThanZero {
-            get {
-                return ResourceManager.GetString("ArgsException_BackchallelLessThanZero", resourceCulture);
-            }
+        internal static string OIDCH_0101_BackChallnelLessThanZero
+        {
+            get { return ResourceManager.GetString("OIDCH_0101_BackChallnelLessThanZero"); }
         }
-        
+
         /// <summary>
-        ///   Looks up a localized string similar to &quot;OpenIdConnectMessage.Error was not null, indicating an error. Error: &apos;{0}&apos;. Error_Description (may be empty): &apos;{1}&apos;. Error_Uri (may be empty): &apos;{2}&apos;.&quot;.
+        /// OIDCH0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
-        internal static string Exception_OpenIdConnectMessageError {
-            get {
-                return ResourceManager.GetString("Exception_OpenIdConnectMessageError", resourceCulture);
-            }
+        internal static string OIDCH_0102_ExceptionValidatorHandlerMismatch
+        {
+            get { return ResourceManager.GetString("OIDCH_0102_Exception_ValidatorHandlerMismatch"); }
         }
-        
+
         /// <summary>
-        ///   Looks up a localized string similar to OIDC_20001: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: &apos;{0}&apos;..
+        /// OIDCH_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.
         /// </summary>
-        internal static string Exception_RedirectUri_LogoutQueryString_IsNotWellFormed {
-            get {
-                return ResourceManager.GetString("Exception_RedirectUri_LogoutQueryString_IsNotWellFormed", resourceCulture);
-            }
+        internal static string OIDCH_0051_RedirectUriLogoutIsNotWellFormed
+        {
+            get { return ResourceManager.GetString("OIDCH_0051_RedirectUriLogoutIsNotWellFormed"); }
         }
-        
+
         /// <summary>
-        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
+        /// OIDCH_0026: Entering: '{0}'
         /// </summary>
-        internal static string Exception_ValidatorHandlerMismatch {
-            get {
-                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
-            }
+        internal static string OIDCH_0026_ApplyResponseChallengeAsync
+        {
+            get { return ResourceManager.GetString("OIDCH_0026_ApplyResponseChallengeAsync"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0027: converted 401 to 403.
+        /// </summary>
+        internal static string OIDCH_0027_401_ConvertedTo_403
+        {
+            get { return ResourceManager.GetString("OIDCH_0027_401_ConvertedTo_403"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'."
+        /// </summary>
+        internal static string OIDCH_0028_StatusCodeNot401
+        {
+            get { return ResourceManager.GetString("OIDCH_0028_StatusCodeNot401"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication
+        /// </summary>
+        internal static string OIDCH_0029_ChallengeContextEqualsNull
+        {
+            get { return ResourceManager.GetString("OIDCH_0029_ChallengeContextEqualsNull"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0030: using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0030_Using_Properties_RedirectUri
+        {
+            get { return ResourceManager.GetString("OIDCH_0030_Using_Properties_RedirectUri"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0031: using Options.RedirectUri for 'redirect_uri': '{0}'.
+        /// </summary>
+        internal static string OIDCH_0031_Using_Options_RedirectUri
+        {
+            get { return ResourceManager.GetString("OIDCH_0031_Using_Options_RedirectUri"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0032_UsingCurrentUriRedirectUri
+        {
+            get { return ResourceManager.GetString("OIDCH_0032_UsingCurrentUriRedirectUri"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. Options.NonceCache.TryAddNonce returned false. This usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0033_TryAddNonceFailed
+        {
+            get { return ResourceManager.GetString("OIDCH_0033_TryAddNonceFailed"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0034: redirectToIdentityProviderNotification.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse
+        {
+            get { return ResourceManager.GetString("OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0035: redirectToIdentityProviderNotification.Skipped
+        /// </summary>
+        internal static string OIDCH_0035_RedirectToIdentityProviderNotificationSkipped
+        {
+            get { return ResourceManager.GetString("OIDCH_0035_RedirectToIdentityProviderNotificationSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"))
+        /// </summary>
+        internal static string OIDCH_0036_UriIsNotWellFormed
+        {
+            get { return ResourceManager.GetString("OIDCH_0036_UriIsNotWellFormed"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0000: Entering: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0000_AuthenticateCoreAsync
+        {
+            get { return ResourceManager.GetString("OIDCH_0000_AuthenticateCoreAsync"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0001: MessageReceived: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0001_MessageReceived
+        {
+            get { return ResourceManager.GetString("OIDCH_0001_MessageReceived"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0001: MessageReceived: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0001_MessageReceived(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, ResourceManager.GetString("OIDCH_0001_MessageReceived"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0002: messageReceivedNotification.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0002_MessageReceivedNotificationHandledResponse
+        {
+            get { return ResourceManager.GetString("OIDCH_0002_MessageReceivedNotificationHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0003: messageReceivedNotification.Skipped
+        /// </summary>
+        internal static string OIDCH_0003_MessageReceivedNotificationSkipped
+        {
+            get { return ResourceManager.GetString("OIDCH_0003_MessageReceivedNotificationSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0004:  OpenIdConnectAuthenticationHandler: message.State is null or whitespace. State is required to process the message.
+        /// </summary>
+        internal static string OIDCH_0004_MessageStateIsNullOrWhiteSpace
+        {
+            get { return ResourceManager.GetString("OIDCH_0004_MessageStateIsNullOrWhiteSpace"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0005: unable to unprotect the message.State
+        /// </summary>
+        internal static string OIDCH_0005_MessageStateIsInvalid
+        {
+            get { return ResourceManager.GetString("OIDCH_0005_MessageStateIsInvalid"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0006_MessageErrorNotNull: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0006_MessageErrorNotNull
+        {
+            get { return ResourceManager.GetString("OIDCH_0006_MessageErrorNotNull"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0007: updating configuration
+        /// </summary>
+        internal static string OIDCH_0007_UpdatingConfiguration
+        {
+            get { return ResourceManager.GetString("OIDCH_0007_UpdatingConfiguration"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0008: securityTokenReceivedNotification.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse
+        {
+            get { return ResourceManager.GetString("OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0009: securityTokenReceivedNotification.Skipped
+        /// </summary>
+        internal static string OIDCH_0009_SecurityTokenReceivedNotificationSkipped
+        {
+            get { return ResourceManager.GetString("OIDCH_0009_SecurityTokenReceivedNotificationSkipped:"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0010_ValidatedSecurityTokenNotJwt
+        {
+            get { return ResourceManager.GetString("OIDCH_0010_ValidatedSecurityTokenNotJwt"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: {0}."
+        /// </summary>
+        internal static string OIDCH_0011_UnableToValidateToken
+        {
+            get { return ResourceManager.GetString("OIDCH_0011_UnableToValidateToken"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0012: securityTokenValidatedNotification.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse
+        {
+            get { return ResourceManager.GetString("OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0013: securityTokenValidatedNotification.Skipped
+        /// </summary>
+        internal static string OIDCH_0013_SecurityTokenValidatedNotificationSkipped
+        {
+            get { return ResourceManager.GetString("OIDCH_0013_SecurityTokenValidatedNotificationSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0014: 'code' received: '{0}'
+        /// </summary>
+        internal static string OIDCH_0014_CodeReceived
+        {
+            get { return ResourceManager.GetString("OIDCH_0014_CodeReceived"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0015: codeReceivedNotification.HandledResponse")
+        /// </summary>
+        internal static string OIDCH_0015_CodeReceivedNotificationHandledResponse
+        {
+            get { return ResourceManager.GetString("OIDCH_0015_CodeReceivedNotificationHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0016: codeReceivedNotification.Skipped
+        /// </summary>
+        internal static string OIDCH_0016_CodeReceivedNotificationSkipped
+        {
+            get { return ResourceManager.GetString("OIDCH_0016_CodeReceivedNotificationSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0017: Exception occurred while processing message
+        /// </summary>
+        internal static string OIDCH_0017_ExceptionOccurredWhileProcessingMessage
+        {
+            get { return ResourceManager.GetString("OIDCH_0017_ExceptionOccurredWhileProcessingMessage"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0018: authenticationFailedNotification.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0018_AuthenticationFailedNotificationHandledResponse
+        {
+            get { return ResourceManager.GetString("OIDCH_0018_AuthenticationFailedNotificationHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0019: authenticationFailedNotification.Skipped
+        /// </summary>
+        internal static string OIDCH_0019_AuthenticationFailedNotificationSkipped
+        {
+            get { return ResourceManager.GetString("OIDCH_0019_AuthenticationFailedNotificationSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0020: 'id_token' received: '{0}'
+        /// </summary>
+        internal static string OIDCH_0020_IdTokenReceived
+        {
+            get { return ResourceManager.GetString("OIDCH_0020_IdTokenReceived"); }
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index 7abad90eb0..454dae209b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -117,16 +117,109 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <data name="ArgsException_BackchallelLessThanZero" xml:space="preserve">
-    <value>BackchannelTimeout cannot be less or equal to TimeSpan.Zero.</value>
+  <data name="OIDCH_0101_BackChallnelLessThanZero" xml:space="preserve">
+    <value>OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.</value>
   </data>
-  <data name="Exception_OpenIdConnectMessageError" xml:space="preserve">
-    <value>"OpenIdConnectMessage.Error was not null, indicating an error. Error: '{0}'. Error_Description (may be empty): '{1}'. Error_Uri (may be empty): '{2}'."</value>
+  <data name="OIDCH_0102_Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>OIDCH_0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
   </data>
-  <data name="Exception_RedirectUri_LogoutQueryString_IsNotWellFormed" xml:space="preserve">
-    <value>OIDC_20001: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.</value>
+  <data name="OIDCH_0051_RedirectUriLogoutIsNotWellFormed" xml:space="preserve">
+    <value>OIDC_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.</value>
   </data>
-  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
-    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  <data name="OIDCH_0026_ApplyResponseChallengeAsync" xml:space="preserve">
+    <value>OIDCH_0026: Entering: '{0}'</value>
   </data>
-</root>
\ No newline at end of file
+  <data name="OIDCH_0027_401_ConvertedTo_403" xml:space="preserve">
+    <value>OIDCH_0027: converted 401 to 403.</value>
+  </data>
+  <data name="OIDCH_0028_StatusCodeNot401" xml:space="preserve">
+    <value>OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0029_ChallengContextEqualsNull" xml:space="preserve">
+    <value>OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication</value>
+  </data>
+  <data name="OIDCH_0030_Using_Properties_RedirectUri" xml:space="preserve">
+    <value>OIDCH_0030: using properties.RedirectUri for 'local redirect' post authentication: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0031_Using_Options_RedirectUri" xml:space="preserve">
+    <value>OIDCH_0031: using Options.RedirectUri for 'redirect_uri': '{0}'.</value>
+  </data>
+  <data name="OIDCH_0032_UsingCurrentUriRedirectUri" xml:space="preserve">
+    <value>OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0033_TryAddNonceFailed" xml:space="preserve">
+    <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. Options.NonceCache.TryAddNonce returned false. This usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0034: redirectToIdentityProviderNotification.HandledResponse</value>
+  </data>
+  <data name="OIDCH_0035_RedirectToIdentityProviderNotificationSkipped" xml:space="preserve">
+    <value>OIDCH_0035: redirectToIdentityProviderNotification.Skipped</value>
+  </data>
+  <data name="OIDCH_0036_UriIsNotWellFormed" xml:space="preserve">
+    <value>OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"))</value>
+  </data>
+  <data name="OIDCH_0000_AuthenticateCoreAsync" xml:space="preserve">
+    <value>OIDCH_0000: Entering: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0001_MessageReceived" xml:space="preserve">
+    <value>OIDCH_0001: MessageReceived: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0002_MessageReceivedNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0002: messageReceivedNotification.HandledResponse</value>
+  </data>
+  <data name="OIDCH_0003_MessageReceivedNotificationSkipped" xml:space="preserve">
+    <value>OIDCH_0003: messageReceivedNotification.Skipped</value>
+  </data>
+  <data name="OIDCH_0004_MessageStateIsNullOrWhiteSpace" xml:space="preserve">
+    <value>OIDCH_0004:  OpenIdConnectAuthenticationHandler: message.State is null or whitespace. State is required to process the message.</value>
+  </data>
+  <data name="OIDCH_0005_MessageStateIsInValid" xml:space="preserve">
+    <value>OIDCH_0005: unable to unprotect the message.State</value>
+  </data>
+  <data name="OIDCH_0006_MessageErrorNotNull" xml:space="preserve">
+    <value>OIDCH_0006_MessageErrorNotNull: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0007_UpdatingConfiguration" xml:space="preserve">
+    <value>OIDCH_0007: updating configuration</value>
+  </data>
+  <data name="OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0008: securityTokenReceivedNotification.HandledResponse</value>
+  </data>
+  <data name="OIDCH_0009_SecurityTokenReceivedNotificationSkipped:" xml:space="preserve">
+    <value>OIDCH_0009: securityTokenReceivedNotification.Skipped</value>
+  </data>
+  <data name="OIDCH_0010_ValidatedSecurityTokenNotJwt" xml:space="preserve">
+    <value>OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0011_UnableToValidateToken" xml:space="preserve">
+    <value>OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: {0}."</value>
+  </data>
+  <data name="OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0012: securityTokenValidatedNotification.HandledResponse</value>
+  </data>
+  <data name="OIDCH_0013_SecurityTokenValidatedNotificationSkipped" xml:space="preserve">
+    <value>OIDCH_0013: securityTokenValidatedNotification.Skipped</value>
+  </data>
+  <data name="OIDCH_0014_CodeReceived" xml:space="preserve">
+    <value>OIDCH_0014: 'code' received: '{0}'</value>
+  </data>
+  <data name="OIDCH_0015_CodeReceivedNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0015: codeReceivedNotification.HandledResponse</value>
+  </data>
+  <data name="OIDCH_0016_CodeReceivedNotificationSkipped" xml:space="preserve">
+    <value>OIDCH_0016: codeReceivedNotification.Skipped</value>
+  </data>
+  <data name="OIDCH_0017: Exception occurred while processing message" xml:space="preserve">
+    <value>OIDCH_0017: Exception occurred while processing message</value>
+  </data>
+  <data name="OIDCH_0018_AuthenticationFailedNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0018: authenticationFailedNotification.HandledResponse</value>
+  </data>
+  <data name="OIDCH_0019_AuthenticationNotificationFailedSkipped" xml:space="preserve">
+    <value>OIDCH_0019: authenticationFailedNotification.Skipped</value>
+  </data>
+  <data name="OIDCH_0020_IdTokenReceived" xml:space="preserve">
+    <value>OIDCH_0020: 'id_token' received: '{0}'</value>
+  </data>
+</root>
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
new file mode 100644
index 0000000000..5817615f2b
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -0,0 +1,768 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+// this controls if the logs are written to the console.
+// they can be reviewed for general content.
+//#define _Verbose
+
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.Notifications;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.IdentityModel.Protocols;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    /// <summary>
+    /// These tests are designed to test OpenIdConnectAuthenticationHandler.
+    /// </summary>
+    public class OpenIdConnectHandlerTests
+    {
+        static List<LogEntry> CompleteLogEntries;
+        static Dictionary<string, LogLevel> LogEntries;
+
+        static OpenIdConnectHandlerTests()
+        {
+            LogEntries =
+                new Dictionary<string, LogLevel>()
+                {
+                    { "OIDCH_0000:", LogLevel.Debug },
+                    { "OIDCH_0001:", LogLevel.Debug },
+                    { "OIDCH_0002:", LogLevel.Information },
+                    { "OIDCH_0003:", LogLevel.Information },
+                    { "OIDCH_0004:", LogLevel.Error },
+                    { "OIDCH_0005:", LogLevel.Error },
+                    { "OIDCH_0006:", LogLevel.Error },
+                    { "OIDCH_0007:", LogLevel.Error },
+                    { "OIDCH_0008:", LogLevel.Debug },
+                    { "OIDCH_0009:", LogLevel.Debug },
+                    { "OIDCH_0010:", LogLevel.Error },
+                    { "OIDCH_0011:", LogLevel.Error },
+                    { "OIDCH_0012:", LogLevel.Debug },
+                    { "OIDCH_0013:", LogLevel.Debug },
+                    { "OIDCH_0014:", LogLevel.Debug },
+                    { "OIDCH_0015:", LogLevel.Debug },
+                    { "OIDCH_0016:", LogLevel.Debug },
+                    { "OIDCH_0017:", LogLevel.Error },
+                    { "OIDCH_0018:", LogLevel.Debug },
+                    { "OIDCH_0019:", LogLevel.Debug },
+                    { "OIDCH_0020:", LogLevel.Debug },
+                    { "OIDCH_0026:", LogLevel.Error },
+                };
+
+            BuildLogEntryList();
+        }
+
+        /// <summary>
+        /// Builds the complete list of log entries that are available in the runtime.
+        /// </summary>
+        private static void BuildLogEntryList()
+        {
+            CompleteLogEntries = new List<LogEntry>();
+            foreach (var entry in LogEntries)
+            {
+                CompleteLogEntries.Add(new LogEntry { State = entry.Key, Level = entry.Value });
+            }
+        }
+
+        /// <summary>
+        /// Sanity check that logging is filtering, hi / low water marks are checked
+        /// </summary>
+        [Fact]
+        public void LoggingLevel()
+        {
+            var logger = new CustomLogger(LogLevel.Debug);
+            logger.IsEnabled(LogLevel.Critical).ShouldBe<bool>(true);
+            logger.IsEnabled(LogLevel.Debug).ShouldBe<bool>(true);
+            logger.IsEnabled(LogLevel.Error).ShouldBe<bool>(true);
+            logger.IsEnabled(LogLevel.Information).ShouldBe<bool>(true);
+            logger.IsEnabled(LogLevel.Verbose).ShouldBe<bool>(true);
+            logger.IsEnabled(LogLevel.Warning).ShouldBe<bool>(true);
+
+            logger = new CustomLogger(LogLevel.Critical);
+            logger.IsEnabled(LogLevel.Critical).ShouldBe<bool>(true);
+            logger.IsEnabled(LogLevel.Debug).ShouldBe<bool>(false);
+            logger.IsEnabled(LogLevel.Error).ShouldBe<bool>(false);
+            logger.IsEnabled(LogLevel.Information).ShouldBe<bool>(false);
+            logger.IsEnabled(LogLevel.Verbose).ShouldBe<bool>(false);
+            logger.IsEnabled(LogLevel.Warning).ShouldBe<bool>(false);
+        }
+
+        /// <summary>
+        /// Test <see cref="OpenIdConnectAuthenticationHandler.AuthenticateCoreAsync"/> produces expected logs.
+        /// Each call to 'RunVariation' is configured with an <see cref="OpenIdConnectAuthenticationOptions"/> and <see cref="OpenIdConnectMessage"/>.
+        /// The list of expected log entries is checked and any errors reported.
+        /// <see cref="CustomLoggerFactory"/> captures the logs so they can be prepared.
+        /// </summary>
+        /// <returns></returns>
+        [Fact]
+        public async Task AuthenticateCore()
+        {
+            //System.Diagnostics.Debugger.Launch();
+
+            var propertiesFormatter = new AuthenticationPropertiesFormater();
+            var protectedProperties = propertiesFormatter.Protect(new AuthenticationProperties());
+            var state = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(protectedProperties);
+            var code = Guid.NewGuid().ToString();
+            var message =
+                new OpenIdConnectMessage
+                {
+                    Code = code,
+                    State = state,
+                };
+
+            var errors = new Dictionary<string, List<Tuple<LogEntry, LogEntry>>>();
+
+            var logsEntriesExpected = new int[] { 0, 1, 7, 14, 15 };
+            await RunVariation(LogLevel.Debug, message, CodeReceivedHandledOptions, errors, logsEntriesExpected);
+
+            logsEntriesExpected = new int[] { 0, 1, 7, 14, 16 };
+            await RunVariation(LogLevel.Debug, message, CodeReceivedSkippedOptions, errors, logsEntriesExpected);
+
+            logsEntriesExpected = new int[] { 0, 1, 7, 14 };
+            await RunVariation(LogLevel.Debug, message, DefaultOptions, errors, logsEntriesExpected);
+
+            // each message below should return before processing the idtoken
+            message.IdToken = "invalid_token";
+
+            logsEntriesExpected = new int[] { 0, 1, 2 };
+            await RunVariation(LogLevel.Debug, message, MessageReceivedHandledOptions, errors, logsEntriesExpected);
+
+            logsEntriesExpected = new int[]{ 2 };
+            await RunVariation(LogLevel.Information, message, MessageReceivedHandledOptions, errors, logsEntriesExpected);
+
+            logsEntriesExpected = new int[] { 0, 1, 3 };
+            await RunVariation(LogLevel.Debug, message, MessageReceivedSkippedOptions, errors, logsEntriesExpected);
+
+            logsEntriesExpected = new int[] { 3 };
+            await RunVariation(LogLevel.Information, message, MessageReceivedSkippedOptions, errors, logsEntriesExpected);
+
+            logsEntriesExpected = new int[] {0, 1, 7, 20, 8 };
+            await RunVariation(LogLevel.Debug, message, SecurityTokenReceivedHandledOptions, errors, logsEntriesExpected);
+
+            logsEntriesExpected = new int[] {0, 1, 7, 20, 9 };
+            await RunVariation(LogLevel.Debug, message, SecurityTokenReceivedSkippedOptions, errors, logsEntriesExpected);
+
+#if _Verbose
+            Console.WriteLine("\n ===== \n");
+            DisplayErrors(errors);
+#endif
+            errors.Count.ShouldBe(0);
+        }
+
+        /// <summary>
+        /// Tests that <see cref="OpenIdConnectAuthenticationHandler"/> processes a messaage as expected.
+        /// The test runs two independant paths: Using <see cref="ConfigureOptions{TOptions}"/> and <see cref="IOptions{TOptions}"/>
+        /// </summary>
+        /// <param name="logLevel"><see cref="LogLevel"/> for this variation</param>
+        /// <param name="message">the <see cref="OpenIdConnectMessage"/> that has arrived</param>
+        /// <param name="action">the <see cref="OpenIdConnectAuthenticationOptions"/> delegate used for setting the options.</param>
+        /// <param name="errors">container for propogation of errors.</param>
+        /// <param name="logsEntriesExpected">the expected log entries</param>
+        /// <returns>a Task</returns>
+        private async Task RunVariation(LogLevel logLevel, OpenIdConnectMessage message, Action<OpenIdConnectAuthenticationOptions> action, Dictionary<string, List<Tuple<LogEntry, LogEntry>>> errors, int[] logsEntriesExpected)
+        {
+            var expectedLogs = PopulateLogEntries(logsEntriesExpected);
+            string variation = action.Method.ToString().Substring(5, action.Method.ToString().IndexOf('(') - 5);
+#if _Verbose
+            Console.WriteLine(Environment.NewLine + "=====" + Environment.NewLine + "Variation: " + variation + ", LogLevel: " + logLevel.ToString() + Environment.NewLine + Environment.NewLine + "Expected Logs: ");
+            DisplayLogs(expectedLogs);
+            Console.WriteLine(Environment.NewLine + "Logs using ConfigureOptions:");
+#endif
+            var form = new FormUrlEncodedContent(message.Parameters);
+            var loggerFactory = new CustomLoggerFactory(logLevel);
+            var server = CreateServer(new CustomConfigureOptions(action), loggerFactory);
+            await server.CreateClient().PostAsync("http://localhost", form);
+            CheckLogs(variation + ":ConfigOptions", loggerFactory.Logger.Logs, expectedLogs, errors);
+
+#if _Verbose
+            Console.WriteLine(Environment.NewLine + "Logs using IOptions:");
+#endif
+            form = new FormUrlEncodedContent(message.Parameters);
+            loggerFactory = new CustomLoggerFactory(logLevel);
+            server = CreateServer(new Options(action), loggerFactory);
+            await server.CreateClient().PostAsync("http://localhost", form);
+            CheckLogs(variation + ":IOptions", loggerFactory.Logger.Logs, expectedLogs, errors);
+        }
+
+        /// <summary>
+        /// Populates a list of expected log entries for a test variation.
+        /// </summary>
+        /// <param name="items">the index for the <see cref="LogEntry"/> in CompleteLogEntries of interest.</param>
+        /// <returns>a <see cref="List{LogEntry}"/> that represents the expected entries for a test variation.</returns>
+        private List<LogEntry> PopulateLogEntries(int[] items)
+        {
+            var entries = new List<LogEntry>();
+            foreach(var item in items)
+            {
+                entries.Add(CompleteLogEntries[item]);
+            }
+
+            return entries;
+        }
+
+        private void DisplayLogs(List<LogEntry> logs)
+        {
+            foreach (var logentry in logs)
+            {
+                Console.WriteLine(logentry.ToString());
+            }
+        }
+
+        private void DisplayErrors(Dictionary<string, List<Tuple<LogEntry, LogEntry>>> errors)
+        {
+            if (errors.Count > 0)
+            {
+                foreach (var error in errors)
+                {
+                    Console.WriteLine("Error in Variation: " + error.Key);
+                    foreach (var logError in error.Value)
+                    {
+                        Console.WriteLine("*Captured*, *Expected* : *" + (logError.Item1?.ToString() ?? "null") + "*, *" + (logError.Item2?.ToString() ?? "null") + "*");
+                    }
+                    Console.WriteLine(Environment.NewLine);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Adds to errors if a variation if any are found.
+        /// </summary>
+        /// <param name="variation">if this has been seen before, errors will be appended, test results are easier to understand if this is unique.</param>
+        /// <param name="capturedLogs">these are the logs the runtime generated</param>
+        /// <param name="expectedLogs">these are the errors that were expected</param>
+        /// <param name="errors">the dictionary to record any errors</param>
+        private void CheckLogs(string variation, List<LogEntry> capturedLogs, List<LogEntry> expectedLogs, Dictionary<string, List<Tuple<LogEntry, LogEntry>>> errors)
+        {
+            var localErrors = new List<Tuple<LogEntry, LogEntry>>();
+
+            if (capturedLogs.Count >= expectedLogs.Count)
+            {
+                for (int i = 0; i < capturedLogs.Count; i++)
+                {
+                    if (i + 1 > expectedLogs.Count)
+                    {
+                        localErrors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], null));
+                    }
+                    else
+                    {
+                        if (!TestUtilities.AreEqual<LogEntry>(capturedLogs[i], expectedLogs[i]))
+                        {
+                            localErrors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
+                        }
+                    }
+                }
+            }
+            else
+            {
+                for (int i = 0; i < expectedLogs.Count; i++)
+                {
+                    if (i + 1 > capturedLogs.Count)
+                    {
+                        localErrors.Add(new Tuple<LogEntry, LogEntry>(null, expectedLogs[i]));
+                    }
+                    else
+                    {
+                        if (!TestUtilities.AreEqual<LogEntry>(expectedLogs[i], capturedLogs[i]))
+                        {
+                            localErrors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
+                        }
+                    }
+                }
+            }
+
+            if (localErrors.Count != 0)
+            {
+                if (errors.ContainsKey(variation))
+                {
+                    foreach (var error in localErrors)
+                    {
+                        errors[variation].Add(error);
+                    }
+                }
+                else
+                {
+                    errors[variation] = localErrors;
+                }
+            }
+        }
+
+        #region Configure Options
+
+        private static void CodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    AuthorizationCodeReceived = (notification) =>
+                    {
+                        notification.HandleResponse();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void CodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    AuthorizationCodeReceived = (notification) =>
+                    {
+                        notification.SkipToNextMiddleware();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void DefaultOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
+            options.ConfigurationManager = ConfigurationManager.DefaultStaticConfigurationManager;
+            options.StateDataFormat = new AuthenticationPropertiesFormater();
+        }
+
+        private static void MessageReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    MessageReceived = (notification) =>
+                    {
+                        notification.HandleResponse();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    MessageReceived = (notification) =>
+                    {
+                        notification.SkipToNextMiddleware();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    SecurityTokenReceived = (notification) =>
+                    {
+                        notification.HandleResponse();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void SecurityTokenReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    SecurityTokenReceived = (notification) =>
+                    {
+                        notification.SkipToNextMiddleware();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void SecurityTokenValidatedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    SecurityTokenValidated = (notification) =>
+                    {
+                        notification.HandleResponse();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    SecurityTokenValidated = (notification) =>
+                    {
+                        notification.SkipToNextMiddleware();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        #endregion
+
+        private static TestServer CreateServer(IOptions<OpenIdConnectAuthenticationOptions> options, ILoggerFactory loggerFactory)
+        {
+            return TestServer.Create(
+                app =>
+                {
+                    app.UseCustomOpenIdConnectAuthentication(options, loggerFactory);
+                    app.Use(async (context, next) =>
+                    {
+                        await next();
+                    });
+                },
+                services =>
+                {
+                    services.AddDataProtection();
+                }
+            );
+        }
+
+        private static TestServer CreateServer(CustomConfigureOptions configureOptions, ILoggerFactory loggerFactory)
+        {
+            return TestServer.Create(
+                app =>
+                {
+                    app.UseCustomOpenIdConnectAuthentication(configureOptions, loggerFactory);
+                    app.Use(async (context, next) =>
+                    {
+                        await next();
+                    });
+                },
+                services =>
+                {
+                    services.AddDataProtection();
+                }
+            );
+        }
+    }
+
+    /// <summary>
+    /// Extension specifies <see cref="CustomOpenIdConnectAuthenticationMiddleware"/> as the middleware.
+    /// </summary>
+    public static class OpenIdConnectAuthenticationExtensions
+    {
+        /// <summary>
+        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
+        /// </summary>
+        /// <param name="app">The application builder</param>
+        /// <param name="customConfigureOption">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
+        /// <param name="loggerFactory">custom loggerFactory</param>
+        /// <returns>The application builder</returns>
+        public static IApplicationBuilder UseCustomOpenIdConnectAuthentication(this IApplicationBuilder app, CustomConfigureOptions customConfigureOption, ILoggerFactory loggerFactory)
+        {
+            return app.UseMiddleware<CustomOpenIdConnectAuthenticationMiddleware>(customConfigureOption, loggerFactory);
+        }
+
+        /// <summary>
+        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
+        /// </summary>
+        /// <param name="app">The application builder</param>
+        /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
+        /// <param name="loggerFactory">custom loggerFactory</param>
+        /// <returns>The application builder</returns>
+        public static IApplicationBuilder UseCustomOpenIdConnectAuthentication(this IApplicationBuilder app, IOptions<OpenIdConnectAuthenticationOptions> options, ILoggerFactory loggerFactory)
+        {
+            return app.UseMiddleware<CustomOpenIdConnectAuthenticationMiddleware>(options, loggerFactory);
+        }
+    }
+
+    public class OpenIdConnectAuthenticationContext : IAuthenticateContext
+    {
+        public OpenIdConnectAuthenticationContext(string scheme = null)
+        {
+            AuthenticationScheme = scheme ?? OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
+        }
+
+        public string AuthenticationScheme
+        {
+            get;
+            set;
+        }
+
+        public void Authenticated(ClaimsPrincipal principal, IDictionary<string, string> properties, IDictionary<string, object> description)
+        {
+        }
+
+        public void NotAuthenticated()
+        {
+        }
+    }
+
+    /// <summary>
+    /// Provides a Facade over IOptions
+    /// </summary>
+    public class Options : IOptions<OpenIdConnectAuthenticationOptions>
+    {
+        OpenIdConnectAuthenticationOptions _options;
+
+        public Options(Action<OpenIdConnectAuthenticationOptions> action)
+        {
+            _options = new OpenIdConnectAuthenticationOptions();
+            action(_options);
+        }
+
+        OpenIdConnectAuthenticationOptions IOptions<OpenIdConnectAuthenticationOptions>.Options
+        {
+            get
+            {
+                return _options;
+            }
+        }
+
+        /// <summary>
+        /// For now returns _options
+        /// </summary>
+        /// <param name="name">configuration to return</param>
+        /// <returns></returns>
+        public OpenIdConnectAuthenticationOptions GetNamedOptions(string name)
+        {
+            return _options;
+        }
+    }
+
+    public class CustomConfigureOptions : ConfigureOptions<OpenIdConnectAuthenticationOptions>
+    {
+        public CustomConfigureOptions(Action<OpenIdConnectAuthenticationOptions> action)
+            : base(action)
+        {
+        }
+
+        public override void Configure(OpenIdConnectAuthenticationOptions options, string name = "")
+        {
+            base.Configure(options, name);
+            return;
+        }
+    }
+
+    /// <summary>
+    /// Used to control which methods are handled
+    /// </summary>
+    public class CustomOpenIdConnectAuthenticationHandler : OpenIdConnectAuthenticationHandler
+    {
+        public CustomOpenIdConnectAuthenticationHandler(ILogger logger)
+            : base(logger)
+        {
+        }
+
+        public async Task BaseInitializeAsyncPublic(AuthenticationOptions options, HttpContext context)
+        {
+            await base.BaseInitializeAsync(options, context);
+        }
+
+        public override bool ShouldHandleScheme(string authenticationScheme)
+        {
+            return true;
+        }
+
+        public override void Challenge(IChallengeContext context)
+        {
+        }
+
+        protected override void ApplyResponseChallenge()
+        {
+        }
+
+        protected override async Task ApplyResponseChallengeAsync()
+        {
+            var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            {
+            };
+
+            await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
+        }
+    }
+
+    /// <summary>
+    /// Used to set <see cref="CustomOpenIdConnectAuthenticationHandler"/> as the AuthenticationHandler
+    /// which can be configured to handle certain messages.
+    /// </summary>
+    public class CustomOpenIdConnectAuthenticationMiddleware : OpenIdConnectAuthenticationMiddleware
+    {
+        public CustomOpenIdConnectAuthenticationMiddleware(
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<OpenIdConnectAuthenticationOptions> options,
+            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null
+            )
+        : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+        {
+            Logger = (loggerFactory as CustomLoggerFactory).Logger;
+        }
+
+        protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
+        {
+            return new CustomOpenIdConnectAuthenticationHandler(Logger);
+        }
+
+        public ILogger Logger
+        {
+            get;
+            set;
+        }
+    }
+
+    public class LogEntry
+    {
+        public LogEntry() { }
+
+        public int EventId { get; set; }
+
+        public Exception Exception { get; set; }
+
+        public Func<object, Exception, string> Formatter { get; set; }
+
+        public LogLevel Level { get; set; }
+
+        public object State { get; set; }
+
+        public override string ToString()
+        {
+            if (Formatter != null)
+            {
+                return Formatter(this.State, this.Exception);
+            }
+            else
+            {
+                string message = (Formatter != null ? Formatter(State, Exception) : (State?.ToString() ?? "null"));
+                message += ", LogLevel: " + Level.ToString();
+                message += ", EventId: " + EventId.ToString();
+                message += ", Exception: " + (Exception == null ? "null" : Exception.Message);
+                return message;
+            }
+        }
+    }
+    
+    public class CustomLogger : ILogger, IDisposable
+    {
+        LogLevel _logLevel = 0;
+
+        public CustomLogger(LogLevel logLevel = LogLevel.Debug)
+        {
+            _logLevel = logLevel;
+        }
+
+        List<LogEntry> logEntries = new List<LogEntry>();
+
+        public IDisposable BeginScopeImpl(object state)
+        {
+            return this;
+        }
+
+        public void Dispose()
+        {
+        }
+
+        public bool IsEnabled(LogLevel logLevel)
+        {
+            return (logLevel >= _logLevel);
+        }
+
+       public void Log(LogLevel logLevel, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
+        {
+            if (IsEnabled(logLevel))
+            {
+                logEntries.Add(
+                    new LogEntry
+                    {
+                        EventId = eventId,
+                        Exception = exception,
+                        Formatter = formatter,
+                        Level = logLevel,
+                        State = state,
+                    });
+
+#if _Verbose
+                Console.WriteLine(state?.ToString() ?? "state null");
+#endif
+            }
+        }
+
+        public List<LogEntry> Logs { get { return logEntries; } }
+    }
+
+    public class CustomLoggerFactory : ILoggerFactory
+    {
+        CustomLogger _logger;
+        LogLevel _logLevel = LogLevel.Debug;
+
+        public CustomLoggerFactory(LogLevel logLevel)
+        {
+            _logLevel = logLevel;
+            _logger = new CustomLogger(_logLevel);
+        }
+
+        public LogLevel MinimumLevel
+        {
+            get { return _logLevel; }
+            set {_logLevel = value; }
+        }
+
+        public void AddProvider(ILoggerProvider provider)
+        {
+        }
+
+        public ILogger CreateLogger(string categoryName)
+        {
+            return _logger;
+        }
+
+        public CustomLogger Logger {  get { return _logger; } }
+    }
+
+    /// <summary>
+    /// Processing a <see cref="OpenIdConnectMessage"/> requires 'unprotecting' the state.
+    /// This class side-steps that process.
+    /// </summary>
+    public class AuthenticationPropertiesFormater : ISecureDataFormat<AuthenticationProperties>
+    {
+        public string Protect(AuthenticationProperties data)
+        {
+            return "protectedData";
+        }
+
+        AuthenticationProperties ISecureDataFormat<AuthenticationProperties>.Unprotect(string protectedText)
+        { 
+            return new AuthenticationProperties();
+        }
+    }
+
+    /// <summary>
+    /// Used to set up different configurations of metadata for different tests
+    /// </summary>
+    public class ConfigurationManager
+    {
+        /// <summary>
+        /// Simple static empty manager.
+        /// </summary>
+        static public IConfigurationManager<OpenIdConnectConfiguration> DefaultStaticConfigurationManager
+        {
+           get { return new StaticConfigurationManager<OpenIdConnectConfiguration>(new OpenIdConnectConfiguration()); }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
new file mode 100644
index 0000000000..abb5b85383
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -0,0 +1,109 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.IdentityModel.Protocols;
+using System;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    /// <summary>
+    /// These utilities are designed to test openidconnect related flows
+    /// </summary>
+    public class TestUtilities
+    {
+        public static bool AreEqual<T>(object obj1, object obj2, Func<object, object, bool> comparer = null) where T : class
+        {
+            if (obj1 == null && obj2 == null)
+            {
+                return true;
+            }
+
+            if (obj1 == null || obj2 == null)
+            {
+                return false;
+            }
+
+            if (obj1.GetType() != obj2.GetType())
+            {
+                return false;
+            }
+
+            if (obj1.GetType() != typeof(T))
+            {
+                return false;
+            }
+
+            if (comparer != null)
+            {
+                return comparer(obj1, obj2);
+            }
+
+            if (typeof(T) == typeof(LogEntry))
+            {
+                return AreEqual(obj1 as LogEntry, obj2 as LogEntry);
+            }
+            else if (typeof(T) == typeof(Exception))
+            {
+                return AreEqual(obj1 as Exception, obj2 as Exception);
+            }
+
+            throw new ArithmeticException("Unknown type, no comparer. Type: " + typeof(T).ToString());
+
+        }
+
+        /// <summary>
+        /// Never call this method directly, call AreObjectsEqual, as it deals with nulls and types"/>
+        /// </summary>
+        /// <param name="logEntry1"></param>
+        /// <param name="logEntry2"></param>
+        /// <returns></returns>
+        private static bool AreEqual(LogEntry logEntry1, LogEntry logEntry2)
+        {
+            if (logEntry1.EventId != logEntry2.EventId)
+            {
+                return false;
+            }
+
+            if (!AreEqual<Exception>(logEntry1.Exception, logEntry2.Exception))
+            {
+                return false;
+            }
+
+            if (logEntry1.State == null && logEntry2.State == null)
+            {
+                return true;
+            }
+
+            if (logEntry1.State == null)
+            {
+                return false;
+            }
+
+            if (logEntry2.State == null)
+            {
+                return false;
+            }
+
+            string logValue1 = logEntry1.Formatter == null ? logEntry1.State.ToString() : logEntry1.Formatter(logEntry1.State, logEntry1.Exception);
+            string logValue2 = logEntry2.Formatter == null ? logEntry2.State.ToString() : logEntry2.Formatter(logEntry2.State, logEntry2.Exception);
+
+            return (logValue1.StartsWith(logValue2) || (logValue2.StartsWith(logValue1)));
+        }
+
+        /// <summary>
+        /// Never call this method directly, call AreObjectsEqual, as it deals with nulls and types"/>
+        /// </summary>
+        /// <param name="exception1"></param>
+        /// <param name="exception2"></param>
+        /// <returns></returns>
+        private static bool AreEqual(Exception exception1, Exception exception2)
+        {
+            if (!string.Equals(exception1.Message, exception2.Message))
+            {
+                return false;
+            }
+
+            return AreEqual<Exception>(exception1.InnerException, exception2.InnerException);
+        }
+    }
+}

From a3b2d2c3ebdfa3dff3baed88d4600b4e61fd6879 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Thu, 16 Apr 2015 15:58:45 -0700
Subject: [PATCH 212/900] Handle Http.Core rename.

---
 .../FacebookAuthenticationHandler.cs                            | 2 +-
 .../TwitterAuthenticationHandler.cs                             | 2 +-
 .../AuthenticationServiceCollectionExtensions.cs                | 1 -
 .../ClaimsTransformationAuthenticationHandler.cs                | 1 -
 src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs    | 1 -
 src/Microsoft.AspNet.Authentication/project.json                | 2 +-
 .../AuthenticationHandlerFacts.cs                               | 2 +-
 .../Cookies/Infrastructure/CookieChunkingTests.cs               | 1 -
 .../Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs | 1 -
 9 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index 5f2d5b886a..d16c796eda 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -9,7 +9,7 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Core.Collections;
+using Microsoft.AspNet.Http.Collections;
 using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.OAuth;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 6f2aade300..dc0d7fc8d7 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -10,7 +10,7 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Core.Collections;
+using Microsoft.AspNet.Http.Collections;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.Twitter.Messages;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index 55b82acab6..43c0a7426b 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -5,7 +5,6 @@ using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Http.Core.Authentication;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
index bee68e7d7c..ae1599ee03 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
@@ -5,7 +5,6 @@ using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Core.Authentication;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
index e378934cbc..65f7bcc101 100644
--- a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Core.Authentication;
 using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 83840f36cb..8367af5f0d 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -3,8 +3,8 @@
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
-        "Microsoft.AspNet.Http.Core": "1.0.0-*",
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index a8ec25fe06..ba23fea2ba 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Http.Core;
+using Microsoft.AspNet.Http;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index c4014ad77e..20ee0a735f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Core;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
index 3d75bd0a12..1b47c81f87 100644
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
@@ -6,7 +6,6 @@ using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Core;
 using Microsoft.AspNet.Authentication;
 using Shouldly;
 using Xunit;

From 99f3aa197f899102f5aef50368831748370643b1 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 13 Apr 2015 15:56:14 -0700
Subject: [PATCH 213/900] #118 - Use common cookie header formatters.

---
 samples/CookieSample/Startup.cs               |  1 +
 samples/CookieSessionSample/Startup.cs        |  1 +
 samples/OpenIdConnectSample/Startup.cs        |  1 +
 samples/SocialSample/Startup.cs               |  1 +
 .../CookieAuthenticationMiddleware.cs         |  4 +-
 .../CookieServiceCollectionExtensions.cs      |  2 +
 .../Infrastructure/ChunkingCookieManager.cs   | 65 +++++++++----------
 .../project.json                              |  1 +
 .../Cookies/CookieMiddlewareTests.cs          |  1 +
 .../Infrastructure/CookieChunkingTests.cs     | 32 ++++-----
 .../Facebook/FacebookMiddlewareTests.cs       |  2 +
 .../Google/GoogleMiddlewareTests.cs           |  1 +
 .../MicrosoftAccountMiddlewareTests.cs        |  1 +
 .../OpenIdConnectHandlerTests.cs              |  2 +
 .../OpenIdConnectMiddlewareTests.cs           |  1 +
 .../Twitter/TwitterMiddlewareTests.cs         |  1 +
 16 files changed, 64 insertions(+), 53 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index d7c3e31282..df88589fb7 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -10,6 +10,7 @@ namespace CookieSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddWebEncoders();
             services.AddDataProtection();
         }
 
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index f93777758a..decbd181a3 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -11,6 +11,7 @@ namespace CookieSessionSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddWebEncoders();
             services.AddDataProtection();
         }
 
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index cb748b5d6d..c93eae671b 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -12,6 +12,7 @@ namespace OpenIdConnectSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddWebEncoders();
             services.AddDataProtection();
             services.Configure<ExternalAuthenticationOptions>(options =>
             {
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index ffc723126e..45c775cd13 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -18,6 +18,7 @@ namespace CookieSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddWebEncoders();
             services.AddDataProtection();
             services.Configure<ExternalAuthenticationOptions>(options =>
             {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 0b4afe1257..0d95f08e78 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -9,6 +9,7 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -20,6 +21,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder urlEncoder,
             [NotNull] IOptions<CookieAuthenticationOptions> options,
             ConfigureOptions<CookieAuthenticationOptions> configureOptions)
             : base(next, options, configureOptions)
@@ -40,7 +42,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             if (Options.CookieManager == null)
             {
-                Options.CookieManager = new ChunkingCookieManager();
+                Options.CookieManager = new ChunkingCookieManager(urlEncoder);
             }
 
             _logger = loggerFactory.CreateLogger(typeof(CookieAuthenticationMiddleware).FullName);
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index af6d4d3773..c0e188eca6 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -20,6 +20,7 @@ namespace Microsoft.Framework.DependencyInjection
 
         public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure, string optionsName)
         {
+            services.AddWebEncoders();
             return services.Configure(configure, optionsName);
         }
 
@@ -30,6 +31,7 @@ namespace Microsoft.Framework.DependencyInjection
 
         public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
         {
+            services.AddWebEncoders();
             return services.Configure<CookieAuthenticationOptions>(config, optionsName);
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
index 40008e47b8..30af0b43d3 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
@@ -7,6 +7,8 @@ using System.Globalization;
 using System.Linq;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
+using Microsoft.Framework.WebEncoders;
+using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 {
@@ -16,12 +18,13 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
     /// </summary>
     public class ChunkingCookieManager : ICookieManager
     {
-        public ChunkingCookieManager()
+        public ChunkingCookieManager(IUrlEncoder urlEncoder)
         {
             // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
             // See http://browsercookielimits.x64.me/.
             ChunkSize = 4090;
             ThrowForPartialCookies = true;
+            Encoder = urlEncoder ?? UrlEncoder.Default;
         }
 
         /// <summary>
@@ -38,6 +41,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         /// </summary>
         public bool ThrowForPartialCookies { get; set; }
 
+        private IUrlEncoder Encoder { get; set; }
+
         // Parse the "chunks:XX" to determine how many chunks there should be.
         private static int ParseChunksCount(string value)
         {
@@ -119,22 +124,18 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         /// <param name="options"></param>
         public void AppendResponseCookie([NotNull] HttpContext context, [NotNull] string key, string value, [NotNull] CookieOptions options)
         {
-            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
-            var pathHasValue = !string.IsNullOrEmpty(options.Path);
-            var expiresHasValue = options.Expires.HasValue;
+            var escapedKey = Encoder.UrlEncode(key);
 
-            var escapedKey = Uri.EscapeDataString(key);
-            var prefix = escapedKey + "=";
+            var template = new SetCookieHeaderValue(escapedKey)
+            {
+                Domain = options.Domain,
+                Expires = options.Expires,
+                HttpOnly = options.HttpOnly,
+                Path = options.Path,
+                Secure = options.Secure,
+            };
 
-            var suffix = string.Concat(
-                !domainHasValue ? null : "; domain=",
-                !domainHasValue ? null : options.Domain,
-                !pathHasValue ? null : "; path=",
-                !pathHasValue ? null : options.Path,
-                !expiresHasValue ? null : "; expires=",
-                !expiresHasValue ? null : options.Expires.Value.ToString("ddd, dd-MMM-yyyy HH:mm:ss ", CultureInfo.InvariantCulture) + "GMT",
-                !options.Secure ? null : "; secure",
-                !options.HttpOnly ? null : "; HttpOnly");
+            var templateLength = template.ToString().Length;
 
             value = value ?? string.Empty;
             var quoted = false;
@@ -143,19 +144,16 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 quoted = true;
                 value = RemoveQuotes(value);
             }
-            var escapedValue = Uri.EscapeDataString(value);
+            var escapedValue = Encoder.UrlEncode(value);
 
             // Normal cookie
             var responseHeaders = context.Response.Headers;
-            if (!ChunkSize.HasValue || ChunkSize.Value > prefix.Length + escapedValue.Length + suffix.Length + (quoted ? 2 : 0))
+            if (!ChunkSize.HasValue || ChunkSize.Value > templateLength + escapedValue.Length + (quoted ? 2 : 0))
             {
-                var setCookieValue = string.Concat(
-                    prefix,
-                    quoted ? Quote(escapedValue) : escapedValue,
-                    suffix);
-                responseHeaders.AppendValues(Constants.Headers.SetCookie, setCookieValue);
+                template.Value = quoted ? Quote(escapedValue) : escapedValue;
+                responseHeaders.AppendValues(Constants.Headers.SetCookie, template.ToString());
             }
-            else if (ChunkSize.Value < prefix.Length + suffix.Length + (quoted ? 2 : 0) + 10)
+            else if (ChunkSize.Value < templateLength + (quoted ? 2 : 0) + 10)
             {
                 // 10 is the minimum data we want to put in an individual cookie, including the cookie chunk identifier "CXX".
                 // No room for data, we can't chunk the options and name
@@ -169,10 +167,11 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 // Set-Cookie: CookieNameC1="Segment1"; path=/
                 // Set-Cookie: CookieNameC2="Segment2"; path=/
                 // Set-Cookie: CookieNameC3="Segment3"; path=/
-                var dataSizePerCookie = ChunkSize.Value - prefix.Length - suffix.Length - (quoted ? 2 : 0) - 3; // Budget 3 chars for the chunkid.
+                var dataSizePerCookie = ChunkSize.Value - templateLength - (quoted ? 2 : 0) - 3; // Budget 3 chars for the chunkid.
                 var cookieChunkCount = (int)Math.Ceiling(escapedValue.Length * 1.0 / dataSizePerCookie);
 
-                responseHeaders.AppendValues(Constants.Headers.SetCookie, prefix + "chunks:" + cookieChunkCount.ToString(CultureInfo.InvariantCulture) + suffix);
+                template.Value = "chunks:" + cookieChunkCount.ToString(CultureInfo.InvariantCulture);
+                responseHeaders.AppendValues(Constants.Headers.SetCookie, template.ToString());
 
                 var chunks = new string[cookieChunkCount];
                 var offset = 0;
@@ -183,15 +182,9 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                     var segment = escapedValue.Substring(offset, length);
                     offset += length;
 
-                    chunks[chunkId - 1] = string.Concat(
-                                            escapedKey,
-                                            "C",
-                                            chunkId.ToString(CultureInfo.InvariantCulture),
-                                            "=",
-                                            quoted ? "\"" : string.Empty,
-                                            segment,
-                                            quoted ? "\"" : string.Empty,
-                                            suffix);
+                    template.Name = escapedKey + "C" + chunkId.ToString(CultureInfo.InvariantCulture);
+                    template.Value = quoted ? Quote(segment) : segment;
+                    chunks[chunkId - 1] = template.ToString();
                 }
                 responseHeaders.AppendValues(Constants.Headers.SetCookie, chunks);
             }
@@ -206,7 +199,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         /// <param name="options"></param>
         public void DeleteCookie([NotNull] HttpContext context, [NotNull] string key, [NotNull] CookieOptions options)
         {
-            var escapedKey = Uri.EscapeDataString(key);
+            var escapedKey = Encoder.UrlEncode(key);
             var keys = new List<string>();
             keys.Add(escapedKey + "=");
 
@@ -260,7 +253,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
             for (int i = 1; i <= chunks; i++)
             {
                 AppendResponseCookie(
-                    context, 
+                    context,
                     key + "C" + i.ToString(CultureInfo.InvariantCulture),
                     string.Empty,
                     new CookieOptions()
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index c2377a44ff..7b42df350e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -4,6 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.WebEncoders": "1.0.0-*",
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 0a0e5a8da3..cd2483119f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -573,6 +573,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             },
             services =>
             {
+                services.AddWebEncoders();
                 services.AddDataProtection();
                 if (claimsTransform != null)
                 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 20ee0a735f..a8e437cd75 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
             HttpContext context = new DefaultHttpContext();
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-            new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            new ChunkingCookieManager(null) { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
             Assert.Equal(1, values.Count);
             Assert.Equal("TestCookie=" + testString + "; path=/", values[0]);
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
             HttpContext context = new DefaultHttpContext();
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-            new ChunkingCookieManager() { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            new ChunkingCookieManager(null) { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
             Assert.Equal(9, values.Count);
             Assert.Equal(new[]
@@ -51,7 +51,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
             HttpContext context = new DefaultHttpContext();
 
             string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
-            new ChunkingCookieManager() { ChunkSize = 32 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            new ChunkingCookieManager(null) { ChunkSize = 32 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
             Assert.Equal(9, values.Count);
             Assert.Equal(new[]
@@ -82,7 +82,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC6=JKLMNOPQR",
                 "TestCookieC7=STUVWXYZ");
 
-            string result = new ChunkingCookieManager().GetRequestCookie(context, "TestCookie");
+            string result = new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie");
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
             Assert.Equal(testString, result);
         }
@@ -101,7 +101,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC6=\"JKLMNOPQR\"",
                 "TestCookieC7=\"STUVWXYZ\"");
 
-            string result = new ChunkingCookieManager().GetRequestCookie(context, "TestCookie");
+            string result = new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie");
             string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
             Assert.Equal(testString, result);
         }
@@ -120,7 +120,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC6=JKLMNOPQR",
                 "TestCookieC7=STUVWXYZ");
 
-            Assert.Throws<FormatException>(() => new ChunkingCookieManager().GetRequestCookie(context, "TestCookie"));
+            Assert.Throws<FormatException>(() => new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie"));
         }
 
         [Fact]
@@ -137,7 +137,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC6=JKLMNOPQR",
                 "TestCookieC7=STUVWXYZ");
 
-            string result = new ChunkingCookieManager() { ThrowForPartialCookies = false }.GetRequestCookie(context, "TestCookie");
+            string result = new ChunkingCookieManager(null) { ThrowForPartialCookies = false }.GetRequestCookie(context, "TestCookie");
             string testString = "chunks:7";
             Assert.Equal(testString, result);
         }
@@ -148,19 +148,19 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
             HttpContext context = new DefaultHttpContext();
             context.Request.Headers.AppendValues("Cookie", "TestCookie=chunks:7");
 
-            new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
+            new ChunkingCookieManager(null).DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
             var cookies = context.Response.Headers.GetValues("Set-Cookie");
             Assert.Equal(8, cookies.Count);
             Assert.Equal(new[]
             {
-                "TestCookie=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
-                "TestCookieC1=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
-                "TestCookieC2=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
-                "TestCookieC3=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
-                "TestCookieC4=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
-                "TestCookieC5=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
-                "TestCookieC6=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
-                "TestCookieC7=; domain=foo.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
             }, cookies);
         }
     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index fd349582fb..ad3f6b74fe 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -29,6 +29,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 services =>
                 {
+                    services.AddWebEncoders();
                     services.AddDataProtection();
                     services.ConfigureFacebookAuthentication(options =>
                     {
@@ -74,6 +75,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 services =>
                 {
+                    services.AddWebEncoders();
                     services.AddDataProtection();
                     services.ConfigureFacebookAuthentication(options =>
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 33612b7efc..a37dfe6d20 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -530,6 +530,7 @@ namespace Microsoft.AspNet.Authentication.Google
             },
             services =>
             {
+                services.AddWebEncoders();
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 0f22e3ac74..7ea8482072 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -177,6 +177,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             },
             services =>
             {
+                services.AddWebEncoders();
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 5817615f2b..c31cdc6577 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -436,6 +436,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 },
                 services =>
                 {
+                    services.AddWebEncoders();
                     services.AddDataProtection();
                 }
             );
@@ -454,6 +455,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 },
                 services =>
                 {
+                    services.AddWebEncoders();
                     services.AddDataProtection();
                 }
             );
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index bec9f1bf3d..6abc8aa946 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -234,6 +234,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             },
             services =>
             {
+                services.AddWebEncoders();
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 75220f9214..d4f6fd24a7 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -123,6 +123,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             },
             services =>
             {
+                services.AddWebEncoders();
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {

From 7bc6cab72e3bc3ec3cffe026257fa3d8d4b5f6ba Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 20 Apr 2015 15:26:22 -0700
Subject: [PATCH 214/900] Fix samples

---
 samples/CookieSample/Startup.cs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index df88589fb7..e700f4b90a 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -18,13 +18,14 @@ namespace CookieSample
         {
             app.UseCookieAuthentication(options =>
             {
+                options.AutomaticAuthentication = true;
             });
 
             app.Run(async context =>
             {
-                if (context.User == null || !context.User.Identity.IsAuthenticated)
+                if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
-                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "bob") })));
+                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") })));
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;

From 7d6349c81d6c9b49ea93bdef7ea6220f9e5ddeb6 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Mon, 20 Apr 2015 15:55:46 -0700
Subject: [PATCH 215/900] Fix samples.

---
 .../Properties/launchSettings.json            | 21 +++++++++++++++++++
 samples/CookieSample/Startup.cs               | 10 ++++++---
 samples/CookieSample/project.json             |  1 +
 .../Properties/launchSettings.json            | 21 +++++++++++++++++++
 samples/CookieSessionSample/Startup.cs        | 12 +++++++----
 samples/CookieSessionSample/project.json      |  5 +++--
 .../Properties/launchSettings.json            | 21 +++++++++++++++++++
 samples/OpenIdConnectSample/Startup.cs        |  7 +++++--
 samples/OpenIdConnectSample/project.json      |  9 ++++----
 .../Properties/launchSettings.json            | 21 +++++++++++++++++++
 samples/SocialSample/SocialSample.xproj       |  2 +-
 samples/SocialSample/Startup.cs               | 14 ++++++++-----
 samples/SocialSample/project.json             |  3 ++-
 13 files changed, 125 insertions(+), 22 deletions(-)
 create mode 100644 samples/CookieSample/Properties/launchSettings.json
 create mode 100644 samples/CookieSessionSample/Properties/launchSettings.json
 create mode 100644 samples/OpenIdConnectSample/Properties/launchSettings.json
 create mode 100644 samples/SocialSample/Properties/launchSettings.json

diff --git a/samples/CookieSample/Properties/launchSettings.json b/samples/CookieSample/Properties/launchSettings.json
new file mode 100644
index 0000000000..381ef9b50e
--- /dev/null
+++ b/samples/CookieSample/Properties/launchSettings.json
@@ -0,0 +1,21 @@
+{
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNET_ENV": "Development"
+      }
+    },
+    "web": {
+      "commandName": "web",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:12345"
+    },
+    "kestrel": {
+      "commandName": "kestrel",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:5004"
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index e700f4b90a..cff155a787 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,8 +1,9 @@
 using System.Security.Claims;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Logging;
 
 namespace CookieSample
 {
@@ -14,8 +15,10 @@ namespace CookieSample
             services.AddDataProtection();
         }
 
-        public void Configure(IApplicationBuilder app)
+        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
+            loggerfactory.AddConsole(LogLevel.Information);
+
             app.UseCookieAuthentication(options =>
             {
                 options.AutomaticAuthentication = true;
@@ -25,7 +28,8 @@ namespace CookieSample
             {
                 if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
-                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") })));
+                    var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }));
+                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, user);
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index eea2a4c7e3..1c559aeba3 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -3,6 +3,7 @@
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+        "Microsoft.Framework.Logging.Console": "1.0.0-*",
         "Kestrel": "1.0.0-*"
     },
     "commands": {
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/samples/CookieSessionSample/Properties/launchSettings.json
new file mode 100644
index 0000000000..381ef9b50e
--- /dev/null
+++ b/samples/CookieSessionSample/Properties/launchSettings.json
@@ -0,0 +1,21 @@
+{
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNET_ENV": "Development"
+      }
+    },
+    "web": {
+      "commandName": "web",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:12345"
+    },
+    "kestrel": {
+      "commandName": "kestrel",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:5004"
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index decbd181a3..314ff37825 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -4,6 +4,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Logging;
 
 namespace CookieSessionSample
 {
@@ -15,20 +16,23 @@ namespace CookieSessionSample
             services.AddDataProtection();
         }
 
-        public void Configure(IApplicationBuilder app)
+        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
-            app.UseCookieAuthentication(options => 
+            loggerfactory.AddConsole(LogLevel.Information);
+
+            app.UseCookieAuthentication(options =>
             {
+                options.AutomaticAuthentication = true;
                 options.SessionStore = new MemoryCacheSessionStore();
             });
 
             app.Run(async context =>
             {
-                if (context.User.Identity == null || !context.User.Identity.IsAuthenticated)
+                if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
                     // Make a large identity
                     var claims = new List<Claim>(1001);
-                    claims.Add(new Claim("name", "bob"));
+                    claims.Add(new Claim(ClaimTypes.Name, "bob"));
                     for (int i = 0; i < 1000; i++)
                     {
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 253079cebb..0e8c9a350e 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,10 +1,11 @@
 {
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Caching.Memory": "1.0.0-*",
-        "Kestrel": "1.0.0-*",
-        "Microsoft.AspNet.Server.IIS": "1.0.0-*"
+        "Microsoft.Framework.Logging.Console": "1.0.0-*",
+        "Kestrel": "1.0.0-*"
     },
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
new file mode 100644
index 0000000000..d8622657cf
--- /dev/null
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -0,0 +1,21 @@
+{
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNET_ENV": "Development"
+      }
+    },
+    "kestrel": {
+      "commandName": "kestrel",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:5004"
+    },
+    "web": {
+      "commandName": "web",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:12345"
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index c93eae671b..29b89c8240 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -5,6 +5,7 @@ using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Logging;
 
 namespace OpenIdConnectSample
 {
@@ -20,8 +21,10 @@ namespace OpenIdConnectSample
             });
         }
 
-        public void Configure(IApplicationBuilder app)
+        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
+            loggerfactory.AddConsole(LogLevel.Information);
+
             app.UseCookieAuthentication(options =>
             {
                 options.AutomaticAuthentication = true;
@@ -36,7 +39,7 @@ namespace OpenIdConnectSample
 
             app.Run(async context =>
             {
-                if (context.User == null || !context.User.Identity.IsAuthenticated)
+                if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
                     context.Response.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
 
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index e6e8d6a7b6..13d492ed37 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,10 +1,11 @@
 {
     "dependencies": {
-        "Kestrel": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.Framework.Logging.Console": "1.0.0-*",
+        "Kestrel": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
@@ -13,6 +14,6 @@
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
         "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
-    },    
+    },
     "webroot": "wwwroot"
 }
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
new file mode 100644
index 0000000000..88e42ba2bb
--- /dev/null
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -0,0 +1,21 @@
+{
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNET_ENV": "Development"
+      }
+    },
+    "kestrel": {
+      "commandName": "kestrel",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:54540/"
+    },
+    "web": {
+      "commandName": "web",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:54540/"
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/SocialSample/SocialSample.xproj b/samples/SocialSample/SocialSample.xproj
index d12b8fcbfe..3d2aa528d0 100644
--- a/samples/SocialSample/SocialSample.xproj
+++ b/samples/SocialSample/SocialSample.xproj
@@ -12,7 +12,7 @@
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>36504</DevelopmentServerPort>
+    <DevelopmentServerPort>54540</DevelopmentServerPort>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 45c775cd13..aea458e1ad 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -10,6 +10,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
 namespace CookieSample
@@ -33,14 +34,17 @@ namespace CookieSample
             });
         }
 
-        public void Configure(IApplicationBuilder app)
+        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
+            loggerfactory.AddConsole(LogLevel.Information);
+
             app.UseErrorPage();
 
             app.UseCookieAuthentication(options =>
-                {
-                    options.LoginPath = new PathString("/login");
-                });
+            {
+                options.AutomaticAuthentication = true;
+                options.LoginPath = new PathString("/login");
+            });
 
             // https://developers.facebook.com/apps/
             app.UseFacebookAuthentication(options =>
@@ -217,7 +221,7 @@ namespace CookieSample
             // Deny anonymous request beyond this point.
             app.Use(async (context, next) =>
             {
-                if (!context.User.Identity.IsAuthenticated)
+                if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
                     // The cookie middleware will intercept this 401 and redirect to /login
                     context.Response.Challenge();
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 30905d0b39..7c52600f35 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,13 +1,14 @@
 {
     "dependencies": {
-        "Microsoft.AspNet.Diagnostics": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
         "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.Diagnostics": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.Framework.Logging.Console": "1.0.0-*",
         "Kestrel": "1.0.0-*"
     },
     "commands": {

From 6072e3b1b80befa6472b0134399d5d21ae9d1178 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Tue, 21 Apr 2015 16:21:50 -0700
Subject: [PATCH 216/900] #221 Remove unneeded dependencies around
 DataProtection.

---
 samples/CookieSample/project.json                    |  1 +
 samples/CookieSessionSample/project.json             |  1 +
 samples/OpenIdConnectSample/project.json             |  1 +
 samples/SocialSample/project.json                    |  1 +
 .../project.json                                     |  6 +++++-
 .../project.json                                     |  1 -
 .../project.json                                     |  3 ++-
 src/Microsoft.AspNet.Authentication/project.json     | 12 ++++++++----
 .../project.json                                     |  1 +
 9 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 1c559aeba3..e69eed0e2c 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,6 +1,7 @@
 {
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.Framework.Logging.Console": "1.0.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 0e8c9a350e..0f481e6110 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,6 +1,7 @@
 {
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Caching.Memory": "1.0.0-*",
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 13d492ed37..815ad8a333 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -2,6 +2,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Logging.Console": "1.0.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 7c52600f35..ccaf0a439b 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -5,6 +5,7 @@
         "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
         "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Diagnostics": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index 7bce6f458e..a14ab52da3 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -8,6 +8,10 @@
     },
     "frameworks": {
         "dnx451": { },
-        "dnxcore50": { }
+        "dnxcore50": {
+            "dependencies": {
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*"
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index 215b5155d0..a3409abf81 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -2,7 +2,6 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Newtonsoft.Json": "6.0.6"
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index 33d73fd1c2..a9d804bc2e 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -14,7 +14,8 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
+                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 8367af5f0d..a28d27e07a 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -2,15 +2,19 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection.Interfaces": "1.0.0-*",
         "Microsoft.AspNet.Http": "1.0.0-*",
-        "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
-        "dnxcore50": { }
+        "dnxcore50": {
+            "dependencies": {
+                "System.Security.Cryptography.RandomNumberGenerator": "4.0.0-beta-*"
+            }
+        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 2d88d7988c..c7f594c4fe 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -10,6 +10,7 @@
         "Microsoft.AspNet.Authentication.OAuthBearer": "1.0.0-*",
         "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.TestHost": "1.0.0-*",
         "Moq": "4.2.1312.1622",
         "xunit.runner.aspnet": "2.0.0-aspnet-*"

From 30d350da26d5c40e9e160ccb2cd120303da5baf1 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 22 Apr 2015 12:23:54 -0700
Subject: [PATCH 217/900] Move logger to base handler and moar var

---
 .../CookieAuthenticationHandler.cs            |  13 +-
 .../CookieAuthenticationMiddleware.cs         |  10 +-
 .../FacebookAuthenticationHandler.cs          |  18 +--
 .../FacebookAuthenticationMiddleware.cs       |   4 +-
 .../FacebookServiceCollectionExtensions.cs    |   2 +-
 .../GoogleAuthenticationHandler.cs            |  17 ++-
 .../GoogleAuthenticationMiddleware.cs         |   4 +-
 .../GoogleAuthenticationOptions.cs            |   2 +-
 .../MicrosoftAccountAuthenticationHandler.cs  |  18 ++-
 ...icrosoftAccountAuthenticationMiddleware.cs |   3 +-
 .../OAuthAuthenticationHandler.cs             |   7 +-
 .../OAuthAuthenticationMiddleware.cs          |  10 +-
 .../OAuthBearerAuthenticationHandler.cs       |  10 +-
 .../OAuthBearerAuthenticationMiddleware.cs    |   5 +-
 .../OpenIdConnectAuthenticationHandler.cs     | 111 ++++++++----------
 .../OpenIdConnectAuthenticationMiddleware.cs  |  11 +-
 .../OpenIdConnectAuthenticationOptions.cs     |   1 -
 .../TwitterAuthenticationHandler.cs           |  74 ++++++------
 .../TwitterAuthenticationMiddleware.cs        |   7 +-
 .../AuthenticationHandler.cs                  |  18 +--
 .../AuthenticationHandler`1.cs                |   6 +-
 .../AuthenticationMiddleware.cs               |  10 +-
 .../AuthorizationPolicy.cs                    |   2 +-
 .../AuthenticationHandlerFacts.cs             |  11 +-
 .../Google/GoogleMiddlewareTests.cs           |   2 +
 .../OpenIdConnectHandlerTests.cs              |  17 +--
 .../Microsoft.AspNet.Authorization.Test.xproj |   3 +
 27 files changed, 169 insertions(+), 227 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 8ccbb36530..27b0d2c4e0 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -22,18 +22,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
         private const string HeaderValueMinusOne = "-1";
         private const string SessionIdClaim = "Microsoft.AspNet.Authentication.Cookies-SessionId";
 
-        private readonly ILogger _logger;
-
         private bool _shouldRenew;
         private DateTimeOffset _renewIssuedUtc;
         private DateTimeOffset _renewExpiresUtc;
         private string _sessionKey;
 
-        public CookieAuthenticationHandler([NotNull] ILogger logger)
-        {
-            _logger = logger;
-        }
-
         protected override AuthenticationTicket AuthenticateCore()
         {
             return AuthenticateCoreAsync().GetAwaiter().GetResult();
@@ -54,7 +47,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 if (ticket == null)
                 {
-                    _logger.LogWarning(@"Unprotect ticket failed");
+                    Logger.LogWarning(@"Unprotect ticket failed");
                     return null;
                 }
 
@@ -63,14 +56,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Claim claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
                     if (claim == null)
                     {
-                        _logger.LogWarning(@"SessionId missing");
+                        Logger.LogWarning(@"SessionId missing");
                         return null;
                     }
                     _sessionKey = claim.Value;
                     ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
                     if (ticket == null)
                     {
-                        _logger.LogWarning(@"Identity missing in session store");
+                        Logger.LogWarning(@"Identity missing in session store");
                         return null;
                     }
                 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 0d95f08e78..0a5789f7c2 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -15,8 +15,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
 {
     public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
     {
-        private readonly ILogger _logger;
-
         public CookieAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
@@ -24,7 +22,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             [NotNull] IUrlEncoder urlEncoder,
             [NotNull] IOptions<CookieAuthenticationOptions> options,
             ConfigureOptions<CookieAuthenticationOptions> configureOptions)
-            : base(next, options, configureOptions)
+            : base(next, options, loggerFactory, configureOptions)
         {
             if (Options.Notifications == null)
             {
@@ -36,7 +34,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             if (Options.TicketDataFormat == null)
             {
-                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
+                var dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
@@ -44,13 +42,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 Options.CookieManager = new ChunkingCookieManager(urlEncoder);
             }
-
-            _logger = loggerFactory.CreateLogger(typeof(CookieAuthenticationMiddleware).FullName);
         }
 
         protected override AuthenticationHandler<CookieAuthenticationOptions> CreateHandler()
         {
-            return new CookieAuthenticationHandler(_logger);
+            return new CookieAuthenticationHandler();
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index d16c796eda..246a5328ec 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -21,8 +21,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
 {
     internal class FacebookAuthenticationHandler : OAuthAuthenticationHandler<FacebookAuthenticationOptions, IFacebookAuthenticationNotifications>
     {
-        public FacebookAuthenticationHandler(HttpClient httpClient, ILogger logger)
-            : base(httpClient, logger)
+        public FacebookAuthenticationHandler(HttpClient httpClient)
+            : base(httpClient)
         {
         }
 
@@ -39,9 +39,9 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
             var tokenResponse = await Backchannel.GetAsync(Options.TokenEndpoint + queryBuilder.ToString(), Context.RequestAborted);
             tokenResponse.EnsureSuccessStatusCode();
-            string oauthTokenResponse = await tokenResponse.Content.ReadAsStringAsync();
+            var oauthTokenResponse = await tokenResponse.Content.ReadAsStringAsync();
 
-            IFormCollection form = new FormCollection(FormReader.ReadForm(oauthTokenResponse));
+            var form = new FormCollection(FormReader.ReadForm(oauthTokenResponse));
             var response = new JObject();
             foreach (string key in form.Keys)
             {
@@ -53,7 +53,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
         protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
         {
-            string graphAddress = Options.UserInformationEndpoint + "?access_token=" + Uri.EscapeDataString(tokens.AccessToken);
+            var graphAddress = Options.UserInformationEndpoint + "?access_token=" + Uri.EscapeDataString(tokens.AccessToken);
             if (Options.SendAppSecretProof)
             {
                 graphAddress += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken);
@@ -61,8 +61,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
             var graphResponse = await Backchannel.GetAsync(graphAddress, Context.RequestAborted);
             graphResponse.EnsureSuccessStatusCode();
-            string text = await graphResponse.Content.ReadAsStringAsync();
-            JObject user = JObject.Parse(text);
+            var text = await graphResponse.Content.ReadAsStringAsync();
+            var user = JObject.Parse(text);
 
             var context = new FacebookAuthenticatedContext(Context, Options, user, tokens);
             var identity = new ClaimsIdentity(
@@ -107,8 +107,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
         {
             using (HMACSHA256 algorithm = new HMACSHA256(Encoding.ASCII.GetBytes(Options.AppSecret)))
             {
-                byte[] hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
-                StringBuilder builder = new StringBuilder();
+                var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
+                var builder = new StringBuilder();
                 for (int i = 0; i < hash.Length; i++)
                 {
                     builder.Append(hash[i].ToString("x2", CultureInfo.InvariantCulture));
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index 7feacb1d12..39b0e87eae 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -54,7 +54,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="FacebookAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<FacebookAuthenticationOptions> CreateHandler()
         {
-            return new FacebookAuthenticationHandler(Backchannel, Logger);
+            return new FacebookAuthenticationHandler(Backchannel);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
index 26ab1c0631..1550a6cd8a 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -33,4 +33,4 @@ namespace Microsoft.Framework.DependencyInjection
             return services.Configure<FacebookAuthenticationOptions>(config, optionsName);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
index 71e51f06ae..175c38c207 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
@@ -10,27 +10,26 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.WebUtilities;
-using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
     internal class GoogleAuthenticationHandler : OAuthAuthenticationHandler<GoogleAuthenticationOptions, IGoogleAuthenticationNotifications>
     {
-        public GoogleAuthenticationHandler(HttpClient httpClient, ILogger logger)
-            : base(httpClient, logger)
+        public GoogleAuthenticationHandler(HttpClient httpClient)
+            : base(httpClient)
         {
         }
 
         protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
         {
             // Get the Google user
-            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+            var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
-            HttpResponseMessage graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
+            var graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
             graphResponse.EnsureSuccessStatusCode();
             var text = await graphResponse.Content.ReadAsStringAsync();
-            JObject user = JObject.Parse(text);
+            var user = JObject.Parse(text);
 
             var context = new GoogleAuthenticatedContext(Context, Options, user, tokens);
             var identity = new ClaimsIdentity(
@@ -79,7 +78,7 @@ namespace Microsoft.AspNet.Authentication.Google
         // TODO: Abstract this properties override pattern into the base class?
         protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
         {
-            string scope = FormatScope();
+            var scope = FormatScope();
 
             var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
             queryStrings.Add("response_type", "code");
@@ -92,10 +91,10 @@ namespace Microsoft.AspNet.Authentication.Google
             AddQueryString(queryStrings, properties, "approval_prompt");
             AddQueryString(queryStrings, properties, "login_hint");
 
-            string state = Options.StateDataFormat.Protect(properties);
+            var state = Options.StateDataFormat.Protect(properties);
             queryStrings.Add("state", state);
 
-            string authorizationEndpoint = QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, queryStrings);
+            var authorizationEndpoint = QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, queryStrings);
             return authorizationEndpoint;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index 73e6b180b5..f98d659d2f 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -56,7 +56,7 @@ namespace Microsoft.AspNet.Authentication.Google
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="GoogleAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<GoogleAuthenticationOptions> CreateHandler()
         {
-            return new GoogleAuthenticationHandler(Backchannel, Logger);
+            return new GoogleAuthenticationHandler(Backchannel);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
index e562a8f2c7..30446b3b57 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
@@ -33,4 +33,4 @@ namespace Microsoft.AspNet.Authentication.Google
         /// </summary>
         public string AccessType { get; set; }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index bb953cc135..5696ce16ad 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -1,35 +1,31 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.Framework.Logging;
+using Microsoft.AspNet.Http.Authentication;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
     internal class MicrosoftAccountAuthenticationHandler : OAuthAuthenticationHandler<MicrosoftAccountAuthenticationOptions, IMicrosoftAccountAuthenticationNotifications>
     {
-        public MicrosoftAccountAuthenticationHandler(HttpClient httpClient, ILogger logger)
-            : base(httpClient, logger)
+        public MicrosoftAccountAuthenticationHandler(HttpClient httpClient)
+            : base(httpClient)
         {
         }
 
         protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
         {
-            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+            var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
-            HttpResponseMessage graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
+            var graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
             graphResponse.EnsureSuccessStatusCode();
-            string accountString = await graphResponse.Content.ReadAsStringAsync();
-            JObject accountInformation = JObject.Parse(accountString);
+            var accountString = await graphResponse.Content.ReadAsStringAsync();
+            var accountInformation = JObject.Parse(accountString);
 
             var context = new MicrosoftAccountAuthenticatedContext(Context, Options, accountInformation, tokens);
             context.Properties = properties;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 7626c70619..8978c4d1d5 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
@@ -50,7 +49,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="MicrosoftAccountAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<MicrosoftAccountAuthenticationOptions> CreateHandler()
         {
-            return new MicrosoftAccountAuthenticationHandler(Backchannel, Logger);
+            return new MicrosoftAccountAuthenticationHandler(Backchannel);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 6389b8c1d5..5d3cb8c60d 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -19,16 +19,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
         where TOptions : OAuthAuthenticationOptions<TNotifications>
         where TNotifications : IOAuthAuthenticationNotifications
     {
-        public OAuthAuthenticationHandler(HttpClient backchannel, ILogger logger)
+        public OAuthAuthenticationHandler(HttpClient backchannel)
         {
             Backchannel = backchannel;
-            Logger = logger;
         }
 
         protected HttpClient Backchannel { get; private set; }
 
-        protected ILogger Logger { get; private set; }
-
         public override async Task<bool> InvokeAsync()
         {
             if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
@@ -107,7 +104,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 }
 
                 // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties, Logger))
+                if (!ValidateCorrelationId(properties))
                 {
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 8b8e432b34..9a211ef242 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<TOptions> options,
             ConfigureOptions<TOptions> configureOptions = null)
-            : base(next, options, configureOptions)
+            : base(next, options, loggerFactory, configureOptions)
         {
             // todo: review error handling
             if (string.IsNullOrWhiteSpace(Options.AuthenticationScheme))
@@ -64,11 +64,9 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "TokenEndpoint"));
             }
 
-            Logger = loggerFactory.CreateLogger(this.GetType().FullName);
-
             if (Options.StateDataFormat == null)
             {
-                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
+                var dataProtector = dataProtectionProvider.CreateProtector(
                     this.GetType().FullName, Options.AuthenticationScheme, "v1");
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
@@ -90,15 +88,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected HttpClient Backchannel { get; private set; }
 
-        protected ILogger Logger { get; private set; }
-
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OAuthAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<TOptions> CreateHandler()
         {
-            return new OAuthAuthenticationHandler<TOptions, TNotifications>(Backchannel, Logger);
+            return new OAuthAuthenticationHandler<TOptions, TNotifications>(Backchannel);
         }
 
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index 1f2d20b76e..745c36f0ff 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -17,14 +17,8 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
     public class OAuthBearerAuthenticationHandler : AuthenticationHandler<OAuthBearerAuthenticationOptions>
     {
-        private readonly ILogger _logger;
         private OpenIdConnectConfiguration _configuration;
 
-        public OAuthBearerAuthenticationHandler(ILogger logger)
-        {
-            _logger = logger;
-        }
-
         protected override AuthenticationTicket AuthenticateCore()
         {
             return AuthenticateCoreAsync().GetAwaiter().GetResult();
@@ -63,7 +57,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
 
                 if (string.IsNullOrEmpty(token))
                 {
-                    string authorization = Request.Headers.Get("Authorization");
+                    var authorization = Request.Headers.Get("Authorization");
 
                     // If no authorization header found, nothing to process further
                     if (string.IsNullOrEmpty(authorization))
@@ -155,7 +149,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             }
             catch (Exception ex)
             {
-                _logger.LogError("Exception occurred while processing message", ex);
+                Logger.LogError("Exception occurred while processing message", ex);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
                 if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 9ab829c5d2..a18bbee935 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -34,9 +34,8 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IOptions<OAuthBearerAuthenticationOptions> options,
             ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
-            : base(next, options, configureOptions)
+            : base(next, options, loggerFactory, configureOptions)
         {
-            _logger = loggerFactory.CreateLogger<OAuthBearerAuthenticationMiddleware>();
             if (Options.Notifications == null)
             {
                 Options.Notifications = new OAuthBearerAuthenticationNotifications();
@@ -86,7 +85,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// <returns>A new instance of the request handler</returns>
         protected override AuthenticationHandler<OAuthBearerAuthenticationOptions> CreateHandler()
         {
-            return new OAuthBearerAuthenticationHandler(_logger);
+            return new OAuthBearerAuthenticationHandler();
         }
 
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index c0efcd0f61..75914cc7bb 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -23,18 +23,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     {
         private const string NonceProperty = "N";
         private const string UriSchemeDelimiter = "://";
-        private readonly ILogger _logger;
         private OpenIdConnectConfiguration _configuration;
 
-        /// <summary>
-        /// Creates a new OpenIdConnectAuthenticationHandler
-        /// </summary>
-        /// <param name="logger"></param>
-        public OpenIdConnectAuthenticationHandler(ILogger logger)
-        {
-            _logger = logger;
-        }
-
         private string CurrentUri
         {
             get
@@ -67,7 +57,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage()
+                var openIdConnectMessage = new OpenIdConnectMessage()
                 {
                     IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
                     RequestType = OpenIdConnectRequestType.LogoutRequest,
@@ -95,10 +85,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 if (!notification.HandledResponse)
                 {
-                    string redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
+                    var redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
                     if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                     {
-                        _logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
+                        Logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
                     }
 
                     Response.Redirect(redirectUri);
@@ -118,28 +108,25 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <remarks>Uses log id's OIDCH-0026 - OIDCH-0050, next num: 37</remarks>
         protected override async Task ApplyResponseChallengeAsync()
         {
-            if (_logger.IsEnabled(LogLevel.Debug))
-            {
-                _logger.LogDebug(Resources.OIDCH_0026_ApplyResponseChallengeAsync, this.GetType());
-            }
+            Logger.LogDebug(Resources.OIDCH_0026_ApplyResponseChallengeAsync, this.GetType());
 
             if (ShouldConvertChallengeToForbidden())
             {
-                _logger.LogDebug(Resources.OIDCH_0027_401_ConvertedTo_403);
+                Logger.LogDebug(Resources.OIDCH_0027_401_ConvertedTo_403);
                 Response.StatusCode = 403;
                 return;
             }
 
             if (Response.StatusCode != 401)
             {
-                _logger.LogDebug(Resources.OIDCH_0028_StatusCodeNot401, Response.StatusCode);
+                Logger.LogDebug(Resources.OIDCH_0028_StatusCodeNot401, Response.StatusCode);
                 return;
             }
 
             // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
             if (ChallengeContext == null && !Options.AutomaticAuthentication)
             {
-                _logger.LogDebug(Resources.OIDCH_0029_ChallengeContextEqualsNull);
+                Logger.LogDebug(Resources.OIDCH_0029_ChallengeContextEqualsNull);
                 return;
             }
 
@@ -158,17 +145,17 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (!string.IsNullOrWhiteSpace(properties.RedirectUri))
             {
-                _logger.LogDebug(Resources.OIDCH_0030_Using_Properties_RedirectUri, properties.RedirectUri);
+                Logger.LogDebug(Resources.OIDCH_0030_Using_Properties_RedirectUri, properties.RedirectUri);
             }
             else if (Options.DefaultToCurrentUriOnRedirect)
             {
-                _logger.LogDebug(Resources.OIDCH_0032_UsingCurrentUriRedirectUri, CurrentUri);
+                Logger.LogDebug(Resources.OIDCH_0032_UsingCurrentUriRedirectUri, CurrentUri);
                 properties.RedirectUri = CurrentUri;
             }
 
             if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
             {
-                _logger.LogDebug(Resources.OIDCH_0031_Using_Options_RedirectUri, Options.RedirectUri);
+                Logger.LogDebug(Resources.OIDCH_0031_Using_Options_RedirectUri, Options.RedirectUri);
             }
 
             // When redeeming a 'code' for an AccessToken, this value is needed
@@ -203,7 +190,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     if (!Options.NonceCache.TryAddNonce(message.Nonce))
                     {
-                        _logger.LogError(Resources.OIDCH_0033_TryAddNonceFailed, message.Nonce);
+                        Logger.LogError(Resources.OIDCH_0033_TryAddNonceFailed, message.Nonce);
                         throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0033_TryAddNonceFailed, message.Nonce));
                     }
                 }
@@ -221,19 +208,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
             if (redirectToIdentityProviderNotification.HandledResponse)
             {
-                _logger.LogInformation(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                Logger.LogInformation(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
                 return;
             }
             else if (redirectToIdentityProviderNotification.Skipped)
             {
-                _logger.LogInformation(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                Logger.LogInformation(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
                 return;
             }
 
-            string redirectUri = redirectToIdentityProviderNotification.ProtocolMessage.CreateAuthenticationRequestUrl();
+            var redirectUri = redirectToIdentityProviderNotification.ProtocolMessage.CreateAuthenticationRequestUrl();
             if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
             {
-                _logger.LogWarning(Resources.OIDCH_0036_UriIsNotWellFormed, redirectUri);
+                Logger.LogWarning(Resources.OIDCH_0036_UriIsNotWellFormed, redirectUri);
             }
 
             Response.Redirect(redirectUri);
@@ -251,10 +238,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
         protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
         {
-            if (_logger.IsEnabled(LogLevel.Debug))
-            {
-                _logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
-            }
+            Logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
 
             // Allow login to be constrained to a specific path. Need to make this runtime configurable.
             if (Options.CallbackPath.HasValue && Options.CallbackPath != (Request.PathBase + Request.Path))
@@ -271,7 +255,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
               && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
               && Request.Body.CanRead)
             {
-                IFormCollection form = await Request.ReadFormAsync();
+                var form = await Request.ReadFormAsync();
                 Request.Body.Seek(0, SeekOrigin.Begin);
                 message = new OpenIdConnectMessage(form);
             }
@@ -283,9 +267,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             try
             {
-                if (_logger.IsEnabled(LogLevel.Debug))
+                if (Logger.IsEnabled(LogLevel.Debug))
                 {
-                    _logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
+                    Logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
                 }
 
                 var messageReceivedNotification =
@@ -297,34 +281,34 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Notifications.MessageReceived(messageReceivedNotification);
                 if (messageReceivedNotification.HandledResponse)
                 {
-                    _logger.LogInformation(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
+                    Logger.LogInformation(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
                     return messageReceivedNotification.AuthenticationTicket;
                 }
 
                 if (messageReceivedNotification.Skipped)
                 {
-                    _logger.LogInformation(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
+                    Logger.LogInformation(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
                     return null;
                 }
 
                 // runtime always adds state, if we don't find it OR we failed to 'unprotect' it this is not a message we should process.
                 if (string.IsNullOrWhiteSpace(message.State))
                 {
-                    _logger.LogError(Resources.OIDCH_0004_MessageStateIsNullOrWhiteSpace);
+                    Logger.LogError(Resources.OIDCH_0004_MessageStateIsNullOrWhiteSpace);
                     return null;
                 }
 
                 var properties = GetPropertiesFromState(message.State);
                 if (properties == null)
                 {
-                    _logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
+                    Logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
                     return null;
                 }
 
                 // devs will need to hook AuthenticationFailedNotification to avoid having 'raw' runtime errors displayed to users.
                 if (!string.IsNullOrWhiteSpace(message.Error))
                 {
-                   _logger.LogError(Resources.OIDCH_0006_MessageErrorNotNull, message.Error);
+                   Logger.LogError(Resources.OIDCH_0006_MessageErrorNotNull, message.Error);
                     throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageErrorNotNull, message.Error));
                 }
 
@@ -333,14 +317,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
-                    _logger.LogDebug(Resources.OIDCH_0007_UpdatingConfiguration);
+                    Logger.LogDebug(Resources.OIDCH_0007_UpdatingConfiguration);
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
                 // OpenIdConnect protocol allows a Code to be received without the id_token
                 if (!string.IsNullOrWhiteSpace(message.IdToken))
                 {
-                    _logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
+                    Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
                     var securityTokenReceivedNotification =
                         new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                         {
@@ -350,18 +334,18 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
                     if (securityTokenReceivedNotification.HandledResponse)
                     {
-                        _logger.LogInformation(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
+                        Logger.LogInformation(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
                         return securityTokenReceivedNotification.AuthenticationTicket;
                     }
 
                     if (securityTokenReceivedNotification.Skipped)
                     {
-                        _logger.LogInformation(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
+                        Logger.LogInformation(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
                         return null;
                     }
 
                     // Copy and augment to avoid cross request race conditions for updated configurations.
-                    TokenValidationParameters validationParameters = Options.TokenValidationParameters.Clone();
+                    var validationParameters = Options.TokenValidationParameters.Clone();
                     if (_configuration != null)
                     {
                         if (string.IsNullOrWhiteSpace(validationParameters.ValidIssuer))
@@ -386,7 +370,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                             jwt = validatedToken as JwtSecurityToken;
                             if (jwt == null)
                             {
-                                _logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
+                                Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
                                 throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
                             }
                         }
@@ -394,7 +378,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                     if (validatedToken == null)
                     {
-                        _logger.LogError(Resources.OIDCH_0011_UnableToValidateToken, message.IdToken);
+                        Logger.LogError(Resources.OIDCH_0011_UnableToValidateToken, message.IdToken);
                         throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0011_UnableToValidateToken, message.IdToken));
                     }
 
@@ -412,13 +396,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     // Rename?
                     if (Options.UseTokenLifetime)
                     {
-                        DateTime issued = validatedToken.ValidFrom;
+                        var issued = validatedToken.ValidFrom;
                         if (issued != DateTime.MinValue)
                         {
                             ticket.Properties.IssuedUtc = issued;
                         }
 
-                        DateTime expires = validatedToken.ValidTo;
+                        var expires = validatedToken.ValidTo;
                         if (expires != DateTime.MinValue)
                         {
                             ticket.Properties.ExpiresUtc = expires;
@@ -435,13 +419,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
                     if (securityTokenValidatedNotification.HandledResponse)
                     {
-                        _logger.LogInformation(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
+                        Logger.LogInformation(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
                         return securityTokenValidatedNotification.AuthenticationTicket;
                     }
 
                     if (securityTokenValidatedNotification.Skipped)
                     {
-                        _logger.LogInformation(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
+                        Logger.LogInformation(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
                         return null;
                     }
 
@@ -470,7 +454,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 if (message.Code != null)
                 {
-                    _logger.LogDebug(Resources.OIDCH_0014_CodeReceived, message.Code);
+                    Logger.LogDebug(Resources.OIDCH_0014_CodeReceived, message.Code);
                     if (ticket == null)
                     {
                         ticket = new AuthenticationTicket(properties, Options.AuthenticationScheme);
@@ -489,13 +473,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
                     if (authorizationCodeReceivedNotification.HandledResponse)
                     {
-                        _logger.LogInformation(Resources.OIDCH_0015_CodeReceivedNotificationHandledResponse);
+                        Logger.LogInformation(Resources.OIDCH_0015_CodeReceivedNotificationHandledResponse);
                         return authorizationCodeReceivedNotification.AuthenticationTicket;
                     }
 
                     if (authorizationCodeReceivedNotification.Skipped)
                     {
-                        _logger.LogInformation(Resources.OIDCH_0016_CodeReceivedNotificationSkipped);
+                        Logger.LogInformation(Resources.OIDCH_0016_CodeReceivedNotificationSkipped);
                         return null;
                     }
                 }
@@ -504,7 +488,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             catch (Exception exception)
             {
-                _logger.LogError(Resources.OIDCH_0017_ExceptionOccurredWhileProcessingMessage, exception);
+                Logger.LogError(Resources.OIDCH_0017_ExceptionOccurredWhileProcessingMessage, exception);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
                 if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
@@ -522,13 +506,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
                 if (authenticationFailedNotification.HandledResponse)
                 {
-                    _logger.LogInformation(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
+                    Logger.LogInformation(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
                     return authenticationFailedNotification.AuthenticationTicket;
                 }
 
                 if (authenticationFailedNotification.Skipped)
                 {
-                    _logger.LogInformation(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
+                    Logger.LogInformation(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
                     return null;
                 }
 
@@ -579,7 +563,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     try
                     {
-                        string nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length, nonceKey.Length - OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length));
+                        var nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length, nonceKey.Length - OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length));
                         if (nonceDecodedValue == nonce)
                         {
                             var cookieOptions = new CookieOptions
@@ -594,7 +578,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     }
                     catch (Exception ex)
                     {
-                        _logger.LogWarning("Failed to un-protect the nonce cookie.", ex);
+                        Logger.LogWarning("Failed to un-protect the nonce cookie.", ex);
                     }
                 }
             }
@@ -605,13 +589,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         private AuthenticationProperties GetPropertiesFromState(string state)
         {
             // assume a well formed query string: <a=b&>OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey=kasjd;fljasldkjflksdj<&c=d>
-            int startIndex = 0;
+            var startIndex = 0;
             if (string.IsNullOrWhiteSpace(state) || (startIndex = state.IndexOf(OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey, StringComparison.Ordinal)) == -1)
             {
                 return null;
             }
 
-            int authenticationIndex = startIndex + OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey.Length;
+            var authenticationIndex = startIndex + OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey.Length;
             if (authenticationIndex == -1 || authenticationIndex == state.Length || state[authenticationIndex] != '=')
             {
                 return null;
@@ -619,7 +603,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             // scan rest of string looking for '&'
             authenticationIndex++;
-            int endIndex = state.Substring(authenticationIndex, state.Length - authenticationIndex).IndexOf("&", StringComparison.Ordinal);
+            var endIndex = state.Substring(authenticationIndex, state.Length - authenticationIndex).IndexOf("&", StringComparison.Ordinal);
 
             // -1 => no other parameters are after the AuthenticationPropertiesKey
             if (endIndex == -1)
@@ -643,8 +627,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<bool> InvokeReplyPathAsync()
         {
-            AuthenticationTicket ticket = await AuthenticateAsync();
-
+            var ticket = await AuthenticateAsync();
             if (ticket != null)
             {
                 if (ticket.Principal != null)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index ee8eec0e5a..46524c17ce 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -25,8 +25,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     public class OpenIdConnectAuthenticationMiddleware : AuthenticationMiddleware<OpenIdConnectAuthenticationOptions>
     {
-        private readonly ILogger _logger;
-
         /// <summary>
         /// Initializes a <see cref="OpenIdConnectAuthenticationMiddleware"/>
         /// </summary>
@@ -45,9 +43,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null)
-            : base(next, options, configureOptions)
+            : base(next, options, loggerFactory, configureOptions)
         {
-            _logger = loggerFactory.CreateLogger<OpenIdConnectAuthenticationMiddleware>();
             if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(externalOptions.Options.SignInScheme))
             {
                 Options.SignInScheme = externalOptions.Options.SignInScheme;
@@ -120,7 +117,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                         Options.MetadataAddress += ".well-known/openid-configuration";
                     }
 
-                    HttpClient httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+                    var httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
                     httpClient.Timeout = Options.BackchannelTimeout;
                     httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
                     Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, httpClient);
@@ -134,13 +131,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OpenIdConnectAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
         {
-            return new OpenIdConnectAuthenticationHandler(_logger);
+            return new OpenIdConnectAuthenticationHandler();
         }
 
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         private static HttpMessageHandler ResolveHttpMessageHandler(OpenIdConnectAuthenticationOptions options)
         {
-            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+            var handler = options.BackchannelHttpHandler ??
 #if DNX451
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index e5a3793d38..4a306c7311 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -38,7 +38,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <remarks>
         /// Defaults:
         /// <para>AddNonceToRequest: true.</para>
-        /// <para>AuthenticationMode: <see cref="AuthenticationMode.Active"/>.</para>
         /// <para>BackchannelTimeout: 1 minute.</para>
         /// <para>Caption: <see cref="OpenIdConnectAuthenticationDefaults.Caption"/>.</para>
         /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para>
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index dc0d7fc8d7..cbc48910c3 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -12,7 +12,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Collections;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.Twitter.Messages;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
@@ -28,12 +27,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         private const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
 
         private readonly HttpClient _httpClient;
-        private readonly ILogger _logger;
 
-        public TwitterAuthenticationHandler(HttpClient httpClient, ILogger logger)
+        public TwitterAuthenticationHandler(HttpClient httpClient)
         {
             _httpClient = httpClient;
-            _logger = logger;
         }
 
         public override async Task<bool> InvokeAsync()
@@ -55,40 +52,40 @@ namespace Microsoft.AspNet.Authentication.Twitter
             AuthenticationProperties properties = null;
             try
             {
-                IReadableStringCollection query = Request.Query;
-                string protectedRequestToken = Request.Cookies[StateCookie];
+                var query = Request.Query;
+                var protectedRequestToken = Request.Cookies[StateCookie];
 
-                RequestToken requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
+                var requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
 
                 if (requestToken == null)
                 {
-                    _logger.LogWarning("Invalid state");
+                    Logger.LogWarning("Invalid state");
                     return null;
                 }
 
                 properties = requestToken.Properties;
 
-                string returnedToken = query.Get("oauth_token");
+                var returnedToken = query.Get("oauth_token");
                 if (string.IsNullOrWhiteSpace(returnedToken))
                 {
-                    _logger.LogWarning("Missing oauth_token");
+                    Logger.LogWarning("Missing oauth_token");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 if (returnedToken != requestToken.Token)
                 {
-                    _logger.LogWarning("Unmatched token");
+                    Logger.LogWarning("Unmatched token");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
                 string oauthVerifier = query.Get("oauth_verifier");
                 if (string.IsNullOrWhiteSpace(oauthVerifier))
                 {
-                    _logger.LogWarning("Missing or blank oauth_verifier");
+                    Logger.LogWarning("Missing or blank oauth_verifier");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                AccessToken accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
+                var accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
 
                 var context = new TwitterAuthenticatedContext(Context, accessToken.UserId, accessToken.ScreenName, accessToken.Token, accessToken.TokenSecret);
 
@@ -120,7 +117,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             }
             catch (Exception ex)
             {
-                _logger.LogError("Authentication failed", ex);
+                Logger.LogError("Authentication failed", ex);
                 return new AuthenticationTicket(properties, Options.AuthenticationScheme);
             }
         }
@@ -148,8 +145,8 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 return;
             }
 
-            string requestPrefix = Request.Scheme + "://" + Request.Host;
-            string callBackUrl = requestPrefix + RequestPathBase + Options.CallbackPath;
+            var requestPrefix = Request.Scheme + "://" + Request.Host;
+            var callBackUrl = requestPrefix + RequestPathBase + Options.CallbackPath;
 
             AuthenticationProperties properties;
             if (ChallengeContext == null)
@@ -165,11 +162,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 properties.RedirectUri = requestPrefix + Request.PathBase + Request.Path + Request.QueryString;
             }
 
-            RequestToken requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, callBackUrl, properties);
+            var requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, callBackUrl, properties);
 
             if (requestToken.CallbackConfirmed)
             {
-                string twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
+                var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
 
                 var cookieOptions = new CookieOptions
                 {
@@ -186,16 +183,16 @@ namespace Microsoft.AspNet.Authentication.Twitter
             }
             else
             {
-                _logger.LogError("requestToken CallbackConfirmed!=true");
+                Logger.LogError("requestToken CallbackConfirmed!=true");
             }
         }
 
         public async Task<bool> InvokeReturnPathAsync()
         {
-            AuthenticationTicket model = await AuthenticateAsync();
+            var model = await AuthenticateAsync();
             if (model == null)
             {
-                _logger.LogWarning("Invalid return state, unable to redirect.");
+                Logger.LogWarning("Invalid return state, unable to redirect.");
                 Response.StatusCode = 500;
                 return true;
             }
@@ -230,9 +227,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
         {
-            _logger.LogVerbose("ObtainRequestToken");
+            Logger.LogVerbose("ObtainRequestToken");
 
-            string nonce = Guid.NewGuid().ToString("N");
+            var nonce = Guid.NewGuid().ToString("N");
 
             var authorizationParts = new SortedDictionary<string, string>
             {
@@ -250,7 +247,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 parameterBuilder.AppendFormat("{0}={1}&", Uri.EscapeDataString(authorizationKey.Key), Uri.EscapeDataString(authorizationKey.Value));
             }
             parameterBuilder.Length--;
-            string parameterString = parameterBuilder.ToString();
+            var parameterString = parameterBuilder.ToString();
 
             var canonicalizedRequestBuilder = new StringBuilder();
             canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
@@ -259,7 +256,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             canonicalizedRequestBuilder.Append("&");
             canonicalizedRequestBuilder.Append(Uri.EscapeDataString(parameterString));
 
-            string signature = ComputeSignature(consumerSecret, null, canonicalizedRequestBuilder.ToString());
+            var signature = ComputeSignature(consumerSecret, null, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
 
             var authorizationHeaderBuilder = new StringBuilder();
@@ -274,11 +271,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var request = new HttpRequestMessage(HttpMethod.Post, RequestTokenEndpoint);
             request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
 
-            HttpResponseMessage response = await _httpClient.SendAsync(request, Context.RequestAborted);
+            var response = await _httpClient.SendAsync(request, Context.RequestAborted);
             response.EnsureSuccessStatusCode();
             string responseText = await response.Content.ReadAsStringAsync();
 
-            IFormCollection responseParameters = new FormCollection(FormReader.ReadForm(responseText));
+            var responseParameters = new FormCollection(FormReader.ReadForm(responseText));
             if (string.Equals(responseParameters["oauth_callback_confirmed"], "true", StringComparison.Ordinal))
             {
                 return new RequestToken { Token = Uri.UnescapeDataString(responseParameters["oauth_token"]), TokenSecret = Uri.UnescapeDataString(responseParameters["oauth_token_secret"]), CallbackConfirmed = true, Properties = properties };
@@ -291,9 +288,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
         {
             // https://dev.twitter.com/docs/api/1/post/oauth/access_token
 
-            _logger.LogVerbose("ObtainAccessToken");
+            Logger.LogVerbose("ObtainAccessToken");
 
-            string nonce = Guid.NewGuid().ToString("N");
+            var nonce = Guid.NewGuid().ToString("N");
 
             var authorizationParts = new SortedDictionary<string, string>
             {
@@ -312,7 +309,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 parameterBuilder.AppendFormat("{0}={1}&", Uri.EscapeDataString(authorizationKey.Key), Uri.EscapeDataString(authorizationKey.Value));
             }
             parameterBuilder.Length--;
-            string parameterString = parameterBuilder.ToString();
+            var parameterString = parameterBuilder.ToString();
 
             var canonicalizedRequestBuilder = new StringBuilder();
             canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
@@ -321,7 +318,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             canonicalizedRequestBuilder.Append("&");
             canonicalizedRequestBuilder.Append(Uri.EscapeDataString(parameterString));
 
-            string signature = ComputeSignature(consumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
+            var signature = ComputeSignature(consumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
             authorizationParts.Remove("oauth_verifier");
 
@@ -344,17 +341,16 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             request.Content = new FormUrlEncodedContent(formPairs);
 
-            HttpResponseMessage response = await _httpClient.SendAsync(request, Context.RequestAborted);
+            var response = await _httpClient.SendAsync(request, Context.RequestAborted);
 
             if (!response.IsSuccessStatusCode)
             {
-                _logger.LogError("AccessToken request failed with a status code of " + response.StatusCode);
+                Logger.LogError("AccessToken request failed with a status code of " + response.StatusCode);
                 response.EnsureSuccessStatusCode(); // throw
             }
 
-            string responseText = await response.Content.ReadAsStringAsync();
-
-            IFormCollection responseParameters = new FormCollection(FormReader.ReadForm(responseText));
+            var responseText = await response.Content.ReadAsStringAsync();
+            var responseParameters = new FormCollection(FormReader.ReadForm(responseText));
 
             return new AccessToken
             {
@@ -367,7 +363,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         private static string GenerateTimeStamp()
         {
-            TimeSpan secondsSinceUnixEpocStart = DateTime.UtcNow - Epoch;
+            var secondsSinceUnixEpocStart = DateTime.UtcNow - Epoch;
             return Convert.ToInt64(secondsSinceUnixEpocStart.TotalSeconds).ToString(CultureInfo.InvariantCulture);
         }
 
@@ -380,7 +376,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                         "{0}&{1}",
                         Uri.EscapeDataString(consumerSecret),
                         string.IsNullOrEmpty(tokenSecret) ? string.Empty : Uri.EscapeDataString(tokenSecret)));
-                byte[] hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(signatureData));
+                var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(signatureData));
                 return Convert.ToBase64String(hash);
             }
         }
@@ -390,4 +386,4 @@ namespace Microsoft.AspNet.Authentication.Twitter
             // N/A - No SignIn or SignOut support.
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 63534a85f5..145cf4cad9 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -22,7 +22,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class TwitterAuthenticationMiddleware : AuthenticationMiddleware<TwitterAuthenticationOptions>
     {
-        private readonly ILogger _logger;
         private readonly HttpClient _httpClient;
 
         /// <summary>
@@ -40,7 +39,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<TwitterAuthenticationOptions> options,
             ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
-            : base(next, options, configureOptions)
+            : base(next, options, loggerFactory, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
             {
@@ -51,8 +50,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ConsumerKey"));
             }
 
-            _logger = loggerFactory.CreateLogger(typeof(TwitterAuthenticationMiddleware).FullName);
-
             if (Options.Notifications == null)
             {
                 Options.Notifications = new TwitterAuthenticationNotifications();
@@ -90,7 +87,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="TwitterAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<TwitterAuthenticationOptions> CreateHandler()
         {
-            return new TwitterAuthenticationHandler(_httpClient, _logger);
+            return new TwitterAuthenticationHandler(_httpClient);
         }
 
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 318d0ad732..7d412d28ae 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -2,8 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Security.Cryptography;
 using System.Threading;
 using System.Threading.Tasks;
@@ -50,6 +48,8 @@ namespace Microsoft.AspNet.Authentication
 
         protected PathString RequestPathBase { get; private set; }
 
+        protected ILogger Logger { get; private set; }
+
         internal AuthenticationOptions BaseOptions
         {
             get { return _baseOptions; }
@@ -61,11 +61,12 @@ namespace Microsoft.AspNet.Authentication
 
         public bool Faulted { get; set; }
 
-        protected async Task BaseInitializeAsync(AuthenticationOptions options, HttpContext context)
+        protected async Task BaseInitializeAsync([NotNull] AuthenticationOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger)
         {
             _baseOptions = options;
             Context = context;
             RequestPathBase = Request.PathBase;
+            Logger = logger;
 
             RegisterAuthenticationHandler();
 
@@ -414,13 +415,13 @@ namespace Microsoft.AspNet.Authentication
             Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
         }
 
-        protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties, [NotNull] ILogger logger)
+        protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
         {
             var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
             var correlationCookie = Request.Cookies[correlationKey];
             if (string.IsNullOrWhiteSpace(correlationCookie))
             {
-                logger.LogWarning("{0} cookie not found.", correlationKey);
+                Logger.LogWarning("{0} cookie not found.", correlationKey);
                 return false;
             }
 
@@ -436,7 +437,7 @@ namespace Microsoft.AspNet.Authentication
                 correlationKey,
                 out correlationExtra))
             {
-                logger.LogWarning("{0} state property not found.", correlationKey);
+                Logger.LogWarning("{0} state property not found.", correlationKey);
                 return false;
             }
 
@@ -444,7 +445,7 @@ namespace Microsoft.AspNet.Authentication
 
             if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
             {
-                logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
+                Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
                 return false;
             }
 
@@ -464,5 +465,4 @@ namespace Microsoft.AspNet.Authentication
             auth.Handler = PriorHandler;
         }
     }
-}
-
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
index a70b11c60a..973f9f00fa 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
@@ -3,6 +3,7 @@
 
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -19,11 +20,12 @@ namespace Microsoft.AspNet.Authentication
         /// </summary>
         /// <param name="options">The original options passed by the application control behavior</param>
         /// <param name="context">The utility object to observe the current request and response</param>
+        /// <param name="logger">The logging factory used to create loggers</param>
         /// <returns>async completion</returns>
-        public Task Initialize(TOptions options, HttpContext context)
+        public Task Initialize(TOptions options, HttpContext context, ILogger logger)
         {
             Options = options;
-            return BaseInitializeAsync(options, context);
+            return BaseInitializeAsync(options, context, logger);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index b9eaa36f83..cdb6fbdf8a 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -6,6 +6,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
+using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authentication
@@ -17,6 +18,7 @@ namespace Microsoft.AspNet.Authentication
         protected AuthenticationMiddleware(
             [NotNull] RequestDelegate next, 
             [NotNull] IOptions<TOptions> options, 
+            [NotNull] ILoggerFactory loggerFactory,
             ConfigureOptions<TOptions> configureOptions)
         {
             if (configureOptions != null)
@@ -28,6 +30,8 @@ namespace Microsoft.AspNet.Authentication
             {
                 Options = options.Options;
             }
+            Logger = loggerFactory.CreateLogger(this.GetType().FullName);
+
             _next = next;
         }
 
@@ -35,10 +39,12 @@ namespace Microsoft.AspNet.Authentication
 
         public TOptions Options { get; set; }
 
+        public ILogger Logger { get; set; }
+
         public async Task Invoke(HttpContext context)
         {
-            AuthenticationHandler<TOptions> handler = CreateHandler();
-            await handler.Initialize(Options, context);
+            var handler = CreateHandler();
+            await handler.Initialize(Options, context, Logger);
             try
             {
                 if (!await handler.InvokeAsync())
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 2ade0a15fc..02769a8dd5 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -75,4 +75,4 @@ namespace Microsoft.AspNet.Authorization
             return any ? policyBuilder.Build() : null;
         }
     }
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index ba23fea2ba..cf628db547 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Http;
+using Microsoft.Framework.Logging;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
@@ -13,12 +14,10 @@ namespace Microsoft.AspNet.Authentication
         public void ShouldHandleSchemeAreDeterminedOnlyByMatchingAuthenticationScheme()
         {
             var handler = new TestHandler("Alpha");
-
-            bool passiveNoMatch = handler.ShouldHandleScheme("Beta");
+            var passiveNoMatch = handler.ShouldHandleScheme("Beta");
 
             handler = new TestHandler("Alpha");
-
-            bool passiveWithMatch = handler.ShouldHandleScheme("Alpha");
+            var passiveWithMatch = handler.ShouldHandleScheme("Alpha");
 
             Assert.False(passiveNoMatch);
             Assert.True(passiveWithMatch);
@@ -56,7 +55,7 @@ namespace Microsoft.AspNet.Authentication
         {
             public TestHandler(string scheme)
             {
-                Initialize(new TestOptions(), new DefaultHttpContext());
+                Initialize(new TestOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"));
                 Options.AuthenticationScheme = scheme;
             }
 
@@ -90,7 +89,7 @@ namespace Microsoft.AspNet.Authentication
         {
             public TestAutoHandler(string scheme, bool auto)
             {
-                Initialize(new TestAutoOptions(), new DefaultHttpContext());
+                Initialize(new TestAutoOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"));
                 Options.AuthenticationScheme = scheme;
                 Options.AutomaticAuthentication = auto;
             }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index a37dfe6d20..76db1debbd 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -226,6 +226,8 @@ namespace Microsoft.AspNet.Authentication.Google
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.InternalServerError);
         }
 
+
+
         [Fact]
         public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState()
         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index c31cdc6577..c3dbece13b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -565,14 +565,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// </summary>
     public class CustomOpenIdConnectAuthenticationHandler : OpenIdConnectAuthenticationHandler
     {
-        public CustomOpenIdConnectAuthenticationHandler(ILogger logger)
-            : base(logger)
+        public async Task BaseInitializeAsyncPublic(AuthenticationOptions options, HttpContext context, ILogger logger)
         {
-        }
-
-        public async Task BaseInitializeAsyncPublic(AuthenticationOptions options, HttpContext context)
-        {
-            await base.BaseInitializeAsync(options, context);
+            await base.BaseInitializeAsync(options, context, logger);
         }
 
         public override bool ShouldHandleScheme(string authenticationScheme)
@@ -619,13 +614,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
         {
-            return new CustomOpenIdConnectAuthenticationHandler(Logger);
-        }
-
-        public ILogger Logger
-        {
-            get;
-            set;
+            return new CustomOpenIdConnectAuthenticationHandler();
         }
     }
 
diff --git a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj
index 0e8a98e2a5..579dd0f442 100644
--- a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj
+++ b/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj
@@ -13,5 +13,8 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file

From 87c31c5526edee557997f03c7b13d46cb5d1d893 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 23 Apr 2015 22:49:47 -0700
Subject: [PATCH 218/900] Switch to IUrlEncoder, introduce AddAuthentication

---
 samples/CookieSample/Startup.cs               |  3 +--
 samples/CookieSessionSample/Startup.cs        |  3 +--
 samples/OpenIdConnectSample/Startup.cs        |  3 +--
 samples/SocialSample/Startup.cs               | 11 ++++----
 .../CookieAuthenticationMiddleware.cs         |  2 +-
 .../CookieServiceCollectionExtensions.cs      |  2 --
 .../FacebookAuthenticationHandler.cs          |  9 +++----
 .../FacebookAuthenticationMiddleware.cs       |  4 ++-
 .../GoogleAuthenticationMiddleware.cs         |  4 ++-
 ...icrosoftAccountAuthenticationMiddleware.cs |  4 ++-
 .../OAuthAuthenticationMiddleware.cs          |  4 ++-
 .../OAuthBearerAuthenticationMiddleware.cs    |  4 ++-
 .../OpenIdConnectAuthenticationHandler.cs     |  2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs  |  4 ++-
 .../TwitterAuthenticationHandler.cs           | 22 ++++++++--------
 .../TwitterAuthenticationMiddleware.cs        |  4 ++-
 .../AuthenticationHandler.cs                  |  6 ++++-
 .../AuthenticationHandler`1.cs                |  5 ++--
 .../AuthenticationMiddleware.cs               |  7 +++++-
 ...thenticationServiceCollectionExtensions.cs |  8 +++++-
 .../project.json                              |  5 ++--
 .../AuthenticationHandlerFacts.cs             |  4 +--
 .../Cookies/CookieMiddlewareTests.cs          |  3 +--
 .../Google/GoogleMiddlewareTests.cs           | 25 +++++++++----------
 ...Microsoft.AspNet.Authentication.Test.xproj |  3 +++
 .../MicrosoftAccountMiddlewareTests.cs        |  6 ++---
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |  2 +-
 .../OpenIdConnectHandlerTests.cs              | 10 +++++---
 .../OpenIdConnectMiddlewareTests.cs           | 14 +++++------
 .../Twitter/TwitterMiddlewareTests.cs         |  3 +--
 30 files changed, 106 insertions(+), 80 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index cff155a787..3f09191900 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -11,8 +11,7 @@ namespace CookieSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddWebEncoders();
-            services.AddDataProtection();
+            services.AddAuthentication();
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 314ff37825..0f962caeda 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -12,8 +12,7 @@ namespace CookieSessionSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddWebEncoders();
-            services.AddDataProtection();
+            services.AddAuthentication();
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 29b89c8240..7c1969d3bc 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -13,8 +13,7 @@ namespace OpenIdConnectSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddWebEncoders();
-            services.AddDataProtection();
+            services.AddAuthentication();
             services.Configure<ExternalAuthenticationOptions>(options =>
             {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index aea458e1ad..4bfc7b6594 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -19,8 +19,7 @@ namespace CookieSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddWebEncoders();
-            services.AddDataProtection();
+            services.AddAuthentication();
             services.Configure<ExternalAuthenticationOptions>(options =>
             {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
@@ -139,13 +138,13 @@ namespace CookieSample
                     OnGetUserInformationAsync = async (context) =>
                     {
                         // Get the GitHub user
-                        HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
+                        var userRequest = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
                         userRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
                         userRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
-                        HttpResponseMessage userResponse = await context.Backchannel.SendAsync(userRequest, context.HttpContext.RequestAborted);
+                        var userResponse = await context.Backchannel.SendAsync(userRequest, context.HttpContext.RequestAborted);
                         userResponse.EnsureSuccessStatusCode();
                         var text = await userResponse.Content.ReadAsStringAsync();
-                        JObject user = JObject.Parse(text);
+                        var user = JObject.Parse(text);
 
                         var identity = new ClaimsIdentity(
                             context.Options.AuthenticationScheme,
@@ -184,7 +183,7 @@ namespace CookieSample
             {
                 signoutApp.Run(async context =>
                 {
-                    string authType = context.Request.Query["authscheme"];
+                    var authType = context.Request.Query["authscheme"];
                     if (!string.IsNullOrEmpty(authType))
                     {
                         // By default the client will be redirect back to the URL that issued the challenge (/login?authtype=foo),
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 0a5789f7c2..2c77439320 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             [NotNull] IUrlEncoder urlEncoder,
             [NotNull] IOptions<CookieAuthenticationOptions> options,
             ConfigureOptions<CookieAuthenticationOptions> configureOptions)
-            : base(next, options, loggerFactory, configureOptions)
+            : base(next, options, loggerFactory, urlEncoder, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index c0e188eca6..af6d4d3773 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -20,7 +20,6 @@ namespace Microsoft.Framework.DependencyInjection
 
         public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure, string optionsName)
         {
-            services.AddWebEncoders();
             return services.Configure(configure, optionsName);
         }
 
@@ -31,7 +30,6 @@ namespace Microsoft.Framework.DependencyInjection
 
         public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
         {
-            services.AddWebEncoders();
             return services.Configure<CookieAuthenticationOptions>(config, optionsName);
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index 246a5328ec..3f5766e50c 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -8,13 +8,12 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Collections;
 using Microsoft.AspNet.Http.Extensions;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.WebUtilities;
-using Microsoft.Framework.Logging;
+using Microsoft.Framework.WebEncoders;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Facebook
@@ -53,7 +52,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
         protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
         {
-            var graphAddress = Options.UserInformationEndpoint + "?access_token=" + Uri.EscapeDataString(tokens.AccessToken);
+            var graphAddress = Options.UserInformationEndpoint + "?access_token=" + UrlEncoder.UrlEncode(tokens.AccessToken);
             if (Options.SendAppSecretProof)
             {
                 graphAddress += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken);
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index 39b0e87eae..4fa9224c9a 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -9,6 +9,7 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
@@ -28,10 +29,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<FacebookAuthenticationOptions> options,
             ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index f98d659d2f..3f0bd745d7 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -9,6 +9,7 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
@@ -29,10 +30,11 @@ namespace Microsoft.AspNet.Authentication.Google
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<GoogleAuthenticationOptions> options,
             ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 8978c4d1d5..06001f1830 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -7,6 +7,7 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
@@ -26,10 +27,11 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<MicrosoftAccountAuthenticationOptions> options,
             ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 9a211ef242..3188a1bd90 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -11,6 +11,7 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
@@ -33,10 +34,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<TOptions> options,
             ConfigureOptions<TOptions> configureOptions = null)
-            : base(next, options, loggerFactory, configureOptions)
+            : base(next, options, loggerFactory, encoder, configureOptions)
         {
             // todo: review error handling
             if (string.IsNullOrWhiteSpace(Options.AuthenticationScheme))
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index a18bbee935..1bde86c83a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -11,6 +11,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
@@ -32,9 +33,10 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         public OAuthBearerAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<OAuthBearerAuthenticationOptions> options,
             ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
-            : base(next, options, loggerFactory, configureOptions)
+            : base(next, options, loggerFactory, encoder, configureOptions)
         {
             if (Options.Notifications == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 75914cc7bb..25af5a4a0c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -180,7 +180,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ResponseMode = Options.ResponseMode,
                 ResponseType = Options.ResponseType,
                 Scope = Options.Scope,
-                State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
+                State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + UrlEncoder.UrlEncode(Options.StateDataFormat.Protect(properties))
             };
 
             if (Options.ProtocolValidator.RequireNonce)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 46524c17ce..70e45d0c2d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -17,6 +17,7 @@ using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.Framework.Internal;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -40,10 +41,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null)
-            : base(next, options, loggerFactory, configureOptions)
+            : base(next, options, loggerFactory, encoder, configureOptions)
         {
             if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(externalOptions.Options.SignInScheme))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index cbc48910c3..6df6fc1a80 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -244,7 +244,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var parameterBuilder = new StringBuilder();
             foreach (var authorizationKey in authorizationParts)
             {
-                parameterBuilder.AppendFormat("{0}={1}&", Uri.EscapeDataString(authorizationKey.Key), Uri.EscapeDataString(authorizationKey.Value));
+                parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.UrlEncode(authorizationKey.Key), UrlEncoder.UrlEncode(authorizationKey.Value));
             }
             parameterBuilder.Length--;
             var parameterString = parameterBuilder.ToString();
@@ -252,9 +252,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var canonicalizedRequestBuilder = new StringBuilder();
             canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(RequestTokenEndpoint));
+            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(RequestTokenEndpoint));
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(parameterString));
+            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(parameterString));
 
             var signature = ComputeSignature(consumerSecret, null, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
@@ -264,7 +264,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             foreach (var authorizationPart in authorizationParts)
             {
                 authorizationHeaderBuilder.AppendFormat(
-                    "{0}=\"{1}\", ", authorizationPart.Key, Uri.EscapeDataString(authorizationPart.Value));
+                    "{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.UrlEncode(authorizationPart.Value));
             }
             authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
 
@@ -306,7 +306,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var parameterBuilder = new StringBuilder();
             foreach (var authorizationKey in authorizationParts)
             {
-                parameterBuilder.AppendFormat("{0}={1}&", Uri.EscapeDataString(authorizationKey.Key), Uri.EscapeDataString(authorizationKey.Value));
+                parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.UrlEncode(authorizationKey.Key), UrlEncoder.UrlEncode(authorizationKey.Value));
             }
             parameterBuilder.Length--;
             var parameterString = parameterBuilder.ToString();
@@ -314,9 +314,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var canonicalizedRequestBuilder = new StringBuilder();
             canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(AccessTokenEndpoint));
+            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(AccessTokenEndpoint));
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(Uri.EscapeDataString(parameterString));
+            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(parameterString));
 
             var signature = ComputeSignature(consumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
@@ -327,7 +327,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             foreach (var authorizationPart in authorizationParts)
             {
                 authorizationHeaderBuilder.AppendFormat(
-                    "{0}=\"{1}\", ", authorizationPart.Key, Uri.EscapeDataString(authorizationPart.Value));
+                    "{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.UrlEncode(authorizationPart.Value));
             }
             authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
 
@@ -367,15 +367,15 @@ namespace Microsoft.AspNet.Authentication.Twitter
             return Convert.ToInt64(secondsSinceUnixEpocStart.TotalSeconds).ToString(CultureInfo.InvariantCulture);
         }
 
-        private static string ComputeSignature(string consumerSecret, string tokenSecret, string signatureData)
+        private string ComputeSignature(string consumerSecret, string tokenSecret, string signatureData)
         {
             using (var algorithm = new HMACSHA1())
             {
                 algorithm.Key = Encoding.ASCII.GetBytes(
                     string.Format(CultureInfo.InvariantCulture,
                         "{0}&{1}",
-                        Uri.EscapeDataString(consumerSecret),
-                        string.IsNullOrEmpty(tokenSecret) ? string.Empty : Uri.EscapeDataString(tokenSecret)));
+                        UrlEncoder.UrlEncode(consumerSecret),
+                        string.IsNullOrEmpty(tokenSecret) ? string.Empty : UrlEncoder.UrlEncode(tokenSecret)));
                 var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(signatureData));
                 return Convert.ToBase64String(hash);
             }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 145cf4cad9..c1d2661635 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -13,6 +13,7 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
@@ -36,10 +37,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<TwitterAuthenticationOptions> options,
             ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
-            : base(next, options, loggerFactory, configureOptions)
+            : base(next, options, loggerFactory, encoder, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
             {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 7d412d28ae..fed4778780 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -10,6 +10,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -50,6 +51,8 @@ namespace Microsoft.AspNet.Authentication
 
         protected ILogger Logger { get; private set; }
 
+        protected IUrlEncoder UrlEncoder { get; private set; }
+
         internal AuthenticationOptions BaseOptions
         {
             get { return _baseOptions; }
@@ -61,12 +64,13 @@ namespace Microsoft.AspNet.Authentication
 
         public bool Faulted { get; set; }
 
-        protected async Task BaseInitializeAsync([NotNull] AuthenticationOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger)
+        protected async Task BaseInitializeAsync([NotNull] AuthenticationOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger, [NotNull] IUrlEncoder encoder)
         {
             _baseOptions = options;
             Context = context;
             RequestPathBase = Request.PathBase;
             Logger = logger;
+            UrlEncoder = encoder;
 
             RegisterAuthenticationHandler();
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
index 973f9f00fa..1c59b3573d 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
@@ -4,6 +4,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -22,10 +23,10 @@ namespace Microsoft.AspNet.Authentication
         /// <param name="context">The utility object to observe the current request and response</param>
         /// <param name="logger">The logging factory used to create loggers</param>
         /// <returns>async completion</returns>
-        public Task Initialize(TOptions options, HttpContext context, ILogger logger)
+        public Task Initialize(TOptions options, HttpContext context, ILogger logger, IUrlEncoder encoder)
         {
             Options = options;
-            return BaseInitializeAsync(options, context, logger);
+            return BaseInitializeAsync(options, context, logger, encoder);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index cdb6fbdf8a..a70927f504 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -8,6 +8,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -19,6 +20,7 @@ namespace Microsoft.AspNet.Authentication
             [NotNull] RequestDelegate next, 
             [NotNull] IOptions<TOptions> options, 
             [NotNull] ILoggerFactory loggerFactory,
+            [NotNull] IUrlEncoder encoder,
             ConfigureOptions<TOptions> configureOptions)
         {
             if (configureOptions != null)
@@ -31,6 +33,7 @@ namespace Microsoft.AspNet.Authentication
                 Options = options.Options;
             }
             Logger = loggerFactory.CreateLogger(this.GetType().FullName);
+            UrlEncoder = encoder;
 
             _next = next;
         }
@@ -41,10 +44,12 @@ namespace Microsoft.AspNet.Authentication
 
         public ILogger Logger { get; set; }
 
+        public IUrlEncoder UrlEncoder { get; set; }
+
         public async Task Invoke(HttpContext context)
         {
             var handler = CreateHandler();
-            await handler.Initialize(Options, context, Logger);
+            await handler.Initialize(Options, context, Logger, UrlEncoder);
             try
             {
                 if (!await handler.InvokeAsync())
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index 43c0a7426b..705ae6227e 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Security.Claims;
-using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
 using Microsoft.Framework.Internal;
 
@@ -11,6 +10,13 @@ namespace Microsoft.Framework.DependencyInjection
 {
     public static class AuthenticationServiceCollectionExtensions
     {
+        public static IServiceCollection AddAuthentication([NotNull] this IServiceCollection services)
+        {
+            services.AddWebEncoders();
+            services.AddDataProtection();
+            return services;
+        }
+
         public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
         {
             return services.Configure(configure);
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index a28d27e07a..31f0338615 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -2,12 +2,13 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
     "dependencies": {
-        "Microsoft.AspNet.DataProtection.Interfaces": "1.0.0-*",
+        "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.Framework.OptionsModel": "1.0.0-*"
+        "Microsoft.Framework.OptionsModel": "1.0.0-*",
+        "Microsoft.Framework.WebEncoders": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index cf628db547..f5428f1a36 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -55,7 +55,7 @@ namespace Microsoft.AspNet.Authentication
         {
             public TestHandler(string scheme)
             {
-                Initialize(new TestOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"));
+                Initialize(new TestOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
                 Options.AuthenticationScheme = scheme;
             }
 
@@ -89,7 +89,7 @@ namespace Microsoft.AspNet.Authentication
         {
             public TestAutoHandler(string scheme, bool auto)
             {
-                Initialize(new TestAutoOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"));
+                Initialize(new TestAutoOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
                 Options.AuthenticationScheme = scheme;
                 Options.AutomaticAuthentication = auto;
             }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index cd2483119f..9c1ac2fdd6 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -573,8 +573,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             },
             services =>
             {
-                services.AddWebEncoders();
-                services.AddDataProtection();
+                services.AddAuthentication();
                 if (claimsTransform != null)
                 {
                     services.ConfigureClaimsTransformation(claimsTransform);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 76db1debbd..6ed8a1734b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -109,7 +109,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
+            query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"));
         }
 
         [Fact]
@@ -124,7 +124,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await SendAsync(server, "https://example.com/401");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile email"));
+            query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"));
         }
 
         [Fact]
@@ -231,7 +231,7 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -284,7 +284,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
-                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldBe("/me");
@@ -308,7 +308,7 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ReplyPathWillRejectIfCodeIsInvalid()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -329,7 +329,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
-                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldContain("error=access_denied");
@@ -338,7 +338,7 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ReplyPathWillRejectIfAccessTokenIsMissing()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -359,7 +359,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
-                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldContain("error=access_denied");
@@ -368,7 +368,7 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -431,7 +431,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
-                "https://example.com/signin-google?code=TestCode&state=" + Uri.EscapeDataString(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldBe("/me");
@@ -532,8 +532,7 @@ namespace Microsoft.AspNet.Authentication.Google
             },
             services =>
             {
-                services.AddWebEncoders();
-                services.AddDataProtection();
+                services.AddAuthentication();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = CookieAuthenticationScheme;
@@ -614,7 +613,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
             public string FindClaimValue(string claimType)
             {
-                XElement claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+                var claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
                 if (claim == null)
                 {
                     return null;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj b/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj
index 3bcf72482b..aaf23b99e3 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj
+++ b/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj
@@ -13,5 +13,8 @@
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 7ea8482072..28ca0ecc94 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -19,6 +19,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.WebEncoders;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
@@ -143,7 +144,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
-                "https://example.com/signin-microsoft?code=TestCode&state=" + Uri.EscapeDataString(state),
+                "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldBe("/me");
@@ -177,8 +178,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             },
             services =>
             {
-                services.AddWebEncoders();
-                services.AddDataProtection();
+                services.AddAuthentication();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = "External";
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index e688497d9e..2fd8bb4226 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -336,7 +336,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     }
                 });
             },
-            services => services.AddDataProtection());
+            services => services.AddAuthentication());
         }
 
         private static async Task<Transaction> SendAsync(TestServer server, string uri, string authorizationHeader = null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index c3dbece13b..1974373470 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -20,6 +20,7 @@ using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Shouldly;
 using Xunit;
@@ -115,7 +116,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             var propertiesFormatter = new AuthenticationPropertiesFormater();
             var protectedProperties = propertiesFormatter.Protect(new AuthenticationProperties());
-            var state = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(protectedProperties);
+            var state = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + UrlEncoder.Default.UrlEncode(protectedProperties);
             var code = Guid.NewGuid().ToString();
             var message =
                 new OpenIdConnectMessage
@@ -565,9 +566,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// </summary>
     public class CustomOpenIdConnectAuthenticationHandler : OpenIdConnectAuthenticationHandler
     {
-        public async Task BaseInitializeAsyncPublic(AuthenticationOptions options, HttpContext context, ILogger logger)
+        public async Task BaseInitializeAsyncPublic(AuthenticationOptions options, HttpContext context, ILogger logger, IUrlEncoder encoder)
         {
-            await base.BaseInitializeAsync(options, context, logger);
+            await base.BaseInitializeAsync(options, context, logger, encoder);
         }
 
         public override bool ShouldHandleScheme(string authenticationScheme)
@@ -603,11 +604,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
             IOptions<ExternalAuthenticationOptions> externalOptions,
             IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null
             )
-        : base(next, dataProtectionProvider, loggerFactory, externalOptions, options, configureOptions)
+        : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
         {
             Logger = (loggerFactory as CustomLoggerFactory).Logger;
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 6abc8aa946..85e74e19a5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -22,6 +22,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.WebEncoders;
 using Newtonsoft.Json;
 using Shouldly;
 using Xunit;
@@ -75,7 +76,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.Query.ShouldContain("&scope=" + Uri.EscapeDataString("openid profile"));
+            transaction.Response.Headers.Location.Query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile"));
         }
 
         [Fact]
@@ -92,8 +93,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var transaction = await SendAsync(server, "https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("scope=" + Uri.EscapeDataString("https://www.googleapis.com/auth/plus.login"));
-            query.ShouldContain("response_type=" + Uri.EscapeDataString("id_token"));
+            query.ShouldContain("scope=" + UrlEncoder.Default.UrlEncode("https://www.googleapis.com/auth/plus.login"));
+            query.ShouldContain("response_type=" + UrlEncoder.Default.UrlEncode("id_token"));
         }
 
         [Fact]
@@ -148,7 +149,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             var transaction = await SendAsync(server, "https://example.com/signout");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(Uri.EscapeDataString("https://example.com/logout"));
+            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(UrlEncoder.Default.UrlEncode("https://example.com/logout"));
         }
 
         [Fact]
@@ -163,7 +164,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             var transaction = await SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(Uri.EscapeDataString("http://www.example.com/specific_redirect_uri"));
+            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(UrlEncoder.Default.UrlEncode("http://www.example.com/specific_redirect_uri"));
         }
 
         [Fact]
@@ -234,8 +235,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             },
             services =>
             {
-                services.AddWebEncoders();
-                services.AddDataProtection();
+                services.AddAuthentication();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index d4f6fd24a7..bca10fbf44 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -123,8 +123,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             },
             services =>
             {
-                services.AddWebEncoders();
-                services.AddDataProtection();
+                services.AddAuthentication();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = "External";

From 63fc18b945bb30b217de20d2aec7c042f70a68ae Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 24 Apr 2015 09:39:17 -0700
Subject: [PATCH 219/900] React to auth feature API changes.

---
 samples/CookieSample/Startup.cs               |  2 +-
 samples/CookieSessionSample/Startup.cs        |  2 +-
 samples/OpenIdConnectSample/Startup.cs        |  2 +-
 samples/SocialSample/Startup.cs               |  8 ++---
 .../CookieAuthenticationHandler.cs            | 14 ++++----
 .../GoogleAuthenticationHandler.cs            |  4 +--
 .../OAuthAuthenticationHandler.cs             |  2 +-
 .../OpenIdConnectAuthenticationHandler.cs     | 12 +++----
 .../TwitterAuthenticationHandler.cs           |  2 +-
 .../AuthenticationHandler.cs                  | 32 +++++++++----------
 ...aimsTransformationAuthenticationHandler.cs | 22 ++++++-------
 .../Serializer/PropertiesSerializer.cs        |  4 +--
 .../SignInContext.cs                          | 20 ------------
 .../Cookies/CookieMiddlewareTests.cs          | 20 ++++++------
 .../Facebook/FacebookMiddlewareTests.cs       |  4 +--
 .../Google/GoogleMiddlewareTests.cs           | 22 ++++++-------
 .../MicrosoftAccountMiddlewareTests.cs        |  6 ++--
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |  4 +--
 .../OpenIdConnectHandlerTests.cs              | 24 +-------------
 .../OpenIdConnectMiddlewareTests.cs           |  8 ++---
 .../Twitter/TwitterMiddlewareTests.cs         |  4 +--
 21 files changed, 88 insertions(+), 130 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication/SignInContext.cs

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 3f09191900..6547450e51 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -28,7 +28,7 @@ namespace CookieSample
                 if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
                     var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }));
-                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, user);
+                    context.Authentication.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, user);
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 0f962caeda..f0b1b5219b 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -36,7 +36,7 @@ namespace CookieSessionSample
                     {
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                     }
-                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(claims)));
+                    context.Authentication.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(claims)));
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 7c1969d3bc..2077d802bb 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -40,7 +40,7 @@ namespace OpenIdConnectSample
             {
                 if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
-                    context.Response.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
+                    context.Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 4bfc7b6594..f552ceea3c 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -188,14 +188,14 @@ namespace CookieSample
                     {
                         // By default the client will be redirect back to the URL that issued the challenge (/login?authtype=foo),
                         // send them to the home page instead (/).
-                        context.Response.Challenge(new AuthenticationProperties() { RedirectUri = "/" }, authType);
+                        context.Authentication.Challenge(authType, new AuthenticationProperties() { RedirectUri = "/" });
                         return;
                     }
 
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("Choose an authentication scheme: <br>");
-                    foreach (var type in context.GetAuthenticationSchemes())
+                    foreach (var type in context.Authentication.GetAuthenticationSchemes())
                     {
                         await context.Response.WriteAsync("<a href=\"?authscheme=" + type.AuthenticationScheme + "\">" + (type.Caption ?? "(suppressed)") + "</a><br>");
                     }
@@ -208,7 +208,7 @@ namespace CookieSample
             {
                 signoutApp.Run(async context =>
                 {
-                    context.Response.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);
+                    context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
@@ -223,7 +223,7 @@ namespace CookieSample
                 if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
                     // The cookie middleware will intercept this 401 and redirect to /login
-                    context.Response.Challenge();
+                    context.Authentication.Challenge();
                     return;
                 }
                 await next();
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 27b0d2c4e0..5e1acbcb16 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -157,23 +157,23 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         Options,
                         Options.AuthenticationScheme,
                         signin.Principal,
-                        signin.Properties,
+                        new AuthenticationProperties(signin.Properties),
                         cookieOptions);
 
                     DateTimeOffset issuedUtc;
-                    if (signin.Properties.IssuedUtc.HasValue)
+                    if (signInContext.Properties.IssuedUtc.HasValue)
                     {
-                        issuedUtc = signin.Properties.IssuedUtc.Value;
+                        issuedUtc = signInContext.Properties.IssuedUtc.Value;
                     }
                     else
                     {
                         issuedUtc = Options.SystemClock.UtcNow;
-                        signin.Properties.IssuedUtc = issuedUtc;
+                        signInContext.Properties.IssuedUtc = issuedUtc;
                     }
 
-                    if (!signin.Properties.ExpiresUtc.HasValue)
+                    if (!signInContext.Properties.ExpiresUtc.HasValue)
                     {
-                        signin.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
+                        signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
                     }
 
                     Options.Notifications.ResponseSignIn(signInContext);
@@ -226,7 +226,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         Context,
                         Options,
                         cookieOptions);
-                    
+
                     Options.Notifications.ResponseSignOut(context);
 
                     Options.CookieManager.DeleteCookie(
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
index 175c38c207..c30e70526f 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
@@ -102,14 +102,14 @@ namespace Microsoft.AspNet.Authentication.Google
             string name, string defaultValue = null)
         {
             string value;
-            if (!properties.Dictionary.TryGetValue(name, out value))
+            if (!properties.Items.TryGetValue(name, out value))
             {
                 value = defaultValue;
             }
             else
             {
                 // Remove the parameter from AuthenticationProperties so it won't be serialized to state parameter
-                properties.Dictionary.Remove(name);
+                properties.Items.Remove(name);
             }
 
             if (value == null)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 5d3cb8c60d..21c684a68d 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -56,7 +56,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             if (context.SignInScheme != null && context.Principal != null)
             {
-                Context.Response.SignIn(context.SignInScheme, context.Principal, context.Properties);
+                Context.Authentication.SignIn(context.SignInScheme, context.Principal, context.Properties);
             }
 
             if (!context.IsRequestCompleted && context.RedirectUri != null)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 25af5a4a0c..3ea2a4578d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -161,7 +161,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             // When redeeming a 'code' for an AccessToken, this value is needed
             if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
             {
-                properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri);
+                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri);
             }
 
             if (_configuration == null && Options.ConfigurationManager != null)
@@ -385,12 +385,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
                     if (!string.IsNullOrWhiteSpace(message.SessionState))
                     {
-                        ticket.Properties.Dictionary[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
+                        ticket.Properties.Items[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
                     }
 
                     if (_configuration != null && !string.IsNullOrWhiteSpace(_configuration.CheckSessionIframe))
                     {
-                        ticket.Properties.Dictionary[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
+                        ticket.Properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
                     }
 
                     // Rename?
@@ -466,8 +466,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                         Code = message.Code,
                         JwtSecurityToken = jwt,
                         ProtocolMessage = message,
-                        RedirectUri = ticket.Properties.Dictionary.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey) ?
-                                      ticket.Properties.Dictionary[OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey] : string.Empty,
+                        RedirectUri = ticket.Properties.Items.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey) ?
+                                      ticket.Properties.Items[OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey] : string.Empty,
                     };
 
                     await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
@@ -632,7 +632,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 if (ticket.Principal != null)
                 {
-                    Request.HttpContext.Response.SignIn(Options.SignInScheme, ticket.Principal, ticket.Properties);
+                    Request.HttpContext.Authentication.SignIn(Options.SignInScheme, ticket.Principal, ticket.Properties);
                 }
 
                 // Redirect back to the original secured resource, if any.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 6df6fc1a80..e487f76982 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -208,7 +208,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             if (context.SignInScheme != null && context.Principal != null)
             {
-                Context.Response.SignIn(context.SignInScheme, context.Principal, context.Properties);
+                Context.Authentication.SignIn(context.SignInScheme, context.Principal, context.Properties);
             }
 
             if (!context.IsRequestCompleted && context.RedirectUri != null)
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index fed4778780..22bc9eb36b 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -31,9 +31,9 @@ namespace Microsoft.AspNet.Authentication
 
         private AuthenticationOptions _baseOptions;
 
-        protected IChallengeContext ChallengeContext { get; set; }
+        protected ChallengeContext ChallengeContext { get; set; }
         protected SignInContext SignInContext { get; set; }
-        protected ISignOutContext SignOutContext { get; set; }
+        protected SignOutContext SignOutContext { get; set; }
 
         protected HttpContext Context { get; private set; }
 
@@ -145,9 +145,9 @@ namespace Microsoft.AspNet.Authentication
             return Task.FromResult(false);
         }
 
-        public virtual void GetDescriptions(IDescribeSchemesContext describeContext)
+        public virtual void GetDescriptions(DescribeSchemesContext describeContext)
         {
-            describeContext.Accept(BaseOptions.Description.Dictionary);
+            describeContext.Accept(BaseOptions.Description.Items);
 
             if (PriorHandler != null)
             {
@@ -155,7 +155,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual void Authenticate(IAuthenticateContext context)
+        public virtual void Authenticate(AuthenticateContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
@@ -163,7 +163,7 @@ namespace Microsoft.AspNet.Authentication
                 if (ticket?.Principal != null)
                 {
                     AuthenticateCalled = true;
-                    context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
+                    context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
                 }
                 else
                 {
@@ -177,7 +177,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual async Task AuthenticateAsync(IAuthenticateContext context)
+        public virtual async Task AuthenticateAsync(AuthenticateContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
@@ -185,7 +185,7 @@ namespace Microsoft.AspNet.Authentication
                 if (ticket?.Principal != null)
                 {
                     AuthenticateCalled = true;
-                    context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
+                    context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
                 }
                 else
                 {
@@ -326,13 +326,13 @@ namespace Microsoft.AspNet.Authentication
             return Task.FromResult(0);
         }
 
-        public virtual void SignIn(ISignInContext context)
+        public virtual void SignIn(SignInContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
-                SignInContext = new SignInContext(context.Principal, new AuthenticationProperties(context.Properties));
+                SignInContext = context;
                 SignOutContext = null;
-                context.Accept(BaseOptions.Description.Dictionary);
+                context.Accept();
             }
 
             if (PriorHandler != null)
@@ -341,7 +341,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual void SignOut(ISignOutContext context)
+        public virtual void SignOut(SignOutContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
@@ -356,7 +356,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual void Challenge(IChallengeContext context)
+        public virtual void Challenge(ChallengeContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
@@ -414,7 +414,7 @@ namespace Microsoft.AspNet.Authentication
                 Secure = Request.IsHttps
             };
 
-            properties.Dictionary[correlationKey] = correlationId;
+            properties.Items[correlationKey] = correlationId;
 
             Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
         }
@@ -437,7 +437,7 @@ namespace Microsoft.AspNet.Authentication
             Response.Cookies.Delete(correlationKey, cookieOptions);
 
             string correlationExtra;
-            if (!properties.Dictionary.TryGetValue(
+            if (!properties.Items.TryGetValue(
                 correlationKey,
                 out correlationExtra))
             {
@@ -445,7 +445,7 @@ namespace Microsoft.AspNet.Authentication
                 return false;
             }
 
-            properties.Dictionary.Remove(correlationKey);
+            properties.Items.Remove(correlationKey);
 
             if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
             {
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
index ae1599ee03..5839d4d4e5 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
@@ -22,24 +22,24 @@ namespace Microsoft.AspNet.Authentication
 
         public IAuthenticationHandler PriorHandler { get; set; }
 
-        private void ApplyTransform(IAuthenticateContext context)
+        private void ApplyTransform(AuthenticateContext context)
         {
             if (_transform != null)
             {
                 // REVIEW: this cast seems really bad (missing interface way to get the result back out?)
                 var authContext = context as AuthenticateContext;
-                if (authContext?.Result?.Principal != null)
+                if (authContext?.Principal != null)
                 {
                     context.Authenticated(
-                        _transform.Invoke(authContext.Result.Principal),
-                        authContext.Result.Properties.Dictionary,
-                        authContext.Result.Description.Dictionary);
+                        _transform.Invoke(authContext.Principal),
+                        authContext.Properties,
+                        authContext.Description);
                 }
             }
 
         }
 
-        public void Authenticate(IAuthenticateContext context)
+        public void Authenticate(AuthenticateContext context)
         {
             if (PriorHandler != null)
             {
@@ -48,7 +48,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public async Task AuthenticateAsync(IAuthenticateContext context)
+        public async Task AuthenticateAsync(AuthenticateContext context)
         {
             if (PriorHandler != null)
             {
@@ -57,7 +57,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public void Challenge(IChallengeContext context)
+        public void Challenge(ChallengeContext context)
         {
             if (PriorHandler != null)
             {
@@ -65,7 +65,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public void GetDescriptions(IDescribeSchemesContext context)
+        public void GetDescriptions(DescribeSchemesContext context)
         {
             if (PriorHandler != null)
             {
@@ -73,7 +73,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public void SignIn(ISignInContext context)
+        public void SignIn(SignInContext context)
         {
             if (PriorHandler != null)
             {
@@ -81,7 +81,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public void SignOut(ISignOutContext context)
+        public void SignOut(SignOutContext context)
         {
             if (PriorHandler != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
index 9b262e6c25..ccfba6456b 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
@@ -44,8 +44,8 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
         public static void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationProperties properties)
         {
             writer.Write(FormatVersion);
-            writer.Write(properties.Dictionary.Count);
-            foreach (var kv in properties.Dictionary)
+            writer.Write(properties.Items.Count);
+            foreach (var kv in properties.Items)
             {
                 writer.Write(kv.Key);
                 writer.Write(kv.Value);
diff --git a/src/Microsoft.AspNet.Authentication/SignInContext.cs b/src/Microsoft.AspNet.Authentication/SignInContext.cs
deleted file mode 100644
index efe055ba83..0000000000
--- a/src/Microsoft.AspNet.Authentication/SignInContext.cs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Security.Claims;
-using Microsoft.AspNet.Http.Authentication;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class SignInContext
-    {
-        public SignInContext(ClaimsPrincipal principal, AuthenticationProperties properties)
-        {
-            Principal = principal;
-            Properties = properties;
-        }
-
-        public ClaimsPrincipal Principal { get; private set; }
-        public AuthenticationProperties Properties { get; private set; }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 9c1ac2fdd6..aa13043976 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -79,7 +79,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private Task SignInAsAlice(HttpContext context)
         {
-            context.Response.SignIn("Cookies",
+            context.Authentication.SignIn("Cookies",
                 new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                 new AuthenticationProperties());
             return Task.FromResult<object>(null);
@@ -87,7 +87,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private Task SignInAsWrong(HttpContext context)
         {
-            context.Response.SignIn("Oops",
+            context.Authentication.SignIn("Oops",
                 new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                 new AuthenticationProperties());
             return Task.FromResult<object>(null);
@@ -95,7 +95,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private Task SignOutAsWrong(HttpContext context)
         {
-            context.Response.SignOut("Oops");
+            context.Authentication.SignOut("Oops");
             return Task.FromResult<object>(null);
         }
 
@@ -305,7 +305,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             },
             context =>
             {
-                context.Response.SignIn("Cookies",
+                context.Authentication.SignIn("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                     new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) });
                     return Task.FromResult<object>(null);
@@ -435,7 +435,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             context =>
             {
                 Assert.Equal(new PathString("/base"), context.Request.PathBase);
-                context.Response.SignIn("Cookies", 
+                context.Authentication.SignIn("Cookies", 
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
                 return Task.FromResult<object>(null);
             },
@@ -545,12 +545,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     else if (req.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
-                        var result = await context.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                        res.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
+                        var result = await context.Authentication.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                        context.Authentication.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
                     }
                     else if (req.Path == new PathString("/protected/CustomRedirect"))
                     {
-                        context.Response.Challenge(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
+                        context.Authentication.Challenge(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
                     }
                     else if (req.Path == new PathString("/me"))
                     {
@@ -558,7 +558,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     }
                     else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
                     {
-                        var result = await context.AuthenticateAsync(remainder.Value.Substring(1));
+                        var result = await context.Authentication.AuthenticateAsync(remainder.Value.Substring(1));
                         Describe(res, result);
                     }
                     else if (req.Path == new PathString("/testpath") && testpath != null)
@@ -594,7 +594,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             if (result != null && result.Properties != null)
             {
-                xml.Add(result.Properties.Dictionary.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
+                xml.Add(result.Properties.Items.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
             }
             using (var memory = new MemoryStream())
             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index ad3f6b74fe..2cde6c7678 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -55,7 +55,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 context =>
                 {
-                    context.Response.Challenge("Facebook");
+                    context.Authentication.Challenge("Facebook");
                     return true;
                 });
             var transaction = await SendAsync(server, "http://example.com/challenge");
@@ -93,7 +93,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 context =>
                 {
-                    context.Response.Challenge("Facebook");
+                    context.Authentication.Challenge("Facebook");
                     return true;
                 });
             var transaction = await SendAsync(server, "http://example.com/challenge");
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 6ed8a1734b..08917a6748 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -142,14 +142,14 @@ namespace Microsoft.AspNet.Authentication.Google
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge2"))
                     {
-                        res.Challenge(new AuthenticationProperties(
+                        context.Authentication.Challenge("Google", new AuthenticationProperties(
                             new Dictionary<string, string>()
                             {
                                 { "scope", "https://www.googleapis.com/auth/plus.login" },
                                 { "access_type", "offline" },
                                 { "approval_prompt", "force" },
                                 { "login_hint", "test@example.com" }
-                            }), "Google");
+                            }));
                         res.StatusCode = 401;
                     }
 
@@ -280,7 +280,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
-            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
@@ -325,7 +325,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
-            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
@@ -355,7 +355,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
-            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
@@ -427,7 +427,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
-            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
@@ -497,7 +497,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge"))
                     {
-                        res.Challenge("Google");
+                        context.Authentication.Challenge("Google");
                         res.StatusCode = 401;
                     }
                     else if (req.Path == new PathString("/me"))
@@ -507,14 +507,14 @@ namespace Microsoft.AspNet.Authentication.Google
                     else if (req.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
-                        var result = await context.AuthenticateAsync("Google");
-                        res.Challenge("Google");
+                        var result = await context.Authentication.AuthenticateAsync("Google");
+                        context.Authentication.Challenge("Google");
                     }
                     else if (req.Path == new PathString("/unauthorizedAuto"))
                     {
-                        var result = await context.AuthenticateAsync("Google");
+                        var result = await context.Authentication.AuthenticateAsync("Google");
                         res.StatusCode = 401;
-                        res.Challenge();
+                        context.Authentication.Challenge();
                     }
                     else if (req.Path == new PathString("/401"))
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 28ca0ecc94..60230224b6 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -46,7 +46,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 },
                 context =>
                 {
-                    context.Response.Challenge("Microsoft");
+                    context.Authentication.Challenge("Microsoft");
                     return true;
                 });
             var transaction = await SendAsync(server, "http://example.com/challenge");
@@ -66,7 +66,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 },
                 context =>
                 {
-                    context.Response.Challenge("Microsoft");
+                    context.Authentication.Challenge("Microsoft");
                     return true;
                 });
             var transaction = await SendAsync(server, "http://example.com/challenge");
@@ -140,7 +140,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Microsoft";
             var correlationValue = "TestCorrelationId";
-            properties.Dictionary.Add(correlationKey, correlationValue);
+            properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await SendAsync(server,
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index 2fd8bb4226..4d589a43c8 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -326,8 +326,8 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     else if (context.Request.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
-                        var result = await context.AuthenticateAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
-                        context.Response.Challenge(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
+                        var result = await context.Authentication.AuthenticateAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
+                        context.Authentication.Challenge(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
                     }
 
                     else
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 1974373470..1134c7300c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -493,28 +493,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         }
     }
 
-    public class OpenIdConnectAuthenticationContext : IAuthenticateContext
-    {
-        public OpenIdConnectAuthenticationContext(string scheme = null)
-        {
-            AuthenticationScheme = scheme ?? OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
-        }
-
-        public string AuthenticationScheme
-        {
-            get;
-            set;
-        }
-
-        public void Authenticated(ClaimsPrincipal principal, IDictionary<string, string> properties, IDictionary<string, object> description)
-        {
-        }
-
-        public void NotAuthenticated()
-        {
-        }
-    }
-
     /// <summary>
     /// Provides a Facade over IOptions
     /// </summary>
@@ -576,7 +554,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return true;
         }
 
-        public override void Challenge(IChallengeContext context)
+        public override void Challenge(ChallengeContext context)
         {
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 85e74e19a5..da290cca17 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -205,21 +205,21 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge"))
                     {
-                        res.Challenge("OpenIdConnect");
+                        context.Authentication.Challenge("OpenIdConnect");
                         res.StatusCode = 401;
                     }
                     else if (req.Path == new PathString("/signin"))
                     {
                         // REVIEW: this used to just be res.SignIn()
-                        res.SignIn("OpenIdConnect", new ClaimsPrincipal());
+                        context.Authentication.SignIn("OpenIdConnect", new ClaimsPrincipal());
                     }
                     else if (req.Path == new PathString("/signout"))
                     {
-                        res.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
+                        context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
                     }
                     else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
                     {
-                        res.SignOut(
+                        context.Authentication.SignOut(
                             OpenIdConnectAuthenticationDefaults.AuthenticationScheme,
                             new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
                     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index bca10fbf44..d0b9494d19 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -54,7 +54,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 }),
                 context =>
                 {
-                    context.Response.Challenge("Twitter");
+                    context.Authentication.Challenge("Twitter");
                     return true;
                 });
             var transaction = await SendAsync(server, "http://example.com/challenge");
@@ -92,7 +92,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 }),
                 context =>
                 {
-                    context.Response.Challenge("Twitter");
+                    context.Authentication.Challenge("Twitter");
                     return true;
                 });
             var transaction = await SendAsync(server, "http://example.com/challenge");

From 1283414499f8fb642d3dcd963225b9ab2874c629 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 29 Apr 2015 15:46:47 -0700
Subject: [PATCH 220/900] React to Http.Interfaces package rename.

---
 src/Microsoft.AspNet.Authorization/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 6ebb367aa1..5b1bf44e99 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -2,7 +2,7 @@
     "version": "1.0.0-*",
     "description": "ASP.NET 5 authorization classes.",
     "dependencies": {
-        "Microsoft.AspNet.Http.Interfaces": "1.0.0-*",
+        "Microsoft.AspNet.Http.Features": "1.0.0-*",
         "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*"

From 4a5e8e5dfef8b967eb7f956ce1e4d55d3965693c Mon Sep 17 00:00:00 2001
From: Brennan <brecon@microsoft.com>
Date: Wed, 29 Apr 2015 19:09:52 -0700
Subject: [PATCH 221/900] Reacting to Logging Package rename

---
 src/Microsoft.AspNet.Authentication/project.json | 2 +-
 src/Microsoft.AspNet.Authorization/project.json  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 31f0338615..6bda0f7daa 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -5,7 +5,7 @@
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
+        "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Microsoft.Framework.WebEncoders": "1.0.0-*"
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 5b1bf44e99..71c918fc58 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 authorization classes.",
     "dependencies": {
         "Microsoft.AspNet.Http.Features": "1.0.0-*",
-        "Microsoft.Framework.Logging.Interfaces": "1.0.0-*",
+        "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },

From 5cf0564484cf5bb2a7a16e6485816d19287538e6 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Fri, 1 May 2015 14:00:05 -0700
Subject: [PATCH 222/900] Update LICENSE.txt and license header on files.

---
 LICENSE.txt                                                     | 2 +-
 .../CookieAppBuilderExtensions.cs                               | 2 +-
 .../CookieAuthenticationDefaults.cs                             | 2 +-
 .../CookieAuthenticationHandler.cs                              | 2 +-
 .../CookieAuthenticationMiddleware.cs                           | 2 +-
 .../CookieAuthenticationOptions.cs                              | 2 +-
 .../CookieSecureOption.cs                                       | 2 +-
 .../CookieServiceCollectionExtensions.cs                        | 2 +-
 .../Infrastructure/ChunkingCookieManager.cs                     | 2 +-
 .../Infrastructure/Constants.cs                                 | 2 +-
 .../Infrastructure/IAuthenticationSessionStore.cs               | 2 +-
 .../Infrastructure/ICookieManager.cs                            | 2 +-
 .../Notifications/CookieApplyRedirectContext.cs                 | 2 +-
 .../Notifications/CookieAuthenticationNotifications.cs          | 2 +-
 .../Notifications/CookieExceptionContext.cs                     | 2 +-
 .../Notifications/CookieResponseSignInContext.cs                | 2 +-
 .../Notifications/CookieResponseSignOutContext.cs               | 2 +-
 .../Notifications/CookieResponseSignedInContext.cs              | 2 +-
 .../Notifications/CookieValidateIdentityContext.cs              | 2 +-
 .../Notifications/DefaultBehavior.cs                            | 2 +-
 .../Notifications/ICookieAuthenticationNotifications.cs         | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 .../FacebookAppBuilderExtensions.cs                             | 2 +-
 .../FacebookAuthenticationDefaults.cs                           | 2 +-
 .../FacebookAuthenticationHandler.cs                            | 2 +-
 .../FacebookAuthenticationMiddleware.cs                         | 2 +-
 .../FacebookAuthenticationOptions.cs                            | 2 +-
 .../FacebookServiceCollectionExtensions.cs                      | 2 +-
 .../Notifications/FacebookAuthenticatedContext.cs               | 2 +-
 .../Notifications/FacebookAuthenticationNotifications.cs        | 2 +-
 .../Notifications/IFacebookAuthenticationNotifications.cs       | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 .../GoogleAppBuilderExtensions.cs                               | 2 +-
 .../GoogleAuthenticationDefaults.cs                             | 2 +-
 .../GoogleAuthenticationHandler.cs                              | 2 +-
 .../GoogleAuthenticationMiddleware.cs                           | 2 +-
 .../GoogleAuthenticationOptions.cs                              | 2 +-
 .../GoogleServiceCollectionExtensions.cs                        | 2 +-
 .../Notifications/GoogleAuthenticatedContext.cs                 | 2 +-
 .../Notifications/GoogleAuthenticationNotifications.cs          | 2 +-
 .../Notifications/IGoogleAuthenticationNotifications.cs         | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 .../MicrosoftAccountAppBuilderExtensions.cs                     | 2 +-
 .../MicrosoftAccountAuthenticationDefaults.cs                   | 2 +-
 .../MicrosoftAccountAuthenticationHandler.cs                    | 2 +-
 .../MicrosoftAccountAuthenticationMiddleware.cs                 | 2 +-
 .../MicrosoftAccountAuthenticationOptions.cs                    | 2 +-
 .../MicrosoftAccountServiceCollectionExtensions.cs              | 2 +-
 .../IMicrosoftAccountAuthenticationNotifications.cs             | 2 +-
 .../Notifications/MicrosoftAccountAuthenticatedContext.cs       | 2 +-
 .../MicrosoftAccountAuthenticationNotifications.cs              | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 .../Notifications/BaseValidatingContext.cs                      | 2 +-
 .../Notifications/BaseValidatingTicketContext.cs                | 2 +-
 .../Notifications/IOAuthAuthenticationNotifications.cs          | 2 +-
 .../Notifications/OAuthApplyRedirectContext.cs                  | 2 +-
 .../Notifications/OAuthAuthenticatedContext.cs                  | 2 +-
 .../Notifications/OAuthAuthenticationNotifications.cs           | 2 +-
 .../Notifications/OAuthChallengeContext.cs                      | 2 +-
 .../Notifications/OAuthGetUserInformationContext.cs             | 2 +-
 .../Notifications/OAuthRequestTokenContext.cs                   | 2 +-
 .../Notifications/OAuthReturnEndpointContext.cs                 | 2 +-
 .../OAuthAuthenticationDefaults.cs                              | 2 +-
 .../OAuthAuthenticationExtensions.cs                            | 2 +-
 .../OAuthAuthenticationHandler.cs                               | 2 +-
 .../OAuthAuthenticationMiddleware.cs                            | 2 +-
 .../OAuthAuthenticationOptions.cs                               | 2 +-
 .../OAuthAuthenticationOptions`1.cs                             | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs      | 2 +-
 .../Notifications/AuthenticationChallengeNotification.cs        | 2 +-
 .../Notifications/OAuthBearerAuthenticationNotifications.cs     | 2 +-
 .../OAuthBearerAppBuilderExtensions.cs                          | 2 +-
 .../OAuthBearerAuthenticationDefaults.cs                        | 2 +-
 .../OAuthBearerAuthenticationHandler.cs                         | 2 +-
 .../OAuthBearerAuthenticationMiddleware.cs                      | 2 +-
 .../OAuthBearerAuthenticationOptions.cs                         | 2 +-
 .../OAuthBearerServiceCollectionExtensions.cs                   | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 .../INonceCache.cs                                              | 2 +-
 .../Notifications/AuthorizationCodeReceivedNotification.cs      | 2 +-
 .../OpenIdConnectAuthenticationDefaults.cs                      | 2 +-
 .../OpenIdConnectAuthenticationExtensions.cs                    | 2 +-
 .../OpenIdConnectAuthenticationHandler.cs                       | 2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs                    | 2 +-
 .../OpenIdConnectAuthenticationNotifications.cs                 | 2 +-
 .../OpenIdConnectAuthenticationOptions.cs                       | 2 +-
 .../OpenIdConnectServiceCollectionExtensions.cs                 | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 .../Messages/AccessToken.cs                                     | 2 +-
 .../Messages/RequestToken.cs                                    | 2 +-
 .../Messages/RequestTokenSerializer.cs                          | 2 +-
 .../Messages/Serializers.cs                                     | 2 +-
 .../Notifications/ITwitterAuthenticationNotifications.cs        | 2 +-
 .../Notifications/TwitterApplyRedirectContext.cs                | 2 +-
 .../Notifications/TwitterAuthenticatedContext.cs                | 2 +-
 .../Notifications/TwitterAuthenticationNotifications.cs         | 2 +-
 .../Notifications/TwitterReturnEndpointContext.cs               | 2 +-
 .../Properties/AssemblyInfo.cs                                  | 2 +-
 .../TwitterAppBuilderExtensions.cs                              | 2 +-
 .../TwitterAuthenticationDefaults.cs                            | 2 +-
 .../TwitterAuthenticationHandler.cs                             | 2 +-
 .../TwitterAuthenticationMiddleware.cs                          | 2 +-
 .../TwitterAuthenticationOptions.cs                             | 2 +-
 .../TwitterServiceCollectionExtensions.cs                       | 2 +-
 src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs    | 2 +-
 src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs  | 2 +-
 src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs | 2 +-
 src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs    | 2 +-
 .../AuthenticationServiceCollectionExtensions.cs                | 2 +-
 src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs     | 2 +-
 .../AuthenticationTokenCreateContext.cs                         | 2 +-
 .../AuthenticationTokenProvider.cs                              | 2 +-
 .../AuthenticationTokenReceiveContext.cs                        | 2 +-
 .../CertificateSubjectKeyIdentifierValidator.cs                 | 2 +-
 .../CertificateSubjectPublicKeyInfoValidator.cs                 | 2 +-
 .../CertificateThumbprintValidator.cs                           | 2 +-
 .../ClaimsTransformationAppBuilderExtensions.cs                 | 2 +-
 .../ClaimsTransformationAuthenticationHandler.cs                | 2 +-
 .../ClaimsTransformationMiddleware.cs                           | 2 +-
 .../ClaimsTransformationOptions.cs                              | 2 +-
 src/Microsoft.AspNet.Authentication/Constants.cs                | 2 +-
 .../DataHandler/Encoder/Base64TextEncoder.cs                    | 2 +-
 .../DataHandler/Encoder/Base64UrlTextEncoder.cs                 | 2 +-
 .../DataHandler/Encoder/ITextEncoder.cs                         | 2 +-
 .../DataHandler/Encoder/TextEncodings.cs                        | 2 +-
 .../DataHandler/ISecureDataFormat.cs                            | 2 +-
 .../DataHandler/PropertiesDataFormat.cs                         | 2 +-
 .../DataHandler/SecureDataFormat.cs                             | 2 +-
 .../DataHandler/Serializer/DataSerializers.cs                   | 2 +-
 .../DataHandler/Serializer/IDataSerializer.cs                   | 2 +-
 .../DataHandler/Serializer/PropertiesSerializer.cs              | 2 +-
 .../DataHandler/Serializer/TicketSerializer.cs                  | 2 +-
 .../DataHandler/TicketDataFormat.cs                             | 2 +-
 .../ExternalAuthenticationOptions.cs                            | 2 +-
 src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs    | 2 +-
 .../IAuthenticationTokenProvider.cs                             | 2 +-
 src/Microsoft.AspNet.Authentication/ICertificateValidator.cs    | 2 +-
 src/Microsoft.AspNet.Authentication/ISystemClock.cs             | 2 +-
 .../Notifications/AuthenticationFailedNotification.cs           | 2 +-
 .../Notifications/BaseContext.cs                                | 2 +-
 .../Notifications/BaseContext`1.cs                              | 2 +-
 .../Notifications/BaseNotification.cs                           | 2 +-
 .../Notifications/EndpointContext.cs                            | 2 +-
 .../Notifications/EndpointContext`1.cs                          | 2 +-
 .../Notifications/MessageReceivedNotification.cs                | 2 +-
 .../Notifications/NotificationResultState.cs                    | 2 +-
 .../Notifications/RedirectFromIdentityProviderNotification.cs   | 2 +-
 .../Notifications/RedirectToIdentityProviderNotification.cs     | 2 +-
 .../Notifications/ReturnEndpointContext.cs                      | 2 +-
 .../Notifications/SecurityTokenReceivedNotification.cs          | 2 +-
 .../Notifications/SecurityTokenValidatedNotification.cs         | 2 +-
 src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs  | 2 +-
 src/Microsoft.AspNet.Authentication/SecurityHelper.cs           | 2 +-
 .../SubjectPublicKeyInfoAlgorithm.cs                            | 2 +-
 src/Microsoft.AspNet.Authentication/SystemClock.cs              | 2 +-
 src/Microsoft.AspNet.Authentication/Win32.cs                    | 2 +-
 src/Microsoft.AspNet.Authorization/AuthorizationContext.cs      | 2 +-
 src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs      | 2 +-
 src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs      | 2 +-
 src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs       | 2 +-
 .../AuthorizationPolicyBuilder.cs                               | 2 +-
 .../AuthorizationServiceExtensions.cs                           | 2 +-
 src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs        | 2 +-
 .../ClaimsAuthorizationHandler.cs                               | 2 +-
 .../ClaimsAuthorizationRequirement.cs                           | 2 +-
 .../DefaultAuthorizationService.cs                              | 2 +-
 .../DenyAnonymousAuthorizationHandler.cs                        | 2 +-
 .../DenyAnonymousAuthorizationRequirement.cs                    | 2 +-
 src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs     | 2 +-
 src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs | 2 +-
 src/Microsoft.AspNet.Authorization/IAuthorizationService.cs     | 2 +-
 .../OperationAuthorizationRequirement.cs                        | 2 +-
 .../PassThroughAuthorizationHandler.cs                          | 2 +-
 src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs   | 2 +-
 .../ServiceCollectionExtensions.cs                              | 2 +-
 .../AuthenticationHandlerFacts.cs                               | 2 +-
 .../CertificateSubjectKeyIdentifierValidatorTests.cs            | 2 +-
 .../CertificateSubjectPublicKeyInfoValidatorTests.cs            | 2 +-
 .../CertificateThumbprintValidatorTests.cs                      | 2 +-
 .../Cookies/CookieMiddlewareTests.cs                            | 2 +-
 .../Cookies/Infrastructure/CookieChunkingTests.cs               | 2 +-
 .../DataHandler/Encoder/Base64UrlTextEncoderTests.cs            | 2 +-
 .../Facebook/FacebookMiddlewareTests.cs                         | 2 +-
 .../Google/GoogleMiddlewareTests.cs                             | 2 +-
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs         | 2 +-
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs                   | 2 +-
 .../OpenIdConnect/OpenIdConnectHandlerTests.cs                  | 2 +-
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs               | 2 +-
 .../OpenIdConnect/TestUtilities.cs                              | 2 +-
 .../Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs | 2 +-
 test/Microsoft.AspNet.Authentication.Test/TestClock.cs          | 2 +-
 .../Twitter/TwitterMiddlewareTests.cs                           | 2 +-
 .../AuthorizationPolicyFacts.cs                                 | 2 +-
 .../DefaultAuthorizationServiceTests.cs                         | 2 +-
 195 files changed, 195 insertions(+), 195 deletions(-)

diff --git a/LICENSE.txt b/LICENSE.txt
index d85a1524ad..0bdc1962b6 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,4 +1,4 @@
-Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+Copyright (c) .NET Foundation. All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 these files except in compliance with the License. You may obtain a copy of the
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 3af76b243e..d865dc4ce6 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
index d02b337f30..95981a0f0a 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Diagnostics.CodeAnalysis;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 5e1acbcb16..2e71d1c0e6 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 2c77439320..70cafe854d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index c2fc4c3a71..966858fa69 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs
index c8309612b8..83d34d0aec 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index af6d4d3773..256844abd8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
index 30af0b43d3..62ab42dd28 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
index b3c3bb3a71..6865cea0f9 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
index 6a6fa574b8..6b2886d0ac 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
index 966d3f9352..cffde3869f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
index 877e9c5ea9..cc6364817a 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
index f4c29dca4a..dc287484a4 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
index 852e90b68f..0d51f95d44 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
index bf448a8ddf..e9d7b10590 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
index 4ba06bad37..28dce3cdf3 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
index ec0c3b876d..df88fef98c 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
index f9574bf801..ec795c4688 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
index 0e0ed537c7..77d537710b 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index 0ede97ce6c..3364207af5 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 0758d43acd..24e1e0726c 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
index 92b56413a6..54d48cbc51 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.Facebook
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index 3f5766e50c..aa306d683a 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index 4fa9224c9a..ad10432c51 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
index 119bd25b89..c7ba48aab4 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
index 1550a6cd8a..771197b500 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
index 084b273479..321b78f8b5 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
index b89ad5c3be..acee5b54e6 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
index 247715f930..aff7de6eeb 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index dc73a16669..e00dcffddf 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
index 3c163c1115..88aa4f1f16 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.Google
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
index c30e70526f..b54f657be5 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index 3f0bd745d7..2921b6b211 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
index 30446b3b57..1dab084f04 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
index 6928c48fc9..bb7ce223c6 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
index a18ba2040c..915b804361 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
index 27d24e3cd4..51269aeffa 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
index e9f7c492e5..30ce697787 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index a404845c87..b7c1d0ca9a 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
index 22ca51751b..d42368cdc7 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index 5696ce16ad..4ecaabab6d 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Net.Http;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 06001f1830..3626646294 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Authentication.OAuth;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
index f97f84b943..0212b6e7db 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
index 8f0de07558..556b1fb878 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
index f96040925b..d9647e4cdf 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
index ed55b4de38..7d6a31cd22 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
index 70dc8faa51..16491a4ed2 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
index 84e8c0df45..1dec378602 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs
index f44af93283..6d088c8531 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
index 2161d70fd9..6d386d089a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
index 070e1994eb..71c61f261c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
index 7283a80c6d..d034117476 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
index a20821889f..aa6d7a8112 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
index 55dd720085..00560432db 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
index 8d2405ebfc..74d02cd58c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
index cd9294a420..8af4bf6c6e 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
index ce9ffd4eaa..222420797f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
index 90dc2b6166..a9b93d43a5 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
index 79e669d21b..3c6b3db9ae 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 21c684a68d..d9c2183443 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 3188a1bd90..e4357a68a6 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index bd9ab43b06..bfbea1e29d 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
index 2a37062d3e..aa989dfe5c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.OAuth
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs b/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
index 4acc2d6e06..5bcb80ad8c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Newtonsoft.Json.Linq;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
index 53e02673c1..a3bc8af031 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
index 3c87d520a9..648ff036d3 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
index 06be463906..f50b2a401a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
index e16483ef00..2dc1797e96 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index 745c36f0ff..c88d456043 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 1bde86c83a..ed1242b95b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index 9bbc6300c5..00cc96c7a7 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
index 1b1bce8146..51080737b2 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
index a56117560c..8dc39aa9d8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
index 167f7f8dd9..740a0e63c6 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
index cecc57a74e..763ef11d36 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
index 4ced947e2f..c4a1961f10 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 3ea2a4578d..cc132e9bb0 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 70e45d0c2d..9353f385c4 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
index a4f15d6e9f..11c8c9ccc2 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 4a306c7311..b89699b14f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
index 2e55b96fa4..8d2e9e3554 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
index 2c3351453a..f723da7426 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.Twitter.Messages
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
index 51c5c08e4c..963ad1d7dc 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index 6305f52bd8..21ef478a8e 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Diagnostics.CodeAnalysis;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
index 749abaa3fd..b40ac22c12 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Authentication.DataHandler.Serializer;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
index 3bf685ec33..19fe1b1ccb 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
index ffac976805..2186644ed8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
index 9055c809d0..9cf3b085c7 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
index 492dbb7f63..5b7f7948d8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
index a4eb87eede..6d71bc95fe 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index e0d0e0cf78..04e36058f0 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
index aa1faa20fb..9b7d8c0fac 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authentication.Twitter
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index e487f76982..cd09a14165 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index c1d2661635..bcf3c4d878 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index a3179c3867..4768f59b50 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
index f34d22945e..090b237dcc 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 22bc9eb36b..674fec16ad 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
index 1c59b3573d..edc127e266 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index a70927f504..7cfd6138ff 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
index c91a5bddf6..b1c2bc263a 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index 705ae6227e..0b6cfdb9f5 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
index c7fb43f9a9..e72385d879 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
index 1045d477fb..ae0548f763 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
index 7d090346fc..9483538c6f 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
index df309ca063..ec0c38b209 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
index 5dd663ec71..3e19a3e686 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 #if DNX451
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
index 3c04ca9d81..0ea177d64a 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 #if DNX451
diff --git a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
index 4392108f29..6befa1ea42 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 #if DNX451
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index 79ecb38882..ae1e4d97ad 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
index 5839d4d4e5..69563a8dea 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index cf3a58b792..a8022d576a 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
index f8c4a3ed32..1eb76c82ac 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/Constants.cs b/src/Microsoft.AspNet.Authentication/Constants.cs
index da3a23daab..e6b0d7b43e 100644
--- a/src/Microsoft.AspNet.Authentication/Constants.cs
+++ b/src/Microsoft.AspNet.Authentication/Constants.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
index 0a40564502..073795f260 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
index 41cb10abd2..723736973d 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
index aeb577ec06..953fb62329 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
index 1b59cec5ce..5e6bbde93b 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
index 2e3f24e841..e9587de000 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
index 1472dd427b..127554ad8e 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.DataProtection;
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
index b7e240768b..6221e498ab 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
index fd8e45fc8f..0c185a9b2f 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
index dc78d8c467..d6cfd18b20 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
index ccfba6456b..5120219ffa 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
index 40d80c28d4..71c8b58565 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
index 922f5c8c08..6dd719aecc 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.DataProtection;
diff --git a/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
index a80b80b83f..19bd05fa92 100644
--- a/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
index 65f7bcc101..eaa53c1b36 100644
--- a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
index d0c2bf34cc..3315fa21f1 100644
--- a/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
+++ b/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs b/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
index 6cb2c4d6d4..4e8c2d41e0 100644
--- a/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 #if DNX451
diff --git a/src/Microsoft.AspNet.Authentication/ISystemClock.cs b/src/Microsoft.AspNet.Authentication/ISystemClock.cs
index 4748fb63ea..dedb6d36af 100644
--- a/src/Microsoft.AspNet.Authentication/ISystemClock.cs
+++ b/src/Microsoft.AspNet.Authentication/ISystemClock.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
index 16aa157517..4f912dc1cd 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
index 11f65199cb..4215020dca 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
index 184adfb3b0..b124fa7178 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
index 1563dbb07e..50b626d1ad 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
index 1671316d11..096de20eef 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
index dde3a4fbb4..f7a9a1e97e 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
index 08f6521c07..32df87bab8 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs b/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
index 993aa76186..7434ebd82b 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
index f883baf7da..970d9d718b 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
index 1c069b4e22..a4b2d979e9 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
index 344c56cccb..ac4fa7b3c7 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
index f7a0424447..a0208b8b33 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
index aad6d7e3a1..82c641ca11 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
index cb1b1fe1c4..ea7234b209 100644
--- a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs b/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
index 921abb9533..fa5704f345 100644
--- a/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
+++ b/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/SystemClock.cs b/src/Microsoft.AspNet.Authentication/SystemClock.cs
index 11c30564f8..405b8afa26 100644
--- a/src/Microsoft.AspNet.Authentication/SystemClock.cs
+++ b/src/Microsoft.AspNet.Authentication/SystemClock.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authentication/Win32.cs b/src/Microsoft.AspNet.Authentication/Win32.cs
index fe817e92d5..0e757e42a6 100644
--- a/src/Microsoft.AspNet.Authentication/Win32.cs
+++ b/src/Microsoft.AspNet.Authentication/Win32.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
index 8b051fcdc0..b117f8851d 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
index c05b55b9ce..b682e43ffd 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Linq;
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
index d23a0effe2..17d879329b 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 02769a8dd5..3cc52abe5d 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index 976d997cc2..128545032c 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
index 03f112b738..298a2f0818 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Linq;
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
index 15db20dbfd..42d757d8e6 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
index 608b149363..fed436ad45 100644
--- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
index d13c9ecc95..b8994b8b7a 100644
--- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index c6e57eb549..abc8662769 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
index 0f6cb3def2..3c1c872b39 100644
--- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Linq;
diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
index ecbee9b903..fce23a3dc8 100644
--- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Authorization;
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
index bcd0cdc2ba..b4366a6f51 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs
index 5aeef262e9..19857b618e 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authorization
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
index 89215c7aaf..dedfcc37c4 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
diff --git a/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
index 64cd198ebc..13732d0196 100644
--- a/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Authorization
diff --git a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
index 3ae506b2dc..93107cc6bd 100644
--- a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Linq;
diff --git a/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
index f5c6f4a83a..025a94598c 100644
--- a/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 467b36aff4..4deced289f 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index f5428f1a36..c858dee280 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
index f52e6f4aee..a0df4a419e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
index 13b9a900a0..366e2f3b56 100644
--- a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
index 145e883dc2..30537c51de 100644
--- a/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index aa13043976..d35978aeea 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index a8e437cd75..7c94ecadf8 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
index 8183f38798..a345241d2c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Shouldly;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 2cde6c7678..4977a9923a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 08917a6748..f44d4d3e73 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 60230224b6..1382fc6401 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index 4d589a43c8..7ae0db82b8 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 1134c7300c..73350e6198 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 // this controls if the logs are written to the console.
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index da290cca17..32aa028f03 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
index abb5b85383..3f18ee6b94 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.IdentityModel.Protocols;
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
index 1b47c81f87..01315805da 100644
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
diff --git a/test/Microsoft.AspNet.Authentication.Test/TestClock.cs b/test/Microsoft.AspNet.Authentication.Test/TestClock.cs
index 1b7dd1be85..20495125d4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/TestClock.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/TestClock.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index d0b9494d19..0ad84b7f10 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index eae8502ae5..535e8d5278 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Linq;
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 752d2383be..4c26f10b3b 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;

From 6e7ec9b2fb6e7c1c991056f8ed6eb77627c3fa0a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 1 May 2015 17:00:06 -0700
Subject: [PATCH 223/900] Cleanup cookies (moar var)

---
 .../CookieAuthenticationHandler.cs            | 49 +++++++++----------
 .../CookieApplyRedirectContext.cs             |  1 -
 .../CookieAuthenticationNotifications.cs      |  3 +-
 .../CookieResponseSignInContext.cs            |  1 -
 .../CookieResponseSignOutContext.cs           |  1 -
 .../Notifications/DefaultBehavior.cs          |  6 +--
 6 files changed, 28 insertions(+), 33 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 2e71d1c0e6..cc1dc91685 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -8,7 +8,6 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication.Cookies
@@ -37,7 +36,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             AuthenticationTicket ticket = null;
             try
             {
-                string cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
+                var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
                 if (string.IsNullOrWhiteSpace(cookie))
                 {
                     return null;
@@ -53,7 +52,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 if (Options.SessionStore != null)
                 {
-                    Claim claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
+                    var claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
                     if (claim == null)
                     {
                         Logger.LogWarning(@"SessionId missing");
@@ -68,9 +67,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     }
                 }
 
-                DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
-                DateTimeOffset? issuedUtc = ticket.Properties.IssuedUtc;
-                DateTimeOffset? expiresUtc = ticket.Properties.ExpiresUtc;
+                var currentUtc = Options.SystemClock.UtcNow;
+                var issuedUtc = ticket.Properties.IssuedUtc;
+                var expiresUtc = ticket.Properties.ExpiresUtc;
 
                 if (expiresUtc != null && expiresUtc.Value < currentUtc)
                 {
@@ -81,17 +80,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     return null;
                 }
 
-                bool allowRefresh = ticket.Properties.AllowRefresh ?? true;
+                var allowRefresh = ticket.Properties.AllowRefresh ?? true;
                 if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration && allowRefresh)
                 {
-                    TimeSpan timeElapsed = currentUtc.Subtract(issuedUtc.Value);
-                    TimeSpan timeRemaining = expiresUtc.Value.Subtract(currentUtc);
+                    var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
+                    var timeRemaining = expiresUtc.Value.Subtract(currentUtc);
 
                     if (timeRemaining < timeElapsed)
                     {
                         _shouldRenew = true;
                         _renewIssuedUtc = currentUtc;
-                        TimeSpan timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
+                        var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
                         _renewExpiresUtc = currentUtc.Add(timeSpan);
                     }
                 }
@@ -104,7 +103,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             catch (Exception exception)
             {
-                CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
+                var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.Authenticate, exception, ticket);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
@@ -123,16 +122,16 @@ namespace Microsoft.AspNet.Authentication.Cookies
         protected override async Task ApplyResponseGrantAsync()
         {
             var signin = SignInContext;
-            bool shouldSignin = signin != null;
+            var shouldSignin = signin != null;
             var signout = SignOutContext;
-            bool shouldSignout = signout != null;
+            var shouldSignout = signout != null;
 
             if (!(shouldSignin || shouldSignout || _shouldRenew))
             {
                 return;
             }
 
-            AuthenticationTicket model = await AuthenticateAsync();
+            var model = await AuthenticateAsync();
             try
             {
                 var cookieOptions = new CookieOptions
@@ -180,7 +179,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                     if (signInContext.Properties.IsPersistent)
                     {
-                        DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
+                        var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
                         signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
                     }
 
@@ -198,7 +197,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                                 Options.AuthenticationScheme));
                         model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                     }
-                    string cookieValue = Options.TicketDataFormat.Protect(model);
+                    var cookieValue = Options.TicketDataFormat.Protect(model);
 
                     Options.CookieManager.AppendResponseCookie(
                         Context,
@@ -249,7 +248,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                     }
 
-                    string cookieValue = Options.TicketDataFormat.Protect(model);
+                    var cookieValue = Options.TicketDataFormat.Protect(model);
 
                     if (model.Properties.IsPersistent)
                     {
@@ -275,13 +274,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     HeaderNameExpires,
                     HeaderValueMinusOne);
 
-                bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
-                bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
+                var shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
+                var shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
 
                 if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
                 {
-                    IReadableStringCollection query = Request.Query;
-                    string redirectUri = query.Get(Options.ReturnUrlParameter);
+                    var query = Request.Query;
+                    var redirectUri = query.Get(Options.ReturnUrlParameter);
                     if (!string.IsNullOrWhiteSpace(redirectUri)
                         && IsHostRelative(redirectUri))
                     {
@@ -292,7 +291,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             catch (Exception exception)
             {
-                CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
+                var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
@@ -363,7 +362,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return;
             }
 
-            string loginUri = string.Empty;
+            var loginUri = string.Empty;
             if (ChallengeContext != null)
             {
                 loginUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
@@ -373,7 +372,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 if (string.IsNullOrWhiteSpace(loginUri))
                 {
-                    string currentUri =
+                    var currentUri =
                         Request.PathBase +
                         Request.Path +
                         Request.QueryString;
@@ -392,7 +391,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             catch (Exception exception)
             {
-                CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
+                var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.ApplyResponseChallenge, exception, ticket: null);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
index cc6364817a..9083ed817c 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Notifications;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
index dc287484a4..0c875b2083 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 using System.Threading.Tasks;
 
@@ -112,4 +111,4 @@ namespace Microsoft.AspNet.Authentication.Cookies
             OnException.Invoke(context);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
index e9d7b10590..f894231ae8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
index 28dce3cdf3..260a31ad9f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Notifications;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
index 77d537710b..9807bbdf4f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
@@ -14,7 +14,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         {
             if (IsAjaxRequest(context.Request))
             {
-                string jsonResponse = JsonConvert.SerializeObject(new
+                var jsonResponse = JsonConvert.SerializeObject(new
                 {
                     status = context.Response.StatusCode,
                     headers = new
@@ -34,7 +34,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private static bool IsAjaxRequest(HttpRequest request)
         {
-            IReadableStringCollection query = request.Query;
+            var query = request.Query;
             if (query != null)
             {
                 if (query["X-Requested-With"] == "XMLHttpRequest")
@@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 }
             }
 
-            IHeaderDictionary headers = request.Headers;
+            var headers = request.Headers;
             if (headers != null)
             {
                 if (headers["X-Requested-With"] == "XMLHttpRequest")

From f864244124560ff90d3f138add02456f72d5925e Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 5 May 2015 09:52:15 -0700
Subject: [PATCH 224/900] #242 Remove diagnostics sample dependency.

---
 samples/SocialSample/Startup.cs   | 2 --
 samples/SocialSample/project.json | 1 -
 2 files changed, 3 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index f552ceea3c..22c0e44a0a 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -37,8 +37,6 @@ namespace CookieSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseErrorPage();
-
             app.UseCookieAuthentication(options =>
             {
                 options.AutomaticAuthentication = true;
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index ccaf0a439b..020f08b1bb 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -6,7 +6,6 @@
         "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Diagnostics": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Logging.Console": "1.0.0-*",

From ce48c1fc7dabe0315b18eda378586ec169542b9c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 5 May 2015 14:50:59 -0700
Subject: [PATCH 225/900] Move ClaimsIssuer to base AuthenticationOptions

Also step 1 of refactoring tests
---
 .../CookieAuthenticationHandler.cs            |   6 +-
 .../FacebookAuthenticationHandler.cs          |  19 +-
 .../GoogleAuthenticationHandler.cs            |  16 +-
 .../GoogleAuthenticationMiddleware.cs         |   1 -
 .../GoogleAuthenticationOptions.cs            |   6 +-
 .../MicrosoftAccountAuthenticationHandler.cs  |  12 +-
 .../OAuthAuthenticationMiddleware.cs          |   2 +-
 .../OAuthAuthenticationOptions.cs             |   6 -
 .../OAuthBearerAuthenticationHandler.cs       |   8 +-
 .../OAuthBearerAuthenticationMiddleware.cs    |   4 +-
 .../OAuthBearerAuthenticationOptions.cs       |   1 -
 .../TwitterAuthenticationHandler.cs           |  12 +-
 .../AuthenticationMiddleware.cs               |   6 +
 .../AuthenticationOptions.cs                  |   5 +
 .../Encoder/Base64UrlTextEncoder.cs           |   1 -
 .../SecurityHelper.cs                         |   5 +-
 .../Cookies/CookieMiddlewareTests.cs          | 129 +++++++-------
 .../Facebook/FacebookMiddlewareTests.cs       |  42 +----
 .../Google/GoogleMiddlewareTests.cs           | 167 ++++--------------
 .../MicrosoftAccountMiddlewareTests.cs        | 154 +++-------------
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |  13 +-
 .../OpenIdConnect/TestUtilities.cs            |   1 -
 .../SecurityHelperTests.cs                    |   6 +-
 .../TestExtensions.cs                         |  73 ++++++++
 .../TestHttpMessageHandler.cs                 |  24 +++
 .../Transaction.cs                            |  50 ++++++
 .../Twitter/TwitterMiddlewareTests.cs         |  50 +-----
 27 files changed, 327 insertions(+), 492 deletions(-)
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/TestHttpMessageHandler.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/Transaction.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index cc1dc91685..b002fc2d68 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -193,8 +193,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         _sessionKey = await Options.SessionStore.StoreAsync(model);
                         var principal = new ClaimsPrincipal(
                             new ClaimsIdentity(
-                                new[] { new Claim(SessionIdClaim, _sessionKey) },
-                                Options.AuthenticationScheme));
+                                new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
+                                Options.ClaimsIssuer));
                         model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                     }
                     var cookieValue = Options.TicketDataFormat.Protect(model);
@@ -243,7 +243,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         await Options.SessionStore.RenewAsync(_sessionKey, model);
                         var principal = new ClaimsPrincipal(
                             new ClaimsIdentity(
-                                new[] { new Claim(SessionIdClaim, _sessionKey) },
+                                new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
                                 Options.AuthenticationScheme));
                         model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                     }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index aa306d683a..3549eec2d2 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -13,7 +13,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Collections;
 using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.WebUtilities;
-using Microsoft.Framework.WebEncoders;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Facebook
@@ -65,34 +64,34 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
             var context = new FacebookAuthenticatedContext(Context, Options, user, tokens);
             var identity = new ClaimsIdentity(
-                Options.AuthenticationScheme,
+                Options.ClaimsIssuer,
                 ClaimsIdentity.DefaultNameClaimType,
                 ClaimsIdentity.DefaultRoleClaimType);
             if (!string.IsNullOrEmpty(context.Id))
             {
-                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationScheme));
+                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.UserName))
             {
-                identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, ClaimValueTypes.String, Options.AuthenticationScheme));
+                identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.Email))
             {
-                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationScheme));
+                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.Name))
             {
-                identity.AddClaim(new Claim("urn:facebook:name", context.Name, ClaimValueTypes.String, Options.AuthenticationScheme));
+                identity.AddClaim(new Claim("urn:facebook:name", context.Name, ClaimValueTypes.String, Options.ClaimsIssuer));
 
                 // Many Facebook accounts do not set the UserName field.  Fall back to the Name field instead.
                 if (string.IsNullOrEmpty(context.UserName))
                 {
-                    identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, ClaimValueTypes.String, Options.AuthenticationScheme));
+                    identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, ClaimValueTypes.String, Options.ClaimsIssuer));
                 }
             }
             if (!string.IsNullOrEmpty(context.Link))
             {
-                identity.AddClaim(new Claim("urn:facebook:link", context.Link, ClaimValueTypes.String, Options.AuthenticationScheme));
+                identity.AddClaim(new Claim("urn:facebook:link", context.Link, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             context.Properties = properties;
             context.Principal = new ClaimsPrincipal(identity);
@@ -104,7 +103,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
         private string GenerateAppSecretProof(string accessToken)
         {
-            using (HMACSHA256 algorithm = new HMACSHA256(Encoding.ASCII.GetBytes(Options.AppSecret)))
+            using (var algorithm = new HMACSHA256(Encoding.ASCII.GetBytes(Options.AppSecret)))
             {
                 var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
                 var builder = new StringBuilder();
@@ -124,4 +123,4 @@ namespace Microsoft.AspNet.Authentication.Facebook
             return string.Join(",", Options.Scope);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
index b54f657be5..621e77d830 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
@@ -33,39 +33,39 @@ namespace Microsoft.AspNet.Authentication.Google
 
             var context = new GoogleAuthenticatedContext(Context, Options, user, tokens);
             var identity = new ClaimsIdentity(
-                Options.AuthenticationScheme,
+                Options.ClaimsIssuer,
                 ClaimsIdentity.DefaultNameClaimType,
                 ClaimsIdentity.DefaultRoleClaimType);
 
             if (!string.IsNullOrEmpty(context.Id))
             {
                 identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id,
-                    ClaimValueTypes.String, Options.AuthenticationScheme));
+                    ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.GivenName))
             {
                 identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName,
-                    ClaimValueTypes.String, Options.AuthenticationScheme));
+                    ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.FamilyName))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName,
-                    ClaimValueTypes.String, Options.AuthenticationScheme));
+                    ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.Name))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String,
-                    Options.AuthenticationScheme));
+                    Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.Email))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String,
-                    Options.AuthenticationScheme));
+                    Options.ClaimsIssuer));
             }
             if (!string.IsNullOrEmpty(context.Profile))
             {
                 identity.AddClaim(new Claim("urn:google:profile", context.Profile, ClaimValueTypes.String,
-                    Options.AuthenticationScheme));
+                    Options.ClaimsIssuer));
             }
             context.Properties = properties;
             context.Principal = new ClaimsPrincipal(identity);
@@ -120,4 +120,4 @@ namespace Microsoft.AspNet.Authentication.Google
             queryStrings[name] = value;
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index 2921b6b211..db7a3c9881 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
index 1dab084f04..e65b800eda 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
@@ -1,12 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Net.Http;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index 4ecaabab6d..31484f9985 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -32,18 +32,18 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             var identity = new ClaimsIdentity(
                 new[]
                     {
-                        new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationScheme),
-                        new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String, Options.AuthenticationScheme),
-                        new Claim("urn:microsoftaccount:id", context.Id, ClaimValueTypes.String, Options.AuthenticationScheme),
-                        new Claim("urn:microsoftaccount:name", context.Name, ClaimValueTypes.String, Options.AuthenticationScheme)
+                        new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.ClaimsIssuer),
+                        new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String, Options.ClaimsIssuer),
+                        new Claim("urn:microsoftaccount:id", context.Id, ClaimValueTypes.String, Options.ClaimsIssuer),
+                        new Claim("urn:microsoftaccount:name", context.Name, ClaimValueTypes.String, Options.ClaimsIssuer)
                     },
-                Options.AuthenticationScheme,
+                Options.ClaimsIssuer,
                 ClaimsIdentity.DefaultNameClaimType,
                 ClaimsIdentity.DefaultRoleClaimType);
 
             if (!string.IsNullOrWhiteSpace(context.Email))
             {
-                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.AuthenticationScheme));
+                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
             context.Principal = new ClaimsPrincipal(identity);
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index e4357a68a6..70d4544a25 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -69,7 +69,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
-                    this.GetType().FullName, Options.AuthenticationScheme, "v1");
+                    GetType().FullName, Options.AuthenticationScheme, "v1");
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index bfbea1e29d..62296c4a96 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Net.Http;
-using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
@@ -106,11 +105,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         public string SignInScheme { get; set; }
 
-        /// <summary>
-        /// Gets or sets the issuer that should be used for any claims that are created
-        /// </summary>
-        public string ClaimsIssuer { get; set; }
-
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index c88d456043..b088519509 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -79,7 +79,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
 
                 // notify user token was received
                 var securityTokenReceivedNotification =
-                new SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                    new SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = Context,
                     SecurityToken = token,
@@ -110,7 +110,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     }
                     else
                     {
-                        IEnumerable<string> issuers = new[] { _configuration.Issuer };
+                        var issuers = new[] { _configuration.Issuer };
                         validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers));
                     }
 
@@ -122,8 +122,8 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 {
                     if (validator.CanReadToken(token))
                     {
-                        ClaimsPrincipal principal = validator.ValidateToken(token, validationParameters, out validatedToken);
-                        AuthenticationTicket ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
+                        var principal = validator.ValidateToken(token, validationParameters, out validatedToken);
+                        var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
                         var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
                         {
                             ProtocolMessage = Context,
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index ed1242b95b..c76071b6ab 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -23,8 +23,6 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
     /// </summary>
     public class OAuthBearerAuthenticationMiddleware : AuthenticationMiddleware<OAuthBearerAuthenticationOptions>
     {
-        private readonly ILogger _logger;
-
         /// <summary>
         /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
         /// called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication 
@@ -72,7 +70,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                         Options.MetadataAddress += ".well-known/openid-configuration";
                     }
 
-                    HttpClient httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+                    var httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
                     httpClient.Timeout = Options.BackchannelTimeout;
                     httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index 00cc96c7a7..e520406875 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -5,7 +5,6 @@ using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
-using Microsoft.AspNet.Authentication;
 using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index cd09a14165..61ff95e2f4 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -78,7 +78,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                string oauthVerifier = query.Get("oauth_verifier");
+                var oauthVerifier = query.Get("oauth_verifier");
                 if (string.IsNullOrWhiteSpace(oauthVerifier))
                 {
                     Logger.LogWarning("Missing or blank oauth_verifier");
@@ -93,12 +93,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     new ClaimsIdentity(
                         new[]
                         {
-                            new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme),
-                            new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme),
-                            new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme),
-                            new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationScheme)
+                            new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer),
+                            new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer),
+                            new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer),
+                            new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer)
                         },
-                        Options.AuthenticationScheme,
+                        Options.ClaimsIssuer,
                         ClaimsIdentity.DefaultNameClaimType,
                         ClaimsIdentity.DefaultRoleClaimType));
                 context.Properties = requestToken.Properties;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index 7cfd6138ff..188f903c49 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -35,6 +35,12 @@ namespace Microsoft.AspNet.Authentication
             Logger = loggerFactory.CreateLogger(this.GetType().FullName);
             UrlEncoder = encoder;
 
+            if (string.IsNullOrEmpty(Options.ClaimsIssuer))
+            {
+                // Default to something reasonable
+                Options.ClaimsIssuer = Options.AuthenticationScheme;
+            }
+
             _next = next;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
index b1c2bc263a..54f8a7a352 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
@@ -33,6 +33,11 @@ namespace Microsoft.AspNet.Authentication
         /// </summary>
         public bool AutomaticAuthentication { get; set; }
 
+        /// <summary>
+        /// Gets or sets the issuer that should be used for any claims that are created
+        /// </summary>
+        public string ClaimsIssuer { get; set; }
+
         /// <summary>
         /// Additional information about the authentication type which is made available to the application.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
index 723736973d..28d74196fa 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 using Microsoft.Framework.Internal;
 
diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
index ea7234b209..617fe14a16 100644
--- a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
@@ -1,9 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
@@ -21,7 +18,7 @@ namespace Microsoft.AspNet.Authentication
         /// <param name="identity"></param>
         public static void AddUserPrincipal([NotNull] HttpContext context, [NotNull] ClaimsPrincipal principal)
         {
-            ClaimsPrincipal existingPrincipal = context.User;
+            var existingPrincipal = context.User;
             if (existingPrincipal != null)
             {
                 foreach (var existingClaimsIdentity in existingPrincipal.Identities)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index d35978aeea..c368365329 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -27,10 +27,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task NormalRequestPassesThrough()
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
             });
-            HttpResponseMessage response = await server.CreateClient().GetAsync("http://example.com/normal");
+            var response = await server.CreateClient().GetAsync("http://example.com/normal");
             response.StatusCode.ShouldBe(HttpStatusCode.OK);
         }
 
@@ -39,13 +39,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [InlineData(false)]
         public async Task ProtectedRequestShouldRedirectToLoginOnlyWhenAutomatic(bool auto)
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.AutomaticAuthentication = auto;
             });
 
-            Transaction transaction = await SendAsync(server, "http://example.com/protected");
+            var transaction = await SendAsync(server, "http://example.com/protected");
 
             transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized);
             if (auto)
@@ -61,13 +61,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [InlineData(false)]
         public async Task ProtectedCustomRequestShouldRedirectToCustomLogin(bool auto)
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.AutomaticAuthentication = auto;
             });
 
-            Transaction transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
+            var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
             transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized);
             if (auto)
@@ -102,15 +102,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task SignInCausesDefaultCookieToBeCreated()
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.CookieName = "TestCookie";
             }, SignInAsAlice);
 
-            Transaction transaction = await SendAsync(server, "http://example.com/testpath");
+            var transaction = await SendAsync(server, "http://example.com/testpath");
 
-            string setCookie = transaction.SetCookie;
+            var setCookie = transaction.SetCookie;
             setCookie.ShouldStartWith("TestCookie=");
             setCookie.ShouldContain("; path=/");
             setCookie.ShouldContain("; HttpOnly");
@@ -122,7 +122,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task SignInWrongAuthTypeThrows()
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.CookieName = "TestCookie";
@@ -134,7 +134,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task SignOutWrongAuthTypeThrows()
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.CookieName = "TestCookie";
@@ -155,15 +155,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
             string requestUri,
             bool shouldBeSecureOnly)
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.CookieName = "TestCookie";
                 options.CookieSecure = cookieSecureOption;
             }, SignInAsAlice);
 
-            Transaction transaction = await SendAsync(server, requestUri);
-            string setCookie = transaction.SetCookie;
+            var transaction = await SendAsync(server, requestUri);
+            var setCookie = transaction.SetCookie;
 
             if (shouldBeSecureOnly)
             {
@@ -187,9 +187,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 options.CookieHttpOnly = true;
             }, SignInAsAlice, new Uri("http://example.com/base"));
 
-            Transaction transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
+            var transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
 
-            string setCookie1 = transaction1.SetCookie;
+            var setCookie1 = transaction1.SetCookie;
 
             setCookie1.ShouldContain("TestCookie=");
             setCookie1.ShouldContain(" path=/foo");
@@ -197,16 +197,16 @@ namespace Microsoft.AspNet.Authentication.Cookies
             setCookie1.ShouldContain(" secure");
             setCookie1.ShouldContain(" HttpOnly");
 
-            TestServer server2 = CreateServer(options =>
+            var server2 = CreateServer(options =>
             {
                 options.CookieName = "SecondCookie";
                 options.CookieSecure = CookieSecureOption.Never;
                 options.CookieHttpOnly = false;
             }, SignInAsAlice, new Uri("http://example.com/base"));
 
-            Transaction transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
+            var transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
 
-            string setCookie2 = transaction2.SetCookie;
+            var setCookie2 = transaction2.SetCookie;
 
             setCookie2.ShouldContain("SecondCookie=");
             setCookie2.ShouldContain(" path=/base");
@@ -219,14 +219,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieContainsIdentity()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
             }, SignInAsAlice);
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
         }
@@ -235,7 +235,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieAppliesClaimsTransform()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
             }, 
@@ -253,9 +253,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return p;
             }));
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
             FindClaimValue(transaction2, "xform").ShouldBe("yup");
@@ -266,24 +266,24 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieStopsWorkingAfterExpiration()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 options.SlidingExpiration = false;
             }, SignInAsAlice);
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(7));
 
-            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(7));
 
-            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             transaction2.SetCookie.ShouldBe(null);
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
@@ -297,7 +297,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieExpirationCanBeOverridenInSignin()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
@@ -311,17 +311,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     return Task.FromResult<object>(null);
             });
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(3));
 
-            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(3));
 
-            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             transaction2.SetCookie.ShouldBe(null);
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
@@ -335,7 +335,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieExpirationCanBeOverridenInEvent()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
@@ -349,17 +349,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 };
             }, SignInAsAlice);
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(3));
 
-            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(3));
 
-            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             transaction2.SetCookie.ShouldBe(null);
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
@@ -373,25 +373,25 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieIsRenewedWithSlidingExpiration()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 options.SlidingExpiration = true;
             }, SignInAsAlice);
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(4));
 
-            Transaction transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(4));
 
             // transaction4 should arrive with a new SetCookie value
-            Transaction transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
             clock.Add(TimeSpan.FromMinutes(4));
 
@@ -410,13 +410,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task AjaxRedirectsAsExtraHeaderOnTwoHundred()
         {
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.AutomaticAuthentication = true;
             });
 
-            Transaction transaction = await SendAsync(server, "http://example.com/protected", ajaxRequest: true);
+            var transaction = await SendAsync(server, "http://example.com/protected", ajaxRequest: true);
 
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
             var responded = transaction.Response.Headers.GetValues("X-Responded-JSON");
@@ -429,9 +429,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieUsesPathBaseByDefault()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
-            {
-            },
+            var server = CreateServer(options => { },
             context =>
             {
                 Assert.Equal(new PathString("/base"), context.Request.PathBase);
@@ -441,7 +439,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             },
             new Uri("http://example.com/base"));
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/base/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/base/testpath");
             Assert.True(transaction1.SetCookie.Contains("path=/base"));
         }
 
@@ -449,15 +447,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieTurns401To403IfAuthenticated()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
             }, 
             SignInAsAlice);
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
 
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
         }
@@ -466,20 +464,20 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieTurns401ToAccessDeniedWhenSetAndIfAuthenticated()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
                 options.AccessDeniedPath = new PathString("/accessdenied");
             },
             SignInAsAlice);
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
 
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
 
-            Uri location = transaction2.Response.Headers.Location;
+            var location = transaction2.Response.Headers.Location;
             location.LocalPath.ShouldBe("/accessdenied");
         }
 
@@ -487,21 +485,21 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieDoesNothingTo401IfNotAuthenticated()
         {
             var clock = new TestClock();
-            TestServer server = CreateServer(options =>
+            var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
             });
 
-            Transaction transaction1 = await SendAsync(server, "http://example.com/testpath");
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            Transaction transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
 
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
         }
 
         private static string FindClaimValue(Transaction transaction, string claimType)
         {
-            XElement claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+            var claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
             if (claim == null)
             {
                 return null;
@@ -514,9 +512,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var request = new HttpRequestMessage(HttpMethod.Get, url);
             request.Headers.Add("Cookie", cookie);
 
-            HttpResponseMessage response2 = await server.CreateClient().SendAsync(request);
-            string text = await response2.Content.ReadAsStringAsync();
-            XElement me = XElement.Parse(text);
+            var response2 = await server.CreateClient().SendAsync(request);
+            var text = await response2.Content.ReadAsStringAsync();
+            var me = XElement.Parse(text);
             return me;
         }
 
@@ -525,6 +523,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var server = TestServer.Create(app =>
             {
                 app.UseCookieAuthentication(configureOptions);
+
                 if (claimsTransform != null)
                 {
                     app.UseClaimsTransformation();
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 4977a9923a..6279c0a8ea 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -2,10 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Net;
-using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
@@ -29,8 +26,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 services =>
                 {
-                    services.AddWebEncoders();
-                    services.AddDataProtection();
+                    services.AddAuthentication();
                     services.ConfigureFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
@@ -58,7 +54,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     context.Authentication.Challenge("Facebook");
                     return true;
                 });
-            var transaction = await SendAsync(server, "http://example.com/challenge");
+            var transaction = await server.SendAsync("http://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
             query.ShouldContain("custom=test");
@@ -75,8 +71,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 services =>
                 {
-                    services.AddWebEncoders();
-                    services.AddDataProtection();
+                    services.AddAuthentication();
                     services.ConfigureFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
@@ -96,7 +91,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     context.Authentication.Challenge("Facebook");
                     return true;
                 });
-            var transaction = await SendAsync(server, "http://example.com/challenge");
+            var transaction = await server.SendAsync("http://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
             location.ShouldContain("https://www.facebook.com/v2.2/dialog/oauth");
@@ -125,34 +120,5 @@ namespace Microsoft.AspNet.Authentication.Facebook
             },
             configureServices);
         }
-
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (!string.IsNullOrEmpty(cookieHeader))
-            {
-                request.Headers.Add("Cookie", cookieHeader);
-            }
-            var transaction = new Transaction
-            {
-                Request = request,
-                Response = await server.CreateClient().SendAsync(request),
-            };
-            if (transaction.Response.Headers.Contains("Set-Cookie"))
-            {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
-            }
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
-
-            return transaction;
-        }
-
-        private class Transaction
-        {
-            public HttpRequestMessage Request { get; set; }
-            public HttpResponseMessage Response { get; set; }
-            public IList<string> SetCookie { get; set; }
-            public string ResponseText { get; set; }
-        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index f44d4d3e73..7e1dc417b1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -2,16 +2,12 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
-using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
-using System.Xml;
-using System.Xml.Linq;
 using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
@@ -28,8 +24,6 @@ namespace Microsoft.AspNet.Authentication.Google
 {
     public class GoogleMiddlewareTests
     {
-        private const string CookieAuthenticationScheme = "Cookie";
-
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
@@ -38,7 +32,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
+            var transaction = await server.SendAsync("https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location.ToString();
             location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
@@ -61,7 +55,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
                 options.AutomaticAuthentication = true;
             });
-            var transaction = await SendAsync(server, "https://example.com/401");
+            var transaction = await server.SendAsync("https://example.com/401");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location.ToString();
             location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
@@ -79,7 +73,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
+            var transaction = await server.SendAsync("https://example.com/challenge");
             Console.WriteLine(transaction.SetCookie);
             transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
         }
@@ -93,7 +87,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
                 options.AutomaticAuthentication = true;
             });
-            var transaction = await SendAsync(server, "https://example.com/401");
+            var transaction = await server.SendAsync("https://example.com/401");
             Console.WriteLine(transaction.SetCookie);
             transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
         }
@@ -106,7 +100,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
+            var transaction = await server.SendAsync("https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
             query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"));
@@ -121,7 +115,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
                 options.AutomaticAuthentication = true;
             });
-            var transaction = await SendAsync(server, "https://example.com/401");
+            var transaction = await server.SendAsync("https://example.com/401");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
             query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"));
@@ -155,7 +149,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
                     return Task.FromResult<object>(null);
                 });
-            var transaction = await SendAsync(server, "https://example.com/challenge2");
+            var transaction = await server.SendAsync("https://example.com/challenge2");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
             query.ShouldContain("scope=" + UrlEncoder.Default.UrlEncode("https://www.googleapis.com/auth/plus.login"));
@@ -179,7 +173,7 @@ namespace Microsoft.AspNet.Authentication.Google
                         }
                 };
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
+            var transaction = await server.SendAsync("https://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
             query.ShouldContain("custom=test");
@@ -222,14 +216,16 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
             });
-            var transaction = await SendAsync(server, "https://example.com/signin-google?code=TestCode");
+            var transaction = await server.SendAsync("https://example.com/signin-google?code=TestCode");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.InternalServerError);
         }
 
 
 
-        [Fact]
-        public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState()
+        [Theory]
+        [InlineData(null)]
+        [InlineData("CustomIssuer")]
+        public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState(string claimsIssuer)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
@@ -237,6 +233,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
                 options.StateDataFormat = stateFormat;
+                options.ClaimsIssuer = claimsIssuer;
                 options.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
@@ -283,23 +280,24 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
-            var transaction = await SendAsync(server,
+            var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldBe("/me");
             transaction.SetCookie.Count.ShouldBe(2);
             transaction.SetCookie[0].ShouldContain(correlationKey);
-            transaction.SetCookie[1].ShouldContain(".AspNet.Cookie");
+            transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
 
             var authCookie = transaction.AuthenticationCookieValue;
-            transaction = await SendAsync(server, "https://example.com/me", authCookie);
+            transaction = await server.SendAsync("https://example.com/me", authCookie);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            transaction.FindClaimValue(ClaimTypes.Name).ShouldBe("Test Name");
-            transaction.FindClaimValue(ClaimTypes.NameIdentifier).ShouldBe("Test User ID");
-            transaction.FindClaimValue(ClaimTypes.GivenName).ShouldBe("Test Given Name");
-            transaction.FindClaimValue(ClaimTypes.Surname).ShouldBe("Test Family Name");
-            transaction.FindClaimValue(ClaimTypes.Email).ShouldBe("Test email");
+            var expectedIssuer = claimsIssuer ?? GoogleAuthenticationDefaults.AuthenticationScheme;
+            transaction.FindClaimValue(ClaimTypes.Name, expectedIssuer).ShouldBe("Test Name");
+            transaction.FindClaimValue(ClaimTypes.NameIdentifier, expectedIssuer).ShouldBe("Test User ID");
+            transaction.FindClaimValue(ClaimTypes.GivenName, expectedIssuer).ShouldBe("Test Given Name");
+            transaction.FindClaimValue(ClaimTypes.Surname, expectedIssuer).ShouldBe("Test Family Name");
+            transaction.FindClaimValue(ClaimTypes.Email, expectedIssuer).ShouldBe("Test email");
 
             // Ensure claims transformation 
             transaction.FindClaimValue("xform").ShouldBe("yup");
@@ -328,7 +326,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
-            var transaction = await SendAsync(server,
+            var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -358,7 +356,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
-            var transaction = await SendAsync(server,
+            var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
@@ -419,7 +417,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     OnAuthenticated = context =>
                         {
                             var refreshToken = context.RefreshToken;
-                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken) }, "Google"));
+                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
                             return Task.FromResult<object>(null);
                         }
                 };
@@ -430,17 +428,17 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
-            var transaction = await SendAsync(server,
+            var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldBe("/me");
             transaction.SetCookie.Count.ShouldBe(2);
             transaction.SetCookie[0].ShouldContain(correlationKey);
-            transaction.SetCookie[1].ShouldContain(".AspNet.Cookie");
+            transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
 
             var authCookie = transaction.AuthenticationCookieValue;
-            transaction = await SendAsync(server, "https://example.com/me", authCookie);
+            transaction = await server.SendAsync("https://example.com/me", authCookie);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
             transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
         }
@@ -453,40 +451,13 @@ namespace Microsoft.AspNet.Authentication.Google
             return res;
         }
 
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (!string.IsNullOrEmpty(cookieHeader))
-            {
-                request.Headers.Add("Cookie", cookieHeader);
-            }
-            var transaction = new Transaction
-            {
-                Request = request,
-                Response = await server.CreateClient().SendAsync(request),
-            };
-            if (transaction.Response.Headers.Contains("Set-Cookie"))
-            {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
-            }
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
-
-            if (transaction.Response.Content != null &&
-                transaction.Response.Content.Headers.ContentType != null &&
-                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
-            {
-                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
-            }
-            return transaction;
-        }
-
         private static TestServer CreateServer(Action<GoogleAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
             return TestServer.Create(app =>
             {
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationScheme = CookieAuthenticationScheme;
+                    options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
                     options.AutomaticAuthentication = true;
                 });
                 app.UseGoogleAuthentication(configureOptions);
@@ -502,7 +473,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     }
                     else if (req.Path == new PathString("/me"))
                     {
-                        Describe(res, context.User);
+                        res.Describe(context.User);
                     }
                     else if (req.Path == new PathString("/unauthorized"))
                     {
@@ -535,7 +506,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 services.AddAuthentication();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
-                    options.SignInScheme = CookieAuthenticationScheme;
+                    options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
                 });
                 services.ConfigureClaimsTransformation(p =>
                 {
@@ -547,79 +518,5 @@ namespace Microsoft.AspNet.Authentication.Google
             });
         }
 
-        private static void Describe(HttpResponse res, ClaimsPrincipal user)
-        {
-            res.StatusCode = 200;
-            res.ContentType = "text/xml";
-            var xml = new XElement("xml");
-            if (user != null)
-            {
-                foreach (var identity in user.Identities)
-                {
-                    xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
-                }
-            }
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
-                {
-                    xml.WriteTo(writer);
-                }
-                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
-            }
-        }
-
-        private class TestHttpMessageHandler : HttpMessageHandler
-        {
-            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
-
-            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
-            {
-                if (Sender != null)
-                {
-                    return Task.FromResult(Sender(request));
-                }
-
-                return Task.FromResult<HttpResponseMessage>(null);
-            }
-        }
-
-        private class Transaction
-        {
-            public HttpRequestMessage Request { get; set; }
-            public HttpResponseMessage Response { get; set; }
-
-            public IList<string> SetCookie { get; set; }
-
-            public string ResponseText { get; set; }
-            public XElement ResponseElement { get; set; }
-
-            public string AuthenticationCookieValue
-            {
-                get
-                {
-                    if (SetCookie != null && SetCookie.Count > 0)
-                    {
-                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet.Cookie="));
-                        if (authCookie != null)
-                        {
-                            return authCookie.Substring(0, authCookie.IndexOf(';'));
-                        }
-                    }
-
-                    return null;
-                }
-            }
-
-            public string FindClaimValue(string claimType)
-            {
-                var claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
-                if (claim == null)
-                {
-                    return null;
-                }
-                return claim.Attribute("value").Value;
-            }
-        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 1382fc6401..2d6baba35c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -1,16 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
-using System.Xml;
-using System.Xml.Linq;
 using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Builder;
@@ -43,13 +38,8 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
                         }
                     };
-                },
-                context =>
-                {
-                    context.Authentication.Challenge("Microsoft");
-                    return true;
                 });
-            var transaction = await SendAsync(server, "http://example.com/challenge");
+            var transaction = await server.SendAsync("http://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
             query.ShouldContain("custom=test");
@@ -63,13 +53,8 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 {
                     options.ClientId = "Test Client Id";
                     options.ClientSecret = "Test Client Secret";
-                },
-                context =>
-                {
-                    context.Authentication.Challenge("Microsoft");
-                    return true;
                 });
-            var transaction = await SendAsync(server, "http://example.com/challenge");
+            var transaction = await server.SendAsync("http://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
             location.ShouldContain("https://login.live.com/oauth20_authorize.srf");
@@ -83,7 +68,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("MsftTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("MsftTest"));
             var server = CreateServer(
                 options =>
                 {
@@ -127,15 +112,10 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                         OnAuthenticated = context =>
                         {
                             var refreshToken = context.RefreshToken;
-                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken) }));
+                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
                             return Task.FromResult<object>(null);
                         }
                     };
-                },
-                context =>
-                {
-                    Describe(context.Response, context.User);
-                    return true;
                 });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Microsoft";
@@ -143,34 +123,46 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
-            var transaction = await SendAsync(server,
+            var transaction = await server.SendAsync(
                 "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.ToString().ShouldBe("/me");
             transaction.SetCookie.Count.ShouldBe(2);
             transaction.SetCookie[0].ShouldContain(correlationKey);
-            transaction.SetCookie[1].ShouldContain(".AspNet.External");
+            transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
 
             var authCookie = transaction.AuthenticationCookieValue;
-            transaction = await SendAsync(server, "https://example.com/me", authCookie);
+            transaction = await server.SendAsync("https://example.com/me", authCookie);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
             transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
         }
 
-        private static TestServer CreateServer(Action<MicrosoftAccountAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<MicrosoftAccountAuthenticationOptions> configureOptions)
         {
             return TestServer.Create(app =>
             {
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationScheme = "External";
+                    options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
                     options.AutomaticAuthentication = true;
                 });
                 app.UseMicrosoftAccountAuthentication(configureOptions);
+
                 app.Use(async (context, next) =>
                 {
-                    if (handler == null || !handler(context))
+                    var req = context.Request;
+                    var res = context.Response;
+                    if (req.Path == new PathString("/challenge"))
+                    {
+                        context.Authentication.Challenge("Microsoft");
+                        res.StatusCode = 401;
+                    }
+                    else if (req.Path == new PathString("/me"))
+                    {
+                        res.Describe(context.User);
+                    }
+                    else
                     {
                         await next();
                     }
@@ -181,38 +173,11 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 services.AddAuthentication();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
-                    options.SignInScheme = "External";
+                    options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
                 });
             });
         }
 
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (!string.IsNullOrEmpty(cookieHeader))
-            {
-                request.Headers.Add("Cookie", cookieHeader);
-            }
-            var transaction = new Transaction
-            {
-                Request = request,
-                Response = await server.CreateClient().SendAsync(request),
-            };
-            if (transaction.Response.Headers.Contains("Set-Cookie"))
-            {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
-            }
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
-
-            if (transaction.Response.Content != null &&
-                transaction.Response.Content.Headers.ContentType != null &&
-                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
-            {
-                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
-            }
-            return transaction;
-        }
-
         private static HttpResponseMessage ReturnJsonResponse(object content)
         {
             var res = new HttpResponseMessage(HttpStatusCode.OK);
@@ -220,78 +185,5 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             res.Content = new StringContent(text, Encoding.UTF8, "application/json");
             return res;
         }
-
-        private static void Describe(HttpResponse res, ClaimsPrincipal principal)
-        {
-            res.StatusCode = 200;
-            res.ContentType = "text/xml";
-            var xml = new XElement("xml");
-            if (principal != null)
-            {
-                foreach (var identity in principal.Identities)
-                {
-                    xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
-                }
-            }
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
-                {
-                    xml.WriteTo(writer);
-                }
-                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
-            }
-        }
-
-        private class TestHttpMessageHandler : HttpMessageHandler
-        {
-            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
-
-            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
-            {
-                if (Sender != null)
-                {
-                    return Task.FromResult(Sender(request));
-                }
-
-                return Task.FromResult<HttpResponseMessage>(null);
-            }
-        }
-
-        private class Transaction
-        {
-            public HttpRequestMessage Request { get; set; }
-            public HttpResponseMessage Response { get; set; }
-            public IList<string> SetCookie { get; set; }
-            public string ResponseText { get; set; }
-            public XElement ResponseElement { get; set; }
-
-            public string AuthenticationCookieValue
-            {
-                get
-                {
-                    if (SetCookie != null && SetCookie.Count > 0)
-                    {
-                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet.External="));
-                        if (authCookie != null)
-                        {
-                            return authCookie.Substring(0, authCookie.IndexOf(';'));
-                        }
-                    }
-
-                    return null;
-                }
-            }
-
-            public string FindClaimValue(string claimType)
-            {
-                XElement claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
-                if (claim == null)
-                {
-                    return null;
-                }
-                return claim.Attribute("value").Value;
-            }
-        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index 7ae0db82b8..f21b00f79b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.Net;
 using System.Net.Http;
@@ -36,7 +35,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 };
             });
 
-            string newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
+            var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
             var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
             response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
         }
@@ -339,6 +338,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             services => services.AddAuthentication());
         }
 
+        // TODO: see if we can share the TestExtensions SendAsync method (only diff is auth header)
         private static async Task<Transaction> SendAsync(TestServer server, string uri, string authorizationHeader = null)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
@@ -364,14 +364,5 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
 
             return transaction;
         }
-
-        private class Transaction
-        {
-            public HttpRequestMessage Request { get; set; }
-            public HttpResponseMessage Response { get; set; }
-            public IList<string> SetCookie { get; set; }
-            public string ResponseText { get; set; }
-            public XElement ResponseElement { get; set; }
-        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
index 3f18ee6b94..1e6bea793e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.IdentityModel.Protocols;
 using System;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
index 01315805da..aa9e91e557 100644
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
@@ -1,12 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication;
 using Shouldly;
 using Xunit;
 
@@ -17,7 +15,7 @@ namespace Microsoft.AspNet.Authentication
         [Fact]
         public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
         {
-            HttpContext context = new DefaultHttpContext();
+            var context = new DefaultHttpContext();
             context.User.ShouldNotBe(null);
             context.User.Identity.IsAuthenticated.ShouldBe(false);
 
@@ -36,7 +34,7 @@ namespace Microsoft.AspNet.Authentication
         [Fact]
         public void AddingExistingIdentityChangesDefaultButPreservesPrior()
         {
-            HttpContext context = new DefaultHttpContext();
+            var context = new DefaultHttpContext();
             context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
 
             context.User.Identity.AuthenticationType.ShouldBe("Alpha");
diff --git a/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs b/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs
new file mode 100644
index 0000000000..b406f5813f
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs
@@ -0,0 +1,73 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.IO;
+using System.Linq;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.TestHost;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public static class TestExtensions
+    {
+        public const string CookieAuthenticationScheme = "External";
+
+        public static async Task<Transaction> SendAsync(this TestServer server, string uri, string cookieHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        public static void Describe(this HttpResponse res, ClaimsPrincipal principal)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (principal != null)
+            {
+                foreach (var identity in principal.Identities)
+                {
+                    xml.Add(identity.Claims.Select(claim => 
+                        new XElement("claim", new XAttribute("type", claim.Type), 
+                        new XAttribute("value", claim.Value), 
+                        new XAttribute("issuer", claim.Issuer))));
+                }
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/TestHttpMessageHandler.cs b/test/Microsoft.AspNet.Authentication.Test/TestHttpMessageHandler.cs
new file mode 100644
index 0000000000..1a93b16df5
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/TestHttpMessageHandler.cs
@@ -0,0 +1,24 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Http;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class TestHttpMessageHandler : HttpMessageHandler
+    {
+        public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
+
+        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+        {
+            if (Sender != null)
+            {
+                return Task.FromResult(Sender(request));
+            }
+
+            return Task.FromResult<HttpResponseMessage>(null);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Transaction.cs b/test/Microsoft.AspNet.Authentication.Test/Transaction.cs
new file mode 100644
index 0000000000..e32c3b9261
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/Transaction.cs
@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Xml.Linq;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class Transaction
+    {
+        public HttpRequestMessage Request { get; set; }
+        public HttpResponseMessage Response { get; set; }
+
+        public IList<string> SetCookie { get; set; }
+
+        public string ResponseText { get; set; }
+        public XElement ResponseElement { get; set; }
+
+        public string AuthenticationCookieValue
+        {
+            get
+            {
+                if (SetCookie != null && SetCookie.Count > 0)
+                {
+                    var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme + "="));
+                    if (authCookie != null)
+                    {
+                        return authCookie.Substring(0, authCookie.IndexOf(';'));
+                    }
+                }
+
+                return null;
+            }
+        }
+
+        public string FindClaimValue(string claimType, string issuer = null)
+        {
+            var claim = ResponseElement.Elements("claim")
+                .SingleOrDefault(elt => elt.Attribute("type").Value == claimType &&
+                    (issuer == null || elt.Attribute("issuer").Value == issuer));
+            if (claim == null)
+            {
+                return null;
+            }
+            return claim.Attribute("value").Value;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 0ad84b7f10..abbe3d37fa 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -1,8 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Text;
@@ -57,7 +55,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     context.Authentication.Challenge("Twitter");
                     return true;
                 });
-            var transaction = await SendAsync(server, "http://example.com/challenge");
+            var transaction = await server.SendAsync("http://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var query = transaction.Response.Headers.Location.Query;
             query.ShouldContain("custom=test");
@@ -95,7 +93,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     context.Authentication.Challenge("Twitter");
                     return true;
                 });
-            var transaction = await SendAsync(server, "http://example.com/challenge");
+            var transaction = await server.SendAsync("http://example.com/challenge");
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
             location.ShouldContain("https://twitter.com/oauth/authenticate?oauth_token=");
@@ -130,49 +128,5 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 });
             });
         }
-
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (!string.IsNullOrEmpty(cookieHeader))
-            {
-                request.Headers.Add("Cookie", cookieHeader);
-            }
-            var transaction = new Transaction
-            {
-                Request = request,
-                Response = await server.CreateClient().SendAsync(request),
-            };
-            if (transaction.Response.Headers.Contains("Set-Cookie"))
-            {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
-            }
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
-
-            return transaction;
-        }
-
-        private class TestHttpMessageHandler : HttpMessageHandler
-        {
-            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
-
-            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
-            {
-                if (Sender != null)
-                {
-                    return Task.FromResult(Sender(request));
-                }
-
-                return Task.FromResult<HttpResponseMessage>(null);
-            }
-        }
-
-        private class Transaction
-        {
-            public HttpRequestMessage Request { get; set; }
-            public HttpResponseMessage Response { get; set; }
-            public IList<string> SetCookie { get; set; }
-            public string ResponseText { get; set; }
-        }
     }
 }

From 434d158c7620fd75492ea5d03b6885246745b26c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 6 May 2015 14:24:20 -0700
Subject: [PATCH 226/900] Support custom name and role claims

---
 .../AuthorizationPolicy.cs                    |  4 +-
 .../AuthorizationPolicyBuilder.cs             | 16 ++---
 .../AuthorizationServiceExtensions.cs         | 12 ----
 .../ClaimsAuthorizationRequirement.cs         | 36 ++++++++++-
 .../DenyAnonymousAuthorizationRequirement.cs  | 17 ++++-
 .../NameAuthorizationRequirement.cs           | 35 ++++++++++
 .../Properties/Resources.Designer.cs          | 64 +++++--------------
 .../Resources.resx                            | 12 +---
 .../RolesAuthorizationRequirement.cs          | 47 ++++++++++++++
 .../ServiceCollectionExtensions.cs            |  2 -
 .../AuthorizationPolicyFacts.cs               | 10 ++-
 .../DefaultAuthorizationServiceTests.cs       | 45 +++++++++++++
 12 files changed, 209 insertions(+), 91 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
 create mode 100644 src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 3cc52abe5d..ef16f968c8 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Authorization
         public static AuthorizationPolicy Combine([NotNull] AuthorizationOptions options, [NotNull] IEnumerable<AuthorizeAttribute> attributes)
         {
             var policyBuilder = new AuthorizationPolicyBuilder();
-            bool any = false;
+            var any = false;
             foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>())
             {
                 any = true;
@@ -59,7 +59,7 @@ namespace Microsoft.AspNet.Authorization
                     policyBuilder.RequireRole(rolesSplit);
                     requireAnyAuthenticated = false;
                 }
-                string[] authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
+                var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
                 if (authTypesSplit != null && authTypesSplit.Any())
                 {
                     foreach (var authType in authTypesSplit)
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index 128545032c..f41fe73692 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -55,21 +55,13 @@ namespace Microsoft.AspNet.Authorization
 
         public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType, IEnumerable<string> requiredValues)
         {
-            Requirements.Add(new ClaimsAuthorizationRequirement
-            {
-                ClaimType = claimType,
-                AllowedValues = requiredValues
-            });
+            Requirements.Add(new ClaimsAuthorizationRequirement(claimType, requiredValues));
             return this;
         }
 
         public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType)
         {
-            Requirements.Add(new ClaimsAuthorizationRequirement
-            {
-                ClaimType = claimType,
-                AllowedValues = null
-            });
+            Requirements.Add(new ClaimsAuthorizationRequirement(claimType, allowedValues: null));
             return this;
         }
 
@@ -80,13 +72,13 @@ namespace Microsoft.AspNet.Authorization
 
         public AuthorizationPolicyBuilder RequireRole([NotNull] IEnumerable<string> roles)
         {
-            RequireClaim(ClaimTypes.Role, roles);
+            Requirements.Add(new RolesAuthorizationRequirement(roles));
             return this;
         }
 
         public AuthorizationPolicyBuilder RequireUserName([NotNull] string userName)
         {
-            RequireClaim(ClaimTypes.Name, userName);
+            Requirements.Add(new NameAuthorizationRequirement(userName));
             return this;
         }
 
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
index 298a2f0818..07619f37c7 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
@@ -20,12 +20,6 @@ namespace Microsoft.AspNet.Authorization
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
         public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
         {
-            // TODO RENABLE
-            //if (policy.ActiveAuthenticationSchemes != null && policy.ActiveAuthenticationSchemes.Any() && user != null)
-            //{
-            //    // Filter the user to only contain the active authentication types
-            //    user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationSchemes.Contains(i.AuthenticationScheme)));
-            //}
             return service.AuthorizeAsync(user, resource, policy.Requirements.ToArray());
         }
 
@@ -39,12 +33,6 @@ namespace Microsoft.AspNet.Authorization
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
         public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
         {
-            // TODO: REeanble
-            //if (policy.ActiveAuthenticationSchemes != null && policy.ActiveAuthenticationSchemes.Any() && user != null)
-            //{
-            //    // Filter the user to only contain the active authentication types
-            //    user = new ClaimsPrincipal(user.Identities.Where(i => policy.ActiveAuthenticationSchemes.Contains(i.AuthenticationScheme)));
-            //}
             return service.Authorize(user, resource, policy.Requirements.ToArray());
         }
 
diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
index b8994b8b7a..c5af9449b1 100644
--- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
@@ -1,15 +1,45 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
+using System.Linq;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
     // Must contain a claim with the specified name, and at least one of the required values
     // If AllowedValues is null or empty, that means any claim is valid
-    public class ClaimsAuthorizationRequirement : IAuthorizationRequirement
+    public class ClaimsAuthorizationRequirement : AuthorizationHandler<ClaimsAuthorizationRequirement>, IAuthorizationRequirement
     {
-        public string ClaimType { get; set; }
-        public IEnumerable<string> AllowedValues { get; set; }
+        public ClaimsAuthorizationRequirement([NotNull] string claimType, IEnumerable<string> allowedValues)
+        {
+            ClaimType = claimType;
+            AllowedValues = allowedValues;
+        }
+
+        public string ClaimType { get; }
+        public IEnumerable<string> AllowedValues { get; }
+
+        public override void Handle(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
+        {
+            if (context.User != null)
+            {
+                var found = false;
+                if (requirement.AllowedValues == null || !requirement.AllowedValues.Any())
+                {
+                    found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase));
+                }
+                else
+                {
+                    found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)
+                                                        && requirement.AllowedValues.Contains(c.Value, StringComparer.Ordinal));
+                }
+                if (found)
+                {
+                    context.Succeed(requirement);
+                }
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
index fce23a3dc8..92f48c1fe4 100644
--- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
@@ -1,9 +1,22 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authorization;
+using System.Linq;
 
 namespace Microsoft.AspNet.Authorization
 {
-    public class DenyAnonymousAuthorizationRequirement : IAuthorizationRequirement { }
+    public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement
+    {
+        public override void Handle(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
+        {
+            var user = context.User;
+            var userIsAnonymous =
+                user?.Identity == null ||
+                !user.Identities.Any(i => i.IsAuthenticated);
+            if (!userIsAnonymous)
+            {
+                context.Succeed(requirement);
+            }
+        }
+    }
 }
diff --git a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
new file mode 100644
index 0000000000..7d64f1b71c
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
@@ -0,0 +1,35 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.Framework.Internal;
+
+namespace Microsoft.AspNet.Authorization
+{
+    /// <summary>
+    /// Requirement that ensures a specific Name
+    /// </summary>
+    public class NameAuthorizationRequirement : AuthorizationHandler<NameAuthorizationRequirement>, IAuthorizationRequirement
+    {
+        public NameAuthorizationRequirement([NotNull] string requiredName)
+        {
+            RequiredName = requiredName;
+        }
+
+        public string RequiredName { get; }
+
+        public override void Handle(AuthorizationContext context, NameAuthorizationRequirement requirement)
+        {
+            if (context.User != null)
+            {
+                // REVIEW: Do we need to do normalization?  casing/loc?
+                if (context.User.Identities.Any(i => string.Equals(i.Name, requirement.RequiredName)))
+                {
+                    context.Succeed(requirement);
+                }
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
index b8ab205960..b627118275 100644
--- a/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
@@ -10,54 +10,6 @@ namespace Microsoft.AspNet.Authorization
         private static readonly ResourceManager _resourceManager
             = new ResourceManager("Microsoft.AspNet.Authorization.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
-        /// <summary>
-        /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
-        /// </summary>
-        internal static string Exception_DefaultDpapiRequiresAppNameKey
-        {
-            get { return GetString("Exception_DefaultDpapiRequiresAppNameKey"); }
-        }
-
-        /// <summary>
-        /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
-        /// </summary>
-        internal static string FormatException_DefaultDpapiRequiresAppNameKey()
-        {
-            return GetString("Exception_DefaultDpapiRequiresAppNameKey");
-        }
-
-        /// <summary>
-        /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
-        /// </summary>
-        internal static string Exception_UnhookAuthenticationStateType
-        {
-            get { return GetString("Exception_UnhookAuthenticationStateType"); }
-        }
-
-        /// <summary>
-        /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
-        /// </summary>
-        internal static string FormatException_UnhookAuthenticationStateType()
-        {
-            return GetString("Exception_UnhookAuthenticationStateType");
-        }
-
-        /// <summary>
-        /// The AuthenticationTokenProvider's required synchronous events have not been registered.
-        /// </summary>
-        internal static string Exception_AuthenticationTokenDoesNotProvideSyncMethods
-        {
-            get { return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods"); }
-        }
-
-        /// <summary>
-        /// The AuthenticationTokenProvider's required synchronous events have not been registered.
-        /// </summary>
-        internal static string FormatException_AuthenticationTokenDoesNotProvideSyncMethods()
-        {
-            return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods");
-        }
-
         /// <summary>
         /// The AuthorizationPolicy named: '{0}' was not found.
         /// </summary>
@@ -74,6 +26,22 @@ namespace Microsoft.AspNet.Authorization
             return string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyNotFound"), p0);
         }
 
+        /// <summary>
+        /// At least one role must be specified.
+        /// </summary>
+        internal static string Exception_RoleRequirementEmpty
+        {
+            get { return GetString("Exception_RoleRequirementEmpty"); }
+        }
+
+        /// <summary>
+        /// At least one role must be specified.
+        /// </summary>
+        internal static string FormatException_RoleRequirementEmpty()
+        {
+            return GetString("Exception_RoleRequirementEmpty");
+        }
+
         private static string GetString(string name, params string[] formatterNames)
         {
             var value = _resourceManager.GetString(name);
diff --git a/src/Microsoft.AspNet.Authorization/Resources.resx b/src/Microsoft.AspNet.Authorization/Resources.resx
index 3e72c4a2ce..ee3f8cd88a 100644
--- a/src/Microsoft.AspNet.Authorization/Resources.resx
+++ b/src/Microsoft.AspNet.Authorization/Resources.resx
@@ -117,16 +117,10 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <data name="Exception_DefaultDpapiRequiresAppNameKey" xml:space="preserve">
-    <value>The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.</value>
-  </data>
-  <data name="Exception_UnhookAuthenticationStateType" xml:space="preserve">
-    <value>The state passed to UnhookAuthentication may only be the return value from HookAuthentication.</value>
-  </data>
-  <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
-    <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
-  </data>
   <data name="Exception_AuthorizationPolicyNotFound" xml:space="preserve">
     <value>The AuthorizationPolicy named: '{0}' was not found.</value>
   </data>
+  <data name="Exception_RoleRequirementEmpty" xml:space="preserve">
+    <value>At least one role must be specified.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
new file mode 100644
index 0000000000..f3336237ea
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
@@ -0,0 +1,47 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.Framework.Internal;
+
+namespace Microsoft.AspNet.Authorization
+{
+    // Must belong to with one of specified roles
+    // If AllowedRoles is null or empty, that means any role is valid
+    public class RolesAuthorizationRequirement : AuthorizationHandler<RolesAuthorizationRequirement>, IAuthorizationRequirement
+    {
+        public RolesAuthorizationRequirement([NotNull] IEnumerable<string> allowedRoles)
+        {
+            if (allowedRoles.Count() == 0)
+            {
+                throw new InvalidOperationException(Resources.Exception_RoleRequirementEmpty);
+            }
+            AllowedRoles = allowedRoles;
+        }
+
+        public IEnumerable<string> AllowedRoles { get; }
+
+        public override void Handle(AuthorizationContext context, RolesAuthorizationRequirement requirement)
+        {
+            if (context.User != null)
+            {
+                bool found = false;
+                if (requirement.AllowedRoles == null || !requirement.AllowedRoles.Any())
+                {
+                    // Review: What do we want to do here?  No roles requested is auto success?
+                }
+                else
+                {
+                    found = requirement.AllowedRoles.Any(r => context.User.IsInRole(r));
+                }
+                if (found)
+                {
+                    context.Succeed(requirement);
+                }
+            }
+        }
+
+    }
+}
diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 4deced289f..d77512a64e 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -23,8 +23,6 @@ namespace Microsoft.Framework.DependencyInjection
         {
             services.AddOptions();
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
-            services.AddTransient<IAuthorizationHandler, ClaimsAuthorizationHandler>();
-            services.AddTransient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>();
             services.AddTransient<IAuthorizationHandler, PassThroughAuthorizationHandler>();
             return services;
         }
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 535e8d5278..208c53b1c3 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Linq;
 using Microsoft.AspNet.Authorization;
 using Xunit;
@@ -9,6 +10,12 @@ namespace Microsoft.AspNet.Authroization.Test
 {
     public class AuthorizationPolicyFacts
     {
+        [Fact]
+        public void RequireRoleThrowsIfEmpty()
+        {
+            Assert.Throws<InvalidOperationException>(() => new AuthorizationPolicyBuilder().RequireRole());
+        }
+
         [Fact]
         public void CanCombineAuthorizeAttributes()
         {
@@ -32,7 +39,8 @@ namespace Microsoft.AspNet.Authroization.Test
             Assert.True(combined.ActiveAuthenticationSchemes.Contains("roles"));
             Assert.Equal(4, combined.Requirements.Count());
             Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
-            Assert.Equal(3, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
+            Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
+            Assert.Equal(1, combined.Requirements.OfType<RolesAuthorizationRequirement>().Count());
         }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 4c26f10b3b..2683eddce6 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
@@ -504,6 +505,50 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.True(allowed);
         }
 
+        [Fact]
+        public async Task CanRequireUserNameWithDiffClaimType()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    options.AddPolicy("Hao", policy => policy.RequireUserName("Hao"));
+                });
+            });
+            var identity = new ClaimsIdentity("AuthType", "Name", "Role");
+            identity.AddClaim(new Claim("Name", "Hao"));
+            var user = new ClaimsPrincipal(identity);
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Hao");
+
+            // Assert
+            Assert.True(allowed);
+        }
+
+        [Fact]
+        public async Task CanRequireRoleWithDiffClaimType()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    options.AddPolicy("Hao", policy => policy.RequireRole("Hao"));
+                });
+            });
+            var identity = new ClaimsIdentity("AuthType", "Name", "Role");
+            identity.AddClaim(new Claim("Role", "Hao"));
+            var user = new ClaimsPrincipal(identity);
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, null, "Hao");
+
+            // Assert
+            Assert.True(allowed);
+        }
+
         [Fact]
         public async Task CanApproveAnyAuthenticatedUser()
         {

From dbdabeb9d2d01846967e98f5fc07530770b6c639 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 6 May 2015 14:24:58 -0700
Subject: [PATCH 227/900] Delete old handlers

---
 .../ClaimsAuthorizationHandler.cs             | 32 -------------------
 .../DenyAnonymousAuthorizationHandler.cs      | 22 -------------
 2 files changed, 54 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
 delete mode 100644 src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs

diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
deleted file mode 100644
index fed436ad45..0000000000
--- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationHandler.cs
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Linq;
-
-namespace Microsoft.AspNet.Authorization
-{
-    public class ClaimsAuthorizationHandler : AuthorizationHandler<ClaimsAuthorizationRequirement>
-    {
-        public override void Handle(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
-        {
-            if (context.User != null)
-            {
-                bool found = false;
-                if (requirement.AllowedValues == null || !requirement.AllowedValues.Any())
-                {
-                    found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase));
-                }
-                else
-                {
-                    found = context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)
-                                                        && requirement.AllowedValues.Contains(c.Value, StringComparer.Ordinal));
-                }
-                if (found)
-                {
-                    context.Succeed(requirement);
-                }
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
deleted file mode 100644
index 3c1c872b39..0000000000
--- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationHandler.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Linq;
-
-namespace Microsoft.AspNet.Authorization
-{
-    public class DenyAnonymousAuthorizationHandler : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>
-    {
-        public override void Handle(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
-        {
-            var user = context.User;
-            var userIsAnonymous =
-                user?.Identity == null ||
-                !user.Identities.Any(i => i.IsAuthenticated);
-            if (!userIsAnonymous)
-            {
-                context.Succeed(requirement);
-            }
-        }
-    }
-}

From 3cc6739c3d71fa6c4088336c95b97cbc66e78e58 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 6 May 2015 16:17:34 -0700
Subject: [PATCH 228/900] React to QueryString API change.

---
 .../CookieAuthenticationHandler.cs                              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index b002fc2d68..04852e390a 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -383,7 +383,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         Request.Host +
                         Request.PathBase +
                         Options.LoginPath +
-                        new QueryString(Options.ReturnUrlParameter, currentUri);
+                        QueryString.Create(Options.ReturnUrlParameter, currentUri);
                 }
 
                 var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);

From e57440f92c152e653ecdf7692dddb8eeafc16d4e Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 7 May 2015 09:41:05 -0700
Subject: [PATCH 229/900] React to common package name change

---
 src/Microsoft.AspNet.Authentication.Cookies/project.json        | 2 +-
 src/Microsoft.AspNet.Authentication.Facebook/project.json       | 2 +-
 src/Microsoft.AspNet.Authentication.Google/project.json         | 2 +-
 .../project.json                                                | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/project.json          | 2 +-
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json    | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json  | 2 +-
 src/Microsoft.AspNet.Authentication.Twitter/project.json        | 2 +-
 src/Microsoft.AspNet.Authentication/project.json                | 2 +-
 src/Microsoft.AspNet.Authorization/project.json                 | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index 7b42df350e..28127904db 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.WebEncoders": "1.0.0-*",
         "Newtonsoft.Json": "6.0.6"
     },
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index a14ab52da3..332385ca73 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index 72beb690aa..b7ffdd0bcf 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 6bd7bb3759..41ef74556b 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index a3409abf81..ba2cc53dc0 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index 570eb83469..e81bd34992 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 5f8e6d67a5..b61834b53e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support OpenIdConnect authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index a9d804bc2e..6b2ddf521d 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -3,7 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 6bda0f7daa..bdf51537ff 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -6,7 +6,7 @@
         "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Microsoft.Framework.WebEncoders": "1.0.0-*"
     },
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 71c918fc58..a0b9beb5d9 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -4,7 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Http.Features": "1.0.0-*",
         "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
     "frameworks": {

From 582f562bbb20fc76f37023086e2b2d861eb4d43d Mon Sep 17 00:00:00 2001
From: Hisham Abdullah Bin Ateya <hishamco_2007@hotmail.com>
Date: Tue, 5 May 2015 19:23:54 +0300
Subject: [PATCH 230/900] Using [NotNull] and 'nameof' operator

---
 .../CookieAuthenticationOptions.cs                       | 6 ++----
 .../FacebookAuthenticationMiddleware.cs                  | 4 ++--
 .../MicrosoftAccountAuthenticatedContext.cs              | 2 +-
 .../OAuthAuthenticationMiddleware.cs                     | 6 +++---
 .../OAuthBearerAuthenticationOptions.cs                  | 7 ++-----
 .../OpenIdConnectAuthenticationOptions.cs                | 9 +++------
 .../TwitterAuthenticationMiddleware.cs                   | 4 ++--
 .../CertificateSubjectPublicKeyInfoValidator.cs          | 4 ++--
 .../CertificateThumbprintValidator.cs                    | 2 +-
 9 files changed, 18 insertions(+), 26 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 966858fa69..52660955cf 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -5,6 +5,7 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -38,12 +39,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public string CookieName
         {
             get { return _cookieName; }
+            [param: NotNull]
             set
             {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("value");
-                }
                 _cookieName = value;
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index ad10432c51..4eab19ddb8 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -37,11 +37,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AppId"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppId)));
             }
             if (string.IsNullOrWhiteSpace(Options.AppSecret))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AppSecret"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppSecret)));
             }
 
             if (Options.Notifications == null)
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
index 7d6a31cd22..c5bfa3f9bb 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             JToken userId = User["id"];
             if (userId == null)
             {
-                throw new ArgumentException(Resources.Exception_MissingId, "user");
+                throw new ArgumentException(Resources.Exception_MissingId, nameof(user));
             }
 
             Id = userId.ToString();
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index e4357a68a6..f0be294c52 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -43,17 +43,17 @@ namespace Microsoft.AspNet.Authentication.OAuth
             // todo: review error handling
             if (string.IsNullOrWhiteSpace(Options.AuthenticationScheme))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthenticationScheme"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthenticationScheme)));
             }
 
             if (string.IsNullOrWhiteSpace(Options.ClientId))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientId"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientId)));
             }
 
             if (string.IsNullOrWhiteSpace(Options.ClientSecret))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ClientSecret"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientSecret)));
             }
 
             if (string.IsNullOrWhiteSpace(Options.AuthorizationEndpoint))
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index 00cc96c7a7..ebae57b9fc 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -7,6 +7,7 @@ using System.IdentityModel.Tokens;
 using System.Net.Http;
 using Microsoft.AspNet.Authentication;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
@@ -122,13 +123,9 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 return _securityTokenValidators;
             }
 
+            [param: NotNull]
             set
             {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("SecurityTokenValidators");
-                }
-
                 _securityTokenValidators = value;
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index b89699b14f..9e4bfa55d7 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -9,6 +9,7 @@ using System.Net.Http;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -110,7 +111,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 if (value <= TimeSpan.Zero)
                 {
-                    throw new ArgumentOutOfRangeException("BackchannelTimeout", value, Resources.OIDCH_0101_BackChallnelLessThanZero);
+                    throw new ArgumentOutOfRangeException(nameof(BackchannelTimeout), value, Resources.OIDCH_0101_BackChallnelLessThanZero);
                 }
 
                 _backchannelTimeout = value;
@@ -190,13 +191,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 return _protocolValidator;
             }
+            [param: NotNull]
             set
             {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("value");
-                }
-
                 _protocolValidator = value;
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index bcf3c4d878..1536bd8070 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -45,11 +45,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
         {
             if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ConsumerSecret"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerSecret)));
             }
             if (string.IsNullOrWhiteSpace(Options.ConsumerKey))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "ConsumerKey"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerKey)));
             }
 
             if (Options.Notifications == null)
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
index 0ea177d64a..11e827ae7f 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
@@ -36,12 +36,12 @@ namespace Microsoft.AspNet.Authentication
 
             if (_validBase64EncodedSubjectPublicKeyInfoHashes.Count == 0)
             {
-                throw new ArgumentOutOfRangeException("validBase64EncodedSubjectPublicKeyInfoHashes");
+                throw new ArgumentOutOfRangeException(nameof(validBase64EncodedSubjectPublicKeyInfoHashes));
             }
 
             if (_algorithm != SubjectPublicKeyInfoAlgorithm.Sha1 && _algorithm != SubjectPublicKeyInfoAlgorithm.Sha256)
             {
-                throw new ArgumentOutOfRangeException("algorithm");
+                throw new ArgumentOutOfRangeException(nameof(algorithm));
             }
 
             _algorithm = algorithm;
diff --git a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
index 6befa1ea42..6188375a1e 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication
 
             if (_validCertificateThumbprints.Count == 0)
             {
-                throw new ArgumentOutOfRangeException("validThumbprints");
+                throw new ArgumentOutOfRangeException(nameof(validThumbprints));
             }
         }
 

From 071de85e042de3715edeb0b541f2b62b9e423622 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 7 May 2015 14:10:59 -0700
Subject: [PATCH 231/900] React to Http namespace changes.

---
 .../FacebookAuthenticationHandler.cs                        | 2 +-
 .../TwitterAuthenticationHandler.cs                         | 6 +++---
 .../AuthenticationHandler.cs                                | 1 +
 .../ClaimsTransformationAuthenticationHandler.cs            | 2 +-
 .../HttpContextExtensions.cs                                | 3 ++-
 .../AuthenticationHandlerFacts.cs                           | 2 +-
 .../Cookies/Infrastructure/CookieChunkingTests.cs           | 1 +
 .../OpenIdConnect/OpenIdConnectHandlerTests.cs              | 2 +-
 .../SecurityHelperTests.cs                                  | 2 +-
 9 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index 3549eec2d2..291956409e 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -10,8 +10,8 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Collections;
 using Microsoft.AspNet.Http.Extensions;
+using Microsoft.AspNet.Http.Internal;
 using Microsoft.AspNet.WebUtilities;
 using Newtonsoft.Json.Linq;
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 61ff95e2f4..eecc1a0434 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -9,10 +9,10 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Collections;
-using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.Twitter.Messages;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Internal;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Logging;
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 674fec16ad..1d1d8e193f 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -8,6 +8,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.WebEncoders;
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
index 69563a8dea..4d896e152a 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
index eaa53c1b36..4617b02f4e 100644
--- a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
@@ -2,7 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index c858dee280..c531c17caa 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Internal;
 using Microsoft.Framework.Logging;
 using Xunit;
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 7c94ecadf8..425fa1742f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Internal;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 73350e6198..183ae60181 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -8,7 +8,6 @@
 using System;
 using System.Collections.Generic;
 using System.Net.Http;
-using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
@@ -16,6 +15,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Logging;
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
index aa9e91e557..1de266682f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
@@ -4,7 +4,7 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Internal;
 using Shouldly;
 using Xunit;
 

From 75474fe9facfc80672120fa5c7a6dc011edf4c40 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <Eilon@users.noreply.github.com>
Date: Tue, 12 May 2015 11:48:43 -0700
Subject: [PATCH 232/900] Update Home master -> Home dev

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index eac4268e4c..64ff041d5c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
 Contributing
 ======
 
-Information on contributing to this repo is in the [Contributing Guide](https://github.com/aspnet/Home/blob/master/CONTRIBUTING.md) in the Home repo.
+Information on contributing to this repo is in the [Contributing Guide](https://github.com/aspnet/Home/blob/dev/CONTRIBUTING.md) in the Home repo.

From bb2e12a8e611e0f7a2f54ee2fab15373c02d6fca Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 12 May 2015 13:52:32 -0700
Subject: [PATCH 233/900] Add sugar for UseClaimsTransformation

---
 ...laimsTransformationAppBuilderExtensions.cs | 30 +++++++++++++++++--
 .../ClaimsTransformationMiddleware.cs         | 14 +++++++--
 .../Google/GoogleMiddlewareTests.cs           | 18 ++++++-----
 3 files changed, 48 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index ae1e4d97ad..c18317f830 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -3,6 +3,8 @@
 
 using System;
 using Microsoft.AspNet.Authentication;
+using Microsoft.Framework.Internal;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,12 +17,34 @@ namespace Microsoft.AspNet.Builder
         /// Adds a claims transformation middleware to your web application pipeline.
         /// </summary>
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="configureOptions">Used to configure the options for the middleware</param>
-        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
         /// <returns>The original app parameter</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app)
         {
-            return app.UseMiddleware<ClaimsTransformationMiddleware>();
+            return app.UseClaimsTransformation(configureOptions: o => { }, optionsName: string.Empty);
+        }
+
+        /// <summary>
+        /// Adds a claims transformation middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <param name="configureOptions">Used to configure the options for the middleware</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, [NotNull] Action<ClaimsTransformationOptions> configureOptions)
+        {
+            return app.UseClaimsTransformation(configureOptions: configureOptions, optionsName: string.Empty);
+        }
+
+        /// <summary>
+        /// Adds a claims transformation middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <param name="configureOptions">Used to configure the options for the middleware</param>
+        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, [NotNull] Action<ClaimsTransformationOptions> configureOptions, [NotNull] string optionsName)
+        {
+            return app.UseMiddleware<ClaimsTransformationMiddleware>(
+                new ConfigureOptions<ClaimsTransformationOptions>(configureOptions) { Name = optionsName });
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index a8022d576a..0f785161c4 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -15,10 +15,18 @@ namespace Microsoft.AspNet.Authentication
 
         public ClaimsTransformationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IOptions<ClaimsTransformationOptions> options)
+            [NotNull] IOptions<ClaimsTransformationOptions> options,
+            ConfigureOptions<ClaimsTransformationOptions> configureOptions)
         {
-            // REVIEW: do we need to take ConfigureOptions<ClaimsTransformationOptions>??
-            Options = options.Options;
+            if (configureOptions != null)
+            {
+                Options = options.GetNamedOptions(configureOptions.Name);
+                configureOptions.Configure(Options, configureOptions.Name);
+            }
+            else
+            {
+                Options = options.Options;
+            }
             _next = next;
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 7e1dc417b1..0b02b78e91 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -461,7 +461,16 @@ namespace Microsoft.AspNet.Authentication.Google
                     options.AutomaticAuthentication = true;
                 });
                 app.UseGoogleAuthentication(configureOptions);
-                app.UseClaimsTransformation();
+                app.UseClaimsTransformation(o =>
+                {
+                    o.Transformation = p =>
+                    {
+                        var id = new ClaimsIdentity("xform");
+                        id.AddClaim(new Claim("xform", "yup"));
+                        p.AddIdentity(id);
+                        return p;
+                    };
+                });
                 app.Use(async (context, next) =>
                 {
                     var req = context.Request;
@@ -508,13 +517,6 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
                 });
-                services.ConfigureClaimsTransformation(p =>
-                {
-                    var id = new ClaimsIdentity("xform");
-                    id.AddClaim(new Claim("xform", "yup"));
-                    p.AddIdentity(id);
-                    return p;
-                });
             });
         }
 

From 17deab142da56b656bb2cd84dce294ca15135397 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 12 May 2015 13:57:23 -0700
Subject: [PATCH 234/900] AuthZ: Sugar to make resource parameter optional

---
 .../AuthorizationPolicy.cs                    |  6 +-
 .../AuthorizationServiceExtensions.cs         | 72 +++++++++++++++++++
 .../DefaultAuthorizationService.cs            |  5 +-
 .../IAuthorizationService.cs                  | 10 +--
 .../Properties/Resources.Designer.cs          | 16 +++++
 .../Resources.resx                            |  3 +
 .../DefaultAuthorizationServiceTests.cs       | 61 ++++++----------
 7 files changed, 128 insertions(+), 45 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index ef16f968c8..3799264508 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -10,8 +10,12 @@ namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationPolicy
     {
-        public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> activeAuthenticationSchemes)
+        public AuthorizationPolicy([NotNull] IEnumerable<IAuthorizationRequirement> requirements, [NotNull] IEnumerable<string> activeAuthenticationSchemes)
         {
+            if (requirements.Count() == 0)
+            {
+                throw new InvalidOperationException(Resources.Exception_AuthorizationPolicyEmpty);
+            }
             Requirements = new List<IAuthorizationRequirement>(requirements).AsReadOnly();
             ActiveAuthenticationSchemes = new List<string>(activeAuthenticationSchemes).AsReadOnly();
         }
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
index 07619f37c7..14951fa075 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
@@ -10,6 +10,18 @@ namespace Microsoft.AspNet.Authorization
 {
     public static class AuthorizationServiceExtensions
     {
+        /// <summary>
+        /// Checks if a user meets a specific requirement for the specified resource
+        /// </summary>
+        /// <param name="user"></param>
+        /// <param name="resource"></param>
+        /// <param name="requirement"></param>
+        /// <returns></returns>
+        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] IAuthorizationRequirement requirement)
+        {
+            return service.AuthorizeAsync(user, resource, new IAuthorizationRequirement[] { requirement });
+        }
+
         /// <summary>
         /// Checks if a user meets a specific authorization policy
         /// </summary>
@@ -23,6 +35,42 @@ namespace Microsoft.AspNet.Authorization
             return service.AuthorizeAsync(user, resource, policy.Requirements.ToArray());
         }
 
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="service">The authorization service.</param>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="policy">The policy to check against a specific context.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] AuthorizationPolicy policy)
+        {
+            return service.AuthorizeAsync(user, resource: null, policy: policy);
+        }
+
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="service">The authorization service.</param>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="policyName">The name of the policy to check against a specific context.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] string policyName)
+        {
+            return service.AuthorizeAsync(user, resource: null, policyName: policyName);
+        }
+
+        /// <summary>
+        /// Checks if a user meets a specific requirement for the specified resource
+        /// </summary>
+        /// <param name="user"></param>
+        /// <param name="resource"></param>
+        /// <param name="requirement"></param>
+        /// <returns></returns>
+        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] IAuthorizationRequirement requirement)
+        {
+            return service.Authorize(user, resource, new IAuthorizationRequirement[] { requirement });
+        }
+
         /// <summary>
         /// Checks if a user meets a specific authorization policy
         /// </summary>
@@ -36,5 +84,29 @@ namespace Microsoft.AspNet.Authorization
             return service.Authorize(user, resource, policy.Requirements.ToArray());
         }
 
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="service">The authorization service.</param>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="policy">The policy to check against a specific context.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] AuthorizationPolicy policy)
+        {
+            return service.Authorize(user, resource: null, requirements: policy.Requirements.ToArray());
+        }
+
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="service">The authorization service.</param>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="policyName">The name of the policy to check against a specific context.</param>
+        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] string policyName)
+        {
+            return service.Authorize(user, resource: null, policyName: policyName);
+        }
+
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index abc8662769..e66721a5c1 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -5,6 +5,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authorization
@@ -28,7 +29,7 @@ namespace Microsoft.AspNet.Authorization
                 : this.Authorize(user, resource, policy);
         }
 
-        public bool Authorize(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements)
+        public bool Authorize(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
         {
             var authContext = new AuthorizationContext(requirements, user, resource);
             foreach (var handler in _handlers)
@@ -38,7 +39,7 @@ namespace Microsoft.AspNet.Authorization
             return authContext.HasSucceeded;
         }
 
-        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements)
+        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
         {
             var authContext = new AuthorizationContext(requirements, user, resource);
             foreach (var handler in _handlers)
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
index dedfcc37c4..876fd76016 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
@@ -1,8 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Collections.Generic;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -18,7 +20,7 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource"></param>
         /// <param name="requirements"></param>
         /// <returns></returns>
-        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements);
+        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements);
 
         /// <summary>
         /// Checks if a user meets a specific set of requirements for the specified resource
@@ -27,7 +29,7 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource"></param>
         /// <param name="requirements"></param>
         /// <returns></returns>
-        bool Authorize(ClaimsPrincipal user, object resource, params IAuthorizationRequirement[] requirements);
+        bool Authorize(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements);
 
         /// <summary>
         /// Checks if a user meets a specific authorization policy
@@ -36,7 +38,7 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource">The resource the policy should be checked with.</param>
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName);
+        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] string policyName);
 
         /// <summary>
         /// Checks if a user meets a specific authorization policy
@@ -45,6 +47,6 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource">The resource the policy should be checked with.</param>
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        bool Authorize(ClaimsPrincipal user, object resource, string policyName);
+        bool Authorize(ClaimsPrincipal user, object resource, [NotNull] string policyName);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
index b627118275..29d82385f2 100644
--- a/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
@@ -26,6 +26,22 @@ namespace Microsoft.AspNet.Authorization
             return string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyNotFound"), p0);
         }
 
+        /// <summary>
+        /// AuthorizationPolicy must have at least one requirement.
+        /// </summary>
+        internal static string Exception_AuthorizationPolicyEmpty
+        {
+            get { return GetString("Exception_AuthorizationPolicyEmpty"); }
+        }
+
+        /// <summary>
+        /// AuthorizationPolicy must have at least one requirement.
+        /// </summary>
+        internal static string FormatException_AuthorizationPolicyEmpty(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyEmpty"), p0);
+        }
+
         /// <summary>
         /// At least one role must be specified.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authorization/Resources.resx b/src/Microsoft.AspNet.Authorization/Resources.resx
index ee3f8cd88a..a36e55d6b0 100644
--- a/src/Microsoft.AspNet.Authorization/Resources.resx
+++ b/src/Microsoft.AspNet.Authorization/Resources.resx
@@ -117,6 +117,9 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
+  <data name="Exception_AuthorizationPolicyEmpty" xml:space="preserve">
+    <value>AuthorizationPolicy must have at least one requirement.</value>
+  </data>
   <data name="Exception_AuthorizationPolicyNotFound" xml:space="preserve">
     <value>The AuthorizationPolicy named: '{0}' was not found.</value>
   </data>
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 2683eddce6..d5491164d8 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
@@ -47,7 +46,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -67,7 +66,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -94,7 +93,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -120,7 +119,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -146,7 +145,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -172,7 +171,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -196,7 +195,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -235,7 +234,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var user = new ClaimsPrincipal(new ClaimsIdentity());
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -261,7 +260,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.True(allowed);
@@ -281,7 +280,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.False(allowed);
@@ -304,7 +303,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
+            var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -325,7 +324,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
+            var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -342,7 +341,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
+            var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -375,7 +374,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Role, "Users") }, "AuthType"));
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
+            var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
             Assert.True(allowed);
@@ -396,7 +395,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
+            var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
             Assert.False(allowed);
@@ -421,36 +420,22 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.False(allowed);
         }
 
         [Fact]
-        public async Task PolicyFailsWithNoRequirements()
+        public void PolicyThrowsWithNoRequirements()
         {
-            // Arrange
-            var authorizationService = BuildAuthorizationService(services =>
+            Assert.Throws<InvalidOperationException>(() => BuildAuthorizationService(services =>
             {
                 services.ConfigureAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => { });
                 });
-            });
-            var user = new ClaimsPrincipal(
-                new ClaimsIdentity(
-                    new Claim[] {
-                        new Claim(ClaimTypes.Name, "Name"),
-                    },
-                    "AuthType")
-                );
-
-            // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Basic");
-
-            // Assert
-            Assert.False(allowed);
+            }));
         }
 
         [Fact]
@@ -473,7 +458,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Any");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Any");
 
             // Assert
             Assert.False(allowed);
@@ -499,7 +484,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Hao");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
             Assert.True(allowed);
@@ -521,7 +506,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var user = new ClaimsPrincipal(identity);
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Hao");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
             Assert.True(allowed);
@@ -543,7 +528,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var user = new ClaimsPrincipal(identity);
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, null, "Hao");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
             Assert.True(allowed);

From 538e1d6a8baca53f63f91a5b8f3debdfc70ba608 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 12 May 2015 11:30:25 -0700
Subject: [PATCH 235/900] Remove comments from project.json

---
 samples/SocialSample/project.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 020f08b1bb..024014140c 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -12,7 +12,6 @@
         "Kestrel": "1.0.0-*"
     },
     "commands": {
-        /* Note all servers must use the same address and port because these are pre-registered with the various providers. */
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:54540",
         "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:54540"
     },

From 468852550cfc467f5cb80bcf86e394cd48fe4e7c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 12 May 2015 15:49:49 -0700
Subject: [PATCH 236/900] Tweak  SecurityHelper.AddUserPrincipal logic

---
 .../SecurityHelper.cs                         | 20 ++++----
 .../SecurityHelperTests.cs                    | 47 +++++++++++++++++++
 2 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
index 617fe14a16..5f5c765b39 100644
--- a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
@@ -14,24 +15,23 @@ namespace Microsoft.AspNet.Authentication
     {
         /// <summary>
         /// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal
+        /// Merges a new claims principal, placing all new identities first, and eliminating
+        /// any empty unauthenticated identities from context.User
         /// </summary>
         /// <param name="identity"></param>
         public static void AddUserPrincipal([NotNull] HttpContext context, [NotNull] ClaimsPrincipal principal)
         {
+            var newPrincipal = new ClaimsPrincipal();
+            // New principal identities go first
+            newPrincipal.AddIdentities(principal.Identities);
+
+            // Then add any existing non empty or authenticated identities
             var existingPrincipal = context.User;
             if (existingPrincipal != null)
             {
-                foreach (var existingClaimsIdentity in existingPrincipal.Identities)
-                {
-                    // REVIEW: No longer use auth type for anything, so we could remove this check, except for the default one HttpContext.user creates
-                    // REVIEW: Need to ignore any identities that did not come from an authentication scheme?
-                    if (existingClaimsIdentity.IsAuthenticated)
-                    {
-                        principal.AddIdentity(existingClaimsIdentity);
-                    }
-                }
+                newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Count() > 0));
             }
-            context.User = principal;
+            context.User = newPrincipal;
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
index 1de266682f..a02283ab76 100644
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
@@ -56,5 +56,52 @@ namespace Microsoft.AspNet.Authentication
             principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
             principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
         }
+
+        [Fact]
+        public void AddingPreservesNewIdentitiesAndDropsEmpty()
+        {
+            var context = new DefaultHttpContext();
+            var existingPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
+            var identityNoAuthTypeWithClaim = new ClaimsIdentity();
+            identityNoAuthTypeWithClaim.AddClaim(new Claim("identityNoAuthTypeWithClaim", "yes"));
+            existingPrincipal.AddIdentity(identityNoAuthTypeWithClaim);
+            var identityEmptyWithAuthType = new ClaimsIdentity("empty");
+            existingPrincipal.AddIdentity(identityEmptyWithAuthType);
+            context.User = existingPrincipal;
+
+            context.User.Identity.IsAuthenticated.ShouldBe(false);
+
+            var newPrincipal = new ClaimsPrincipal();
+            var newEmptyIdentity = new ClaimsIdentity();
+            var identityTwo = new ClaimsIdentity("yep");
+            newPrincipal.AddIdentity(newEmptyIdentity);
+            newPrincipal.AddIdentity(identityTwo);
+
+            SecurityHelper.AddUserPrincipal(context, newPrincipal);
+
+            // Preserve newPrincipal order
+            context.User.Identity.IsAuthenticated.ShouldBe(false);
+            context.User.Identity.Name.ShouldBe(null);
+
+            var principal = context.User;
+            principal.Identities.Count().ShouldBe(4);
+            principal.Identities.Skip(0).First().ShouldBe(newEmptyIdentity);
+            principal.Identities.Skip(1).First().ShouldBe(identityTwo);
+            principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
+            principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
+
+            // This merge should drop newEmptyIdentity since its empty
+            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
+
+            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
+            context.User.Identity.Name.ShouldBe("Test3");
+
+            principal = context.User;
+            principal.Identities.Count().ShouldBe(4);
+            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
+            principal.Identities.Skip(1).First().ShouldBe(identityTwo);
+            principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
+            principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
+        }
     }
 }

From 4ec81538b9d9fff842acf560ec8bc803dcb2bb64 Mon Sep 17 00:00:00 2001
From: Henk Mollema <henkmollema@gmail.com>
Date: Wed, 13 May 2015 16:43:15 +0200
Subject: [PATCH 237/900] Reference to ASP.NET 5 instead of vNext in README

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 06a74de411..a676d4a87a 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 ASP.NET Security
 ========
 
-ASP.NET Security contains the security and authorization middlewares for ASP.NET vNext.
+ASP.NET Security contains the security and authorization middlewares for ASP.NET 5.
 
 This project is part of ASP.NET 5. You can find samples, documentation and getting started instructions for ASP.NET 5 at the [Home](https://github.com/aspnet/home) repo.

From d89f5d0f47df47d6a9993c6945195d334cd16c7a Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 12 May 2015 21:45:29 -0700
Subject: [PATCH 238/900] Move comment into Startup.cs

---
 samples/SocialSample/Startup.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 22c0e44a0a..eb6c74563b 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -15,6 +15,7 @@ using Newtonsoft.Json.Linq;
 
 namespace CookieSample
 {
+    /* Note all servers must use the same address and port because these are pre-registered with the various providers. */
     public class Startup
     {
         public void ConfigureServices(IServiceCollection services)
@@ -242,4 +243,4 @@ namespace CookieSample
             });
         }
     }
-}
\ No newline at end of file
+}

From af2c524352159a5e5765a5bec0d1451314bb8ae3 Mon Sep 17 00:00:00 2001
From: Kirthi Krishnamraju <kirthik@microsoft.com>
Date: Wed, 20 May 2015 18:20:35 -0700
Subject: [PATCH 239/900] React to aspnet/Configuration #195,#198

---
 .../CookieServiceCollectionExtensions.cs                        | 2 +-
 .../FacebookServiceCollectionExtensions.cs                      | 2 +-
 .../GoogleServiceCollectionExtensions.cs                        | 2 +-
 .../MicrosoftAccountServiceCollectionExtensions.cs              | 2 +-
 .../OAuthBearerServiceCollectionExtensions.cs                   | 2 +-
 .../OpenIdConnectServiceCollectionExtensions.cs                 | 2 +-
 .../TwitterServiceCollectionExtensions.cs                       | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index 256844abd8..c55cb9d5f0 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Configuration;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
index 771197b500..911dd18b81 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Facebook;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Configuration;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
index bb7ce223c6..c5f7041e44 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Google;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Configuration;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
index 556b1fb878..86b68230d6 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Configuration;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
index 51080737b2..76fb362d34 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OAuthBearer;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Configuration;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
index 8d2e9e3554..394ebe3f36 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Configuration;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
index 090b237dcc..553bd1ba88 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Twitter;
-using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.Configuration;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection

From 76bd1a2f1716a84c0137fef31c7bfa5f1530fd88 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Mon, 18 May 2015 12:08:30 -0700
Subject: [PATCH 240/900] Reacting to Caching api review changes

---
 .../MemoryCacheSessionStore.cs                  | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
index 0ed51dfb29..c07d706325 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -26,17 +26,16 @@ namespace CookieSessionSample
 
         public Task RenewAsync(string key, AuthenticationTicket ticket)
         {
-            _cache.Set(key, ticket, context =>
+            var options = new MemoryCacheEntryOptions();
+            var expiresUtc = ticket.Properties.ExpiresUtc;
+            if (expiresUtc.HasValue)
             {
-                var expiresUtc = ticket.Properties.ExpiresUtc;
-                if (expiresUtc.HasValue)
-                {
-                    context.SetAbsoluteExpiration(expiresUtc.Value);
-                }
-                context.SetSlidingExpiration(TimeSpan.FromHours(1)); // TODO: configurable.
+                options.SetAbsoluteExpiration(expiresUtc.Value);
+            }
+            options.SetSlidingExpiration(TimeSpan.FromHours(1)); // TODO: configurable.
+
+            _cache.Set(key, ticket, options);
 
-                return (AuthenticationTicket)context.State;
-            });
             return Task.FromResult(0);
         }
 

From e54d088c462b18c76a8f218b11ea2614e41622b6 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 22 May 2015 14:48:24 -0700
Subject: [PATCH 241/900] Fix issue with 401->403 not working with
 AutomaticAuthentication

---
 .../CookieAuthenticationHandler.cs            |  1 +
 .../AuthenticationHandler.cs                  |  3 ++-
 .../Cookies/CookieMiddlewareTests.cs          | 19 ++++++++++++++++---
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 04852e390a..11c74c8386 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -99,6 +99,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 await Options.Notifications.ValidatePrincipal(context);
 
+                AuthenticateCalled = true;
                 return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
             }
             catch (Exception exception)
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 1d1d8e193f..d3e2ff9a4e 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -59,7 +59,8 @@ namespace Microsoft.AspNet.Authentication
             get { return _baseOptions; }
         }
 
-        internal bool AuthenticateCalled { get; set; }
+        // REVIEW: Overriding Authenticate and not calling base requires manually calling this for 401-403 to work
+        protected bool AuthenticateCalled { get; set; }
 
         public IAuthenticationHandler PriorHandler { get; set; }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index c368365329..a3e9774f09 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -443,19 +443,27 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.True(transaction1.SetCookie.Contains("path=/base"));
         }
 
-        [Fact]
-        public async Task CookieTurns401To403IfAuthenticated()
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task CookieTurns401To403IfAuthenticated(bool automatic)
         {
             var clock = new TestClock();
             var server = CreateServer(options =>
             {
+                options.AutomaticAuthentication = automatic;
                 options.SystemClock = clock;
             }, 
             SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+            var url = "http://example.com/unauthorized";
+            if (automatic)
+            {
+                url += "auto";
+            }
+            var transaction2 = await SendAsync(server, url, transaction1.CookieNameValue);
 
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
         }
@@ -547,6 +555,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         var result = await context.Authentication.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                         context.Authentication.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
                     }
+                    else if (req.Path == new PathString("/unauthorizedauto"))
+                    {
+                        // Simulate Authorization failure 
+                        context.Authentication.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
+                    }
                     else if (req.Path == new PathString("/protected/CustomRedirect"))
                     {
                         context.Authentication.Challenge(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });

From 36b82b043d1f55457f5281608ecec8e7d2f7c4c7 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 27 May 2015 16:30:06 -0700
Subject: [PATCH 242/900] Updating to release NuGet.config

---
 NuGet.Config | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index da57d47267..0e74a4912d 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <clear />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
   </packageSources>
-</configuration>
\ No newline at end of file
+</configuration>

From 0b214a0e77933f59ed5e7706c45287af56a7f8d7 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 2 Jun 2015 12:17:22 -0700
Subject: [PATCH 243/900] * Changing IdentityModel package versions to beta5 *
 Updating NuGet.config to pick up packages from AzureAD feed.

---
 NuGet.Config                                                   | 1 +
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json   | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 0e74a4912d..ba5ab3d0b8 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -4,5 +4,6 @@
     <clear />
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
+    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstackrelease"/>
   </packageSources>
 </configuration>
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index e81bd34992..dff02afcb7 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -4,7 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta5-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index b61834b53e..0bf9f2d9e3 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -4,7 +4,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta4-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta5-*"
     },
     "frameworks": {
         "dnx451": {

From 6f935f8e28a4e2d6a811c89f27e3fce8825f53dd Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 2 Jun 2015 16:39:55 -0700
Subject: [PATCH 244/900] Updating to dev Azure AD feed

---
 NuGet.Config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index c94000b136..2a2b3aab07 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -3,6 +3,6 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
-    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstackrelease"/>
+    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
 </configuration>

From c6230f5de2be1b2f1ea5ac9a24591966d5ed8ad4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Sun, 24 May 2015 17:14:08 +0200
Subject: [PATCH 245/900] Fix invalid challenge in
 CookieAuthenticationHandler.ApplyResponseChallenge

---
 .../CookieAuthenticationHandler.cs            | 24 +++++++++----------
 .../Cookies/CookieMiddlewareTests.cs          |  4 ++--
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 11c74c8386..b790291ea9 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -363,30 +363,30 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return;
             }
 
-            var loginUri = string.Empty;
+            var redirectUri = string.Empty;
             if (ChallengeContext != null)
             {
-                loginUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
+                redirectUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
             }
 
             try
             {
-                if (string.IsNullOrWhiteSpace(loginUri))
+                if (string.IsNullOrWhiteSpace(redirectUri))
                 {
-                    var currentUri =
+                    redirectUri =
                         Request.PathBase +
                         Request.Path +
                         Request.QueryString;
-
-                    loginUri =
-                        Request.Scheme +
-                        "://" +
-                        Request.Host +
-                        Request.PathBase +
-                        Options.LoginPath +
-                        QueryString.Create(Options.ReturnUrlParameter, currentUri);
                 }
 
+                var loginUri =
+                    Request.Scheme +
+                    "://" +
+                    Request.Host +
+                    Request.PathBase +
+                    Options.LoginPath +
+                    QueryString.Create(Options.ReturnUrlParameter, redirectUri);
+
                 var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
                 Options.Notifications.ApplyRedirect(redirectContext);
             }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index a3e9774f09..a2628f0224 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -59,7 +59,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
-        public async Task ProtectedCustomRequestShouldRedirectToCustomLogin(bool auto)
+        public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri(bool auto)
         {
             var server = CreateServer(options =>
             {
@@ -73,7 +73,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             if (auto)
             {
                 Uri location = transaction.Response.Headers.Location;
-                location.ToString().ShouldBe("/CustomRedirect");
+                location.ToString().ShouldBe("http://example.com/login?ReturnUrl=%2FCustomRedirect");
             }
         }
 

From 5947b078736d3eb66fe67d78dc6c31041ce4dc77 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 5 Jun 2015 12:18:53 -0700
Subject: [PATCH 246/900] Remove stray Console.Writes from tests.

---
 .../Google/GoogleMiddlewareTests.cs                             | 2 --
 1 file changed, 2 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 0b02b78e91..0bbd57213c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -74,7 +74,6 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
-            Console.WriteLine(transaction.SetCookie);
             transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
         }
 
@@ -88,7 +87,6 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.AutomaticAuthentication = true;
             });
             var transaction = await server.SendAsync("https://example.com/401");
-            Console.WriteLine(transaction.SetCookie);
             transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
         }
 

From ab3cc8bcc77eb3983e93c4c12a74f42223b48476 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 12 Jun 2015 15:53:07 -0700
Subject: [PATCH 247/900] React to OnSendingHeaders rename.

---
 src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index d3e2ff9a4e..fd6950ff5b 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -76,7 +76,7 @@ namespace Microsoft.AspNet.Authentication
 
             RegisterAuthenticationHandler();
 
-            Response.OnSendingHeaders(OnSendingHeaderCallback, this);
+            Response.OnResponseStarting(OnSendingHeaderCallback, this);
 
             await InitializeCoreAsync();
 

From 7fcbefc86f89ec723327d14db7616850e5822c22 Mon Sep 17 00:00:00 2001
From: Hisham Abdullah Bin Ateya <hishamco_2007@hotmail.com>
Date: Thu, 11 Jun 2015 23:18:00 +0300
Subject: [PATCH 248/900] Using 'nameof' operator instead of magic strings

---
 .../CertificateSubjectKeyIdentifierValidator.cs                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
index 3e19a3e686..a4705a9546 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication
 
             if (_validSubjectKeyIdentifiers.Count == 0)
             {
-                throw new ArgumentOutOfRangeException("validSubjectKeyIdentifiers");
+                throw new ArgumentOutOfRangeException(nameof(_validSubjectKeyIdentifiers));
             }
         }
 

From 797e1287e383683597595b072c343d6c051d6b68 Mon Sep 17 00:00:00 2001
From: Hisham Abdullah Bin Ateya <hishamco_2007@hotmail.com>
Date: Thu, 11 Jun 2015 23:28:12 +0300
Subject: [PATCH 249/900] Using [NotNull]

---
 .../OAuthBearerAuthenticationOptions.cs       |  9 ++------
 .../OpenIdConnectAuthenticationHandler.cs     |  4 ++--
 .../OpenIdConnectAuthenticationOptions.cs     | 21 ++++---------------
 ...ertificateSubjectKeyIdentifierValidator.cs |  2 +-
 4 files changed, 9 insertions(+), 27 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index 8f632a7a53..7aa48deaa7 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -5,8 +5,8 @@ using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
-using Microsoft.IdentityModel.Protocols;
 using Microsoft.Framework.Internal;
+using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
@@ -140,14 +140,9 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             {
                 return _tokenValidationParameters;
             }
-
+            [param: NotNull]
             set
             {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("TokenValidationParameters");
-                }
-
                 _tokenValidationParameters = value;
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index cc132e9bb0..7e97628e14 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -528,9 +528,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// The value of the cookie is: "N".</remarks>
         private void WriteNonceCookie(string nonce)
         {
-            if (string.IsNullOrWhiteSpace(nonce))
+            if (string.IsNullOrEmpty(nonce))
             {
-                throw new ArgumentNullException("nonce");
+                throw new ArgumentNullException(nameof(nonce));
             }
 
             Response.Cookies.Append(
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 9e4bfa55d7..8e78a5b09e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -8,8 +8,8 @@ using System.IdentityModel.Tokens;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.IdentityModel.Protocols;
 using Microsoft.Framework.Internal;
+using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -252,13 +252,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 return _stateDataFormat;
             }
+            [param: NotNull]
             set
             {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("value");
-                }
-
                 _stateDataFormat = value;
             }
         }
@@ -272,13 +268,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 return _stringDataFormat;
             }
+            [param: NotNull]
             set
             {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("value");
-                }
-
                 _stringDataFormat = value;
             }
         }
@@ -315,14 +307,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 return _tokenValidationParameters;
             }
-
+            [param: NotNull]
             set
             {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("value");
-                }
-
                 _tokenValidationParameters = value;
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
index a4705a9546..ce13de2510 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication
 
             if (_validSubjectKeyIdentifiers.Count == 0)
             {
-                throw new ArgumentOutOfRangeException(nameof(_validSubjectKeyIdentifiers));
+                throw new ArgumentOutOfRangeException(nameof(validSubjectKeyIdentifiers));
             }
         }
 

From f6678a31dff97e555c9ee4f190a61732e0ff4589 Mon Sep 17 00:00:00 2001
From: Hisham Abdullah Bin Ateya <hishamco_2007@hotmail.com>
Date: Sat, 20 Jun 2015 22:53:01 +0300
Subject: [PATCH 250/900] Add AppVeyor, Travis build status

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index a676d4a87a..4ff3bef9cc 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,10 @@
 ASP.NET Security
 ========
 
+AppVeyor: [![AppVeyor](https://ci.appveyor.com/api/projects/status/m1l7adh2cwv488dt/branch/dev?svg=true)](https://ci.appveyor.com/project/aspnetci/Security/branch/dev)
+
+Travis:   [![Travis](https://travis-ci.org/aspnet/Security.svg?branch=dev)](https://travis-ci.org/aspnet/Security)
+
 ASP.NET Security contains the security and authorization middlewares for ASP.NET 5.
 
 This project is part of ASP.NET 5. You can find samples, documentation and getting started instructions for ASP.NET 5 at the [Home](https://github.com/aspnet/home) repo.

From fbfff98ec4601a42edbc76073ba14c2d7806ab7d Mon Sep 17 00:00:00 2001
From: Barry Dorrans <barryd@idunno.org>
Date: Mon, 22 Jun 2015 10:10:18 -0700
Subject: [PATCH 251/900] Add links to basic auth samples

Closes #209
---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 4ff3bef9cc..258cd88af6 100644
--- a/README.md
+++ b/README.md
@@ -8,3 +8,7 @@ Travis:   [![Travis](https://travis-ci.org/aspnet/Security.svg?branch=dev)](http
 ASP.NET Security contains the security and authorization middlewares for ASP.NET 5.
 
 This project is part of ASP.NET 5. You can find samples, documentation and getting started instructions for ASP.NET 5 at the [Home](https://github.com/aspnet/home) repo.
+
+### Notes
+
+ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.Security.BasicAuthentication).
\ No newline at end of file

From 0b2ff38345de5a3f49dbe3ed14641136d8860a1a Mon Sep 17 00:00:00 2001
From: Hisham Abdullah Bin Ateya <hishamco_2007@hotmail.com>
Date: Mon, 22 Jun 2015 21:01:50 +0300
Subject: [PATCH 252/900] Fix AppVeyor token

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 258cd88af6..3c7b467767 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 ASP.NET Security
 ========
 
-AppVeyor: [![AppVeyor](https://ci.appveyor.com/api/projects/status/m1l7adh2cwv488dt/branch/dev?svg=true)](https://ci.appveyor.com/project/aspnetci/Security/branch/dev)
+AppVeyor: [![AppVeyor](https://ci.appveyor.com/api/projects/status/fujhh8n956v5ohfd/branch/dev?svg=true)](https://ci.appveyor.com/project/aspnetci/Security/branch/dev)
 
 Travis:   [![Travis](https://travis-ci.org/aspnet/Security.svg?branch=dev)](https://travis-ci.org/aspnet/Security)
 

From 43b428941b40624e3e75fc8574f53b768cb73a7d Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Tue, 23 Jun 2015 11:06:12 -0700
Subject: [PATCH 253/900] Change hardcoded `bash` shebang to `env` -
 aspnet/Home#695 - support various `bash` installation locations - in
 particular, enable building on FreeBSD

---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index d81164353c..3ef874f9bd 100755
--- a/build.sh
+++ b/build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 if test `uname` = Darwin; then
     cachedir=~/Library/Caches/KBuild

From 3a8ea672eae590785a78d74777abb76bb9664130 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 25 Jun 2015 17:19:27 -0700
Subject: [PATCH 254/900] AuthN and AuthZ API changes (Async, Challenge)

---
 samples/CookieSample/Startup.cs               |   2 +-
 samples/CookieSessionSample/Startup.cs        |   2 +-
 samples/OpenIdConnectSample/Startup.cs        |   2 +-
 samples/SocialSample/Startup.cs               |   6 +-
 .../CookieAuthenticationHandler.cs            | 393 ++++++++++--------
 .../OAuthAuthenticationHandler.cs             |  94 ++---
 .../OAuthBearerAuthenticationHandler.cs       |  39 +-
 .../OpenIdConnectAuthenticationHandler.cs     |  61 +--
 .../TwitterAuthenticationHandler.cs           |  68 +--
 .../AuthenticationHandler.cs                  | 381 ++++++-----------
 .../AuthenticationMiddleware.cs               |   1 -
 ...thenticationServiceCollectionExtensions.cs |   8 +-
 ...aimsTransformationAuthenticationHandler.cs |  55 +--
 .../ClaimsTransformationMiddleware.cs         |   6 +-
 .../ClaimsTransformationOptions.cs            |  33 +-
 .../AuthorizationContext.cs                   |   8 +-
 .../AuthorizationHandler.cs                   |  29 +-
 .../AuthorizationOptions.cs                   |   3 +-
 .../AuthorizationPolicy.cs                    |   5 +-
 .../AuthorizationPolicyBuilder.cs             |   8 +-
 .../AuthorizeAttribute.cs                     |   2 +-
 .../ClaimsAuthorizationRequirement.cs         |   2 +-
 .../DefaultAuthorizationService.cs            |   1 +
 .../DelegateRequirement.cs                    |  22 +
 .../DenyAnonymousAuthorizationRequirement.cs  |   2 +-
 .../IAuthorizeData.cs                         |  14 +
 .../NameAuthorizationRequirement.cs           |   2 +-
 .../RolesAuthorizationRequirement.cs          |   2 +-
 .../AuthenticationHandlerFacts.cs             |  26 +-
 .../Cookies/CookieMiddlewareTests.cs          | 161 ++++---
 .../Facebook/FacebookMiddlewareTests.cs       |   6 +-
 .../Google/GoogleMiddlewareTests.cs           | 109 ++---
 .../MicrosoftAccountMiddlewareTests.cs        |  51 ++-
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |  33 +-
 .../OpenIdConnectHandlerTests.cs              |  16 +-
 .../OpenIdConnectMiddlewareTests.cs           |  12 +-
 .../Twitter/TwitterMiddlewareTests.cs         |  79 +++-
 .../DefaultAuthorizationServiceTests.cs       |  32 +-
 38 files changed, 933 insertions(+), 843 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
 create mode 100644 src/Microsoft.AspNet.Authorization/IAuthorizeData.cs

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 6547450e51..04694b7cfd 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -28,7 +28,7 @@ namespace CookieSample
                 if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
                     var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }));
-                    context.Authentication.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, user);
+                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index f0b1b5219b..5858c2c39f 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -36,7 +36,7 @@ namespace CookieSessionSample
                     {
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                     }
-                    context.Authentication.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(claims)));
+                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(claims)));
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 2077d802bb..b07d87da50 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -40,7 +40,7 @@ namespace OpenIdConnectSample
             {
                 if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
-                    context.Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+                    await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index eb6c74563b..62d9c83803 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -187,7 +187,7 @@ namespace CookieSample
                     {
                         // By default the client will be redirect back to the URL that issued the challenge (/login?authtype=foo),
                         // send them to the home page instead (/).
-                        context.Authentication.Challenge(authType, new AuthenticationProperties() { RedirectUri = "/" });
+                        await context.Authentication.ChallengeAsync(authType, new AuthenticationProperties() { RedirectUri = "/" });
                         return;
                     }
 
@@ -207,7 +207,7 @@ namespace CookieSample
             {
                 signoutApp.Run(async context =>
                 {
-                    context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
@@ -222,7 +222,7 @@ namespace CookieSample
                 if (string.IsNullOrEmpty(context.User.Identity.Name))
                 {
                     // The cookie middleware will intercept this 401 and redirect to /login
-                    context.Authentication.Challenge();
+                    await context.Authentication.ChallengeAsync();
                     return;
                 }
                 await next();
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index b790291ea9..66fe679bd1 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -8,6 +8,8 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication.Cookies
@@ -26,12 +28,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         private DateTimeOffset _renewExpiresUtc;
         private string _sessionKey;
 
-        protected override AuthenticationTicket AuthenticateCore()
-        {
-            return AuthenticateCoreAsync().GetAwaiter().GetResult();
-        }
-
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        public override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             AuthenticationTicket ticket = null;
             try
@@ -99,7 +96,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 await Options.Notifications.ValidatePrincipal(context);
 
-                AuthenticateCalled = true;
                 return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
             }
             catch (Exception exception)
@@ -115,19 +111,72 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
         }
 
-        protected override void ApplyResponseGrant()
+        private CookieOptions BuildCookieOptions()
         {
-            ApplyResponseGrantAsync().GetAwaiter().GetResult();
+            var cookieOptions = new CookieOptions
+            {
+                Domain = Options.CookieDomain,
+                HttpOnly = Options.CookieHttpOnly,
+                Path = Options.CookiePath ?? (RequestPathBase.HasValue ? RequestPathBase.ToString() : "/"),
+            };
+            if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
+            {
+                cookieOptions.Secure = Request.IsHttps;
+            }
+            else
+            {
+                cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
+            }
+            return cookieOptions;
         }
 
-        protected override async Task ApplyResponseGrantAsync()
+        private async Task ApplyCookie(AuthenticationTicket model)
         {
-            var signin = SignInContext;
-            var shouldSignin = signin != null;
-            var signout = SignOutContext;
-            var shouldSignout = signout != null;
+            var cookieOptions = BuildCookieOptions();
 
-            if (!(shouldSignin || shouldSignout || _shouldRenew))
+            model.Properties.IssuedUtc = _renewIssuedUtc;
+            model.Properties.ExpiresUtc = _renewExpiresUtc;
+
+            if (Options.SessionStore != null && _sessionKey != null)
+            {
+                await Options.SessionStore.RenewAsync(_sessionKey, model);
+                var principal = new ClaimsPrincipal(
+                    new ClaimsIdentity(
+                        new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
+                        Options.AuthenticationScheme));
+                model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+            }
+
+            var cookieValue = Options.TicketDataFormat.Protect(model);
+
+            if (model.Properties.IsPersistent)
+            {
+                cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
+            }
+
+            Options.CookieManager.AppendResponseCookie(
+                Context,
+                Options.CookieName,
+                cookieValue,
+                cookieOptions);
+
+            Response.Headers.Set(
+                HeaderNameCacheControl,
+                HeaderValueNoCache);
+
+            Response.Headers.Set(
+                HeaderNamePragma,
+                HeaderValueNoCache);
+
+            Response.Headers.Set(
+                HeaderNameExpires,
+                HeaderValueMinusOne);
+        }
+
+        protected override async Task FinishResponseAsync()
+        {
+            // Only renew if requested, and neither sign in or sign out was called
+            if (!_shouldRenew || SignInAccepted || SignOutAccepted)
             {
                 return;
             }
@@ -135,133 +184,89 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var model = await AuthenticateAsync();
             try
             {
-                var cookieOptions = new CookieOptions
+                await ApplyCookie(model);
+            }
+            catch (Exception exception)
+            {
+                var exceptionContext = new CookieExceptionContext(Context, Options,
+                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
+                Options.Notifications.Exception(exceptionContext);
+                if (exceptionContext.Rethrow)
                 {
-                    Domain = Options.CookieDomain,
-                    HttpOnly = Options.CookieHttpOnly,
-                    Path = Options.CookiePath ?? (RequestPathBase.HasValue ? RequestPathBase.ToString() : "/"),
-                };
-                if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
+                    throw;
+                }
+            }
+        }
+
+        protected override async Task HandleSignInAsync(SignInContext signin)
+        {
+            var model = await AuthenticateAsync();
+            try
+            {
+                var cookieOptions = BuildCookieOptions();
+
+                var signInContext = new CookieResponseSignInContext(
+                    Context,
+                    Options,
+                    Options.AuthenticationScheme,
+                    signin.Principal,
+                    new AuthenticationProperties(signin.Properties),
+                    cookieOptions);
+
+                DateTimeOffset issuedUtc;
+                if (signInContext.Properties.IssuedUtc.HasValue)
                 {
-                    cookieOptions.Secure = Request.IsHttps;
+                    issuedUtc = signInContext.Properties.IssuedUtc.Value;
                 }
                 else
                 {
-                    cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
+                    issuedUtc = Options.SystemClock.UtcNow;
+                    signInContext.Properties.IssuedUtc = issuedUtc;
                 }
 
-                if (shouldSignin)
+                if (!signInContext.Properties.ExpiresUtc.HasValue)
                 {
-                    var signInContext = new CookieResponseSignInContext(
-                        Context,
-                        Options,
-                        Options.AuthenticationScheme,
-                        signin.Principal,
-                        new AuthenticationProperties(signin.Properties),
-                        cookieOptions);
-
-                    DateTimeOffset issuedUtc;
-                    if (signInContext.Properties.IssuedUtc.HasValue)
-                    {
-                        issuedUtc = signInContext.Properties.IssuedUtc.Value;
-                    }
-                    else
-                    {
-                        issuedUtc = Options.SystemClock.UtcNow;
-                        signInContext.Properties.IssuedUtc = issuedUtc;
-                    }
-
-                    if (!signInContext.Properties.ExpiresUtc.HasValue)
-                    {
-                        signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
-                    }
-
-                    Options.Notifications.ResponseSignIn(signInContext);
-
-                    if (signInContext.Properties.IsPersistent)
-                    {
-                        var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
-                        signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
-                    }
-
-                    model = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
-                    if (Options.SessionStore != null)
-                    {
-                        if (_sessionKey != null)
-                        {
-                            await Options.SessionStore.RemoveAsync(_sessionKey);
-                        }
-                        _sessionKey = await Options.SessionStore.StoreAsync(model);
-                        var principal = new ClaimsPrincipal(
-                            new ClaimsIdentity(
-                                new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
-                                Options.ClaimsIssuer));
-                        model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
-                    }
-                    var cookieValue = Options.TicketDataFormat.Protect(model);
-
-                    Options.CookieManager.AppendResponseCookie(
-                        Context,
-                        Options.CookieName,
-                        cookieValue,
-                        signInContext.CookieOptions);
-
-                    var signedInContext = new CookieResponseSignedInContext(
-                        Context,
-                        Options,
-                        Options.AuthenticationScheme,
-                        signInContext.Principal,
-                        signInContext.Properties);
-
-                    Options.Notifications.ResponseSignedIn(signedInContext);
+                    signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
                 }
-                else if (shouldSignout)
+
+                Options.Notifications.ResponseSignIn(signInContext);
+
+                if (signInContext.Properties.IsPersistent)
                 {
-                    if (Options.SessionStore != null && _sessionKey != null)
+                    var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
+                    signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
+                }
+
+                model = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
+                if (Options.SessionStore != null)
+                {
+                    if (_sessionKey != null)
                     {
                         await Options.SessionStore.RemoveAsync(_sessionKey);
                     }
-
-                    var context = new CookieResponseSignOutContext(
-                        Context,
-                        Options,
-                        cookieOptions);
-
-                    Options.Notifications.ResponseSignOut(context);
-
-                    Options.CookieManager.DeleteCookie(
-                        Context,
-                        Options.CookieName,
-                        context.CookieOptions);
+                    _sessionKey = await Options.SessionStore.StoreAsync(model);
+                    var principal = new ClaimsPrincipal(
+                        new ClaimsIdentity(
+                            new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
+                            Options.ClaimsIssuer));
+                    model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                 }
-                else if (_shouldRenew)
-                {
-                    model.Properties.IssuedUtc = _renewIssuedUtc;
-                    model.Properties.ExpiresUtc = _renewExpiresUtc;
+                var cookieValue = Options.TicketDataFormat.Protect(model);
 
-                    if (Options.SessionStore != null && _sessionKey != null)
-                    {
-                        await Options.SessionStore.RenewAsync(_sessionKey, model);
-                        var principal = new ClaimsPrincipal(
-                            new ClaimsIdentity(
-                                new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
-                                Options.AuthenticationScheme));
-                        model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
-                    }
+                Options.CookieManager.AppendResponseCookie(
+                    Context,
+                    Options.CookieName,
+                    cookieValue,
+                    signInContext.CookieOptions);
 
-                    var cookieValue = Options.TicketDataFormat.Protect(model);
+                var signedInContext = new CookieResponseSignedInContext(
+                    Context,
+                    Options,
+                    Options.AuthenticationScheme,
+                    signInContext.Principal,
+                    signInContext.Properties);
 
-                    if (model.Properties.IsPersistent)
-                    {
-                        cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
-                    }
-
-                    Options.CookieManager.AppendResponseCookie(
-                        Context,
-                        Options.CookieName,
-                        cookieValue,
-                        cookieOptions);
-                }
+                Options.Notifications.ResponseSignedIn(signedInContext);
 
                 Response.Headers.Set(
                     HeaderNameCacheControl,
@@ -275,10 +280,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     HeaderNameExpires,
                     HeaderValueMinusOne);
 
-                var shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
-                var shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
+                var shouldLoginRedirect = Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
 
-                if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
+                if ((shouldLoginRedirect) && Response.StatusCode == 200)
                 {
                     var query = Request.Query;
                     var redirectUri = query.Get(Options.ReturnUrlParameter);
@@ -302,6 +306,69 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
         }
 
+        protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
+        {
+            var model = await AuthenticateAsync();
+            try
+            {
+                var cookieOptions = BuildCookieOptions();
+
+                if (Options.SessionStore != null && _sessionKey != null)
+                {
+                    await Options.SessionStore.RemoveAsync(_sessionKey);
+                }
+
+                var context = new CookieResponseSignOutContext(
+                    Context,
+                    Options,
+                    cookieOptions);
+
+                Options.Notifications.ResponseSignOut(context);
+
+                Options.CookieManager.DeleteCookie(
+                    Context,
+                    Options.CookieName,
+                    context.CookieOptions);
+
+                Response.Headers.Set(
+                    HeaderNameCacheControl,
+                    HeaderValueNoCache);
+
+                Response.Headers.Set(
+                    HeaderNamePragma,
+                    HeaderValueNoCache);
+
+                Response.Headers.Set(
+                    HeaderNameExpires,
+                    HeaderValueMinusOne);
+
+                var shouldLogoutRedirect = Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
+
+                if (shouldLogoutRedirect && Response.StatusCode == 200)
+                {
+                    var query = Request.Query;
+                    var redirectUri = query.Get(Options.ReturnUrlParameter);
+                    if (!string.IsNullOrWhiteSpace(redirectUri)
+                        && IsHostRelative(redirectUri))
+                    {
+                        var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
+                        Options.Notifications.ApplyRedirect(redirectContext);
+                    }
+                }
+            }
+            catch (Exception exception)
+            {
+                var exceptionContext = new CookieExceptionContext(Context, Options,
+                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
+                Options.Notifications.Exception(exceptionContext);
+                if (exceptionContext.Rethrow)
+                {
+                    throw;
+                }
+            }
+
+        }
+
         private static bool IsHostRelative(string path)
         {
             if (string.IsNullOrEmpty(path))
@@ -315,60 +382,49 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return path[0] == '/' && path[1] != '/' && path[1] != '\\';
         }
 
-        protected override void ApplyResponseChallenge()
+        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
-            if (ShouldConvertChallengeToForbidden())
+            // HandleForbidden by redirecting to AccessDeniedPath if set
+            if (Options.AccessDeniedPath.HasValue)
             {
-                // Handle 403 by redirecting to AccessDeniedPath if set
-                if (Options.AccessDeniedPath.HasValue)
+                try
                 {
-                    try
-                    {
-                        var accessDeniedUri =
-                            Request.Scheme +
-                            "://" +
-                            Request.Host +
-                            Request.PathBase +
-                            Options.AccessDeniedPath;
+                    var accessDeniedUri =
+                        Request.Scheme +
+                        "://" +
+                        Request.Host +
+                        Request.PathBase +
+                        Options.AccessDeniedPath;
 
-                        var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
-                        Options.Notifications.ApplyRedirect(redirectContext);
-                    }
-                    catch (Exception exception)
+                    var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
+                    Options.Notifications.ApplyRedirect(redirectContext);
+                }
+                catch (Exception exception)
+                {
+                    var exceptionContext = new CookieExceptionContext(Context, Options,
+                        CookieExceptionContext.ExceptionLocation.ApplyResponseChallenge, exception, ticket: null);
+                    Options.Notifications.Exception(exceptionContext);
+                    if (exceptionContext.Rethrow)
                     {
-                        var exceptionContext = new CookieExceptionContext(Context, Options,
-                            CookieExceptionContext.ExceptionLocation.ApplyResponseChallenge, exception, ticket: null);
-                        Options.Notifications.Exception(exceptionContext);
-                        if (exceptionContext.Rethrow)
-                        {
-                            throw;
-                        }
+                        throw;
                     }
                 }
-                else
-                {
-                    Response.StatusCode = 403;
-                }
-                return;
+                return Task.FromResult(true);
             }
-
-            if (Response.StatusCode != 401 || !Options.LoginPath.HasValue )
+            else
             {
-                return;
+                return base.HandleForbiddenAsync(context);
             }
+        }
 
-            // Automatic middleware should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && !Options.AutomaticAuthentication)
+        protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
+        {
+            if (!Options.LoginPath.HasValue)
             {
-                return;
-            }
-
-            var redirectUri = string.Empty;
-            if (ChallengeContext != null)
-            {
-                redirectUri = new AuthenticationProperties(ChallengeContext.Properties).RedirectUri;
+                return base.HandleUnauthorizedAsync(context);
             }
 
+            var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri;
             try
             {
                 if (string.IsNullOrWhiteSpace(redirectUri))
@@ -400,6 +456,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     throw;
                 }
             }
+            return Task.FromResult(true);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index d9c2183443..c5a8b0fc7f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -6,10 +6,11 @@ using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Extensions;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Newtonsoft.Json.Linq;
 
@@ -37,7 +38,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         public async Task<bool> InvokeReturnPathAsync()
         {
-            AuthenticationTicket ticket = await AuthenticateAsync();
+            var ticket = await AuthenticateAsync();
             if (ticket == null)
             {
                 Logger.LogWarning("Invalid return state, unable to redirect.");
@@ -56,7 +57,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             if (context.SignInScheme != null && context.Principal != null)
             {
-                Context.Authentication.SignIn(context.SignInScheme, context.Principal, context.Properties);
+                await Context.Authentication.SignInAsync(context.SignInScheme, context.Principal, context.Properties);
             }
 
             if (!context.IsRequestCompleted && context.RedirectUri != null)
@@ -73,17 +74,12 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return context.IsRequestCompleted;
         }
 
-        protected override AuthenticationTicket AuthenticateCore()
-        {
-            return AuthenticateCoreAsync().GetAwaiter().GetResult();
-        }
-
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        public override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             try
             {
-                IReadableStringCollection query = Request.Query;
+                var query = Request.Query;
 
                 // TODO: Is this a standard error returned by servers?
                 var value = query.Get("error");
@@ -94,8 +90,8 @@ namespace Microsoft.AspNet.Authentication.OAuth
                     return null;
                 }
 
-                string code = query.Get("code");
-                string state = query.Get("state");
+                var code = query.Get("code");
+                var state = query.Get("state");
 
                 properties = Options.StateDataFormat.Unprotect(state);
                 if (properties == null)
@@ -115,8 +111,8 @@ namespace Microsoft.AspNet.Authentication.OAuth
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                string requestPrefix = Request.Scheme + "://" + Request.Host;
-                string redirectUri = requestPrefix + RequestPathBase + Options.CallbackPath;
+                var requestPrefix = Request.Scheme + "://" + Request.Host;
+                var redirectUri = requestPrefix + RequestPathBase + Options.CallbackPath;
 
                 var tokens = await ExchangeCodeAsync(code, redirectUri);
 
@@ -151,11 +147,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.TokenEndpoint);
             requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
             requestMessage.Content = requestContent;
-            HttpResponseMessage response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
+            var response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
             response.EnsureSuccessStatusCode();
-            string oauthTokenResponse = await response.Content.ReadAsStringAsync();
+            var oauthTokenResponse = await response.Content.ReadAsStringAsync();
 
-            JObject oauth2Token = JObject.Parse(oauthTokenResponse);
+            var oauth2Token = JObject.Parse(oauthTokenResponse);
             return new TokenResponse(oauth2Token);
         }
 
@@ -169,40 +165,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
         }
 
-        protected override void ApplyResponseChallenge()
+        protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
-            if (ShouldConvertChallengeToForbidden())
-            {
-                Response.StatusCode = 403;
-                return;
-            }
+            var baseUri = Request.Scheme + "://" + Request.Host + Request.PathBase;
+            var currentUri = baseUri + Request.Path + Request.QueryString;
+            var redirectUri = baseUri + Options.CallbackPath;
 
-            if (Response.StatusCode != 401)
-            {
-                return;
-            }
-
-            // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && !Options.AutomaticAuthentication)
-            {
-                return;
-            }
-
-            string baseUri = Request.Scheme + "://" + Request.Host + Request.PathBase;
-
-            string currentUri = baseUri + Request.Path + Request.QueryString;
-
-            string redirectUri = baseUri + Options.CallbackPath;
-
-            AuthenticationProperties properties;
-            if (ChallengeContext == null)
-            {
-                properties = new AuthenticationProperties();
-            }
-            else
-            {
-                properties = new AuthenticationProperties(ChallengeContext.Properties);
-            }
+            var properties = new AuthenticationProperties(context.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = currentUri;
@@ -211,19 +180,35 @@ namespace Microsoft.AspNet.Authentication.OAuth
             // OAuth2 10.12 CSRF
             GenerateCorrelationId(properties);
 
-            string authorizationEndpoint = BuildChallengeUrl(properties, redirectUri);
+            var authorizationEndpoint = BuildChallengeUrl(properties, redirectUri);
 
             var redirectContext = new OAuthApplyRedirectContext(
                 Context, Options,
                 properties, authorizationEndpoint);
             Options.Notifications.ApplyRedirect(redirectContext);
+            return Task.FromResult(true);
+        }
+
+        protected override Task HandleSignOutAsync(SignOutContext context)
+        {
+            throw new NotSupportedException();
+        }
+
+        protected override Task HandleSignInAsync(SignInContext context)
+        {
+            throw new NotSupportedException();
+        }
+
+        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        {
+            throw new NotSupportedException();
         }
 
         protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
         {
-            string scope = FormatScope();
+            var scope = FormatScope();
 
-            string state = Options.StateDataFormat.Protect(properties);
+            var state = Options.StateDataFormat.Protect(properties);
 
             var queryBuilder = new QueryBuilder()
             {
@@ -241,10 +226,5 @@ namespace Microsoft.AspNet.Authentication.OAuth
             // OAuth2 3.3 space separated
             return string.Join(" ", Options.Scope);
         }
-
-        protected override void ApplyResponseGrant()
-        {
-            // N/A - No SignIn or SignOut support.
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index b088519509..6357a35af9 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -2,14 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.Linq;
-using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
 
@@ -19,16 +18,11 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
     {
         private OpenIdConnectConfiguration _configuration;
 
-        protected override AuthenticationTicket AuthenticateCore()
-        {
-            return AuthenticateCoreAsync().GetAwaiter().GetResult();
-        }
-
         /// <summary>
         /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
         /// </summary>
         /// <returns></returns>
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        public override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             string token = null;
             try
@@ -179,30 +173,21 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             }
         }
 
-        protected override void ApplyResponseChallenge()
+        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
-            ApplyResponseChallengeAsync().GetAwaiter().GetResult();
-        }
-
-        protected override async Task ApplyResponseChallengeAsync()
-        {
-            if (ShouldConvertChallengeToForbidden())
-            {
-                Response.StatusCode = 403;
-                return;
-            }
-
-            if ((Response.StatusCode != 401) || (ChallengeContext == null && !Options.AutomaticAuthentication))
-            {
-                return;
-            }
-
+            Response.StatusCode = 401;
             await Options.Notifications.ApplyChallenge(new AuthenticationChallengeNotification<OAuthBearerAuthenticationOptions>(Context, Options));
+            return false;
         }
 
-        protected override void ApplyResponseGrant()
+        protected override Task HandleSignOutAsync(SignOutContext context)
         {
-            // N/A
+            throw new NotSupportedException();
+        }
+
+        protected override Task HandleSignInAsync(SignInContext context)
+        {
+            throw new NotSupportedException();
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 7e97628e14..b542c2ef81 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -11,6 +11,8 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
 
@@ -38,18 +40,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
-        protected override void ApplyResponseGrant()
-        {
-            ApplyResponseGrantAsync().GetAwaiter().GetResult();
-        }
-
         /// <summary>
         /// Handles Signout
         /// </summary>
         /// <returns></returns>
-        protected override async Task ApplyResponseGrantAsync()
+        protected override async Task HandleSignOutAsync(SignOutContext signout)
         {
-            var signout = SignOutContext;
             if (signout != null)
             {
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -96,52 +92,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
-        protected override void ApplyResponseChallenge()
-        {
-            ApplyResponseChallengeAsync().GetAwaiter().GetResult();
-        }
-
         /// <summary>
         /// Responds to a 401 Challenge. Sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
         /// </summary>
         /// <returns></returns>
         /// <remarks>Uses log id's OIDCH-0026 - OIDCH-0050, next num: 37</remarks>
-        protected override async Task ApplyResponseChallengeAsync()
+        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
             Logger.LogDebug(Resources.OIDCH_0026_ApplyResponseChallengeAsync, this.GetType());
 
-            if (ShouldConvertChallengeToForbidden())
-            {
-                Logger.LogDebug(Resources.OIDCH_0027_401_ConvertedTo_403);
-                Response.StatusCode = 403;
-                return;
-            }
-
-            if (Response.StatusCode != 401)
-            {
-                Logger.LogDebug(Resources.OIDCH_0028_StatusCodeNot401, Response.StatusCode);
-                return;
-            }
-
-            // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && !Options.AutomaticAuthentication)
-            {
-                Logger.LogDebug(Resources.OIDCH_0029_ChallengeContextEqualsNull);
-                return;
-            }
-
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri if Options.DefaultToCurrentUriOnRedirect is true)
-            AuthenticationProperties properties;
-            if (ChallengeContext == null)
-            {
-                properties = new AuthenticationProperties();
-            }
-            else
-            {
-                properties = new AuthenticationProperties(ChallengeContext.Properties);
-            }
+            AuthenticationProperties properties = new AuthenticationProperties(context.Properties);
 
             if (!string.IsNullOrWhiteSpace(properties.RedirectUri))
             {
@@ -209,12 +172,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (redirectToIdentityProviderNotification.HandledResponse)
             {
                 Logger.LogInformation(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
-                return;
+                return true; // REVIEW: Make sure this should stop all other handlers
             }
             else if (redirectToIdentityProviderNotification.Skipped)
             {
                 Logger.LogInformation(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
-                return;
+                return false; // REVIEW: Make sure this should not stop all other handlers
             }
 
             var redirectUri = redirectToIdentityProviderNotification.ProtocolMessage.CreateAuthenticationRequestUrl();
@@ -224,11 +187,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
 
             Response.Redirect(redirectUri);
-        }
-
-        protected override AuthenticationTicket AuthenticateCore()
-        {
-            return AuthenticateCoreAsync().GetAwaiter().GetResult();
+            return true;
         }
 
         /// <summary>
@@ -236,7 +195,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
         /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        public override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             Logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
 
@@ -632,7 +591,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 if (ticket.Principal != null)
                 {
-                    Request.HttpContext.Authentication.SignIn(Options.SignInScheme, ticket.Principal, ticket.Properties);
+                    await Request.HttpContext.Authentication.SignInAsync(Options.SignInScheme, ticket.Principal, ticket.Properties);
                 }
 
                 // Redirect back to the original secured resource, if any.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index eecc1a0434..659b8b6aad 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -12,8 +12,10 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Twitter.Messages;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication.Twitter
@@ -42,12 +44,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             return false;
         }
 
-        protected override AuthenticationTicket AuthenticateCore()
-        {
-            return AuthenticateCoreAsync().GetAwaiter().GetResult();
-        }
-
-        protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
+        public override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             try
@@ -121,49 +118,18 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 return new AuthenticationTicket(properties, Options.AuthenticationScheme);
             }
         }
-        protected override void ApplyResponseChallenge()
+        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
-            ApplyResponseChallengeAsync().GetAwaiter().GetResult();
-        }
-
-        protected override async Task ApplyResponseChallengeAsync()
-        {
-            if (ShouldConvertChallengeToForbidden())
-            {
-                Response.StatusCode = 403;
-                return;
-            }
-
-            if (Response.StatusCode != 401)
-            {
-                return;
-            }
-
-            // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
-            if (ChallengeContext == null && !Options.AutomaticAuthentication)
-            {
-                return;
-            }
-
             var requestPrefix = Request.Scheme + "://" + Request.Host;
             var callBackUrl = requestPrefix + RequestPathBase + Options.CallbackPath;
 
-            AuthenticationProperties properties;
-            if (ChallengeContext == null)
-            {
-                properties = new AuthenticationProperties();
-            }
-            else
-            {
-                properties = new AuthenticationProperties(ChallengeContext.Properties);
-            }
+            var properties = new AuthenticationProperties(context.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = requestPrefix + Request.PathBase + Request.Path + Request.QueryString;
             }
 
             var requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, callBackUrl, properties);
-
             if (requestToken.CallbackConfirmed)
             {
                 var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
@@ -180,11 +146,13 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     Context, Options,
                     properties, twitterAuthenticationEndpoint);
                 Options.Notifications.ApplyRedirect(redirectContext);
+                return true;
             }
             else
             {
                 Logger.LogError("requestToken CallbackConfirmed!=true");
             }
+            return false; // REVIEW: Make sure this should not stop other handlers
         }
 
         public async Task<bool> InvokeReturnPathAsync()
@@ -208,7 +176,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             if (context.SignInScheme != null && context.Principal != null)
             {
-                Context.Authentication.SignIn(context.SignInScheme, context.Principal, context.Properties);
+                await Context.Authentication.SignInAsync(context.SignInScheme, context.Principal, context.Properties);
             }
 
             if (!context.IsRequestCompleted && context.RedirectUri != null)
@@ -225,6 +193,21 @@ namespace Microsoft.AspNet.Authentication.Twitter
             return context.IsRequestCompleted;
         }
 
+        protected override Task HandleSignOutAsync(SignOutContext context)
+        {
+            throw new NotSupportedException();
+        }
+
+        protected override Task HandleSignInAsync(SignInContext context)
+        {
+            throw new NotSupportedException();
+        }
+
+        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        {
+            throw new NotSupportedException();
+        }
+
         private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
         {
             Logger.LogVerbose("ObtainRequestToken");
@@ -380,10 +363,5 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 return Convert.ToBase64String(hash);
             }
         }
-
-        protected override void ApplyResponseGrant()
-        {
-            // N/A - No SignIn or SignOut support.
-        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index fd6950ff5b..d9933f5f74 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Security.Cryptography;
-using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
@@ -22,19 +21,12 @@ namespace Microsoft.AspNet.Authentication
     {
         private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
-        private Task<AuthenticationTicket> _authenticate;
-        private bool _authenticateInitialized;
-        private object _authenticateSyncLock;
-
-        private Task _applyResponse;
-        private bool _applyResponseInitialized;
-        private object _applyResponseSyncLock;
-
+        private bool _finishCalled;
         private AuthenticationOptions _baseOptions;
 
-        protected ChallengeContext ChallengeContext { get; set; }
-        protected SignInContext SignInContext { get; set; }
-        protected SignOutContext SignOutContext { get; set; }
+        protected bool SignInAccepted { get; set; }
+        protected bool SignOutAccepted { get; set; }
+        protected bool ChallengeCalled { get; set; }
 
         protected HttpContext Context { get; private set; }
 
@@ -59,13 +51,8 @@ namespace Microsoft.AspNet.Authentication
             get { return _baseOptions; }
         }
 
-        // REVIEW: Overriding Authenticate and not calling base requires manually calling this for 401-403 to work
-        protected bool AuthenticateCalled { get; set; }
-
         public IAuthenticationHandler PriorHandler { get; set; }
 
-        public bool Faulted { get; set; }
-
         protected async Task BaseInitializeAsync([NotNull] AuthenticationOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger, [NotNull] IUrlEncoder encoder)
         {
             _baseOptions = options;
@@ -76,9 +63,7 @@ namespace Microsoft.AspNet.Authentication
 
             RegisterAuthenticationHandler();
 
-            Response.OnResponseStarting(OnSendingHeaderCallback, this);
-
-            await InitializeCoreAsync();
+            Response.OnStarting(OnStartingCallback, this);
 
             if (BaseOptions.AutomaticAuthentication)
             {
@@ -90,50 +75,49 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        private static void OnSendingHeaderCallback(object state)
+        private static async Task OnStartingCallback(object state)
         {
-            AuthenticationHandler handler = (AuthenticationHandler)state;
-            handler.ApplyResponse();
+            var handler = (AuthenticationHandler)state;
+            await handler.FinishResponseOnce();
         }
 
-        protected virtual Task InitializeCoreAsync()
+        private async Task FinishResponseOnce()
+        {
+            if (!_finishCalled)
+            {
+                _finishCalled = true;
+                await FinishResponseAsync();
+                await HandleAutomaticChallengeIfNeeded();
+            }
+        }
+
+        /// <summary>
+        /// Hook that is called when the response about to be sent
+        /// </summary>
+        /// <returns></returns>
+        protected virtual Task FinishResponseAsync()
         {
             return Task.FromResult(0);
         }
 
+        private async Task HandleAutomaticChallengeIfNeeded()
+        {
+            if (!ChallengeCalled && BaseOptions.AutomaticAuthentication && Response.StatusCode == 401)
+            {
+                await HandleUnauthorizedAsync(new ChallengeContext(BaseOptions.AuthenticationScheme));
+            }
+        }
+
         /// <summary>
-        /// Called once per request after Initialize and Invoke.
+        /// Called once after Invoke by AuthenticationMiddleware.
         /// </summary>
         /// <returns>async completion</returns>
         internal async Task TeardownAsync()
         {
-            try
-            {
-                await ApplyResponseAsync();
-            }
-            catch (Exception)
-            {
-                try
-                {
-                    await TeardownCoreAsync();
-                }
-                catch (Exception)
-                {
-                    // Don't mask the original exception
-                }
-                UnregisterAuthenticationHandler();
-                throw;
-            }
-
-            await TeardownCoreAsync();
+            await FinishResponseOnce();
             UnregisterAuthenticationHandler();
         }
 
-        protected virtual Task TeardownCoreAsync()
-        {
-            return Task.FromResult(0);
-        }
-
         /// <summary>
         /// Called once by common code after initialization. If an authentication middleware responds directly to
         /// specifically known paths it must override this virtual, compare the request path to it's known paths, 
@@ -147,7 +131,7 @@ namespace Microsoft.AspNet.Authentication
             return Task.FromResult(false);
         }
 
-        public virtual void GetDescriptions(DescribeSchemesContext describeContext)
+        public void GetDescriptions(DescribeSchemesContext describeContext)
         {
             describeContext.Accept(BaseOptions.Description.Items);
 
@@ -157,36 +141,13 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual void Authenticate(AuthenticateContext context)
-        {
-            if (ShouldHandleScheme(context.AuthenticationScheme))
-            {
-                var ticket = Authenticate();
-                if (ticket?.Principal != null)
-                {
-                    AuthenticateCalled = true;
-                    context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
-                }
-                else
-                {
-                    context.NotAuthenticated();
-                }
-            }
-
-            if (PriorHandler != null)
-            {
-                PriorHandler.Authenticate(context);
-            }
-        }
-
-        public virtual async Task AuthenticateAsync(AuthenticateContext context)
+        public async Task AuthenticateAsync(AuthenticateContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
                 var ticket = await AuthenticateAsync();
                 if (ticket?.Principal != null)
                 {
-                    AuthenticateCalled = true;
                     context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
                 }
                 else
@@ -201,193 +162,66 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public AuthenticationTicket Authenticate()
-        {
-            return LazyInitializer.EnsureInitialized(
-                ref _authenticate,
-                ref _authenticateInitialized,
-                ref _authenticateSyncLock,
-                () =>
-                {
-                    return Task.FromResult(AuthenticateCore());
-                }).GetAwaiter().GetResult();
-        }
-
-        protected abstract AuthenticationTicket AuthenticateCore();
-
         /// <summary>
-        /// Causes the authentication logic in AuthenticateCore to be performed for the current request 
-        /// at most once and returns the results. Calling Authenticate more than once will always return 
-        /// the original value. 
-        /// 
-        /// This method should always be called instead of calling AuthenticateCore directly.
+        /// Calling Authenticate more than once should always return the original value. 
         /// </summary>
         /// <returns>The ticket data provided by the authentication logic</returns>
-        public Task<AuthenticationTicket> AuthenticateAsync()
-        {
-            return LazyInitializer.EnsureInitialized(
-                ref _authenticate,
-                ref _authenticateInitialized,
-                ref _authenticateSyncLock,
-                AuthenticateCoreAsync);
-        }
+        public abstract Task<AuthenticationTicket> AuthenticateAsync();
 
-        /// <summary>
-        /// The core authentication logic which must be provided by the handler. Will be invoked at most
-        /// once per request. Do not call directly, call the wrapping Authenticate method instead.
-        /// </summary>
-        /// <returns>The ticket data provided by the authentication logic</returns>
-        protected virtual Task<AuthenticationTicket> AuthenticateCoreAsync()
-        {
-            return Task.FromResult(AuthenticateCore());
-        }
-
-        private void ApplyResponse()
-        {
-            // If ApplyResponse already failed in the OnSendingHeaderCallback or TeardownAsync code path then a
-            // failed task is cached. If called again the same error will be re-thrown. This breaks error handling
-            // scenarios like the ability to display the error page or re-execute the request.
-            try
-            {
-                if (!Faulted)
-                {
-                    LazyInitializer.EnsureInitialized(
-                        ref _applyResponse,
-                        ref _applyResponseInitialized,
-                        ref _applyResponseSyncLock,
-                        () =>
-                        {
-                            ApplyResponseCore();
-                            return Task.FromResult(0);
-                        }).GetAwaiter().GetResult(); // Block if the async version is in progress.
-                }
-            }
-            catch (Exception)
-            {
-                Faulted = true;
-                throw;
-            }
-        }
-
-        protected virtual void ApplyResponseCore()
-        {
-            ApplyResponseGrant();
-            ApplyResponseChallenge();
-        }
-
-        /// <summary>
-        /// Causes the ApplyResponseCore to be invoked at most once per request. This method will be
-        /// invoked either earlier, when the response headers are sent as a result of a response write or flush,
-        /// or later, as the last step when the original async call to the middleware is returning.
-        /// </summary>
-        /// <returns></returns>
-        private async Task ApplyResponseAsync()
-        {
-            // If ApplyResponse already failed in the OnSendingHeaderCallback or TeardownAsync code path then a
-            // failed task is cached. If called again the same error will be re-thrown. This breaks error handling
-            // scenarios like the ability to display the error page or re-execute the request.
-            try
-            {
-                if (!Faulted)
-                {
-                    await LazyInitializer.EnsureInitialized(
-                        ref _applyResponse,
-                        ref _applyResponseInitialized,
-                        ref _applyResponseSyncLock,
-                        ApplyResponseCoreAsync);
-                }
-            }
-            catch (Exception)
-            {
-                Faulted = true;
-                throw;
-            }
-        }
-
-        /// <summary>
-        /// Core method that may be overridden by handler. The default behavior is to call two common response 
-        /// activities, one that deals with sign-in/sign-out concerns, and a second to deal with 401 challenges.
-        /// </summary>
-        /// <returns></returns>
-        protected virtual async Task ApplyResponseCoreAsync()
-        {
-            await ApplyResponseGrantAsync();
-            await ApplyResponseChallengeAsync();
-        }
-
-        protected abstract void ApplyResponseGrant();
-
-        /// <summary>
-        /// Override this method to dela with sign-in/sign-out concerns, if an authentication scheme in question
-        /// deals with grant/revoke as part of it's request flow. (like setting/deleting cookies)
-        /// </summary>
-        /// <returns></returns>
-        protected virtual Task ApplyResponseGrantAsync()
-        {
-            ApplyResponseGrant();
-            return Task.FromResult(0);
-        }
-
-        public virtual void SignIn(SignInContext context)
-        {
-            if (ShouldHandleScheme(context.AuthenticationScheme))
-            {
-                SignInContext = context;
-                SignOutContext = null;
-                context.Accept();
-            }
-
-            if (PriorHandler != null)
-            {
-                PriorHandler.SignIn(context);
-            }
-        }
-
-        public virtual void SignOut(SignOutContext context)
-        {
-            if (ShouldHandleScheme(context.AuthenticationScheme))
-            {
-                SignInContext = null;
-                SignOutContext = context;
-                context.Accept();
-            }
-
-            if (PriorHandler != null)
-            {
-                PriorHandler.SignOut(context);
-            }
-        }
-
-        public virtual void Challenge(ChallengeContext context)
-        {
-            if (ShouldHandleScheme(context.AuthenticationScheme))
-            {
-                ChallengeContext = context;
-                context.Accept();
-            }
-
-            if (PriorHandler != null)
-            {
-                PriorHandler.Challenge(context);
-            }
-        }
-
-        protected abstract void ApplyResponseChallenge();
-
-        public virtual bool ShouldHandleScheme(string authenticationScheme)
+        public bool ShouldHandleScheme(string authenticationScheme)
         {
             return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
                 (BaseOptions.AutomaticAuthentication && string.IsNullOrWhiteSpace(authenticationScheme));
         }
 
-        public virtual bool ShouldConvertChallengeToForbidden()
+        public async Task SignInAsync(SignInContext context)
         {
-            // Return 403 iff 401 and this handler's authenticate was called
-            // and the challenge is for the authentication type
-            return Response.StatusCode == 401 &&
-                AuthenticateCalled &&
-                ChallengeContext != null &&
-                ShouldHandleScheme(ChallengeContext.AuthenticationScheme);
+            if (ShouldHandleScheme(context.AuthenticationScheme))
+            {
+                SignInAccepted = true;
+                await HandleSignInAsync(context);
+                context.Accept();
+            }
+
+            if (PriorHandler != null)
+            {
+                await PriorHandler.SignInAsync(context);
+            }
+        }
+
+        protected virtual Task HandleSignInAsync(SignInContext context)
+        {
+            return Task.FromResult(0);
+        }
+
+        public async Task SignOutAsync(SignOutContext context)
+        {
+            if (ShouldHandleScheme(context.AuthenticationScheme))
+            {
+                SignOutAccepted = true;
+                await HandleSignOutAsync(context);
+                context.Accept();
+            }
+
+            if (PriorHandler != null)
+            {
+                await PriorHandler.SignOutAsync(context);
+            }
+        }
+
+        protected virtual Task HandleSignOutAsync(SignOutContext context)
+        {
+            return Task.FromResult(0);
+        }
+
+        /// <summary>
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>True if no other handlers should be called</returns>
+        protected virtual Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        {
+            Response.StatusCode = 403;
+            return Task.FromResult(true);
         }
 
         /// <summary>
@@ -395,11 +229,48 @@ namespace Microsoft.AspNet.Authentication
         /// deals an authentication interaction as part of it's request flow. (like adding a response header, or
         /// changing the 401 result to 302 of a login page or external sign-in location.)
         /// </summary>
-        /// <returns></returns>
-        protected virtual Task ApplyResponseChallengeAsync()
+        /// <param name="context"></param>
+        /// <returns>True if no other handlers should be called</returns>
+        protected virtual Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
-            ApplyResponseChallenge();
-            return Task.FromResult(0);
+            Response.StatusCode = 401;
+            return Task.FromResult(false);
+        }
+
+        public async Task ChallengeAsync(ChallengeContext context)
+        {
+            bool handled = false;
+            ChallengeCalled = true;
+            if (ShouldHandleScheme(context.AuthenticationScheme))
+            {
+                switch (context.Behavior)
+                {
+                    case ChallengeBehavior.Automatic:
+                        // If there is a principal already, invoke the forbidden code path
+                        var ticket = await AuthenticateAsync();
+                        if (ticket?.Principal != null)
+                        {
+                            handled = await HandleForbiddenAsync(context);
+                        }
+                        else
+                        {
+                            handled = await HandleUnauthorizedAsync(context);
+                        }
+                        break;
+                    case ChallengeBehavior.Unauthorized:
+                        handled = await HandleUnauthorizedAsync(context);
+                        break;
+                    case ChallengeBehavior.Forbidden:
+                        handled = await HandleForbiddenAsync(context);
+                        break;
+                }
+                context.Accept();
+            }
+
+            if (!handled && PriorHandler != null)
+            {
+                await PriorHandler.ChallengeAsync(context);
+            }
         }
 
         protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index 188f903c49..b8b57d7472 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -67,7 +67,6 @@ namespace Microsoft.AspNet.Authentication
             {
                 try
                 {
-                    handler.Faulted = true;
                     await handler.TeardownAsync();
                 }
                 catch (Exception)
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index 0b6cfdb9f5..fb62323545 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Security.Claims;
+using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
 using Microsoft.Framework.Internal;
 
@@ -24,7 +25,12 @@ namespace Microsoft.Framework.DependencyInjection
 
         public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, ClaimsPrincipal> transform)
         {
-            return services.Configure<ClaimsTransformationOptions>(o => o.Transformation = transform);
+            return services.Configure<ClaimsTransformationOptions>(o => o.Transformer = new ClaimsTransformer { TransformSyncDelegate = transform });
+        }
+
+        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, Task<ClaimsPrincipal>> asyncTransform)
+        {
+            return services.Configure<ClaimsTransformationOptions>(o => o.Transformer = new ClaimsTransformer { TransformAsyncDelegate = asyncTransform });
         }
 
     }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
index 4d896e152a..ebc04cb696 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
@@ -1,8 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http.Features.Authentication;
 
@@ -13,56 +11,37 @@ namespace Microsoft.AspNet.Authentication
     /// </summary>
     public class ClaimsTransformationAuthenticationHandler : IAuthenticationHandler
     {
-        private readonly Func<ClaimsPrincipal, ClaimsPrincipal> _transform;
+        private readonly IClaimsTransformer _transform;
 
-        public ClaimsTransformationAuthenticationHandler(Func<ClaimsPrincipal, ClaimsPrincipal> transform)
+        public ClaimsTransformationAuthenticationHandler(IClaimsTransformer transform)
         {
             _transform = transform;
         }
 
         public IAuthenticationHandler PriorHandler { get; set; }
 
-        private void ApplyTransform(AuthenticateContext context)
-        {
-            if (_transform != null)
-            {
-                // REVIEW: this cast seems really bad (missing interface way to get the result back out?)
-                var authContext = context as AuthenticateContext;
-                if (authContext?.Principal != null)
-                {
-                    context.Authenticated(
-                        _transform.Invoke(authContext.Principal),
-                        authContext.Properties,
-                        authContext.Description);
-                }
-            }
-
-        }
-
-        public void Authenticate(AuthenticateContext context)
-        {
-            if (PriorHandler != null)
-            {
-                PriorHandler.Authenticate(context);
-                ApplyTransform(context);
-            }
-        }
-
         public async Task AuthenticateAsync(AuthenticateContext context)
         {
             if (PriorHandler != null)
             {
                 await PriorHandler.AuthenticateAsync(context);
-                ApplyTransform(context);
+                if (_transform != null && context?.Principal != null)
+                {
+                    context.Authenticated(
+                        await _transform.TransformAsync(context.Principal),
+                        context.Properties,
+                        context.Description);
+                }
             }
         }
 
-        public void Challenge(ChallengeContext context)
+        public Task ChallengeAsync(ChallengeContext context)
         {
             if (PriorHandler != null)
             {
-                PriorHandler.Challenge(context);
+                return PriorHandler.ChallengeAsync(context);
             }
+            return Task.FromResult(0);
         }
 
         public void GetDescriptions(DescribeSchemesContext context)
@@ -73,20 +52,22 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public void SignIn(SignInContext context)
+        public Task SignInAsync(SignInContext context)
         {
             if (PriorHandler != null)
             {
-                PriorHandler.SignIn(context);
+                return PriorHandler.SignInAsync(context);
             }
+            return Task.FromResult(0);
         }
 
-        public void SignOut(SignOutContext context)
+        public Task SignOutAsync(SignOutContext context)
         {
             if (PriorHandler != null)
             {
-                PriorHandler.SignOut(context);
+                return PriorHandler.SignOutAsync(context);
             }
+            return Task.FromResult(0);
         }
 
         public void RegisterAuthenticationHandler(IHttpAuthenticationFeature auth)
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index 0f785161c4..eb616d9fb9 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -34,12 +34,12 @@ namespace Microsoft.AspNet.Authentication
 
         public async Task Invoke(HttpContext context)
         {
-            var handler = new ClaimsTransformationAuthenticationHandler(Options.Transformation);
+            var handler = new ClaimsTransformationAuthenticationHandler(Options.Transformer);
             handler.RegisterAuthenticationHandler(context.GetAuthentication());
             try {
-                if (Options.Transformation != null)
+                if (Options.Transformer != null)
                 {
-                    context.User = Options.Transformation.Invoke(context.User);
+                    context.User = await Options.Transformer.TransformAsync(context.User);
                 }
                 await _next(context);
             }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
index 1eb76c82ac..acc1a5e499 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
@@ -3,11 +3,42 @@
 
 using System;
 using System.Security.Claims;
+using System.Threading.Tasks;
 
 namespace Microsoft.AspNet.Authentication
 {
     public class ClaimsTransformationOptions
     {
-        public Func<ClaimsPrincipal, ClaimsPrincipal> Transformation { get; set; }
+        public IClaimsTransformer Transformer { get; set; }
+    }
+
+    public interface IClaimsTransformer
+    {
+        Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal);
+        ClaimsPrincipal Transform(ClaimsPrincipal principal);
+    }
+
+    public class ClaimsTransformer : IClaimsTransformer
+    {
+        public Func<ClaimsPrincipal, Task<ClaimsPrincipal>> TransformAsyncDelegate { get; set; }
+        public Func<ClaimsPrincipal, ClaimsPrincipal> TransformSyncDelegate { get; set; }
+
+        public virtual ClaimsPrincipal Transform(ClaimsPrincipal principal)
+        {
+            if (TransformSyncDelegate != null)
+            {
+                return TransformSyncDelegate(principal);
+            }
+            return principal;
+        }
+
+        public virtual Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
+        {
+            if (TransformAsyncDelegate != null)
+            {
+                return TransformAsyncDelegate(principal);
+            }
+            return Task.FromResult(Transform(principal));
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
index b117f8851d..54f6b6bbc4 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
@@ -9,7 +9,7 @@ using Microsoft.Framework.Internal;
 namespace Microsoft.AspNet.Authorization
 {
     /// <summary>
-    /// Contains authorization information used by <see cref="IAuthorizationPolicyHandler"/>.
+    /// Contains authorization information used by <see cref="IAuthorizationHandler"/>.
     /// </summary>
     public class AuthorizationContext
     {
@@ -28,9 +28,9 @@ namespace Microsoft.AspNet.Authorization
             _pendingRequirements = new HashSet<IAuthorizationRequirement>(requirements);
         }
 
-        public IEnumerable<IAuthorizationRequirement> Requirements { get; private set; }
-        public ClaimsPrincipal User { get; private set; }
-        public object Resource { get; private set; }
+        public IEnumerable<IAuthorizationRequirement> Requirements { get; }
+        public ClaimsPrincipal User { get; }
+        public object Resource { get; }
 
         public IEnumerable<IAuthorizationRequirement> PendingRequirements { get { return _pendingRequirements; } }
 
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
index b682e43ffd..f5418841ab 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
@@ -17,14 +17,21 @@ namespace Microsoft.AspNet.Authorization
             }
         }
 
-        public virtual Task HandleAsync(AuthorizationContext context)
+        public virtual async Task HandleAsync(AuthorizationContext context)
         {
-            Handle(context);
-            return Task.FromResult(0);
+            foreach (var req in context.Requirements.OfType<TRequirement>())
+            {
+                await HandleAsync(context, req);
+            }
         }
 
-        // REVIEW: do we need an async hook too?
-        public abstract void Handle(AuthorizationContext context, TRequirement requirement);
+        protected abstract void Handle(AuthorizationContext context, TRequirement requirement);
+
+        protected virtual Task HandleAsync(AuthorizationContext context, TRequirement requirement)
+        {
+            Handle(context, requirement);
+            return Task.FromResult(0);
+        }
     }
 
     public abstract class AuthorizationHandler<TRequirement, TResource> : IAuthorizationHandler
@@ -34,17 +41,13 @@ namespace Microsoft.AspNet.Authorization
         public virtual async Task HandleAsync(AuthorizationContext context)
         {
             var resource = context.Resource as TResource;
-            // REVIEW: should we allow null resources?
-            if (resource != null)
+            foreach (var req in context.Requirements.OfType<TRequirement>())
             {
-                foreach (var req in context.Requirements.OfType<TRequirement>())
-                {
-                    await HandleAsync(context, req, resource);
-                }
+                await HandleAsync(context, req, resource);
             }
         }
 
-        public virtual Task HandleAsync(AuthorizationContext context, TRequirement requirement, TResource resource)
+        protected virtual Task HandleAsync(AuthorizationContext context, TRequirement requirement, TResource resource)
         {
             Handle(context, requirement, resource);
             return Task.FromResult(0);
@@ -63,6 +66,6 @@ namespace Microsoft.AspNet.Authorization
             }
         }
 
-        public abstract void Handle(AuthorizationContext context, TRequirement requirement, TResource resource);
+        protected abstract void Handle(AuthorizationContext context, TRequirement requirement, TResource resource);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
index 17d879329b..14da299d91 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
@@ -9,8 +9,7 @@ namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationOptions
     {
-        // TODO: make this case insensitive
-        private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>();
+        private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>(StringComparer.OrdinalIgnoreCase);
 
         public void AddPolicy([NotNull] string name, [NotNull] AuthorizationPolicy policy)
         {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 3799264508..6f2ecc79e9 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -20,15 +20,14 @@ namespace Microsoft.AspNet.Authorization
             ActiveAuthenticationSchemes = new List<string>(activeAuthenticationSchemes).AsReadOnly();
         }
 
-        public IReadOnlyList<IAuthorizationRequirement> Requirements { get; private set; }
-        public IReadOnlyList<string> ActiveAuthenticationSchemes { get; private set; }
+        public IReadOnlyList<IAuthorizationRequirement> Requirements { get; }
+        public IReadOnlyList<string> ActiveAuthenticationSchemes { get; }
 
         public static AuthorizationPolicy Combine([NotNull] params AuthorizationPolicy[] policies)
         {
             return Combine((IEnumerable<AuthorizationPolicy>)policies);
         }
 
-        // TODO: Add unit tests
         public static AuthorizationPolicy Combine([NotNull] IEnumerable<AuthorizationPolicy> policies)
         {
             var builder = new AuthorizationPolicyBuilder();
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index f41fe73692..7cc20d06b3 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Security.Claims;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
@@ -88,6 +88,12 @@ namespace Microsoft.AspNet.Authorization
             return this;
         }
 
+        public AuthorizationPolicyBuilder RequireDelegate([NotNull] Action<AuthorizationContext, DelegateRequirement> handler)
+        {
+            Requirements.Add(new DelegateRequirement(handler));
+            return this;
+        }
+
         public AuthorizationPolicy Build()
         {
             return new AuthorizationPolicy(Requirements, ActiveAuthenticationSchemes.Distinct());
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
index 42d757d8e6..cffc17dbd5 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
@@ -6,7 +6,7 @@ using System;
 namespace Microsoft.AspNet.Authorization
 {
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
-    public class AuthorizeAttribute : Attribute
+    public class AuthorizeAttribute : Attribute, IAuthorizeData
     {
         public AuthorizeAttribute() { }
 
diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
index c5af9449b1..fa061d28c8 100644
--- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
@@ -21,7 +21,7 @@ namespace Microsoft.AspNet.Authorization
         public string ClaimType { get; }
         public IEnumerable<string> AllowedValues { get; }
 
-        public override void Handle(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index e66721a5c1..bb3d888298 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -35,6 +35,7 @@ namespace Microsoft.AspNet.Authorization
             foreach (var handler in _handlers)
             {
                 handler.Handle(authContext);
+                //REVIEW: Do we want to consider short circuiting on failure
             }
             return authContext.HasSucceeded;
         }
diff --git a/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs b/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
new file mode 100644
index 0000000000..11e30c3e6b
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
@@ -0,0 +1,22 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Authorization
+{
+    public class DelegateRequirement : AuthorizationHandler<DelegateRequirement>, IAuthorizationRequirement
+    {
+        public Action<AuthorizationContext, DelegateRequirement> Handler { get; }
+
+        public DelegateRequirement(Action<AuthorizationContext, DelegateRequirement> handleMe)
+        {
+            Handler = handleMe;
+        }
+
+        protected override void Handle(AuthorizationContext context, DelegateRequirement requirement)
+        {
+            Handler.Invoke(context, requirement);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
index 92f48c1fe4..8dcc9b1eee 100644
--- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
@@ -7,7 +7,7 @@ namespace Microsoft.AspNet.Authorization
 {
     public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement
     {
-        public override void Handle(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
         {
             var user = context.User;
             var userIsAnonymous =
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs b/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs
new file mode 100644
index 0000000000..2571fb28e7
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs
@@ -0,0 +1,14 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Authorization
+{
+    public interface IAuthorizeData
+    {
+        string Policy { get; set; }
+
+        string Roles { get; set; }
+
+        string ActiveAuthenticationSchemes { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
index 7d64f1b71c..5798a0efd0 100644
--- a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
@@ -20,7 +20,7 @@ namespace Microsoft.AspNet.Authorization
 
         public string RequiredName { get; }
 
-        public override void Handle(AuthorizationContext context, NameAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationContext context, NameAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
diff --git a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
index f3336237ea..8521c43c12 100644
--- a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
@@ -23,7 +23,7 @@ namespace Microsoft.AspNet.Authorization
 
         public IEnumerable<string> AllowedRoles { get; }
 
-        public override void Handle(AuthorizationContext context, RolesAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationContext context, RolesAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index c531c17caa..e12d4e533c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -2,6 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.Framework.Logging;
 using Xunit;
@@ -59,17 +61,7 @@ namespace Microsoft.AspNet.Authentication
                 Options.AuthenticationScheme = scheme;
             }
 
-            protected override void ApplyResponseChallenge()
-            {
-                throw new NotImplementedException();
-            }
-
-            protected override void ApplyResponseGrant()
-            {
-                throw new NotImplementedException();
-            }
-
-            protected override AuthenticationTicket AuthenticateCore()
+            public override Task<AuthenticationTicket> AuthenticateAsync()
             {
                 throw new NotImplementedException();
             }
@@ -94,17 +86,7 @@ namespace Microsoft.AspNet.Authentication
                 Options.AutomaticAuthentication = auto;
             }
 
-            protected override void ApplyResponseChallenge()
-            {
-                throw new NotImplementedException();
-            }
-
-            protected override void ApplyResponseGrant()
-            {
-                throw new NotImplementedException();
-            }
-
-            protected override AuthenticationTicket AuthenticateCore()
+            public override Task<AuthenticationTicket> AuthenticateAsync()
             {
                 throw new NotImplementedException();
             }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index a2628f0224..9b8686c92d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -15,6 +15,7 @@ using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Shouldly;
@@ -50,7 +51,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized);
             if (auto)
             {
-                Uri location = transaction.Response.Headers.Location;
+                var location = transaction.Response.Headers.Location;
                 location.LocalPath.ShouldBe("/login");
                 location.Query.ShouldBe("?ReturnUrl=%2Fprotected");
             }
@@ -69,34 +70,32 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
-            transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized);
+            // REVIEW: Now when Cookies are not in auto, noone handles the challenge so the Status stays OK, is that reasonable??
+            transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.OK);
             if (auto)
             {
-                Uri location = transaction.Response.Headers.Location;
+                var location = transaction.Response.Headers.Location;
                 location.ToString().ShouldBe("http://example.com/login?ReturnUrl=%2FCustomRedirect");
             }
         }
 
         private Task SignInAsAlice(HttpContext context)
         {
-            context.Authentication.SignIn("Cookies",
+            return context.Authentication.SignInAsync("Cookies",
                 new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                 new AuthenticationProperties());
-            return Task.FromResult<object>(null);
         }
 
         private Task SignInAsWrong(HttpContext context)
         {
-            context.Authentication.SignIn("Oops",
+            return context.Authentication.SignInAsync("Oops",
                 new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                 new AuthenticationProperties());
-            return Task.FromResult<object>(null);
         }
 
         private Task SignOutAsWrong(HttpContext context)
         {
-            context.Authentication.SignOut("Oops");
-            return Task.FromResult<object>(null);
+            return context.Authentication.SignOutAsync("Oops");
         }
 
         [Fact]
@@ -241,17 +240,30 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }, 
             SignInAsAlice, 
             baseAddress: null, 
-            claimsTransform: o => o.Transformation = (p =>
+            claimsTransform: o => o.Transformer = new ClaimsTransformer
             {
-                if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                TransformSyncDelegate = p =>
                 {
-                    // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
-                    var id = new ClaimsIdentity("xform");
-                    id.AddClaim(new Claim("xform", "yup"));
-                    p.AddIdentity(id);
+                    if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                    {
+                        var id = new ClaimsIdentity("xform");
+                        id.AddClaim(new Claim("sync", "no"));
+                        p.AddIdentity(id);
+                    }
+                    return p;
+                },
+                TransformAsyncDelegate = p =>
+                {
+                    if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                    {
+                        // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
+                        var id = new ClaimsIdentity("xform");
+                        id.AddClaim(new Claim("xform", "yup"));
+                        p.AddIdentity(id);
+                    }
+                    return Task.FromResult(p);
                 }
-                return p;
-            }));
+            });
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
@@ -259,6 +271,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
             FindClaimValue(transaction2, "xform").ShouldBe("yup");
+            FindClaimValue(transaction2, "sync").ShouldBe(null);
 
         }
 
@@ -304,12 +317,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 options.SlidingExpiration = false;
             },
             context =>
-            {
-                context.Authentication.SignIn("Cookies",
+                context.Authentication.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
-                    new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) });
-                    return Task.FromResult<object>(null);
-            });
+                    new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) }));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
@@ -433,9 +443,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             context =>
             {
                 Assert.Equal(new PathString("/base"), context.Request.PathBase);
-                context.Authentication.SignIn("Cookies", 
+                return context.Authentication.SignInAsync("Cookies", 
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
-                return Task.FromResult<object>(null);
             },
             new Uri("http://example.com/base"));
 
@@ -446,7 +455,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
-        public async Task CookieTurns401To403IfAuthenticated(bool automatic)
+        public async Task CookieTurns401To403WithCookie(bool automatic)
         {
             var clock = new TestClock();
             var server = CreateServer(options =>
@@ -458,18 +467,56 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            var url = "http://example.com/unauthorized";
-            if (automatic)
-            {
-                url += "auto";
-            }
+            var url = "http://example.com/challenge";
             var transaction2 = await SendAsync(server, url, transaction1.CookieNameValue);
 
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
         }
 
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task CookieChallengeRedirectsToLoginWithoutCookie(bool automatic)
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.LoginPath = new PathString("/login");
+                options.AutomaticAuthentication = automatic;
+                options.AccessDeniedPath = new PathString("/accessdenied");
+                options.SystemClock = clock;
+            },
+            SignInAsAlice);
+
+            var url = "http://example.com/challenge";
+            var transaction = await SendAsync(server, url);
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/login");
+        }
+
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task CookieForbidTurns401To403WithoutCookie(bool automatic)
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthentication = automatic;
+                options.SystemClock = clock;
+            },
+            SignInAsAlice);
+
+            var url = "http://example.com/forbid";
+            var transaction = await SendAsync(server, url);
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+        }
+
         [Fact]
-        public async Task CookieTurns401ToAccessDeniedWhenSetAndIfAuthenticated()
+        public async Task CookieTurns401ToAccessDeniedWhenSetWithCookie()
         {
             var clock = new TestClock();
             var server = CreateServer(options =>
@@ -481,7 +528,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
+            var transaction2 = await SendAsync(server, "http://example.com/challenge", transaction1.CookieNameValue);
 
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
 
@@ -490,7 +537,23 @@ namespace Microsoft.AspNet.Authentication.Cookies
         }
 
         [Fact]
-        public async Task CookieDoesNothingTo401IfNotAuthenticated()
+        public async Task CookieChallengeDoesNothingIfNotAuthenticated()
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+            });
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/challenge", transaction1.CookieNameValue);
+
+            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+        }
+
+        [Fact]
+        public async Task CookieChallengeWithUnauthorizedRedirectsToLoginIfNotAuthenticated()
         {
             var clock = new TestClock();
             var server = CreateServer(options =>
@@ -549,29 +612,33 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     {
                         res.StatusCode = 401;
                     }
+                    else if (req.Path == new PathString("/forbid")) // Simulate forbidden 
+                    {
+                        await context.Authentication.ForbidAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    }
+                    else if (req.Path == new PathString("/challenge"))
+                    {
+                        await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    }
                     else if (req.Path == new PathString("/unauthorized"))
                     {
-                        // Simulate Authorization failure 
-                        var result = await context.Authentication.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                        context.Authentication.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
-                    }
-                    else if (req.Path == new PathString("/unauthorizedauto"))
-                    {
-                        // Simulate Authorization failure 
-                        context.Authentication.Challenge(CookieAuthenticationDefaults.AuthenticationScheme);
+                        await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
                     }
                     else if (req.Path == new PathString("/protected/CustomRedirect"))
                     {
-                        context.Authentication.Challenge(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
+                        await context.Authentication.ChallengeAsync(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
                     }
                     else if (req.Path == new PathString("/me"))
                     {
-                        Describe(res, new AuthenticationResult(context.User, new AuthenticationProperties(), new AuthenticationDescription()));
+                        var authContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
+                        authContext.Authenticated(context.User, properties: null, description: null);
+                        Describe(res, authContext);
                     }
                     else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
                     {
-                        var result = await context.Authentication.AuthenticateAsync(remainder.Value.Substring(1));
-                        Describe(res, result);
+                        var authContext = new AuthenticateContext(remainder.Value.Substring(1));
+                        await context.Authentication.AuthenticateAsync(authContext);
+                        Describe(res, authContext);
                     }
                     else if (req.Path == new PathString("/testpath") && testpath != null)
                     {
@@ -595,7 +662,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return server;
         }
 
-        private static void Describe(HttpResponse res, AuthenticationResult result)
+        private static void Describe(HttpResponse res, AuthenticateContext result)
         {
             res.StatusCode = 200;
             res.ContentType = "text/xml";
@@ -606,7 +673,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             if (result != null && result.Properties != null)
             {
-                xml.Add(result.Properties.Items.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
+                xml.Add(result.Properties.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
             }
             using (var memory = new MemoryStream())
             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 6279c0a8ea..7e01755674 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -51,7 +51,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 context =>
                 {
-                    context.Authentication.Challenge("Facebook");
+                    // REVIEW: Gross.
+                    context.Authentication.ChallengeAsync("Facebook").GetAwaiter().GetResult();
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -88,7 +89,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 context =>
                 {
-                    context.Authentication.Challenge("Facebook");
+                    // REVIEW: gross
+                    context.Authentication.ChallengeAsync("Facebook").GetAwaiter().GetResult();
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 0bbd57213c..c48409eedf 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -46,6 +46,42 @@ namespace Microsoft.AspNet.Authentication.Google
             location.ShouldNotContain("login_hint=");
         }
 
+        [Fact]
+        public async Task SignInThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signIn");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task SignOutThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task ForbidThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
         [Fact]
         public async Task Challenge401WillTriggerRedirection()
         {
@@ -134,7 +170,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge2"))
                     {
-                        context.Authentication.Challenge("Google", new AuthenticationProperties(
+                        return context.Authentication.ChallengeAsync("Google", new AuthenticationProperties(
                             new Dictionary<string, string>()
                             {
                                 { "scope", "https://www.googleapis.com/auth/plus.login" },
@@ -142,7 +178,6 @@ namespace Microsoft.AspNet.Authentication.Google
                                 { "approval_prompt", "force" },
                                 { "login_hint", "test@example.com" }
                             }));
-                        res.StatusCode = 401;
                     }
 
                     return Task.FromResult<object>(null);
@@ -177,35 +212,6 @@ namespace Microsoft.AspNet.Authentication.Google
             query.ShouldContain("custom=test");
         }
 
-        // TODO: Fix these tests to path (Need some test logic for Authenticate("Google") to return a ticket still
-        //[Fact]
-        //public async Task GoogleTurns401To403WhenAuthenticated()
-        //{
-        //    TestServer server = CreateServer(options =>
-        //    {
-        //        options.ClientId = "Test Id";
-        //        options.ClientSecret = "Test Secret";
-        //    });
-
-        //    Transaction transaction1 = await SendAsync(server, "http://example.com/unauthorized");
-        //    transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
-        //}
-
-        //[Fact]
-        //public async Task GoogleTurns401To403WhenAutomatic()
-        //{
-        //    TestServer server = CreateServer(options =>
-        //    {
-        //        options.ClientId = "Test Id";
-        //        options.ClientSecret = "Test Secret";
-        //        options.AutomaticAuthentication = true;
-        //    });
-
-        //    Debugger.Launch();
-        //    Transaction transaction1 = await SendAsync(server, "http://example.com/unauthorizedAuto");
-        //    transaction1.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
-        //}
-
         [Fact]
         public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
         {
@@ -218,8 +224,6 @@ namespace Microsoft.AspNet.Authentication.Google
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.InternalServerError);
         }
 
-
-
         [Theory]
         [InlineData(null)]
         [InlineData("CustomIssuer")]
@@ -459,24 +463,14 @@ namespace Microsoft.AspNet.Authentication.Google
                     options.AutomaticAuthentication = true;
                 });
                 app.UseGoogleAuthentication(configureOptions);
-                app.UseClaimsTransformation(o =>
-                {
-                    o.Transformation = p =>
-                    {
-                        var id = new ClaimsIdentity("xform");
-                        id.AddClaim(new Claim("xform", "yup"));
-                        p.AddIdentity(id);
-                        return p;
-                    };
-                });
+                app.UseClaimsTransformation();
                 app.Use(async (context, next) =>
                 {
                     var req = context.Request;
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge"))
                     {
-                        context.Authentication.Challenge("Google");
-                        res.StatusCode = 401;
+                        await context.Authentication.ChallengeAsync("Google");
                     }
                     else if (req.Path == new PathString("/me"))
                     {
@@ -486,18 +480,29 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         // Simulate Authorization failure 
                         var result = await context.Authentication.AuthenticateAsync("Google");
-                        context.Authentication.Challenge("Google");
+                        await context.Authentication.ChallengeAsync("Google");
                     }
                     else if (req.Path == new PathString("/unauthorizedAuto"))
                     {
                         var result = await context.Authentication.AuthenticateAsync("Google");
-                        res.StatusCode = 401;
-                        context.Authentication.Challenge();
+                        await context.Authentication.ChallengeAsync();
                     }
                     else if (req.Path == new PathString("/401"))
                     {
                         res.StatusCode = 401;
                     }
+                    else if (req.Path == new PathString("/signIn"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Google", new ClaimsPrincipal()));
+                    }
+                    else if (req.Path == new PathString("/signOut"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Google"));
+                    }
+                    else if (req.Path == new PathString("/forbid"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Google"));
+                    }
                     else if (testpath != null)
                     {
                         await testpath(context);
@@ -515,8 +520,14 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
                 });
+                services.ConfigureClaimsTransformation(p =>
+                {
+                    var id = new ClaimsIdentity("xform");
+                    id.AddClaim(new Claim("xform", "yup"));
+                    p.AddIdentity(id);
+                    return p;
+                });
             });
         }
-
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 2d6baba35c..253263fb54 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -45,6 +45,42 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             query.ShouldContain("custom=test");
         }
 
+        [Fact]
+        public async Task SignInThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signIn");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task SignOutThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task ForbidThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
@@ -155,13 +191,24 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge"))
                     {
-                        context.Authentication.Challenge("Microsoft");
-                        res.StatusCode = 401;
+                        await context.Authentication.ChallengeAsync("Microsoft");
                     }
                     else if (req.Path == new PathString("/me"))
                     {
                         res.Describe(context.User);
                     }
+                    else if (req.Path == new PathString("/signIn"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Microsoft", new ClaimsPrincipal()));
+                    }
+                    else if (req.Path == new PathString("/signOut"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Microsoft"));
+                    }
+                    else if (req.Path == new PathString("/forbid"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Microsoft"));
+                    }
                     else
                     {
                         await next();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index f21b00f79b..ce481bf6a1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -40,6 +40,29 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
         }
 
+        [Fact]
+        public async Task SignInThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthentication = true;
+            });
+            var transaction = await server.SendAsync("https://example.com/signIn");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task SignOutThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthentication = true;
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+
         [Fact]
         public async Task CustomHeaderReceived()
         {
@@ -326,9 +349,17 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     {
                         // Simulate Authorization failure 
                         var result = await context.Authentication.AuthenticateAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
-                        context.Authentication.Challenge(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
+                        await context.Authentication.ChallengeAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
                     }
 
+                    else if (context.Request.Path == new PathString("/signIn"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                    }
+                    else if (context.Request.Path == new PathString("/signOut"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme));
+                    }
                     else
                     {
                         await next();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 183ae60181..13357a162a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -549,26 +549,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             await base.BaseInitializeAsync(options, context, logger, encoder);
         }
 
-        public override bool ShouldHandleScheme(string authenticationScheme)
-        {
-            return true;
-        }
-
-        public override void Challenge(ChallengeContext context)
-        {
-        }
-
-        protected override void ApplyResponseChallenge()
-        {
-        }
-
-        protected override async Task ApplyResponseChallengeAsync()
+        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
             {
             };
 
             await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
+            return true;
         }
     }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 32aa028f03..e56da3b907 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -196,7 +196,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationScheme = "OpenIdConnect";
+                    options.AuthenticationScheme = OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
                 });
                 app.UseOpenIdConnectAuthentication(configureOptions);
                 app.Use(async (context, next) =>
@@ -205,21 +205,19 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge"))
                     {
-                        context.Authentication.Challenge("OpenIdConnect");
-                        res.StatusCode = 401;
+                        await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
                     }
                     else if (req.Path == new PathString("/signin"))
                     {
-                        // REVIEW: this used to just be res.SignIn()
-                        context.Authentication.SignIn("OpenIdConnect", new ClaimsPrincipal());
+                        await context.Authentication.SignInAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal());
                     }
                     else if (req.Path == new PathString("/signout"))
                     {
-                        context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
+                        await context.Authentication.SignOutAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
                     }
                     else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
                     {
-                        context.Authentication.SignOut(
+                        await context.Authentication.SignOutAsync(
                             OpenIdConnectAuthenticationDefaults.AuthenticationScheme,
                             new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
                     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index abbe3d37fa..eb5b00554d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -3,6 +3,7 @@
 using System;
 using System.Net;
 using System.Net.Http;
+using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
@@ -19,8 +20,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var server = CreateServer(
-                app => app.UseTwitterAuthentication(options =>
+            var server = CreateServer(options =>
                 {
                     options.ConsumerKey = "Test Consumer Key";
                     options.ConsumerSecret = "Test Consumer Secret";
@@ -49,10 +49,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
                         }
                     };
                     options.BackchannelCertificateValidator = null;
-                }),
-                context =>
+                },
+                context => 
                 {
-                    context.Authentication.Challenge("Twitter");
+                    // REVIEW: Gross
+                    context.Authentication.ChallengeAsync("Twitter").GetAwaiter().GetResult();
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -61,11 +62,47 @@ namespace Microsoft.AspNet.Authentication.Twitter
             query.ShouldContain("custom=test");
         }
 
+        [Fact]
+        public async Task SignInThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ConsumerKey = "Test Consumer Key";
+                options.ConsumerSecret = "Test Consumer Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signIn");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task SignOutThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ConsumerKey = "Test Consumer Key";
+                options.ConsumerSecret = "Test Consumer Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        [Fact]
+        public async Task ForbidThrows()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ConsumerKey = "Test Consumer Key";
+                options.ConsumerSecret = "Test Consumer Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
-            var server = CreateServer(
-                app => app.UseTwitterAuthentication(options =>
+            var server = CreateServer(options =>
                 {
                     options.ConsumerKey = "Test Consumer Key";
                     options.ConsumerSecret = "Test Consumer Secret";
@@ -87,10 +124,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
                         }
                     };
                     options.BackchannelCertificateValidator = null;
-                }),
+                },
                 context =>
                 {
-                    context.Authentication.Challenge("Twitter");
+                    // REVIEW: gross
+                    context.Authentication.ChallengeAsync("Twitter").GetAwaiter().GetResult();
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -99,7 +137,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             location.ShouldContain("https://twitter.com/oauth/authenticate?oauth_token=");
         }
 
-        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<TwitterAuthenticationOptions> configure, Func<HttpContext, bool> handler = null)
         {
             return TestServer.Create(app =>
             {
@@ -107,13 +145,24 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 {
                     options.AuthenticationScheme = "External";
                 });
-                if (configure != null)
-                {
-                    configure(app);
-                }
+                app.UseTwitterAuthentication(configure);
                 app.Use(async (context, next) =>
                 {
-                    if (handler == null || !handler(context))
+                    var req = context.Request;
+                    var res = context.Response;
+                    if (req.Path == new PathString("/signIn"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Twitter", new ClaimsPrincipal()));
+                    }
+                    else if (req.Path == new PathString("/signOut"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Twitter"));
+                    }
+                    else if (req.Path == new PathString("/forbid"))
+                    {
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Twitter"));
+                    }
+                    else if (handler == null || !handler(context))
                     {
                         await next();
                     }
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index d5491164d8..a3d9c21b14 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -582,7 +582,7 @@ namespace Microsoft.AspNet.Authorization.Test
         public class CustomRequirement : IAuthorizationRequirement { }
         public class CustomHandler : AuthorizationHandler<CustomRequirement>
         {
-            public override void Handle(AuthorizationContext context, CustomRequirement requirement)
+            protected override void Handle(AuthorizationContext context, CustomRequirement requirement)
             {
                 context.Succeed(requirement);
             }
@@ -638,7 +638,7 @@ namespace Microsoft.AspNet.Authorization.Test
 
             public bool Succeed { get; set; }
 
-            public override void Handle(AuthorizationContext context, PassThroughRequirement requirement)
+            protected override void Handle(AuthorizationContext context, PassThroughRequirement requirement)
             {
                 if (Succeed) {
                     context.Succeed(requirement);
@@ -668,6 +668,7 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.Equal(shouldSucceed, allowed);
         }
 
+        [Fact]
         public async Task CanCombinePolicies()
         {
             // Arrange
@@ -695,6 +696,7 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.True(allowed);
         }
 
+        [Fact]
         public async Task CombinePoliciesWillFailIfBasePolicyFails()
         {
             // Arrange
@@ -721,6 +723,7 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.False(allowed);
         }
 
+        [Fact]
         public async Task CombinedPoliciesWillFailIfExtraRequirementFails()
         {
             // Arrange
@@ -765,7 +768,7 @@ namespace Microsoft.AspNet.Authorization.Test
 
             private IEnumerable<OperationAuthorizationRequirement> _allowed;
 
-            public override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
+            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
             {
                 if (_allowed.Contains(requirement))
                 {
@@ -776,7 +779,7 @@ namespace Microsoft.AspNet.Authorization.Test
 
         public class SuperUserHandler : AuthorizationHandler<OperationAuthorizationRequirement>
         {
-            public override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement)
+            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement)
             {
                 if (context.User.HasClaim("SuperUser", "yes"))
                 {
@@ -785,6 +788,7 @@ namespace Microsoft.AspNet.Authorization.Test
             }
         }
 
+        [Fact]
         public async Task CanAuthorizeAllSuperuserOperations()
         {
             // Arrange
@@ -808,6 +812,7 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Create));
         }
 
+        [Fact]
         public async Task CanAuthorizeOnlyAllowedOperations()
         {
             // Arrange
@@ -824,5 +829,24 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Delete));
             Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Create));
         }
+
+        [Fact]
+        public void CanAuthorizeWithDelegateRequirement()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.ConfigureAuthorization(options =>
+                {
+                    options.AddPolicy("Basic", policy => policy.RequireDelegate((context, req) => context.Succeed(req)));
+                });
+            });
+            var user = new ClaimsPrincipal();
+
+            // Act
+            var allowed = authorizationService.Authorize(user, "Basic");
+
+            // Assert
+            Assert.True(allowed);
+        }
     }
 }
\ No newline at end of file

From 1ae4c24a5fd43108b691272ebc6b0e9878ee49a7 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 25 Jun 2015 19:27:06 -0700
Subject: [PATCH 255/900] PR fixes

---
 .../AuthenticationHandler.cs                           | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index d9933f5f74..745d4d8d67 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -114,8 +114,14 @@ namespace Microsoft.AspNet.Authentication
         /// <returns>async completion</returns>
         internal async Task TeardownAsync()
         {
-            await FinishResponseOnce();
-            UnregisterAuthenticationHandler();
+            try
+            {
+                await FinishResponseOnce();
+            }
+            finally
+            {
+                UnregisterAuthenticationHandler();
+            }
         }
 
         /// <summary>

From 19d026268b80ad7a2299c4366fbc717e6b7bd9eb Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 25 Jun 2015 19:40:34 -0700
Subject: [PATCH 256/900] Move Correlation stuff to OAuthHandler

---
 .../Constants.cs                              |  4 +-
 .../OAuthAuthenticationHandler.cs             | 61 +++++++++++++++++++
 .../AuthenticationHandler.cs                  | 61 -------------------
 3 files changed, 63 insertions(+), 63 deletions(-)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNet.Authentication.OAuth}/Constants.cs (70%)

diff --git a/src/Microsoft.AspNet.Authentication/Constants.cs b/src/Microsoft.AspNet.Authentication.OAuth/Constants.cs
similarity index 70%
rename from src/Microsoft.AspNet.Authentication/Constants.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Constants.cs
index e6b0d7b43e..53114e2443 100644
--- a/src/Microsoft.AspNet.Authentication/Constants.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Constants.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Authentication.OAuth
 {
     internal static class Constants
     {
-        public static string SecurityAuthenticate = "security.Authenticate";
+        internal const string SecurityAuthenticate = "security.Authenticate";
         internal const string CorrelationPrefix = ".AspNet.Correlation.";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index c5a8b0fc7f..86d4954745 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -5,7 +5,10 @@ using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.DataHandler.Encoder;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Features.Authentication;
@@ -20,6 +23,8 @@ namespace Microsoft.AspNet.Authentication.OAuth
         where TOptions : OAuthAuthenticationOptions<TNotifications>
         where TNotifications : IOAuthAuthenticationNotifications
     {
+        private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
+
         public OAuthAuthenticationHandler(HttpClient backchannel)
         {
             Backchannel = backchannel;
@@ -226,5 +231,61 @@ namespace Microsoft.AspNet.Authentication.OAuth
             // OAuth2 3.3 space separated
             return string.Join(" ", Options.Scope);
         }
+
+        protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
+        {
+            var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
+
+            var nonceBytes = new byte[32];
+            CryptoRandom.GetBytes(nonceBytes);
+            var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsHttps
+            };
+
+            properties.Items[correlationKey] = correlationId;
+
+            Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
+        }
+
+        protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
+        {
+            var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
+            var correlationCookie = Request.Cookies[correlationKey];
+            if (string.IsNullOrWhiteSpace(correlationCookie))
+            {
+                Logger.LogWarning("{0} cookie not found.", correlationKey);
+                return false;
+            }
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsHttps
+            };
+            Response.Cookies.Delete(correlationKey, cookieOptions);
+
+            string correlationExtra;
+            if (!properties.Items.TryGetValue(
+                correlationKey,
+                out correlationExtra))
+            {
+                Logger.LogWarning("{0} state property not found.", correlationKey);
+                return false;
+            }
+
+            properties.Items.Remove(correlationKey);
+
+            if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
+            {
+                Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
+                return false;
+            }
+
+            return true;
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 745d4d8d67..8651c4b9a6 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -2,11 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Cryptography;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
@@ -19,8 +16,6 @@ namespace Microsoft.AspNet.Authentication
     /// </summary>
     public abstract class AuthenticationHandler : IAuthenticationHandler
     {
-        private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
-
         private bool _finishCalled;
         private AuthenticationOptions _baseOptions;
 
@@ -279,62 +274,6 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
-        {
-            var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
-
-            var nonceBytes = new byte[32];
-            CryptoRandom.GetBytes(nonceBytes);
-            var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
-
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                Secure = Request.IsHttps
-            };
-
-            properties.Items[correlationKey] = correlationId;
-
-            Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
-        }
-
-        protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
-        {
-            var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
-            var correlationCookie = Request.Cookies[correlationKey];
-            if (string.IsNullOrWhiteSpace(correlationCookie))
-            {
-                Logger.LogWarning("{0} cookie not found.", correlationKey);
-                return false;
-            }
-
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                Secure = Request.IsHttps
-            };
-            Response.Cookies.Delete(correlationKey, cookieOptions);
-
-            string correlationExtra;
-            if (!properties.Items.TryGetValue(
-                correlationKey,
-                out correlationExtra))
-            {
-                Logger.LogWarning("{0} state property not found.", correlationKey);
-                return false;
-            }
-
-            properties.Items.Remove(correlationKey);
-
-            if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
-            {
-                Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
-                return false;
-            }
-
-            return true;
-        }
-
         private void RegisterAuthenticationHandler()
         {
             var auth = Context.GetAuthentication();

From 6ae37717e819b047b10421e997e9704601d9fbd9 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 25 Jun 2015 19:47:11 -0700
Subject: [PATCH 257/900] Delete super dead code

---
 .../AuthenticationTokenCreateContext.cs       | 40 ----------
 .../AuthenticationTokenProvider.cs            | 74 -------------------
 .../AuthenticationTokenReceiveContext.cs      | 29 --------
 .../IAuthenticationTokenProvider.cs           | 16 ----
 4 files changed, 159 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
deleted file mode 100644
index ae0548f763..0000000000
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenCreateContext.cs
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using System;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class AuthenticationTokenCreateContext : BaseContext
-    {
-        private readonly ISecureDataFormat<AuthenticationTicket> _secureDataFormat;
-
-        public AuthenticationTokenCreateContext(
-            [NotNull] HttpContext context,
-            [NotNull] ISecureDataFormat<AuthenticationTicket> secureDataFormat,
-            [NotNull] AuthenticationTicket ticket)
-            : base(context)
-        {
-            _secureDataFormat = secureDataFormat;
-            Ticket = ticket;
-        }
-
-        public string Token { get; protected set; }
-
-        public AuthenticationTicket Ticket { get; protected set; }
-
-        public string SerializeTicket()
-        {
-            return _secureDataFormat.Protect(Ticket);
-        }
-
-        public void SetToken([NotNull] string tokenValue)
-        {
-            Token = tokenValue;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
deleted file mode 100644
index 9483538c6f..0000000000
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenProvider.cs
+++ /dev/null
@@ -1,74 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using System;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class AuthenticationTokenProvider : IAuthenticationTokenProvider
-    {
-        public Action<AuthenticationTokenCreateContext> OnCreate { get; set; }
-        public Func<AuthenticationTokenCreateContext, Task> OnCreateAsync { get; set; }
-        public Action<AuthenticationTokenReceiveContext> OnReceive { get; set; }
-        public Func<AuthenticationTokenReceiveContext, Task> OnReceiveAsync { get; set; }
-
-        public virtual void Create(AuthenticationTokenCreateContext context)
-        {
-            if (OnCreateAsync != null && OnCreate == null)
-            {
-                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
-            }
-            if (OnCreate != null)
-            {
-                OnCreate.Invoke(context);
-            }
-        }
-
-        public virtual async Task CreateAsync(AuthenticationTokenCreateContext context)
-        {
-            if (OnCreateAsync != null && OnCreate == null)
-            {
-                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
-            }
-            if (OnCreateAsync != null)
-            {
-                await OnCreateAsync.Invoke(context);
-            }
-            else
-            {
-                Create(context);
-            }
-        }
-
-        public virtual void Receive(AuthenticationTokenReceiveContext context)
-        {
-            if (OnReceiveAsync != null && OnReceive == null)
-            {
-                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
-            }
-
-            if (OnReceive != null)
-            {
-                OnReceive.Invoke(context);
-            }
-        }
-
-        public virtual async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
-        {
-            if (OnReceiveAsync != null && OnReceive == null)
-            {
-                throw new InvalidOperationException(Resources.Exception_AuthenticationTokenDoesNotProvideSyncMethods);
-            }
-            if (OnReceiveAsync != null)
-            {
-                await OnReceiveAsync.Invoke(context);
-            }
-            else
-            {
-                Receive(context);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
deleted file mode 100644
index ec0c38b209..0000000000
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTokenReceiveContext.cs
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class AuthenticationTokenReceiveContext : BaseContext
-    {
-        public AuthenticationTokenReceiveContext(
-            [NotNull] HttpContext context,
-            [NotNull] string token)
-            : base(context)
-        {
-            Token = token;
-        }
-
-        public string Token { get; protected set; }
-
-        public AuthenticationTicket Ticket { get; protected set; }
-
-        public void SetTicket([NotNull] AuthenticationTicket ticket)
-        {
-            Ticket = ticket;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs b/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
deleted file mode 100644
index 3315fa21f1..0000000000
--- a/src/Microsoft.AspNet.Authentication/IAuthenticationTokenProvider.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public interface IAuthenticationTokenProvider
-    {
-        void Create(AuthenticationTokenCreateContext context);
-        Task CreateAsync(AuthenticationTokenCreateContext context);
-        void Receive(AuthenticationTokenReceiveContext context);
-        Task ReceiveAsync(AuthenticationTokenReceiveContext context);
-    }
-}

From 102f113e2bba7193af949829506051633e640ff8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Mon, 22 Jun 2015 17:32:08 +0200
Subject: [PATCH 258/900] Replace INonceCache by IDistributedCache

---
 .../OpenIdConnectAuthenticationHandler.cs     | 25 +++++++++++++------
 .../OpenIdConnectAuthenticationMiddleware.cs  | 14 +++++++++--
 .../OpenIdConnectAuthenticationOptions.cs     |  9 ++++++-
 .../Resources.Designer.cs                     |  6 ++---
 .../Resources.resx                            |  6 ++---
 .../project.json                              |  1 +
 ...thenticationServiceCollectionExtensions.cs |  1 -
 .../OpenIdConnectHandlerTests.cs              |  5 +++-
 8 files changed, 49 insertions(+), 18 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index b542c2ef81..8b9c4683cd 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -12,6 +12,7 @@ using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
@@ -149,13 +150,18 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.ProtocolValidator.RequireNonce)
             {
                 message.Nonce = Options.ProtocolValidator.GenerateNonce();
-                if (Options.NonceCache != null)
+                if (Options.CacheNonces)
                 {
-                    if (!Options.NonceCache.TryAddNonce(message.Nonce))
+                    if (await Options.NonceCache.GetAsync(message.Nonce) != null)
                     {
-                        Logger.LogError(Resources.OIDCH_0033_TryAddNonceFailed, message.Nonce);
-                        throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0033_TryAddNonceFailed, message.Nonce));
+                        Logger.LogError(Resources.OIDCH_0033_NonceAlreadyExists, message.Nonce);
+                        throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0033_NonceAlreadyExists, message.Nonce));
                     }
+
+                    await Options.NonceCache.SetAsync(message.Nonce, new byte[0], new DistributedCacheEntryOptions
+                    {
+                        AbsoluteExpirationRelativeToNow = Options.ProtocolValidator.NonceLifetime
+                    });
                 }
                 else
                 {
@@ -389,11 +395,16 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     }
 
                     string nonce = jwt.Payload.Nonce;
-                    if (Options.NonceCache != null)
+                    if (Options.CacheNonces)
                     {
-                        // if the nonce cannot be removed, it was used
-                        if (!Options.NonceCache.TryRemoveNonce(nonce))
+                        if (await Options.NonceCache.GetAsync(nonce) != null)
                         {
+                            await Options.NonceCache.RemoveAsync(nonce);
+                        }
+                        else
+                        {
+                            // If the nonce cannot be removed, it was
+                            // already used and MUST be rejected.
                             nonce = null;
                         }
                     }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 9353f385c4..532ca9518e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -13,11 +13,13 @@ using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
+using Microsoft.Framework.Caching.Distributed;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.WebEncoders;
+using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -42,6 +44,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
+            [NotNull] IServiceProvider services,
             [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
             [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null)
@@ -125,6 +128,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, httpClient);
                 }
             }
+
+            if (Options.CacheNonces && Options.NonceCache == null)
+            {
+                // Use the global distributed cache if the user has not provided his own instance.
+                // Note: GetRequiredService will throw an exception if caching services have not been registered.
+                Options.NonceCache = services.GetRequiredService<IDistributedCache>();
+            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 8e78a5b09e..05b33548c6 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -8,6 +8,7 @@ using System.IdentityModel.Tokens;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.Internal;
 using Microsoft.IdentityModel.Protocols;
 
@@ -173,7 +174,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// recommends adding a nonce to a request as a mitigation against replay attacks when requesting id_tokens.
         /// By default the runtime uses cookies with unique names generated from a hash of the nonce.
         /// </summary>
-        public INonceCache NonceCache { get; set; }
+        public IDistributedCache NonceCache { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value indicating whether nonces should be stored in the distributed cache or not.
+        /// The default value, <c>false</c>, is used to store nonces in client cookies.
+        /// </summary>
+        public bool CacheNonces { get; set; }
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectAuthenticationNotifications"/> to notify when processing OpenIdConnect messages.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
index b95de83180..c999f59990 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
@@ -141,11 +141,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. Options.NonceCache.TryAddNonce returned false. This usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
+        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
         /// </summary>
-        internal static string OIDCH_0033_TryAddNonceFailed
+        internal static string OIDCH_0033_NonceAlreadyExists
         {
-            get { return ResourceManager.GetString("OIDCH_0033_TryAddNonceFailed"); }
+            get { return ResourceManager.GetString("OIDCH_0033_NonceAlreadyExists"); }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index 454dae209b..3f2ad60226 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -147,8 +147,8 @@
   <data name="OIDCH_0032_UsingCurrentUriRedirectUri" xml:space="preserve">
     <value>OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.</value>
   </data>
-  <data name="OIDCH_0033_TryAddNonceFailed" xml:space="preserve">
-    <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. Options.NonceCache.TryAddNonce returned false. This usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
+  <data name="OIDCH_0033_NonceAlreadyExists" xml:space="preserve">
+    <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
   </data>
   <data name="OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse" xml:space="preserve">
     <value>OIDCH_0034: redirectToIdentityProviderNotification.HandledResponse</value>
@@ -222,4 +222,4 @@
   <data name="OIDCH_0020_IdTokenReceived" xml:space="preserve">
     <value>OIDCH_0020: 'id_token' received: '{0}'</value>
   </data>
-</root>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 0bf9f2d9e3..0c00d7e424 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -3,6 +3,7 @@
     "description": "ASP.NET 5 middleware that enables an application to support OpenIdConnect authentication workflow.",
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
+        "Microsoft.Framework.Caching.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta5-*"
     },
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index fb62323545..a2b198ca33 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -32,6 +32,5 @@ namespace Microsoft.Framework.DependencyInjection
         {
             return services.Configure<ClaimsTransformationOptions>(o => o.Transformer = new ClaimsTransformer { TransformAsyncDelegate = asyncTransform });
         }
-
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 13357a162a..8896767ee0 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -437,6 +437,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 },
                 services =>
                 {
+                    services.AddAuthentication();
                     services.AddWebEncoders();
                     services.AddDataProtection();
                 }
@@ -456,6 +457,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 },
                 services =>
                 {
+                    services.AddAuthentication();
                     services.AddWebEncoders();
                     services.AddDataProtection();
                 }
@@ -571,11 +573,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IUrlEncoder encoder,
+            IServiceProvider services,
             IOptions<ExternalAuthenticationOptions> externalOptions,
             IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null
             )
-        : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
+        : base(next, dataProtectionProvider, loggerFactory, encoder, services, externalOptions, options, configureOptions)
         {
             Logger = (loggerFactory as CustomLoggerFactory).Logger;
         }

From 78cf7f99ffd0b18f5beac89ef37345e4aef66dc1 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 29 Jun 2015 10:43:43 -0700
Subject: [PATCH 259/900] Fix base path issue with OAuthHandler

---
 .../CookieAuthenticationHandler.cs            |  2 +-
 .../OAuthAuthenticationHandler.cs             | 13 +---
 .../TwitterAuthenticationHandler.cs           |  7 +--
 .../AuthenticationHandler.cs                  | 17 ++++-
 .../Facebook/FacebookMiddlewareTests.cs       | 63 +++++++++++++++++++
 5 files changed, 84 insertions(+), 18 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 66fe679bd1..386daa0de8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -117,7 +117,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 Domain = Options.CookieDomain,
                 HttpOnly = Options.CookieHttpOnly,
-                Path = Options.CookiePath ?? (RequestPathBase.HasValue ? RequestPathBase.ToString() : "/"),
+                Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"),
             };
             if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 86d4954745..1be0ccff8e 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -116,10 +116,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                var requestPrefix = Request.Scheme + "://" + Request.Host;
-                var redirectUri = requestPrefix + RequestPathBase + Options.CallbackPath;
-
-                var tokens = await ExchangeCodeAsync(code, redirectUri);
+                var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
 
                 if (string.IsNullOrWhiteSpace(tokens.AccessToken))
                 {
@@ -172,20 +169,16 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
-            var baseUri = Request.Scheme + "://" + Request.Host + Request.PathBase;
-            var currentUri = baseUri + Request.Path + Request.QueryString;
-            var redirectUri = baseUri + Options.CallbackPath;
-
             var properties = new AuthenticationProperties(context.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                properties.RedirectUri = currentUri;
+                properties.RedirectUri = CurrentUri;
             }
 
             // OAuth2 10.12 CSRF
             GenerateCorrelationId(properties);
 
-            var authorizationEndpoint = BuildChallengeUrl(properties, redirectUri);
+            var authorizationEndpoint = BuildChallengeUrl(properties, BuildRedirectUri(Options.CallbackPath));
 
             var redirectContext = new OAuthApplyRedirectContext(
                 Context, Options,
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 659b8b6aad..b9dc09c99a 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -120,16 +120,13 @@ namespace Microsoft.AspNet.Authentication.Twitter
         }
         protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
-            var requestPrefix = Request.Scheme + "://" + Request.Host;
-            var callBackUrl = requestPrefix + RequestPathBase + Options.CallbackPath;
-
             var properties = new AuthenticationProperties(context.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                properties.RedirectUri = requestPrefix + Request.PathBase + Request.Path + Request.QueryString;
+                properties.RedirectUri = CurrentUri;
             }
 
-            var requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, callBackUrl, properties);
+            var requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, BuildRedirectUri(Options.CallbackPath), properties);
             if (requestToken.CallbackConfirmed)
             {
                 var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 8651c4b9a6..e226516ff1 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -35,7 +35,7 @@ namespace Microsoft.AspNet.Authentication
             get { return Context.Response; }
         }
 
-        protected PathString RequestPathBase { get; private set; }
+        protected PathString OriginalPathBase { get; private set; }
 
         protected ILogger Logger { get; private set; }
 
@@ -48,11 +48,19 @@ namespace Microsoft.AspNet.Authentication
 
         public IAuthenticationHandler PriorHandler { get; set; }
 
+        protected string CurrentUri
+        {
+            get
+            {
+                return Request.Scheme + "://" + Request.Host + Request.PathBase + Request.Path + Request.QueryString;
+            }
+        }
+
         protected async Task BaseInitializeAsync([NotNull] AuthenticationOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger, [NotNull] IUrlEncoder encoder)
         {
             _baseOptions = options;
             Context = context;
-            RequestPathBase = Request.PathBase;
+            OriginalPathBase = Request.PathBase;
             Logger = logger;
             UrlEncoder = encoder;
 
@@ -70,6 +78,11 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
+        protected string BuildRedirectUri(string targetPath)
+        {
+            return Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;
+        }
+
         private static async Task OnStartingCallback(object state)
         {
             var handler = (AuthenticationHandler)state;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 7e01755674..8e4fe65225 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -6,8 +6,10 @@ using System.Net;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.WebEncoders;
 using Shouldly;
 using Xunit;
 
@@ -61,6 +63,67 @@ namespace Microsoft.AspNet.Authentication.Facebook
             query.ShouldContain("custom=test");
         }
 
+        [Fact]
+        public async Task NestedMapWillNotAffectRedirect()
+        {
+            var server = CreateServer(app =>
+                app.Map("/base", map => {
+                    map.UseFacebookAuthentication();
+                    map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+                }),
+                services =>
+                {
+                    services.AddAuthentication();
+                    services.ConfigureFacebookAuthentication(options =>
+                    {
+                        options.AppId = "Test App Id";
+                        options.AppSecret = "Test App Secret";
+                        options.SignInScheme = "External";
+                    });
+                },
+                handler: null);
+            var transaction = await server.SendAsync("http://example.com/base/login");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            location.ShouldContain("https://www.facebook.com/v2.2/dialog/oauth");
+            location.ShouldContain("response_type=code");
+            location.ShouldContain("client_id=");
+            location.ShouldContain("redirect_uri=" + UrlEncoder.Default.UrlEncode("http://example.com/base/signin-facebook"));
+            location.ShouldContain("scope=");
+            location.ShouldContain("state=");
+        }
+
+        [Fact]
+        public async Task MapWillNotAffectRedirect()
+        {
+            var server = CreateServer(
+                app =>
+                {
+                    app.UseFacebookAuthentication();
+                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+                },
+                services =>
+                {
+                    services.AddAuthentication();
+                    services.ConfigureFacebookAuthentication(options =>
+                    {
+                        options.AppId = "Test App Id";
+                        options.AppSecret = "Test App Secret";
+                        options.SignInScheme = "External";
+                    });
+                },
+                handler: null);
+            var transaction = await server.SendAsync("http://example.com/login");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            location.ShouldContain("https://www.facebook.com/v2.2/dialog/oauth");
+            location.ShouldContain("response_type=code");
+            location.ShouldContain("client_id=");
+            location.ShouldContain("redirect_uri="+ UrlEncoder.Default.UrlEncode("http://example.com/signin-facebook"));
+            location.ShouldContain("scope=");
+            location.ShouldContain("state=");
+        }
+
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {

From d7ce42dacc226c74056a6c0883f9b3e2be7828d7 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 30 Jun 2015 12:08:20 -0700
Subject: [PATCH 260/900] Handle null in ticket serializer

---
 .../Serializer/TicketSerializer.cs            | 76 +++++++++++--------
 .../Encoder/TicketSerializerTests.cs          | 57 ++++++++++++++
 2 files changed, 103 insertions(+), 30 deletions(-)
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs

diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
index 71c8b58565..327d333e1f 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 {
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
-        private const int FormatVersion = 2;
+        private const int FormatVersion = 3;
 
         public virtual byte[] Serialize(AuthenticationTicket model)
         {
@@ -41,21 +41,29 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
             writer.Write(FormatVersion);
             writer.Write(model.AuthenticationScheme);
             var principal = model.Principal;
-            writer.Write(principal.Identities.Count());
-            foreach (var identity in principal.Identities)
+            if (principal == null)
             {
-                var authenticationType = string.IsNullOrWhiteSpace(identity.AuthenticationType) ? string.Empty : identity.AuthenticationType;
-                writer.Write(authenticationType);
-                WriteWithDefault(writer, identity.NameClaimType, DefaultValues.NameClaimType);
-                WriteWithDefault(writer, identity.RoleClaimType, DefaultValues.RoleClaimType);
-                writer.Write(identity.Claims.Count());
-                foreach (var claim in identity.Claims)
+                // Use -1 to signal null
+                writer.Write(-1);
+            }
+            else
+            {
+                writer.Write(principal.Identities.Count());
+                foreach (var identity in principal.Identities)
                 {
-                    WriteWithDefault(writer, claim.Type, identity.NameClaimType);
-                    writer.Write(claim.Value);
-                    WriteWithDefault(writer, claim.ValueType, DefaultValues.StringValueType);
-                    WriteWithDefault(writer, claim.Issuer, DefaultValues.LocalAuthority);
-                    WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+                    var authenticationType = string.IsNullOrWhiteSpace(identity.AuthenticationType) ? string.Empty : identity.AuthenticationType;
+                    writer.Write(authenticationType);
+                    WriteWithDefault(writer, identity.NameClaimType, DefaultValues.NameClaimType);
+                    WriteWithDefault(writer, identity.RoleClaimType, DefaultValues.RoleClaimType);
+                    writer.Write(identity.Claims.Count());
+                    foreach (var claim in identity.Claims)
+                    {
+                        WriteWithDefault(writer, claim.Type, identity.NameClaimType);
+                        writer.Write(claim.Value);
+                        WriteWithDefault(writer, claim.ValueType, DefaultValues.StringValueType);
+                        WriteWithDefault(writer, claim.Issuer, DefaultValues.LocalAuthority);
+                        WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+                    }
                 }
             }
             PropertiesSerializer.Write(writer, model.Properties);
@@ -69,27 +77,35 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
             }
             string authenticationScheme = reader.ReadString();
             int identityCount = reader.ReadInt32();
-            var identities = new ClaimsIdentity[identityCount];
-            for (int i = 0; i != identityCount; ++i)
+            ClaimsPrincipal principal = null;
+
+            // Negative values are used to signify null
+            if (identityCount >= 0)
             {
-                string authenticationType = reader.ReadString();
-                string nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
-                string roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
-                int count = reader.ReadInt32();
-                var claims = new Claim[count];
-                for (int index = 0; index != count; ++index)
+                var identities = new ClaimsIdentity[identityCount];
+                for (int i = 0; i != identityCount; ++i)
                 {
-                    string type = ReadWithDefault(reader, nameClaimType);
-                    string value = reader.ReadString();
-                    string valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
-                    string issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
-                    string originalIssuer = ReadWithDefault(reader, issuer);
-                    claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
+                    string authenticationType = reader.ReadString();
+                    string nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
+                    string roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
+                    int count = reader.ReadInt32();
+                    var claims = new Claim[count];
+                    for (int index = 0; index != count; ++index)
+                    {
+                        string type = ReadWithDefault(reader, nameClaimType);
+                        string value = reader.ReadString();
+                        string valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
+                        string issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
+                        string originalIssuer = ReadWithDefault(reader, issuer);
+                        claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
+                    }
+                    identities[i] = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
                 }
-                identities[i] = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
+                principal = new ClaimsPrincipal(identities);
             }
+
             var properties = PropertiesSerializer.Read(reader);
-            return new AuthenticationTicket(new ClaimsPrincipal(identities), properties, authenticationScheme);
+            return new AuthenticationTicket(principal, properties, authenticationScheme);
         }
 
         private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
new file mode 100644
index 0000000000..dbdfbb40d1
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
@@ -0,0 +1,57 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.IO;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNet.Authentication.DataHandler.Serializer;
+using Microsoft.AspNet.Http.Authentication;
+using Shouldly;
+using Xunit;
+
+namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
+{
+    public class TicketSerializerTests
+    {
+        [Fact]
+        public void CanRoundTripNullPrincipal()
+        {
+            var properties = new AuthenticationProperties();
+            properties.RedirectUri = "bye";
+            var ticket = new AuthenticationTicket(properties, "Hello");
+
+            using (var stream = new MemoryStream())
+            using (var writer = new BinaryWriter(stream))
+            using (var reader = new BinaryReader(stream))
+            {
+                TicketSerializer.Write(writer, ticket);
+                stream.Position = 0;
+                var readTicket = TicketSerializer.Read(reader);
+                readTicket.Principal.ShouldBe(null);
+                readTicket.Properties.RedirectUri.ShouldBe("bye");
+                readTicket.AuthenticationScheme.ShouldBe("Hello");
+            }
+        }
+
+        [Fact]
+        public void CanRoundTripEmptyPrincipal()
+        {
+            var properties = new AuthenticationProperties();
+            properties.RedirectUri = "bye";
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
+
+            using (var stream = new MemoryStream())
+            using (var writer = new BinaryWriter(stream))
+            using (var reader = new BinaryReader(stream))
+            {
+                TicketSerializer.Write(writer, ticket);
+                stream.Position = 0;
+                var readTicket = TicketSerializer.Read(reader);
+                readTicket.Principal.Identities.Count().ShouldBe(0);
+                readTicket.Properties.RedirectUri.ShouldBe("bye");
+                readTicket.AuthenticationScheme.ShouldBe("Hello");
+            }
+        }
+
+    }
+}

From b9f152ebb1c37845a89889ab7ae80a1395a40455 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 1 Jul 2015 11:55:06 -0700
Subject: [PATCH 261/900] Cookie fixes

---
 .../CookieAuthenticationHandler.cs            |  64 ++++----
 .../CookieValidateIdentityContext.cs          |   9 +-
 .../OAuthAuthenticationHandler.cs             |   2 +-
 .../OAuthBearerAuthenticationHandler.cs       |   2 +-
 .../OpenIdConnectAuthenticationHandler.cs     |   2 +-
 .../TwitterAuthenticationHandler.cs           |   2 +-
 .../AuthenticationHandler.cs                  |  25 ++-
 .../Serializer/TicketSerializer.cs            |   2 +-
 .../AuthenticationHandlerFacts.cs             |   4 +-
 .../Cookies/CookieMiddlewareTests.cs          | 147 ++++++++++++++++--
 .../Encoder/TicketSerializerTests.cs          |   1 -
 11 files changed, 197 insertions(+), 63 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 386daa0de8..d37a179d43 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -24,17 +24,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
         private const string SessionIdClaim = "Microsoft.AspNet.Authentication.Cookies-SessionId";
 
         private bool _shouldRenew;
-        private DateTimeOffset _renewIssuedUtc;
-        private DateTimeOffset _renewExpiresUtc;
+        private DateTimeOffset? _renewIssuedUtc;
+        private DateTimeOffset? _renewExpiresUtc;
         private string _sessionKey;
 
-        public override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             AuthenticationTicket ticket = null;
             try
             {
                 var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
-                if (string.IsNullOrWhiteSpace(cookie))
+                if (string.IsNullOrEmpty(cookie))
                 {
                     return null;
                 }
@@ -96,6 +96,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 await Options.Notifications.ValidatePrincipal(context);
 
+                if (context.ShouldRenew)
+                {
+                    _shouldRenew = true;
+                }
+
                 return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
             }
             catch (Exception exception)
@@ -130,28 +135,33 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return cookieOptions;
         }
 
-        private async Task ApplyCookie(AuthenticationTicket model)
+        private async Task ApplyCookie(AuthenticationTicket ticket)
         {
-            var cookieOptions = BuildCookieOptions();
-
-            model.Properties.IssuedUtc = _renewIssuedUtc;
-            model.Properties.ExpiresUtc = _renewExpiresUtc;
+            if (_renewIssuedUtc.HasValue)
+            {
+                ticket.Properties.IssuedUtc = _renewIssuedUtc;
+            }
+            if (_renewExpiresUtc.HasValue)
+            {
+                ticket.Properties.ExpiresUtc = _renewExpiresUtc;
+            }
 
             if (Options.SessionStore != null && _sessionKey != null)
             {
-                await Options.SessionStore.RenewAsync(_sessionKey, model);
+                await Options.SessionStore.RenewAsync(_sessionKey, ticket);
                 var principal = new ClaimsPrincipal(
                     new ClaimsIdentity(
                         new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
                         Options.AuthenticationScheme));
-                model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+                ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
             }
 
-            var cookieValue = Options.TicketDataFormat.Protect(model);
+            var cookieValue = Options.TicketDataFormat.Protect(ticket);
 
-            if (model.Properties.IsPersistent)
+            var cookieOptions = BuildCookieOptions();
+            if (ticket.Properties.IsPersistent && _renewExpiresUtc.HasValue)
             {
-                cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
+                cookieOptions.Expires = _renewExpiresUtc.Value.ToUniversalTime().DateTime;
             }
 
             Options.CookieManager.AppendResponseCookie(
@@ -160,17 +170,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 cookieValue,
                 cookieOptions);
 
-            Response.Headers.Set(
-                HeaderNameCacheControl,
-                HeaderValueNoCache);
-
-            Response.Headers.Set(
-                HeaderNamePragma,
-                HeaderValueNoCache);
-
-            Response.Headers.Set(
-                HeaderNameExpires,
-                HeaderValueMinusOne);
+            Response.Headers.Set(HeaderNameCacheControl, HeaderValueNoCache);
+            Response.Headers.Set(HeaderNamePragma, HeaderValueNoCache);
+            Response.Headers.Set(HeaderNameExpires, HeaderValueMinusOne);
         }
 
         protected override async Task FinishResponseAsync()
@@ -181,15 +183,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return;
             }
 
-            var model = await AuthenticateAsync();
+            var ticket = await AuthenticateOnceAsync();
             try
             {
-                await ApplyCookie(model);
+                await ApplyCookie(ticket);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
+                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, ticket);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
@@ -286,7 +288,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 {
                     var query = Request.Query;
                     var redirectUri = query.Get(Options.ReturnUrlParameter);
-                    if (!string.IsNullOrWhiteSpace(redirectUri)
+                    if (!string.IsNullOrEmpty(redirectUri)
                         && IsHostRelative(redirectUri))
                     {
                         var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
@@ -348,7 +350,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 {
                     var query = Request.Query;
                     var redirectUri = query.Get(Options.ReturnUrlParameter);
-                    if (!string.IsNullOrWhiteSpace(redirectUri)
+                    if (!string.IsNullOrEmpty(redirectUri)
                         && IsHostRelative(redirectUri))
                     {
                         var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
@@ -427,7 +429,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri;
             try
             {
-                if (string.IsNullOrWhiteSpace(redirectUri))
+                if (string.IsNullOrEmpty(redirectUri))
                 {
                     redirectUri =
                         Request.PathBase +
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
index ec795c4688..01c9b920f8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -39,14 +39,19 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// </summary>
         public AuthenticationProperties Properties { get; private set; }
 
+        /// <summary>
+        /// If true, the cookie will be renewed
+        /// </summary>
+        public bool ShouldRenew { get; set; }
+
         /// <summary>
         /// Called to replace the claims principal. The supplied principal will replace the value of the 
         /// Principal property, which determines the identity of the authenticated request.
         /// </summary>
         /// <param name="identity">The identity used as the replacement</param>
-        public void ReplacePrincipal(IPrincipal principal)
+        public void ReplacePrincipal(ClaimsPrincipal principal)
         {
-            Principal = new ClaimsPrincipal(principal);
+            Principal = principal;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 1be0ccff8e..5d3a572e09 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -79,7 +79,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return context.IsRequestCompleted;
         }
 
-        public override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             try
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index 6357a35af9..fef3d857df 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
         /// </summary>
         /// <returns></returns>
-        public override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             string token = null;
             try
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 8b9c4683cd..89efa965d6 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -201,7 +201,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
         /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
-        public override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             Logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index b9dc09c99a..201771f0c7 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -44,7 +44,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             return false;
         }
 
-        public override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> AuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             try
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index e226516ff1..29e8825ec5 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -16,6 +16,7 @@ namespace Microsoft.AspNet.Authentication
     /// </summary>
     public abstract class AuthenticationHandler : IAuthenticationHandler
     {
+        private Task<AuthenticationTicket> _authenticateTask;
         private bool _finishCalled;
         private AuthenticationOptions _baseOptions;
 
@@ -68,9 +69,10 @@ namespace Microsoft.AspNet.Authentication
 
             Response.OnStarting(OnStartingCallback, this);
 
-            if (BaseOptions.AutomaticAuthentication)
+            // Automatic authentication is the empty scheme
+            if (ShouldHandleScheme(string.Empty))
             {
-                var ticket = await AuthenticateAsync();
+                var ticket = await AuthenticateOnceAsync();
                 if (ticket?.Principal != null)
                 {
                     SecurityHelper.AddUserPrincipal(Context, ticket.Principal);
@@ -155,14 +157,25 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
+        protected Task<AuthenticationTicket> AuthenticateOnceAsync()
+        {
+            if (_authenticateTask == null)
+            {
+                _authenticateTask = AuthenticateAsync();
+            }
+            return _authenticateTask;
+        }
+
         public async Task AuthenticateAsync(AuthenticateContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
-                var ticket = await AuthenticateAsync();
+                // Calling Authenticate more than once should always return the original value. 
+                var ticket = await AuthenticateOnceAsync();
                 if (ticket?.Principal != null)
                 {
                     context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
+                    _authenticateTask = Task.FromResult(ticket);
                 }
                 else
                 {
@@ -176,11 +189,7 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        /// <summary>
-        /// Calling Authenticate more than once should always return the original value. 
-        /// </summary>
-        /// <returns>The ticket data provided by the authentication logic</returns>
-        public abstract Task<AuthenticationTicket> AuthenticateAsync();
+        protected abstract Task<AuthenticationTicket> AuthenticateAsync();
 
         public bool ShouldHandleScheme(string authenticationScheme)
         {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
index 327d333e1f..360692e0e6 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
@@ -51,7 +51,7 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
                 writer.Write(principal.Identities.Count());
                 foreach (var identity in principal.Identities)
                 {
-                    var authenticationType = string.IsNullOrWhiteSpace(identity.AuthenticationType) ? string.Empty : identity.AuthenticationType;
+                    var authenticationType = string.IsNullOrEmpty(identity.AuthenticationType) ? string.Empty : identity.AuthenticationType;
                     writer.Write(authenticationType);
                     WriteWithDefault(writer, identity.NameClaimType, DefaultValues.NameClaimType);
                     WriteWithDefault(writer, identity.RoleClaimType, DefaultValues.RoleClaimType);
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index e12d4e533c..adb5bccb62 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -61,7 +61,7 @@ namespace Microsoft.AspNet.Authentication
                 Options.AuthenticationScheme = scheme;
             }
 
-            public override Task<AuthenticationTicket> AuthenticateAsync()
+            protected override Task<AuthenticationTicket> AuthenticateAsync()
             {
                 throw new NotImplementedException();
             }
@@ -86,7 +86,7 @@ namespace Microsoft.AspNet.Authentication
                 Options.AutomaticAuthentication = auto;
             }
 
-            public override Task<AuthenticationTicket> AuthenticateAsync()
+            protected override Task<AuthenticationTicket> AuthenticateAsync()
             {
                 throw new NotImplementedException();
             }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 9b8686c92d..5327d8a4a1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -341,6 +341,129 @@ namespace Microsoft.AspNet.Authentication.Cookies
             FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
         }
 
+        [Fact]
+        public async Task ExpiredCookieWithValidatorStillExpired()
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.Notifications = new CookieAuthenticationNotifications
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.ShouldRenew = true;
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.Authentication.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            clock.Add(TimeSpan.FromMinutes(11));
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction2.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe(null);
+        }
+
+        [Fact]
+        public async Task CookieCanBeRenewedByValidator()
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = false;
+                options.Notifications = new CookieAuthenticationNotifications
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.ShouldRenew = true;
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.Authentication.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction2.SetCookie.ShouldNotBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+
+            clock.Add(TimeSpan.FromMinutes(5));
+
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
+            transaction3.SetCookie.ShouldNotBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+
+            clock.Add(TimeSpan.FromMinutes(6));
+
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction4.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+
+            clock.Add(TimeSpan.FromMinutes(5));
+
+            var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
+            transaction5.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe(null);
+        }
+
+        [Fact]
+        public async Task CookieCanBeRenewedByValidatorWithSlidingExpiry()
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.Notifications = new CookieAuthenticationNotifications
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.ShouldRenew = true;
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.Authentication.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction2.SetCookie.ShouldNotBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+
+            clock.Add(TimeSpan.FromMinutes(5));
+
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
+            transaction3.SetCookie.ShouldNotBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+
+            clock.Add(TimeSpan.FromMinutes(6));
+
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
+            transaction4.SetCookie.ShouldNotBe(null);
+            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("Alice");
+
+            clock.Add(TimeSpan.FromMinutes(11));
+
+            var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
+            transaction5.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe(null);
+        }
+
         [Fact]
         public async Task CookieExpirationCanBeOverridenInEvent()
         {
@@ -362,19 +485,18 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction2.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
 
             clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction3.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
 
             clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-
-            transaction2.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
-            transaction3.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
             transaction4.SetCookie.ShouldBe(null);
             FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
         }
@@ -393,26 +515,25 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction2.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
 
             clock.Add(TimeSpan.FromMinutes(4));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction3.SetCookie.ShouldBe(null);
+            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
 
             clock.Add(TimeSpan.FromMinutes(4));
 
             // transaction4 should arrive with a new SetCookie value
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction4.SetCookie.ShouldNotBe(null);
+            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("Alice");
 
             clock.Add(TimeSpan.FromMinutes(4));
 
             Transaction transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
-
-            transaction2.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
-            transaction3.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
-            transaction4.SetCookie.ShouldNotBe(null);
-            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("Alice");
             transaction5.SetCookie.ShouldBe(null);
             FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("Alice");
         }
@@ -427,10 +548,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             });
 
             var transaction = await SendAsync(server, "http://example.com/protected", ajaxRequest: true);
-
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
             var responded = transaction.Response.Headers.GetValues("X-Responded-JSON");
-
             responded.Count().ShouldBe(1);
             responded.Single().ShouldContain("\"location\"");
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
index dbdfbb40d1..bf3dbaec5e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
@@ -52,6 +52,5 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
                 readTicket.AuthenticationScheme.ShouldBe("Hello");
             }
         }
-
     }
 }

From 5e92de8009901aa73ccdbd1d9ebe4fc89dbc7add Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 1 Jul 2015 12:36:37 -0700
Subject: [PATCH 262/900] Tweak SecurityHelper for MVC usage

---
 .../AuthenticationHandler.cs                           |  2 +-
 src/Microsoft.AspNet.Authentication/SecurityHelper.cs  |  7 +++----
 .../SecurityHelperTests.cs                             | 10 +++++-----
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 29e8825ec5..7dff2c0944 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Authentication
                 var ticket = await AuthenticateOnceAsync();
                 if (ticket?.Principal != null)
                 {
-                    SecurityHelper.AddUserPrincipal(Context, ticket.Principal);
+                    Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
                 }
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
index 5f5c765b39..312775af19 100644
--- a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
+++ b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
@@ -19,19 +19,18 @@ namespace Microsoft.AspNet.Authentication
         /// any empty unauthenticated identities from context.User
         /// </summary>
         /// <param name="identity"></param>
-        public static void AddUserPrincipal([NotNull] HttpContext context, [NotNull] ClaimsPrincipal principal)
+        public static ClaimsPrincipal MergeUserPrincipal([NotNull] ClaimsPrincipal existingPrincipal, [NotNull] ClaimsPrincipal additionalPrincipal)
         {
             var newPrincipal = new ClaimsPrincipal();
             // New principal identities go first
-            newPrincipal.AddIdentities(principal.Identities);
+            newPrincipal.AddIdentities(additionalPrincipal.Identities);
 
             // Then add any existing non empty or authenticated identities
-            var existingPrincipal = context.User;
             if (existingPrincipal != null)
             {
                 newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Count() > 0));
             }
-            context.User = newPrincipal;
+            return newPrincipal;
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
index a02283ab76..94794e1c84 100644
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
@@ -19,7 +19,7 @@ namespace Microsoft.AspNet.Authentication
             context.User.ShouldNotBe(null);
             context.User.Identity.IsAuthenticated.ShouldBe(false);
 
-            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), new string[0]));
+            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), new string[0]));
 
             context.User.ShouldNotBe(null);
             context.User.Identity.AuthenticationType.ShouldBe("Alpha");
@@ -40,12 +40,12 @@ namespace Microsoft.AspNet.Authentication
             context.User.Identity.AuthenticationType.ShouldBe("Alpha");
             context.User.Identity.Name.ShouldBe("Test1");
 
-            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test2", "Beta"), new string[0]));
+            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test2", "Beta"), new string[0]));
 
             context.User.Identity.AuthenticationType.ShouldBe("Beta");
             context.User.Identity.Name.ShouldBe("Test2");
 
-            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
+            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
 
             context.User.Identity.AuthenticationType.ShouldBe("Gamma");
             context.User.Identity.Name.ShouldBe("Test3");
@@ -77,7 +77,7 @@ namespace Microsoft.AspNet.Authentication
             newPrincipal.AddIdentity(newEmptyIdentity);
             newPrincipal.AddIdentity(identityTwo);
 
-            SecurityHelper.AddUserPrincipal(context, newPrincipal);
+            context.User = SecurityHelper.MergeUserPrincipal(context.User, newPrincipal);
 
             // Preserve newPrincipal order
             context.User.Identity.IsAuthenticated.ShouldBe(false);
@@ -91,7 +91,7 @@ namespace Microsoft.AspNet.Authentication
             principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
 
             // This merge should drop newEmptyIdentity since its empty
-            SecurityHelper.AddUserPrincipal(context, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
+            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
 
             context.User.Identity.AuthenticationType.ShouldBe("Gamma");
             context.User.Identity.Name.ShouldBe("Test3");

From 6e67b1c9b1354a565afe55a52ddb99bffdd99b0d Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 1 Jul 2015 14:38:29 -0700
Subject: [PATCH 263/900] Delete dead file

---
 .../INonceCache.cs                                   | 12 ------------
 1 file changed, 12 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
deleted file mode 100644
index 8dc39aa9d8..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/INonceCache.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    public interface INonceCache
-    {
-        bool TryAddNonce(string nonce);
-
-        bool TryRemoveNonce(string nonce);
-    }
-}

From 9bb8b6114697f14a42e747acd1d1a41e6eed5af1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Thu, 14 May 2015 16:03:21 +0200
Subject: [PATCH 264/900] Revisit OAuthAuthenticationHandler and add a new
 SaveTokensAsClaims option

---
 samples/CookieSample/Startup.cs               |  6 +-
 samples/CookieSessionSample/Startup.cs        |  8 +-
 samples/OpenIdConnectSample/Startup.cs        |  5 +-
 samples/SocialSample/Startup.cs               | 73 ++++++++-------
 .../FacebookAuthenticationHandler.cs          | 82 +++++++++--------
 .../FacebookAuthenticationHelper.cs           | 40 ++++++++
 .../FacebookAuthenticationMiddleware.cs       |  7 +-
 .../FacebookAuthenticationOptions.cs          |  4 +-
 .../FacebookAuthenticatedContext.cs           | 62 -------------
 .../FacebookAuthenticationNotifications.cs    | 38 --------
 .../IFacebookAuthenticationNotifications.cs   | 21 -----
 .../GoogleAuthenticationHandler.cs            | 92 ++++++++++---------
 ...ntext.cs => GoogleAuthenticationHelper.cs} | 48 ++--------
 .../GoogleAuthenticationMiddleware.cs         |  7 +-
 .../GoogleAuthenticationOptions.cs            |  3 +-
 .../GoogleAuthenticationNotifications.cs      | 38 --------
 .../IGoogleAuthenticationNotifications.cs     | 21 -----
 .../MicrosoftAccountAuthenticationHandler.cs  | 55 ++++++-----
 .../MicrosoftAccountAuthenticationHelper.cs   | 41 +++++++++
 ...icrosoftAccountAuthenticationMiddleware.cs |  6 +-
 .../MicrosoftAccountAuthenticationOptions.cs  |  3 +-
 ...osoftAccountAuthenticationNotifications.cs | 21 -----
 .../MicrosoftAccountAuthenticatedContext.cs   | 81 ----------------
 ...osoftAccountAuthenticationNotifications.cs | 38 --------
 .../IOAuthAuthenticationNotifications.cs      | 10 +-
 .../OAuthAuthenticatedContext.cs              | 89 +++++++++++++-----
 .../OAuthAuthenticationNotifications.cs       | 39 +++-----
 .../OAuthGetUserInformationContext.cs         | 75 ---------------
 .../OAuthAuthenticationDefaults.cs            | 39 --------
 .../OAuthAuthenticationExtensions.cs          | 10 +-
 .../OAuthAuthenticationHandler.cs             | 58 +++++++++---
 .../OAuthAuthenticationMiddleware.cs          | 16 +---
 .../OAuthAuthenticationOptions.cs             | 31 ++++---
 .../OAuthAuthenticationOptions`1.cs           | 16 ----
 ...TokenResponse.cs => OAuthTokenResponse.cs} |  4 +-
 .../TwitterAuthenticationHandler.cs           | 55 +++++++----
 .../TwitterAuthenticationOptions.cs           | 11 ++-
 .../Facebook/FacebookMiddlewareTests.cs       |  3 +-
 .../Google/GoogleMiddlewareTests.cs           | 15 +--
 .../MicrosoftAccountMiddlewareTests.cs        |  5 +-
 40 files changed, 494 insertions(+), 782 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHelper.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
 rename src/Microsoft.AspNet.Authentication.Google/{Notifications/GoogleAuthenticatedContext.cs => GoogleAuthenticationHelper.cs} (54%)
 delete mode 100644 src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHelper.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
 rename src/Microsoft.AspNet.Authentication.OAuth/{TokenResponse.cs => OAuthTokenResponse.cs} (90%)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 04694b7cfd..6fd616bd7f 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,3 +1,4 @@
+using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Builder;
@@ -25,10 +26,11 @@ namespace CookieSample
 
             app.Run(async context =>
             {
-                if (string.IsNullOrEmpty(context.User.Identity.Name))
+                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                 {
-                    var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }));
+                    var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }, CookieAuthenticationDefaults.AuthenticationScheme));
                     await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
+
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 5858c2c39f..1bfc635cc9 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
@@ -27,7 +28,7 @@ namespace CookieSessionSample
 
             app.Run(async context =>
             {
-                if (string.IsNullOrEmpty(context.User.Identity.Name))
+                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     // Make a large identity
                     var claims = new List<Claim>(1001);
@@ -36,7 +37,10 @@ namespace CookieSessionSample
                     {
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                     }
-                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(claims)));
+
+                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme)));
+
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index b07d87da50..3023a55aaa 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,4 +1,5 @@
-using Microsoft.AspNet.Builder;
+using System.Linq;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication;
@@ -38,7 +39,7 @@ namespace OpenIdConnectSample
 
             app.Run(async context =>
             {
-                if (string.IsNullOrEmpty(context.User.Identity.Name))
+                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
 
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 62d9c83803..bce45cb7a9 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,3 +1,4 @@
+using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
@@ -110,6 +111,7 @@ namespace CookieSample
                 options.Caption = "MicrosoftAccount - Requires project changes";
                 options.ClientId = "00000000480FF62E";
                 options.ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr";
+                options.Scope.Add("wl.emails");
             });
 
             // https://github.com/settings/applications/
@@ -131,48 +133,53 @@ namespace CookieSample
                 options.TokenEndpoint = "https://github.com/login/oauth/access_token";
                 options.UserInformationEndpoint = "https://api.github.com/user";
                 options.ClaimsIssuer = "OAuth2-Github";
+                options.SaveTokensAsClaims = false;
                 // Retrieving user information is unique to each provider.
-                options.Notifications = new OAuthAuthenticationNotifications()
+                options.Notifications = new OAuthAuthenticationNotifications
                 {
-                    OnGetUserInformationAsync = async (context) =>
+                    OnAuthenticated = async notification =>
                     {
                         // Get the GitHub user
-                        var userRequest = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
-                        userRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
-                        userRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
-                        var userResponse = await context.Backchannel.SendAsync(userRequest, context.HttpContext.RequestAborted);
-                        userResponse.EnsureSuccessStatusCode();
-                        var text = await userResponse.Content.ReadAsStringAsync();
-                        var user = JObject.Parse(text);
+                        var request = new HttpRequestMessage(HttpMethod.Get, notification.Options.UserInformationEndpoint);
+                        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", notification.AccessToken);
+                        request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
 
-                        var identity = new ClaimsIdentity(
-                            context.Options.AuthenticationScheme,
-                            ClaimsIdentity.DefaultNameClaimType,
-                            ClaimsIdentity.DefaultRoleClaimType);
+                        var response = await notification.Backchannel.SendAsync(request, notification.HttpContext.RequestAborted);
+                        response.EnsureSuccessStatusCode();
 
-                        JToken value;
-                        var id = user.TryGetValue("id", out value) ? value.ToString() : null;
-                        if (!string.IsNullOrEmpty(id))
+                        var user = JObject.Parse(await response.Content.ReadAsStringAsync());
+                        
+                        var identifier = user.Value<string>("id");
+                        if (!string.IsNullOrEmpty(identifier))
                         {
-                            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, id, ClaimValueTypes.String, context.Options.ClaimsIssuer));
+                            notification.Identity.AddClaim(new Claim(
+                                ClaimTypes.NameIdentifier, identifier,
+                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
                         }
-                        var userName = user.TryGetValue("login", out value) ? value.ToString() : null;
+
+                        var userName = user.Value<string>("login");
                         if (!string.IsNullOrEmpty(userName))
                         {
-                            identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, context.Options.ClaimsIssuer));
-                        }
-                        var name = user.TryGetValue("name", out value) ? value.ToString() : null;
-                        if (!string.IsNullOrEmpty(name))
-                        {
-                            identity.AddClaim(new Claim("urn:github:name", name, ClaimValueTypes.String, context.Options.ClaimsIssuer));
-                        }
-                        var link = user.TryGetValue("url", out value) ? value.ToString() : null;
-                        if (!string.IsNullOrEmpty(link))
-                        {
-                            identity.AddClaim(new Claim("urn:github:url", link, ClaimValueTypes.String, context.Options.ClaimsIssuer));
+                            notification.Identity.AddClaim(new Claim(
+                                ClaimsIdentity.DefaultNameClaimType, userName,
+                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
                         }
 
-                        context.Principal = new ClaimsPrincipal(identity);
+                        var name = user.Value<string>("name");
+                        if (!string.IsNullOrEmpty(name))
+                        {
+                            notification.Identity.AddClaim(new Claim(
+                                "urn:github:name", name,
+                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
+                        }
+
+                        var link = user.Value<string>("url");
+                        if (!string.IsNullOrEmpty(link))
+                        {
+                            notification.Identity.AddClaim(new Claim(
+                                "urn:github:url", link,
+                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
+                        }
                     },
                 };
             });
@@ -207,8 +214,8 @@ namespace CookieSample
             {
                 signoutApp.Run(async context =>
                 {
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     context.Response.ContentType = "text/html";
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
                     await context.Response.WriteAsync("<a href=\"/\">Home</a>");
@@ -219,7 +226,7 @@ namespace CookieSample
             // Deny anonymous request beyond this point.
             app.Use(async (context, next) =>
             {
-                if (string.IsNullOrEmpty(context.User.Identity.Name))
+                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     // The cookie middleware will intercept this 401 and redirect to /login
                     await context.Authentication.ChallengeAsync();
@@ -233,7 +240,7 @@ namespace CookieSample
             {
                 context.Response.ContentType = "text/html";
                 await context.Response.WriteAsync("<html><body>");
-                await context.Response.WriteAsync("Hello " + context.User.Identity.Name + "<br>");
+                await context.Response.WriteAsync("Hello " + (context.User.Identity.Name ?? "anonymous") + "<br>");
                 foreach (var claim in context.User.Claims)
                 {
                     await context.Response.WriteAsync(claim.Type + ": " + claim.Value + "<br>");
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index 291956409e..cc9c1fdcf7 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -17,14 +17,14 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
-    internal class FacebookAuthenticationHandler : OAuthAuthenticationHandler<FacebookAuthenticationOptions, IFacebookAuthenticationNotifications>
+    internal class FacebookAuthenticationHandler : OAuthAuthenticationHandler<FacebookAuthenticationOptions>
     {
         public FacebookAuthenticationHandler(HttpClient httpClient)
             : base(httpClient)
         {
         }
 
-        protected override async Task<TokenResponse> ExchangeCodeAsync(string code, string redirectUri)
+        protected override async Task<OAuthTokenResponse> ExchangeCodeAsync(string code, string redirectUri)
         {
             var queryBuilder = new QueryBuilder()
             {
@@ -35,70 +35,78 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 { "client_secret", Options.AppSecret },
             };
 
-            var tokenResponse = await Backchannel.GetAsync(Options.TokenEndpoint + queryBuilder.ToString(), Context.RequestAborted);
-            tokenResponse.EnsureSuccessStatusCode();
-            var oauthTokenResponse = await tokenResponse.Content.ReadAsStringAsync();
+            var response = await Backchannel.GetAsync(Options.TokenEndpoint + queryBuilder.ToString(), Context.RequestAborted);
+            response.EnsureSuccessStatusCode();
 
-            var form = new FormCollection(FormReader.ReadForm(oauthTokenResponse));
-            var response = new JObject();
+            var form = new FormCollection(FormReader.ReadForm(await response.Content.ReadAsStringAsync()));
+            var payload = new JObject();
             foreach (string key in form.Keys)
             {
-                response.Add(string.Equals(key, "expires", StringComparison.OrdinalIgnoreCase) ? "expires_in" : key, form[key]);
+                payload.Add(string.Equals(key, "expires", StringComparison.OrdinalIgnoreCase) ? "expires_in" : key, form[key]);
             }
+
             // The refresh token is not available.
-            return new TokenResponse(response);
+            return new OAuthTokenResponse(payload);
         }
 
-        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var graphAddress = Options.UserInformationEndpoint + "?access_token=" + UrlEncoder.UrlEncode(tokens.AccessToken);
+            var endpoint = Options.UserInformationEndpoint + "?access_token=" + UrlEncoder.UrlEncode(tokens.AccessToken);
             if (Options.SendAppSecretProof)
             {
-                graphAddress += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken);
+                endpoint += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken);
             }
 
-            var graphResponse = await Backchannel.GetAsync(graphAddress, Context.RequestAborted);
-            graphResponse.EnsureSuccessStatusCode();
-            var text = await graphResponse.Content.ReadAsStringAsync();
-            var user = JObject.Parse(text);
+            var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
+            response.EnsureSuccessStatusCode();
 
-            var context = new FacebookAuthenticatedContext(Context, Options, user, tokens);
-            var identity = new ClaimsIdentity(
-                Options.ClaimsIssuer,
-                ClaimsIdentity.DefaultNameClaimType,
-                ClaimsIdentity.DefaultRoleClaimType);
-            if (!string.IsNullOrEmpty(context.Id))
+            var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
+            
+            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
             {
-                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.ClaimsIssuer));
+                Properties = properties,
+                Principal = new ClaimsPrincipal(identity)
+            };
+
+            var identifier = FacebookAuthenticationHelper.GetId(payload);
+            if (!string.IsNullOrEmpty(identifier))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
-            if (!string.IsNullOrEmpty(context.UserName))
+
+            var userName = FacebookAuthenticationHelper.GetUserName(payload);
+            if (!string.IsNullOrEmpty(userName))
             {
-                identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
-            if (!string.IsNullOrEmpty(context.Email))
+
+            var email = FacebookAuthenticationHelper.GetEmail(payload);
+            if (!string.IsNullOrEmpty(email))
             {
-                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
-            if (!string.IsNullOrEmpty(context.Name))
+
+            var name = FacebookAuthenticationHelper.GetName(payload);
+            if (!string.IsNullOrEmpty(name))
             {
-                identity.AddClaim(new Claim("urn:facebook:name", context.Name, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("urn:facebook:name", name, ClaimValueTypes.String, Options.ClaimsIssuer));
 
                 // Many Facebook accounts do not set the UserName field.  Fall back to the Name field instead.
-                if (string.IsNullOrEmpty(context.UserName))
+                if (string.IsNullOrEmpty(userName))
                 {
-                    identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, ClaimValueTypes.String, Options.ClaimsIssuer));
+                    identity.AddClaim(new Claim(identity.NameClaimType, name, ClaimValueTypes.String, Options.ClaimsIssuer));
                 }
             }
-            if (!string.IsNullOrEmpty(context.Link))
+
+            var link = FacebookAuthenticationHelper.GetLink(payload);
+            if (!string.IsNullOrEmpty(link))
             {
-                identity.AddClaim(new Claim("urn:facebook:link", context.Link, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
-            context.Properties = properties;
-            context.Principal = new ClaimsPrincipal(identity);
 
-            await Options.Notifications.Authenticated(context);
+            await Options.Notifications.Authenticated(notification);
 
-            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
+            return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme);
         }
 
         private string GenerateAppSecretProof(string accessToken)
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHelper.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHelper.cs
new file mode 100644
index 0000000000..3f9f98114f
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHelper.cs
@@ -0,0 +1,40 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Framework.Internal;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Authentication.Facebook
+{
+    /// <summary>
+    /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
+    /// instance retrieved from Facebook after a successful authentication process.
+    /// </summary>
+    public static class FacebookAuthenticationHelper
+    {
+        /// <summary>
+        /// Gets the Facebook user ID.
+        /// </summary>
+        public static string GetId([NotNull] JObject user) => user.Value<string>("id");
+
+        /// <summary>
+        /// Gets the user's name.
+        /// </summary>
+        public static string GetName([NotNull] JObject user) => user.Value<string>("name");
+
+        /// <summary>
+        /// Gets the user's link.
+        /// </summary>
+        public static string GetLink([NotNull] JObject user) => user.Value<string>("link");
+
+        /// <summary>
+        /// Gets the Facebook username.
+        /// </summary>
+        public static string GetUserName([NotNull] JObject user) => user.Value<string>("username");
+
+        /// <summary>
+        /// Gets the Facebook email.
+        /// </summary>
+        public static string GetEmail([NotNull] JObject user) => user.Value<string>("email");
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index 4eab19ddb8..1184f4479e 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
     /// <summary>
     /// An ASP.NET middleware for authenticating users using Facebook.
     /// </summary>
-    public class FacebookAuthenticationMiddleware : OAuthAuthenticationMiddleware<FacebookAuthenticationOptions, IFacebookAuthenticationNotifications>
+    public class FacebookAuthenticationMiddleware : OAuthAuthenticationMiddleware<FacebookAuthenticationOptions>
     {
         /// <summary>
         /// Initializes a new <see cref="FacebookAuthenticationMiddleware"/>.
@@ -43,11 +43,6 @@ namespace Microsoft.AspNet.Authentication.Facebook
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppSecret)));
             }
-
-            if (Options.Notifications == null)
-            {
-                Options.Notifications = new FacebookAuthenticationNotifications();
-            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
index c7ba48aab4..4a5e1ce91d 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.OAuth;
 
@@ -9,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
     /// <summary>
     /// Configuration options for <see cref="FacebookAuthenticationMiddleware"/>.
     /// </summary>
-    public class FacebookAuthenticationOptions : OAuthAuthenticationOptions<IFacebookAuthenticationNotifications>
+    public class FacebookAuthenticationOptions : OAuthAuthenticationOptions
     {
         /// <summary>
         /// Initializes a new <see cref="FacebookAuthenticationOptions"/>.
@@ -23,6 +24,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             AuthorizationEndpoint = FacebookAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = FacebookAuthenticationDefaults.TokenEndpoint;
             UserInformationEndpoint = FacebookAuthenticationDefaults.UserInformationEndpoint;
+            SaveTokensAsClaims = false;
         }
 
         // Facebook uses a non-standard term for this field.
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
deleted file mode 100644
index 321b78f8b5..0000000000
--- a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticatedContext.cs
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.OAuth;
-using Newtonsoft.Json.Linq;
-
-namespace Microsoft.AspNet.Authentication.Facebook
-{
-    /// <summary>
-    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
-    /// </summary>
-    public class FacebookAuthenticatedContext : OAuthAuthenticatedContext
-    {
-        /// <summary>
-        /// Initializes a new <see cref="FacebookAuthenticatedContext"/>.
-        /// </summary>
-        /// <param name="context">The HTTP environment.</param>
-        /// <param name="user">The JSON-serialized user.</param>
-        /// <param name="tokens">The Facebook Access token.</param>
-        public FacebookAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, JObject user, TokenResponse tokens)
-            : base(context, options, user, tokens)
-        {
-            Id = TryGetValue(user, "id");
-            Name = TryGetValue(user, "name");
-            Link = TryGetValue(user, "link");
-            UserName = TryGetValue(user, "username");
-            Email = TryGetValue(user, "email");
-        }
-
-        /// <summary>
-        /// Gets the Facebook user ID.
-        /// </summary>
-        public string Id { get; private set; }
-
-        /// <summary>
-        /// Gets the user's name.
-        /// </summary>
-        public string Name { get; private set; }
-
-        /// <summary>
-        /// Gets the user's link.
-        /// </summary>
-        public string Link { get; private set; }
-
-        /// <summary>
-        /// Gets the Facebook username.
-        /// </summary>
-        public string UserName { get; private set; }
-
-        /// <summary>
-        /// Gets the Facebook email.
-        /// </summary>
-        public string Email { get; private set; }
-
-        private static string TryGetValue(JObject user, string propertyName)
-        {
-            JToken value;
-            return user.TryGetValue(propertyName, out value) ? value.ToString() : null;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
deleted file mode 100644
index acee5b54e6..0000000000
--- a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/FacebookAuthenticationNotifications.cs
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-
-namespace Microsoft.AspNet.Authentication.Facebook
-{
-    /// <summary>
-    /// The default <see cref="IFacebookAuthenticationNotifications"/> implementation.
-    /// </summary>
-    public class FacebookAuthenticationNotifications : OAuthAuthenticationNotifications, IFacebookAuthenticationNotifications
-    {
-        /// <summary>
-        /// Initializes a new <see cref="FacebookAuthenticationNotifications"/>.
-        /// </summary>
-        public FacebookAuthenticationNotifications()
-        {
-            OnAuthenticated = context => Task.FromResult<object>(null);
-        }
-
-        /// <summary>
-        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
-        /// </summary>
-        public Func<FacebookAuthenticatedContext, Task> OnAuthenticated { get; set; }
-
-        /// <summary>
-        /// Invoked whenever Facebook succesfully authenticates a user.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task Authenticated(FacebookAuthenticatedContext context)
-        {
-            return OnAuthenticated(context);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
deleted file mode 100644
index aff7de6eeb..0000000000
--- a/src/Microsoft.AspNet.Authentication.Facebook/Notifications/IFacebookAuthenticationNotifications.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-
-namespace Microsoft.AspNet.Authentication.Facebook
-{
-    /// <summary>
-    /// Specifies callback methods which the <see cref="FacebookAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process.
-    /// </summary>
-    public interface IFacebookAuthenticationNotifications : IOAuthAuthenticationNotifications
-    {
-        /// <summary>
-        /// Invoked when Facebook succesfully authenticates a user.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task Authenticated(FacebookAuthenticatedContext context);
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
index 621e77d830..986338fd1c 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
@@ -14,65 +14,69 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
-    internal class GoogleAuthenticationHandler : OAuthAuthenticationHandler<GoogleAuthenticationOptions, IGoogleAuthenticationNotifications>
+    internal class GoogleAuthenticationHandler : OAuthAuthenticationHandler<GoogleAuthenticationOptions>
     {
         public GoogleAuthenticationHandler(HttpClient httpClient)
             : base(httpClient)
         {
         }
 
-        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
             // Get the Google user
             var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
-            var graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
-            graphResponse.EnsureSuccessStatusCode();
-            var text = await graphResponse.Content.ReadAsStringAsync();
-            var user = JObject.Parse(text);
 
-            var context = new GoogleAuthenticatedContext(Context, Options, user, tokens);
-            var identity = new ClaimsIdentity(
-                Options.ClaimsIssuer,
-                ClaimsIdentity.DefaultNameClaimType,
-                ClaimsIdentity.DefaultRoleClaimType);
+            var response = await Backchannel.SendAsync(request, Context.RequestAborted);
+            response.EnsureSuccessStatusCode();
 
-            if (!string.IsNullOrEmpty(context.Id))
+            var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
+            
+            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
             {
-                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id,
-                    ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-            if (!string.IsNullOrEmpty(context.GivenName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName,
-                    ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-            if (!string.IsNullOrEmpty(context.FamilyName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName,
-                    ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-            if (!string.IsNullOrEmpty(context.Name))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String,
-                    Options.ClaimsIssuer));
-            }
-            if (!string.IsNullOrEmpty(context.Email))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String,
-                    Options.ClaimsIssuer));
-            }
-            if (!string.IsNullOrEmpty(context.Profile))
-            {
-                identity.AddClaim(new Claim("urn:google:profile", context.Profile, ClaimValueTypes.String,
-                    Options.ClaimsIssuer));
-            }
-            context.Properties = properties;
-            context.Principal = new ClaimsPrincipal(identity);
+                Properties = properties,
+                Principal = new ClaimsPrincipal(identity)
+            };
 
-            await Options.Notifications.Authenticated(context);
+            var identifier = GoogleAuthenticationHelper.GetId(payload);
+            if (!string.IsNullOrEmpty(identifier))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
 
-            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
+            var givenName = GoogleAuthenticationHelper.GetGivenName(payload);
+            if (!string.IsNullOrEmpty(givenName))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var familyName = GoogleAuthenticationHelper.GetFamilyName(payload);
+            if (!string.IsNullOrEmpty(familyName))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var name = GoogleAuthenticationHelper.GetName(payload);
+            if (!string.IsNullOrEmpty(name))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var email = GoogleAuthenticationHelper.GetEmail(payload);
+            if (!string.IsNullOrEmpty(email))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var profile = GoogleAuthenticationHelper.GetProfile(payload);
+            if (!string.IsNullOrEmpty(profile))
+            {
+                identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            await Options.Notifications.Authenticated(notification);
+
+            return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme);
         }
 
         // TODO: Abstract this properties override pattern into the base class?
diff --git a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHelper.cs
similarity index 54%
rename from src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHelper.cs
index 915b804361..611bfffa7b 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHelper.cs
@@ -1,74 +1,46 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Globalization;
-using System.Net.Http;
-using System.Security.Claims;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.Framework.Internal;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
     /// <summary>
-    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
+    /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
+    /// instance retrieved from Google after a successful authentication process.
     /// </summary>
-    public class GoogleAuthenticatedContext : OAuthAuthenticatedContext
+    public static class GoogleAuthenticationHelper
     {
-        /// <summary>
-        /// Initializes a new <see cref="GoogleAuthenticatedContext"/>.
-        /// </summary>
-        /// <param name="context">The HTTP environment.</param>
-        /// <param name="user">The JSON-serialized Google user info.</param>
-        /// <param name="tokens">Google OAuth 2.0 access token, refresh token, etc.</param>
-        public GoogleAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, JObject user, TokenResponse tokens)
-            : base(context, options, user, tokens)
-        {
-            Id = TryGetValue(user, "id");
-            Name = TryGetValue(user, "displayName");
-            GivenName = TryGetValue(user, "name", "givenName");
-            FamilyName = TryGetValue(user, "name", "familyName");
-            Profile = TryGetValue(user, "url");
-            Email = TryGetFirstValue(user, "emails", "value");
-        }
-
         /// <summary>
         /// Gets the Google user ID.
         /// </summary>
-        public string Id { get; private set; }
+        public static string GetId([NotNull] JObject user) => user.Value<string>("id");
 
         /// <summary>
         /// Gets the user's name.
         /// </summary>
-        public string Name { get; private set; }
+        public static string GetName([NotNull] JObject user) => user.Value<string>("displayName");
 
         /// <summary>
         /// Gets the user's given name.
         /// </summary>
-        public string GivenName { get; set; }
+        public static string GetGivenName([NotNull] JObject user) => TryGetValue(user, "name", "givenName");
 
         /// <summary>
         /// Gets the user's family name.
         /// </summary>
-        public string FamilyName { get; set; }
+        public static string GetFamilyName([NotNull] JObject user) => TryGetValue(user, "name", "familyName");
 
         /// <summary>
         /// Gets the user's profile link.
         /// </summary>
-        public string Profile { get; private set; }
+        public static string GetProfile([NotNull] JObject user) => user.Value<string>("url");
 
         /// <summary>
         /// Gets the user's email.
         /// </summary>
-        public string Email { get; private set; }
-
-        private static string TryGetValue(JObject user, string propertyName)
-        {
-            JToken value;
-            return user.TryGetValue(propertyName, out value) ? value.ToString() : null;
-        }
+        public static string GetEmail([NotNull] JObject user) => TryGetFirstValue(user, "emails", "value");
 
         // Get the given subProperty from a property.
         private static string TryGetValue(JObject user, string propertyName, string subProperty)
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index db7a3c9881..3f07bc0e9e 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Authentication.Google
     /// An ASP.NET middleware for authenticating users using Google OAuth 2.0.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
-    public class GoogleAuthenticationMiddleware : OAuthAuthenticationMiddleware<GoogleAuthenticationOptions, IGoogleAuthenticationNotifications>
+    public class GoogleAuthenticationMiddleware : OAuthAuthenticationMiddleware<GoogleAuthenticationOptions>
     {
         /// <summary>
         /// Initializes a new <see cref="GoogleAuthenticationMiddleware"/>.
@@ -35,11 +35,6 @@ namespace Microsoft.AspNet.Authentication.Google
             ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
         {
-            if (Options.Notifications == null)
-            {
-                Options.Notifications = new GoogleAuthenticationNotifications();
-            }
-
             if (Options.Scope.Count == 0)
             {
                 // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
index e65b800eda..f0c5d0f220 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Google
     /// <summary>
     /// Configuration options for <see cref="GoogleAuthenticationMiddleware"/>.
     /// </summary>
-    public class GoogleAuthenticationOptions : OAuthAuthenticationOptions<IGoogleAuthenticationNotifications>
+    public class GoogleAuthenticationOptions : OAuthAuthenticationOptions
     {
         /// <summary>
         /// Initializes a new <see cref="GoogleAuthenticationOptions"/>.
@@ -22,6 +22,7 @@ namespace Microsoft.AspNet.Authentication.Google
             AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint;
             UserInformationEndpoint = GoogleAuthenticationDefaults.UserInformationEndpoint;
+            SaveTokensAsClaims = false;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
deleted file mode 100644
index 51269aeffa..0000000000
--- a/src/Microsoft.AspNet.Authentication.Google/Notifications/GoogleAuthenticationNotifications.cs
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-
-namespace Microsoft.AspNet.Authentication.Google
-{
-    /// <summary>
-    /// The default <see cref="IGoogleAuthenticationNotifications"/> implementation.
-    /// </summary>
-    public class GoogleAuthenticationNotifications : OAuthAuthenticationNotifications, IGoogleAuthenticationNotifications
-    {
-        /// <summary>
-        /// Initializes a new <see cref="GoogleAuthenticationNotifications"/>.
-        /// </summary>
-        public GoogleAuthenticationNotifications()
-        {
-            OnAuthenticated = context => Task.FromResult<object>(null);
-        }
-
-        /// <summary>
-        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
-        /// </summary>
-        public Func<GoogleAuthenticatedContext, Task> OnAuthenticated { get; set; }
-
-        /// <summary>
-        /// Invoked whenever Google succesfully authenticates a user.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task Authenticated(GoogleAuthenticatedContext context)
-        {
-            return OnAuthenticated(context);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
deleted file mode 100644
index 30ce697787..0000000000
--- a/src/Microsoft.AspNet.Authentication.Google/Notifications/IGoogleAuthenticationNotifications.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-
-namespace Microsoft.AspNet.Authentication.Google
-{
-    /// <summary>
-    /// Specifies callback methods which the <see cref="GoogleAuthenticationMiddleware" /> invokes to enable developer control over the authentication process.
-    /// </summary>
-    public interface IGoogleAuthenticationNotifications : IOAuthAuthenticationNotifications
-    {
-        /// <summary>
-        /// Invoked whenever Google succesfully authenticates a user.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task Authenticated(GoogleAuthenticatedContext context);
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index 31484f9985..0fac563eb8 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -11,45 +11,52 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
-    internal class MicrosoftAccountAuthenticationHandler : OAuthAuthenticationHandler<MicrosoftAccountAuthenticationOptions, IMicrosoftAccountAuthenticationNotifications>
+    internal class MicrosoftAccountAuthenticationHandler : OAuthAuthenticationHandler<MicrosoftAccountAuthenticationOptions>
     {
         public MicrosoftAccountAuthenticationHandler(HttpClient httpClient)
             : base(httpClient)
         {
         }
 
-        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
-            var graphResponse = await Backchannel.SendAsync(request, Context.RequestAborted);
-            graphResponse.EnsureSuccessStatusCode();
-            var accountString = await graphResponse.Content.ReadAsStringAsync();
-            var accountInformation = JObject.Parse(accountString);
 
-            var context = new MicrosoftAccountAuthenticatedContext(Context, Options, accountInformation, tokens);
-            context.Properties = properties;
-            var identity = new ClaimsIdentity(
-                new[]
-                    {
-                        new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.ClaimsIssuer),
-                        new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String, Options.ClaimsIssuer),
-                        new Claim("urn:microsoftaccount:id", context.Id, ClaimValueTypes.String, Options.ClaimsIssuer),
-                        new Claim("urn:microsoftaccount:name", context.Name, ClaimValueTypes.String, Options.ClaimsIssuer)
-                    },
-                Options.ClaimsIssuer,
-                ClaimsIdentity.DefaultNameClaimType,
-                ClaimsIdentity.DefaultRoleClaimType);
+            var response = await Backchannel.SendAsync(request, Context.RequestAborted);
+            response.EnsureSuccessStatusCode();
 
-            if (!string.IsNullOrWhiteSpace(context.Email))
+            var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
+            
+            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
             {
-                identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, ClaimValueTypes.String, Options.ClaimsIssuer));
+                Properties = properties,
+                Principal = new ClaimsPrincipal(identity)
+            };
+
+            var identifier = MicrosoftAccountAuthenticationHelper.GetId(payload);
+            if (!string.IsNullOrEmpty(identifier))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("urn:microsoftaccount:id", identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
-            context.Principal = new ClaimsPrincipal(identity);
 
-            await Options.Notifications.Authenticated(context);
+            var name = MicrosoftAccountAuthenticationHelper.GetName(payload);
+            if (!string.IsNullOrEmpty(name))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("urn:microsoftaccount:name", name, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
 
-            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
+            var email = MicrosoftAccountAuthenticationHelper.GetEmail(payload);
+            if (!string.IsNullOrWhiteSpace(email))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            await Options.Notifications.Authenticated(notification);
+
+            return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHelper.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHelper.cs
new file mode 100644
index 0000000000..e2629cdf38
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHelper.cs
@@ -0,0 +1,41 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Framework.Internal;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+{
+    /// <summary>
+    /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
+    /// instance retrieved from Google after a successful authentication process.
+    /// </summary>
+    public static class MicrosoftAccountAuthenticationHelper
+    {
+        /// <summary>
+        /// Gets the Microsoft Account user ID.
+        /// </summary>
+        public static string GetId([NotNull] JObject user) => user.Value<string>("id");
+
+        /// <summary>
+        /// Gets the user's name.
+        /// </summary>
+        public static string GetName([NotNull] JObject user) => user.Value<string>("name");
+
+        /// <summary>
+        /// Gets the user's first name.
+        /// </summary>
+        public static string GetFirstName([NotNull] JObject user) => user.Value<string>("first_name");
+
+        /// <summary>
+        /// Gets the user's last name.
+        /// </summary>
+        public static string GetLastName([NotNull] JObject user) => user.Value<string>("last_name");
+
+        /// <summary>
+        /// Gets the user's email address.
+        /// </summary>
+        public static string GetEmail([NotNull] JObject user) => user.Value<JObject>("emails")
+                                                                    ?.Value<string>("preferred");
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index 3626646294..e4f5751703 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -14,7 +14,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
     /// <summary>
     /// An ASP.NET middleware for authenticating users using the Microsoft Account service.
     /// </summary>
-    public class MicrosoftAccountAuthenticationMiddleware : OAuthAuthenticationMiddleware<MicrosoftAccountAuthenticationOptions, IMicrosoftAccountAuthenticationNotifications>
+    public class MicrosoftAccountAuthenticationMiddleware : OAuthAuthenticationMiddleware<MicrosoftAccountAuthenticationOptions>
     {
         /// <summary>
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
@@ -33,10 +33,6 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
         {
-            if (Options.Notifications == null)
-            {
-                Options.Notifications = new MicrosoftAccountAuthenticationNotifications();
-            }
             if (Options.Scope.Count == 0)
             {
                 // LiveID requires a scope string, so if the user didn't set one we go for the least possible.
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
index 0212b6e7db..04d2bfa331 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
     /// <summary>
     /// Configuration options for <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
     /// </summary>
-    public class MicrosoftAccountAuthenticationOptions : OAuthAuthenticationOptions<IMicrosoftAccountAuthenticationNotifications>
+    public class MicrosoftAccountAuthenticationOptions : OAuthAuthenticationOptions
     {
         /// <summary>
         /// Initializes a new <see cref="MicrosoftAccountAuthenticationOptions"/>.
@@ -22,6 +22,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint;
             UserInformationEndpoint = MicrosoftAccountAuthenticationDefaults.UserInformationEndpoint;
+            SaveTokensAsClaims = false;
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
deleted file mode 100644
index d9647e4cdf..0000000000
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/IMicrosoftAccountAuthenticationNotifications.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
-{
-    /// <summary>
-    /// Specifies callback methods which the <see cref="MicrosoftAccountAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
-    /// </summary>
-    public interface IMicrosoftAccountAuthenticationNotifications : IOAuthAuthenticationNotifications
-    {
-        /// <summary>
-        /// Invoked whenever Microsoft succesfully authenticates a user.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task Authenticated(MicrosoftAccountAuthenticatedContext context);
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
deleted file mode 100644
index c5bfa3f9bb..0000000000
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticatedContext.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
-using Newtonsoft.Json.Linq;
-
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
-{
-    /// <summary>
-    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
-    /// </summary>
-    public class MicrosoftAccountAuthenticatedContext : OAuthAuthenticatedContext
-    {
-        /// <summary>
-        /// Initializes a new <see cref="MicrosoftAccountAuthenticatedContext"/>.
-        /// </summary>
-        /// <param name="context">The HTTP environment.</param>
-        /// <param name="user">The JSON-serialized user.</param>
-        /// <param name="tokens">The access token provided by the Microsoft authentication service.</param>
-        public MicrosoftAccountAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, [NotNull] JObject user, TokenResponse tokens)
-            : base(context, options, user, tokens)
-        {
-            IDictionary<string, JToken> userAsDictionary = user;
-
-            JToken userId = User["id"];
-            if (userId == null)
-            {
-                throw new ArgumentException(Resources.Exception_MissingId, nameof(user));
-            }
-
-            Id = userId.ToString();
-            Name = PropertyValueIfExists("name", userAsDictionary);
-            FirstName = PropertyValueIfExists("first_name", userAsDictionary);
-            LastName = PropertyValueIfExists("last_name", userAsDictionary);
-
-            if (userAsDictionary.ContainsKey("emails"))
-            {
-                JToken emailsNode = user["emails"];
-                foreach (var childAsProperty in emailsNode.OfType<JProperty>().Where(childAsProperty => childAsProperty.Name == "preferred"))
-                {
-                    Email = childAsProperty.Value.ToString();
-                }
-            }
-        }
-
-        /// <summary>
-        /// Gets the Microsoft Account user ID.
-        /// </summary>
-        public string Id { get; private set; }
-
-        /// <summary>
-        /// Gets the user's name.
-        /// </summary>
-        public string Name { get; private set; }
-
-        /// <summary>
-        /// Gets the user's first name.
-        /// </summary>
-        public string FirstName { get; private set; }
-
-        /// <summary>
-        /// Gets the user's last name.
-        /// </summary>
-        public string LastName { get; private set; }
-
-        /// <summary>
-        /// Gets the user's email address.
-        /// </summary>
-        public string Email { get; private set; }
-
-        private static string PropertyValueIfExists(string property, IDictionary<string, JToken> dictionary)
-        {
-            return dictionary.ContainsKey(property) ? dictionary[property].ToString() : null;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
deleted file mode 100644
index 16491a4ed2..0000000000
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Notifications/MicrosoftAccountAuthenticationNotifications.cs
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
-{
-    /// <summary>
-    /// Default <see cref="IMicrosoftAccountAuthenticationNotifications"/> implementation.
-    /// </summary>
-    public class MicrosoftAccountAuthenticationNotifications : OAuthAuthenticationNotifications, IMicrosoftAccountAuthenticationNotifications
-    {
-        /// <summary>
-        /// Initializes a new <see cref="MicrosoftAccountAuthenticationNotifications"/>
-        /// </summary>
-        public MicrosoftAccountAuthenticationNotifications()
-        {
-            OnAuthenticated = context => Task.FromResult(0);
-        }
-
-        /// <summary>
-        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
-        /// </summary>
-        public Func<MicrosoftAccountAuthenticatedContext, Task> OnAuthenticated { get; set; }
-
-        /// <summary>
-        /// Invoked whenever Microsoft succesfully authenticates a user
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task Authenticated(MicrosoftAccountAuthenticatedContext context)
-        {
-            return OnAuthenticated(context);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
index 6d386d089a..522f1cb162 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
@@ -1,7 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
@@ -12,21 +14,21 @@ namespace Microsoft.AspNet.Authentication.OAuth
     {
         /// <summary>
         /// Invoked after the provider successfully authenticates a user. This can be used to retrieve user information.
-        /// This notification may not be invoked by sub-classes of OAuthAuthenticationHandler if they override GetUserInformationAsync.
+        /// This notification may not be invoked by sub-classes of OAuthAuthenticationHandler if they override CreateTicketAsync.
         /// </summary>
         /// <param name="context">Contains information about the login session.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task GetUserInformationAsync(OAuthGetUserInformationContext context);
+        Task Authenticated(OAuthAuthenticatedContext context);
 
         /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// Invoked prior to the <see cref="ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
         /// </summary>
         /// <param name="context"></param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         Task ReturnEndpoint(OAuthReturnEndpointContext context);
 
         /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Microsoft middleware.
+        /// Called when a Challenge causes a redirect to the authorize endpoint.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
         void ApplyRedirect(OAuthApplyRedirectContext context);
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
index d034117476..e59f04d07b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
@@ -3,10 +3,12 @@
 
 using System;
 using System.Globalization;
+using System.Net.Http;
 using System.Security.Claims;
+using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
+using Microsoft.Framework.Internal;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
@@ -20,54 +22,97 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Initializes a new <see cref="OAuthAuthenticatedContext"/>.
         /// </summary>
         /// <param name="context">The HTTP environment.</param>
-        /// <param name="user">The JSON-serialized user.</param>
+        /// <param name="options">The options used by the authentication middleware.</param>
+        /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
-        public OAuthAuthenticatedContext(HttpContext context, OAuthAuthenticationOptions options, JObject user,
-            TokenResponse tokens)
-            : base(context, options)
+        public OAuthAuthenticatedContext(
+            [NotNull] HttpContext context,
+            [NotNull] OAuthAuthenticationOptions options,
+            [NotNull] HttpClient backchannel,
+            [NotNull] OAuthTokenResponse tokens)
+            : this(context, options, backchannel, tokens, user: new JObject())
         {
-            User = user;
-            AccessToken = tokens.AccessToken;
-            TokenType = tokens.TokenType;
-            RefreshToken = tokens.RefreshToken;
-
-            int expiresInValue;
-            if (Int32.TryParse(tokens.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresInValue))
-            {
-                ExpiresIn = TimeSpan.FromSeconds(expiresInValue);
-            }
         }
 
         /// <summary>
-        /// Gets the JSON-serialized user.
+        /// Initializes a new <see cref="OAuthAuthenticatedContext"/>.
         /// </summary>
-        public JObject User { get; protected set; }
+        /// <param name="context">The HTTP environment.</param>
+        /// <param name="options">The options used by the authentication middleware.</param>
+        /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
+        /// <param name="tokens">The tokens returned from the token endpoint.</param>
+        /// <param name="user">The JSON-serialized user.</param>
+        public OAuthAuthenticatedContext(
+            [NotNull] HttpContext context,
+            [NotNull] OAuthAuthenticationOptions options,
+            [NotNull] HttpClient backchannel,
+            [NotNull] OAuthTokenResponse tokens,
+            [NotNull] JObject user)
+            : base(context, options)
+        {
+            TokenResponse = tokens;
+            Backchannel = backchannel;
+        }
+
+        /// <summary>
+        /// Gets the JSON-serialized user or an empty
+        /// <see cref="JObject"/> if it is not available.
+        /// </summary>
+        public JObject User { get; }
+
+        /// <summary>
+        /// Gets the token response returned by the authentication service.
+        /// </summary>
+        public OAuthTokenResponse TokenResponse { get; }
 
         /// <summary>
         /// Gets the access token provided by the authentication service.
         /// </summary>
-        public string AccessToken { get; protected set; }
+        public string AccessToken => TokenResponse.AccessToken;
 
         /// <summary>
         /// Gets the access token type provided by the authentication service.
         /// </summary>
-        public string TokenType { get; protected set; }
+        public string TokenType => TokenResponse.TokenType;
 
         /// <summary>
         /// Gets the refresh token provided by the authentication service.
         /// </summary>
-        public string RefreshToken { get; protected set; }
+        public string RefreshToken => TokenResponse.RefreshToken;
 
         /// <summary>
         /// Gets the access token expiration time.
         /// </summary>
-        public TimeSpan? ExpiresIn { get; protected set; }
+        public TimeSpan? ExpiresIn
+        {
+            get
+            {
+                int value;
+                if (int.TryParse(TokenResponse.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out value))
+                {
+                    return TimeSpan.FromSeconds(value);
+                }
+
+                return null;
+            }
+        }
+        
+        /// <summary>
+        /// Gets the backchannel used to communicate with the provider.
+        /// </summary>
+        public HttpClient Backchannel { get; }
 
         /// <summary>
-        /// Gets the <see cref="ClaimsIdentity"/> representing the user.
+        /// Gets the <see cref="ClaimsPrincipal"/> representing the user.
         /// </summary>
         public ClaimsPrincipal Principal { get; set; }
 
+        /// <summary>
+        /// Gets the main identity exposed by <see cref="Principal"/>.
+        /// This property returns <c>null</c> when <see cref="Principal"/> is <c>null</c>.
+        /// </summary>
+        public ClaimsIdentity Identity => Principal?.Identity as ClaimsIdentity;
+
         /// <summary>
         /// Gets or sets a property bag for common authentication properties.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
index aa6d7a8112..9716b14015 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
@@ -2,7 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
@@ -11,58 +13,39 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// </summary>
     public class OAuthAuthenticationNotifications : IOAuthAuthenticationNotifications
     {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthAuthenticationNotifications"/>
-        /// </summary>
-        public OAuthAuthenticationNotifications()
-        {
-            OnGetUserInformationAsync = OAuthAuthenticationDefaults.DefaultOnGetUserInformationAsync;
-            OnReturnEndpoint = context => Task.FromResult(0);
-            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
-        }
-
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
         /// </summary>
-        public Func<OAuthGetUserInformationContext, Task> OnGetUserInformationAsync { get; set; }
+        public Func<OAuthAuthenticatedContext, Task> OnAuthenticated { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
         /// </summary>
-        public Func<OAuthReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
+        public Func<OAuthReturnEndpointContext, Task> OnReturnEndpoint { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
         /// </summary>
-        public Action<OAuthApplyRedirectContext> OnApplyRedirect { get; set; }
+        public Action<OAuthApplyRedirectContext> OnApplyRedirect { get; set; } = context => context.Response.Redirect(context.RedirectUri);
 
         /// <summary>
         /// Invoked after the provider successfully authenticates a user.
         /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task GetUserInformationAsync(OAuthGetUserInformationContext context)
-        {
-            return OnGetUserInformationAsync(context);
-        }
+        public virtual Task Authenticated(OAuthAuthenticatedContext context) => OnAuthenticated(context);
 
         /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
+        /// Invoked prior to the <see cref="ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
         /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/></param>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="ClaimsIdentity"/></param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task ReturnEndpoint(OAuthReturnEndpointContext context)
-        {
-            return OnReturnEndpoint(context);
-        }
+        public virtual Task ReturnEndpoint(OAuthReturnEndpointContext context) => OnReturnEndpoint(context);
 
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        public virtual void ApplyRedirect(OAuthApplyRedirectContext context)
-        {
-            OnApplyRedirect(context);
-        }
+        public virtual void ApplyRedirect(OAuthApplyRedirectContext context) => OnApplyRedirect(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
deleted file mode 100644
index 74d02cd58c..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthGetUserInformationContext.cs
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Net.Http;
-using System.Security.Claims;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    /// <summary>
-    /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
-    /// </summary>
-    public class OAuthGetUserInformationContext : BaseContext<OAuthAuthenticationOptions>
-    {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthGetUserInformationContext"/>.
-        /// </summary>
-        /// <param name="context">The HTTP environment.</param>
-        /// <param name="user">The JSON-serialized user.</param>
-        /// <param name="tokens">The tokens returned from the token endpoint.</param>
-        public OAuthGetUserInformationContext(HttpContext context, OAuthAuthenticationOptions options, HttpClient backchannel, TokenResponse tokens)
-            : base(context, options)
-        {
-            AccessToken = tokens.AccessToken;
-            TokenType = tokens.TokenType;
-            RefreshToken = tokens.RefreshToken;
-            Backchannel = backchannel;
-
-            int expiresInValue;
-            if (Int32.TryParse(tokens.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresInValue))
-            {
-                ExpiresIn = TimeSpan.FromSeconds(expiresInValue);
-            }
-        }
-
-        /// <summary>
-        /// Gets the access token provided by the authentication service.
-        /// </summary>
-        public string AccessToken { get; protected set; }
-
-        /// <summary>
-        /// Gets the access token type provided by the authentication service.
-        /// </summary>
-        public string TokenType { get; protected set; }
-
-        /// <summary>
-        /// Gets the refresh token provided by the authentication service.
-        /// </summary>
-        public string RefreshToken { get; protected set; }
-
-        /// <summary>
-        /// Gets the access token expiration time.
-        /// </summary>
-        public TimeSpan? ExpiresIn { get; protected set; }
-
-        /// <summary>
-        /// Gets the backchannel used to communicate with the provider.
-        /// </summary>
-        public HttpClient Backchannel { get; protected set; }
-
-        /// <summary>
-        /// Gets the <see cref="ClaimsPrincipal"/> representing the user.
-        /// </summary>
-        public ClaimsPrincipal Principal { get; set; }
-
-        /// <summary>
-        /// Gets or sets a property bag for common authentication properties.
-        /// </summary>
-        public AuthenticationProperties Properties { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
deleted file mode 100644
index a9b93d43a5..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationDefaults.cs
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Security.Claims;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    public static class OAuthAuthenticationDefaults
-    {
-        public static readonly Func<OAuthGetUserInformationContext, Task> DefaultOnGetUserInformationAsync = context =>
-        {
-            // If the developer doesn't specify a user-info callback, just give them the tokens.
-            var identity = new ClaimsIdentity(
-                    context.Options.AuthenticationScheme,
-                    ClaimsIdentity.DefaultNameClaimType,
-                    ClaimsIdentity.DefaultRoleClaimType);
-
-            identity.AddClaim(new Claim("access_token", context.AccessToken, ClaimValueTypes.String, context.Options.AuthenticationScheme));
-            if (!string.IsNullOrEmpty(context.RefreshToken))
-            {
-                identity.AddClaim(new Claim("refresh_token", context.RefreshToken, ClaimValueTypes.String, context.Options.AuthenticationScheme));
-            }
-            if (!string.IsNullOrEmpty(context.TokenType))
-            {
-                identity.AddClaim(new Claim("token_type", context.TokenType, ClaimValueTypes.String, context.Options.AuthenticationScheme));
-            }
-            if (context.ExpiresIn.HasValue)
-            {
-                identity.AddClaim(new Claim("expires_in", context.ExpiresIn.Value.TotalSeconds.ToString(CultureInfo.InvariantCulture),
-                    ClaimValueTypes.String, context.Options.AuthenticationScheme));
-            }
-            context.Principal = new ClaimsPrincipal(identity);
-            return Task.FromResult(0);
-        };
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
index 3c6b3db9ae..fec82a735e 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
@@ -19,10 +19,10 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string authenticationScheme, Action<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>> configureOptions = null)
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string authenticationScheme, Action<OAuthAuthenticationOptions> configureOptions = null)
         {
-            return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>, IOAuthAuthenticationNotifications>>(
-                new ConfigureOptions<OAuthAuthenticationOptions<IOAuthAuthenticationNotifications>>(options =>
+            return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions>>(
+                new ConfigureOptions<OAuthAuthenticationOptions>(options =>
                 {
                     options.AuthenticationScheme = authenticationScheme;
                     options.Caption = authenticationScheme;
@@ -30,10 +30,6 @@ namespace Microsoft.AspNet.Builder
                     {
                         configureOptions(options);
                     }
-                    if (options.Notifications == null)
-                    {
-                        options.Notifications = new OAuthAuthenticationNotifications();
-                    }
                 }) 
                 {
                     Name = authenticationScheme,
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 5d3a572e09..64dd51bc4c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Cryptography;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
@@ -19,9 +20,7 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
-    public class OAuthAuthenticationHandler<TOptions, TNotifications> : AuthenticationHandler<TOptions>
-        where TOptions : OAuthAuthenticationOptions<TNotifications>
-        where TNotifications : IOAuthAuthenticationNotifications
+    public class OAuthAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : OAuthAuthenticationOptions
     {
         private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
@@ -124,7 +123,33 @@ namespace Microsoft.AspNet.Authentication.OAuth
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                return await GetUserInformationAsync(properties, tokens);
+                var identity = new ClaimsIdentity(Options.ClaimsIssuer);
+
+                if (Options.SaveTokensAsClaims)
+                {
+                    identity.AddClaim(new Claim("access_token", tokens.AccessToken,
+                                                ClaimValueTypes.String, Options.ClaimsIssuer));
+
+                    if (!string.IsNullOrEmpty(tokens.RefreshToken))
+                    {
+                        identity.AddClaim(new Claim("refresh_token", tokens.RefreshToken,
+                                                    ClaimValueTypes.String, Options.ClaimsIssuer));
+                    }
+
+                    if (!string.IsNullOrEmpty(tokens.TokenType))
+                    {
+                        identity.AddClaim(new Claim("token_type", tokens.TokenType,
+                                                    ClaimValueTypes.String, Options.ClaimsIssuer));
+                    }
+
+                    if (!string.IsNullOrEmpty(tokens.ExpiresIn))
+                    {
+                        identity.AddClaim(new Claim("expires_in", tokens.ExpiresIn,
+                                                    ClaimValueTypes.String, Options.ClaimsIssuer));
+                    }
+                }
+                
+                return await CreateTicketAsync(identity, properties, tokens);
             }
             catch (Exception ex)
             {
@@ -133,7 +158,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             }
         }
 
-        protected virtual async Task<TokenResponse> ExchangeCodeAsync(string code, string redirectUri)
+        protected virtual async Task<OAuthTokenResponse> ExchangeCodeAsync(string code, string redirectUri)
         {
             var tokenRequestParameters = new Dictionary<string, string>()
             {
@@ -151,20 +176,27 @@ namespace Microsoft.AspNet.Authentication.OAuth
             requestMessage.Content = requestContent;
             var response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
             response.EnsureSuccessStatusCode();
-            var oauthTokenResponse = await response.Content.ReadAsStringAsync();
+            var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var oauth2Token = JObject.Parse(oauthTokenResponse);
-            return new TokenResponse(oauth2Token);
+            return new OAuthTokenResponse(payload);
         }
 
-        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, TokenResponse tokens)
+        protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var context = new OAuthGetUserInformationContext(Context, Options, Backchannel, tokens)
+            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens)
             {
-                Properties = properties,
+                Principal = new ClaimsPrincipal(identity),
+                Properties = properties
             };
-            await Options.Notifications.GetUserInformationAsync(context);
-            return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
+            
+            await Options.Notifications.Authenticated(notification);
+
+            if (notification.Principal?.Identity == null)
+            {
+                return null;
+            }
+
+            return new AuthenticationTicket(notification.Principal, notification.Properties, Options.AuthenticationScheme);
         }
 
         protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 67041821c3..c1c884810d 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -19,9 +19,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// An ASP.NET middleware for authenticating users using OAuth services.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
-    public class OAuthAuthenticationMiddleware<TOptions, TNotifications> : AuthenticationMiddleware<TOptions>
-        where TOptions : OAuthAuthenticationOptions<TNotifications>, new()
-        where TNotifications : IOAuthAuthenticationNotifications
+    public class OAuthAuthenticationMiddleware<TOptions> : AuthenticationMiddleware<TOptions> where TOptions : OAuthAuthenticationOptions, new()
     {
         /// <summary>
         /// Initializes a new <see cref="OAuthAuthenticationMiddleware"/>.
@@ -58,12 +56,12 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             if (string.IsNullOrWhiteSpace(Options.AuthorizationEndpoint))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "AuthorizationEndpoint"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthorizationEndpoint)));
             }
 
             if (string.IsNullOrWhiteSpace(Options.TokenEndpoint))
             {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "TokenEndpoint"));
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint)));
             }
 
             if (Options.StateDataFormat == null)
@@ -82,10 +80,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
             {
                 Options.SignInScheme = externalOptions.Options.SignInScheme;
             }
-            if (string.IsNullOrEmpty(Options.SignInScheme))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInScheme"));
-            }
         }
 
         protected HttpClient Backchannel { get; private set; }
@@ -96,11 +90,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OAuthAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<TOptions> CreateHandler()
         {
-            return new OAuthAuthenticationHandler<TOptions, TNotifications>(Backchannel);
+            return new OAuthAuthenticationHandler<TOptions>(Backchannel);
         }
 
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(OAuthAuthenticationOptions<TNotifications> options)
+        private static HttpMessageHandler ResolveHttpMessageHandler(OAuthAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
 #if DNX451
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 62296c4a96..6244de1ef4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -4,8 +4,10 @@
 using System;
 using System.Collections.Generic;
 using System.Net.Http;
+using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
@@ -14,15 +16,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// </summary>
     public class OAuthAuthenticationOptions : AuthenticationOptions
     {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthAuthenticationOptions"/>.
-        /// </summary>
-        public OAuthAuthenticationOptions()
-        {
-            Scope = new List<string>();
-            BackchannelTimeout = TimeSpan.FromSeconds(60);
-        }
-
         /// <summary>
         /// Gets or sets the provider-assigned client id.
         /// </summary>
@@ -46,7 +39,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Gets or sets the URI the middleware will access to obtain the user information.
         /// This value is not used in the default implementation, it is for use in custom implementations of
-        /// IOAuthAuthenticationNotifications.GetUserInformationAsync or OAuthAuthenticationHandler.GetUserInformationAsync.
+        /// IOAuthAuthenticationNotifications.Authenticated or OAuthAuthenticationHandler.CreateTicketAsync.
         /// </summary>
         public string UserInformationEndpoint { get; set; }
 
@@ -62,6 +55,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// validating the subject name and if the signing chain is a trusted party.</remarks>
         public ICertificateValidator BackchannelCertificateValidator { get; set; }
 #endif
+
         /// <summary>
         /// Get or sets the text that the user can display on a sign in user interface.
         /// </summary>
@@ -77,7 +71,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <value>
         /// The back channel timeout.
         /// </value>
-        public TimeSpan BackchannelTimeout { get; set; }
+        public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60);
 
         /// <summary>
         /// The HttpMessageHandler used to communicate with the auth provider.
@@ -86,10 +80,15 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         public HttpMessageHandler BackchannelHttpHandler { get; set; }
 
+        /// <summary>
+        /// Gets or sets the <see cref="IOAuthAuthenticationNotifications"/> used to handle authentication events.
+        /// </summary>
+        public IOAuthAuthenticationNotifications Notifications { get; [param: NotNull] set; } = new OAuthAuthenticationNotifications();
+
         /// <summary>
         /// A list of permissions to request.
         /// </summary>
-        public IList<string> Scope { get; private set; }
+        public IList<string> Scope { get; } = new List<string>();
 
         /// <summary>
         /// The request path within the application's base path where the user-agent will be returned.
@@ -109,5 +108,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
         public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+
+        /// <summary>
+        /// Defines whether access and refresh tokens should be stored in the
+        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
+        /// You can set this property to <c>false</c> to reduce the size of the final
+        /// authentication cookie. Note that social providers set this property to <c>false</c> by default.
+        /// </summary>
+        public bool SaveTokensAsClaims { get; set; } = true;
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
deleted file mode 100644
index aa989dfe5c..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions`1.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    /// <summary>
-    /// Configuration options for <see cref="OAuthAuthenticationMiddleware"/>.
-    /// </summary>
-    public class OAuthAuthenticationOptions<TNotifications> : OAuthAuthenticationOptions where TNotifications : IOAuthAuthenticationNotifications
-    {
-        /// <summary>
-        /// Gets or sets the <see cref="IOAuthAuthenticationNotifications"/> used to handle authentication events.
-        /// </summary>
-        public TNotifications Notifications { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs
index 5bcb80ad8c..f796669553 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/TokenResponse.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs
@@ -5,9 +5,9 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
-    public class TokenResponse
+    public class OAuthTokenResponse
     {
-        public TokenResponse(JObject response)
+        public OAuthTokenResponse(JObject response)
         {
             Response = response;
             AccessToken = response.Value<string>("access_token");
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 201771f0c7..51229df9f8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -82,24 +82,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                var accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
-
-                var context = new TwitterAuthenticatedContext(Context, accessToken.UserId, accessToken.ScreenName, accessToken.Token, accessToken.TokenSecret);
-
-                context.Principal = new ClaimsPrincipal(
-                    new ClaimsIdentity(
-                        new[]
-                        {
-                            new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer),
-                            new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer),
-                            new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer),
-                            new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.ClaimsIssuer)
-                        },
-                        Options.ClaimsIssuer,
-                        ClaimsIdentity.DefaultNameClaimType,
-                        ClaimsIdentity.DefaultRoleClaimType));
-                context.Properties = requestToken.Properties;
-
                 var cookieOptions = new CookieOptions
                 {
                     HttpOnly = true,
@@ -108,9 +90,23 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
                 Response.Cookies.Delete(StateCookie, cookieOptions);
 
-                await Options.Notifications.Authenticated(context);
+                var accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
+                
+                var identity = new ClaimsIdentity(new[]
+                {
+                    new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
+                    new Claim(ClaimTypes.Name, accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer),
+                    new Claim("urn:twitter:userid", accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
+                    new Claim("urn:twitter:screenname", accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer)
+                },
+                Options.ClaimsIssuer);
 
-                return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
+                if (Options.SaveTokensAsClaims)
+                {
+                    identity.AddClaim(new Claim("access_token", accessToken.Token, ClaimValueTypes.String, Options.ClaimsIssuer));
+                }
+                
+                return await CreateTicketAsync(identity, properties, accessToken);
             }
             catch (Exception ex)
             {
@@ -118,6 +114,25 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 return new AuthenticationTicket(properties, Options.AuthenticationScheme);
             }
         }
+
+        protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, AccessToken token)
+        {
+            var notification = new TwitterAuthenticatedContext(Context, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
+            {
+                Principal = new ClaimsPrincipal(identity),
+                Properties = properties
+            };
+
+            await Options.Notifications.Authenticated(notification);
+            
+            if (notification.Principal?.Identity == null)
+            {
+                return null;
+            }
+
+            return new AuthenticationTicket(notification.Principal, notification.Properties, Options.AuthenticationScheme);
+        }
+
         protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
             var properties = new AuthenticationProperties(context.Properties);
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index 4768f59b50..73cac04563 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Net.Http;
+using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Twitter.Messages;
 
@@ -102,8 +103,16 @@ namespace Microsoft.AspNet.Authentication.Twitter
         public ISecureDataFormat<RequestToken> StateDataFormat { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="ITwitterAuthenticationProvider"/> used to handle authentication events.
+        /// Gets or sets the <see cref="ITwitterAuthenticationNotifications"/> used to handle authentication events.
         /// </summary>
         public ITwitterAuthenticationNotifications Notifications { get; set; }
+
+        /// <summary>
+        /// Defines whether access tokens should be stored in the
+        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
+        /// This property is set to <c>false</c> by default to reduce
+        /// the size of the final authentication cookie.
+        /// </summary>
+        public bool SaveTokensAsClaims { get; set; }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 8e4fe65225..711c601ba5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Net;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
@@ -33,7 +34,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
-                        options.Notifications = new FacebookAuthenticationNotifications
+                        options.Notifications = new OAuthAuthenticationNotifications
                         {
                             OnApplyRedirect = context =>
                             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index c48409eedf..ee55456dc4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -9,6 +9,7 @@ using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.DataHandler;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
@@ -198,7 +199,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.Notifications = new GoogleAuthenticationNotifications
+                options.Notifications = new OAuthAuthenticationNotifications
                 {
                     OnApplyRedirect = context =>
                         {
@@ -414,14 +415,14 @@ namespace Microsoft.AspNet.Authentication.Google
                         return null;
                     }
                 };
-                options.Notifications = new GoogleAuthenticationNotifications()
+                options.Notifications = new OAuthAuthenticationNotifications
                 {
                     OnAuthenticated = context =>
-                        {
-                            var refreshToken = context.RefreshToken;
-                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
-                            return Task.FromResult<object>(null);
-                        }
+                    {
+                        var refreshToken = context.RefreshToken;
+                        context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
+                        return Task.FromResult<object>(null);
+                    }
                 };
             });
             var properties = new AuthenticationProperties();
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 253263fb54..42799750c7 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -8,6 +8,7 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
@@ -31,7 +32,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 {
                     options.ClientId = "Test Client Id";
                     options.ClientSecret = "Test Client Secret";
-                    options.Notifications = new MicrosoftAccountAuthenticationNotifications
+                    options.Notifications = new OAuthAuthenticationNotifications
                     {
                         OnApplyRedirect = context =>
                         {
@@ -143,7 +144,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                             return null;
                         }
                     };
-                    options.Notifications = new MicrosoftAccountAuthenticationNotifications
+                    options.Notifications = new OAuthAuthenticationNotifications
                     {
                         OnAuthenticated = context =>
                         {

From 61bbe4cf52a3a204a94e041c810bedc6ee8867f3 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 1 Jul 2015 19:01:44 -0700
Subject: [PATCH 265/900] Set user in OAuthContext

---
 .../OAuthAuthenticatedContext.cs              |  1 +
 .../Google/GoogleMiddlewareTests.cs           | 89 ++++++++++++++++++-
 2 files changed, 88 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
index e59f04d07b..e423e9244f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
@@ -52,6 +52,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         {
             TokenResponse = tokens;
             Backchannel = backchannel;
+            User = user;
         }
 
         /// <summary>
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index ee55456dc4..e1b8edfec5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -246,7 +246,7 @@ namespace Microsoft.AspNet.Authentication.Google
                             return ReturnJsonResponse(new
                             {
                                 access_token = "Test Access Token",
-                                expire_in = 3600,
+                                expires_in = 3600,
                                 token_type = "Bearer"
                             });
                         }
@@ -384,7 +384,7 @@ namespace Microsoft.AspNet.Authentication.Google
                             return ReturnJsonResponse(new
                             {
                                 access_token = "Test Access Token",
-                                expire_in = 3600,
+                                expires_in = 3600,
                                 token_type = "Bearer",
                                 refresh_token = "Test Refresh Token"
                             });
@@ -446,6 +446,91 @@ namespace Microsoft.AspNet.Authentication.Google
             transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
         }
 
+        [Fact]
+        public async Task ValidateAuthenticatedContext()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.StateDataFormat = stateFormat;
+                options.AccessType = "offline";
+                options.Notifications = new OAuthAuthenticationNotifications()
+                {
+                    OnAuthenticated = context =>
+                    {
+                        Assert.NotNull(context.User);
+                        Assert.Equal(context.AccessToken, "Test Access Token");
+                        Assert.Equal(context.RefreshToken, "Test Refresh Token");
+                        Assert.Equal(context.ExpiresIn, TimeSpan.FromSeconds(3600));
+                        Assert.Equal(GoogleAuthenticationHelper.GetEmail(context.User), "Test email");
+                        Assert.Equal(GoogleAuthenticationHelper.GetId(context.User), "Test User ID");
+                        Assert.Equal(GoogleAuthenticationHelper.GetName(context.User), "Test Name");
+                        Assert.Equal(GoogleAuthenticationHelper.GetFamilyName(context.User), "Test Family Name");
+                        Assert.Equal(GoogleAuthenticationHelper.GetGivenName(context.User), "Test Given Name");
+                        return Task.FromResult(0);
+                    }
+                };
+                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                        {
+                            return ReturnJsonResponse(new
+                            {
+                                access_token = "Test Access Token",
+                                expires_in = 3600,
+                                token_type = "Bearer",
+                                refresh_token = "Test Refresh Token"
+                            });
+                        }
+                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        {
+                            return ReturnJsonResponse(new
+                            {
+                                id = "Test User ID",
+                                displayName = "Test Name",
+                                name = new
+                                {
+                                    familyName = "Test Family Name",
+                                    givenName = "Test Given Name"
+                                },
+                                url = "Profile link",
+                                emails = new[]
+                                    {
+                                        new
+                                        {
+                                            value = "Test email",
+                                            type = "account"
+                                        }
+                                    }
+                            });
+                        }
+
+                        return null;
+                    }
+                };
+            });
+
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/foo";
+            var state = stateFormat.Protect(properties);
+
+            //Post a message to the Google middleware
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                correlationKey + "=" + correlationValue);
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.ToString().ShouldBe("/foo");
+        }
+
+
         private static HttpResponseMessage ReturnJsonResponse(object content)
         {
             var res = new HttpResponseMessage(HttpStatusCode.OK);

From 0d71421c058a8ac081afaf7aabf436ce2e13fe5a Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Wed, 1 Jul 2015 20:25:17 -0700
Subject: [PATCH 266/900] Add repository information to project files

---
 src/Microsoft.AspNet.Authentication.Cookies/project.json      | 4 ++++
 src/Microsoft.AspNet.Authentication.Facebook/project.json     | 4 ++++
 src/Microsoft.AspNet.Authentication.Google/project.json       | 4 ++++
 .../project.json                                              | 4 ++++
 src/Microsoft.AspNet.Authentication.OAuth/project.json        | 4 ++++
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json  | 4 ++++
 .../project.json                                              | 4 ++++
 src/Microsoft.AspNet.Authentication.Twitter/project.json      | 4 ++++
 src/Microsoft.AspNet.Authentication/project.json              | 4 ++++
 src/Microsoft.AspNet.Authorization/project.json               | 4 ++++
 10 files changed, 40 insertions(+)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index 28127904db..34d775f155 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index 332385ca73..1da4a78837 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index b7ffdd0bcf..ab65c2cf78 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 41ef74556b..99ee1bcdab 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },,
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index ba2cc53dc0..abe2427c19 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index dff02afcb7..6c7f516fe1 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 0c00d7e424..00dc7bfed2 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support OpenIdConnect authentication workflow.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.Caching.Abstractions": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index 6b2ddf521d..e8aa0ecfa2 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index bdf51537ff..e3321ca9f6 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 common types used by the various authentication middleware.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Http": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index a0b9beb5d9..7d2e324d5c 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -1,6 +1,10 @@
 {
     "version": "1.0.0-*",
     "description": "ASP.NET 5 authorization classes.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
     "dependencies": {
         "Microsoft.AspNet.Http.Features": "1.0.0-*",
         "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",

From 039cc18e8b1c4da8a4d45491469eefda1deed035 Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Wed, 1 Jul 2015 20:41:03 -0700
Subject: [PATCH 267/900] Fix typo in project.json

---
 .../project.json                                                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 99ee1bcdab..dce2e01da5 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -4,7 +4,7 @@
     "repository": {
         "type": "git",
         "url": "git://github.com/aspnet/security"
-    },,
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }

From 57031946d07a70ef0570aa72943f60797277e3ea Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 8 Jul 2015 12:21:00 -0700
Subject: [PATCH 268/900] #214 Refactor OIDC state parameters.

---
 .../OpenIdConnectAuthenticationDefaults.cs    |  23 +-
 .../OpenIdConnectAuthenticationHandler.cs     | 205 ++---
 .../Resources.Designer.cs                     |  83 +-
 .../Resources.resx                            |  68 +-
 .../RedirectToIdentityProviderNotification.cs |  18 +-
 ...uthenticationPropertiesFormaterKeyValue.cs |  62 ++
 .../OpenIdConnect/ExpectedQueryValues.cs      | 175 ++++
 .../OpenIdConnect/InMemoryLogger.cs           |  57 ++
 .../OpenIdConnect/InMemoryLoggerFactory.cs    |  36 +
 .../OpenIdConnect/LogEntry.cs                 |  41 +
 .../OpenIdConnect/LoggingUtilities.cs         | 142 ++++
 ...enticationHandlerForTestingAuthenticate.cs |  41 +
 ...icationMiddlewareForTestingAuthenticate.cs |  47 ++
 .../OpenIdConnectHandlerTests.cs              | 768 ++++++------------
 .../OpenIdConnectMiddlewareTests.cs           | 373 ++++++---
 .../OpenIdConnect/TestUtilities.cs            |  29 +-
 16 files changed, 1350 insertions(+), 818 deletions(-)
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
index 763ef11d36..2e1a808897 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
@@ -9,14 +9,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     public static class OpenIdConnectAuthenticationDefaults
     {
         /// <summary>
-        /// The default value used for OpenIdConnectAuthenticationOptions.AuthenticationScheme
+        /// Constant used to identify state in openIdConnect protocol message.
         /// </summary>
-        public const string AuthenticationScheme = "OpenIdConnect";
+        public const string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
 
         /// <summary>
-        /// The prefix used to provide a default OpenIdConnectAuthenticationOptions.CookieName
+        /// The default value used for OpenIdConnectAuthenticationOptions.AuthenticationScheme.
         /// </summary>
-        public const string CookiePrefix = ".AspNet.OpenIdConnect.";
+        public const string AuthenticationScheme = "OpenIdConnect";
 
         /// <summary>
         /// The default value for OpenIdConnectAuthenticationOptions.Caption.
@@ -24,18 +24,23 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public const string Caption = "OpenIdConnect";
 
         /// <summary>
-        /// The prefix used to for the a nonce in the cookie
+        /// The prefix used to provide a default OpenIdConnectAuthenticationOptions.CookieName.
+        /// </summary>
+        public const string CookiePrefix = ".AspNet.OpenIdConnect.";
+
+        /// <summary>
+        /// The prefix used to for the a nonce in the cookie.
         /// </summary>
         public const string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
 
         /// <summary>
-        /// The property for the RedirectUri that was used when asking for a 'authorizationCode'
+        /// The property for the RedirectUri that was used when asking for a 'authorizationCode'.
         /// </summary>
-        public const string RedirectUriUsedForCodeKey = "OpenIdConnect.Code.RedirectUri";
+        public const string RedirectUriForCodePropertiesKey = "OpenIdConnect.Code.RedirectUri";
 
         /// <summary>
-        /// Constant used to identify state in openIdConnect protocal message
+        /// Constant used to identify userstate inside AuthenticationProperties that have been serialized in the 'state' parameter.
         /// </summary>
-        public const string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
+        public const string UserstatePropertiesKey = "OpenIdConnect.Userstate";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 89efa965d6..6981f48e56 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -28,19 +28,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         private const string UriSchemeDelimiter = "://";
         private OpenIdConnectConfiguration _configuration;
 
-        private string CurrentUri
-        {
-            get
-            {
-                return Request.Scheme +
-                       UriSchemeDelimiter +
-                       Request.Host +
-                       Request.PathBase +
-                       Request.Path +
-                       Request.QueryString;
-            }
-        }
-
         /// <summary>
         /// Handles Signout
         /// </summary>
@@ -54,7 +41,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                var openIdConnectMessage = new OpenIdConnectMessage()
+                var message = new OpenIdConnectMessage()
                 {
                     IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
                     RequestType = OpenIdConnectRequestType.LogoutRequest,
@@ -66,30 +53,42 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var properties = new AuthenticationProperties(signout.Properties);
                 if (!string.IsNullOrEmpty(properties.RedirectUri))
                 {
-                    openIdConnectMessage.PostLogoutRedirectUri = properties.RedirectUri;
+                    message.PostLogoutRedirectUri = properties.RedirectUri;
                 }
-                else if (!string.IsNullOrWhiteSpace(Options.PostLogoutRedirectUri))
+                else if (!string.IsNullOrEmpty(Options.PostLogoutRedirectUri))
                 {
-                    openIdConnectMessage.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
+                    message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
                 }
 
-                var notification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                if (Options.Notifications.RedirectToIdentityProvider != null)
                 {
-                    ProtocolMessage = openIdConnectMessage
-                };
-
-                await Options.Notifications.RedirectToIdentityProvider(notification);
-
-                if (!notification.HandledResponse)
-                {
-                    var redirectUri = notification.ProtocolMessage.CreateLogoutRequestUrl();
-                    if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                    var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                     {
-                        Logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
+                        ProtocolMessage = message
+                    };
+
+                    await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
+                    if (redirectToIdentityProviderNotification.HandledResponse)
+                    {
+                        Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                        return;
+                    }
+                    else if (redirectToIdentityProviderNotification.Skipped)
+                    {
+                        Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                        return;
                     }
 
-                    Response.Redirect(redirectUri);
+                    message = redirectToIdentityProviderNotification.ProtocolMessage;
                 }
+
+                var redirectUri = message.CreateLogoutRequestUrl();
+                if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                {
+                    Logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
+                }
+
+                Response.Redirect(redirectUri);
             }
         }
 
@@ -107,7 +106,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             // 2. CurrentUri if Options.DefaultToCurrentUriOnRedirect is true)
             AuthenticationProperties properties = new AuthenticationProperties(context.Properties);
 
-            if (!string.IsNullOrWhiteSpace(properties.RedirectUri))
+            if (!string.IsNullOrEmpty(properties.RedirectUri))
             {
                 Logger.LogDebug(Resources.OIDCH_0030_Using_Properties_RedirectUri, properties.RedirectUri);
             }
@@ -117,15 +116,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 properties.RedirectUri = CurrentUri;
             }
 
-            if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
+            if (!string.IsNullOrEmpty(Options.RedirectUri))
             {
                 Logger.LogDebug(Resources.OIDCH_0031_Using_Options_RedirectUri, Options.RedirectUri);
             }
 
             // When redeeming a 'code' for an AccessToken, this value is needed
-            if (!string.IsNullOrWhiteSpace(Options.RedirectUri))
+            if (!string.IsNullOrEmpty(Options.RedirectUri))
             {
-                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri);
+                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, Options.RedirectUri);
             }
 
             if (_configuration == null && Options.ConfigurationManager != null)
@@ -138,13 +137,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ClientId = Options.ClientId,
                 IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty,
                 RedirectUri = Options.RedirectUri,
-                // [brentschmaltz] - this should be a property on RedirectToIdentityProviderNotification not on the OIDCMessage.
+                // [brentschmaltz] - #215 this should be a property on RedirectToIdentityProviderNotification not on the OIDCMessage.
                 RequestType = OpenIdConnectRequestType.AuthenticationRequest,
                 Resource = Options.Resource,
                 ResponseMode = Options.ResponseMode,
                 ResponseType = Options.ResponseType,
-                Scope = Options.Scope,
-                State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + UrlEncoder.UrlEncode(Options.StateDataFormat.Protect(properties))
+                Scope = Options.Scope
             };
 
             if (Options.ProtocolValidator.RequireNonce)
@@ -169,24 +167,37 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
             }
 
-            var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            if (Options.Notifications.RedirectToIdentityProvider != null)
             {
-                ProtocolMessage = message
-            };
+                var redirectToIdentityProviderNotification =
+                    new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                    {
+                        ProtocolMessage = message
+                    };
 
-            await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
-            if (redirectToIdentityProviderNotification.HandledResponse)
-            {
-                Logger.LogInformation(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
-                return true; // REVIEW: Make sure this should stop all other handlers
-            }
-            else if (redirectToIdentityProviderNotification.Skipped)
-            {
-                Logger.LogInformation(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
-                return false; // REVIEW: Make sure this should not stop all other handlers
+                await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
+                if (redirectToIdentityProviderNotification.HandledResponse)
+                {
+                    Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                    return true;
+                }
+                else if (redirectToIdentityProviderNotification.Skipped)
+                {
+                    Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                    return false;
+                }
+
+                if (!string.IsNullOrEmpty(redirectToIdentityProviderNotification.ProtocolMessage.State))
+                {
+                    properties.Items[OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey] = redirectToIdentityProviderNotification.ProtocolMessage.State;
+                }
+
+                message = redirectToIdentityProviderNotification.ProtocolMessage;
             }
 
-            var redirectUri = redirectToIdentityProviderNotification.ProtocolMessage.CreateAuthenticationRequestUrl();
+            message.State = Options.StateDataFormat.Protect(properties);
+
+            var redirectUri = message.CreateAuthenticationRequestUrl();
             if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
             {
                 Logger.LogWarning(Resources.OIDCH_0036_UriIsNotWellFormed, redirectUri);
@@ -246,66 +257,74 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Notifications.MessageReceived(messageReceivedNotification);
                 if (messageReceivedNotification.HandledResponse)
                 {
-                    Logger.LogInformation(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
+                    Logger.LogVerbose(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
                     return messageReceivedNotification.AuthenticationTicket;
                 }
 
                 if (messageReceivedNotification.Skipped)
                 {
-                    Logger.LogInformation(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
+                    Logger.LogVerbose(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
                     return null;
                 }
 
-                // runtime always adds state, if we don't find it OR we failed to 'unprotect' it this is not a message we should process.
-                if (string.IsNullOrWhiteSpace(message.State))
+                var properties = new AuthenticationProperties();
+
+                // if state is missing, just log it
+                if (string.IsNullOrEmpty(message.State))
                 {
-                    Logger.LogError(Resources.OIDCH_0004_MessageStateIsNullOrWhiteSpace);
-                    return null;
+                    Logger.LogWarning(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
+                }
+                else
+                {
+                    // if state exists and we failed to 'unprotect' this is not a message we should process.
+                    properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(message.State));
+                    if (properties == null)
+                    {
+                        Logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
+                        return null;
+                    }
+
+                    string userstate = null;
+                    properties.Items.TryGetValue(OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey, out userstate);
+                    message.State = userstate;
                 }
 
-                var properties = GetPropertiesFromState(message.State);
-                if (properties == null)
+                // if any of the error fields are set, throw error null
+                if (!string.IsNullOrEmpty(message.Error))
                 {
-                    Logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
-                    return null;
+                    Logger.LogError(Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
+                    throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null"));
                 }
 
-                // devs will need to hook AuthenticationFailedNotification to avoid having 'raw' runtime errors displayed to users.
-                if (!string.IsNullOrWhiteSpace(message.Error))
+                if (_configuration == null && Options.ConfigurationManager != null)
                 {
-                   Logger.LogError(Resources.OIDCH_0006_MessageErrorNotNull, message.Error);
-                    throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageErrorNotNull, message.Error));
+                    Logger.LogVerbose(Resources.OIDCH_0007_UpdatingConfiguration);
+                    _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
                 AuthenticationTicket ticket = null;
                 JwtSecurityToken jwt = null;
 
-                if (_configuration == null && Options.ConfigurationManager != null)
-                {
-                    Logger.LogDebug(Resources.OIDCH_0007_UpdatingConfiguration);
-                    _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
-                }
-
                 // OpenIdConnect protocol allows a Code to be received without the id_token
-                if (!string.IsNullOrWhiteSpace(message.IdToken))
+                if (!string.IsNullOrEmpty(message.IdToken))
                 {
                     Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
                     var securityTokenReceivedNotification =
                         new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                         {
-                            ProtocolMessage = message
+                            ProtocolMessage = message,
                         };
 
                     await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
                     if (securityTokenReceivedNotification.HandledResponse)
                     {
-                        Logger.LogInformation(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
+                        Logger.LogVerbose(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
                         return securityTokenReceivedNotification.AuthenticationTicket;
                     }
 
                     if (securityTokenReceivedNotification.Skipped)
                     {
-                        Logger.LogInformation(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
+                        Logger.LogVerbose(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
                         return null;
                     }
 
@@ -313,11 +332,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     var validationParameters = Options.TokenValidationParameters.Clone();
                     if (_configuration != null)
                     {
-                        if (string.IsNullOrWhiteSpace(validationParameters.ValidIssuer))
+                        if (string.IsNullOrEmpty(validationParameters.ValidIssuer))
                         {
                             validationParameters.ValidIssuer = _configuration.Issuer;
                         }
-                        else if (!string.IsNullOrWhiteSpace(_configuration.Issuer))
+                        else if (!string.IsNullOrEmpty(_configuration.Issuer))
                         {
                             validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(new[] { _configuration.Issuer }) ?? new[] { _configuration.Issuer };
                         }
@@ -336,7 +355,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                             if (jwt == null)
                             {
                                 Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
-                                throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
+                                throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
                             }
                         }
                     }
@@ -344,16 +363,16 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     if (validatedToken == null)
                     {
                         Logger.LogError(Resources.OIDCH_0011_UnableToValidateToken, message.IdToken);
-                        throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0011_UnableToValidateToken, message.IdToken));
+                        throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0011_UnableToValidateToken, message.IdToken));
                     }
 
                     ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
-                    if (!string.IsNullOrWhiteSpace(message.SessionState))
+                    if (!string.IsNullOrEmpty(message.SessionState))
                     {
                         ticket.Properties.Items[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
                     }
 
-                    if (_configuration != null && !string.IsNullOrWhiteSpace(_configuration.CheckSessionIframe))
+                    if (_configuration != null && !string.IsNullOrEmpty(_configuration.CheckSessionIframe))
                     {
                         ticket.Properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
                     }
@@ -384,13 +403,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
                     if (securityTokenValidatedNotification.HandledResponse)
                     {
-                        Logger.LogInformation(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
+                        Logger.LogVerbose(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
                         return securityTokenValidatedNotification.AuthenticationTicket;
                     }
 
                     if (securityTokenValidatedNotification.Skipped)
                     {
-                        Logger.LogInformation(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
+                        Logger.LogVerbose(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
                         return null;
                     }
 
@@ -416,7 +435,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     var protocolValidationContext = new OpenIdConnectProtocolValidationContext
                     {
                         AuthorizationCode = message.Code,
-                        Nonce = nonce, 
+                        Nonce = nonce,
                     };
 
                     Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
@@ -424,7 +443,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 if (message.Code != null)
                 {
-                    Logger.LogDebug(Resources.OIDCH_0014_CodeReceived, message.Code);
+                    Logger.LogDebug(Resources.OIDCH_0014_AuthorizationCodeReceived, message.Code);
                     if (ticket == null)
                     {
                         ticket = new AuthenticationTicket(properties, Options.AuthenticationScheme);
@@ -436,20 +455,20 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                         Code = message.Code,
                         JwtSecurityToken = jwt,
                         ProtocolMessage = message,
-                        RedirectUri = ticket.Properties.Items.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey) ?
-                                      ticket.Properties.Items[OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey] : string.Empty,
+                        RedirectUri = ticket.Properties.Items.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey) ?
+                                      ticket.Properties.Items[OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey] : string.Empty,
                     };
 
                     await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
                     if (authorizationCodeReceivedNotification.HandledResponse)
                     {
-                        Logger.LogInformation(Resources.OIDCH_0015_CodeReceivedNotificationHandledResponse);
+                        Logger.LogVerbose(Resources.OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse);
                         return authorizationCodeReceivedNotification.AuthenticationTicket;
                     }
 
                     if (authorizationCodeReceivedNotification.Skipped)
                     {
-                        Logger.LogInformation(Resources.OIDCH_0016_CodeReceivedNotificationSkipped);
+                        Logger.LogVerbose(Resources.OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped);
                         return null;
                     }
                 }
@@ -463,7 +482,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
                 if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
-                    Options.ConfigurationManager.RequestRefresh();
+                    if (Options.ConfigurationManager != null)
+                    {
+                        Logger.LogVerbose(Resources.OIDCH_0021_AutomaticConfigurationRefresh);
+                        Options.ConfigurationManager.RequestRefresh();
+                    }
                 }
 
                 var authenticationFailedNotification =
@@ -476,13 +499,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
                 if (authenticationFailedNotification.HandledResponse)
                 {
-                    Logger.LogInformation(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
+                    Logger.LogVerbose(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
                     return authenticationFailedNotification.AuthenticationTicket;
                 }
 
                 if (authenticationFailedNotification.Skipped)
                 {
-                    Logger.LogInformation(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
+                    Logger.LogVerbose(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
                     return null;
                 }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
index c999f59990..67c06b96d8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
@@ -93,7 +93,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0027: converted 401 to 403.
+        /// OIDCH_0027: Converted 401 to 403.
         /// </summary>
         internal static string OIDCH_0027_401_ConvertedTo_403
         {
@@ -117,7 +117,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0030: using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
+        /// OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
         /// </summary>
         internal static string OIDCH_0030_Using_Properties_RedirectUri
         {
@@ -125,7 +125,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0031: using Options.RedirectUri for 'redirect_uri': '{0}'.
+        /// OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.
         /// </summary>
         internal static string OIDCH_0031_Using_Options_RedirectUri
         {
@@ -133,7 +133,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.
+        /// OIDCH_0032: Using the CurrentUri for 'local redirect' post authentication: '{0}'.
         /// </summary>
         internal static string OIDCH_0032_UsingCurrentUriRedirectUri
         {
@@ -145,11 +145,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         internal static string OIDCH_0033_NonceAlreadyExists
         {
-            get { return ResourceManager.GetString("OIDCH_0033_NonceAlreadyExists"); }
+             get { return ResourceManager.GetString("OIDCH_0033_NonceAlreadyExists"); }
         }
 
         /// <summary>
-        /// OIDCH_0034: redirectToIdentityProviderNotification.HandledResponse
+        /// OIDCH_0034: RedirectToIdentityProviderNotification.HandledResponse
         /// </summary>
         internal static string OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse
         {
@@ -157,7 +157,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0035: redirectToIdentityProviderNotification.Skipped
+        /// OIDCH_0035: RedirectToIdentityProviderNotification.Skipped
         /// </summary>
         internal static string OIDCH_0035_RedirectToIdentityProviderNotificationSkipped
         {
@@ -165,13 +165,21 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"))
+        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}'.)
         /// </summary>
         internal static string OIDCH_0036_UriIsNotWellFormed
         {
             get { return ResourceManager.GetString("OIDCH_0036_UriIsNotWellFormed"); }
         }
 
+        /// <summary>
+        /// OIDCH_0036: RedirectUri is: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0037_RedirectUri
+        {
+            get { return ResourceManager.GetString("OIDCH_0037_RedirectUri"); }
+        }
+
         /// <summary>
         /// OIDCH_0000: Entering: '{0}'.
         /// </summary>
@@ -197,7 +205,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0002: messageReceivedNotification.HandledResponse
+        /// OIDCH_0002: MessageReceivedNotification.HandledResponse
         /// </summary>
         internal static string OIDCH_0002_MessageReceivedNotificationHandledResponse
         {
@@ -205,7 +213,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0003: messageReceivedNotification.Skipped
+        /// OIDCH_0003: MessageReceivedNotification.Skipped
         /// </summary>
         internal static string OIDCH_0003_MessageReceivedNotificationSkipped
         {
@@ -213,15 +221,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0004:  OpenIdConnectAuthenticationHandler: message.State is null or whitespace. State is required to process the message.
+        /// OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.
         /// </summary>
-        internal static string OIDCH_0004_MessageStateIsNullOrWhiteSpace
+        internal static string OIDCH_0004_MessageStateIsNullOrEmpty
         {
-            get { return ResourceManager.GetString("OIDCH_0004_MessageStateIsNullOrWhiteSpace"); }
+            get { return ResourceManager.GetString("OIDCH_0004_MessageStateIsNullOrEmpty"); }
         }
 
         /// <summary>
-        /// OIDCH_0005: unable to unprotect the message.State
+        /// OIDCH_0005: Unable to unprotect the message.State
         /// </summary>
         internal static string OIDCH_0005_MessageStateIsInvalid
         {
@@ -229,15 +237,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0006_MessageErrorNotNull: '{0}'.
+        /// OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
         /// </summary>
-        internal static string OIDCH_0006_MessageErrorNotNull
+        internal static string OIDCH_0006_MessageContainsError
         {
-            get { return ResourceManager.GetString("OIDCH_0006_MessageErrorNotNull"); }
+            get { return ResourceManager.GetString("OIDCH_0006_MessageContainsError"); }
         }
 
         /// <summary>
-        /// OIDCH_0007: updating configuration
+        /// OIDCH_0007: Updating configuration
         /// </summary>
         internal static string OIDCH_0007_UpdatingConfiguration
         {
@@ -245,7 +253,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0008: securityTokenReceivedNotification.HandledResponse
+        /// OIDCH_0008: SecurityTokenReceivedNotification.HandledResponse
         /// </summary>
         internal static string OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse
         {
@@ -253,7 +261,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0009: securityTokenReceivedNotification.Skipped
+        /// OIDCH_0009: SecurityTokenReceivedNotification.Skipped
         /// </summary>
         internal static string OIDCH_0009_SecurityTokenReceivedNotificationSkipped
         {
@@ -269,7 +277,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: {0}."
+        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'.
         /// </summary>
         internal static string OIDCH_0011_UnableToValidateToken
         {
@@ -277,7 +285,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0012: securityTokenValidatedNotification.HandledResponse
+        /// OIDCH_0012: SecurityTokenValidatedNotification.HandledResponse
         /// </summary>
         internal static string OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse
         {
@@ -285,7 +293,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0013: securityTokenValidatedNotification.Skipped
+        /// OIDCH_0013: SecurityTokenValidatedNotification.Skipped
         /// </summary>
         internal static string OIDCH_0013_SecurityTokenValidatedNotificationSkipped
         {
@@ -293,31 +301,31 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0014: 'code' received: '{0}'
+        /// OIDCH_0014: AuthorizationCode received: '{0}'
         /// </summary>
-        internal static string OIDCH_0014_CodeReceived
+        internal static string OIDCH_0014_AuthorizationCodeReceived
         {
-            get { return ResourceManager.GetString("OIDCH_0014_CodeReceived"); }
+            get { return ResourceManager.GetString("OIDCH_0014_AuthorizationCodeReceived"); }
         }
 
         /// <summary>
-        /// OIDCH_0015: codeReceivedNotification.HandledResponse")
+        /// OIDCH_0015: AuthorizationCodeReceivedNotification.HandledResponse
         /// </summary>
-        internal static string OIDCH_0015_CodeReceivedNotificationHandledResponse
+        internal static string OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse
         {
-            get { return ResourceManager.GetString("OIDCH_0015_CodeReceivedNotificationHandledResponse"); }
+            get { return ResourceManager.GetString("OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse"); }
         }
 
         /// <summary>
         /// OIDCH_0016: codeReceivedNotification.Skipped
         /// </summary>
-        internal static string OIDCH_0016_CodeReceivedNotificationSkipped
+        internal static string OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped
         {
-            get { return ResourceManager.GetString("OIDCH_0016_CodeReceivedNotificationSkipped"); }
+            get { return ResourceManager.GetString("OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped"); }
         }
 
         /// <summary>
-        /// OIDCH_0017: Exception occurred while processing message
+        /// OIDCH_0017: Exception occurred while processing message.
         /// </summary>
         internal static string OIDCH_0017_ExceptionOccurredWhileProcessingMessage
         {
@@ -341,11 +349,20 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0020: 'id_token' received: '{0}'
+        /// OIDCH_0020: 'id_token' received: '{0}'.
         /// </summary>
         internal static string OIDCH_0020_IdTokenReceived
         {
             get { return ResourceManager.GetString("OIDCH_0020_IdTokenReceived"); }
         }
+
+        /// <summary>
+        /// OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.
+        /// </summary>
+        internal static string OIDCH_0021_AutomaticConfigurationRefresh
+        {
+            get { return ResourceManager.GetString("OIDCH_0021_AutomaticConfigurationRefresh"); }
+        }
+
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index 3f2ad60226..f998d95ad7 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -130,7 +130,7 @@
     <value>OIDCH_0026: Entering: '{0}'</value>
   </data>
   <data name="OIDCH_0027_401_ConvertedTo_403" xml:space="preserve">
-    <value>OIDCH_0027: converted 401 to 403.</value>
+    <value>OIDCH_0027: Converted 401 to 403.</value>
   </data>
   <data name="OIDCH_0028_StatusCodeNot401" xml:space="preserve">
     <value>OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.</value>
@@ -139,10 +139,10 @@
     <value>OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication</value>
   </data>
   <data name="OIDCH_0030_Using_Properties_RedirectUri" xml:space="preserve">
-    <value>OIDCH_0030: using properties.RedirectUri for 'local redirect' post authentication: '{0}'.</value>
+    <value>OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.</value>
   </data>
   <data name="OIDCH_0031_Using_Options_RedirectUri" xml:space="preserve">
-    <value>OIDCH_0031: using Options.RedirectUri for 'redirect_uri': '{0}'.</value>
+    <value>OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.</value>
   </data>
   <data name="OIDCH_0032_UsingCurrentUriRedirectUri" xml:space="preserve">
     <value>OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.</value>
@@ -151,13 +151,16 @@
     <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
   </data>
   <data name="OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0034: redirectToIdentityProviderNotification.HandledResponse</value>
+    <value>OIDCH_0034: RedirectToIdentityProviderNotification.HandledResponse</value>
   </data>
   <data name="OIDCH_0035_RedirectToIdentityProviderNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0035: redirectToIdentityProviderNotification.Skipped</value>
+    <value>OIDCH_0035: RedirectToIdentityProviderNotification.Skipped</value>
   </data>
   <data name="OIDCH_0036_UriIsNotWellFormed" xml:space="preserve">
-    <value>OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}", (redirectUri ?? "null"))</value>
+    <value>OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.</value>
+  </data>
+  <data name="OIDCH_0037_RedirectUri" xml:space="preserve">
+    <value>OIDCH_0037: RedirectUri is: '{0}'.</value>
   </data>
   <data name="OIDCH_0000_AuthenticateCoreAsync" xml:space="preserve">
     <value>OIDCH_0000: Entering: '{0}'.</value>
@@ -166,60 +169,63 @@
     <value>OIDCH_0001: MessageReceived: '{0}'.</value>
   </data>
   <data name="OIDCH_0002_MessageReceivedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0002: messageReceivedNotification.HandledResponse</value>
+    <value>OIDCH_0002: MessageReceivedNotification.HandledResponse</value>
   </data>
   <data name="OIDCH_0003_MessageReceivedNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0003: messageReceivedNotification.Skipped</value>
+    <value>OIDCH_0003: MessageReceivedNotification.Skipped</value>
   </data>
-  <data name="OIDCH_0004_MessageStateIsNullOrWhiteSpace" xml:space="preserve">
-    <value>OIDCH_0004:  OpenIdConnectAuthenticationHandler: message.State is null or whitespace. State is required to process the message.</value>
+  <data name="OIDCH_0004_MessageStateIsNullOrEmpty" xml:space="preserve">
+    <value>OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.</value>
   </data>
-  <data name="OIDCH_0005_MessageStateIsInValid" xml:space="preserve">
-    <value>OIDCH_0005: unable to unprotect the message.State</value>
+  <data name="OIDCH_0005_MessageStateIsInvalid" xml:space="preserve">
+    <value>OIDCH_0005: Unable to unprotect the message.State.</value>
   </data>
-  <data name="OIDCH_0006_MessageErrorNotNull" xml:space="preserve">
-    <value>OIDCH_0006_MessageErrorNotNull: '{0}'.</value>
+  <data name="OIDCH_0006_MessageContainsError" xml:space="preserve">
+    <value>OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.</value>
   </data>
   <data name="OIDCH_0007_UpdatingConfiguration" xml:space="preserve">
-    <value>OIDCH_0007: updating configuration</value>
+    <value>OIDCH_0007: Updating configuration</value>
   </data>
   <data name="OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0008: securityTokenReceivedNotification.HandledResponse</value>
+    <value>OIDCH_0008: SecurityTokenReceivedNotification.HandledResponse</value>
   </data>
   <data name="OIDCH_0009_SecurityTokenReceivedNotificationSkipped:" xml:space="preserve">
-    <value>OIDCH_0009: securityTokenReceivedNotification.Skipped</value>
+    <value>OIDCH_0009: SecurityTokenReceivedNotification.Skipped</value>
   </data>
   <data name="OIDCH_0010_ValidatedSecurityTokenNotJwt" xml:space="preserve">
     <value>OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.</value>
   </data>
   <data name="OIDCH_0011_UnableToValidateToken" xml:space="preserve">
-    <value>OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: {0}."</value>
+    <value>OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."</value>
   </data>
   <data name="OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0012: securityTokenValidatedNotification.HandledResponse</value>
+    <value>OIDCH_0012: SecurityTokenValidatedNotification.HandledResponse</value>
   </data>
   <data name="OIDCH_0013_SecurityTokenValidatedNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0013: securityTokenValidatedNotification.Skipped</value>
+    <value>OIDCH_0013: SecurityTokenValidatedNotification.Skipped</value>
   </data>
-  <data name="OIDCH_0014_CodeReceived" xml:space="preserve">
-    <value>OIDCH_0014: 'code' received: '{0}'</value>
+  <data name="OIDCH_0014_AuthorizationCodeReceived" xml:space="preserve">
+    <value>OIDCH_0014: AuthorizationCode received: '{0}'.</value>
   </data>
-  <data name="OIDCH_0015_CodeReceivedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0015: codeReceivedNotification.HandledResponse</value>
+  <data name="OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0015: AuthorizationCodeReceivedNotification.HandledResponse</value>
   </data>
-  <data name="OIDCH_0016_CodeReceivedNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0016: codeReceivedNotification.Skipped</value>
+  <data name="OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped" xml:space="preserve">
+    <value>OIDCH_0016: AuthorizationCodeReceivedNotification.Skipped</value>
   </data>
-  <data name="OIDCH_0017: Exception occurred while processing message" xml:space="preserve">
-    <value>OIDCH_0017: Exception occurred while processing message</value>
+  <data name="OIDCH_0017_ExceptionOccurredWhileProcessingMessage" xml:space="preserve">
+    <value>OIDCH_0017: Exception occurred while processing message.</value>
   </data>
   <data name="OIDCH_0018_AuthenticationFailedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0018: authenticationFailedNotification.HandledResponse</value>
+    <value>OIDCH_0018: AuthenticationFailedNotification.HandledResponse</value>
   </data>
   <data name="OIDCH_0019_AuthenticationNotificationFailedSkipped" xml:space="preserve">
-    <value>OIDCH_0019: authenticationFailedNotification.Skipped</value>
+    <value>OIDCH_0019: AuthenticationFailedNotification.Skipped</value>
   </data>
   <data name="OIDCH_0020_IdTokenReceived" xml:space="preserve">
     <value>OIDCH_0020: 'id_token' received: '{0}'</value>
   </data>
-</root>
\ No newline at end of file
+  <data name="OIDCH_0021_AutomaticConfigurationRefresh" xml:space="preserve">
+    <value>OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.</value>
+  </data>
+</root>
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
index a4b2d979e9..d8b7dcac97 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
@@ -1,16 +1,28 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using Microsoft.AspNet.Http;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Notifications
 {
+    /// <summary>
+    /// When a user configures the <see cref="AuthenticationMiddleware{TOptions}"/> to be notified prior to redirecting to an IdentityProvider
+    /// an instance of <see cref="RedirectFromIdentityProviderNotification{TMessage, TOptions, TMessage}"/> is passed to the 'RedirectToIdentityProviderNotification".
+    /// </summary>
+    /// <typeparam name="TMessage">protocol specific message.</typeparam>
+    /// <typeparam name="TOptions">protocol specific options.</typeparam>
     public class RedirectToIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
-        public RedirectToIdentityProviderNotification(HttpContext context, TOptions options) : base(context, options)
+        public RedirectToIdentityProviderNotification([NotNull] HttpContext context, [NotNull] TOptions options) : base(context, options)
         {
         }
 
-        public TMessage ProtocolMessage { get; set; }
+        /// <summary>
+        /// Gets or sets the <see cref="{TMessage}"/>.
+        /// </summary>
+        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
+        public TMessage ProtocolMessage { get; [param: NotNull] set; }
     }
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
new file mode 100644
index 0000000000..683f03563e
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
@@ -0,0 +1,62 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Text;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.WebEncoders;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    /// <summary>
+    /// This formatter creates an easy to read string of the format: "'key1' 'value1' ..."
+    /// </summary>
+    public class AuthenticationPropertiesFormaterKeyValue : ISecureDataFormat<AuthenticationProperties>
+    {
+        string _protectedString = Guid.NewGuid().ToString();
+
+        public string Protect(AuthenticationProperties data)
+        {
+            if (data == null || data.Items.Count == 0)
+            {
+                return "null";
+            }
+
+            var encoder = UrlEncoder.Default;
+            var sb = new StringBuilder();
+            foreach(var item in data.Items)
+            {
+                sb.Append(encoder.UrlEncode(item.Key) + " " + encoder.UrlEncode(item.Value) + " ");
+            }
+
+            return sb.ToString();
+        }
+
+        AuthenticationProperties ISecureDataFormat<AuthenticationProperties>.Unprotect(string protectedText)
+        {
+            if (string.IsNullOrWhiteSpace(protectedText))
+            {
+                return null;
+            }
+
+            if (protectedText == "null")
+            {
+                return new AuthenticationProperties();
+            }
+
+            string[] items = protectedText.Split(' ');
+            if (items.Length % 2 != 0)
+            {
+                return null;
+            }
+
+            var propeties = new AuthenticationProperties();
+            for (int i = 0; i < items.Length - 1; i+=2)
+            {
+                propeties.Items.Add(items[i], items[i + 1]);
+            }
+
+            return propeties;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
new file mode 100644
index 0000000000..ddf7a0e7ed
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
@@ -0,0 +1,175 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Text;
+using Microsoft.Framework.WebEncoders;
+using Microsoft.IdentityModel.Protocols;
+using Xunit;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    /// <summary>
+    /// This helper class is used to check that query string parameters are as expected.
+    /// </summary>
+    public class ExpectedQueryValues
+    {
+        public ExpectedQueryValues(string authority, OpenIdConnectConfiguration configuration = null)
+        {
+            Authority = authority;
+            Configuration = configuration ?? TestUtilities.DefaultOpenIdConnectConfiguration;
+        }
+
+        public static ExpectedQueryValues Defaults(string authority)
+        {
+            var result = new ExpectedQueryValues(authority);
+            result.Scope = OpenIdConnectScopes.OpenIdProfile;
+            result.ResponseType = OpenIdConnectResponseTypes.CodeIdToken;
+            return result;
+        }
+
+        public void CheckValues(string query, IEnumerable<string> parameters)
+        {
+            var errors = new List<string>();
+            if (!query.StartsWith(ExpectedAuthority))
+            {
+                errors.Add("ExpectedAuthority: " + ExpectedAuthority);
+            }
+
+            foreach(var str in parameters)
+            {
+                if (str == OpenIdConnectParameterNames.ClientId)
+                {
+                    if (!query.Contains(ExpectedClientId))
+                        errors.Add("ExpectedClientId: " + ExpectedClientId);
+
+                    continue;
+                }
+
+                if (str == OpenIdConnectParameterNames.RedirectUri)
+                {
+                     if(!query.Contains(ExpectedRedirectUri))
+                        errors.Add("ExpectedRedirectUri: " + ExpectedRedirectUri);
+
+                    continue;
+                }
+
+                if (str == OpenIdConnectParameterNames.Resource)
+                {
+                    if(!query.Contains(ExpectedResource))
+                        errors.Add("ExpectedResource: " + ExpectedResource);
+
+                    continue;
+                }
+
+                if (str == OpenIdConnectParameterNames.ResponseMode)
+                {
+                    if(!query.Contains(ExpectedResponseMode))
+                        errors.Add("ExpectedResponseMode: " + ExpectedResponseMode);
+
+                    continue;
+                }
+
+                if (str == OpenIdConnectParameterNames.Scope)
+                {
+                    if (!query.Contains(ExpectedScope))
+                        errors.Add("ExpectedScope: " + ExpectedScope);
+
+                    continue;
+                }
+
+                if (str == OpenIdConnectParameterNames.State)
+                {
+                    if (!query.Contains(ExpectedState))
+                        errors.Add("ExpectedState: " + ExpectedState);
+
+                    continue;
+                }
+            }
+
+            if (errors.Count > 0)
+            {
+                var sb = new StringBuilder();
+                sb.AppendLine("query string not as expected: " + Environment.NewLine + query + Environment.NewLine);
+                foreach (var str in errors)
+                {
+                    sb.AppendLine(str);
+                }
+
+                Debug.WriteLine(sb.ToString());
+                Assert.True(false, sb.ToString());
+            }
+        }
+
+        public UrlEncoder Encoder { get; set; } = UrlEncoder.Default;
+
+        public string Authority { get; set; }
+
+        public string ClientId { get; set; } = Guid.NewGuid().ToString();
+
+        public string RedirectUri { get; set; } = Guid.NewGuid().ToString();
+
+        public OpenIdConnectRequestType RequestType { get; set; } = OpenIdConnectRequestType.AuthenticationRequest;
+
+        public string Resource { get; set; } = Guid.NewGuid().ToString();
+
+        public string ResponseMode { get; set; } = OpenIdConnectResponseModes.FormPost;
+
+        public string ResponseType { get; set; } = Guid.NewGuid().ToString();
+
+        public string Scope { get; set; } = Guid.NewGuid().ToString();
+
+        public string State { get; set; } = Guid.NewGuid().ToString();
+
+        public string ExpectedAuthority
+        {
+            get
+            {
+                if (RequestType == OpenIdConnectRequestType.TokenRequest)
+                {
+                    return Configuration?.EndSessionEndpoint ?? Authority + @"/oauth2/token";
+                }
+                else if (RequestType == OpenIdConnectRequestType.LogoutRequest)
+                {
+                    return Configuration?.TokenEndpoint ?? Authority + @"/oauth2/logout";
+                }
+
+                return Configuration?.AuthorizationEndpoint ?? Authority + (@"/oauth2/authorize");
+            }
+        }
+
+        public OpenIdConnectConfiguration Configuration { get; set; }
+
+        public string ExpectedClientId
+        {
+            get { return OpenIdConnectParameterNames.ClientId + "=" + Encoder.UrlEncode(ClientId); }
+        }
+
+        public string ExpectedRedirectUri
+        {
+            get { return OpenIdConnectParameterNames.RedirectUri + "=" + Encoder.UrlEncode(RedirectUri); }
+        }
+
+        public string ExpectedResource
+        {
+            get { return OpenIdConnectParameterNames.Resource + "=" + Encoder.UrlEncode(Resource); }
+        }
+
+        public string ExpectedResponseMode
+        {
+            get { return OpenIdConnectParameterNames.ResponseMode + "=" + Encoder.UrlEncode(ResponseMode); }
+        }
+
+        public string ExpectedScope
+        {
+            get { return OpenIdConnectParameterNames.Scope + "=" + Encoder.UrlEncode(Scope); }
+        }
+
+        public string ExpectedState
+        {
+            get { return OpenIdConnectParameterNames.State + "=" + Encoder.UrlEncode(State); }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
new file mode 100644
index 0000000000..67a2668c6d
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
@@ -0,0 +1,57 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    public class InMemoryLogger : ILogger, IDisposable
+    {
+        LogLevel _logLevel = 0;
+
+        public InMemoryLogger(LogLevel logLevel = LogLevel.Debug)
+        {
+            _logLevel = logLevel;
+        }
+
+        List<LogEntry> _logEntries = new List<LogEntry>();
+
+        public IDisposable BeginScopeImpl(object state)
+        {
+            return this;
+        }
+
+        public void Dispose()
+        {
+        }
+
+        public bool IsEnabled(LogLevel logLevel)
+        {
+            return (logLevel >= _logLevel);
+        }
+
+        public void Log(LogLevel logLevel, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
+        {
+            if (IsEnabled(logLevel))
+            {                
+                var logEntry =
+                    new LogEntry
+                    {
+                        EventId = eventId,
+                        Exception = exception,
+                        Formatter = formatter,
+                        Level = logLevel,
+                        State = state,
+                    };
+
+                _logEntries.Add(logEntry);
+                Debug.WriteLine(logEntry.ToString());
+            }
+        }
+
+        public List<LogEntry> Logs { get { return _logEntries; } }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
new file mode 100644
index 0000000000..aaa1e975da
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
@@ -0,0 +1,36 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    public class InMemoryLoggerFactory : ILoggerFactory
+    {
+        InMemoryLogger _logger;
+        LogLevel _logLevel = LogLevel.Debug;
+
+        public InMemoryLoggerFactory(LogLevel logLevel)
+        {
+            _logLevel = logLevel;
+            _logger = new InMemoryLogger(_logLevel);
+        }
+
+        public LogLevel MinimumLevel
+        {
+            get { return _logLevel; }
+            set { _logLevel = value; }
+        }
+
+        public void AddProvider(ILoggerProvider provider)
+        {
+        }
+
+        public ILogger CreateLogger(string categoryName)
+        {
+            return _logger;
+        }
+
+        public InMemoryLogger Logger { get { return _logger; } }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
new file mode 100644
index 0000000000..6f46195788
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
@@ -0,0 +1,41 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+// this controls if the logs are written to the console.
+// they can be reviewed for general content.
+
+using System;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    public class LogEntry
+    {
+        public LogEntry() { }
+
+        public int EventId { get; set; }
+
+        public Exception Exception { get; set; }
+
+        public Func<object, Exception, string> Formatter { get; set; }
+
+        public LogLevel Level { get; set; }
+
+        public object State { get; set; }
+
+        public override string ToString()
+        {
+            if (Formatter != null)
+            {
+                return Formatter(this.State, this.Exception);
+            }
+            else
+            {
+                string message = (Formatter != null ? Formatter(State, Exception) : (State?.ToString() ?? "null"));
+                message += ", LogLevel: " + Level.ToString();
+                message += ", EventId: " + EventId.ToString();
+                message += ", Exception: " + (Exception == null ? "null" : Exception.Message);
+                return message;
+            }
+        }
+    }    
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
new file mode 100644
index 0000000000..64f17d967c
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
@@ -0,0 +1,142 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+// this controls if the logs are written to the console.
+// they can be reviewed for general content.
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Microsoft.Framework.Logging;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    public class LoggingUtilities
+    {
+        static List<LogEntry> CompleteLogEntries;
+        static Dictionary<string, LogLevel> LogEntries;
+
+        static LoggingUtilities()
+        {
+            LogEntries =
+                new Dictionary<string, LogLevel>()
+                {
+                    { "OIDCH_0000:", LogLevel.Debug },
+                    { "OIDCH_0001:", LogLevel.Debug },
+                    { "OIDCH_0002:", LogLevel.Verbose },
+                    { "OIDCH_0003:", LogLevel.Verbose },
+                    { "OIDCH_0004:", LogLevel.Warning },
+                    { "OIDCH_0005:", LogLevel.Error },
+                    { "OIDCH_0006:", LogLevel.Error },
+                    { "OIDCH_0007:", LogLevel.Verbose },
+                    { "OIDCH_0008:", LogLevel.Verbose },
+                    { "OIDCH_0009:", LogLevel.Verbose },
+                    { "OIDCH_0010:", LogLevel.Error },
+                    { "OIDCH_0011:", LogLevel.Error },
+                    { "OIDCH_0012:", LogLevel.Verbose },
+                    { "OIDCH_0013:", LogLevel.Verbose },
+                    { "OIDCH_0014:", LogLevel.Debug },
+                    { "OIDCH_0015:", LogLevel.Verbose },
+                    { "OIDCH_0016:", LogLevel.Verbose },
+                    { "OIDCH_0017:", LogLevel.Error },
+                    { "OIDCH_0018:", LogLevel.Verbose },
+                    { "OIDCH_0019:", LogLevel.Verbose },
+                    { "OIDCH_0020:", LogLevel.Debug },
+                    { "OIDCH_0021:", LogLevel.Verbose },
+                    { "OIDCH_0026:", LogLevel.Error },
+            };
+
+            BuildLogEntryList();
+        }
+
+        /// <summary>
+        /// Builds the complete list of OpenIdConnect log entries that are available in the runtime.
+        /// </summary>
+        private static void BuildLogEntryList()
+        {
+            CompleteLogEntries = new List<LogEntry>();
+            foreach (var entry in LogEntries)
+            {
+                CompleteLogEntries.Add(new LogEntry { State = entry.Key, Level = entry.Value });
+            }
+        }
+
+        /// <summary>
+        /// Adds to errors if a variation if any are found.
+        /// </summary>
+        /// <param name="variation">if this has been seen before, errors will be appended, test results are easier to understand if this is unique.</param>
+        /// <param name="capturedLogs">these are the logs the runtime generated</param>
+        /// <param name="expectedLogs">these are the errors that were expected</param>
+        /// <param name="errors">the dictionary to record any errors</param>
+        public static void CheckLogs(List<LogEntry> capturedLogs, List<LogEntry> expectedLogs, List<Tuple<LogEntry, LogEntry>> errors)
+        {
+            if (capturedLogs.Count >= expectedLogs.Count)
+            {
+                for (int i = 0; i < capturedLogs.Count; i++)
+                {
+                    if (i + 1 > expectedLogs.Count)
+                    {
+                        errors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], null));
+                    }
+                    else
+                    {
+                        if (!TestUtilities.AreEqual<LogEntry>(capturedLogs[i], expectedLogs[i]))
+                        {
+                            errors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
+                        }
+                    }
+                }
+            }
+            else
+            {
+                for (int i = 0; i < expectedLogs.Count; i++)
+                {
+                    if (i + 1 > capturedLogs.Count)
+                    {
+                        errors.Add(new Tuple<LogEntry, LogEntry>(null, expectedLogs[i]));
+                    }
+                    else
+                    {
+                        if (!TestUtilities.AreEqual<LogEntry>(expectedLogs[i], capturedLogs[i]))
+                        {
+                            errors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
+                        }
+                    }
+                }
+            }
+        }
+
+        public static string LoggingErrors(List<Tuple<LogEntry, LogEntry>> errors)
+        {
+            string loggingErrors = null;
+            if (errors.Count > 0)
+            {
+                var stringBuilder = new StringBuilder();
+                stringBuilder.AppendLine("");
+                foreach (var error in errors)
+                {
+                    stringBuilder.AppendLine("*Captured*, *Expected* : *" + (error.Item1?.ToString() ?? "null") + "*, *" + (error.Item2?.ToString() ?? "null") + "*");
+                }
+
+                loggingErrors = stringBuilder.ToString();
+            }
+
+            return loggingErrors;
+        }
+
+        /// <summary>
+        /// Populates a list of expected log entries for a test variation.
+        /// </summary>
+        /// <param name="items">the index for the <see cref="LogEntry"/> in CompleteLogEntries of interest.</param>
+        /// <returns>a <see cref="List{LogEntry}"/> that represents the expected entries for a test variation.</returns>
+        public static List<LogEntry> PopulateLogEntries(int[] items)
+        {
+            var entries = new List<LogEntry>();
+            foreach (var item in items)
+            {
+                entries.Add(CompleteLogEntries[item]);
+            }
+
+            return entries;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
new file mode 100644
index 0000000000..bf24d77914
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
@@ -0,0 +1,41 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.AspNet.Http.Features.Authentication;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+    /// <summary>
+    ///  Allows for custom processing of ApplyResponseChallenge, ApplyResponseGrant and AuthenticateCore
+    /// </summary>
+    public class OpenIdConnectAuthenticationHandlerForTestingAuthenticate : OpenIdConnectAuthenticationHandler
+    {
+        public OpenIdConnectAuthenticationHandlerForTestingAuthenticate()
+                    : base()
+        {
+        }
+
+        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
+        {
+            return await base.HandleUnauthorizedAsync(context);
+        }
+
+        protected override Task HandleSignInAsync(SignInContext context)
+        {
+            return Task.FromResult(0);
+        }
+
+        protected override Task HandleSignOutAsync(SignOutContext context)
+        {
+            return Task.FromResult(0);
+        }
+
+        //public override bool ShouldHandleScheme(string authenticationScheme)
+        //{
+        //    return true;
+        //}
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs
new file mode 100644
index 0000000000..b88438e0e6
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs
@@ -0,0 +1,47 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
+using Microsoft.Framework.Logging;
+using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.WebEncoders;
+
+namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+{
+
+    /// <summary>
+    /// pass a <see cref="OpenIdConnectAuthenticationHandler"/> as the AuthenticationHandler
+    /// configured to handle certain messages.
+    /// </summary>
+    public class OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate : OpenIdConnectAuthenticationMiddleware
+    {
+        OpenIdConnectAuthenticationHandler _handler;
+
+        public OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate(
+            RequestDelegate next,            
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            IServiceProvider services,
+            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<OpenIdConnectAuthenticationOptions> options,
+            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null,
+            OpenIdConnectAuthenticationHandler handler = null
+            )
+        : base(next, dataProtectionProvider, loggerFactory, encoder, services, externalOptions, options, configureOptions)
+        {
+            _handler = handler;
+            var customFactory = loggerFactory as InMemoryLoggerFactory;
+            if (customFactory != null)
+                Logger = customFactory.Logger;
+        }
+
+        protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
+        {
+            return _handler ?? base.CreateHandler();
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 8896767ee0..a5cf7074c5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -1,27 +1,25 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-// this controls if the logs are written to the console.
-// they can be reviewed for general content.
-//#define _Verbose
-
 using System;
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Diagnostics;
+using System.IdentityModel.Tokens;
+using System.Linq;
 using System.Net.Http;
+using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
+using Moq;
 using Shouldly;
 using Xunit;
 
@@ -32,52 +30,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// </summary>
     public class OpenIdConnectHandlerTests
     {
-        static List<LogEntry> CompleteLogEntries;
-        static Dictionary<string, LogLevel> LogEntries;
-
-        static OpenIdConnectHandlerTests()
-        {
-            LogEntries =
-                new Dictionary<string, LogLevel>()
-                {
-                    { "OIDCH_0000:", LogLevel.Debug },
-                    { "OIDCH_0001:", LogLevel.Debug },
-                    { "OIDCH_0002:", LogLevel.Information },
-                    { "OIDCH_0003:", LogLevel.Information },
-                    { "OIDCH_0004:", LogLevel.Error },
-                    { "OIDCH_0005:", LogLevel.Error },
-                    { "OIDCH_0006:", LogLevel.Error },
-                    { "OIDCH_0007:", LogLevel.Error },
-                    { "OIDCH_0008:", LogLevel.Debug },
-                    { "OIDCH_0009:", LogLevel.Debug },
-                    { "OIDCH_0010:", LogLevel.Error },
-                    { "OIDCH_0011:", LogLevel.Error },
-                    { "OIDCH_0012:", LogLevel.Debug },
-                    { "OIDCH_0013:", LogLevel.Debug },
-                    { "OIDCH_0014:", LogLevel.Debug },
-                    { "OIDCH_0015:", LogLevel.Debug },
-                    { "OIDCH_0016:", LogLevel.Debug },
-                    { "OIDCH_0017:", LogLevel.Error },
-                    { "OIDCH_0018:", LogLevel.Debug },
-                    { "OIDCH_0019:", LogLevel.Debug },
-                    { "OIDCH_0020:", LogLevel.Debug },
-                    { "OIDCH_0026:", LogLevel.Error },
-                };
-
-            BuildLogEntryList();
-        }
-
-        /// <summary>
-        /// Builds the complete list of log entries that are available in the runtime.
-        /// </summary>
-        private static void BuildLogEntryList()
-        {
-            CompleteLogEntries = new List<LogEntry>();
-            foreach (var entry in LogEntries)
-            {
-                CompleteLogEntries.Add(new LogEntry { State = entry.Key, Level = entry.Value });
-            }
-        }
+        private const string nonceForJwt = "abc";
+        private static SecurityToken specCompliantJwt = new JwtSecurityToken("issuer", "audience", new List<Claim> { new Claim("iat", EpochTime.GetIntDate(DateTime.UtcNow).ToString()), new Claim("nonce", nonceForJwt) }, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1));
+        private const string ExpectedStateParameter = "expectedState";
 
         /// <summary>
         /// Sanity check that logging is filtering, hi / low water marks are checked
@@ -85,7 +40,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         [Fact]
         public void LoggingLevel()
         {
-            var logger = new CustomLogger(LogLevel.Debug);
+            var logger = new InMemoryLogger(LogLevel.Debug);
             logger.IsEnabled(LogLevel.Critical).ShouldBe<bool>(true);
             logger.IsEnabled(LogLevel.Debug).ShouldBe<bool>(true);
             logger.IsEnabled(LogLevel.Error).ShouldBe<bool>(true);
@@ -93,7 +48,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             logger.IsEnabled(LogLevel.Verbose).ShouldBe<bool>(true);
             logger.IsEnabled(LogLevel.Warning).ShouldBe<bool>(true);
 
-            logger = new CustomLogger(LogLevel.Critical);
+            logger = new InMemoryLogger(LogLevel.Critical);
             logger.IsEnabled(LogLevel.Critical).ShouldBe<bool>(true);
             logger.IsEnabled(LogLevel.Debug).ShouldBe<bool>(false);
             logger.IsEnabled(LogLevel.Error).ShouldBe<bool>(false);
@@ -102,208 +57,190 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             logger.IsEnabled(LogLevel.Warning).ShouldBe<bool>(false);
         }
 
-        /// <summary>
-        /// Test <see cref="OpenIdConnectAuthenticationHandler.AuthenticateCoreAsync"/> produces expected logs.
-        /// Each call to 'RunVariation' is configured with an <see cref="OpenIdConnectAuthenticationOptions"/> and <see cref="OpenIdConnectMessage"/>.
-        /// The list of expected log entries is checked and any errors reported.
-        /// <see cref="CustomLoggerFactory"/> captures the logs so they can be prepared.
-        /// </summary>
-        /// <returns></returns>
-        [Fact]
-        public async Task AuthenticateCore()
+        [Theory, MemberData("AuthenticateCoreStateDataSet")]
+        public async Task AuthenticateCoreState(Action<OpenIdConnectAuthenticationOptions> action, OpenIdConnectMessage message)
         {
-            //System.Diagnostics.Debugger.Launch();
-
-            var propertiesFormatter = new AuthenticationPropertiesFormater();
-            var protectedProperties = propertiesFormatter.Protect(new AuthenticationProperties());
-            var state = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + UrlEncoder.Default.UrlEncode(protectedProperties);
-            var code = Guid.NewGuid().ToString();
-            var message =
-                new OpenIdConnectMessage
-                {
-                    Code = code,
-                    State = state,
-                };
-
-            var errors = new Dictionary<string, List<Tuple<LogEntry, LogEntry>>>();
-
-            var logsEntriesExpected = new int[] { 0, 1, 7, 14, 15 };
-            await RunVariation(LogLevel.Debug, message, CodeReceivedHandledOptions, errors, logsEntriesExpected);
-
-            logsEntriesExpected = new int[] { 0, 1, 7, 14, 16 };
-            await RunVariation(LogLevel.Debug, message, CodeReceivedSkippedOptions, errors, logsEntriesExpected);
-
-            logsEntriesExpected = new int[] { 0, 1, 7, 14 };
-            await RunVariation(LogLevel.Debug, message, DefaultOptions, errors, logsEntriesExpected);
-
-            // each message below should return before processing the idtoken
-            message.IdToken = "invalid_token";
-
-            logsEntriesExpected = new int[] { 0, 1, 2 };
-            await RunVariation(LogLevel.Debug, message, MessageReceivedHandledOptions, errors, logsEntriesExpected);
-
-            logsEntriesExpected = new int[]{ 2 };
-            await RunVariation(LogLevel.Information, message, MessageReceivedHandledOptions, errors, logsEntriesExpected);
-
-            logsEntriesExpected = new int[] { 0, 1, 3 };
-            await RunVariation(LogLevel.Debug, message, MessageReceivedSkippedOptions, errors, logsEntriesExpected);
-
-            logsEntriesExpected = new int[] { 3 };
-            await RunVariation(LogLevel.Information, message, MessageReceivedSkippedOptions, errors, logsEntriesExpected);
-
-            logsEntriesExpected = new int[] {0, 1, 7, 20, 8 };
-            await RunVariation(LogLevel.Debug, message, SecurityTokenReceivedHandledOptions, errors, logsEntriesExpected);
-
-            logsEntriesExpected = new int[] {0, 1, 7, 20, 9 };
-            await RunVariation(LogLevel.Debug, message, SecurityTokenReceivedSkippedOptions, errors, logsEntriesExpected);
-
-#if _Verbose
-            Console.WriteLine("\n ===== \n");
-            DisplayErrors(errors);
-#endif
-            errors.Count.ShouldBe(0);
+            var handler = new OpenIdConnectAuthenticationHandlerForTestingAuthenticate();
+            var server = CreateServer(new ConfigureOptions<OpenIdConnectAuthenticationOptions>(action), UrlEncoder.Default, handler);
+            await server.CreateClient().PostAsync("http://localhost", new FormUrlEncodedContent(message.Parameters.Where(pair => pair.Value != null)));
         }
 
-        /// <summary>
-        /// Tests that <see cref="OpenIdConnectAuthenticationHandler"/> processes a messaage as expected.
-        /// The test runs two independant paths: Using <see cref="ConfigureOptions{TOptions}"/> and <see cref="IOptions{TOptions}"/>
-        /// </summary>
-        /// <param name="logLevel"><see cref="LogLevel"/> for this variation</param>
-        /// <param name="message">the <see cref="OpenIdConnectMessage"/> that has arrived</param>
-        /// <param name="action">the <see cref="OpenIdConnectAuthenticationOptions"/> delegate used for setting the options.</param>
-        /// <param name="errors">container for propogation of errors.</param>
-        /// <param name="logsEntriesExpected">the expected log entries</param>
-        /// <returns>a Task</returns>
-        private async Task RunVariation(LogLevel logLevel, OpenIdConnectMessage message, Action<OpenIdConnectAuthenticationOptions> action, Dictionary<string, List<Tuple<LogEntry, LogEntry>>> errors, int[] logsEntriesExpected)
+        public static TheoryData<Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage> AuthenticateCoreStateDataSet
         {
-            var expectedLogs = PopulateLogEntries(logsEntriesExpected);
-            string variation = action.Method.ToString().Substring(5, action.Method.ToString().IndexOf('(') - 5);
-#if _Verbose
-            Console.WriteLine(Environment.NewLine + "=====" + Environment.NewLine + "Variation: " + variation + ", LogLevel: " + logLevel.ToString() + Environment.NewLine + Environment.NewLine + "Expected Logs: ");
-            DisplayLogs(expectedLogs);
-            Console.WriteLine(Environment.NewLine + "Logs using ConfigureOptions:");
-#endif
-            var form = new FormUrlEncodedContent(message.Parameters);
-            var loggerFactory = new CustomLoggerFactory(logLevel);
-            var server = CreateServer(new CustomConfigureOptions(action), loggerFactory);
-            await server.CreateClient().PostAsync("http://localhost", form);
-            CheckLogs(variation + ":ConfigOptions", loggerFactory.Logger.Logs, expectedLogs, errors);
-
-#if _Verbose
-            Console.WriteLine(Environment.NewLine + "Logs using IOptions:");
-#endif
-            form = new FormUrlEncodedContent(message.Parameters);
-            loggerFactory = new CustomLoggerFactory(logLevel);
-            server = CreateServer(new Options(action), loggerFactory);
-            await server.CreateClient().PostAsync("http://localhost", form);
-            CheckLogs(variation + ":IOptions", loggerFactory.Logger.Logs, expectedLogs, errors);
-        }
-
-        /// <summary>
-        /// Populates a list of expected log entries for a test variation.
-        /// </summary>
-        /// <param name="items">the index for the <see cref="LogEntry"/> in CompleteLogEntries of interest.</param>
-        /// <returns>a <see cref="List{LogEntry}"/> that represents the expected entries for a test variation.</returns>
-        private List<LogEntry> PopulateLogEntries(int[] items)
-        {
-            var entries = new List<LogEntry>();
-            foreach(var item in items)
+            get
             {
-                entries.Add(CompleteLogEntries[item]);
-            }
+                var formater = new AuthenticationPropertiesFormaterKeyValue();
+                var properties = new AuthenticationProperties();
+                var dataset = new TheoryData<Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage>();
 
-            return entries;
-        }
+                // expected user state is added to the message.Parameters.Items[ExpectedStateParameter]
+                // Userstate == null
+                var message = new OpenIdConnectMessage();
+                message.State = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
+                message.Code = Guid.NewGuid().ToString();
+                message.Parameters.Add(ExpectedStateParameter, null);
+                dataset.Add(SetStateOptions, message);
 
-        private void DisplayLogs(List<LogEntry> logs)
-        {
-            foreach (var logentry in logs)
-            {
-                Console.WriteLine(logentry.ToString());
+                // Userstate != null
+                message = new OpenIdConnectMessage();
+                properties.Items.Clear();
+                var userstate = Guid.NewGuid().ToString();
+                message.Code = Guid.NewGuid().ToString();
+                properties.Items.Add(OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey, userstate);
+                message.State = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
+                message.Parameters.Add(ExpectedStateParameter, userstate);
+                dataset.Add(SetStateOptions, message);
+                return dataset;
             }
         }
 
-        private void DisplayErrors(Dictionary<string, List<Tuple<LogEntry, LogEntry>>> errors)
+        // Setup a notification to check for expected state.
+        // The state gets set by the runtime after the 'MessageReceivedNotification'
+        private static void SetStateOptions(OpenIdConnectAuthenticationOptions options)
         {
-            if (errors.Count > 0)
+            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
+            options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
+            options.ClientId = Guid.NewGuid().ToString();
+            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            options.Notifications = new OpenIdConnectAuthenticationNotifications
             {
-                foreach (var error in errors)
+                AuthorizationCodeReceived = notification =>
                 {
-                    Console.WriteLine("Error in Variation: " + error.Key);
-                    foreach (var logError in error.Value)
-                    {
-                        Console.WriteLine("*Captured*, *Expected* : *" + (logError.Item1?.ToString() ?? "null") + "*, *" + (logError.Item2?.ToString() ?? "null") + "*");
-                    }
-                    Console.WriteLine(Environment.NewLine);
+                    if (notification.ProtocolMessage.State == null && !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
+                        return Task.FromResult<object>(null);
+
+                    if (notification.ProtocolMessage.State == null || !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
+                        Assert.True(false, "(notification.ProtocolMessage.State=!= null || !notification.ProtocolMessage.Parameters.ContainsKey(expectedState)");
+
+                    Assert.Equal(notification.ProtocolMessage.State, notification.ProtocolMessage.Parameters[ExpectedStateParameter]);
+                    return Task.FromResult<object>(null);
                 }
-            }
+            };
         }
 
-        /// <summary>
-        /// Adds to errors if a variation if any are found.
-        /// </summary>
-        /// <param name="variation">if this has been seen before, errors will be appended, test results are easier to understand if this is unique.</param>
-        /// <param name="capturedLogs">these are the logs the runtime generated</param>
-        /// <param name="expectedLogs">these are the errors that were expected</param>
-        /// <param name="errors">the dictionary to record any errors</param>
-        private void CheckLogs(string variation, List<LogEntry> capturedLogs, List<LogEntry> expectedLogs, Dictionary<string, List<Tuple<LogEntry, LogEntry>>> errors)
+        [Theory, MemberData("AuthenticateCoreDataSet")]
+        public async Task AuthenticateCore(LogLevel logLevel, int[] expectedLogIndexes, Action<OpenIdConnectAuthenticationOptions> action, OpenIdConnectMessage message)
         {
-            var localErrors = new List<Tuple<LogEntry, LogEntry>>();
+            var errors = new List<Tuple<LogEntry, LogEntry>>();
+            var expectedLogs = LoggingUtilities.PopulateLogEntries(expectedLogIndexes);
+            var handler = new OpenIdConnectAuthenticationHandlerForTestingAuthenticate();
+            var loggerFactory = new InMemoryLoggerFactory(logLevel);
+            var server = CreateServer(new ConfigureOptions<OpenIdConnectAuthenticationOptions>(action), UrlEncoder.Default, loggerFactory, handler);
 
-            if (capturedLogs.Count >= expectedLogs.Count)
-            {
-                for (int i = 0; i < capturedLogs.Count; i++)
-                {
-                    if (i + 1 > expectedLogs.Count)
-                    {
-                        localErrors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], null));
-                    }
-                    else
-                    {
-                        if (!TestUtilities.AreEqual<LogEntry>(capturedLogs[i], expectedLogs[i]))
-                        {
-                            localErrors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
-                        }
-                    }
-                }
-            }
-            else
-            {
-                for (int i = 0; i < expectedLogs.Count; i++)
-                {
-                    if (i + 1 > capturedLogs.Count)
-                    {
-                        localErrors.Add(new Tuple<LogEntry, LogEntry>(null, expectedLogs[i]));
-                    }
-                    else
-                    {
-                        if (!TestUtilities.AreEqual<LogEntry>(expectedLogs[i], capturedLogs[i]))
-                        {
-                            localErrors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
-                        }
-                    }
-                }
-            }
+            await server.CreateClient().PostAsync("http://localhost", new FormUrlEncodedContent(message.Parameters));
+            LoggingUtilities.CheckLogs(loggerFactory.Logger.Logs, expectedLogs, errors);
+            Debug.WriteLine(LoggingUtilities.LoggingErrors(errors));
+            Assert.True(errors.Count == 0, LoggingUtilities.LoggingErrors(errors));
+        }
 
-            if (localErrors.Count != 0)
+        public static TheoryData<LogLevel, int[], Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage> AuthenticateCoreDataSet
+        {
+            get
             {
-                if (errors.ContainsKey(variation))
-                {
-                    foreach (var error in localErrors)
-                    {
-                        errors[variation].Add(error);
-                    }
-                }
-                else
-                {
-                    errors[variation] = localErrors;
-                }
+                var formater = new AuthenticationPropertiesFormaterKeyValue();
+                var dataset = new TheoryData<LogLevel, int[], Action< OpenIdConnectAuthenticationOptions >, OpenIdConnectMessage>();
+                var properties = new AuthenticationProperties();
+                var message = new OpenIdConnectMessage();
+                var validState = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
+                message.State = validState;
+
+                // MessageReceived - Handled / Skipped
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 2 }, MessageReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 2 }, MessageReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, MessageReceivedHandledOptions, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 3 }, MessageReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 3 }, MessageReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, MessageReceivedSkippedOptions, message);
+
+                // State - null, empty string, invalid
+                message = new OpenIdConnectMessage();
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7 }, StateNullOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 4, 7 }, StateNullOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, StateNullOptions, message);
+
+                message = new OpenIdConnectMessage();
+                message.State = string.Empty;
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7 }, StateEmptyOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 4, 7 }, StateEmptyOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, StateEmptyOptions, message);
+
+                message = new OpenIdConnectMessage();
+                message.State = Guid.NewGuid().ToString();
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 5 }, StateInvalidOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 5 }, StateInvalidOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { 5 }, StateInvalidOptions, message);
+
+                // OpenIdConnectMessage.Error != null
+                message = new OpenIdConnectMessage();
+                message.Error = "Error";
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 6, 17, 18 }, MessageWithErrorOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 4, 6, 17, 18 }, MessageWithErrorOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { 6, 17 }, MessageWithErrorOptions, message);
+
+                // SecurityTokenReceived - Handled / Skipped 
+                message = new OpenIdConnectMessage();
+                message.IdToken = "invalid";
+                message.State = validState;
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 8 }, SecurityTokenReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 8 }, SecurityTokenReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenReceivedHandledOptions, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 9 }, SecurityTokenReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 9 }, SecurityTokenReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenReceivedSkippedOptions, message);
+
+                // SecurityTokenValidation - ReturnsNull, Throws, Validates
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 11, 17, 18 }, SecurityTokenValidatorCannotReadToken, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 11, 17, 18 }, SecurityTokenValidatorCannotReadToken, message);
+                dataset.Add(LogLevel.Error, new int[] { 11, 17 }, SecurityTokenValidatorCannotReadToken, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 17, 21, 18 }, SecurityTokenValidatorThrows, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 17, 21, 18 }, SecurityTokenValidatorThrows, message);
+                dataset.Add(LogLevel.Error, new int[] { 17 }, SecurityTokenValidatorThrows, message);
+
+                message.Nonce = nonceForJwt;
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20 }, SecurityTokenValidatorValidatesAllTokens, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7 }, SecurityTokenValidatorValidatesAllTokens, message);
+                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenValidatorValidatesAllTokens, message);
+
+                // SecurityTokenValidation - Handled / Skipped
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 12 }, SecurityTokenValidatedHandledOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 12 }, SecurityTokenValidatedHandledOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenValidatedHandledOptions, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 13 }, SecurityTokenValidatedSkippedOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 13 }, SecurityTokenValidatedSkippedOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenValidatedSkippedOptions, message);
+
+                // AuthenticationCodeReceived - Handled / Skipped 
+                message = new OpenIdConnectMessage();
+                message.Code = Guid.NewGuid().ToString();
+                message.State = validState;
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 14, 15 }, AuthorizationCodeReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 15 }, AuthorizationCodeReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedHandledOptions, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 14, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedSkippedOptions, message);
+
+                return dataset;
             }
         }
 
-        #region Configure Options
+#region Configure Options for AuthenticateCore variations
 
-        private static void CodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void DefaultOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
+            options.SignInScheme = "OpenIdConnectHandlerTest";
+            options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
+            options.ClientId = Guid.NewGuid().ToString();
+            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+        }
+
+        private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
             options.Notifications =
@@ -317,7 +254,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 };
         }
 
-        private static void CodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
             options.Notifications =
@@ -331,11 +268,32 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 };
         }
 
-        private static void DefaultOptions(OpenIdConnectAuthenticationOptions options)
+        private static void AuthenticationErrorHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
-            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
-            options.ConfigurationManager = ConfigurationManager.DefaultStaticConfigurationManager;
-            options.StateDataFormat = new AuthenticationPropertiesFormater();
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    AuthenticationFailed = (notification) =>
+                    {
+                        notification.HandleResponse();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    AuthenticationFailed = (notification) =>
+                    {
+                        notification.SkipToNextMiddleware();
+                        return Task.FromResult<object>(null);
+                    }
+                };
         }
 
         private static void MessageReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
@@ -366,6 +324,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 };
         }
 
+        private static void MessageWithErrorOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            AuthenticationErrorHandledOptions(options);
+        }
+
         private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
@@ -394,9 +357,40 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 };
         }
 
-        private static void SecurityTokenValidatedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectAuthenticationOptions options)
+        {
+            AuthenticationErrorHandledOptions(options);
+            var mockValidator = new Mock<ISecurityTokenValidator>();
+            SecurityToken jwt = null;
+            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Returns(new ClaimsPrincipal());
+            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(false);
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
+        }
+
+        private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOptions options)
+        {
+            AuthenticationErrorHandledOptions(options);
+            var mockValidator = new Mock<ISecurityTokenValidator>();
+            SecurityToken jwt = null;
+            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Throws<SecurityTokenSignatureKeyNotFoundException>();
+            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
+        }
+
+        private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
+            var mockValidator = new Mock<ISecurityTokenValidator>();
+            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out specCompliantJwt)).Returns(new ClaimsPrincipal());
+            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
+            options.ProtocolValidator.RequireTimeStampInNonce = false;
+            options.ProtocolValidator.RequireNonce = false;
+        }
+
+        private static void SecurityTokenValidatedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            SecurityTokenValidatorValidatesAllTokens(options);
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
                 {
@@ -410,7 +404,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
-            DefaultOptions(options);
+            SecurityTokenValidatorValidatesAllTokens(options);
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
                 {
@@ -422,14 +416,31 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 };
         }
 
-        #endregion
+        private static void StateNullOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+        }
 
-        private static TestServer CreateServer(IOptions<OpenIdConnectAuthenticationOptions> options, ILoggerFactory loggerFactory)
+        private static void StateEmptyOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+        }
+
+        private static void StateInvalidOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+        }
+
+#endregion
+
+        private static Task EmptyTask() { return Task.FromResult(0); }
+
+        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectAuthenticationOptions> options, IUrlEncoder encoder, OpenIdConnectAuthenticationHandler handler = null)
         {
             return TestServer.Create(
                 app =>
                 {
-                    app.UseCustomOpenIdConnectAuthentication(options, loggerFactory);
+                    app.UseMiddleware<OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate>(options, encoder, handler);
                     app.Use(async (context, next) =>
                     {
                         await next();
@@ -437,19 +448,18 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 },
                 services =>
                 {
-                    services.AddAuthentication();
                     services.AddWebEncoders();
                     services.AddDataProtection();
                 }
             );
         }
 
-        private static TestServer CreateServer(CustomConfigureOptions configureOptions, ILoggerFactory loggerFactory)
+        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions, IUrlEncoder encoder, ILoggerFactory loggerFactory, OpenIdConnectAuthenticationHandler handler = null)
         {
             return TestServer.Create(
                 app =>
                 {
-                    app.UseCustomOpenIdConnectAuthentication(configureOptions, loggerFactory);
+                    app.UseMiddleware<OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate>(configureOptions, encoder, loggerFactory, handler);
                     app.Use(async (context, next) =>
                     {
                         await next();
@@ -457,274 +467,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 },
                 services =>
                 {
-                    services.AddAuthentication();
                     services.AddWebEncoders();
                     services.AddDataProtection();
                 }
             );
         }
     }
-
-    /// <summary>
-    /// Extension specifies <see cref="CustomOpenIdConnectAuthenticationMiddleware"/> as the middleware.
-    /// </summary>
-    public static class OpenIdConnectAuthenticationExtensions
-    {
-        /// <summary>
-        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
-        /// </summary>
-        /// <param name="app">The application builder</param>
-        /// <param name="customConfigureOption">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
-        /// <param name="loggerFactory">custom loggerFactory</param>
-        /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseCustomOpenIdConnectAuthentication(this IApplicationBuilder app, CustomConfigureOptions customConfigureOption, ILoggerFactory loggerFactory)
-        {
-            return app.UseMiddleware<CustomOpenIdConnectAuthenticationMiddleware>(customConfigureOption, loggerFactory);
-        }
-
-        /// <summary>
-        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
-        /// </summary>
-        /// <param name="app">The application builder</param>
-        /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
-        /// <param name="loggerFactory">custom loggerFactory</param>
-        /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseCustomOpenIdConnectAuthentication(this IApplicationBuilder app, IOptions<OpenIdConnectAuthenticationOptions> options, ILoggerFactory loggerFactory)
-        {
-            return app.UseMiddleware<CustomOpenIdConnectAuthenticationMiddleware>(options, loggerFactory);
-        }
-    }
-
-    /// <summary>
-    /// Provides a Facade over IOptions
-    /// </summary>
-    public class Options : IOptions<OpenIdConnectAuthenticationOptions>
-    {
-        OpenIdConnectAuthenticationOptions _options;
-
-        public Options(Action<OpenIdConnectAuthenticationOptions> action)
-        {
-            _options = new OpenIdConnectAuthenticationOptions();
-            action(_options);
-        }
-
-        OpenIdConnectAuthenticationOptions IOptions<OpenIdConnectAuthenticationOptions>.Options
-        {
-            get
-            {
-                return _options;
-            }
-        }
-
-        /// <summary>
-        /// For now returns _options
-        /// </summary>
-        /// <param name="name">configuration to return</param>
-        /// <returns></returns>
-        public OpenIdConnectAuthenticationOptions GetNamedOptions(string name)
-        {
-            return _options;
-        }
-    }
-
-    public class CustomConfigureOptions : ConfigureOptions<OpenIdConnectAuthenticationOptions>
-    {
-        public CustomConfigureOptions(Action<OpenIdConnectAuthenticationOptions> action)
-            : base(action)
-        {
-        }
-
-        public override void Configure(OpenIdConnectAuthenticationOptions options, string name = "")
-        {
-            base.Configure(options, name);
-            return;
-        }
-    }
-
-    /// <summary>
-    /// Used to control which methods are handled
-    /// </summary>
-    public class CustomOpenIdConnectAuthenticationHandler : OpenIdConnectAuthenticationHandler
-    {
-        public async Task BaseInitializeAsyncPublic(AuthenticationOptions options, HttpContext context, ILogger logger, IUrlEncoder encoder)
-        {
-            await base.BaseInitializeAsync(options, context, logger, encoder);
-        }
-
-        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
-        {
-            var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-            {
-            };
-
-            await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
-            return true;
-        }
-    }
-
-    /// <summary>
-    /// Used to set <see cref="CustomOpenIdConnectAuthenticationHandler"/> as the AuthenticationHandler
-    /// which can be configured to handle certain messages.
-    /// </summary>
-    public class CustomOpenIdConnectAuthenticationMiddleware : OpenIdConnectAuthenticationMiddleware
-    {
-        public CustomOpenIdConnectAuthenticationMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
-            IServiceProvider services,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
-            IOptions<OpenIdConnectAuthenticationOptions> options,
-            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null
-            )
-        : base(next, dataProtectionProvider, loggerFactory, encoder, services, externalOptions, options, configureOptions)
-        {
-            Logger = (loggerFactory as CustomLoggerFactory).Logger;
-        }
-
-        protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
-        {
-            return new CustomOpenIdConnectAuthenticationHandler();
-        }
-    }
-
-    public class LogEntry
-    {
-        public LogEntry() { }
-
-        public int EventId { get; set; }
-
-        public Exception Exception { get; set; }
-
-        public Func<object, Exception, string> Formatter { get; set; }
-
-        public LogLevel Level { get; set; }
-
-        public object State { get; set; }
-
-        public override string ToString()
-        {
-            if (Formatter != null)
-            {
-                return Formatter(this.State, this.Exception);
-            }
-            else
-            {
-                string message = (Formatter != null ? Formatter(State, Exception) : (State?.ToString() ?? "null"));
-                message += ", LogLevel: " + Level.ToString();
-                message += ", EventId: " + EventId.ToString();
-                message += ", Exception: " + (Exception == null ? "null" : Exception.Message);
-                return message;
-            }
-        }
-    }
-    
-    public class CustomLogger : ILogger, IDisposable
-    {
-        LogLevel _logLevel = 0;
-
-        public CustomLogger(LogLevel logLevel = LogLevel.Debug)
-        {
-            _logLevel = logLevel;
-        }
-
-        List<LogEntry> logEntries = new List<LogEntry>();
-
-        public IDisposable BeginScopeImpl(object state)
-        {
-            return this;
-        }
-
-        public void Dispose()
-        {
-        }
-
-        public bool IsEnabled(LogLevel logLevel)
-        {
-            return (logLevel >= _logLevel);
-        }
-
-       public void Log(LogLevel logLevel, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
-        {
-            if (IsEnabled(logLevel))
-            {
-                logEntries.Add(
-                    new LogEntry
-                    {
-                        EventId = eventId,
-                        Exception = exception,
-                        Formatter = formatter,
-                        Level = logLevel,
-                        State = state,
-                    });
-
-#if _Verbose
-                Console.WriteLine(state?.ToString() ?? "state null");
-#endif
-            }
-        }
-
-        public List<LogEntry> Logs { get { return logEntries; } }
-    }
-
-    public class CustomLoggerFactory : ILoggerFactory
-    {
-        CustomLogger _logger;
-        LogLevel _logLevel = LogLevel.Debug;
-
-        public CustomLoggerFactory(LogLevel logLevel)
-        {
-            _logLevel = logLevel;
-            _logger = new CustomLogger(_logLevel);
-        }
-
-        public LogLevel MinimumLevel
-        {
-            get { return _logLevel; }
-            set {_logLevel = value; }
-        }
-
-        public void AddProvider(ILoggerProvider provider)
-        {
-        }
-
-        public ILogger CreateLogger(string categoryName)
-        {
-            return _logger;
-        }
-
-        public CustomLogger Logger {  get { return _logger; } }
-    }
-
-    /// <summary>
-    /// Processing a <see cref="OpenIdConnectMessage"/> requires 'unprotecting' the state.
-    /// This class side-steps that process.
-    /// </summary>
-    public class AuthenticationPropertiesFormater : ISecureDataFormat<AuthenticationProperties>
-    {
-        public string Protect(AuthenticationProperties data)
-        {
-            return "protectedData";
-        }
-
-        AuthenticationProperties ISecureDataFormat<AuthenticationProperties>.Unprotect(string protectedText)
-        { 
-            return new AuthenticationProperties();
-        }
-    }
-
-    /// <summary>
-    /// Used to set up different configurations of metadata for different tests
-    /// </summary>
-    public class ConfigurationManager
-    {
-        /// <summary>
-        /// Simple static empty manager.
-        /// </summary>
-        static public IConfigurationManager<OpenIdConnectConfiguration> DefaultStaticConfigurationManager
-        {
-           get { return new StaticConfigurationManager<OpenIdConnectConfiguration>(new OpenIdConnectConfiguration()); }
-        }
-    }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index e56da3b907..07182c64ab 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -4,26 +4,22 @@
 using System;
 using System.Collections.Generic;
 using System.Globalization;
-using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
-using System.Text;
 using System.Threading.Tasks;
-using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.WebEncoders;
-using Newtonsoft.Json;
+using Microsoft.IdentityModel.Protocols;
+using Moq;
 using Shouldly;
 using Xunit;
 
@@ -33,25 +29,31 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     {
         static string noncePrefix = "OpenIdConnect." + "Nonce.";
         static string nonceDelimiter = ".";
+        const string Challenge = "/challenge";
+        const string ChallengeWithOutContext = "/challengeWithOutContext";
+        const string ChallengeWithProperties = "/challengeWithProperties";
+        const string DefaultHost = @"https://example.com";
+        const string DefaultAuthority = @"https://example.com/common";
+        const string ExpectedAuthorizeRequest = @"https://example.com/common/oauth2/signin";
+        const string ExpectedLogoutRequest = @"https://example.com/common/oauth2/logout";
+        const string Logout = "/logout";
+        const string Signin = "/signin";
+        const string Signout = "/signout";
 
         [Fact]
-        public async Task ChallengeWillTriggerRedirect()
+        public async Task ChallengeWillSetDefaults()
         {
+            var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            var queryValues = ExpectedQueryValues.Defaults(DefaultAuthority);
+            queryValues.State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + stateDataFormat.Protect(new AuthenticationProperties());
             var server = CreateServer(options =>
             {
-                options.Authority = "https://login.windows.net/common";
-                options.ClientId = "Test Id";
-                options.SignInScheme = OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
+                SetOptions(options, DefaultParameters(), queryValues);
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
+
+            var transaction = await SendAsync(server, DefaultHost + Challenge);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            var location = transaction.Response.Headers.Location.ToString();
-            location.ShouldContain("https://login.windows.net/common/oauth2/authorize?");
-            location.ShouldContain("client_id=");
-            location.ShouldContain("&response_type=");
-            location.ShouldContain("&scope=");
-            location.ShouldContain("&state=");
-            location.ShouldContain("&response_mode=");
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
         [Fact]
@@ -59,95 +61,230 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
             var server = CreateServer(options =>
             {
-                options.Authority = "https://login.windows.net/common";
+                options.Authority = DefaultAuthority;
                 options.ClientId = "Test Id";
+                options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
-            transaction.SetCookie.Single().ShouldContain("OpenIdConnect.nonce.");
-        }
-
-        [Fact]
-        public async Task ChallengeWillSetDefaultScope()
-        {
-            var server = CreateServer(options =>
-            {
-                options.Authority = "https://login.windows.net/common";
-                options.ClientId = "Test Id";
-            });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.Query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile"));
+            var transaction = await SendAsync(server, DefaultHost + Challenge);
+            transaction.SetCookie.Single().ShouldContain(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix);
         }
 
         [Fact]
         public async Task ChallengeWillUseOptionsProperties()
         {
+            var queryValues = new ExpectedQueryValues(DefaultAuthority);
             var server = CreateServer(options =>
             {
-                options.Authority = "https://login.windows.net/common";
-                options.ClientId = "Test Id";
-                options.SignInScheme = OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
-                options.Scope = "https://www.googleapis.com/auth/plus.login";
-                options.ResponseType = "id_token";
+                SetOptions(options, DefaultParameters(), queryValues);
             });
-            var transaction = await SendAsync(server, "https://example.com/challenge");
+
+            var transaction = await SendAsync(server, DefaultHost + Challenge);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("scope=" + UrlEncoder.Default.UrlEncode("https://www.googleapis.com/auth/plus.login"));
-            query.ShouldContain("response_type=" + UrlEncoder.Default.UrlEncode("id_token"));
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
+        }
+
+        /// <summary>
+        /// Tests RedirectToIdentityProviderNotification replaces the OpenIdConnectMesssage correctly.
+        /// </summary>
+        /// <returns>Task</returns>
+        [Theory]
+        [InlineData(Challenge, OpenIdConnectRequestType.AuthenticationRequest)]
+        [InlineData(Signout, OpenIdConnectRequestType.LogoutRequest)]
+        public async Task ChallengeSettingMessage(string challenge, OpenIdConnectRequestType requestType)
+        {
+            var configuration = new OpenIdConnectConfiguration
+            {
+                AuthorizationEndpoint = ExpectedAuthorizeRequest,
+                EndSessionEndpoint = ExpectedLogoutRequest
+            };
+
+            var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
+            {
+                RequestType = requestType
+            };
+            var server = CreateServer(SetProtocolMessageOptions);
+            var transaction = await SendAsync(server, DefaultHost + challenge);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
+        }
+
+        private static void SetProtocolMessageOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>();
+            mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
+            mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
+            options.AutomaticAuthentication = true;
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    RedirectToIdentityProvider = (notification) =>
+                    {
+                        notification.ProtocolMessage = mockOpenIdConnectMessage.Object;
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        /// <summary>
+        /// Tests for users who want to add 'state'. There are two ways to do it.
+        /// 1. Users set 'state' (OpenIdConnectMessage.State) in the notification. The runtime appends to that state.
+        /// 2. Users add to the AuthenticationProperties (notification.AuthenticationProperties), values will be serialized.
+        /// </summary>
+        /// <param name="userSetsState"></param>
+        /// <returns></returns>
+        [Theory, MemberData("StateDataSet")]
+        public async Task ChallengeSettingState(string userState, string challenge)
+        {
+            var queryValues = new ExpectedQueryValues(DefaultAuthority);
+            var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            var properties = new AuthenticationProperties();
+            if (challenge == ChallengeWithProperties)
+            {
+                properties.Items.Add("item1", Guid.NewGuid().ToString());
+            }
+            else
+            {
+                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, queryValues.RedirectUri);
+            }
+
+            var server = CreateServer(options =>
+            {
+                SetOptions(options, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
+                options.AutomaticAuthentication = challenge.Equals(ChallengeWithOutContext);
+                options.Notifications = new OpenIdConnectAuthenticationNotifications
+                {
+                    RedirectToIdentityProvider = notification =>
+                    {
+                        notification.ProtocolMessage.State = userState;
+                        return Task.FromResult<object>(null);
+                    }
+
+                };
+            }, null, properties);
+
+            var transaction = await SendAsync(server, DefaultHost + challenge);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            queryValues.State = stateDataFormat.Protect(properties);
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }));
+        }
+
+        public static TheoryData<string, string> StateDataSet
+        {
+            get
+            {
+                var dataset = new TheoryData<string, string>();
+                dataset.Add(Guid.NewGuid().ToString(), Challenge);
+                dataset.Add(null, Challenge);
+                dataset.Add(Guid.NewGuid().ToString(), ChallengeWithOutContext);
+                dataset.Add(null, ChallengeWithOutContext);
+                dataset.Add(Guid.NewGuid().ToString(), ChallengeWithProperties);
+                dataset.Add(null, ChallengeWithProperties);
+
+                return dataset;
+            }
         }
 
         [Fact]
         public async Task ChallengeWillUseNotifications()
         {
-            ISecureDataFormat<AuthenticationProperties> stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var queryValues = new ExpectedQueryValues(DefaultAuthority);
+            var queryValuesSetInNotification = new ExpectedQueryValues(DefaultAuthority);
             var server = CreateServer(options =>
             {
-                options.Authority = "https://login.windows.net/common";
-                options.ClientId = "Test Id";
+                SetOptions(options, DefaultParameters(), queryValues);
                 options.Notifications = new OpenIdConnectAuthenticationNotifications
                 {
-                    MessageReceived = notification =>
-                        {
-                            notification.ProtocolMessage.Scope = "test openid profile";
-                            notification.HandleResponse();
-                            return Task.FromResult<object>(null);
-                        }
+                    RedirectToIdentityProvider = notification =>
+                    {
+                        notification.ProtocolMessage.ClientId = queryValuesSetInNotification.ClientId;
+                        notification.ProtocolMessage.RedirectUri = queryValuesSetInNotification.RedirectUri;
+                        notification.ProtocolMessage.Resource = queryValuesSetInNotification.Resource;
+                        notification.ProtocolMessage.Scope = queryValuesSetInNotification.Scope;
+                        return Task.FromResult<object>(null);
+                    }
                 };
             });
 
-            var properties = new AuthenticationProperties();
-            var state = stateFormat.Protect(properties);
-            var transaction = await SendAsync(server,"https://example.com/challenge");
+            var transaction = await SendAsync(server, DefaultHost + Challenge);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            queryValuesSetInNotification.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
+        private void SetOptions(OpenIdConnectAuthenticationOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
+        {
+            foreach (var param in parameters)
+            {
+                if (param.Equals(OpenIdConnectParameterNames.ClientId))
+                    options.ClientId = queryValues.ClientId;
+                else if (param.Equals(OpenIdConnectParameterNames.RedirectUri))
+                    options.RedirectUri = queryValues.RedirectUri;
+                else if (param.Equals(OpenIdConnectParameterNames.Resource))
+                    options.Resource = queryValues.Resource;
+                else if (param.Equals(OpenIdConnectParameterNames.Scope))
+                    options.Scope = queryValues.Scope;
+            }
+
+            options.Authority = queryValues.Authority;
+            options.Configuration = queryValues.Configuration;
+            options.StateDataFormat = secureDataFormat ?? new AuthenticationPropertiesFormaterKeyValue();
+        }
+
+        private List<string> DefaultParameters(string[] additionalParams = null)
+        {
+            var parameters =
+                new List<string>
+                {
+                    OpenIdConnectParameterNames.ClientId,
+                    OpenIdConnectParameterNames.RedirectUri,
+                    OpenIdConnectParameterNames.Resource,
+                    OpenIdConnectParameterNames.ResponseMode,
+                    OpenIdConnectParameterNames.Scope,
+                };
+
+            if (additionalParams != null)
+                parameters.AddRange(additionalParams);
+
+            return parameters;
+        }
+
+        private static void DefaultChallengeOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
+            options.AutomaticAuthentication = true;
+            options.ClientId = Guid.NewGuid().ToString();
+            options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
+            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+        }
 
         [Fact]
         public async Task SignOutWithDefaultRedirectUri()
         {
+            var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             var server = CreateServer(options =>
             {
-                options.Authority = "https://login.windows.net/common";
+                options.Authority = DefaultAuthority;
                 options.ClientId = "Test Id";
+                options.Configuration = configuration;
             });
 
-            var transaction = await SendAsync(server, "https://example.com/signout");
+            var transaction = await SendAsync(server, DefaultHost + Signout);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.AbsoluteUri.ShouldBe("https://login.windows.net/common/oauth2/logout");
+            transaction.Response.Headers.Location.AbsoluteUri.ShouldBe(configuration.EndSessionEndpoint);
         }
 
         [Fact]
         public async Task SignOutWithCustomRedirectUri()
         {
+            var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             var server = CreateServer(options =>
             {
-                options.Authority = "https://login.windows.net/common";
+                options.Authority = DefaultAuthority;
                 options.ClientId = "Test Id";
+                options.Configuration = configuration;
                 options.PostLogoutRedirectUri = "https://example.com/logout";
             });
 
-            var transaction = await SendAsync(server, "https://example.com/signout");
+            var transaction = await SendAsync(server, DefaultHost + Signout);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(UrlEncoder.Default.UrlEncode("https://example.com/logout"));
         }
@@ -155,10 +292,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
         {
+            var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             var server = CreateServer(options =>
             {
-                options.Authority = "https://login.windows.net/common";
+                options.Authority = DefaultAuthority;
                 options.ClientId = "Test Id";
+                options.Configuration = configuration;
                 options.PostLogoutRedirectUri = "https://example.com/logout";
             });
 
@@ -167,30 +306,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(UrlEncoder.Default.UrlEncode("http://www.example.com/specific_redirect_uri"));
         }
 
-        [Fact]
-        // Test Cases for calculating the expiration time of cookie from cookie name
-        public void NonceCookieExpirationTime()
-        {
-            DateTime utcNow = DateTime.UtcNow;
-
-            GetNonceExpirationTime(noncePrefix + DateTime.MaxValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MaxValue);
-
-            GetNonceExpirationTime(noncePrefix + DateTime.MinValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue + TimeSpan.FromHours(1));
-
-            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
-
-            GetNonceExpirationTime(noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
-
-            GetNonceExpirationTime("", TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
-
-            GetNonceExpirationTime(noncePrefix + noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
-
-            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
-
-            GetNonceExpirationTime(utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
-        }
-
-        private static TestServer CreateServer(Action<OpenIdConnectAuthenticationOptions> configureOptions, Func<HttpContext, Task> handler = null)
+        private static TestServer CreateServer(Action<OpenIdConnectAuthenticationOptions> configureOptions, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
         {
             return TestServer.Create(app =>
             {
@@ -203,15 +319,25 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 {
                     var req = context.Request;
                     var res = context.Response;
-                    if (req.Path == new PathString("/challenge"))
+
+                    if (req.Path == new PathString(Challenge))
                     {
                         await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
                     }
-                    else if (req.Path == new PathString("/signin"))
+                    else if (req.Path == new PathString(ChallengeWithProperties))
                     {
+                        await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, properties);
+                    }
+                    else if (req.Path == new PathString(ChallengeWithOutContext))
+                    {
+                        res.StatusCode = 401;
+                    }
+                    else if (req.Path == new PathString(Signin))
+                    {
+                        // REVIEW: this used to just be res.SignIn()
                         await context.Authentication.SignInAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal());
                     }
-                    else if (req.Path == new PathString("/signout"))
+                    else if (req.Path == new PathString(Signout))
                     {
                         await context.Authentication.SignOutAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
                     }
@@ -248,34 +374,39 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 request.Headers.Add("Cookie", cookieHeader);
             }
+
             var transaction = new Transaction
             {
                 Request = request,
                 Response = await server.CreateClient().SendAsync(request),
             };
+
             if (transaction.Response.Headers.Contains("Set-Cookie"))
             {
                 transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
             }
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
 
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
             if (transaction.Response.Content != null &&
                 transaction.Response.Content.Headers.ContentType != null &&
                 transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
             {
                 transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
             }
+
             return transaction;
         }
 
         private class Transaction
         {
             public HttpRequestMessage Request { get; set; }
+
             public HttpResponseMessage Response { get; set; }
 
             public IList<string> SetCookie { get; set; }
 
             public string ResponseText { get; set; }
+
             public XElement ResponseElement { get; set; }
 
             public string AuthenticationCookieValue
@@ -294,57 +425,29 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     return null;
                 }
             }
-
-            public string FindClaimValue(string claimType)
-            {
-                XElement claim = ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
-                if (claim == null)
-                {
-                    return null;
-                }
-                return claim.Attribute("value").Value;
-            }
-        }
-        private static void Describe(HttpResponse res, ClaimsIdentity identity)
-        {
-            res.StatusCode = 200;
-            res.ContentType = "text/xml";
-            var xml = new XElement("xml");
-            if (identity != null)
-            {
-                xml.Add(identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
-            }
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
-                {
-                    xml.WriteTo(writer);
-                }
-                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
-            }
         }
 
-        private class TestHttpMessageHandler : HttpMessageHandler
+        [Fact]
+        // Test Cases for calculating the expiration time of cookie from cookie name
+        public void NonceCookieExpirationTime()
         {
-            public Func<HttpRequestMessage, HttpResponseMessage> Sender { get; set; }
+            DateTime utcNow = DateTime.UtcNow;
 
-            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
-            {
-                if (Sender != null)
-                {
-                    return Task.FromResult(Sender(request));
-                }
+            GetNonceExpirationTime(noncePrefix + DateTime.MaxValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MaxValue);
 
-                return Task.FromResult<HttpResponseMessage>(null);
-            }
-        }
+            GetNonceExpirationTime(noncePrefix + DateTime.MinValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue + TimeSpan.FromHours(1));
 
-        private static HttpResponseMessage ReturnJsonResponse(object content)
-        {
-            var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = JsonConvert.SerializeObject(content);
-            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
-            return res;
+            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
+
+            GetNonceExpirationTime(noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+
+            GetNonceExpirationTime("", TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+
+            GetNonceExpirationTime(noncePrefix + noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+
+            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
+
+            GetNonceExpirationTime(utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
         }
 
         private static DateTime GetNonceExpirationTime(string keyname, TimeSpan nonceLifetime)
@@ -373,8 +476,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     }
                 }
             }
+
             return nonceTime;
         }
-
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
index 1e6bea793e..13479fdcee 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
@@ -10,6 +11,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// </summary>
     public class TestUtilities
     {
+        public const string DefaultHost = @"http://localhost";
+
         public static bool AreEqual<T>(object obj1, object obj2, Func<object, object, bool> comparer = null) where T : class
         {
             if (obj1 == null && obj2 == null)
@@ -63,11 +66,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 return false;
             }
 
-            if (!AreEqual<Exception>(logEntry1.Exception, logEntry2.Exception))
-            {
-                return false;
-            }
-
             if (logEntry1.State == null && logEntry2.State == null)
             {
                 return true;
@@ -104,5 +102,26 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             return AreEqual<Exception>(exception1.InnerException, exception2.InnerException);
         }
+
+        static public IConfigurationManager<OpenIdConnectConfiguration> DefaultOpenIdConnectConfigurationManager
+        {
+            get
+            {
+                return new StaticConfigurationManager<OpenIdConnectConfiguration>(DefaultOpenIdConnectConfiguration);
+            }
+        }
+
+        static public OpenIdConnectConfiguration DefaultOpenIdConnectConfiguration
+        {
+            get
+            {
+                return new OpenIdConnectConfiguration()
+                {
+                    AuthorizationEndpoint = @"https://login.windows.net/common/oauth2/authorize",
+                    EndSessionEndpoint = @"https://login.windows.net/common/oauth2/endsessionendpoint",
+                    TokenEndpoint = @"https://login.windows.net/common/oauth2/token",
+                };
+            }
+        }
     }
 }

From efc35302e84f8e564564249d45916ae5c1538d07 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 8 Jul 2015 15:01:09 -0700
Subject: [PATCH 269/900] Switch to shared security helper

---
 .../SecurityHelper.cs                         |  36 ------
 .../project.json                              |   1 +
 .../SecurityHelperTests.cs                    | 107 ------------------
 3 files changed, 1 insertion(+), 143 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication/SecurityHelper.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs

diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
deleted file mode 100644
index 312775af19..0000000000
--- a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Linq;
-using System.Security.Claims;
-using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Helper code used when implementing authentication middleware
-    /// </summary>
-    public static class SecurityHelper
-    {
-        /// <summary>
-        /// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal
-        /// Merges a new claims principal, placing all new identities first, and eliminating
-        /// any empty unauthenticated identities from context.User
-        /// </summary>
-        /// <param name="identity"></param>
-        public static ClaimsPrincipal MergeUserPrincipal([NotNull] ClaimsPrincipal existingPrincipal, [NotNull] ClaimsPrincipal additionalPrincipal)
-        {
-            var newPrincipal = new ClaimsPrincipal();
-            // New principal identities go first
-            newPrincipal.AddIdentities(additionalPrincipal.Identities);
-
-            // Then add any existing non empty or authenticated identities
-            if (existingPrincipal != null)
-            {
-                newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Count() > 0));
-            }
-            return newPrincipal;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index e3321ca9f6..ae75a83ec9 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -11,6 +11,7 @@
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.SecurityHelper.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Microsoft.Framework.WebEncoders": "1.0.0-*"
     },
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
deleted file mode 100644
index 94794e1c84..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ /dev/null
@@ -1,107 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Linq;
-using System.Security.Claims;
-using System.Security.Principal;
-using Microsoft.AspNet.Http.Internal;
-using Shouldly;
-using Xunit;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class SecurityHelperTests
-    {
-        [Fact]
-        public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
-        {
-            var context = new DefaultHttpContext();
-            context.User.ShouldNotBe(null);
-            context.User.Identity.IsAuthenticated.ShouldBe(false);
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), new string[0]));
-
-            context.User.ShouldNotBe(null);
-            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
-            context.User.Identity.Name.ShouldBe("Test1");
-
-            context.User.ShouldBeTypeOf<ClaimsPrincipal>();
-            context.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
-
-            ((ClaimsPrincipal)context.User).Identities.Count().ShouldBe(1);
-        }
-
-        [Fact]
-        public void AddingExistingIdentityChangesDefaultButPreservesPrior()
-        {
-            var context = new DefaultHttpContext();
-            context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
-
-            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
-            context.User.Identity.Name.ShouldBe("Test1");
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test2", "Beta"), new string[0]));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Beta");
-            context.User.Identity.Name.ShouldBe("Test2");
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
-            context.User.Identity.Name.ShouldBe("Test3");
-
-            var principal = context.User;
-            principal.Identities.Count().ShouldBe(3);
-            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
-            principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
-            principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
-        }
-
-        [Fact]
-        public void AddingPreservesNewIdentitiesAndDropsEmpty()
-        {
-            var context = new DefaultHttpContext();
-            var existingPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
-            var identityNoAuthTypeWithClaim = new ClaimsIdentity();
-            identityNoAuthTypeWithClaim.AddClaim(new Claim("identityNoAuthTypeWithClaim", "yes"));
-            existingPrincipal.AddIdentity(identityNoAuthTypeWithClaim);
-            var identityEmptyWithAuthType = new ClaimsIdentity("empty");
-            existingPrincipal.AddIdentity(identityEmptyWithAuthType);
-            context.User = existingPrincipal;
-
-            context.User.Identity.IsAuthenticated.ShouldBe(false);
-
-            var newPrincipal = new ClaimsPrincipal();
-            var newEmptyIdentity = new ClaimsIdentity();
-            var identityTwo = new ClaimsIdentity("yep");
-            newPrincipal.AddIdentity(newEmptyIdentity);
-            newPrincipal.AddIdentity(identityTwo);
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, newPrincipal);
-
-            // Preserve newPrincipal order
-            context.User.Identity.IsAuthenticated.ShouldBe(false);
-            context.User.Identity.Name.ShouldBe(null);
-
-            var principal = context.User;
-            principal.Identities.Count().ShouldBe(4);
-            principal.Identities.Skip(0).First().ShouldBe(newEmptyIdentity);
-            principal.Identities.Skip(1).First().ShouldBe(identityTwo);
-            principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
-            principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
-
-            // This merge should drop newEmptyIdentity since its empty
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
-            context.User.Identity.Name.ShouldBe("Test3");
-
-            principal = context.User;
-            principal.Identities.Count().ShouldBe(4);
-            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
-            principal.Identities.Skip(1).First().ShouldBe(identityTwo);
-            principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
-            principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
-        }
-    }
-}

From c6aa9371c78b56f7edc88cafa110b1739170c942 Mon Sep 17 00:00:00 2001
From: unknown <tugupta@tugupta-vs2013.redmond.corp.microsoft.com>
Date: Tue, 7 Jul 2015 16:48:07 -0700
Subject: [PATCH 270/900] Updating protocol.extensions package version from
 beta5 to beta6

---
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json   | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index 6c7f516fe1..9f1c8e70bb 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -8,7 +8,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta5-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta6-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 00dc7bfed2..309590d304 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -9,7 +9,7 @@
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.Caching.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta5-*"
+        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta6-*"
     },
     "frameworks": {
         "dnx451": {

From 8d7f052cf4ca19b1a1a545469846f41ba009494d Mon Sep 17 00:00:00 2001
From: tushar gupta <tushargupta51@gmail.com>
Date: Wed, 8 Jul 2015 17:05:57 -0700
Subject: [PATCH 271/900] Adding support for signing in using "code flow"

---
 .../AuthorizationCodeRedeemedNotification.cs  |  36 +
 .../OpenIdConnectAuthenticationHandler.cs     | 697 ++++++++++++------
 .../OpenIdConnectAuthenticationMiddleware.cs  |  14 +-
 ...penIdConnectAuthenticationNotifications.cs |   6 +
 .../OpenIdConnectAuthenticationOptions.cs     |   6 +
 .../OpenIdConnectTokenEndpointResponse.cs     |  37 +
 .../Resources.Designer.cs                     |  72 ++
 .../Resources.resx                            |  29 +-
 .../OpenIdConnect/LoggingUtilities.cs         |   6 +
 ...enticationHandlerForTestingAuthenticate.cs |  23 +-
 .../OpenIdConnectHandlerTests.cs              | 116 ++-
 .../OpenIdConnectMiddlewareTests.cs           |  14 +-
 12 files changed, 830 insertions(+), 226 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
new file mode 100644
index 0000000000..5d8a106867
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
@@ -0,0 +1,36 @@
+using System;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols;
+
+namespace Microsoft.AspNet.Authentication.Notifications
+{
+    /// <summary>
+    /// This Notification can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
+    /// </summary>
+    public class AuthorizationCodeRedeemedNotification : BaseNotification<OpenIdConnectAuthenticationOptions>
+    {
+        /// <summary>
+        /// Creates a <see cref="AuthorizationCodeRedeemedNotification"/>
+        /// </summary>
+        public AuthorizationCodeRedeemedNotification(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
+        {
+        }
+
+        /// <summary>
+        /// Gets or sets the 'code'.
+        /// </summary>
+        public string Code { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectTokenEndpointResponse"/> that contains the tokens and json response received after redeeming the code at the token endpoint.
+        /// </summary>
+        public OpenIdConnectTokenEndpointResponse TokenEndpointResponse { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
+        /// </summary>
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 6981f48e56..b3203bb8ab 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -6,6 +6,8 @@ using System.Globalization;
 using System.IdentityModel.Tokens;
 using System.IO;
 using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Notifications;
@@ -16,6 +18,7 @@ using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols;
+using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -28,6 +31,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         private const string UriSchemeDelimiter = "://";
         private OpenIdConnectConfiguration _configuration;
 
+        protected HttpClient Backchannel { get; private set; }
+
+        public OpenIdConnectAuthenticationHandler(HttpClient backchannel)
+        {
+            Backchannel = backchannel;
+        }
+
         /// <summary>
         /// Handles Signout
         /// </summary>
@@ -116,17 +126,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 properties.RedirectUri = CurrentUri;
             }
 
-            if (!string.IsNullOrEmpty(Options.RedirectUri))
-            {
-                Logger.LogDebug(Resources.OIDCH_0031_Using_Options_RedirectUri, Options.RedirectUri);
-            }
-
-            // When redeeming a 'code' for an AccessToken, this value is needed
-            if (!string.IsNullOrEmpty(Options.RedirectUri))
-            {
-                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, Options.RedirectUri);
-            }
-
             if (_configuration == null && Options.ConfigurationManager != null)
             {
                 _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
@@ -195,6 +194,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 message = redirectToIdentityProviderNotification.ProtocolMessage;
             }
 
+            var redirectUriForCode = message.RedirectUri;
+            if (string.IsNullOrEmpty(redirectUriForCode))
+            {
+                Logger.LogDebug(Resources.OIDCH_0031_Using_Options_RedirectUri, Options.RedirectUri);
+                redirectUriForCode = Options.RedirectUri;
+            }
+
+            if (!string.IsNullOrEmpty(redirectUriForCode))
+            {
+                // When redeeming a 'code' for an AccessToken, this value is needed
+                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, redirectUriForCode);
+            }
+
             message.State = Options.StateDataFormat.Protect(properties);
 
             var redirectUri = message.CreateAuthenticationRequestUrl();
@@ -243,27 +255,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             try
             {
-                if (Logger.IsEnabled(LogLevel.Debug))
-                {
-                    Logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
-                }
-
-                var messageReceivedNotification =
-                    new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                    {
-                        ProtocolMessage = message
-                    };
-
-                await Options.Notifications.MessageReceived(messageReceivedNotification);
+                var messageReceivedNotification = await RunMessageReceivedNotificationAsync(message);
                 if (messageReceivedNotification.HandledResponse)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
                     return messageReceivedNotification.AuthenticationTicket;
                 }
-
-                if (messageReceivedNotification.Skipped)
+                else if (messageReceivedNotification.Skipped)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
                     return null;
                 }
 
@@ -302,178 +300,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                AuthenticationTicket ticket = null;
-                JwtSecurityToken jwt = null;
-
-                // OpenIdConnect protocol allows a Code to be received without the id_token
-                if (!string.IsNullOrEmpty(message.IdToken))
+                if (string.IsNullOrEmpty(message.IdToken) && !string.IsNullOrEmpty(message.Code))
                 {
-                    Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
-                    var securityTokenReceivedNotification =
-                        new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                        {
-                            ProtocolMessage = message,
-                        };
-
-                    await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
-                    if (securityTokenReceivedNotification.HandledResponse)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
-                        return securityTokenReceivedNotification.AuthenticationTicket;
-                    }
-
-                    if (securityTokenReceivedNotification.Skipped)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
-                        return null;
-                    }
-
-                    // Copy and augment to avoid cross request race conditions for updated configurations.
-                    var validationParameters = Options.TokenValidationParameters.Clone();
-                    if (_configuration != null)
-                    {
-                        if (string.IsNullOrEmpty(validationParameters.ValidIssuer))
-                        {
-                            validationParameters.ValidIssuer = _configuration.Issuer;
-                        }
-                        else if (!string.IsNullOrEmpty(_configuration.Issuer))
-                        {
-                            validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(new[] { _configuration.Issuer }) ?? new[] { _configuration.Issuer };
-                        }
-
-                        validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys;
-                    }
-
-                    SecurityToken validatedToken = null;
-                    ClaimsPrincipal principal = null;
-                    foreach (var validator in Options.SecurityTokenValidators)
-                    {
-                        if (validator.CanReadToken(message.IdToken))
-                        {
-                            principal = validator.ValidateToken(message.IdToken, validationParameters, out validatedToken);
-                            jwt = validatedToken as JwtSecurityToken;
-                            if (jwt == null)
-                            {
-                                Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
-                                throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
-                            }
-                        }
-                    }
-
-                    if (validatedToken == null)
-                    {
-                        Logger.LogError(Resources.OIDCH_0011_UnableToValidateToken, message.IdToken);
-                        throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0011_UnableToValidateToken, message.IdToken));
-                    }
-
-                    ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
-                    if (!string.IsNullOrEmpty(message.SessionState))
-                    {
-                        ticket.Properties.Items[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
-                    }
-
-                    if (_configuration != null && !string.IsNullOrEmpty(_configuration.CheckSessionIframe))
-                    {
-                        ticket.Properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
-                    }
-
-                    // Rename?
-                    if (Options.UseTokenLifetime)
-                    {
-                        var issued = validatedToken.ValidFrom;
-                        if (issued != DateTime.MinValue)
-                        {
-                            ticket.Properties.IssuedUtc = issued;
-                        }
-
-                        var expires = validatedToken.ValidTo;
-                        if (expires != DateTime.MinValue)
-                        {
-                            ticket.Properties.ExpiresUtc = expires;
-                        }
-                    }
-
-                    var securityTokenValidatedNotification =
-                        new SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                        {
-                            AuthenticationTicket = ticket,
-                            ProtocolMessage = message
-                        };
-
-                    await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
-                    if (securityTokenValidatedNotification.HandledResponse)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
-                        return securityTokenValidatedNotification.AuthenticationTicket;
-                    }
-
-                    if (securityTokenValidatedNotification.Skipped)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
-                        return null;
-                    }
-
-                    string nonce = jwt.Payload.Nonce;
-                    if (Options.CacheNonces)
-                    {
-                        if (await Options.NonceCache.GetAsync(nonce) != null)
-                        {
-                            await Options.NonceCache.RemoveAsync(nonce);
-                        }
-                        else
-                        {
-                            // If the nonce cannot be removed, it was
-                            // already used and MUST be rejected.
-                            nonce = null;
-                        }
-                    }
-                    else
-                    {
-                        nonce = ReadNonceCookie(nonce);
-                    }
-
-                    var protocolValidationContext = new OpenIdConnectProtocolValidationContext
-                    {
-                        AuthorizationCode = message.Code,
-                        Nonce = nonce,
-                    };
-
-                    Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
+                    return await HandleCodeOnlyFlow(message, properties);
                 }
-
-                if (message.Code != null)
+                else if (!string.IsNullOrEmpty(message.IdToken))
                 {
-                    Logger.LogDebug(Resources.OIDCH_0014_AuthorizationCodeReceived, message.Code);
-                    if (ticket == null)
-                    {
-                        ticket = new AuthenticationTicket(properties, Options.AuthenticationScheme);
-                    }
-
-                    var authorizationCodeReceivedNotification = new AuthorizationCodeReceivedNotification(Context, Options)
-                    {
-                        AuthenticationTicket = ticket,
-                        Code = message.Code,
-                        JwtSecurityToken = jwt,
-                        ProtocolMessage = message,
-                        RedirectUri = ticket.Properties.Items.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey) ?
-                                      ticket.Properties.Items[OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey] : string.Empty,
-                    };
-
-                    await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
-                    if (authorizationCodeReceivedNotification.HandledResponse)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse);
-                        return authorizationCodeReceivedNotification.AuthenticationTicket;
-                    }
-
-                    if (authorizationCodeReceivedNotification.Skipped)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped);
-                        return null;
-                    }
+                    return await HandleIdTokenFlows(message, properties);
+                }
+                else
+                {
+                    Logger.LogDebug(Resources.OIDCH_0045_Id_Token_Code_Missing);
+                    return null;
                 }
-
-                return ticket;
             }
             catch (Exception exception)
             {
@@ -489,23 +328,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     }
                 }
 
-                var authenticationFailedNotification =
-                    new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                    {
-                        ProtocolMessage = message,
-                        Exception = exception
-                    };
-
-                await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
+                var authenticationFailedNotification = await RunAuthenticationFailedNotificationAsync(message, exception);
                 if (authenticationFailedNotification.HandledResponse)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
                     return authenticationFailedNotification.AuthenticationTicket;
                 }
-
-                if (authenticationFailedNotification.Skipped)
+                else if (authenticationFailedNotification.Skipped)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
                     return null;
                 }
 
@@ -513,6 +342,215 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
+        private async Task<AuthenticationTicket> HandleCodeOnlyFlow(OpenIdConnectMessage message, AuthenticationProperties properties)
+        {
+            AuthenticationTicket ticket = null;
+            JwtSecurityToken jwt = null;
+
+            OpenIdConnectTokenEndpointResponse tokenEndpointResponse = null;
+            string idToken = null;
+            var authorizationCodeReceivedNotification = await RunAuthorizationCodeReceivedNotificationAsync(message, properties, ticket, jwt);
+            if (authorizationCodeReceivedNotification.HandledResponse)
+            {
+                return authorizationCodeReceivedNotification.AuthenticationTicket;
+            }
+            else if (authorizationCodeReceivedNotification.Skipped)
+            {
+                return null;
+            }
+
+            // Redeeming authorization code for tokens
+            Logger.LogDebug(Resources.OIDCH_0038_Redeeming_Auth_Code, message.Code);
+
+            tokenEndpointResponse = await RedeemAuthorizationCodeAsync(message.Code, authorizationCodeReceivedNotification.RedirectUri);
+            idToken = tokenEndpointResponse.Message.IdToken;
+
+            var authorizationCodeRedeemedNotification = await RunAuthorizationCodeRedeemedNotificationAsync(message, tokenEndpointResponse);
+            if (authorizationCodeRedeemedNotification.HandledResponse)
+            {
+                return authorizationCodeRedeemedNotification.AuthenticationTicket;
+            }
+            else if (authorizationCodeRedeemedNotification.Skipped)
+            {
+                return null;
+            }
+
+            // no need to validate signature when token is received using "code flow" as per spec [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
+            var validationParameters = Options.TokenValidationParameters.Clone();
+            validationParameters.ValidateSignature = false;
+
+            ticket = ValidateToken(idToken, message, properties, validationParameters, out jwt);
+
+            if (Options.GetClaimsFromUserInfoEndpoint)
+            {
+                Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint);
+                ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket);
+            }
+
+            var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
+            if (securityTokenValidatedNotification.HandledResponse)
+            {
+                return securityTokenValidatedNotification.AuthenticationTicket;
+            }
+            else if (securityTokenValidatedNotification.Skipped)
+            {
+                return null;
+            }
+
+            // If id_token is received using code only flow, no need to validate chash.
+            await ValidateOpenIdConnectProtocolAsync(jwt, message, false);
+
+            return ticket;
+        }
+
+        private async Task<AuthenticationTicket> HandleIdTokenFlows(OpenIdConnectMessage message, AuthenticationProperties properties)
+        {
+            AuthenticationTicket ticket = null;
+            JwtSecurityToken jwt = null;
+
+            var securityTokenReceivedNotification = await RunSecurityTokenReceivedNotificationAsync(message);
+            if (securityTokenReceivedNotification.HandledResponse)
+            {
+                return securityTokenReceivedNotification.AuthenticationTicket;
+            }
+            else if (securityTokenReceivedNotification.Skipped)
+            {
+                return null;
+            }
+
+            var validationParameters = Options.TokenValidationParameters.Clone();
+            ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
+
+            var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
+            if (securityTokenValidatedNotification.HandledResponse)
+            {
+                return securityTokenValidatedNotification.AuthenticationTicket;
+            }
+            else if (securityTokenValidatedNotification.Skipped)
+            {
+                return null;
+            }
+
+            await ValidateOpenIdConnectProtocolAsync(jwt, message);
+
+            if (message.Code != null)
+            {
+                var authorizationCodeReceivedNotification = await RunAuthorizationCodeReceivedNotificationAsync(message, properties, ticket, jwt);
+                if (authorizationCodeReceivedNotification.HandledResponse)
+                {
+                    return authorizationCodeReceivedNotification.AuthenticationTicket;
+                }
+                else if (authorizationCodeReceivedNotification.Skipped)
+                {
+                    return null;
+                }
+            }
+
+            return ticket;
+        }
+
+        /// <summary>
+        /// Redeems the authorization code for tokens at the token endpoint
+        /// </summary>
+        /// <param name="authorizationCode">The authorization code to redeem.</param>
+        /// <param name="redirectUri">Uri that was passed in the request sent for the authorization code.</param>
+        /// <returns>OpenIdConnect message that has tokens inside it.</returns>
+        protected virtual async Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
+        {
+            var openIdMessage = new OpenIdConnectMessage()
+            {
+                ClientId = Options.ClientId,
+                ClientSecret = Options.ClientSecret,
+                Code = authorizationCode,
+                GrantType = "authorization_code",
+                RedirectUri = redirectUri
+            };
+
+            var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.TokenEndpoint);
+            requestMessage.Content = new FormUrlEncodedContent(openIdMessage.Parameters);
+            var responseMessage = await Backchannel.SendAsync(requestMessage);
+            responseMessage.EnsureSuccessStatusCode();
+            var tokenResonse = await responseMessage.Content.ReadAsStringAsync();
+            var jsonTokenResponse = JObject.Parse(tokenResonse);
+            return new OpenIdConnectTokenEndpointResponse(jsonTokenResponse);
+        }
+
+        /// <summary>
+        /// Goes to UserInfo endpoint to retrieve additional claims and add any unique claims to the given identity.
+        /// </summary>
+        /// <param name="properties">Authentication Properties</param>
+        /// <param name="message">message that is being processed</param>
+        /// <param name="ticket">authentication ticket with claims principal and identities</param>
+        /// <returns>Authentication ticket with identity with additional claims, if any.</returns>
+        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, OpenIdConnectMessage message, AuthenticationTicket ticket)
+        {
+            string userInfoEndpoint = null;
+            if (_configuration != null)
+            {
+                userInfoEndpoint = _configuration.UserInfoEndpoint;
+            }
+
+            if (string.IsNullOrEmpty(userInfoEndpoint))
+            {
+                Logger.LogWarning(Resources.OIDCH_0046_UserInfo_Endpoint_Not_Set);
+                return ticket;
+            }
+
+            var requestMessage = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
+            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", message.AccessToken);
+            var responseMessage = await Backchannel.SendAsync(requestMessage);
+            responseMessage.EnsureSuccessStatusCode();
+            var userInfoResponse = await responseMessage.Content.ReadAsStringAsync();
+            var user = JObject.Parse(userInfoResponse);
+
+            var identity = (ClaimsIdentity)ticket.Principal.Identity;
+            var subjectClaimType = identity.FindFirst(ClaimTypes.NameIdentifier);
+            if (subjectClaimType == null)
+            {
+                Logger.LogError(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0041_Subject_Claim_Not_Found, identity.ToString()));
+                return ticket;
+            }
+
+            var userInfoSubjectClaimValue = user.Value<string>(JwtRegisteredClaimNames.Sub);
+
+            // check if the sub claim matches
+            if (userInfoSubjectClaimValue == null || !string.Equals(userInfoSubjectClaimValue, subjectClaimType.Value, StringComparison.Ordinal))
+            {
+                Logger.LogError(Resources.OIDCH_0039_Subject_Claim_Mismatch);
+                return ticket;
+            }
+
+            foreach (var claim in identity.Claims)
+            {
+                // If this claimType is mapped by the JwtSeurityTokenHandler, then this property will be set
+                var shortClaimTypeName = claim.Properties.ContainsKey(JwtSecurityTokenHandler.ShortClaimTypeProperty) ?
+                    claim.Properties[JwtSecurityTokenHandler.ShortClaimTypeProperty] : string.Empty;
+
+                // checking if claim in the identity (generated from id_token) has the same type as a claim retrieved from userinfo endpoint
+                JToken value;
+                var isClaimIncluded = user.TryGetValue(claim.Type, out value) || user.TryGetValue(shortClaimTypeName, out value);
+
+                // if a same claim exists (matching both type and value) both in id_token identity and userinfo response, remove the json entry from the userinfo response
+                if (isClaimIncluded && claim.Value.Equals(value.ToString(), StringComparison.Ordinal))
+                {
+                    if (!user.Remove(claim.Type))
+                    {
+                        user.Remove(shortClaimTypeName);
+                    }
+                }
+            }
+
+            // adding remaining unique claims from userinfo endpoint to the identity
+            foreach (var pair in user)
+            {
+                JToken value;
+                var claimValue = user.TryGetValue(pair.Key, out value) ? value.ToString() : null;
+                identity.AddClaim(new Claim(pair.Key, claimValue, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            return new AuthenticationTicket(new ClaimsPrincipal(identity), ticket.Properties, ticket.AuthenticationScheme);
+        }
+
         /// <summary>
         /// Adds the nonce to <see cref="HttpResponse.Cookies"/>.
         /// </summary>
@@ -609,6 +647,251 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
+        private async Task<MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunMessageReceivedNotificationAsync(OpenIdConnectMessage message)
+        {
+            Logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
+            var messageReceivedNotification =
+                new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = message
+                };
+
+            await Options.Notifications.MessageReceived(messageReceivedNotification);
+            if (messageReceivedNotification.HandledResponse)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
+            }
+            else if (messageReceivedNotification.Skipped)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
+            }
+
+            return messageReceivedNotification;
+        }
+
+        private async Task<AuthorizationCodeReceivedNotification> RunAuthorizationCodeReceivedNotificationAsync(OpenIdConnectMessage message, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
+        {
+            var redirectUri = properties.Items.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey) ?
+                properties.Items[OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey] : Options.RedirectUri;
+
+            Logger.LogDebug(Resources.OIDCH_0014_AuthorizationCodeReceived, message.Code);
+
+            var authorizationCodeReceivedNotification = new AuthorizationCodeReceivedNotification(Context, Options)
+            {
+                Code = message.Code,
+                ProtocolMessage = message,
+                RedirectUri = redirectUri,
+                AuthenticationTicket = ticket,
+                JwtSecurityToken = jwt
+            };
+
+            await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
+            if (authorizationCodeReceivedNotification.HandledResponse)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse);
+            }
+            else if (authorizationCodeReceivedNotification.Skipped)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped);
+            }
+
+            return authorizationCodeReceivedNotification;
+        }
+
+        private async Task<AuthorizationCodeRedeemedNotification> RunAuthorizationCodeRedeemedNotificationAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
+        {
+            Logger.LogDebug(Resources.OIDCH_0042_AuthorizationCodeRedeemed, message.Code);
+            var authorizationCodeRedeemedNotification = new AuthorizationCodeRedeemedNotification(Context, Options)
+            {
+                Code = message.Code,
+                ProtocolMessage = message,
+                TokenEndpointResponse = tokenEndpointResponse
+            };
+
+            await Options.Notifications.AuthorizationCodeRedeemed(authorizationCodeRedeemedNotification);
+            if (authorizationCodeRedeemedNotification.HandledResponse)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse);
+            }
+            else if (authorizationCodeRedeemedNotification.Skipped)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped);
+            }
+            return authorizationCodeRedeemedNotification;
+        }
+
+        private async Task<SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenReceivedNotificationAsync(OpenIdConnectMessage message)
+        {
+            Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
+            var securityTokenReceivedNotification =
+                new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = message,
+                };
+
+            await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
+            if (securityTokenReceivedNotification.HandledResponse)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
+            }
+            else if (securityTokenReceivedNotification.Skipped)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
+            }
+
+            return securityTokenReceivedNotification;
+        }
+
+        private async Task<SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenValidatedNotificationAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
+        {
+            var securityTokenValidatedNotification =
+                new SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    AuthenticationTicket = ticket,
+                    ProtocolMessage = message
+                };
+
+            await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
+            if (securityTokenValidatedNotification.HandledResponse)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
+            }
+            else if (securityTokenValidatedNotification.Skipped)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
+            }
+
+            return securityTokenValidatedNotification;
+        }
+
+        private async Task<AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunAuthenticationFailedNotificationAsync(OpenIdConnectMessage message, Exception exception)
+        {
+            var authenticationFailedNotification =
+                new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = message,
+                    Exception = exception
+                };
+
+            await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
+            if (authenticationFailedNotification.HandledResponse)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
+            }
+            else if (authenticationFailedNotification.Skipped)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
+            }
+
+            return authenticationFailedNotification;
+        }
+
+        private AuthenticationTicket ValidateToken(string idToken, OpenIdConnectMessage message, AuthenticationProperties properties, TokenValidationParameters validationParameters, out JwtSecurityToken jwt)
+        {
+            AuthenticationTicket ticket = null;
+            jwt = null;
+
+            if (_configuration != null)
+            {
+                if (string.IsNullOrEmpty(validationParameters.ValidIssuer))
+                {
+                    validationParameters.ValidIssuer = _configuration.Issuer;
+                }
+                else if (!string.IsNullOrEmpty(_configuration.Issuer))
+                {
+                    validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(new[] { _configuration.Issuer }) ?? new[] { _configuration.Issuer };
+                }
+
+                validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys;
+            }
+
+            SecurityToken validatedToken = null;
+            ClaimsPrincipal principal = null;
+            foreach (var validator in Options.SecurityTokenValidators)
+            {
+                if (validator.CanReadToken(idToken))
+                {
+                    principal = validator.ValidateToken(idToken, validationParameters, out validatedToken);
+                    jwt = validatedToken as JwtSecurityToken;
+                    if (jwt == null)
+                    {
+                        Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
+                        throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
+                    }
+                }
+            }
+
+            if (validatedToken == null)
+            {
+                Logger.LogError(Resources.OIDCH_0011_UnableToValidateToken, idToken);
+                throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0011_UnableToValidateToken, idToken));
+            }
+
+            ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
+            if (!string.IsNullOrEmpty(message.SessionState))
+            {
+                ticket.Properties.Items[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
+            }
+
+            if (_configuration != null && !string.IsNullOrEmpty(_configuration.CheckSessionIframe))
+            {
+                ticket.Properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
+            }
+
+            // Rename?
+            if (Options.UseTokenLifetime)
+            {
+                var issued = validatedToken.ValidFrom;
+                if (issued != DateTime.MinValue)
+                {
+                    ticket.Properties.IssuedUtc = issued;
+                }
+
+                var expires = validatedToken.ValidTo;
+                if (expires != DateTime.MinValue)
+                {
+                    ticket.Properties.ExpiresUtc = expires;
+                }
+            }
+
+            return ticket;
+        }
+
+        private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message, bool ValidateCHash = true)
+        {
+            string nonce = jwt.Payload.Nonce;
+            if (Options.CacheNonces)
+            {
+                if (await Options.NonceCache.GetAsync(nonce) != null)
+                {
+                    await Options.NonceCache.RemoveAsync(nonce);
+                }
+                else
+                {
+                    // If the nonce cannot be removed, it was
+                    // already used and MUST be rejected.
+                    nonce = null;
+                }
+            }
+            else
+            {
+                nonce = ReadNonceCookie(nonce);
+            }
+
+            var protocolValidationContext = new OpenIdConnectProtocolValidationContext
+            {
+                Nonce = nonce
+            };
+
+            // If authorization code is null, protocol validator does not validate the chash
+            if (ValidateCHash)
+            {
+                protocolValidationContext.AuthorizationCode = message.Code;
+            }
+
+            Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
+        }
+
         /// <summary>
         /// Calls InvokeReplyPathAsync
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 532ca9518e..29f1144aaf 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -103,6 +103,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Options.TokenValidationParameters.ValidAudience = Options.ClientId;
             }
 
+            Backchannel = new HttpClient(ResolveHttpMessageHandler(Options));
+            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET OpenIdConnect middleware");
+            Backchannel.Timeout = Options.BackchannelTimeout;
+            Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+
             if (Options.ConfigurationManager == null)
             {
                 if (Options.Configuration != null)
@@ -122,10 +127,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                         Options.MetadataAddress += ".well-known/openid-configuration";
                     }
 
-                    var httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
-                    httpClient.Timeout = Options.BackchannelTimeout;
-                    httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, httpClient);
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, Backchannel);
                 }
             }
 
@@ -137,13 +139,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
+        protected HttpClient Backchannel { get; private set; }
+
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OpenIdConnectAuthenticationOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
         {
-            return new OpenIdConnectAuthenticationHandler();
+            return new OpenIdConnectAuthenticationHandler(Backchannel);
         }
 
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
index 11c8c9ccc2..81eeb08d32 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
@@ -20,6 +20,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
             AuthenticationFailed = notification => Task.FromResult(0);
             AuthorizationCodeReceived = notification => Task.FromResult(0);
+            AuthorizationCodeRedeemed = notificaion => Task.FromResult(0);
             MessageReceived = notification => Task.FromResult(0);
             SecurityTokenReceived = notification => Task.FromResult(0);
             SecurityTokenValidated = notification => Task.FromResult(0);
@@ -36,6 +37,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public Func<AuthorizationCodeReceivedNotification, Task> AuthorizationCodeReceived { get; set; }
 
+        /// <summary>
+        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// </summary>
+        public Func<AuthorizationCodeRedeemedNotification, Task> AuthorizationCodeRedeemed { get; set; }
+
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 05b33548c6..df8f0e9d58 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -56,6 +56,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             AuthenticationScheme = authenticationScheme;
             BackchannelTimeout = TimeSpan.FromMinutes(1);
             Caption = OpenIdConnectAuthenticationDefaults.Caption;
+            GetClaimsFromUserInfoEndpoint = false;
             ProtocolValidator = new OpenIdConnectProtocolValidator();
             RefreshOnIssuerKeyNotFound = true;
             ResponseMode = OpenIdConnectResponseModes.FormPost;
@@ -164,6 +165,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public bool DefaultToCurrentUriOnRedirect { get; set; }
 
+        /// <summary>
+        /// Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
+        /// </summary>
+        public bool GetClaimsFromUserInfoEndpoint { get; set; }
+
         /// <summary>
         /// Gets or sets the discovery endpoint for obtaining metadata
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
new file mode 100644
index 0000000000..a0cc6ccb85
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
@@ -0,0 +1,37 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.IdentityModel.Protocols;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// Class to store the response returned from token endpoint
+    /// </summary>
+    public class OpenIdConnectTokenEndpointResponse
+    {
+        public OpenIdConnectTokenEndpointResponse(JObject jsonResponse)
+        {
+            JsonResponse = jsonResponse;
+            Message = new OpenIdConnectMessage()
+            {
+                AccessToken = JsonResponse.Value<string>(OpenIdConnectParameterNames.AccessToken),
+                IdToken = JsonResponse.Value<string>(OpenIdConnectParameterNames.IdToken),
+                TokenType = JsonResponse.Value<string>(OpenIdConnectParameterNames.TokenType),
+                ExpiresIn = JsonResponse.Value<string>(OpenIdConnectParameterNames.ExpiresIn)
+            };
+        }
+
+        /// <summary>
+        /// OpenIdConnect message that contains the id token and access tokens
+        /// </summary>
+        public OpenIdConnectMessage Message { get; set; }
+
+        /// <summary>
+        /// Json response returned from the token endpoint
+        /// </summary>
+        public JObject JsonResponse { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
index 67c06b96d8..cdef48e368 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
@@ -180,6 +180,78 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             get { return ResourceManager.GetString("OIDCH_0037_RedirectUri"); }
         }
 
+        /// <summary>
+        /// OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.
+        /// </summary>
+        internal static string OIDCH_0038_Redeeming_Auth_Code
+        {
+            get { return ResourceManager.GetString("OIDCH_0038_Redeeming_Auth_Code"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.
+        /// </summary>
+        internal static string OIDCH_0039_Subject_Claim_Mismatch
+        {
+            get { return ResourceManager.GetString("OIDCH_0039_Subject_Claim_Mismatch"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0040: Sending request to user info endpoint for retrieving claims.
+        /// </summary>
+        internal static string OIDCH_0040_Sending_Request_UIEndpoint
+        {
+            get { return ResourceManager.GetString("OIDCH_0040_Sending_Request_UIEndpoint"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0041: Subject claim not found in {0}.
+        /// </summary>
+        internal static string OIDCH_0041_Subject_Claim_Not_Found
+        {
+            get { return ResourceManager.GetString("OIDCH_0041_Subject_Claim_Not_Found"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0042: AuthorizationCode redeemed: '{0}'
+        /// </summary>
+        internal static string OIDCH_0042_AuthorizationCodeRedeemed
+        {
+            get { return ResourceManager.GetString("OIDCH_0042_AuthorizationCodeRedeemed"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0043: AuthorizationCodeRedeemedNotification.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse
+        {
+            get { return ResourceManager.GetString("OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0044: AuthorizationCodeRedeemedNotification.Skipped
+        /// </summary>
+        internal static string OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped
+        {
+            get { return ResourceManager.GetString("OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0045: Cannot process the message.Both id_token and code are missing.
+        /// </summary>
+        internal static string OIDCH_0045_Id_Token_Code_Missing
+        {
+            get { return ResourceManager.GetString("OIDCH_0045_Id_Token_Code_Missing"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.
+        /// </summary>
+        internal static string OIDCH_0046_UserInfo_Endpoint_Not_Set
+        {
+            get { return ResourceManager.GetString("OIDCH_0046_UserInfo_Endpoint_Not_Set"); }
+        }
+
         /// <summary>
         /// OIDCH_0000: Entering: '{0}'.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index f998d95ad7..fe1d1837d5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -162,6 +162,15 @@
   <data name="OIDCH_0037_RedirectUri" xml:space="preserve">
     <value>OIDCH_0037: RedirectUri is: '{0}'.</value>
   </data>
+  <data name="OIDCH_0038_Redeeming_Auth_Code" xml:space="preserve">
+    <value>OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.</value>
+  </data>
+  <data name="OIDCH_0039_Subject_Claim_Mismatch" xml:space="preserve">
+    <value>OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.</value>
+  </data>
+  <data name="OIDCH_0040_Sending_Request_UIEndpoint" xml:space="preserve">
+    <value>OIDCH_0040: Sending request to user info endpoint for retrieving claims.</value>
+  </data>
   <data name="OIDCH_0000_AuthenticateCoreAsync" xml:space="preserve">
     <value>OIDCH_0000: Entering: '{0}'.</value>
   </data>
@@ -228,4 +237,22 @@
   <data name="OIDCH_0021_AutomaticConfigurationRefresh" xml:space="preserve">
     <value>OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.</value>
   </data>
-</root>
+  <data name="OIDCH_0041_Subject_Claim_Not_Found" xml:space="preserve">
+    <value>OIDCH_0041: Subject claim not found in {0}.</value>
+  </data>
+  <data name="OIDCH_0042_AuthorizationCodeRedeemed" xml:space="preserve">
+    <value>OIDCH_0042: Authorization Code redeemed:  '{0}'</value>
+  </data>
+  <data name="OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse" xml:space="preserve">
+    <value>OIDCH_0043: AuthorizationCodeRedeemedNotification.HandledResponse</value>
+  </data>
+  <data name="OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped" xml:space="preserve">
+    <value>OIDCH_0044: AuthorizationCodeRedeemedNotification.Skipped</value>
+  </data>
+  <data name="OIDCH_0045_Id_Token_Code_Missing" xml:space="preserve">
+    <value>OIDCH_0045: Cannot process the message. Both id_token and code are missing.</value>
+  </data>
+  <data name="OIDCH_0046_UserInfo_Endpoint_Not_Set" xml:space="preserve">
+    <value>OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
index 64f17d967c..f8886e4842 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
@@ -43,6 +43,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     { "OIDCH_0020:", LogLevel.Debug },
                     { "OIDCH_0021:", LogLevel.Verbose },
                     { "OIDCH_0026:", LogLevel.Error },
+                    { "OIDCH_0038:", LogLevel.Debug },
+                    { "OIDCH_0040:", LogLevel.Debug },
+                    { "OIDCH_0042:", LogLevel.Debug },
+                    { "OIDCH_0043:", LogLevel.Verbose },
+                    { "OIDCH_0044:", LogLevel.Verbose },
+                    { "OIDCH_0045:", LogLevel.Debug }
             };
 
             BuildLogEntryList();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
index bf24d77914..02caabacdb 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
@@ -2,9 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.IdentityModel.Protocols;
+using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
@@ -14,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     public class OpenIdConnectAuthenticationHandlerForTestingAuthenticate : OpenIdConnectAuthenticationHandler
     {
         public OpenIdConnectAuthenticationHandlerForTestingAuthenticate()
-                    : base()
+                    : base(null)
         {
         }
 
@@ -32,6 +36,23 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
             return Task.FromResult(0);
         }
+        protected override async Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
+        {
+            var jsonResponse = new JObject();
+            jsonResponse.Add(OpenIdConnectParameterNames.IdToken, "test token");
+            return new OpenIdConnectTokenEndpointResponse(jsonResponse);
+        }
+
+        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, OpenIdConnectMessage message, AuthenticationTicket ticket)
+        {
+            var claimsIdentity = (ClaimsIdentity)ticket.Principal.Identity;
+            if (claimsIdentity == null)
+            {
+                claimsIdentity = new ClaimsIdentity();
+            }
+            claimsIdentity.AddClaim(new Claim("test claim", "test value"));
+            return new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), ticket.Properties, ticket.AuthenticationScheme);
+        }
 
         //public override bool ShouldHandleScheme(string authenticationScheme)
         //{
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index a5cf7074c5..2492a8fcdb 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -104,8 +104,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             options.Notifications = new OpenIdConnectAuthenticationNotifications
             {
-                AuthorizationCodeReceived = notification =>
+                AuthorizationCodeRedeemed = notification =>
                 {
+                    notification.HandleResponse();
                     if (notification.ProtocolMessage.State == null && !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
                         return Task.FromResult<object>(null);
 
@@ -138,7 +139,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             get
             {
                 var formater = new AuthenticationPropertiesFormaterKeyValue();
-                var dataset = new TheoryData<LogLevel, int[], Action< OpenIdConnectAuthenticationOptions >, OpenIdConnectMessage>();
+                var dataset = new TheoryData<LogLevel, int[], Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage>();
                 var properties = new AuthenticationProperties();
                 var message = new OpenIdConnectMessage();
                 var validState = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
@@ -155,13 +156,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
                 // State - null, empty string, invalid
                 message = new OpenIdConnectMessage();
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7 }, StateNullOptions, message);
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 28 }, StateNullOptions, message);
                 dataset.Add(LogLevel.Verbose, new int[] { 4, 7 }, StateNullOptions, message);
                 dataset.Add(LogLevel.Error, new int[] { }, StateNullOptions, message);
 
                 message = new OpenIdConnectMessage();
                 message.State = string.Empty;
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7 }, StateEmptyOptions, message);
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 28 }, StateEmptyOptions, message);
                 dataset.Add(LogLevel.Verbose, new int[] { 4, 7 }, StateEmptyOptions, message);
                 dataset.Add(LogLevel.Error, new int[] { }, StateEmptyOptions, message);
 
@@ -225,6 +226,34 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 dataset.Add(LogLevel.Verbose, new int[] { 7, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
                 dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedSkippedOptions, message);
 
+                message = new OpenIdConnectMessage();
+                message.Code = Guid.NewGuid().ToString();
+                message.State = validState;
+                message.IdToken = "test token";
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 14, 15 }, AuthorizationCodeReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 15 }, AuthorizationCodeReceivedHandledOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedHandledOptions, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 14, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 7, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedSkippedOptions, message);
+
+                // CodeReceivedAndRedeemed and GetUserInformationFromUIEndpoint
+                message = new OpenIdConnectMessage();
+                message.IdToken = null;
+                message.Code = Guid.NewGuid().ToString();
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 14, 23, 25, 26 }, CodeReceivedAndRedeemedHandledOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 4, 7, 26 }, CodeReceivedAndRedeemedHandledOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, CodeReceivedAndRedeemedHandledOptions, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 14, 23, 25, 27 }, CodeReceivedAndRedeemedSkippedOptions, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 4, 7, 27 }, CodeReceivedAndRedeemedSkippedOptions, message);
+                dataset.Add(LogLevel.Error, new int[] { }, CodeReceivedAndRedeemedSkippedOptions, message);
+
+                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 14, 23, 25, 24, 12 }, GetUserInfoFromUIEndpoint, message);
+                dataset.Add(LogLevel.Verbose, new int[] { 4, 7, 12 }, GetUserInfoFromUIEndpoint, message);
+                dataset.Add(LogLevel.Error, new int[] { }, GetUserInfoFromUIEndpoint, message);
+
                 return dataset;
             }
         }
@@ -243,6 +272,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
                 {
@@ -257,6 +288,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
                 {
@@ -271,6 +304,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthenticationErrorHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
                 {
@@ -285,6 +320,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
                 {
@@ -310,6 +347,57 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 };
         }
 
+        private static void CodeReceivedAndRedeemedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.ResponseType = OpenIdConnectResponseTypes.Code;
+            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    AuthorizationCodeRedeemed = (notification) =>
+                    {
+                        notification.HandleResponse();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.ResponseType = OpenIdConnectResponseTypes.Code;
+            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    AuthorizationCodeRedeemed = (notification) =>
+                    {
+                        notification.SkipToNextMiddleware();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
+
+        private static void GetUserInfoFromUIEndpoint(OpenIdConnectAuthenticationOptions options)
+        {
+            DefaultOptions(options);
+            options.ResponseType = OpenIdConnectResponseTypes.Code;
+            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            options.GetClaimsFromUserInfoEndpoint = true;
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.Notifications =
+                new OpenIdConnectAuthenticationNotifications
+                {
+                    SecurityTokenValidated = (notification) =>
+                    {
+                        var claimValue = notification.AuthenticationTicket.Principal.FindFirst("test claim");
+                        Assert.Equal(claimValue.Value, "test value");
+                        notification.HandleResponse();
+                        return Task.FromResult<object>(null);
+                    }
+                };
+        }
         private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
@@ -357,6 +445,21 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 };
         }
 
+        private static ISecurityTokenValidator MockSecurityTokenValidator()
+        {
+            var mockValidator = new Mock<ISecurityTokenValidator>();
+            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out specCompliantJwt)).Returns(new ClaimsPrincipal());
+            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
+            return mockValidator.Object;
+        }
+
+        private static OpenIdConnectProtocolValidator MockProtocolValidator()
+        {
+            var mockProtocolValidator = new Mock<OpenIdConnectProtocolValidator>();
+            mockProtocolValidator.Setup(v => v.Validate(It.IsAny<JwtSecurityToken>(), It.IsAny<OpenIdConnectProtocolValidationContext>()));
+            return mockProtocolValidator.Object;
+        }
+
         private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectAuthenticationOptions options)
         {
             AuthenticationErrorHandledOptions(options);
@@ -380,10 +483,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            var mockValidator = new Mock<ISecurityTokenValidator>();
-            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out specCompliantJwt)).Returns(new ClaimsPrincipal());
-            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
+            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
             options.ProtocolValidator.RequireTimeStampInNonce = false;
             options.ProtocolValidator.RequireNonce = false;
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 07182c64ab..fc0533f883 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -142,10 +142,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 properties.Items.Add("item1", Guid.NewGuid().ToString());
             }
-            else
-            {
-                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, queryValues.RedirectUri);
-            }
 
             var server = CreateServer(options =>
             {
@@ -164,6 +160,16 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             var transaction = await SendAsync(server, DefaultHost + challenge);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            if (challenge != ChallengeWithProperties)
+            {
+                if (userState != null)
+                {
+                    properties.Items.Add(OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey, userState);
+                }
+                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, queryValues.RedirectUri);
+            }
+
             queryValues.State = stateDataFormat.Protect(properties);
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }));
         }

From 5065835a05dc2902bd160385cf79250f3e0898ba Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 9 Jul 2015 16:43:34 -0700
Subject: [PATCH 272/900] Remove special cookie ajax redirect behavior

---
 .../CookieAuthenticationNotifications.cs      |  2 +-
 .../Notifications/DefaultBehavior.cs          | 57 -------------------
 .../Cookies/CookieMiddlewareTests.cs          | 18 +-----
 3 files changed, 2 insertions(+), 75 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
index 0c875b2083..57218a9ad9 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             OnResponseSignIn = context => { };
             OnResponseSignedIn = context => { };
             OnResponseSignOut = context => { };
-            OnApplyRedirect = DefaultBehavior.ApplyRedirect;
+            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
             OnException = context => { };
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
deleted file mode 100644
index 9807bbdf4f..0000000000
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/DefaultBehavior.cs
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using System;
-using Microsoft.AspNet.Http;
-using Newtonsoft.Json;
-
-namespace Microsoft.AspNet.Authentication.Cookies
-{
-    internal static class DefaultBehavior
-    {
-        internal static readonly Action<CookieApplyRedirectContext> ApplyRedirect = context =>
-        {
-            if (IsAjaxRequest(context.Request))
-            {
-                var jsonResponse = JsonConvert.SerializeObject(new
-                {
-                    status = context.Response.StatusCode,
-                    headers = new
-                    {
-                        location = context.RedirectUri
-                    }
-                }, Formatting.None);
-
-                context.Response.StatusCode = 200;
-                context.Response.Headers.Append("X-Responded-JSON", jsonResponse);
-            }
-            else
-            {
-                context.Response.Redirect(context.RedirectUri);
-            }
-        };
-
-        private static bool IsAjaxRequest(HttpRequest request)
-        {
-            var query = request.Query;
-            if (query != null)
-            {
-                if (query["X-Requested-With"] == "XMLHttpRequest")
-                {
-                    return true;
-                }
-            }
-
-            var headers = request.Headers;
-            if (headers != null)
-            {
-                if (headers["X-Requested-With"] == "XMLHttpRequest")
-                {
-                    return true;
-                }
-            }
-            return false;
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 5327d8a4a1..42de3e8ad9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -533,27 +533,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             clock.Add(TimeSpan.FromMinutes(4));
 
-            Transaction transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
+            var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
             transaction5.SetCookie.ShouldBe(null);
             FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("Alice");
         }
 
-        [Fact]
-        public async Task AjaxRedirectsAsExtraHeaderOnTwoHundred()
-        {
-            var server = CreateServer(options =>
-            {
-                options.LoginPath = new PathString("/login");
-                options.AutomaticAuthentication = true;
-            });
-
-            var transaction = await SendAsync(server, "http://example.com/protected", ajaxRequest: true);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            var responded = transaction.Response.Headers.GetValues("X-Responded-JSON");
-            responded.Count().ShouldBe(1);
-            responded.Single().ShouldContain("\"location\"");
-        }
-
         [Fact]
         public async Task CookieUsesPathBaseByDefault()
         {

From ab4ba794e546074a573fbf76d9150ffcf9752c89 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 14 Jul 2015 13:22:04 -0700
Subject: [PATCH 273/900] Fix cookie bugs, Authenticate => HandleAuthenticate

---
 .../CookieAuthenticationHandler.cs            | 376 +++++++++---------
 .../Notifications/CookieExceptionContext.cs   |  24 +-
 .../OAuthAuthenticationHandler.cs             |   4 +-
 .../OAuthBearerAuthenticationHandler.cs       |   2 +-
 .../OpenIdConnectAuthenticationHandler.cs     |   4 +-
 .../TwitterAuthenticationHandler.cs           |   4 +-
 .../AuthenticationHandler.cs                  |  32 +-
 .../Serializer/TicketSerializer.cs            |  52 ++-
 .../AuthenticationHandlerFacts.cs             |  49 ++-
 .../Cookies/CookieMiddlewareTests.cs          | 173 ++++++++
 .../Encoder/TicketSerializerTests.cs          |  10 +-
 11 files changed, 469 insertions(+), 261 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index d37a179d43..12c40ea5cd 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -27,75 +27,101 @@ namespace Microsoft.AspNet.Authentication.Cookies
         private DateTimeOffset? _renewIssuedUtc;
         private DateTimeOffset? _renewExpiresUtc;
         private string _sessionKey;
+        private Task<AuthenticationTicket> _cookieTicketTask;
 
-        protected override async Task<AuthenticationTicket> AuthenticateAsync()
+        private Task<AuthenticationTicket> EnsureCookieTicket()
+        {
+            // We only need to read the ticket once
+            if (_cookieTicketTask == null)
+            {
+                _cookieTicketTask = ReadCookieTicket();
+            }
+            return _cookieTicketTask;
+        }
+
+        private async Task<AuthenticationTicket> ReadCookieTicket()
+        {
+            var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
+            if (string.IsNullOrEmpty(cookie))
+            {
+                return null;
+            }
+
+            var ticket = Options.TicketDataFormat.Unprotect(cookie);
+            if (ticket == null)
+            {
+                Logger.LogWarning(@"Unprotect ticket failed");
+                return null;
+            }
+
+            if (Options.SessionStore != null)
+            {
+                var claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
+                if (claim == null)
+                {
+                    Logger.LogWarning(@"SessionId missing");
+                    return null;
+                }
+                _sessionKey = claim.Value;
+                ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
+                if (ticket == null)
+                {
+                    Logger.LogWarning(@"Identity missing in session store");
+                    return null;
+                }
+            }
+
+            var currentUtc = Options.SystemClock.UtcNow;
+            var issuedUtc = ticket.Properties.IssuedUtc;
+            var expiresUtc = ticket.Properties.ExpiresUtc;
+
+            if (expiresUtc != null && expiresUtc.Value < currentUtc)
+            {
+                if (Options.SessionStore != null)
+                {
+                    await Options.SessionStore.RemoveAsync(_sessionKey);
+                }
+                return null;
+            }
+
+            var allowRefresh = ticket.Properties.AllowRefresh ?? true;
+            if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration && allowRefresh)
+            {
+                var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
+                var timeRemaining = expiresUtc.Value.Subtract(currentUtc);
+
+                if (timeRemaining < timeElapsed)
+                {
+                    _shouldRenew = true;
+                    _renewIssuedUtc = currentUtc;
+                    var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
+                    _renewExpiresUtc = currentUtc.Add(timeSpan);
+                }
+            }
+
+            // Finally we have a valid ticket
+            return ticket;
+        }
+
+        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
         {
             AuthenticationTicket ticket = null;
             try
             {
-                var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
-                if (string.IsNullOrEmpty(cookie))
-                {
-                    return null;
-                }
-
-                ticket = Options.TicketDataFormat.Unprotect(cookie);
-
+                ticket = await EnsureCookieTicket();
                 if (ticket == null)
                 {
-                    Logger.LogWarning(@"Unprotect ticket failed");
                     return null;
                 }
 
-                if (Options.SessionStore != null)
-                {
-                    var claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
-                    if (claim == null)
-                    {
-                        Logger.LogWarning(@"SessionId missing");
-                        return null;
-                    }
-                    _sessionKey = claim.Value;
-                    ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
-                    if (ticket == null)
-                    {
-                        Logger.LogWarning(@"Identity missing in session store");
-                        return null;
-                    }
-                }
-
-                var currentUtc = Options.SystemClock.UtcNow;
-                var issuedUtc = ticket.Properties.IssuedUtc;
-                var expiresUtc = ticket.Properties.ExpiresUtc;
-
-                if (expiresUtc != null && expiresUtc.Value < currentUtc)
-                {
-                    if (Options.SessionStore != null)
-                    {
-                        await Options.SessionStore.RemoveAsync(_sessionKey);
-                    }
-                    return null;
-                }
-
-                var allowRefresh = ticket.Properties.AllowRefresh ?? true;
-                if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration && allowRefresh)
-                {
-                    var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
-                    var timeRemaining = expiresUtc.Value.Subtract(currentUtc);
-
-                    if (timeRemaining < timeElapsed)
-                    {
-                        _shouldRenew = true;
-                        _renewIssuedUtc = currentUtc;
-                        var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
-                        _renewExpiresUtc = currentUtc.Add(timeSpan);
-                    }
-                }
-
                 var context = new CookieValidatePrincipalContext(Context, ticket, Options);
-
                 await Options.Notifications.ValidatePrincipal(context);
 
+                if (context.Principal == null)
+                {
+                    return null;
+                }
+
                 if (context.ShouldRenew)
                 {
                     _shouldRenew = true;
@@ -135,46 +161,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return cookieOptions;
         }
 
-        private async Task ApplyCookie(AuthenticationTicket ticket)
-        {
-            if (_renewIssuedUtc.HasValue)
-            {
-                ticket.Properties.IssuedUtc = _renewIssuedUtc;
-            }
-            if (_renewExpiresUtc.HasValue)
-            {
-                ticket.Properties.ExpiresUtc = _renewExpiresUtc;
-            }
-
-            if (Options.SessionStore != null && _sessionKey != null)
-            {
-                await Options.SessionStore.RenewAsync(_sessionKey, ticket);
-                var principal = new ClaimsPrincipal(
-                    new ClaimsIdentity(
-                        new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
-                        Options.AuthenticationScheme));
-                ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
-            }
-
-            var cookieValue = Options.TicketDataFormat.Protect(ticket);
-
-            var cookieOptions = BuildCookieOptions();
-            if (ticket.Properties.IsPersistent && _renewExpiresUtc.HasValue)
-            {
-                cookieOptions.Expires = _renewExpiresUtc.Value.ToUniversalTime().DateTime;
-            }
-
-            Options.CookieManager.AppendResponseCookie(
-                Context,
-                Options.CookieName,
-                cookieValue,
-                cookieOptions);
-
-            Response.Headers.Set(HeaderNameCacheControl, HeaderValueNoCache);
-            Response.Headers.Set(HeaderNamePragma, HeaderValueNoCache);
-            Response.Headers.Set(HeaderNameExpires, HeaderValueMinusOne);
-        }
-
         protected override async Task FinishResponseAsync()
         {
             // Only renew if requested, and neither sign in or sign out was called
@@ -183,15 +169,48 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return;
             }
 
-            var ticket = await AuthenticateOnceAsync();
+            var ticket = await HandleAuthenticateOnceAsync();
             try
             {
-                await ApplyCookie(ticket);
+                if (_renewIssuedUtc.HasValue)
+                {
+                    ticket.Properties.IssuedUtc = _renewIssuedUtc;
+                }
+                if (_renewExpiresUtc.HasValue)
+                {
+                    ticket.Properties.ExpiresUtc = _renewExpiresUtc;
+                }
+
+                if (Options.SessionStore != null && _sessionKey != null)
+                {
+                    await Options.SessionStore.RenewAsync(_sessionKey, ticket);
+                    var principal = new ClaimsPrincipal(
+                        new ClaimsIdentity(
+                            new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
+                            Options.AuthenticationScheme));
+                    ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+                }
+
+                var cookieValue = Options.TicketDataFormat.Protect(ticket);
+
+                var cookieOptions = BuildCookieOptions();
+                if (ticket.Properties.IsPersistent && _renewExpiresUtc.HasValue)
+                {
+                    cookieOptions.Expires = _renewExpiresUtc.Value.ToUniversalTime().DateTime;
+                }
+
+                Options.CookieManager.AppendResponseCookie(
+                    Context,
+                    Options.CookieName,
+                    cookieValue,
+                    cookieOptions);
+
+                ApplyHeaders();
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, ticket);
+                    CookieExceptionContext.ExceptionLocation.FinishResponse, exception, ticket);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
@@ -202,7 +221,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override async Task HandleSignInAsync(SignInContext signin)
         {
-            var model = await AuthenticateAsync();
+            var ticket = await EnsureCookieTicket();
             try
             {
                 var cookieOptions = BuildCookieOptions();
@@ -239,21 +258,21 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
                 }
 
-                model = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
+                ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
                 if (Options.SessionStore != null)
                 {
                     if (_sessionKey != null)
                     {
                         await Options.SessionStore.RemoveAsync(_sessionKey);
                     }
-                    _sessionKey = await Options.SessionStore.StoreAsync(model);
+                    _sessionKey = await Options.SessionStore.StoreAsync(ticket);
                     var principal = new ClaimsPrincipal(
                         new ClaimsIdentity(
                             new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
                             Options.ClaimsIssuer));
-                    model = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+                    ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                 }
-                var cookieValue = Options.TicketDataFormat.Protect(model);
+                var cookieValue = Options.TicketDataFormat.Protect(ticket);
 
                 Options.CookieManager.AppendResponseCookie(
                     Context,
@@ -270,36 +289,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 Options.Notifications.ResponseSignedIn(signedInContext);
 
-                Response.Headers.Set(
-                    HeaderNameCacheControl,
-                    HeaderValueNoCache);
-
-                Response.Headers.Set(
-                    HeaderNamePragma,
-                    HeaderValueNoCache);
-
-                Response.Headers.Set(
-                    HeaderNameExpires,
-                    HeaderValueMinusOne);
-
-                var shouldLoginRedirect = Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
-
-                if ((shouldLoginRedirect) && Response.StatusCode == 200)
-                {
-                    var query = Request.Query;
-                    var redirectUri = query.Get(Options.ReturnUrlParameter);
-                    if (!string.IsNullOrEmpty(redirectUri)
-                        && IsHostRelative(redirectUri))
-                    {
-                        var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
-                        Options.Notifications.ApplyRedirect(redirectContext);
-                    }
-                }
+                var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
+                ApplyHeaders(shouldLoginRedirect);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
+                    CookieExceptionContext.ExceptionLocation.SignIn, exception, ticket);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
@@ -310,11 +306,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
         {
-            var model = await AuthenticateAsync();
+            var ticket = await EnsureCookieTicket();
             try
             {
                 var cookieOptions = BuildCookieOptions();
-
                 if (Options.SessionStore != null && _sessionKey != null)
                 {
                     await Options.SessionStore.RemoveAsync(_sessionKey);
@@ -332,43 +327,38 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Options.CookieName,
                     context.CookieOptions);
 
-                Response.Headers.Set(
-                    HeaderNameCacheControl,
-                    HeaderValueNoCache);
-
-                Response.Headers.Set(
-                    HeaderNamePragma,
-                    HeaderValueNoCache);
-
-                Response.Headers.Set(
-                    HeaderNameExpires,
-                    HeaderValueMinusOne);
-
-                var shouldLogoutRedirect = Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
-
-                if (shouldLogoutRedirect && Response.StatusCode == 200)
-                {
-                    var query = Request.Query;
-                    var redirectUri = query.Get(Options.ReturnUrlParameter);
-                    if (!string.IsNullOrEmpty(redirectUri)
-                        && IsHostRelative(redirectUri))
-                    {
-                        var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
-                        Options.Notifications.ApplyRedirect(redirectContext);
-                    }
-                }
+                var shouldLogoutRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
+                ApplyHeaders(shouldLogoutRedirect);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
+                    CookieExceptionContext.ExceptionLocation.SignOut, exception, ticket);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
                 }
             }
+        }
 
+        private void ApplyHeaders(bool shouldRedirectToReturnUrl = false)
+        {
+            Response.Headers.Set(HeaderNameCacheControl, HeaderValueNoCache);
+            Response.Headers.Set(HeaderNamePragma, HeaderValueNoCache);
+            Response.Headers.Set(HeaderNameExpires, HeaderValueMinusOne);
+
+            if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
+            {
+                var query = Request.Query;
+                var redirectUri = query.Get(Options.ReturnUrlParameter);
+                if (!string.IsNullOrEmpty(redirectUri)
+                    && IsHostRelative(redirectUri))
+                {
+                    var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
+                    Options.Notifications.ApplyRedirect(redirectContext);
+                }
+            }
         }
 
         private static bool IsHostRelative(string path)
@@ -387,36 +377,34 @@ namespace Microsoft.AspNet.Authentication.Cookies
         protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
             // HandleForbidden by redirecting to AccessDeniedPath if set
-            if (Options.AccessDeniedPath.HasValue)
-            {
-                try
-                {
-                    var accessDeniedUri =
-                        Request.Scheme +
-                        "://" +
-                        Request.Host +
-                        Request.PathBase +
-                        Options.AccessDeniedPath;
-
-                    var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
-                    Options.Notifications.ApplyRedirect(redirectContext);
-                }
-                catch (Exception exception)
-                {
-                    var exceptionContext = new CookieExceptionContext(Context, Options,
-                        CookieExceptionContext.ExceptionLocation.ApplyResponseChallenge, exception, ticket: null);
-                    Options.Notifications.Exception(exceptionContext);
-                    if (exceptionContext.Rethrow)
-                    {
-                        throw;
-                    }
-                }
-                return Task.FromResult(true);
-            }
-            else
+            if (!Options.AccessDeniedPath.HasValue)
             {
                 return base.HandleForbiddenAsync(context);
             }
+
+            try
+            {
+                var accessDeniedUri =
+                    Request.Scheme +
+                    "://" +
+                    Request.Host +
+                    OriginalPathBase +
+                    Options.AccessDeniedPath;
+
+                var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
+                Options.Notifications.ApplyRedirect(redirectContext);
+            }
+            catch (Exception exception)
+            {
+                var exceptionContext = new CookieExceptionContext(Context, Options,
+                    CookieExceptionContext.ExceptionLocation.Forbidden, exception, ticket: null);
+                Options.Notifications.Exception(exceptionContext);
+                if (exceptionContext.Rethrow)
+                {
+                    throw;
+                }
+            }
+            return Task.FromResult(true);
         }
 
         protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
@@ -431,27 +419,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 if (string.IsNullOrEmpty(redirectUri))
                 {
-                    redirectUri =
-                        Request.PathBase +
-                        Request.Path +
-                        Request.QueryString;
+                    redirectUri = OriginalPathBase + Request.Path + Request.QueryString;
                 }
 
-                var loginUri =
-                    Request.Scheme +
-                    "://" +
-                    Request.Host +
-                    Request.PathBase +
-                    Options.LoginPath +
-                    QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-
-                var redirectContext = new CookieApplyRedirectContext(Context, Options, loginUri);
+                var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
+                var redirectContext = new CookieApplyRedirectContext(Context, Options, BuildRedirectUri(loginUri));
                 Options.Notifications.ApplyRedirect(redirectContext);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.ApplyResponseChallenge, exception, ticket: null);
+                    CookieExceptionContext.ExceptionLocation.Unauthorized, exception, ticket: null);
                 Options.Notifications.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
index 0d51f95d44..1b66997ec3 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
@@ -48,14 +48,30 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Authenticate,
 
             /// <summary>
-            /// The exception was reported in the ApplyResponseGrant code path, during sign-in, sign-out, or refresh.
+            /// The exception was reported in the FinishResponse code path, during sign-in, sign-out, or refresh.
             /// </summary>
-            ApplyResponseGrant,
+            FinishResponse,
 
             /// <summary>
-            /// The exception was reported in the ApplyResponseChallenge code path, during redirect generation.
+            /// The exception was reported in the Unauthorized code path, during redirect generation.
             /// </summary>
-            ApplyResponseChallenge,
+            Unauthorized,
+
+            /// <summary>
+            /// The exception was reported in the Forbidden code path, during redirect generation.
+            /// </summary>
+            Forbidden,
+
+            /// <summary>
+            /// The exception was reported in the SignIn code path
+            /// </summary>
+            SignIn,
+
+            /// <summary>
+            /// The exception was reported in the SignOut code path
+            /// </summary>
+            SignOut,
+
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 64dd51bc4c..480c3da04b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -42,7 +42,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         public async Task<bool> InvokeReturnPathAsync()
         {
-            var ticket = await AuthenticateAsync();
+            var ticket = await HandleAuthenticateOnceAsync();
             if (ticket == null)
             {
                 Logger.LogWarning("Invalid return state, unable to redirect.");
@@ -78,7 +78,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return context.IsRequestCompleted;
         }
 
-        protected override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             try
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index fef3d857df..a163ec5378 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
         /// </summary>
         /// <returns></returns>
-        protected override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
         {
             string token = null;
             try
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index b3203bb8ab..3fa4097e99 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -224,7 +224,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
         /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
-        protected override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
         {
             Logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
 
@@ -903,7 +903,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<bool> InvokeReplyPathAsync()
         {
-            var ticket = await AuthenticateAsync();
+            var ticket = await HandleAuthenticateOnceAsync();
             if (ticket != null)
             {
                 if (ticket.Principal != null)
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 51229df9f8..19df41b908 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -44,7 +44,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             return false;
         }
 
-        protected override async Task<AuthenticationTicket> AuthenticateAsync()
+        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             try
@@ -169,7 +169,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         public async Task<bool> InvokeReturnPathAsync()
         {
-            var model = await AuthenticateAsync();
+            var model = await HandleAuthenticateOnceAsync();
             if (model == null)
             {
                 Logger.LogWarning("Invalid return state, unable to redirect.");
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 7dff2c0944..623ac82f9c 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -38,6 +38,8 @@ namespace Microsoft.AspNet.Authentication
 
         protected PathString OriginalPathBase { get; private set; }
 
+        protected PathString OriginalPath { get; private set; }
+
         protected ILogger Logger { get; private set; }
 
         protected IUrlEncoder UrlEncoder { get; private set; }
@@ -62,6 +64,7 @@ namespace Microsoft.AspNet.Authentication
             _baseOptions = options;
             Context = context;
             OriginalPathBase = Request.PathBase;
+            OriginalPath = Request.Path;
             Logger = logger;
             UrlEncoder = encoder;
 
@@ -72,7 +75,7 @@ namespace Microsoft.AspNet.Authentication
             // Automatic authentication is the empty scheme
             if (ShouldHandleScheme(string.Empty))
             {
-                var ticket = await AuthenticateOnceAsync();
+                var ticket = await HandleAuthenticateOnceAsync();
                 if (ticket?.Principal != null)
                 {
                     Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
@@ -157,13 +160,10 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        protected Task<AuthenticationTicket> AuthenticateOnceAsync()
+        public bool ShouldHandleScheme(string authenticationScheme)
         {
-            if (_authenticateTask == null)
-            {
-                _authenticateTask = AuthenticateAsync();
-            }
-            return _authenticateTask;
+            return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
+                (BaseOptions.AutomaticAuthentication && string.IsNullOrEmpty(authenticationScheme));
         }
 
         public async Task AuthenticateAsync(AuthenticateContext context)
@@ -171,11 +171,10 @@ namespace Microsoft.AspNet.Authentication
             if (ShouldHandleScheme(context.AuthenticationScheme))
             {
                 // Calling Authenticate more than once should always return the original value. 
-                var ticket = await AuthenticateOnceAsync();
+                var ticket = await HandleAuthenticateOnceAsync();
                 if (ticket?.Principal != null)
                 {
                     context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
-                    _authenticateTask = Task.FromResult(ticket);
                 }
                 else
                 {
@@ -189,14 +188,17 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        protected abstract Task<AuthenticationTicket> AuthenticateAsync();
-
-        public bool ShouldHandleScheme(string authenticationScheme)
+        protected Task<AuthenticationTicket> HandleAuthenticateOnceAsync()
         {
-            return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
-                (BaseOptions.AutomaticAuthentication && string.IsNullOrWhiteSpace(authenticationScheme));
+            if (_authenticateTask == null)
+            {
+                _authenticateTask = HandleAuthenticateAsync();
+            }
+            return _authenticateTask;
         }
 
+        protected abstract Task<AuthenticationTicket> HandleAuthenticateAsync();
+
         public async Task SignInAsync(SignInContext context)
         {
             if (ShouldHandleScheme(context.AuthenticationScheme))
@@ -270,7 +272,7 @@ namespace Microsoft.AspNet.Authentication
                 {
                     case ChallengeBehavior.Automatic:
                         // If there is a principal already, invoke the forbidden code path
-                        var ticket = await AuthenticateAsync();
+                        var ticket = await HandleAuthenticateOnceAsync();
                         if (ticket?.Principal != null)
                         {
                             handled = await HandleForbiddenAsync(context);
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
index 360692e0e6..01d232a9cc 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
@@ -43,8 +43,7 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
             var principal = model.Principal;
             if (principal == null)
             {
-                // Use -1 to signal null
-                writer.Write(-1);
+                throw new ArgumentNullException("model.Principal");
             }
             else
             {
@@ -75,37 +74,36 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
             {
                 return null;
             }
-            string authenticationScheme = reader.ReadString();
-            int identityCount = reader.ReadInt32();
-            ClaimsPrincipal principal = null;
+            var authenticationScheme = reader.ReadString();
+            var identityCount = reader.ReadInt32();
 
-            // Negative values are used to signify null
-            if (identityCount >= 0)
+            if (identityCount < 0)
             {
-                var identities = new ClaimsIdentity[identityCount];
-                for (int i = 0; i != identityCount; ++i)
+                return null;
+            }
+
+            var identities = new ClaimsIdentity[identityCount];
+            for (var i = 0; i != identityCount; ++i)
+            {
+                var authenticationType = reader.ReadString();
+                var nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
+                var roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
+                var count = reader.ReadInt32();
+                var claims = new Claim[count];
+                for (int index = 0; index != count; ++index)
                 {
-                    string authenticationType = reader.ReadString();
-                    string nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
-                    string roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
-                    int count = reader.ReadInt32();
-                    var claims = new Claim[count];
-                    for (int index = 0; index != count; ++index)
-                    {
-                        string type = ReadWithDefault(reader, nameClaimType);
-                        string value = reader.ReadString();
-                        string valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
-                        string issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
-                        string originalIssuer = ReadWithDefault(reader, issuer);
-                        claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
-                    }
-                    identities[i] = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
+                    var type = ReadWithDefault(reader, nameClaimType);
+                    var value = reader.ReadString();
+                    var valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
+                    var issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
+                    var originalIssuer = ReadWithDefault(reader, issuer);
+                    claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
                 }
-                principal = new ClaimsPrincipal(identities);
+                identities[i] = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
             }
 
             var properties = PropertiesSerializer.Read(reader);
-            return new AuthenticationTicket(principal, properties, authenticationScheme);
+            return new AuthenticationTicket(new ClaimsPrincipal(identities), properties, authenticationScheme);
         }
 
         private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
@@ -122,7 +120,7 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
 
         private static string ReadWithDefault(BinaryReader reader, string defaultValue)
         {
-            string value = reader.ReadString();
+            var value = reader.ReadString();
             if (string.Equals(value, DefaultValues.DefaultStringPlaceholder, StringComparison.Ordinal))
             {
                 return defaultValue;
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index adb5bccb62..2a3a9044f1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -32,6 +32,20 @@ namespace Microsoft.AspNet.Authentication
             Assert.True(handler.ShouldHandleScheme(""));
         }
 
+        [Fact]
+        public void AutomaticHandlerHandlesNullScheme()
+        {
+            var handler = new TestAutoHandler("ignored", true);
+            Assert.True(handler.ShouldHandleScheme(null));
+        }
+
+        [Fact]
+        public void AutomaticHandlerIgnoresWhitespaceScheme()
+        {
+            var handler = new TestAutoHandler("ignored", true);
+            Assert.False(handler.ShouldHandleScheme("    "));
+        }
+
         [Fact]
         public void AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
         {
@@ -53,6 +67,37 @@ namespace Microsoft.AspNet.Authentication
             Assert.False(handler.ShouldHandleScheme("Alpha"));
         }
 
+        [Theory]
+        [InlineData("Alpha")]
+        [InlineData("")]
+        public async Task AuthHandlerAuthenticateCachesTicket(string scheme)
+        {
+            var handler = new CountHandler(scheme);
+            var context = new AuthenticateContext(scheme);
+            await handler.AuthenticateAsync(context);
+            await handler.AuthenticateAsync(context);
+            Assert.Equal(1, handler.AuthCount);
+        }
+
+        private class CountHandler : AuthenticationHandler<AuthenticationOptions>
+        {
+            public int AuthCount = 0;
+
+            public CountHandler(string scheme)
+            {
+                Initialize(new TestOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                Options.AuthenticationScheme = scheme;
+                Options.AutomaticAuthentication = true;
+            }
+
+            protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
+            {
+                AuthCount++;
+                return Task.FromResult(new AuthenticationTicket(null, null));
+            }
+
+        }
+
         private class TestHandler : AuthenticationHandler<AuthenticationOptions>
         {
             public TestHandler(string scheme)
@@ -61,7 +106,7 @@ namespace Microsoft.AspNet.Authentication
                 Options.AuthenticationScheme = scheme;
             }
 
-            protected override Task<AuthenticationTicket> AuthenticateAsync()
+            protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
             {
                 throw new NotImplementedException();
             }
@@ -86,7 +131,7 @@ namespace Microsoft.AspNet.Authentication
                 Options.AutomaticAuthentication = auto;
             }
 
-            protected override Task<AuthenticationTicket> AuthenticateAsync()
+            protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
             {
                 throw new NotImplementedException();
             }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 42de3e8ad9..de511a994d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -371,6 +371,36 @@ namespace Microsoft.AspNet.Authentication.Cookies
             FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe(null);
         }
 
+        [Fact]
+        public async Task CookieCanBeRejectedAndSignedOutByValidator()
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = false;
+                options.Notifications = new CookieAuthenticationNotifications
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.RejectPrincipal();
+                        ctx.HttpContext.Authentication.SignOutAsync("Cookies");
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.Authentication.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            transaction2.SetCookie.ShouldContain(".AspNet.Cookies=; expires=");
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe(null);
+        }
+
         [Fact]
         public async Task CookieCanBeRenewedByValidator()
         {
@@ -671,6 +701,149 @@ namespace Microsoft.AspNet.Authentication.Cookies
             transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
         }
 
+        [Fact]
+        public async Task MapWillNotAffectChallenge()
+        {
+            var server = TestServer.Create(app =>
+                {
+                    app.UseCookieAuthentication(options => options.LoginPath = new PathString("/page"));
+                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
+                },
+                services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com/login");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            var location = transaction.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/page");
+            location.Query.ShouldBe("?ReturnUrl=%2F");
+        }
+
+        [Fact]
+        public async Task MapWithSignInOnlyRedirectToReturnUrlOnLoginPath()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
+                app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies", 
+                    new ClaimsPrincipal())));
+            },
+                services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com/notlogin?ReturnUrl=%2Fpage");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            transaction.SetCookie.ShouldNotBe(null);
+        }
+
+        [Fact]
+        public async Task MapWillNotAffectSignInRedirectToReturnUrl()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
+                app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
+                    new ClaimsPrincipal())));
+            },
+            services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com/login?ReturnUrl=%2Fpage");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.SetCookie.ShouldNotBe(null);
+
+            var location = transaction.Response.Headers.Location;
+            location.OriginalString.ShouldBe("/page");
+        }
+
+        [Fact]
+        public async Task MapWithSignOutOnlyRedirectToReturnUrlOnLogoutPath()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
+                app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+            },
+            services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com/notlogout?ReturnUrl=%2Fpage");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            transaction.SetCookie[0].ShouldContain(".AspNet.Cookies=; expires=");
+        }
+
+        [Fact]
+        public async Task MapWillNotAffectSignOutRedirectToReturnUrl()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
+                app.Map("/logout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+            },
+            services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com/logout?ReturnUrl=%2Fpage");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.SetCookie[0].ShouldContain(".AspNet.Cookies=; expires=");
+
+            var location = transaction.Response.Headers.Location;
+            location.OriginalString.ShouldBe("/page");
+        }
+
+        [Fact]
+        public async Task MapWillNotAffectAccessDenied()
+        {
+            var server = TestServer.Create(app =>
+                {
+                    app.UseCookieAuthentication(options => options.AccessDeniedPath = new PathString("/denied"));
+                    app.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
+                },
+                services => services.AddAuthentication());
+            var transaction = await server.SendAsync("http://example.com/forbid");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            var location = transaction.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/denied");
+        }
+
+        [Fact]
+        public async Task NestedMapWillNotAffectLogin()
+        {
+            var server = TestServer.Create(app =>
+                app.Map("/base", map =>
+                {
+                    map.UseCookieAuthentication(options => options.LoginPath = new PathString("/page"));
+                    map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
+                }),
+                services => services.AddAuthentication());
+            var transaction = await server.SendAsync("http://example.com/base/login");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            var location = transaction.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/base/page");
+            location.Query.ShouldBe("?ReturnUrl=%2F");
+        }
+
+        [Fact]
+        public async Task NestedMapWillNotAffectAccessDenied()
+        {
+            var server = TestServer.Create(app =>
+                app.Map("/base", map =>
+                {
+                    map.UseCookieAuthentication(options => options.AccessDeniedPath = new PathString("/denied"));
+                    map.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
+                }),
+                services => services.AddAuthentication());
+            var transaction = await server.SendAsync("http://example.com/base/forbid");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+
+            var location = transaction.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/base/denied");
+        }
+
         private static string FindClaimValue(Transaction transaction, string claimType)
         {
             var claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
index bf3dbaec5e..2e9978d0bd 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.IO;
 using System.Linq;
 using System.Security.Claims;
@@ -14,7 +15,7 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
     public class TicketSerializerTests
     {
         [Fact]
-        public void CanRoundTripNullPrincipal()
+        public void NullPrincipalThrows()
         {
             var properties = new AuthenticationProperties();
             properties.RedirectUri = "bye";
@@ -24,12 +25,7 @@ namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
             using (var writer = new BinaryWriter(stream))
             using (var reader = new BinaryReader(stream))
             {
-                TicketSerializer.Write(writer, ticket);
-                stream.Position = 0;
-                var readTicket = TicketSerializer.Read(reader);
-                readTicket.Principal.ShouldBe(null);
-                readTicket.Properties.RedirectUri.ShouldBe("bye");
-                readTicket.AuthenticationScheme.ShouldBe("Hello");
+                Assert.Throws<ArgumentNullException>(() => TicketSerializer.Write(writer, ticket));
             }
         }
 

From 54128e813748e5143b3827c834a5b05cedd05916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Thu, 28 May 2015 21:03:59 +0200
Subject: [PATCH 274/900] Add response_mode=query support for OpenID Connect

---
 .../OpenIdConnectAuthenticationHandler.cs     | 26 +++++++++++++++++--
 .../OpenIdConnectAuthenticationOptions.cs     |  2 +-
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 3fa4097e99..ac28e3434f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -139,11 +139,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // [brentschmaltz] - #215 this should be a property on RedirectToIdentityProviderNotification not on the OIDCMessage.
                 RequestType = OpenIdConnectRequestType.AuthenticationRequest,
                 Resource = Options.Resource,
-                ResponseMode = Options.ResponseMode,
                 ResponseType = Options.ResponseType,
                 Scope = Options.Scope
             };
 
+            // Omitting the response_mode parameter when it already corresponds to the default
+            // response_mode used for the specified response_type is recommended by the specifications.
+            // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
+            if (!string.Equals(Options.ResponseType, OpenIdConnectResponseTypes.Code, StringComparison.Ordinal) ||
+                !string.Equals(Options.ResponseMode, OpenIdConnectResponseModes.Query, StringComparison.Ordinal))
+            {
+                message.ResponseMode = Options.ResponseMode;
+            }
+
             if (Options.ProtocolValidator.RequireNonce)
             {
                 message.Nonce = Options.ProtocolValidator.GenerateNonce();
@@ -236,8 +244,22 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             OpenIdConnectMessage message = null;
 
+            if (string.Equals(Request.Method, "GET", StringComparison.OrdinalIgnoreCase))
+            {
+                message = new OpenIdConnectMessage(Request.Query);
+
+                // response_mode=query (explicit or not) and a response_type containing id_token
+                // or token are not considered as a safe combination and MUST be rejected.
+                // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
+                if (!string.IsNullOrWhiteSpace(message.IdToken) || !string.IsNullOrWhiteSpace(message.Token))
+                {
+                    Logger.LogError("An OpenID Connect response cannot contain an identity token " +
+                                    "or an access token when using response_mode=query");
+                    return null;
+                }
+            }
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
-            if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
+            else if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
               && !string.IsNullOrWhiteSpace(Request.ContentType)
               // May have media/type; charset=utf-8, allow partial match.
               && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index df8f0e9d58..c8f465a124 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -239,7 +239,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Gets or sets the 'response_mode'.
         /// </summary>
-        public string ResponseMode { get; private set; }
+        public string ResponseMode { get; set; }
 
         /// <summary>
         /// Gets or sets the 'response_type'.

From dff40cf93df49511d67cc8dc66149df560e4b9df Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 16 Jul 2015 08:59:54 -0700
Subject: [PATCH 275/900] Updating to release NuGet.config

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 2a2b3aab07..0e74a4912d 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <clear />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
-    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
 </configuration>

From f030d8c764ba2089e316cb9f4dcf0ebd0a243105 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 16 Jul 2015 09:33:25 -0700
Subject: [PATCH 276/900] Adding back AzureAD feed

---
 NuGet.Config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/NuGet.Config b/NuGet.Config
index 0e74a4912d..ba5ab3d0b8 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -4,5 +4,6 @@
     <clear />
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
+    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstackrelease"/>
   </packageSources>
 </configuration>

From 73d4440a25adb1f3ad72d8c0dd43f2dd6e0262c5 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 16 Jul 2015 11:56:48 -0700
Subject: [PATCH 277/900] API review: nuke notification namespaces

---
 samples/CookieSessionSample/MemoryCacheSessionStore.cs      | 2 +-
 .../{Infrastructure => }/ChunkingCookieManager.cs           | 2 +-
 .../{Infrastructure => }/Constants.cs                       | 2 +-
 .../CookieAuthenticationMiddleware.cs                       | 2 --
 .../CookieAuthenticationOptions.cs                          | 1 -
 .../{Infrastructure => }/IAuthenticationSessionStore.cs     | 2 +-
 .../{Infrastructure => }/ICookieManager.cs                  | 2 +-
 .../Notifications/CookieApplyRedirectContext.cs             | 1 -
 .../Notifications/CookieExceptionContext.cs                 | 1 -
 .../Notifications/CookieResponseSignInContext.cs            | 1 -
 .../Notifications/CookieResponseSignOutContext.cs           | 1 -
 .../Notifications/CookieResponseSignedInContext.cs          | 1 -
 .../Notifications/CookieValidateIdentityContext.cs          | 2 --
 .../Notifications/ICookieAuthenticationNotifications.cs     | 1 -
 .../Notifications/BaseValidatingContext.cs                  | 1 -
 .../Notifications/OAuthApplyRedirectContext.cs              | 1 -
 .../Notifications/OAuthAuthenticatedContext.cs              | 1 -
 .../Notifications/OAuthChallengeContext.cs                  | 1 -
 .../Notifications/OAuthRequestTokenContext.cs               | 1 -
 .../Notifications/OAuthReturnEndpointContext.cs             | 1 -
 .../OAuthAuthenticationHandler.cs                           | 1 -
 .../OAuthAuthenticationMiddleware.cs                        | 1 -
 .../Notifications/AuthenticationChallengeNotification.cs    | 1 -
 .../Notifications/OAuthBearerAuthenticationNotifications.cs | 1 -
 .../OAuthBearerAuthenticationHandler.cs                     | 1 -
 .../Notifications/AuthorizationCodeReceivedNotification.cs  | 3 +--
 .../Notifications/AuthorizationCodeRedeemedNotification.cs  | 6 ++----
 .../OpenIdConnectAuthenticationNotifications.cs             | 1 -
 .../OpenIdConnectAuthenticationHandler.cs                   | 1 -
 .../OpenIdConnectAuthenticationMiddleware.cs                | 3 ---
 .../Messages/AccessToken.cs                                 | 2 +-
 .../Messages/RequestToken.cs                                | 2 +-
 .../Messages/RequestTokenSerializer.cs                      | 3 +--
 .../Messages/Serializers.cs                                 | 4 +---
 .../Notifications/TwitterApplyRedirectContext.cs            | 1 -
 .../Notifications/TwitterAuthenticatedContext.cs            | 1 -
 .../Notifications/TwitterReturnEndpointContext.cs           | 1 -
 .../TwitterAuthenticationHandler.cs                         | 1 -
 .../TwitterAuthenticationMiddleware.cs                      | 3 ---
 .../TwitterAuthenticationOptions.cs                         | 1 -
 .../DataHandler/{Encoder => }/Base64TextEncoder.cs          | 2 +-
 .../DataHandler/{Encoder => }/Base64UrlTextEncoder.cs       | 2 +-
 .../DataHandler/{Serializer => }/DataSerializers.cs         | 3 +--
 .../DataHandler/{Serializer => }/IDataSerializer.cs         | 3 +--
 .../DataHandler/ISecureDataFormat.cs                        | 1 -
 .../DataHandler/{Encoder => }/ITextEncoder.cs               | 3 +--
 .../DataHandler/PropertiesDataFormat.cs                     | 4 +---
 .../DataHandler/{Serializer => }/PropertiesSerializer.cs    | 4 +---
 .../DataHandler/SecureDataFormat.cs                         | 5 +----
 .../DataHandler/{Encoder => }/TextEncodings.cs              | 3 +--
 .../DataHandler/TicketDataFormat.cs                         | 4 +---
 .../DataHandler/{Serializer => }/TicketSerializer.cs        | 2 +-
 .../Notifications/AuthenticationFailedNotification.cs       | 2 +-
 .../Notifications/BaseContext.cs                            | 3 +--
 .../Notifications/BaseContext`1.cs                          | 3 +--
 .../Notifications/BaseNotification.cs                       | 3 +--
 .../Notifications/EndpointContext.cs                        | 3 +--
 .../Notifications/EndpointContext`1.cs                      | 2 +-
 .../Notifications/MessageReceivedNotification.cs            | 2 +-
 .../Notifications/NotificationResultState.cs                | 3 +--
 .../RedirectFromIdentityProviderNotification.cs             | 2 +-
 .../Notifications/RedirectToIdentityProviderNotification.cs | 2 +-
 .../Notifications/ReturnEndpointContext.cs                  | 3 +--
 .../Notifications/SecurityTokenReceivedNotification.cs      | 2 +-
 .../Notifications/SecurityTokenValidatedNotification.cs     | 2 +-
 .../DataHandler/{Encoder => }/Base64UrlTextEncoderTests.cs  | 2 +-
 .../DataHandler/{Encoder => }/TicketSerializerTests.cs      | 3 +--
 .../Google/GoogleMiddlewareTests.cs                         | 1 -
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs     | 1 -
 69 files changed, 38 insertions(+), 102 deletions(-)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Infrastructure => }/ChunkingCookieManager.cs (99%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Infrastructure => }/Constants.cs (83%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Infrastructure => }/IAuthenticationSessionStore.cs (96%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Infrastructure => }/ICookieManager.cs (95%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{ => Notifications}/OpenIdConnectAuthenticationNotifications.cs (98%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Encoder => }/Base64TextEncoder.cs (88%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Encoder => }/Base64UrlTextEncoder.cs (93%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Serializer => }/DataSerializers.cs (90%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Serializer => }/IDataSerializer.cs (82%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Encoder => }/ITextEncoder.cs (82%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Serializer => }/PropertiesSerializer.cs (96%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Encoder => }/TextEncodings.cs (90%)
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Serializer => }/TicketSerializer.cs (98%)
 rename test/Microsoft.AspNet.Authentication.Test/DataHandler/{Encoder => }/Base64UrlTextEncoderTests.cs (93%)
 rename test/Microsoft.AspNet.Authentication.Test/DataHandler/{Encoder => }/TicketSerializerTests.cs (93%)

diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
index c07d706325..854b40fb20 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -1,7 +1,7 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.Caching.Memory;
 
 namespace CookieSessionSample
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
similarity index 99%
rename from src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
index 62ab42dd28..993d0e74ee 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
@@ -10,7 +10,7 @@ using Microsoft.Framework.Internal;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.Net.Http.Headers;
 
-namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs b/src/Microsoft.AspNet.Authentication.Cookies/Constants.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Constants.cs
index 6865cea0f9..c9d6194ba5 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/Constants.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Constants.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     internal static class Constants
     {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 70cafe854d..690e6d50d7 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -2,8 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
-using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 52660955cf..0d5e5c16bb 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs b/src/Microsoft.AspNet.Authentication.Cookies/IAuthenticationSessionStore.cs
similarity index 96%
rename from src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/IAuthenticationSessionStore.cs
index 6b2886d0ac..25de38de11 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/IAuthenticationSessionStore.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/IAuthenticationSessionStore.cs
@@ -2,7 +2,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// This provides an abstract storage mechanic to preserve identity information on the server
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ICookieManager.cs
similarity index 95%
rename from src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/ICookieManager.cs
index cffde3869f..0aa9855ee3 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Infrastructure/ICookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ICookieManager.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// This is used by the CookieAuthenticationMiddleware to process request and response cookies.
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
index 9083ed817c..aeea8f9633 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
@@ -3,7 +3,6 @@
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
index 1b66997ec3..62ec2eb934 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
index f894231ae8..b931a7c484 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
@@ -4,7 +4,6 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
index 260a31ad9f..f33295af57 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
index df88fef98c..725a900544 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
@@ -4,7 +4,6 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
index 01c9b920f8..5a95fe639f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
@@ -2,10 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using System.Security.Principal;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
index 3364207af5..365396a924 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Threading.Tasks;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
index 1dec378602..7ce31e63f8 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
index 71c61f261c..86ec2d62a9 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
@@ -3,7 +3,6 @@
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
index e423e9244f..5e5574f825 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
@@ -5,7 +5,6 @@ using System;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Internal;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
index 00560432db..b9eccd02f1 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
index 8af4bf6c6e..54a3dac80a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
index 222420797f..dcf9f2d366 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 480c3da04b..f99f99d666 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -8,7 +8,6 @@ using System.Net.Http.Headers;
 using System.Security.Cryptography;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.DataHandler.Encoder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Extensions;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index c1c884810d..f8a4135fd3 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -5,7 +5,6 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
-using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
index a3bc8af031..f9a4b8b87f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
index 648ff036d3..ffc0b9fc4f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 /// <summary>
 /// Specifies events which the <see cref="OAuthBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index a163ec5378..a67e92223f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -5,7 +5,6 @@ using System;
 using System.IdentityModel.Tokens;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
index 740a0e63c6..9333bea42a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
@@ -2,12 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.IdentityModel.Protocols;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// This Notification can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
index 5d8a106867..8289e521bd 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
@@ -1,9 +1,7 @@
-using System;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http;
 using Microsoft.IdentityModel.Protocols;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// This Notification can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
similarity index 98%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
index 81eeb08d32..10ef1ddfab 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.IdentityModel.Protocols;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index ac28e3434f..8653a261c4 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -10,7 +10,6 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.Notifications;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 29f1144aaf..7c67f8ef7a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -7,9 +7,6 @@ using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.Net.Http;
 using System.Text;
-using Microsoft.AspNet.Authentication.DataHandler;
-using Microsoft.AspNet.Authentication.DataHandler.Encoder;
-using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
index f723da7426..880cf69d93 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// The Twitter access token retrieved from the access token endpoint.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
index 963ad1d7dc..94a766e020 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// The Twitter request token obtained from the request token endpoint.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index 21ef478a8e..b16a430cc4 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -3,11 +3,10 @@
 
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
-using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Internal;
 
-namespace Microsoft.AspNet.Authentication.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// Serializes and deserializes Twitter request and access tokens so that they can be used by other application components.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
index b40ac22c12..2476dac5ec 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
@@ -1,9 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication.DataHandler.Serializer;
-
-namespace Microsoft.AspNet.Authentication.Twitter.Messages
+namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
     /// Provides access to a request token serializer.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
index 2186644ed8..90bfd92a2a 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
@@ -3,7 +3,6 @@
 
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
index 9cf3b085c7..0ebd2bf91c 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
@@ -4,7 +4,6 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
index 6d71bc95fe..f6786988e3 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Notifications;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 19df41b908..d6fea526dc 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -9,7 +9,6 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.Twitter.Messages;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 1536bd8070..e555e84b24 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -5,9 +5,6 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
-using Microsoft.AspNet.Authentication.DataHandler;
-using Microsoft.AspNet.Authentication.DataHandler.Encoder;
-using Microsoft.AspNet.Authentication.Twitter.Messages;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index 73cac04563..ba85b77ba4 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -5,7 +5,6 @@ using System;
 using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.Twitter.Messages;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Base64TextEncoder.cs
similarity index 88%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Base64TextEncoder.cs
index 073795f260..f56b6f2088 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64TextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Base64TextEncoder.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication
 {
     public class Base64TextEncoder : ITextEncoder
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Base64UrlTextEncoder.cs
similarity index 93%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/Base64UrlTextEncoder.cs
index 28d74196fa..df3319d9f6 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/Base64UrlTextEncoder.cs
@@ -4,7 +4,7 @@
 using System;
 using Microsoft.Framework.Internal;
 
-namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication
 {
     public class Base64UrlTextEncoder : ITextEncoder
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs b/src/Microsoft.AspNet.Authentication/DataHandler/DataSerializers.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/DataSerializers.cs
index 0c185a9b2f..eda821414a 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/DataSerializers.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/DataSerializers.cs
@@ -1,10 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication
 {
     public static class DataSerializers
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/IDataSerializer.cs
similarity index 82%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/IDataSerializer.cs
index d6cfd18b20..4fc7b49bec 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/IDataSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/IDataSerializer.cs
@@ -1,8 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication
 {
     public interface IDataSerializer<TModel>
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
index e9587de000..cd31bd2a32 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 namespace Microsoft.AspNet.Authentication
 {
     public interface ISecureDataFormat<TData>
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/ITextEncoder.cs
similarity index 82%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/ITextEncoder.cs
index 953fb62329..2bcf3f8bac 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/ITextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/ITextEncoder.cs
@@ -1,8 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication
 {
     public interface ITextEncoder
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
index 127554ad8e..d02b0c30b7 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
@@ -3,10 +3,8 @@
 
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication.DataHandler.Encoder;
-using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Authentication.DataHandler
+namespace Microsoft.AspNet.Authentication
 {
     public class PropertiesDataFormat : SecureDataFormat<AuthenticationProperties>
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
similarity index 96%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
index 5120219ffa..d3957b7221 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
@@ -1,15 +1,13 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Internal;
 
-namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication
 {
     public class PropertiesSerializer : IDataSerializer<AuthenticationProperties>
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
index 6221e498ab..258bba52ea 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
@@ -1,13 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Authentication.DataHandler.Encoder;
-using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Authentication.DataHandler
+namespace Microsoft.AspNet.Authentication
 {
     public class SecureDataFormat<TData> : ISecureDataFormat<TData>
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TextEncodings.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/TextEncodings.cs
index 5e6bbde93b..ddb11f5999 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Encoder/TextEncodings.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TextEncodings.cs
@@ -1,8 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication
 {
     public static class TextEncodings
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
index 6dd719aecc..0f4dbd44fc 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
@@ -2,10 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Authentication.DataHandler.Encoder;
-using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 
-namespace Microsoft.AspNet.Authentication.DataHandler
+namespace Microsoft.AspNet.Authentication
 {
     public class TicketDataFormat : SecureDataFormat<AuthenticationTicket>
     {
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
similarity index 98%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
index 01d232a9cc..310b2b03a8 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Serializer/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
@@ -7,7 +7,7 @@ using System.Linq;
 using System.Security.Claims;
 using Microsoft.Framework.Internal;
 
-namespace Microsoft.AspNet.Authentication.DataHandler.Serializer
+namespace Microsoft.AspNet.Authentication
 {
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
index 4f912dc1cd..676072238d 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
@@ -4,7 +4,7 @@
 using System;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public class AuthenticationFailedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
index 4215020dca..0286871e98 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
@@ -1,10 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public abstract class BaseContext
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
index b124fa7178..24a8ef53d4 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
@@ -1,10 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Base class used for certain event contexts
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
index 50b626d1ad..8cd7424244 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
@@ -1,10 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public class BaseNotification<TOptions> : BaseContext<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
index 096de20eef..e8b93e9e38 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
@@ -1,10 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public abstract class EndpointContext : BaseContext
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
index f7a9a1e97e..3f56a3a176 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
@@ -4,7 +4,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// Base class used for certain event contexts
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
index 32df87bab8..dc64a7a504 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public class MessageReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs b/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
index 7434ebd82b..76fb0a7622 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
@@ -1,10 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public enum NotificationResultState
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
index 970d9d718b..61387bc910 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public class RedirectFromIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
index d8b7dcac97..be8ac62b46 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
@@ -5,7 +5,7 @@ using System;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// When a user configures the <see cref="AuthenticationMiddleware{TOptions}"/> to be notified prior to redirecting to an IdentityProvider
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
index ac4fa7b3c7..77c903f457 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
@@ -1,13 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public abstract class ReturnEndpointContext : EndpointContext
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
index a0208b8b33..5e73c1cafe 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public class SecurityTokenReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
index 82c641ca11..12f520d7e5 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Notifications
+namespace Microsoft.AspNet.Authentication
 {
     public class SecurityTokenValidatedNotification<TMessage, TOptions> : BaseNotification<TOptions>
     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
similarity index 93%
rename from test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
index a345241d2c..0df9232b7c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/Base64UrlTextEncoderTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
@@ -4,7 +4,7 @@
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication
 {
     public class Base64UrlTextEncoderTests
     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
similarity index 93%
rename from test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
index 2e9978d0bd..b1eaa07095 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Encoder/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
@@ -5,12 +5,11 @@ using System;
 using System.IO;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.AspNet.Authentication.DataHandler.Serializer;
 using Microsoft.AspNet.Http.Authentication;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.DataHandler.Encoder
+namespace Microsoft.AspNet.Authentication
 {
     public class TicketSerializerTests
     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index e1b8edfec5..a37b0f716a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -8,7 +8,6 @@ using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 42799750c7..6ef50be516 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -6,7 +6,6 @@ using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.DataHandler;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;

From 5a2499eb2210f20b7618aedaecff4ddecb7af15a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 16 Jul 2015 12:43:03 -0700
Subject: [PATCH 278/900] Rename ExternalAuthenticationOptions => Shared

---
 samples/OpenIdConnectSample/Startup.cs               |  2 +-
 samples/SocialSample/Startup.cs                      |  2 +-
 .../FacebookAuthenticationMiddleware.cs              |  9 ++++++---
 .../GoogleAuthenticationMiddleware.cs                |  7 +++++--
 .../MicrosoftAccountAuthenticationMiddleware.cs      |  7 +++++--
 .../OAuthAuthenticationMiddleware.cs                 |  4 ++--
 .../OAuthAuthenticationOptions.cs                    |  2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs         |  9 ++++++---
 .../TwitterAuthenticationMiddleware.cs               | 12 +++++++-----
 .../TwitterAuthenticationOptions.cs                  |  2 +-
 ...tionOptions.cs => SharedAuthenticationOptions.cs} |  2 +-
 .../Facebook/FacebookMiddlewareTests.cs              |  4 ++--
 .../Google/GoogleMiddlewareTests.cs                  |  2 +-
 .../MicrosoftAccountMiddlewareTests.cs               |  2 +-
 ...AuthenticationMiddlewareForTestingAuthenticate.cs |  4 ++--
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs    |  2 +-
 .../Twitter/TwitterMiddlewareTests.cs                |  2 +-
 17 files changed, 44 insertions(+), 30 deletions(-)
 rename src/Microsoft.AspNet.Authentication/{ExternalAuthenticationOptions.cs => SharedAuthenticationOptions.cs} (92%)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 3023a55aaa..00652c32f5 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -15,7 +15,7 @@ namespace OpenIdConnectSample
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication();
-            services.Configure<ExternalAuthenticationOptions>(options =>
+            services.Configure<SharedAuthenticationOptions>(options =>
             {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             });
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index bce45cb7a9..cad2f0a707 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -22,7 +22,7 @@ namespace CookieSample
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication();
-            services.Configure<ExternalAuthenticationOptions>(options =>
+            services.Configure<SharedAuthenticationOptions>(options =>
             {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             });
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index 1184f4479e..d327f9dca5 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -21,19 +21,22 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <summary>
         /// Initializes a new <see cref="FacebookAuthenticationMiddleware"/>.
         /// </summary>
-        /// <param name="next">The next middleware in the application pipeline to invoke.</param>
+        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
+        /// <param name="encoder"></param>
+        /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
+        /// <param name="configureOptions"></param>
         public FacebookAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
             [NotNull] IOptions<FacebookAuthenticationOptions> options,
             ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
         {
             if (string.IsNullOrWhiteSpace(Options.AppId))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
index 3f07bc0e9e..b4d6cee923 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
@@ -24,16 +24,19 @@ namespace Microsoft.AspNet.Authentication.Google
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
+        /// <param name="encoder"></param>
+        /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
+        /// <param name="configureOptions"></param>
         public GoogleAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
             [NotNull] IOptions<GoogleAuthenticationOptions> options,
             ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
         {
             if (Options.Scope.Count == 0)
             {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
index e4f5751703..86da69893a 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
@@ -22,16 +22,19 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
+        /// <param name="encoder"></param>
+        /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
+        /// <param name="configureOptions"></param>
         public MicrosoftAccountAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
             [NotNull] IOptions<MicrosoftAccountAuthenticationOptions> options,
             ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options, configureOptions)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
         {
             if (Options.Scope.Count == 0)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index f8a4135fd3..5ac0521f3d 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -32,7 +32,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
             [NotNull] IOptions<TOptions> options,
             ConfigureOptions<TOptions> configureOptions = null)
             : base(next, options, loggerFactory, encoder, configureOptions)
@@ -77,7 +77,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                Options.SignInScheme = externalOptions.Options.SignInScheme;
+                Options.SignInScheme = sharedOptions.Options.SignInScheme;
             }
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 6244de1ef4..2796acfd19 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -100,7 +100,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Gets or sets the authentication scheme corresponding to the middleware
         /// responsible of persisting user's identity after a successful authentication.
         /// This value typically corresponds to a cookie middleware registered in the Startup class.
-        /// When omitted, <see cref="ExternalAuthenticationOptions.SignInScheme"/> is used as a fallback value.
+        /// When omitted, <see cref="SharedAuthenticationOptions.SignInScheme"/> is used as a fallback value.
         /// </summary>
         public string SignInScheme { get; set; }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 7c67f8ef7a..e3a05f58eb 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -31,6 +31,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="next">The next middleware in the ASP.NET pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"> provider for creating a data protector.</param>
         /// <param name="loggerFactory">factory for creating a <see cref="ILogger"/>.</param>
+        /// <param name="encoder"></param>
+        /// <param name="services"></param>
+        /// <param name="sharedOptions"></param>
         /// <param name="options">a <see cref="IOptions{OpenIdConnectAuthenticationOptions}"/> instance that will supply <see cref="OpenIdConnectAuthenticationOptions"/> 
         /// if configureOptions is null.</param>
         /// <param name="configureOptions">a <see cref="ConfigureOptions{OpenIdConnectAuthenticationOptions}"/> instance that will be passed to an instance of <see cref="OpenIdConnectAuthenticationOptions"/>
@@ -42,14 +45,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IServiceProvider services,
-            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
             [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
-            if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(externalOptions.Options.SignInScheme))
+            if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(sharedOptions.Options.SignInScheme))
             {
-                Options.SignInScheme = externalOptions.Options.SignInScheme;
+                Options.SignInScheme = sharedOptions.Options.SignInScheme;
             }
 
             if (Options.StateDataFormat == null)
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index e555e84b24..cc5faba732 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -26,16 +26,18 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// Initializes a <see cref="TwitterAuthenticationMiddleware"/>
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke</param>
-        /// <param name="services"></param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
+        /// <param name="encoder"></param>
+        /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware</param>
+        /// <param name="configureOptions"></param>
         public TwitterAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<ExternalAuthenticationOptions> externalOptions,
+            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
             [NotNull] IOptions<TwitterAuthenticationOptions> options,
             ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
             : base(next, options, loggerFactory, encoder, configureOptions)
@@ -55,7 +57,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             }
             if (Options.StateDataFormat == null)
             {
-                IDataProtector dataProtector = dataProtectionProvider.CreateProtector(
+                var dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(TwitterAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v1");
                 Options.StateDataFormat = new SecureDataFormat<RequestToken>(
                     Serializers.RequestToken,
@@ -65,7 +67,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                Options.SignInScheme = externalOptions.Options.SignInScheme;
+                Options.SignInScheme = sharedOptions.Options.SignInScheme;
             }
             if (string.IsNullOrEmpty(Options.SignInScheme))
             {
@@ -92,7 +94,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         private static HttpMessageHandler ResolveHttpMessageHandler(TwitterAuthenticationOptions options)
         {
-            HttpMessageHandler handler = options.BackchannelHttpHandler ??
+            var handler = options.BackchannelHttpHandler ??
 #if DNX451
                 new WebRequestHandler();
             // If they provided a validator, apply it or fail.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index ba85b77ba4..f5d40e8809 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -92,7 +92,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// Gets or sets the authentication scheme corresponding to the middleware
         /// responsible of persisting user's identity after a successful authentication.
         /// This value typically corresponds to a cookie middleware registered in the Startup class.
-        /// When omitted, <see cref="ExternalAuthenticationOptions.SignInScheme"/> is used as a fallback value.
+        /// When omitted, <see cref="SharedAuthenticationOptions.SignInScheme"/> is used as a fallback value.
         /// </summary>
         public string SignInScheme { get; set; }
 
diff --git a/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/SharedAuthenticationOptions.cs
similarity index 92%
rename from src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication/SharedAuthenticationOptions.cs
index 19bd05fa92..5a03a279fa 100644
--- a/src/Microsoft.AspNet.Authentication/ExternalAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/SharedAuthenticationOptions.cs
@@ -6,7 +6,7 @@ using System;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class ExternalAuthenticationOptions
+    public class SharedAuthenticationOptions
     {
         /// <summary>
         /// Gets or sets the authentication scheme corresponding to the default middleware
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 711c601ba5..285e368e95 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -47,7 +47,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                         options.AuthenticationScheme = "External";
                         options.AutomaticAuthentication = true;
                     });
-                    services.Configure<ExternalAuthenticationOptions>(options =>
+                    services.Configure<SharedAuthenticationOptions>(options =>
                     {
                         options.SignInScheme = "External";
                     });
@@ -146,7 +146,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     {
                         options.AuthenticationScheme = "External";
                     });
-                    services.Configure<ExternalAuthenticationOptions>(options =>
+                    services.Configure<SharedAuthenticationOptions>(options =>
                     {
                         options.SignInScheme = "External";
                     });
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index a37b0f716a..f75a97643a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -601,7 +601,7 @@ namespace Microsoft.AspNet.Authentication.Google
             services =>
             {
                 services.AddAuthentication();
-                services.Configure<ExternalAuthenticationOptions>(options =>
+                services.Configure<SharedAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
                 });
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 6ef50be516..ee5dcb526a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -218,7 +218,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             services =>
             {
                 services.AddAuthentication();
-                services.Configure<ExternalAuthenticationOptions>(options =>
+                services.Configure<SharedAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
                 });
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs
index b88438e0e6..80a17c12b7 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs
@@ -26,12 +26,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             ILoggerFactory loggerFactory,
             IUrlEncoder encoder,
             IServiceProvider services,
-            IOptions<ExternalAuthenticationOptions> externalOptions,
+            IOptions<SharedAuthenticationOptions> sharedOptions,
             IOptions<OpenIdConnectAuthenticationOptions> options,
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null,
             OpenIdConnectAuthenticationHandler handler = null
             )
-        : base(next, dataProtectionProvider, loggerFactory, encoder, services, externalOptions, options, configureOptions)
+        : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options, configureOptions)
         {
             _handler = handler;
             var customFactory = loggerFactory as InMemoryLoggerFactory;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index fc0533f883..7666ac4e39 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -366,7 +366,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             services =>
             {
                 services.AddAuthentication();
-                services.Configure<ExternalAuthenticationOptions>(options =>
+                services.Configure<SharedAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index eb5b00554d..c5ad93b502 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -171,7 +171,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             services =>
             {
                 services.AddAuthentication();
-                services.Configure<ExternalAuthenticationOptions>(options =>
+                services.Configure<SharedAuthenticationOptions>(options =>
                 {
                     options.SignInScheme = "External";
                 });

From 5bb5662e749440de3ac862c96e006ea204ab60c1 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 20 Jul 2015 16:36:25 -0700
Subject: [PATCH 279/900] Remove sync AuthZ APIs

---
 .../AuthorizationServiceExtensions.cs         | 50 -------------------
 .../DefaultAuthorizationService.cs            | 19 -------
 .../IAuthorizationHandler.cs                  |  1 -
 .../IAuthorizationService.cs                  | 18 -------
 .../PassThroughAuthorizationHandler.cs        |  8 ---
 .../DefaultAuthorizationServiceTests.cs       |  4 +-
 6 files changed, 2 insertions(+), 98 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
index 14951fa075..27b74c4a5b 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
@@ -58,55 +58,5 @@ namespace Microsoft.AspNet.Authorization
         {
             return service.AuthorizeAsync(user, resource: null, policyName: policyName);
         }
-
-        /// <summary>
-        /// Checks if a user meets a specific requirement for the specified resource
-        /// </summary>
-        /// <param name="user"></param>
-        /// <param name="resource"></param>
-        /// <param name="requirement"></param>
-        /// <returns></returns>
-        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] IAuthorizationRequirement requirement)
-        {
-            return service.Authorize(user, resource, new IAuthorizationRequirement[] { requirement });
-        }
-
-        /// <summary>
-        /// Checks if a user meets a specific authorization policy
-        /// </summary>
-        /// <param name="service">The authorization service.</param>
-        /// <param name="user">The user to check the policy against.</param>
-        /// <param name="resource">The resource the policy should be checked with.</param>
-        /// <param name="policy">The policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
-        {
-            return service.Authorize(user, resource, policy.Requirements.ToArray());
-        }
-
-        /// <summary>
-        /// Checks if a user meets a specific authorization policy
-        /// </summary>
-        /// <param name="service">The authorization service.</param>
-        /// <param name="user">The user to check the policy against.</param>
-        /// <param name="policy">The policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] AuthorizationPolicy policy)
-        {
-            return service.Authorize(user, resource: null, requirements: policy.Requirements.ToArray());
-        }
-
-        /// <summary>
-        /// Checks if a user meets a specific authorization policy
-        /// </summary>
-        /// <param name="service">The authorization service.</param>
-        /// <param name="user">The user to check the policy against.</param>
-        /// <param name="policyName">The name of the policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        public static bool Authorize([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] string policyName)
-        {
-            return service.Authorize(user, resource: null, policyName: policyName);
-        }
-
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index bb3d888298..522b9d3231 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -21,25 +21,6 @@ namespace Microsoft.AspNet.Authorization
             _options = options.Options;
         }
 
-        public bool Authorize(ClaimsPrincipal user, object resource, string policyName)
-        {
-            var policy = _options.GetPolicy(policyName);
-            return (policy == null) 
-                ? false 
-                : this.Authorize(user, resource, policy);
-        }
-
-        public bool Authorize(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
-        {
-            var authContext = new AuthorizationContext(requirements, user, resource);
-            foreach (var handler in _handlers)
-            {
-                handler.Handle(authContext);
-                //REVIEW: Do we want to consider short circuiting on failure
-            }
-            return authContext.HasSucceeded;
-        }
-
         public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
         {
             var authContext = new AuthorizationContext(requirements, user, resource);
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
index b4366a6f51..84ebbc9a3e 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
@@ -8,6 +8,5 @@ namespace Microsoft.AspNet.Authorization
     public interface IAuthorizationHandler
     {
         Task HandleAsync(AuthorizationContext context);
-        void Handle(AuthorizationContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
index 876fd76016..1afa0ae5dd 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
@@ -22,15 +22,6 @@ namespace Microsoft.AspNet.Authorization
         /// <returns></returns>
         Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements);
 
-        /// <summary>
-        /// Checks if a user meets a specific set of requirements for the specified resource
-        /// </summary>
-        /// <param name="user"></param>
-        /// <param name="resource"></param>
-        /// <param name="requirements"></param>
-        /// <returns></returns>
-        bool Authorize(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements);
-
         /// <summary>
         /// Checks if a user meets a specific authorization policy
         /// </summary>
@@ -39,14 +30,5 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
         Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] string policyName);
-
-        /// <summary>
-        /// Checks if a user meets a specific authorization policy
-        /// </summary>
-        /// <param name="user">The user to check the policy against.</param>
-        /// <param name="resource">The resource the policy should be checked with.</param>
-        /// <param name="policyName">The name of the policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        bool Authorize(ClaimsPrincipal user, object resource, [NotNull] string policyName);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
index 93107cc6bd..b1d3b84210 100644
--- a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
@@ -15,13 +15,5 @@ namespace Microsoft.AspNet.Authorization
                 await handler.HandleAsync(context);
             }
         }
-
-        public void Handle(AuthorizationContext context)
-        {
-            foreach (var handler in context.Requirements.OfType<IAuthorizationHandler>())
-            {
-                handler.Handle(context);
-            }
-        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index a3d9c21b14..d67ff91637 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -831,7 +831,7 @@ namespace Microsoft.AspNet.Authorization.Test
         }
 
         [Fact]
-        public void CanAuthorizeWithDelegateRequirement()
+        public async Task CanAuthorizeWithDelegateRequirement()
         {
             var authorizationService = BuildAuthorizationService(services =>
             {
@@ -843,7 +843,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var user = new ClaimsPrincipal();
 
             // Act
-            var allowed = authorizationService.Authorize(user, "Basic");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
             Assert.True(allowed);

From 8bb52122424ff91a844385b9b409af74c069373f Mon Sep 17 00:00:00 2001
From: Dominick Baier <dbaier@leastprivilege.com>
Date: Wed, 22 Jul 2015 09:01:20 +0200
Subject: [PATCH 280/900] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3c7b467767..9577d9d771 100644
--- a/README.md
+++ b/README.md
@@ -11,4 +11,4 @@ This project is part of ASP.NET 5. You can find samples, documentation and getti
 
 ### Notes
 
-ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.Security.BasicAuthentication).
\ No newline at end of file
+ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes, as a shared secret authentication mechanism for server to server communication, or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.Security.BasicAuthentication).

From bdab4d95fd9f867c3ff878b6b45aa2a119387406 Mon Sep 17 00:00:00 2001
From: bchavez <bchavez@bitarmory.com>
Date: Mon, 20 Jul 2015 03:16:56 -0700
Subject: [PATCH 281/900] Using QueryHelpers helps avoid issue #365.

---
 .../FacebookAuthenticationHandler.cs          |  4 +-
 .../Facebook/FacebookMiddlewareTests.cs       | 76 +++++++++++++++++++
 2 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index cc9c1fdcf7..e5823ff3ab 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -51,10 +51,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var endpoint = Options.UserInformationEndpoint + "?access_token=" + UrlEncoder.UrlEncode(tokens.AccessToken);
+            var endpoint = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "access_token", tokens.AccessToken);
             if (Options.SendAppSecretProof)
             {
-                endpoint += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken);
+                endpoint = QueryHelpers.AddQueryString(endpoint, "appsecret_proof", GenerateAppSecretProof(tokens.AccessToken));
             }
 
             var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 285e368e95..7ebe9cd3c4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -3,15 +3,21 @@
 
 using System;
 using System.Net;
+using System.Net.Http;
+using System.Collections.Generic;
+using System.Text;
+using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.WebEncoders;
 using Shouldly;
+using Newtonsoft.Json;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Facebook
@@ -168,6 +174,76 @@ namespace Microsoft.AspNet.Authentication.Facebook
             location.ShouldContain("state=");
         }
 
+        [Fact]
+        public async Task CustomUserInfoEndpointHasValidGraphQuery()
+        {
+            var customUserInfoEndpoint = "https://graph.facebook.com/me?fields=email,timezone,picture";
+            string finalUserInfoEndpoint = string.Empty;
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("FacebookTest"));
+            var server = CreateServer(
+                app =>
+                {
+                    app.UseFacebookAuthentication();
+                    app.UseCookieAuthentication();
+                },
+                services =>
+                {
+                    services.AddAuthentication();
+                    services.ConfigureFacebookAuthentication(options =>
+                    {
+                        options.AppId = "Test App Id";
+                        options.AppSecret = "Test App Secret";
+                        options.StateDataFormat = stateFormat;
+                        options.UserInformationEndpoint = customUserInfoEndpoint;
+                        options.BackchannelHttpHandler = new TestHttpMessageHandler
+                        {
+                            Sender = req =>
+                            {
+                                if (req.RequestUri.GetLeftPart(UriPartial.Path) == FacebookAuthenticationDefaults.TokenEndpoint)
+                                {
+                                    var res = new HttpResponseMessage(HttpStatusCode.OK);
+                                    var tokenResponse = new Dictionary<string, string>
+                                    {
+                                        { "access_token", "TestAuthToken" },
+                                    };
+                                    res.Content = new FormUrlEncodedContent(tokenResponse);
+                                    return res;
+                                }
+                                if (req.RequestUri.GetLeftPart(UriPartial.Path) ==
+                                    new Uri(customUserInfoEndpoint).GetLeftPart(UriPartial.Path))
+                                {
+                                    finalUserInfoEndpoint = req.RequestUri.ToString();
+                                    var res = new HttpResponseMessage(HttpStatusCode.OK);
+                                    var graphResponse = JsonConvert.SerializeObject(new
+                                    {
+                                        id = "TestProfileId",
+                                        name = "TestName"
+                                    });
+                                    res.Content = new StringContent(graphResponse, Encoding.UTF8);
+                                    return res;
+                                }
+                                return null;
+                            }
+                        };
+                    });
+                }, handler: null);
+
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Facebook";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                correlationKey + "=" + correlationValue);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            finalUserInfoEndpoint.Count(c => c == '?').ShouldBe(1);
+            finalUserInfoEndpoint.ShouldContain("fields=email,timezone,picture");
+            finalUserInfoEndpoint.ShouldContain("&access_token=");
+        }
+
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
         {
             return TestServer.Create(app =>

From b85db5e8c0abf6b967f879315517c6220743a6f8 Mon Sep 17 00:00:00 2001
From: unknown <tushargupta51@gmail.com>
Date: Thu, 30 Jul 2015 13:11:08 -0700
Subject: [PATCH 282/900] Reacting to namespace changes in identitypackages -
 beta7 update

---
 .../OAuthBearerAuthenticationHandler.cs                       | 2 +-
 .../OAuthBearerAuthenticationMiddleware.cs                    | 4 +++-
 .../OAuthBearerAuthenticationOptions.cs                       | 1 +
 src/Microsoft.AspNet.Authentication.OAuthBearer/project.json  | 2 +-
 .../Notifications/AuthorizationCodeReceivedNotification.cs    | 4 ++--
 .../Notifications/AuthorizationCodeRedeemedNotification.cs    | 2 +-
 .../Notifications/OpenIdConnectAuthenticationNotifications.cs | 2 +-
 .../OpenIdConnectAuthenticationHandler.cs                     | 3 ++-
 .../OpenIdConnectAuthenticationMiddleware.cs                  | 4 +++-
 .../OpenIdConnectAuthenticationOptions.cs                     | 1 +
 .../OpenIdConnectTokenEndpointResponse.cs                     | 2 +-
 .../project.json                                              | 2 +-
 .../OpenIdConnect/ExpectedQueryValues.cs                      | 2 +-
 ...penIdConnectAuthenticationHandlerForTestingAuthenticate.cs | 2 +-
 .../OpenIdConnect/OpenIdConnectHandlerTests.cs                | 3 ++-
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs             | 2 +-
 .../OpenIdConnect/TestUtilities.cs                            | 1 +
 17 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index a67e92223f..c3e9499c12 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -9,7 +9,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Logging;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index c76071b6ab..67ddf70702 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -5,6 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
 using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Builder;
@@ -13,6 +14,7 @@ using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
@@ -74,7 +76,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     httpClient.Timeout = Options.BackchannelTimeout;
                     httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
 
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, httpClient);
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(), httpClient);
                 }
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index 7aa48deaa7..c8b63c9b53 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -7,6 +7,7 @@ using System.IdentityModel.Tokens;
 using System.Net.Http;
 using Microsoft.Framework.Internal;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OAuthBearer
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
index 9f1c8e70bb..252d34bc99 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
@@ -8,7 +8,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta6-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta7-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
index 9333bea42a..830c336121 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using System.Diagnostics.CodeAnalysis;
-using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
index 8289e521bd..c9b328e8c5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
@@ -1,5 +1,5 @@
 using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
index 10ef1ddfab..b60e8cbcc3 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
@@ -3,7 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 8653a261c4..3e25fe80e1 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Globalization;
 using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
@@ -16,7 +17,7 @@ using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index e3a05f58eb..1f25035533 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -5,6 +5,7 @@ using System;
 using System.Collections.ObjectModel;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
 using System.Text;
 using Microsoft.AspNet.Builder;
@@ -17,6 +18,7 @@ using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -127,7 +129,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                         Options.MetadataAddress += ".well-known/openid-configuration";
                     }
 
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, Backchannel);
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(), Backchannel);
                 }
             }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index c8f465a124..46140011d5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -11,6 +11,7 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.Internal;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
index a0cc6ccb85..4be49909ee 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
@@ -2,7 +2,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 309590d304..43aef16f93 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -9,7 +9,7 @@
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.Caching.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocol.Extensions": "2.0.0-beta6-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta7-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
index ddf7a0e7ed..f80a6c7f62 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
@@ -6,7 +6,7 @@ using System.Collections.Generic;
 using System.Diagnostics;
 using System.Text;
 using Microsoft.Framework.WebEncoders;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
index 02caabacdb..4a7759e2af 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
@@ -7,7 +7,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 2492a8fcdb..e96cb323f5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.Diagnostics;
 using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Net.Http;
 using System.Security.Claims;
@@ -18,7 +19,7 @@ using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Moq;
 using Shouldly;
 using Xunit;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 7666ac4e39..581f494c07 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -18,7 +18,7 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.WebEncoders;
-using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Moq;
 using Shouldly;
 using Xunit;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
index 13479fdcee..dc138dec46 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {

From 2a204e473b0453cc051dcedfd841e073856c4470 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 4 Aug 2015 10:15:32 -0700
Subject: [PATCH 283/900] Update CoreCLR versions

---
 .../project.json                                              | 4 ++--
 .../project.json                                              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index dce2e01da5..ddf5d2dfe2 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -13,8 +13,8 @@
         "dnx451": { },
         "dnxcore50": {
             "dependencies": {
-                "System.Dynamic.Runtime": "4.0.10-beta-*",
-                "System.ObjectModel": "4.0.10-beta-*"
+                "System.Dynamic.Runtime": "4.0.11-beta-*",
+                "System.ObjectModel": "4.0.11-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 43aef16f93..00703fdac4 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -20,7 +20,7 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Collections.Specialized": "4.0.0-beta-*",
+                "System.Collections.Specialized": "4.0.1-beta-*",
                 "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
         }

From f3e03fbf2605da7d41bea2f346d9a33d608a3f8a Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 11 Aug 2015 10:43:02 -0700
Subject: [PATCH 284/900] #396 React to CoreCLR Cryptography package changes,
 remove transitive dependencies.

---
 src/Microsoft.AspNet.Authentication.Facebook/project.json | 6 +-----
 src/Microsoft.AspNet.Authentication.Twitter/project.json  | 3 +--
 src/Microsoft.AspNet.Authentication/project.json          | 6 +-----
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index 1da4a78837..f481284509 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -12,10 +12,6 @@
     },
     "frameworks": {
         "dnx451": { },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*"
-            }
-        }
+        "dnxcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index e8aa0ecfa2..6818942e39 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -18,8 +18,7 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*",
-                "System.Security.Cryptography.Hashing.Algorithms": "4.0.0-beta-*"
+                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index ae75a83ec9..0c36e3000c 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -17,10 +17,6 @@
     },
     "frameworks": {
         "dnx451": { },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Security.Cryptography.RandomNumberGenerator": "4.0.0-beta-*"
-            }
-        }
+        "dnxcore50": { }
     }
 }

From b1013ed9769b3ed0cf099b593195af777ac8ee44 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 11 Aug 2015 14:07:12 -0700
Subject: [PATCH 285/900] Reacting to DI changes

---
 .../ServiceCollectionExtensions.cs                               | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index d77512a64e..801ab8447c 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authorization;
+using Microsoft.Framework.DependencyInjection.Extensions;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection

From b883920befce4afaac89ec031d30d868a48df666 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 11 Aug 2015 16:50:20 -0700
Subject: [PATCH 286/900] Cookies now always redirects to Login/AccessDenied
 Paths

---
 .../CookieAppBuilderExtensions.cs             |  14 +++
 .../CookieAuthenticationDefaults.cs           |  11 +-
 .../CookieAuthenticationHandler.cs            |  11 --
 .../CookieAuthenticationMiddleware.cs         |  12 +++
 .../CookieAuthenticationOptions.cs            |   6 --
 .../FacebookAuthenticationMiddleware.cs       |   4 +-
 .../MicrosoftAccountAuthenticationHandler.cs  |   2 +-
 .../OAuthAuthenticationHandler.cs             |   6 +-
 .../OAuthAuthenticationMiddleware.cs          |  10 +-
 .../OAuthBearerAuthenticationHandler.cs       |   2 +-
 .../OAuthBearerAuthenticationMiddleware.cs    |   6 +-
 .../OpenIdConnectAuthenticationHandler.cs     |   8 +-
 .../OpenIdConnectAuthenticationMiddleware.cs  |   6 +-
 .../TwitterAuthenticationHandler.cs           |   4 +-
 .../TwitterAuthenticationMiddleware.cs        |   4 +-
 .../AuthenticationHandler.cs                  |  36 ++++---
 .../AuthenticationHandler`1.cs                |  32 ------
 .../AuthenticationMiddleware.cs               |   2 +-
 ...thenticationServiceCollectionExtensions.cs |   6 ++
 ...ertificateSubjectKeyIdentifierValidator.cs |   2 +-
 .../AuthenticationHandlerFacts.cs             |  87 +++++++++------
 .../Cookies/CookieMiddlewareTests.cs          | 100 ++++++++++++------
 ...uthenticationPropertiesFormaterKeyValue.cs |   2 +-
 ...enticationHandlerForTestingAuthenticate.cs |  14 ---
 24 files changed, 215 insertions(+), 172 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index d865dc4ce6..e125ecc162 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -28,5 +28,19 @@ namespace Microsoft.AspNet.Builder
                     Name = optionsName
                 });
         }
+
+        /// <summary>
+        /// Adds a cookie-based authentication middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <param name="configureOptions">Used to configure the options for the middleware</param>
+        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, IOptions<CookieAuthenticationOptions> options)
+        {
+            return app.UseMiddleware<CookieAuthenticationMiddleware>(options,
+                new ConfigureOptions<CookieAuthenticationOptions>(o => { }));
+        }
+
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
index 95981a0f0a..d47cca2052 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -22,19 +22,26 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public const string CookiePrefix = ".AspNet.";
 
         /// <summary>
-        /// The default value used by UseApplicationSignInCookie for the
+        /// The default value used by CookieAuthenticationMiddleware for the
         /// CookieAuthenticationOptions.LoginPath
         /// </summary>
         [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
         public static readonly PathString LoginPath = new PathString("/Account/Login");
 
         /// <summary>
-        /// The default value used by UseApplicationSignInCookie for the
+        /// The default value used by CookieAuthenticationMiddleware for the
         /// CookieAuthenticationOptions.LogoutPath
         /// </summary>
         [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "By design")]
         public static readonly PathString LogoutPath = new PathString("/Account/Logout");
 
+        /// <summary>
+        /// The default value used by CookieAuthenticationMiddleware for the
+        /// CookieAuthenticationOptions.AccessDeniedPath
+        /// </summary>
+        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
+        public static readonly PathString AccessDeniedPath = new PathString("/Account/AccessDenied");
+
         /// <summary>
         /// The default value of the CookieAuthenticationOptions.ReturnUrlParameter
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 12c40ea5cd..8919d76809 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -376,12 +376,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
-            // HandleForbidden by redirecting to AccessDeniedPath if set
-            if (!Options.AccessDeniedPath.HasValue)
-            {
-                return base.HandleForbiddenAsync(context);
-            }
-
             try
             {
                 var accessDeniedUri =
@@ -409,11 +403,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
-            if (!Options.LoginPath.HasValue)
-            {
-                return base.HandleUnauthorizedAsync(context);
-            }
-
             var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri;
             try
             {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 690e6d50d7..a0f98da50a 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -40,6 +40,18 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 Options.CookieManager = new ChunkingCookieManager(urlEncoder);
             }
+            if (!Options.LoginPath.HasValue)
+            {
+                Options.LoginPath = CookieAuthenticationDefaults.LoginPath;
+            }
+            if (!Options.LogoutPath.HasValue)
+            {
+                Options.LogoutPath = CookieAuthenticationDefaults.LogoutPath;
+            }
+            if (!Options.AccessDeniedPath.HasValue)
+            {
+                Options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
+            }
         }
 
         protected override AuthenticationHandler<CookieAuthenticationOptions> CreateHandler()
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 0d5e5c16bb..468d07522b 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -88,9 +88,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the
         /// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back  
         /// to the url which caused the original unauthorized status code.
-        /// 
-        /// If the LoginPath is null or empty, the middleware will not look for 401 Unauthorized status codes, and it will
-        /// not redirect automatically when a login occurs.
         /// </summary>
         [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
         public PathString LoginPath { get; set; }
@@ -104,9 +101,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// The AccessDeniedPath property informs the middleware that it should change an outgoing 403 Forbidden status
         /// code into a 302 redirection onto the given path.
-        /// 
-        /// If the AccessDeniedPath is null or empty, the middleware will not look for 403 Forbidden status codes, and it will
-        /// not redirect
         /// </summary>
         public PathString AccessDeniedPath { get; set; }
 
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
index d327f9dca5..3a5da62485 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
@@ -38,11 +38,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
             ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
         {
-            if (string.IsNullOrWhiteSpace(Options.AppId))
+            if (string.IsNullOrEmpty(Options.AppId))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppId)));
             }
-            if (string.IsNullOrWhiteSpace(Options.AppSecret))
+            if (string.IsNullOrEmpty(Options.AppSecret))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppSecret)));
             }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index 0fac563eb8..1c03b51183 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -49,7 +49,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             }
 
             var email = MicrosoftAccountAuthenticationHelper.GetEmail(payload);
-            if (!string.IsNullOrWhiteSpace(email))
+            if (!string.IsNullOrEmpty(email))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index f99f99d666..818ba20fba 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -116,7 +116,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
                 var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
 
-                if (string.IsNullOrWhiteSpace(tokens.AccessToken))
+                if (string.IsNullOrEmpty(tokens.AccessToken))
                 {
                     Logger.LogWarning("Access token was not found");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
@@ -279,7 +279,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         {
             var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
             var correlationCookie = Request.Cookies[correlationKey];
-            if (string.IsNullOrWhiteSpace(correlationCookie))
+            if (string.IsNullOrEmpty(correlationCookie))
             {
                 Logger.LogWarning("{0} cookie not found.", correlationKey);
                 return false;
@@ -312,4 +312,4 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return true;
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 5ac0521f3d..10ae285e96 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -38,27 +38,27 @@ namespace Microsoft.AspNet.Authentication.OAuth
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
             // todo: review error handling
-            if (string.IsNullOrWhiteSpace(Options.AuthenticationScheme))
+            if (string.IsNullOrEmpty(Options.AuthenticationScheme))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthenticationScheme)));
             }
 
-            if (string.IsNullOrWhiteSpace(Options.ClientId))
+            if (string.IsNullOrEmpty(Options.ClientId))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientId)));
             }
 
-            if (string.IsNullOrWhiteSpace(Options.ClientSecret))
+            if (string.IsNullOrEmpty(Options.ClientSecret))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientSecret)));
             }
 
-            if (string.IsNullOrWhiteSpace(Options.AuthorizationEndpoint))
+            if (string.IsNullOrEmpty(Options.AuthorizationEndpoint))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthorizationEndpoint)));
             }
 
-            if (string.IsNullOrWhiteSpace(Options.TokenEndpoint))
+            if (string.IsNullOrEmpty(Options.TokenEndpoint))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint)));
             }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index c3e9499c12..ef04f14a1f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -97,7 +97,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 var validationParameters = Options.TokenValidationParameters.Clone();
                 if (_configuration != null)
                 {
-                    if (validationParameters.ValidIssuer == null && !string.IsNullOrWhiteSpace(_configuration.Issuer))
+                    if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer))
                     {
                         validationParameters.ValidIssuer = _configuration.Issuer;
                     }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 67ddf70702..9fcd66c5d8 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -48,7 +48,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 Options.SecurityTokenValidators = new List<ISecurityTokenValidator> { new JwtSecurityTokenHandler() };
             }
 
-            if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrWhiteSpace(Options.Audience))
+            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
             {
                 Options.TokenValidationParameters.ValidAudience = Options.Audience;
             }
@@ -59,9 +59,9 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 {
                     Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
                 }
-                else if (!(string.IsNullOrWhiteSpace(Options.MetadataAddress) && string.IsNullOrWhiteSpace(Options.Authority)))
+                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
                 {
-                    if (string.IsNullOrWhiteSpace(Options.MetadataAddress) && !string.IsNullOrWhiteSpace(Options.Authority))
+                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
                     {
                         Options.MetadataAddress = Options.Authority;
                         if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 3e25fe80e1..4525c6578c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -251,7 +251,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // response_mode=query (explicit or not) and a response_type containing id_token
                 // or token are not considered as a safe combination and MUST be rejected.
                 // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
-                if (!string.IsNullOrWhiteSpace(message.IdToken) || !string.IsNullOrWhiteSpace(message.Token))
+                if (!string.IsNullOrEmpty(message.IdToken) || !string.IsNullOrEmpty(message.Token))
                 {
                     Logger.LogError("An OpenID Connect response cannot contain an identity token " +
                                     "or an access token when using response_mode=query");
@@ -260,7 +260,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
             else if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
-              && !string.IsNullOrWhiteSpace(Request.ContentType)
+              && !string.IsNullOrEmpty(Request.ContentType)
               // May have media/type; charset=utf-8, allow partial match.
               && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
               && Request.Body.CanRead)
@@ -643,7 +643,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
             // assume a well formed query string: <a=b&>OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey=kasjd;fljasldkjflksdj<&c=d>
             var startIndex = 0;
-            if (string.IsNullOrWhiteSpace(state) || (startIndex = state.IndexOf(OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey, StringComparison.Ordinal)) == -1)
+            if (string.IsNullOrEmpty(state) || (startIndex = state.IndexOf(OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey, StringComparison.Ordinal)) == -1)
             {
                 return null;
             }
@@ -934,7 +934,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
 
                 // Redirect back to the original secured resource, if any.
-                if (!string.IsNullOrWhiteSpace(ticket.Properties.RedirectUri))
+                if (!string.IsNullOrEmpty(ticket.Properties.RedirectUri))
                 {
                     Response.Redirect(ticket.Properties.RedirectUri);
                     return true;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 1f25035533..f08577d0e9 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -100,7 +100,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Options.Notifications = new OpenIdConnectAuthenticationNotifications();
             }
 
-            if (string.IsNullOrWhiteSpace(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrWhiteSpace(Options.ClientId))
+            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
             {
                 Options.TokenValidationParameters.ValidAudience = Options.ClientId;
             }
@@ -116,9 +116,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
                 }
-                else if (!(string.IsNullOrWhiteSpace(Options.MetadataAddress) && string.IsNullOrWhiteSpace(Options.Authority)))
+                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
                 {
-                    if (string.IsNullOrWhiteSpace(Options.MetadataAddress) && !string.IsNullOrWhiteSpace(Options.Authority))
+                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
                     {
                         Options.MetadataAddress = Options.Authority;
                         if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index d6fea526dc..fb8f3aa254 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 properties = requestToken.Properties;
 
                 var returnedToken = query.Get("oauth_token");
-                if (string.IsNullOrWhiteSpace(returnedToken))
+                if (string.IsNullOrEmpty(returnedToken))
                 {
                     Logger.LogWarning("Missing oauth_token");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
@@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 }
 
                 var oauthVerifier = query.Get("oauth_verifier");
-                if (string.IsNullOrWhiteSpace(oauthVerifier))
+                if (string.IsNullOrEmpty(oauthVerifier))
                 {
                     Logger.LogWarning("Missing or blank oauth_verifier");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index cc5faba732..30d4fe3e98 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -42,11 +42,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
             ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
-            if (string.IsNullOrWhiteSpace(Options.ConsumerSecret))
+            if (string.IsNullOrEmpty(Options.ConsumerSecret))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerSecret)));
             }
-            if (string.IsNullOrWhiteSpace(Options.ConsumerKey))
+            if (string.IsNullOrEmpty(Options.ConsumerKey))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerKey)));
             }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 623ac82f9c..d576f1014c 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -14,11 +14,11 @@ namespace Microsoft.AspNet.Authentication
     /// <summary>
     /// Base class for the per-request work performed by most authentication middleware.
     /// </summary>
-    public abstract class AuthenticationHandler : IAuthenticationHandler
+    /// <typeparam name="TOptions">Specifies which type for of AuthenticationOptions property</typeparam>
+    public abstract class AuthenticationHandler<TOptions> : IAuthenticationHandler where TOptions : AuthenticationOptions
     {
         private Task<AuthenticationTicket> _authenticateTask;
         private bool _finishCalled;
-        private AuthenticationOptions _baseOptions;
 
         protected bool SignInAccepted { get; set; }
         protected bool SignOutAccepted { get; set; }
@@ -44,11 +44,6 @@ namespace Microsoft.AspNet.Authentication
 
         protected IUrlEncoder UrlEncoder { get; private set; }
 
-        internal AuthenticationOptions BaseOptions
-        {
-            get { return _baseOptions; }
-        }
-
         public IAuthenticationHandler PriorHandler { get; set; }
 
         protected string CurrentUri
@@ -59,9 +54,18 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        protected async Task BaseInitializeAsync([NotNull] AuthenticationOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger, [NotNull] IUrlEncoder encoder)
+        protected TOptions Options { get; private set; }
+
+        /// <summary>
+        /// Initialize is called once per request to contextualize this instance with appropriate state.
+        /// </summary>
+        /// <param name="options">The original options passed by the application control behavior</param>
+        /// <param name="context">The utility object to observe the current request and response</param>
+        /// <param name="logger">The logging factory used to create loggers</param>
+        /// <returns>async completion</returns>
+        public async Task InitializeAsync([NotNull] TOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger, [NotNull] IUrlEncoder encoder)
         {
-            _baseOptions = options;
+            Options = options;
             Context = context;
             OriginalPathBase = Request.PathBase;
             OriginalPath = Request.Path;
@@ -90,7 +94,7 @@ namespace Microsoft.AspNet.Authentication
 
         private static async Task OnStartingCallback(object state)
         {
-            var handler = (AuthenticationHandler)state;
+            var handler = (AuthenticationHandler<TOptions>)state;
             await handler.FinishResponseOnce();
         }
 
@@ -115,9 +119,9 @@ namespace Microsoft.AspNet.Authentication
 
         private async Task HandleAutomaticChallengeIfNeeded()
         {
-            if (!ChallengeCalled && BaseOptions.AutomaticAuthentication && Response.StatusCode == 401)
+            if (!ChallengeCalled && Options.AutomaticAuthentication && Response.StatusCode == 401)
             {
-                await HandleUnauthorizedAsync(new ChallengeContext(BaseOptions.AuthenticationScheme));
+                await HandleUnauthorizedAsync(new ChallengeContext(Options.AuthenticationScheme));
             }
         }
 
@@ -152,7 +156,7 @@ namespace Microsoft.AspNet.Authentication
 
         public void GetDescriptions(DescribeSchemesContext describeContext)
         {
-            describeContext.Accept(BaseOptions.Description.Items);
+            describeContext.Accept(Options.Description.Items);
 
             if (PriorHandler != null)
             {
@@ -162,8 +166,8 @@ namespace Microsoft.AspNet.Authentication
 
         public bool ShouldHandleScheme(string authenticationScheme)
         {
-            return string.Equals(BaseOptions.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
-                (BaseOptions.AutomaticAuthentication && string.IsNullOrEmpty(authenticationScheme));
+            return string.Equals(Options.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
+                (Options.AutomaticAuthentication && string.IsNullOrEmpty(authenticationScheme));
         }
 
         public async Task AuthenticateAsync(AuthenticateContext context)
@@ -174,7 +178,7 @@ namespace Microsoft.AspNet.Authentication
                 var ticket = await HandleAuthenticateOnceAsync();
                 if (ticket?.Principal != null)
                 {
-                    context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
+                    context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
                 }
                 else
                 {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
deleted file mode 100644
index edc127e266..0000000000
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler`1.cs
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.WebEncoders;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Base class for the per-request work performed by most authentication middleware.
-    /// </summary>
-    /// <typeparam name="TOptions">Specifies which type for of AuthenticationOptions property</typeparam>
-    public abstract class AuthenticationHandler<TOptions> : AuthenticationHandler where TOptions : AuthenticationOptions
-    {
-        protected TOptions Options { get; private set; }
-
-        /// <summary>
-        /// Initialize is called once per request to contextualize this instance with appropriate state.
-        /// </summary>
-        /// <param name="options">The original options passed by the application control behavior</param>
-        /// <param name="context">The utility object to observe the current request and response</param>
-        /// <param name="logger">The logging factory used to create loggers</param>
-        /// <returns>async completion</returns>
-        public Task Initialize(TOptions options, HttpContext context, ILogger logger, IUrlEncoder encoder)
-        {
-            Options = options;
-            return BaseInitializeAsync(options, context, logger, encoder);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index b8b57d7472..7d83092a40 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -55,7 +55,7 @@ namespace Microsoft.AspNet.Authentication
         public async Task Invoke(HttpContext context)
         {
             var handler = CreateHandler();
-            await handler.Initialize(Options, context, Logger, UrlEncoder);
+            await handler.InitializeAsync(Options, context, Logger, UrlEncoder);
             try
             {
                 if (!await handler.InvokeAsync())
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index a2b198ca33..a2ccd6c976 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -18,6 +18,12 @@ namespace Microsoft.Framework.DependencyInjection
             return services;
         }
 
+        public static IServiceCollection AddAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<SharedAuthenticationOptions> configureOptions)
+        {
+            services.Configure(configureOptions);
+            return services.AddAuthentication();
+        }
+
         public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
         {
             return services.Configure(configure);
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
index ce13de2510..4bb78f8d9b 100644
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
+++ b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
@@ -55,7 +55,7 @@ namespace Microsoft.AspNet.Authentication
             foreach (var chainElement in chain.ChainElements)
             {
                 string subjectKeyIdentifier = GetSubjectKeyIdentifier(chainElement.Certificate);
-                if (string.IsNullOrWhiteSpace(subjectKeyIdentifier))
+                if (string.IsNullOrEmpty(subjectKeyIdentifier))
                 {
                     continue;
                 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index 2a3a9044f1..219b63edac 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -3,9 +3,11 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.Framework.Logging;
+using Moq;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
@@ -13,12 +15,12 @@ namespace Microsoft.AspNet.Authentication
     public class AuthenticationHandlerFacts
     {
         [Fact]
-        public void ShouldHandleSchemeAreDeterminedOnlyByMatchingAuthenticationScheme()
+        public async Task ShouldHandleSchemeAreDeterminedOnlyByMatchingAuthenticationScheme()
         {
-            var handler = new TestHandler("Alpha");
+            var handler = await TestHandler.Create("Alpha");
             var passiveNoMatch = handler.ShouldHandleScheme("Beta");
 
-            handler = new TestHandler("Alpha");
+            handler = await TestHandler.Create("Alpha");
             var passiveWithMatch = handler.ShouldHandleScheme("Alpha");
 
             Assert.False(passiveNoMatch);
@@ -26,44 +28,44 @@ namespace Microsoft.AspNet.Authentication
         }
 
         [Fact]
-        public void AutomaticHandlerInAutomaticModeHandlesEmptyChallenges()
+        public async Task AutomaticHandlerInAutomaticModeHandlesEmptyChallenges()
         {
-            var handler = new TestAutoHandler("ignored", true);
+            var handler = await TestAutoHandler.Create("ignored", true);
             Assert.True(handler.ShouldHandleScheme(""));
         }
 
         [Fact]
-        public void AutomaticHandlerHandlesNullScheme()
+        public async Task AutomaticHandlerHandlesNullScheme()
         {
-            var handler = new TestAutoHandler("ignored", true);
+            var handler = await TestAutoHandler.Create("ignored", true);
             Assert.True(handler.ShouldHandleScheme(null));
         }
 
         [Fact]
-        public void AutomaticHandlerIgnoresWhitespaceScheme()
+        public async Task AutomaticHandlerIgnoresWhitespaceScheme()
         {
-            var handler = new TestAutoHandler("ignored", true);
+            var handler = await TestAutoHandler.Create("ignored", true);
             Assert.False(handler.ShouldHandleScheme("    "));
         }
 
         [Fact]
-        public void AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
+        public async Task AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
         {
-            var handler = new TestAutoHandler("Alpha", true);
+            var handler = await TestAutoHandler.Create("Alpha", true);
             Assert.True(handler.ShouldHandleScheme("Alpha"));
         }
 
         [Fact]
-        public void AutomaticHandlerShouldNotHandleChallengeWhenSchemeDoesNotMatches()
+        public async Task AutomaticHandlerShouldNotHandleChallengeWhenSchemeDoesNotMatches()
         {
-            var handler = new TestAutoHandler("Dog", true);
+            var handler = await TestAutoHandler.Create("Dog", true);
             Assert.False(handler.ShouldHandleScheme("Alpha"));
         }
 
         [Fact]
-        public void AutomaticHandlerShouldNotHandleChallengeWhenSchemesNotEmpty()
+        public async Task AutomaticHandlerShouldNotHandleChallengeWhenSchemesNotEmpty()
         {
-            var handler = new TestAutoHandler(null, true);
+            var handler = await TestAutoHandler.Create(null, true);
             Assert.False(handler.ShouldHandleScheme("Alpha"));
         }
 
@@ -72,22 +74,31 @@ namespace Microsoft.AspNet.Authentication
         [InlineData("")]
         public async Task AuthHandlerAuthenticateCachesTicket(string scheme)
         {
-            var handler = new CountHandler(scheme);
+            var handler = await CountHandler.Create(scheme);
             var context = new AuthenticateContext(scheme);
             await handler.AuthenticateAsync(context);
             await handler.AuthenticateAsync(context);
             Assert.Equal(1, handler.AuthCount);
         }
 
-        private class CountHandler : AuthenticationHandler<AuthenticationOptions>
+        private class CountOptions : AuthenticationOptions { }
+
+        private class CountHandler : AuthenticationHandler<CountOptions>
         {
             public int AuthCount = 0;
 
-            public CountHandler(string scheme)
+            private CountHandler() { }
+
+            public static async Task<CountHandler> Create(string scheme)
             {
-                Initialize(new TestOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
-                Options.AuthenticationScheme = scheme;
-                Options.AutomaticAuthentication = true;
+                var handler = new CountHandler();
+                var context = new Mock<HttpContext>();
+                context.Setup(c => c.Request).Returns(new Mock<HttpRequest>().Object);
+                context.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object);
+                await handler.InitializeAsync(new CountOptions(), context.Object, new LoggerFactory().CreateLogger("CountHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                handler.Options.AuthenticationScheme = scheme;
+                handler.Options.AutomaticAuthentication = true;
+                return handler;
             }
 
             protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
@@ -98,17 +109,24 @@ namespace Microsoft.AspNet.Authentication
 
         }
 
-        private class TestHandler : AuthenticationHandler<AuthenticationOptions>
+        private class TestHandler : AuthenticationHandler<TestOptions>
         {
-            public TestHandler(string scheme)
+            private TestHandler() { }
+
+            public static async Task<TestHandler> Create(string scheme)
             {
-                Initialize(new TestOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
-                Options.AuthenticationScheme = scheme;
+                var handler = new TestHandler();
+                var context = new Mock<HttpContext>();
+                context.Setup(c => c.Request).Returns(new Mock<HttpRequest>().Object);
+                context.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object);
+                await handler.InitializeAsync(new TestOptions(), context.Object, new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                handler.Options.AuthenticationScheme = scheme;
+                return handler;
             }
 
             protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
             {
-                throw new NotImplementedException();
+                return Task.FromResult<AuthenticationTicket>(null);
             }
         }
 
@@ -124,16 +142,23 @@ namespace Microsoft.AspNet.Authentication
 
         private class TestAutoHandler : AuthenticationHandler<TestAutoOptions>
         {
-            public TestAutoHandler(string scheme, bool auto)
+            private TestAutoHandler() { }
+
+            public static async Task<TestAutoHandler> Create(string scheme, bool auto)
             {
-                Initialize(new TestAutoOptions(), new DefaultHttpContext(), new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
-                Options.AuthenticationScheme = scheme;
-                Options.AutomaticAuthentication = auto;
+                var handler = new TestAutoHandler();
+                var context = new Mock<HttpContext>();
+                context.Setup(c => c.Request).Returns(new Mock<HttpRequest>().Object);
+                context.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object);
+                await handler.InitializeAsync(new TestAutoOptions(), context.Object, new LoggerFactory().CreateLogger("TestAutoHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                handler.Options.AuthenticationScheme = scheme;
+                handler.Options.AutomaticAuthentication = auto;
+                return handler;
             }
 
             protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
             {
-                throw new NotImplementedException();
+                return Task.FromResult<AuthenticationTicket>(null);
             }
         }
     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index de511a994d..7136ce7f51 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -57,26 +57,16 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
         }
 
-        [Theory]
-        [InlineData(true)]
-        [InlineData(false)]
-        public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri(bool auto)
+        [Fact]
+        public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri()
         {
-            var server = CreateServer(options =>
-            {
-                options.LoginPath = new PathString("/login");
-                options.AutomaticAuthentication = auto;
-            });
+            var server = CreateServer(options => options.AutomaticAuthentication = true);
 
             var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
-            // REVIEW: Now when Cookies are not in auto, noone handles the challenge so the Status stays OK, is that reasonable??
-            transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.OK);
-            if (auto)
-            {
-                var location = transaction.Response.Headers.Location;
-                location.ToString().ShouldBe("http://example.com/login?ReturnUrl=%2FCustomRedirect");
-            }
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location;
+            location.ToString().ShouldBe("http://example.com/Account/Login?ReturnUrl=%2FCustomRedirect");
         }
 
         private Task SignInAsAlice(HttpContext context)
@@ -588,7 +578,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
-        public async Task CookieTurns401To403WithCookie(bool automatic)
+        public async Task CookieTurnsChallengeIntoForbidWithCookie(bool automatic)
         {
             var clock = new TestClock();
             var server = CreateServer(options =>
@@ -603,7 +593,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var url = "http://example.com/challenge";
             var transaction2 = await SendAsync(server, url, transaction1.CookieNameValue);
 
-            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction2.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/Account/AccessDenied");
         }
 
         [Theory]
@@ -614,9 +606,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var clock = new TestClock();
             var server = CreateServer(options =>
             {
-                options.LoginPath = new PathString("/login");
                 options.AutomaticAuthentication = automatic;
-                options.AccessDeniedPath = new PathString("/accessdenied");
                 options.SystemClock = clock;
             },
             SignInAsAlice);
@@ -626,13 +616,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
             var location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/login");
+            location.LocalPath.ShouldBe("/Account/Login");
         }
 
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
-        public async Task CookieForbidTurns401To403WithoutCookie(bool automatic)
+        public async Task CookieForbidRedirectsWithoutCookie(bool automatic)
         {
             var clock = new TestClock();
             var server = CreateServer(options =>
@@ -645,7 +635,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var url = "http://example.com/forbid";
             var transaction = await SendAsync(server, url);
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            var location = transaction.Response.Headers.Location;
+            location.LocalPath.ShouldBe("/Account/AccessDenied");
         }
 
         [Fact]
@@ -670,19 +662,20 @@ namespace Microsoft.AspNet.Authentication.Cookies
         }
 
         [Fact]
-        public async Task CookieChallengeDoesNothingIfNotAuthenticated()
+        public async Task CookieChallengeRedirectsWithLoginPath()
         {
             var clock = new TestClock();
             var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
+                options.LoginPath = new PathString("/page");
             });
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/challenge", transaction1.CookieNameValue);
 
-            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
         }
 
         [Fact]
@@ -692,13 +685,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
+                options.LoginPath = new PathString("/page");
             });
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
 
-            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
         }
 
         [Fact]
@@ -720,6 +714,53 @@ namespace Microsoft.AspNet.Authentication.Cookies
             location.Query.ShouldBe("?ReturnUrl=%2F");
         }
 
+        [Fact]
+        public async Task ChallengeDoesNotSet401OnUnauthorized()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication();
+                app.Run(async context => {
+                    await Assert.ThrowsAsync<InvalidOperationException>(() => context.Authentication.ChallengeAsync());
+                });
+            }, services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com");
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+/*        [Fact]
+        public async Task UseCookieWithInstanceDoesntUseSharedOptions()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.CookieName = "One");
+                app.UseCookieAuthentication(new CookieAuthenticationOptions());
+                app.Run(context => context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
+            }, services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.True(transaction.SetCookie[0].StartsWith(".AspNet.Cookies="));
+        }
+
+        [Fact]
+        public async Task UseCookieWithOutInstanceDoesUseSharedOptions()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.CookieName = "One");
+                app.UseCookieAuthentication(options => options.AuthenticationScheme = "Two");
+                app.Run(context => context.Authentication.SignInAsync("Two", new ClaimsPrincipal(new ClaimsIdentity())));
+            }, services => services.AddAuthentication());
+
+            var transaction = await server.SendAsync("http://example.com");
+
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.True(transaction.SetCookie[0].StartsWith("One="));
+        }*/
+
         [Fact]
         public async Task MapWithSignInOnlyRedirectToReturnUrlOnLoginPath()
         {
@@ -870,6 +911,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var server = TestServer.Create(app =>
             {
                 app.UseCookieAuthentication(configureOptions);
+                // app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookie2" });
 
                 if (claimsTransform != null)
                 {
@@ -961,17 +1003,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
         }
 
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null, bool ajaxRequest = false)
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
             if (!string.IsNullOrEmpty(cookieHeader))
             {
                 request.Headers.Add("Cookie", cookieHeader);
             }
-            if (ajaxRequest)
-            {
-                request.Headers.Add("X-Requested-With", "XMLHttpRequest");
-            }
             var transaction = new Transaction
             {
                 Request = request,
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
index 683f03563e..6aaf42bd39 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
@@ -34,7 +34,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         AuthenticationProperties ISecureDataFormat<AuthenticationProperties>.Unprotect(string protectedText)
         {
-            if (string.IsNullOrWhiteSpace(protectedText))
+            if (string.IsNullOrEmpty(protectedText))
             {
                 return null;
             }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
index 4a7759e2af..46c6d6f131 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
@@ -27,15 +27,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return await base.HandleUnauthorizedAsync(context);
         }
 
-        protected override Task HandleSignInAsync(SignInContext context)
-        {
-            return Task.FromResult(0);
-        }
-
-        protected override Task HandleSignOutAsync(SignOutContext context)
-        {
-            return Task.FromResult(0);
-        }
         protected override async Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
         {
             var jsonResponse = new JObject();
@@ -53,10 +44,5 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             claimsIdentity.AddClaim(new Claim("test claim", "test value"));
             return new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), ticket.Properties, ticket.AuthenticationScheme);
         }
-
-        //public override bool ShouldHandleScheme(string authenticationScheme)
-        //{
-        //    return true;
-        //}
     }
 }

From 3294de14f43108f11af682b4d30090a131be0d71 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 11 Aug 2015 17:04:36 -0700
Subject: [PATCH 287/900] Add DefaultPolicy support for AuthZ

---
 .../AuthorizationOptions.cs                   |  5 ++++
 .../AuthorizationPolicy.cs                    | 10 ++++----
 .../ServiceCollectionExtensions.cs            | 11 +++++----
 .../AuthorizationPolicyFacts.cs               | 24 +++++++++++++++++++
 4 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
index 14da299d91..c2931a52cb 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
@@ -11,6 +11,11 @@ namespace Microsoft.AspNet.Authorization
     {
         private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>(StringComparer.OrdinalIgnoreCase);
 
+        /// <summary>
+        /// The initial default policy is to require any authenticated user
+        /// </summary>
+        public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
+
         public void AddPolicy([NotNull] string name, [NotNull] AuthorizationPolicy policy)
         {
             PolicyMap[name] = policy;
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 6f2ecc79e9..1efb4afd24 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -45,7 +45,7 @@ namespace Microsoft.AspNet.Authorization
             foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>())
             {
                 any = true;
-                var requireAnyAuthenticated = true;
+                var useDefaultPolicy = true;
                 if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy))
                 {
                     var policy = options.GetPolicy(authorizeAttribute.Policy);
@@ -54,13 +54,13 @@ namespace Microsoft.AspNet.Authorization
                         throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy));
                     }
                     policyBuilder.Combine(policy);
-                    requireAnyAuthenticated = false;
+                    useDefaultPolicy = false;
                 }
                 var rolesSplit = authorizeAttribute.Roles?.Split(',');
                 if (rolesSplit != null && rolesSplit.Any())
                 {
                     policyBuilder.RequireRole(rolesSplit);
-                    requireAnyAuthenticated = false;
+                    useDefaultPolicy = false;
                 }
                 var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
                 if (authTypesSplit != null && authTypesSplit.Any())
@@ -70,9 +70,9 @@ namespace Microsoft.AspNet.Authorization
                         policyBuilder.ActiveAuthenticationSchemes.Add(authType);
                     }
                 }
-                if (requireAnyAuthenticated)
+                if (useDefaultPolicy)
                 {
-                    policyBuilder.RequireAuthenticatedUser();
+                    policyBuilder.Combine(options.DefaultPolicy);
                 }
             }
             return any ? policyBuilder.Build() : null;
diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 801ab8447c..ecad6ff4b8 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -16,16 +16,17 @@ namespace Microsoft.Framework.DependencyInjection
         }
 
         public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services)
-        {
-            return services.AddAuthorization(configureOptions: null);
-        }
-
-        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, Action<AuthorizationOptions> configureOptions)
         {
             services.AddOptions();
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.AddTransient<IAuthorizationHandler, PassThroughAuthorizationHandler>();
             return services;
         }
+
+        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configureOptions)
+        {
+            services.ConfigureAuthorization(configureOptions);
+            return services.AddAuthorization();
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 208c53b1c3..5f04c2b78f 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -42,5 +42,29 @@ namespace Microsoft.AspNet.Authroization.Test
             Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
             Assert.Equal(1, combined.Requirements.OfType<RolesAuthorizationRequirement>().Count());
         }
+
+        [Fact]
+        public void CanReplaceDefaultPolicy()
+        {
+            // Arrange
+            var attributes = new AuthorizeAttribute[] {
+                new AuthorizeAttribute(),
+                new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" }
+            };
+            var options = new AuthorizationOptions();
+            options.DefaultPolicy = new AuthorizationPolicyBuilder("default").RequireClaim("default").Build();
+            options.AddPolicy("2", policy => policy.RequireClaim("2"));
+
+            // Act
+            var combined = AuthorizationPolicy.Combine(options, attributes);
+
+            // Assert
+            Assert.Equal(2, combined.ActiveAuthenticationSchemes.Count());
+            Assert.True(combined.ActiveAuthenticationSchemes.Contains("dupe"));
+            Assert.True(combined.ActiveAuthenticationSchemes.Contains("default"));
+            Assert.Equal(2, combined.Requirements.Count());
+            Assert.False(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
+            Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
+        }
     }
 }
\ No newline at end of file

From 03c74ea728ed729615196711b394f78d82fd4131 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Wed, 12 Aug 2015 05:31:22 -0700
Subject: [PATCH 288/900] Enable pinning build script

---
 build.cmd | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/build.cmd b/build.cmd
index 41025afb26..ccf195aee8 100644
--- a/build.cmd
+++ b/build.cmd
@@ -3,6 +3,8 @@ cd %~dp0
 
 SETLOCAL
 SET CACHED_NUGET=%LocalAppData%\NuGet\NuGet.exe
+SET BUILDCMD_KOREBUILD_VERSION=""
+SET BUILDCMD_DNX_VERSION=""
 
 IF EXIST %CACHED_NUGET% goto copynuget
 echo Downloading latest version of NuGet.exe...
@@ -16,13 +18,21 @@ copy %CACHED_NUGET% .nuget\nuget.exe > nul
 
 :restore
 IF EXIST packages\KoreBuild goto run
-.nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
+IF %BUILDCMD_KOREBUILD_VERSION%=="" (
+	.nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
+) ELSE (
+	.nuget\NuGet.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
+)
 .nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
 
 IF "%SKIP_DNX_INSTALL%"=="1" goto run
-CALL packages\KoreBuild\build\dnvm upgrade -runtime CLR -arch x86
+IF %BUILDCMD_DNX_VERSION%=="" (
+	CALL packages\KoreBuild\build\dnvm upgrade -runtime CLR -arch x86
+) ELSE (
+	CALL packages\KoreBuild\build\dnvm install %BUILDCMD_DNX_VERSION% -runtime CLR -arch x86 -a default
+)
 CALL packages\KoreBuild\build\dnvm install default -runtime CoreCLR -arch x86
 
 :run
 CALL packages\KoreBuild\build\dnvm use default -runtime CLR -arch x86
-packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
+packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
\ No newline at end of file

From 16914ec02111e2e87533cb07e33af5d14ceceaf5 Mon Sep 17 00:00:00 2001
From: Stephen Halter <halter73@gmail.com>
Date: Wed, 12 Aug 2015 12:02:11 -0700
Subject: [PATCH 289/900] React to Kestrel rename

aspnet/KestrelHttpServer#11
---
 samples/CookieSample/project.json        | 4 ++--
 samples/CookieSessionSample/project.json | 4 ++--
 samples/OpenIdConnectSample/project.json | 4 ++--
 samples/SocialSample/project.json        | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index e69eed0e2c..1b7c3471ca 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -5,11 +5,11 @@
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.Framework.Logging.Console": "1.0.0-*",
-        "Kestrel": "1.0.0-*"
+        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
-        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
+        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5004"
     },
     "frameworks": {
         "dnx451": {
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 0f481e6110..73a19f94e6 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -6,11 +6,11 @@
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Caching.Memory": "1.0.0-*",
         "Microsoft.Framework.Logging.Console": "1.0.0-*",
-        "Kestrel": "1.0.0-*"
+        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
-        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
+        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5004"
     },
     "frameworks": {
         "dnx451": { },
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 815ad8a333..ad9c36c6f7 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -6,7 +6,7 @@
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Logging.Console": "1.0.0-*",
-        "Kestrel": "1.0.0-*"
+        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
@@ -14,7 +14,7 @@
     },
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
-        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:5004"
+        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5004"
     },
     "webroot": "wwwroot"
 }
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 024014140c..5e94c6d106 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -9,11 +9,11 @@
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Logging.Console": "1.0.0-*",
-        "Kestrel": "1.0.0-*"
+        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "commands": {
         "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:54540",
-        "kestrel": "Microsoft.AspNet.Hosting --server Kestrel --server.urls http://localhost:54540"
+        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:54540"
     },
     "frameworks": {
         "dnx451": {

From a3f0ee3330e936cad13b4391a1f7a13ff26764fd Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 12 Aug 2015 14:10:42 -0700
Subject: [PATCH 290/900] Add a shared dataprotection test for cookies

---
 .../CookieAuthenticationMiddleware.cs         |  3 +-
 .../Cookies/CookieMiddlewareTests.cs          | 62 +++++++++++++++++++
 2 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index a0f98da50a..6765e4d815 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -32,8 +32,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             if (Options.TicketDataFormat == null)
             {
-                var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
+                var dataProtector = dataProtectionProvider.CreateProtector(typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
             if (Options.CookieManager == null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 7136ce7f51..f438ff5802 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -13,11 +13,13 @@ using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Internal;
 using Shouldly;
 using Xunit;
 
@@ -885,6 +887,66 @@ namespace Microsoft.AspNet.Authentication.Cookies
             location.LocalPath.ShouldBe("/base/denied");
         }
 
+        [Fact]
+        public async Task CanSpecifyAndShareDataProtector()
+        {
+
+            var dp = new NoOpDataProtector();
+            var server1 = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options =>
+                {
+                    options.TicketDataFormat = new TicketDataFormat(dp);
+                    options.CookieName = "Cookie";
+                });
+                app.Use((context, next) =>
+                    context.Authentication.SignInAsync("Cookies",
+                                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
+                                    new AuthenticationProperties()));
+            },
+            services => services.AddAuthentication());
+
+            var transaction = await SendAsync(server1, "http://example.com/stuff");
+            transaction.SetCookie.ShouldNotBe(null);
+
+            var server2 = TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options =>
+                {
+                    options.AuthenticationScheme = "Cookies";
+                    options.CookieName = "Cookie";
+                    options.TicketDataFormat = new TicketDataFormat(dp);
+                });
+                app.Use(async (context, next) =>
+                {
+                    var authContext = new AuthenticateContext("Cookies");
+                    await context.Authentication.AuthenticateAsync(authContext);
+                    Describe(context.Response, authContext);
+                });
+            },
+            services => services.AddAuthentication());
+            var transaction2 = await SendAsync(server2, "http://example.com/stuff", transaction.CookieNameValue);
+            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+        }
+
+        private class NoOpDataProtector : IDataProtector
+        {
+            public IDataProtector CreateProtector(string purpose)
+            {
+                return this;
+            }
+
+            public byte[] Protect(byte[] plaintext)
+            {
+                return plaintext;
+            }
+
+            public byte[] Unprotect(byte[] protectedData)
+            {
+                return protectedData;
+            }
+        }
+
         private static string FindClaimValue(Transaction transaction, string claimType)
         {
             var claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);

From 289182b8728a4cccfd59844b0f0efdefeb6c678d Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Tue, 11 Aug 2015 15:02:27 -0700
Subject: [PATCH 291/900] Reacting to disposable logger provider

---
 .../OpenIdConnect/InMemoryLoggerFactory.cs                   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
index aaa1e975da..bd65d09de5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using Microsoft.Framework.Logging;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
@@ -31,6 +32,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return _logger;
         }
 
+        public void Dispose()
+        {
+        }
+
         public InMemoryLogger Logger { get { return _logger; } }
     }
 }

From 05b496782ae4f518bc972fd26c968447b10068e9 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 17 Aug 2015 14:49:07 -0700
Subject: [PATCH 292/900] Updating to release NuGet.config.

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 2a2b3aab07..8e2fcff0a3 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
     <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>

From dfd3dd0cb4ec8ec0b6508e2b9f57362e4032c85b Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 18 Aug 2015 14:00:24 -0700
Subject: [PATCH 293/900] Updating to aspnetlitedev.

---
 NuGet.Config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.Config b/NuGet.Config
index 2a2b3aab07..09cd0ea6cb 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetlitedev/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
     <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>

From 4b748fee1f1a7c854bfd5979fea4700fda6a1693 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 18 Aug 2015 14:00:24 -0700
Subject: [PATCH 294/900] Updating to aspnetliterelease.

---
 NuGet.Config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index 8e2fcff0a3..ad5d2b426f 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetrelease/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetliterelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
     <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>

From c4987c109d0e16540585f88a467c6198b0d57868 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Wed, 19 Aug 2015 14:54:46 -0700
Subject: [PATCH 295/900] Update NuGet feed from v2 => v3.

---
 NuGet.Config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index 09cd0ea6cb..6379aac3e8 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -2,7 +2,7 @@
 <configuration>
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetlitedev/api/v2" />
-    <add key="NuGet" value="https://nuget.org/api/v2/" />
+    <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
     <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
 </configuration>

From 150919f894f5de1f0d46c0aba6031d855a69f4c2 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Thu, 20 Aug 2015 15:38:18 -0700
Subject: [PATCH 296/900] Update 'build.cmd' to pull Sake from v2 NuGet feed.

---
 build.cmd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.cmd b/build.cmd
index ccf195aee8..b54d91cf74 100644
--- a/build.cmd
+++ b/build.cmd
@@ -23,7 +23,7 @@ IF %BUILDCMD_KOREBUILD_VERSION%=="" (
 ) ELSE (
 	.nuget\NuGet.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
 )
-.nuget\NuGet.exe install Sake -version 0.2 -o packages -ExcludeVersion
+.nuget\NuGet.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
 
 IF "%SKIP_DNX_INSTALL%"=="1" goto run
 IF %BUILDCMD_DNX_VERSION%=="" (

From 5a7e0913307375f7e433835e72f3aca707a3a6f2 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Thu, 20 Aug 2015 20:47:05 -0700
Subject: [PATCH 297/900] Update 'build.sh' to pull Sake from v2 NuGet feed.

---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 3ef874f9bd..68c3e8cb52 100755
--- a/build.sh
+++ b/build.sh
@@ -24,7 +24,7 @@ fi
 
 if test ! -d packages/KoreBuild; then
     mono .nuget/nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
-    mono .nuget/nuget.exe install Sake -version 0.2 -o packages -ExcludeVersion
+    mono .nuget/nuget.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
 fi
 
 if ! type dnvm > /dev/null 2>&1; then

From 86962ab12cee49209e9b9c1a87687ad11b6f9628 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 21 Aug 2015 09:21:08 -0700
Subject: [PATCH 298/900] #278 Additional OIDC message validation.

---
 .../OpenIdConnectAuthenticationHandler.cs     | 22 ++++++++-----------
 .../OpenIdConnectAuthenticationOptions.cs     |  2 +-
 .../OpenIdConnectHandlerTests.cs              |  1 +
 3 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 4525c6578c..b849fcb46c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -409,6 +409,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket);
             }
 
+            await ValidateOpenIdConnectProtocolAsync(jwt, null);
+
             var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
             if (securityTokenValidatedNotification.HandledResponse)
             {
@@ -419,9 +421,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 return null;
             }
 
-            // If id_token is received using code only flow, no need to validate chash.
-            await ValidateOpenIdConnectProtocolAsync(jwt, message, false);
-
             return ticket;
         }
 
@@ -443,6 +442,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var validationParameters = Options.TokenValidationParameters.Clone();
             ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
 
+            await ValidateOpenIdConnectProtocolAsync(jwt, message);
+
             var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
             if (securityTokenValidatedNotification.HandledResponse)
             {
@@ -453,8 +454,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 return null;
             }
 
-            await ValidateOpenIdConnectProtocolAsync(jwt, message);
-
             if (message.Code != null)
             {
                 var authorizationCodeReceivedNotification = await RunAuthorizationCodeReceivedNotificationAsync(message, properties, ticket, jwt);
@@ -879,7 +878,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return ticket;
         }
 
-        private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message, bool ValidateCHash = true)
+        private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message)
         {
             string nonce = jwt.Payload.Nonce;
             if (Options.CacheNonces)
@@ -902,16 +901,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             var protocolValidationContext = new OpenIdConnectProtocolValidationContext
             {
+                ProtocolMessage = message,
+                IdToken = jwt,
+                ClientId = Options.ClientId,
                 Nonce = nonce
             };
 
-            // If authorization code is null, protocol validator does not validate the chash
-            if (ValidateCHash)
-            {
-                protocolValidationContext.AuthorizationCode = message.Code;
-            }
-
-            Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
+            Options.ProtocolValidator.Validate(protocolValidationContext);
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 46140011d5..85ff60903d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -58,7 +58,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             BackchannelTimeout = TimeSpan.FromMinutes(1);
             Caption = OpenIdConnectAuthenticationDefaults.Caption;
             GetClaimsFromUserInfoEndpoint = false;
-            ProtocolValidator = new OpenIdConnectProtocolValidator();
+            ProtocolValidator = new OpenIdConnectProtocolValidator() { RequireState = false };
             RefreshOnIssuerKeyNotFound = true;
             ResponseMode = OpenIdConnectResponseModes.FormPost;
             ResponseType = OpenIdConnectResponseTypes.CodeIdToken;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index e96cb323f5..5dc58c6737 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -384,6 +384,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
+            options.ProtocolValidator.RequireNonce = false;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             options.GetClaimsFromUserInfoEndpoint = true;
             options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };

From 583c251f02e79df3a1882b03ee5290a7dc4e0c77 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 24 Aug 2015 12:27:59 -0700
Subject: [PATCH 299/900] Updating to release AzureAD feed

---
 NuGet.Config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.Config b/NuGet.Config
index ad5d2b426f..479b1e5a67 100644
--- a/NuGet.Config
+++ b/NuGet.Config
@@ -3,6 +3,6 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetliterelease/api/v2" />
     <add key="NuGet" value="https://nuget.org/api/v2/" />
-    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
+    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstackrelease"/>
   </packageSources>
 </configuration>

From 7213b535547dc1f7854a1f7902d3bf87e2e14fb7 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 25 Aug 2015 11:26:02 -0700
Subject: [PATCH 300/900] #407 OIDC - Fail if the user-info subject does not
 match

---
 .../OpenIdConnectAuthenticationHandler.cs              | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index b849fcb46c..861ee36ce9 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -403,14 +403,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             ticket = ValidateToken(idToken, message, properties, validationParameters, out jwt);
 
+            await ValidateOpenIdConnectProtocolAsync(jwt, null);
+
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
                 Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint);
                 ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket);
             }
 
-            await ValidateOpenIdConnectProtocolAsync(jwt, null);
-
             var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
             if (securityTokenValidatedNotification.HandledResponse)
             {
@@ -528,8 +528,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var subjectClaimType = identity.FindFirst(ClaimTypes.NameIdentifier);
             if (subjectClaimType == null)
             {
-                Logger.LogError(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0041_Subject_Claim_Not_Found, identity.ToString()));
-                return ticket;
+                throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0041_Subject_Claim_Not_Found, identity.ToString()));
             }
 
             var userInfoSubjectClaimValue = user.Value<string>(JwtRegisteredClaimNames.Sub);
@@ -537,8 +536,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             // check if the sub claim matches
             if (userInfoSubjectClaimValue == null || !string.Equals(userInfoSubjectClaimValue, subjectClaimType.Value, StringComparison.Ordinal))
             {
-                Logger.LogError(Resources.OIDCH_0039_Subject_Claim_Mismatch);
-                return ticket;
+                throw new OpenIdConnectProtocolException(Resources.OIDCH_0039_Subject_Claim_Mismatch);
             }
 
             foreach (var claim in identity.Claims)

From d5e27bf546108be3d835fd0f189fe9ce307912ac Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 25 Aug 2015 13:47:11 -0700
Subject: [PATCH 301/900] #278 Validate the message, not the JWT.

---
 .../OpenIdConnectAuthenticationHandler.cs     | 27 ++++++++++---------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 861ee36ce9..9e57c3fdf7 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -403,7 +403,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             ticket = ValidateToken(idToken, message, properties, validationParameters, out jwt);
 
-            await ValidateOpenIdConnectProtocolAsync(jwt, null);
+            await ValidateOpenIdConnectProtocolAsync(null, message);
 
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
@@ -878,24 +878,27 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message)
         {
-            string nonce = jwt.Payload.Nonce;
-            if (Options.CacheNonces)
+            string nonce = jwt?.Payload.Nonce;
+            if (!string.IsNullOrEmpty(nonce))
             {
-                if (await Options.NonceCache.GetAsync(nonce) != null)
+                if (Options.CacheNonces)
                 {
-                    await Options.NonceCache.RemoveAsync(nonce);
+                    if (await Options.NonceCache.GetAsync(nonce) != null)
+                    {
+                        await Options.NonceCache.RemoveAsync(nonce);
+                    }
+                    else
+                    {
+                        // If the nonce cannot be removed, it was
+                        // already used and MUST be rejected.
+                        nonce = null;
+                    }
                 }
                 else
                 {
-                    // If the nonce cannot be removed, it was
-                    // already used and MUST be rejected.
-                    nonce = null;
+                    nonce = ReadNonceCookie(nonce);
                 }
             }
-            else
-            {
-                nonce = ReadNonceCookie(nonce);
-            }
 
             var protocolValidationContext = new OpenIdConnectProtocolValidationContext
             {

From 92185a1c2782649f729785b32a012d2428a96675 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 28 Aug 2015 14:16:49 -0700
Subject: [PATCH 302/900] React to string[] -> StringValues changes.

---
 .../ChunkingCookieManager.cs                  | 13 ++++---
 .../CookieAuthenticationHandler.cs            | 15 ++++----
 .../FacebookAuthenticationHandler.cs          |  2 +-
 .../OAuthAuthenticationHandler.cs             | 13 ++++---
 .../OAuthBearerAuthenticationNotifications.cs |  2 +-
 .../OAuthBearerAuthenticationHandler.cs       |  2 +-
 .../OpenIdConnectAuthenticationHandler.cs     |  5 ++-
 .../TwitterAuthenticationHandler.cs           | 11 +++---
 .../Infrastructure/CookieChunkingTests.cs     | 38 +++++++++++--------
 9 files changed, 56 insertions(+), 45 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
index 993d0e74ee..73beb79503 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
@@ -7,6 +7,7 @@ using System.Globalization;
 using System.Linq;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
+using Microsoft.Framework.Primitives;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.Net.Http.Headers;
 
@@ -151,7 +152,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             if (!ChunkSize.HasValue || ChunkSize.Value > templateLength + escapedValue.Length + (quoted ? 2 : 0))
             {
                 template.Value = quoted ? Quote(escapedValue) : escapedValue;
-                responseHeaders.AppendValues(Constants.Headers.SetCookie, template.ToString());
+                responseHeaders.Append(Constants.Headers.SetCookie, template.ToString());
             }
             else if (ChunkSize.Value < templateLength + (quoted ? 2 : 0) + 10)
             {
@@ -171,7 +172,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 var cookieChunkCount = (int)Math.Ceiling(escapedValue.Length * 1.0 / dataSizePerCookie);
 
                 template.Value = "chunks:" + cookieChunkCount.ToString(CultureInfo.InvariantCulture);
-                responseHeaders.AppendValues(Constants.Headers.SetCookie, template.ToString());
+                responseHeaders.Append(Constants.Headers.SetCookie, template.ToString());
 
                 var chunks = new string[cookieChunkCount];
                 var offset = 0;
@@ -186,7 +187,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     template.Value = quoted ? Quote(segment) : segment;
                     chunks[chunkId - 1] = template.ToString();
                 }
-                responseHeaders.AppendValues(Constants.Headers.SetCookie, chunks);
+                responseHeaders.Append(Constants.Headers.SetCookie, chunks);
             }
         }
 
@@ -233,10 +234,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
 
             var responseHeaders = context.Response.Headers;
-            var existingValues = responseHeaders.GetValues(Constants.Headers.SetCookie);
-            if (existingValues != null)
+            var existingValues = responseHeaders[Constants.Headers.SetCookie];
+            if (!StringValues.IsNullOrEmpty(existingValues))
             {
-                responseHeaders.SetValues(Constants.Headers.SetCookie, existingValues.Where(value => !rejectPredicate(value)).ToArray());
+                responseHeaders[Constants.Headers.SetCookie] = existingValues.Where(value => !rejectPredicate(value)).ToArray();
             }
 
             AppendResponseCookie(
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 8919d76809..d04af10481 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -11,14 +11,13 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.Primitives;
+using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     internal class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
     {
-        private const string HeaderNameCacheControl = "Cache-Control";
-        private const string HeaderNamePragma = "Pragma";
-        private const string HeaderNameExpires = "Expires";
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueMinusOne = "-1";
         private const string SessionIdClaim = "Microsoft.AspNet.Authentication.Cookies-SessionId";
@@ -344,15 +343,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private void ApplyHeaders(bool shouldRedirectToReturnUrl = false)
         {
-            Response.Headers.Set(HeaderNameCacheControl, HeaderValueNoCache);
-            Response.Headers.Set(HeaderNamePragma, HeaderValueNoCache);
-            Response.Headers.Set(HeaderNameExpires, HeaderValueMinusOne);
+            Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
+            Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
+            Response.Headers[HeaderNames.Expires] = HeaderValueMinusOne;
 
             if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
             {
                 var query = Request.Query;
-                var redirectUri = query.Get(Options.ReturnUrlParameter);
-                if (!string.IsNullOrEmpty(redirectUri)
+                var redirectUri = query[Options.ReturnUrlParameter];
+                if (!StringValues.IsNullOrEmpty(redirectUri)
                     && IsHostRelative(redirectUri))
                 {
                     var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index e5823ff3ab..52e7b10371 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -42,7 +42,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var payload = new JObject();
             foreach (string key in form.Keys)
             {
-                payload.Add(string.Equals(key, "expires", StringComparison.OrdinalIgnoreCase) ? "expires_in" : key, form[key]);
+                payload.Add(string.Equals(key, "expires", StringComparison.OrdinalIgnoreCase) ? "expires_in" : key, (string)form[key]);
             }
 
             // The refresh token is not available.
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 818ba20fba..94f58ac466 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -5,8 +5,8 @@ using System;
 using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Security.Cryptography;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
@@ -15,6 +15,7 @@ using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.Primitives;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
@@ -85,16 +86,16 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 var query = Request.Query;
 
                 // TODO: Is this a standard error returned by servers?
-                var value = query.Get("error");
-                if (!string.IsNullOrEmpty(value))
+                var value = query["error"];
+                if (!StringValues.IsNullOrEmpty(value))
                 {
                     Logger.LogVerbose("Remote server returned an error: " + Request.QueryString);
                     // TODO: Fail request rather than passing through?
                     return null;
                 }
 
-                var code = query.Get("code");
-                var state = query.Get("state");
+                var code = query["code"];
+                var state = query["state"];
 
                 properties = Options.StateDataFormat.Unprotect(state);
                 if (properties == null)
@@ -108,7 +109,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                if (string.IsNullOrEmpty(code))
+                if (StringValues.IsNullOrEmpty(code))
                 {
                     // Null if the remote server returns an error.
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
index ffc0b9fc4f..8dad8dca3a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
@@ -20,7 +20,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// </summary>
         public OAuthBearerAuthenticationNotifications()
         {
-            ApplyChallenge = notification => { notification.HttpContext.Response.Headers.AppendValues("WWW-Authenticate", notification.Options.Challenge); return Task.FromResult(0); };
+            ApplyChallenge = notification => { notification.HttpContext.Response.Headers.Append("WWW-Authenticate", notification.Options.Challenge); return Task.FromResult(0); };
             AuthenticationFailed = notification => Task.FromResult(0);
             MessageReceived = notification => Task.FromResult(0);
             SecurityTokenReceived = notification => Task.FromResult(0);
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
index ef04f14a1f..c72f0b1b33 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@@ -50,7 +50,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
 
                 if (string.IsNullOrEmpty(token))
                 {
-                    var authorization = Request.Headers.Get("Authorization");
+                    string authorization = Request.Headers["Authorization"];
 
                     // If no authorization header found, nothing to process further
                     if (string.IsNullOrEmpty(authorization))
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 9e57c3fdf7..df1be78766 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Globalization;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
@@ -246,7 +247,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (string.Equals(Request.Method, "GET", StringComparison.OrdinalIgnoreCase))
             {
-                message = new OpenIdConnectMessage(Request.Query);
+                message = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
 
                 // response_mode=query (explicit or not) and a response_type containing id_token
                 // or token are not considered as a safe combination and MUST be rejected.
@@ -267,7 +268,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 var form = await Request.ReadFormAsync();
                 Request.Body.Seek(0, SeekOrigin.Begin);
-                message = new OpenIdConnectMessage(form);
+                message = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
             }
 
             if (message == null)
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index fb8f3aa254..7435e21875 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -16,6 +16,7 @@ using Microsoft.AspNet.Http.Internal;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.Primitives;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
@@ -61,21 +62,21 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
                 properties = requestToken.Properties;
 
-                var returnedToken = query.Get("oauth_token");
-                if (string.IsNullOrEmpty(returnedToken))
+                var returnedToken = query["oauth_token"];
+                if (StringValues.IsNullOrEmpty(returnedToken))
                 {
                     Logger.LogWarning("Missing oauth_token");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                if (returnedToken != requestToken.Token)
+                if (!string.Equals(returnedToken, requestToken.Token, StringComparison.Ordinal))
                 {
                     Logger.LogWarning("Unmatched token");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
                 }
 
-                var oauthVerifier = query.Get("oauth_verifier");
-                if (string.IsNullOrEmpty(oauthVerifier))
+                var oauthVerifier = query["oauth_verifier"];
+                if (StringValues.IsNullOrEmpty(oauthVerifier))
                 {
                     Logger.LogWarning("Missing or blank oauth_verifier");
                     return new AuthenticationTicket(properties, Options.AuthenticationScheme);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 425fa1742f..84d496918a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
             new ChunkingCookieManager(null) { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
-            IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
+            var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(1, values.Count);
             Assert.Equal("TestCookie=" + testString + "; path=/", values[0]);
         }
@@ -30,9 +30,9 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
             new ChunkingCookieManager(null) { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
-            IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
+            var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(9, values.Count);
-            Assert.Equal(new[]
+            Assert.Equal<string[]>(new[]
             {
                 "TestCookie=chunks:8; path=/",
                 "TestCookieC1=abcdefgh; path=/",
@@ -53,9 +53,9 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
 
             string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
             new ChunkingCookieManager(null) { ChunkSize = 32 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
-            IList<string> values = context.Response.Headers.GetValues("Set-Cookie");
+            var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(9, values.Count);
-            Assert.Equal(new[]
+            Assert.Equal<string[]>(new[]
             {
                 "TestCookie=chunks:8; path=/",
                 "TestCookieC1=\"abcdefgh\"; path=/",
@@ -73,7 +73,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         public void GetLargeChunkedCookie_Reassembled()
         {
             HttpContext context = new DefaultHttpContext();
-            context.Request.Headers.AppendValues("Cookie",
+            context.Request.Headers["Cookie"] = new[]
+            {
                 "TestCookie=chunks:7",
                 "TestCookieC1=abcdefghi",
                 "TestCookieC2=jklmnopqr",
@@ -81,7 +82,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC4=123456789",
                 "TestCookieC5=ABCDEFGHI",
                 "TestCookieC6=JKLMNOPQR",
-                "TestCookieC7=STUVWXYZ");
+                "TestCookieC7=STUVWXYZ"
+            };
 
             string result = new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie");
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
@@ -92,7 +94,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         public void GetLargeChunkedCookieWithQuotes_Reassembled()
         {
             HttpContext context = new DefaultHttpContext();
-            context.Request.Headers.AppendValues("Cookie",
+            context.Request.Headers["Cookie"] = new[]
+            {
                 "TestCookie=chunks:7",
                 "TestCookieC1=\"abcdefghi\"",
                 "TestCookieC2=\"jklmnopqr\"",
@@ -100,7 +103,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC4=\"123456789\"",
                 "TestCookieC5=\"ABCDEFGHI\"",
                 "TestCookieC6=\"JKLMNOPQR\"",
-                "TestCookieC7=\"STUVWXYZ\"");
+                "TestCookieC7=\"STUVWXYZ\""
+            };
 
             string result = new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie");
             string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
@@ -111,7 +115,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         public void GetLargeChunkedCookieWithMissingChunk_ThrowingEnabled_Throws()
         {
             HttpContext context = new DefaultHttpContext();
-            context.Request.Headers.AppendValues("Cookie",
+            context.Request.Headers["Cookie"] = new[]
+            {
                 "TestCookie=chunks:7",
                 "TestCookieC1=abcdefghi",
                 // Missing chunk "TestCookieC2=jklmnopqr",
@@ -119,7 +124,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC4=123456789",
                 "TestCookieC5=ABCDEFGHI",
                 "TestCookieC6=JKLMNOPQR",
-                "TestCookieC7=STUVWXYZ");
+                "TestCookieC7=STUVWXYZ"
+            };
 
             Assert.Throws<FormatException>(() => new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie"));
         }
@@ -128,7 +134,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         public void GetLargeChunkedCookieWithMissingChunk_ThrowingDisabled_NotReassembled()
         {
             HttpContext context = new DefaultHttpContext();
-            context.Request.Headers.AppendValues("Cookie",
+            context.Request.Headers["Cookie"] = new[]
+            {
                 "TestCookie=chunks:7",
                 "TestCookieC1=abcdefghi",
                 // Missing chunk "TestCookieC2=jklmnopqr",
@@ -136,7 +143,8 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
                 "TestCookieC4=123456789",
                 "TestCookieC5=ABCDEFGHI",
                 "TestCookieC6=JKLMNOPQR",
-                "TestCookieC7=STUVWXYZ");
+                "TestCookieC7=STUVWXYZ"
+            };
 
             string result = new ChunkingCookieManager(null) { ThrowForPartialCookies = false }.GetRequestCookie(context, "TestCookie");
             string testString = "chunks:7";
@@ -147,10 +155,10 @@ namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
         public void DeleteChunkedCookieWithOptions_AllDeleted()
         {
             HttpContext context = new DefaultHttpContext();
-            context.Request.Headers.AppendValues("Cookie", "TestCookie=chunks:7");
+            context.Request.Headers.Append("Cookie", "TestCookie=chunks:7");
 
             new ChunkingCookieManager(null).DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
-            var cookies = context.Response.Headers.GetValues("Set-Cookie");
+            var cookies = context.Response.Headers["Set-Cookie"];
             Assert.Equal(8, cookies.Count);
             Assert.Equal(new[]
             {

From 56315c441c3a1339843b99e2da20fc63bf5fe837 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 31 Aug 2015 06:46:18 -0700
Subject: [PATCH 303/900] Use new HttpContext.Features API.

---
 .../HttpContextExtensions.cs                  |  5 +-
 .../AuthenticationHandlerFacts.cs             | 97 ++++++++++++++++---
 2 files changed, 88 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
index 4617b02f4e..d50b6055d3 100644
--- a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication.Internal;
 
@@ -11,11 +12,11 @@ namespace Microsoft.AspNet.Authentication
     {
         internal static IHttpAuthenticationFeature GetAuthentication(this HttpContext context)
         {
-            var auth = context.GetFeature<IHttpAuthenticationFeature>();
+            var auth = context.Features.Get<IHttpAuthenticationFeature>();
             if (auth == null)
             {
                 auth = new HttpAuthenticationFeature();
-                context.SetFeature<IHttpAuthenticationFeature>(auth);
+                context.Features.Set<IHttpAuthenticationFeature>(auth);
             }
             return auth;
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index 219b63edac..db1a7e3a24 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -2,11 +2,15 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
+using System.IO;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.Framework.Logging;
+using Microsoft.Framework.Primitives;
 using Moq;
 using Xunit;
 
@@ -92,10 +96,9 @@ namespace Microsoft.AspNet.Authentication
             public static async Task<CountHandler> Create(string scheme)
             {
                 var handler = new CountHandler();
-                var context = new Mock<HttpContext>();
-                context.Setup(c => c.Request).Returns(new Mock<HttpRequest>().Object);
-                context.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object);
-                await handler.InitializeAsync(new CountOptions(), context.Object, new LoggerFactory().CreateLogger("CountHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                var context = new DefaultHttpContext();
+                context.Features.Set<IHttpResponseFeature>(new TestResponse());
+                await handler.InitializeAsync(new CountOptions(), context, new LoggerFactory().CreateLogger("CountHandler"), Framework.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 handler.Options.AutomaticAuthentication = true;
                 return handler;
@@ -116,10 +119,9 @@ namespace Microsoft.AspNet.Authentication
             public static async Task<TestHandler> Create(string scheme)
             {
                 var handler = new TestHandler();
-                var context = new Mock<HttpContext>();
-                context.Setup(c => c.Request).Returns(new Mock<HttpRequest>().Object);
-                context.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object);
-                await handler.InitializeAsync(new TestOptions(), context.Object, new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                var context = new DefaultHttpContext();
+                context.Features.Set<IHttpResponseFeature>(new TestResponse());
+                await handler.InitializeAsync(new TestOptions(), context, new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 return handler;
             }
@@ -147,10 +149,9 @@ namespace Microsoft.AspNet.Authentication
             public static async Task<TestAutoHandler> Create(string scheme, bool auto)
             {
                 var handler = new TestAutoHandler();
-                var context = new Mock<HttpContext>();
-                context.Setup(c => c.Request).Returns(new Mock<HttpRequest>().Object);
-                context.Setup(c => c.Response).Returns(new Mock<HttpResponse>().Object);
-                await handler.InitializeAsync(new TestAutoOptions(), context.Object, new LoggerFactory().CreateLogger("TestAutoHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                var context = new DefaultHttpContext();
+                context.Features.Set<IHttpResponseFeature>(new TestResponse());
+                await handler.InitializeAsync(new TestAutoOptions(), context, new LoggerFactory().CreateLogger("TestAutoHandler"), Framework.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 handler.Options.AutomaticAuthentication = auto;
                 return handler;
@@ -161,5 +162,77 @@ namespace Microsoft.AspNet.Authentication
                 return Task.FromResult<AuthenticationTicket>(null);
             }
         }
+
+        private class TestResponse : IHttpResponseFeature
+        {
+            public Stream Body
+            {
+                get
+                {
+                    throw new NotImplementedException();
+                }
+
+                set
+                {
+                    throw new NotImplementedException();
+                }
+            }
+
+            public bool HasStarted
+            {
+                get
+                {
+                    throw new NotImplementedException();
+                }
+            }
+
+            public IDictionary<string, StringValues> Headers
+            {
+                get
+                {
+                    throw new NotImplementedException();
+                }
+
+                set
+                {
+                    throw new NotImplementedException();
+                }
+            }
+
+            public string ReasonPhrase
+            {
+                get
+                {
+                    throw new NotImplementedException();
+                }
+
+                set
+                {
+                    throw new NotImplementedException();
+                }
+            }
+
+            public int StatusCode
+            {
+                get
+                {
+                    throw new NotImplementedException();
+                }
+
+                set
+                {
+                    throw new NotImplementedException();
+                }
+            }
+
+            public void OnCompleted(Func<object, Task> callback, object state)
+            {
+                throw new NotImplementedException();
+            }
+
+            public void OnStarting(Func<object, Task> callback, object state)
+            {
+            }
+        }
     }
 }

From fa3914493725e3e7e1d6e441361fca307363f457 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Sun, 24 May 2015 19:25:57 +0200
Subject: [PATCH 304/900] Use automatic properties, replace scope by a list and
 replace the validators list by a single validator

---
 .../OAuthAuthenticationMiddleware.cs          |   5 +
 .../OAuthAuthenticationOptions.cs             |   3 +-
 .../OAuthBearerAuthenticationMiddleware.cs    |   9 --
 .../OAuthBearerAuthenticationOptions.cs       |  54 ++-----
 .../OpenIdConnectAuthenticationHandler.cs     |  17 +--
 .../OpenIdConnectAuthenticationMiddleware.cs  |  14 +-
 .../OpenIdConnectAuthenticationOptions.cs     | 132 +++---------------
 .../OAuthBearer/OAuthBearerMiddlewareTests.cs |   7 +-
 .../OpenIdConnectHandlerTests.cs              |  17 ++-
 .../OpenIdConnectMiddlewareTests.cs           |   9 +-
 10 files changed, 61 insertions(+), 206 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 10ae285e96..55ab6f1ab4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -63,6 +63,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint)));
             }
 
+            if (Options.Notifications == null)
+            {
+                Options.Notifications = new OAuthAuthenticationNotifications();
+            }
+
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 2796acfd19..96cf1e9cfc 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -7,7 +7,6 @@ using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
@@ -83,7 +82,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Gets or sets the <see cref="IOAuthAuthenticationNotifications"/> used to handle authentication events.
         /// </summary>
-        public IOAuthAuthenticationNotifications Notifications { get; [param: NotNull] set; } = new OAuthAuthenticationNotifications();
+        public IOAuthAuthenticationNotifications Notifications { get; set; } = new OAuthAuthenticationNotifications();
 
         /// <summary>
         /// A list of permissions to request.
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
index 9fcd66c5d8..2fa9ddd2b0 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
@@ -2,12 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
-using System.IdentityModel.Tokens;
-using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Builder;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
@@ -43,11 +39,6 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 Options.Notifications = new OAuthBearerAuthenticationNotifications();
             }
 
-            if (Options.SecurityTokenValidators == null)
-            {
-                Options.SecurityTokenValidators = new List<ISecurityTokenValidator> { new JwtSecurityTokenHandler() };
-            }
-
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
             {
                 Options.TokenValidationParameters.ValidAudience = Options.Audience;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
index c8b63c9b53..456236f4a2 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
@@ -4,8 +4,8 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-using Microsoft.Framework.Internal;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -16,21 +16,12 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
     /// </summary>
     public class OAuthBearerAuthenticationOptions : AuthenticationOptions
     {
-        private ICollection<ISecurityTokenValidator> _securityTokenValidators;
-        private TokenValidationParameters _tokenValidationParameters;
-
         /// <summary>
         /// Creates an instance of bearer authentication options with default values.
         /// </summary>
         public OAuthBearerAuthenticationOptions() : base()
         {
             AuthenticationScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
-            BackchannelTimeout = TimeSpan.FromMinutes(1);
-            Challenge = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
-            Notifications = new OAuthBearerAuthenticationNotifications();
-            RefreshOnIssuerKeyNotFound = true;
-            SystemClock = new SystemClock();
-            TokenValidationParameters = new TokenValidationParameters();
         }
 
         /// <summary>
@@ -54,15 +45,14 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// <summary>
         /// Gets or sets the challenge to put in the "WWW-Authenticate" header.
         /// </summary>
-        /// TODO - brentschmaltz, should not be null.
-        public string Challenge { get; set; }
+        public string Challenge { get; set; } = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
 
         /// <summary>
         /// The object provided by the application to process events raised by the bearer authentication middleware.
         /// The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public OAuthBearerAuthenticationNotifications Notifications { get; set; }
+        public OAuthBearerAuthenticationNotifications Notifications { get; set; } = new OAuthBearerAuthenticationNotifications();
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
@@ -74,7 +64,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// <summary>
         /// Gets or sets the timeout when using the backchannel to make an http call.
         /// </summary>
-        public TimeSpan BackchannelTimeout { get; set; }
+        public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromMinutes(1);
 
 #if DNX451
         /// <summary>
@@ -104,48 +94,24 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
         /// recovery in the event of a signature key rollover. This is enabled by default.
         /// </summary>
-        public bool RefreshOnIssuerKeyNotFound { get; set; }
+        public bool RefreshOnIssuerKeyNotFound { get; set; } = true;
 
         /// <summary>
         /// Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on
         /// DateTimeOffset.UtcNow. This is typically needed only for unit testing.
         /// </summary>
-        public ISystemClock SystemClock { get; set; }
+        public ISystemClock SystemClock { get; set; } = new SystemClock();
 
         /// <summary>
-        /// Gets or sets the <see cref="SecurityTokenValidators"/> for validating tokens.
+        /// Gets the ordered list of <see cref="ISecurityTokenValidator"/> used to validate access tokens.
         /// </summary>
-        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
-        public ICollection<ISecurityTokenValidator> SecurityTokenValidators
-        {
-            get
-            {
-                return _securityTokenValidators;
-            }
-
-            [param: NotNull]
-            set
-            {
-                _securityTokenValidators = value;
-            }
-        }
+        public IList<ISecurityTokenValidator> SecurityTokenValidators { get; } = new List<ISecurityTokenValidator> { new JwtSecurityTokenHandler() };
 
         /// <summary>
-        /// Gets or sets the TokenValidationParameters
+        /// Gets or sets the parameters used to validate identity tokens.
         /// </summary>
         /// <remarks>Contains the types and definitions required for validating a token.</remarks>
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
-        public TokenValidationParameters TokenValidationParameters
-        {
-            get
-            {
-                return _tokenValidationParameters;
-            }
-            [param: NotNull]
-            set
-            {
-                _tokenValidationParameters = value;
-            }
-        }
+        public TokenValidationParameters TokenValidationParameters { get; set; } = new TokenValidationParameters();
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index df1be78766..6b457df156 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -141,7 +141,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 RequestType = OpenIdConnectRequestType.AuthenticationRequest,
                 Resource = Options.Resource,
                 ResponseType = Options.ResponseType,
-                Scope = Options.Scope
+                Scope = string.Join(" ", Options.Scope)
             };
 
             // Omitting the response_mode parameter when it already corresponds to the default
@@ -827,17 +827,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             SecurityToken validatedToken = null;
             ClaimsPrincipal principal = null;
-            foreach (var validator in Options.SecurityTokenValidators)
+            if (Options.SecurityTokenValidator.CanReadToken(idToken))
             {
-                if (validator.CanReadToken(idToken))
+                principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out validatedToken);
+                jwt = validatedToken as JwtSecurityToken;
+                if (jwt == null)
                 {
-                    principal = validator.ValidateToken(idToken, validationParameters, out validatedToken);
-                    jwt = validatedToken as JwtSecurityToken;
-                    if (jwt == null)
-                    {
-                        Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
-                        throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
-                    }
+                    Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
+                    throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
                 }
             }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index f08577d0e9..e4bef30dbb 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -2,10 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.ObjectModel;
 using System.Diagnostics.CodeAnalysis;
-using System.IdentityModel.Tokens;
-using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
 using System.Text;
 using Microsoft.AspNet.Builder;
@@ -60,10 +57,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(OpenIdConnectAuthenticationMiddleware).FullName, 
-					typeof(string).FullName,
+                    typeof(OpenIdConnectAuthenticationMiddleware).FullName,
+                    typeof(string).FullName,
                     Options.AuthenticationScheme,
-					"v1");
+                    "v1");
 
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
@@ -78,11 +75,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector, TextEncodings.Base64Url);
             }
-
-            if (Options.SecurityTokenValidators == null)
-            {
-                Options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { new JwtSecurityTokenHandler() };
-            }
             
             // if the user has not set the AuthorizeCallback, set it from the redirect_uri
             if (!Options.CallbackPath.HasValue)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 85ff60903d..70809636cd 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -5,11 +5,12 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
+using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Caching.Distributed;
-using Microsoft.Framework.Internal;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -20,13 +21,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     public class OpenIdConnectAuthenticationOptions : AuthenticationOptions
     {
-        private TimeSpan _backchannelTimeout;
-        private OpenIdConnectProtocolValidator _protocolValidator;
-        private ICollection<ISecurityTokenValidator> _securityTokenValidators;
-        private ISecureDataFormat<AuthenticationProperties> _stateDataFormat;
-        private ISecureDataFormat<string> _stringDataFormat;
-        private TokenValidationParameters _tokenValidationParameters;
-
         /// <summary>
         /// Initializes a new <see cref="OpenIdConnectAuthenticationOptions"/>
         /// </summary>
@@ -55,16 +49,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public OpenIdConnectAuthenticationOptions(string authenticationScheme)
         {
             AuthenticationScheme = authenticationScheme;
-            BackchannelTimeout = TimeSpan.FromMinutes(1);
             Caption = OpenIdConnectAuthenticationDefaults.Caption;
-            GetClaimsFromUserInfoEndpoint = false;
-            ProtocolValidator = new OpenIdConnectProtocolValidator() { RequireState = false };
-            RefreshOnIssuerKeyNotFound = true;
-            ResponseMode = OpenIdConnectResponseModes.FormPost;
-            ResponseType = OpenIdConnectResponseTypes.CodeIdToken;
-            Scope = OpenIdConnectScopes.OpenIdProfile;
-            TokenValidationParameters = new TokenValidationParameters();
-            UseTokenLifetime = true;
         }
 
         /// <summary>
@@ -103,23 +88,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// Gets or sets the timeout when using the backchannel to make an http call.
         /// </summary>
         [SuppressMessage("Microsoft.Usage", "CA2208:InstantiateArgumentExceptionsCorrectly", Justification = "By design we use the property name in the exception")]
-        public TimeSpan BackchannelTimeout
-        {
-            get
-            {
-                return _backchannelTimeout;
-            }
-
-            set
-            {
-                if (value <= TimeSpan.Zero)
-                {
-                    throw new ArgumentOutOfRangeException(nameof(BackchannelTimeout), value, Resources.OIDCH_0101_BackChallnelLessThanZero);
-                }
-
-                _backchannelTimeout = value;
-            }
-        }
+        public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60);
 
         /// <summary>
         /// Get or sets the text that the user can display on a sign in user interface.
@@ -192,25 +161,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectAuthenticationNotifications"/> to notify when processing OpenIdConnect messages.
         /// </summary>
-        public OpenIdConnectAuthenticationNotifications Notifications { get; set; }
+        public OpenIdConnectAuthenticationNotifications Notifications { get; set; } = new OpenIdConnectAuthenticationNotifications();
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
         /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 
         /// </summary>
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
-        public OpenIdConnectProtocolValidator ProtocolValidator
-        {
-            get
-            {
-                return _protocolValidator;
-            }
-            [param: NotNull]
-            set
-            {
-                _protocolValidator = value;
-            }
-        }
+        public OpenIdConnectProtocolValidator ProtocolValidator { get; set; } = new OpenIdConnectProtocolValidator { RequireState = false };
 
         /// <summary>
         /// Gets or sets the 'post_logout_redirect_uri'
@@ -230,7 +188,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
         /// recovery in the event of a signature key rollover. This is enabled by default.
         /// </summary>
-        public bool RefreshOnIssuerKeyNotFound { get; set; }
+        public bool RefreshOnIssuerKeyNotFound { get; set; } = true;
 
         /// <summary>
         /// Gets or sets the 'resource'.
@@ -240,103 +198,49 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Gets or sets the 'response_mode'.
         /// </summary>
-        public string ResponseMode { get; set; }
+        public string ResponseMode { get; set; } = OpenIdConnectResponseModes.FormPost;
 
         /// <summary>
         /// Gets or sets the 'response_type'.
         /// </summary>
-        public string ResponseType { get; set; }
+        public string ResponseType { get; set; } = OpenIdConnectResponseTypes.CodeIdToken;
 
         /// <summary>
-        /// Gets or sets the 'scope'.
+        /// Gets the list of permissions to request.
         /// </summary>
-        public string Scope { get; set; }
+        public IList<string> Scope { get; } = new List<string> { "openid", "profile" };
 
         /// <summary>
-        /// Gets or sets the SignInScheme which will be used to set the <see cref="System.Security.Claims.ClaimsIdentity.AuthenticationType"/>.
+        /// Gets or sets the SignInScheme which will be used to set the <see cref="ClaimsIdentity.AuthenticationType"/>.
         /// </summary>
         public string SignInScheme { get; set; }
 
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
-        public ISecureDataFormat<AuthenticationProperties> StateDataFormat
-        {
-            get
-            {
-                return _stateDataFormat;
-            }
-            [param: NotNull]
-            set
-            {
-                _stateDataFormat = value;
-            }
-        }
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
 
         /// <summary>
         /// Gets or sets the type used to secure strings used by the middleware.
         /// </summary>
-        public ISecureDataFormat<string> StringDataFormat
-        {
-            get
-            {
-                return _stringDataFormat;
-            }
-            [param: NotNull]
-            set
-            {
-                _stringDataFormat = value;
-            }
-        }
+        public ISecureDataFormat<string> StringDataFormat { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="SecurityTokenValidators"/> for validating tokens.
+        /// Gets or sets the <see cref="ISecurityTokenValidator"/> used to validate identity tokens.
         /// </summary>
-        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
-        public ICollection<ISecurityTokenValidator> SecurityTokenValidators
-        {
-            get
-            {
-                return _securityTokenValidators;
-            }
-
-            set
-            {
-                if (value == null)
-                {
-                    throw new ArgumentNullException("SecurityTokenValidators");
-                }
-
-                _securityTokenValidators = value;
-            }
-        }
+        public ISecurityTokenValidator SecurityTokenValidator { get; set; } = new JwtSecurityTokenHandler();
 
         /// <summary>
-        /// Gets or sets the TokenValidationParameters
+        /// Gets or sets the parameters used to validate identity tokens.
         /// </summary>
         /// <remarks>Contains the types and definitions required for validating a token.</remarks>
-        public TokenValidationParameters TokenValidationParameters
-        {
-            get
-            {
-                return _tokenValidationParameters;
-            }
-            [param: NotNull]
-            set
-            {
-                _tokenValidationParameters = value;
-            }
-        }
+        public TokenValidationParameters TokenValidationParameters { get; set; } = new TokenValidationParameters();
 
         /// <summary>
         /// Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token.
         /// If the token does not provide lifetime information then normal session lifetimes will be used.
         /// This is enabled by default.
         /// </summary>
-        public bool UseTokenLifetime
-        {
-            get;
-            set;
-        }
+        public bool UseTokenLifetime { get; set; } = true;
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
index ce481bf6a1..2331c9816f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@@ -29,10 +29,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
 
                 options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
                 options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
-                options.TokenValidationParameters = new TokenValidationParameters
-                {
-                    ValidateLifetime = false
-                };
+                options.TokenValidationParameters.ValidateLifetime = false;
             });
 
             var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
@@ -167,7 +164,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     return Task.FromResult<object>(null);
                 };
 
-                options.SecurityTokenValidators = new[] { new BlobTokenValidator(options.AuthenticationScheme) };
+                options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme));
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 5dc58c6737..cef7567f18 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Collections.ObjectModel;
 using System.Diagnostics;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
@@ -273,7 +272,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
@@ -289,7 +288,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
@@ -305,7 +304,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthenticationErrorHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
@@ -321,7 +320,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
@@ -387,7 +386,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.ProtocolValidator.RequireNonce = false;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             options.GetClaimsFromUserInfoEndpoint = true;
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.Notifications =
                 new OpenIdConnectAuthenticationNotifications
                 {
@@ -469,7 +468,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             SecurityToken jwt = null;
             mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Returns(new ClaimsPrincipal());
             mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(false);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
+            options.SecurityTokenValidator = mockValidator.Object;
         }
 
         private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOptions options)
@@ -479,13 +478,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             SecurityToken jwt = null;
             mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Throws<SecurityTokenSignatureKeyNotFoundException>();
             mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { mockValidator.Object };
+            options.SecurityTokenValidator = mockValidator.Object;
         }
 
         private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };
+            options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator.RequireTimeStampInNonce = false;
             options.ProtocolValidator.RequireNonce = false;
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 581f494c07..912a61047e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -226,8 +226,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     options.RedirectUri = queryValues.RedirectUri;
                 else if (param.Equals(OpenIdConnectParameterNames.Resource))
                     options.Resource = queryValues.Resource;
-                else if (param.Equals(OpenIdConnectParameterNames.Scope))
-                    options.Scope = queryValues.Scope;
+                else if (param.Equals(OpenIdConnectParameterNames.Scope)) {
+                    options.Scope.Clear();
+
+                    foreach (var scope in queryValues.Scope.Split(' ')) {
+                        options.Scope.Add(scope);
+                    }
+                }
             }
 
             options.Authority = queryValues.Authority;

From d9b3ea2a54944fe0310beae584b7cce2e95cbe61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Fri, 7 Aug 2015 23:41:02 +0200
Subject: [PATCH 305/900] Add POST support for OpenID Connect authorization and
 logout requests

---
 samples/OpenIdConnectSample/Startup.cs        |  10 +-
 .../OpenIdConnectAuthenticationHandler.cs     | 104 ++++++++++++++++--
 .../OpenIdConnectAuthenticationMethod.cs      |  21 ++++
 .../OpenIdConnectAuthenticationMiddleware.cs  |   5 +
 .../OpenIdConnectAuthenticationOptions.cs     |  11 ++
 .../OpenIdConnectMiddlewareTests.cs           |  16 +++
 6 files changed, 152 insertions(+), 15 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMethod.cs

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 00652c32f5..26c9129e07 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -31,11 +31,11 @@ namespace OpenIdConnectSample
             });
 
             app.UseOpenIdConnectAuthentication(options =>
-                {
-                    options.ClientId = "fe78e0b4-6fe7-47e6-812c-fb75cee266a4";
-                    options.Authority = "https://login.windows.net/cyrano.onmicrosoft.com";
-                    options.RedirectUri = "http://localhost:42023";
-                });
+            {
+                options.ClientId = "fe78e0b4-6fe7-47e6-812c-fb75cee266a4";
+                options.Authority = "https://login.windows.net/cyrano.onmicrosoft.com";
+                options.RedirectUri = "http://localhost:42023";
+            });
 
             app.Run(async context =>
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 6b457df156..6a209dd45d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -11,6 +11,7 @@ using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
+using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
@@ -19,6 +20,7 @@ using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
@@ -30,6 +32,22 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     {
         private const string NonceProperty = "N";
         private const string UriSchemeDelimiter = "://";
+
+        private const string InputTagFormat = @"<input type=""hidden"" name=""{0}"" value=""{1}"" />";
+        private const string HtmlFormFormat = @"<!doctype html>
+<html>
+<head>
+    <title>Please wait while you're being redirected to the identity provider</title>
+</head>
+<body>
+    <form name=""form"" method=""post"" action=""{0}"">
+        {1}
+        <noscript>Click here to finish the process: <input type=""submit"" /></noscript>
+    </form>
+    <script>document.form.submit();</script>
+</body>
+</html>";
+
         private OpenIdConnectConfiguration _configuration;
 
         protected HttpClient Backchannel { get; private set; }
@@ -93,13 +111,43 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     message = redirectToIdentityProviderNotification.ProtocolMessage;
                 }
 
-                var redirectUri = message.CreateLogoutRequestUrl();
-                if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.RedirectGet)
                 {
-                    Logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
-                }
+                    var redirectUri = message.CreateLogoutRequestUrl();
+                    if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                    {
+                        Logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
+                    }
 
-                Response.Redirect(redirectUri);
+                    Response.Redirect(redirectUri);
+                }
+                else if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.FormPost)
+                {
+                    var inputs = new StringBuilder();
+                    foreach (var parameter in message.Parameters)
+                    {
+                        var name = Options.HtmlEncoder.HtmlEncode(parameter.Key);
+                        var value = Options.HtmlEncoder.HtmlEncode(parameter.Value);
+
+                        var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
+                        inputs.AppendLine(input);
+                    }
+
+                    var issuer = Options.HtmlEncoder.HtmlEncode(message.IssuerAddress);
+
+                    var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
+                    var buffer = Encoding.UTF8.GetBytes(content);
+
+                    Response.ContentLength = buffer.Length;
+                    Response.ContentType = "text/html;charset=UTF-8";
+
+                    // Emit Cache-Control=no-cache to prevent client caching.
+                    Response.Headers.Set(HeaderNames.CacheControl, "no-cache");
+                    Response.Headers.Set(HeaderNames.Pragma, "no-cache");
+                    Response.Headers.Set(HeaderNames.Expires, "-1");
+
+                    await Response.Body.WriteAsync(buffer, 0, buffer.Length);
+                }
             }
         }
 
@@ -218,14 +266,50 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             message.State = Options.StateDataFormat.Protect(properties);
 
-            var redirectUri = message.CreateAuthenticationRequestUrl();
-            if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+            if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.RedirectGet)
             {
-                Logger.LogWarning(Resources.OIDCH_0036_UriIsNotWellFormed, redirectUri);
+                var redirectUri = message.CreateAuthenticationRequestUrl();
+                if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                {
+                    Logger.LogWarning(Resources.OIDCH_0036_UriIsNotWellFormed, redirectUri);
+                }
+
+                Response.Redirect(redirectUri);
+
+                return true;
+            }
+            else if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.FormPost)
+            {
+                var inputs = new StringBuilder();
+                foreach (var parameter in message.Parameters)
+                {
+                    var name = Options.HtmlEncoder.HtmlEncode(parameter.Key);
+                    var value = Options.HtmlEncoder.HtmlEncode(parameter.Value);
+
+                    var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
+                    inputs.AppendLine(input);
+                }
+
+                var issuer = Options.HtmlEncoder.HtmlEncode(message.IssuerAddress);
+
+                var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
+                var buffer = Encoding.UTF8.GetBytes(content);
+
+                Response.ContentLength = buffer.Length;
+                Response.ContentType = "text/html;charset=UTF-8";
+
+                // Emit Cache-Control=no-cache to prevent client caching.
+                Response.Headers.Set(HeaderNames.CacheControl, "no-cache");
+                Response.Headers.Set(HeaderNames.Pragma, "no-cache");
+                Response.Headers.Set(HeaderNames.Expires, "-1");
+
+                await Response.Body.WriteAsync(buffer, 0, buffer.Length);
+
+                return true;
             }
 
-            Response.Redirect(redirectUri);
-            return true;
+            Logger.LogError("An unsupported authentication method has been configured: {0}", Options.AuthenticationMethod);
+            return false;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMethod.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMethod.cs
new file mode 100644
index 0000000000..147d576f9b
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMethod.cs
@@ -0,0 +1,21 @@
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// Lists the different authentication methods used to
+    /// redirect the user agent to the identity provider.
+    /// </summary>
+    public enum OpenIdConnectAuthenticationMethod
+    {
+        /// <summary>
+        /// Emits a 302 response to redirect the user agent to
+        /// the OpenID Connect provider using a GET request.
+        /// </summary>
+        RedirectGet = 0,
+
+        /// <summary>
+        /// Emits an HTML form to redirect the user agent to
+        /// the OpenID Connect provider using a POST request.
+        /// </summary>
+        FormPost = 1
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index e4bef30dbb..b26fd1f5e8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -54,6 +54,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Options.SignInScheme = sharedOptions.Options.SignInScheme;
             }
 
+            if (Options.HtmlEncoder == null)
+            {
+                Options.HtmlEncoder = services.GetHtmlEncoder();
+            }
+
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 70809636cd..4bdfcca994 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -11,6 +11,7 @@ using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Caching.Distributed;
+using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -190,6 +191,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public bool RefreshOnIssuerKeyNotFound { get; set; } = true;
 
+        /// <summary>
+        /// Gets or sets the method used to redirect the user agent to the identity provider.
+        /// </summary>
+        public OpenIdConnectAuthenticationMethod AuthenticationMethod { get; set; }
+
         /// <summary>
         /// Gets or sets the 'resource'.
         /// </summary>
@@ -242,5 +248,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// This is enabled by default.
         /// </summary>
         public bool UseTokenLifetime { get; set; } = true;
+
+        /// <summary>
+        /// Gets or sets the <see cref="IHtmlEncoder"/> used to sanitize HTML outputs.
+        /// </summary>
+        public IHtmlEncoder HtmlEncoder { get; set; }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 912a61047e..72c82999bf 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -40,6 +40,22 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         const string Signin = "/signin";
         const string Signout = "/signout";
 
+        [Fact]
+        public async Task ChallengeWillIssueHtmlFormWhenEnabled()
+        {
+            var server = CreateServer(options =>
+            {
+                options.Authority = DefaultAuthority;
+                options.ClientId = "Test Id";
+                options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
+                options.AuthenticationMethod = OpenIdConnectAuthenticationMethod.FormPost;
+            });
+            var transaction = await SendAsync(server, DefaultHost + Challenge);
+            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            transaction.Response.Content.Headers.ContentType.MediaType.ShouldBe("text/html");
+            transaction.ResponseText.ShouldContain("form");
+        }
+
         [Fact]
         public async Task ChallengeWillSetDefaults()
         {

From 561c997cb2d10b115d3ca96deba4bdae4a0fff9a Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 31 Aug 2015 20:29:36 -0700
Subject: [PATCH 306/900] React to IHeaderDictionary API changes.

---
 .../OpenIdConnectAuthenticationHandler.cs            | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 6a209dd45d..138873c03b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -142,9 +142,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     Response.ContentType = "text/html;charset=UTF-8";
 
                     // Emit Cache-Control=no-cache to prevent client caching.
-                    Response.Headers.Set(HeaderNames.CacheControl, "no-cache");
-                    Response.Headers.Set(HeaderNames.Pragma, "no-cache");
-                    Response.Headers.Set(HeaderNames.Expires, "-1");
+                    Response.Headers[HeaderNames.CacheControl] = "no-cache";
+                    Response.Headers[HeaderNames.Pragma] = "no-cache";
+                    Response.Headers[HeaderNames.Expires] = "-1";
 
                     await Response.Body.WriteAsync(buffer, 0, buffer.Length);
                 }
@@ -299,9 +299,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Response.ContentType = "text/html;charset=UTF-8";
 
                 // Emit Cache-Control=no-cache to prevent client caching.
-                Response.Headers.Set(HeaderNames.CacheControl, "no-cache");
-                Response.Headers.Set(HeaderNames.Pragma, "no-cache");
-                Response.Headers.Set(HeaderNames.Expires, "-1");
+                Response.Headers[HeaderNames.CacheControl] = "no-cache";
+                Response.Headers[HeaderNames.Pragma] = "no-cache";
+                Response.Headers[HeaderNames.Expires] = "-1";
 
                 await Response.Body.WriteAsync(buffer, 0, buffer.Length);
 

From bcf8a45340413f85d81e3489f1a9ae2fb4ea0d3f Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 1 Sep 2015 12:23:51 -0700
Subject: [PATCH 307/900] #413 Rename OAuthBearer to JwtBearer.

---
 Security.sln                                  |  4 +--
 .../JwtBearerAppBuilderExtensions.cs}         | 12 +++----
 .../JwtBearerAuthenticationDefaults.cs}       |  8 ++---
 .../JwtBearerAuthenticationHandler.cs}        | 14 ++++----
 .../JwtBearerAuthenticationMiddleware.cs}     | 22 ++++++------
 .../JwtBearerAuthenticationOptions.cs}        | 14 ++++----
 .../JwtBearerServiceCollectionExtensions.cs   | 36 +++++++++++++++++++
 ...oft.AspNet.Authentication.JwtBearer.xproj} |  0
 .../AuthenticationChallengeNotification.cs    |  2 +-
 .../JwtBearerAuthenticationNotifications.cs}  | 22 ++++++------
 .../Properties/AssemblyInfo.cs                |  0
 .../Resources.Designer.cs                     |  4 +--
 .../Resources.resx                            |  0
 .../project.json                              |  2 +-
 .../OAuthBearerServiceCollectionExtensions.cs | 36 -------------------
 .../JwtBearerMiddlewareTests.cs}              | 16 ++++-----
 .../project.json                              |  2 +-
 17 files changed, 97 insertions(+), 97 deletions(-)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs} (69%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationDefaults.cs} (70%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs} (93%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs} (84%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs} (89%)
 create mode 100644 src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj => Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer => Microsoft.AspNet.Authentication.JwtBearer}/Notifications/AuthenticationChallengeNotification.cs (89%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs => Microsoft.AspNet.Authentication.JwtBearer/Notifications/JwtBearerAuthenticationNotifications.cs} (65%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer => Microsoft.AspNet.Authentication.JwtBearer}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer => Microsoft.AspNet.Authentication.JwtBearer}/Resources.Designer.cs (95%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer => Microsoft.AspNet.Authentication.JwtBearer}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuthBearer => Microsoft.AspNet.Authentication.JwtBearer}/project.json (95%)
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
 rename test/Microsoft.AspNet.Authentication.Test/{OAuthBearer/OAuthBearerMiddlewareTests.cs => JwtBearer/JwtBearerMiddlewareTests.cs} (95%)

diff --git a/Security.sln b/Security.sln
index 8f65fe16bd..7fd810f8b7 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.22605.0
+VisualStudioVersion = 14.0.23107.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -40,7 +40,7 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentica
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Test", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Test.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuthBearer", "src\Microsoft.AspNet.Authentication.OAuthBearer\Microsoft.AspNet.Authentication.OAuthBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Test", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Test.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
 EndProject
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
similarity index 69%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index f50b2a401a..4b14d7ab78 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -2,16 +2,16 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.OAuthBearer;
+using Microsoft.AspNet.Authentication.JwtBearer;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods to add OAuth Bearer authentication capabilities to an HTTP application pipeline
+    /// Extension methods to add Jwt Bearer authentication capabilities to an HTTP application pipeline
     /// </summary>
-    public static class OAuthBearerAppBuilderExtensions
+    public static class JwtBearerAppBuilderExtensions
     {
         /// <summary>
         /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
@@ -24,10 +24,10 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the bearer header.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOAuthBearerAuthentication([NotNull] this IApplicationBuilder app, Action<OAuthBearerAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
-            return app.UseMiddleware<OAuthBearerAuthenticationMiddleware>(
-                new ConfigureOptions<OAuthBearerAuthenticationOptions>(configureOptions ?? (o => { }))
+            return app.UseMiddleware<JwtBearerAuthenticationMiddleware>(
+                new ConfigureOptions<JwtBearerAuthenticationOptions>(configureOptions ?? (o => { }))
                 {
                     Name = optionsName
                 });
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationDefaults.cs
similarity index 70%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationDefaults.cs
index 2dc1797e96..d6cb381976 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationDefaults.cs
@@ -1,16 +1,16 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.OAuthBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
     /// Default values used by authorization server and bearer authentication.
     /// </summary>
-    public static class OAuthBearerAuthenticationDefaults
+    public static class JwtBearerAuthenticationDefaults
     {
         /// <summary>
-        /// Default value for AuthenticationScheme property in the OAuthBearerAuthenticationOptions and
-        /// OAuthAuthorizationServerOptions.
+        /// Default value for AuthenticationScheme property in the JwtBearerAuthenticationOptions and
+        /// JwtAuthorizationServerOptions.
         /// </summary>
         public const string AuthenticationScheme = "Bearer";
     }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
similarity index 93%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
index c72f0b1b33..6b740c5d0b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
@@ -11,9 +11,9 @@ using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OAuthBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class OAuthBearerAuthenticationHandler : AuthenticationHandler<OAuthBearerAuthenticationOptions>
+    public class JwtBearerAuthenticationHandler : AuthenticationHandler<JwtBearerAuthenticationOptions>
     {
         private OpenIdConnectConfiguration _configuration;
 
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             {
                 // Give application opportunity to find from a different location, adjust, or reject token
                 var messageReceivedNotification =
-                    new MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                    new MessageReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                     {
                         ProtocolMessage = Context,
                     };
@@ -72,7 +72,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
 
                 // notify user token was received
                 var securityTokenReceivedNotification =
-                    new SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                    new SecurityTokenReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = Context,
                     SecurityToken = token,
@@ -117,7 +117,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     {
                         var principal = validator.ValidateToken(token, validationParameters, out validatedToken);
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
-                        var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                        var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                         {
                             ProtocolMessage = Context,
                             AuthenticationTicket = ticket
@@ -151,7 +151,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                 }
 
                 var authenticationFailedNotification =
-                    new AuthenticationFailedNotification<HttpContext, OAuthBearerAuthenticationOptions>(Context, Options)
+                    new AuthenticationFailedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                     {
                         ProtocolMessage = Context,
                         Exception = ex
@@ -175,7 +175,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             Response.StatusCode = 401;
-            await Options.Notifications.ApplyChallenge(new AuthenticationChallengeNotification<OAuthBearerAuthenticationOptions>(Context, Options));
+            await Options.Notifications.ApplyChallenge(new AuthenticationChallengeNotification<JwtBearerAuthenticationOptions>(Context, Options));
             return false;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
similarity index 84%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
index 2fa9ddd2b0..973c6f80d0 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
@@ -12,31 +12,31 @@ using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OAuthBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
     /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
-    /// created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication
+    /// created by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication
     /// extension method.
     /// </summary>
-    public class OAuthBearerAuthenticationMiddleware : AuthenticationMiddleware<OAuthBearerAuthenticationOptions>
+    public class JwtBearerAuthenticationMiddleware : AuthenticationMiddleware<JwtBearerAuthenticationOptions>
     {
         /// <summary>
         /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
-        /// called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication 
+        /// called by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication 
         /// extension method.
         /// </summary>
-        public OAuthBearerAuthenticationMiddleware(
+        public JwtBearerAuthenticationMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<OAuthBearerAuthenticationOptions> options,
-            ConfigureOptions<OAuthBearerAuthenticationOptions> configureOptions)
+            [NotNull] IOptions<JwtBearerAuthenticationOptions> options,
+            ConfigureOptions<JwtBearerAuthenticationOptions> configureOptions)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
             if (Options.Notifications == null)
             {
-                Options.Notifications = new OAuthBearerAuthenticationNotifications();
+                Options.Notifications = new JwtBearerAuthenticationNotifications();
             }
 
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
@@ -76,13 +76,13 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
         /// </summary>
         /// <returns>A new instance of the request handler</returns>
-        protected override AuthenticationHandler<OAuthBearerAuthenticationOptions> CreateHandler()
+        protected override AuthenticationHandler<JwtBearerAuthenticationOptions> CreateHandler()
         {
-            return new OAuthBearerAuthenticationHandler();
+            return new JwtBearerAuthenticationHandler();
         }
 
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(OAuthBearerAuthenticationOptions options)
+        private static HttpMessageHandler ResolveHttpMessageHandler(JwtBearerAuthenticationOptions options)
         {
             HttpMessageHandler handler = options.BackchannelHttpHandler ??
 #if DNX451
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
index 456236f4a2..8e9c51e8b3 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
@@ -9,19 +9,19 @@ using System.Net.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OAuthBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
     /// </summary>
-    public class OAuthBearerAuthenticationOptions : AuthenticationOptions
+    public class JwtBearerAuthenticationOptions : AuthenticationOptions
     {
         /// <summary>
         /// Creates an instance of bearer authentication options with default values.
         /// </summary>
-        public OAuthBearerAuthenticationOptions() : base()
+        public JwtBearerAuthenticationOptions() : base()
         {
-            AuthenticationScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
+            AuthenticationScheme = JwtBearerAuthenticationDefaults.AuthenticationScheme;
         }
 
         /// <summary>
@@ -45,14 +45,14 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// <summary>
         /// Gets or sets the challenge to put in the "WWW-Authenticate" header.
         /// </summary>
-        public string Challenge { get; set; } = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
+        public string Challenge { get; set; } = JwtBearerAuthenticationDefaults.AuthenticationScheme;
 
         /// <summary>
         /// The object provided by the application to process events raised by the bearer authentication middleware.
-        /// The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider
+        /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationProvider
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public OAuthBearerAuthenticationNotifications Notifications { get; set; } = new OAuthBearerAuthenticationNotifications();
+        public JwtBearerAuthenticationNotifications Notifications { get; set; } = new JwtBearerAuthenticationNotifications();
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..f026908667
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
@@ -0,0 +1,36 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Authentication.JwtBearer;
+using Microsoft.Framework.Configuration;
+using Microsoft.Framework.Internal;
+
+namespace Microsoft.Framework.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods to add Jwt Bearer authentication capabilities to an HTTP application pipeline
+    /// </summary>
+    public static class JwtBearerServiceCollectionExtensions
+    {
+        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<JwtBearerAuthenticationOptions> configure)
+        {
+            return services.ConfigureJwtBearerAuthentication(configure, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<JwtBearerAuthenticationOptions> configure, string optionsName)
+        {
+            return services.Configure(configure, optionsName);
+        }
+
+        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        {
+            return services.ConfigureJwtBearerAuthentication(config, optionsName: "");
+        }
+
+        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
+        {
+            return services.Configure<JwtBearerAuthenticationOptions>(config, optionsName);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj b/src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/Microsoft.AspNet.Authentication.OAuthBearer.xproj
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/AuthenticationChallengeNotification.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/AuthenticationChallengeNotification.cs
index f9a4b8b87f..4be4376c20 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/AuthenticationChallengeNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/AuthenticationChallengeNotification.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.OAuthBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     public class AuthenticationChallengeNotification<TOptions> : BaseNotification<TOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/JwtBearerAuthenticationNotifications.cs
similarity index 65%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/JwtBearerAuthenticationNotifications.cs
index 8dad8dca3a..06984332ad 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Notifications/OAuthBearerAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/JwtBearerAuthenticationNotifications.cs
@@ -6,19 +6,19 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 
 /// <summary>
-/// Specifies events which the <see cref="OAuthBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Authentication.OAuthBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
-    /// OAuth bearer token middleware provider
+    /// Jwt bearer token middleware provider
     /// </summary>
-    public class OAuthBearerAuthenticationNotifications
+    public class JwtBearerAuthenticationNotifications
     {
         /// <summary>
-        /// Initializes a new instance of the <see cref="OAuthBearerAuthenticationProvider"/> class
+        /// Initializes a new instance of the <see cref="JwtBearerAuthenticationProvider"/> class
         /// </summary>
-        public OAuthBearerAuthenticationNotifications()
+        public JwtBearerAuthenticationNotifications()
         {
             ApplyChallenge = notification => { notification.HttpContext.Response.Headers.Append("WWW-Authenticate", notification.Options.Challenge); return Task.FromResult(0); };
             AuthenticationFailed = notification => Task.FromResult(0);
@@ -30,26 +30,26 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
+        public Func<AuthenticationFailedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> MessageReceived { get; set; }
+        public Func<MessageReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> MessageReceived { get; set; }
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        public Func<SecurityTokenReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
+        public Func<SecurityTokenReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<SecurityTokenValidatedNotification<HttpContext, OAuthBearerAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
+        public Func<SecurityTokenValidatedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
 
         /// <summary>
         /// Invoked to apply a challenge sent back to the caller.
         /// </summary>
-        public Func<AuthenticationChallengeNotification<OAuthBearerAuthenticationOptions>, Task> ApplyChallenge { get; set; }
+        public Func<AuthenticationChallengeNotification<JwtBearerAuthenticationOptions>, Task> ApplyChallenge { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.Designer.cs
similarity index 95%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Resources.Designer.cs
index 27298f47d8..44a3ea8be5 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.Designer.cs
@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace Microsoft.AspNet.Authentication.OAuthBearer {
+namespace Microsoft.AspNet.Authentication.JwtBearer {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Jwt.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.resx b/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/Resources.resx
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
similarity index 95%
rename from src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
rename to src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 252d34bc99..048c770808 100644
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -1,6 +1,6 @@
 {
     "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to receive a OAuth bearer token.",
+    "description": "ASP.NET 5 middleware that enables an application to receive a Jwt bearer token.",
     "repository": {
         "type": "git",
         "url": "git://github.com/aspnet/security"
diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
deleted file mode 100644
index 76fb362d34..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.OAuthBearer;
-using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.Framework.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods to add OAuth Bearer authentication capabilities to an HTTP application pipeline
-    /// </summary>
-    public static class OAuthBearerServiceCollectionExtensions
-    {
-        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OAuthBearerAuthenticationOptions> configure)
-        {
-            return services.ConfigureOAuthBearerAuthentication(configure, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OAuthBearerAuthenticationOptions> configure, string optionsName)
-        {
-            return services.Configure(configure, optionsName);
-        }
-
-        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.ConfigureOAuthBearerAuthentication(config, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureOAuthBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<OAuthBearerAuthenticationOptions>(config, optionsName);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
similarity index 95%
rename from test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 2331c9816f..a6639e823c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -16,9 +16,9 @@ using Microsoft.Framework.DependencyInjection;
 using Shouldly;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.OAuthBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class OAuthBearerMiddlewareTests
+    public class JwtBearerMiddlewareTests
     {
         [Fact]
         public async Task BearerTokenValidation()
@@ -309,13 +309,13 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
             }
         }
 
-        private static TestServer CreateServer(Action<OAuthBearerAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(Action<JwtBearerAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler = null)
         {
             return TestServer.Create(app =>
             {
                 if (configureOptions != null)
                 {
-                    app.UseOAuthBearerAuthentication(configureOptions);
+                    app.UseJwtBearerAuthentication(configureOptions);
                 }
 
                 app.Use(async (context, next) =>
@@ -345,17 +345,17 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer
                     else if (context.Request.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
-                        var result = await context.Authentication.AuthenticateAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
-                        await context.Authentication.ChallengeAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme);
+                        var result = await context.Authentication.AuthenticateAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme);
+                        await context.Authentication.ChallengeAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme);
                     }
 
                     else if (context.Request.Path == new PathString("/signIn"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal()));
                     }
                     else if (context.Request.Path == new PathString("/signOut"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(OAuthBearerAuthenticationDefaults.AuthenticationScheme));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme));
                     }
                     else
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index c7f594c4fe..f2eb49c8e9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -6,8 +6,8 @@
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
         "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.OAuthBearer": "1.0.0-*",
         "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
         "Microsoft.AspNet.DataProtection": "1.0.0-*",

From bf2b771eabcccfd6317e50366d4869f66090b23c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 2 Sep 2015 14:13:16 -0700
Subject: [PATCH 308/900] React to Options, Configure => Add, Cookie changes

UseCookie now has an overload which takes an instance of CookieOptions
---
 samples/SocialSample/Startup.cs               |  2 +-
 .../CookieAppBuilderExtensions.cs             |  7 +--
 .../CookieAuthenticationOptions.cs            | 11 +++-
 .../CookieServiceCollectionExtensions.cs      | 18 ++-----
 .../FacebookAppBuilderExtensions.cs           |  7 +--
 .../FacebookServiceCollectionExtensions.cs    | 18 ++-----
 .../GoogleAppBuilderExtensions.cs             |  5 +-
 .../GoogleServiceCollectionExtensions.cs      | 18 ++-----
 .../JwtBearerAppBuilderExtensions.cs          |  5 +-
 .../JwtBearerServiceCollectionExtensions.cs   | 14 +-----
 .../MicrosoftAccountAppBuilderExtensions.cs   |  7 +--
 ...osoftAccountServiceCollectionExtensions.cs | 18 ++-----
 .../OAuthAuthenticationExtensions.cs          |  5 +-
 .../OAuthAuthenticationMiddleware.cs          |  2 +-
 .../OpenIdConnectAuthenticationExtensions.cs  |  7 +--
 .../OpenIdConnectAuthenticationMiddleware.cs  |  4 +-
 ...penIdConnectServiceCollectionExtensions.cs | 18 ++-----
 .../TwitterAppBuilderExtensions.cs            |  7 +--
 .../TwitterAuthenticationMiddleware.cs        |  2 +-
 .../TwitterServiceCollectionExtensions.cs     | 18 ++-----
 .../AuthenticationMiddleware.cs               |  8 +--
 ...thenticationServiceCollectionExtensions.cs |  6 +--
 ...laimsTransformationAppBuilderExtensions.cs | 16 +-----
 .../ClaimsTransformationMiddleware.cs         |  8 +--
 .../DefaultAuthorizationService.cs            |  2 +-
 .../ServiceCollectionExtensions.cs            |  9 +---
 .../Cookies/CookieMiddlewareTests.cs          |  6 +--
 .../Facebook/FacebookMiddlewareTests.cs       | 32 ++++++------
 .../Google/GoogleMiddlewareTests.cs           |  8 +--
 .../DefaultAuthorizationServiceTests.cs       | 50 +++++++++----------
 30 files changed, 109 insertions(+), 229 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index cad2f0a707..2721b5807e 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -26,7 +26,7 @@ namespace CookieSample
             {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             });
-            services.ConfigureClaimsTransformation(p =>
+            services.AddClaimsTransformation(p =>
             {
                 var id = new ClaimsIdentity("xform");
                 id.AddClaim(new Claim("ClaimsTransformation", "TransformAddedClaim"));
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index e125ecc162..5a79654253 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -20,13 +20,10 @@ namespace Microsoft.AspNet.Builder
         /// <param name="configureOptions">Used to configure the options for the middleware</param>
         /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions = null)
         {
             return app.UseMiddleware<CookieAuthenticationMiddleware>(
-                new ConfigureOptions<CookieAuthenticationOptions>(configureOptions ?? (o => { }))
-                {
-                    Name = optionsName
-                });
+                new ConfigureOptions<CookieAuthenticationOptions>(configureOptions ?? (o => { })));
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 468d07522b..52a4d82efc 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -5,13 +5,14 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Contains the options used by the CookiesAuthenticationMiddleware
     /// </summary>
-    public class CookieAuthenticationOptions : AuthenticationOptions
+    public class CookieAuthenticationOptions : AuthenticationOptions, IOptions<CookieAuthenticationOptions>
     {
         private string _cookieName;
 
@@ -146,5 +147,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// to the client. This can be used to mitigate potential problems with very large identities.
         /// </summary>
         public IAuthenticationSessionStore SessionStore { get; set; }
+
+        CookieAuthenticationOptions IOptions<CookieAuthenticationOptions>.Value
+        {
+            get
+            {
+                return this;
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index c55cb9d5f0..d609f12bde 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -13,24 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class CookieServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
+        public static IServiceCollection AddCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
         {
-            return services.ConfigureCookieAuthentication(configure, optionsName: "");
+            return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure, string optionsName)
+        public static IServiceCollection AddCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure(configure, optionsName);
-        }
-
-        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.ConfigureCookieAuthentication(config, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<CookieAuthenticationOptions>(config, optionsName);
+            return services.Configure<CookieAuthenticationOptions>(config);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 24e1e0726c..9c825e6715 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -18,13 +18,10 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookAuthenticationOptions> configureOptions = null)
         {
             return app.UseMiddleware<FacebookAuthenticationMiddleware>(
-                 new ConfigureOptions<FacebookAuthenticationOptions>(configureOptions ?? (o => { }))
-                 {
-                     Name = optionsName
-                 });
+                 new ConfigureOptions<FacebookAuthenticationOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
index 911dd18b81..3666f9ecf5 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -13,24 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class FacebookServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
+        public static IServiceCollection AddFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
         {
-            return services.ConfigureFacebookAuthentication(configure, optionsName: "");
+            return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure, string optionsName)
+        public static IServiceCollection AddFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure(configure, optionsName);
-        }
-
-        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.ConfigureFacebookAuthentication(config, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<FacebookAuthenticationOptions>(config, optionsName);
+            return services.Configure<FacebookAuthenticationOptions>(config);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index e00dcffddf..848e83df70 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -23,10 +23,7 @@ namespace Microsoft.AspNet.Builder
         public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<GoogleAuthenticationMiddleware>(
-                 new ConfigureOptions<GoogleAuthenticationOptions>(configureOptions ?? (o => { }))
-                 {
-                     Name = optionsName
-                 });
+                 new ConfigureOptions<GoogleAuthenticationOptions>(configureOptions ?? (o => { })));
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
index c5f7041e44..6b47398490 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
@@ -13,24 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class GoogleServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
+        public static IServiceCollection AddGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
         {
-            return services.ConfigureGoogleAuthentication(configure, optionsName: "");
+            return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure, string optionsName)
+        public static IServiceCollection AddGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure(configure, optionsName);
-        }
-
-        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.ConfigureGoogleAuthentication(config, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<GoogleAuthenticationOptions>(config, optionsName);
+            return services.Configure<GoogleAuthenticationOptions>(config);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 4b14d7ab78..6b73167d89 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -27,10 +27,7 @@ namespace Microsoft.AspNet.Builder
         public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerAuthenticationOptions> configureOptions = null, string optionsName = "")
         {
             return app.UseMiddleware<JwtBearerAuthenticationMiddleware>(
-                new ConfigureOptions<JwtBearerAuthenticationOptions>(configureOptions ?? (o => { }))
-                {
-                    Name = optionsName
-                });
+                new ConfigureOptions<JwtBearerAuthenticationOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
index f026908667..db7633bfe2 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
@@ -15,22 +15,12 @@ namespace Microsoft.Framework.DependencyInjection
     {
         public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<JwtBearerAuthenticationOptions> configure)
         {
-            return services.ConfigureJwtBearerAuthentication(configure, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<JwtBearerAuthenticationOptions> configure, string optionsName)
-        {
-            return services.Configure(configure, optionsName);
+            return services.Configure(configure);
         }
 
         public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.ConfigureJwtBearerAuthentication(config, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<JwtBearerAuthenticationOptions>(config, optionsName);
+            return services.ConfigureJwtBearerAuthentication(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index b7c1d0ca9a..0bb6dc905e 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -13,13 +13,10 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class MicrosoftAccountAuthenticationExtensions
     {
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountAuthenticationOptions> configureOptions = null)
         {
             return app.UseMiddleware<MicrosoftAccountAuthenticationMiddleware>(
-                 new ConfigureOptions<MicrosoftAccountAuthenticationOptions>(configureOptions ?? (o => { }))
-                 {
-                     Name = optionsName
-                 });
+                 new ConfigureOptions<MicrosoftAccountAuthenticationOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
index 86b68230d6..fb7d6ce3f1 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
@@ -13,24 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class MicrosoftAccountServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
+        public static IServiceCollection AddMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
         {
-            return services.ConfigureMicrosoftAccountAuthentication(configure, optionsName: "");
+            return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure, string optionsName)
+        public static IServiceCollection AddMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure(configure, optionsName);
-        }
-
-        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.ConfigureMicrosoftAccountAuthentication(config, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<MicrosoftAccountAuthenticationOptions>(config, optionsName);
+            return services.Configure<MicrosoftAccountAuthenticationOptions>(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
index fec82a735e..264cb831f4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
@@ -30,10 +30,7 @@ namespace Microsoft.AspNet.Builder
                     {
                         configureOptions(options);
                     }
-                }) 
-                {
-                    Name = authenticationScheme,
-                });
+                }));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 55ab6f1ab4..9590573c6a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -82,7 +82,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                Options.SignInScheme = sharedOptions.Options.SignInScheme;
+                Options.SignInScheme = sharedOptions.Value.SignInScheme;
             }
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
index c4a1961f10..001d583abe 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
@@ -18,13 +18,10 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectAuthenticationOptions> configureOptions = null)
         {
             return app.UseMiddleware<OpenIdConnectAuthenticationMiddleware>(
-                 new ConfigureOptions<OpenIdConnectAuthenticationOptions>(configureOptions ?? (o => { }))
-                 {
-                     Name = optionsName
-                 });
+                 new ConfigureOptions<OpenIdConnectAuthenticationOptions>(configureOptions ?? (o => { })));
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index b26fd1f5e8..fb714fb001 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -49,9 +49,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
-            if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(sharedOptions.Options.SignInScheme))
+            if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(sharedOptions.Value.SignInScheme))
             {
-                Options.SignInScheme = sharedOptions.Options.SignInScheme;
+                Options.SignInScheme = sharedOptions.Value.SignInScheme;
             }
 
             if (Options.HtmlEncoder == null)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
index 394ebe3f36..029ed08acc 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -13,24 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class OpenIdConnectServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure)
+        public static IServiceCollection AddOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure)
         {
-            return ConfigureOpenIdConnectAuthentication(services, configure, null);
+            return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure, string optionsName)
+        public static IServiceCollection AddOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure(configure, optionsName);
-        }
-
-        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return ConfigureOpenIdConnectAuthentication(services, config, null);
-        }
-
-        public static IServiceCollection ConfigureOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<OpenIdConnectAuthenticationOptions>(config, optionsName);
+            return services.Configure<OpenIdConnectAuthenticationOptions>(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 04e36058f0..15267d02ac 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -13,13 +13,10 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class TwitterAppBuilderExtensions
     {
-        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterAuthenticationOptions> configureOptions = null)
         {
             return app.UseMiddleware<TwitterAuthenticationMiddleware>(
-                 new ConfigureOptions<TwitterAuthenticationOptions>(configureOptions ?? (o => { }))
-                 {
-                     Name = optionsName
-                 });
+                 new ConfigureOptions<TwitterAuthenticationOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 30d4fe3e98..2f197896a0 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             if (string.IsNullOrEmpty(Options.SignInScheme))
             {
-                Options.SignInScheme = sharedOptions.Options.SignInScheme;
+                Options.SignInScheme = sharedOptions.Value.SignInScheme;
             }
             if (string.IsNullOrEmpty(Options.SignInScheme))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
index 553bd1ba88..75dc1465fe 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
@@ -13,24 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class TwitterAuthenticationExtensions
     {
-        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
+        public static IServiceCollection AddTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
         {
-            return services.ConfigureTwitterAuthentication(configure, optionsName: "");
+            return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure, string optionsName)
+        public static IServiceCollection AddTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure(configure, optionsName);
-        }
-
-        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.ConfigureTwitterAuthentication(config, optionsName: "");
-        }
-
-        public static IServiceCollection ConfigureTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config, string optionsName)
-        {
-            return services.Configure<TwitterAuthenticationOptions>(config, optionsName);
+            return services.Configure<TwitterAuthenticationOptions>(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index 7d83092a40..c0eee7e1a0 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -23,14 +23,10 @@ namespace Microsoft.AspNet.Authentication
             [NotNull] IUrlEncoder encoder,
             ConfigureOptions<TOptions> configureOptions)
         {
+            Options = options.Value;
             if (configureOptions != null)
             {
-                Options = options.GetNamedOptions(configureOptions.Name);
-                configureOptions.Configure(Options, configureOptions.Name);
-            }
-            else
-            {
-                Options = options.Options;
+                configureOptions.Configure(Options);
             }
             Logger = loggerFactory.CreateLogger(this.GetType().FullName);
             UrlEncoder = encoder;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index a2ccd6c976..9634fd97b7 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -24,17 +24,17 @@ namespace Microsoft.Framework.DependencyInjection
             return services.AddAuthentication();
         }
 
-        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
+        public static IServiceCollection AddClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
         {
             return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, ClaimsPrincipal> transform)
+        public static IServiceCollection AddClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, ClaimsPrincipal> transform)
         {
             return services.Configure<ClaimsTransformationOptions>(o => o.Transformer = new ClaimsTransformer { TransformSyncDelegate = transform });
         }
 
-        public static IServiceCollection ConfigureClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, Task<ClaimsPrincipal>> asyncTransform)
+        public static IServiceCollection AddClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, Task<ClaimsPrincipal>> asyncTransform)
         {
             return services.Configure<ClaimsTransformationOptions>(o => o.Transformer = new ClaimsTransformer { TransformAsyncDelegate = asyncTransform });
         }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index c18317f830..ff29ffdbe7 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -20,7 +20,7 @@ namespace Microsoft.AspNet.Builder
         /// <returns>The original app parameter</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app)
         {
-            return app.UseClaimsTransformation(configureOptions: o => { }, optionsName: string.Empty);
+            return app.UseClaimsTransformation(configureOptions: o => { });
         }
 
         /// <summary>
@@ -30,21 +30,9 @@ namespace Microsoft.AspNet.Builder
         /// <param name="configureOptions">Used to configure the options for the middleware</param>
         /// <returns>The original app parameter</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, [NotNull] Action<ClaimsTransformationOptions> configureOptions)
-        {
-            return app.UseClaimsTransformation(configureOptions: configureOptions, optionsName: string.Empty);
-        }
-
-        /// <summary>
-        /// Adds a claims transformation middleware to your web application pipeline.
-        /// </summary>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="configureOptions">Used to configure the options for the middleware</param>
-        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
-        /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, [NotNull] Action<ClaimsTransformationOptions> configureOptions, [NotNull] string optionsName)
         {
             return app.UseMiddleware<ClaimsTransformationMiddleware>(
-                new ConfigureOptions<ClaimsTransformationOptions>(configureOptions) { Name = optionsName });
+                new ConfigureOptions<ClaimsTransformationOptions>(configureOptions));
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index eb616d9fb9..9d7af5b448 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -18,14 +18,10 @@ namespace Microsoft.AspNet.Authentication
             [NotNull] IOptions<ClaimsTransformationOptions> options,
             ConfigureOptions<ClaimsTransformationOptions> configureOptions)
         {
+            Options = options.Value;
             if (configureOptions != null)
             {
-                Options = options.GetNamedOptions(configureOptions.Name);
-                configureOptions.Configure(Options, configureOptions.Name);
-            }
-            else
-            {
-                Options = options.Options;
+                configureOptions.Configure(Options);
             }
             _next = next;
         }
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index 522b9d3231..4095c623e7 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authorization
         public DefaultAuthorizationService(IOptions<AuthorizationOptions> options, IEnumerable<IAuthorizationHandler> handlers)
         {
             _handlers = handlers.ToArray();
-            _options = options.Options;
+            _options = options.Value;
         }
 
         public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index ecad6ff4b8..92f93fe1a3 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -10,11 +10,6 @@ namespace Microsoft.Framework.DependencyInjection
 {
     public static class ServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
         public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services)
         {
             services.AddOptions();
@@ -23,9 +18,9 @@ namespace Microsoft.Framework.DependencyInjection
             return services;
         }
 
-        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configureOptions)
+        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configure)
         {
-            services.ConfigureAuthorization(configureOptions);
+            services.Configure(configure);
             return services.AddAuthorization();
         }
     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index f438ff5802..139006b06e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -977,7 +977,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 if (claimsTransform != null)
                 {
-                    app.UseClaimsTransformation();
+                    app.UseClaimsTransformation(claimsTransform);
                 }
                 app.Use(async (context, next) =>
                 {
@@ -1033,10 +1033,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
             services =>
             {
                 services.AddAuthentication();
-                if (claimsTransform != null)
-                {
-                    services.ConfigureClaimsTransformation(claimsTransform);
-                }
             });
             server.BaseAddress = baseAddress;
             return server;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 7ebe9cd3c4..5cd06921a5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -35,8 +35,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 services =>
                 {
-                    services.AddAuthentication();
-                    services.ConfigureFacebookAuthentication(options =>
+                    services.AddAuthentication(options =>
+                    {
+                        options.SignInScheme = "External";
+                    });
+                    services.AddFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
@@ -48,15 +51,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
                             }
                         };
                     });
-                    services.ConfigureCookieAuthentication(options =>
+                    services.AddCookieAuthentication(options =>
                     {
                         options.AuthenticationScheme = "External";
                         options.AutomaticAuthentication = true;
                     });
-                    services.Configure<SharedAuthenticationOptions>(options =>
-                    {
-                        options.SignInScheme = "External";
-                    });
                 },
                 context =>
                 {
@@ -81,7 +80,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 services =>
                 {
                     services.AddAuthentication();
-                    services.ConfigureFacebookAuthentication(options =>
+                    services.AddFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
@@ -112,7 +111,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 services =>
                 {
                     services.AddAuthentication();
-                    services.ConfigureFacebookAuthentication(options =>
+                    services.AddFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
@@ -142,20 +141,19 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 services =>
                 {
-                    services.AddAuthentication();
-                    services.ConfigureFacebookAuthentication(options =>
+                    services.AddAuthentication(options =>
+                    {
+                        options.SignInScheme = "External";
+                    });
+                    services.AddFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
                     });
-                    services.ConfigureCookieAuthentication(options =>
+                    services.AddCookieAuthentication(options =>
                     {
                         options.AuthenticationScheme = "External";
                     });
-                    services.Configure<SharedAuthenticationOptions>(options =>
-                    {
-                        options.SignInScheme = "External";
-                    });
                 },
                 context =>
                 {
@@ -189,7 +187,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 services =>
                 {
                     services.AddAuthentication();
-                    services.ConfigureFacebookAuthentication(options =>
+                    services.AddFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index f75a97643a..e13b051462 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -600,12 +600,8 @@ namespace Microsoft.AspNet.Authentication.Google
             },
             services =>
             {
-                services.AddAuthentication();
-                services.Configure<SharedAuthenticationOptions>(options =>
-                {
-                    options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
-                });
-                services.ConfigureClaimsTransformation(p =>
+                services.AddAuthentication(options => options.SignInScheme = TestExtensions.CookieAuthenticationScheme);
+                services.AddClaimsTransformation(p =>
                 {
                     var id = new ClaimsIdentity("xform");
                     id.AddClaim(new Claim("xform", "yup"));
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index d67ff91637..41c1c79d62 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
@@ -58,7 +58,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
@@ -78,7 +78,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
@@ -105,7 +105,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
@@ -131,7 +131,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage", "CanViewAnything"));
                 });
@@ -157,7 +157,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
@@ -183,7 +183,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
@@ -207,7 +207,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
@@ -226,7 +226,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
@@ -246,7 +246,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
@@ -407,7 +407,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireRole("Admin", "Users"));
                 });
@@ -431,7 +431,7 @@ namespace Microsoft.AspNet.Authorization.Test
         {
             Assert.Throws<InvalidOperationException>(() => BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => { });
                 });
@@ -444,7 +444,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Hao", policy => policy.RequireUserName("Hao"));
                 });
@@ -470,7 +470,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Hao", policy => policy.RequireUserName("Hao"));
                 });
@@ -496,7 +496,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Hao", policy => policy.RequireUserName("Hao"));
                 });
@@ -518,7 +518,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Hao", policy => policy.RequireRole("Hao"));
                 });
@@ -540,7 +540,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Any", policy => policy.RequireAuthenticatedUser());
                 });
@@ -565,7 +565,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Any", policy => policy.RequireAuthenticatedUser());
                 });
@@ -594,7 +594,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
                 });
@@ -615,7 +615,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var authorizationService = BuildAuthorizationService(services =>
             {
                 services.AddTransient<IAuthorizationHandler, CustomHandler>();
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
                 });
@@ -654,7 +654,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Passthrough", policy => policy.Requirements.Add(new PassThroughRequirement(shouldSucceed)));
                 });
@@ -674,7 +674,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     var basePolicy = new AuthorizationPolicyBuilder().RequireClaim("Base", "Value").Build();
                     options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequireClaim("Claim", "Exists"));
@@ -702,7 +702,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     var basePolicy = new AuthorizationPolicyBuilder().RequireClaim("Base", "Value").Build();
                     options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequireClaim("Claim", "Exists"));
@@ -729,7 +729,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     var basePolicy = new AuthorizationPolicyBuilder().RequireClaim("Base", "Value").Build();
                     options.AddPolicy("Combined", policy => policy.Combine(basePolicy).RequireClaim("Claim", "Exists"));
@@ -835,7 +835,7 @@ namespace Microsoft.AspNet.Authorization.Test
         {
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.ConfigureAuthorization(options =>
+                services.AddAuthorization(options =>
                 {
                     options.AddPolicy("Basic", policy => policy.RequireDelegate((context, req) => context.Succeed(req)));
                 });

From 64c40addc657949b894a57dc03ced4bfbc376613 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Wed, 2 Sep 2015 15:34:49 -0700
Subject: [PATCH 309/900] Update project.json to have warningsAsErrors accept a
 bool.

---
 test/Microsoft.AspNet.Authentication.Test/project.json | 2 +-
 test/Microsoft.AspNet.Authorization.Test/project.json  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index f2eb49c8e9..2cb6265c78 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -1,6 +1,6 @@
 {
     "compilationOptions": {
-        "warningsAsErrors": "true"
+        "warningsAsErrors": true
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index 065ecb7d37..11667dc4e5 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -1,6 +1,6 @@
 {
     "compilationOptions": {
-        "warningsAsErrors": "true"
+        "warningsAsErrors": true
     },
     "dependencies": {
         "Microsoft.AspNet.Authorization": "1.0.0-*",

From 6915db67f2c071742814afde0ec9e877402e6812 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Wed, 2 Sep 2015 15:54:25 -0700
Subject: [PATCH 310/900] Update tests to properly return tasks.

- Fixes errors caused by `"warningsAsErrors": true`
---
 ...dConnectAuthenticationHandlerForTestingAuthenticate.cs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
index 46c6d6f131..bf6d128c5e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
@@ -27,14 +27,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return await base.HandleUnauthorizedAsync(context);
         }
 
-        protected override async Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
+        protected override Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
         {
             var jsonResponse = new JObject();
             jsonResponse.Add(OpenIdConnectParameterNames.IdToken, "test token");
-            return new OpenIdConnectTokenEndpointResponse(jsonResponse);
+            return Task.FromResult(new OpenIdConnectTokenEndpointResponse(jsonResponse));
         }
 
-        protected override async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, OpenIdConnectMessage message, AuthenticationTicket ticket)
+        protected override Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, OpenIdConnectMessage message, AuthenticationTicket ticket)
         {
             var claimsIdentity = (ClaimsIdentity)ticket.Principal.Identity;
             if (claimsIdentity == null)
@@ -42,7 +42,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 claimsIdentity = new ClaimsIdentity();
             }
             claimsIdentity.AddClaim(new Claim("test claim", "test value"));
-            return new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), ticket.Properties, ticket.AuthenticationScheme);
+            return Task.FromResult(new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), ticket.Properties, ticket.AuthenticationScheme));
         }
     }
 }

From 4b1f710c397390bc76a56a1aa33f2f5891159dc8 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 1 Sep 2015 09:48:59 -0700
Subject: [PATCH 311/900] #415 Use a cross-platform friendly HttpClient for
 CoreCLR.

---
 .../JwtBearerAuthenticationMiddleware.cs                   | 2 +-
 src/Microsoft.AspNet.Authentication.JwtBearer/project.json | 2 +-
 .../project.json                                           | 7 +------
 .../OAuthAuthenticationMiddleware.cs                       | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/project.json     | 2 +-
 .../OpenIdConnectAuthenticationMiddleware.cs               | 2 +-
 .../project.json                                           | 2 +-
 .../TwitterAuthenticationMiddleware.cs                     | 2 +-
 src/Microsoft.AspNet.Authentication.Twitter/project.json   | 2 +-
 9 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
index 973c6f80d0..0365b5e7b4 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
@@ -99,7 +99,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
             }
 #else
-            new WinHttpHandler();
+            new HttpClientHandler();
 #endif
             return handler;
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 048c770808..97fbbb5e5d 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -19,7 +19,7 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
+                "System.Net.Http": "4.0.1-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index ddf5d2dfe2..bcc6b3df0c 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -11,11 +11,6 @@
     },
     "frameworks": {
         "dnx451": { },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Dynamic.Runtime": "4.0.11-beta-*",
-                "System.ObjectModel": "4.0.11-beta-*"
-            }
-        }
+        "dnxcore50": { }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 9590573c6a..a9f326f8c3 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -115,7 +115,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
             }
 #else
-                new WinHttpHandler();
+                new HttpClientHandler();
 #endif
             return handler;
         }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index abe2427c19..5dc4078287 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -19,7 +19,7 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
+                "System.Net.Http": "4.0.1-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index fb714fb001..d7d1ea45d3 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -167,7 +167,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
             }
 #else
-                new WinHttpHandler();
+                new HttpClientHandler();
 #endif
             return handler;
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 00703fdac4..3165bdeba1 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -21,7 +21,7 @@
         "dnxcore50": {
             "dependencies": {
                 "System.Collections.Specialized": "4.0.1-beta-*",
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
+                "System.Net.Http": "4.0.1-beta-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 2f197896a0..79bcef9c8c 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -109,7 +109,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
             }
 #else
-                new WinHttpHandler();
+                new HttpClientHandler();
 #endif
             return handler;
         }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index 6818942e39..a567a377a8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -18,7 +18,7 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Net.Http.WinHttpHandler": "4.0.0-beta-*"
+                "System.Net.Http": "4.0.1-beta-*"
             }
         }
     }

From 0f115f1fda8dfee602a7f8e9629fa68c44bfaff3 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Sep 2015 11:35:18 -0700
Subject: [PATCH 312/900] #307 Assume notifications are not null.

---
 .../OpenIdConnectAuthenticationHandler.cs     | 80 +++++++++----------
 1 file changed, 37 insertions(+), 43 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 138873c03b..9f3bc48317 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -89,27 +89,24 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
                 }
 
-                if (Options.Notifications.RedirectToIdentityProvider != null)
+                var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
-                    var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                    {
-                        ProtocolMessage = message
-                    };
+                    ProtocolMessage = message
+                };
 
-                    await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
-                    if (redirectToIdentityProviderNotification.HandledResponse)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
-                        return;
-                    }
-                    else if (redirectToIdentityProviderNotification.Skipped)
-                    {
-                        Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
-                        return;
-                    }
-
-                    message = redirectToIdentityProviderNotification.ProtocolMessage;
+                await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
+                if (redirectToIdentityProviderNotification.HandledResponse)
+                {
+                    Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                    return;
                 }
+                else if (redirectToIdentityProviderNotification.Skipped)
+                {
+                    Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                    return;
+                }
+
+                message = redirectToIdentityProviderNotification.ProtocolMessage;
 
                 if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.RedirectGet)
                 {
@@ -223,33 +220,30 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
             }
 
-            if (Options.Notifications.RedirectToIdentityProvider != null)
+            var redirectToIdentityProviderNotification =
+                new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                {
+                    ProtocolMessage = message
+                };
+
+            await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
+            if (redirectToIdentityProviderNotification.HandledResponse)
             {
-                var redirectToIdentityProviderNotification =
-                    new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                    {
-                        ProtocolMessage = message
-                    };
-
-                await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
-                if (redirectToIdentityProviderNotification.HandledResponse)
-                {
-                    Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
-                    return true;
-                }
-                else if (redirectToIdentityProviderNotification.Skipped)
-                {
-                    Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
-                    return false;
-                }
-
-                if (!string.IsNullOrEmpty(redirectToIdentityProviderNotification.ProtocolMessage.State))
-                {
-                    properties.Items[OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey] = redirectToIdentityProviderNotification.ProtocolMessage.State;
-                }
-
-                message = redirectToIdentityProviderNotification.ProtocolMessage;
+                Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                return true;
             }
+            else if (redirectToIdentityProviderNotification.Skipped)
+            {
+                Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                return false;
+            }
+
+            if (!string.IsNullOrEmpty(redirectToIdentityProviderNotification.ProtocolMessage.State))
+            {
+                properties.Items[OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey] = redirectToIdentityProviderNotification.ProtocolMessage.State;
+            }
+
+            message = redirectToIdentityProviderNotification.ProtocolMessage;
 
             var redirectUriForCode = message.RedirectUri;
             if (string.IsNullOrEmpty(redirectUriForCode))

From d3ad11a753e40be48415c570bf0d9c3f44a60cbe Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Sep 2015 14:09:29 -0700
Subject: [PATCH 313/900] #47 Rename Notifications to Events and Contexts.

---
 samples/SocialSample/Startup.cs               |  26 +--
 .../CookieAuthenticationHandler.cs            |  26 +--
 .../CookieAuthenticationMiddleware.cs         |   4 +-
 .../CookieAuthenticationOptions.cs            |   6 +-
 .../CookieApplyRedirectContext.cs             |   0
 .../CookieAuthenticationEvents.cs}            |   8 +-
 .../CookieExceptionContext.cs                 |   0
 .../CookieResponseSignInContext.cs            |   0
 .../CookieResponseSignOutContext.cs           |   0
 .../CookieResponseSignedInContext.cs          |   2 +-
 .../CookieValidateIdentityContext.cs          |   0
 .../ICookieAuthenticationEvents.cs}           |   2 +-
 .../FacebookAuthenticationHandler.cs          |   6 +-
 .../GoogleAuthenticationHandler.cs            |   6 +-
 .../AuthenticationChallengeContext.cs}        |   4 +-
 .../JwtBearerAuthenticationEvents.cs}         |  24 +-
 .../JwtBearerAuthenticationHandler.cs         |  54 ++---
 .../JwtBearerAuthenticationMiddleware.cs      |   4 +-
 .../JwtBearerAuthenticationOptions.cs         |   4 +-
 .../MicrosoftAccountAuthenticationHandler.cs  |   6 +-
 .../BaseValidatingContext.cs                  |   0
 .../BaseValidatingTicketContext.cs            |   0
 .../IOAuthAuthenticationEvents.cs}            |   4 +-
 .../OAuthApplyRedirectContext.cs              |   0
 .../OAuthAuthenticatedContext.cs              |   0
 .../OAuthAuthenticationEvents.cs}             |   6 +-
 .../OAuthChallengeContext.cs                  |   0
 .../OAuthRequestTokenContext.cs               |   0
 .../OAuthReturnEndpointContext.cs             |   0
 .../OAuthAuthenticationHandler.cs             |  12 +-
 .../OAuthAuthenticationMiddleware.cs          |   4 +-
 .../OAuthAuthenticationOptions.cs             |   6 +-
 .../AuthorizationCodeReceivedContext.cs}      |   8 +-
 .../AuthorizationCodeRedeemedContext.cs}      |   8 +-
 .../OpenIdConnectAuthenticationEvents.cs      |  64 ++++++
 ...penIdConnectAuthenticationNotifications.cs |  65 ------
 .../OpenIdConnectAuthenticationHandler.cs     | 208 +++++++++---------
 .../OpenIdConnectAuthenticationMiddleware.cs  |   6 +-
 .../OpenIdConnectAuthenticationOptions.cs     |   4 +-
 .../ITwitterAuthenticationEvents.cs}          |   2 +-
 .../TwitterApplyRedirectContext.cs            |   0
 .../TwitterAuthenticatedContext.cs            |   0
 .../TwitterAuthenticationEvents.cs}           |   8 +-
 .../TwitterReturnEndpointContext.cs           |   0
 .../TwitterAuthenticationHandler.cs           |  12 +-
 .../TwitterAuthenticationMiddleware.cs        |   4 +-
 .../TwitterAuthenticationOptions.cs           |   4 +-
 .../AuthenticationFailedContext.cs}           |   4 +-
 .../{Notifications => Events}/BaseContext.cs  |   0
 .../BaseContext`1.cs                          |   0
 .../BaseControlContext.cs}                    |  16 +-
 .../EndpointContext.cs                        |   0
 .../EndpointContext`1.cs                      |   0
 .../EventResultState.cs}                      |   2 +-
 .../MessageReceivedContext.cs}                |   4 +-
 .../RedirectFromIdentityProviderContext.cs}   |   4 +-
 .../RedirectToIdentityProviderContext.cs}     |   6 +-
 .../ReturnEndpointContext.cs                  |   0
 .../SecurityTokenReceivedContext.cs}          |   4 +-
 .../SecurityTokenValidatedContext.cs}         |   4 +-
 .../Cookies/CookieMiddlewareTests.cs          |  10 +-
 .../Facebook/FacebookMiddlewareTests.cs       |   2 +-
 .../Google/GoogleMiddlewareTests.cs           |   6 +-
 .../JwtBearer/JwtBearerMiddlewareTests.cs     |  58 ++---
 .../MicrosoftAccountMiddlewareTests.cs        |   4 +-
 .../OpenIdConnectHandlerTests.cs              | 124 +++++------
 .../OpenIdConnectMiddlewareTests.cs           |  38 ++--
 .../Twitter/TwitterMiddlewareTests.cs         |   2 +-
 68 files changed, 446 insertions(+), 449 deletions(-)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications => Events}/CookieApplyRedirectContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications/CookieAuthenticationNotifications.cs => Events/CookieAuthenticationEvents.cs} (94%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications => Events}/CookieExceptionContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications => Events}/CookieResponseSignInContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications => Events}/CookieResponseSignOutContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications => Events}/CookieResponseSignedInContext.cs (95%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications => Events}/CookieValidateIdentityContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{Notifications/ICookieAuthenticationNotifications.cs => Events/ICookieAuthenticationEvents.cs} (98%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{Notifications/AuthenticationChallengeNotification.cs => Events/AuthenticationChallengeContext.cs} (58%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{Notifications/JwtBearerAuthenticationNotifications.cs => Events/JwtBearerAuthenticationEvents.cs} (53%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications => Events}/BaseValidatingContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications => Events}/BaseValidatingTicketContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications/IOAuthAuthenticationNotifications.cs => Events/IOAuthAuthenticationEvents.cs} (89%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications => Events}/OAuthApplyRedirectContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications => Events}/OAuthAuthenticatedContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications/OAuthAuthenticationNotifications.cs => Events/OAuthAuthenticationEvents.cs} (91%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications => Events}/OAuthChallengeContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications => Events}/OAuthRequestTokenContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{Notifications => Events}/OAuthReturnEndpointContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{Notifications/AuthorizationCodeReceivedNotification.cs => Events/AuthorizationCodeReceivedContext.cs} (75%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{Notifications/AuthorizationCodeRedeemedNotification.cs => Events/AuthorizationCodeRedeemedContext.cs} (65%)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
 rename src/Microsoft.AspNet.Authentication.Twitter/{Notifications/ITwitterAuthenticationNotifications.cs => Events/ITwitterAuthenticationEvents.cs} (96%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{Notifications => Events}/TwitterApplyRedirectContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{Notifications => Events}/TwitterAuthenticatedContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{Notifications/TwitterAuthenticationNotifications.cs => Events/TwitterAuthenticationEvents.cs} (90%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{Notifications => Events}/TwitterReturnEndpointContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/AuthenticationFailedNotification.cs => Events/AuthenticationFailedContext.cs} (64%)
 rename src/Microsoft.AspNet.Authentication/{Notifications => Events}/BaseContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication/{Notifications => Events}/BaseContext`1.cs (100%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/BaseNotification.cs => Events/BaseControlContext.cs} (67%)
 rename src/Microsoft.AspNet.Authentication/{Notifications => Events}/EndpointContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication/{Notifications => Events}/EndpointContext`1.cs (100%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/NotificationResultState.cs => Events/EventResultState.cs} (94%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/MessageReceivedNotification.cs => Events/MessageReceivedContext.cs} (72%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/RedirectFromIdentityProviderNotification.cs => Events/RedirectFromIdentityProviderContext.cs} (70%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/RedirectToIdentityProviderNotification.cs => Events/RedirectToIdentityProviderContext.cs} (68%)
 rename src/Microsoft.AspNet.Authentication/{Notifications => Events}/ReturnEndpointContext.cs (100%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/SecurityTokenReceivedNotification.cs => Events/SecurityTokenReceivedContext.cs} (64%)
 rename src/Microsoft.AspNet.Authentication/{Notifications/SecurityTokenValidatedNotification.cs => Events/SecurityTokenValidatedContext.cs} (60%)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 2721b5807e..47672d4b03 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -135,16 +135,16 @@ namespace CookieSample
                 options.ClaimsIssuer = "OAuth2-Github";
                 options.SaveTokensAsClaims = false;
                 // Retrieving user information is unique to each provider.
-                options.Notifications = new OAuthAuthenticationNotifications
+                options.Events = new OAuthAuthenticationEvents
                 {
-                    OnAuthenticated = async notification =>
+                    OnAuthenticated = async context =>
                     {
                         // Get the GitHub user
-                        var request = new HttpRequestMessage(HttpMethod.Get, notification.Options.UserInformationEndpoint);
-                        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", notification.AccessToken);
+                        var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
+                        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
                         request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
 
-                        var response = await notification.Backchannel.SendAsync(request, notification.HttpContext.RequestAborted);
+                        var response = await context.Backchannel.SendAsync(request, context.HttpContext.RequestAborted);
                         response.EnsureSuccessStatusCode();
 
                         var user = JObject.Parse(await response.Content.ReadAsStringAsync());
@@ -152,33 +152,33 @@ namespace CookieSample
                         var identifier = user.Value<string>("id");
                         if (!string.IsNullOrEmpty(identifier))
                         {
-                            notification.Identity.AddClaim(new Claim(
+                            context.Identity.AddClaim(new Claim(
                                 ClaimTypes.NameIdentifier, identifier,
-                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
+                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
 
                         var userName = user.Value<string>("login");
                         if (!string.IsNullOrEmpty(userName))
                         {
-                            notification.Identity.AddClaim(new Claim(
+                            context.Identity.AddClaim(new Claim(
                                 ClaimsIdentity.DefaultNameClaimType, userName,
-                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
+                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
 
                         var name = user.Value<string>("name");
                         if (!string.IsNullOrEmpty(name))
                         {
-                            notification.Identity.AddClaim(new Claim(
+                            context.Identity.AddClaim(new Claim(
                                 "urn:github:name", name,
-                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
+                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
 
                         var link = user.Value<string>("url");
                         if (!string.IsNullOrEmpty(link))
                         {
-                            notification.Identity.AddClaim(new Claim(
+                            context.Identity.AddClaim(new Claim(
                                 "urn:github:url", link,
-                                ClaimValueTypes.String, notification.Options.ClaimsIssuer));
+                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                     },
                 };
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index d04af10481..95c4bec019 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -114,7 +114,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 }
 
                 var context = new CookieValidatePrincipalContext(Context, ticket, Options);
-                await Options.Notifications.ValidatePrincipal(context);
+                await Options.Events.ValidatePrincipal(context);
 
                 if (context.Principal == null)
                 {
@@ -132,7 +132,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.Authenticate, exception, ticket);
-                Options.Notifications.Exception(exceptionContext);
+                Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -210,7 +210,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.FinishResponse, exception, ticket);
-                Options.Notifications.Exception(exceptionContext);
+                Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -249,7 +249,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
                 }
 
-                Options.Notifications.ResponseSignIn(signInContext);
+                Options.Events.ResponseSignIn(signInContext);
 
                 if (signInContext.Properties.IsPersistent)
                 {
@@ -286,7 +286,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     signInContext.Principal,
                     signInContext.Properties);
 
-                Options.Notifications.ResponseSignedIn(signedInContext);
+                Options.Events.ResponseSignedIn(signedInContext);
 
                 var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
                 ApplyHeaders(shouldLoginRedirect);
@@ -295,7 +295,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.SignIn, exception, ticket);
-                Options.Notifications.Exception(exceptionContext);
+                Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -319,7 +319,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Options,
                     cookieOptions);
 
-                Options.Notifications.ResponseSignOut(context);
+                Options.Events.ResponseSignOut(context);
 
                 Options.CookieManager.DeleteCookie(
                     Context,
@@ -333,7 +333,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.SignOut, exception, ticket);
-                Options.Notifications.Exception(exceptionContext);
+                Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -355,7 +355,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     && IsHostRelative(redirectUri))
                 {
                     var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
-                    Options.Notifications.ApplyRedirect(redirectContext);
+                    Options.Events.ApplyRedirect(redirectContext);
                 }
             }
         }
@@ -385,13 +385,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Options.AccessDeniedPath;
 
                 var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
-                Options.Notifications.ApplyRedirect(redirectContext);
+                Options.Events.ApplyRedirect(redirectContext);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.Forbidden, exception, ticket: null);
-                Options.Notifications.Exception(exceptionContext);
+                Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -412,13 +412,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
                 var redirectContext = new CookieApplyRedirectContext(Context, Options, BuildRedirectUri(loginUri));
-                Options.Notifications.ApplyRedirect(redirectContext);
+                Options.Events.ApplyRedirect(redirectContext);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.Unauthorized, exception, ticket: null);
-                Options.Notifications.Exception(exceptionContext);
+                Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 6765e4d815..d7de7fbecd 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -22,9 +22,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             ConfigureOptions<CookieAuthenticationOptions> configureOptions)
             : base(next, options, loggerFactory, urlEncoder, configureOptions)
         {
-            if (Options.Notifications == null)
+            if (Options.Events == null)
             {
-                Options.Notifications = new CookieAuthenticationNotifications();
+                Options.Events = new CookieAuthenticationEvents();
             }
             if (String.IsNullOrEmpty(Options.CookieName))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 52a4d82efc..b8743d1843 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             CookieHttpOnly = true;
             CookieSecure = CookieSecureOption.SameAsRequest;
             SystemClock = new SystemClock();
-            Notifications = new CookieAuthenticationNotifications();
+            Events = new CookieAuthenticationEvents();
         }
 
         /// <summary>
@@ -116,10 +116,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         /// <summary>
         /// The Provider may be assigned to an instance of an object created by the application at startup time. The middleware
-        /// calls methods on the provider which give the application control at certain points where processing is occuring. 
+        /// calls methods on the provider which give the application control at certain points where processing is occurring. 
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
-        public ICookieAuthenticationNotifications Notifications { get; set; }
+        public ICookieAuthenticationEvents Events { get; set; }
 
         /// <summary>
         /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieApplyRedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieApplyRedirectContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
similarity index 94%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 57218a9ad9..cbe3a71711 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -7,16 +7,16 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
-    /// This default implementation of the ICookieAuthenticationNotifications may be used if the 
+    /// This default implementation of the ICookieAuthenticationEvents may be used if the 
     /// application only needs to override a few of the interface methods. This may be used as a base class
     /// or may be instantiated directly.
     /// </summary>
-    public class CookieAuthenticationNotifications : ICookieAuthenticationNotifications
+    public class CookieAuthenticationEvents : ICookieAuthenticationEvents
     {
         /// <summary>
-        /// Create a new instance of the default notifications.
+        /// Create a new instance of the default events.
         /// </summary>
-        public CookieAuthenticationNotifications()
+        public CookieAuthenticationEvents()
         {
             OnValidatePrincipal = context => Task.FromResult(0);
             OnResponseSignIn = context => { };
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieExceptionContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieExceptionContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieExceptionContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignInContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignInContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignInContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignOutContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignOutContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignOutContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignedInContext.cs
similarity index 95%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignedInContext.cs
index 725a900544..a6a5c3469e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieResponseSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignedInContext.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNet.Http.Authentication;
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationNotifications method ResponseSignedIn.
+    /// Context object passed to the ICookieAuthenticationEvents method ResponseSignedIn.
     /// </summary>    
     public class CookieResponseSignedInContext : BaseContext<CookieAuthenticationOptions>
     {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidateIdentityContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/CookieValidateIdentityContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidateIdentityContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
similarity index 98%
rename from src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
index 365396a924..b4caf0b556 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Notifications/ICookieAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Specifies callback methods which the <see cref="CookieAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
     /// </summary>
-    public interface ICookieAuthenticationNotifications
+    public interface ICookieAuthenticationEvents
     {
         /// <summary>
         /// Called each time a request principal has been validated by the middleware. By implementing this method the
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
index 52e7b10371..8f3d343b46 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
             
-            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
+            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
             {
                 Properties = properties,
                 Principal = new ClaimsPrincipal(identity)
@@ -104,9 +104,9 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            await Options.Notifications.Authenticated(notification);
+            await Options.Events.Authenticated(context);
 
-            return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme);
+            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
 
         private string GenerateAppSecretProof(string accessToken)
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
index 986338fd1c..7d55c5e676 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
@@ -32,7 +32,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
             
-            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
+            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
             {
                 Properties = properties,
                 Principal = new ClaimsPrincipal(identity)
@@ -74,9 +74,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            await Options.Notifications.Authenticated(notification);
+            await Options.Events.Authenticated(context);
 
-            return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme);
+            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
 
         // TODO: Abstract this properties override pattern into the base class?
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/AuthenticationChallengeNotification.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
similarity index 58%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/AuthenticationChallengeNotification.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
index 4be4376c20..58829ba879 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/AuthenticationChallengeNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationChallengeNotification<TOptions> : BaseNotification<TOptions>
+    public class AuthenticationChallengeContext<TOptions> : BaseControlContext<TOptions>
     {
-        public AuthenticationChallengeNotification(HttpContext context, TOptions options) : base(context, options)
+        public AuthenticationChallengeContext(HttpContext context, TOptions options) : base(context, options)
         {
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/JwtBearerAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
similarity index 53%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/JwtBearerAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
index 06984332ad..e2d1f500f3 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Notifications/JwtBearerAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
@@ -13,43 +13,43 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     /// <summary>
     /// Jwt bearer token middleware provider
     /// </summary>
-    public class JwtBearerAuthenticationNotifications
+    public class JwtBearerAuthenticationEvents
     {
         /// <summary>
         /// Initializes a new instance of the <see cref="JwtBearerAuthenticationProvider"/> class
         /// </summary>
-        public JwtBearerAuthenticationNotifications()
+        public JwtBearerAuthenticationEvents()
         {
-            ApplyChallenge = notification => { notification.HttpContext.Response.Headers.Append("WWW-Authenticate", notification.Options.Challenge); return Task.FromResult(0); };
-            AuthenticationFailed = notification => Task.FromResult(0);
-            MessageReceived = notification => Task.FromResult(0);
-            SecurityTokenReceived = notification => Task.FromResult(0);
-            SecurityTokenValidated = notification => Task.FromResult(0);
+            ApplyChallenge = context => { context.HttpContext.Response.Headers.Append("WWW-Authenticate", context.Options.Challenge); return Task.FromResult(0); };
+            AuthenticationFailed = context => Task.FromResult(0);
+            MessageReceived = context => Task.FromResult(0);
+            SecurityTokenReceived = context => Task.FromResult(0);
+            SecurityTokenValidated = context => Task.FromResult(0);
         }
 
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
+        public Func<AuthenticationFailedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> MessageReceived { get; set; }
+        public Func<MessageReceivedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> MessageReceived { get; set; }
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        public Func<SecurityTokenReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
+        public Func<SecurityTokenReceivedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<SecurityTokenValidatedNotification<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
+        public Func<SecurityTokenValidatedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
 
         /// <summary>
         /// Invoked to apply a challenge sent back to the caller.
         /// </summary>
-        public Func<AuthenticationChallengeNotification<JwtBearerAuthenticationOptions>, Task> ApplyChallenge { get; set; }
+        public Func<AuthenticationChallengeContext<JwtBearerAuthenticationOptions>, Task> ApplyChallenge { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
index 6b740c5d0b..74edec3f67 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
@@ -27,26 +27,26 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             try
             {
                 // Give application opportunity to find from a different location, adjust, or reject token
-                var messageReceivedNotification =
-                    new MessageReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
+                var messageReceivedContext =
+                    new MessageReceivedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                     {
                         ProtocolMessage = Context,
                     };
 
-                // notification can set the token
-                await Options.Notifications.MessageReceived(messageReceivedNotification);
-                if (messageReceivedNotification.HandledResponse)
+                // event can set the token
+                await Options.Events.MessageReceived(messageReceivedContext);
+                if (messageReceivedContext.HandledResponse)
                 {
-                    return messageReceivedNotification.AuthenticationTicket;
+                    return messageReceivedContext.AuthenticationTicket;
                 }
 
-                if (messageReceivedNotification.Skipped)
+                if (messageReceivedContext.Skipped)
                 {
                     return null;
                 }
 
                 // If application retrieved token from somewhere else, use that.
-                token = messageReceivedNotification.Token;
+                token = messageReceivedContext.Token;
 
                 if (string.IsNullOrEmpty(token))
                 {
@@ -71,20 +71,20 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 }
 
                 // notify user token was received
-                var securityTokenReceivedNotification =
-                    new SecurityTokenReceivedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
+                var securityTokenReceivedContext =
+                    new SecurityTokenReceivedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = Context,
                     SecurityToken = token,
                 };
 
-                await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
-                if (securityTokenReceivedNotification.HandledResponse)
+                await Options.Events.SecurityTokenReceived(securityTokenReceivedContext);
+                if (securityTokenReceivedContext.HandledResponse)
                 {
-                    return securityTokenReceivedNotification.AuthenticationTicket;
+                    return securityTokenReceivedContext.AuthenticationTicket;
                 }
 
-                if (securityTokenReceivedNotification.Skipped)
+                if (securityTokenReceivedContext.Skipped)
                 {
                     return null;
                 }
@@ -117,19 +117,19 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         var principal = validator.ValidateToken(token, validationParameters, out validatedToken);
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
-                        var securityTokenValidatedNotification = new SecurityTokenValidatedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
+                        var securityTokenValidatedContext = new SecurityTokenValidatedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                         {
                             ProtocolMessage = Context,
                             AuthenticationTicket = ticket
                         };
 
-                        await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
-                        if (securityTokenValidatedNotification.HandledResponse)
+                        await Options.Events.SecurityTokenValidated(securityTokenValidatedContext);
+                        if (securityTokenValidatedContext.HandledResponse)
                         {
-                            return securityTokenValidatedNotification.AuthenticationTicket;
+                            return securityTokenValidatedContext.AuthenticationTicket;
                         }
 
-                        if (securityTokenValidatedNotification.Skipped)
+                        if (securityTokenValidatedContext.Skipped)
                         {
                             return null;
                         }
@@ -144,26 +144,26 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 Logger.LogError("Exception occurred while processing message", ex);
 
-                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
                 if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
                     Options.ConfigurationManager.RequestRefresh();
                 }
 
-                var authenticationFailedNotification =
-                    new AuthenticationFailedNotification<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
+                var authenticationFailedContext =
+                    new AuthenticationFailedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
                     {
                         ProtocolMessage = Context,
                         Exception = ex
                     };
 
-                await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
-                if (authenticationFailedNotification.HandledResponse)
+                await Options.Events.AuthenticationFailed(authenticationFailedContext);
+                if (authenticationFailedContext.HandledResponse)
                 {
-                    return authenticationFailedNotification.AuthenticationTicket;
+                    return authenticationFailedContext.AuthenticationTicket;
                 }
 
-                if (authenticationFailedNotification.Skipped)
+                if (authenticationFailedContext.Skipped)
                 {
                     return null;
                 }
@@ -175,7 +175,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             Response.StatusCode = 401;
-            await Options.Notifications.ApplyChallenge(new AuthenticationChallengeNotification<JwtBearerAuthenticationOptions>(Context, Options));
+            await Options.Events.ApplyChallenge(new AuthenticationChallengeContext<JwtBearerAuthenticationOptions>(Context, Options));
             return false;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
index 0365b5e7b4..1cd69a7656 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
@@ -34,9 +34,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             ConfigureOptions<JwtBearerAuthenticationOptions> configureOptions)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
-            if (Options.Notifications == null)
+            if (Options.Events == null)
             {
-                Options.Notifications = new JwtBearerAuthenticationNotifications();
+                Options.Events = new JwtBearerAuthenticationEvents();
             }
 
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
index 8e9c51e8b3..07d0859f20 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
@@ -49,10 +49,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
         /// <summary>
         /// The object provided by the application to process events raised by the bearer authentication middleware.
-        /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationProvider
+        /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public JwtBearerAuthenticationNotifications Notifications { get; set; } = new JwtBearerAuthenticationNotifications();
+        public JwtBearerAuthenticationEvents Events { get; set; } = new JwtBearerAuthenticationEvents();
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
index 1c03b51183..4cec337008 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
             
-            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
+            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
             {
                 Properties = properties,
                 Principal = new ClaimsPrincipal(identity)
@@ -54,9 +54,9 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
                 identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            await Options.Notifications.Authenticated(notification);
+            await Options.Events.Authenticated(context);
 
-            return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme);
+            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/BaseValidatingTicketContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingTicketContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
index 522f1cb162..5f402aa072 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/IOAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
@@ -10,11 +10,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Specifies callback methods which the <see cref="OAuthAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IOAuthAuthenticationNotifications
+    public interface IOAuthAuthenticationEvents
     {
         /// <summary>
         /// Invoked after the provider successfully authenticates a user. This can be used to retrieve user information.
-        /// This notification may not be invoked by sub-classes of OAuthAuthenticationHandler if they override CreateTicketAsync.
+        /// This event may not be invoked by sub-classes of OAuthAuthenticationHandler if they override CreateTicketAsync.
         /// </summary>
         /// <param name="context">Contains information about the login session.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticationEvents.cs
similarity index 91%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticationEvents.cs
index 9716b14015..e2002bc8b4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticationEvents.cs
@@ -2,16 +2,14 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
-    /// Default <see cref="IOAuthAuthenticationNotifications"/> implementation.
+    /// Default <see cref="IOAuthAuthenticationEvents"/> implementation.
     /// </summary>
-    public class OAuthAuthenticationNotifications : IOAuthAuthenticationNotifications
+    public class OAuthAuthenticationEvents : IOAuthAuthenticationEvents
     {
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthChallengeContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthChallengeContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthChallengeContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRequestTokenContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthRequestTokenContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRequestTokenContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Notifications/OAuthReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
index 94f58ac466..a913531e28 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
@@ -57,7 +57,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             };
             ticket.Properties.RedirectUri = null;
 
-            await Options.Notifications.ReturnEndpoint(context);
+            await Options.Events.ReturnEndpoint(context);
 
             if (context.SignInScheme != null && context.Principal != null)
             {
@@ -183,20 +183,20 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens)
+            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens)
             {
                 Principal = new ClaimsPrincipal(identity),
                 Properties = properties
             };
             
-            await Options.Notifications.Authenticated(notification);
+            await Options.Events.Authenticated(context);
 
-            if (notification.Principal?.Identity == null)
+            if (context.Principal?.Identity == null)
             {
                 return null;
             }
 
-            return new AuthenticationTicket(notification.Principal, notification.Properties, Options.AuthenticationScheme);
+            return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
         }
 
         protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
@@ -215,7 +215,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             var redirectContext = new OAuthApplyRedirectContext(
                 Context, Options,
                 properties, authorizationEndpoint);
-            Options.Notifications.ApplyRedirect(redirectContext);
+            Options.Events.ApplyRedirect(redirectContext);
             return Task.FromResult(true);
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index a9f326f8c3..1b71de47b4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -63,9 +63,9 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint)));
             }
 
-            if (Options.Notifications == null)
+            if (Options.Events == null)
             {
-                Options.Notifications = new OAuthAuthenticationNotifications();
+                Options.Events = new OAuthAuthenticationEvents();
             }
 
             if (Options.StateDataFormat == null)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 96cf1e9cfc..19d7e4abfb 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Gets or sets the URI the middleware will access to obtain the user information.
         /// This value is not used in the default implementation, it is for use in custom implementations of
-        /// IOAuthAuthenticationNotifications.Authenticated or OAuthAuthenticationHandler.CreateTicketAsync.
+        /// IOAuthAuthenticationEvents.Authenticated or OAuthAuthenticationHandler.CreateTicketAsync.
         /// </summary>
         public string UserInformationEndpoint { get; set; }
 
@@ -80,9 +80,9 @@ namespace Microsoft.AspNet.Authentication.OAuth
         public HttpMessageHandler BackchannelHttpHandler { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="IOAuthAuthenticationNotifications"/> used to handle authentication events.
+        /// Gets or sets the <see cref="IOAuthAuthenticationEvents"/> used to handle authentication events.
         /// </summary>
-        public IOAuthAuthenticationNotifications Notifications { get; set; } = new OAuthAuthenticationNotifications();
+        public IOAuthAuthenticationEvents Events { get; set; } = new OAuthAuthenticationEvents();
 
         /// <summary>
         /// A list of permissions to request.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
similarity index 75%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 830c336121..5fdd57e6b8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -9,14 +9,14 @@ using System.IdentityModel.Tokens.Jwt;
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// This Notification can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
+    /// This Context can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
     /// </summary>
-    public class AuthorizationCodeReceivedNotification : BaseNotification<OpenIdConnectAuthenticationOptions>
+    public class AuthorizationCodeReceivedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
     {
         /// <summary>
-        /// Creates a <see cref="AuthorizationCodeReceivedNotification"/>
+        /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeReceivedNotification(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
+        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
         { 
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
similarity index 65%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
index c9b328e8c5..0b54f6ae8e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/AuthorizationCodeRedeemedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
@@ -4,14 +4,14 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// This Notification can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
+    /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
     /// </summary>
-    public class AuthorizationCodeRedeemedNotification : BaseNotification<OpenIdConnectAuthenticationOptions>
+    public class AuthorizationCodeRedeemedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
     {
         /// <summary>
-        /// Creates a <see cref="AuthorizationCodeRedeemedNotification"/>
+        /// Creates a <see cref="AuthorizationCodeRedeemedContext"/>
         /// </summary>
-        public AuthorizationCodeRedeemedNotification(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
+        public AuthorizationCodeRedeemedContext(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
         {
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
new file mode 100644
index 0000000000..a084eb84c7
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
@@ -0,0 +1,64 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
+    /// </summary>
+    public class OpenIdConnectAuthenticationEvents
+    {
+        /// <summary>
+        /// Creates a new set of events. Each event has a default no-op behavior unless otherwise documented.
+        /// </summary>
+        public OpenIdConnectAuthenticationEvents()
+        {
+            AuthenticationFailed = context => Task.FromResult(0);
+            AuthorizationCodeReceived = context => Task.FromResult(0);
+            AuthorizationCodeRedeemed = context => Task.FromResult(0);
+            MessageReceived = context => Task.FromResult(0);
+            SecurityTokenReceived = context => Task.FromResult(0);
+            SecurityTokenValidated = context => Task.FromResult(0);
+            RedirectToIdentityProvider = context => Task.FromResult(0);
+        }
+
+        /// <summary>
+        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// </summary>
+        public Func<AuthenticationFailedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
+
+        /// <summary>
+        /// Invoked after security token validation if an authorization code is present in the protocol message.
+        /// </summary>
+        public Func<AuthorizationCodeReceivedContext, Task> AuthorizationCodeReceived { get; set; }
+
+        /// <summary>
+        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// </summary>
+        public Func<AuthorizationCodeRedeemedContext, Task> AuthorizationCodeRedeemed { get; set; }
+
+        /// <summary>
+        /// Invoked when a protocol message is first received.
+        /// </summary>
+        public Func<MessageReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> MessageReceived { get; set; }
+
+        /// <summary>
+        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// </summary>
+        public Func<RedirectToIdentityProviderContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> RedirectToIdentityProvider { get; set; }
+
+        /// <summary>
+        /// Invoked with the security token that has been extracted from the protocol message.
+        /// </summary>
+        public Func<SecurityTokenReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
+
+        /// <summary>
+        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        public Func<SecurityTokenValidatedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
deleted file mode 100644
index b60e8cbcc3..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Notifications/OpenIdConnectAuthenticationNotifications.cs
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    /// <summary>
-    /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
-    /// </summary>
-    public class OpenIdConnectAuthenticationNotifications
-    {
-        /// <summary>
-        /// Creates a new set of notifications. Each notification has a default no-op behavior unless otherwise documented.
-        /// </summary>
-        public OpenIdConnectAuthenticationNotifications()
-        {
-            AuthenticationFailed = notification => Task.FromResult(0);
-            AuthorizationCodeReceived = notification => Task.FromResult(0);
-            AuthorizationCodeRedeemed = notificaion => Task.FromResult(0);
-            MessageReceived = notification => Task.FromResult(0);
-            SecurityTokenReceived = notification => Task.FromResult(0);
-            SecurityTokenValidated = notification => Task.FromResult(0);
-            RedirectToIdentityProvider = notification => Task.FromResult(0);
-        }
-
-        /// <summary>
-        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
-        /// </summary>
-        public Func<AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
-
-        /// <summary>
-        /// Invoked after security token validation if an authorization code is present in the protocol message.
-        /// </summary>
-        public Func<AuthorizationCodeReceivedNotification, Task> AuthorizationCodeReceived { get; set; }
-
-        /// <summary>
-        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
-        /// </summary>
-        public Func<AuthorizationCodeRedeemedNotification, Task> AuthorizationCodeRedeemed { get; set; }
-
-        /// <summary>
-        /// Invoked when a protocol message is first received.
-        /// </summary>
-        public Func<MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> MessageReceived { get; set; }
-
-        /// <summary>
-        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
-        /// </summary>
-        public Func<RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> RedirectToIdentityProvider { get; set; }
-
-        /// <summary>
-        /// Invoked with the security token that has been extracted from the protocol message.
-        /// </summary>
-        public Func<SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
-
-        /// <summary>
-        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
-        /// </summary>
-        public Func<SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
-
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 9f3bc48317..8452f2fd26 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -89,24 +89,24 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
                 }
 
-                var redirectToIdentityProviderNotification = new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = message
                 };
 
-                await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
-                if (redirectToIdentityProviderNotification.HandledResponse)
+                await Options.Events.RedirectToIdentityProvider(redirectToIdentityProviderContext);
+                if (redirectToIdentityProviderContext.HandledResponse)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                    Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderContextHandledResponse);
                     return;
                 }
-                else if (redirectToIdentityProviderNotification.Skipped)
+                else if (redirectToIdentityProviderContext.Skipped)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                    Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderContextSkipped);
                     return;
                 }
 
-                message = redirectToIdentityProviderNotification.ProtocolMessage;
+                message = redirectToIdentityProviderContext.ProtocolMessage;
 
                 if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.RedirectGet)
                 {
@@ -182,7 +182,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ClientId = Options.ClientId,
                 IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty,
                 RedirectUri = Options.RedirectUri,
-                // [brentschmaltz] - #215 this should be a property on RedirectToIdentityProviderNotification not on the OIDCMessage.
+                // [brentschmaltz] - #215 this should be a property on RedirectToIdentityProviderContext not on the OIDCMessage.
                 RequestType = OpenIdConnectRequestType.AuthenticationRequest,
                 Resource = Options.Resource,
                 ResponseType = Options.ResponseType,
@@ -220,30 +220,30 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
             }
 
-            var redirectToIdentityProviderNotification =
-                new RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            var redirectToIdentityProviderContext =
+                new RedirectToIdentityProviderContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = message
                 };
 
-            await Options.Notifications.RedirectToIdentityProvider(redirectToIdentityProviderNotification);
-            if (redirectToIdentityProviderNotification.HandledResponse)
+            await Options.Events.RedirectToIdentityProvider(redirectToIdentityProviderContext);
+            if (redirectToIdentityProviderContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse);
+                Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderContextHandledResponse);
                 return true;
             }
-            else if (redirectToIdentityProviderNotification.Skipped)
+            else if (redirectToIdentityProviderContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderNotificationSkipped);
+                Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderContextSkipped);
                 return false;
             }
 
-            if (!string.IsNullOrEmpty(redirectToIdentityProviderNotification.ProtocolMessage.State))
+            if (!string.IsNullOrEmpty(redirectToIdentityProviderContext.ProtocolMessage.State))
             {
-                properties.Items[OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey] = redirectToIdentityProviderNotification.ProtocolMessage.State;
+                properties.Items[OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey] = redirectToIdentityProviderContext.ProtocolMessage.State;
             }
 
-            message = redirectToIdentityProviderNotification.ProtocolMessage;
+            message = redirectToIdentityProviderContext.ProtocolMessage;
 
             var redirectUriForCode = message.RedirectUri;
             if (string.IsNullOrEmpty(redirectUriForCode))
@@ -356,12 +356,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             try
             {
-                var messageReceivedNotification = await RunMessageReceivedNotificationAsync(message);
-                if (messageReceivedNotification.HandledResponse)
+                var messageReceivedContext = await RunMessageReceivedEventAsync(message);
+                if (messageReceivedContext.HandledResponse)
                 {
-                    return messageReceivedNotification.AuthenticationTicket;
+                    return messageReceivedContext.AuthenticationTicket;
                 }
-                else if (messageReceivedNotification.Skipped)
+                else if (messageReceivedContext.Skipped)
                 {
                     return null;
                 }
@@ -419,7 +419,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 Logger.LogError(Resources.OIDCH_0017_ExceptionOccurredWhileProcessingMessage, exception);
 
-                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
                 if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
                     if (Options.ConfigurationManager != null)
@@ -429,12 +429,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     }
                 }
 
-                var authenticationFailedNotification = await RunAuthenticationFailedNotificationAsync(message, exception);
-                if (authenticationFailedNotification.HandledResponse)
+                var authenticationFailedContext = await RunAuthenticationFailedEventAsync(message, exception);
+                if (authenticationFailedContext.HandledResponse)
                 {
-                    return authenticationFailedNotification.AuthenticationTicket;
+                    return authenticationFailedContext.AuthenticationTicket;
                 }
-                else if (authenticationFailedNotification.Skipped)
+                else if (authenticationFailedContext.Skipped)
                 {
                     return null;
                 }
@@ -450,12 +450,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             OpenIdConnectTokenEndpointResponse tokenEndpointResponse = null;
             string idToken = null;
-            var authorizationCodeReceivedNotification = await RunAuthorizationCodeReceivedNotificationAsync(message, properties, ticket, jwt);
-            if (authorizationCodeReceivedNotification.HandledResponse)
+            var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
+            if (authorizationCodeReceivedContext.HandledResponse)
             {
-                return authorizationCodeReceivedNotification.AuthenticationTicket;
+                return authorizationCodeReceivedContext.AuthenticationTicket;
             }
-            else if (authorizationCodeReceivedNotification.Skipped)
+            else if (authorizationCodeReceivedContext.Skipped)
             {
                 return null;
             }
@@ -463,15 +463,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             // Redeeming authorization code for tokens
             Logger.LogDebug(Resources.OIDCH_0038_Redeeming_Auth_Code, message.Code);
 
-            tokenEndpointResponse = await RedeemAuthorizationCodeAsync(message.Code, authorizationCodeReceivedNotification.RedirectUri);
+            tokenEndpointResponse = await RedeemAuthorizationCodeAsync(message.Code, authorizationCodeReceivedContext.RedirectUri);
             idToken = tokenEndpointResponse.Message.IdToken;
 
-            var authorizationCodeRedeemedNotification = await RunAuthorizationCodeRedeemedNotificationAsync(message, tokenEndpointResponse);
-            if (authorizationCodeRedeemedNotification.HandledResponse)
+            var authorizationCodeRedeemedContext = await RunAuthorizationCodeRedeemedEventAsync(message, tokenEndpointResponse);
+            if (authorizationCodeRedeemedContext.HandledResponse)
             {
-                return authorizationCodeRedeemedNotification.AuthenticationTicket;
+                return authorizationCodeRedeemedContext.AuthenticationTicket;
             }
-            else if (authorizationCodeRedeemedNotification.Skipped)
+            else if (authorizationCodeRedeemedContext.Skipped)
             {
                 return null;
             }
@@ -490,12 +490,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket);
             }
 
-            var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
-            if (securityTokenValidatedNotification.HandledResponse)
+            var securityTokenValidatedContext = await RunSecurityTokenValidatedEventAsync(message, ticket);
+            if (securityTokenValidatedContext.HandledResponse)
             {
-                return securityTokenValidatedNotification.AuthenticationTicket;
+                return securityTokenValidatedContext.AuthenticationTicket;
             }
-            else if (securityTokenValidatedNotification.Skipped)
+            else if (securityTokenValidatedContext.Skipped)
             {
                 return null;
             }
@@ -508,12 +508,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             AuthenticationTicket ticket = null;
             JwtSecurityToken jwt = null;
 
-            var securityTokenReceivedNotification = await RunSecurityTokenReceivedNotificationAsync(message);
-            if (securityTokenReceivedNotification.HandledResponse)
+            var securityTokenReceivedContext = await RunSecurityTokenReceivedEventAsync(message);
+            if (securityTokenReceivedContext.HandledResponse)
             {
-                return securityTokenReceivedNotification.AuthenticationTicket;
+                return securityTokenReceivedContext.AuthenticationTicket;
             }
-            else if (securityTokenReceivedNotification.Skipped)
+            else if (securityTokenReceivedContext.Skipped)
             {
                 return null;
             }
@@ -523,24 +523,24 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             await ValidateOpenIdConnectProtocolAsync(jwt, message);
 
-            var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
-            if (securityTokenValidatedNotification.HandledResponse)
+            var securityTokenValidatedContext = await RunSecurityTokenValidatedEventAsync(message, ticket);
+            if (securityTokenValidatedContext.HandledResponse)
             {
-                return securityTokenValidatedNotification.AuthenticationTicket;
+                return securityTokenValidatedContext.AuthenticationTicket;
             }
-            else if (securityTokenValidatedNotification.Skipped)
+            else if (securityTokenValidatedContext.Skipped)
             {
                 return null;
             }
 
             if (message.Code != null)
             {
-                var authorizationCodeReceivedNotification = await RunAuthorizationCodeReceivedNotificationAsync(message, properties, ticket, jwt);
-                if (authorizationCodeReceivedNotification.HandledResponse)
+                var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
+                if (authorizationCodeReceivedContext.HandledResponse)
                 {
-                    return authorizationCodeReceivedNotification.AuthenticationTicket;
+                    return authorizationCodeReceivedContext.AuthenticationTicket;
                 }
-                else if (authorizationCodeReceivedNotification.Skipped)
+                else if (authorizationCodeReceivedContext.Skipped)
                 {
                     return null;
                 }
@@ -745,36 +745,36 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
-        private async Task<MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunMessageReceivedNotificationAsync(OpenIdConnectMessage message)
+        private async Task<MessageReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunMessageReceivedEventAsync(OpenIdConnectMessage message)
         {
             Logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
-            var messageReceivedNotification =
-                new MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            var messageReceivedContext =
+                new MessageReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = message
                 };
 
-            await Options.Notifications.MessageReceived(messageReceivedNotification);
-            if (messageReceivedNotification.HandledResponse)
+            await Options.Events.MessageReceived(messageReceivedContext);
+            if (messageReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0002_MessageReceivedNotificationHandledResponse);
+                Logger.LogVerbose(Resources.OIDCH_0002_MessageReceivedContextHandledResponse);
             }
-            else if (messageReceivedNotification.Skipped)
+            else if (messageReceivedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0003_MessageReceivedNotificationSkipped);
+                Logger.LogVerbose(Resources.OIDCH_0003_MessageReceivedContextSkipped);
             }
 
-            return messageReceivedNotification;
+            return messageReceivedContext;
         }
 
-        private async Task<AuthorizationCodeReceivedNotification> RunAuthorizationCodeReceivedNotificationAsync(OpenIdConnectMessage message, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
+        private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
         {
             var redirectUri = properties.Items.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey) ?
                 properties.Items[OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey] : Options.RedirectUri;
 
             Logger.LogDebug(Resources.OIDCH_0014_AuthorizationCodeReceived, message.Code);
 
-            var authorizationCodeReceivedNotification = new AuthorizationCodeReceivedNotification(Context, Options)
+            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options)
             {
                 Code = message.Code,
                 ProtocolMessage = message,
@@ -783,105 +783,105 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 JwtSecurityToken = jwt
             };
 
-            await Options.Notifications.AuthorizationCodeReceived(authorizationCodeReceivedNotification);
-            if (authorizationCodeReceivedNotification.HandledResponse)
+            await Options.Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
+            if (authorizationCodeReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse);
+                Logger.LogVerbose(Resources.OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse);
             }
-            else if (authorizationCodeReceivedNotification.Skipped)
+            else if (authorizationCodeReceivedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped);
+                Logger.LogVerbose(Resources.OIDCH_0016_AuthorizationCodeReceivedContextSkipped);
             }
 
-            return authorizationCodeReceivedNotification;
+            return authorizationCodeReceivedContext;
         }
 
-        private async Task<AuthorizationCodeRedeemedNotification> RunAuthorizationCodeRedeemedNotificationAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
+        private async Task<AuthorizationCodeRedeemedContext> RunAuthorizationCodeRedeemedEventAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
         {
             Logger.LogDebug(Resources.OIDCH_0042_AuthorizationCodeRedeemed, message.Code);
-            var authorizationCodeRedeemedNotification = new AuthorizationCodeRedeemedNotification(Context, Options)
+            var authorizationCodeRedeemedContext = new AuthorizationCodeRedeemedContext(Context, Options)
             {
                 Code = message.Code,
                 ProtocolMessage = message,
                 TokenEndpointResponse = tokenEndpointResponse
             };
 
-            await Options.Notifications.AuthorizationCodeRedeemed(authorizationCodeRedeemedNotification);
-            if (authorizationCodeRedeemedNotification.HandledResponse)
+            await Options.Events.AuthorizationCodeRedeemed(authorizationCodeRedeemedContext);
+            if (authorizationCodeRedeemedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse);
+                Logger.LogVerbose(Resources.OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse);
             }
-            else if (authorizationCodeRedeemedNotification.Skipped)
+            else if (authorizationCodeRedeemedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped);
+                Logger.LogVerbose(Resources.OIDCH_0044_AuthorizationCodeRedeemedContextSkipped);
             }
-            return authorizationCodeRedeemedNotification;
+            return authorizationCodeRedeemedContext;
         }
 
-        private async Task<SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenReceivedNotificationAsync(OpenIdConnectMessage message)
+        private async Task<SecurityTokenReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenReceivedEventAsync(OpenIdConnectMessage message)
         {
             Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
-            var securityTokenReceivedNotification =
-                new SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            var securityTokenReceivedContext =
+                new SecurityTokenReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = message,
                 };
 
-            await Options.Notifications.SecurityTokenReceived(securityTokenReceivedNotification);
-            if (securityTokenReceivedNotification.HandledResponse)
+            await Options.Events.SecurityTokenReceived(securityTokenReceivedContext);
+            if (securityTokenReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse);
+                Logger.LogVerbose(Resources.OIDCH_0008_SecurityTokenReceivedContextHandledResponse);
             }
-            else if (securityTokenReceivedNotification.Skipped)
+            else if (securityTokenReceivedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0009_SecurityTokenReceivedNotificationSkipped);
+                Logger.LogVerbose(Resources.OIDCH_0009_SecurityTokenReceivedContextSkipped);
             }
 
-            return securityTokenReceivedNotification;
+            return securityTokenReceivedContext;
         }
 
-        private async Task<SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenValidatedNotificationAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
+        private async Task<SecurityTokenValidatedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
         {
-            var securityTokenValidatedNotification =
-                new SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            var securityTokenValidatedContext =
+                new SecurityTokenValidatedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     AuthenticationTicket = ticket,
                     ProtocolMessage = message
                 };
 
-            await Options.Notifications.SecurityTokenValidated(securityTokenValidatedNotification);
-            if (securityTokenValidatedNotification.HandledResponse)
+            await Options.Events.SecurityTokenValidated(securityTokenValidatedContext);
+            if (securityTokenValidatedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse);
+                Logger.LogVerbose(Resources.OIDCH_0012_SecurityTokenValidatedContextHandledResponse);
             }
-            else if (securityTokenValidatedNotification.Skipped)
+            else if (securityTokenValidatedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0013_SecurityTokenValidatedNotificationSkipped);
+                Logger.LogVerbose(Resources.OIDCH_0013_SecurityTokenValidatedContextSkipped);
             }
 
-            return securityTokenValidatedNotification;
+            return securityTokenValidatedContext;
         }
 
-        private async Task<AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunAuthenticationFailedNotificationAsync(OpenIdConnectMessage message, Exception exception)
+        private async Task<AuthenticationFailedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunAuthenticationFailedEventAsync(OpenIdConnectMessage message, Exception exception)
         {
-            var authenticationFailedNotification =
-                new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+            var authenticationFailedContext =
+                new AuthenticationFailedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                 {
                     ProtocolMessage = message,
                     Exception = exception
                 };
 
-            await Options.Notifications.AuthenticationFailed(authenticationFailedNotification);
-            if (authenticationFailedNotification.HandledResponse)
+            await Options.Events.AuthenticationFailed(authenticationFailedContext);
+            if (authenticationFailedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0018_AuthenticationFailedNotificationHandledResponse);
+                Logger.LogVerbose(Resources.OIDCH_0018_AuthenticationFailedContextHandledResponse);
             }
-            else if (authenticationFailedNotification.Skipped)
+            else if (authenticationFailedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0019_AuthenticationFailedNotificationSkipped);
+                Logger.LogVerbose(Resources.OIDCH_0019_AuthenticationFailedContextSkipped);
             }
 
-            return authenticationFailedNotification;
+            return authenticationFailedContext;
         }
 
         private AuthenticationTicket ValidateToken(string idToken, OpenIdConnectMessage message, AuthenticationProperties properties, TokenValidationParameters validationParameters, out JwtSecurityToken jwt)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index d7d1ea45d3..4ed9fb965c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -92,9 +92,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
             }
 
-            if (Options.Notifications == null)
+            if (Options.Events == null)
             {
-                Options.Notifications = new OpenIdConnectAuthenticationNotifications();
+                Options.Events = new OpenIdConnectAuthenticationEvents();
             }
 
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
@@ -162,7 +162,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var webRequestHandler = handler as WebRequestHandler;
                 if (webRequestHandler == null)
                 {
-                    throw new InvalidOperationException(Resources.OIDCH_0102_ExceptionValidatorHandlerMismatch);
+                    throw new InvalidOperationException(Resources.OIDCH_0102_Exception_ValidatorHandlerMismatch);
                 }
                 webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
             }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 4bdfcca994..045b279cfd 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -160,9 +160,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public bool CacheNonces { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectAuthenticationNotifications"/> to notify when processing OpenIdConnect messages.
+        /// Gets or sets the <see cref="OpenIdConnectAuthenticationEvents"/> to notify when processing OpenIdConnect messages.
         /// </summary>
-        public OpenIdConnectAuthenticationNotifications Notifications { get; set; } = new OpenIdConnectAuthenticationNotifications();
+        public OpenIdConnectAuthenticationEvents Events { get; set; } = new OpenIdConnectAuthenticationEvents();
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterAuthenticationEvents.cs
similarity index 96%
rename from src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterAuthenticationEvents.cs
index 19fe1b1ccb..556fcc4a8e 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/ITwitterAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterAuthenticationEvents.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// Specifies callback methods which the <see cref="TwitterAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
     /// </summary>
-    public interface ITwitterAuthenticationNotifications
+    public interface ITwitterAuthenticationEvents
     {
         /// <summary>
         /// Invoked whenever Twitter succesfully authenticates a user
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticatedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
index 5b7f7948d8..3fcd6fe84b 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterAuthenticationNotifications.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
@@ -7,14 +7,14 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
-    /// Default <see cref="ITwitterAuthenticationNotifications"/> implementation.
+    /// Default <see cref="ITwitterAuthenticationEvents"/> implementation.
     /// </summary>
-    public class TwitterAuthenticationNotifications : ITwitterAuthenticationNotifications
+    public class TwitterAuthenticationEvents : ITwitterAuthenticationEvents
     {
         /// <summary>
-        /// Initializes a <see cref="TwitterAuthenticationNotifications"/>
+        /// Initializes a <see cref="TwitterAuthenticationEvents"/>
         /// </summary>
-        public TwitterAuthenticationNotifications()
+        public TwitterAuthenticationEvents()
         {
             OnAuthenticated = context => Task.FromResult<object>(null);
             OnReturnEndpoint = context => Task.FromResult<object>(null);
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterReturnEndpointContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Notifications/TwitterReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterReturnEndpointContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
index 7435e21875..e3dde58588 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
@@ -117,20 +117,20 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, AccessToken token)
         {
-            var notification = new TwitterAuthenticatedContext(Context, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
+            var context = new TwitterAuthenticatedContext(Context, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
             {
                 Principal = new ClaimsPrincipal(identity),
                 Properties = properties
             };
 
-            await Options.Notifications.Authenticated(notification);
+            await Options.Events.Authenticated(context);
             
-            if (notification.Principal?.Identity == null)
+            if (context.Principal?.Identity == null)
             {
                 return null;
             }
 
-            return new AuthenticationTicket(notification.Principal, notification.Properties, Options.AuthenticationScheme);
+            return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
         }
 
         protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
@@ -157,7 +157,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 var redirectContext = new TwitterApplyRedirectContext(
                     Context, Options,
                     properties, twitterAuthenticationEndpoint);
-                Options.Notifications.ApplyRedirect(redirectContext);
+                Options.Events.ApplyRedirect(redirectContext);
                 return true;
             }
             else
@@ -184,7 +184,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             };
             model.Properties.RedirectUri = null;
 
-            await Options.Notifications.ReturnEndpoint(context);
+            await Options.Events.ReturnEndpoint(context);
 
             if (context.SignInScheme != null && context.Principal != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 79bcef9c8c..1a0d28f736 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -51,9 +51,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerKey)));
             }
 
-            if (Options.Notifications == null)
+            if (Options.Events == null)
             {
-                Options.Notifications = new TwitterAuthenticationNotifications();
+                Options.Events = new TwitterAuthenticationEvents();
             }
             if (Options.StateDataFormat == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index f5d40e8809..cc6d929a99 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -102,9 +102,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
         public ISecureDataFormat<RequestToken> StateDataFormat { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="ITwitterAuthenticationNotifications"/> used to handle authentication events.
+        /// Gets or sets the <see cref="ITwitterAuthenticationEvents"/> used to handle authentication events.
         /// </summary>
-        public ITwitterAuthenticationNotifications Notifications { get; set; }
+        public ITwitterAuthenticationEvents Events { get; set; }
 
         /// <summary>
         /// Defines whether access tokens should be stored in the
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs b/src/Microsoft.AspNet.Authentication/Events/AuthenticationFailedContext.cs
similarity index 64%
rename from src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Events/AuthenticationFailedContext.cs
index 676072238d..33e99076e6 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/AuthenticationFailedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/AuthenticationFailedContext.cs
@@ -6,9 +6,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class AuthenticationFailedNotification<TMessage, TOptions> : BaseNotification<TOptions>
+    public class AuthenticationFailedContext<TMessage, TOptions> : BaseControlContext<TOptions>
     {
-        public AuthenticationFailedNotification(HttpContext context, TOptions options) : base(context, options)
+        public AuthenticationFailedContext(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs b/src/Microsoft.AspNet.Authentication/Events/BaseContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Notifications/BaseContext.cs
rename to src/Microsoft.AspNet.Authentication/Events/BaseContext.cs
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs b/src/Microsoft.AspNet.Authentication/Events/BaseContext`1.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Notifications/BaseContext`1.cs
rename to src/Microsoft.AspNet.Authentication/Events/BaseContext`1.cs
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs b/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
similarity index 67%
rename from src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
rename to src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
index 8cd7424244..1f83f062e1 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/BaseNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
@@ -5,22 +5,22 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class BaseNotification<TOptions> : BaseContext<TOptions>
+    public class BaseControlContext<TOptions> : BaseContext<TOptions>
     {
-        protected BaseNotification(HttpContext context, TOptions options) : base(context, options)
+        protected BaseControlContext(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
-        public NotificationResultState State { get; set; }
+        public EventResultState State { get; set; }
 
         public bool HandledResponse
         {
-            get { return State == NotificationResultState.HandledResponse; }
+            get { return State == EventResultState.HandledResponse; }
         }
 
         public bool Skipped
         {
-            get { return State == NotificationResultState.Skipped; }
+            get { return State == EventResultState.Skipped; }
         }
 
         /// <summary>
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Authentication
         /// </summary>
         public void HandleResponse()
         {
-            State = NotificationResultState.HandledResponse;
+            State = EventResultState.HandledResponse;
         }
 
         /// <summary>
@@ -39,11 +39,11 @@ namespace Microsoft.AspNet.Authentication
         /// </summary>
         public void SkipToNextMiddleware()
         {
-            State = NotificationResultState.Skipped;
+            State = EventResultState.Skipped;
         }
 
         /// <summary>
-        /// Gets or set the <see cref="AuthenticationTicket"/> to return if this notification signals it handled the notification.
+        /// Gets or set the <see cref="AuthenticationTicket"/> to return if this event signals it handled the event.
         /// </summary>
         public AuthenticationTicket AuthenticationTicket { get; set; }
     }
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs b/src/Microsoft.AspNet.Authentication/Events/EndpointContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Notifications/EndpointContext.cs
rename to src/Microsoft.AspNet.Authentication/Events/EndpointContext.cs
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs b/src/Microsoft.AspNet.Authentication/Events/EndpointContext`1.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Notifications/EndpointContext`1.cs
rename to src/Microsoft.AspNet.Authentication/Events/EndpointContext`1.cs
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs b/src/Microsoft.AspNet.Authentication/Events/EventResultState.cs
similarity index 94%
rename from src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
rename to src/Microsoft.AspNet.Authentication/Events/EventResultState.cs
index 76fb0a7622..c3437ddff6 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/NotificationResultState.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/EventResultState.cs
@@ -5,7 +5,7 @@ using System;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public enum NotificationResultState
+    public enum EventResultState
     {
         /// <summary>
         /// Continue with normal processing.
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Events/MessageReceivedContext.cs
similarity index 72%
rename from src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Events/MessageReceivedContext.cs
index dc64a7a504..86babe7277 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/MessageReceivedContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class MessageReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
+    public class MessageReceivedContext<TMessage, TOptions> : BaseControlContext<TOptions>
     {
-        public MessageReceivedNotification(HttpContext context, TOptions options) : base(context, options)
+        public MessageReceivedContext(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Events/RedirectFromIdentityProviderContext.cs
similarity index 70%
rename from src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
rename to src/Microsoft.AspNet.Authentication/Events/RedirectFromIdentityProviderContext.cs
index 61387bc910..9de5cd1a00 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/RedirectFromIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/RedirectFromIdentityProviderContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class RedirectFromIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
+    public class RedirectFromIdentityProviderContext<TMessage, TOptions> : BaseControlContext<TOptions>
     {
-        public RedirectFromIdentityProviderNotification(HttpContext context, TOptions options)
+        public RedirectFromIdentityProviderContext(HttpContext context, TOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs b/src/Microsoft.AspNet.Authentication/Events/RedirectToIdentityProviderContext.cs
similarity index 68%
rename from src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
rename to src/Microsoft.AspNet.Authentication/Events/RedirectToIdentityProviderContext.cs
index be8ac62b46..9b95794745 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/RedirectToIdentityProviderNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/RedirectToIdentityProviderContext.cs
@@ -9,13 +9,13 @@ namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
     /// When a user configures the <see cref="AuthenticationMiddleware{TOptions}"/> to be notified prior to redirecting to an IdentityProvider
-    /// an instance of <see cref="RedirectFromIdentityProviderNotification{TMessage, TOptions, TMessage}"/> is passed to the 'RedirectToIdentityProviderNotification".
+    /// an instance of <see cref="RedirectFromIdentityProviderContext{TMessage, TOptions, TMessage}"/> is passed to the 'RedirectToIdentityProviderContext".
     /// </summary>
     /// <typeparam name="TMessage">protocol specific message.</typeparam>
     /// <typeparam name="TOptions">protocol specific options.</typeparam>
-    public class RedirectToIdentityProviderNotification<TMessage, TOptions> : BaseNotification<TOptions>
+    public class RedirectToIdentityProviderContext<TMessage, TOptions> : BaseControlContext<TOptions>
     {
-        public RedirectToIdentityProviderNotification([NotNull] HttpContext context, [NotNull] TOptions options) : base(context, options)
+        public RedirectToIdentityProviderContext([NotNull] HttpContext context, [NotNull] TOptions options) : base(context, options)
         {
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication/Events/ReturnEndpointContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Notifications/ReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication/Events/ReturnEndpointContext.cs
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs b/src/Microsoft.AspNet.Authentication/Events/SecurityTokenReceivedContext.cs
similarity index 64%
rename from src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Events/SecurityTokenReceivedContext.cs
index 5e73c1cafe..225f4fd6de 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/SecurityTokenReceivedContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class SecurityTokenReceivedNotification<TMessage, TOptions> : BaseNotification<TOptions>
+    public class SecurityTokenReceivedContext<TMessage, TOptions> : BaseControlContext<TOptions>
     {
-        public SecurityTokenReceivedNotification(HttpContext context, TOptions options) : base(context, options)
+        public SecurityTokenReceivedContext(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs b/src/Microsoft.AspNet.Authentication/Events/SecurityTokenValidatedContext.cs
similarity index 60%
rename from src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
rename to src/Microsoft.AspNet.Authentication/Events/SecurityTokenValidatedContext.cs
index 12f520d7e5..4acf056a2e 100644
--- a/src/Microsoft.AspNet.Authentication/Notifications/SecurityTokenValidatedNotification.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/SecurityTokenValidatedContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class SecurityTokenValidatedNotification<TMessage, TOptions> : BaseNotification<TOptions>
+    public class SecurityTokenValidatedContext<TMessage, TOptions> : BaseControlContext<TOptions>
     {
-        public SecurityTokenValidatedNotification(HttpContext context, TOptions options) : base(context, options)
+        public SecurityTokenValidatedContext(HttpContext context, TOptions options) : base(context, options)
         {
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 139006b06e..ffc1f304de 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -341,7 +341,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.Notifications = new CookieAuthenticationNotifications
+                options.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
@@ -372,7 +372,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 options.SlidingExpiration = false;
-                options.Notifications = new CookieAuthenticationNotifications
+                options.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
@@ -402,7 +402,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 options.SlidingExpiration = false;
-                options.Notifications = new CookieAuthenticationNotifications
+                options.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
@@ -448,7 +448,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.Notifications = new CookieAuthenticationNotifications
+                options.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
@@ -495,7 +495,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 options.SystemClock = clock;
                 options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 options.SlidingExpiration = false;
-                options.Notifications = new CookieAuthenticationNotifications()
+                options.Events = new CookieAuthenticationEvents()
                 {
                     OnResponseSignIn = context =>
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 5cd06921a5..f32aa37547 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
-                        options.Notifications = new OAuthAuthenticationNotifications
+                        options.Events = new OAuthAuthenticationEvents
                         {
                             OnApplyRedirect = context =>
                             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index e13b051462..afefb49077 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -198,7 +198,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.Notifications = new OAuthAuthenticationNotifications
+                options.Events = new OAuthAuthenticationEvents
                 {
                     OnApplyRedirect = context =>
                         {
@@ -414,7 +414,7 @@ namespace Microsoft.AspNet.Authentication.Google
                         return null;
                     }
                 };
-                options.Notifications = new OAuthAuthenticationNotifications
+                options.Events = new OAuthAuthenticationEvents
                 {
                     OnAuthenticated = context =>
                     {
@@ -455,7 +455,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
                 options.StateDataFormat = stateFormat;
                 options.AccessType = "offline";
-                options.Notifications = new OAuthAuthenticationNotifications()
+                options.Events = new OAuthAuthenticationEvents()
                 {
                     OnAuthenticated = context =>
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index a6639e823c..cc125fb4e2 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Notifications.MessageReceived = notification =>
+                options.Events.MessageReceived = context =>
                 {
                     var claims = new[]
                     {
@@ -76,11 +76,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                     };
 
-                    notification.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+                    context.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    notification.HandleResponse();
+                    context.HandleResponse();
                     
                     return Task.FromResult<object>(null);
                 };
@@ -114,7 +114,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Notifications.SecurityTokenReceived = notification =>
+                options.Events.SecurityTokenReceived = context =>
                 {
                     var claims = new[]
                     {
@@ -123,11 +123,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                     };
 
-                    notification.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+                    context.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    notification.HandleResponse();
+                    context.HandleResponse();
                     
                     return Task.FromResult<object>(null);
                 };
@@ -145,11 +145,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Notifications.SecurityTokenValidated = notification =>
+                options.Events.SecurityTokenValidated = context =>
                 {
                     // Retrieve the NameIdentifier claim from the identity
                     // returned by the custom security token validator.
-                    var identity = (ClaimsIdentity) notification.AuthenticationTicket.Principal.Identity;
+                    var identity = (ClaimsIdentity)context.AuthenticationTicket.Principal.Identity;
                     var identifier = identity.FindFirst(ClaimTypes.NameIdentifier);
 
                     identifier.Value.ShouldBe("Bob le Tout Puissant");
@@ -179,13 +179,13 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Notifications.MessageReceived = notification =>
+                options.Events.MessageReceived = context =>
                 {
-                    notification.Token = "CustomToken";
+                    context.Token = "CustomToken";
                     return Task.FromResult<object>(null);
                 };
                 
-                options.Notifications.SecurityTokenReceived = notification =>
+                options.Events.SecurityTokenReceived = context =>
                 {
                     var claims = new[]
                     {
@@ -194,11 +194,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                     };
 
-                    notification.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+                    context.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    notification.HandleResponse();
+                    context.HandleResponse();
 
                     return Task.FromResult<object>(null);
                 };
@@ -214,7 +214,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Notifications.SecurityTokenReceived = notification =>
+                options.Events.SecurityTokenReceived = context =>
                 {
                     var claims = new[]
                     {
@@ -223,11 +223,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                     };
 
-                    notification.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+                    context.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    notification.HandleResponse();
+                    context.HandleResponse();
 
                     return Task.FromResult<object>(null);
                 };
@@ -242,7 +242,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Notifications.SecurityTokenReceived = notification =>
+                options.Events.SecurityTokenReceived = context =>
                 {
                     var claims = new[]
                     {
@@ -251,11 +251,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                     };
 
-                    notification.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, notification.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), notification.Options.AuthenticationScheme);
+                    context.AuthenticationTicket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    notification.HandleResponse();
+                    context.HandleResponse();
 
                     return Task.FromResult<object>(null);
                 };
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index ee5dcb526a..b469100eee 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -31,7 +31,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 {
                     options.ClientId = "Test Client Id";
                     options.ClientSecret = "Test Client Secret";
-                    options.Notifications = new OAuthAuthenticationNotifications
+                    options.Events = new OAuthAuthenticationEvents
                     {
                         OnApplyRedirect = context =>
                         {
@@ -143,7 +143,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                             return null;
                         }
                     };
-                    options.Notifications = new OAuthAuthenticationNotifications
+                    options.Events = new OAuthAuthenticationEvents
                     {
                         OnAuthenticated = context =>
                         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index cef7567f18..80c77ac535 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -94,26 +94,26 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             }
         }
 
-        // Setup a notification to check for expected state.
-        // The state gets set by the runtime after the 'MessageReceivedNotification'
+        // Setup an event to check for expected state.
+        // The state gets set by the runtime after the 'MessageReceivedContext'
         private static void SetStateOptions(OpenIdConnectAuthenticationOptions options)
         {
             options.AuthenticationScheme = "OpenIdConnectHandlerTest";
             options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
             options.ClientId = Guid.NewGuid().ToString();
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Notifications = new OpenIdConnectAuthenticationNotifications
+            options.Events = new OpenIdConnectAuthenticationEvents
             {
-                AuthorizationCodeRedeemed = notification =>
+                AuthorizationCodeRedeemed = context =>
                 {
-                    notification.HandleResponse();
-                    if (notification.ProtocolMessage.State == null && !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
+                    context.HandleResponse();
+                    if (context.ProtocolMessage.State == null && !context.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
                         return Task.FromResult<object>(null);
 
-                    if (notification.ProtocolMessage.State == null || !notification.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
-                        Assert.True(false, "(notification.ProtocolMessage.State=!= null || !notification.ProtocolMessage.Parameters.ContainsKey(expectedState)");
+                    if (context.ProtocolMessage.State == null || !context.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
+                        Assert.True(false, "(context.ProtocolMessage.State=!= null || !context.ProtocolMessage.Parameters.ContainsKey(expectedState)");
 
-                    Assert.Equal(notification.ProtocolMessage.State, notification.ProtocolMessage.Parameters[ExpectedStateParameter]);
+                    Assert.Equal(context.ProtocolMessage.State, context.ProtocolMessage.Parameters[ExpectedStateParameter]);
                     return Task.FromResult<object>(null);
                 }
             };
@@ -274,12 +274,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    AuthorizationCodeReceived = (notification) =>
+                    AuthorizationCodeReceived = (context) =>
                     {
-                        notification.HandleResponse();
+                        context.HandleResponse();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -290,12 +290,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    AuthorizationCodeReceived = (notification) =>
+                    AuthorizationCodeReceived = (context) =>
                     {
-                        notification.SkipToNextMiddleware();
+                        context.SkipToNextMiddleware();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -306,12 +306,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    AuthenticationFailed = (notification) =>
+                    AuthenticationFailed = (context) =>
                     {
-                        notification.HandleResponse();
+                        context.HandleResponse();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -322,12 +322,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    AuthenticationFailed = (notification) =>
+                    AuthenticationFailed = (context) =>
                     {
-                        notification.SkipToNextMiddleware();
+                        context.SkipToNextMiddleware();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -336,12 +336,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void MessageReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    MessageReceived = (notification) =>
+                    MessageReceived = (context) =>
                     {
-                        notification.HandleResponse();
+                        context.HandleResponse();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -352,12 +352,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    AuthorizationCodeRedeemed = (notification) =>
+                    AuthorizationCodeRedeemed = (context) =>
                     {
-                        notification.HandleResponse();
+                        context.HandleResponse();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -368,12 +368,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    AuthorizationCodeRedeemed = (notification) =>
+                    AuthorizationCodeRedeemed = (context) =>
                     {
-                        notification.SkipToNextMiddleware();
+                        context.SkipToNextMiddleware();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -387,14 +387,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             options.GetClaimsFromUserInfoEndpoint = true;
             options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    SecurityTokenValidated = (notification) =>
+                    SecurityTokenValidated = (context) =>
                     {
-                        var claimValue = notification.AuthenticationTicket.Principal.FindFirst("test claim");
+                        var claimValue = context.AuthenticationTicket.Principal.FindFirst("test claim");
                         Assert.Equal(claimValue.Value, "test value");
-                        notification.HandleResponse();
+                        context.HandleResponse();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -402,12 +402,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    MessageReceived = (notification) =>
+                    MessageReceived = (context) =>
                     {
-                        notification.SkipToNextMiddleware();
+                        context.SkipToNextMiddleware();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -421,12 +421,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    SecurityTokenReceived = (notification) =>
+                    SecurityTokenReceived = (context) =>
                     {
-                        notification.HandleResponse();
+                        context.HandleResponse();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -435,12 +435,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void SecurityTokenReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    SecurityTokenReceived = (notification) =>
+                    SecurityTokenReceived = (context) =>
                     {
-                        notification.SkipToNextMiddleware();
+                        context.SkipToNextMiddleware();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -492,12 +492,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void SecurityTokenValidatedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             SecurityTokenValidatorValidatesAllTokens(options);
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    SecurityTokenValidated = (notification) =>
+                    SecurityTokenValidated = (context) =>
                     {
-                        notification.HandleResponse();
+                        context.HandleResponse();
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -506,12 +506,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             SecurityTokenValidatorValidatesAllTokens(options);
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    SecurityTokenValidated = (notification) =>
+                    SecurityTokenValidated = (context) =>
                     {
-                        notification.SkipToNextMiddleware();
+                        context.SkipToNextMiddleware();
                         return Task.FromResult<object>(null);
                     }
                 };
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 72c82999bf..e8d724be2a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -100,7 +100,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         }
 
         /// <summary>
-        /// Tests RedirectToIdentityProviderNotification replaces the OpenIdConnectMesssage correctly.
+        /// Tests RedirectToIdentityProviderContext replaces the OpenIdConnectMesssage correctly.
         /// </summary>
         /// <returns>Task</returns>
         [Theory]
@@ -130,12 +130,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
             mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
             options.AutomaticAuthentication = true;
-            options.Notifications =
-                new OpenIdConnectAuthenticationNotifications
+            options.Events =
+                new OpenIdConnectAuthenticationEvents
                 {
-                    RedirectToIdentityProvider = (notification) =>
+                    RedirectToIdentityProvider = (context) =>
                     {
-                        notification.ProtocolMessage = mockOpenIdConnectMessage.Object;
+                        context.ProtocolMessage = mockOpenIdConnectMessage.Object;
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -143,8 +143,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         /// <summary>
         /// Tests for users who want to add 'state'. There are two ways to do it.
-        /// 1. Users set 'state' (OpenIdConnectMessage.State) in the notification. The runtime appends to that state.
-        /// 2. Users add to the AuthenticationProperties (notification.AuthenticationProperties), values will be serialized.
+        /// 1. Users set 'state' (OpenIdConnectMessage.State) in the event. The runtime appends to that state.
+        /// 2. Users add to the AuthenticationProperties (context.AuthenticationProperties), values will be serialized.
         /// </summary>
         /// <param name="userSetsState"></param>
         /// <returns></returns>
@@ -163,11 +163,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 SetOptions(options, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
                 options.AutomaticAuthentication = challenge.Equals(ChallengeWithOutContext);
-                options.Notifications = new OpenIdConnectAuthenticationNotifications
+                options.Events = new OpenIdConnectAuthenticationEvents
                 {
-                    RedirectToIdentityProvider = notification =>
+                    RedirectToIdentityProvider = context =>
                     {
-                        notification.ProtocolMessage.State = userState;
+                        context.ProtocolMessage.State = userState;
                         return Task.FromResult<object>(null);
                     }
 
@@ -207,21 +207,21 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         }
 
         [Fact]
-        public async Task ChallengeWillUseNotifications()
+        public async Task ChallengeWillUseEvents()
         {
             var queryValues = new ExpectedQueryValues(DefaultAuthority);
-            var queryValuesSetInNotification = new ExpectedQueryValues(DefaultAuthority);
+            var queryValuesSetInEvent = new ExpectedQueryValues(DefaultAuthority);
             var server = CreateServer(options =>
             {
                 SetOptions(options, DefaultParameters(), queryValues);
-                options.Notifications = new OpenIdConnectAuthenticationNotifications
+                options.Events = new OpenIdConnectAuthenticationEvents
                 {
-                    RedirectToIdentityProvider = notification =>
+                    RedirectToIdentityProvider = context =>
                     {
-                        notification.ProtocolMessage.ClientId = queryValuesSetInNotification.ClientId;
-                        notification.ProtocolMessage.RedirectUri = queryValuesSetInNotification.RedirectUri;
-                        notification.ProtocolMessage.Resource = queryValuesSetInNotification.Resource;
-                        notification.ProtocolMessage.Scope = queryValuesSetInNotification.Scope;
+                        context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
+                        context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;
+                        context.ProtocolMessage.Resource = queryValuesSetInEvent.Resource;
+                        context.ProtocolMessage.Scope = queryValuesSetInEvent.Scope;
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -229,7 +229,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            queryValuesSetInNotification.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
+            queryValuesSetInEvent.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
         private void SetOptions(OpenIdConnectAuthenticationOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index c5ad93b502..d837cdaffc 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -24,7 +24,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 {
                     options.ConsumerKey = "Test Consumer Key";
                     options.ConsumerSecret = "Test Consumer Secret";
-                    options.Notifications = new TwitterAuthenticationNotifications
+                    options.Events = new TwitterAuthenticationEvents
                     {
                         OnApplyRedirect = context =>
                         {

From e4f78176f93ed23adbf2a24d4e5e0062aad490e2 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Sep 2015 14:16:03 -0700
Subject: [PATCH 314/900] Regenerate Resources.Designer.cs using the standard
 tooling.

---
 .../Properties/Resources.Designer.cs          |  62 ++
 .../Resources.Designer.cs                     |  85 --
 .../Properties/Resources.Designer.cs          |  46 ++
 .../Resources.Designer.cs                     |  72 --
 .../Properties/Resources.Designer.cs          |  62 ++
 .../Resources.Designer.cs                     |  81 --
 .../Properties/Resources.Designer.cs          |  62 ++
 .../Resources.Designer.cs                     |  83 --
 .../Properties/Resources.Designer.cs          |  78 ++
 .../Resources.Designer.cs                     |  90 --
 .../Properties/Resources.Designer.cs          |  62 ++
 .../Resources.Designer.cs                     |  83 --
 .../Properties/Resources.Designer.cs          | 766 ++++++++++++++++++
 .../Resources.Designer.cs                     | 440 ----------
 .../Resources.resx                            |  56 +-
 .../Properties/Resources.Designer.cs          |  62 ++
 .../Resources.Designer.cs                     |  81 --
 .../Properties/Resources.Designer.cs          |  32 +-
 18 files changed, 1244 insertions(+), 1059 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.Cookies/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Cookies/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.Facebook/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Facebook/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.Google/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Google/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.JwtBearer/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.Twitter/Properties/Resources.Designer.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Twitter/Resources.Designer.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Cookies/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..ede713df8c
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Properties/Resources.Designer.cs
@@ -0,0 +1,62 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.Cookies
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.Cookies.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The cookie key and options are larger than ChunksSize, leaving no room for data.
+        /// </summary>
+        internal static string Exception_CookieLimitTooSmall
+        {
+            get { return GetString("Exception_CookieLimitTooSmall"); }
+        }
+
+        /// <summary>
+        /// The cookie key and options are larger than ChunksSize, leaving no room for data.
+        /// </summary>
+        internal static string FormatException_CookieLimitTooSmall()
+        {
+            return GetString("Exception_CookieLimitTooSmall");
+        }
+
+        /// <summary>
+        /// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.
+        /// </summary>
+        internal static string Exception_ImcompleteChunkedCookie
+        {
+            get { return GetString("Exception_ImcompleteChunkedCookie"); }
+        }
+
+        /// <summary>
+        /// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.
+        /// </summary>
+        internal static string FormatException_ImcompleteChunkedCookie(object p0, object p1, object p2)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_ImcompleteChunkedCookie"), p0, p1, p2);
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Cookies/Resources.Designer.cs
deleted file mode 100644
index ef0e62fb41..0000000000
--- a/src/Microsoft.AspNet.Authentication.Cookies/Resources.Designer.cs
+++ /dev/null
@@ -1,85 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.34003
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.Cookies {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Cookies.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-
-        /// <summary>
-        ///   Looks up a localized string similar to The cookie key and options are larger than ChunksSize, leaving no room for data..
-        /// </summary>
-        internal static string Exception_CookieLimitTooSmall
-        {
-            get
-            {
-                return ResourceManager.GetString("Exception_CookieLimitTooSmall", resourceCulture);
-            }
-        }
-
-        /// <summary>
-        ///   Looks up a localized string similar to The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded..
-        /// </summary>
-        internal static string Exception_ImcompleteChunkedCookie
-        {
-            get
-            {
-                return ResourceManager.GetString("Exception_ImcompleteChunkedCookie", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Facebook/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..69c6675755
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Properties/Resources.Designer.cs
@@ -0,0 +1,46 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.Facebook
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.Facebook.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get { return GetString("Exception_OptionMustBeProvided"); }
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Facebook/Resources.Designer.cs
deleted file mode 100644
index dd3f0e3fac..0000000000
--- a/src/Microsoft.AspNet.Authentication.Facebook/Resources.Designer.cs
+++ /dev/null
@@ -1,72 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.32559
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.Facebook {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Facebook.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
-        /// </summary>
-        internal static string Exception_OptionMustBeProvided {
-            get {
-                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Google/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Google/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..5003d937b4
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Google/Properties/Resources.Designer.cs
@@ -0,0 +1,62 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.Google
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.Google.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get { return GetString("Exception_OptionMustBeProvided"); }
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch
+        {
+            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string FormatException_ValidatorHandlerMismatch()
+        {
+            return GetString("Exception_ValidatorHandlerMismatch");
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Google/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Google/Resources.Designer.cs
deleted file mode 100644
index efa7d64ed4..0000000000
--- a/src/Microsoft.AspNet.Authentication.Google/Resources.Designer.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.34003
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.Google {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Google.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
-        /// </summary>
-        internal static string Exception_OptionMustBeProvided {
-            get {
-                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
-        /// </summary>
-        internal static string Exception_ValidatorHandlerMismatch {
-            get {
-                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..79bbbe4497
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
@@ -0,0 +1,62 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.JwtBearer
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.JwtBearer.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get { return GetString("Exception_OptionMustBeProvided"); }
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch
+        {
+            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string FormatException_ValidatorHandlerMismatch()
+        {
+            return GetString("Exception_ValidatorHandlerMismatch");
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.Designer.cs
deleted file mode 100644
index 44a3ea8be5..0000000000
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.Designer.cs
+++ /dev/null
@@ -1,83 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.33440
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.JwtBearer {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Jwt.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-
-        /// <summary>
-        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
-        /// </summary>
-        internal static string Exception_OptionMustBeProvided
-        {
-            get
-            {
-                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
-            }
-        }
-
-        /// <summary>
-        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
-        /// </summary>
-        internal static string Exception_ValidatorHandlerMismatch {
-            get {
-                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..6a20332bd6
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
@@ -0,0 +1,78 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.MicrosoftAccount.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The user does not have an id.
+        /// </summary>
+        internal static string Exception_MissingId
+        {
+            get { return GetString("Exception_MissingId"); }
+        }
+
+        /// <summary>
+        /// The user does not have an id.
+        /// </summary>
+        internal static string FormatException_MissingId()
+        {
+            return GetString("Exception_MissingId");
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get { return GetString("Exception_OptionMustBeProvided"); }
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch
+        {
+            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string FormatException_ValidatorHandlerMismatch()
+        {
+            return GetString("Exception_ValidatorHandlerMismatch");
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.Designer.cs
deleted file mode 100644
index 080d4bc077..0000000000
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.Designer.cs
+++ /dev/null
@@ -1,90 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.33440
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.MicrosoftAccount.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The user does not have an id..
-        /// </summary>
-        internal static string Exception_MissingId {
-            get {
-                return ResourceManager.GetString("Exception_MissingId", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
-        /// </summary>
-        internal static string Exception_OptionMustBeProvided {
-            get {
-                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
-        /// </summary>
-        internal static string Exception_ValidatorHandlerMismatch {
-            get {
-                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OAuth/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..d17513cbaa
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Properties/Resources.Designer.cs
@@ -0,0 +1,62 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.OAuth
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.OAuth.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get { return GetString("Exception_OptionMustBeProvided"); }
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch
+        {
+            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string FormatException_ValidatorHandlerMismatch()
+        {
+            return GetString("Exception_ValidatorHandlerMismatch");
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OAuth/Resources.Designer.cs
deleted file mode 100644
index 6358382740..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/Resources.Designer.cs
+++ /dev/null
@@ -1,83 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.33440
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.OAuth {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.OAuth.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-
-        /// <summary>
-        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
-        /// </summary>
-        internal static string Exception_OptionMustBeProvided
-        {
-            get
-            {
-                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
-            }
-        }
-
-        /// <summary>
-        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
-        /// </summary>
-        internal static string Exception_ValidatorHandlerMismatch {
-            get {
-                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..7a328601f0
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
@@ -0,0 +1,766 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.OpenIdConnect.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.
+        /// </summary>
+        internal static string OIDCH_0101_BackChallnelLessThanZero
+        {
+            get { return GetString("OIDCH_0101_BackChallnelLessThanZero"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.
+        /// </summary>
+        internal static string FormatOIDCH_0101_BackChallnelLessThanZero()
+        {
+            return GetString("OIDCH_0101_BackChallnelLessThanZero");
+        }
+
+        /// <summary>
+        /// OIDCH_0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string OIDCH_0102_Exception_ValidatorHandlerMismatch
+        {
+            get { return GetString("OIDCH_0102_Exception_ValidatorHandlerMismatch"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string FormatOIDCH_0102_Exception_ValidatorHandlerMismatch()
+        {
+            return GetString("OIDCH_0102_Exception_ValidatorHandlerMismatch");
+        }
+
+        /// <summary>
+        /// OIDC_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0051_RedirectUriLogoutIsNotWellFormed
+        {
+            get { return GetString("OIDCH_0051_RedirectUriLogoutIsNotWellFormed"); }
+        }
+
+        /// <summary>
+        /// OIDC_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0051_RedirectUriLogoutIsNotWellFormed(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0051_RedirectUriLogoutIsNotWellFormed"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0026: Entering: '{0}'
+        /// </summary>
+        internal static string OIDCH_0026_ApplyResponseChallengeAsync
+        {
+            get { return GetString("OIDCH_0026_ApplyResponseChallengeAsync"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0026: Entering: '{0}'
+        /// </summary>
+        internal static string FormatOIDCH_0026_ApplyResponseChallengeAsync(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0026_ApplyResponseChallengeAsync"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0027: Converted 401 to 403.
+        /// </summary>
+        internal static string OIDCH_0027_401_ConvertedTo_403
+        {
+            get { return GetString("OIDCH_0027_401_ConvertedTo_403"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0027: Converted 401 to 403.
+        /// </summary>
+        internal static string FormatOIDCH_0027_401_ConvertedTo_403()
+        {
+            return GetString("OIDCH_0027_401_ConvertedTo_403");
+        }
+
+        /// <summary>
+        /// OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0028_StatusCodeNot401
+        {
+            get { return GetString("OIDCH_0028_StatusCodeNot401"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0028_StatusCodeNot401(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0028_StatusCodeNot401"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication
+        /// </summary>
+        internal static string OIDCH_0029_ChallengContextEqualsNull
+        {
+            get { return GetString("OIDCH_0029_ChallengContextEqualsNull"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication
+        /// </summary>
+        internal static string FormatOIDCH_0029_ChallengContextEqualsNull()
+        {
+            return GetString("OIDCH_0029_ChallengContextEqualsNull");
+        }
+
+        /// <summary>
+        /// OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0030_Using_Properties_RedirectUri
+        {
+            get { return GetString("OIDCH_0030_Using_Properties_RedirectUri"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0030_Using_Properties_RedirectUri(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0030_Using_Properties_RedirectUri"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.
+        /// </summary>
+        internal static string OIDCH_0031_Using_Options_RedirectUri
+        {
+            get { return GetString("OIDCH_0031_Using_Options_RedirectUri"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0031_Using_Options_RedirectUri(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0031_Using_Options_RedirectUri"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0032_UsingCurrentUriRedirectUri
+        {
+            get { return GetString("OIDCH_0032_UsingCurrentUriRedirectUri"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0032_UsingCurrentUriRedirectUri(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0032_UsingCurrentUriRedirectUri"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0033_NonceAlreadyExists
+        {
+            get { return GetString("OIDCH_0033_NonceAlreadyExists"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0033_NonceAlreadyExists(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0033_NonceAlreadyExists"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0034: RedirectToIdentityProviderContext.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0034_RedirectToIdentityProviderContextHandledResponse
+        {
+            get { return GetString("OIDCH_0034_RedirectToIdentityProviderContextHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0034: RedirectToIdentityProviderContext.HandledResponse
+        /// </summary>
+        internal static string FormatOIDCH_0034_RedirectToIdentityProviderContextHandledResponse()
+        {
+            return GetString("OIDCH_0034_RedirectToIdentityProviderContextHandledResponse");
+        }
+
+        /// <summary>
+        /// OIDCH_0035: RedirectToIdentityProviderContext.Skipped
+        /// </summary>
+        internal static string OIDCH_0035_RedirectToIdentityProviderContextSkipped
+        {
+            get { return GetString("OIDCH_0035_RedirectToIdentityProviderContextSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0035: RedirectToIdentityProviderContext.Skipped
+        /// </summary>
+        internal static string FormatOIDCH_0035_RedirectToIdentityProviderContextSkipped()
+        {
+            return GetString("OIDCH_0035_RedirectToIdentityProviderContextSkipped");
+        }
+
+        /// <summary>
+        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0036_UriIsNotWellFormed
+        {
+            get { return GetString("OIDCH_0036_UriIsNotWellFormed"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0036_UriIsNotWellFormed(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0036_UriIsNotWellFormed"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0037: RedirectUri is: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0037_RedirectUri
+        {
+            get { return GetString("OIDCH_0037_RedirectUri"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0037: RedirectUri is: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0037_RedirectUri(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0037_RedirectUri"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.
+        /// </summary>
+        internal static string OIDCH_0038_Redeeming_Auth_Code
+        {
+            get { return GetString("OIDCH_0038_Redeeming_Auth_Code"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.
+        /// </summary>
+        internal static string FormatOIDCH_0038_Redeeming_Auth_Code(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0038_Redeeming_Auth_Code"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.
+        /// </summary>
+        internal static string OIDCH_0039_Subject_Claim_Mismatch
+        {
+            get { return GetString("OIDCH_0039_Subject_Claim_Mismatch"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.
+        /// </summary>
+        internal static string FormatOIDCH_0039_Subject_Claim_Mismatch()
+        {
+            return GetString("OIDCH_0039_Subject_Claim_Mismatch");
+        }
+
+        /// <summary>
+        /// OIDCH_0040: Sending request to user info endpoint for retrieving claims.
+        /// </summary>
+        internal static string OIDCH_0040_Sending_Request_UIEndpoint
+        {
+            get { return GetString("OIDCH_0040_Sending_Request_UIEndpoint"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0040: Sending request to user info endpoint for retrieving claims.
+        /// </summary>
+        internal static string FormatOIDCH_0040_Sending_Request_UIEndpoint()
+        {
+            return GetString("OIDCH_0040_Sending_Request_UIEndpoint");
+        }
+
+        /// <summary>
+        /// OIDCH_0000: Entering: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0000_AuthenticateCoreAsync
+        {
+            get { return GetString("OIDCH_0000_AuthenticateCoreAsync"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0000: Entering: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0000_AuthenticateCoreAsync(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0000_AuthenticateCoreAsync"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0001: MessageReceived: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0001_MessageReceived
+        {
+            get { return GetString("OIDCH_0001_MessageReceived"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0001: MessageReceived: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0001_MessageReceived(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0001_MessageReceived"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0002: MessageReceivedContext.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0002_MessageReceivedContextHandledResponse
+        {
+            get { return GetString("OIDCH_0002_MessageReceivedContextHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0002: MessageReceivedContext.HandledResponse
+        /// </summary>
+        internal static string FormatOIDCH_0002_MessageReceivedContextHandledResponse()
+        {
+            return GetString("OIDCH_0002_MessageReceivedContextHandledResponse");
+        }
+
+        /// <summary>
+        /// OIDCH_0003: MessageReceivedContext.Skipped
+        /// </summary>
+        internal static string OIDCH_0003_MessageReceivedContextSkipped
+        {
+            get { return GetString("OIDCH_0003_MessageReceivedContextSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0003: MessageReceivedContext.Skipped
+        /// </summary>
+        internal static string FormatOIDCH_0003_MessageReceivedContextSkipped()
+        {
+            return GetString("OIDCH_0003_MessageReceivedContextSkipped");
+        }
+
+        /// <summary>
+        /// OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.
+        /// </summary>
+        internal static string OIDCH_0004_MessageStateIsNullOrEmpty
+        {
+            get { return GetString("OIDCH_0004_MessageStateIsNullOrEmpty"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.
+        /// </summary>
+        internal static string FormatOIDCH_0004_MessageStateIsNullOrEmpty()
+        {
+            return GetString("OIDCH_0004_MessageStateIsNullOrEmpty");
+        }
+
+        /// <summary>
+        /// OIDCH_0005: Unable to unprotect the message.State.
+        /// </summary>
+        internal static string OIDCH_0005_MessageStateIsInvalid
+        {
+            get { return GetString("OIDCH_0005_MessageStateIsInvalid"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0005: Unable to unprotect the message.State.
+        /// </summary>
+        internal static string FormatOIDCH_0005_MessageStateIsInvalid()
+        {
+            return GetString("OIDCH_0005_MessageStateIsInvalid");
+        }
+
+        /// <summary>
+        /// OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
+        /// </summary>
+        internal static string OIDCH_0006_MessageContainsError
+        {
+            get { return GetString("OIDCH_0006_MessageContainsError"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
+        /// </summary>
+        internal static string FormatOIDCH_0006_MessageContainsError(object p0, object p1, object p2)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0006_MessageContainsError"), p0, p1, p2);
+        }
+
+        /// <summary>
+        /// OIDCH_0007: Updating configuration
+        /// </summary>
+        internal static string OIDCH_0007_UpdatingConfiguration
+        {
+            get { return GetString("OIDCH_0007_UpdatingConfiguration"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0007: Updating configuration
+        /// </summary>
+        internal static string FormatOIDCH_0007_UpdatingConfiguration()
+        {
+            return GetString("OIDCH_0007_UpdatingConfiguration");
+        }
+
+        /// <summary>
+        /// OIDCH_0008: SecurityTokenReceivedContext.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0008_SecurityTokenReceivedContextHandledResponse
+        {
+            get { return GetString("OIDCH_0008_SecurityTokenReceivedContextHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0008: SecurityTokenReceivedContext.HandledResponse
+        /// </summary>
+        internal static string FormatOIDCH_0008_SecurityTokenReceivedContextHandledResponse()
+        {
+            return GetString("OIDCH_0008_SecurityTokenReceivedContextHandledResponse");
+        }
+
+        /// <summary>
+        /// OIDCH_0009: SecurityTokenReceivedContext.Skipped
+        /// </summary>
+        internal static string OIDCH_0009_SecurityTokenReceivedContextSkipped
+        {
+            get { return GetString("OIDCH_0009_SecurityTokenReceivedContextSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0009: SecurityTokenReceivedContext.Skipped
+        /// </summary>
+        internal static string FormatOIDCH_0009_SecurityTokenReceivedContextSkipped()
+        {
+            return GetString("OIDCH_0009_SecurityTokenReceivedContextSkipped");
+        }
+
+        /// <summary>
+        /// OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0010_ValidatedSecurityTokenNotJwt
+        {
+            get { return GetString("OIDCH_0010_ValidatedSecurityTokenNotJwt"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0010_ValidatedSecurityTokenNotJwt(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0010_ValidatedSecurityTokenNotJwt"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
+        /// </summary>
+        internal static string OIDCH_0011_UnableToValidateToken
+        {
+            get { return GetString("OIDCH_0011_UnableToValidateToken"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
+        /// </summary>
+        internal static string FormatOIDCH_0011_UnableToValidateToken(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0011_UnableToValidateToken"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0012: SecurityTokenValidatedContext.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0012_SecurityTokenValidatedContextHandledResponse
+        {
+            get { return GetString("OIDCH_0012_SecurityTokenValidatedContextHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0012: SecurityTokenValidatedContext.HandledResponse
+        /// </summary>
+        internal static string FormatOIDCH_0012_SecurityTokenValidatedContextHandledResponse()
+        {
+            return GetString("OIDCH_0012_SecurityTokenValidatedContextHandledResponse");
+        }
+
+        /// <summary>
+        /// OIDCH_0013: SecurityTokenValidatedContext.Skipped
+        /// </summary>
+        internal static string OIDCH_0013_SecurityTokenValidatedContextSkipped
+        {
+            get { return GetString("OIDCH_0013_SecurityTokenValidatedContextSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0013: SecurityTokenValidatedContext.Skipped
+        /// </summary>
+        internal static string FormatOIDCH_0013_SecurityTokenValidatedContextSkipped()
+        {
+            return GetString("OIDCH_0013_SecurityTokenValidatedContextSkipped");
+        }
+
+        /// <summary>
+        /// OIDCH_0014: AuthorizationCode received: '{0}'.
+        /// </summary>
+        internal static string OIDCH_0014_AuthorizationCodeReceived
+        {
+            get { return GetString("OIDCH_0014_AuthorizationCodeReceived"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0014: AuthorizationCode received: '{0}'.
+        /// </summary>
+        internal static string FormatOIDCH_0014_AuthorizationCodeReceived(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0014_AuthorizationCodeReceived"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0015: AuthorizationCodeReceivedContext.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse
+        {
+            get { return GetString("OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0015: AuthorizationCodeReceivedContext.HandledResponse
+        /// </summary>
+        internal static string FormatOIDCH_0015_AuthorizationCodeReceivedContextHandledResponse()
+        {
+            return GetString("OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse");
+        }
+
+        /// <summary>
+        /// OIDCH_0016: AuthorizationCodeReceivedContext.Skipped
+        /// </summary>
+        internal static string OIDCH_0016_AuthorizationCodeReceivedContextSkipped
+        {
+            get { return GetString("OIDCH_0016_AuthorizationCodeReceivedContextSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0016: AuthorizationCodeReceivedContext.Skipped
+        /// </summary>
+        internal static string FormatOIDCH_0016_AuthorizationCodeReceivedContextSkipped()
+        {
+            return GetString("OIDCH_0016_AuthorizationCodeReceivedContextSkipped");
+        }
+
+        /// <summary>
+        /// OIDCH_0017: Exception occurred while processing message.
+        /// </summary>
+        internal static string OIDCH_0017_ExceptionOccurredWhileProcessingMessage
+        {
+            get { return GetString("OIDCH_0017_ExceptionOccurredWhileProcessingMessage"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0017: Exception occurred while processing message.
+        /// </summary>
+        internal static string FormatOIDCH_0017_ExceptionOccurredWhileProcessingMessage()
+        {
+            return GetString("OIDCH_0017_ExceptionOccurredWhileProcessingMessage");
+        }
+
+        /// <summary>
+        /// OIDCH_0018: AuthenticationFailedContext.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0018_AuthenticationFailedContextHandledResponse
+        {
+            get { return GetString("OIDCH_0018_AuthenticationFailedContextHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0018: AuthenticationFailedContext.HandledResponse
+        /// </summary>
+        internal static string FormatOIDCH_0018_AuthenticationFailedContextHandledResponse()
+        {
+            return GetString("OIDCH_0018_AuthenticationFailedContextHandledResponse");
+        }
+
+        /// <summary>
+        /// OIDCH_0019: AuthenticationFailedContext.Skipped
+        /// </summary>
+        internal static string OIDCH_0019_AuthenticationFailedContextSkipped
+        {
+            get { return GetString("OIDCH_0019_AuthenticationFailedContextSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0019: AuthenticationFailedContext.Skipped
+        /// </summary>
+        internal static string FormatOIDCH_0019_AuthenticationFailedContextSkipped()
+        {
+            return GetString("OIDCH_0019_AuthenticationFailedContextSkipped");
+        }
+
+        /// <summary>
+        /// OIDCH_0020: 'id_token' received: '{0}'
+        /// </summary>
+        internal static string OIDCH_0020_IdTokenReceived
+        {
+            get { return GetString("OIDCH_0020_IdTokenReceived"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0020: 'id_token' received: '{0}'
+        /// </summary>
+        internal static string FormatOIDCH_0020_IdTokenReceived(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0020_IdTokenReceived"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.
+        /// </summary>
+        internal static string OIDCH_0021_AutomaticConfigurationRefresh
+        {
+            get { return GetString("OIDCH_0021_AutomaticConfigurationRefresh"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.
+        /// </summary>
+        internal static string FormatOIDCH_0021_AutomaticConfigurationRefresh()
+        {
+            return GetString("OIDCH_0021_AutomaticConfigurationRefresh");
+        }
+
+        /// <summary>
+        /// OIDCH_0041: Subject claim not found in {0}.
+        /// </summary>
+        internal static string OIDCH_0041_Subject_Claim_Not_Found
+        {
+            get { return GetString("OIDCH_0041_Subject_Claim_Not_Found"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0041: Subject claim not found in {0}.
+        /// </summary>
+        internal static string FormatOIDCH_0041_Subject_Claim_Not_Found(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0041_Subject_Claim_Not_Found"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0042: Authorization Code redeemed:  '{0}'
+        /// </summary>
+        internal static string OIDCH_0042_AuthorizationCodeRedeemed
+        {
+            get { return GetString("OIDCH_0042_AuthorizationCodeRedeemed"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0042: Authorization Code redeemed:  '{0}'
+        /// </summary>
+        internal static string FormatOIDCH_0042_AuthorizationCodeRedeemed(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0042_AuthorizationCodeRedeemed"), p0);
+        }
+
+        /// <summary>
+        /// OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse
+        /// </summary>
+        internal static string OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse
+        {
+            get { return GetString("OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse
+        /// </summary>
+        internal static string FormatOIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse()
+        {
+            return GetString("OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse");
+        }
+
+        /// <summary>
+        /// OIDCH_0044: AuthorizationCodeRedeemedContext.Skipped
+        /// </summary>
+        internal static string OIDCH_0044_AuthorizationCodeRedeemedContextSkipped
+        {
+            get { return GetString("OIDCH_0044_AuthorizationCodeRedeemedContextSkipped"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0044: AuthorizationCodeRedeemedContext.Skipped
+        /// </summary>
+        internal static string FormatOIDCH_0044_AuthorizationCodeRedeemedContextSkipped()
+        {
+            return GetString("OIDCH_0044_AuthorizationCodeRedeemedContextSkipped");
+        }
+
+        /// <summary>
+        /// OIDCH_0045: Cannot process the message. Both id_token and code are missing.
+        /// </summary>
+        internal static string OIDCH_0045_Id_Token_Code_Missing
+        {
+            get { return GetString("OIDCH_0045_Id_Token_Code_Missing"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0045: Cannot process the message. Both id_token and code are missing.
+        /// </summary>
+        internal static string FormatOIDCH_0045_Id_Token_Code_Missing()
+        {
+            return GetString("OIDCH_0045_Id_Token_Code_Missing");
+        }
+
+        /// <summary>
+        /// OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.
+        /// </summary>
+        internal static string OIDCH_0046_UserInfo_Endpoint_Not_Set
+        {
+            get { return GetString("OIDCH_0046_UserInfo_Endpoint_Not_Set"); }
+        }
+
+        /// <summary>
+        /// OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.
+        /// </summary>
+        internal static string FormatOIDCH_0046_UserInfo_Endpoint_Not_Set()
+        {
+            return GetString("OIDCH_0046_UserInfo_Endpoint_Not_Set");
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
deleted file mode 100644
index cdef48e368..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.Designer.cs
+++ /dev/null
@@ -1,440 +0,0 @@
-// <auto-generated />
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    using System.Globalization;
-    using System.Reflection;
-    using System.Resources;
-
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources
-    {
-        private static global::System.Resources.ResourceManager resourceMan;
-
-        private static global::System.Globalization.CultureInfo resourceCulture;
-
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources()
-        {
-        }
-
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager
-        {
-            get
-            {
-                if (object.ReferenceEquals(resourceMan, null))
-                {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.OpenIdConnect.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture
-        {
-            get
-            {
-                return resourceCulture;
-            }
-            set
-            {
-                resourceCulture = value;
-            }
-        }
-
-        /// <summary>
-        /// OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.
-        /// </summary>
-        internal static string OIDCH_0101_BackChallnelLessThanZero
-        {
-            get { return ResourceManager.GetString("OIDCH_0101_BackChallnelLessThanZero"); }
-        }
-
-        /// <summary>
-        /// OIDCH0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
-        /// </summary>
-        internal static string OIDCH_0102_ExceptionValidatorHandlerMismatch
-        {
-            get { return ResourceManager.GetString("OIDCH_0102_Exception_ValidatorHandlerMismatch"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0051_RedirectUriLogoutIsNotWellFormed
-        {
-            get { return ResourceManager.GetString("OIDCH_0051_RedirectUriLogoutIsNotWellFormed"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0026: Entering: '{0}'
-        /// </summary>
-        internal static string OIDCH_0026_ApplyResponseChallengeAsync
-        {
-            get { return ResourceManager.GetString("OIDCH_0026_ApplyResponseChallengeAsync"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0027: Converted 401 to 403.
-        /// </summary>
-        internal static string OIDCH_0027_401_ConvertedTo_403
-        {
-            get { return ResourceManager.GetString("OIDCH_0027_401_ConvertedTo_403"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'."
-        /// </summary>
-        internal static string OIDCH_0028_StatusCodeNot401
-        {
-            get { return ResourceManager.GetString("OIDCH_0028_StatusCodeNot401"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication
-        /// </summary>
-        internal static string OIDCH_0029_ChallengeContextEqualsNull
-        {
-            get { return ResourceManager.GetString("OIDCH_0029_ChallengeContextEqualsNull"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0030_Using_Properties_RedirectUri
-        {
-            get { return ResourceManager.GetString("OIDCH_0030_Using_Properties_RedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.
-        /// </summary>
-        internal static string OIDCH_0031_Using_Options_RedirectUri
-        {
-            get { return ResourceManager.GetString("OIDCH_0031_Using_Options_RedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0032: Using the CurrentUri for 'local redirect' post authentication: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0032_UsingCurrentUriRedirectUri
-        {
-            get { return ResourceManager.GetString("OIDCH_0032_UsingCurrentUriRedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0033_NonceAlreadyExists
-        {
-             get { return ResourceManager.GetString("OIDCH_0033_NonceAlreadyExists"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0034: RedirectToIdentityProviderNotification.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse
-        {
-            get { return ResourceManager.GetString("OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0035: RedirectToIdentityProviderNotification.Skipped
-        /// </summary>
-        internal static string OIDCH_0035_RedirectToIdentityProviderNotificationSkipped
-        {
-            get { return ResourceManager.GetString("OIDCH_0035_RedirectToIdentityProviderNotificationSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: {0}'.)
-        /// </summary>
-        internal static string OIDCH_0036_UriIsNotWellFormed
-        {
-            get { return ResourceManager.GetString("OIDCH_0036_UriIsNotWellFormed"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0036: RedirectUri is: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0037_RedirectUri
-        {
-            get { return ResourceManager.GetString("OIDCH_0037_RedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.
-        /// </summary>
-        internal static string OIDCH_0038_Redeeming_Auth_Code
-        {
-            get { return ResourceManager.GetString("OIDCH_0038_Redeeming_Auth_Code"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.
-        /// </summary>
-        internal static string OIDCH_0039_Subject_Claim_Mismatch
-        {
-            get { return ResourceManager.GetString("OIDCH_0039_Subject_Claim_Mismatch"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0040: Sending request to user info endpoint for retrieving claims.
-        /// </summary>
-        internal static string OIDCH_0040_Sending_Request_UIEndpoint
-        {
-            get { return ResourceManager.GetString("OIDCH_0040_Sending_Request_UIEndpoint"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0041: Subject claim not found in {0}.
-        /// </summary>
-        internal static string OIDCH_0041_Subject_Claim_Not_Found
-        {
-            get { return ResourceManager.GetString("OIDCH_0041_Subject_Claim_Not_Found"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0042: AuthorizationCode redeemed: '{0}'
-        /// </summary>
-        internal static string OIDCH_0042_AuthorizationCodeRedeemed
-        {
-            get { return ResourceManager.GetString("OIDCH_0042_AuthorizationCodeRedeemed"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0043: AuthorizationCodeRedeemedNotification.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse
-        {
-            get { return ResourceManager.GetString("OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0044: AuthorizationCodeRedeemedNotification.Skipped
-        /// </summary>
-        internal static string OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped
-        {
-            get { return ResourceManager.GetString("OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0045: Cannot process the message.Both id_token and code are missing.
-        /// </summary>
-        internal static string OIDCH_0045_Id_Token_Code_Missing
-        {
-            get { return ResourceManager.GetString("OIDCH_0045_Id_Token_Code_Missing"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.
-        /// </summary>
-        internal static string OIDCH_0046_UserInfo_Endpoint_Not_Set
-        {
-            get { return ResourceManager.GetString("OIDCH_0046_UserInfo_Endpoint_Not_Set"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0000: Entering: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0000_AuthenticateCoreAsync
-        {
-            get { return ResourceManager.GetString("OIDCH_0000_AuthenticateCoreAsync"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0001: MessageReceived: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0001_MessageReceived
-        {
-            get { return ResourceManager.GetString("OIDCH_0001_MessageReceived"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0001: MessageReceived: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0001_MessageReceived(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, ResourceManager.GetString("OIDCH_0001_MessageReceived"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0002: MessageReceivedNotification.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0002_MessageReceivedNotificationHandledResponse
-        {
-            get { return ResourceManager.GetString("OIDCH_0002_MessageReceivedNotificationHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0003: MessageReceivedNotification.Skipped
-        /// </summary>
-        internal static string OIDCH_0003_MessageReceivedNotificationSkipped
-        {
-            get { return ResourceManager.GetString("OIDCH_0003_MessageReceivedNotificationSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.
-        /// </summary>
-        internal static string OIDCH_0004_MessageStateIsNullOrEmpty
-        {
-            get { return ResourceManager.GetString("OIDCH_0004_MessageStateIsNullOrEmpty"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0005: Unable to unprotect the message.State
-        /// </summary>
-        internal static string OIDCH_0005_MessageStateIsInvalid
-        {
-            get { return ResourceManager.GetString("OIDCH_0005_MessageStateIsInvalid"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
-        /// </summary>
-        internal static string OIDCH_0006_MessageContainsError
-        {
-            get { return ResourceManager.GetString("OIDCH_0006_MessageContainsError"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0007: Updating configuration
-        /// </summary>
-        internal static string OIDCH_0007_UpdatingConfiguration
-        {
-            get { return ResourceManager.GetString("OIDCH_0007_UpdatingConfiguration"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0008: SecurityTokenReceivedNotification.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse
-        {
-            get { return ResourceManager.GetString("OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0009: SecurityTokenReceivedNotification.Skipped
-        /// </summary>
-        internal static string OIDCH_0009_SecurityTokenReceivedNotificationSkipped
-        {
-            get { return ResourceManager.GetString("OIDCH_0009_SecurityTokenReceivedNotificationSkipped:"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0010_ValidatedSecurityTokenNotJwt
-        {
-            get { return ResourceManager.GetString("OIDCH_0010_ValidatedSecurityTokenNotJwt"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0011_UnableToValidateToken
-        {
-            get { return ResourceManager.GetString("OIDCH_0011_UnableToValidateToken"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0012: SecurityTokenValidatedNotification.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse
-        {
-            get { return ResourceManager.GetString("OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0013: SecurityTokenValidatedNotification.Skipped
-        /// </summary>
-        internal static string OIDCH_0013_SecurityTokenValidatedNotificationSkipped
-        {
-            get { return ResourceManager.GetString("OIDCH_0013_SecurityTokenValidatedNotificationSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0014: AuthorizationCode received: '{0}'
-        /// </summary>
-        internal static string OIDCH_0014_AuthorizationCodeReceived
-        {
-            get { return ResourceManager.GetString("OIDCH_0014_AuthorizationCodeReceived"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0015: AuthorizationCodeReceivedNotification.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse
-        {
-            get { return ResourceManager.GetString("OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0016: codeReceivedNotification.Skipped
-        /// </summary>
-        internal static string OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped
-        {
-            get { return ResourceManager.GetString("OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0017: Exception occurred while processing message.
-        /// </summary>
-        internal static string OIDCH_0017_ExceptionOccurredWhileProcessingMessage
-        {
-            get { return ResourceManager.GetString("OIDCH_0017_ExceptionOccurredWhileProcessingMessage"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0018: authenticationFailedNotification.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0018_AuthenticationFailedNotificationHandledResponse
-        {
-            get { return ResourceManager.GetString("OIDCH_0018_AuthenticationFailedNotificationHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0019: authenticationFailedNotification.Skipped
-        /// </summary>
-        internal static string OIDCH_0019_AuthenticationFailedNotificationSkipped
-        {
-            get { return ResourceManager.GetString("OIDCH_0019_AuthenticationFailedNotificationSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0020: 'id_token' received: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0020_IdTokenReceived
-        {
-            get { return ResourceManager.GetString("OIDCH_0020_IdTokenReceived"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.
-        /// </summary>
-        internal static string OIDCH_0021_AutomaticConfigurationRefresh
-        {
-            get { return ResourceManager.GetString("OIDCH_0021_AutomaticConfigurationRefresh"); }
-        }
-
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index fe1d1837d5..792e317a68 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -150,11 +150,11 @@
   <data name="OIDCH_0033_NonceAlreadyExists" xml:space="preserve">
     <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
   </data>
-  <data name="OIDCH_0034_RedirectToIdentityProviderNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0034: RedirectToIdentityProviderNotification.HandledResponse</value>
+  <data name="OIDCH_0034_RedirectToIdentityProviderContextHandledResponse" xml:space="preserve">
+    <value>OIDCH_0034: RedirectToIdentityProviderContext.HandledResponse</value>
   </data>
-  <data name="OIDCH_0035_RedirectToIdentityProviderNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0035: RedirectToIdentityProviderNotification.Skipped</value>
+  <data name="OIDCH_0035_RedirectToIdentityProviderContextSkipped" xml:space="preserve">
+    <value>OIDCH_0035: RedirectToIdentityProviderContext.Skipped</value>
   </data>
   <data name="OIDCH_0036_UriIsNotWellFormed" xml:space="preserve">
     <value>OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.</value>
@@ -177,11 +177,11 @@
   <data name="OIDCH_0001_MessageReceived" xml:space="preserve">
     <value>OIDCH_0001: MessageReceived: '{0}'.</value>
   </data>
-  <data name="OIDCH_0002_MessageReceivedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0002: MessageReceivedNotification.HandledResponse</value>
+  <data name="OIDCH_0002_MessageReceivedContextHandledResponse" xml:space="preserve">
+    <value>OIDCH_0002: MessageReceivedContext.HandledResponse</value>
   </data>
-  <data name="OIDCH_0003_MessageReceivedNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0003: MessageReceivedNotification.Skipped</value>
+  <data name="OIDCH_0003_MessageReceivedContextSkipped" xml:space="preserve">
+    <value>OIDCH_0003: MessageReceivedContext.Skipped</value>
   </data>
   <data name="OIDCH_0004_MessageStateIsNullOrEmpty" xml:space="preserve">
     <value>OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.</value>
@@ -195,11 +195,11 @@
   <data name="OIDCH_0007_UpdatingConfiguration" xml:space="preserve">
     <value>OIDCH_0007: Updating configuration</value>
   </data>
-  <data name="OIDCH_0008_SecurityTokenReceivedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0008: SecurityTokenReceivedNotification.HandledResponse</value>
+  <data name="OIDCH_0008_SecurityTokenReceivedContextHandledResponse" xml:space="preserve">
+    <value>OIDCH_0008: SecurityTokenReceivedContext.HandledResponse</value>
   </data>
-  <data name="OIDCH_0009_SecurityTokenReceivedNotificationSkipped:" xml:space="preserve">
-    <value>OIDCH_0009: SecurityTokenReceivedNotification.Skipped</value>
+  <data name="OIDCH_0009_SecurityTokenReceivedContextSkipped" xml:space="preserve">
+    <value>OIDCH_0009: SecurityTokenReceivedContext.Skipped</value>
   </data>
   <data name="OIDCH_0010_ValidatedSecurityTokenNotJwt" xml:space="preserve">
     <value>OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.</value>
@@ -207,29 +207,29 @@
   <data name="OIDCH_0011_UnableToValidateToken" xml:space="preserve">
     <value>OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."</value>
   </data>
-  <data name="OIDCH_0012_SecurityTokenValidatedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0012: SecurityTokenValidatedNotification.HandledResponse</value>
+  <data name="OIDCH_0012_SecurityTokenValidatedContextHandledResponse" xml:space="preserve">
+    <value>OIDCH_0012: SecurityTokenValidatedContext.HandledResponse</value>
   </data>
-  <data name="OIDCH_0013_SecurityTokenValidatedNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0013: SecurityTokenValidatedNotification.Skipped</value>
+  <data name="OIDCH_0013_SecurityTokenValidatedContextSkipped" xml:space="preserve">
+    <value>OIDCH_0013: SecurityTokenValidatedContext.Skipped</value>
   </data>
   <data name="OIDCH_0014_AuthorizationCodeReceived" xml:space="preserve">
     <value>OIDCH_0014: AuthorizationCode received: '{0}'.</value>
   </data>
-  <data name="OIDCH_0015_AuthorizationCodeReceivedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0015: AuthorizationCodeReceivedNotification.HandledResponse</value>
+  <data name="OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse" xml:space="preserve">
+    <value>OIDCH_0015: AuthorizationCodeReceivedContext.HandledResponse</value>
   </data>
-  <data name="OIDCH_0016_AuthorizationCodeReceivedNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0016: AuthorizationCodeReceivedNotification.Skipped</value>
+  <data name="OIDCH_0016_AuthorizationCodeReceivedContextSkipped" xml:space="preserve">
+    <value>OIDCH_0016: AuthorizationCodeReceivedContext.Skipped</value>
   </data>
   <data name="OIDCH_0017_ExceptionOccurredWhileProcessingMessage" xml:space="preserve">
     <value>OIDCH_0017: Exception occurred while processing message.</value>
   </data>
-  <data name="OIDCH_0018_AuthenticationFailedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0018: AuthenticationFailedNotification.HandledResponse</value>
+  <data name="OIDCH_0018_AuthenticationFailedContextHandledResponse" xml:space="preserve">
+    <value>OIDCH_0018: AuthenticationFailedContext.HandledResponse</value>
   </data>
-  <data name="OIDCH_0019_AuthenticationNotificationFailedSkipped" xml:space="preserve">
-    <value>OIDCH_0019: AuthenticationFailedNotification.Skipped</value>
+  <data name="OIDCH_0019_AuthenticationFailedContextSkipped" xml:space="preserve">
+    <value>OIDCH_0019: AuthenticationFailedContext.Skipped</value>
   </data>
   <data name="OIDCH_0020_IdTokenReceived" xml:space="preserve">
     <value>OIDCH_0020: 'id_token' received: '{0}'</value>
@@ -243,11 +243,11 @@
   <data name="OIDCH_0042_AuthorizationCodeRedeemed" xml:space="preserve">
     <value>OIDCH_0042: Authorization Code redeemed:  '{0}'</value>
   </data>
-  <data name="OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse" xml:space="preserve">
-    <value>OIDCH_0043: AuthorizationCodeRedeemedNotification.HandledResponse</value>
+  <data name="OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse" xml:space="preserve">
+    <value>OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse</value>
   </data>
-  <data name="OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped" xml:space="preserve">
-    <value>OIDCH_0044: AuthorizationCodeRedeemedNotification.Skipped</value>
+  <data name="OIDCH_0044_AuthorizationCodeRedeemedContextSkipped" xml:space="preserve">
+    <value>OIDCH_0044: AuthorizationCodeRedeemedContext.Skipped</value>
   </data>
   <data name="OIDCH_0045_Id_Token_Code_Missing" xml:space="preserve">
     <value>OIDCH_0045: Cannot process the message. Both id_token and code are missing.</value>
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..9a385b546d
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Properties/Resources.Designer.cs
@@ -0,0 +1,62 @@
+// <auto-generated />
+namespace Microsoft.AspNet.Authentication.Twitter
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNet.Authentication.Twitter.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get { return GetString("Exception_OptionMustBeProvided"); }
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch
+        {
+            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string FormatException_ValidatorHandlerMismatch()
+        {
+            return GetString("Exception_ValidatorHandlerMismatch");
+        }
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Resources.Designer.cs
deleted file mode 100644
index 5e6c599ae4..0000000000
--- a/src/Microsoft.AspNet.Authentication.Twitter/Resources.Designer.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-//------------------------------------------------------------------------------
-// <auto-generated>
-//     This code was generated by a tool.
-//     Runtime Version:4.0.30319.32559
-//
-//     Changes to this file may cause incorrect behavior and will be lost if
-//     the code is regenerated.
-// </auto-generated>
-//------------------------------------------------------------------------------
-
-namespace Microsoft.AspNet.Authentication.Twitter {
-    using System;
-    
-    
-    /// <summary>
-    ///   A strongly-typed resource class, for looking up localized strings, etc.
-    /// </summary>
-    // This class was auto-generated by the StronglyTypedResourceBuilder
-    // class via a tool like ResGen or Visual Studio.
-    // To add or remove a member, edit your .ResX file then rerun ResGen
-    // with the /str option, or rebuild your VS project.
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
-    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
-    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    internal class Resources {
-        
-        private static global::System.Resources.ResourceManager resourceMan;
-        
-        private static global::System.Globalization.CultureInfo resourceCulture;
-        
-        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
-        internal Resources() {
-        }
-        
-        /// <summary>
-        ///   Returns the cached ResourceManager instance used by this class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Resources.ResourceManager ResourceManager {
-            get {
-                if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNet.Authentication.Twitter.Resources", System.Reflection.IntrospectionExtensions.GetTypeInfo(typeof(Resources)).Assembly);
-                    resourceMan = temp;
-                }
-                return resourceMan;
-            }
-        }
-        
-        /// <summary>
-        ///   Overrides the current thread's CurrentUICulture property for all
-        ///   resource lookups using this strongly typed resource class.
-        /// </summary>
-        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
-        internal static global::System.Globalization.CultureInfo Culture {
-            get {
-                return resourceCulture;
-            }
-            set {
-                resourceCulture = value;
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to The &apos;{0}&apos; option must be provided..
-        /// </summary>
-        internal static string Exception_OptionMustBeProvided {
-            get {
-                return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
-        /// </summary>
-        internal static string Exception_ValidatorHandlerMismatch {
-            get {
-                return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
index 29d82385f2..9242639ffa 100644
--- a/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
@@ -10,6 +10,22 @@ namespace Microsoft.AspNet.Authorization
         private static readonly ResourceManager _resourceManager
             = new ResourceManager("Microsoft.AspNet.Authorization.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
+        /// <summary>
+        /// AuthorizationPolicy must have at least one requirement.
+        /// </summary>
+        internal static string Exception_AuthorizationPolicyEmpty
+        {
+            get { return GetString("Exception_AuthorizationPolicyEmpty"); }
+        }
+
+        /// <summary>
+        /// AuthorizationPolicy must have at least one requirement.
+        /// </summary>
+        internal static string FormatException_AuthorizationPolicyEmpty()
+        {
+            return GetString("Exception_AuthorizationPolicyEmpty");
+        }
+
         /// <summary>
         /// The AuthorizationPolicy named: '{0}' was not found.
         /// </summary>
@@ -26,22 +42,6 @@ namespace Microsoft.AspNet.Authorization
             return string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyNotFound"), p0);
         }
 
-        /// <summary>
-        /// AuthorizationPolicy must have at least one requirement.
-        /// </summary>
-        internal static string Exception_AuthorizationPolicyEmpty
-        {
-            get { return GetString("Exception_AuthorizationPolicyEmpty"); }
-        }
-
-        /// <summary>
-        /// AuthorizationPolicy must have at least one requirement.
-        /// </summary>
-        internal static string FormatException_AuthorizationPolicyEmpty(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyEmpty"), p0);
-        }
-
         /// <summary>
         /// At least one role must be specified.
         /// </summary>

From 2aba485263ec8b8cb0c3b9ee88925e6c536a3802 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Sep 2015 15:07:26 -0700
Subject: [PATCH 315/900] Move Context objects to OIDC and JwtBearer, remove
 generics.

---
 .../Events/AuthenticationChallengeContext.cs  |  5 +-
 .../Events/AuthenticationFailedContext.cs     |  9 ++-
 .../Events/JwtBearerAuthenticationEvents.cs   | 10 ++--
 .../Events/MessageReceivedContext.cs          |  9 ++-
 .../Events/SecurityTokenReceivedContext.cs    |  9 ++-
 .../Events/SecurityTokenValidatedContext.cs   |  9 ++-
 .../JwtBearerAuthenticationHandler.cs         | 25 +++-----
 .../Events/IOAuthAuthenticationEvents.cs      |  2 -
 .../Events/AuthenticationFailedContext.cs     | 21 +++++++
 .../AuthorizationCodeReceivedContext.cs       |  7 ++-
 .../AuthorizationCodeRedeemedContext.cs       |  3 +-
 .../Events/MessageReceivedContext.cs          | 23 ++++++++
 .../OpenIdConnectAuthenticationEvents.cs      | 13 ++--
 .../RedirectFromIdentityProviderContext.cs    |  9 +--
 .../RedirectToIdentityProviderContext.cs      | 14 +++--
 .../Events/SecurityTokenReceivedContext.cs    | 20 +++++++
 .../Events/SecurityTokenValidatedContext.cs   | 18 ++++++
 .../OpenIdConnectAuthenticationHandler.cs     | 59 +++++++++----------
 18 files changed, 166 insertions(+), 99 deletions(-)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNet.Authentication.JwtBearer}/Events/AuthenticationFailedContext.cs (60%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNet.Authentication.JwtBearer}/Events/MessageReceivedContext.cs (59%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNet.Authentication.JwtBearer}/Events/SecurityTokenReceivedContext.cs (59%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNet.Authentication.JwtBearer}/Events/SecurityTokenValidatedContext.cs (55%)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNet.Authentication.OpenIdConnect}/Events/RedirectFromIdentityProviderContext.cs (56%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNet.Authentication.OpenIdConnect}/Events/RedirectToIdentityProviderContext.cs (61%)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
index 58829ba879..702ccc4527 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
@@ -5,9 +5,10 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationChallengeContext<TOptions> : BaseControlContext<TOptions>
+    public class AuthenticationChallengeContext : BaseControlContext<JwtBearerAuthenticationOptions>
     {
-        public AuthenticationChallengeContext(HttpContext context, TOptions options) : base(context, options)
+        public AuthenticationChallengeContext(HttpContext context, JwtBearerAuthenticationOptions options)
+            : base(context, options)
         {
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
similarity index 60%
rename from src/Microsoft.AspNet.Authentication/Events/AuthenticationFailedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index 33e99076e6..f4301c4c6f 100644
--- a/src/Microsoft.AspNet.Authentication/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -4,16 +4,15 @@
 using System;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationFailedContext<TMessage, TOptions> : BaseControlContext<TOptions>
+    public class AuthenticationFailedContext : BaseControlContext<JwtBearerAuthenticationOptions>
     {
-        public AuthenticationFailedContext(HttpContext context, TOptions options) : base(context, options)
+        public AuthenticationFailedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+            : base(context, options)
         {
         }
 
         public Exception Exception { get; set; }
-
-        public TMessage ProtocolMessage { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
index e2d1f500f3..a8d674d1e9 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
@@ -30,26 +30,26 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
+        public Func<AuthenticationFailedContext, Task> AuthenticationFailed { get; set; }
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> MessageReceived { get; set; }
+        public Func<MessageReceivedContext, Task> MessageReceived { get; set; }
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        public Func<SecurityTokenReceivedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
+        public Func<SecurityTokenReceivedContext, Task> SecurityTokenReceived { get; set; }
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<SecurityTokenValidatedContext<HttpContext, JwtBearerAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
+        public Func<SecurityTokenValidatedContext, Task> SecurityTokenValidated { get; set; }
 
         /// <summary>
         /// Invoked to apply a challenge sent back to the caller.
         /// </summary>
-        public Func<AuthenticationChallengeContext<JwtBearerAuthenticationOptions>, Task> ApplyChallenge { get; set; }
+        public Func<AuthenticationChallengeContext, Task> ApplyChallenge { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
similarity index 59%
rename from src/Microsoft.AspNet.Authentication/Events/MessageReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index 86babe7277..e9e8955786 100644
--- a/src/Microsoft.AspNet.Authentication/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -3,16 +3,15 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class MessageReceivedContext<TMessage, TOptions> : BaseControlContext<TOptions>
+    public class MessageReceivedContext : BaseControlContext<JwtBearerAuthenticationOptions>
     {
-        public MessageReceivedContext(HttpContext context, TOptions options) : base(context, options)
+        public MessageReceivedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+            : base(context, options)
         {
         }
 
-        public TMessage ProtocolMessage { get; set; }
-
         /// <summary>
         /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
similarity index 59%
rename from src/Microsoft.AspNet.Authentication/Events/SecurityTokenReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
index 225f4fd6de..672021ca6b 100644
--- a/src/Microsoft.AspNet.Authentication/Events/SecurityTokenReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
@@ -3,16 +3,15 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenReceivedContext<TMessage, TOptions> : BaseControlContext<TOptions>
+    public class SecurityTokenReceivedContext : BaseControlContext<JwtBearerAuthenticationOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, TOptions options) : base(context, options)
+        public SecurityTokenReceivedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+            : base(context, options)
         {
         }
 
         public string SecurityToken { get; set; }
-
-        public TMessage ProtocolMessage { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
similarity index 55%
rename from src/Microsoft.AspNet.Authentication/Events/SecurityTokenValidatedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
index 4acf056a2e..383284e4ae 100644
--- a/src/Microsoft.AspNet.Authentication/Events/SecurityTokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
@@ -3,14 +3,13 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenValidatedContext<TMessage, TOptions> : BaseControlContext<TOptions>
+    public class SecurityTokenValidatedContext : BaseControlContext<JwtBearerAuthenticationOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, TOptions options) : base(context, options)
+        public SecurityTokenValidatedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+            : base(context, options)
         {
         }
-
-        public TMessage ProtocolMessage { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
index 74edec3f67..b2e6cfbd8c 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
@@ -27,11 +27,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             try
             {
                 // Give application opportunity to find from a different location, adjust, or reject token
-                var messageReceivedContext =
-                    new MessageReceivedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
-                    {
-                        ProtocolMessage = Context,
-                    };
+                var messageReceivedContext = new MessageReceivedContext(Context, Options);
 
                 // event can set the token
                 await Options.Events.MessageReceived(messageReceivedContext);
@@ -71,10 +67,8 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 }
 
                 // notify user token was received
-                var securityTokenReceivedContext =
-                    new SecurityTokenReceivedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
+                var securityTokenReceivedContext = new SecurityTokenReceivedContext(Context, Options)
                 {
-                    ProtocolMessage = Context,
                     SecurityToken = token,
                 };
 
@@ -117,9 +111,8 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         var principal = validator.ValidateToken(token, validationParameters, out validatedToken);
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
-                        var securityTokenValidatedContext = new SecurityTokenValidatedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
+                        var securityTokenValidatedContext = new SecurityTokenValidatedContext(Context, Options)
                         {
-                            ProtocolMessage = Context,
                             AuthenticationTicket = ticket
                         };
 
@@ -150,12 +143,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     Options.ConfigurationManager.RequestRefresh();
                 }
 
-                var authenticationFailedContext =
-                    new AuthenticationFailedContext<HttpContext, JwtBearerAuthenticationOptions>(Context, Options)
-                    {
-                        ProtocolMessage = Context,
-                        Exception = ex
-                    };
+                var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+                {
+                    Exception = ex
+                };
 
                 await Options.Events.AuthenticationFailed(authenticationFailedContext);
                 if (authenticationFailedContext.HandledResponse)
@@ -175,7 +166,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             Response.StatusCode = 401;
-            await Options.Events.ApplyChallenge(new AuthenticationChallengeContext<JwtBearerAuthenticationOptions>(Context, Options));
+            await Options.Events.ApplyChallenge(new AuthenticationChallengeContext(Context, Options));
             return false;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
index 5f402aa072..897b889206 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
@@ -1,9 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
new file mode 100644
index 0000000000..7521ed7ce0
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class AuthenticationFailedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    {
+        public AuthenticationFailedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
+        {
+        }
+
+        public Exception Exception { get; set; }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 5fdd57e6b8..22c00742de 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -16,7 +16,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
+        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
         { 
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
index 0b54f6ae8e..c511832cab 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
@@ -11,7 +11,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeRedeemedContext"/>
         /// </summary>
-        public AuthorizationCodeRedeemedContext(HttpContext context, OpenIdConnectAuthenticationOptions options) : base(context, options)
+        public AuthorizationCodeRedeemedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
         {
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
new file mode 100644
index 0000000000..ece53d3dda
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class MessageReceivedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    {
+        public MessageReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
+        {
+        }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
+        /// </summary>
+        public string Token { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
index a084eb84c7..134ce48929 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -21,15 +20,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             AuthorizationCodeReceived = context => Task.FromResult(0);
             AuthorizationCodeRedeemed = context => Task.FromResult(0);
             MessageReceived = context => Task.FromResult(0);
+            RedirectToIdentityProvider = context => Task.FromResult(0);
             SecurityTokenReceived = context => Task.FromResult(0);
             SecurityTokenValidated = context => Task.FromResult(0);
-            RedirectToIdentityProvider = context => Task.FromResult(0);
         }
 
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> AuthenticationFailed { get; set; }
+        public Func<AuthenticationFailedContext, Task> AuthenticationFailed { get; set; }
 
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
@@ -44,21 +43,21 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> MessageReceived { get; set; }
+        public Func<MessageReceivedContext, Task> MessageReceived { get; set; }
 
         /// <summary>
         /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
         /// </summary>
-        public Func<RedirectToIdentityProviderContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> RedirectToIdentityProvider { get; set; }
+        public Func<RedirectToIdentityProviderContext, Task> RedirectToIdentityProvider { get; set; }
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        public Func<SecurityTokenReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenReceived { get; set; }
+        public Func<SecurityTokenReceivedContext, Task> SecurityTokenReceived { get; set; }
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<SecurityTokenValidatedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> SecurityTokenValidated { get; set; }
+        public Func<SecurityTokenValidatedContext, Task> SecurityTokenValidated { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/Events/RedirectFromIdentityProviderContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectFromIdentityProviderContext.cs
similarity index 56%
rename from src/Microsoft.AspNet.Authentication/Events/RedirectFromIdentityProviderContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectFromIdentityProviderContext.cs
index 9de5cd1a00..fb55ec53e6 100644
--- a/src/Microsoft.AspNet.Authentication/Events/RedirectFromIdentityProviderContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectFromIdentityProviderContext.cs
@@ -2,12 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class RedirectFromIdentityProviderContext<TMessage, TOptions> : BaseControlContext<TOptions>
+    public class RedirectFromIdentityProviderContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
     {
-        public RedirectFromIdentityProviderContext(HttpContext context, TOptions options)
+        public RedirectFromIdentityProviderContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
             : base(context, options)
         {
         }
@@ -16,6 +17,6 @@ namespace Microsoft.AspNet.Authentication
 
         public bool IsRequestCompleted { get; set; }
 
-        public TMessage ProtocolMessage { get; set; }
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/Events/RedirectToIdentityProviderContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
similarity index 61%
rename from src/Microsoft.AspNet.Authentication/Events/RedirectToIdentityProviderContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
index 9b95794745..705421bdbc 100644
--- a/src/Microsoft.AspNet.Authentication/Events/RedirectToIdentityProviderContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
@@ -4,25 +4,27 @@
 using System;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// When a user configures the <see cref="AuthenticationMiddleware{TOptions}"/> to be notified prior to redirecting to an IdentityProvider
-    /// an instance of <see cref="RedirectFromIdentityProviderContext{TMessage, TOptions, TMessage}"/> is passed to the 'RedirectToIdentityProviderContext".
+    /// an instance of <see cref="RedirectFromIdentityProviderContext"/> is passed to the 'RedirectToIdentityProviderContext".
     /// </summary>
     /// <typeparam name="TMessage">protocol specific message.</typeparam>
     /// <typeparam name="TOptions">protocol specific options.</typeparam>
-    public class RedirectToIdentityProviderContext<TMessage, TOptions> : BaseControlContext<TOptions>
+    public class RedirectToIdentityProviderContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
     {
-        public RedirectToIdentityProviderContext([NotNull] HttpContext context, [NotNull] TOptions options) : base(context, options)
+        public RedirectToIdentityProviderContext([NotNull] HttpContext context, [NotNull] OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
         {
         }
 
         /// <summary>
-        /// Gets or sets the <see cref="{TMessage}"/>.
+        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
         /// </summary>
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
-        public TMessage ProtocolMessage { get; [param: NotNull] set; }
+        public OpenIdConnectMessage ProtocolMessage { get; [param: NotNull] set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
new file mode 100644
index 0000000000..0b960e033b
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
@@ -0,0 +1,20 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class SecurityTokenReceivedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    {
+        public SecurityTokenReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
+        {
+        }
+
+        public string SecurityToken { get; set; }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs
new file mode 100644
index 0000000000..e0d12c50a4
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs
@@ -0,0 +1,18 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class SecurityTokenValidatedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    {
+        public SecurityTokenValidatedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+            : base(context, options)
+        {
+        }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 8452f2fd26..8ef64f6046 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -89,7 +89,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
                 }
 
-                var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
+                var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext(Context, Options)
                 {
                     ProtocolMessage = message
                 };
@@ -220,11 +220,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
             }
 
-            var redirectToIdentityProviderContext =
-                new RedirectToIdentityProviderContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                {
-                    ProtocolMessage = message
-                };
+            var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext(Context, Options)
+            {
+                ProtocolMessage = message
+            };
 
             await Options.Events.RedirectToIdentityProvider(redirectToIdentityProviderContext);
             if (redirectToIdentityProviderContext.HandledResponse)
@@ -745,14 +744,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
-        private async Task<MessageReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunMessageReceivedEventAsync(OpenIdConnectMessage message)
+        private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message)
         {
             Logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
-            var messageReceivedContext =
-                new MessageReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                {
-                    ProtocolMessage = message
-                };
+            var messageReceivedContext = new MessageReceivedContext(Context, Options)
+            {
+                ProtocolMessage = message
+            };
 
             await Options.Events.MessageReceived(messageReceivedContext);
             if (messageReceivedContext.HandledResponse)
@@ -818,14 +816,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return authorizationCodeRedeemedContext;
         }
 
-        private async Task<SecurityTokenReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenReceivedEventAsync(OpenIdConnectMessage message)
+        private async Task<SecurityTokenReceivedContext> RunSecurityTokenReceivedEventAsync(OpenIdConnectMessage message)
         {
             Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
-            var securityTokenReceivedContext =
-                new SecurityTokenReceivedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                {
-                    ProtocolMessage = message,
-                };
+            var securityTokenReceivedContext = new SecurityTokenReceivedContext(Context, Options)
+            {
+                ProtocolMessage = message,
+            };
 
             await Options.Events.SecurityTokenReceived(securityTokenReceivedContext);
             if (securityTokenReceivedContext.HandledResponse)
@@ -840,14 +837,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return securityTokenReceivedContext;
         }
 
-        private async Task<SecurityTokenValidatedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunSecurityTokenValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
+        private async Task<SecurityTokenValidatedContext> RunSecurityTokenValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
         {
-            var securityTokenValidatedContext =
-                new SecurityTokenValidatedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                {
-                    AuthenticationTicket = ticket,
-                    ProtocolMessage = message
-                };
+            var securityTokenValidatedContext = new SecurityTokenValidatedContext(Context, Options)
+            {
+                AuthenticationTicket = ticket,
+                ProtocolMessage = message
+            };
 
             await Options.Events.SecurityTokenValidated(securityTokenValidatedContext);
             if (securityTokenValidatedContext.HandledResponse)
@@ -862,14 +858,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return securityTokenValidatedContext;
         }
 
-        private async Task<AuthenticationFailedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>> RunAuthenticationFailedEventAsync(OpenIdConnectMessage message, Exception exception)
+        private async Task<AuthenticationFailedContext> RunAuthenticationFailedEventAsync(OpenIdConnectMessage message, Exception exception)
         {
-            var authenticationFailedContext =
-                new AuthenticationFailedContext<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
-                {
-                    ProtocolMessage = message,
-                    Exception = exception
-                };
+            var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+            {
+                ProtocolMessage = message,
+                Exception = exception
+            };
 
             await Options.Events.AuthenticationFailed(authenticationFailedContext);
             if (authenticationFailedContext.HandledResponse)

From 47520e126e584d6c9dcfe9cb96ddffd46986d377 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 3 Sep 2015 11:02:19 -0700
Subject: [PATCH 316/900] #47 Standardize on I*Events pattern.

---
 .../Events/CookieAuthenticationEvents.cs      |  57 ++---
 .../Events/IJwtBearerAuthenticationEvents.cs  |  43 ++++
 .../Events/JwtBearerAuthenticationEvents.cs   |  40 ++--
 .../JwtBearerAuthenticationOptions.cs         |   2 +-
 .../IOpenIdConnectAuthenticationEvents.cs     |  48 +++++
 .../OpenIdConnectAuthenticationEvents.cs      |  44 ++--
 .../OpenIdConnectAuthenticationOptions.cs     |   4 +-
 .../Events/TwitterAuthenticationEvents.cs     |  33 +--
 .../DelegateRequirement.cs                    |   2 +-
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 171 ++++++++-------
 .../OpenIdConnectHandlerTests.cs              | 203 ++++++++----------
 .../OpenIdConnectMiddlewareTests.cs           |  23 +-
 12 files changed, 357 insertions(+), 313 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerAuthenticationEvents.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index cbe3a71711..6c65bb857d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -14,101 +14,70 @@ namespace Microsoft.AspNet.Authentication.Cookies
     public class CookieAuthenticationEvents : ICookieAuthenticationEvents
     {
         /// <summary>
-        /// Create a new instance of the default events.
+        /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public CookieAuthenticationEvents()
-        {
-            OnValidatePrincipal = context => Task.FromResult(0);
-            OnResponseSignIn = context => { };
-            OnResponseSignedIn = context => { };
-            OnResponseSignOut = context => { };
-            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
-            OnException = context => { };
-        }
+        public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; }
+        public Action<CookieResponseSignInContext> OnResponseSignIn { get; set; } = context => { };
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieResponseSignInContext> OnResponseSignIn { get; set; }
+        public Action<CookieResponseSignedInContext> OnResponseSignedIn { get; set; } = context => { };
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieResponseSignedInContext> OnResponseSignedIn { get; set; }
+        public Action<CookieResponseSignOutContext> OnResponseSignOut { get; set; } = context => { };
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieResponseSignOutContext> OnResponseSignOut { get; set; }
+        public Action<CookieApplyRedirectContext> OnApplyRedirect { get; set; } = context => context.Response.Redirect(context.RedirectUri);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieApplyRedirectContext> OnApplyRedirect { get; set; }
-
-        /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
-        /// </summary>
-        public Action<CookieExceptionContext> OnException { get; set; }
+        public Action<CookieExceptionContext> OnException { get; set; } = context => { };
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
         /// <returns></returns>
-        public virtual Task ValidatePrincipal(CookieValidatePrincipalContext context)
-        {
-            return OnValidatePrincipal.Invoke(context);
-        }
+        public virtual Task ValidatePrincipal(CookieValidatePrincipalContext context) => OnValidatePrincipal(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual void ResponseSignIn(CookieResponseSignInContext context)
-        {
-            OnResponseSignIn.Invoke(context);
-        }
+        public virtual void ResponseSignIn(CookieResponseSignInContext context) => OnResponseSignIn(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual void ResponseSignedIn(CookieResponseSignedInContext context)
-        {
-            OnResponseSignedIn.Invoke(context);
-        }
+        public virtual void ResponseSignedIn(CookieResponseSignedInContext context) => OnResponseSignedIn(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual void ResponseSignOut(CookieResponseSignOutContext context)
-        {
-            OnResponseSignOut.Invoke(context);
-        }
+        public virtual void ResponseSignOut(CookieResponseSignOutContext context) => OnResponseSignOut(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual void ApplyRedirect(CookieApplyRedirectContext context)
-        {
-            OnApplyRedirect.Invoke(context);
-        }
+        public virtual void ApplyRedirect(CookieApplyRedirectContext context) => OnApplyRedirect(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual void Exception(CookieExceptionContext context)
-        {
-            OnException.Invoke(context);
-        }
+        public virtual void Exception(CookieExceptionContext context) => OnException(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerAuthenticationEvents.cs
new file mode 100644
index 0000000000..cd1a6fc087
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerAuthenticationEvents.cs
@@ -0,0 +1,43 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+
+/// <summary>
+/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+/// </summary>
+namespace Microsoft.AspNet.Authentication.JwtBearer
+{
+    /// <summary>
+    /// Jwt bearer token middleware events.
+    /// </summary>
+    public interface IJwtBearerAuthenticationEvents
+    {
+        /// <summary>
+        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// </summary>
+        Task AuthenticationFailed(AuthenticationFailedContext context);
+
+        /// <summary>
+        /// Invoked when a protocol message is first received.
+        /// </summary>
+        Task MessageReceived(MessageReceivedContext context);
+
+        /// <summary>
+        /// Invoked with the security token that has been extracted from the protocol message.
+        /// </summary>
+        Task SecurityTokenReceived(SecurityTokenReceivedContext context);
+
+        /// <summary>
+        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        Task SecurityTokenValidated(SecurityTokenValidatedContext context);
+
+        /// <summary>
+        /// Invoked to apply a challenge sent back to the caller.
+        /// </summary>
+        Task ApplyChallenge(AuthenticationChallengeContext context);
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
index a8d674d1e9..4b06937a70 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
@@ -11,45 +11,47 @@ using Microsoft.AspNet.Http;
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
-    /// Jwt bearer token middleware provider
+    /// Jwt bearer token middleware events.
     /// </summary>
-    public class JwtBearerAuthenticationEvents
+    public class JwtBearerAuthenticationEvents : IJwtBearerAuthenticationEvents
     {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="JwtBearerAuthenticationProvider"/> class
-        /// </summary>
-        public JwtBearerAuthenticationEvents()
-        {
-            ApplyChallenge = context => { context.HttpContext.Response.Headers.Append("WWW-Authenticate", context.Options.Challenge); return Task.FromResult(0); };
-            AuthenticationFailed = context => Task.FromResult(0);
-            MessageReceived = context => Task.FromResult(0);
-            SecurityTokenReceived = context => Task.FromResult(0);
-            SecurityTokenValidated = context => Task.FromResult(0);
-        }
-
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext, Task> AuthenticationFailed { get; set; }
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext, Task> MessageReceived { get; set; }
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        public Func<SecurityTokenReceivedContext, Task> SecurityTokenReceived { get; set; }
+        public Func<SecurityTokenReceivedContext, Task> OnSecurityTokenReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<SecurityTokenValidatedContext, Task> SecurityTokenValidated { get; set; }
+        public Func<SecurityTokenValidatedContext, Task> OnSecurityTokenValidated { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked to apply a challenge sent back to the caller.
         /// </summary>
-        public Func<AuthenticationChallengeContext, Task> ApplyChallenge { get; set; }
+        public Func<AuthenticationChallengeContext, Task> OnApplyChallenge { get; set; } = context =>
+        {
+            context.HttpContext.Response.Headers.Append("WWW-Authenticate", context.Options.Challenge);
+            return Task.FromResult(0);
+        };
+
+        public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
+
+        public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
+
+        public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) => OnSecurityTokenReceived(context);
+
+        public virtual Task SecurityTokenValidated(SecurityTokenValidatedContext context) => OnSecurityTokenValidated(context);
+
+        public virtual Task ApplyChallenge(AuthenticationChallengeContext context) => OnApplyChallenge(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
index 07d0859f20..373095f822 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
@@ -52,7 +52,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public JwtBearerAuthenticationEvents Events { get; set; } = new JwtBearerAuthenticationEvents();
+        public IJwtBearerAuthenticationEvents Events { get; set; } = new JwtBearerAuthenticationEvents();
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs
new file mode 100644
index 0000000000..4c69a1b39f
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs
@@ -0,0 +1,48 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
+    /// </summary>
+    public interface IOpenIdConnectAuthenticationEvents
+    {
+        /// <summary>
+        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// </summary>
+        Task AuthenticationFailed(AuthenticationFailedContext context);
+
+        /// <summary>
+        /// Invoked after security token validation if an authorization code is present in the protocol message.
+        /// </summary>
+        Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context);
+
+        /// <summary>
+        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// </summary>
+        Task AuthorizationCodeRedeemed(AuthorizationCodeRedeemedContext context);
+
+        /// <summary>
+        /// Invoked when a protocol message is first received.
+        /// </summary>
+        Task MessageReceived(MessageReceivedContext context);
+
+        /// <summary>
+        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// </summary>
+        Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context);
+
+        /// <summary>
+        /// Invoked with the security token that has been extracted from the protocol message.
+        /// </summary>
+        Task SecurityTokenReceived(SecurityTokenReceivedContext context);
+
+        /// <summary>
+        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        Task SecurityTokenValidated(SecurityTokenValidatedContext context);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
index 134ce48929..9f21f74537 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
@@ -9,55 +9,55 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
     /// </summary>
-    public class OpenIdConnectAuthenticationEvents
+    public class OpenIdConnectAuthenticationEvents : IOpenIdConnectAuthenticationEvents
     {
-        /// <summary>
-        /// Creates a new set of events. Each event has a default no-op behavior unless otherwise documented.
-        /// </summary>
-        public OpenIdConnectAuthenticationEvents()
-        {
-            AuthenticationFailed = context => Task.FromResult(0);
-            AuthorizationCodeReceived = context => Task.FromResult(0);
-            AuthorizationCodeRedeemed = context => Task.FromResult(0);
-            MessageReceived = context => Task.FromResult(0);
-            RedirectToIdentityProvider = context => Task.FromResult(0);
-            SecurityTokenReceived = context => Task.FromResult(0);
-            SecurityTokenValidated = context => Task.FromResult(0);
-        }
-
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext, Task> AuthenticationFailed { get; set; }
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
-        public Func<AuthorizationCodeReceivedContext, Task> AuthorizationCodeReceived { get; set; }
+        public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
-        public Func<AuthorizationCodeRedeemedContext, Task> AuthorizationCodeRedeemed { get; set; }
+        public Func<AuthorizationCodeRedeemedContext, Task> OnAuthorizationCodeRedeemed { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext, Task> MessageReceived { get; set; }
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
         /// </summary>
-        public Func<RedirectToIdentityProviderContext, Task> RedirectToIdentityProvider { get; set; }
+        public Func<RedirectToIdentityProviderContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        public Func<SecurityTokenReceivedContext, Task> SecurityTokenReceived { get; set; }
+        public Func<SecurityTokenReceivedContext, Task> OnSecurityTokenReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<SecurityTokenValidatedContext, Task> SecurityTokenValidated { get; set; }
+        public Func<SecurityTokenValidatedContext, Task> OnSecurityTokenValidated { get; set; } = context => Task.FromResult(0);
+
+        public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
+
+        public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
+
+        public virtual Task AuthorizationCodeRedeemed(AuthorizationCodeRedeemedContext context) => OnAuthorizationCodeRedeemed(context);
+
+        public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
+
+        public virtual Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context) => OnRedirectToIdentityProvider(context);
+
+        public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) => OnSecurityTokenReceived(context);
+
+        public virtual Task SecurityTokenValidated(SecurityTokenValidatedContext context) => OnSecurityTokenValidated(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 045b279cfd..6809b571a7 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -160,9 +160,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public bool CacheNonces { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectAuthenticationEvents"/> to notify when processing OpenIdConnect messages.
+        /// Gets or sets the <see cref="IOpenIdConnectAuthenticationEvents"/> to notify when processing OpenIdConnect messages.
         /// </summary>
-        public OpenIdConnectAuthenticationEvents Events { get; set; } = new OpenIdConnectAuthenticationEvents();
+        public IOpenIdConnectAuthenticationEvents Events { get; set; } = new OpenIdConnectAuthenticationEvents();
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
index 3fcd6fe84b..deae986da7 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
@@ -11,58 +11,39 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// </summary>
     public class TwitterAuthenticationEvents : ITwitterAuthenticationEvents
     {
-        /// <summary>
-        /// Initializes a <see cref="TwitterAuthenticationEvents"/>
-        /// </summary>
-        public TwitterAuthenticationEvents()
-        {
-            OnAuthenticated = context => Task.FromResult<object>(null);
-            OnReturnEndpoint = context => Task.FromResult<object>(null);
-            OnApplyRedirect = context => context.Response.Redirect(context.RedirectUri);
-        }
-
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
         /// </summary>
-        public Func<TwitterAuthenticatedContext, Task> OnAuthenticated { get; set; }
+        public Func<TwitterAuthenticatedContext, Task> OnAuthenticated { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
         /// </summary>
-        public Func<TwitterReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
+        public Func<TwitterReturnEndpointContext, Task> OnReturnEndpoint { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
         /// </summary>
-        public Action<TwitterApplyRedirectContext> OnApplyRedirect { get; set; }
+        public Action<TwitterApplyRedirectContext> OnApplyRedirect { get; set; } = context => context.Response.Redirect(context.RedirectUri);
 
         /// <summary>
-        /// Invoked whenever Twitter succesfully authenticates a user
+        /// Invoked whenever Twitter successfully authenticates a user
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task Authenticated(TwitterAuthenticatedContext context)
-        {
-            return OnAuthenticated(context);
-        }
+        public virtual Task Authenticated(TwitterAuthenticatedContext context) => OnAuthenticated(context);
 
         /// <summary>
         /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
         /// </summary>
         /// <param name="context"></param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task ReturnEndpoint(TwitterReturnEndpointContext context)
-        {
-            return OnReturnEndpoint(context);
-        }
+        public virtual Task ReturnEndpoint(TwitterReturnEndpointContext context) => OnReturnEndpoint(context);
 
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
-        public virtual void ApplyRedirect(TwitterApplyRedirectContext context)
-        {
-            OnApplyRedirect(context);
-        }
+        public virtual void ApplyRedirect(TwitterApplyRedirectContext context) => OnApplyRedirect(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs b/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
index 11e30c3e6b..ea985d5e91 100644
--- a/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Authorization
 
         protected override void Handle(AuthorizationContext context, DelegateRequirement requirement)
         {
-            Handler.Invoke(context, requirement);
+            Handler(context, requirement);
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index cc125fb4e2..aebeb06170 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -67,22 +67,25 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events.MessageReceived = context =>
+                options.Events = new JwtBearerAuthenticationEvents()
                 {
-                    var claims = new[]
+                    OnMessageReceived = context =>
                     {
-                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                    };
+                        var claims = new[]
+                        {
+                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                        };
 
-                    context.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
+                        context.AuthenticationTicket = new AuthenticationTicket(
+                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    context.HandleResponse();
-                    
-                    return Task.FromResult<object>(null);
+                        context.HandleResponse();
+
+                        return Task.FromResult<object>(null);
+                    }
                 };
             });
 
@@ -114,22 +117,25 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events.SecurityTokenReceived = context =>
+                options.Events = new JwtBearerAuthenticationEvents()
                 {
-                    var claims = new[]
+                    OnSecurityTokenReceived = context =>
                     {
-                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                    };
+                        var claims = new[]
+                        {
+                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                        };
 
-                    context.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
+                        context.AuthenticationTicket = new AuthenticationTicket(
+                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    context.HandleResponse();
-                    
-                    return Task.FromResult<object>(null);
+                        context.HandleResponse();
+
+                        return Task.FromResult<object>(null);
+                    }
                 };
             });
 
@@ -145,23 +151,26 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events.SecurityTokenValidated = context =>
+                options.Events = new JwtBearerAuthenticationEvents()
                 {
-                    // Retrieve the NameIdentifier claim from the identity
-                    // returned by the custom security token validator.
-                    var identity = (ClaimsIdentity)context.AuthenticationTicket.Principal.Identity;
-                    var identifier = identity.FindFirst(ClaimTypes.NameIdentifier);
+                    OnSecurityTokenValidated = context =>
+                    {
+                        // Retrieve the NameIdentifier claim from the identity
+                        // returned by the custom security token validator.
+                        var identity = (ClaimsIdentity)context.AuthenticationTicket.Principal.Identity;
+                        var identifier = identity.FindFirst(ClaimTypes.NameIdentifier);
 
-                    identifier.Value.ShouldBe("Bob le Tout Puissant");
+                        identifier.Value.ShouldBe("Bob le Tout Puissant");
 
-                    // Remove the existing NameIdentifier claim and replace it
-                    // with a new one containing a different value.
-                    identity.RemoveClaim(identifier);
-                    // Make sure to use a different name identifier
-                    // than the one defined by BlobTokenValidator.
-                    identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"));
+                        // Remove the existing NameIdentifier claim and replace it
+                        // with a new one containing a different value.
+                        identity.RemoveClaim(identifier);
+                        // Make sure to use a different name identifier
+                        // than the one defined by BlobTokenValidator.
+                        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"));
 
-                    return Task.FromResult<object>(null);
+                        return Task.FromResult<object>(null);
+                    }
                 };
 
                 options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme));
@@ -179,28 +188,30 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events.MessageReceived = context =>
+                options.Events = new JwtBearerAuthenticationEvents()
                 {
-                    context.Token = "CustomToken";
-                    return Task.FromResult<object>(null);
-                };
-                
-                options.Events.SecurityTokenReceived = context =>
-                {
-                    var claims = new[]
+                    OnMessageReceived = context =>
                     {
-                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                    };
+                        context.Token = "CustomToken";
+                        return Task.FromResult<object>(null);
+                    },
+                    OnSecurityTokenReceived = context =>
+                    {
+                        var claims = new[]
+                        {
+                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                        };
 
-                    context.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
+                        context.AuthenticationTicket = new AuthenticationTicket(
+                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    context.HandleResponse();
+                        context.HandleResponse();
 
-                    return Task.FromResult<object>(null);
+                        return Task.FromResult<object>(null);
+                    }
                 };
             });
 
@@ -214,22 +225,25 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events.SecurityTokenReceived = context =>
+                options.Events = new JwtBearerAuthenticationEvents()
                 {
-                    var claims = new[]
+                    OnSecurityTokenReceived = context =>
                     {
-                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                    };
+                        var claims = new[]
+                        {
+                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                        };
 
-                    context.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
+                        context.AuthenticationTicket = new AuthenticationTicket(
+                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    context.HandleResponse();
+                        context.HandleResponse();
 
-                    return Task.FromResult<object>(null);
+                        return Task.FromResult<object>(null);
+                    }
                 };
             });
 
@@ -242,22 +256,25 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events.SecurityTokenReceived = context =>
+                options.Events = new JwtBearerAuthenticationEvents()
                 {
-                    var claims = new[]
+                    OnSecurityTokenReceived = context =>
                     {
-                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                    };
+                        var claims = new[]
+                        {
+                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                        };
 
-                    context.AuthenticationTicket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
+                        context.AuthenticationTicket = new AuthenticationTicket(
+                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
-                    context.HandleResponse();
+                        context.HandleResponse();
 
-                    return Task.FromResult<object>(null);
+                        return Task.FromResult<object>(null);
+                    }
                 };
             });
 
@@ -267,7 +284,6 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
         class BlobTokenValidator : ISecurityTokenValidator
         {
-
             public BlobTokenValidator(string authenticationScheme)
             {
                 AuthenticationScheme = authenticationScheme;
@@ -283,7 +299,6 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 {
                     throw new NotImplementedException();
                 }
-
                 set
                 {
                     throw new NotImplementedException();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 80c77ac535..2e1ab50b5a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -102,9 +102,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
             options.ClientId = Guid.NewGuid().ToString();
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events = new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
             {
-                AuthorizationCodeRedeemed = context =>
+                OnAuthorizationCodeRedeemed = context =>
                 {
                     context.HandleResponse();
                     if (context.ProtocolMessage.State == null && !context.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
@@ -274,15 +274,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnAuthorizationCodeReceived = (context) =>
                 {
-                    AuthorizationCodeReceived = (context) =>
-                    {
-                        context.HandleResponse();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.HandleResponse();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
@@ -290,15 +289,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnAuthorizationCodeReceived = (context) =>
                 {
-                    AuthorizationCodeReceived = (context) =>
-                    {
-                        context.SkipToNextMiddleware();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void AuthenticationErrorHandledOptions(OpenIdConnectAuthenticationOptions options)
@@ -306,15 +304,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnAuthenticationFailed = (context) =>
                 {
-                    AuthenticationFailed = (context) =>
-                    {
-                        context.HandleResponse();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.HandleResponse();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options)
@@ -322,29 +319,27 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnAuthenticationFailed = (context) =>
                 {
-                    AuthenticationFailed = (context) =>
-                    {
-                        context.SkipToNextMiddleware();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void MessageReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnMessageReceived = (context) =>
                 {
-                    MessageReceived = (context) =>
-                    {
-                        context.HandleResponse();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.HandleResponse();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void CodeReceivedAndRedeemedHandledOptions(OpenIdConnectAuthenticationOptions options)
@@ -352,15 +347,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnAuthorizationCodeRedeemed = (context) =>
                 {
-                    AuthorizationCodeRedeemed = (context) =>
-                    {
-                        context.HandleResponse();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.HandleResponse();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectAuthenticationOptions options)
@@ -368,15 +362,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnAuthorizationCodeRedeemed = (context) =>
                 {
-                    AuthorizationCodeRedeemed = (context) =>
-                    {
-                        context.SkipToNextMiddleware();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void GetUserInfoFromUIEndpoint(OpenIdConnectAuthenticationOptions options)
@@ -387,30 +380,28 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             options.GetClaimsFromUserInfoEndpoint = true;
             options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnSecurityTokenValidated = (context) =>
                 {
-                    SecurityTokenValidated = (context) =>
-                    {
-                        var claimValue = context.AuthenticationTicket.Principal.FindFirst("test claim");
-                        Assert.Equal(claimValue.Value, "test value");
-                        context.HandleResponse();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    var claimValue = context.AuthenticationTicket.Principal.FindFirst("test claim");
+                    Assert.Equal(claimValue.Value, "test value");
+                    context.HandleResponse();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
         private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnMessageReceived = (context) =>
                 {
-                    MessageReceived = (context) =>
-                    {
-                        context.SkipToNextMiddleware();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void MessageWithErrorOptions(OpenIdConnectAuthenticationOptions options)
@@ -421,29 +412,27 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnSecurityTokenReceived = (context) =>
                 {
-                    SecurityTokenReceived = (context) =>
-                    {
-                        context.HandleResponse();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.HandleResponse();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void SecurityTokenReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             DefaultOptions(options);
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnSecurityTokenReceived = (context) =>
                 {
-                    SecurityTokenReceived = (context) =>
-                    {
-                        context.SkipToNextMiddleware();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static ISecurityTokenValidator MockSecurityTokenValidator()
@@ -492,29 +481,27 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void SecurityTokenValidatedHandledOptions(OpenIdConnectAuthenticationOptions options)
         {
             SecurityTokenValidatorValidatesAllTokens(options);
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnSecurityTokenValidated = (context) =>
                 {
-                    SecurityTokenValidated = (context) =>
-                    {
-                        context.HandleResponse();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.HandleResponse();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options)
         {
             SecurityTokenValidatorValidatesAllTokens(options);
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnSecurityTokenValidated = (context) =>
                 {
-                    SecurityTokenValidated = (context) =>
-                    {
-                        context.SkipToNextMiddleware();
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         private static void StateNullOptions(OpenIdConnectAuthenticationOptions options)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index e8d724be2a..971301c19b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -130,15 +130,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
             mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
             options.AutomaticAuthentication = true;
-            options.Events =
-                new OpenIdConnectAuthenticationEvents
+            options.Events = new OpenIdConnectAuthenticationEvents()
+            {
+                OnRedirectToIdentityProvider = (context) =>
                 {
-                    RedirectToIdentityProvider = (context) =>
-                    {
-                        context.ProtocolMessage = mockOpenIdConnectMessage.Object;
-                        return Task.FromResult<object>(null);
-                    }
-                };
+                    context.ProtocolMessage = mockOpenIdConnectMessage.Object;
+                    return Task.FromResult<object>(null);
+                }
+            };
         }
 
         /// <summary>
@@ -163,9 +162,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 SetOptions(options, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
                 options.AutomaticAuthentication = challenge.Equals(ChallengeWithOutContext);
-                options.Events = new OpenIdConnectAuthenticationEvents
+                options.Events = new OpenIdConnectAuthenticationEvents()
                 {
-                    RedirectToIdentityProvider = context =>
+                    OnRedirectToIdentityProvider = context =>
                     {
                         context.ProtocolMessage.State = userState;
                         return Task.FromResult<object>(null);
@@ -214,9 +213,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var server = CreateServer(options =>
             {
                 SetOptions(options, DefaultParameters(), queryValues);
-                options.Events = new OpenIdConnectAuthenticationEvents
+                options.Events = new OpenIdConnectAuthenticationEvents()
                 {
-                    RedirectToIdentityProvider = context =>
+                    OnRedirectToIdentityProvider = context =>
                     {
                         context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
                         context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;

From dda67b9d7cf523f2147a06b9eafc613bc239b84a Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 3 Sep 2015 12:39:36 -0700
Subject: [PATCH 317/900] Remove unused RedirectFromIdentityProviderContext.

---
 .../RedirectFromIdentityProviderContext.cs    | 22 -------------------
 .../RedirectToIdentityProviderContext.cs      |  2 +-
 2 files changed, 1 insertion(+), 23 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectFromIdentityProviderContext.cs

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectFromIdentityProviderContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectFromIdentityProviderContext.cs
deleted file mode 100644
index fb55ec53e6..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectFromIdentityProviderContext.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    public class RedirectFromIdentityProviderContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
-    {
-        public RedirectFromIdentityProviderContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
-            : base(context, options)
-        {
-        }
-
-        public string SignInScheme { get; set; }
-
-        public bool IsRequestCompleted { get; set; }
-
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
index 705421bdbc..9216e86248 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
     /// When a user configures the <see cref="AuthenticationMiddleware{TOptions}"/> to be notified prior to redirecting to an IdentityProvider
-    /// an instance of <see cref="RedirectFromIdentityProviderContext"/> is passed to the 'RedirectToIdentityProviderContext".
+    /// an instance of <see cref="RedirectToIdentityProviderContext"/> is passed to the 'RedirectToIdentityProvider" event.
     /// </summary>
     /// <typeparam name="TMessage">protocol specific message.</typeparam>
     /// <typeparam name="TOptions">protocol specific options.</typeparam>

From d2701f4897eebcd692a39d7b5b2968be10e4d645 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Sep 2015 11:43:02 -0700
Subject: [PATCH 318/900] #58 Serialize the ClaimsIdentity.BootstrapContext.

---
 .../DataHandler/TicketSerializer.cs           | 21 ++++++++++++--
 .../DataHandler/TicketSerializerTests.cs      | 28 ++++++++++++++++---
 2 files changed, 43 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
index 310b2b03a8..44284d788f 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Authentication
 {
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
-        private const int FormatVersion = 3;
+        private const int FormatVersion = 4;
 
         public virtual byte[] Serialize(AuthenticationTicket model)
         {
@@ -63,6 +63,17 @@ namespace Microsoft.AspNet.Authentication
                         WriteWithDefault(writer, claim.Issuer, DefaultValues.LocalAuthority);
                         WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
                     }
+
+                    var bootstrap = identity.BootstrapContext as string;
+                    if (string.IsNullOrEmpty(bootstrap))
+                    {
+                        writer.Write(0);
+                    }
+                    else
+                    {
+                        writer.Write(bootstrap.Length);
+                        writer.Write(bootstrap);
+                    }
                 }
             }
             PropertiesSerializer.Write(writer, model.Properties);
@@ -99,7 +110,13 @@ namespace Microsoft.AspNet.Authentication
                     var originalIssuer = ReadWithDefault(reader, issuer);
                     claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
                 }
-                identities[i] = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
+                var identity = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
+                var bootstrapContextSize = reader.ReadInt32();
+                if (bootstrapContextSize > 0)
+                {
+                    identity.BootstrapContext = reader.ReadString();
+                }
+                identities[i] = identity;
             }
 
             var properties = PropertiesSerializer.Read(reader);
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
index b1eaa07095..23c7add5a9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
@@ -6,7 +6,6 @@ using System.IO;
 using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Http.Authentication;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
@@ -42,9 +41,30 @@ namespace Microsoft.AspNet.Authentication
                 TicketSerializer.Write(writer, ticket);
                 stream.Position = 0;
                 var readTicket = TicketSerializer.Read(reader);
-                readTicket.Principal.Identities.Count().ShouldBe(0);
-                readTicket.Properties.RedirectUri.ShouldBe("bye");
-                readTicket.AuthenticationScheme.ShouldBe("Hello");
+                Assert.Equal(0, readTicket.Principal.Identities.Count());
+                Assert.Equal("bye", readTicket.Properties.RedirectUri);
+                Assert.Equal("Hello", readTicket.AuthenticationScheme);
+            }
+        }
+
+        [Fact]
+        public void CanRoundTripBootstrapContext()
+        {
+            var properties = new AuthenticationProperties();
+            properties.RedirectUri = "bye";
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
+            ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { BootstrapContext = "bootstrap" });
+
+            using (var stream = new MemoryStream())
+            using (var writer = new BinaryWriter(stream))
+            using (var reader = new BinaryReader(stream))
+            {
+                TicketSerializer.Write(writer, ticket);
+                stream.Position = 0;
+                var readTicket = TicketSerializer.Read(reader);
+                Assert.Equal(1, readTicket.Principal.Identities.Count());
+                Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
+                Assert.Equal("bootstrap", readTicket.Principal.Identities.First().BootstrapContext);
             }
         }
     }

From 831785fe9fc4e3fd00889ce59b38c68a6c021a9a Mon Sep 17 00:00:00 2001
From: Ryan Nowak <nowakra@gmail.com>
Date: Wed, 8 Jul 2015 15:29:01 -0700
Subject: [PATCH 319/900] Make AddAuthorization() idempotent

Found this issue which looking into making AddMvc() idempotent. You'll end
up with multiple pass-through handlers registered if two components call
AddAuthorization(). This is very possible to happen if used two frameworks
in the same app.
---
 .../ServiceCollectionExtensions.cs                              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
index 92f93fe1a3..d0a60edf2e 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
@@ -14,7 +14,7 @@ namespace Microsoft.Framework.DependencyInjection
         {
             services.AddOptions();
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
-            services.AddTransient<IAuthorizationHandler, PassThroughAuthorizationHandler>();
+            services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             return services;
         }
 

From 61a47d79a82e8217d2bf4397eb1112a81a2de3ec Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 4 Sep 2015 11:47:19 -0700
Subject: [PATCH 320/900] Work around System.Uri relative path bug on mono.

---
 .../Facebook/FacebookMiddlewareTests.cs                     | 2 +-
 .../Google/GoogleMiddlewareTests.cs                         | 6 +++---
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs     | 3 ++-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index f32aa37547..22f9cfd8ce 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -236,7 +236,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 "https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
             finalUserInfoEndpoint.Count(c => c == '?').ShouldBe(1);
             finalUserInfoEndpoint.ShouldContain("fields=email,timezone,picture");
             finalUserInfoEndpoint.ShouldContain("&access_token=");
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index afefb49077..4a35c55c77 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -286,7 +286,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
             transaction.SetCookie.Count.ShouldBe(2);
             transaction.SetCookie[0].ShouldContain(correlationKey);
             transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
@@ -434,7 +434,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
             transaction.SetCookie.Count.ShouldBe(2);
             transaction.SetCookie[0].ShouldContain(correlationKey);
             transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
@@ -526,7 +526,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 correlationKey + "=" + correlationValue);
 
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.ToString().ShouldBe("/foo");
+            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/foo");
         }
 
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index b469100eee..42c6a8cd3c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
@@ -163,7 +164,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.ToString().ShouldBe("/me");
+            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
             transaction.SetCookie.Count.ShouldBe(2);
             transaction.SetCookie[0].ShouldContain(correlationKey);
             transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);

From 76fd055d8e6c64440044d1bd7a9b342c7627ec94 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 8 Sep 2015 14:14:39 -0700
Subject: [PATCH 321/900] Remove redundant body rewind.

---
 .../OpenIdConnectAuthenticationHandler.cs                        | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 8ef64f6046..ae56928640 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -344,7 +344,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
               && Request.Body.CanRead)
             {
                 var form = await Request.ReadFormAsync();
-                Request.Body.Seek(0, SeekOrigin.Begin);
                 message = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
             }
 

From 5bc13cbd6b3d3fcc1dc430dcb8841983d3731896 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 9 Sep 2015 11:05:14 -0700
Subject: [PATCH 322/900] UseOauth now requires an instance of options

---
 samples/SocialSample/Startup.cs               | 84 +++++++++++--------
 .../OAuthAuthenticationExtensions.cs          | 13 +--
 .../OAuthAuthenticationOptions.cs             | 12 ++-
 .../Cookies/CookieMiddlewareTests.cs          |  1 -
 4 files changed, 60 insertions(+), 50 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 47672d4b03..cfd60dd0f5 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -52,17 +52,21 @@ namespace CookieSample
                 options.AppSecret = "a124463c4719c94b4228d9a240e5dc1a";
             });
 
-            app.UseOAuthAuthentication("Google-AccessToken", options =>
+            var googleOptions = new OAuthAuthenticationOptions
             {
-                options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
-                options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
-                options.CallbackPath = new PathString("/signin-google-token");
-                options.AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint;
-                options.TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint;
-                options.Scope.Add("openid");
-                options.Scope.Add("profile");
-                options.Scope.Add("email");
-            });
+                AuthenticationScheme = "Google-AccessToken",
+                Caption = "Google-AccessToken",
+                ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
+                ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
+                CallbackPath = new PathString("/signin-google-token"),
+                AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint,
+                TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint
+            };
+            googleOptions.Scope.Add("openid");
+            googleOptions.Scope.Add("profile");
+            googleOptions.Scope.Add("email");
+
+            app.UseOAuthAuthentication(googleOptions);
 
             // https://console.developers.google.com/project
             app.UseGoogleAuthentication(options =>
@@ -95,16 +99,18 @@ namespace CookieSample
             The sample app can then be run via:
              dnx . web
             */
-            app.UseOAuthAuthentication("Microsoft-AccessToken", options =>
+            var msOAuthOptions = new OAuthAuthenticationOptions
             {
-                options.Caption = "MicrosoftAccount-AccessToken - Requires project changes";
-                options.ClientId = "00000000480FF62E";
-                options.ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr";
-                options.CallbackPath = new PathString("/signin-microsoft-token");
-                options.AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint;
-                options.TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint;
-                options.Scope.Add("wl.basic");
-            });
+                AuthenticationScheme = "Microsoft-AccessToken",
+                Caption = "MicrosoftAccount-AccessToken - Requires project changes",
+                ClientId = "00000000480FF62E",
+                ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
+                CallbackPath = new PathString("/signin-microsoft-token"),
+                AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint,
+                TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint
+            };
+            msOAuthOptions.Scope.Add("wl.basic");
+            app.UseOAuthAuthentication(msOAuthOptions);
 
             app.UseMicrosoftAccountAuthentication(options =>
             {
@@ -115,27 +121,31 @@ namespace CookieSample
             });
 
             // https://github.com/settings/applications/
-            app.UseOAuthAuthentication("GitHub-AccessToken", options =>
+            app.UseOAuthAuthentication(new OAuthAuthenticationOptions
             {
-                options.ClientId = "8c0c5a572abe8fe89588";
-                options.ClientSecret = "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda";
-                options.CallbackPath = new PathString("/signin-github-token");
-                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
-                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
+                AuthenticationScheme = "GitHub-AccessToken",
+                Caption = "Github-AccessToken",
+                ClientId = "8c0c5a572abe8fe89588",
+                ClientSecret = "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda",
+                CallbackPath = new PathString("/signin-github-token"),
+                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
+                TokenEndpoint = "https://github.com/login/oauth/access_token"
             });
 
-            app.UseOAuthAuthentication("GitHub", options =>
+            app.UseOAuthAuthentication(new OAuthAuthenticationOptions
             {
-                options.ClientId = "49e302895d8b09ea5656";
-                options.ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b";
-                options.CallbackPath = new PathString("/signin-github");
-                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
-                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
-                options.UserInformationEndpoint = "https://api.github.com/user";
-                options.ClaimsIssuer = "OAuth2-Github";
-                options.SaveTokensAsClaims = false;
+                AuthenticationScheme = "GitHub",
+                Caption = "Github",
+                ClientId = "49e302895d8b09ea5656",
+                ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b",
+                CallbackPath = new PathString("/signin-github"),
+                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
+                TokenEndpoint = "https://github.com/login/oauth/access_token",
+                UserInformationEndpoint = "https://api.github.com/user",
+                ClaimsIssuer = "OAuth2-Github",
+                SaveTokensAsClaims = false,
                 // Retrieving user information is unique to each provider.
-                options.Events = new OAuthAuthenticationEvents
+                Events = new OAuthAuthenticationEvents
                 {
                     OnAuthenticated = async context =>
                     {
@@ -180,8 +190,8 @@ namespace CookieSample
                                 "urn:github:url", link,
                                 ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
-                    },
-                };
+                    }
+                }
             });
 
             // Choose an authentication type
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
index 264cb831f4..6c86be4c82 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
@@ -19,18 +19,11 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] string authenticationScheme, Action<OAuthAuthenticationOptions> configureOptions = null)
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] IOptions<OAuthAuthenticationOptions> options)
         {
             return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions>>(
-                new ConfigureOptions<OAuthAuthenticationOptions>(options =>
-                {
-                    options.AuthenticationScheme = authenticationScheme;
-                    options.Caption = authenticationScheme;
-                    if (configureOptions != null)
-                    {
-                        configureOptions(options);
-                    }
-                }));
+                options,
+                new ConfigureOptions<OAuthAuthenticationOptions>(o => { }));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 19d7e4abfb..680947e36a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -4,16 +4,16 @@
 using System;
 using System.Collections.Generic;
 using System.Net.Http;
-using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Configuration options for <see cref="OAuthAuthenticationMiddleware"/>.
     /// </summary>
-    public class OAuthAuthenticationOptions : AuthenticationOptions
+    public class OAuthAuthenticationOptions : AuthenticationOptions, IOptions<OAuthAuthenticationOptions>
     {
         /// <summary>
         /// Gets or sets the provider-assigned client id.
@@ -115,5 +115,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// authentication cookie. Note that social providers set this property to <c>false</c> by default.
         /// </summary>
         public bool SaveTokensAsClaims { get; set; } = true;
+
+        OAuthAuthenticationOptions IOptions<OAuthAuthenticationOptions>.Value
+        {
+            get
+            {
+                return this;
+            }
+        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index ffc1f304de..686a7ce76e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -19,7 +19,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.Internal;
 using Shouldly;
 using Xunit;
 

From 9f7a723843afaedd8ea2ed78399b00ae6d074d4e Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 3 Sep 2015 17:54:09 -0700
Subject: [PATCH 323/900] #390 Make the nonce cookie expire.

---
 .../OpenIdConnectAuthenticationHandler.cs                   | 3 ++-
 .../OpenIdConnectAuthenticationOptions.cs                   | 6 +++++-
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs           | 1 +
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index ae56928640..954f6e74ed 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -666,7 +666,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 new CookieOptions
                 {
                     HttpOnly = true,
-                    Secure = Request.IsHttps
+                    Secure = Request.IsHttps,
+                    Expires = DateTime.UtcNow + Options.ProtocolValidator.NonceLifetime
                 });
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index 6809b571a7..f24cdec61c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -169,7 +169,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 
         /// </summary>
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
-        public OpenIdConnectProtocolValidator ProtocolValidator { get; set; } = new OpenIdConnectProtocolValidator { RequireState = false };
+        public OpenIdConnectProtocolValidator ProtocolValidator { get; set; } = new OpenIdConnectProtocolValidator()
+        {
+            RequireState = false,
+            NonceLifetime = TimeSpan.FromMinutes(15)
+        };
 
         /// <summary>
         /// Gets or sets the 'post_logout_redirect_uri'
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 971301c19b..693ff185d6 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -83,6 +83,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             transaction.SetCookie.Single().ShouldContain(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix);
+            transaction.SetCookie.Single().ShouldContain("Expires");
         }
 
         [Fact]

From ebcad24307b61ab8553165dd357642b3642ba135 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 9 Sep 2015 12:16:22 -0700
Subject: [PATCH 324/900] #404 Verify state via independent cookie.

---
 samples/OpenIdConnectSample/Startup.cs        |   4 +-
 .../OpenIdConnectAuthenticationDefaults.cs    |  12 +-
 .../OpenIdConnectAuthenticationHandler.cs     |  70 +++++++++
 .../OpenIdConnect/ExpectedQueryValues.cs      |   2 +-
 .../OpenIdConnectHandlerTests.cs              | 139 ------------------
 .../OpenIdConnectMiddlewareTests.cs           |  12 +-
 6 files changed, 88 insertions(+), 151 deletions(-)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 26c9129e07..4c8e2f684b 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -32,8 +32,8 @@ namespace OpenIdConnectSample
 
             app.UseOpenIdConnectAuthentication(options =>
             {
-                options.ClientId = "fe78e0b4-6fe7-47e6-812c-fb75cee266a4";
-                options.Authority = "https://login.windows.net/cyrano.onmicrosoft.com";
+                options.ClientId = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
+                options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
                 options.RedirectUri = "http://localhost:42023";
             });
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
index 2e1a808897..35a85e8437 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
@@ -24,15 +24,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public const string Caption = "OpenIdConnect";
 
         /// <summary>
-        /// The prefix used to provide a default OpenIdConnectAuthenticationOptions.CookieName.
-        /// </summary>
-        public const string CookiePrefix = ".AspNet.OpenIdConnect.";
-
-        /// <summary>
-        /// The prefix used to for the a nonce in the cookie.
+        /// The prefix used to for the nonce in the cookie.
         /// </summary>
         public const string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
 
+        /// <summary>
+        /// The prefix used for the state in the cookie.
+        /// </summary>
+        public const string CookieStatePrefix = ".AspNet.OpenIdConnect.State.";
+
         /// <summary>
         /// The property for the RedirectUri that was used when asking for a 'authorizationCode'.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
index 954f6e74ed..a7257db09a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
@@ -11,6 +11,7 @@ using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
@@ -48,6 +49,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 </body>
 </html>";
 
+        private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
+
         private OpenIdConnectConfiguration _configuration;
 
         protected HttpClient Backchannel { get; private set; }
@@ -220,6 +223,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
             }
 
+            GenerateCorrelationId(properties);
+
             var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext(Context, Options)
             {
                 ProtocolMessage = message
@@ -393,6 +398,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null"));
                 }
 
+                if (!ValidateCorrelationId(properties))
+                {
+                    return null;
+                }
+
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
                     Logger.LogVerbose(Resources.OIDCH_0007_UpdatingConfiguration);
@@ -714,6 +724,66 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return null;
         }
 
+        private void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
+        {
+            var correlationKey = OpenIdConnectAuthenticationDefaults.CookieStatePrefix;
+
+            var nonceBytes = new byte[32];
+            CryptoRandom.GetBytes(nonceBytes);
+            var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsHttps,
+                Expires = DateTime.UtcNow + Options.ProtocolValidator.NonceLifetime
+            };
+
+            properties.Items[correlationKey] = correlationId;
+
+            Response.Cookies.Append(correlationKey + correlationId, NonceProperty, cookieOptions);
+        }
+
+        private bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
+        {
+            var correlationKey = OpenIdConnectAuthenticationDefaults.CookieStatePrefix;
+
+            string correlationId;
+            if (!properties.Items.TryGetValue(
+                correlationKey,
+                out correlationId))
+            {
+                Logger.LogWarning("{0} state property not found.", correlationKey);
+                return false;
+            }
+
+            properties.Items.Remove(correlationKey);
+
+            var cookieName = correlationKey + correlationId;
+
+            var correlationCookie = Request.Cookies[cookieName];
+            if (string.IsNullOrEmpty(correlationCookie))
+            {
+                Logger.LogWarning("{0} cookie not found.", cookieName);
+                return false;
+            }
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsHttps
+            };
+            Response.Cookies.Delete(cookieName, cookieOptions);
+
+            if (!string.Equals(correlationCookie, NonceProperty, StringComparison.Ordinal))
+            {
+                Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
+                return false;
+            }
+
+            return true;
+        }
+
         private AuthenticationProperties GetPropertiesFromState(string state)
         {
             // assume a well formed query string: <a=b&>OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey=kasjd;fljasldkjflksdj<&c=d>
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
index f80a6c7f62..ff48272b7d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
@@ -169,7 +169,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         public string ExpectedState
         {
-            get { return OpenIdConnectParameterNames.State + "=" + Encoder.UrlEncode(State); }
+            get { return Encoder.UrlEncode(State); }
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 2e1ab50b5a..d0914fc8ad 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -119,145 +119,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        [Theory, MemberData("AuthenticateCoreDataSet")]
-        public async Task AuthenticateCore(LogLevel logLevel, int[] expectedLogIndexes, Action<OpenIdConnectAuthenticationOptions> action, OpenIdConnectMessage message)
-        {
-            var errors = new List<Tuple<LogEntry, LogEntry>>();
-            var expectedLogs = LoggingUtilities.PopulateLogEntries(expectedLogIndexes);
-            var handler = new OpenIdConnectAuthenticationHandlerForTestingAuthenticate();
-            var loggerFactory = new InMemoryLoggerFactory(logLevel);
-            var server = CreateServer(new ConfigureOptions<OpenIdConnectAuthenticationOptions>(action), UrlEncoder.Default, loggerFactory, handler);
-
-            await server.CreateClient().PostAsync("http://localhost", new FormUrlEncodedContent(message.Parameters));
-            LoggingUtilities.CheckLogs(loggerFactory.Logger.Logs, expectedLogs, errors);
-            Debug.WriteLine(LoggingUtilities.LoggingErrors(errors));
-            Assert.True(errors.Count == 0, LoggingUtilities.LoggingErrors(errors));
-        }
-
-        public static TheoryData<LogLevel, int[], Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage> AuthenticateCoreDataSet
-        {
-            get
-            {
-                var formater = new AuthenticationPropertiesFormaterKeyValue();
-                var dataset = new TheoryData<LogLevel, int[], Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage>();
-                var properties = new AuthenticationProperties();
-                var message = new OpenIdConnectMessage();
-                var validState = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
-                message.State = validState;
-
-                // MessageReceived - Handled / Skipped
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 2 }, MessageReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 2 }, MessageReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, MessageReceivedHandledOptions, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 3 }, MessageReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 3 }, MessageReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, MessageReceivedSkippedOptions, message);
-
-                // State - null, empty string, invalid
-                message = new OpenIdConnectMessage();
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 28 }, StateNullOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 4, 7 }, StateNullOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, StateNullOptions, message);
-
-                message = new OpenIdConnectMessage();
-                message.State = string.Empty;
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 28 }, StateEmptyOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 4, 7 }, StateEmptyOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, StateEmptyOptions, message);
-
-                message = new OpenIdConnectMessage();
-                message.State = Guid.NewGuid().ToString();
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 5 }, StateInvalidOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 5 }, StateInvalidOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { 5 }, StateInvalidOptions, message);
-
-                // OpenIdConnectMessage.Error != null
-                message = new OpenIdConnectMessage();
-                message.Error = "Error";
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 6, 17, 18 }, MessageWithErrorOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 4, 6, 17, 18 }, MessageWithErrorOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { 6, 17 }, MessageWithErrorOptions, message);
-
-                // SecurityTokenReceived - Handled / Skipped 
-                message = new OpenIdConnectMessage();
-                message.IdToken = "invalid";
-                message.State = validState;
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 8 }, SecurityTokenReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 8 }, SecurityTokenReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenReceivedHandledOptions, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 9 }, SecurityTokenReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 9 }, SecurityTokenReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenReceivedSkippedOptions, message);
-
-                // SecurityTokenValidation - ReturnsNull, Throws, Validates
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 11, 17, 18 }, SecurityTokenValidatorCannotReadToken, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 11, 17, 18 }, SecurityTokenValidatorCannotReadToken, message);
-                dataset.Add(LogLevel.Error, new int[] { 11, 17 }, SecurityTokenValidatorCannotReadToken, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 17, 21, 18 }, SecurityTokenValidatorThrows, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 17, 21, 18 }, SecurityTokenValidatorThrows, message);
-                dataset.Add(LogLevel.Error, new int[] { 17 }, SecurityTokenValidatorThrows, message);
-
-                message.Nonce = nonceForJwt;
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20 }, SecurityTokenValidatorValidatesAllTokens, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7 }, SecurityTokenValidatorValidatesAllTokens, message);
-                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenValidatorValidatesAllTokens, message);
-
-                // SecurityTokenValidation - Handled / Skipped
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 12 }, SecurityTokenValidatedHandledOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 12 }, SecurityTokenValidatedHandledOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenValidatedHandledOptions, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 13 }, SecurityTokenValidatedSkippedOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 13 }, SecurityTokenValidatedSkippedOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, SecurityTokenValidatedSkippedOptions, message);
-
-                // AuthenticationCodeReceived - Handled / Skipped 
-                message = new OpenIdConnectMessage();
-                message.Code = Guid.NewGuid().ToString();
-                message.State = validState;
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 14, 15 }, AuthorizationCodeReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 15 }, AuthorizationCodeReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedHandledOptions, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 14, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedSkippedOptions, message);
-
-                message = new OpenIdConnectMessage();
-                message.Code = Guid.NewGuid().ToString();
-                message.State = validState;
-                message.IdToken = "test token";
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 14, 15 }, AuthorizationCodeReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 15 }, AuthorizationCodeReceivedHandledOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedHandledOptions, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 7, 20, 14, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 7, 16 }, AuthorizationCodeReceivedSkippedOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, AuthorizationCodeReceivedSkippedOptions, message);
-
-                // CodeReceivedAndRedeemed and GetUserInformationFromUIEndpoint
-                message = new OpenIdConnectMessage();
-                message.IdToken = null;
-                message.Code = Guid.NewGuid().ToString();
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 14, 23, 25, 26 }, CodeReceivedAndRedeemedHandledOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 4, 7, 26 }, CodeReceivedAndRedeemedHandledOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, CodeReceivedAndRedeemedHandledOptions, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 14, 23, 25, 27 }, CodeReceivedAndRedeemedSkippedOptions, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 4, 7, 27 }, CodeReceivedAndRedeemedSkippedOptions, message);
-                dataset.Add(LogLevel.Error, new int[] { }, CodeReceivedAndRedeemedSkippedOptions, message);
-
-                dataset.Add(LogLevel.Debug, new int[] { 0, 1, 4, 7, 14, 23, 25, 24, 12 }, GetUserInfoFromUIEndpoint, message);
-                dataset.Add(LogLevel.Verbose, new int[] { 4, 7, 12 }, GetUserInfoFromUIEndpoint, message);
-                dataset.Add(LogLevel.Error, new int[] { }, GetUserInfoFromUIEndpoint, message);
-
-                return dataset;
-            }
-        }
-
 #region Configure Options for AuthenticateCore variations
 
         private static void DefaultOptions(OpenIdConnectAuthenticationOptions options)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 693ff185d6..71fc4c855f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -73,7 +73,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         }
 
         [Fact]
-        public async Task ChallengeWillSetNonceCookie()
+        public async Task ChallengeWillSetNonceAndStateCookies()
         {
             var server = CreateServer(options =>
             {
@@ -82,8 +82,14 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             });
             var transaction = await SendAsync(server, DefaultHost + Challenge);
-            transaction.SetCookie.Single().ShouldContain(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix);
-            transaction.SetCookie.Single().ShouldContain("Expires");
+
+            var firstCookie = transaction.SetCookie.First();
+            firstCookie.ShouldContain(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix);
+            firstCookie.ShouldContain("Expires");
+
+            var secondCookie = transaction.SetCookie.Skip(1).First();
+            secondCookie.ShouldContain(OpenIdConnectAuthenticationDefaults.CookieStatePrefix);
+            secondCookie.ShouldContain("Expires");
         }
 
         [Fact]

From 2982d743d89efdda99d62084712edbf854ad9888 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 10 Sep 2015 08:41:08 -0700
Subject: [PATCH 325/900] #443 Remove custom certificate validators.

---
 .../JwtBearerAuthenticationMiddleware.cs      |  26 +--
 .../JwtBearerAuthenticationOptions.cs         |  12 --
 .../project.json                              |   1 -
 .../OAuthAuthenticationMiddleware.cs          |  25 +--
 .../OAuthAuthenticationOptions.cs             |  13 --
 .../project.json                              |   1 -
 .../OpenIdConnectAuthenticationMiddleware.cs  |  25 +--
 .../OpenIdConnectAuthenticationOptions.cs     |  13 --
 .../project.json                              |   3 +-
 .../TwitterAuthenticationMiddleware.cs        |  25 +--
 .../TwitterAuthenticationOptions.cs           |  24 +--
 .../project.json                              |   1 -
 ...ertificateSubjectKeyIdentifierValidator.cs |  81 --------
 ...ertificateSubjectPublicKeyInfoValidator.cs | 128 -------------
 .../CertificateThumbprintValidator.cs         |  74 --------
 .../ICertificateValidator.cs                  |  30 ---
 ...icateSubjectKeyIdentifierValidatorTests.cs | 123 -------------
 ...icateSubjectPublicKeyInfoValidatorTests.cs | 173 ------------------
 .../CertificateThumbprintValidatorTests.cs    | 121 ------------
 .../Twitter/TwitterMiddlewareTests.cs         |   2 -
 20 files changed, 6 insertions(+), 895 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
index 1cd69a7656..1127f12889 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
 using Microsoft.Framework.Internal;
@@ -63,7 +62,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         Options.MetadataAddress += ".well-known/openid-configuration";
                     }
 
-                    var httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+                    var httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
                     httpClient.Timeout = Options.BackchannelTimeout;
                     httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
 
@@ -80,28 +79,5 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             return new JwtBearerAuthenticationHandler();
         }
-
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(JwtBearerAuthenticationOptions options)
-        {
-            HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if DNX451
-            new WebRequestHandler();
-            // If they provided a validator, apply it or fail.
-            if (options.BackchannelCertificateValidator != null)
-            {
-                // Set the cert validate callback
-                var webRequestHandler = handler as WebRequestHandler;
-                if (webRequestHandler == null)
-                {
-                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
-                }
-                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
-            }
-#else
-            new HttpClientHandler();
-#endif
-            return handler;
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
index 373095f822..6e778907bf 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
@@ -66,18 +66,6 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// </summary>
         public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromMinutes(1);
 
-#if DNX451
-        /// <summary>
-        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
-        /// when retrieving metadata.
-        /// </summary>
-        /// <value>
-        /// The pinned certificate validator.
-        /// </value>
-        /// <remarks>If this property is null then the default certificate checks are performed,
-        /// validating the subject name and if the signing chain is a trusted party.</remarks>
-        public ICertificateValidator BackchannelCertificateValidator { get; set; }
-#endif
         /// <summary>
         /// Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties
         /// will not be used. This information should not be updated during request processing.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 97fbbb5e5d..f92c6b6f4a 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -13,7 +13,6 @@
     "frameworks": {
         "dnx451": {
             "frameworkAssemblies": {
-                "System.Net.Http.WebRequest": "",
                 "System.Net.Http": ""
             }
         },
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
index 1b71de47b4..b38637b8aa 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
@@ -75,7 +75,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
             }
 
-            Backchannel = new HttpClient(ResolveHttpMessageHandler(Options));
+            Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
             Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET OAuth middleware");
             Backchannel.Timeout = Options.BackchannelTimeout;
             Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
@@ -96,28 +96,5 @@ namespace Microsoft.AspNet.Authentication.OAuth
         {
             return new OAuthAuthenticationHandler<TOptions>(Backchannel);
         }
-
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(OAuthAuthenticationOptions options)
-        {
-            HttpMessageHandler handler = options.BackchannelHttpHandler ??
-#if DNX451
-                new WebRequestHandler();
-            // If they provided a validator, apply it or fail.
-            if (options.BackchannelCertificateValidator != null)
-            {
-                // Set the cert validate callback
-                var webRequestHandler = handler as WebRequestHandler;
-                if (webRequestHandler == null)
-                {
-                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
-                }
-                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
-            }
-#else
-                new HttpClientHandler();
-#endif
-            return handler;
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
index 680947e36a..58749deed8 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
@@ -42,19 +42,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         public string UserInformationEndpoint { get; set; }
 
-#if DNX451
-        /// <summary>
-        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
-        /// in back channel communications belong to the auth provider.
-        /// </summary>
-        /// <value>
-        /// The pinned certificate validator.
-        /// </value>
-        /// <remarks>If this property is null then the default certificate checks are performed,
-        /// validating the subject name and if the signing chain is a trusted party.</remarks>
-        public ICertificateValidator BackchannelCertificateValidator { get; set; }
-#endif
-
         /// <summary>
         /// Get or sets the text that the user can display on a sign in user interface.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index 5dc4078287..d9d3429cfd 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -13,7 +13,6 @@
     "frameworks": {
         "dnx451": {
             "frameworkAssemblies": {
-                "System.Net.Http.WebRequest": "",
                 "System.Net.Http": ""
             }
         },
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
index 4ed9fb965c..13a3d25562 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
@@ -102,7 +102,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Options.TokenValidationParameters.ValidAudience = Options.ClientId;
             }
 
-            Backchannel = new HttpClient(ResolveHttpMessageHandler(Options));
+            Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
             Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET OpenIdConnect middleware");
             Backchannel.Timeout = Options.BackchannelTimeout;
             Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
@@ -149,29 +149,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return new OpenIdConnectAuthenticationHandler(Backchannel);
         }
 
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(OpenIdConnectAuthenticationOptions options)
-        {
-            var handler = options.BackchannelHttpHandler ??
-#if DNX451
-                new WebRequestHandler();
-            // If they provided a validator, apply it or fail.
-            if (options.BackchannelCertificateValidator != null)
-            {
-                // Set the cert validate callback
-                var webRequestHandler = handler as WebRequestHandler;
-                if (webRequestHandler == null)
-                {
-                    throw new InvalidOperationException(Resources.OIDCH_0102_Exception_ValidatorHandlerMismatch);
-                }
-                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
-            }
-#else
-                new HttpClientHandler();
-#endif
-            return handler;
-        }
-
         private class StringSerializer : IDataSerializer<string>
         {
             public string Deserialize(byte[] data)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
index f24cdec61c..44427e4b5e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
@@ -7,7 +7,6 @@ using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.Caching.Distributed;
@@ -66,18 +65,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public string Authority { get; set; }
 
-#if DNX451
-        /// <summary>
-        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
-        /// when retrieving metadata.
-        /// </summary>
-        /// <value>
-        /// The pinned certificate validator.
-        /// </value>
-        /// <remarks>If this property is null then the default certificate checks are performed,
-        /// validating the subject name and if the signing chain is a trusted party.</remarks>
-        public ICertificateValidator BackchannelCertificateValidator { get; set; }
-#endif
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
         /// This cannot be set at the same time as BackchannelCertificateValidator unless the value
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 3165bdeba1..597b3d5513 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -14,8 +14,7 @@
     "frameworks": {
         "dnx451": {
             "frameworkAssemblies": {
-                "System.Net.Http": "",
-                "System.Net.Http.WebRequest": ""
+                "System.Net.Http": ""
             }
         },
         "dnxcore50": {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
index 1a0d28f736..ae8c118769 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
@@ -74,7 +74,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInScheme"));
             }
 
-            _httpClient = new HttpClient(ResolveHttpMessageHandler(Options));
+            _httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
             _httpClient.Timeout = Options.BackchannelTimeout;
             _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
             _httpClient.DefaultRequestHeaders.Accept.ParseAdd("*/*");
@@ -90,28 +90,5 @@ namespace Microsoft.AspNet.Authentication.Twitter
         {
             return new TwitterAuthenticationHandler(_httpClient);
         }
-
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        private static HttpMessageHandler ResolveHttpMessageHandler(TwitterAuthenticationOptions options)
-        {
-            var handler = options.BackchannelHttpHandler ??
-#if DNX451
-                new WebRequestHandler();
-            // If they provided a validator, apply it or fail.
-            if (options.BackchannelCertificateValidator != null)
-            {
-                // Set the cert validate callback
-                var webRequestHandler = handler as WebRequestHandler;
-                if (webRequestHandler == null)
-                {
-                    throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
-                }
-                webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
-            }
-#else
-                new HttpClientHandler();
-#endif
-            return handler;
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
index cc6d929a99..dd075ea14b 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Net.Http;
-using System.Security.Claims;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.Twitter
@@ -22,16 +21,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
             Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-twitter");
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-#if DNX451
-            // Twitter lists its valid Subject Key Identifiers at https://dev.twitter.com/docs/security/using-ssl
-            BackchannelCertificateValidator = new CertificateSubjectKeyIdentifierValidator(
-                new[]
-                {
-                    "A5EF0B11CEC04103A34A659048B21CE0572D7D47", // VeriSign Class 3 Secure Server CA - G2
-                    "0D445C165344C1827E1D20AB25F40163D8BE79A5", // VeriSign Class 3 Secure Server CA - G3
-                    "5F60CF619055DF8443148A602AB2F57AF44318EF", // Symantec Class 3 Secure Server CA - G4
-                });
-#endif
         }
 
         /// <summary>
@@ -53,18 +42,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// The back channel timeout.
         /// </value>
         public TimeSpan BackchannelTimeout { get; set; }
-#if DNX451
-        /// <summary>
-        /// Gets or sets the a pinned certificate validator to use to validate the endpoints used
-        /// in back channel communications belong to Twitter.
-        /// </summary>
-        /// <value>
-        /// The pinned certificate validator.
-        /// </value>
-        /// <remarks>If this property is null then the default certificate checks are performed,
-        /// validating the subject name and if the signing chain is a trusted party.</remarks>
-        public ICertificateValidator BackchannelCertificateValidator { get; set; }
-#endif
+
         /// <summary>
         /// The HttpMessageHandler used to communicate with Twitter.
         /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index a567a377a8..c0268cc5d0 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -12,7 +12,6 @@
     "frameworks": {
         "dnx451": {
             "frameworkAssemblies": {
-                "System.Net.Http.WebRequest": "",
                 "System.Net.Http": ""
             }
         },
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
deleted file mode 100644
index 4bb78f8d9b..0000000000
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectKeyIdentifierValidator.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-#if DNX451
-using System;
-using System.Collections.Generic;
-using System.Net.Security;
-using System.Security.Cryptography.X509Certificates;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Provides pinned certificate validation based on the subject key identifier of the certificate.
-    /// </summary>
-    public class CertificateSubjectKeyIdentifierValidator : ICertificateValidator
-    {
-        private readonly HashSet<string> _validSubjectKeyIdentifiers;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="CertificateSubjectKeyIdentifierValidator"/> class.
-        /// </summary>
-        /// <param name="validSubjectKeyIdentifiers">A set of subject key identifiers which are valid for an HTTPS request.</param>
-        public CertificateSubjectKeyIdentifierValidator([NotNull] IEnumerable<string> validSubjectKeyIdentifiers)
-        {
-            _validSubjectKeyIdentifiers = new HashSet<string>(validSubjectKeyIdentifiers, StringComparer.OrdinalIgnoreCase);
-
-            if (_validSubjectKeyIdentifiers.Count == 0)
-            {
-                throw new ArgumentOutOfRangeException(nameof(validSubjectKeyIdentifiers));
-            }
-        }
-
-        /// <summary>
-        /// Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.
-        /// </summary>
-        /// <param name="sender">An object that contains state information for this validation.</param>
-        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
-        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
-        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
-        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
-        public bool Validate(object sender, X509Certificate certificate, [NotNull] X509Chain chain, SslPolicyErrors sslPolicyErrors)
-        {
-            if (sslPolicyErrors != SslPolicyErrors.None)
-            {
-                return false;
-            }
-
-            if (chain.ChainElements.Count < 2)
-            {
-                // Self signed.
-                return false;
-            }
-
-            foreach (var chainElement in chain.ChainElements)
-            {
-                string subjectKeyIdentifier = GetSubjectKeyIdentifier(chainElement.Certificate);
-                if (string.IsNullOrEmpty(subjectKeyIdentifier))
-                {
-                    continue;
-                }
-
-                if (_validSubjectKeyIdentifiers.Contains(subjectKeyIdentifier))
-                {
-                    return true;
-                }
-            }
-
-            return false;
-        }
-
-        private static string GetSubjectKeyIdentifier(X509Certificate2 certificate)
-        {
-            const string SubjectKeyIdentifierOid = "2.5.29.14";
-            var extension = certificate.Extensions[SubjectKeyIdentifierOid] as X509SubjectKeyIdentifierExtension;
-
-            return extension == null ? null : extension.SubjectKeyIdentifier;
-        }
-    }
-}
-#endif
diff --git a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
deleted file mode 100644
index 11e827ae7f..0000000000
--- a/src/Microsoft.AspNet.Authentication/CertificateSubjectPublicKeyInfoValidator.cs
+++ /dev/null
@@ -1,128 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-#if DNX451
-using System;
-using System.Collections.Generic;
-using System.ComponentModel;
-using System.Diagnostics.CodeAnalysis;
-using System.Net.Security;
-using System.Runtime.InteropServices;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-using Microsoft.Framework.Internal;
-using Microsoft.Win32;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Implements a cert pinning validator passed on 
-    /// http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/?include_text=1
-    /// </summary>
-    public class CertificateSubjectPublicKeyInfoValidator : ICertificateValidator
-    {
-        private readonly HashSet<string> _validBase64EncodedSubjectPublicKeyInfoHashes;
-
-        private readonly SubjectPublicKeyInfoAlgorithm _algorithm;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="CertificateSubjectPublicKeyInfoValidator"/> class.
-        /// </summary>
-        /// <param name="validBase64EncodedSubjectPublicKeyInfoHashes">A collection of valid base64 encoded hashes of the certificate public key information blob.</param>
-        /// <param name="algorithm">The algorithm used to generate the hashes.</param>
-        public CertificateSubjectPublicKeyInfoValidator([NotNull] IEnumerable<string> validBase64EncodedSubjectPublicKeyInfoHashes, SubjectPublicKeyInfoAlgorithm algorithm)
-        {
-            _validBase64EncodedSubjectPublicKeyInfoHashes = new HashSet<string>(validBase64EncodedSubjectPublicKeyInfoHashes);
-
-            if (_validBase64EncodedSubjectPublicKeyInfoHashes.Count == 0)
-            {
-                throw new ArgumentOutOfRangeException(nameof(validBase64EncodedSubjectPublicKeyInfoHashes));
-            }
-
-            if (_algorithm != SubjectPublicKeyInfoAlgorithm.Sha1 && _algorithm != SubjectPublicKeyInfoAlgorithm.Sha256)
-            {
-                throw new ArgumentOutOfRangeException(nameof(algorithm));
-            }
-
-            _algorithm = algorithm;
-        }
-
-        /// <summary>
-        /// Validates at least one SPKI hash is known.
-        /// </summary>
-        /// <param name="sender">An object that contains state information for this validation.</param>
-        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
-        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
-        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
-        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
-        public bool Validate(object sender, X509Certificate certificate, [NotNull] X509Chain chain, SslPolicyErrors sslPolicyErrors)
-        {
-            if (sslPolicyErrors != SslPolicyErrors.None)
-            {
-                return false;
-            }
-
-            if (chain.ChainElements.Count < 2)
-            {
-                return false;
-            }
-
-            using (HashAlgorithm algorithm = CreateHashAlgorithm())
-            {
-                foreach (var chainElement in chain.ChainElements)
-                {
-                    X509Certificate2 chainedCertificate = chainElement.Certificate;
-                    string base64Spki = Convert.ToBase64String(algorithm.ComputeHash(ExtractSpkiBlob(chainedCertificate)));
-                    if (_validBase64EncodedSubjectPublicKeyInfoHashes.Contains(base64Spki))
-                    {
-                        return true;
-                    }
-                }
-            }
-
-            return false;
-        }
-
-        private static byte[] ExtractSpkiBlob(X509Certificate2 certificate)
-        {
-            // Get a native cert_context from the managed X590Certificate2 instance.
-            var certContext = (NativeMethods.CERT_CONTEXT)Marshal.PtrToStructure(certificate.Handle, typeof(NativeMethods.CERT_CONTEXT));
-
-            // Pull the CERT_INFO structure from the context.
-            var certInfo = (NativeMethods.CERT_INFO)Marshal.PtrToStructure(certContext.pCertInfo, typeof(NativeMethods.CERT_INFO));
-
-            // And finally grab the key information, public key, algorithm and parameters from it.
-            NativeMethods.CERT_PUBLIC_KEY_INFO publicKeyInfo = certInfo.SubjectPublicKeyInfo;
-
-            // Now start encoding to ASN1.
-            // First see how large the ASN1 representation is going to be.
-            UInt32 blobSize = 0;
-            var structType = new IntPtr(NativeMethods.X509_PUBLIC_KEY_INFO);
-            if (!NativeMethods.CryptEncodeObject(NativeMethods.X509_ASN_ENCODING, structType, ref publicKeyInfo, null, ref blobSize))
-            {
-                int error = Marshal.GetLastWin32Error();
-                throw new Win32Exception(error);
-            }
-
-            // Allocate enough space.
-            var blob = new byte[blobSize];
-
-            // Finally get the ASN1 representation.
-            if (!NativeMethods.CryptEncodeObject(NativeMethods.X509_ASN_ENCODING, structType, ref publicKeyInfo, blob, ref blobSize))
-            {
-                int error = Marshal.GetLastWin32Error();
-                throw new Win32Exception(error);
-            }
-
-            return blob;
-        }
-
-        [SuppressMessage("Microsoft.Security.Cryptography", "CA5354:SHA1CannotBeUsed", Justification = "Only used to verify cert hashes.")]
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Caller is responsible for disposal.")]
-        private HashAlgorithm CreateHashAlgorithm()
-        {
-            return _algorithm == SubjectPublicKeyInfoAlgorithm.Sha1 ? (HashAlgorithm)new SHA1CryptoServiceProvider() : new SHA256CryptoServiceProvider();
-        }
-    }
-}
-#endif
diff --git a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs b/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
deleted file mode 100644
index 6188375a1e..0000000000
--- a/src/Microsoft.AspNet.Authentication/CertificateThumbprintValidator.cs
+++ /dev/null
@@ -1,74 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-#if DNX451
-using System;
-using System.Collections.Generic;
-using System.Net.Security;
-using System.Security.Cryptography.X509Certificates;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Provides pinned certificate validation based on the certificate thumbprint.
-    /// </summary>
-    public class CertificateThumbprintValidator : ICertificateValidator
-    {
-        private readonly HashSet<string> _validCertificateThumbprints;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="CertificateThumbprintValidator"/> class.
-        /// </summary>
-        /// <param name="validThumbprints">A set of thumbprints which are valid for an HTTPS request.</param>
-        public CertificateThumbprintValidator([NotNull] IEnumerable<string> validThumbprints)
-        {
-            _validCertificateThumbprints = new HashSet<string>(validThumbprints, StringComparer.OrdinalIgnoreCase);
-
-            if (_validCertificateThumbprints.Count == 0)
-            {
-                throw new ArgumentOutOfRangeException(nameof(validThumbprints));
-            }
-        }
-
-        /// <summary>
-        /// Validates that the certificate thumbprints in the signing chain match at least one whitelisted thumbprint.
-        /// </summary>
-        /// <param name="sender">An object that contains state information for this validation.</param>
-        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
-        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
-        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
-        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
-        public bool Validate(object sender, X509Certificate certificate, [NotNull] X509Chain chain, SslPolicyErrors sslPolicyErrors)
-        {
-            if (sslPolicyErrors != SslPolicyErrors.None)
-            {
-                return false;
-            }
-
-            if (chain.ChainElements.Count < 2)
-            {
-                // Self signed.
-                return false;
-            }
-
-            foreach (var chainElement in chain.ChainElements)
-            {
-                string thumbprintToCheck = chainElement.Certificate.Thumbprint;
-
-                if (thumbprintToCheck == null)
-                {
-                    continue;
-                }
-
-                if (_validCertificateThumbprints.Contains(thumbprintToCheck))
-                {
-                    return true;
-                }
-            }
-
-            return false;
-        }
-    }
-}
-#endif
diff --git a/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs b/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
deleted file mode 100644
index 4e8c2d41e0..0000000000
--- a/src/Microsoft.AspNet.Authentication/ICertificateValidator.cs
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-#if DNX451
-using System;
-using System.Net.Security;
-using System.Security.Cryptography.X509Certificates;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Interface for providing pinned certificate validation, which checks HTTPS 
-    /// communication against a known good list of certificates to protect against 
-    /// compromised or rogue CAs issuing certificates for hosts without the 
-    /// knowledge of the host owner.
-    /// </summary>
-    public interface ICertificateValidator
-    {
-        /// <summary>
-        /// Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.
-        /// </summary>
-        /// <param name="sender">An object that contains state information for this validation.</param>
-        /// <param name="certificate">The certificate used to authenticate the remote party.</param>
-        /// <param name="chain">The chain of certificate authorities associated with the remote certificate.</param>
-        /// <param name="sslPolicyErrors">One or more errors associated with the remote certificate.</param>
-        /// <returns>A Boolean value that determines whether the specified certificate is accepted for authentication.</returns>
-        bool Validate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
-    }
-}
-#endif
diff --git a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
deleted file mode 100644
index a0df4a419e..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectKeyIdentifierValidatorTests.cs
+++ /dev/null
@@ -1,123 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Net.Security;
-using System.Security.Cryptography.X509Certificates;
-using Shouldly;
-using Xunit;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class CertificateSubjectKeyIdentifierValidatorTests
-    {
-        private static readonly X509Certificate2 SelfSigned = new X509Certificate2("selfSigned.cer");
-        private static readonly X509Certificate2 Chained = new X509Certificate2("katanatest.redmond.corp.microsoft.com.cer");
-
-        // The Katana test cert has a valid full chain
-        // katanatest.redmond.corp.microsoft.com -> MSIT Machine Auth CA2 -> Microsoft Internet Authority -> Baltimore CyberTrustRoot
-
-        private const string KatanaTestKeyIdentifier = "d964b2941aaf3e62761041b1f3db098edfa3270a";
-        private const string MicrosoftInternetAuthorityKeyIdentifier = "2a4d97955d347e9db6e633be9c27c1707e67dbc1";
-
-        [Fact]
-        public void ConstructorShouldNotThrowWithValidValues()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
-
-            instance.ShouldNotBe(null);
-        }
-
-        [Fact]
-        public void ConstructorShouldThrownWhenTheValidHashEnumerableIsNull()
-        {
-            Should.Throw<ArgumentNullException>(() =>
-                new CertificateSubjectKeyIdentifierValidator(null));
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateChainErrors()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateChainErrors);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNameMismatch()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNameMismatch);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNotAvailable()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNotAvailable);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
-            var certificateChain = new X509Chain();
-            certificateChain.Build(SelfSigned);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, SelfSigned, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedSubjectKeyIdentifier()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(new[] { string.Empty });
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsSubjectKeyIdentifierWhiteListed()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(
-                new[]
-                {
-                    KatanaTestKeyIdentifier
-                });
-
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementSubjectKeyIdentifierWhiteListed()
-        {
-            var instance = new CertificateSubjectKeyIdentifierValidator(
-                new[]
-                {
-                    MicrosoftInternetAuthorityKeyIdentifier
-                });
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
deleted file mode 100644
index 366e2f3b56..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/CertificateSubjectPublicKeyInfoValidatorTests.cs
+++ /dev/null
@@ -1,173 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Net.Security;
-using System.Security.Cryptography.X509Certificates;
-using Shouldly;
-using Xunit;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class CertificateSubjectPublicKeyInfoValidatorTests
-    {
-        private static readonly X509Certificate2 SelfSigned = new X509Certificate2("selfSigned.cer");
-        private static readonly X509Certificate2 Chained = new X509Certificate2("katanatest.redmond.corp.microsoft.com.cer");
-
-        // The Katana test cert has a valid full chain
-        // katanatest.redmond.corp.microsoft.com -> MSIT Machine Auth CA2 -> Microsoft Internet Authority -> Baltimore CyberTrustRoot
-
-        // The following fingerprints were generated using the go program in appendix A of the Public Key Pinning Extension for HTTP
-        // draft-ietf-websec-key-pinning-05
-
-        private const string KatanaTestSha1Hash = "xvNsCWwxvL3qsCYChZLiwNm1D6o=";
-        private const string KatanaTestSha256Hash = "AhR1Y/xhxK2uD7YJ0xKUPq8tYrWm4+F7DgO2wUOqB+4=";
-
-        private const string MicrosoftInternetAuthoritySha1Hash = "Z3HnseSVDEPu5hZoj05/bBSnT/s=";
-        private const string MicrosoftInternetAuthoritySha256Hash = "UQTPeq/Tlg/vLt2ijtl7qlMFBFkbGG9aAWJbQMOMWFg=";
-
-        [Fact]
-        public void ConstructorShouldNotThrowWithValidValues()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
-
-            instance.ShouldNotBe(null);
-        }
-
-        [Fact]
-        public void ConstructorShouldThrownWhenTheValidHashEnumerableIsNull()
-        {
-            Should.Throw<ArgumentNullException>(() =>
-                new CertificateSubjectPublicKeyInfoValidator(null, SubjectPublicKeyInfoAlgorithm.Sha1));
-        }
-
-        [Fact]
-        public void ConstructorShouldThrowWhenTheHashEnumerableContainsNoHashes()
-        {
-            Should.Throw<ArgumentOutOfRangeException>(() =>
-                new CertificateSubjectPublicKeyInfoValidator(new string[0], SubjectPublicKeyInfoAlgorithm.Sha1));
-        }
-
-        [Fact]
-        public void ConstructorShouldThrowIfAnInvalidAlgorithmIsPassed()
-        {
-            Should.Throw<ArgumentOutOfRangeException>(() =>
-                new CertificateSubjectPublicKeyInfoValidator(new string[0], (SubjectPublicKeyInfoAlgorithm)2));
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateChainErrors()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateChainErrors);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNameMismatch()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNameMismatch);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNotAvailable()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNotAvailable);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(SelfSigned);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, SelfSigned, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedSha1Spki()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha1);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsSha1SpkiWhiteListed()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { KatanaTestSha1Hash }, SubjectPublicKeyInfoAlgorithm.Sha1);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementSha1SpkiWhiteListed()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { MicrosoftInternetAuthoritySha1Hash }, SubjectPublicKeyInfoAlgorithm.Sha1);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedSha256Spki()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new string[1], SubjectPublicKeyInfoAlgorithm.Sha256);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsSha256SpkiWhiteListed()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { KatanaTestSha256Hash }, SubjectPublicKeyInfoAlgorithm.Sha256);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementSha256SpkiWhiteListed()
-        {
-            var instance = new CertificateSubjectPublicKeyInfoValidator(new[] { MicrosoftInternetAuthoritySha256Hash }, SubjectPublicKeyInfoAlgorithm.Sha256);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs b/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
deleted file mode 100644
index 30537c51de..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/CertificateThumbprintValidatorTests.cs
+++ /dev/null
@@ -1,121 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Net.Security;
-using System.Security.Cryptography.X509Certificates;
-using Shouldly;
-using Xunit;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class CertificateThumbprintValidatorTests
-    {
-        private static readonly X509Certificate2 SelfSigned = new X509Certificate2("selfSigned.cer");
-        private static readonly X509Certificate2 Chained = new X509Certificate2("katanatest.redmond.corp.microsoft.com.cer");
-
-        // The Katana test cert has a valid full chain
-        // katanatest.redmond.corp.microsoft.com -> MSIT Machine Auth CA2 -> Microsoft Internet Authority -> Baltimore CyberTrustRoot
-
-        private const string KatanaTestThumbprint = "a9894c464b260cac3f5b91cece33b3c55e82e61c";
-        private const string MicrosoftInternetAuthorityThumbprint = "992ad44d7dce298de17e6f2f56a7b9caa41db93f";
-
-        [Fact]
-        public void ConstructorShouldNotThrowWithValidValues()
-        {
-            var instance = new CertificateThumbprintValidator(new string[1]);
-
-            instance.ShouldNotBe(null);
-        }
-
-        [Fact]
-        public void ConstructorShouldThrownWhenTheValidHashEnumerableIsNull()
-        {
-            Should.Throw<ArgumentNullException>(() =>
-                new CertificateThumbprintValidator(null));
-        }
-
-        [Fact]
-        public void ConstructorShouldThrowWhenTheHashEnumerableContainsNoHashes()
-        {
-            Should.Throw<ArgumentOutOfRangeException>(() =>
-                new CertificateThumbprintValidator(new string[0]));
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateChainErrors()
-        {
-            var instance = new CertificateThumbprintValidator(new string[1]);
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateChainErrors);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNameMismatch()
-        {
-            var instance = new CertificateThumbprintValidator(new string[1]);
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNameMismatch);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenSslPolicyErrorsIsRemoteCertificateNotAvailable()
-        {
-            var instance = new CertificateThumbprintValidator(new string[1]);
-            bool result = instance.Validate(null, null, null, SslPolicyErrors.RemoteCertificateNotAvailable);
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenPassedASelfSignedCertificate()
-        {
-            var instance = new CertificateThumbprintValidator(new string[1]);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(SelfSigned);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, SelfSigned, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnFalseWhenPassedATrustedCertificateWhichDoesNotHaveAWhitelistedThumbprint()
-        {
-            var instance = new CertificateThumbprintValidator(new string[1]);
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(false);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasItsThumbprintWhiteListed()
-        {
-            var instance = new CertificateThumbprintValidator(new[] { KatanaTestThumbprint });
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-
-        [Fact]
-        public void ValidatorShouldReturnTrueWhenPassedATrustedCertificateWhichHasAChainElementThumbprintWhiteListed()
-        {
-            var instance = new CertificateThumbprintValidator(new[] { MicrosoftInternetAuthorityThumbprint });
-            var certificateChain = new X509Chain();
-            certificateChain.Build(Chained);
-            certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-            bool result = instance.Validate(null, Chained, certificateChain, SslPolicyErrors.None);
-
-            result.ShouldBe(true);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index d837cdaffc..33531ba058 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -48,7 +48,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
                             return null;
                         }
                     };
-                    options.BackchannelCertificateValidator = null;
                 },
                 context => 
                 {
@@ -123,7 +122,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
                             return null;
                         }
                     };
-                    options.BackchannelCertificateValidator = null;
                 },
                 context =>
                 {

From 0f06b6a09a38d8027e1d181a07dbbe26ce36517e Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 10 Sep 2015 18:31:59 -0700
Subject: [PATCH 326/900] Adding NeutralResourcesLanguageAttribute

---
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 .../Properties/AssemblyInfo.cs                                | 4 +++-
 src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs | 4 +++-
 10 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
index 025a94598c..b2437d9ad6 100644
--- a/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
@@ -2,5 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
+using System.Resources;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
\ No newline at end of file
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file

From e8090a3176de5e6fc84be829be3a98f1e5ee8a5d Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 14 Sep 2015 14:54:51 -0700
Subject: [PATCH 327/900] Remove authentication from names, async events

---
 samples/OpenIdConnectSample/Startup.cs        |  2 +-
 samples/SocialSample/Startup.cs               | 31 +++----
 .../CookieAppBuilderExtensions.cs             |  1 -
 .../CookieAuthenticationHandler.cs            | 30 +++---
 .../Events/CookieAuthenticationEvents.cs      | 24 +++--
 .../Events/ICookieAuthenticationEvents.cs     | 10 +-
 .../FacebookAppBuilderExtensions.cs           |  8 +-
 ...icationDefaults.cs => FacebookDefaults.cs} |  2 +-
 ...nticationHandler.cs => FacebookHandler.cs} | 14 +--
 ...henticationHelper.cs => FacebookHelper.cs} |  2 +-
 ...ionMiddleware.cs => FacebookMiddleware.cs} | 16 ++--
 ...nticationOptions.cs => FacebookOptions.cs} | 17 ++--
 .../FacebookServiceCollectionExtensions.cs    |  6 +-
 .../GoogleAppBuilderExtensions.cs             |  8 +-
 ...nticationDefaults.cs => GoogleDefaults.cs} |  2 +-
 ...henticationHandler.cs => GoogleHandler.cs} | 16 ++--
 ...uthenticationHelper.cs => GoogleHelper.cs} |  2 +-
 ...ationMiddleware.cs => GoogleMiddleware.cs} | 16 ++--
 ...henticationOptions.cs => GoogleOptions.cs} | 16 ++--
 .../GoogleServiceCollectionExtensions.cs      |  6 +-
 .../Events/AuthenticationChallengeContext.cs  |  4 +-
 .../Events/AuthenticationFailedContext.cs     |  4 +-
 ...nticationEvents.cs => IJwtBearerEvents.cs} |  4 +-
 ...enticationEvents.cs => JwtBearerEvents.cs} |  2 +-
 .../Events/MessageReceivedContext.cs          |  4 +-
 .../Events/SecurityTokenReceivedContext.cs    |  4 +-
 .../Events/SecurityTokenValidatedContext.cs   |  4 +-
 .../JwtBearerAppBuilderExtensions.cs          |  6 +-
 ...cationDefaults.cs => JwtBearerDefaults.cs} |  2 +-
 ...ticationHandler.cs => JwtBearerHandler.cs} |  3 +-
 ...onMiddleware.cs => JwtBearerMiddleware.cs} | 14 +--
 ...ticationOptions.cs => JwtBearerOptions.cs} | 10 +-
 .../JwtBearerServiceCollectionExtensions.cs   |  6 +-
 .../MicrosoftAccountAppBuilderExtensions.cs   |  8 +-
 .../MicrosoftAccountAuthenticationOptions.cs  | 28 ------
 ...efaults.cs => MicrosoftAccountDefaults.cs} |  2 +-
 ...nHandler.cs => MicrosoftAccountHandler.cs} | 10 +-
 ...ionHelper.cs => MicrosoftAccountHelper.cs} |  2 +-
 ...eware.cs => MicrosoftAccountMiddleware.cs} | 16 ++--
 .../MicrosoftAccountOptions.cs                | 28 ++++++
 ...osoftAccountServiceCollectionExtensions.cs |  6 +-
 ...uthenticationEvents.cs => IOAuthEvents.cs} |  6 +-
 .../Events/OAuthApplyRedirectContext.cs       |  4 +-
 .../Events/OAuthAuthenticatedContext.cs       |  6 +-
 ...AuthenticationEvents.cs => OAuthEvents.cs} | 12 ++-
 ...cationExtensions.cs => OAuthExtensions.cs} | 10 +-
 ...thenticationHandler.cs => OAuthHandler.cs} | 10 +-
 ...cationMiddleware.cs => OAuthMiddleware.cs} | 10 +-
 ...thenticationOptions.cs => OAuthOptions.cs} | 10 +-
 .../Events/AuthenticationFailedContext.cs     |  4 +-
 .../AuthorizationCodeReceivedContext.cs       |  4 +-
 .../AuthorizationCodeRedeemedContext.cs       |  4 +-
 ...ationEvents.cs => IOpenIdConnectEvents.cs} |  4 +-
 .../Events/MessageReceivedContext.cs          |  4 +-
 ...cationEvents.cs => OpenIdConnectEvents.cs} |  4 +-
 .../RedirectToIdentityProviderContext.cs      |  4 +-
 .../Events/SecurityTokenReceivedContext.cs    |  4 +-
 .../Events/SecurityTokenValidatedContext.cs   |  4 +-
 ...onDefaults.cs => OpenIdConnectDefaults.cs} |  6 +-
 ...tensions.cs => OpenIdConnectExtensions.cs} | 18 ++--
 ...tionHandler.cs => OpenIdConnectHandler.cs} | 41 ++++-----
 ...ddleware.cs => OpenIdConnectMiddleware.cs} | 28 +++---
 ...tionOptions.cs => OpenIdConnectOptions.cs} | 28 +++---
 ...d.cs => OpenIdConnectRedirectBehavior .cs} |  2 +-
 ...penIdConnectServiceCollectionExtensions.cs |  4 +-
 ...henticationEvents.cs => ITwitterEvents.cs} |  6 +-
 .../Events/TwitterApplyRedirectContext.cs     |  4 +-
 ...thenticationEvents.cs => TwitterEvents.cs} | 12 ++-
 .../TwitterAppBuilderExtensions.cs            |  8 +-
 ...ticationDefaults.cs => TwitterDefaults.cs} |  2 +-
 ...enticationHandler.cs => TwitterHandler.cs} |  6 +-
 ...tionMiddleware.cs => TwitterMiddleware.cs} | 20 ++--
 ...enticationOptions.cs => TwitterOptions.cs} | 12 +--
 .../TwitterServiceCollectionExtensions.cs     |  6 +-
 ...aimsTransformationAuthenticationHandler.cs |  4 +-
 .../ClaimsTransformationMiddleware.cs         |  2 +-
 .../Cookies/CookieMiddlewareTests.cs          |  1 +
 .../Facebook/FacebookMiddlewareTests.cs       |  5 +-
 .../Google/GoogleMiddlewareTests.cs           | 27 +++---
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 22 ++---
 .../MicrosoftAccountMiddlewareTests.cs        |  7 +-
 ...IdConnectHandlerForTestingAuthenticate.cs} |  5 +-
 .../OpenIdConnectHandlerTests.cs              | 92 +++++++++----------
 ...onnectMiddlewareForTestingAuthenticate.cs} | 16 ++--
 .../OpenIdConnectMiddlewareTests.cs           | 38 ++++----
 .../Twitter/TwitterMiddlewareTests.cs         |  5 +-
 86 files changed, 466 insertions(+), 461 deletions(-)
 rename src/Microsoft.AspNet.Authentication.Facebook/{FacebookAuthenticationDefaults.cs => FacebookDefaults.cs} (91%)
 rename src/Microsoft.AspNet.Authentication.Facebook/{FacebookAuthenticationHandler.cs => FacebookHandler.cs} (90%)
 rename src/Microsoft.AspNet.Authentication.Facebook/{FacebookAuthenticationHelper.cs => FacebookHelper.cs} (96%)
 rename src/Microsoft.AspNet.Authentication.Facebook/{FacebookAuthenticationMiddleware.cs => FacebookMiddleware.cs} (77%)
 rename src/Microsoft.AspNet.Authentication.Facebook/{FacebookAuthenticationOptions.cs => FacebookOptions.cs} (68%)
 rename src/Microsoft.AspNet.Authentication.Google/{GoogleAuthenticationDefaults.cs => GoogleDefaults.cs} (91%)
 rename src/Microsoft.AspNet.Authentication.Google/{GoogleAuthenticationHandler.cs => GoogleHandler.cs} (88%)
 rename src/Microsoft.AspNet.Authentication.Google/{GoogleAuthenticationHelper.cs => GoogleHelper.cs} (98%)
 rename src/Microsoft.AspNet.Authentication.Google/{GoogleAuthenticationMiddleware.cs => GoogleMiddleware.cs} (79%)
 rename src/Microsoft.AspNet.Authentication.Google/{GoogleAuthenticationOptions.cs => GoogleOptions.cs} (53%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{IJwtBearerAuthenticationEvents.cs => IJwtBearerEvents.cs} (94%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{JwtBearerAuthenticationEvents.cs => JwtBearerEvents.cs} (97%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerAuthenticationDefaults.cs => JwtBearerDefaults.cs} (91%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerAuthenticationHandler.cs => JwtBearerHandler.cs} (98%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerAuthenticationMiddleware.cs => JwtBearerMiddleware.cs} (86%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerAuthenticationOptions.cs => JwtBearerOptions.cs} (91%)
 delete mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
 rename src/Microsoft.AspNet.Authentication.MicrosoftAccount/{MicrosoftAccountAuthenticationDefaults.cs => MicrosoftAccountDefaults.cs} (90%)
 rename src/Microsoft.AspNet.Authentication.MicrosoftAccount/{MicrosoftAccountAuthenticationHandler.cs => MicrosoftAccountHandler.cs} (84%)
 rename src/Microsoft.AspNet.Authentication.MicrosoftAccount/{MicrosoftAccountAuthenticationHelper.cs => MicrosoftAccountHelper.cs} (96%)
 rename src/Microsoft.AspNet.Authentication.MicrosoftAccount/{MicrosoftAccountAuthenticationMiddleware.cs => MicrosoftAccountMiddleware.cs} (76%)
 create mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
 rename src/Microsoft.AspNet.Authentication.OAuth/Events/{IOAuthAuthenticationEvents.cs => IOAuthEvents.cs} (84%)
 rename src/Microsoft.AspNet.Authentication.OAuth/Events/{OAuthAuthenticationEvents.cs => OAuthEvents.cs} (85%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{OAuthAuthenticationExtensions.cs => OAuthExtensions.cs} (72%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{OAuthAuthenticationHandler.cs => OAuthHandler.cs} (96%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{OAuthAuthenticationMiddleware.cs => OAuthMiddleware.cs} (90%)
 rename src/Microsoft.AspNet.Authentication.OAuth/{OAuthAuthenticationOptions.cs => OAuthOptions.cs} (89%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/{IOpenIdConnectAuthenticationEvents.cs => IOpenIdConnectEvents.cs} (89%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/{OpenIdConnectAuthenticationEvents.cs => OpenIdConnectEvents.cs} (92%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenIdConnectAuthenticationDefaults.cs => OpenIdConnectDefaults.cs} (87%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenIdConnectAuthenticationExtensions.cs => OpenIdConnectExtensions.cs} (57%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenIdConnectAuthenticationHandler.cs => OpenIdConnectHandler.cs} (95%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenIdConnectAuthenticationMiddleware.cs => OpenIdConnectMiddleware.cs} (83%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenIdConnectAuthenticationOptions.cs => OpenIdConnectOptions.cs} (89%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenIdConnectAuthenticationMethod.cs => OpenIdConnectRedirectBehavior .cs} (92%)
 rename src/Microsoft.AspNet.Authentication.Twitter/Events/{ITwitterAuthenticationEvents.cs => ITwitterEvents.cs} (83%)
 rename src/Microsoft.AspNet.Authentication.Twitter/Events/{TwitterAuthenticationEvents.cs => TwitterEvents.cs} (85%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{TwitterAuthenticationDefaults.cs => TwitterDefaults.cs} (84%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{TwitterAuthenticationHandler.cs => TwitterHandler.cs} (98%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{TwitterAuthenticationMiddleware.cs => TwitterMiddleware.cs} (82%)
 rename src/Microsoft.AspNet.Authentication.Twitter/{TwitterAuthenticationOptions.cs => TwitterOptions.cs} (89%)
 rename test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/{OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs => OpenIdConnectHandlerForTestingAuthenticate.cs} (90%)
 rename test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/{OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs => OpenIdConnectMiddlewareForTestingAuthenticate.cs} (66%)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 4c8e2f684b..bd1f45d4c3 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -41,7 +41,7 @@ namespace OpenIdConnectSample
             {
                 if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                 {
-                    await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+                    await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index cfd60dd0f5..f47aea5bbf 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -52,21 +52,17 @@ namespace CookieSample
                 options.AppSecret = "a124463c4719c94b4228d9a240e5dc1a";
             });
 
-            var googleOptions = new OAuthAuthenticationOptions
+            app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "Google-AccessToken",
                 Caption = "Google-AccessToken",
                 ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
                 ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
                 CallbackPath = new PathString("/signin-google-token"),
-                AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint,
-                TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint
-            };
-            googleOptions.Scope.Add("openid");
-            googleOptions.Scope.Add("profile");
-            googleOptions.Scope.Add("email");
-
-            app.UseOAuthAuthentication(googleOptions);
+                AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint,
+                TokenEndpoint = GoogleDefaults.TokenEndpoint,
+                Scope = { "openid", "profile", "email" }
+            });
 
             // https://console.developers.google.com/project
             app.UseGoogleAuthentication(options =>
@@ -99,18 +95,17 @@ namespace CookieSample
             The sample app can then be run via:
              dnx . web
             */
-            var msOAuthOptions = new OAuthAuthenticationOptions
+            app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "Microsoft-AccessToken",
                 Caption = "MicrosoftAccount-AccessToken - Requires project changes",
                 ClientId = "00000000480FF62E",
                 ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
                 CallbackPath = new PathString("/signin-microsoft-token"),
-                AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint,
-                TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint
-            };
-            msOAuthOptions.Scope.Add("wl.basic");
-            app.UseOAuthAuthentication(msOAuthOptions);
+                AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
+                TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
+                Scope = { "wl.basic" }
+            });
 
             app.UseMicrosoftAccountAuthentication(options =>
             {
@@ -121,7 +116,7 @@ namespace CookieSample
             });
 
             // https://github.com/settings/applications/
-            app.UseOAuthAuthentication(new OAuthAuthenticationOptions
+            app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "GitHub-AccessToken",
                 Caption = "Github-AccessToken",
@@ -132,7 +127,7 @@ namespace CookieSample
                 TokenEndpoint = "https://github.com/login/oauth/access_token"
             });
 
-            app.UseOAuthAuthentication(new OAuthAuthenticationOptions
+            app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "GitHub",
                 Caption = "Github",
@@ -145,7 +140,7 @@ namespace CookieSample
                 ClaimsIssuer = "OAuth2-Github",
                 SaveTokensAsClaims = false,
                 // Retrieving user information is unique to each provider.
-                Events = new OAuthAuthenticationEvents
+                Events = new OAuthEvents
                 {
                     OnAuthenticated = async context =>
                     {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 5a79654253..e8b56f4bce 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -38,6 +38,5 @@ namespace Microsoft.AspNet.Builder
             return app.UseMiddleware<CookieAuthenticationMiddleware>(options,
                 new ConfigureOptions<CookieAuthenticationOptions>(o => { }));
         }
-
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 95c4bec019..24fe12fbe8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -132,7 +132,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.Authenticate, exception, ticket);
-                Options.Events.Exception(exceptionContext);
+                await Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -210,7 +210,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.FinishResponse, exception, ticket);
-                Options.Events.Exception(exceptionContext);
+                await Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -249,7 +249,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
                 }
 
-                Options.Events.ResponseSignIn(signInContext);
+                await Options.Events.ResponseSignIn(signInContext);
 
                 if (signInContext.Properties.IsPersistent)
                 {
@@ -286,7 +286,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     signInContext.Principal,
                     signInContext.Properties);
 
-                Options.Events.ResponseSignedIn(signedInContext);
+                await Options.Events.ResponseSignedIn(signedInContext);
 
                 var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
                 ApplyHeaders(shouldLoginRedirect);
@@ -295,7 +295,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.SignIn, exception, ticket);
-                Options.Events.Exception(exceptionContext);
+                await Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -319,7 +319,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Options,
                     cookieOptions);
 
-                Options.Events.ResponseSignOut(context);
+                await Options.Events.ResponseSignOut(context);
 
                 Options.CookieManager.DeleteCookie(
                     Context,
@@ -333,7 +333,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.SignOut, exception, ticket);
-                Options.Events.Exception(exceptionContext);
+                await Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
@@ -373,7 +373,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return path[0] == '/' && path[1] != '/' && path[1] != '\\';
         }
 
-        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        protected async override Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
             try
             {
@@ -385,22 +385,22 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Options.AccessDeniedPath;
 
                 var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
-                Options.Events.ApplyRedirect(redirectContext);
+                await Options.Events.ApplyRedirect(redirectContext);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.Forbidden, exception, ticket: null);
-                Options.Events.Exception(exceptionContext);
+                await Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
                 }
             }
-            return Task.FromResult(true);
+            return true;
         }
 
-        protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
+        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
             var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri;
             try
@@ -412,19 +412,19 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
                 var redirectContext = new CookieApplyRedirectContext(Context, Options, BuildRedirectUri(loginUri));
-                Options.Events.ApplyRedirect(redirectContext);
+                await Options.Events.ApplyRedirect(redirectContext);
             }
             catch (Exception exception)
             {
                 var exceptionContext = new CookieExceptionContext(Context, Options,
                     CookieExceptionContext.ExceptionLocation.Unauthorized, exception, ticket: null);
-                Options.Events.Exception(exceptionContext);
+                await Options.Events.Exception(exceptionContext);
                 if (exceptionContext.Rethrow)
                 {
                     throw;
                 }
             }
-            return Task.FromResult(true);
+            return true;
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 6c65bb857d..7a96ce99d0 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -21,27 +21,31 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieResponseSignInContext> OnResponseSignIn { get; set; } = context => { };
+        public Func<CookieResponseSignInContext, Task> OnResponseSignIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieResponseSignedInContext> OnResponseSignedIn { get; set; } = context => { };
+        public Func<CookieResponseSignedInContext, Task> OnResponseSignedIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieResponseSignOutContext> OnResponseSignOut { get; set; } = context => { };
+        public Func<CookieResponseSignOutContext, Task> OnResponseSignOut { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieApplyRedirectContext> OnApplyRedirect { get; set; } = context => context.Response.Redirect(context.RedirectUri);
+        public Func<CookieApplyRedirectContext, Task> OnApplyRedirect { get; set; } = context =>
+        {
+            context.Response.Redirect(context.RedirectUri);
+            return Task.FromResult(0);
+        };
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Action<CookieExceptionContext> OnException { get; set; } = context => { };
+        public Func<CookieExceptionContext, Task> OnException { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
@@ -54,30 +58,30 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual void ResponseSignIn(CookieResponseSignInContext context) => OnResponseSignIn(context);
+        public virtual Task ResponseSignIn(CookieResponseSignInContext context) => OnResponseSignIn(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual void ResponseSignedIn(CookieResponseSignedInContext context) => OnResponseSignedIn(context);
+        public virtual Task ResponseSignedIn(CookieResponseSignedInContext context) => OnResponseSignedIn(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual void ResponseSignOut(CookieResponseSignOutContext context) => OnResponseSignOut(context);
+        public virtual Task ResponseSignOut(CookieResponseSignOutContext context) => OnResponseSignOut(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual void ApplyRedirect(CookieApplyRedirectContext context) => OnApplyRedirect(context);
+        public virtual Task ApplyRedirect(CookieApplyRedirectContext context) => OnApplyRedirect(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual void Exception(CookieExceptionContext context) => OnException(context);
+        public virtual Task Exception(CookieExceptionContext context) => OnException(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
index b4caf0b556..fef97c6916 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
@@ -23,30 +23,30 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// implementing this method the claims and extra information that go into the ticket may be altered.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        void ResponseSignIn(CookieResponseSignInContext context);
+        Task ResponseSignIn(CookieResponseSignInContext context);
 
         /// <summary>
         /// Called when an endpoint has provided sign in information after it is converted into a cookie.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        void ResponseSignedIn(CookieResponseSignedInContext context);
+        Task ResponseSignedIn(CookieResponseSignedInContext context);
 
         /// <summary>
         /// Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        void ApplyRedirect(CookieApplyRedirectContext context);
+        Task ApplyRedirect(CookieApplyRedirectContext context);
 
         /// <summary>
         /// Called during the sign-out flow to augment the cookie cleanup process.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as information about the authentication cookie.</param>
-        void ResponseSignOut(CookieResponseSignOutContext context);
+        Task ResponseSignOut(CookieResponseSignOutContext context);
 
         /// <summary>
         /// Called when an exception occurs during request or response processing.
         /// </summary>
         /// <param name="context">Contains information about the exception that occurred</param>
-        void Exception(CookieExceptionContext context);
+        Task Exception(CookieExceptionContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 9c825e6715..9d0dc44e1b 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -9,7 +9,7 @@ using Microsoft.Framework.OptionsModel;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="FacebookAuthenticationMiddleware"/>.
+    /// Extension methods for using <see cref="FacebookMiddleware"/>.
     /// </summary>
     public static class FacebookAppBuilderExtensions
     {
@@ -18,10 +18,10 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookAuthenticationOptions> configureOptions = null)
+        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookOptions> configureOptions = null)
         {
-            return app.UseMiddleware<FacebookAuthenticationMiddleware>(
-                 new ConfigureOptions<FacebookAuthenticationOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<FacebookMiddleware>(
+                 new ConfigureOptions<FacebookOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
similarity index 91%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
index 54d48cbc51..765871274a 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
@@ -3,7 +3,7 @@
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
-    public static class FacebookAuthenticationDefaults
+    public static class FacebookDefaults
     {
         public const string AuthenticationScheme = "Facebook";
 
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
index 8f3d343b46..ee6824b451 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
@@ -17,9 +17,9 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
-    internal class FacebookAuthenticationHandler : OAuthAuthenticationHandler<FacebookAuthenticationOptions>
+    internal class FacebookHandler : OAuthHandler<FacebookOptions>
     {
-        public FacebookAuthenticationHandler(HttpClient httpClient)
+        public FacebookHandler(HttpClient httpClient)
             : base(httpClient)
         {
         }
@@ -68,25 +68,25 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 Principal = new ClaimsPrincipal(identity)
             };
 
-            var identifier = FacebookAuthenticationHelper.GetId(payload);
+            var identifier = FacebookHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
             {
                 identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var userName = FacebookAuthenticationHelper.GetUserName(payload);
+            var userName = FacebookHelper.GetUserName(payload);
             if (!string.IsNullOrEmpty(userName))
             {
                 identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var email = FacebookAuthenticationHelper.GetEmail(payload);
+            var email = FacebookHelper.GetEmail(payload);
             if (!string.IsNullOrEmpty(email))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var name = FacebookAuthenticationHelper.GetName(payload);
+            var name = FacebookHelper.GetName(payload);
             if (!string.IsNullOrEmpty(name))
             {
                 identity.AddClaim(new Claim("urn:facebook:name", name, ClaimValueTypes.String, Options.ClaimsIssuer));
@@ -98,7 +98,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 }
             }
 
-            var link = FacebookAuthenticationHelper.GetLink(payload);
+            var link = FacebookHelper.GetLink(payload);
             if (!string.IsNullOrEmpty(link))
             {
                 identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer));
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHelper.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs
similarity index 96%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHelper.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs
index 3f9f98114f..f3a99e6c49 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationHelper.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
     /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
     /// instance retrieved from Facebook after a successful authentication process.
     /// </summary>
-    public static class FacebookAuthenticationHelper
+    public static class FacebookHelper
     {
         /// <summary>
         /// Gets the Facebook user ID.
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
similarity index 77%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index 3a5da62485..8e97d9d158 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -16,10 +16,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
     /// <summary>
     /// An ASP.NET middleware for authenticating users using Facebook.
     /// </summary>
-    public class FacebookAuthenticationMiddleware : OAuthAuthenticationMiddleware<FacebookAuthenticationOptions>
+    public class FacebookMiddleware : OAuthMiddleware<FacebookOptions>
     {
         /// <summary>
-        /// Initializes a new <see cref="FacebookAuthenticationMiddleware"/>.
+        /// Initializes a new <see cref="FacebookMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
@@ -28,14 +28,14 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         /// <param name="configureOptions"></param>
-        public FacebookAuthenticationMiddleware(
+        public FacebookMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<FacebookAuthenticationOptions> options,
-            ConfigureOptions<FacebookAuthenticationOptions> configureOptions = null)
+            [NotNull] IOptions<FacebookOptions> options,
+            ConfigureOptions<FacebookOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
         {
             if (string.IsNullOrEmpty(Options.AppId))
@@ -51,10 +51,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="FacebookAuthenticationOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<FacebookAuthenticationOptions> CreateHandler()
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="FacebookOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<FacebookOptions> CreateHandler()
         {
-            return new FacebookAuthenticationHandler(Backchannel);
+            return new FacebookHandler(Backchannel);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
similarity index 68%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
index 4a5e1ce91d..12bde4675e 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
@@ -1,29 +1,28 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.OAuth;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
     /// <summary>
-    /// Configuration options for <see cref="FacebookAuthenticationMiddleware"/>.
+    /// Configuration options for <see cref="FacebookMiddleware"/>.
     /// </summary>
-    public class FacebookAuthenticationOptions : OAuthAuthenticationOptions
+    public class FacebookOptions : OAuthOptions
     {
         /// <summary>
-        /// Initializes a new <see cref="FacebookAuthenticationOptions"/>.
+        /// Initializes a new <see cref="FacebookOptions"/>.
         /// </summary>
-        public FacebookAuthenticationOptions()
+        public FacebookOptions()
         {
-            AuthenticationScheme = FacebookAuthenticationDefaults.AuthenticationScheme;
+            AuthenticationScheme = FacebookDefaults.AuthenticationScheme;
             Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-facebook");
             SendAppSecretProof = true;
-            AuthorizationEndpoint = FacebookAuthenticationDefaults.AuthorizationEndpoint;
-            TokenEndpoint = FacebookAuthenticationDefaults.TokenEndpoint;
-            UserInformationEndpoint = FacebookAuthenticationDefaults.UserInformationEndpoint;
+            AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
+            TokenEndpoint = FacebookDefaults.TokenEndpoint;
+            UserInformationEndpoint = FacebookDefaults.UserInformationEndpoint;
             SaveTokensAsClaims = false;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
index 3666f9ecf5..ccffd7de44 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
@@ -9,18 +9,18 @@ using Microsoft.Framework.Internal;
 namespace Microsoft.Framework.DependencyInjection
 {
     /// <summary>
-    /// Extension methods for using <see cref="FacebookAuthenticationMiddleware"/>.
+    /// Extension methods for using <see cref="FacebookMiddleware"/>.
     /// </summary>
     public static class FacebookServiceCollectionExtensions
     {
-        public static IServiceCollection AddFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookAuthenticationOptions> configure)
+        public static IServiceCollection AddFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookOptions> configure)
         {
             return services.Configure(configure);
         }
 
         public static IServiceCollection AddFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure<FacebookAuthenticationOptions>(config);
+            return services.Configure<FacebookOptions>(config);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 848e83df70..55e3ba23a0 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -9,7 +9,7 @@ using Microsoft.Framework.OptionsModel;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="GoogleAuthenticationMiddleware"/>.
+    /// Extension methods for using <see cref="GoogleMiddleware"/>.
     /// </summary>
     public static class GoogleAppBuilderExtensions
     {
@@ -20,10 +20,10 @@ namespace Microsoft.AspNet.Builder
         /// <param name="configureOptions">Used to configure Middleware options.</param>
         /// <param name="optionsName">Name of the options instance to be used</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleOptions> configureOptions = null, string optionsName = "")
         {
-            return app.UseMiddleware<GoogleAuthenticationMiddleware>(
-                 new ConfigureOptions<GoogleAuthenticationOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<GoogleMiddleware>(
+                 new ConfigureOptions<GoogleOptions>(configureOptions ?? (o => { })));
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
similarity index 91%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
index 88aa4f1f16..4085778d35 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
@@ -3,7 +3,7 @@
 
 namespace Microsoft.AspNet.Authentication.Google
 {
-    public static class GoogleAuthenticationDefaults
+    public static class GoogleDefaults
     {
         public const string AuthenticationScheme = "Google";
 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
similarity index 88%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
index 7d55c5e676..e688dc8562 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
@@ -14,9 +14,9 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
-    internal class GoogleAuthenticationHandler : OAuthAuthenticationHandler<GoogleAuthenticationOptions>
+    internal class GoogleHandler : OAuthHandler<GoogleOptions>
     {
-        public GoogleAuthenticationHandler(HttpClient httpClient)
+        public GoogleHandler(HttpClient httpClient)
             : base(httpClient)
         {
         }
@@ -38,37 +38,37 @@ namespace Microsoft.AspNet.Authentication.Google
                 Principal = new ClaimsPrincipal(identity)
             };
 
-            var identifier = GoogleAuthenticationHelper.GetId(payload);
+            var identifier = GoogleHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
             {
                 identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var givenName = GoogleAuthenticationHelper.GetGivenName(payload);
+            var givenName = GoogleHelper.GetGivenName(payload);
             if (!string.IsNullOrEmpty(givenName))
             {
                 identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var familyName = GoogleAuthenticationHelper.GetFamilyName(payload);
+            var familyName = GoogleHelper.GetFamilyName(payload);
             if (!string.IsNullOrEmpty(familyName))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var name = GoogleAuthenticationHelper.GetName(payload);
+            var name = GoogleHelper.GetName(payload);
             if (!string.IsNullOrEmpty(name))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var email = GoogleAuthenticationHelper.GetEmail(payload);
+            var email = GoogleHelper.GetEmail(payload);
             if (!string.IsNullOrEmpty(email))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var profile = GoogleAuthenticationHelper.GetProfile(payload);
+            var profile = GoogleHelper.GetProfile(payload);
             if (!string.IsNullOrEmpty(profile))
             {
                 identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHelper.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
similarity index 98%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHelper.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
index 611bfffa7b..e8618f3e31 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationHelper.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.Google
     /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
     /// instance retrieved from Google after a successful authentication process.
     /// </summary>
-    public static class GoogleAuthenticationHelper
+    public static class GoogleHelper
     {
         /// <summary>
         /// Gets the Google user ID.
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
similarity index 79%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index b4d6cee923..5ceb214494 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -16,10 +16,10 @@ namespace Microsoft.AspNet.Authentication.Google
     /// An ASP.NET middleware for authenticating users using Google OAuth 2.0.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
-    public class GoogleAuthenticationMiddleware : OAuthAuthenticationMiddleware<GoogleAuthenticationOptions>
+    public class GoogleMiddleware : OAuthMiddleware<GoogleOptions>
     {
         /// <summary>
-        /// Initializes a new <see cref="GoogleAuthenticationMiddleware"/>.
+        /// Initializes a new <see cref="GoogleMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
@@ -28,14 +28,14 @@ namespace Microsoft.AspNet.Authentication.Google
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         /// <param name="configureOptions"></param>
-        public GoogleAuthenticationMiddleware(
+        public GoogleMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<GoogleAuthenticationOptions> options,
-            ConfigureOptions<GoogleAuthenticationOptions> configureOptions = null)
+            [NotNull] IOptions<GoogleOptions> options,
+            ConfigureOptions<GoogleOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
         {
             if (Options.Scope.Count == 0)
@@ -52,10 +52,10 @@ namespace Microsoft.AspNet.Authentication.Google
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="GoogleAuthenticationOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<GoogleAuthenticationOptions> CreateHandler()
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="GoogleOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<GoogleOptions> CreateHandler()
         {
-            return new GoogleAuthenticationHandler(Backchannel);
+            return new GoogleHandler(Backchannel);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
similarity index 53%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
index f0c5d0f220..48f0c736b3 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
@@ -7,21 +7,21 @@ using Microsoft.AspNet.Http;
 namespace Microsoft.AspNet.Authentication.Google
 {
     /// <summary>
-    /// Configuration options for <see cref="GoogleAuthenticationMiddleware"/>.
+    /// Configuration options for <see cref="GoogleMiddleware"/>.
     /// </summary>
-    public class GoogleAuthenticationOptions : OAuthAuthenticationOptions
+    public class GoogleOptions : OAuthOptions
     {
         /// <summary>
-        /// Initializes a new <see cref="GoogleAuthenticationOptions"/>.
+        /// Initializes a new <see cref="GoogleOptions"/>.
         /// </summary>
-        public GoogleAuthenticationOptions()
+        public GoogleOptions()
         {
-            AuthenticationScheme = GoogleAuthenticationDefaults.AuthenticationScheme;
+            AuthenticationScheme = GoogleDefaults.AuthenticationScheme;
             Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-google");
-            AuthorizationEndpoint = GoogleAuthenticationDefaults.AuthorizationEndpoint;
-            TokenEndpoint = GoogleAuthenticationDefaults.TokenEndpoint;
-            UserInformationEndpoint = GoogleAuthenticationDefaults.UserInformationEndpoint;
+            AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
+            TokenEndpoint = GoogleDefaults.TokenEndpoint;
+            UserInformationEndpoint = GoogleDefaults.UserInformationEndpoint;
             SaveTokensAsClaims = false;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
index 6b47398490..0c329dc5cb 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
@@ -9,18 +9,18 @@ using Microsoft.Framework.Internal;
 namespace Microsoft.Framework.DependencyInjection
 {
     /// <summary>
-    /// Extension methods for using <see cref="GoogleAuthenticationMiddleware"/>.
+    /// Extension methods for using <see cref="GoogleMiddleware"/>.
     /// </summary>
     public static class GoogleServiceCollectionExtensions
     {
-        public static IServiceCollection AddGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleAuthenticationOptions> configure)
+        public static IServiceCollection AddGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleOptions> configure)
         {
             return services.Configure(configure);
         }
 
         public static IServiceCollection AddGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure<GoogleAuthenticationOptions>(config);
+            return services.Configure<GoogleOptions>(config);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
index 702ccc4527..44f44d5b3e 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationChallengeContext : BaseControlContext<JwtBearerAuthenticationOptions>
+    public class AuthenticationChallengeContext : BaseControlContext<JwtBearerOptions>
     {
-        public AuthenticationChallengeContext(HttpContext context, JwtBearerAuthenticationOptions options)
+        public AuthenticationChallengeContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index f4301c4c6f..2ac80c4f73 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -6,9 +6,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationFailedContext : BaseControlContext<JwtBearerAuthenticationOptions>
+    public class AuthenticationFailedContext : BaseControlContext<JwtBearerOptions>
     {
-        public AuthenticationFailedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+        public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
similarity index 94%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
index cd1a6fc087..0ec2a9c247 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
@@ -1,9 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
 
 /// <summary>
 /// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
@@ -13,7 +11,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     /// <summary>
     /// Jwt bearer token middleware events.
     /// </summary>
-    public interface IJwtBearerAuthenticationEvents
+    public interface IJwtBearerEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
similarity index 97%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index 4b06937a70..a6976228cd 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -13,7 +13,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     /// <summary>
     /// Jwt bearer token middleware events.
     /// </summary>
-    public class JwtBearerAuthenticationEvents : IJwtBearerAuthenticationEvents
+    public class JwtBearerEvents : IJwtBearerEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index e9e8955786..cd940ef679 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class MessageReceivedContext : BaseControlContext<JwtBearerAuthenticationOptions>
+    public class MessageReceivedContext : BaseControlContext<JwtBearerOptions>
     {
-        public MessageReceivedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+        public MessageReceivedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
index 672021ca6b..5aedda1d84 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenReceivedContext : BaseControlContext<JwtBearerAuthenticationOptions>
+    public class SecurityTokenReceivedContext : BaseControlContext<JwtBearerOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+        public SecurityTokenReceivedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
index 383284e4ae..488e8e6b02 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenValidatedContext : BaseControlContext<JwtBearerAuthenticationOptions>
+    public class SecurityTokenValidatedContext : BaseControlContext<JwtBearerOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, JwtBearerAuthenticationOptions options)
+        public SecurityTokenValidatedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 6b73167d89..bdc91c71d2 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -24,10 +24,10 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the bearer header.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerAuthenticationOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions = null, string optionsName = "")
         {
-            return app.UseMiddleware<JwtBearerAuthenticationMiddleware>(
-                new ConfigureOptions<JwtBearerAuthenticationOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<JwtBearerMiddleware>(
+                new ConfigureOptions<JwtBearerOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
similarity index 91%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
index d6cb381976..c39bf6cb9e 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
@@ -6,7 +6,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     /// <summary>
     /// Default values used by authorization server and bearer authentication.
     /// </summary>
-    public static class JwtBearerAuthenticationDefaults
+    public static class JwtBearerDefaults
     {
         /// <summary>
         /// Default value for AuthenticationScheme property in the JwtBearerAuthenticationOptions and
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
similarity index 98%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index b2e6cfbd8c..0f420f7fc4 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -5,7 +5,6 @@ using System;
 using System.IdentityModel.Tokens;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Logging;
@@ -13,7 +12,7 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class JwtBearerAuthenticationHandler : AuthenticationHandler<JwtBearerAuthenticationOptions>
+    public class JwtBearerHandler : AuthenticationHandler<JwtBearerOptions>
     {
         private OpenIdConnectConfiguration _configuration;
 
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
similarity index 86%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index 1127f12889..7884a675b8 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -18,24 +18,24 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     /// created by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication
     /// extension method.
     /// </summary>
-    public class JwtBearerAuthenticationMiddleware : AuthenticationMiddleware<JwtBearerAuthenticationOptions>
+    public class JwtBearerMiddleware : AuthenticationMiddleware<JwtBearerOptions>
     {
         /// <summary>
         /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
         /// called by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication 
         /// extension method.
         /// </summary>
-        public JwtBearerAuthenticationMiddleware(
+        public JwtBearerMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<JwtBearerAuthenticationOptions> options,
-            ConfigureOptions<JwtBearerAuthenticationOptions> configureOptions)
+            [NotNull] IOptions<JwtBearerOptions> options,
+            ConfigureOptions<JwtBearerOptions> configureOptions)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
             if (Options.Events == null)
             {
-                Options.Events = new JwtBearerAuthenticationEvents();
+                Options.Events = new JwtBearerEvents();
             }
 
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
@@ -75,9 +75,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
         /// </summary>
         /// <returns>A new instance of the request handler</returns>
-        protected override AuthenticationHandler<JwtBearerAuthenticationOptions> CreateHandler()
+        protected override AuthenticationHandler<JwtBearerOptions> CreateHandler()
         {
-            return new JwtBearerAuthenticationHandler();
+            return new JwtBearerHandler();
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
similarity index 91%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
index 6e778907bf..a6df42ec6b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -14,14 +14,14 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
     /// </summary>
-    public class JwtBearerAuthenticationOptions : AuthenticationOptions
+    public class JwtBearerOptions : AuthenticationOptions
     {
         /// <summary>
         /// Creates an instance of bearer authentication options with default values.
         /// </summary>
-        public JwtBearerAuthenticationOptions() : base()
+        public JwtBearerOptions() : base()
         {
-            AuthenticationScheme = JwtBearerAuthenticationDefaults.AuthenticationScheme;
+            AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
         }
 
         /// <summary>
@@ -45,14 +45,14 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// <summary>
         /// Gets or sets the challenge to put in the "WWW-Authenticate" header.
         /// </summary>
-        public string Challenge { get; set; } = JwtBearerAuthenticationDefaults.AuthenticationScheme;
+        public string Challenge { get; set; } = JwtBearerDefaults.AuthenticationScheme;
 
         /// <summary>
         /// The object provided by the application to process events raised by the bearer authentication middleware.
         /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public IJwtBearerAuthenticationEvents Events { get; set; } = new JwtBearerAuthenticationEvents();
+        public IJwtBearerEvents Events { get; set; } = new JwtBearerEvents();
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
index db7633bfe2..30a99c277b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
@@ -13,14 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class JwtBearerServiceCollectionExtensions
     {
-        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<JwtBearerAuthenticationOptions> configure)
+        public static IServiceCollection AddJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<JwtBearerOptions> configure)
         {
             return services.Configure(configure);
         }
 
-        public static IServiceCollection ConfigureJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        public static IServiceCollection AddJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.ConfigureJwtBearerAuthentication(config);
+            return services.Configure<JwtBearerOptions>(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 0bb6dc905e..86c4ae040e 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -9,14 +9,14 @@ using Microsoft.Framework.OptionsModel;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="MicrosoftAccountAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="MicrosoftAccountMiddleware"/>
     /// </summary>
     public static class MicrosoftAccountAuthenticationExtensions
     {
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountAuthenticationOptions> configureOptions = null)
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountOptions> configureOptions = null)
         {
-            return app.UseMiddleware<MicrosoftAccountAuthenticationMiddleware>(
-                 new ConfigureOptions<MicrosoftAccountAuthenticationOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<MicrosoftAccountMiddleware>(
+                 new ConfigureOptions<MicrosoftAccountOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
deleted file mode 100644
index 04d2bfa331..0000000000
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.OAuth;
-
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
-{
-    /// <summary>
-    /// Configuration options for <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
-    /// </summary>
-    public class MicrosoftAccountAuthenticationOptions : OAuthAuthenticationOptions
-    {
-        /// <summary>
-        /// Initializes a new <see cref="MicrosoftAccountAuthenticationOptions"/>.
-        /// </summary>
-        public MicrosoftAccountAuthenticationOptions()
-        {
-            AuthenticationScheme = MicrosoftAccountAuthenticationDefaults.AuthenticationScheme;
-            Caption = AuthenticationScheme;
-            CallbackPath = new PathString("/signin-microsoft");
-            AuthorizationEndpoint = MicrosoftAccountAuthenticationDefaults.AuthorizationEndpoint;
-            TokenEndpoint = MicrosoftAccountAuthenticationDefaults.TokenEndpoint;
-            UserInformationEndpoint = MicrosoftAccountAuthenticationDefaults.UserInformationEndpoint;
-            SaveTokensAsClaims = false;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
index d42368cdc7..4cfd9dda03 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
@@ -3,7 +3,7 @@
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
-    public static class MicrosoftAccountAuthenticationDefaults
+    public static class MicrosoftAccountDefaults
     {
         public const string AuthenticationScheme = "Microsoft";
 
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
similarity index 84%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 4cec337008..adac9be9dc 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -11,9 +11,9 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
-    internal class MicrosoftAccountAuthenticationHandler : OAuthAuthenticationHandler<MicrosoftAccountAuthenticationOptions>
+    internal class MicrosoftAccountHandler : OAuthHandler<MicrosoftAccountOptions>
     {
-        public MicrosoftAccountAuthenticationHandler(HttpClient httpClient)
+        public MicrosoftAccountHandler(HttpClient httpClient)
             : base(httpClient)
         {
         }
@@ -34,21 +34,21 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
                 Principal = new ClaimsPrincipal(identity)
             };
 
-            var identifier = MicrosoftAccountAuthenticationHelper.GetId(payload);
+            var identifier = MicrosoftAccountHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
             {
                 identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
                 identity.AddClaim(new Claim("urn:microsoftaccount:id", identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var name = MicrosoftAccountAuthenticationHelper.GetName(payload);
+            var name = MicrosoftAccountHelper.GetName(payload);
             if (!string.IsNullOrEmpty(name))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
                 identity.AddClaim(new Claim("urn:microsoftaccount:name", name, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var email = MicrosoftAccountAuthenticationHelper.GetEmail(payload);
+            var email = MicrosoftAccountHelper.GetEmail(payload);
             if (!string.IsNullOrEmpty(email))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHelper.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
similarity index 96%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHelper.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
index e2629cdf38..8de7ad6138 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationHelper.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
     /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
     /// instance retrieved from Google after a successful authentication process.
     /// </summary>
-    public static class MicrosoftAccountAuthenticationHelper
+    public static class MicrosoftAccountHelper
     {
         /// <summary>
         /// Gets the Microsoft Account user ID.
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
similarity index 76%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 86da69893a..7e5830922e 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -14,10 +14,10 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
     /// <summary>
     /// An ASP.NET middleware for authenticating users using the Microsoft Account service.
     /// </summary>
-    public class MicrosoftAccountAuthenticationMiddleware : OAuthAuthenticationMiddleware<MicrosoftAccountAuthenticationOptions>
+    public class MicrosoftAccountMiddleware : OAuthMiddleware<MicrosoftAccountOptions>
     {
         /// <summary>
-        /// Initializes a new <see cref="MicrosoftAccountAuthenticationMiddleware"/>.
+        /// Initializes a new <see cref="MicrosoftAccountMiddleware"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
@@ -26,14 +26,14 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         /// <param name="configureOptions"></param>
-        public MicrosoftAccountAuthenticationMiddleware(
+        public MicrosoftAccountMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<MicrosoftAccountAuthenticationOptions> options,
-            ConfigureOptions<MicrosoftAccountAuthenticationOptions> configureOptions = null)
+            [NotNull] IOptions<MicrosoftAccountOptions> options,
+            ConfigureOptions<MicrosoftAccountOptions> configureOptions = null)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
         {
             if (Options.Scope.Count == 0)
@@ -47,10 +47,10 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="MicrosoftAccountAuthenticationOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<MicrosoftAccountAuthenticationOptions> CreateHandler()
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="MicrosoftAccountOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<MicrosoftAccountOptions> CreateHandler()
         {
-            return new MicrosoftAccountAuthenticationHandler(Backchannel);
+            return new MicrosoftAccountHandler(Backchannel);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
new file mode 100644
index 0000000000..d817cd3ee8
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -0,0 +1,28 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Authentication.OAuth;
+
+namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+{
+    /// <summary>
+    /// Configuration options for <see cref="MicrosoftAccountMiddleware"/>.
+    /// </summary>
+    public class MicrosoftAccountOptions : OAuthOptions
+    {
+        /// <summary>
+        /// Initializes a new <see cref="MicrosoftAccountOptions"/>.
+        /// </summary>
+        public MicrosoftAccountOptions()
+        {
+            AuthenticationScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+            Caption = AuthenticationScheme;
+            CallbackPath = new PathString("/signin-microsoft");
+            AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
+            TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
+            UserInformationEndpoint = MicrosoftAccountDefaults.UserInformationEndpoint;
+            SaveTokensAsClaims = false;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
index fb7d6ce3f1..83e52461c7 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
@@ -9,18 +9,18 @@ using Microsoft.Framework.Internal;
 namespace Microsoft.Framework.DependencyInjection
 {
     /// <summary>
-    /// Extension methods for using <see cref="MicrosoftAccountAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="MicrosoftAccountMiddleware"/>
     /// </summary>
     public static class MicrosoftAccountServiceCollectionExtensions
     {
-        public static IServiceCollection AddMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountAuthenticationOptions> configure)
+        public static IServiceCollection AddMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountOptions> configure)
         {
             return services.Configure(configure);
         }
 
         public static IServiceCollection AddMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure<MicrosoftAccountAuthenticationOptions>(config);
+            return services.Configure<MicrosoftAccountOptions>(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
similarity index 84%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
index 897b889206..d5acd3bbca 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
@@ -6,9 +6,9 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
-    /// Specifies callback methods which the <see cref="OAuthAuthenticationMiddleware"/> invokes to enable developer control over the authentication process.
+    /// Specifies callback methods which the <see cref="OAuthMiddleware"/> invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IOAuthAuthenticationEvents
+    public interface IOAuthEvents
     {
         /// <summary>
         /// Invoked after the provider successfully authenticates a user. This can be used to retrieve user information.
@@ -29,6 +29,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Called when a Challenge causes a redirect to the authorize endpoint.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        void ApplyRedirect(OAuthApplyRedirectContext context);
+        Task ApplyRedirect(OAuthApplyRedirectContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs
index 86ec2d62a9..83629708f8 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Context passed when a Challenge causes a redirect to authorize endpoint in the Microsoft account middleware.
     /// </summary>
-    public class OAuthApplyRedirectContext : BaseContext<OAuthAuthenticationOptions>
+    public class OAuthApplyRedirectContext : BaseContext<OAuthOptions>
     {
         /// <summary>
         /// Creates a new context object.
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="context">The HTTP request context.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
-        public OAuthApplyRedirectContext(HttpContext context, OAuthAuthenticationOptions options, AuthenticationProperties properties, string redirectUri)
+        public OAuthApplyRedirectContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
             : base(context, options)
         {
             RedirectUri = redirectUri;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
index 5e5574f825..3aa4f8b6a8 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class OAuthAuthenticatedContext : BaseContext<OAuthAuthenticationOptions>
+    public class OAuthAuthenticatedContext : BaseContext<OAuthOptions>
     {
         /// <summary>
         /// Initializes a new <see cref="OAuthAuthenticatedContext"/>.
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         public OAuthAuthenticatedContext(
             [NotNull] HttpContext context,
-            [NotNull] OAuthAuthenticationOptions options,
+            [NotNull] OAuthOptions options,
             [NotNull] HttpClient backchannel,
             [NotNull] OAuthTokenResponse tokens)
             : this(context, options, backchannel, tokens, user: new JObject())
@@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="user">The JSON-serialized user.</param>
         public OAuthAuthenticatedContext(
             [NotNull] HttpContext context,
-            [NotNull] OAuthAuthenticationOptions options,
+            [NotNull] OAuthOptions options,
             [NotNull] HttpClient backchannel,
             [NotNull] OAuthTokenResponse tokens,
             [NotNull] JObject user)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
similarity index 85%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
index e2002bc8b4..9f8e064ae4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
@@ -7,9 +7,9 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
-    /// Default <see cref="IOAuthAuthenticationEvents"/> implementation.
+    /// Default <see cref="IOAuthEvents"/> implementation.
     /// </summary>
-    public class OAuthAuthenticationEvents : IOAuthAuthenticationEvents
+    public class OAuthEvents : IOAuthEvents
     {
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
@@ -24,7 +24,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
         /// </summary>
-        public Action<OAuthApplyRedirectContext> OnApplyRedirect { get; set; } = context => context.Response.Redirect(context.RedirectUri);
+        public Func<OAuthApplyRedirectContext, Task> OnApplyRedirect { get; set; } = context =>
+        {
+            context.Response.Redirect(context.RedirectUri);
+            return Task.FromResult(0);
+        };
 
         /// <summary>
         /// Invoked after the provider successfully authenticates a user.
@@ -44,6 +48,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        public virtual void ApplyRedirect(OAuthApplyRedirectContext context) => OnApplyRedirect(context);
+        public virtual Task ApplyRedirect(OAuthApplyRedirectContext context) => OnApplyRedirect(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
similarity index 72%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
index 6c86be4c82..08dc3d52d3 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
@@ -9,9 +9,9 @@ using Microsoft.Framework.OptionsModel;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="OAuthAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="OAuthMiddleware"/>
     /// </summary>
-    public static class OAuthAuthenticationExtensions
+    public static class OAuthExtensions
     {
         /// <summary>
         /// Authenticate users using OAuth.
@@ -19,11 +19,11 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] IOptions<OAuthAuthenticationOptions> options)
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] IOptions<OAuthOptions> options)
         {
-            return app.UseMiddleware<OAuthAuthenticationMiddleware<OAuthAuthenticationOptions>>(
+            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(
                 options,
-                new ConfigureOptions<OAuthAuthenticationOptions>(o => { }));
+                new ConfigureOptions<OAuthOptions>(o => { }));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
similarity index 96%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index a913531e28..7a9e636916 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -20,11 +20,11 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
-    public class OAuthAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : OAuthAuthenticationOptions
+    public class OAuthHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : OAuthOptions
     {
         private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
-        public OAuthAuthenticationHandler(HttpClient backchannel)
+        public OAuthHandler(HttpClient backchannel)
         {
             Backchannel = backchannel;
         }
@@ -199,7 +199,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
         }
 
-        protected override Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
+        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
         {
             var properties = new AuthenticationProperties(context.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
@@ -215,8 +215,8 @@ namespace Microsoft.AspNet.Authentication.OAuth
             var redirectContext = new OAuthApplyRedirectContext(
                 Context, Options,
                 properties, authorizationEndpoint);
-            Options.Events.ApplyRedirect(redirectContext);
-            return Task.FromResult(true);
+            await Options.Events.ApplyRedirect(redirectContext);
+            return true;
         }
 
         protected override Task HandleSignOutAsync(SignOutContext context)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index b38637b8aa..9822963cc5 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// An ASP.NET middleware for authenticating users using OAuth services.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
-    public class OAuthAuthenticationMiddleware<TOptions> : AuthenticationMiddleware<TOptions> where TOptions : OAuthAuthenticationOptions, new()
+    public class OAuthMiddleware<TOptions> : AuthenticationMiddleware<TOptions> where TOptions : OAuthOptions, new()
     {
         /// <summary>
         /// Initializes a new <see cref="OAuthAuthenticationMiddleware"/>.
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
-        public OAuthAuthenticationMiddleware(
+        public OAuthMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
@@ -65,7 +65,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             if (Options.Events == null)
             {
-                Options.Events = new OAuthAuthenticationEvents();
+                Options.Events = new OAuthEvents();
             }
 
             if (Options.StateDataFormat == null)
@@ -91,10 +91,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OAuthAuthenticationOptions"/> supplied to the constructor.</returns>
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OAuthOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<TOptions> CreateHandler()
         {
-            return new OAuthAuthenticationHandler<TOptions>(Backchannel);
+            return new OAuthHandler<TOptions>(Backchannel);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
index 58749deed8..b20ada53ca 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
@@ -11,9 +11,9 @@ using Microsoft.Framework.OptionsModel;
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
-    /// Configuration options for <see cref="OAuthAuthenticationMiddleware"/>.
+    /// Configuration options for <see cref="OAuthMiddleware"/>.
     /// </summary>
-    public class OAuthAuthenticationOptions : AuthenticationOptions, IOptions<OAuthAuthenticationOptions>
+    public class OAuthOptions : AuthenticationOptions, IOptions<OAuthOptions>
     {
         /// <summary>
         /// Gets or sets the provider-assigned client id.
@@ -67,9 +67,9 @@ namespace Microsoft.AspNet.Authentication.OAuth
         public HttpMessageHandler BackchannelHttpHandler { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="IOAuthAuthenticationEvents"/> used to handle authentication events.
+        /// Gets or sets the <see cref="IOAuthEvents"/> used to handle authentication events.
         /// </summary>
-        public IOAuthAuthenticationEvents Events { get; set; } = new OAuthAuthenticationEvents();
+        public IOAuthEvents Events { get; set; } = new OAuthEvents();
 
         /// <summary>
         /// A list of permissions to request.
@@ -103,7 +103,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         public bool SaveTokensAsClaims { get; set; } = true;
 
-        OAuthAuthenticationOptions IOptions<OAuthAuthenticationOptions>.Value
+        OAuthOptions IOptions<OAuthOptions>.Value
         {
             get
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
index 7521ed7ce0..ef5307c469 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -7,9 +7,9 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class AuthenticationFailedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class AuthenticationFailedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public AuthenticationFailedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+        public AuthenticationFailedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 22c00742de..53e44cdf62 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -11,12 +11,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
     /// </summary>
-    public class AuthorizationCodeReceivedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class AuthorizationCodeReceivedContext : BaseControlContext<OpenIdConnectOptions>
     {
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         { 
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
index c511832cab..4794319126 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
@@ -6,12 +6,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
     /// </summary>
-    public class AuthorizationCodeRedeemedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class AuthorizationCodeRedeemedContext : BaseControlContext<OpenIdConnectOptions>
     {
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeRedeemedContext"/>
         /// </summary>
-        public AuthorizationCodeRedeemedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+        public AuthorizationCodeRedeemedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
index 4c69a1b39f..a6b4fcedf2 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
@@ -6,9 +6,9 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
+    /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IOpenIdConnectAuthenticationEvents
+    public interface IOpenIdConnectEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index ece53d3dda..ecbf082779 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -6,9 +6,9 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class MessageReceivedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class MessageReceivedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public MessageReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+        public MessageReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
similarity index 92%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index 9f21f74537..90ab05eedf 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -7,9 +7,9 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// Specifies events which the <see cref="OpenIdConnectAuthenticationMiddleware" />invokes to enable developer control over the authentication process.
+    /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
     /// </summary>
-    public class OpenIdConnectAuthenticationEvents : IOpenIdConnectAuthenticationEvents
+    public class OpenIdConnectEvents : IOpenIdConnectEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
index 9216e86248..ca7ba6ca87 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
@@ -14,9 +14,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     /// <typeparam name="TMessage">protocol specific message.</typeparam>
     /// <typeparam name="TOptions">protocol specific options.</typeparam>
-    public class RedirectToIdentityProviderContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class RedirectToIdentityProviderContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public RedirectToIdentityProviderContext([NotNull] HttpContext context, [NotNull] OpenIdConnectAuthenticationOptions options)
+        public RedirectToIdentityProviderContext([NotNull] HttpContext context, [NotNull] OpenIdConnectOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
index 0b960e033b..570942c6a0 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
@@ -6,9 +6,9 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class SecurityTokenReceivedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class SecurityTokenReceivedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+        public SecurityTokenReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs
index e0d12c50a4..70392282f1 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs
@@ -6,9 +6,9 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class SecurityTokenValidatedContext : BaseControlContext<OpenIdConnectAuthenticationOptions>
+    public class SecurityTokenValidatedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, OpenIdConnectAuthenticationOptions options)
+        public SecurityTokenValidatedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
similarity index 87%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
index 35a85e8437..3ddeb0fc88 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
@@ -6,7 +6,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// Default values related to OpenIdConnect authentication middleware
     /// </summary>
-    public static class OpenIdConnectAuthenticationDefaults
+    public static class OpenIdConnectDefaults
     {
         /// <summary>
         /// Constant used to identify state in openIdConnect protocol message.
@@ -14,12 +14,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public const string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
 
         /// <summary>
-        /// The default value used for OpenIdConnectAuthenticationOptions.AuthenticationScheme.
+        /// The default value used for OpenIdConnectOptions.AuthenticationScheme.
         /// </summary>
         public const string AuthenticationScheme = "OpenIdConnect";
 
         /// <summary>
-        /// The default value for OpenIdConnectAuthenticationOptions.Caption.
+        /// The default value for OpenIdConnectOptions.Caption.
         /// </summary>
         public const string Caption = "OpenIdConnect";
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
similarity index 57%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index 001d583abe..18b83580bc 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -8,31 +8,31 @@ using Microsoft.Framework.OptionsModel;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="OpenIdConnectAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="OpenIdConnectMiddleware"/>
     /// </summary>
-    public static class OpenIdConnectAuthenticationExtensions
+    public static class OpenIdConnectExtensions
     {
         /// <summary>
-        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
+        /// Adds the <see cref="OpenIdConnectMiddleware"/> into the ASP.NET runtime.
         /// </summary>
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectAuthenticationOptions> configureOptions = null)
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions = null)
         {
-            return app.UseMiddleware<OpenIdConnectAuthenticationMiddleware>(
-                 new ConfigureOptions<OpenIdConnectAuthenticationOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<OpenIdConnectMiddleware>(
+                 new ConfigureOptions<OpenIdConnectOptions>(configureOptions ?? (o => { })));
         }
 
         /// <summary>
-        /// Adds the <see cref="OpenIdConnectAuthenticationMiddleware"/> into the ASP.NET runtime.
+        /// Adds the <see cref="OpenIdConnectMiddleware"/> into the ASP.NET runtime.
         /// </summary>
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, IOptions<OpenIdConnectAuthenticationOptions> options)
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, IOptions<OpenIdConnectOptions> options)
         {
-            return app.UseMiddleware<OpenIdConnectAuthenticationMiddleware>(options);
+            return app.UseMiddleware<OpenIdConnectMiddleware>(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
similarity index 95%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index a7257db09a..f88d7f27e3 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -6,7 +6,6 @@ using System.Collections.Generic;
 using System.Globalization;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
-using System.IO;
 using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
@@ -29,7 +28,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// A per-request authentication handler for the OpenIdConnectAuthenticationMiddleware.
     /// </summary>
-    public class OpenIdConnectAuthenticationHandler : AuthenticationHandler<OpenIdConnectAuthenticationOptions>
+    public class OpenIdConnectHandler : AuthenticationHandler<OpenIdConnectOptions>
     {
         private const string NonceProperty = "N";
         private const string UriSchemeDelimiter = "://";
@@ -55,7 +54,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         protected HttpClient Backchannel { get; private set; }
 
-        public OpenIdConnectAuthenticationHandler(HttpClient backchannel)
+        public OpenIdConnectHandler(HttpClient backchannel)
         {
             Backchannel = backchannel;
         }
@@ -111,7 +110,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 message = redirectToIdentityProviderContext.ProtocolMessage;
 
-                if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.RedirectGet)
+                if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
                 {
                     var redirectUri = message.CreateLogoutRequestUrl();
                     if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
@@ -121,7 +120,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                     Response.Redirect(redirectUri);
                 }
-                else if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.FormPost)
+                else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
                 {
                     var inputs = new StringBuilder();
                     foreach (var parameter in message.Parameters)
@@ -244,7 +243,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (!string.IsNullOrEmpty(redirectToIdentityProviderContext.ProtocolMessage.State))
             {
-                properties.Items[OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey] = redirectToIdentityProviderContext.ProtocolMessage.State;
+                properties.Items[OpenIdConnectDefaults.UserstatePropertiesKey] = redirectToIdentityProviderContext.ProtocolMessage.State;
             }
 
             message = redirectToIdentityProviderContext.ProtocolMessage;
@@ -259,12 +258,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (!string.IsNullOrEmpty(redirectUriForCode))
             {
                 // When redeeming a 'code' for an AccessToken, this value is needed
-                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, redirectUriForCode);
+                properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, redirectUriForCode);
             }
 
             message.State = Options.StateDataFormat.Protect(properties);
 
-            if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.RedirectGet)
+            if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
             {
                 var redirectUri = message.CreateAuthenticationRequestUrl();
                 if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
@@ -276,7 +275,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 return true;
             }
-            else if (Options.AuthenticationMethod == OpenIdConnectAuthenticationMethod.FormPost)
+            else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
             {
                 var inputs = new StringBuilder();
                 foreach (var parameter in message.Parameters)
@@ -387,7 +386,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     }
 
                     string userstate = null;
-                    properties.Items.TryGetValue(OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey, out userstate);
+                    properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out userstate);
                     message.State = userstate;
                 }
 
@@ -661,7 +660,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// Adds the nonce to <see cref="HttpResponse.Cookies"/>.
         /// </summary>
         /// <param name="nonce">the nonce to remember.</param>
-        /// <remarks><see cref="HttpResponse.Cookies.Append"/>is called to add a cookie with the name: 'OpenIdConnectAuthenticationDefaults.Nonce + <see cref="OpenIdConnectAuthenticationOptions.StringDataFormat.Protect"/>(nonce)'.
+        /// <remarks><see cref="HttpResponse.Cookies.Append"/>is called to add a cookie with the name: 'OpenIdConnectAuthenticationDefaults.Nonce + <see cref="OpenIdConnectOptions.StringDataFormat.Protect"/>(nonce)'.
         /// The value of the cookie is: "N".</remarks>
         private void WriteNonceCookie(string nonce)
         {
@@ -671,7 +670,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
 
             Response.Cookies.Append(
-                OpenIdConnectAuthenticationDefaults.CookieNoncePrefix + Options.StringDataFormat.Protect(nonce),
+                OpenIdConnectDefaults.CookieNoncePrefix + Options.StringDataFormat.Protect(nonce),
                 NonceProperty,
                 new CookieOptions
                 {
@@ -687,7 +686,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="nonce">the nonce that we are looking for.</param>
         /// <returns>echos 'nonce' if a cookie is found that matches, null otherwise.</returns>
         /// <remarks>Examine <see cref="HttpRequest.Cookies.Keys"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
-        /// <see cref="OpenIdConnectAuthenticationOptions.StringDataFormat.Unprotect"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="HttpResponse.Cookies.Delete"/> is called.</remarks>
+        /// <see cref="OpenIdConnectOptions.StringDataFormat.Unprotect"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="HttpResponse.Cookies.Delete"/> is called.</remarks>
         private string ReadNonceCookie(string nonce)
         {
             if (nonce == null)
@@ -697,11 +696,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             foreach (var nonceKey in Request.Cookies.Keys)
             {
-                if (nonceKey.StartsWith(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix))
+                if (nonceKey.StartsWith(OpenIdConnectDefaults.CookieNoncePrefix))
                 {
                     try
                     {
-                        var nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length, nonceKey.Length - OpenIdConnectAuthenticationDefaults.CookieNoncePrefix.Length));
+                        var nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(OpenIdConnectDefaults.CookieNoncePrefix.Length, nonceKey.Length - OpenIdConnectDefaults.CookieNoncePrefix.Length));
                         if (nonceDecodedValue == nonce)
                         {
                             var cookieOptions = new CookieOptions
@@ -726,7 +725,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
         {
-            var correlationKey = OpenIdConnectAuthenticationDefaults.CookieStatePrefix;
+            var correlationKey = OpenIdConnectDefaults.CookieStatePrefix;
 
             var nonceBytes = new byte[32];
             CryptoRandom.GetBytes(nonceBytes);
@@ -746,7 +745,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
         {
-            var correlationKey = OpenIdConnectAuthenticationDefaults.CookieStatePrefix;
+            var correlationKey = OpenIdConnectDefaults.CookieStatePrefix;
 
             string correlationId;
             if (!properties.Items.TryGetValue(
@@ -788,12 +787,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
             // assume a well formed query string: <a=b&>OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey=kasjd;fljasldkjflksdj<&c=d>
             var startIndex = 0;
-            if (string.IsNullOrEmpty(state) || (startIndex = state.IndexOf(OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey, StringComparison.Ordinal)) == -1)
+            if (string.IsNullOrEmpty(state) || (startIndex = state.IndexOf(OpenIdConnectDefaults.AuthenticationPropertiesKey, StringComparison.Ordinal)) == -1)
             {
                 return null;
             }
 
-            var authenticationIndex = startIndex + OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey.Length;
+            var authenticationIndex = startIndex + OpenIdConnectDefaults.AuthenticationPropertiesKey.Length;
             if (authenticationIndex == -1 || authenticationIndex == state.Length || state[authenticationIndex] != '=')
             {
                 return null;
@@ -837,8 +836,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
         {
-            var redirectUri = properties.Items.ContainsKey(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey) ?
-                properties.Items[OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey] : Options.RedirectUri;
+            var redirectUri = properties.Items.ContainsKey(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey) ?
+                properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey] : Options.RedirectUri;
 
             Logger.LogDebug(Resources.OIDCH_0014_AuthorizationCodeReceived, message.Code);
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 13a3d25562..667ecf0615 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -22,10 +22,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// ASP.NET middleware for obtaining identities using OpenIdConnect protocol.
     /// </summary>
-    public class OpenIdConnectAuthenticationMiddleware : AuthenticationMiddleware<OpenIdConnectAuthenticationOptions>
+    public class OpenIdConnectMiddleware : AuthenticationMiddleware<OpenIdConnectOptions>
     {
         /// <summary>
-        /// Initializes a <see cref="OpenIdConnectAuthenticationMiddleware"/>
+        /// Initializes a <see cref="OpenIdConnectMiddleware"/>
         /// </summary>
         /// <param name="next">The next middleware in the ASP.NET pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"> provider for creating a data protector.</param>
@@ -33,20 +33,20 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="encoder"></param>
         /// <param name="services"></param>
         /// <param name="sharedOptions"></param>
-        /// <param name="options">a <see cref="IOptions{OpenIdConnectAuthenticationOptions}"/> instance that will supply <see cref="OpenIdConnectAuthenticationOptions"/> 
+        /// <param name="options">a <see cref="IOptions{OpenIdConnectOptions}"/> instance that will supply <see cref="OpenIdConnectOptions"/> 
         /// if configureOptions is null.</param>
-        /// <param name="configureOptions">a <see cref="ConfigureOptions{OpenIdConnectAuthenticationOptions}"/> instance that will be passed to an instance of <see cref="OpenIdConnectAuthenticationOptions"/>
-        /// that is retrieved by calling <see cref="IOptions{OpenIdConnectAuthenticationOptions}.GetNamedOptions(string)"/> where string == <see cref="ConfigureOptions{OpenIdConnectAuthenticationOptions}.Name"/> provides runtime configuration.</param>
+        /// <param name="configureOptions">a <see cref="ConfigureOptions{OpenIdConnectOptions}"/> instance that will be passed to an instance of <see cref="OpenIdConnectOptions"/>
+        /// that is retrieved by calling <see cref="IOptions{OpenIdConnectOptions}.GetNamedOptions(string)"/> where string == <see cref="ConfigureOptions{OpenIdConnectOptions}.Name"/> provides runtime configuration.</param>
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
-        public OpenIdConnectAuthenticationMiddleware(
+        public OpenIdConnectMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IServiceProvider services,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<OpenIdConnectAuthenticationOptions> options,
-            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null)
+            [NotNull] IOptions<OpenIdConnectOptions> options,
+            ConfigureOptions<OpenIdConnectOptions> configureOptions = null)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
             if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(sharedOptions.Value.SignInScheme))
@@ -62,7 +62,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(OpenIdConnectAuthenticationMiddleware).FullName,
+                    typeof(OpenIdConnectMiddleware).FullName,
                     typeof(string).FullName,
                     Options.AuthenticationScheme,
                     "v1");
@@ -73,7 +73,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.StringDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(OpenIdConnectAuthenticationMiddleware).FullName,
+                    typeof(OpenIdConnectMiddleware).FullName,
                     typeof(string).FullName,
                     Options.AuthenticationScheme,
                     "v1");
@@ -94,7 +94,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (Options.Events == null)
             {
-                Options.Events = new OpenIdConnectAuthenticationEvents();
+                Options.Events = new OpenIdConnectEvents();
             }
 
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
@@ -143,10 +143,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OpenIdConnectAuthenticationOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OpenIdConnectOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler()
         {
-            return new OpenIdConnectAuthenticationHandler(Backchannel);
+            return new OpenIdConnectHandler(Backchannel);
         }
 
         private class StringSerializer : IDataSerializer<string>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 44427e4b5e..2cdec8f4c1 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -17,26 +17,26 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// Configuration options for <see cref="OpenIdConnectAuthenticationOptions"/>
+    /// Configuration options for <see cref="OpenIdConnectOptions"/>
     /// </summary>
-    public class OpenIdConnectAuthenticationOptions : AuthenticationOptions
+    public class OpenIdConnectOptions : AuthenticationOptions
     {
         /// <summary>
-        /// Initializes a new <see cref="OpenIdConnectAuthenticationOptions"/>
+        /// Initializes a new <see cref="OpenIdConnectOptions"/>
         /// </summary>
-        public OpenIdConnectAuthenticationOptions()
-            : this(OpenIdConnectAuthenticationDefaults.AuthenticationScheme)
+        public OpenIdConnectOptions()
+            : this(OpenIdConnectDefaults.AuthenticationScheme)
         {
         }
 
         /// <summary>
-        /// Initializes a new <see cref="OpenIdConnectAuthenticationOptions"/>
+        /// Initializes a new <see cref="OpenIdConnectOptions"/>
         /// </summary>
         /// <remarks>
         /// Defaults:
         /// <para>AddNonceToRequest: true.</para>
         /// <para>BackchannelTimeout: 1 minute.</para>
-        /// <para>Caption: <see cref="OpenIdConnectAuthenticationDefaults.Caption"/>.</para>
+        /// <para>Caption: <see cref="OpenIdConnectDefaults.Caption"/>.</para>
         /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para>
         /// <para>RefreshOnIssuerKeyNotFound: true</para>
         /// <para>ResponseType: <see cref="OpenIdConnectResponseTypes.CodeIdToken"/></para>
@@ -45,11 +45,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <para>UseTokenLifetime: true.</para>
         /// </remarks>
         /// <param name="authenticationScheme"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationScheme property.</param>
-        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions.set_Caption(System.String)", Justification = "Not a LOC field")]
-        public OpenIdConnectAuthenticationOptions(string authenticationScheme)
+        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectOptions.set_Caption(System.String)", Justification = "Not a LOC field")]
+        public OpenIdConnectOptions(string authenticationScheme)
         {
             AuthenticationScheme = authenticationScheme;
-            Caption = OpenIdConnectAuthenticationDefaults.Caption;
+            Caption = OpenIdConnectDefaults.Caption;
         }
 
         /// <summary>
@@ -91,7 +91,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// An optional constrained path on which to process the authentication callback.
         /// If not provided and RedirectUri is available, this value will be generated from RedirectUri.
         /// </summary>
-        /// <remarks>If you set this value, then the <see cref="OpenIdConnectAuthenticationHandler"/> will only listen for posts at this address. 
+        /// <remarks>If you set this value, then the <see cref="OpenIdConnectHandler"/> will only listen for posts at this address. 
         /// If the IdentityProvider does not post to this address, you may end up in a 401 -> IdentityProvider -> Client -> 401 -> ...</remarks>
         public PathString CallbackPath { get; set; }
 
@@ -147,9 +147,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public bool CacheNonces { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="IOpenIdConnectAuthenticationEvents"/> to notify when processing OpenIdConnect messages.
+        /// Gets or sets the <see cref="IOpenIdConnectEvents"/> to notify when processing OpenIdConnect messages.
         /// </summary>
-        public IOpenIdConnectAuthenticationEvents Events { get; set; } = new OpenIdConnectAuthenticationEvents();
+        public IOpenIdConnectEvents Events { get; set; } = new OpenIdConnectEvents();
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
@@ -185,7 +185,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Gets or sets the method used to redirect the user agent to the identity provider.
         /// </summary>
-        public OpenIdConnectAuthenticationMethod AuthenticationMethod { get; set; }
+        public OpenIdConnectRedirectBehavior AuthenticationMethod { get; set; }
 
         /// <summary>
         /// Gets or sets the 'resource'.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMethod.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs
similarity index 92%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMethod.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs
index 147d576f9b..5c0176627f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMethod.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs	
@@ -4,7 +4,7 @@
     /// Lists the different authentication methods used to
     /// redirect the user agent to the identity provider.
     /// </summary>
-    public enum OpenIdConnectAuthenticationMethod
+    public enum OpenIdConnectRedirectBehavior
     {
         /// <summary>
         /// Emits a 302 response to redirect the user agent to
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
index 029ed08acc..c6f4b6ec48 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
@@ -13,14 +13,14 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class OpenIdConnectServiceCollectionExtensions
     {
-        public static IServiceCollection AddOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectAuthenticationOptions> configure)
+        public static IServiceCollection AddOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectOptions> configure)
         {
             return services.Configure(configure);
         }
 
         public static IServiceCollection AddOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure<OpenIdConnectAuthenticationOptions>(config);
+            return services.Configure<OpenIdConnectOptions>(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
index 556fcc4a8e..c96eec4687 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
@@ -6,9 +6,9 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
-    /// Specifies callback methods which the <see cref="TwitterAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+    /// Specifies callback methods which the <see cref="TwitterMiddleware"></see> invokes to enable developer control over the authentication process. />
     /// </summary>
-    public interface ITwitterAuthenticationEvents
+    public interface ITwitterEvents
     {
         /// <summary>
         /// Invoked whenever Twitter succesfully authenticates a user
@@ -28,6 +28,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
-        void ApplyRedirect(TwitterApplyRedirectContext context);
+        Task ApplyRedirect(TwitterApplyRedirectContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs
index 90bfd92a2a..ab4f1aecac 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
     /// </summary>
-    public class TwitterApplyRedirectContext : BaseContext<TwitterAuthenticationOptions>
+    public class TwitterApplyRedirectContext : BaseContext<TwitterOptions>
     {
         /// <summary>
         /// Creates a new context object.
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <param name="options">The Twitter middleware options.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
-        public TwitterApplyRedirectContext(HttpContext context, TwitterAuthenticationOptions options,
+        public TwitterApplyRedirectContext(HttpContext context, TwitterOptions options,
             AuthenticationProperties properties, string redirectUri)
             : base(context, options)
         {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
similarity index 85%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
index deae986da7..a3bdfff6ef 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
@@ -7,9 +7,9 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNet.Authentication.Twitter
 {
     /// <summary>
-    /// Default <see cref="ITwitterAuthenticationEvents"/> implementation.
+    /// Default <see cref="ITwitterEvents"/> implementation.
     /// </summary>
-    public class TwitterAuthenticationEvents : ITwitterAuthenticationEvents
+    public class TwitterEvents : ITwitterEvents
     {
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
@@ -24,7 +24,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
         /// </summary>
-        public Action<TwitterApplyRedirectContext> OnApplyRedirect { get; set; } = context => context.Response.Redirect(context.RedirectUri);
+        public Func<TwitterApplyRedirectContext, Task> OnApplyRedirect { get; set; } = context =>
+        {
+            context.Response.Redirect(context.RedirectUri);
+            return Task.FromResult(0);
+        };
 
         /// <summary>
         /// Invoked whenever Twitter successfully authenticates a user
@@ -44,6 +48,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
-        public virtual void ApplyRedirect(TwitterApplyRedirectContext context) => OnApplyRedirect(context);
+        public virtual Task ApplyRedirect(TwitterApplyRedirectContext context) => OnApplyRedirect(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 15267d02ac..286e79f22f 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -9,14 +9,14 @@ using Microsoft.Framework.OptionsModel;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="TwitterAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="TwitterMiddleware"/>
     /// </summary>
     public static class TwitterAppBuilderExtensions
     {
-        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterAuthenticationOptions> configureOptions = null)
+        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterOptions> configureOptions = null)
         {
-            return app.UseMiddleware<TwitterAuthenticationMiddleware>(
-                 new ConfigureOptions<TwitterAuthenticationOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<TwitterMiddleware>(
+                 new ConfigureOptions<TwitterOptions>(configureOptions ?? (o => { })));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterDefaults.cs
similarity index 84%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterDefaults.cs
index 9b7d8c0fac..a546dba9cd 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterDefaults.cs
@@ -3,7 +3,7 @@
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
-    public static class TwitterAuthenticationDefaults
+    public static class TwitterDefaults
     {
         public const string AuthenticationScheme = "Twitter";
     }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
similarity index 98%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index e3dde58588..b8ecef66a8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -20,7 +20,7 @@ using Microsoft.Framework.Primitives;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
-    internal class TwitterAuthenticationHandler : AuthenticationHandler<TwitterAuthenticationOptions>
+    internal class TwitterHandler : AuthenticationHandler<TwitterOptions>
     {
         private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
         private const string StateCookie = "__TwitterState";
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         private readonly HttpClient _httpClient;
 
-        public TwitterAuthenticationHandler(HttpClient httpClient)
+        public TwitterHandler(HttpClient httpClient)
         {
             _httpClient = httpClient;
         }
@@ -157,7 +157,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 var redirectContext = new TwitterApplyRedirectContext(
                     Context, Options,
                     properties, twitterAuthenticationEndpoint);
-                Options.Events.ApplyRedirect(redirectContext);
+                await Options.Events.ApplyRedirect(redirectContext);
                 return true;
             }
             else
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
similarity index 82%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index ae8c118769..8a16dc09b2 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -18,12 +18,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// ASP.NET middleware for authenticating users using Twitter
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
-    public class TwitterAuthenticationMiddleware : AuthenticationMiddleware<TwitterAuthenticationOptions>
+    public class TwitterMiddleware : AuthenticationMiddleware<TwitterOptions>
     {
         private readonly HttpClient _httpClient;
 
         /// <summary>
-        /// Initializes a <see cref="TwitterAuthenticationMiddleware"/>
+        /// Initializes a <see cref="TwitterMiddleware"/>
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke</param>
         /// <param name="dataProtectionProvider"></param>
@@ -32,14 +32,14 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware</param>
         /// <param name="configureOptions"></param>
-        public TwitterAuthenticationMiddleware(
+        public TwitterMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<TwitterAuthenticationOptions> options,
-            ConfigureOptions<TwitterAuthenticationOptions> configureOptions = null)
+            [NotNull] IOptions<TwitterOptions> options,
+            ConfigureOptions<TwitterOptions> configureOptions = null)
             : base(next, options, loggerFactory, encoder, configureOptions)
         {
             if (string.IsNullOrEmpty(Options.ConsumerSecret))
@@ -53,12 +53,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             if (Options.Events == null)
             {
-                Options.Events = new TwitterAuthenticationEvents();
+                Options.Events = new TwitterEvents();
             }
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(TwitterAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v1");
+                    typeof(TwitterMiddleware).FullName, Options.AuthenticationScheme, "v1");
                 Options.StateDataFormat = new SecureDataFormat<RequestToken>(
                     Serializers.RequestToken,
                     dataProtector,
@@ -85,10 +85,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="TwitterAuthenticationOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<TwitterAuthenticationOptions> CreateHandler()
+        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="TwitterOptions"/> supplied to the constructor.</returns>
+        protected override AuthenticationHandler<TwitterOptions> CreateHandler()
         {
-            return new TwitterAuthenticationHandler(_httpClient);
+            return new TwitterHandler(_httpClient);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
index dd075ea14b..ebc26fe2a9 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
@@ -10,14 +10,14 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// Options for the Twitter authentication middleware.
     /// </summary>
-    public class TwitterAuthenticationOptions : AuthenticationOptions
+    public class TwitterOptions : AuthenticationOptions
     {
         /// <summary>
-        /// Initializes a new instance of the <see cref="TwitterAuthenticationOptions"/> class.
+        /// Initializes a new instance of the <see cref="TwitterOptions"/> class.
         /// </summary>
-        public TwitterAuthenticationOptions()
+        public TwitterOptions()
         {
-            AuthenticationScheme = TwitterAuthenticationDefaults.AuthenticationScheme;
+            AuthenticationScheme = TwitterDefaults.AuthenticationScheme;
             Caption = AuthenticationScheme;
             CallbackPath = new PathString("/signin-twitter");
             BackchannelTimeout = TimeSpan.FromSeconds(60);
@@ -80,9 +80,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
         public ISecureDataFormat<RequestToken> StateDataFormat { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="ITwitterAuthenticationEvents"/> used to handle authentication events.
+        /// Gets or sets the <see cref="ITwitterEvents"/> used to handle authentication events.
         /// </summary>
-        public ITwitterAuthenticationEvents Events { get; set; }
+        public ITwitterEvents Events { get; set; }
 
         /// <summary>
         /// Defines whether access tokens should be stored in the
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
index 75dc1465fe..fdc48d26b8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
@@ -9,18 +9,18 @@ using Microsoft.Framework.Internal;
 namespace Microsoft.Framework.DependencyInjection
 {
     /// <summary>
-    /// Extension methods for using <see cref="TwitterAuthenticationMiddleware"/>
+    /// Extension methods for using <see cref="TwitterMiddleware"/>
     /// </summary>
     public static class TwitterAuthenticationExtensions
     {
-        public static IServiceCollection AddTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterAuthenticationOptions> configure)
+        public static IServiceCollection AddTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterOptions> configure)
         {
             return services.Configure(configure);
         }
 
         public static IServiceCollection AddTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
         {
-            return services.Configure<TwitterAuthenticationOptions>(config);
+            return services.Configure<TwitterOptions>(config);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
index ebc04cb696..d5c4da165e 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
@@ -9,11 +9,11 @@ namespace Microsoft.AspNet.Authentication
     /// <summary>
     /// Handler that applies ClaimsTransformation to authentication
     /// </summary>
-    public class ClaimsTransformationAuthenticationHandler : IAuthenticationHandler
+    public class ClaimsTransformationHandler : IAuthenticationHandler
     {
         private readonly IClaimsTransformer _transform;
 
-        public ClaimsTransformationAuthenticationHandler(IClaimsTransformer transform)
+        public ClaimsTransformationHandler(IClaimsTransformer transform)
         {
             _transform = transform;
         }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index 9d7af5b448..e72ab3ab12 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Authentication
 
         public async Task Invoke(HttpContext context)
         {
-            var handler = new ClaimsTransformationAuthenticationHandler(Options.Transformer);
+            var handler = new ClaimsTransformationHandler(Options.Transformer);
             handler.RegisterAuthenticationHandler(context.GetAuthentication());
             try {
                 if (Options.Transformer != null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 686a7ce76e..4af812193f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -499,6 +499,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     OnResponseSignIn = context =>
                     {
                         context.Properties.ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5));
+                        return Task.FromResult(0);
                     }
                 };
             }, SignInAsAlice);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 22f9cfd8ce..03316722d2 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -43,11 +43,12 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
-                        options.Events = new OAuthAuthenticationEvents
+                        options.Events = new OAuthEvents
                         {
                             OnApplyRedirect = context =>
                             {
                                 context.Response.Redirect(context.RedirectUri + "&custom=test");
+                                return Task.FromResult(0);
                             }
                         };
                     });
@@ -197,7 +198,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                         {
                             Sender = req =>
                             {
-                                if (req.RequestUri.GetLeftPart(UriPartial.Path) == FacebookAuthenticationDefaults.TokenEndpoint)
+                                if (req.RequestUri.GetLeftPart(UriPartial.Path) == FacebookDefaults.TokenEndpoint)
                                 {
                                     var res = new HttpResponseMessage(HttpStatusCode.OK);
                                     var tokenResponse = new Dictionary<string, string>
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 4a35c55c77..97a6664456 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -198,12 +198,13 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.Events = new OAuthAuthenticationEvents
+                options.Events = new OAuthEvents
                 {
                     OnApplyRedirect = context =>
-                        {
-                            context.Response.Redirect(context.RedirectUri + "&custom=test");
-                        }
+                    {
+                        context.Response.Redirect(context.RedirectUri + "&custom=test");
+                        return Task.FromResult(0);
+                    }
                 };
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
@@ -294,7 +295,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/me", authCookie);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            var expectedIssuer = claimsIssuer ?? GoogleAuthenticationDefaults.AuthenticationScheme;
+            var expectedIssuer = claimsIssuer ?? GoogleDefaults.AuthenticationScheme;
             transaction.FindClaimValue(ClaimTypes.Name, expectedIssuer).ShouldBe("Test Name");
             transaction.FindClaimValue(ClaimTypes.NameIdentifier, expectedIssuer).ShouldBe("Test User ID");
             transaction.FindClaimValue(ClaimTypes.GivenName, expectedIssuer).ShouldBe("Test Given Name");
@@ -414,7 +415,7 @@ namespace Microsoft.AspNet.Authentication.Google
                         return null;
                     }
                 };
-                options.Events = new OAuthAuthenticationEvents
+                options.Events = new OAuthEvents
                 {
                     OnAuthenticated = context =>
                     {
@@ -455,7 +456,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
                 options.StateDataFormat = stateFormat;
                 options.AccessType = "offline";
-                options.Events = new OAuthAuthenticationEvents()
+                options.Events = new OAuthEvents()
                 {
                     OnAuthenticated = context =>
                     {
@@ -463,11 +464,11 @@ namespace Microsoft.AspNet.Authentication.Google
                         Assert.Equal(context.AccessToken, "Test Access Token");
                         Assert.Equal(context.RefreshToken, "Test Refresh Token");
                         Assert.Equal(context.ExpiresIn, TimeSpan.FromSeconds(3600));
-                        Assert.Equal(GoogleAuthenticationHelper.GetEmail(context.User), "Test email");
-                        Assert.Equal(GoogleAuthenticationHelper.GetId(context.User), "Test User ID");
-                        Assert.Equal(GoogleAuthenticationHelper.GetName(context.User), "Test Name");
-                        Assert.Equal(GoogleAuthenticationHelper.GetFamilyName(context.User), "Test Family Name");
-                        Assert.Equal(GoogleAuthenticationHelper.GetGivenName(context.User), "Test Given Name");
+                        Assert.Equal(GoogleHelper.GetEmail(context.User), "Test email");
+                        Assert.Equal(GoogleHelper.GetId(context.User), "Test User ID");
+                        Assert.Equal(GoogleHelper.GetName(context.User), "Test Name");
+                        Assert.Equal(GoogleHelper.GetFamilyName(context.User), "Test Family Name");
+                        Assert.Equal(GoogleHelper.GetGivenName(context.User), "Test Given Name");
                         return Task.FromResult(0);
                     }
                 };
@@ -538,7 +539,7 @@ namespace Microsoft.AspNet.Authentication.Google
             return res;
         }
 
-        private static TestServer CreateServer(Action<GoogleAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null)
+        private static TestServer CreateServer(Action<GoogleOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
             return TestServer.Create(app =>
             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index aebeb06170..89a37377b0 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerAuthenticationEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -117,7 +117,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerAuthenticationEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -151,7 +151,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerAuthenticationEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenValidated = context =>
                     {
@@ -188,7 +188,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerAuthenticationEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -225,7 +225,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events = new JwtBearerAuthenticationEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -256,7 +256,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events = new JwtBearerAuthenticationEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -324,7 +324,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             }
         }
 
-        private static TestServer CreateServer(Action<JwtBearerAuthenticationOptions> configureOptions, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(Action<JwtBearerOptions> configureOptions, Func<HttpContext, bool> handler = null)
         {
             return TestServer.Create(app =>
             {
@@ -360,17 +360,17 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     else if (context.Request.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
-                        var result = await context.Authentication.AuthenticateAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme);
-                        await context.Authentication.ChallengeAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme);
+                        var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+                        await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
                     }
 
                     else if (context.Request.Path == new PathString("/signIn"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
                     }
                     else if (context.Request.Path == new PathString("/signOut"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerAuthenticationDefaults.AuthenticationScheme));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
                     }
                     else
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 42c6a8cd3c..33a58bca43 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -32,11 +32,12 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 {
                     options.ClientId = "Test Client Id";
                     options.ClientSecret = "Test Client Secret";
-                    options.Events = new OAuthAuthenticationEvents
+                    options.Events = new OAuthEvents
                     {
                         OnApplyRedirect = context =>
                         {
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
+                            return Task.FromResult(0);
                         }
                     };
                 });
@@ -144,7 +145,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                             return null;
                         }
                     };
-                    options.Events = new OAuthAuthenticationEvents
+                    options.Events = new OAuthEvents
                     {
                         OnAuthenticated = context =>
                         {
@@ -175,7 +176,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
         }
 
-        private static TestServer CreateServer(Action<MicrosoftAccountAuthenticationOptions> configureOptions)
+        private static TestServer CreateServer(Action<MicrosoftAccountOptions> configureOptions)
         {
             return TestServer.Create(app =>
             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
similarity index 90%
rename from test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
rename to test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
index bf6d128c5e..2fbab74cff 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
@@ -15,9 +14,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// <summary>
     ///  Allows for custom processing of ApplyResponseChallenge, ApplyResponseGrant and AuthenticateCore
     /// </summary>
-    public class OpenIdConnectAuthenticationHandlerForTestingAuthenticate : OpenIdConnectAuthenticationHandler
+    public class OpenIdConnectHandlerForTestingAuthenticate : OpenIdConnectHandler
     {
-        public OpenIdConnectAuthenticationHandlerForTestingAuthenticate()
+        public OpenIdConnectHandlerForTestingAuthenticate()
                     : base(null)
         {
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index d0914fc8ad..1d5741478a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -58,20 +58,20 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         }
 
         [Theory, MemberData("AuthenticateCoreStateDataSet")]
-        public async Task AuthenticateCoreState(Action<OpenIdConnectAuthenticationOptions> action, OpenIdConnectMessage message)
+        public async Task AuthenticateCoreState(Action<OpenIdConnectOptions> action, OpenIdConnectMessage message)
         {
-            var handler = new OpenIdConnectAuthenticationHandlerForTestingAuthenticate();
-            var server = CreateServer(new ConfigureOptions<OpenIdConnectAuthenticationOptions>(action), UrlEncoder.Default, handler);
+            var handler = new OpenIdConnectHandlerForTestingAuthenticate();
+            var server = CreateServer(new ConfigureOptions<OpenIdConnectOptions>(action), UrlEncoder.Default, handler);
             await server.CreateClient().PostAsync("http://localhost", new FormUrlEncodedContent(message.Parameters.Where(pair => pair.Value != null)));
         }
 
-        public static TheoryData<Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage> AuthenticateCoreStateDataSet
+        public static TheoryData<Action<OpenIdConnectOptions>, OpenIdConnectMessage> AuthenticateCoreStateDataSet
         {
             get
             {
                 var formater = new AuthenticationPropertiesFormaterKeyValue();
                 var properties = new AuthenticationProperties();
-                var dataset = new TheoryData<Action<OpenIdConnectAuthenticationOptions>, OpenIdConnectMessage>();
+                var dataset = new TheoryData<Action<OpenIdConnectOptions>, OpenIdConnectMessage>();
 
                 // expected user state is added to the message.Parameters.Items[ExpectedStateParameter]
                 // Userstate == null
@@ -86,7 +86,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 properties.Items.Clear();
                 var userstate = Guid.NewGuid().ToString();
                 message.Code = Guid.NewGuid().ToString();
-                properties.Items.Add(OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey, userstate);
+                properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userstate);
                 message.State = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
                 message.Parameters.Add(ExpectedStateParameter, userstate);
                 dataset.Add(SetStateOptions, message);
@@ -96,13 +96,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         // Setup an event to check for expected state.
         // The state gets set by the runtime after the 'MessageReceivedContext'
-        private static void SetStateOptions(OpenIdConnectAuthenticationOptions options)
+        private static void SetStateOptions(OpenIdConnectOptions options)
         {
             options.AuthenticationScheme = "OpenIdConnectHandlerTest";
             options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
             options.ClientId = Guid.NewGuid().ToString();
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnAuthorizationCodeRedeemed = context =>
                 {
@@ -121,7 +121,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
 #region Configure Options for AuthenticateCore variations
 
-        private static void DefaultOptions(OpenIdConnectAuthenticationOptions options)
+        private static void DefaultOptions(OpenIdConnectOptions options)
         {
             options.AuthenticationScheme = "OpenIdConnectHandlerTest";
             options.SignInScheme = "OpenIdConnectHandlerTest";
@@ -130,12 +130,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
         }
 
-        private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnAuthorizationCodeReceived = (context) =>
                 {
@@ -145,12 +145,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnAuthorizationCodeReceived = (context) =>
                 {
@@ -160,12 +160,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void AuthenticationErrorHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void AuthenticationErrorHandledOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnAuthenticationFailed = (context) =>
                 {
@@ -175,12 +175,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        private static void AuthenticationErrorSkippedOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
             options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnAuthenticationFailed = (context) =>
                 {
@@ -190,10 +190,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void MessageReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void MessageReceivedHandledOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnMessageReceived = (context) =>
                 {
@@ -203,12 +203,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void CodeReceivedAndRedeemedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void CodeReceivedAndRedeemedHandledOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnAuthorizationCodeRedeemed = (context) =>
                 {
@@ -218,12 +218,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnAuthorizationCodeRedeemed = (context) =>
                 {
@@ -233,7 +233,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void GetUserInfoFromUIEndpoint(OpenIdConnectAuthenticationOptions options)
+        private static void GetUserInfoFromUIEndpoint(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.ResponseType = OpenIdConnectResponseTypes.Code;
@@ -241,7 +241,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             options.GetClaimsFromUserInfoEndpoint = true;
             options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnSecurityTokenValidated = (context) =>
                 {
@@ -252,10 +252,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 }
             };
         }
-        private static void MessageReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        private static void MessageReceivedSkippedOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnMessageReceived = (context) =>
                 {
@@ -265,15 +265,15 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void MessageWithErrorOptions(OpenIdConnectAuthenticationOptions options)
+        private static void MessageWithErrorOptions(OpenIdConnectOptions options)
         {
             AuthenticationErrorHandledOptions(options);
         }
 
-        private static void SecurityTokenReceivedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenReceivedHandledOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnSecurityTokenReceived = (context) =>
                 {
@@ -283,10 +283,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void SecurityTokenReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenReceivedSkippedOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnSecurityTokenReceived = (context) =>
                 {
@@ -311,7 +311,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return mockProtocolValidator.Object;
         }
 
-        private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectOptions options)
         {
             AuthenticationErrorHandledOptions(options);
             var mockValidator = new Mock<ISecurityTokenValidator>();
@@ -321,7 +321,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.SecurityTokenValidator = mockValidator.Object;
         }
 
-        private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenValidatorThrows(OpenIdConnectOptions options)
         {
             AuthenticationErrorHandledOptions(options);
             var mockValidator = new Mock<ISecurityTokenValidator>();
@@ -331,7 +331,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.SecurityTokenValidator = mockValidator.Object;
         }
 
-        private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
             options.SecurityTokenValidator = MockSecurityTokenValidator();
@@ -339,10 +339,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.ProtocolValidator.RequireNonce = false;
         }
 
-        private static void SecurityTokenValidatedHandledOptions(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenValidatedHandledOptions(OpenIdConnectOptions options)
         {
             SecurityTokenValidatorValidatesAllTokens(options);
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnSecurityTokenValidated = (context) =>
                 {
@@ -352,10 +352,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectAuthenticationOptions options)
+        private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectOptions options)
         {
             SecurityTokenValidatorValidatesAllTokens(options);
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnSecurityTokenValidated = (context) =>
                 {
@@ -365,17 +365,17 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static void StateNullOptions(OpenIdConnectAuthenticationOptions options)
+        private static void StateNullOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
         }
 
-        private static void StateEmptyOptions(OpenIdConnectAuthenticationOptions options)
+        private static void StateEmptyOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
         }
 
-        private static void StateInvalidOptions(OpenIdConnectAuthenticationOptions options)
+        private static void StateInvalidOptions(OpenIdConnectOptions options)
         {
             DefaultOptions(options);
         }
@@ -384,12 +384,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         private static Task EmptyTask() { return Task.FromResult(0); }
 
-        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectAuthenticationOptions> options, IUrlEncoder encoder, OpenIdConnectAuthenticationHandler handler = null)
+        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectOptions> options, IUrlEncoder encoder, OpenIdConnectHandler handler = null)
         {
             return TestServer.Create(
                 app =>
                 {
-                    app.UseMiddleware<OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate>(options, encoder, handler);
+                    app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(options, encoder, handler);
                     app.Use(async (context, next) =>
                     {
                         await next();
@@ -403,12 +403,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             );
         }
 
-        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions, IUrlEncoder encoder, ILoggerFactory loggerFactory, OpenIdConnectAuthenticationHandler handler = null)
+        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectOptions> configureOptions, IUrlEncoder encoder, ILoggerFactory loggerFactory, OpenIdConnectHandler handler = null)
         {
             return TestServer.Create(
                 app =>
                 {
-                    app.UseMiddleware<OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate>(configureOptions, encoder, loggerFactory, handler);
+                    app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(configureOptions, encoder, loggerFactory, handler);
                     app.Use(async (context, next) =>
                     {
                         await next();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
similarity index 66%
rename from test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs
rename to test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index 80a17c12b7..e76c213259 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -13,23 +13,23 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
 
     /// <summary>
-    /// pass a <see cref="OpenIdConnectAuthenticationHandler"/> as the AuthenticationHandler
+    /// pass a <see cref="OpenIdConnectHandler"/> as the AuthenticationHandler
     /// configured to handle certain messages.
     /// </summary>
-    public class OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate : OpenIdConnectAuthenticationMiddleware
+    public class OpenIdConnectMiddlewareForTestingAuthenticate : OpenIdConnectMiddleware
     {
-        OpenIdConnectAuthenticationHandler _handler;
+        OpenIdConnectHandler _handler;
 
-        public OpenIdConnectAuthenticationMiddlewareForTestingAuthenticate(
+        public OpenIdConnectMiddlewareForTestingAuthenticate(
             RequestDelegate next,            
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IUrlEncoder encoder,
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<OpenIdConnectAuthenticationOptions> options,
-            ConfigureOptions<OpenIdConnectAuthenticationOptions> configureOptions = null,
-            OpenIdConnectAuthenticationHandler handler = null
+            IOptions<OpenIdConnectOptions> options,
+            ConfigureOptions<OpenIdConnectOptions> configureOptions = null,
+            OpenIdConnectHandler handler = null
             )
         : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options, configureOptions)
         {
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 Logger = customFactory.Logger;
         }
 
-        protected override AuthenticationHandler<OpenIdConnectAuthenticationOptions> CreateHandler()
+        protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler()
         {
             return _handler ?? base.CreateHandler();
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 71fc4c855f..8e2c4ba7d8 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -48,7 +48,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 options.Authority = DefaultAuthority;
                 options.ClientId = "Test Id";
                 options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-                options.AuthenticationMethod = OpenIdConnectAuthenticationMethod.FormPost;
+                options.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost;
             });
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
@@ -61,7 +61,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
             var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             var queryValues = ExpectedQueryValues.Defaults(DefaultAuthority);
-            queryValues.State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + stateDataFormat.Protect(new AuthenticationProperties());
+            queryValues.State = OpenIdConnectDefaults.AuthenticationPropertiesKey + "=" + stateDataFormat.Protect(new AuthenticationProperties());
             var server = CreateServer(options =>
             {
                 SetOptions(options, DefaultParameters(), queryValues);
@@ -84,11 +84,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var transaction = await SendAsync(server, DefaultHost + Challenge);
 
             var firstCookie = transaction.SetCookie.First();
-            firstCookie.ShouldContain(OpenIdConnectAuthenticationDefaults.CookieNoncePrefix);
+            firstCookie.ShouldContain(OpenIdConnectDefaults.CookieNoncePrefix);
             firstCookie.ShouldContain("Expires");
 
             var secondCookie = transaction.SetCookie.Skip(1).First();
-            secondCookie.ShouldContain(OpenIdConnectAuthenticationDefaults.CookieStatePrefix);
+            secondCookie.ShouldContain(OpenIdConnectDefaults.CookieStatePrefix);
             secondCookie.ShouldContain("Expires");
         }
 
@@ -131,13 +131,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
         }
 
-        private static void SetProtocolMessageOptions(OpenIdConnectAuthenticationOptions options)
+        private static void SetProtocolMessageOptions(OpenIdConnectOptions options)
         {
             var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>();
             mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
             mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
             options.AutomaticAuthentication = true;
-            options.Events = new OpenIdConnectAuthenticationEvents()
+            options.Events = new OpenIdConnectEvents()
             {
                 OnRedirectToIdentityProvider = (context) =>
                 {
@@ -169,7 +169,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 SetOptions(options, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
                 options.AutomaticAuthentication = challenge.Equals(ChallengeWithOutContext);
-                options.Events = new OpenIdConnectAuthenticationEvents()
+                options.Events = new OpenIdConnectEvents()
                 {
                     OnRedirectToIdentityProvider = context =>
                     {
@@ -187,9 +187,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 if (userState != null)
                 {
-                    properties.Items.Add(OpenIdConnectAuthenticationDefaults.UserstatePropertiesKey, userState);
+                    properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState);
                 }
-                properties.Items.Add(OpenIdConnectAuthenticationDefaults.RedirectUriForCodePropertiesKey, queryValues.RedirectUri);
+                properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, queryValues.RedirectUri);
             }
 
             queryValues.State = stateDataFormat.Protect(properties);
@@ -220,7 +220,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var server = CreateServer(options =>
             {
                 SetOptions(options, DefaultParameters(), queryValues);
-                options.Events = new OpenIdConnectAuthenticationEvents()
+                options.Events = new OpenIdConnectEvents()
                 {
                     OnRedirectToIdentityProvider = context =>
                     {
@@ -238,7 +238,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             queryValuesSetInEvent.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
-        private void SetOptions(OpenIdConnectAuthenticationOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
+        private void SetOptions(OpenIdConnectOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
         {
             foreach (var param in parameters)
             {
@@ -280,7 +280,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return parameters;
         }
 
-        private static void DefaultChallengeOptions(OpenIdConnectAuthenticationOptions options)
+        private static void DefaultChallengeOptions(OpenIdConnectOptions options)
         {
             options.AuthenticationScheme = "OpenIdConnectHandlerTest";
             options.AutomaticAuthentication = true;
@@ -339,13 +339,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(UrlEncoder.Default.UrlEncode("http://www.example.com/specific_redirect_uri"));
         }
 
-        private static TestServer CreateServer(Action<OpenIdConnectAuthenticationOptions> configureOptions, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
+        private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
         {
             return TestServer.Create(app =>
             {
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationScheme = OpenIdConnectAuthenticationDefaults.AuthenticationScheme;
+                    options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme;
                 });
                 app.UseOpenIdConnectAuthentication(configureOptions);
                 app.Use(async (context, next) =>
@@ -355,11 +355,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
                     if (req.Path == new PathString(Challenge))
                     {
-                        await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
+                        await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
                     }
                     else if (req.Path == new PathString(ChallengeWithProperties))
                     {
-                        await context.Authentication.ChallengeAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, properties);
+                        await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
                     }
                     else if (req.Path == new PathString(ChallengeWithOutContext))
                     {
@@ -368,16 +368,16 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     else if (req.Path == new PathString(Signin))
                     {
                         // REVIEW: this used to just be res.SignIn()
-                        await context.Authentication.SignInAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal());
+                        await context.Authentication.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal());
                     }
                     else if (req.Path == new PathString(Signout))
                     {
-                        await context.Authentication.SignOutAsync(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
+                        await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
                     }
                     else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
                     {
                         await context.Authentication.SignOutAsync(
-                            OpenIdConnectAuthenticationDefaults.AuthenticationScheme,
+                            OpenIdConnectDefaults.AuthenticationScheme,
                             new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
                     }
                     else if (handler != null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 33531ba058..b8c2a1a72e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -24,11 +24,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 {
                     options.ConsumerKey = "Test Consumer Key";
                     options.ConsumerSecret = "Test Consumer Secret";
-                    options.Events = new TwitterAuthenticationEvents
+                    options.Events = new TwitterEvents
                     {
                         OnApplyRedirect = context =>
                         {
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
+                            return Task.FromResult(0);
                         }
                     };
                     options.BackchannelHttpHandler = new TestHttpMessageHandler
@@ -135,7 +136,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             location.ShouldContain("https://twitter.com/oauth/authenticate?oauth_token=");
         }
 
-        private static TestServer CreateServer(Action<TwitterAuthenticationOptions> configure, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(Action<TwitterOptions> configure, Func<HttpContext, bool> handler = null)
         {
             return TestServer.Create(app =>
             {

From ee2d263223b3c35c94386a5a6fafb839d2a9e98a Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 11 Sep 2015 16:03:40 -0700
Subject: [PATCH 328/900] #434 Remove the nonce cache.

---
 .../OpenIdConnectHandler.cs                   | 37 +------------------
 .../OpenIdConnectMiddleware.cs                |  9 -----
 .../OpenIdConnectOptions.cs                   | 14 -------
 .../project.json                              |  1 -
 4 files changed, 2 insertions(+), 59 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index f88d7f27e3..182f8d1aee 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -16,7 +16,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -203,23 +202,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.ProtocolValidator.RequireNonce)
             {
                 message.Nonce = Options.ProtocolValidator.GenerateNonce();
-                if (Options.CacheNonces)
-                {
-                    if (await Options.NonceCache.GetAsync(message.Nonce) != null)
-                    {
-                        Logger.LogError(Resources.OIDCH_0033_NonceAlreadyExists, message.Nonce);
-                        throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0033_NonceAlreadyExists, message.Nonce));
-                    }
-
-                    await Options.NonceCache.SetAsync(message.Nonce, new byte[0], new DistributedCacheEntryOptions
-                    {
-                        AbsoluteExpirationRelativeToNow = Options.ProtocolValidator.NonceLifetime
-                    });
-                }
-                else
-                {
-                    WriteNonceCookie(message.Nonce);
-                }
+                WriteNonceCookie(message.Nonce);
             }
 
             GenerateCorrelationId(properties);
@@ -1021,23 +1004,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             string nonce = jwt?.Payload.Nonce;
             if (!string.IsNullOrEmpty(nonce))
             {
-                if (Options.CacheNonces)
-                {
-                    if (await Options.NonceCache.GetAsync(nonce) != null)
-                    {
-                        await Options.NonceCache.RemoveAsync(nonce);
-                    }
-                    else
-                    {
-                        // If the nonce cannot be removed, it was
-                        // already used and MUST be rejected.
-                        nonce = null;
-                    }
-                }
-                else
-                {
-                    nonce = ReadNonceCookie(nonce);
-                }
+                nonce = ReadNonceCookie(nonce);
             }
 
             var protocolValidationContext = new OpenIdConnectProtocolValidationContext
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 667ecf0615..76819648ff 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -8,8 +8,6 @@ using System.Text;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Caching.Distributed;
-using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
@@ -129,13 +127,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(), Backchannel);
                 }
             }
-
-            if (Options.CacheNonces && Options.NonceCache == null)
-            {
-                // Use the global distributed cache if the user has not provided his own instance.
-                // Note: GetRequiredService will throw an exception if caching services have not been registered.
-                Options.NonceCache = services.GetRequiredService<IDistributedCache>();
-            }
         }
 
         protected HttpClient Backchannel { get; private set; }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 2cdec8f4c1..03be470999 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -9,7 +9,6 @@ using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.Caching.Distributed;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -133,19 +132,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public string MetadataAddress { get; set; }
 
-        /// <summary>
-        /// The OpenIdConnect protocol http://openid.net/specs/openid-connect-core-1_0.html
-        /// recommends adding a nonce to a request as a mitigation against replay attacks when requesting id_tokens.
-        /// By default the runtime uses cookies with unique names generated from a hash of the nonce.
-        /// </summary>
-        public IDistributedCache NonceCache { get; set; }
-
-        /// <summary>
-        /// Gets or sets the value indicating whether nonces should be stored in the distributed cache or not.
-        /// The default value, <c>false</c>, is used to store nonces in client cookies.
-        /// </summary>
-        public bool CacheNonces { get; set; }
-
         /// <summary>
         /// Gets or sets the <see cref="IOpenIdConnectEvents"/> to notify when processing OpenIdConnect messages.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 597b3d5513..c81a8d085b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -7,7 +7,6 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.Caching.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta7-*"
     },

From b25d4b537fbe837f26e6d7857920cf86d3491a0e Mon Sep 17 00:00:00 2001
From: Jason Loeffler <jloeffler@clearent.com>
Date: Tue, 15 Sep 2015 14:22:38 -0500
Subject: [PATCH 329/900] Removed references to Shouldly

---
 .../Cookies/CookieMiddlewareTests.cs          | 222 +++++++++---------
 .../DataHandler/Base64UrlTextEncoderTests.cs  |   3 +-
 .../Facebook/FacebookMiddlewareTests.cs       |  57 +++--
 .../Google/GoogleMiddlewareTests.cs           | 115 +++++----
 .../JwtBearer/JwtBearerMiddlewareTests.cs     |  33 ++-
 .../MicrosoftAccountMiddlewareTests.cs        |  39 ++-
 .../OpenIdConnectHandlerTests.cs              |  25 +-
 .../OpenIdConnectMiddlewareTests.cs           |  53 ++---
 .../Twitter/TwitterMiddlewareTests.cs         |  15 +-
 .../project.json                              |  47 ++--
 10 files changed, 298 insertions(+), 311 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 4af812193f..203c2be0d9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -19,7 +19,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Cookies
@@ -33,7 +32,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
             });
             var response = await server.CreateClient().GetAsync("http://example.com/normal");
-            response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
         }
 
         [Theory]
@@ -49,12 +48,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await SendAsync(server, "http://example.com/protected");
 
-            transaction.Response.StatusCode.ShouldBe(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized);
+            Assert.Equal(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
             if (auto)
             {
                 var location = transaction.Response.Headers.Location;
-                location.LocalPath.ShouldBe("/login");
-                location.Query.ShouldBe("?ReturnUrl=%2Fprotected");
+                Assert.Equal("/login", location.LocalPath);
+                Assert.Equal("?ReturnUrl=%2Fprotected", location.Query);
             }
         }
 
@@ -65,9 +64,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location;
-            location.ToString().ShouldBe("http://example.com/Account/Login?ReturnUrl=%2FCustomRedirect");
+            Assert.Equal("http://example.com/Account/Login?ReturnUrl=%2FCustomRedirect", location.ToString());
         }
 
         private Task SignInAsAlice(HttpContext context)
@@ -101,12 +100,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction = await SendAsync(server, "http://example.com/testpath");
 
             var setCookie = transaction.SetCookie;
-            setCookie.ShouldStartWith("TestCookie=");
-            setCookie.ShouldContain("; path=/");
-            setCookie.ShouldContain("; HttpOnly");
-            setCookie.ShouldNotContain("; expires=");
-            setCookie.ShouldNotContain("; domain=");
-            setCookie.ShouldNotContain("; secure");
+            Assert.StartsWith("TestCookie=", setCookie);
+            Assert.Contains("; path=/", setCookie);
+            Assert.Contains("; httponly", setCookie);
+            Assert.DoesNotContain("; expires=", setCookie);
+            Assert.DoesNotContain("; domain=", setCookie);
+            Assert.DoesNotContain("; secure", setCookie);
         }
 
         [Fact]
@@ -157,11 +156,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             if (shouldBeSecureOnly)
             {
-                setCookie.ShouldContain("; secure");
+                Assert.Contains("; secure", setCookie);
             }
             else
             {
-                setCookie.ShouldNotContain("; secure");
+                Assert.DoesNotContain("; secure", setCookie);
             }
         }
 
@@ -181,11 +180,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var setCookie1 = transaction1.SetCookie;
 
-            setCookie1.ShouldContain("TestCookie=");
-            setCookie1.ShouldContain(" path=/foo");
-            setCookie1.ShouldContain(" domain=another.com");
-            setCookie1.ShouldContain(" secure");
-            setCookie1.ShouldContain(" HttpOnly");
+            Assert.Contains("TestCookie=", setCookie1);
+            Assert.Contains(" path=/foo", setCookie1);
+            Assert.Contains(" domain=another.com", setCookie1);
+            Assert.Contains(" secure", setCookie1);
+            Assert.Contains(" httponly", setCookie1);
 
             var server2 = CreateServer(options =>
             {
@@ -198,11 +197,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var setCookie2 = transaction2.SetCookie;
 
-            setCookie2.ShouldContain("SecondCookie=");
-            setCookie2.ShouldContain(" path=/base");
-            setCookie2.ShouldNotContain(" domain=");
-            setCookie2.ShouldNotContain(" secure");
-            setCookie2.ShouldNotContain(" HttpOnly");
+            Assert.Contains("SecondCookie=", setCookie2);
+            Assert.Contains(" path=/base", setCookie2);
+            Assert.DoesNotContain(" domain=", setCookie2);
+            Assert.DoesNotContain(" secure", setCookie2);
+            Assert.DoesNotContain(" httponly", setCookie2);
         }
 
         [Fact]
@@ -218,7 +217,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
         [Fact]
@@ -260,10 +259,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
-            FindClaimValue(transaction2, "xform").ShouldBe("yup");
-            FindClaimValue(transaction2, "sync").ShouldBe(null);
-
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+            Assert.Equal("yup", FindClaimValue(transaction2, "xform"));
+            Assert.Null(FindClaimValue(transaction2, "sync"));
         }
 
         [Fact]
@@ -289,12 +287,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            transaction2.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
-            transaction3.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
-            transaction4.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+            Assert.Null(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+            Assert.Null(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
+            Assert.Null(transaction4.SetCookie);
+            Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
         }
 
         [Fact]
@@ -324,12 +322,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            transaction2.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
-            transaction3.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
-            transaction4.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+            Assert.Null(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+            Assert.Null(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
+            Assert.Null(transaction4.SetCookie);
+            Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
         }
 
         [Fact]
@@ -358,8 +356,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             clock.Add(TimeSpan.FromMinutes(11));
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction2.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe(null);
+            Assert.Null(transaction2.SetCookie);
+            Assert.Null(FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
         [Fact]
@@ -388,8 +386,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction2.SetCookie.ShouldContain(".AspNet.Cookies=; expires=");
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe(null);
+            Assert.Contains(".AspNet.Cookies=; expires=", transaction2.SetCookie);
+            Assert.Null(FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
         [Fact]
@@ -415,28 +413,28 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
-
+            
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction2.SetCookie.ShouldNotBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.NotNull(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
-            transaction3.SetCookie.ShouldNotBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.NotNull(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(6));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction4.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+            Assert.Null(transaction4.SetCookie);
+            Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
-            transaction5.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe(null);
+            Assert.Null(transaction5.SetCookie);
+            Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
         [Fact]
@@ -463,26 +461,26 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction2.SetCookie.ShouldNotBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.NotNull(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
-            transaction3.SetCookie.ShouldNotBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.NotNull(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(6));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
-            transaction4.SetCookie.ShouldNotBe(null);
-            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.NotNull(transaction4.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(11));
 
             var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
-            transaction5.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe(null);
+            Assert.Null(transaction5.SetCookie);
+            Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
         [Fact]
@@ -507,20 +505,20 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction2.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.Null(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction3.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.Null(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction4.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe(null);
+            Assert.Null(transaction4.SetCookie);
+            Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
         }
 
         [Fact]
@@ -537,27 +535,27 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction2.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.Null(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(4));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction3.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction3, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.Null(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(4));
 
             // transaction4 should arrive with a new SetCookie value
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            transaction4.SetCookie.ShouldNotBe(null);
-            FindClaimValue(transaction4, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.NotNull(transaction4.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
 
             clock.Add(TimeSpan.FromMinutes(4));
 
             var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
-            transaction5.SetCookie.ShouldBe(null);
-            FindClaimValue(transaction5, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.Null(transaction5.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
         [Fact]
@@ -595,9 +593,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var url = "http://example.com/challenge";
             var transaction2 = await SendAsync(server, url, transaction1.CookieNameValue);
 
-            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
             var location = transaction2.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/Account/AccessDenied");
+            Assert.Equal("/Account/AccessDenied", location.LocalPath);
         }
 
         [Theory]
@@ -616,9 +614,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var url = "http://example.com/challenge";
             var transaction = await SendAsync(server, url);
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/Account/Login");
+            Assert.Equal("/Account/Login", location.LocalPath);
         }
 
         [Theory]
@@ -637,9 +635,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var url = "http://example.com/forbid";
             var transaction = await SendAsync(server, url);
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/Account/AccessDenied");
+            Assert.Equal("/Account/AccessDenied", location.LocalPath);
         }
 
         [Fact]
@@ -657,10 +655,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction2 = await SendAsync(server, "http://example.com/challenge", transaction1.CookieNameValue);
 
-            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
 
             var location = transaction2.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/accessdenied");
+            Assert.Equal("/accessdenied", location.LocalPath);
         }
 
         [Fact]
@@ -677,7 +675,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction2 = await SendAsync(server, "http://example.com/challenge", transaction1.CookieNameValue);
 
-            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
         }
 
         [Fact]
@@ -694,7 +692,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction2 = await SendAsync(server, "http://example.com/unauthorized", transaction1.CookieNameValue);
 
-            transaction2.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
         }
 
         [Fact]
@@ -709,11 +707,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await server.SendAsync("http://example.com/login");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
 
             var location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/page");
-            location.Query.ShouldBe("?ReturnUrl=%2F");
+            Assert.Equal("/page", location.LocalPath);
+            Assert.Equal("?ReturnUrl=%2F", location.Query);
         }
 
         [Fact]
@@ -728,7 +726,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }, services => services.AddAuthentication());
 
             var transaction = await server.SendAsync("http://example.com");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
 /*        [Fact]
@@ -743,7 +741,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await server.SendAsync("http://example.com");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
             Assert.True(transaction.SetCookie[0].StartsWith(".AspNet.Cookies="));
         }
 
@@ -759,7 +757,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await server.SendAsync("http://example.com");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
             Assert.True(transaction.SetCookie[0].StartsWith("One="));
         }*/
 
@@ -775,8 +773,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 services => services.AddAuthentication());
 
             var transaction = await server.SendAsync("http://example.com/notlogin?ReturnUrl=%2Fpage");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            transaction.SetCookie.ShouldNotBe(null);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.NotNull(transaction.SetCookie);
         }
 
         [Fact]
@@ -792,11 +790,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await server.SendAsync("http://example.com/login?ReturnUrl=%2Fpage");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.SetCookie.ShouldNotBe(null);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.NotNull(transaction.SetCookie);
 
             var location = transaction.Response.Headers.Location;
-            location.OriginalString.ShouldBe("/page");
+            Assert.Equal("/page", location.OriginalString);
         }
 
         [Fact]
@@ -810,8 +808,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             services => services.AddAuthentication());
 
             var transaction = await server.SendAsync("http://example.com/notlogout?ReturnUrl=%2Fpage");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            transaction.SetCookie[0].ShouldContain(".AspNet.Cookies=; expires=");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Contains(".AspNet.Cookies=; expires=", transaction.SetCookie[0]);
         }
 
         [Fact]
@@ -826,11 +824,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             var transaction = await server.SendAsync("http://example.com/logout?ReturnUrl=%2Fpage");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.SetCookie[0].ShouldContain(".AspNet.Cookies=; expires=");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Contains(".AspNet.Cookies=; expires=", transaction.SetCookie[0]);
 
             var location = transaction.Response.Headers.Location;
-            location.OriginalString.ShouldBe("/page");
+            Assert.Equal("/page", location.OriginalString);
         }
 
         [Fact]
@@ -844,10 +842,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 services => services.AddAuthentication());
             var transaction = await server.SendAsync("http://example.com/forbid");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
 
             var location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/denied");
+            Assert.Equal("/denied", location.LocalPath);
         }
 
         [Fact]
@@ -862,11 +860,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 services => services.AddAuthentication());
             var transaction = await server.SendAsync("http://example.com/base/login");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
 
             var location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/base/page");
-            location.Query.ShouldBe("?ReturnUrl=%2F");
+            Assert.Equal("/base/page", location.LocalPath);
+            Assert.Equal("?ReturnUrl=%2F", location.Query);
         }
 
         [Fact]
@@ -881,10 +879,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 services => services.AddAuthentication());
             var transaction = await server.SendAsync("http://example.com/base/forbid");
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
 
             var location = transaction.Response.Headers.Location;
-            location.LocalPath.ShouldBe("/base/denied");
+            Assert.Equal("/base/denied", location.LocalPath);
         }
 
         [Fact]
@@ -907,7 +905,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             services => services.AddAuthentication());
 
             var transaction = await SendAsync(server1, "http://example.com/stuff");
-            transaction.SetCookie.ShouldNotBe(null);
+            Assert.NotNull(transaction.SetCookie);
 
             var server2 = TestServer.Create(app =>
             {
@@ -926,7 +924,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             },
             services => services.AddAuthentication());
             var transaction2 = await SendAsync(server2, "http://example.com/stuff", transaction.CookieNameValue);
-            FindClaimValue(transaction2, ClaimTypes.Name).ShouldBe("Alice");
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
         private class NoOpDataProtector : IDataProtector
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
index 0df9232b7c..9cbe2bd006 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
@@ -24,7 +23,7 @@ namespace Microsoft.AspNet.Authentication
 
                 for (int index = 0; index != length; ++index)
                 {
-                    result[index].ShouldBe(data[index]);
+                    Assert.Equal(data[index], result[index]);
                 }
             }
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 03316722d2..fa7978e03d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -16,7 +16,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.WebEncoders;
-using Shouldly;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -65,9 +64,9 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("custom=test");
+            Assert.Contains("custom=test", query);
         }
 
         [Fact]
@@ -90,14 +89,14 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 handler: null);
             var transaction = await server.SendAsync("http://example.com/base/login");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            location.ShouldContain("https://www.facebook.com/v2.2/dialog/oauth");
-            location.ShouldContain("response_type=code");
-            location.ShouldContain("client_id=");
-            location.ShouldContain("redirect_uri=" + UrlEncoder.Default.UrlEncode("http://example.com/base/signin-facebook"));
-            location.ShouldContain("scope=");
-            location.ShouldContain("state=");
+            Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
+            Assert.Contains("response_type=code", location);
+            Assert.Contains("client_id=", location);
+            Assert.Contains("redirect_uri=" + UrlEncoder.Default.UrlEncode("http://example.com/base/signin-facebook"), location);
+            Assert.Contains("scope=", location);
+            Assert.Contains("state=", location);
         }
 
         [Fact]
@@ -121,14 +120,14 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 },
                 handler: null);
             var transaction = await server.SendAsync("http://example.com/login");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            location.ShouldContain("https://www.facebook.com/v2.2/dialog/oauth");
-            location.ShouldContain("response_type=code");
-            location.ShouldContain("client_id=");
-            location.ShouldContain("redirect_uri="+ UrlEncoder.Default.UrlEncode("http://example.com/signin-facebook"));
-            location.ShouldContain("scope=");
-            location.ShouldContain("state=");
+            Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
+            Assert.Contains("response_type=code", location);
+            Assert.Contains("client_id=", location);
+            Assert.Contains("redirect_uri="+ UrlEncoder.Default.UrlEncode("http://example.com/signin-facebook"), location);
+            Assert.Contains("scope=", location);
+            Assert.Contains("state=", location);
         }
 
         [Fact]
@@ -163,14 +162,14 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            location.ShouldContain("https://www.facebook.com/v2.2/dialog/oauth");
-            location.ShouldContain("response_type=code");
-            location.ShouldContain("client_id=");
-            location.ShouldContain("redirect_uri=");
-            location.ShouldContain("scope=");
-            location.ShouldContain("state=");
+            Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
+            Assert.Contains("response_type=code", location);
+            Assert.Contains("client_id=", location);
+            Assert.Contains("redirect_uri=", location);
+            Assert.Contains("scope=", location);
+            Assert.Contains("state=", location);
         }
 
         [Fact]
@@ -236,11 +235,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var transaction = await server.SendAsync(
                 "https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
-            finalUserInfoEndpoint.Count(c => c == '?').ShouldBe(1);
-            finalUserInfoEndpoint.ShouldContain("fields=email,timezone,picture");
-            finalUserInfoEndpoint.ShouldContain("&access_token=");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(1, finalUserInfoEndpoint.Count(c => c == '?'));
+            Assert.Contains("fields=email,timezone,picture", finalUserInfoEndpoint);
+            Assert.Contains("&access_token=", finalUserInfoEndpoint);
         }
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 97a6664456..86801ccc4e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -17,7 +17,6 @@ using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.WebEncoders;
 using Newtonsoft.Json;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Google
@@ -33,17 +32,17 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.ToString();
-            location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
-            location.ShouldContain("&client_id=");
-            location.ShouldContain("&redirect_uri=");
-            location.ShouldContain("&scope=");
-            location.ShouldContain("&state=");
+            Assert.Contains("https://accounts.google.com/o/oauth2/auth?response_type=code", location);
+            Assert.Contains("&client_id=", location);
+            Assert.Contains("&redirect_uri=", location);
+            Assert.Contains("&scope=", location);
+            Assert.Contains("&state=", location);
 
-            location.ShouldNotContain("access_type=");
-            location.ShouldNotContain("approval_prompt=");
-            location.ShouldNotContain("login_hint=");
+            Assert.DoesNotContain("access_type=", location);
+            Assert.DoesNotContain("approval_prompt=", location);
+            Assert.DoesNotContain("login_hint=", location);
         }
 
         [Fact]
@@ -55,7 +54,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -67,7 +66,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -79,7 +78,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -92,13 +91,13 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.AutomaticAuthentication = true;
             });
             var transaction = await server.SendAsync("https://example.com/401");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.ToString();
-            location.ShouldContain("https://accounts.google.com/o/oauth2/auth?response_type=code");
-            location.ShouldContain("&client_id=");
-            location.ShouldContain("&redirect_uri=");
-            location.ShouldContain("&scope=");
-            location.ShouldContain("&state=");
+            Assert.Contains("https://accounts.google.com/o/oauth2/auth?response_type=code", location);
+            Assert.Contains("&client_id=", location);
+            Assert.Contains("&redirect_uri=", location);
+            Assert.Contains("&scope=", location);
+            Assert.Contains("&state=", location);
         }
 
         [Fact]
@@ -110,7 +109,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
-            transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
+            Assert.Contains(".AspNet.Correlation.Google=", transaction.SetCookie.Single());
         }
 
         [Fact]
@@ -123,7 +122,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.AutomaticAuthentication = true;
             });
             var transaction = await server.SendAsync("https://example.com/401");
-            transaction.SetCookie.Single().ShouldContain(".AspNet.Correlation.Google=");
+            Assert.Contains(".AspNet.Correlation.Google=", transaction.SetCookie.Single());
         }
 
         [Fact]
@@ -135,9 +134,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"));
+            Assert.Contains("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"), query);
         }
 
         [Fact]
@@ -150,9 +149,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.AutomaticAuthentication = true;
             });
             var transaction = await server.SendAsync("https://example.com/401");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"));
+            Assert.Contains("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"), query);
         }
 
         [Fact]
@@ -183,12 +182,12 @@ namespace Microsoft.AspNet.Authentication.Google
                     return Task.FromResult<object>(null);
                 });
             var transaction = await server.SendAsync("https://example.com/challenge2");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("scope=" + UrlEncoder.Default.UrlEncode("https://www.googleapis.com/auth/plus.login"));
-            query.ShouldContain("access_type=offline");
-            query.ShouldContain("approval_prompt=force");
-            query.ShouldContain("login_hint=" + UrlEncoder.Default.UrlEncode("test@example.com"));
+            Assert.Contains("scope=" + UrlEncoder.Default.UrlEncode("https://www.googleapis.com/auth/plus.login"), query);
+            Assert.Contains("access_type=offline", query);
+            Assert.Contains("approval_prompt=force", query);
+            Assert.Contains("login_hint=" + UrlEncoder.Default.UrlEncode("test@example.com"), query);
         }
 
         [Fact]
@@ -208,9 +207,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 };
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("custom=test");
+            Assert.Contains("custom=test", query);
         }
 
         [Fact]
@@ -222,7 +221,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signin-google?code=TestCode");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.InternalServerError);
+            Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
         }
 
         [Theory]
@@ -286,24 +285,24 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
-            transaction.SetCookie.Count.ShouldBe(2);
-            transaction.SetCookie[0].ShouldContain(correlationKey);
-            transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/me", authCookie);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
             var expectedIssuer = claimsIssuer ?? GoogleDefaults.AuthenticationScheme;
-            transaction.FindClaimValue(ClaimTypes.Name, expectedIssuer).ShouldBe("Test Name");
-            transaction.FindClaimValue(ClaimTypes.NameIdentifier, expectedIssuer).ShouldBe("Test User ID");
-            transaction.FindClaimValue(ClaimTypes.GivenName, expectedIssuer).ShouldBe("Test Given Name");
-            transaction.FindClaimValue(ClaimTypes.Surname, expectedIssuer).ShouldBe("Test Family Name");
-            transaction.FindClaimValue(ClaimTypes.Email, expectedIssuer).ShouldBe("Test email");
+            Assert.Equal("Test Name", transaction.FindClaimValue(ClaimTypes.Name, expectedIssuer));
+            Assert.Equal("Test User ID", transaction.FindClaimValue(ClaimTypes.NameIdentifier, expectedIssuer));
+            Assert.Equal("Test Given Name", transaction.FindClaimValue(ClaimTypes.GivenName, expectedIssuer));
+            Assert.Equal("Test Family Name", transaction.FindClaimValue(ClaimTypes.Surname, expectedIssuer));
+            Assert.Equal("Test email", transaction.FindClaimValue(ClaimTypes.Email, expectedIssuer));
 
             // Ensure claims transformation 
-            transaction.FindClaimValue("xform").ShouldBe("yup");
+            Assert.Equal("yup", transaction.FindClaimValue("xform"));
         }
 
         [Fact]
@@ -332,8 +331,8 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.ToString().ShouldContain("error=access_denied");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Contains("error=access_denied", transaction.Response.Headers.Location.ToString());
         }
 
         [Fact]
@@ -362,8 +361,8 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.ToString().ShouldContain("error=access_denied");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Contains("error=access_denied", transaction.Response.Headers.Location.ToString());
         }
 
         [Fact]
@@ -434,16 +433,16 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
-            transaction.SetCookie.Count.ShouldBe(2);
-            transaction.SetCookie[0].ShouldContain(correlationKey);
-            transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/me", authCookie);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken"));
         }
 
         [Fact]
@@ -526,8 +525,8 @@ namespace Microsoft.AspNet.Authentication.Google
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
 
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/foo");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/foo", transaction.Response.Headers.GetValues("Location").First());
         }
 
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 89a37377b0..24bc6ccec4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -13,7 +13,6 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
@@ -34,7 +33,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
             var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
             var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
         }
 
         [Fact]
@@ -45,7 +44,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 options.AutomaticAuthentication = true;
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -56,7 +55,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 options.AutomaticAuthentication = true;
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
 
@@ -90,8 +89,8 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "someHeader someblob");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            response.ResponseText.ShouldBe("Bob le Magnifique");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal("Bob le Magnifique", response.ResponseText);
         }
 
         [Fact]
@@ -99,7 +98,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options => { });
             var response = await SendAsync(server, "http://example.com/oauth");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
         [Fact]
@@ -107,7 +106,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options => { });
             var response = await SendAsync(server, "http://example.com/oauth","Token");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
         [Fact]
@@ -140,8 +139,8 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            response.ResponseText.ShouldBe("Bob le Magnifique");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal("Bob le Magnifique", response.ResponseText);
         }
 
         [Fact]
@@ -160,7 +159,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         var identity = (ClaimsIdentity)context.AuthenticationTicket.Principal.Identity;
                         var identifier = identity.FindFirst(ClaimTypes.NameIdentifier);
 
-                        identifier.Value.ShouldBe("Bob le Tout Puissant");
+                        Assert.Equal("Bob le Tout Puissant", identifier.Value);
 
                         // Remove the existing NameIdentifier claim and replace it
                         // with a new one containing a different value.
@@ -177,8 +176,8 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            response.ResponseText.ShouldBe("Bob le Magnifique");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal("Bob le Magnifique", response.ResponseText);
         }
 
         [Fact]
@@ -216,8 +215,8 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            response.ResponseText.ShouldBe("Bob le Magnifique");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal("Bob le Magnifique", response.ResponseText);
         }
 
         [Fact]
@@ -248,7 +247,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
+            Assert.Equal(HttpStatusCode.Forbidden, response.Response.StatusCode);
         }
         
         [Fact]
@@ -279,7 +278,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized");
-            response.Response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
         class BlobTokenValidator : ISecurityTokenValidator
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 33a58bca43..4972086ff3 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -17,7 +17,6 @@ using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.WebEncoders;
 using Newtonsoft.Json;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
@@ -42,9 +41,9 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                     };
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("custom=test");
+            Assert.Contains("custom=test", query);
         }
 
         [Fact]
@@ -56,7 +55,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -68,7 +67,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -80,7 +79,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 options.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -93,14 +92,14 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                     options.ClientSecret = "Test Client Secret";
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            location.ShouldContain("https://login.live.com/oauth20_authorize.srf");
-            location.ShouldContain("response_type=code");
-            location.ShouldContain("client_id=");
-            location.ShouldContain("redirect_uri=");
-            location.ShouldContain("scope=");
-            location.ShouldContain("state=");
+            Assert.Contains("https://login.live.com/oauth20_authorize.srf", location);
+            Assert.Contains("response_type=code", location);
+            Assert.Contains("client_id=", location);
+            Assert.Contains("redirect_uri=", location);
+            Assert.Contains("scope=", location);
+            Assert.Contains("state=", location);
         }
 
         [Fact]
@@ -164,16 +163,16 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             var transaction = await server.SendAsync(
                 "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.GetValues("Location").First().ShouldBe("/me");
-            transaction.SetCookie.Count.ShouldBe(2);
-            transaction.SetCookie[0].ShouldContain(correlationKey);
-            transaction.SetCookie[1].ShouldContain(".AspNet." + TestExtensions.CookieAuthenticationScheme);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/me", authCookie);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            transaction.FindClaimValue("RefreshToken").ShouldBe("Test Refresh Token");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken"));
         }
 
         private static TestServer CreateServer(Action<MicrosoftAccountOptions> configureOptions)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 1d5741478a..4822ffbf5c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -20,7 +20,6 @@ using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Moq;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
@@ -41,20 +40,20 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         public void LoggingLevel()
         {
             var logger = new InMemoryLogger(LogLevel.Debug);
-            logger.IsEnabled(LogLevel.Critical).ShouldBe<bool>(true);
-            logger.IsEnabled(LogLevel.Debug).ShouldBe<bool>(true);
-            logger.IsEnabled(LogLevel.Error).ShouldBe<bool>(true);
-            logger.IsEnabled(LogLevel.Information).ShouldBe<bool>(true);
-            logger.IsEnabled(LogLevel.Verbose).ShouldBe<bool>(true);
-            logger.IsEnabled(LogLevel.Warning).ShouldBe<bool>(true);
+            Assert.True(logger.IsEnabled(LogLevel.Critical));
+            Assert.True(logger.IsEnabled(LogLevel.Debug));
+            Assert.True(logger.IsEnabled(LogLevel.Error));
+            Assert.True(logger.IsEnabled(LogLevel.Information));
+            Assert.True(logger.IsEnabled(LogLevel.Verbose));
+            Assert.True(logger.IsEnabled(LogLevel.Warning));
 
             logger = new InMemoryLogger(LogLevel.Critical);
-            logger.IsEnabled(LogLevel.Critical).ShouldBe<bool>(true);
-            logger.IsEnabled(LogLevel.Debug).ShouldBe<bool>(false);
-            logger.IsEnabled(LogLevel.Error).ShouldBe<bool>(false);
-            logger.IsEnabled(LogLevel.Information).ShouldBe<bool>(false);
-            logger.IsEnabled(LogLevel.Verbose).ShouldBe<bool>(false);
-            logger.IsEnabled(LogLevel.Warning).ShouldBe<bool>(false);
+            Assert.True(logger.IsEnabled(LogLevel.Critical));
+            Assert.False(logger.IsEnabled(LogLevel.Debug));
+            Assert.False(logger.IsEnabled(LogLevel.Error));
+            Assert.False(logger.IsEnabled(LogLevel.Information));
+            Assert.False(logger.IsEnabled(LogLevel.Verbose));
+            Assert.False(logger.IsEnabled(LogLevel.Warning));
         }
 
         [Theory, MemberData("AuthenticateCoreStateDataSet")]
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 8e2c4ba7d8..eb1d705776 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -20,7 +20,6 @@ using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Moq;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
@@ -51,9 +50,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 options.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost;
             });
             var transaction = await SendAsync(server, DefaultHost + Challenge);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
-            transaction.Response.Content.Headers.ContentType.MediaType.ShouldBe("text/html");
-            transaction.ResponseText.ShouldContain("form");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal("text/html", transaction.Response.Content.Headers.ContentType.MediaType);
+            Assert.Contains("form", transaction.ResponseText);
         }
 
         [Fact]
@@ -68,7 +67,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
@@ -84,12 +83,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var transaction = await SendAsync(server, DefaultHost + Challenge);
 
             var firstCookie = transaction.SetCookie.First();
-            firstCookie.ShouldContain(OpenIdConnectDefaults.CookieNoncePrefix);
-            firstCookie.ShouldContain("Expires");
+            Assert.Contains(OpenIdConnectDefaults.CookieNoncePrefix, firstCookie);
+            Assert.Contains("expires", firstCookie);
 
             var secondCookie = transaction.SetCookie.Skip(1).First();
-            secondCookie.ShouldContain(OpenIdConnectDefaults.CookieStatePrefix);
-            secondCookie.ShouldContain("Expires");
+            Assert.Contains(OpenIdConnectDefaults.CookieStatePrefix, secondCookie);
+            Assert.Contains("expires", secondCookie);
         }
 
         [Fact]
@@ -102,7 +101,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
@@ -127,7 +126,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
             var server = CreateServer(SetProtocolMessageOptions);
             var transaction = await SendAsync(server, DefaultHost + challenge);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
         }
 
@@ -181,7 +180,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             }, null, properties);
 
             var transaction = await SendAsync(server, DefaultHost + challenge);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
 
             if (challenge != ChallengeWithProperties)
             {
@@ -234,7 +233,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             queryValuesSetInEvent.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
@@ -301,8 +300,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
 
             var transaction = await SendAsync(server, DefaultHost + Signout);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.AbsoluteUri.ShouldBe(configuration.EndSessionEndpoint);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal(configuration.EndSessionEndpoint, transaction.Response.Headers.Location.AbsoluteUri);
         }
 
         [Fact]
@@ -318,8 +317,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
 
             var transaction = await SendAsync(server, DefaultHost + Signout);
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(UrlEncoder.Default.UrlEncode("https://example.com/logout"));
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Contains(UrlEncoder.Default.UrlEncode("https://example.com/logout"), transaction.Response.Headers.Location.AbsoluteUri);
         }
 
         [Fact]
@@ -335,8 +334,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             });
 
             var transaction = await SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
-            transaction.Response.Headers.Location.AbsoluteUri.ShouldContain(UrlEncoder.Default.UrlEncode("http://www.example.com/specific_redirect_uri"));
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Contains(UrlEncoder.Default.UrlEncode("http://www.example.com/specific_redirect_uri"), transaction.Response.Headers.Location.AbsoluteUri);
         }
 
         private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
@@ -466,21 +465,21 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
             DateTime utcNow = DateTime.UtcNow;
 
-            GetNonceExpirationTime(noncePrefix + DateTime.MaxValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MaxValue);
+            Assert.Equal(DateTime.MaxValue, GetNonceExpirationTime(noncePrefix + DateTime.MaxValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)));
 
-            GetNonceExpirationTime(noncePrefix + DateTime.MinValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue + TimeSpan.FromHours(1));
+            Assert.Equal(DateTime.MinValue + TimeSpan.FromHours(1), GetNonceExpirationTime(noncePrefix + DateTime.MinValue.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)));
 
-            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
+            Assert.Equal(utcNow + TimeSpan.FromHours(1), GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)));
 
-            GetNonceExpirationTime(noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+            Assert.Equal(DateTime.MinValue, GetNonceExpirationTime(noncePrefix, TimeSpan.FromHours(1)));
 
-            GetNonceExpirationTime("", TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+            Assert.Equal(DateTime.MinValue, GetNonceExpirationTime("", TimeSpan.FromHours(1)));
 
-            GetNonceExpirationTime(noncePrefix + noncePrefix, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+            Assert.Equal(DateTime.MinValue, GetNonceExpirationTime(noncePrefix + noncePrefix, TimeSpan.FromHours(1)));
 
-            GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(utcNow + TimeSpan.FromHours(1));
+            Assert.Equal(utcNow + TimeSpan.FromHours(1), GetNonceExpirationTime(noncePrefix + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)));
 
-            GetNonceExpirationTime(utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)).ShouldBe(DateTime.MinValue);
+            Assert.Equal(DateTime.MinValue, GetNonceExpirationTime(utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter + utcNow.Ticks.ToString(CultureInfo.InvariantCulture) + nonceDelimiter, TimeSpan.FromHours(1)));
         }
 
         private static DateTime GetNonceExpirationTime(string keyname, TimeSpan nonceLifetime)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index b8c2a1a72e..380158ef6c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -10,7 +10,6 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
-using Shouldly;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Twitter
@@ -57,9 +56,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            query.ShouldContain("custom=test");
+            Assert.Contains("custom=test", query);
         }
 
         [Fact]
@@ -71,7 +70,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 options.ConsumerSecret = "Test Consumer Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -83,7 +82,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 options.ConsumerSecret = "Test Consumer Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
@@ -95,7 +94,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 options.ConsumerSecret = "Test Consumer Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
 
@@ -131,9 +130,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
-            transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            location.ShouldContain("https://twitter.com/oauth/authenticate?oauth_token=");
+            Assert.Contains("https://twitter.com/oauth/authenticate?oauth_token=", location);
         }
 
         private static TestServer CreateServer(Action<TwitterOptions> configure, Func<HttpContext, bool> handler = null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 2cb6265c78..10f0e221a2 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -1,28 +1,25 @@
 {
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.TestHost": "1.0.0-*",
-        "Moq": "4.2.1312.1622",
-        "xunit.runner.aspnet": "2.0.0-aspnet-*"
-    },
-    "commands": {
-        "test": "xunit.runner.aspnet"
-    },
-    "frameworks": {
-        "dnx451": {
-            "dependencies": {
-                "Shouldly": "1.1.1.1"
-            }
-        }
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
+    "Microsoft.AspNet.DataProtection": "1.0.0-*",
+    "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "Moq": "4.2.1312.1622",
+    "xunit.runner.aspnet": "2.0.0-aspnet-*"
+  },
+  "commands": {
+    "test": "xunit.runner.aspnet"
+  },
+  "frameworks": {
+    "dnx451": {
     }
+  }
 }

From f0792f2b2e6d84be5eb057098f52014b2aa59094 Mon Sep 17 00:00:00 2001
From: Jason Loeffler <jloeffler@clearent.com>
Date: Tue, 15 Sep 2015 23:11:11 -0500
Subject: [PATCH 330/900] Remove Shouldly and Moq from
 Microsoft.AspNet.Authorization.Tests.  Enable dnxcore50 in this project.

---
 .../project.json                              | 32 +++++++++----------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index 11667dc4e5..d00f53b651 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -1,21 +1,19 @@
 {
-    "compilationOptions": {
-        "warningsAsErrors": true
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authorization": "1.0.0-*",
+    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+    "xunit.runner.aspnet": "2.0.0-aspnet-*"
+  },
+  "commands": {
+    "test": "xunit.runner.aspnet"
+  },
+  "frameworks": {
+    "dnx451": {
     },
-    "dependencies": {
-        "Microsoft.AspNet.Authorization": "1.0.0-*",
-        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
-        "Moq": "4.2.1312.1622",
-        "xunit.runner.aspnet": "2.0.0-aspnet-*"
-    },
-    "commands": {
-        "test": "xunit.runner.aspnet"
-    },
-    "frameworks": {
-        "dnx451": {
-            "dependencies": {
-                "Shouldly": "1.1.1.1"
-            }
-        }
+    "dnxcore50": {
     }
+  }
 }

From 92d5e4ce77b8896f5bb96f5d35e41a718d5afb33 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 16 Sep 2015 11:28:16 -0700
Subject: [PATCH 331/900] Fix test for CoreClr.

---
 .../DefaultAuthorizationServiceTests.cs                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 41c1c79d62..e08dbeb003 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -318,7 +318,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var user = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
-                        new Claim(ClaimTypes.Role, ""),
+                        new Claim(ClaimTypes.Role, "none"),
                     },
                     "Basic")
                 );

From 1c0768fb71cc820f44ad1593d383fe28c26782ad Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 16 Sep 2015 14:31:36 -0700
Subject: [PATCH 332/900] #372 Flow mutable event state. #358 Add a
 UserInformationReceived event. #327 Add AuthenticationCompleted event. #340
 Split the Redirect event for Authentication and SignOut. Rename
 OnAuthorizationCodeRedeemed to OnTokenResponseReceived. Move IdTokenReceived
 to AuthorizationResponseReceived. Rename IdTokenValidated to
 AuthenticationValidated.

---
 .../Events/AuthenticationCompletedContext.cs  |  15 +
 ...t.cs => AuthenticationValidatedContext.cs} |   8 +-
 ...> AuthorizationResponseReceivedContext.cs} |   7 +-
 .../Events/IOpenIdConnectEvents.cs            |  31 +-
 .../Events/OpenIdConnectEvents.cs             |  45 ++-
 .../Events/RedirectContext.cs                 |  25 ++
 .../RedirectToIdentityProviderContext.cs      |  30 --
 ...ext.cs => TokenResponseReceivedContext.cs} |  11 +-
 .../Events/UserInformationReceivedContext.cs  |  21 ++
 .../OpenIdConnectHandler.cs                   | 285 +++++++++--------
 .../OpenIdConnectTokenEndpointResponse.cs     |  11 +-
 .../Properties/Resources.Designer.cs          | 112 -------
 .../Resources.resx                            |  21 --
 .../AuthenticationHandlerFacts.cs             |   2 -
 ...nIdConnectHandlerForTestingAuthenticate.cs |   2 +-
 .../OpenIdConnectHandlerTests.cs              | 290 +-----------------
 .../OpenIdConnectMiddlewareTests.cs           |  48 ++-
 17 files changed, 337 insertions(+), 627 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/{SecurityTokenReceivedContext.cs => AuthenticationValidatedContext.cs} (62%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/{SecurityTokenValidatedContext.cs => AuthorizationResponseReceivedContext.cs} (59%)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/{AuthorizationCodeRedeemedContext.cs => TokenResponseReceivedContext.cs} (70%)
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs
new file mode 100644
index 0000000000..820b4f948b
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs
@@ -0,0 +1,15 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class AuthenticationCompletedContext : BaseControlContext<OpenIdConnectOptions>
+    {
+        public AuthenticationCompletedContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context, options)
+        {
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
similarity index 62%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
index 570942c6a0..15d5f73046 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
@@ -6,15 +6,15 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class SecurityTokenReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthenticationValidatedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, OpenIdConnectOptions options)
+        public AuthenticationValidatedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        public string SecurityToken { get; set; }
-
         public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        public OpenIdConnectTokenEndpointResponse TokenEndpointResponse { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
similarity index 59%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
index 70392282f1..cd2a3c65b9 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/SecurityTokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
@@ -2,17 +2,20 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class SecurityTokenValidatedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthorizationResponseReceivedContext : BaseControlContext<OpenIdConnectOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, OpenIdConnectOptions options)
+        public AuthorizationResponseReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
         public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        public AuthenticationProperties Properties { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
index a6b4fcedf2..a5953743be 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
@@ -10,20 +10,30 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     public interface IOpenIdConnectEvents
     {
+        /// <summary>
+        /// Invoked when the authentication process completes.
+        /// </summary>
+        Task AuthenticationCompleted(AuthenticationCompletedContext context);
+
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
         Task AuthenticationFailed(AuthenticationFailedContext context);
 
+        /// <summary>
+        /// Invoked after the id token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        Task AuthenticationValidated(AuthenticationValidatedContext context);
+
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
         Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context);
 
         /// <summary>
-        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// Invoked when an authorization response is received.
         /// </summary>
-        Task AuthorizationCodeRedeemed(AuthorizationCodeRedeemedContext context);
+        Task AuthorizationResponseReceived(AuthorizationResponseReceivedContext context);
 
         /// <summary>
         /// Invoked when a protocol message is first received.
@@ -31,18 +41,23 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         Task MessageReceived(MessageReceivedContext context);
 
         /// <summary>
-        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context);
+        Task RedirectToAuthenticationEndpoint(RedirectContext context);
 
         /// <summary>
-        /// Invoked with the security token that has been extracted from the protocol message.
+        /// Invoked before redirecting to the identity provider to sign out.
         /// </summary>
-        Task SecurityTokenReceived(SecurityTokenReceivedContext context);
+        Task RedirectToEndSessionEndpoint(RedirectContext context);
 
         /// <summary>
-        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
-        Task SecurityTokenValidated(SecurityTokenValidatedContext context);
+        Task TokenResponseReceived(TokenResponseReceivedContext context);
+
+        /// <summary>
+        /// Invoked when user information is retrieved from the UserInfoEndpoint.
+        /// </summary>
+        Task UserInformationReceived(UserInformationReceivedContext context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index 90ab05eedf..a2d65c12b5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -11,20 +11,30 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     public class OpenIdConnectEvents : IOpenIdConnectEvents
     {
+        /// <summary>
+        /// Invoked when the authentication process completes.
+        /// </summary>
+        public Func<AuthenticationCompletedContext, Task> OnAuthenticationCompleted { get; set; } = context => Task.FromResult(0);
+
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
         public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
 
+        /// <summary>
+        /// Invoked after the id token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        public Func<AuthenticationValidatedContext, Task> OnAuthenticationValidated { get; set; } = context => Task.FromResult(0);
+
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
         public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
+        /// Invoked when an authorization response is received.
         /// </summary>
-        public Func<AuthorizationCodeRedeemedContext, Task> OnAuthorizationCodeRedeemed { get; set; } = context => Task.FromResult(0);
+        public Func<AuthorizationResponseReceivedContext, Task> OnAuthorizationResponseReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked when a protocol message is first received.
@@ -32,32 +42,43 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        public Func<RedirectToIdentityProviderContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToAuthenticationEndpoint { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked with the security token that has been extracted from the protocol message.
+        /// Invoked before redirecting to the identity provider to sign out.
         /// </summary>
-        public Func<SecurityTokenReceivedContext, Task> OnSecurityTokenReceived { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToEndSessionEndpoint { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
-        public Func<SecurityTokenValidatedContext, Task> OnSecurityTokenValidated { get; set; } = context => Task.FromResult(0);
+        public Func<TokenResponseReceivedContext, Task> OnTokenResponseReceived { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when user information is retrieved from the UserInfoEndpoint.
+        /// </summary>
+        public Func<UserInformationReceivedContext, Task> OnUserInformationReceived { get; set; } = context => Task.FromResult(0);
+
+        public virtual Task AuthenticationCompleted(AuthenticationCompletedContext context) => OnAuthenticationCompleted(context);
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
+        public virtual Task AuthenticationValidated(AuthenticationValidatedContext context) => OnAuthenticationValidated(context);
+
         public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
 
-        public virtual Task AuthorizationCodeRedeemed(AuthorizationCodeRedeemedContext context) => OnAuthorizationCodeRedeemed(context);
+        public virtual Task AuthorizationResponseReceived(AuthorizationResponseReceivedContext context) => OnAuthorizationResponseReceived(context);
 
         public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
 
-        public virtual Task RedirectToIdentityProvider(RedirectToIdentityProviderContext context) => OnRedirectToIdentityProvider(context);
+        public virtual Task RedirectToAuthenticationEndpoint(RedirectContext context) => OnRedirectToAuthenticationEndpoint(context);
 
-        public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) => OnSecurityTokenReceived(context);
+        public virtual Task RedirectToEndSessionEndpoint(RedirectContext context) => OnRedirectToEndSessionEndpoint(context);
 
-        public virtual Task SecurityTokenValidated(SecurityTokenValidatedContext context) => OnSecurityTokenValidated(context);
+        public virtual Task TokenResponseReceived(TokenResponseReceivedContext context) => OnTokenResponseReceived(context);
+
+        public virtual Task UserInformationReceived(UserInformationReceivedContext context) => OnUserInformationReceived(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
new file mode 100644
index 0000000000..14b168aaad
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// When a user configures the <see cref="OpenIdConnectMiddleware"/> to be notified prior to redirecting to an IdentityProvider
+    /// an instance of <see cref="RedirectContext"/> is passed to the 'RedirectToAuthenticationEndpoint' or 'RedirectToEndSessionEndpoint' events.
+    /// </summary>
+    public class RedirectContext : BaseControlContext<OpenIdConnectOptions>
+    {
+        public RedirectContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context, options)
+        {
+        }
+
+        /// <summary>
+        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
+        /// </summary>
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
deleted file mode 100644
index ca7ba6ca87..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectToIdentityProviderContext.cs
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    /// <summary>
-    /// When a user configures the <see cref="AuthenticationMiddleware{TOptions}"/> to be notified prior to redirecting to an IdentityProvider
-    /// an instance of <see cref="RedirectToIdentityProviderContext"/> is passed to the 'RedirectToIdentityProvider" event.
-    /// </summary>
-    /// <typeparam name="TMessage">protocol specific message.</typeparam>
-    /// <typeparam name="TOptions">protocol specific options.</typeparam>
-    public class RedirectToIdentityProviderContext : BaseControlContext<OpenIdConnectOptions>
-    {
-        public RedirectToIdentityProviderContext([NotNull] HttpContext context, [NotNull] OpenIdConnectOptions options)
-            : base(context, options)
-        {
-        }
-
-        /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
-        /// </summary>
-        /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
-        public OpenIdConnectMessage ProtocolMessage { get; [param: NotNull] set; }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
similarity index 70%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index 4794319126..e4f1bd7a0c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeRedeemedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -6,21 +6,16 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
     /// </summary>
-    public class AuthorizationCodeRedeemedContext : BaseControlContext<OpenIdConnectOptions>
+    public class TokenResponseReceivedContext : BaseControlContext<OpenIdConnectOptions>
     {
         /// <summary>
-        /// Creates a <see cref="AuthorizationCodeRedeemedContext"/>
+        /// Creates a <see cref="TokenResponseReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeRedeemedContext(HttpContext context, OpenIdConnectOptions options)
+        public TokenResponseReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        /// <summary>
-        /// Gets or sets the 'code'.
-        /// </summary>
-        public string Code { get; set; }
-
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectTokenEndpointResponse"/> that contains the tokens and json response received after redeeming the code at the token endpoint.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
new file mode 100644
index 0000000000..27c989bb6d
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class UserInformationReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    {
+        public UserInformationReceivedContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context, options)
+        {
+        }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        public JObject User { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 182f8d1aee..9f1ea06519 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -74,7 +74,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var message = new OpenIdConnectMessage()
                 {
                     IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
-                    RequestType = OpenIdConnectRequestType.LogoutRequest,
                 };
 
                 // Set End_Session_Endpoint in order:
@@ -90,24 +89,24 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
                 }
 
-                var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext(Context, Options)
+                var redirectContext = new RedirectContext(Context, Options)
                 {
                     ProtocolMessage = message
                 };
 
-                await Options.Events.RedirectToIdentityProvider(redirectToIdentityProviderContext);
-                if (redirectToIdentityProviderContext.HandledResponse)
+                await Options.Events.RedirectToEndSessionEndpoint(redirectContext);
+                if (redirectContext.HandledResponse)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderContextHandledResponse);
+                    Logger.LogVerbose("RedirectToEndSessionEndpoint.HandledResponse");
                     return;
                 }
-                else if (redirectToIdentityProviderContext.Skipped)
+                else if (redirectContext.Skipped)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderContextSkipped);
+                    Logger.LogVerbose("RedirectToEndSessionEndpoint.Skipped");
                     return;
                 }
 
-                message = redirectToIdentityProviderContext.ProtocolMessage;
+                message = redirectContext.ProtocolMessage;
 
                 if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
                 {
@@ -183,8 +182,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ClientId = Options.ClientId,
                 IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty,
                 RedirectUri = Options.RedirectUri,
-                // [brentschmaltz] - #215 this should be a property on RedirectToIdentityProviderContext not on the OIDCMessage.
-                RequestType = OpenIdConnectRequestType.AuthenticationRequest,
                 Resource = Options.Resource,
                 ResponseType = Options.ResponseType,
                 Scope = string.Join(" ", Options.Scope)
@@ -207,29 +204,29 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             GenerateCorrelationId(properties);
 
-            var redirectToIdentityProviderContext = new RedirectToIdentityProviderContext(Context, Options)
+            var redirectContext = new RedirectContext(Context, Options)
             {
                 ProtocolMessage = message
             };
 
-            await Options.Events.RedirectToIdentityProvider(redirectToIdentityProviderContext);
-            if (redirectToIdentityProviderContext.HandledResponse)
+            await Options.Events.RedirectToAuthenticationEndpoint(redirectContext);
+            if (redirectContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0034_RedirectToIdentityProviderContextHandledResponse);
+                Logger.LogVerbose("RedirectToAuthenticationEndpoint.HandledResponse");
                 return true;
             }
-            else if (redirectToIdentityProviderContext.Skipped)
+            else if (redirectContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0035_RedirectToIdentityProviderContextSkipped);
+                Logger.LogVerbose("RedirectToAuthenticationEndpoint.Skipped");
                 return false;
             }
 
-            if (!string.IsNullOrEmpty(redirectToIdentityProviderContext.ProtocolMessage.State))
-            {
-                properties.Items[OpenIdConnectDefaults.UserstatePropertiesKey] = redirectToIdentityProviderContext.ProtocolMessage.State;
-            }
+            message = redirectContext.ProtocolMessage;
 
-            message = redirectToIdentityProviderContext.ProtocolMessage;
+            if (!string.IsNullOrEmpty(message.State))
+            {
+                properties.Items[OpenIdConnectDefaults.UserstatePropertiesKey] = message.State;
+            }
 
             var redirectUriForCode = message.RedirectUri;
             if (string.IsNullOrEmpty(redirectUriForCode))
@@ -350,36 +347,35 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     return null;
                 }
+                message = messageReceivedContext.ProtocolMessage;
 
-                var properties = new AuthenticationProperties();
-
-                // if state is missing, just log it
+                // Fail if state is missing, it's required for the correlation id.
                 if (string.IsNullOrEmpty(message.State))
                 {
-                    Logger.LogWarning(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
+                    Logger.LogError(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
+                    return null;
                 }
-                else
-                {
-                    // if state exists and we failed to 'unprotect' this is not a message we should process.
-                    properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(message.State));
-                    if (properties == null)
-                    {
-                        Logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
-                        return null;
-                    }
 
-                    string userstate = null;
-                    properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out userstate);
-                    message.State = userstate;
+                // if state exists and we failed to 'unprotect' this is not a message we should process.
+                var properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(message.State));
+                if (properties == null)
+                {
+                    Logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
+                    return null;
                 }
 
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(message.Error))
                 {
                     Logger.LogError(Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
-                    throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null"));
+                    throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null"));
                 }
 
+                string userstate = null;
+                properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out userstate);
+                message.State = userstate;
+
+
                 if (!ValidateCorrelationId(properties))
                 {
                     return null;
@@ -391,6 +387,26 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
+                Logger.LogDebug("Authorization response received.");
+                var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options)
+                {
+                    ProtocolMessage = message,
+                    Properties = properties
+                };
+                await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
+                if (authorizationResponseReceivedContext.HandledResponse)
+                {
+                    Logger.LogVerbose("AuthorizationResponseReceived.HandledResponse");
+                    return authorizationResponseReceivedContext.AuthenticationTicket;
+                }
+                else if (authorizationResponseReceivedContext.Skipped)
+                {
+                    Logger.LogVerbose("AuthorizationResponseReceived.Skipped");
+                    return null;
+                }
+                message = authorizationResponseReceivedContext.ProtocolMessage;
+                properties = authorizationResponseReceivedContext.Properties;
+
                 if (string.IsNullOrEmpty(message.IdToken) && !string.IsNullOrEmpty(message.Code))
                 {
                     return await HandleCodeOnlyFlow(message, properties);
@@ -433,13 +449,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
         }
 
+        // Authorization Code Flow
         private async Task<AuthenticationTicket> HandleCodeOnlyFlow(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             AuthenticationTicket ticket = null;
             JwtSecurityToken jwt = null;
 
-            OpenIdConnectTokenEndpointResponse tokenEndpointResponse = null;
-            string idToken = null;
             var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
@@ -449,14 +464,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 return null;
             }
+            message = authorizationCodeReceivedContext.ProtocolMessage;
+            var code = authorizationCodeReceivedContext.Code;
 
             // Redeeming authorization code for tokens
-            Logger.LogDebug(Resources.OIDCH_0038_Redeeming_Auth_Code, message.Code);
+            Logger.LogDebug(Resources.OIDCH_0038_Redeeming_Auth_Code, code);
 
-            tokenEndpointResponse = await RedeemAuthorizationCodeAsync(message.Code, authorizationCodeReceivedContext.RedirectUri);
-            idToken = tokenEndpointResponse.Message.IdToken;
+            var tokenEndpointResponse = await RedeemAuthorizationCodeAsync(code, authorizationCodeReceivedContext.RedirectUri);
 
-            var authorizationCodeRedeemedContext = await RunAuthorizationCodeRedeemedEventAsync(message, tokenEndpointResponse);
+            var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(message, tokenEndpointResponse);
             if (authorizationCodeRedeemedContext.HandledResponse)
             {
                 return authorizationCodeRedeemedContext.AuthenticationTicket;
@@ -466,63 +482,61 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 return null;
             }
 
+            message = authorizationCodeRedeemedContext.ProtocolMessage;
+            tokenEndpointResponse = authorizationCodeRedeemedContext.TokenEndpointResponse;
+
             // no need to validate signature when token is received using "code flow" as per spec [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
             var validationParameters = Options.TokenValidationParameters.Clone();
             validationParameters.ValidateSignature = false;
 
-            ticket = ValidateToken(idToken, message, properties, validationParameters, out jwt);
+            ticket = ValidateToken(tokenEndpointResponse.ProtocolMessage.IdToken, message, properties, validationParameters, out jwt);
 
             await ValidateOpenIdConnectProtocolAsync(null, message);
 
+            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse);
+            if (authenticationValidatedContext.HandledResponse)
+            {
+                return authenticationValidatedContext.AuthenticationTicket;
+            }
+            else if (authenticationValidatedContext.Skipped)
+            {
+                return null;
+            }
+            ticket = authenticationValidatedContext.AuthenticationTicket;
+
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
                 Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint);
-                ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket);
-            }
-
-            var securityTokenValidatedContext = await RunSecurityTokenValidatedEventAsync(message, ticket);
-            if (securityTokenValidatedContext.HandledResponse)
-            {
-                return securityTokenValidatedContext.AuthenticationTicket;
-            }
-            else if (securityTokenValidatedContext.Skipped)
-            {
-                return null;
+                ticket = await GetUserInformationAsync(tokenEndpointResponse.ProtocolMessage, ticket);
             }
 
             return ticket;
         }
 
+        // Implicit Flow or Hybrid Flow
         private async Task<AuthenticationTicket> HandleIdTokenFlows(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
-            AuthenticationTicket ticket = null;
+            Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
+
             JwtSecurityToken jwt = null;
-
-            var securityTokenReceivedContext = await RunSecurityTokenReceivedEventAsync(message);
-            if (securityTokenReceivedContext.HandledResponse)
-            {
-                return securityTokenReceivedContext.AuthenticationTicket;
-            }
-            else if (securityTokenReceivedContext.Skipped)
-            {
-                return null;
-            }
-
             var validationParameters = Options.TokenValidationParameters.Clone();
-            ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
+            var ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
 
             await ValidateOpenIdConnectProtocolAsync(jwt, message);
 
-            var securityTokenValidatedContext = await RunSecurityTokenValidatedEventAsync(message, ticket);
-            if (securityTokenValidatedContext.HandledResponse)
+            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse: null);
+            if (authenticationValidatedContext.HandledResponse)
             {
-                return securityTokenValidatedContext.AuthenticationTicket;
+                return authenticationValidatedContext.AuthenticationTicket;
             }
-            else if (securityTokenValidatedContext.Skipped)
+            else if (authenticationValidatedContext.Skipped)
             {
                 return null;
             }
+            message = authenticationValidatedContext.ProtocolMessage;
+            ticket = authenticationValidatedContext.AuthenticationTicket;
 
+            // Hybrid Flow
             if (message.Code != null)
             {
                 var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
@@ -534,6 +548,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     return null;
                 }
+                ticket = authorizationCodeReceivedContext.AuthenticationTicket;
             }
 
             return ticket;
@@ -568,17 +583,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Goes to UserInfo endpoint to retrieve additional claims and add any unique claims to the given identity.
         /// </summary>
-        /// <param name="properties">Authentication Properties</param>
         /// <param name="message">message that is being processed</param>
         /// <param name="ticket">authentication ticket with claims principal and identities</param>
         /// <returns>Authentication ticket with identity with additional claims, if any.</returns>
-        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, OpenIdConnectMessage message, AuthenticationTicket ticket)
+        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
         {
-            string userInfoEndpoint = null;
-            if (_configuration != null)
-            {
-                userInfoEndpoint = _configuration.UserInfoEndpoint;
-            }
+            string userInfoEndpoint = _configuration?.UserInfoEndpoint;
 
             if (string.IsNullOrEmpty(userInfoEndpoint))
             {
@@ -593,6 +603,18 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var userInfoResponse = await responseMessage.Content.ReadAsStringAsync();
             var user = JObject.Parse(userInfoResponse);
 
+            var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
+            if (userInformationReceivedContext.HandledResponse)
+            {
+                return userInformationReceivedContext.AuthenticationTicket;
+            }
+            else if (userInformationReceivedContext.Skipped)
+            {
+                return null;
+            }
+            ticket = userInformationReceivedContext.AuthenticationTicket;
+            user = userInformationReceivedContext.User;
+
             var identity = (ClaimsIdentity)ticket.Principal.Identity;
             var subjectClaimType = identity.FindFirst(ClaimTypes.NameIdentifier);
             if (subjectClaimType == null)
@@ -846,68 +868,71 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return authorizationCodeReceivedContext;
         }
 
-        private async Task<AuthorizationCodeRedeemedContext> RunAuthorizationCodeRedeemedEventAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
+        private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
         {
-            Logger.LogDebug(Resources.OIDCH_0042_AuthorizationCodeRedeemed, message.Code);
-            var authorizationCodeRedeemedContext = new AuthorizationCodeRedeemedContext(Context, Options)
+            Logger.LogDebug("Token response received.");
+            var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options)
             {
-                Code = message.Code,
                 ProtocolMessage = message,
                 TokenEndpointResponse = tokenEndpointResponse
             };
 
-            await Options.Events.AuthorizationCodeRedeemed(authorizationCodeRedeemedContext);
-            if (authorizationCodeRedeemedContext.HandledResponse)
+            await Options.Events.TokenResponseReceived(tokenResponseReceivedContext);
+            if (tokenResponseReceivedContext.HandledResponse)
             {
                 Logger.LogVerbose(Resources.OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse);
             }
-            else if (authorizationCodeRedeemedContext.Skipped)
+            else if (tokenResponseReceivedContext.Skipped)
             {
                 Logger.LogVerbose(Resources.OIDCH_0044_AuthorizationCodeRedeemedContextSkipped);
             }
-            return authorizationCodeRedeemedContext;
+            return tokenResponseReceivedContext;
         }
 
-        private async Task<SecurityTokenReceivedContext> RunSecurityTokenReceivedEventAsync(OpenIdConnectMessage message)
+        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
         {
-            Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
-            var securityTokenReceivedContext = new SecurityTokenReceivedContext(Context, Options)
-            {
-                ProtocolMessage = message,
-            };
-
-            await Options.Events.SecurityTokenReceived(securityTokenReceivedContext);
-            if (securityTokenReceivedContext.HandledResponse)
-            {
-                Logger.LogVerbose(Resources.OIDCH_0008_SecurityTokenReceivedContextHandledResponse);
-            }
-            else if (securityTokenReceivedContext.Skipped)
-            {
-                Logger.LogVerbose(Resources.OIDCH_0009_SecurityTokenReceivedContextSkipped);
-            }
-
-            return securityTokenReceivedContext;
-        }
-
-        private async Task<SecurityTokenValidatedContext> RunSecurityTokenValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
-        {
-            var securityTokenValidatedContext = new SecurityTokenValidatedContext(Context, Options)
+            var authenticationValidatedContext = new AuthenticationValidatedContext(Context, Options)
             {
                 AuthenticationTicket = ticket,
-                ProtocolMessage = message
+                ProtocolMessage = message,
+                TokenEndpointResponse = tokenEndpointResponse,
             };
 
-            await Options.Events.SecurityTokenValidated(securityTokenValidatedContext);
-            if (securityTokenValidatedContext.HandledResponse)
+            await Options.Events.AuthenticationValidated(authenticationValidatedContext);
+            if (authenticationValidatedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0012_SecurityTokenValidatedContextHandledResponse);
+                Logger.LogVerbose("AuthenticationValidated.HandledResponse");
             }
-            else if (securityTokenValidatedContext.Skipped)
+            else if (authenticationValidatedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0013_SecurityTokenValidatedContextSkipped);
+                Logger.LogVerbose("AuthenticationValidated.Skipped");
             }
 
-            return securityTokenValidatedContext;
+            return authenticationValidatedContext;
+        }
+
+        private async Task<UserInformationReceivedContext> RunUserInformationReceivedEventAsync(AuthenticationTicket ticket, OpenIdConnectMessage message, JObject user)
+        {
+            Logger.LogDebug("User information received:" + user.ToString());
+
+            var userInformationReceivedContext = new UserInformationReceivedContext(Context, Options)
+            {
+                AuthenticationTicket = ticket,
+                ProtocolMessage = message,
+                User = user,
+            };
+
+            await Options.Events.UserInformationReceived(userInformationReceivedContext);
+            if (userInformationReceivedContext.HandledResponse)
+            {
+                Logger.LogVerbose("The UserInformationReceived event returned Handled.");
+            }
+            else if (userInformationReceivedContext.Skipped)
+            {
+                Logger.LogVerbose("The UserInformationReceived event returned Skipped.");
+            }
+
+            return userInformationReceivedContext;
         }
 
         private async Task<AuthenticationFailedContext> RunAuthenticationFailedEventAsync(OpenIdConnectMessage message, Exception exception)
@@ -980,7 +1005,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ticket.Properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
             }
 
-            // Rename?
             if (Options.UseTokenLifetime)
             {
                 var issued = validatedToken.ValidFrom;
@@ -1024,14 +1048,33 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <returns>True if the request was handled, false if the next middleware should be invoked.</returns>
         public override Task<bool> InvokeAsync()
         {
-            return InvokeReplyPathAsync();
+            return InvokeReturnPathAsync();
         }
 
-        private async Task<bool> InvokeReplyPathAsync()
+        private async Task<bool> InvokeReturnPathAsync()
         {
             var ticket = await HandleAuthenticateOnceAsync();
             if (ticket != null)
             {
+                Logger.LogDebug("Authentication completed.");
+
+                var authenticationCompletedContext = new AuthenticationCompletedContext(Context, Options)
+                {
+                    AuthenticationTicket = ticket,
+                };
+                await Options.Events.AuthenticationCompleted(authenticationCompletedContext);
+                if (authenticationCompletedContext.HandledResponse)
+                {
+                    Logger.LogVerbose("The AuthenticationCompleted event returned Handled.");
+                    return true;
+                }
+                else if (authenticationCompletedContext.Skipped)
+                {
+                    Logger.LogVerbose("The AuthenticationCompleted event returned Skipped.");
+                    return false;
+                }
+                ticket = authenticationCompletedContext.AuthenticationTicket;
+
                 if (ticket.Principal != null)
                 {
                     await Request.HttpContext.Authentication.SignInAsync(Options.SignInScheme, ticket.Principal, ticket.Properties);
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
index 4be49909ee..4216e1eab5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
@@ -1,7 +1,6 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Newtonsoft.Json.Linq;
 
@@ -15,7 +14,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public OpenIdConnectTokenEndpointResponse(JObject jsonResponse)
         {
             JsonResponse = jsonResponse;
-            Message = new OpenIdConnectMessage()
+            ProtocolMessage = new OpenIdConnectMessage()
             {
                 AccessToken = JsonResponse.Value<string>(OpenIdConnectParameterNames.AccessToken),
                 IdToken = JsonResponse.Value<string>(OpenIdConnectParameterNames.IdToken),
@@ -27,7 +26,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// OpenIdConnect message that contains the id token and access tokens
         /// </summary>
-        public OpenIdConnectMessage Message { get; set; }
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
 
         /// <summary>
         /// Json response returned from the token endpoint
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
index 7a328601f0..5e7b7154ca 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
@@ -186,38 +186,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0033_NonceAlreadyExists"), p0);
         }
 
-        /// <summary>
-        /// OIDCH_0034: RedirectToIdentityProviderContext.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0034_RedirectToIdentityProviderContextHandledResponse
-        {
-            get { return GetString("OIDCH_0034_RedirectToIdentityProviderContextHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0034: RedirectToIdentityProviderContext.HandledResponse
-        /// </summary>
-        internal static string FormatOIDCH_0034_RedirectToIdentityProviderContextHandledResponse()
-        {
-            return GetString("OIDCH_0034_RedirectToIdentityProviderContextHandledResponse");
-        }
-
-        /// <summary>
-        /// OIDCH_0035: RedirectToIdentityProviderContext.Skipped
-        /// </summary>
-        internal static string OIDCH_0035_RedirectToIdentityProviderContextSkipped
-        {
-            get { return GetString("OIDCH_0035_RedirectToIdentityProviderContextSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0035: RedirectToIdentityProviderContext.Skipped
-        /// </summary>
-        internal static string FormatOIDCH_0035_RedirectToIdentityProviderContextSkipped()
-        {
-            return GetString("OIDCH_0035_RedirectToIdentityProviderContextSkipped");
-        }
-
         /// <summary>
         /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.
         /// </summary>
@@ -426,38 +394,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return GetString("OIDCH_0007_UpdatingConfiguration");
         }
 
-        /// <summary>
-        /// OIDCH_0008: SecurityTokenReceivedContext.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0008_SecurityTokenReceivedContextHandledResponse
-        {
-            get { return GetString("OIDCH_0008_SecurityTokenReceivedContextHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0008: SecurityTokenReceivedContext.HandledResponse
-        /// </summary>
-        internal static string FormatOIDCH_0008_SecurityTokenReceivedContextHandledResponse()
-        {
-            return GetString("OIDCH_0008_SecurityTokenReceivedContextHandledResponse");
-        }
-
-        /// <summary>
-        /// OIDCH_0009: SecurityTokenReceivedContext.Skipped
-        /// </summary>
-        internal static string OIDCH_0009_SecurityTokenReceivedContextSkipped
-        {
-            get { return GetString("OIDCH_0009_SecurityTokenReceivedContextSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0009: SecurityTokenReceivedContext.Skipped
-        /// </summary>
-        internal static string FormatOIDCH_0009_SecurityTokenReceivedContextSkipped()
-        {
-            return GetString("OIDCH_0009_SecurityTokenReceivedContextSkipped");
-        }
-
         /// <summary>
         /// OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.
         /// </summary>
@@ -490,38 +426,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0011_UnableToValidateToken"), p0);
         }
 
-        /// <summary>
-        /// OIDCH_0012: SecurityTokenValidatedContext.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0012_SecurityTokenValidatedContextHandledResponse
-        {
-            get { return GetString("OIDCH_0012_SecurityTokenValidatedContextHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0012: SecurityTokenValidatedContext.HandledResponse
-        /// </summary>
-        internal static string FormatOIDCH_0012_SecurityTokenValidatedContextHandledResponse()
-        {
-            return GetString("OIDCH_0012_SecurityTokenValidatedContextHandledResponse");
-        }
-
-        /// <summary>
-        /// OIDCH_0013: SecurityTokenValidatedContext.Skipped
-        /// </summary>
-        internal static string OIDCH_0013_SecurityTokenValidatedContextSkipped
-        {
-            get { return GetString("OIDCH_0013_SecurityTokenValidatedContextSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0013: SecurityTokenValidatedContext.Skipped
-        /// </summary>
-        internal static string FormatOIDCH_0013_SecurityTokenValidatedContextSkipped()
-        {
-            return GetString("OIDCH_0013_SecurityTokenValidatedContextSkipped");
-        }
-
         /// <summary>
         /// OIDCH_0014: AuthorizationCode received: '{0}'.
         /// </summary>
@@ -666,22 +570,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0041_Subject_Claim_Not_Found"), p0);
         }
 
-        /// <summary>
-        /// OIDCH_0042: Authorization Code redeemed:  '{0}'
-        /// </summary>
-        internal static string OIDCH_0042_AuthorizationCodeRedeemed
-        {
-            get { return GetString("OIDCH_0042_AuthorizationCodeRedeemed"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0042: Authorization Code redeemed:  '{0}'
-        /// </summary>
-        internal static string FormatOIDCH_0042_AuthorizationCodeRedeemed(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0042_AuthorizationCodeRedeemed"), p0);
-        }
-
         /// <summary>
         /// OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index 792e317a68..64de5d6a23 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -150,12 +150,6 @@
   <data name="OIDCH_0033_NonceAlreadyExists" xml:space="preserve">
     <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
   </data>
-  <data name="OIDCH_0034_RedirectToIdentityProviderContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0034: RedirectToIdentityProviderContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0035_RedirectToIdentityProviderContextSkipped" xml:space="preserve">
-    <value>OIDCH_0035: RedirectToIdentityProviderContext.Skipped</value>
-  </data>
   <data name="OIDCH_0036_UriIsNotWellFormed" xml:space="preserve">
     <value>OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.</value>
   </data>
@@ -195,24 +189,12 @@
   <data name="OIDCH_0007_UpdatingConfiguration" xml:space="preserve">
     <value>OIDCH_0007: Updating configuration</value>
   </data>
-  <data name="OIDCH_0008_SecurityTokenReceivedContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0008: SecurityTokenReceivedContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0009_SecurityTokenReceivedContextSkipped" xml:space="preserve">
-    <value>OIDCH_0009: SecurityTokenReceivedContext.Skipped</value>
-  </data>
   <data name="OIDCH_0010_ValidatedSecurityTokenNotJwt" xml:space="preserve">
     <value>OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.</value>
   </data>
   <data name="OIDCH_0011_UnableToValidateToken" xml:space="preserve">
     <value>OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."</value>
   </data>
-  <data name="OIDCH_0012_SecurityTokenValidatedContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0012: SecurityTokenValidatedContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0013_SecurityTokenValidatedContextSkipped" xml:space="preserve">
-    <value>OIDCH_0013: SecurityTokenValidatedContext.Skipped</value>
-  </data>
   <data name="OIDCH_0014_AuthorizationCodeReceived" xml:space="preserve">
     <value>OIDCH_0014: AuthorizationCode received: '{0}'.</value>
   </data>
@@ -240,9 +222,6 @@
   <data name="OIDCH_0041_Subject_Claim_Not_Found" xml:space="preserve">
     <value>OIDCH_0041: Subject claim not found in {0}.</value>
   </data>
-  <data name="OIDCH_0042_AuthorizationCodeRedeemed" xml:space="preserve">
-    <value>OIDCH_0042: Authorization Code redeemed:  '{0}'</value>
-  </data>
   <data name="OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse" xml:space="preserve">
     <value>OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse</value>
   </data>
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index db1a7e3a24..711e0f4b71 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -5,13 +5,11 @@ using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.Primitives;
-using Moq;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
index 2fbab74cff..f9cd88d57e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
@@ -33,7 +33,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return Task.FromResult(new OpenIdConnectTokenEndpointResponse(jsonResponse));
         }
 
-        protected override Task<AuthenticationTicket> GetUserInformationAsync(AuthenticationProperties properties, OpenIdConnectMessage message, AuthenticationTicket ticket)
+        protected override Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
         {
             var claimsIdentity = (ClaimsIdentity)ticket.Principal.Identity;
             if (claimsIdentity == null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 4822ffbf5c..d2bee5035c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
@@ -19,7 +18,6 @@ using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Moq;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
@@ -56,7 +54,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             Assert.False(logger.IsEnabled(LogLevel.Warning));
         }
 
-        [Theory, MemberData("AuthenticateCoreStateDataSet")]
+        [Theory, MemberData(nameof(AuthenticateCoreStateDataSet))]
         public async Task AuthenticateCoreState(Action<OpenIdConnectOptions> action, OpenIdConnectMessage message)
         {
             var handler = new OpenIdConnectHandlerForTestingAuthenticate();
@@ -103,7 +101,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             options.Events = new OpenIdConnectEvents()
             {
-                OnAuthorizationCodeRedeemed = context =>
+                OnTokenResponseReceived = context =>
                 {
                     context.HandleResponse();
                     if (context.ProtocolMessage.State == null && !context.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
@@ -118,271 +116,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-#region Configure Options for AuthenticateCore variations
-
-        private static void DefaultOptions(OpenIdConnectOptions options)
-        {
-            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
-            options.SignInScheme = "OpenIdConnectHandlerTest";
-            options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
-            options.ClientId = Guid.NewGuid().ToString();
-            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-        }
-
-        private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnAuthorizationCodeReceived = (context) =>
-                {
-                    context.HandleResponse();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnAuthorizationCodeReceived = (context) =>
-                {
-                    context.SkipToNextMiddleware();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void AuthenticationErrorHandledOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnAuthenticationFailed = (context) =>
-                {
-                    context.HandleResponse();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void AuthenticationErrorSkippedOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.ProtocolValidator = MockProtocolValidator();
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnAuthenticationFailed = (context) =>
-                {
-                    context.SkipToNextMiddleware();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void MessageReceivedHandledOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnMessageReceived = (context) =>
-                {
-                    context.HandleResponse();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void CodeReceivedAndRedeemedHandledOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.ResponseType = OpenIdConnectResponseTypes.Code;
-            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnAuthorizationCodeRedeemed = (context) =>
-                {
-                    context.HandleResponse();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void CodeReceivedAndRedeemedSkippedOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.ResponseType = OpenIdConnectResponseTypes.Code;
-            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnAuthorizationCodeRedeemed = (context) =>
-                {
-                    context.SkipToNextMiddleware();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void GetUserInfoFromUIEndpoint(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.ResponseType = OpenIdConnectResponseTypes.Code;
-            options.ProtocolValidator.RequireNonce = false;
-            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.GetClaimsFromUserInfoEndpoint = true;
-            options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnSecurityTokenValidated = (context) =>
-                {
-                    var claimValue = context.AuthenticationTicket.Principal.FindFirst("test claim");
-                    Assert.Equal(claimValue.Value, "test value");
-                    context.HandleResponse();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-        private static void MessageReceivedSkippedOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnMessageReceived = (context) =>
-                {
-                    context.SkipToNextMiddleware();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void MessageWithErrorOptions(OpenIdConnectOptions options)
-        {
-            AuthenticationErrorHandledOptions(options);
-        }
-
-        private static void SecurityTokenReceivedHandledOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnSecurityTokenReceived = (context) =>
-                {
-                    context.HandleResponse();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void SecurityTokenReceivedSkippedOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnSecurityTokenReceived = (context) =>
-                {
-                    context.SkipToNextMiddleware();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static ISecurityTokenValidator MockSecurityTokenValidator()
-        {
-            var mockValidator = new Mock<ISecurityTokenValidator>();
-            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out specCompliantJwt)).Returns(new ClaimsPrincipal());
-            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
-            return mockValidator.Object;
-        }
-
-        private static OpenIdConnectProtocolValidator MockProtocolValidator()
-        {
-            var mockProtocolValidator = new Mock<OpenIdConnectProtocolValidator>();
-            mockProtocolValidator.Setup(v => v.Validate(It.IsAny<JwtSecurityToken>(), It.IsAny<OpenIdConnectProtocolValidationContext>()));
-            return mockProtocolValidator.Object;
-        }
-
-        private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectOptions options)
-        {
-            AuthenticationErrorHandledOptions(options);
-            var mockValidator = new Mock<ISecurityTokenValidator>();
-            SecurityToken jwt = null;
-            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Returns(new ClaimsPrincipal());
-            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(false);
-            options.SecurityTokenValidator = mockValidator.Object;
-        }
-
-        private static void SecurityTokenValidatorThrows(OpenIdConnectOptions options)
-        {
-            AuthenticationErrorHandledOptions(options);
-            var mockValidator = new Mock<ISecurityTokenValidator>();
-            SecurityToken jwt = null;
-            mockValidator.Setup(v => v.ValidateToken(It.IsAny<string>(), It.IsAny<TokenValidationParameters>(), out jwt)).Throws<SecurityTokenSignatureKeyNotFoundException>();
-            mockValidator.Setup(v => v.CanReadToken(It.IsAny<string>())).Returns(true);
-            options.SecurityTokenValidator = mockValidator.Object;
-        }
-
-        private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-            options.SecurityTokenValidator = MockSecurityTokenValidator();
-            options.ProtocolValidator.RequireTimeStampInNonce = false;
-            options.ProtocolValidator.RequireNonce = false;
-        }
-
-        private static void SecurityTokenValidatedHandledOptions(OpenIdConnectOptions options)
-        {
-            SecurityTokenValidatorValidatesAllTokens(options);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnSecurityTokenValidated = (context) =>
-                {
-                    context.HandleResponse();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void SecurityTokenValidatedSkippedOptions(OpenIdConnectOptions options)
-        {
-            SecurityTokenValidatorValidatesAllTokens(options);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnSecurityTokenValidated = (context) =>
-                {
-                    context.SkipToNextMiddleware();
-                    return Task.FromResult<object>(null);
-                }
-            };
-        }
-
-        private static void StateNullOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-        }
-
-        private static void StateEmptyOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-        }
-
-        private static void StateInvalidOptions(OpenIdConnectOptions options)
-        {
-            DefaultOptions(options);
-        }
-
-#endregion
-
-        private static Task EmptyTask() { return Task.FromResult(0); }
-
         private static TestServer CreateServer(ConfigureOptions<OpenIdConnectOptions> options, IUrlEncoder encoder, OpenIdConnectHandler handler = null)
         {
             return TestServer.Create(
@@ -401,24 +134,5 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 }
             );
         }
-
-        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectOptions> configureOptions, IUrlEncoder encoder, ILoggerFactory loggerFactory, OpenIdConnectHandler handler = null)
-        {
-            return TestServer.Create(
-                app =>
-                {
-                    app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(configureOptions, encoder, loggerFactory, handler);
-                    app.Use(async (context, next) =>
-                    {
-                        await next();
-                    });
-                },
-                services =>
-                {
-                    services.AddWebEncoders();
-                    services.AddDataProtection();
-                }
-            );
-        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index eb1d705776..8675319307 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -106,28 +106,47 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         }
 
         /// <summary>
-        /// Tests RedirectToIdentityProviderContext replaces the OpenIdConnectMesssage correctly.
+        /// Tests RedirectForAuthenticationContext replaces the OpenIdConnectMesssage correctly.
         /// </summary>
         /// <returns>Task</returns>
-        [Theory]
-        [InlineData(Challenge, OpenIdConnectRequestType.AuthenticationRequest)]
-        [InlineData(Signout, OpenIdConnectRequestType.LogoutRequest)]
-        public async Task ChallengeSettingMessage(string challenge, OpenIdConnectRequestType requestType)
+        [Fact]
+        public async Task ChallengeSettingMessage()
         {
             var configuration = new OpenIdConnectConfiguration
             {
                 AuthorizationEndpoint = ExpectedAuthorizeRequest,
+            };
+
+            var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
+            {
+                RequestType = OpenIdConnectRequestType.AuthenticationRequest
+            };
+            var server = CreateServer(SetProtocolMessageOptions);
+            var transaction = await SendAsync(server, DefaultHost + Challenge);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
+        }
+
+        /// <summary>
+        /// Tests RedirectForSignOutContext replaces the OpenIdConnectMesssage correctly.
+        /// </summary>
+        /// <returns>Task</returns>
+        [Fact]
+        public async Task SignOutSettingMessage()
+        {
+            var configuration = new OpenIdConnectConfiguration
+            {
                 EndSessionEndpoint = ExpectedLogoutRequest
             };
 
             var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
             {
-                RequestType = requestType
+                RequestType = OpenIdConnectRequestType.LogoutRequest
             };
             var server = CreateServer(SetProtocolMessageOptions);
-            var transaction = await SendAsync(server, DefaultHost + challenge);
+            var transaction = await SendAsync(server, DefaultHost + Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] { });
         }
 
         private static void SetProtocolMessageOptions(OpenIdConnectOptions options)
@@ -138,7 +157,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.AutomaticAuthentication = true;
             options.Events = new OpenIdConnectEvents()
             {
-                OnRedirectToIdentityProvider = (context) =>
+                OnRedirectToAuthenticationEndpoint = (context) =>
+                {
+                    context.ProtocolMessage = mockOpenIdConnectMessage.Object;
+                    return Task.FromResult<object>(null);
+                },
+                OnRedirectToEndSessionEndpoint = (context) =>
                 {
                     context.ProtocolMessage = mockOpenIdConnectMessage.Object;
                     return Task.FromResult<object>(null);
@@ -170,7 +194,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 options.AutomaticAuthentication = challenge.Equals(ChallengeWithOutContext);
                 options.Events = new OpenIdConnectEvents()
                 {
-                    OnRedirectToIdentityProvider = context =>
+                    OnRedirectToAuthenticationEndpoint = context =>
                     {
                         context.ProtocolMessage.State = userState;
                         return Task.FromResult<object>(null);
@@ -221,7 +245,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 SetOptions(options, DefaultParameters(), queryValues);
                 options.Events = new OpenIdConnectEvents()
                 {
-                    OnRedirectToIdentityProvider = context =>
+                    OnRedirectToAuthenticationEndpoint = context =>
                     {
                         context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
                         context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;
@@ -344,7 +368,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 app.UseCookieAuthentication(options =>
                 {
-                    options.AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                    options.AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
                 app.UseOpenIdConnectAuthentication(configureOptions);
                 app.Use(async (context, next) =>

From 5cc1fea40045041f77a6bb2bd23e231e24f82da7 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 17 Sep 2015 15:37:15 -0700
Subject: [PATCH 333/900] Add CookiePolicy Middleware

---
 Security.sln                                  |  30 ++
 .../AppendCookieContext.cs                    |  23 ++
 .../CookiePolicyAppBuilderExtensions.cs       |  41 +++
 .../CookiePolicyMiddleware.cs                 | 167 +++++++++++
 .../CookiePolicyOptions.cs                    |  16 ++
 .../DeleteCookieContext.cs                    |  21 ++
 .../HttpOnlyPolicy.cs                         |  11 +
 .../Microsoft.AspNet.CookiePolicy.xproj       |  19 ++
 .../Properties/AssemblyInfo.cs                |   8 +
 .../SecurePolicy.cs                           |  12 +
 .../project.json                              |  15 +
 .../Cookies/CookieMiddlewareTests.cs          |   4 +-
 .../CookiePolicyTests.cs                      | 268 ++++++++++++++++++
 .../Microsoft.AspNet.CookiePolicy.Test.xproj  |  21 ++
 .../TestExtensions.cs                         |  74 +++++
 .../Transaction.cs                            |  51 ++++
 .../project.json                              |  18 ++
 17 files changed, 797 insertions(+), 2 deletions(-)
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/AppendCookieContext.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/DeleteCookieContext.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/HttpOnlyPolicy.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/Microsoft.AspNet.CookiePolicy.xproj
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/SecurePolicy.cs
 create mode 100644 src/Microsoft.AspNet.CookiePolicy/project.json
 create mode 100644 test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
 create mode 100644 test/Microsoft.AspNet.CookiePolicy.Test/Microsoft.AspNet.CookiePolicy.Test.xproj
 create mode 100644 test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs
 create mode 100644 test/Microsoft.AspNet.CookiePolicy.Test/Transaction.cs
 create mode 100644 test/Microsoft.AspNet.CookiePolicy.Test/project.json

diff --git a/Security.sln b/Security.sln
index 7fd810f8b7..ee8180ede8 100644
--- a/Security.sln
+++ b/Security.sln
@@ -46,6 +46,10 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorizat
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization", "src\Microsoft.AspNet.Authorization\Microsoft.AspNet.Authorization.xproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePolicy", "src\Microsoft.AspNet.CookiePolicy\Microsoft.AspNet.CookiePolicy.xproj", "{86183DC3-02A8-4A68-8B60-71ECEC066E79}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePolicy.Test", "test\Microsoft.AspNet.CookiePolicy.Test\Microsoft.AspNet.CookiePolicy.Test.xproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -242,6 +246,30 @@ Global
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.ActiveCfg = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.Build.0 = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x86.Build.0 = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Any CPU.Build.0 = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x86.ActiveCfg = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x86.Build.0 = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x86.Build.0 = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Any CPU.Build.0 = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.ActiveCfg = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -263,5 +291,7 @@ Global
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{1790E052-646F-4529-B90E-6FEA95520D69} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNet.CookiePolicy/AppendCookieContext.cs b/src/Microsoft.AspNet.CookiePolicy/AppendCookieContext.cs
new file mode 100644
index 0000000000..f9d8166612
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/AppendCookieContext.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    public class AppendCookieContext
+    {
+        public AppendCookieContext(HttpContext context, CookieOptions options, string name, string value)
+        {
+            Context = context;
+            CookieOptions = options;
+            CookieName = name;
+            CookieValue = value;
+        }
+
+        public HttpContext Context { get; }
+        public CookieOptions CookieOptions { get; }
+        public string CookieName { get; set; }
+        public string CookieValue { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
new file mode 100644
index 0000000000..aa8c9af016
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -0,0 +1,41 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.CookiePolicy;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// Extension methods provided by the cookie policy middleware
+    /// </summary>
+    public static class CookiePolicyAppBuilderExtensions
+    {
+        /// <summary>
+        /// Adds a cookie policy middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <param name="options">The options for the middleware</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, CookiePolicyOptions options)
+        {
+            return app.UseMiddleware<CookiePolicyMiddleware>(options);
+        }
+
+        /// <summary>
+        /// Adds a cookie policy middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <param name="configureOptions">Used to configure the options for the middleware</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, Action<CookiePolicyOptions> configureOptions)
+        {
+            var options = new CookiePolicyOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseCookiePolicy(options);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
new file mode 100644
index 0000000000..d726d80cde
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
@@ -0,0 +1,167 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Features;
+using Microsoft.AspNet.Http.Features.Internal;
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    public class CookiePolicyMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        public CookiePolicyMiddleware(
+            RequestDelegate next,
+            CookiePolicyOptions options)
+        {
+            Options = options;
+            _next = next;
+        }
+
+        public CookiePolicyOptions Options { get; set; }
+
+        public Task Invoke(HttpContext context)
+        {
+            var feature = context.Features.Get<IResponseCookiesFeature>() ?? new ResponseCookiesFeature(context.Features);
+            context.Features.Set<IResponseCookiesFeature>(new CookiesWrapperFeature(context, Options, feature));
+            return _next(context);
+        }
+
+        private class CookiesWrapperFeature : IResponseCookiesFeature
+        {
+            public CookiesWrapperFeature(HttpContext context, CookiePolicyOptions options, IResponseCookiesFeature feature)
+            {
+                Wrapper = new CookiesWrapper(context, options, feature);
+            }
+
+            public IResponseCookies Wrapper { get; }
+
+            public IResponseCookies Cookies
+            {
+                get
+                {
+                    return Wrapper;
+                }
+            }
+        }
+
+        private class CookiesWrapper : IResponseCookies
+        {
+            public CookiesWrapper(HttpContext context, CookiePolicyOptions options, IResponseCookiesFeature feature)
+            {
+                Context = context;
+                Feature = feature;
+                Policy = options;
+            }
+
+            public HttpContext Context { get; }
+
+            public IResponseCookiesFeature Feature { get; }
+
+            public IResponseCookies Cookies
+            {
+                get
+                {
+                    return Feature.Cookies;
+                }
+            }
+
+            public CookiePolicyOptions Policy { get; }
+
+            private bool PolicyRequiresCookieOptions()
+            {
+                return Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != SecurePolicy.None;
+            }
+
+            public void Append(string key, string value)
+            {
+                if (PolicyRequiresCookieOptions() || Policy.OnAppendCookie != null)
+                {
+                    Append(key, value, new CookieOptions());
+                }
+                else
+                {
+                    Cookies.Append(key, value);
+                }
+            }
+
+            public void Append(string key, string value, CookieOptions options)
+            {
+                if (options == null)
+                {
+                    throw new ArgumentNullException(nameof(options));
+                }
+
+                ApplyPolicy(options);
+                if (Policy.OnAppendCookie != null)
+                {
+                    var context = new AppendCookieContext(Context, options, key, value);
+                    Policy.OnAppendCookie(context);
+                    key = context.CookieName;
+                    value = context.CookieValue;
+                }
+                Cookies.Append(key, value, options);
+            }
+
+            public void Delete(string key)
+            {
+                if (PolicyRequiresCookieOptions() || Policy.OnDeleteCookie != null)
+                {
+                    Delete(key, new CookieOptions());
+                }
+                else
+                {
+                    Cookies.Delete(key);
+                }
+            }
+
+            public void Delete(string key, CookieOptions options)
+            {
+                if (options == null)
+                {
+                    throw new ArgumentNullException(nameof(options));
+                }
+
+                ApplyPolicy(options);
+                if (Policy.OnDeleteCookie != null)
+                {
+                    var context = new DeleteCookieContext(Context, options, key);
+                    Policy.OnDeleteCookie(context);
+                    key = context.CookieName;
+                }
+                Cookies.Delete(key, options);
+            }
+
+            private void ApplyPolicy(CookieOptions options)
+            {
+                switch (Policy.Secure)
+                {
+                    case SecurePolicy.Always:
+                        options.Secure = true;
+                        break;
+                    case SecurePolicy.SameAsRequest:
+                        options.Secure = Context.Request.IsHttps;
+                        break;
+                    case SecurePolicy.None:
+                        break;
+                    default:
+                        throw new InvalidOperationException();
+                }
+                switch (Policy.HttpOnly)
+                {
+                    case HttpOnlyPolicy.Always:
+                        options.HttpOnly = true;
+                        break;
+                    case HttpOnlyPolicy.None:
+                        break;
+                    default:
+                        throw new InvalidOperationException();
+                }
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs
new file mode 100644
index 0000000000..ce5a866980
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    public class CookiePolicyOptions
+    {
+        public HttpOnlyPolicy HttpOnly { get; set; } = HttpOnlyPolicy.None;
+        public SecurePolicy Secure { get; set; } = SecurePolicy.None;
+
+        public Action<AppendCookieContext> OnAppendCookie { get; set; }
+        public Action<DeleteCookieContext> OnDeleteCookie { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/DeleteCookieContext.cs b/src/Microsoft.AspNet.CookiePolicy/DeleteCookieContext.cs
new file mode 100644
index 0000000000..c8cd208fbf
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/DeleteCookieContext.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    public class DeleteCookieContext
+    {
+        public DeleteCookieContext(HttpContext context, CookieOptions options, string name)
+        {
+            Context = context;
+            CookieOptions = options;
+            CookieName = name;
+        }
+
+        public HttpContext Context { get; }
+        public CookieOptions CookieOptions { get; }
+        public string CookieName { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/HttpOnlyPolicy.cs b/src/Microsoft.AspNet.CookiePolicy/HttpOnlyPolicy.cs
new file mode 100644
index 0000000000..276e3ed3ee
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/HttpOnlyPolicy.cs
@@ -0,0 +1,11 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    public enum HttpOnlyPolicy
+    {
+        None,
+        Always
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/Microsoft.AspNet.CookiePolicy.xproj b/src/Microsoft.AspNet.CookiePolicy/Microsoft.AspNet.CookiePolicy.xproj
new file mode 100644
index 0000000000..7790eac278
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/Microsoft.AspNet.CookiePolicy.xproj
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>86183dc3-02a8-4a68-8b60-71ecec066e79</ProjectGuid>
+    <RootNamespace>Microsoft.AspNet.CookiePolicy</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.CookiePolicy/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..b2437d9ad6
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/Properties/AssemblyInfo.cs
@@ -0,0 +1,8 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+using System.Resources;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/SecurePolicy.cs b/src/Microsoft.AspNet.CookiePolicy/SecurePolicy.cs
new file mode 100644
index 0000000000..962ecddff7
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/SecurePolicy.cs
@@ -0,0 +1,12 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    public enum SecurePolicy
+    {
+        None,
+        Always,
+        SameAsRequest
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/project.json b/src/Microsoft.AspNet.CookiePolicy/project.json
new file mode 100644
index 0000000000..6d78e5eb89
--- /dev/null
+++ b/src/Microsoft.AspNet.CookiePolicy/project.json
@@ -0,0 +1,15 @@
+{
+    "version": "1.0.0-*",
+    "description": "ASP.NET 5 cookie policy classes.",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/aspnet/security"
+    },
+    "dependencies": {
+        "Microsoft.AspNet.Http": "1.0.0-*"
+    },
+    "frameworks": {
+        "dnx451": { },
+        "dnxcore50": { }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 203c2be0d9..84d8e1a872 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -729,7 +729,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
-/*        [Fact]
+        [Fact]
         public async Task UseCookieWithInstanceDoesntUseSharedOptions()
         {
             var server = TestServer.Create(app =>
@@ -759,7 +759,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
             Assert.True(transaction.SetCookie[0].StartsWith("One="));
-        }*/
+        }
 
         [Fact]
         public async Task MapWithSignInOnlyRedirectToReturnUrlOnLoginPath()
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
new file mode 100644
index 0000000000..78f20c9cf1
--- /dev/null
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
@@ -0,0 +1,268 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Features;
+using Microsoft.AspNet.Http.Features.Internal;
+using Microsoft.AspNet.TestHost;
+using Xunit;
+
+namespace Microsoft.AspNet.CookiePolicy.Test
+{
+    public class CookiePolicyTests
+    {
+        private RequestDelegate SecureCookieAppends = context =>
+        {
+            context.Response.Cookies.Append("A", "A");
+            context.Response.Cookies.Append("B", "B", new CookieOptions { Secure = false });
+            context.Response.Cookies.Append("C", "C", new CookieOptions());
+            context.Response.Cookies.Append("D", "D", new CookieOptions { Secure = true });
+            return Task.FromResult(0);
+        };
+        private RequestDelegate HttpCookieAppends = context =>
+        {
+            context.Response.Cookies.Append("A", "A");
+            context.Response.Cookies.Append("B", "B", new CookieOptions { HttpOnly = false });
+            context.Response.Cookies.Append("C", "C", new CookieOptions());
+            context.Response.Cookies.Append("D", "D", new CookieOptions { HttpOnly = true });
+            return Task.FromResult(0);
+        };
+
+        [Fact]
+        public async Task SecureAlwaysSetsSecure()
+        {
+            await RunTest("/secureAlways",
+                options => options.Secure = SecurePolicy.Always,
+                SecureCookieAppends,
+                new RequestTest("http://example.com/secureAlways",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                }));
+        }
+
+        [Fact]
+        public async Task SecureNoneLeavesSecureUnchanged()
+        {
+            await RunTest("/secureNone",
+                options => options.Secure = SecurePolicy.None,
+                SecureCookieAppends,
+                new RequestTest("http://example.com/secureNone",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                }));
+        }
+
+        [Fact]
+        public async Task SecureSameUsesRequest()
+        {
+            await RunTest("/secureSame",
+                options => options.Secure = SecurePolicy.SameAsRequest,
+                SecureCookieAppends,
+                new RequestTest("http://example.com/secureSame",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/", transaction.SetCookie[3]);
+                }),
+                new RequestTest("https://example.com/secureSame",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                }));
+        }
+
+        [Fact]
+        public async Task HttpOnlyAlwaysSetsItAlways()
+        {
+            await RunTest("/httpOnlyAlways",
+                options => options.HttpOnly = HttpOnlyPolicy.Always,
+                HttpCookieAppends,
+                new RequestTest("http://example.com/httpOnlyAlways",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/; httponly", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; httponly", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; httponly", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; httponly", transaction.SetCookie[3]);
+                }));
+        }
+
+        [Fact]
+        public async Task HttpOnlyNoneLeavesItAlone()
+        {
+            await RunTest("/httpOnlyNone",
+                options => options.HttpOnly = HttpOnlyPolicy.None,
+                HttpCookieAppends,
+                new RequestTest("http://example.com/httpOnlyNone",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; httponly", transaction.SetCookie[3]);
+                }));
+        }
+
+        [Fact]
+        public async Task CookiePolicyCanHijackAppend()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookiePolicy(options => options.OnAppendCookie = ctx => ctx.CookieName = ctx.CookieValue = "Hao");
+                app.Run(context =>
+                {
+                    context.Response.Cookies.Append("A", "A");
+                    context.Response.Cookies.Append("B", "B", new CookieOptions { Secure = false });
+                    context.Response.Cookies.Append("C", "C", new CookieOptions());
+                    context.Response.Cookies.Append("D", "D", new CookieOptions { Secure = true });
+                    return Task.FromResult(0);
+                });
+            });
+
+            var transaction = await server.SendAsync("http://example.com/login");
+
+            Assert.NotNull(transaction.SetCookie);
+            Assert.Equal("Hao=Hao; path=/", transaction.SetCookie[0]);
+            Assert.Equal("Hao=Hao; path=/", transaction.SetCookie[1]);
+            Assert.Equal("Hao=Hao; path=/", transaction.SetCookie[2]);
+            Assert.Equal("Hao=Hao; path=/; secure", transaction.SetCookie[3]);
+        }
+
+        [Fact]
+        public async Task CookiePolicyCanHijackDelete()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.UseCookiePolicy(options => options.OnDeleteCookie = ctx => ctx.CookieName = "A");
+                app.Run(context =>
+                {
+                    context.Response.Cookies.Delete("A");
+                    context.Response.Cookies.Delete("B", new CookieOptions { Secure = false });
+                    context.Response.Cookies.Delete("C", new CookieOptions());
+                    context.Response.Cookies.Delete("D", new CookieOptions { Secure = true });
+                    return Task.FromResult(0);
+                });
+            });
+
+            var transaction = await server.SendAsync("http://example.com/login");
+
+            Assert.NotNull(transaction.SetCookie);
+            Assert.Equal(1, transaction.SetCookie.Count);
+            Assert.Equal("A=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/", transaction.SetCookie[0]);
+        }
+
+        [Fact]
+        public async Task CookiePolicyCallsCookieFeature()
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.Use(next => context =>
+                {
+                    context.Features.Set<IResponseCookiesFeature>(new TestCookieFeature());
+                    return next(context);
+                });
+                app.UseCookiePolicy(options => options.OnDeleteCookie = ctx => ctx.CookieName = "A");
+                app.Run(context =>
+                {
+                    Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Delete("A"));
+                    Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Delete("A", new CookieOptions()));
+                    Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Append("A", "A"));
+                    Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Append("A", "A", new CookieOptions()));
+                    return context.Response.WriteAsync("Done");
+                });
+            });
+
+            var transaction = await server.SendAsync("http://example.com/login");
+            Assert.Equal("Done", transaction.ResponseText);
+        }
+
+        private class TestCookieFeature : IResponseCookiesFeature
+        {
+            public IResponseCookies Cookies { get; } = new BadCookies();
+
+            private class BadCookies : IResponseCookies
+            {
+                public void Append(string key, string value)
+                {
+                    throw new NotImplementedException();
+                }
+
+                public void Append(string key, string value, CookieOptions options)
+                {
+                    throw new NotImplementedException();
+                }
+
+                public void Delete(string key)
+                {
+                    throw new NotImplementedException();
+                }
+
+                public void Delete(string key, CookieOptions options)
+                {
+                    throw new NotImplementedException();
+                }
+            }
+        }
+
+        private class RequestTest
+        {
+            public RequestTest(string testUri, Action<Transaction> verify)
+            {
+                TestUri = testUri;
+                Verification = verify;
+            }
+
+            public async Task Execute(TestServer server)
+            {
+                var transaction = await server.SendAsync(TestUri);
+                Verification(transaction);
+            }
+
+            public string TestUri { get; set; }
+            public Action<Transaction> Verification { get; set; }
+        }
+
+        private async Task RunTest(
+            string path, 
+            Action<CookiePolicyOptions> configureCookiePolicy,
+            RequestDelegate configureSetup,
+            params RequestTest[] tests)
+        {
+            var server = TestServer.Create(app =>
+            {
+                app.Map(path, map =>
+                {
+                    map.UseCookiePolicy(configureCookiePolicy);
+                    map.Run(configureSetup);
+                });
+            });
+            foreach (var test in tests)
+            {
+                await test.Execute(server);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/Microsoft.AspNet.CookiePolicy.Test.xproj b/test/Microsoft.AspNet.CookiePolicy.Test/Microsoft.AspNet.CookiePolicy.Test.xproj
new file mode 100644
index 0000000000..b0a49fdddf
--- /dev/null
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/Microsoft.AspNet.CookiePolicy.Test.xproj
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>1790e052-646f-4529-b90e-6fea95520d69</ProjectGuid>
+    <RootNamespace>Microsoft.AspNet.CookiePolicy.Test</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs b/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs
new file mode 100644
index 0000000000..90b01af4b2
--- /dev/null
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs
@@ -0,0 +1,74 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.IO;
+using System.Linq;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.TestHost;
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    // REVIEW: Should find a shared home for these potentially (Copied from Auth tests)
+    public static class TestExtensions
+    {
+        public const string CookieAuthenticationScheme = "External";
+
+        public static async Task<Transaction> SendAsync(this TestServer server, string uri, string cookieHeader = null)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        public static void Describe(this HttpResponse res, ClaimsPrincipal principal)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (principal != null)
+            {
+                foreach (var identity in principal.Identities)
+                {
+                    xml.Add(identity.Claims.Select(claim => 
+                        new XElement("claim", new XAttribute("type", claim.Type), 
+                        new XAttribute("value", claim.Value), 
+                        new XAttribute("issuer", claim.Issuer))));
+                }
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/Transaction.cs b/test/Microsoft.AspNet.CookiePolicy.Test/Transaction.cs
new file mode 100644
index 0000000000..afa9c0c99f
--- /dev/null
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/Transaction.cs
@@ -0,0 +1,51 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Xml.Linq;
+
+namespace Microsoft.AspNet.CookiePolicy
+{
+    // REVIEW: Should find a shared home for these potentially (Copied from Auth tests)
+    public class Transaction
+    {
+        public HttpRequestMessage Request { get; set; }
+        public HttpResponseMessage Response { get; set; }
+
+        public IList<string> SetCookie { get; set; }
+
+        public string ResponseText { get; set; }
+        public XElement ResponseElement { get; set; }
+
+        public string AuthenticationCookieValue
+        {
+            get
+            {
+                if (SetCookie != null && SetCookie.Count > 0)
+                {
+                    var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme + "="));
+                    if (authCookie != null)
+                    {
+                        return authCookie.Substring(0, authCookie.IndexOf(';'));
+                    }
+                }
+
+                return null;
+            }
+        }
+
+        public string FindClaimValue(string claimType, string issuer = null)
+        {
+            var claim = ResponseElement.Elements("claim")
+                .SingleOrDefault(elt => elt.Attribute("type").Value == claimType &&
+                    (issuer == null || elt.Attribute("issuer").Value == issuer));
+            if (claim == null)
+            {
+                return null;
+            }
+            return claim.Attribute("value").Value;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/project.json b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
new file mode 100644
index 0000000000..336c06a376
--- /dev/null
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
@@ -0,0 +1,18 @@
+{
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
+    "dependencies": {
+        "Microsoft.AspNet.CookiePolicy": "1.0.0-*",
+        "Microsoft.AspNet.TestHost": "1.0.0-*",
+        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
+    },
+    "commands": {
+        "test": "xunit.runner.aspnet"
+    },
+    "frameworks": {
+        "dnx451": { },
+        "dnxcore50": { }
+    }
+}

From af14c99b465ef79bea85edd38421f7d08f7d371e Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 17 Sep 2015 15:51:36 -0700
Subject: [PATCH 334/900] Fix core build issue

---
 test/Microsoft.AspNet.CookiePolicy.Test/project.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/project.json b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
index 336c06a376..588852a032 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
@@ -12,7 +12,6 @@
         "test": "xunit.runner.aspnet"
     },
     "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
+        "dnx451": { }
     }
 }

From 06c89aa340af1f20acaa75392f9080d9785ea851 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Thu, 17 Sep 2015 18:33:26 -0700
Subject: [PATCH 335/900] Update nuget.exe and corresponding feeds to v3.

---
 NuGet.Config => NuGet.config |  2 +-
 build.cmd                    | 11 ++++++-----
 build.sh                     | 12 +++++++-----
 3 files changed, 14 insertions(+), 11 deletions(-)
 rename NuGet.Config => NuGet.config (92%)

diff --git a/NuGet.Config b/NuGet.config
similarity index 92%
rename from NuGet.Config
rename to NuGet.config
index 6379aac3e8..3bd1c73d64 100644
--- a/NuGet.Config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetlitedev/api/v2" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
     <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
   </packageSources>
diff --git a/build.cmd b/build.cmd
index b54d91cf74..177997c42e 100644
--- a/build.cmd
+++ b/build.cmd
@@ -2,14 +2,15 @@
 cd %~dp0
 
 SETLOCAL
-SET CACHED_NUGET=%LocalAppData%\NuGet\NuGet.exe
+SET NUGET_VERSION=latest
+SET CACHED_NUGET=%LocalAppData%\NuGet\nuget.%NUGET_VERSION%.exe
 SET BUILDCMD_KOREBUILD_VERSION=""
 SET BUILDCMD_DNX_VERSION=""
 
 IF EXIST %CACHED_NUGET% goto copynuget
 echo Downloading latest version of NuGet.exe...
 IF NOT EXIST %LocalAppData%\NuGet md %LocalAppData%\NuGet
-@powershell -NoProfile -ExecutionPolicy unrestricted -Command "$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest 'https://www.nuget.org/nuget.exe' -OutFile '%CACHED_NUGET%'"
+@powershell -NoProfile -ExecutionPolicy unrestricted -Command "$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest 'https://dist.nuget.org/win-x86-commandline/%NUGET_VERSION%/nuget.exe' -OutFile '%CACHED_NUGET%'"
 
 :copynuget
 IF EXIST .nuget\nuget.exe goto restore
@@ -19,11 +20,11 @@ copy %CACHED_NUGET% .nuget\nuget.exe > nul
 :restore
 IF EXIST packages\KoreBuild goto run
 IF %BUILDCMD_KOREBUILD_VERSION%=="" (
-	.nuget\NuGet.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
+	.nuget\nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 ) ELSE (
-	.nuget\NuGet.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
+	.nuget\nuget.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
 )
-.nuget\NuGet.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
+.nuget\nuget.exe install Sake -ExcludeVersion -Out packages
 
 IF "%SKIP_DNX_INSTALL%"=="1" goto run
 IF %BUILDCMD_DNX_VERSION%=="" (
diff --git a/build.sh b/build.sh
index 68c3e8cb52..0c66139817 100755
--- a/build.sh
+++ b/build.sh
@@ -10,21 +10,23 @@ else
     fi
 fi
 mkdir -p $cachedir
+nugetVersion=latest
+cachePath=$cachedir/nuget.$nugetVersion.exe
 
-url=https://www.nuget.org/nuget.exe
+url=https://dist.nuget.org/win-x86-commandline/$nugetVersion/nuget.exe
 
-if test ! -f $cachedir/nuget.exe; then
-    wget -O $cachedir/nuget.exe $url 2>/dev/null || curl -o $cachedir/nuget.exe --location $url /dev/null
+if test ! -f $cachePath; then
+    wget -O $cachePath $url 2>/dev/null || curl -o $cachePath --location $url /dev/null
 fi
 
 if test ! -e .nuget; then
     mkdir .nuget
-    cp $cachedir/nuget.exe .nuget/nuget.exe
+    cp $cachePath .nuget/nuget.exe
 fi
 
 if test ! -d packages/KoreBuild; then
     mono .nuget/nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
-    mono .nuget/nuget.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
+    mono .nuget/nuget.exe install Sake -ExcludeVersion -Out packages
 fi
 
 if ! type dnvm > /dev/null 2>&1; then

From 081577e4f4996082a4fc28ef77c84f54c7d04183 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 18 Sep 2015 12:24:33 -0700
Subject: [PATCH 336/900] Remove usage IOptions from middleware ctors

---
 samples/OpenIdConnectSample/Startup.cs        | 13 +---
 samples/SocialSample/Startup.cs               | 14 +---
 .../CookieAppBuilderExtensions.cs             | 30 +++++---
 .../CookieAuthenticationMiddleware.cs         |  6 +-
 .../FacebookAppBuilderExtensions.cs           | 22 +++++-
 .../FacebookMiddleware.cs                     |  5 +-
 .../FacebookServiceCollectionExtensions.cs    | 26 -------
 .../GoogleAppBuilderExtensions.cs             | 22 +++++-
 .../GoogleMiddleware.cs                       |  5 +-
 .../GoogleServiceCollectionExtensions.cs      | 26 -------
 .../JwtBearerAppBuilderExtensions.cs          | 26 ++++++-
 .../JwtBearerMiddleware.cs                    |  5 +-
 .../JwtBearerServiceCollectionExtensions.cs   | 26 -------
 .../MicrosoftAccountAppBuilderExtensions.cs   | 16 +++-
 .../MicrosoftAccountMiddleware.cs             |  5 +-
 ...osoftAccountServiceCollectionExtensions.cs | 26 -------
 .../OAuthExtensions.cs                        | 22 +++++-
 .../OAuthMiddleware.cs                        |  5 +-
 .../OAuthOptions.cs                           | 11 +--
 .../OpenIdConnectExtensions.cs                | 15 ++--
 .../OpenIdConnectMiddleware.cs                | 10 +--
 ...penIdConnectServiceCollectionExtensions.cs | 26 -------
 .../TwitterAppBuilderExtensions.cs            | 15 +++-
 .../TwitterMiddleware.cs                      |  5 +-
 .../TwitterServiceCollectionExtensions.cs     | 26 -------
 .../AuthenticationMiddleware.cs               | 12 +--
 ...thenticationServiceCollectionExtensions.cs | 17 -----
 ...laimsTransformationAppBuilderExtensions.cs | 35 +++++++--
 ...dler.cs => ClaimsTransformationHandler.cs} |  1 -
 .../ClaimsTransformationMiddleware.cs         | 10 +--
 .../ClaimsTransformationOptions.cs            | 34 ---------
 .../ClaimsTransformer.cs                      | 19 +++++
 .../HttpContextExtensions.cs                  |  2 +-
 .../IClaimsTransformer.cs                     | 13 ++++
 ...thorizationServiceCollectionExtensions.cs} |  2 +-
 .../Cookies/CookieMiddlewareTests.cs          | 28 +------
 .../Facebook/FacebookMiddlewareTests.cs       | 75 +++++++------------
 .../Google/GoogleMiddlewareTests.cs           | 15 ++--
 .../OpenIdConnectHandlerTests.cs              |  7 +-
 ...ConnectMiddlewareForTestingAuthenticate.cs |  5 +-
 40 files changed, 262 insertions(+), 421 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
 rename src/Microsoft.AspNet.Authentication/{ClaimsTransformationAuthenticationHandler.cs => ClaimsTransformationHandler.cs} (99%)
 create mode 100644 src/Microsoft.AspNet.Authentication/ClaimsTransformer.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/IClaimsTransformer.cs
 rename src/Microsoft.AspNet.Authorization/{ServiceCollectionExtensions.cs => AuthorizationServiceCollectionExtensions.cs} (94%)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index bd1f45d4c3..3a0a289e72 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,10 +1,9 @@
 using System.Linq;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Logging;
 
@@ -14,11 +13,7 @@ namespace OpenIdConnectSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
-            services.Configure<SharedAuthenticationOptions>(options =>
-            {
-                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
+            services.AddAuthentication(sharedOptions => sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
@@ -51,8 +46,6 @@ namespace OpenIdConnectSample
                 context.Response.ContentType = "text/plain";
                 await context.Response.WriteAsync("Hello Authenticated User");
             });
-
-
         }
     }
 }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index f47aea5bbf..ee397f272c 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -2,7 +2,6 @@ using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.Google;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
@@ -21,18 +20,7 @@ namespace CookieSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
-            services.Configure<SharedAuthenticationOptions>(options =>
-            {
-                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
-            services.AddClaimsTransformation(p =>
-            {
-                var id = new ClaimsIdentity("xform");
-                id.AddClaim(new Claim("ClaimsTransformation", "TransformAddedClaim"));
-                p.AddIdentity(id);
-                return p;
-            });
+            services.AddAuthentication(options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index e8b56f4bce..2ed5f99827 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -17,13 +16,10 @@ namespace Microsoft.AspNet.Builder
         /// Adds a cookie-based authentication middleware to your web application pipeline.
         /// </summary>
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="configureOptions">Used to configure the options for the middleware</param>
-        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions = null)
+        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app)
         {
-            return app.UseMiddleware<CookieAuthenticationMiddleware>(
-                new ConfigureOptions<CookieAuthenticationOptions>(configureOptions ?? (o => { })));
+            return app.UseCookieAuthentication(new CookieAuthenticationOptions());
         }
 
         /// <summary>
@@ -31,12 +27,26 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
         /// <param name="configureOptions">Used to configure the options for the middleware</param>
-        /// <param name="optionsName">The name of the options class that controls the middleware behavior, null will use the default options</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, IOptions<CookieAuthenticationOptions> options)
+        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions)
         {
-            return app.UseMiddleware<CookieAuthenticationMiddleware>(options,
-                new ConfigureOptions<CookieAuthenticationOptions>(o => { }));
+            var options = new CookieAuthenticationOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseCookieAuthentication(options);
+        }
+
+        /// <summary>
+        /// Adds a cookie-based authentication middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <param name="options">Used to configure the middleware</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, [NotNull] CookieAuthenticationOptions options)
+        {
+            return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index d7de7fbecd..900ad5505d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -6,7 +6,6 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Cookies
@@ -18,9 +17,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             [NotNull] IDataProtectionProvider dataProtectionProvider,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder urlEncoder,
-            [NotNull] IOptions<CookieAuthenticationOptions> options,
-            ConfigureOptions<CookieAuthenticationOptions> configureOptions)
-            : base(next, options, loggerFactory, urlEncoder, configureOptions)
+            [NotNull] CookieAuthenticationOptions options)
+            : base(next, options, loggerFactory, urlEncoder)
         {
             if (Options.Events == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 9d0dc44e1b..0e6fc8a971 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNet.Authentication.Facebook;
 using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -18,10 +17,25 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookOptions> configureOptions = null)
+        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, [NotNull] FacebookOptions options)
         {
-            return app.UseMiddleware<FacebookMiddleware>(
-                 new ConfigureOptions<FacebookOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<FacebookMiddleware>(options);
+        }
+
+        /// <summary>
+        /// Authenticate users using Facebook.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
+        /// <param name="configureOptions">Configures the options.</param>
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookOptions> configureOptions)
+        {
+            var options = new FacebookOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseFacebookAuthentication(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index 8e97d9d158..aa518d5df2 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -34,9 +34,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<FacebookOptions> options,
-            ConfigureOptions<FacebookOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
+            [NotNull] FacebookOptions options)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
             if (string.IsNullOrEmpty(Options.AppId))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
deleted file mode 100644
index ccffd7de44..0000000000
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.Facebook;
-using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.Framework.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods for using <see cref="FacebookMiddleware"/>.
-    /// </summary>
-    public static class FacebookServiceCollectionExtensions
-    {
-        public static IServiceCollection AddFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<FacebookOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
-        public static IServiceCollection AddFacebookAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.Configure<FacebookOptions>(config);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 55e3ba23a0..7d1599ff52 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNet.Authentication.Google;
 using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -13,6 +12,17 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class GoogleAppBuilderExtensions
     {
+        /// <summary>
+        /// Authenticate users using Google OAuth 2.0.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
+        /// <param name="options">The Middleware options.</param>
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, [NotNull] GoogleOptions options)
+        {
+            return app.UseMiddleware<GoogleMiddleware>(options);
+        }
+
         /// <summary>
         /// Authenticate users using Google OAuth 2.0.
         /// </summary>
@@ -20,10 +30,14 @@ namespace Microsoft.AspNet.Builder
         /// <param name="configureOptions">Used to configure Middleware options.</param>
         /// <param name="optionsName">Name of the options instance to be used</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleOptions> configureOptions)
         {
-            return app.UseMiddleware<GoogleMiddleware>(
-                 new ConfigureOptions<GoogleOptions>(configureOptions ?? (o => { })));
+            var options = new GoogleOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseGoogleAuthentication(options);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index 5ceb214494..43dd9ba80e 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -34,9 +34,8 @@ namespace Microsoft.AspNet.Authentication.Google
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<GoogleOptions> options,
-            ConfigureOptions<GoogleOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
+            [NotNull] GoogleOptions options)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
             if (Options.Scope.Count == 0)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
deleted file mode 100644
index 0c329dc5cb..0000000000
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.Google;
-using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.Framework.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods for using <see cref="GoogleMiddleware"/>.
-    /// </summary>
-    public static class GoogleServiceCollectionExtensions
-    {
-        public static IServiceCollection AddGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<GoogleOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
-        public static IServiceCollection AddGoogleAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.Configure<GoogleOptions>(config);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index bdc91c71d2..55f6cb5b2b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -24,10 +24,30 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the bearer header.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions = null, string optionsName = "")
+        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, [NotNull] JwtBearerOptions options)
         {
-            return app.UseMiddleware<JwtBearerMiddleware>(
-                new ConfigureOptions<JwtBearerOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<JwtBearerMiddleware>(options);
+        }
+
+        /// <summary>
+        /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
+        /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
+        /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
+        /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
+        /// any time to obtain the claims from the request's bearer token.
+        /// See also http://tools.ietf.org/html/rfc6749
+        /// </summary>
+        /// <param name="app">The application builder</param>
+        /// <param name="configureOptions">Used to configure Middleware options.</param>
+        /// <returns>The application builder</returns>
+        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
+        {
+            var options = new JwtBearerOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseJwtBearerAuthentication(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index 7884a675b8..0c67c632e7 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -29,9 +29,8 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             [NotNull] RequestDelegate next,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<JwtBearerOptions> options,
-            ConfigureOptions<JwtBearerOptions> configureOptions)
-            : base(next, options, loggerFactory, encoder, configureOptions)
+            [NotNull] JwtBearerOptions options)
+            : base(next, options, loggerFactory, encoder)
         {
             if (Options.Events == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
deleted file mode 100644
index 30a99c277b..0000000000
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.JwtBearer;
-using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.Framework.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods to add Jwt Bearer authentication capabilities to an HTTP application pipeline
-    /// </summary>
-    public static class JwtBearerServiceCollectionExtensions
-    {
-        public static IServiceCollection AddJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<JwtBearerOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
-        public static IServiceCollection AddJwtBearerAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.Configure<JwtBearerOptions>(config);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 86c4ae040e..9fe1887bbf 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -13,10 +12,19 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class MicrosoftAccountAuthenticationExtensions
     {
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountOptions> configureOptions = null)
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, [NotNull] MicrosoftAccountOptions options)
         {
-            return app.UseMiddleware<MicrosoftAccountMiddleware>(
-                 new ConfigureOptions<MicrosoftAccountOptions>(configureOptions ?? (o => { })));
+            return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
+        }
+
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountOptions> configureOptions)
+        {
+            var options = new MicrosoftAccountOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseMicrosoftAccountAuthentication(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 7e5830922e..9f2c5d96e8 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -32,9 +32,8 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<MicrosoftAccountOptions> options,
-            ConfigureOptions<MicrosoftAccountOptions> configureOptions = null)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options, configureOptions)
+            [NotNull] MicrosoftAccountOptions options)
+            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
             if (Options.Scope.Count == 0)
             {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
deleted file mode 100644
index 83e52461c7..0000000000
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.MicrosoftAccount;
-using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.Framework.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods for using <see cref="MicrosoftAccountMiddleware"/>
-    /// </summary>
-    public static class MicrosoftAccountServiceCollectionExtensions
-    {
-        public static IServiceCollection AddMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<MicrosoftAccountOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
-        public static IServiceCollection AddMicrosoftAccountAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.Configure<MicrosoftAccountOptions>(config);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
index 08dc3d52d3..813f3cdfeb 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
@@ -13,17 +13,31 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class OAuthExtensions
     {
+        /// <summary>
+        /// Authenticate users using OAuth.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
+        /// <param name="configureOptions">Configures the middleware options.</param>
+        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] Action<OAuthOptions> configureOptions)
+        {
+            var options = new OAuthOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseOAuthAuthentication(options);
+        }
+
         /// <summary>
         /// Authenticate users using OAuth.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] IOptions<OAuthOptions> options)
+        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OAuthOptions options)
         {
-            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(
-                options,
-                new ConfigureOptions<OAuthOptions>(o => { }));
+            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index 9822963cc5..5030fd9673 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -33,9 +33,8 @@ namespace Microsoft.AspNet.Authentication.OAuth
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<TOptions> options,
-            ConfigureOptions<TOptions> configureOptions = null)
-            : base(next, options, loggerFactory, encoder, configureOptions)
+            [NotNull] TOptions options)
+            : base(next, options, loggerFactory, encoder)
         {
             // todo: review error handling
             if (string.IsNullOrEmpty(Options.AuthenticationScheme))
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
index b20ada53ca..c87026dc7d 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
@@ -6,14 +6,13 @@ using System.Collections.Generic;
 using System.Net.Http;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
     /// Configuration options for <see cref="OAuthMiddleware"/>.
     /// </summary>
-    public class OAuthOptions : AuthenticationOptions, IOptions<OAuthOptions>
+    public class OAuthOptions : AuthenticationOptions
     {
         /// <summary>
         /// Gets or sets the provider-assigned client id.
@@ -102,13 +101,5 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// authentication cookie. Note that social providers set this property to <c>false</c> by default.
         /// </summary>
         public bool SaveTokensAsClaims { get; set; } = true;
-
-        OAuthOptions IOptions<OAuthOptions>.Value
-        {
-            get
-            {
-                return this;
-            }
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index 18b83580bc..e8bcf935df 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -3,7 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -18,10 +18,15 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions = null)
+        public static IApplicationBuilder UseOpenIdConnectAuthentication([NotNull] this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions)
         {
-            return app.UseMiddleware<OpenIdConnectMiddleware>(
-                 new ConfigureOptions<OpenIdConnectOptions>(configureOptions ?? (o => { })));
+
+            var options = new OpenIdConnectOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseOpenIdConnectAuthentication(options);
         }
 
         /// <summary>
@@ -30,7 +35,7 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, IOptions<OpenIdConnectOptions> options)
+        public static IApplicationBuilder UseOpenIdConnectAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OpenIdConnectOptions options)
         {
             return app.UseMiddleware<OpenIdConnectMiddleware>(options);
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 76819648ff..7aeca5efba 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -31,10 +31,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="encoder"></param>
         /// <param name="services"></param>
         /// <param name="sharedOptions"></param>
-        /// <param name="options">a <see cref="IOptions{OpenIdConnectOptions}"/> instance that will supply <see cref="OpenIdConnectOptions"/> 
-        /// if configureOptions is null.</param>
-        /// <param name="configureOptions">a <see cref="ConfigureOptions{OpenIdConnectOptions}"/> instance that will be passed to an instance of <see cref="OpenIdConnectOptions"/>
-        /// that is retrieved by calling <see cref="IOptions{OpenIdConnectOptions}.GetNamedOptions(string)"/> where string == <see cref="ConfigureOptions{OpenIdConnectOptions}.Name"/> provides runtime configuration.</param>
+        /// <param name="options"></param>
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         public OpenIdConnectMiddleware(
             [NotNull] RequestDelegate next,
@@ -43,9 +40,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             [NotNull] IUrlEncoder encoder,
             [NotNull] IServiceProvider services,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<OpenIdConnectOptions> options,
-            ConfigureOptions<OpenIdConnectOptions> configureOptions = null)
-            : base(next, options, loggerFactory, encoder, configureOptions)
+            [NotNull] OpenIdConnectOptions options)
+            : base(next, options, loggerFactory, encoder)
         {
             if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(sharedOptions.Value.SignInScheme))
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
deleted file mode 100644
index c6f4b6ec48..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.Framework.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods to configure OpenIdConnect authentication options
-    /// </summary>
-    public static class OpenIdConnectServiceCollectionExtensions
-    {
-        public static IServiceCollection AddOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<OpenIdConnectOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
-        public static IServiceCollection AddOpenIdConnectAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.Configure<OpenIdConnectOptions>(config);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 286e79f22f..5a274c2413 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,8 +14,18 @@ namespace Microsoft.AspNet.Builder
     {
         public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterOptions> configureOptions = null)
         {
-            return app.UseMiddleware<TwitterMiddleware>(
-                 new ConfigureOptions<TwitterOptions>(configureOptions ?? (o => { })));
+            var options = new TwitterOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseTwitterAuthentication(options);
         }
+
+        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, [NotNull] TwitterOptions options)
+        {
+            return app.UseMiddleware<TwitterMiddleware>(options);
+        }
+
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index 8a16dc09b2..b00ca44219 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -38,9 +38,8 @@ namespace Microsoft.AspNet.Authentication.Twitter
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] IOptions<TwitterOptions> options,
-            ConfigureOptions<TwitterOptions> configureOptions = null)
-            : base(next, options, loggerFactory, encoder, configureOptions)
+            [NotNull] TwitterOptions options)
+            : base(next, options, loggerFactory, encoder)
         {
             if (string.IsNullOrEmpty(Options.ConsumerSecret))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
deleted file mode 100644
index fdc48d26b8..0000000000
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.Twitter;
-using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.Framework.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods for using <see cref="TwitterMiddleware"/>
-    /// </summary>
-    public static class TwitterAuthenticationExtensions
-    {
-        public static IServiceCollection AddTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<TwitterOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
-        public static IServiceCollection AddTwitterAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
-        {
-            return services.Configure<TwitterOptions>(config);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index c0eee7e1a0..9736325570 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -7,7 +7,6 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
@@ -18,16 +17,11 @@ namespace Microsoft.AspNet.Authentication
 
         protected AuthenticationMiddleware(
             [NotNull] RequestDelegate next, 
-            [NotNull] IOptions<TOptions> options, 
+            [NotNull] TOptions options, 
             [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            ConfigureOptions<TOptions> configureOptions)
+            [NotNull] IUrlEncoder encoder)
         {
-            Options = options.Value;
-            if (configureOptions != null)
-            {
-                configureOptions.Configure(Options);
-            }
+            Options = options;
             Logger = loggerFactory.CreateLogger(this.GetType().FullName);
             UrlEncoder = encoder;
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index 9634fd97b7..fbe65663e2 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -2,8 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Claims;
-using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
 using Microsoft.Framework.Internal;
 
@@ -23,20 +21,5 @@ namespace Microsoft.Framework.DependencyInjection
             services.Configure(configureOptions);
             return services.AddAuthentication();
         }
-
-        public static IServiceCollection AddClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Action<ClaimsTransformationOptions> configure)
-        {
-            return services.Configure(configure);
-        }
-
-        public static IServiceCollection AddClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, ClaimsPrincipal> transform)
-        {
-            return services.Configure<ClaimsTransformationOptions>(o => o.Transformer = new ClaimsTransformer { TransformSyncDelegate = transform });
-        }
-
-        public static IServiceCollection AddClaimsTransformation([NotNull] this IServiceCollection services, [NotNull] Func<ClaimsPrincipal, Task<ClaimsPrincipal>> asyncTransform)
-        {
-            return services.Configure<ClaimsTransformationOptions>(o => o.Transformer = new ClaimsTransformer { TransformAsyncDelegate = asyncTransform });
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index ff29ffdbe7..def2c935ba 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
-using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -16,11 +16,28 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Adds a claims transformation middleware to your web application pipeline.
         /// </summary>
+        /// <param name="options">The options for the middleware</param>
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app)
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, ClaimsTransformationOptions options)
         {
-            return app.UseClaimsTransformation(configureOptions: o => { });
+            return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
+        }
+
+        /// <summary>
+        /// Adds a claims transformation middleware to your web application pipeline.
+        /// </summary>
+        /// <param name="options">The options for the middleware</param>
+        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Func<ClaimsPrincipal, Task<ClaimsPrincipal>> transform)
+        {
+            var options = new ClaimsTransformationOptions();
+            options.Transformer = new ClaimsTransformer
+            {
+                OnTransform = transform
+            };
+            return app.UseClaimsTransformation(options);
         }
 
         /// <summary>
@@ -29,10 +46,14 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
         /// <param name="configureOptions">Used to configure the options for the middleware</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, [NotNull] Action<ClaimsTransformationOptions> configureOptions)
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Action<ClaimsTransformationOptions> configureOptions)
         {
-            return app.UseMiddleware<ClaimsTransformationMiddleware>(
-                new ConfigureOptions<ClaimsTransformationOptions>(configureOptions));
+            var options = new ClaimsTransformationOptions();
+            if (configureOptions != null)
+            {
+                configureOptions(options);
+            }
+            return app.UseClaimsTransformation(options);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationHandler.cs
similarity index 99%
rename from src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
rename to src/Microsoft.AspNet.Authentication/ClaimsTransformationHandler.cs
index d5c4da165e..954f26032f 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationHandler.cs
@@ -80,6 +80,5 @@ namespace Microsoft.AspNet.Authentication
         {
             auth.Handler = PriorHandler;
         }
-
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index e72ab3ab12..b4c95310c4 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -4,7 +4,6 @@
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
@@ -15,14 +14,9 @@ namespace Microsoft.AspNet.Authentication
 
         public ClaimsTransformationMiddleware(
             [NotNull] RequestDelegate next,
-            [NotNull] IOptions<ClaimsTransformationOptions> options,
-            ConfigureOptions<ClaimsTransformationOptions> configureOptions)
+            [NotNull] ClaimsTransformationOptions options)
         {
-            Options = options.Value;
-            if (configureOptions != null)
-            {
-                configureOptions.Configure(Options);
-            }
+            Options = options;
             _next = next;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
index acc1a5e499..19475ba023 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
@@ -1,44 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Security.Claims;
-using System.Threading.Tasks;
-
 namespace Microsoft.AspNet.Authentication
 {
     public class ClaimsTransformationOptions
     {
         public IClaimsTransformer Transformer { get; set; }
     }
-
-    public interface IClaimsTransformer
-    {
-        Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal);
-        ClaimsPrincipal Transform(ClaimsPrincipal principal);
-    }
-
-    public class ClaimsTransformer : IClaimsTransformer
-    {
-        public Func<ClaimsPrincipal, Task<ClaimsPrincipal>> TransformAsyncDelegate { get; set; }
-        public Func<ClaimsPrincipal, ClaimsPrincipal> TransformSyncDelegate { get; set; }
-
-        public virtual ClaimsPrincipal Transform(ClaimsPrincipal principal)
-        {
-            if (TransformSyncDelegate != null)
-            {
-                return TransformSyncDelegate(principal);
-            }
-            return principal;
-        }
-
-        public virtual Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
-        {
-            if (TransformAsyncDelegate != null)
-            {
-                return TransformAsyncDelegate(principal);
-            }
-            return Task.FromResult(Transform(principal));
-        }
-    }
 }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformer.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformer.cs
new file mode 100644
index 0000000000..e824689d1c
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformer.cs
@@ -0,0 +1,19 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class ClaimsTransformer : IClaimsTransformer
+    {
+        public Func<ClaimsPrincipal, Task<ClaimsPrincipal>> OnTransform { get; set; }
+
+        public virtual Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
+        {
+            return OnTransform?.Invoke(principal) ?? Task.FromResult(principal);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
index d50b6055d3..0234f22cdb 100644
--- a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Authentication
             if (auth == null)
             {
                 auth = new HttpAuthenticationFeature();
-                context.Features.Set<IHttpAuthenticationFeature>(auth);
+                context.Features.Set(auth);
             }
             return auth;
         }
diff --git a/src/Microsoft.AspNet.Authentication/IClaimsTransformer.cs b/src/Microsoft.AspNet.Authentication/IClaimsTransformer.cs
new file mode 100644
index 0000000000..a4e4e2f25e
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/IClaimsTransformer.cs
@@ -0,0 +1,13 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public interface IClaimsTransformer
+    {
+        Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal);
+    }
+}
diff --git a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
similarity index 94%
rename from src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
rename to src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
index d0a60edf2e..2d085a7902 100644
--- a/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -8,7 +8,7 @@ using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
-    public static class ServiceCollectionExtensions
+    public static class AuthorizationServiceCollectionExtensions
     {
         public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services)
         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 84d8e1a872..668f6a7ace 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -232,17 +232,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             baseAddress: null, 
             claimsTransform: o => o.Transformer = new ClaimsTransformer
             {
-                TransformSyncDelegate = p =>
-                {
-                    if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
-                    {
-                        var id = new ClaimsIdentity("xform");
-                        id.AddClaim(new Claim("sync", "no"));
-                        p.AddIdentity(id);
-                    }
-                    return p;
-                },
-                TransformAsyncDelegate = p =>
+                OnTransform = p =>
                 {
                     if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
                     {
@@ -745,22 +735,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.True(transaction.SetCookie[0].StartsWith(".AspNet.Cookies="));
         }
 
-        [Fact]
-        public async Task UseCookieWithOutInstanceDoesUseSharedOptions()
-        {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.CookieName = "One");
-                app.UseCookieAuthentication(options => options.AuthenticationScheme = "Two");
-                app.Run(context => context.Authentication.SignInAsync("Two", new ClaimsPrincipal(new ClaimsIdentity())));
-            }, services => services.AddAuthentication());
-
-            var transaction = await server.SendAsync("http://example.com");
-
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.True(transaction.SetCookie[0].StartsWith("One="));
-        }
-
         [Fact]
         public async Task MapWithSignInOnlyRedirectToReturnUrlOnLoginPath()
         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index fa7978e03d..ed1723f3a4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -29,16 +29,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication();
-                    app.UseCookieAuthentication();
-                },
-                services =>
-                {
-                    services.AddAuthentication(options =>
-                    {
-                        options.SignInScheme = "External";
-                    });
-                    services.AddFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
@@ -51,12 +42,19 @@ namespace Microsoft.AspNet.Authentication.Facebook
                             }
                         };
                     });
-                    services.AddCookieAuthentication(options =>
+                    app.UseCookieAuthentication(options =>
                     {
                         options.AuthenticationScheme = "External";
                         options.AutomaticAuthentication = true;
                     });
                 },
+                services =>
+                {
+                    services.AddAuthentication(options =>
+                    {
+                        options.SignInScheme = "External";
+                    });
+                },
                 context =>
                 {
                     // REVIEW: Gross.
@@ -74,19 +72,15 @@ namespace Microsoft.AspNet.Authentication.Facebook
         {
             var server = CreateServer(app =>
                 app.Map("/base", map => {
-                    map.UseFacebookAuthentication();
-                    map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
-                }),
-                services =>
-                {
-                    services.AddAuthentication();
-                    services.AddFacebookAuthentication(options =>
+                    map.UseFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
                         options.SignInScheme = "External";
                     });
-                },
+                    map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+                }),
+                services => services.AddAuthentication(),
                 handler: null);
             var transaction = await server.SendAsync("http://example.com/base/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -105,19 +99,15 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication();
-                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
-                },
-                services =>
-                {
-                    services.AddAuthentication();
-                    services.AddFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
                         options.SignInScheme = "External";
                     });
+                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
                 },
+                services => services.AddAuthentication(),
                 handler: null);
             var transaction = await server.SendAsync("http://example.com/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -136,24 +126,16 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication();
-                    app.UseCookieAuthentication();
-                },
-                services =>
-                {
-                    services.AddAuthentication(options =>
-                    {
-                        options.SignInScheme = "External";
-                    });
-                    services.AddFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
                     });
-                    services.AddCookieAuthentication(options =>
-                    {
-                        options.AuthenticationScheme = "External";
-                    });
+                    app.UseCookieAuthentication(options => options.AuthenticationScheme = "External");
+                },
+                services =>
+                {
+                    services.AddAuthentication(options => options.SignInScheme = "External");
                 },
                 context =>
                 {
@@ -181,13 +163,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication();
-                    app.UseCookieAuthentication();
-                },
-                services =>
-                {
-                    services.AddAuthentication();
-                    services.AddFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
                         options.AppSecret = "Test App Secret";
@@ -224,6 +200,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
                             }
                         };
                     });
+                    app.UseCookieAuthentication();
+                },
+                services =>
+                {
+                    services.AddAuthentication();
                 }, handler: null);
 
             var properties = new AuthenticationProperties();
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 86801ccc4e..d6d2b7053a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -548,7 +548,13 @@ namespace Microsoft.AspNet.Authentication.Google
                     options.AutomaticAuthentication = true;
                 });
                 app.UseGoogleAuthentication(configureOptions);
-                app.UseClaimsTransformation();
+                app.UseClaimsTransformation(p =>
+                {
+                    var id = new ClaimsIdentity("xform");
+                    id.AddClaim(new Claim("xform", "yup"));
+                    p.AddIdentity(id);
+                    return Task.FromResult(p);
+                });
                 app.Use(async (context, next) =>
                 {
                     var req = context.Request;
@@ -601,13 +607,6 @@ namespace Microsoft.AspNet.Authentication.Google
             services =>
             {
                 services.AddAuthentication(options => options.SignInScheme = TestExtensions.CookieAuthenticationScheme);
-                services.AddClaimsTransformation(p =>
-                {
-                    var id = new ClaimsIdentity("xform");
-                    id.AddClaim(new Claim("xform", "yup"));
-                    p.AddIdentity(id);
-                    return p;
-                });
             });
         }
     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index d2bee5035c..2345d74318 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -15,7 +15,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
@@ -58,7 +57,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         public async Task AuthenticateCoreState(Action<OpenIdConnectOptions> action, OpenIdConnectMessage message)
         {
             var handler = new OpenIdConnectHandlerForTestingAuthenticate();
-            var server = CreateServer(new ConfigureOptions<OpenIdConnectOptions>(action), UrlEncoder.Default, handler);
+            var server = CreateServer(action, UrlEncoder.Default, handler);
             await server.CreateClient().PostAsync("http://localhost", new FormUrlEncodedContent(message.Parameters.Where(pair => pair.Value != null)));
         }
 
@@ -116,11 +115,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static TestServer CreateServer(ConfigureOptions<OpenIdConnectOptions> options, IUrlEncoder encoder, OpenIdConnectHandler handler = null)
+        private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, IUrlEncoder encoder, OpenIdConnectHandler handler = null)
         {
             return TestServer.Create(
                 app =>
                 {
+                    var options = new OpenIdConnectOptions();
+                    configureOptions(options);
                     app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(options, encoder, handler);
                     app.Use(async (context, next) =>
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index e76c213259..46c04ab7a9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -27,11 +27,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             IUrlEncoder encoder,
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<OpenIdConnectOptions> options,
-            ConfigureOptions<OpenIdConnectOptions> configureOptions = null,
+            OpenIdConnectOptions options,
             OpenIdConnectHandler handler = null
             )
-        : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options, configureOptions)
+        : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options)
         {
             _handler = handler;
             var customFactory = loggerFactory as InMemoryLoggerFactory;

From 59ccbdd8ca02c98d11fa30c2dad62ac13e512aff Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 21 Sep 2015 14:56:05 -0700
Subject: [PATCH 337/900] Fix stuff

---
 NuGet.config                                  |  4 +--
 Security.sln                                  |  2 +-
 .../MemoryCacheSessionStore.cs                |  2 +-
 samples/SocialSample/Startup.cs               |  2 +-
 .../CookieAuthenticationHandler.cs            | 12 +++----
 .../CookieAuthenticationOptions.cs            |  2 +-
 .../Events/CookieAuthenticationEvents.cs      | 12 +++----
 ...dInContext.cs => CookieSignedInContext.cs} |  6 ++--
 ...InContext.cs => CookieSigningInContext.cs} |  6 ++--
 ...tContext.cs => CookieSigningOutContext.cs} |  6 ++--
 .../Events/ICookieAuthenticationEvents.cs     |  6 ++--
 ...icationSessionStore.cs => ITicketStore.cs} |  2 +-
 .../FacebookHandler.cs                        |  4 +--
 .../GoogleHandler.cs                          |  4 +--
 .../Events/AuthenticationChallengeContext.cs  |  6 ++--
 .../Events/AuthenticationFailedContext.cs     |  6 ++--
 ...vents.cs => IOpenIdConnectBearerEvents.cs} |  8 ++---
 .../Events/MessageReceivedContext.cs          |  6 ++--
 ...Events.cs => OpenIdConnectBearerEvents.cs} |  8 ++---
 .../Events/SecurityTokenReceivedContext.cs    |  6 ++--
 .../Events/SecurityTokenValidatedContext.cs   |  6 ++--
 ....Authentication.OpenIdConnectBearer.xproj} |  0
 ...penIdConnectBearerAppBuilderExtensions.cs} | 16 ++++-----
 ...ults.cs => OpenIdConnectBearerDefaults.cs} |  8 ++---
 ...ndler.cs => OpenIdConnectBearerHandler.cs} |  4 +--
 ...re.cs => OpenIdConnectBearerMiddleware.cs} | 19 +++++-----
 ...tions.cs => OpenIdConnectBearerOptions.cs} | 18 +++++-----
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../MicrosoftAccountHandler.cs                |  4 +--
 .../Events/IOAuthEvents.cs                    |  6 ++--
 .../Events/OAuthAuthenticatedContext.cs       | 10 +++---
 .../Events/OAuthEvents.cs                     | 14 ++++----
 ...RedirectToAuthorizationEndpointContext.cs} |  6 ++--
 .../Events/OAuthRequestTokenContext.cs        | 31 ----------------
 .../Events/OAuthReturnEndpointContext.cs      |  2 +-
 .../OAuthHandler.cs                           | 12 +++----
 .../OpenIdConnectHandler.cs                   | 12 +++----
 .../OpenIdConnectMiddleware.cs                |  2 +-
 .../Events/ITwitterEvents.cs                  |  6 ++--
 ...ext.cs => TwitterCreatingTicketContext.cs} |  6 ++--
 .../Events/TwitterEvents.cs                   | 12 +++----
 ...RedirectToAuthorizationEndpointContext.cs} |  4 +--
 .../Events/TwitterReturnEndpointContext.cs    | 25 -------------
 .../Messages/Serializers.cs                   | 21 -----------
 .../TwitterHandler.cs                         | 12 +++----
 .../TwitterMiddleware.cs                      |  5 ++-
 .../DataHandler/Base64TextEncoder.cs          | 21 -----------
 .../DataHandler/DataSerializers.cs            | 20 -----------
 .../DataHandler/ITextEncoder.cs               | 11 ------
 .../DataHandler/PropertiesDataFormat.cs       |  2 +-
 .../DataHandler/SecureDataFormat.cs           |  9 +++--
 ...Base64UrlTextEncoder.cs => TextEncoder.cs} |  8 ++---
 .../DataHandler/TextEncodings.cs              | 21 -----------
 .../DataHandler/TicketDataFormat.cs           |  2 +-
 .../Events/EndpointContext.cs                 | 22 ------------
 .../Events/EndpointContext`1.cs               | 36 -------------------
 ...EndpointContext.cs => SigningInContext.cs} | 14 ++++++--
 .../SubjectPublicKeyInfoAlgorithm.cs          | 15 --------
 .../Cookies/CookieMiddlewareTests.cs          |  2 +-
 .../DataHandler/Base64UrlTextEncoderTests.cs  |  5 ++-
 .../Facebook/FacebookMiddlewareTests.cs       |  2 +-
 .../Google/GoogleMiddlewareTests.cs           |  6 ++--
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 30 ++++++++--------
 .../MicrosoftAccountMiddlewareTests.cs        |  4 +--
 .../OpenIdConnectHandlerTests.cs              |  6 ++--
 .../Twitter/TwitterMiddlewareTests.cs         |  2 +-
 .../project.json                              |  2 +-
 68 files changed, 200 insertions(+), 417 deletions(-)
 rename src/Microsoft.AspNet.Authentication.Cookies/Events/{CookieResponseSignedInContext.cs => CookieSignedInContext.cs} (92%)
 rename src/Microsoft.AspNet.Authentication.Cookies/Events/{CookieResponseSignInContext.cs => CookieSigningInContext.cs} (91%)
 rename src/Microsoft.AspNet.Authentication.Cookies/Events/{CookieResponseSignOutContext.cs => CookieSigningOutContext.cs} (73%)
 rename src/Microsoft.AspNet.Authentication.Cookies/{IAuthenticationSessionStore.cs => ITicketStore.cs} (97%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{IJwtBearerEvents.cs => IOpenIdConnectBearerEvents.cs} (80%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{JwtBearerEvents.cs => OpenIdConnectBearerEvents.cs} (87%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{Microsoft.AspNet.Authentication.JwtBearer.xproj => Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj} (100%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerAppBuilderExtensions.cs => OpenIdConnectBearerAppBuilderExtensions.cs} (74%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerDefaults.cs => OpenIdConnectBearerDefaults.cs} (68%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerHandler.cs => OpenIdConnectBearerHandler.cs} (97%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerMiddleware.cs => OpenIdConnectBearerMiddleware.cs} (83%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/{JwtBearerOptions.cs => OpenIdConnectBearerOptions.cs} (86%)
 rename src/Microsoft.AspNet.Authentication.OAuth/Events/{OAuthApplyRedirectContext.cs => OAuthRedirectToAuthorizationEndpointContext.cs} (80%)
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRequestTokenContext.cs
 rename src/Microsoft.AspNet.Authentication.Twitter/Events/{TwitterAuthenticatedContext.cs => TwitterCreatingTicketContext.cs} (92%)
 rename src/Microsoft.AspNet.Authentication.Twitter/Events/{TwitterApplyRedirectContext.cs => TwitterRedirectToAuthorizationEndpointContext.cs} (87%)
 delete mode 100644 src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterReturnEndpointContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/DataHandler/Base64TextEncoder.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/DataHandler/DataSerializers.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/DataHandler/ITextEncoder.cs
 rename src/Microsoft.AspNet.Authentication/DataHandler/{Base64UrlTextEncoder.cs => TextEncoder.cs} (79%)
 delete mode 100644 src/Microsoft.AspNet.Authentication/DataHandler/TextEncodings.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/Events/EndpointContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/Events/EndpointContext`1.cs
 rename src/Microsoft.AspNet.Authentication/Events/{ReturnEndpointContext.cs => SigningInContext.cs} (74%)
 delete mode 100644 src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs

diff --git a/NuGet.config b/NuGet.config
index 3bd1c73d64..3cca57b4c2 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
-    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly"/>
+    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly" />
   </packageSources>
 </configuration>
diff --git a/Security.sln b/Security.sln
index ee8180ede8..61a335c030 100644
--- a/Security.sln
+++ b/Security.sln
@@ -40,7 +40,7 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentica
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Test", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Test.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnectBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Test", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Test.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
 EndProject
diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
index 854b40fb20..d0e78d1367 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheSessionStore.cs
@@ -6,7 +6,7 @@ using Microsoft.Framework.Caching.Memory;
 
 namespace CookieSessionSample
 {
-    public class MemoryCacheSessionStore : IAuthenticationSessionStore
+    public class MemoryCacheSessionStore : ITicketStore
     {
         private const string KeyPrefix = "AuthSessionStore-";
         private IMemoryCache _cache;
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index ee397f272c..7e43f83f24 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -130,7 +130,7 @@ namespace CookieSample
                 // Retrieving user information is unique to each provider.
                 Events = new OAuthEvents
                 {
-                    OnAuthenticated = async context =>
+                    OnCreatingTicket = async context =>
                     {
                         // Get the GitHub user
                         var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 24fe12fbe8..4c83699f5d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -225,7 +225,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 var cookieOptions = BuildCookieOptions();
 
-                var signInContext = new CookieResponseSignInContext(
+                var signInContext = new CookieSigningInContext(
                     Context,
                     Options,
                     Options.AuthenticationScheme,
@@ -249,7 +249,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
                 }
 
-                await Options.Events.ResponseSignIn(signInContext);
+                await Options.Events.SigningIn(signInContext);
 
                 if (signInContext.Properties.IsPersistent)
                 {
@@ -279,14 +279,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     cookieValue,
                     signInContext.CookieOptions);
 
-                var signedInContext = new CookieResponseSignedInContext(
+                var signedInContext = new CookieSignedInContext(
                     Context,
                     Options,
                     Options.AuthenticationScheme,
                     signInContext.Principal,
                     signInContext.Properties);
 
-                await Options.Events.ResponseSignedIn(signedInContext);
+                await Options.Events.SignedIn(signedInContext);
 
                 var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
                 ApplyHeaders(shouldLoginRedirect);
@@ -314,12 +314,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     await Options.SessionStore.RemoveAsync(_sessionKey);
                 }
 
-                var context = new CookieResponseSignOutContext(
+                var context = new CookieSigningOutContext(
                     Context,
                     Options,
                     cookieOptions);
 
-                await Options.Events.ResponseSignOut(context);
+                await Options.Events.SigningOut(context);
 
                 Options.CookieManager.DeleteCookie(
                     Context,
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index b8743d1843..1a1f71bd40 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -146,7 +146,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// An optional container in which to store the identity across requests. When used, only a session identifier is sent
         /// to the client. This can be used to mitigate potential problems with very large identities.
         /// </summary>
-        public IAuthenticationSessionStore SessionStore { get; set; }
+        public ITicketStore SessionStore { get; set; }
 
         CookieAuthenticationOptions IOptions<CookieAuthenticationOptions>.Value
         {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 7a96ce99d0..578feb1ca4 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -21,17 +21,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Func<CookieResponseSignInContext, Task> OnResponseSignIn { get; set; } = context => Task.FromResult(0);
+        public Func<CookieSigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Func<CookieResponseSignedInContext, Task> OnResponseSignedIn { get; set; } = context => Task.FromResult(0);
+        public Func<CookieSignedInContext, Task> OnSignedIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Func<CookieResponseSignOutContext, Task> OnResponseSignOut { get; set; } = context => Task.FromResult(0);
+        public Func<CookieSigningOutContext, Task> OnSigningOut { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
@@ -58,19 +58,19 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual Task ResponseSignIn(CookieResponseSignInContext context) => OnResponseSignIn(context);
+        public virtual Task SigningIn(CookieSigningInContext context) => OnSigningIn(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual Task ResponseSignedIn(CookieResponseSignedInContext context) => OnResponseSignedIn(context);
+        public virtual Task SignedIn(CookieSignedInContext context) => OnSignedIn(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context"></param>
-        public virtual Task ResponseSignOut(CookieResponseSignOutContext context) => OnResponseSignOut(context);
+        public virtual Task SigningOut(CookieSigningOutContext context) => OnSigningOut(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
similarity index 92%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignedInContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
index a6a5c3469e..d8ac62a24e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -8,9 +8,9 @@ using Microsoft.AspNet.Http.Authentication;
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationEvents method ResponseSignedIn.
+    /// Context object passed to the ICookieAuthenticationEvents method SignedIn.
     /// </summary>    
-    public class CookieResponseSignedInContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieSignedInContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
@@ -20,7 +20,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param>
         /// <param name="principal">Initializes Principal property</param>
         /// <param name="properties">Initializes Properties property</param>
-        public CookieResponseSignedInContext(
+        public CookieSignedInContext(
             HttpContext context,
             CookieAuthenticationOptions options,
             string authenticationScheme,
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
similarity index 91%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignInContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
index b931a7c484..4ff477b8f3 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -8,9 +8,9 @@ using Microsoft.AspNet.Http.Authentication;
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationProvider method ResponseSignIn.
+    /// Context object passed to the ICookieAuthenticationEvents method ResponseSignIn.
     /// </summary>    
-    public class CookieResponseSignInContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieSigningInContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
@@ -21,7 +21,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="principal">Initializes Principal property</param>
         /// <param name="properties">Initializes Extra property</param>
         /// <param name="cookieOptions">Initializes options for the authentication cookie.</param>
-        public CookieResponseSignInContext(
+        public CookieSigningInContext(
             HttpContext context,
             CookieAuthenticationOptions options,
             string authenticationScheme,
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
similarity index 73%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignOutContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
index f33295af57..d9e960ada9 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieResponseSignOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -6,9 +6,9 @@ using Microsoft.AspNet.Http;
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationProvider method ResponseSignOut    
+    /// Context object passed to the ICookieAuthenticationEvents method SigningOut    
     /// </summary>
-    public class CookieResponseSignOutContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieSigningOutContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// 
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="context"></param>
         /// <param name="options"></param>
         /// <param name="cookieOptions"></param>
-        public CookieResponseSignOutContext(HttpContext context, CookieAuthenticationOptions options, CookieOptions cookieOptions)
+        public CookieSigningOutContext(HttpContext context, CookieAuthenticationOptions options, CookieOptions cookieOptions)
             : base(context, options)
         {
             CookieOptions = cookieOptions;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
index fef97c6916..9a74f657d9 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
@@ -23,13 +23,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// implementing this method the claims and extra information that go into the ticket may be altered.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        Task ResponseSignIn(CookieResponseSignInContext context);
+        Task SigningIn(CookieSigningInContext context);
 
         /// <summary>
         /// Called when an endpoint has provided sign in information after it is converted into a cookie.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        Task ResponseSignedIn(CookieResponseSignedInContext context);
+        Task SignedIn(CookieSignedInContext context);
 
         /// <summary>
         /// Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
@@ -41,7 +41,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// Called during the sign-out flow to augment the cookie cleanup process.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as information about the authentication cookie.</param>
-        Task ResponseSignOut(CookieResponseSignOutContext context);
+        Task SigningOut(CookieSigningOutContext context);
 
         /// <summary>
         /// Called when an exception occurs during request or response processing.
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/IAuthenticationSessionStore.cs b/src/Microsoft.AspNet.Authentication.Cookies/ITicketStore.cs
similarity index 97%
rename from src/Microsoft.AspNet.Authentication.Cookies/IAuthenticationSessionStore.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/ITicketStore.cs
index 25de38de11..418dec45e4 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/IAuthenticationSessionStore.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ITicketStore.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// while only sending a simple identifier key to the client. This is most commonly used to mitigate
     /// issues with serializing large identities into cookies.
     /// </summary>
-    public interface IAuthenticationSessionStore
+    public interface ITicketStore
     {
         /// <summary>
         /// Store the identity ticket and return the associated key.
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
index ee6824b451..cd6c2d1f73 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
             
-            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
+            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens, payload)
             {
                 Properties = properties,
                 Principal = new ClaimsPrincipal(identity)
@@ -104,7 +104,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            await Options.Events.Authenticated(context);
+            await Options.Events.CreatingTicket(context);
 
             return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
index e688dc8562..1d692b4549 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
@@ -32,7 +32,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
             
-            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
+            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens, payload)
             {
                 Properties = properties,
                 Principal = new ClaimsPrincipal(identity)
@@ -74,7 +74,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            await Options.Events.Authenticated(context);
+            await Options.Events.CreatingTicket(context);
 
             return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
index 44f44d5b3e..e7b0df4ef8 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
-    public class AuthenticationChallengeContext : BaseControlContext<JwtBearerOptions>
+    public class AuthenticationChallengeContext : BaseControlContext<OpenIdConnectBearerOptions>
     {
-        public AuthenticationChallengeContext(HttpContext context, JwtBearerOptions options)
+        public AuthenticationChallengeContext(HttpContext context, OpenIdConnectBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index 2ac80c4f73..e894ed2a14 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -4,11 +4,11 @@
 using System;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
-    public class AuthenticationFailedContext : BaseControlContext<JwtBearerOptions>
+    public class AuthenticationFailedContext : BaseControlContext<OpenIdConnectBearerOptions>
     {
-        public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
+        public AuthenticationFailedContext(HttpContext context, OpenIdConnectBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
similarity index 80%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
index 0ec2a9c247..973b5c9178 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
@@ -4,14 +4,14 @@
 using System.Threading.Tasks;
 
 /// <summary>
-/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+/// Specifies events which the <see cref="OpenIdConnectBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
     /// <summary>
-    /// Jwt bearer token middleware events.
+    /// OpenIdConnect bearer token middleware events.
     /// </summary>
-    public interface IJwtBearerEvents
+    public interface IOpenIdConnectBearerEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index cd940ef679..5b28b109ae 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
-    public class MessageReceivedContext : BaseControlContext<JwtBearerOptions>
+    public class MessageReceivedContext : BaseControlContext<OpenIdConnectBearerOptions>
     {
-        public MessageReceivedContext(HttpContext context, JwtBearerOptions options)
+        public MessageReceivedContext(HttpContext context, OpenIdConnectBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
similarity index 87%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
index a6976228cd..e53dbd8bc1 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
@@ -6,14 +6,14 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 
 /// <summary>
-/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+/// Specifies events which the <see cref="OpenIdConnectBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
     /// <summary>
-    /// Jwt bearer token middleware events.
+    /// OpenIdConnect bearer token middleware events.
     /// </summary>
-    public class JwtBearerEvents : IJwtBearerEvents
+    public class OpenIdConnectBearerEvents : IOpenIdConnectBearerEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
index 5aedda1d84..81ec1522c6 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
-    public class SecurityTokenReceivedContext : BaseControlContext<JwtBearerOptions>
+    public class SecurityTokenReceivedContext : BaseControlContext<OpenIdConnectBearerOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, JwtBearerOptions options)
+        public SecurityTokenReceivedContext(HttpContext context, OpenIdConnectBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
index 488e8e6b02..78f3a81f4e 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
-    public class SecurityTokenValidatedContext : BaseControlContext<JwtBearerOptions>
+    public class SecurityTokenValidatedContext : BaseControlContext<OpenIdConnectBearerOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, JwtBearerOptions options)
+        public SecurityTokenValidatedContext(HttpContext context, OpenIdConnectBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj b/src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerAppBuilderExtensions.cs
similarity index 74%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerAppBuilderExtensions.cs
index 55f6cb5b2b..148d3d892c 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerAppBuilderExtensions.cs
@@ -2,16 +2,16 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.JwtBearer;
+using Microsoft.AspNet.Authentication.OpenIdConnectBearer;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods to add Jwt Bearer authentication capabilities to an HTTP application pipeline
+    /// Extension methods to add OpenIdConnect Bearer authentication capabilities to an HTTP application pipeline
     /// </summary>
-    public static class JwtBearerAppBuilderExtensions
+    public static class OpenIdConnectBearerAppBuilderExtensions
     {
         /// <summary>
         /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
@@ -24,9 +24,9 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the bearer header.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, [NotNull] JwtBearerOptions options)
+        public static IApplicationBuilder UseOpenIdConnectBearerAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OpenIdConnectBearerOptions options)
         {
-            return app.UseMiddleware<JwtBearerMiddleware>(options);
+            return app.UseMiddleware<OpenIdConnectBearerMiddleware>(options);
         }
 
         /// <summary>
@@ -40,14 +40,14 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="configureOptions">Used to configure Middleware options.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
+        public static IApplicationBuilder UseOpenIdConnectBearerAuthentication([NotNull] this IApplicationBuilder app, Action<OpenIdConnectBearerOptions> configureOptions)
         {
-            var options = new JwtBearerOptions();
+            var options = new OpenIdConnectBearerOptions();
             if (configureOptions != null)
             {
                 configureOptions(options);
             }
-            return app.UseJwtBearerAuthentication(options);
+            return app.UseOpenIdConnectBearerAuthentication(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerDefaults.cs
similarity index 68%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerDefaults.cs
index c39bf6cb9e..b271709f98 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerDefaults.cs
@@ -1,16 +1,16 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
     /// <summary>
     /// Default values used by authorization server and bearer authentication.
     /// </summary>
-    public static class JwtBearerDefaults
+    public static class OpenIdConnectBearerDefaults
     {
         /// <summary>
-        /// Default value for AuthenticationScheme property in the JwtBearerAuthenticationOptions and
-        /// JwtAuthorizationServerOptions.
+        /// Default value for AuthenticationScheme property in the OpenIdConnectBearerAuthenticationOptions and
+        /// OpenIdConnectAuthorizationServerOptions.
         /// </summary>
         public const string AuthenticationScheme = "Bearer";
     }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerHandler.cs
similarity index 97%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerHandler.cs
index 0f420f7fc4..9a84dcfb36 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerHandler.cs
@@ -10,9 +10,9 @@ using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
-    public class JwtBearerHandler : AuthenticationHandler<JwtBearerOptions>
+    internal class OpenIdConnectBearerHandler : AuthenticationHandler<OpenIdConnectBearerOptions>
     {
         private OpenIdConnectConfiguration _configuration;
 
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerMiddleware.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerMiddleware.cs
index 0c67c632e7..fee6e11430 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerMiddleware.cs
@@ -6,35 +6,34 @@ using System.Net.Http;
 using Microsoft.AspNet.Builder;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
     /// <summary>
     /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
-    /// created by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication
+    /// created by application code directly, instead it is added by calling the the IAppBuilder UseOpenIdConnectBearerAuthentication
     /// extension method.
     /// </summary>
-    public class JwtBearerMiddleware : AuthenticationMiddleware<JwtBearerOptions>
+    public class OpenIdConnectBearerMiddleware : AuthenticationMiddleware<OpenIdConnectBearerOptions>
     {
         /// <summary>
         /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
-        /// called by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication 
+        /// called by application code directly, instead it is added by calling the the IAppBuilder UseOpenIdConnectBearerAuthentication 
         /// extension method.
         /// </summary>
-        public JwtBearerMiddleware(
+        public OpenIdConnectBearerMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] JwtBearerOptions options)
+            [NotNull] OpenIdConnectBearerOptions options)
             : base(next, options, loggerFactory, encoder)
         {
             if (Options.Events == null)
             {
-                Options.Events = new JwtBearerEvents();
+                Options.Events = new OpenIdConnectBearerEvents();
             }
 
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
@@ -74,9 +73,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
         /// </summary>
         /// <returns>A new instance of the request handler</returns>
-        protected override AuthenticationHandler<JwtBearerOptions> CreateHandler()
+        protected override AuthenticationHandler<OpenIdConnectBearerOptions> CreateHandler()
         {
-            return new JwtBearerHandler();
+            return new OpenIdConnectBearerHandler();
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerOptions.cs
similarity index 86%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerOptions.cs
index a6df42ec6b..f47a436ee0 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerOptions.cs
@@ -9,19 +9,19 @@ using System.Net.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
     /// </summary>
-    public class JwtBearerOptions : AuthenticationOptions
+    public class OpenIdConnectBearerOptions : AuthenticationOptions
     {
         /// <summary>
         /// Creates an instance of bearer authentication options with default values.
         /// </summary>
-        public JwtBearerOptions() : base()
+        public OpenIdConnectBearerOptions() : base()
         {
-            AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
+            AuthenticationScheme = OpenIdConnectBearerDefaults.AuthenticationScheme;
         }
 
         /// <summary>
@@ -35,24 +35,24 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         public string Authority { get; set; }
 
         /// <summary>
-        /// Gets or sets the audience for any received JWT token.
+        /// Gets or sets the audience for any received OpenIdConnect token.
         /// </summary>
         /// <value>
-        /// The expected audience for any received JWT token.
+        /// The expected audience for any received OpenIdConnect token.
         /// </value>
         public string Audience { get; set; }
 
         /// <summary>
         /// Gets or sets the challenge to put in the "WWW-Authenticate" header.
         /// </summary>
-        public string Challenge { get; set; } = JwtBearerDefaults.AuthenticationScheme;
+        public string Challenge { get; set; } = OpenIdConnectBearerDefaults.AuthenticationScheme;
 
         /// <summary>
         /// The object provided by the application to process events raised by the bearer authentication middleware.
-        /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
+        /// The application may implement the interface fully, or it may create an instance of OpenIdConnectBearerAuthenticationEvents
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public IJwtBearerEvents Events { get; set; } = new JwtBearerEvents();
+        public IOpenIdConnectBearerEvents Events { get; set; } = new OpenIdConnectBearerEvents();
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
index 79bbbe4497..bafcd6d0d6 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.JwtBearer.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNet.Authentication.OpenIdConnectBearer.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The '{0}' option must be provided.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index f92c6b6f4a..f05599e083 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -1,6 +1,6 @@
 {
     "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to receive a Jwt bearer token.",
+    "description": "ASP.NET 5 middleware that enables an application to receive a OpenIdConnect bearer token.",
     "repository": {
         "type": "git",
         "url": "git://github.com/aspnet/security"
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index adac9be9dc..940b115444 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -28,7 +28,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
             
-            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload)
+            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens, payload)
             {
                 Properties = properties,
                 Principal = new ClaimsPrincipal(identity)
@@ -54,7 +54,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
                 identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            await Options.Events.Authenticated(context);
+            await Options.Events.CreatingTicket(context);
 
             return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
         }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
index d5acd3bbca..9f161f344c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
@@ -16,19 +16,19 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         /// <param name="context">Contains information about the login session.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task Authenticated(OAuthAuthenticatedContext context);
+        Task CreatingTicket(OAuthCreatingTicketContext context);
 
         /// <summary>
         /// Invoked prior to the <see cref="ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
         /// </summary>
         /// <param name="context"></param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ReturnEndpoint(OAuthReturnEndpointContext context);
+        Task SigningIn(SigningInContext context);
 
         /// <summary>
         /// Called when a Challenge causes a redirect to the authorize endpoint.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        Task ApplyRedirect(OAuthApplyRedirectContext context);
+        Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationEndpointContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
index 3aa4f8b6a8..2bbacbfd2e 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
@@ -15,16 +15,16 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class OAuthAuthenticatedContext : BaseContext<OAuthOptions>
+    public class OAuthCreatingTicketContext : BaseContext<OAuthOptions>
     {
         /// <summary>
-        /// Initializes a new <see cref="OAuthAuthenticatedContext"/>.
+        /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
-        public OAuthAuthenticatedContext(
+        public OAuthCreatingTicketContext(
             [NotNull] HttpContext context,
             [NotNull] OAuthOptions options,
             [NotNull] HttpClient backchannel,
@@ -34,14 +34,14 @@ namespace Microsoft.AspNet.Authentication.OAuth
         }
 
         /// <summary>
-        /// Initializes a new <see cref="OAuthAuthenticatedContext"/>.
+        /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         /// <param name="user">The JSON-serialized user.</param>
-        public OAuthAuthenticatedContext(
+        public OAuthCreatingTicketContext(
             [NotNull] HttpContext context,
             [NotNull] OAuthOptions options,
             [NotNull] HttpClient backchannel,
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
index 9f8e064ae4..364d6c2edf 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
@@ -14,17 +14,17 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
         /// </summary>
-        public Func<OAuthAuthenticatedContext, Task> OnAuthenticated { get; set; } = context => Task.FromResult(0);
+        public Func<OAuthCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
         /// </summary>
-        public Func<OAuthReturnEndpointContext, Task> OnReturnEndpoint { get; set; } = context => Task.FromResult(0);
+        public Func<SigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
+        /// Gets or sets the delegate that is invoked when the RedirectToAuthorizationEndpoint method is invoked.
         /// </summary>
-        public Func<OAuthApplyRedirectContext, Task> OnApplyRedirect { get; set; } = context =>
+        public Func<OAuthRedirectToAuthorizationEndpointContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
             return Task.FromResult(0);
@@ -35,19 +35,19 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task Authenticated(OAuthAuthenticatedContext context) => OnAuthenticated(context);
+        public virtual Task CreatingTicket(OAuthCreatingTicketContext context) => OnCreatingTicket(context);
 
         /// <summary>
         /// Invoked prior to the <see cref="ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="ClaimsIdentity"/></param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task ReturnEndpoint(OAuthReturnEndpointContext context) => OnReturnEndpoint(context);
+        public virtual Task SigningIn(SigningInContext context) => OnSigningIn(context);
 
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        public virtual Task ApplyRedirect(OAuthApplyRedirectContext context) => OnApplyRedirect(context);
+        public virtual Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationEndpointContext context) => OnRedirectToAuthorizationEndpoint(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationEndpointContext.cs
similarity index 80%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationEndpointContext.cs
index 83629708f8..0bfbd26f7b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationEndpointContext.cs
@@ -7,9 +7,9 @@ using Microsoft.AspNet.Http.Authentication;
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     /// <summary>
-    /// Context passed when a Challenge causes a redirect to authorize endpoint in the Microsoft account middleware.
+    /// Context passed when a Challenge causes a redirect to authorize endpoint in the middleware.
     /// </summary>
-    public class OAuthApplyRedirectContext : BaseContext<OAuthOptions>
+    public class OAuthRedirectToAuthorizationEndpointContext : BaseContext<OAuthOptions>
     {
         /// <summary>
         /// Creates a new context object.
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="context">The HTTP request context.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
-        public OAuthApplyRedirectContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
+        public OAuthRedirectToAuthorizationEndpointContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
             : base(context, options)
         {
             RedirectUri = redirectUri;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRequestTokenContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRequestTokenContext.cs
deleted file mode 100644
index 54a3dac80a..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRequestTokenContext.cs
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    /// <summary>
-    /// Specifies the HTTP request header for the bearer authentication scheme.
-    /// </summary>
-    public class OAuthRequestTokenContext : BaseContext
-    {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthRequestTokenContext"/>
-        /// </summary>
-        /// <param name="context">HTTP environment</param>
-        /// <param name="token">The authorization header value.</param>
-        public OAuthRequestTokenContext(
-            HttpContext context,
-            string token)
-            : base(context)
-        {
-            Token = token;
-        }
-
-        /// <summary>
-        /// The authorization header value
-        /// </summary>
-        public string Token { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs
index dcf9f2d366..2c59fdd183 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Provides context information to middleware providers.
     /// </summary>
-    public class OAuthReturnEndpointContext : ReturnEndpointContext
+    public class OAuthReturnEndpointContext : SigningInContext
     {
         /// <summary>
         /// Initializes a new <see cref="OAuthReturnEndpointContext"/>.
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index 7a9e636916..8449d75d23 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -57,7 +57,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             };
             ticket.Properties.RedirectUri = null;
 
-            await Options.Events.ReturnEndpoint(context);
+            await Options.Events.SigningIn(context);
 
             if (context.SignInScheme != null && context.Principal != null)
             {
@@ -183,13 +183,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var context = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens)
+            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens)
             {
                 Principal = new ClaimsPrincipal(identity),
                 Properties = properties
             };
             
-            await Options.Events.Authenticated(context);
+            await Options.Events.CreatingTicket(context);
 
             if (context.Principal?.Identity == null)
             {
@@ -212,10 +212,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             var authorizationEndpoint = BuildChallengeUrl(properties, BuildRedirectUri(Options.CallbackPath));
 
-            var redirectContext = new OAuthApplyRedirectContext(
+            var redirectContext = new OAuthRedirectToAuthorizationEndpointContext(
                 Context, Options,
                 properties, authorizationEndpoint);
-            await Options.Events.ApplyRedirect(redirectContext);
+            await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
             return true;
         }
 
@@ -263,7 +263,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             var nonceBytes = new byte[32];
             CryptoRandom.GetBytes(nonceBytes);
-            var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
+            var correlationId = Base64UrlTextEncoder.Encode(nonceBytes);
 
             var cookieOptions = new CookieOptions
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9f1ea06519..ad4d927208 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -160,7 +160,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri if Options.DefaultToCurrentUriOnRedirect is true)
-            AuthenticationProperties properties = new AuthenticationProperties(context.Properties);
+            var properties = new AuthenticationProperties(context.Properties);
 
             if (!string.IsNullOrEmpty(properties.RedirectUri))
             {
@@ -491,7 +491,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             ticket = ValidateToken(tokenEndpointResponse.ProtocolMessage.IdToken, message, properties, validationParameters, out jwt);
 
-            await ValidateOpenIdConnectProtocolAsync(null, message);
+            ValidateOpenIdConnectProtocol(null, message);
 
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse);
             if (authenticationValidatedContext.HandledResponse)
@@ -522,7 +522,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var validationParameters = Options.TokenValidationParameters.Clone();
             var ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
 
-            await ValidateOpenIdConnectProtocolAsync(jwt, message);
+            ValidateOpenIdConnectProtocol(jwt, message);
 
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse: null);
             if (authenticationValidatedContext.HandledResponse)
@@ -588,7 +588,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <returns>Authentication ticket with identity with additional claims, if any.</returns>
         protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
         {
-            string userInfoEndpoint = _configuration?.UserInfoEndpoint;
+            var userInfoEndpoint = _configuration?.UserInfoEndpoint;
 
             if (string.IsNullOrEmpty(userInfoEndpoint))
             {
@@ -734,7 +734,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             var nonceBytes = new byte[32];
             CryptoRandom.GetBytes(nonceBytes);
-            var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
+            var correlationId = Base64UrlTextEncoder.Encode(nonceBytes);
 
             var cookieOptions = new CookieOptions
             {
@@ -1023,7 +1023,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return ticket;
         }
 
-        private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message)
+        private void ValidateOpenIdConnectProtocol(JwtSecurityToken jwt, OpenIdConnectMessage message)
         {
             string nonce = jwt?.Payload.Nonce;
             if (!string.IsNullOrEmpty(nonce))
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 7aeca5efba..d2ccf3c1a9 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -72,7 +72,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     Options.AuthenticationScheme,
                     "v1");
 
-                Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector, TextEncodings.Base64Url);
+                Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
             }
             
             // if the user has not set the AuthorizeCallback, set it from the redirect_uri
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
index c96eec4687..cb793eb994 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
@@ -15,19 +15,19 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task Authenticated(TwitterAuthenticatedContext context);
+        Task CreatingTicket(TwitterCreatingTicketContext context);
 
         /// <summary>
         /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
         /// </summary>
         /// <param name="context"></param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ReturnEndpoint(TwitterReturnEndpointContext context);
+        Task SigningIn(SigningInContext context);
 
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
-        Task ApplyRedirect(TwitterApplyRedirectContext context);
+        Task RedirectToAuthorizationEndpoint(TwitterRedirectToAuthorizationEndpointContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
similarity index 92%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index 0ebd2bf91c..d002554cda 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterAuthenticatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -10,17 +10,17 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class TwitterAuthenticatedContext : BaseContext
+    public class TwitterCreatingTicketContext : BaseContext
     {
         /// <summary>
-        /// Initializes a <see cref="TwitterAuthenticatedContext"/>
+        /// Initializes a <see cref="TwitterCreatingTicketContext"/>
         /// </summary>
         /// <param name="context">The HTTP environment</param>
         /// <param name="userId">Twitter user ID</param>
         /// <param name="screenName">Twitter screen name</param>
         /// <param name="accessToken">Twitter access token</param>
         /// <param name="accessTokenSecret">Twitter access token secret</param>
-        public TwitterAuthenticatedContext(
+        public TwitterCreatingTicketContext(
             HttpContext context,
             string userId,
             string screenName,
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
index a3bdfff6ef..f73e4b617f 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
@@ -14,17 +14,17 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
         /// </summary>
-        public Func<TwitterAuthenticatedContext, Task> OnAuthenticated { get; set; } = context => Task.FromResult(0);
+        public Func<TwitterCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
         /// </summary>
-        public Func<TwitterReturnEndpointContext, Task> OnReturnEndpoint { get; set; } = context => Task.FromResult(0);
+        public Func<SigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
         /// </summary>
-        public Func<TwitterApplyRedirectContext, Task> OnApplyRedirect { get; set; } = context =>
+        public Func<TwitterRedirectToAuthorizationEndpointContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
             return Task.FromResult(0);
@@ -35,19 +35,19 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// </summary>
         /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task Authenticated(TwitterAuthenticatedContext context) => OnAuthenticated(context);
+        public virtual Task CreatingTicket(TwitterCreatingTicketContext context) => OnCreatingTicket(context);
 
         /// <summary>
         /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
         /// </summary>
         /// <param name="context"></param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task ReturnEndpoint(TwitterReturnEndpointContext context) => OnReturnEndpoint(context);
+        public virtual Task SigningIn(SigningInContext context) => OnSigningIn(context);
 
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
-        public virtual Task ApplyRedirect(TwitterApplyRedirectContext context) => OnApplyRedirect(context);
+        public virtual Task RedirectToAuthorizationEndpoint(TwitterRedirectToAuthorizationEndpointContext context) => OnRedirectToAuthorizationEndpoint(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
similarity index 87%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
index ab4f1aecac..4a26ce6ebe 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
     /// </summary>
-    public class TwitterApplyRedirectContext : BaseContext<TwitterOptions>
+    public class TwitterRedirectToAuthorizationEndpointContext : BaseContext<TwitterOptions>
     {
         /// <summary>
         /// Creates a new context object.
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <param name="options">The Twitter middleware options.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
-        public TwitterApplyRedirectContext(HttpContext context, TwitterOptions options,
+        public TwitterRedirectToAuthorizationEndpointContext(HttpContext context, TwitterOptions options,
             AuthenticationProperties properties, string redirectUri)
             : base(context, options)
         {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterReturnEndpointContext.cs
deleted file mode 100644
index f6786988e3..0000000000
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterReturnEndpointContext.cs
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication.Twitter
-{
-    /// <summary>
-    /// Provides context information to middleware providers.
-    /// </summary>
-    public class TwitterReturnEndpointContext : ReturnEndpointContext
-    {
-        /// <summary>
-        /// Initializes a new <see cref="TwitterReturnEndpointContext"/>.
-        /// </summary>
-        /// <param name="context">HTTP environment</param>
-        /// <param name="ticket">The authentication ticket</param>
-        public TwitterReturnEndpointContext(
-            HttpContext context,
-            AuthenticationTicket ticket)
-            : base(context, ticket)
-        {
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
deleted file mode 100644
index 2476dac5ec..0000000000
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/Serializers.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNet.Authentication.Twitter
-{
-    /// <summary>
-    /// Provides access to a request token serializer.
-    /// </summary>
-    public static class Serializers
-    {
-        static Serializers()
-        {
-            RequestToken = new RequestTokenSerializer();
-        }
-
-        /// <summary>
-        /// Gets or sets a statically-avaliable serializer object. The value for this property will be <see cref="RequestTokenSerializer"/> by default.
-        /// </summary>
-        public static IDataSerializer<RequestToken> RequestToken { get; private set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index b8ecef66a8..c6e2ac1ea9 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -117,13 +117,13 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, AccessToken token)
         {
-            var context = new TwitterAuthenticatedContext(Context, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
+            var context = new TwitterCreatingTicketContext(Context, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
             {
                 Principal = new ClaimsPrincipal(identity),
                 Properties = properties
             };
 
-            await Options.Events.Authenticated(context);
+            await Options.Events.CreatingTicket(context);
             
             if (context.Principal?.Identity == null)
             {
@@ -154,10 +154,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
                 Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
 
-                var redirectContext = new TwitterApplyRedirectContext(
+                var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(
                     Context, Options,
                     properties, twitterAuthenticationEndpoint);
-                await Options.Events.ApplyRedirect(redirectContext);
+                await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
                 return true;
             }
             else
@@ -177,14 +177,14 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 return true;
             }
 
-            var context = new TwitterReturnEndpointContext(Context, model)
+            var context = new SigningInContext(Context, model)
             {
                 SignInScheme = Options.SignInScheme,
                 RedirectUri = model.Properties.RedirectUri
             };
             model.Properties.RedirectUri = null;
 
-            await Options.Events.ReturnEndpoint(context);
+            await Options.Events.SigningIn(context);
 
             if (context.SignInScheme != null && context.Principal != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index b00ca44219..ce5693f92e 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -59,9 +59,8 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 var dataProtector = dataProtectionProvider.CreateProtector(
                     typeof(TwitterMiddleware).FullName, Options.AuthenticationScheme, "v1");
                 Options.StateDataFormat = new SecureDataFormat<RequestToken>(
-                    Serializers.RequestToken,
-                    dataProtector,
-                    TextEncodings.Base64Url);
+                    new RequestTokenSerializer(),
+                    dataProtector);
             }
 
             if (string.IsNullOrEmpty(Options.SignInScheme))
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Base64TextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/Base64TextEncoder.cs
deleted file mode 100644
index f56b6f2088..0000000000
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Base64TextEncoder.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using System;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class Base64TextEncoder : ITextEncoder
-    {
-        public string Encode(byte[] data)
-        {
-            return Convert.ToBase64String(data);
-        }
-
-        public byte[] Decode(string text)
-        {
-            return Convert.FromBase64String(text);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/DataSerializers.cs b/src/Microsoft.AspNet.Authentication/DataHandler/DataSerializers.cs
deleted file mode 100644
index eda821414a..0000000000
--- a/src/Microsoft.AspNet.Authentication/DataHandler/DataSerializers.cs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http.Authentication;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public static class DataSerializers
-    {
-        static DataSerializers()
-        {
-            Properties = new PropertiesSerializer();
-            Ticket = new TicketSerializer();
-        }
-
-        public static IDataSerializer<AuthenticationProperties> Properties { get; private set; }
-
-        public static IDataSerializer<AuthenticationTicket> Ticket { get; private set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/ITextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/ITextEncoder.cs
deleted file mode 100644
index 2bcf3f8bac..0000000000
--- a/src/Microsoft.AspNet.Authentication/DataHandler/ITextEncoder.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNet.Authentication
-{
-    public interface ITextEncoder
-    {
-        string Encode(byte[] data);
-        byte[] Decode(string text);
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
index d02b0c30b7..956794815e 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication
     public class PropertiesDataFormat : SecureDataFormat<AuthenticationProperties>
     {
         public PropertiesDataFormat(IDataProtector protector)
-            : base(DataSerializers.Properties, protector, TextEncodings.Base64Url)
+            : base(new PropertiesSerializer(), protector)
         {
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
index 258bba52ea..3ede386433 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.DataProtection;
 
@@ -10,20 +11,18 @@ namespace Microsoft.AspNet.Authentication
     {
         private readonly IDataSerializer<TData> _serializer;
         private readonly IDataProtector _protector;
-        private readonly ITextEncoder _encoder;
 
-        public SecureDataFormat(IDataSerializer<TData> serializer, IDataProtector protector, ITextEncoder encoder)
+        public SecureDataFormat(IDataSerializer<TData> serializer, IDataProtector protector)
         {
             _serializer = serializer;
             _protector = protector;
-            _encoder = encoder;
         }
 
         public string Protect(TData data)
         {
             byte[] userData = _serializer.Serialize(data);
             byte[] protectedData = _protector.Protect(userData);
-            string protectedText = _encoder.Encode(protectedData);
+            string protectedText = Base64UrlTextEncoder.Encode(protectedData);
             return protectedText;
         }
 
@@ -37,7 +36,7 @@ namespace Microsoft.AspNet.Authentication
                     return default(TData);
                 }
 
-                byte[] protectedData = _encoder.Decode(protectedText);
+                byte[] protectedData = Base64UrlTextEncoder.Decode(protectedText);
                 if (protectedData == null)
                 {
                     return default(TData);
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/Base64UrlTextEncoder.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TextEncoder.cs
similarity index 79%
rename from src/Microsoft.AspNet.Authentication/DataHandler/Base64UrlTextEncoder.cs
rename to src/Microsoft.AspNet.Authentication/DataHandler/TextEncoder.cs
index df3319d9f6..009413ed0a 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/Base64UrlTextEncoder.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TextEncoder.cs
@@ -2,18 +2,17 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class Base64UrlTextEncoder : ITextEncoder
+    public static class Base64UrlTextEncoder
     {
-        public string Encode([NotNull] byte[] data)
+        public static string Encode(byte[] data)
         {
             return Convert.ToBase64String(data).TrimEnd('=').Replace('+', '-').Replace('/', '_');
         }
 
-        public byte[] Decode([NotNull] string text)
+        public static byte[] Decode(string text)
         {
             return Convert.FromBase64String(Pad(text.Replace('-', '+').Replace('_', '/')));
         }
@@ -27,5 +26,6 @@ namespace Microsoft.AspNet.Authentication
             }
             return text + new string('=', padding);
         }
+
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TextEncodings.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TextEncodings.cs
deleted file mode 100644
index ddb11f5999..0000000000
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TextEncodings.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNet.Authentication
-{
-    public static class TextEncodings
-    {
-        private static readonly ITextEncoder Base64Instance = new Base64TextEncoder();
-        private static readonly ITextEncoder Base64UrlInstance = new Base64UrlTextEncoder();
-
-        public static ITextEncoder Base64
-        {
-            get { return Base64Instance; }
-        }
-
-        public static ITextEncoder Base64Url
-        {
-            get { return Base64UrlInstance; }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
index 0f4dbd44fc..a252b138ca 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
@@ -7,7 +7,7 @@ namespace Microsoft.AspNet.Authentication
 {
     public class TicketDataFormat : SecureDataFormat<AuthenticationTicket>
     {
-        public TicketDataFormat(IDataProtector protector) : base(DataSerializers.Ticket, protector, TextEncodings.Base64Url)
+        public TicketDataFormat(IDataProtector protector) : base(new TicketSerializer(), protector)
         {
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication/Events/EndpointContext.cs b/src/Microsoft.AspNet.Authentication/Events/EndpointContext.cs
deleted file mode 100644
index e8b93e9e38..0000000000
--- a/src/Microsoft.AspNet.Authentication/Events/EndpointContext.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public abstract class EndpointContext : BaseContext
-    {
-        protected EndpointContext(HttpContext context)
-            : base(context)
-        {
-        }
-
-        public bool IsRequestCompleted { get; private set; }
-
-        public void RequestCompleted()
-        {
-            IsRequestCompleted = true;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/Events/EndpointContext`1.cs b/src/Microsoft.AspNet.Authentication/Events/EndpointContext`1.cs
deleted file mode 100644
index 3f56a3a176..0000000000
--- a/src/Microsoft.AspNet.Authentication/Events/EndpointContext`1.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Base class used for certain event contexts
-    /// </summary>
-    public abstract class EndpointContext<TOptions> : BaseContext<TOptions>
-    {
-        /// <summary>
-        /// Creates an instance of this context
-        /// </summary>
-        protected EndpointContext(HttpContext context, TOptions options)
-            : base(context, options)
-        {
-        }
-
-        /// <summary>
-        /// True if the request should not be processed further by other components.
-        /// </summary>
-        public bool IsRequestCompleted { get; private set; }
-
-        /// <summary>
-        /// Prevents the request from being processed further by other components. 
-        /// IsRequestCompleted becomes true after calling.
-        /// </summary>
-        public void RequestCompleted()
-        {
-            IsRequestCompleted = true;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/Events/ReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication/Events/SigningInContext.cs
similarity index 74%
rename from src/Microsoft.AspNet.Authentication/Events/ReturnEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication/Events/SigningInContext.cs
index 77c903f457..30d38ae7f7 100644
--- a/src/Microsoft.AspNet.Authentication/Events/ReturnEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/SigningInContext.cs
@@ -8,9 +8,12 @@ using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public abstract class ReturnEndpointContext : EndpointContext
+    /// <summary>
+    /// Provides context information to middleware providers.
+    /// </summary>
+    public class SigningInContext : BaseContext
     {
-        protected ReturnEndpointContext(
+        public SigningInContext(
             HttpContext context,
             AuthenticationTicket ticket)
             : base(context)
@@ -25,6 +28,13 @@ namespace Microsoft.AspNet.Authentication
         public ClaimsPrincipal Principal { get; set; }
         public AuthenticationProperties Properties { get; set; }
 
+        public bool IsRequestCompleted { get; private set; }
+
+        public void RequestCompleted()
+        {
+            IsRequestCompleted = true;
+        }
+
         public string SignInScheme { get; set; }
 
         [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By design")]
diff --git a/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs b/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
deleted file mode 100644
index fa5704f345..0000000000
--- a/src/Microsoft.AspNet.Authentication/SubjectPublicKeyInfoAlgorithm.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// The algorithm used to generate the subject public key information blob hashes.
-    /// </summary>
-    public enum SubjectPublicKeyInfoAlgorithm
-    {
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Sha", Justification = "It is correct.")] Sha1,
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Sha", Justification = "It is correct.")] Sha256
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 668f6a7ace..a097d98292 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -484,7 +484,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 options.SlidingExpiration = false;
                 options.Events = new CookieAuthenticationEvents()
                 {
-                    OnResponseSignIn = context =>
+                    OnSigningIn = context =>
                     {
                         context.Properties.ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5));
                         return Task.FromResult(0);
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
index 9cbe2bd006..8e62684303 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
@@ -10,7 +10,6 @@ namespace Microsoft.AspNet.Authentication
         [Fact]
         public void DataOfVariousLengthRoundTripCorrectly()
         {
-            var encoder = new Base64UrlTextEncoder();
             for (int length = 0; length != 256; ++length)
             {
                 var data = new byte[length];
@@ -18,8 +17,8 @@ namespace Microsoft.AspNet.Authentication
                 {
                     data[index] = (byte)(5 + length + (index * 23));
                 }
-                string text = encoder.Encode(data);
-                byte[] result = encoder.Decode(text);
+                string text = Base64UrlTextEncoder.Encode(data);
+                byte[] result = Base64UrlTextEncoder.Decode(text);
 
                 for (int index = 0; index != length; ++index)
                 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index ed1723f3a4..f0cefe6561 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -35,7 +35,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                         options.AppSecret = "Test App Secret";
                         options.Events = new OAuthEvents
                         {
-                            OnApplyRedirect = context =>
+                            OnRedirectToAuthorizationEndpoint = context =>
                             {
                                 context.Response.Redirect(context.RedirectUri + "&custom=test");
                                 return Task.FromResult(0);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index d6d2b7053a..617b6862a3 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -199,7 +199,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
                 options.Events = new OAuthEvents
                 {
-                    OnApplyRedirect = context =>
+                    OnRedirectToAuthorizationEndpoint = context =>
                     {
                         context.Response.Redirect(context.RedirectUri + "&custom=test");
                         return Task.FromResult(0);
@@ -416,7 +416,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 };
                 options.Events = new OAuthEvents
                 {
-                    OnAuthenticated = context =>
+                    OnCreatingTicket = context =>
                     {
                         var refreshToken = context.RefreshToken;
                         context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
@@ -457,7 +457,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.AccessType = "offline";
                 options.Events = new OAuthEvents()
                 {
-                    OnAuthenticated = context =>
+                    OnCreatingTicket = context =>
                     {
                         Assert.NotNull(context.User);
                         Assert.Equal(context.AccessToken, "Test Access Token");
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 24bc6ccec4..f51fcaaf31 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -15,9 +15,9 @@ using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
 {
-    public class JwtBearerMiddlewareTests
+    public class OpenIdConnectBearerMiddlewareTests
     {
         [Fact]
         public async Task BearerTokenValidation()
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 options.AutomaticAuthentication = true;
 
                 options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
-                options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
+                options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualOpenIdConnect";
                 options.TokenValidationParameters.ValidateLifetime = false;
             });
 
@@ -66,7 +66,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerEvents()
+                options.Events = new OpenIdConnectBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -116,7 +116,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerEvents()
+                options.Events = new OpenIdConnectBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -150,7 +150,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerEvents()
+                options.Events = new OpenIdConnectBearerEvents()
                 {
                     OnSecurityTokenValidated = context =>
                     {
@@ -187,7 +187,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new JwtBearerEvents()
+                options.Events = new OpenIdConnectBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -224,7 +224,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events = new JwtBearerEvents()
+                options.Events = new OpenIdConnectBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -255,7 +255,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events = new JwtBearerEvents()
+                options.Events = new OpenIdConnectBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -323,13 +323,13 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             }
         }
 
-        private static TestServer CreateServer(Action<JwtBearerOptions> configureOptions, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(Action<OpenIdConnectBearerOptions> configureOptions, Func<HttpContext, bool> handler = null)
         {
             return TestServer.Create(app =>
             {
                 if (configureOptions != null)
                 {
-                    app.UseJwtBearerAuthentication(configureOptions);
+                    app.UseOpenIdConnectBearerAuthentication(configureOptions);
                 }
 
                 app.Use(async (context, next) =>
@@ -359,17 +359,17 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     else if (context.Request.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
-                        var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
-                        await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
+                        var result = await context.Authentication.AuthenticateAsync(OpenIdConnectBearerDefaults.AuthenticationScheme);
+                        await context.Authentication.ChallengeAsync(OpenIdConnectBearerDefaults.AuthenticationScheme);
                     }
 
                     else if (context.Request.Path == new PathString("/signIn"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(OpenIdConnectBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
                     }
                     else if (context.Request.Path == new PathString("/signOut"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(OpenIdConnectBearerDefaults.AuthenticationScheme));
                     }
                     else
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 4972086ff3..8ad48c8fde 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -33,7 +33,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                     options.ClientSecret = "Test Client Secret";
                     options.Events = new OAuthEvents
                     {
-                        OnApplyRedirect = context =>
+                        OnRedirectToAuthorizationEndpoint = context =>
                         {
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
                             return Task.FromResult(0);
@@ -146,7 +146,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                     };
                     options.Events = new OAuthEvents
                     {
-                        OnAuthenticated = context =>
+                        OnCreatingTicket = context =>
                         {
                             var refreshToken = context.RefreshToken;
                             context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 2345d74318..c3b15e2160 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
-using System.IdentityModel.Tokens.Jwt;
+using System.IdentityModel.Tokens.OpenIdConnect;
 using System.Linq;
 using System.Net.Http;
 using System.Security.Claims;
@@ -26,8 +26,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// </summary>
     public class OpenIdConnectHandlerTests
     {
-        private const string nonceForJwt = "abc";
-        private static SecurityToken specCompliantJwt = new JwtSecurityToken("issuer", "audience", new List<Claim> { new Claim("iat", EpochTime.GetIntDate(DateTime.UtcNow).ToString()), new Claim("nonce", nonceForJwt) }, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1));
+        private const string nonceForOpenIdConnect = "abc";
+        private static SecurityToken specCompliantOpenIdConnect = new OpenIdConnectSecurityToken("issuer", "audience", new List<Claim> { new Claim("iat", EpochTime.GetIntDate(DateTime.UtcNow).ToString()), new Claim("nonce", nonceForOpenIdConnect) }, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1));
         private const string ExpectedStateParameter = "expectedState";
 
         /// <summary>
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 380158ef6c..9b73806a90 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -25,7 +25,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                     options.ConsumerSecret = "Test Consumer Secret";
                     options.Events = new TwitterEvents
                     {
-                        OnApplyRedirect = context =>
+                        OnRedirectToAuthorizationEndpoint = context =>
                         {
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
                             return Task.FromResult(0);
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 10f0e221a2..c56539e8e1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -6,7 +6,7 @@
     "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
     "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.OpenIdConnectBearer": "1.0.0-*",
     "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
     "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",

From fec3002fff66f56b9ccdf8a81595a918b6d6875a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 21 Sep 2015 16:32:14 -0700
Subject: [PATCH 338/900] Renames

---
 Security.sln                                  | 30 +++++++++----------
 .../Events/AuthenticationChallengeContext.cs  |  0
 .../Events/AuthenticationFailedContext.cs     |  0
 .../Events/IOpenIdConnectBearerEvents.cs      |  0
 .../Events/MessageReceivedContext.cs          |  0
 .../Events/OpenIdConnectBearerEvents.cs       |  0
 .../Events/SecurityTokenReceivedContext.cs    |  0
 .../Events/SecurityTokenValidatedContext.cs   |  0
 ...t.Authentication.OpenIdConnectBearer.xproj |  0
 ...OpenIdConnectBearerAppBuilderExtensions.cs |  0
 .../OpenIdConnectBearerDefaults.cs            |  0
 .../OpenIdConnectBearerHandler.cs             |  0
 .../OpenIdConnectBearerMiddleware.cs          |  0
 .../OpenIdConnectBearerOptions.cs             |  0
 .../Properties/AssemblyInfo.cs                |  0
 .../Properties/Resources.Designer.cs          |  0
 .../Resources.resx                            |  0
 .../project.json                              |  0
 .../OpenIdConnectBearerMiddlewareTests.cs}    |  0
 19 files changed, 15 insertions(+), 15 deletions(-)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Events/AuthenticationChallengeContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Events/AuthenticationFailedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Events/IOpenIdConnectBearerEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Events/MessageReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Events/OpenIdConnectBearerEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Events/SecurityTokenReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Events/SecurityTokenValidatedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/OpenIdConnectBearerAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/OpenIdConnectBearerDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/OpenIdConnectBearerHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/OpenIdConnectBearerMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/OpenIdConnectBearerOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNet.Authentication.OpenIdConnectBearer}/project.json (100%)
 rename test/Microsoft.AspNet.Authentication.Test/{JwtBearer/JwtBearerMiddlewareTests.cs => OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs} (100%)

diff --git a/Security.sln b/Security.sln
index 61a335c030..0818558307 100644
--- a/Security.sln
+++ b/Security.sln
@@ -40,8 +40,6 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentica
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Test", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Test.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnectBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
-EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Test", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Test.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization", "src\Microsoft.AspNet.Authorization\Microsoft.AspNet.Authorization.xproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
@@ -50,6 +48,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePoli
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePolicy.Test", "test\Microsoft.AspNet.CookiePolicy.Test\Microsoft.AspNet.CookiePolicy.Test.xproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnectBearer", "src\Microsoft.AspNet.Authentication.OpenIdConnectBearer\Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -210,18 +210,6 @@ Global
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.Build.0 = Release|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.Build.0 = Debug|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.Build.0 = Release|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -270,6 +258,18 @@ Global
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.ActiveCfg = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.Build.0 = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.Build.0 = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -288,10 +288,10 @@ Global
 		{0330FFF6-B4B5-42DD-8C99-26A789569000} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{1657C79E-7755-4AEE-9D61-571295B69A30} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
-		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{1790E052-646F-4529-B90E-6FEA95520D69} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationChallengeContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationChallengeContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/IOpenIdConnectBearerEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/IOpenIdConnectBearerEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/OpenIdConnectBearerEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/OpenIdConnectBearerEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenValidatedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerAppBuilderExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerDefaults.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerHandler.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/OpenIdConnectBearerOptions.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/project.json
rename to src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/project.json
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs

From 6c9157ff51c441076aeb1cb7d25cf59eae14439b Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 21 Sep 2015 16:47:33 -0700
Subject: [PATCH 339/900] Fix tests

---
 .../OpenIdConnect/OpenIdConnectHandlerTests.cs                | 4 ++--
 .../OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index c3b15e2160..1cb1cb5890 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens;
-using System.IdentityModel.Tokens.OpenIdConnect;
+using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Net.Http;
 using System.Security.Claims;
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     public class OpenIdConnectHandlerTests
     {
         private const string nonceForOpenIdConnect = "abc";
-        private static SecurityToken specCompliantOpenIdConnect = new OpenIdConnectSecurityToken("issuer", "audience", new List<Claim> { new Claim("iat", EpochTime.GetIntDate(DateTime.UtcNow).ToString()), new Claim("nonce", nonceForOpenIdConnect) }, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1));
+        private static SecurityToken specCompliantOpenIdConnect = new JwtSecurityToken("issuer", "audience", new List<Claim> { new Claim("iat", EpochTime.GetIntDate(DateTime.UtcNow).ToString()), new Claim("nonce", nonceForOpenIdConnect) }, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1));
         private const string ExpectedStateParameter = "expectedState";
 
         /// <summary>
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs
index f51fcaaf31..596a6e61fa 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
                 options.AutomaticAuthentication = true;
 
                 options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
-                options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualOpenIdConnect";
+                options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
                 options.TokenValidationParameters.ValidateLifetime = false;
             });
 

From b18947555191ef7e6a83b7957d781a5fe36fd92e Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 21 Sep 2015 17:12:21 -0700
Subject: [PATCH 340/900] Split cookie events

---
 .../CookieAuthenticationHandler.cs            | 28 ++++++-----
 .../Events/CookieAuthenticationEvents.cs      | 49 ++++++++++++++++++-
 ...ectContext.cs => CookieRedirectContext.cs} |  4 +-
 .../Events/ICookieAuthenticationEvents.cs     | 22 ++++++++-
 .../Events/IOAuthEvents.cs                    |  2 +-
 ...ntext.cs => OAuthCreatingTicketContext.cs} |  0
 .../Events/OAuthEvents.cs                     |  4 +-
 ...=> OAuthRedirectToAuthorizationContext.cs} |  4 +-
 .../Events/OAuthReturnEndpointContext.cs      | 25 ----------
 .../OAuthHandler.cs                           |  4 +-
 10 files changed, 91 insertions(+), 51 deletions(-)
 rename src/Microsoft.AspNet.Authentication.Cookies/Events/{CookieApplyRedirectContext.cs => CookieRedirectContext.cs} (86%)
 rename src/Microsoft.AspNet.Authentication.OAuth/Events/{OAuthAuthenticatedContext.cs => OAuthCreatingTicketContext.cs} (100%)
 rename src/Microsoft.AspNet.Authentication.OAuth/Events/{OAuthRedirectToAuthorizationEndpointContext.cs => OAuthRedirectToAuthorizationContext.cs} (83%)
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 4c83699f5d..5ddbde3891 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -204,7 +204,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     cookieValue,
                     cookieOptions);
 
-                ApplyHeaders();
+                await ApplyHeaders(shouldRedirectToReturnUrl: false);
             }
             catch (Exception exception)
             {
@@ -288,8 +288,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 await Options.Events.SignedIn(signedInContext);
 
-                var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
-                ApplyHeaders(shouldLoginRedirect);
+                // Only redirect on the login path
+                var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
+                await ApplyHeaders(shouldRedirect);
             }
             catch (Exception exception)
             {
@@ -326,8 +327,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     Options.CookieName,
                     context.CookieOptions);
 
-                var shouldLogoutRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
-                ApplyHeaders(shouldLogoutRedirect);
+                // Only redirect on the logout path
+                var shouldRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
+                await ApplyHeaders(shouldRedirect);
             }
             catch (Exception exception)
             {
@@ -341,12 +343,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
         }
 
-        private void ApplyHeaders(bool shouldRedirectToReturnUrl = false)
+        private async Task ApplyHeaders(bool shouldRedirectToReturnUrl)
         {
             Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
             Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
             Response.Headers[HeaderNames.Expires] = HeaderValueMinusOne;
-
             if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
             {
                 var query = Request.Query;
@@ -354,10 +355,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 if (!StringValues.IsNullOrEmpty(redirectUri)
                     && IsHostRelative(redirectUri))
                 {
-                    var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
-                    Options.Events.ApplyRedirect(redirectContext);
+                    var redirectContext = new CookieRedirectContext(Context, Options, redirectUri);
+                    await Options.Events.RedirectToReturnUrl(redirectContext);
                 }
             }
+
         }
 
         private static bool IsHostRelative(string path)
@@ -384,8 +386,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     OriginalPathBase +
                     Options.AccessDeniedPath;
 
-                var redirectContext = new CookieApplyRedirectContext(Context, Options, accessDeniedUri);
-                await Options.Events.ApplyRedirect(redirectContext);
+                var redirectContext = new CookieRedirectContext(Context, Options, accessDeniedUri);
+                await Options.Events.RedirectToAccessDenied(redirectContext);
             }
             catch (Exception exception)
             {
@@ -411,8 +413,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 }
 
                 var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-                var redirectContext = new CookieApplyRedirectContext(Context, Options, BuildRedirectUri(loginUri));
-                await Options.Events.ApplyRedirect(redirectContext);
+                var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri));
+                await Options.Events.RedirectToLogin(redirectContext);
             }
             catch (Exception exception)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 578feb1ca4..21881824ea 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -36,7 +36,34 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called
         /// </summary>
-        public Func<CookieApplyRedirectContext, Task> OnApplyRedirect { get; set; } = context =>
+        public Func<CookieRedirectContext, Task> OnRedirectToReturnUrl { get; set; } = context =>
+        {
+            context.Response.Redirect(context.RedirectUri);
+            return Task.FromResult(0);
+        };
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Func<CookieRedirectContext, Task> OnRedirectToAccessDenied { get; set; } = context =>
+        {
+            context.Response.Redirect(context.RedirectUri);
+            return Task.FromResult(0);
+        };
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Func<CookieRedirectContext, Task> OnRedirectToLogin { get; set; } = context =>
+        {
+            context.Response.Redirect(context.RedirectUri);
+            return Task.FromResult(0);
+        };
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called
+        /// </summary>
+        public Func<CookieRedirectContext, Task> OnRedirectToLogout { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
             return Task.FromResult(0);
@@ -76,7 +103,25 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// Implements the interface method by invoking the related delegate method
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task ApplyRedirect(CookieApplyRedirectContext context) => OnApplyRedirect(context);
+        public virtual Task RedirectToLogout(CookieRedirectContext context) => OnRedirectToLogout(context);
+
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        public virtual Task RedirectToLogin(CookieRedirectContext context) => OnRedirectToLogin(context);
+
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        public virtual Task RedirectToReturnUrl(CookieRedirectContext context) => OnRedirectToReturnUrl(context);
+
+        /// <summary>
+        /// Implements the interface method by invoking the related delegate method
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        public virtual Task RedirectToAccessDenied(CookieRedirectContext context) => OnRedirectToAccessDenied(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieApplyRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
similarity index 86%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieApplyRedirectContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
index aeea8f9633..0687b9d280 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieApplyRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware 
     /// </summary>
-    public class CookieApplyRedirectContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieRedirectContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new context object.
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="options">The cookie middleware options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
         [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "Represents header value")]
-        public CookieApplyRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri)
+        public CookieRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri)
             : base(context, options)
         {
             RedirectUri = redirectUri;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
index 9a74f657d9..6011ea8774 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
@@ -32,10 +32,28 @@ namespace Microsoft.AspNet.Authentication.Cookies
         Task SignedIn(CookieSignedInContext context);
 
         /// <summary>
-        /// Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
+        /// Called when a SignOut causes a redirect in the cookie middleware
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        Task ApplyRedirect(CookieApplyRedirectContext context);
+        Task RedirectToLogout(CookieRedirectContext context);
+
+        /// <summary>
+        /// Called when a SignIn causes a redirect in the cookie middleware
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        Task RedirectToLogin(CookieRedirectContext context);
+
+        /// <summary>
+        /// Called when redirecting back to the return url in the cookie middleware
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        Task RedirectToReturnUrl(CookieRedirectContext context);
+
+        /// <summary>
+        /// Called when an access denied causes a redirect in the cookie middleware
+        /// </summary>
+        /// <param name="context">Contains information about the event</param>
+        Task RedirectToAccessDenied(CookieRedirectContext context);
 
         /// <summary>
         /// Called during the sign-out flow to augment the cookie cleanup process.
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
index 9f161f344c..82f4bc4155 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
@@ -29,6 +29,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Called when a Challenge causes a redirect to the authorize endpoint.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationEndpointContext context);
+        Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthAuthenticatedContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
index 364d6c2edf..357f2dfa9c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
@@ -24,7 +24,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Gets or sets the delegate that is invoked when the RedirectToAuthorizationEndpoint method is invoked.
         /// </summary>
-        public Func<OAuthRedirectToAuthorizationEndpointContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
+        public Func<OAuthRedirectToAuthorizationContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
             return Task.FromResult(0);
@@ -48,6 +48,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
-        public virtual Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationEndpointContext context) => OnRedirectToAuthorizationEndpoint(context);
+        public virtual Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context) => OnRedirectToAuthorizationEndpoint(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationEndpointContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationEndpointContext.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
index 0bfbd26f7b..636cb933fe 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Context passed when a Challenge causes a redirect to authorize endpoint in the middleware.
     /// </summary>
-    public class OAuthRedirectToAuthorizationEndpointContext : BaseContext<OAuthOptions>
+    public class OAuthRedirectToAuthorizationContext : BaseContext<OAuthOptions>
     {
         /// <summary>
         /// Creates a new context object.
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="context">The HTTP request context.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
-        public OAuthRedirectToAuthorizationEndpointContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
+        public OAuthRedirectToAuthorizationContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
             : base(context, options)
         {
             RedirectUri = redirectUri;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs
deleted file mode 100644
index 2c59fdd183..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthReturnEndpointContext.cs
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    /// <summary>
-    /// Provides context information to middleware providers.
-    /// </summary>
-    public class OAuthReturnEndpointContext : SigningInContext
-    {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthReturnEndpointContext"/>.
-        /// </summary>
-        /// <param name="context">The HTTP environment.</param>
-        /// <param name="ticket">The authentication ticket.</param>
-        public OAuthReturnEndpointContext(
-            HttpContext context,
-            AuthenticationTicket ticket)
-            : base(context, ticket)
-        {
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index 8449d75d23..c2c3481597 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -50,7 +50,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 return true;
             }
 
-            var context = new OAuthReturnEndpointContext(Context, ticket)
+            var context = new SigningInContext(Context, ticket)
             {
                 SignInScheme = Options.SignInScheme,
                 RedirectUri = ticket.Properties.RedirectUri,
@@ -212,7 +212,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             var authorizationEndpoint = BuildChallengeUrl(properties, BuildRedirectUri(Options.CallbackPath));
 
-            var redirectContext = new OAuthRedirectToAuthorizationEndpointContext(
+            var redirectContext = new OAuthRedirectToAuthorizationContext(
                 Context, Options,
                 properties, authorizationEndpoint);
             await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);

From 644a4002a9389b2fc9619bc29082879c3c13d306 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 22 Sep 2015 14:09:41 -0700
Subject: [PATCH 341/900] Rename back to jwtBearer

---
 Security.sln                                  |  2 +-
 ...sionStore.cs => MemoryCacheTicketStore.cs} |  4 +-
 samples/CookieSessionSample/Startup.cs        |  6 +-
 .../Events/CookieAuthenticationEvents.cs      | 67 ++++++-------------
 .../Events/CookieSigningInContext.cs          |  8 +--
 .../Events/CookieSigningOutContext.cs         |  2 +-
 ...t.cs => CookieValidatePrincipalContext.cs} |  0
 .../Events/AuthenticationChallengeContext.cs  |  6 +-
 .../Events/AuthenticationFailedContext.cs     |  6 +-
 .../Events/IOpenIdConnectBearerEvents.cs      |  6 +-
 .../Events/MessageReceivedContext.cs          |  6 +-
 .../Events/OpenIdConnectBearerEvents.cs       |  6 +-
 .../Events/SecurityTokenReceivedContext.cs    |  6 +-
 .../Events/SecurityTokenValidatedContext.cs   |  6 +-
 .../JwtBearerAppBuilderExtensions.cs}         | 14 ++--
 .../JwtBearerDefaults.cs}                     |  9 ++-
 .../JwtBearerHandler.cs}                      |  4 +-
 .../JwtBearerMiddleware.cs}                   | 18 ++---
 .../JwtBearerOptions.cs}                      | 14 ++--
 ...oft.AspNet.Authentication.JwtBearer.xproj} |  0
 .../Properties/AssemblyInfo.cs                |  0
 .../Properties/Resources.Designer.cs          |  4 +-
 .../Resources.resx                            |  0
 .../project.json                              |  0
 .../JwtBearerMiddlewareTests.cs}              | 28 ++++----
 .../project.json                              |  2 +-
 26 files changed, 98 insertions(+), 126 deletions(-)
 rename samples/CookieSessionSample/{MemoryCacheSessionStore.cs => MemoryCacheTicketStore.cs} (94%)
 rename src/Microsoft.AspNet.Authentication.Cookies/Events/{CookieValidateIdentityContext.cs => CookieValidatePrincipalContext.cs} (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Events/AuthenticationChallengeContext.cs (74%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Events/AuthenticationFailedContext.cs (78%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Events/IOpenIdConnectBearerEvents.cs (83%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Events/MessageReceivedContext.cs (65%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Events/OpenIdConnectBearerEvents.cs (89%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Events/SecurityTokenReceivedContext.cs (77%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Events/SecurityTokenValidatedContext.cs (75%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerAppBuilderExtensions.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs} (78%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerDefaults.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs} (57%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerHandler.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs} (97%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerMiddleware.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs} (83%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerOptions.cs => Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs} (89%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj => Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Properties/Resources.Designer.cs (93%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnectBearer => Microsoft.AspNet.Authentication.JwtBearer}/project.json (100%)
 rename test/Microsoft.AspNet.Authentication.Test/{OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs => JwtBearer/JwtBearerMiddlewareTests.cs} (94%)

diff --git a/Security.sln b/Security.sln
index 0818558307..289a79139a 100644
--- a/Security.sln
+++ b/Security.sln
@@ -48,7 +48,7 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePoli
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePolicy.Test", "test\Microsoft.AspNet.CookiePolicy.Test\Microsoft.AspNet.CookiePolicy.Test.xproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnectBearer", "src\Microsoft.AspNet.Authentication.OpenIdConnectBearer\Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.OpenIdConnectBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
diff --git a/samples/CookieSessionSample/MemoryCacheSessionStore.cs b/samples/CookieSessionSample/MemoryCacheTicketStore.cs
similarity index 94%
rename from samples/CookieSessionSample/MemoryCacheSessionStore.cs
rename to samples/CookieSessionSample/MemoryCacheTicketStore.cs
index d0e78d1367..e308825edc 100644
--- a/samples/CookieSessionSample/MemoryCacheSessionStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheTicketStore.cs
@@ -6,12 +6,12 @@ using Microsoft.Framework.Caching.Memory;
 
 namespace CookieSessionSample
 {
-    public class MemoryCacheSessionStore : ITicketStore
+    public class MemoryCacheTicketStore : ITicketStore
     {
         private const string KeyPrefix = "AuthSessionStore-";
         private IMemoryCache _cache;
 
-        public MemoryCacheSessionStore()
+        public MemoryCacheTicketStore()
         {
             _cache = new MemoryCache(new MemoryCacheOptions());
         }
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 1bfc635cc9..8e0cbcad45 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -20,11 +20,11 @@ namespace CookieSessionSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication(options =>
+            app.UseCookieAuthentication((System.Action<CookieAuthenticationOptions>)(options =>
             {
                 options.AutomaticAuthentication = true;
-                options.SessionStore = new MemoryCacheSessionStore();
-            });
+                options.SessionStore = new CookieSessionSample.MemoryCacheTicketStore();
+            }));
 
             app.Run(async context =>
             {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 21881824ea..b8b88060b5 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -14,117 +14,90 @@ namespace Microsoft.AspNet.Authentication.Cookies
     public class CookieAuthenticationEvents : ICookieAuthenticationEvents
     {
         /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
+        /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
         public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
+        /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
         public Func<CookieSigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
+        /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
         public Func<CookieSignedInContext, Task> OnSignedIn { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
+        /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
         public Func<CookieSigningOutContext, Task> OnSigningOut { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
+        /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToReturnUrl { get; set; } = context =>
+        public Func<CookieRedirectContext, Task> OnRedirect { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
             return Task.FromResult(0);
         };
 
         /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
-        /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToAccessDenied { get; set; } = context =>
-        {
-            context.Response.Redirect(context.RedirectUri);
-            return Task.FromResult(0);
-        };
-
-        /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
-        /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToLogin { get; set; } = context =>
-        {
-            context.Response.Redirect(context.RedirectUri);
-            return Task.FromResult(0);
-        };
-
-        /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
-        /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToLogout { get; set; } = context =>
-        {
-            context.Response.Redirect(context.RedirectUri);
-            return Task.FromResult(0);
-        };
-
-        /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called
+        /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
         public Func<CookieExceptionContext, Task> OnException { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context"></param>
         /// <returns></returns>
         public virtual Task ValidatePrincipal(CookieValidatePrincipalContext context) => OnValidatePrincipal(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context"></param>
         public virtual Task SigningIn(CookieSigningInContext context) => OnSigningIn(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context"></param>
         public virtual Task SignedIn(CookieSignedInContext context) => OnSignedIn(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context"></param>
         public virtual Task SigningOut(CookieSigningOutContext context) => OnSigningOut(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToLogout(CookieRedirectContext context) => OnRedirectToLogout(context);
+        public virtual Task RedirectToLogout(CookieRedirectContext context) => OnRedirect(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToLogin(CookieRedirectContext context) => OnRedirectToLogin(context);
+        public virtual Task RedirectToLogin(CookieRedirectContext context) => OnRedirect(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToReturnUrl(CookieRedirectContext context) => OnRedirectToReturnUrl(context);
+        public virtual Task RedirectToReturnUrl(CookieRedirectContext context) => OnRedirect(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToAccessDenied(CookieRedirectContext context) => OnRedirectToAccessDenied(context);
+        public virtual Task RedirectToAccessDenied(CookieRedirectContext context) => OnRedirect(context);
 
         /// <summary>
-        /// Implements the interface method by invoking the related delegate method
+        /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
         public virtual Task Exception(CookieExceptionContext context) => OnException(context);
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
index 4ff477b8f3..9bac7dc534 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNet.Http.Authentication;
 namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationEvents method ResponseSignIn.
+    /// Context object passed to the ICookieAuthenticationEvents method SigningIn.
     /// </summary>    
     public class CookieSigningInContext : BaseContext<CookieAuthenticationOptions>
     {
@@ -43,19 +43,19 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         /// <summary>
         /// Contains the claims about to be converted into the outgoing cookie.
-        /// May be replaced or altered during the ResponseSignIn call.
+        /// May be replaced or altered during the SigningIn call.
         /// </summary>
         public ClaimsPrincipal Principal { get; set; }
 
         /// <summary>
         /// Contains the extra data about to be contained in the outgoing cookie.
-        /// May be replaced or altered during the ResponseSignIn call.
+        /// May be replaced or altered during the SigningIn call.
         /// </summary>
         public AuthenticationProperties Properties { get; set; }
 
         /// <summary>
         /// The options for creating the outgoing cookie.
-        /// May be replace or altered during the ResponseSignIn call.
+        /// May be replace or altered during the SigningIn call.
         /// </summary>
         public CookieOptions CookieOptions { get; set; }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
index d9e960ada9..a529060ada 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -24,7 +24,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         /// <summary>
         /// The options for creating the outgoing cookie.
-        /// May be replace or altered during the ResponseSignOut call.
+        /// May be replace or altered during the SigningOut call.
         /// </summary>
         public CookieOptions CookieOptions
         {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidateIdentityContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidateIdentityContext.cs
rename to src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
similarity index 74%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationChallengeContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
index e7b0df4ef8..44f44d5b3e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationChallengeContext : BaseControlContext<OpenIdConnectBearerOptions>
+    public class AuthenticationChallengeContext : BaseControlContext<JwtBearerOptions>
     {
-        public AuthenticationChallengeContext(HttpContext context, OpenIdConnectBearerOptions options)
+        public AuthenticationChallengeContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
similarity index 78%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationFailedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index e894ed2a14..2ac80c4f73 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -4,11 +4,11 @@
 using System;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationFailedContext : BaseControlContext<OpenIdConnectBearerOptions>
+    public class AuthenticationFailedContext : BaseControlContext<JwtBearerOptions>
     {
-        public AuthenticationFailedContext(HttpContext context, OpenIdConnectBearerOptions options)
+        public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/IOpenIdConnectBearerEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/IOpenIdConnectBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
index 973b5c9178..d4d280484d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/IOpenIdConnectBearerEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
@@ -4,14 +4,14 @@
 using System.Threading.Tasks;
 
 /// <summary>
-/// Specifies events which the <see cref="OpenIdConnectBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
     /// OpenIdConnect bearer token middleware events.
     /// </summary>
-    public interface IOpenIdConnectBearerEvents
+    public interface IJwtBearerEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
similarity index 65%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/MessageReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index 5b28b109ae..cd940ef679 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class MessageReceivedContext : BaseControlContext<OpenIdConnectBearerOptions>
+    public class MessageReceivedContext : BaseControlContext<JwtBearerOptions>
     {
-        public MessageReceivedContext(HttpContext context, OpenIdConnectBearerOptions options)
+        public MessageReceivedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/OpenIdConnectBearerEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/OpenIdConnectBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
index e53dbd8bc1..e4aa6ed8e0 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/OpenIdConnectBearerEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
@@ -6,14 +6,14 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 
 /// <summary>
-/// Specifies events which the <see cref="OpenIdConnectBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
+/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
     /// OpenIdConnect bearer token middleware events.
     /// </summary>
-    public class OpenIdConnectBearerEvents : IOpenIdConnectBearerEvents
+    public class JwtBearerEvents : IJwtBearerEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
similarity index 77%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
index 81ec1522c6..5aedda1d84 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenReceivedContext : BaseControlContext<OpenIdConnectBearerOptions>
+    public class SecurityTokenReceivedContext : BaseControlContext<JwtBearerOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, OpenIdConnectBearerOptions options)
+        public SecurityTokenReceivedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
similarity index 75%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenValidatedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
index 78f3a81f4e..488e8e6b02 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Events/SecurityTokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
@@ -3,11 +3,11 @@
 
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenValidatedContext : BaseControlContext<OpenIdConnectBearerOptions>
+    public class SecurityTokenValidatedContext : BaseControlContext<JwtBearerOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, OpenIdConnectBearerOptions options)
+        public SecurityTokenValidatedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
similarity index 78%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerAppBuilderExtensions.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 148d3d892c..be2d51b1b9 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.OpenIdConnectBearer;
+using Microsoft.AspNet.Authentication.JwtBearer;
 using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Builder
     /// <summary>
     /// Extension methods to add OpenIdConnect Bearer authentication capabilities to an HTTP application pipeline
     /// </summary>
-    public static class OpenIdConnectBearerAppBuilderExtensions
+    public static class JwtBearerAppBuilderExtensions
     {
         /// <summary>
         /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
@@ -24,9 +24,9 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the bearer header.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectBearerAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OpenIdConnectBearerOptions options)
+        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, [NotNull] JwtBearerOptions options)
         {
-            return app.UseMiddleware<OpenIdConnectBearerMiddleware>(options);
+            return app.UseMiddleware<JwtBearerMiddleware>(options);
         }
 
         /// <summary>
@@ -40,14 +40,14 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="configureOptions">Used to configure Middleware options.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectBearerAuthentication([NotNull] this IApplicationBuilder app, Action<OpenIdConnectBearerOptions> configureOptions)
+        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
         {
-            var options = new OpenIdConnectBearerOptions();
+            var options = new JwtBearerOptions();
             if (configureOptions != null)
             {
                 configureOptions(options);
             }
-            return app.UseOpenIdConnectBearerAuthentication(options);
+            return app.UseJwtBearerAuthentication(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerDefaults.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
similarity index 57%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerDefaults.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
index b271709f98..5b73bf1569 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
@@ -1,16 +1,15 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
-    /// Default values used by authorization server and bearer authentication.
+    /// Default values used by bearer authentication.
     /// </summary>
-    public static class OpenIdConnectBearerDefaults
+    public static class JwtBearerDefaults
     {
         /// <summary>
-        /// Default value for AuthenticationScheme property in the OpenIdConnectBearerAuthenticationOptions and
-        /// OpenIdConnectAuthorizationServerOptions.
+        /// Default value for AuthenticationScheme property in the JwtBearerAuthenticationOptions
         /// </summary>
         public const string AuthenticationScheme = "Bearer";
     }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
similarity index 97%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerHandler.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 9a84dcfb36..2577f897eb 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -10,9 +10,9 @@ using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    internal class OpenIdConnectBearerHandler : AuthenticationHandler<OpenIdConnectBearerOptions>
+    internal class JwtBearerHandler : AuthenticationHandler<JwtBearerOptions>
     {
         private OpenIdConnectConfiguration _configuration;
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
similarity index 83%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerMiddleware.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index fee6e11430..ce919a9206 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -10,30 +10,30 @@ using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
     /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
-    /// created by application code directly, instead it is added by calling the the IAppBuilder UseOpenIdConnectBearerAuthentication
+    /// created by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication
     /// extension method.
     /// </summary>
-    public class OpenIdConnectBearerMiddleware : AuthenticationMiddleware<OpenIdConnectBearerOptions>
+    public class JwtBearerMiddleware : AuthenticationMiddleware<JwtBearerOptions>
     {
         /// <summary>
         /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
-        /// called by application code directly, instead it is added by calling the the IAppBuilder UseOpenIdConnectBearerAuthentication 
+        /// called by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication 
         /// extension method.
         /// </summary>
-        public OpenIdConnectBearerMiddleware(
+        public JwtBearerMiddleware(
             [NotNull] RequestDelegate next,
             [NotNull] ILoggerFactory loggerFactory,
             [NotNull] IUrlEncoder encoder,
-            [NotNull] OpenIdConnectBearerOptions options)
+            [NotNull] JwtBearerOptions options)
             : base(next, options, loggerFactory, encoder)
         {
             if (Options.Events == null)
             {
-                Options.Events = new OpenIdConnectBearerEvents();
+                Options.Events = new JwtBearerEvents();
             }
 
             if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
@@ -73,9 +73,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
         /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
         /// </summary>
         /// <returns>A new instance of the request handler</returns>
-        protected override AuthenticationHandler<OpenIdConnectBearerOptions> CreateHandler()
+        protected override AuthenticationHandler<JwtBearerOptions> CreateHandler()
         {
-            return new OpenIdConnectBearerHandler();
+            return new JwtBearerHandler();
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
similarity index 89%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerOptions.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
index f47a436ee0..5aca4a1392 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/OpenIdConnectBearerOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -9,19 +9,19 @@ using System.Net.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
     /// </summary>
-    public class OpenIdConnectBearerOptions : AuthenticationOptions
+    public class JwtBearerOptions : AuthenticationOptions
     {
         /// <summary>
         /// Creates an instance of bearer authentication options with default values.
         /// </summary>
-        public OpenIdConnectBearerOptions() : base()
+        public JwtBearerOptions() : base()
         {
-            AuthenticationScheme = OpenIdConnectBearerDefaults.AuthenticationScheme;
+            AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
         }
 
         /// <summary>
@@ -45,14 +45,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
         /// <summary>
         /// Gets or sets the challenge to put in the "WWW-Authenticate" header.
         /// </summary>
-        public string Challenge { get; set; } = OpenIdConnectBearerDefaults.AuthenticationScheme;
+        public string Challenge { get; set; } = JwtBearerDefaults.AuthenticationScheme;
 
         /// <summary>
         /// The object provided by the application to process events raised by the bearer authentication middleware.
-        /// The application may implement the interface fully, or it may create an instance of OpenIdConnectBearerAuthenticationEvents
+        /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public IOpenIdConnectBearerEvents Events { get; set; } = new OpenIdConnectBearerEvents();
+        public IJwtBearerEvents Events { get; set; } = new JwtBearerEvents();
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj b/src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Microsoft.AspNet.Authentication.OpenIdConnectBearer.xproj
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
similarity index 93%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
index bafcd6d0d6..79bbbe4497 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.OpenIdConnectBearer.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNet.Authentication.JwtBearer.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The '{0}' option must be provided.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Resources.resx b/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/Resources.resx
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnectBearer/project.json
rename to src/Microsoft.AspNet.Authentication.JwtBearer/project.json
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
similarity index 94%
rename from test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs
rename to test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 596a6e61fa..24bc6ccec4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnectBearer/OpenIdConnectBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -15,9 +15,9 @@ using Microsoft.AspNet.TestHost;
 using Microsoft.Framework.DependencyInjection;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
+namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class OpenIdConnectBearerMiddlewareTests
+    public class JwtBearerMiddlewareTests
     {
         [Fact]
         public async Task BearerTokenValidation()
@@ -66,7 +66,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new OpenIdConnectBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -116,7 +116,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new OpenIdConnectBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -150,7 +150,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new OpenIdConnectBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenValidated = context =>
                     {
@@ -187,7 +187,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
             {
                 options.AutomaticAuthentication = true;
 
-                options.Events = new OpenIdConnectBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -224,7 +224,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events = new OpenIdConnectBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -255,7 +255,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
         {
             var server = CreateServer(options =>
             {
-                options.Events = new OpenIdConnectBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnSecurityTokenReceived = context =>
                     {
@@ -323,13 +323,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
             }
         }
 
-        private static TestServer CreateServer(Action<OpenIdConnectBearerOptions> configureOptions, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(Action<JwtBearerOptions> configureOptions, Func<HttpContext, bool> handler = null)
         {
             return TestServer.Create(app =>
             {
                 if (configureOptions != null)
                 {
-                    app.UseOpenIdConnectBearerAuthentication(configureOptions);
+                    app.UseJwtBearerAuthentication(configureOptions);
                 }
 
                 app.Use(async (context, next) =>
@@ -359,17 +359,17 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnectBearer
                     else if (context.Request.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
-                        var result = await context.Authentication.AuthenticateAsync(OpenIdConnectBearerDefaults.AuthenticationScheme);
-                        await context.Authentication.ChallengeAsync(OpenIdConnectBearerDefaults.AuthenticationScheme);
+                        var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+                        await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
                     }
 
                     else if (context.Request.Path == new PathString("/signIn"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(OpenIdConnectBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
                     }
                     else if (context.Request.Path == new PathString("/signOut"))
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(OpenIdConnectBearerDefaults.AuthenticationScheme));
+                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
                     }
                     else
                     {
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index c56539e8e1..10f0e221a2 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -6,7 +6,7 @@
     "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
     "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.OpenIdConnectBearer": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
     "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
     "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",

From a55a3724765b19f04d2f258a69aa16c6b3d47800 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 22 Sep 2015 16:21:40 -0700
Subject: [PATCH 342/900] Add period

---
 .../Events/ICookieAuthenticationEvents.cs                 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
index 6011ea8774..9458b4f243 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
@@ -32,25 +32,25 @@ namespace Microsoft.AspNet.Authentication.Cookies
         Task SignedIn(CookieSignedInContext context);
 
         /// <summary>
-        /// Called when a SignOut causes a redirect in the cookie middleware
+        /// Called when a SignOut causes a redirect in the cookie middleware.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
         Task RedirectToLogout(CookieRedirectContext context);
 
         /// <summary>
-        /// Called when a SignIn causes a redirect in the cookie middleware
+        /// Called when a SignIn causes a redirect in the cookie middleware.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
         Task RedirectToLogin(CookieRedirectContext context);
 
         /// <summary>
-        /// Called when redirecting back to the return url in the cookie middleware
+        /// Called when redirecting back to the return url in the cookie middleware.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
         Task RedirectToReturnUrl(CookieRedirectContext context);
 
         /// <summary>
-        /// Called when an access denied causes a redirect in the cookie middleware
+        /// Called when an access denied causes a redirect in the cookie middleware.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
         Task RedirectToAccessDenied(CookieRedirectContext context);

From 78d1d0099f3da588c87c915be0ad5bbf750c4f06 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 22 Sep 2015 16:36:48 -0700
Subject: [PATCH 343/900] Cleanup

---
 Security.sln                           | 2 +-
 samples/CookieSessionSample/Startup.cs | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Security.sln b/Security.sln
index 289a79139a..486611009f 100644
--- a/Security.sln
+++ b/Security.sln
@@ -48,7 +48,7 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePoli
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePolicy.Test", "test\Microsoft.AspNet.CookiePolicy.Test\Microsoft.AspNet.CookiePolicy.Test.xproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.OpenIdConnectBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 8e0cbcad45..bea9ae79d8 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -20,10 +20,10 @@ namespace CookieSessionSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication((System.Action<CookieAuthenticationOptions>)(options =>
+            app.UseCookieAuthentication(options =>
             {
                 options.AutomaticAuthentication = true;
-                options.SessionStore = new CookieSessionSample.MemoryCacheTicketStore();
+                options.SessionStore = new MemoryCacheTicketStore();
             }));
 
             app.Run(async context =>

From 1ef66c9c11bf6884d3663c5e9b46d42952957c00 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 22 Sep 2015 16:48:50 -0700
Subject: [PATCH 344/900] Fix stuff

---
 samples/CookieSessionSample/Startup.cs                        | 2 +-
 .../Events/OAuthEvents.cs                                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index bea9ae79d8..941911ad73 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -24,7 +24,7 @@ namespace CookieSessionSample
             {
                 options.AutomaticAuthentication = true;
                 options.SessionStore = new MemoryCacheTicketStore();
-            }));
+            });
 
             app.Run(async context =>
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
index 357f2dfa9c..424c982805 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
@@ -12,12 +12,12 @@ namespace Microsoft.AspNet.Authentication.OAuth
     public class OAuthEvents : IOAuthEvents
     {
         /// <summary>
-        /// Gets or sets the function that is invoked when the Authenticated method is invoked.
+        /// Gets or sets the function that is invoked when the CreatingTicket method is invoked.
         /// </summary>
         public Func<OAuthCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
+        /// Gets or sets the function that is invoked when the SigningIn method is invoked.
         /// </summary>
         public Func<SigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
 

From 742b96d18c7901d938e83717258c39d687c46c06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Fri, 18 Sep 2015 01:28:23 +0200
Subject: [PATCH 345/900] Port SaveTokensAsClaims to the OpenID Connect
 middleware and automatically flow id_token_hint on logout requests

---
 .../OpenIdConnectHandler.cs                   | 74 +++++++++++++++++++
 .../OpenIdConnectOptions.cs                   |  8 ++
 2 files changed, 82 insertions(+)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index ad4d927208..ea5f844bac 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -89,6 +89,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
                 }
 
+                if (!string.IsNullOrEmpty(Options.SignInScheme))
+                {
+                    var principal = await Context.Authentication.AuthenticateAsync(Options.SignInScheme);
+
+                    message.IdTokenHint = principal?.FindFirst(OpenIdConnectParameterNames.IdToken)?.Value;
+                }
+
                 var redirectContext = new RedirectContext(Context, Options)
                 {
                     ProtocolMessage = message
@@ -504,6 +511,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             ticket = authenticationValidatedContext.AuthenticationTicket;
 
+            if (Options.SaveTokensAsClaims)
+            {
+                // Persist the tokens extracted from the token response.
+                SaveTokens(ticket.Principal, tokenEndpointResponse.ProtocolMessage, saveRefreshToken: true);
+            }
+
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
                 Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint);
@@ -548,7 +561,27 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     return null;
                 }
+                message = authorizationCodeReceivedContext.ProtocolMessage;
                 ticket = authorizationCodeReceivedContext.AuthenticationTicket;
+
+                if (Options.SaveTokensAsClaims)
+                {
+                    // TODO: call SaveTokens with the token response and set
+                    // saveRefreshToken to true when the hybrid flow is fully implemented.
+                    SaveTokens(ticket.Principal, message, saveRefreshToken: false);
+                }
+            }
+            // Implicit Flow
+            else
+            {
+                if (Options.SaveTokensAsClaims)
+                {
+                    // Note: don't save the refresh token when it is extracted from the authorization
+                    // response, since it's not a valid parameter when using the implicit flow.
+                    // See http://openid.net/specs/openid-connect-core-1_0.html#Authentication
+                    // and https://tools.ietf.org/html/rfc6749#section-4.2.2.
+                    SaveTokens(ticket.Principal, message, saveRefreshToken: false);
+                }
             }
 
             return ticket;
@@ -661,6 +694,47 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return new AuthenticationTicket(new ClaimsPrincipal(identity), ticket.Properties, ticket.AuthenticationScheme);
         }
 
+        /// <summary>
+        /// Save the tokens contained in the <see cref="OpenIdConnectMessage"/> in the <see cref="ClaimsPrincipal"/>.
+        /// </summary>
+        /// <param name="principal">The principal in which tokens are saved.</param>
+        /// <param name="message">The OpenID Connect response.</param>
+        /// <param name="saveRefreshToken">A <see cref="bool"/> indicating whether the refresh token should be stored.</param>
+        private void SaveTokens(ClaimsPrincipal principal, OpenIdConnectMessage message, bool saveRefreshToken)
+        {
+            var identity = (ClaimsIdentity) principal.Identity;
+
+            if (!string.IsNullOrEmpty(message.AccessToken))
+            {
+                identity.AddClaim(new Claim(OpenIdConnectParameterNames.AccessToken, message.AccessToken,
+                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            if (!string.IsNullOrEmpty(message.IdToken))
+            {
+                identity.AddClaim(new Claim(OpenIdConnectParameterNames.IdToken, message.IdToken,
+                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            if (saveRefreshToken && !string.IsNullOrEmpty(message.RefreshToken))
+            {
+                identity.AddClaim(new Claim(OpenIdConnectParameterNames.RefreshToken, message.RefreshToken,
+                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            if (!string.IsNullOrEmpty(message.TokenType))
+            {
+                identity.AddClaim(new Claim(OpenIdConnectParameterNames.TokenType, message.TokenType,
+                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            if (!string.IsNullOrEmpty(message.ExpiresIn))
+            {
+                identity.AddClaim(new Claim(OpenIdConnectParameterNames.ExpiresIn, message.ExpiresIn,
+                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+        }
+
         /// <summary>
         /// Adds the nonce to <see cref="HttpResponse.Cookies"/>.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 03be470999..4aa83c6809 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -7,6 +7,7 @@ using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
+using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.WebEncoders;
@@ -226,6 +227,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public bool UseTokenLifetime { get; set; } = true;
 
+        /// <summary>
+        /// Defines whether access and refresh tokens should be stored in the
+        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
+        /// You can set this property to <c>false</c> to reduce the size of the final authentication cookie.
+        /// </summary>
+        public bool SaveTokensAsClaims { get; set; } = true;
+
         /// <summary>
         /// Gets or sets the <see cref="IHtmlEncoder"/> used to sanitize HTML outputs.
         /// </summary>

From e091bceaa8ed468f8a50754c8ea84d52ce59ec50 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 23 Sep 2015 14:45:26 -0700
Subject: [PATCH 346/900] Caption => DisplayName

---
 samples/SocialSample/Startup.cs                      | 12 ++++++------
 .../FacebookOptions.cs                               |  2 +-
 .../GoogleOptions.cs                                 |  2 +-
 .../MicrosoftAccountOptions.cs                       |  2 +-
 .../OAuthOptions.cs                                  |  6 +++---
 .../OpenIdConnectOptions.cs                          |  8 ++++----
 .../TwitterOptions.cs                                |  8 ++++----
 7 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 7e43f83f24..3ebe511560 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -43,7 +43,7 @@ namespace CookieSample
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "Google-AccessToken",
-                Caption = "Google-AccessToken",
+                DisplayName = "Google-AccessToken",
                 ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
                 ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
                 CallbackPath = new PathString("/signin-google-token"),
@@ -86,7 +86,7 @@ namespace CookieSample
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "Microsoft-AccessToken",
-                Caption = "MicrosoftAccount-AccessToken - Requires project changes",
+                DisplayName = "MicrosoftAccount-AccessToken - Requires project changes",
                 ClientId = "00000000480FF62E",
                 ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
                 CallbackPath = new PathString("/signin-microsoft-token"),
@@ -97,7 +97,7 @@ namespace CookieSample
 
             app.UseMicrosoftAccountAuthentication(options =>
             {
-                options.Caption = "MicrosoftAccount - Requires project changes";
+                options.DisplayName = "MicrosoftAccount - Requires project changes";
                 options.ClientId = "00000000480FF62E";
                 options.ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr";
                 options.Scope.Add("wl.emails");
@@ -107,7 +107,7 @@ namespace CookieSample
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "GitHub-AccessToken",
-                Caption = "Github-AccessToken",
+                DisplayName = "Github-AccessToken",
                 ClientId = "8c0c5a572abe8fe89588",
                 ClientSecret = "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda",
                 CallbackPath = new PathString("/signin-github-token"),
@@ -118,7 +118,7 @@ namespace CookieSample
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "GitHub",
-                Caption = "Github",
+                DisplayName = "Github",
                 ClientId = "49e302895d8b09ea5656",
                 ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b",
                 CallbackPath = new PathString("/signin-github"),
@@ -196,7 +196,7 @@ namespace CookieSample
                     await context.Response.WriteAsync("Choose an authentication scheme: <br>");
                     foreach (var type in context.Authentication.GetAuthenticationSchemes())
                     {
-                        await context.Response.WriteAsync("<a href=\"?authscheme=" + type.AuthenticationScheme + "\">" + (type.Caption ?? "(suppressed)") + "</a><br>");
+                        await context.Response.WriteAsync("<a href=\"?authscheme=" + type.AuthenticationScheme + "\">" + (type.DisplayName ?? "(suppressed)") + "</a><br>");
                     }
                     await context.Response.WriteAsync("</body></html>");
                 });
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
index 12bde4675e..aa829cb377 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
         public FacebookOptions()
         {
             AuthenticationScheme = FacebookDefaults.AuthenticationScheme;
-            Caption = AuthenticationScheme;
+            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-facebook");
             SendAppSecretProof = true;
             AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
index 48f0c736b3..ca736f34e5 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Authentication.Google
         public GoogleOptions()
         {
             AuthenticationScheme = GoogleDefaults.AuthenticationScheme;
-            Caption = AuthenticationScheme;
+            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-google");
             AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index d817cd3ee8..8c89ef20d5 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         public MicrosoftAccountOptions()
         {
             AuthenticationScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-            Caption = AuthenticationScheme;
+            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-microsoft");
             AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
index c87026dc7d..db29438cc0 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
@@ -44,10 +44,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Get or sets the text that the user can display on a sign in user interface.
         /// </summary>
-        public string Caption
+        public string DisplayName
         {
-            get { return Description.Caption; }
-            set { Description.Caption = value; }
+            get { return Description.DisplayName; }
+            set { Description.DisplayName = value; }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 4aa83c6809..85e1273d97 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -49,7 +49,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         public OpenIdConnectOptions(string authenticationScheme)
         {
             AuthenticationScheme = authenticationScheme;
-            Caption = OpenIdConnectDefaults.Caption;
+            DisplayName = OpenIdConnectDefaults.Caption;
         }
 
         /// <summary>
@@ -81,10 +81,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Get or sets the text that the user can display on a sign in user interface.
         /// </summary>
-        public string Caption
+        public string DisplayName
         {
-            get { return Description.Caption; }
-            set { Description.Caption = value; }
+            get { return Description.DisplayName; }
+            set { Description.DisplayName = value; }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
index ebc26fe2a9..f057de36a8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         public TwitterOptions()
         {
             AuthenticationScheme = TwitterDefaults.AuthenticationScheme;
-            Caption = AuthenticationScheme;
+            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-twitter");
             BackchannelTimeout = TimeSpan.FromSeconds(60);
         }
@@ -53,10 +53,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <summary>
         /// Get or sets the text that the user can display on a sign in user interface.
         /// </summary>
-        public string Caption
+        public string DisplayName
         {
-            get { return Description.Caption; }
-            set { Description.Caption = value; }
+            get { return Description.DisplayName; }
+            set { Description.DisplayName = value; }
         }
 
         /// <summary>

From f51e7263b70600e91814cc32791828925f190566 Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Wed, 23 Sep 2015 14:39:29 -0700
Subject: [PATCH 347/900] Enabling NuGetPackageVerifier

---
 NuGetPackageVerifier.json | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 NuGetPackageVerifier.json

diff --git a/NuGetPackageVerifier.json b/NuGetPackageVerifier.json
new file mode 100644
index 0000000000..c3d5401e6b
--- /dev/null
+++ b/NuGetPackageVerifier.json
@@ -0,0 +1,35 @@
+{
+    "adx": { // Packages written by the ADX team and that ship on NuGet.org
+        "rules": [
+            "AssemblyHasDocumentFileRule",
+            "AssemblyHasVersionAttributesRule",
+            "AssemblyHasServicingAttributeRule",
+            "AssemblyHasNeutralResourcesLanguageAttributeRule",
+            "SatellitePackageRule",
+            "StrictSemanticVersionValidationRule"
+        ],
+        "packages": {
+            "Microsoft.AspNet.Authentication": { },
+            "Microsoft.AspNet.Authentication.Cookies": { },
+            "Microsoft.AspNet.Authentication.Facebook": { },
+            "Microsoft.AspNet.Authentication.Google": { },
+            "Microsoft.AspNet.Authentication.JwtBearer": { },
+            "Microsoft.AspNet.Authentication.MicrosoftAccount": { },
+            "Microsoft.AspNet.Authentication.OAuth": { },
+            "Microsoft.AspNet.Authentication.OpenIdConnect": { },
+            "Microsoft.AspNet.Authentication.Twitter": { },
+            "Microsoft.AspNet.Authorization": { },
+            "Microsoft.AspNet.CookiePolicy": { }
+        }
+    },
+    "Default": { // Rules to run for packages not listed in any other set.
+        "rules": [
+            "AssemblyHasDocumentFileRule",
+            "AssemblyHasVersionAttributesRule",
+            "AssemblyHasServicingAttributeRule",
+            "AssemblyHasNeutralResourcesLanguageAttributeRule",
+            "SatellitePackageRule",
+            "StrictSemanticVersionValidationRule"
+        ]
+    }
+}
\ No newline at end of file

From 8c1cb911f28dfc15c3552867218422f4cc669e24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Fri, 18 Sep 2015 10:35:02 +0200
Subject: [PATCH 348/900] Refactor TicketSerializer/PropertiesSerializer and
 add ClaimsIdentity.Actor/Claim.Properties support

---
 .../Messages/RequestTokenSerializer.cs        |   4 +-
 .../DataHandler/PropertiesSerializer.cs       |  23 +-
 .../DataHandler/TicketSerializer.cs           | 225 ++++++++++++------
 .../DataHandler/TicketSerializerTests.cs      |  83 ++++++-
 4 files changed, 242 insertions(+), 93 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index b16a430cc4..30ab884c80 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             writer.Write(token.Token);
             writer.Write(token.TokenSecret);
             writer.Write(token.CallbackConfirmed);
-            PropertiesSerializer.Write(writer, token.Properties);
+            PropertiesSerializer.Default.Write(writer, token.Properties);
         }
 
         /// <summary>
@@ -80,7 +80,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             string token = reader.ReadString();
             string tokenSecret = reader.ReadString();
             bool callbackConfirmed = reader.ReadBoolean();
-            AuthenticationProperties properties = PropertiesSerializer.Read(reader);
+            AuthenticationProperties properties = PropertiesSerializer.Default.Read(reader);
             if (properties == null)
             {
                 return null;
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
index d3957b7221..462a5e3163 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
@@ -13,8 +13,10 @@ namespace Microsoft.AspNet.Authentication
     {
         private const int FormatVersion = 1;
 
+        public static PropertiesSerializer Default { get; } = new PropertiesSerializer();
+
         [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
-        public byte[] Serialize(AuthenticationProperties model)
+        public virtual byte[] Serialize(AuthenticationProperties model)
         {
             using (var memory = new MemoryStream())
             {
@@ -28,7 +30,7 @@ namespace Microsoft.AspNet.Authentication
         }
 
         [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
-        public AuthenticationProperties Deserialize(byte[] data)
+        public virtual AuthenticationProperties Deserialize(byte[] data)
         {
             using (var memory = new MemoryStream(data))
             {
@@ -39,26 +41,29 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public static void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationProperties properties)
+        public virtual void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationProperties properties)
         {
             writer.Write(FormatVersion);
             writer.Write(properties.Items.Count);
-            foreach (var kv in properties.Items)
+
+            foreach (var item in properties.Items)
             {
-                writer.Write(kv.Key);
-                writer.Write(kv.Value);
+                writer.Write(item.Key ?? string.Empty);
+                writer.Write(item.Value ?? string.Empty);
             }
         }
 
-        public static AuthenticationProperties Read([NotNull] BinaryReader reader)
+        public virtual AuthenticationProperties Read([NotNull] BinaryReader reader)
         {
             if (reader.ReadInt32() != FormatVersion)
             {
                 return null;
             }
-            int count = reader.ReadInt32();
+
+            var count = reader.ReadInt32();
             var extra = new Dictionary<string, string>(count);
-            for (int index = 0; index != count; ++index)
+
+            for (var index = 0; index != count; ++index)
             {
                 string key = reader.ReadString();
                 string value = reader.ReadString();
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
index 44284d788f..1568f58ec2 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
@@ -11,15 +11,18 @@ namespace Microsoft.AspNet.Authentication
 {
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
-        private const int FormatVersion = 4;
+        private const string DefaultStringPlaceholder = "\0";
+        private const int FormatVersion = 5;
 
-        public virtual byte[] Serialize(AuthenticationTicket model)
+        public static TicketSerializer Default { get; } = new TicketSerializer();
+
+        public virtual byte[] Serialize(AuthenticationTicket ticket)
         {
             using (var memory = new MemoryStream())
             {
                 using (var writer = new BinaryWriter(memory))
                 {
-                    Write(writer, model);
+                    Write(writer, ticket);
                 }
                 return memory.ToArray();
             }
@@ -36,98 +39,177 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public static void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationTicket model)
+        public virtual void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationTicket ticket)
         {
             writer.Write(FormatVersion);
-            writer.Write(model.AuthenticationScheme);
-            var principal = model.Principal;
+            writer.Write(ticket.AuthenticationScheme);
+
+            var principal = ticket.Principal;
             if (principal == null)
             {
                 throw new ArgumentNullException("model.Principal");
             }
-            else
-            {
-                writer.Write(principal.Identities.Count());
-                foreach (var identity in principal.Identities)
-                {
-                    var authenticationType = string.IsNullOrEmpty(identity.AuthenticationType) ? string.Empty : identity.AuthenticationType;
-                    writer.Write(authenticationType);
-                    WriteWithDefault(writer, identity.NameClaimType, DefaultValues.NameClaimType);
-                    WriteWithDefault(writer, identity.RoleClaimType, DefaultValues.RoleClaimType);
-                    writer.Write(identity.Claims.Count());
-                    foreach (var claim in identity.Claims)
-                    {
-                        WriteWithDefault(writer, claim.Type, identity.NameClaimType);
-                        writer.Write(claim.Value);
-                        WriteWithDefault(writer, claim.ValueType, DefaultValues.StringValueType);
-                        WriteWithDefault(writer, claim.Issuer, DefaultValues.LocalAuthority);
-                        WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
-                    }
 
-                    var bootstrap = identity.BootstrapContext as string;
-                    if (string.IsNullOrEmpty(bootstrap))
-                    {
-                        writer.Write(0);
-                    }
-                    else
-                    {
-                        writer.Write(bootstrap.Length);
-                        writer.Write(bootstrap);
-                    }
-                }
+            // Write the number of identities contained in the principal.
+            writer.Write(principal.Identities.Count());
+
+            foreach (var identity in principal.Identities)
+            {
+                WriteIdentity(writer, identity);
             }
-            PropertiesSerializer.Write(writer, model.Properties);
+
+            PropertiesSerializer.Default.Write(writer, ticket.Properties);
         }
 
-        public static AuthenticationTicket Read([NotNull] BinaryReader reader)
+        protected virtual void WriteIdentity([NotNull] BinaryWriter writer, [NotNull] ClaimsIdentity identity)
+        {
+            var authenticationType = identity.AuthenticationType ?? string.Empty;
+
+            writer.Write(authenticationType);
+            WriteWithDefault(writer, identity.NameClaimType, ClaimsIdentity.DefaultNameClaimType);
+            WriteWithDefault(writer, identity.RoleClaimType, ClaimsIdentity.DefaultRoleClaimType);
+
+            // Write the number of claims contained in the identity.
+            writer.Write(identity.Claims.Count());
+
+            foreach (var claim in identity.Claims)
+            {
+                WriteClaim(writer, claim);
+            }
+
+            var bootstrap = identity.BootstrapContext as string;
+            if (!string.IsNullOrEmpty(bootstrap))
+            {
+                writer.Write(true);
+                writer.Write(bootstrap);
+            }
+            else
+            {
+                writer.Write(false);
+            }
+
+            if (identity.Actor != null)
+            {
+                writer.Write(true);
+                WriteIdentity(writer, identity.Actor);
+            }
+            else
+            {
+                writer.Write(false);
+            }
+        }
+
+        protected virtual void WriteClaim([NotNull] BinaryWriter writer, [NotNull] Claim claim)
+        {
+            WriteWithDefault(writer, claim.Type, claim.Subject?.NameClaimType ?? ClaimsIdentity.DefaultNameClaimType);
+            writer.Write(claim.Value);
+            WriteWithDefault(writer, claim.ValueType, ClaimValueTypes.String);
+            WriteWithDefault(writer, claim.Issuer, ClaimsIdentity.DefaultIssuer);
+            WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+
+            // Write the number of properties contained in the claim.
+            writer.Write(claim.Properties.Count);
+
+            foreach (var property in claim.Properties)
+            {
+                writer.Write(property.Key ?? string.Empty);
+                writer.Write(property.Value ?? string.Empty);
+            }
+        }
+
+        public virtual AuthenticationTicket Read([NotNull] BinaryReader reader)
         {
             if (reader.ReadInt32() != FormatVersion)
             {
                 return null;
             }
-            var authenticationScheme = reader.ReadString();
-            var identityCount = reader.ReadInt32();
 
-            if (identityCount < 0)
+            var scheme = reader.ReadString();
+
+            // Read the number of identities stored
+            // in the serialized payload.
+            var count = reader.ReadInt32();
+            if (count < 0)
             {
                 return null;
             }
 
-            var identities = new ClaimsIdentity[identityCount];
-            for (var i = 0; i != identityCount; ++i)
+            var identities = new ClaimsIdentity[count];
+            for (var index = 0; index != count; ++index)
             {
-                var authenticationType = reader.ReadString();
-                var nameClaimType = ReadWithDefault(reader, DefaultValues.NameClaimType);
-                var roleClaimType = ReadWithDefault(reader, DefaultValues.RoleClaimType);
-                var count = reader.ReadInt32();
-                var claims = new Claim[count];
-                for (int index = 0; index != count; ++index)
-                {
-                    var type = ReadWithDefault(reader, nameClaimType);
-                    var value = reader.ReadString();
-                    var valueType = ReadWithDefault(reader, DefaultValues.StringValueType);
-                    var issuer = ReadWithDefault(reader, DefaultValues.LocalAuthority);
-                    var originalIssuer = ReadWithDefault(reader, issuer);
-                    claims[index] = new Claim(type, value, valueType, issuer, originalIssuer);
-                }
-                var identity = new ClaimsIdentity(claims, authenticationType, nameClaimType, roleClaimType);
-                var bootstrapContextSize = reader.ReadInt32();
-                if (bootstrapContextSize > 0)
-                {
-                    identity.BootstrapContext = reader.ReadString();
-                }
-                identities[i] = identity;
+                identities[index] = ReadIdentity(reader);
             }
 
-            var properties = PropertiesSerializer.Read(reader);
-            return new AuthenticationTicket(new ClaimsPrincipal(identities), properties, authenticationScheme);
+            var properties = PropertiesSerializer.Default.Read(reader);
+
+            return new AuthenticationTicket(new ClaimsPrincipal(identities), properties, scheme);
+        }
+
+        protected virtual ClaimsIdentity ReadIdentity([NotNull] BinaryReader reader)
+        {
+            var authenticationType = reader.ReadString();
+            var nameClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultNameClaimType);
+            var roleClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultRoleClaimType);
+
+            // Read the number of claims contained
+            // in the serialized identity.
+            var count = reader.ReadInt32();
+
+            var identity = new ClaimsIdentity(authenticationType, nameClaimType, roleClaimType);
+
+            for (int index = 0; index != count; ++index)
+            {
+                var claim = ReadClaim(reader, identity);
+
+                identity.AddClaim(claim);
+            }
+
+            // Determine whether the identity
+            // has a bootstrap context attached.
+            if (reader.ReadBoolean())
+            {
+                identity.BootstrapContext = reader.ReadString();
+            }
+
+            // Determine whether the identity
+            // has an actor identity attached.
+            if (reader.ReadBoolean())
+            {
+                identity.Actor = ReadIdentity(reader);
+            }
+
+            return identity;
+        }
+
+        protected virtual Claim ReadClaim([NotNull] BinaryReader reader, [NotNull] ClaimsIdentity identity)
+        {
+            var type = ReadWithDefault(reader, identity.NameClaimType);
+            var value = reader.ReadString();
+            var valueType = ReadWithDefault(reader, ClaimValueTypes.String);
+            var issuer = ReadWithDefault(reader, ClaimsIdentity.DefaultIssuer);
+            var originalIssuer = ReadWithDefault(reader, issuer);
+
+            var claim = new Claim(type, value, valueType, issuer, originalIssuer, identity);
+
+            // Read the number of properties stored in the claim.
+            var count = reader.ReadInt32();
+            
+            for (var index = 0; index != count; ++index)
+            {
+                var key = reader.ReadString();
+                var propertyValue = reader.ReadString();
+
+                claim.Properties.Add(key, propertyValue);
+            }
+
+            return claim;
         }
 
         private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
         {
             if (string.Equals(value, defaultValue, StringComparison.Ordinal))
             {
-                writer.Write(DefaultValues.DefaultStringPlaceholder);
+                writer.Write(DefaultStringPlaceholder);
             }
             else
             {
@@ -138,20 +220,11 @@ namespace Microsoft.AspNet.Authentication
         private static string ReadWithDefault(BinaryReader reader, string defaultValue)
         {
             var value = reader.ReadString();
-            if (string.Equals(value, DefaultValues.DefaultStringPlaceholder, StringComparison.Ordinal))
+            if (string.Equals(value, DefaultStringPlaceholder, StringComparison.Ordinal))
             {
                 return defaultValue;
             }
             return value;
         }
-
-        private static class DefaultValues
-        {
-            public const string DefaultStringPlaceholder = "\0";
-            public const string NameClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name";
-            public const string RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
-            public const string LocalAuthority = "LOCAL AUTHORITY";
-            public const string StringValueType = "http://www.w3.org/2001/XMLSchema#string";
-        }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
index 23c7add5a9..28811a9eca 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
@@ -15,6 +15,7 @@ namespace Microsoft.AspNet.Authentication
         [Fact]
         public void NullPrincipalThrows()
         {
+            var serializer = new TicketSerializer();
             var properties = new AuthenticationProperties();
             properties.RedirectUri = "bye";
             var ticket = new AuthenticationTicket(properties, "Hello");
@@ -23,13 +24,14 @@ namespace Microsoft.AspNet.Authentication
             using (var writer = new BinaryWriter(stream))
             using (var reader = new BinaryReader(stream))
             {
-                Assert.Throws<ArgumentNullException>(() => TicketSerializer.Write(writer, ticket));
+                Assert.Throws<ArgumentNullException>(() => serializer.Write(writer, ticket));
             }
         }
 
         [Fact]
         public void CanRoundTripEmptyPrincipal()
         {
+            var serializer = new TicketSerializer();
             var properties = new AuthenticationProperties();
             properties.RedirectUri = "bye";
             var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
@@ -38,9 +40,9 @@ namespace Microsoft.AspNet.Authentication
             using (var writer = new BinaryWriter(stream))
             using (var reader = new BinaryReader(stream))
             {
-                TicketSerializer.Write(writer, ticket);
+                serializer.Write(writer, ticket);
                 stream.Position = 0;
-                var readTicket = TicketSerializer.Read(reader);
+                var readTicket = serializer.Read(reader);
                 Assert.Equal(0, readTicket.Principal.Identities.Count());
                 Assert.Equal("bye", readTicket.Properties.RedirectUri);
                 Assert.Equal("Hello", readTicket.AuthenticationScheme);
@@ -50,8 +52,9 @@ namespace Microsoft.AspNet.Authentication
         [Fact]
         public void CanRoundTripBootstrapContext()
         {
+            var serializer = new TicketSerializer();
             var properties = new AuthenticationProperties();
-            properties.RedirectUri = "bye";
+
             var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
             ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { BootstrapContext = "bootstrap" });
 
@@ -59,13 +62,81 @@ namespace Microsoft.AspNet.Authentication
             using (var writer = new BinaryWriter(stream))
             using (var reader = new BinaryReader(stream))
             {
-                TicketSerializer.Write(writer, ticket);
+                serializer.Write(writer, ticket);
                 stream.Position = 0;
-                var readTicket = TicketSerializer.Read(reader);
+                var readTicket = serializer.Read(reader);
                 Assert.Equal(1, readTicket.Principal.Identities.Count());
                 Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
                 Assert.Equal("bootstrap", readTicket.Principal.Identities.First().BootstrapContext);
             }
         }
+
+        [Fact]
+        public void CanRoundTripActorIdentity()
+        {
+            var serializer = new TicketSerializer();
+            var properties = new AuthenticationProperties();
+
+            var actor = new ClaimsIdentity("actor");
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
+            ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { Actor = actor });
+
+            using (var stream = new MemoryStream())
+            using (var writer = new BinaryWriter(stream))
+            using (var reader = new BinaryReader(stream))
+            {
+                serializer.Write(writer, ticket);
+                stream.Position = 0;
+                var readTicket = serializer.Read(reader);
+                Assert.Equal(1, readTicket.Principal.Identities.Count());
+                Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
+
+                var identity = (ClaimsIdentity) readTicket.Principal.Identity;
+                Assert.NotNull(identity.Actor);
+                Assert.Equal(identity.Actor.AuthenticationType, "actor");
+            }
+        }
+
+        [Fact]
+        public void CanRoundTripClaimProperties()
+        {
+            var serializer = new TicketSerializer();
+            var properties = new AuthenticationProperties();
+
+            var claim = new Claim("type", "value", "valueType", "issuer", "original-issuer");
+            claim.Properties.Add("property-1", "property-value");
+
+            // Note: a null value MUST NOT result in a crash
+            // and MUST instead be treated like an empty string.
+            claim.Properties.Add("property-2", null);
+
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello");
+            ticket.Principal.AddIdentity(new ClaimsIdentity(new[] { claim }, "misc"));
+
+            using (var stream = new MemoryStream())
+            using (var writer = new BinaryWriter(stream))
+            using (var reader = new BinaryReader(stream))
+            {
+                serializer.Write(writer, ticket);
+                stream.Position = 0;
+                var readTicket = serializer.Read(reader);
+                Assert.Equal(1, readTicket.Principal.Identities.Count());
+                Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
+
+                var readClaim = readTicket.Principal.FindFirst("type");
+                Assert.NotNull(claim);
+                Assert.Equal(claim.Type, "type");
+                Assert.Equal(claim.Value, "value");
+                Assert.Equal(claim.ValueType, "valueType");
+                Assert.Equal(claim.Issuer, "issuer");
+                Assert.Equal(claim.OriginalIssuer, "original-issuer");
+
+                var property1 = readClaim.Properties["property-1"];
+                Assert.Equal(property1, "property-value");
+
+                var property2 = readClaim.Properties["property-2"];
+                Assert.Equal(property2, string.Empty);
+            }
+        }
     }
 }

From bfb046ba51b620f4bf202a0c348f7f9c09237b5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Fri, 18 Sep 2015 11:50:40 +0200
Subject: [PATCH 349/900] Update .travis.yml to target Mono alpha

---
 .travis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 947bf868ee..98c31725ef 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,6 @@
 language: csharp
 sudo: false
+mono:
+  - alpha
 script:
   - ./build.sh --quiet verify
\ No newline at end of file

From 966fa6672ff3c5bd75703c325512778722ff46a2 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 24 Sep 2015 10:18:04 -0700
Subject: [PATCH 350/900] #147 Make OIDC UseTokenLifetime false by default.

---
 .../OpenIdConnectOptions.cs                                 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 85e1273d97..fedc2db7be 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -42,7 +42,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <para>ResponseType: <see cref="OpenIdConnectResponseTypes.CodeIdToken"/></para>
         /// <para>Scope: <see cref="OpenIdConnectScopes.OpenIdProfile"/>.</para>
         /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationScheme = authenticationScheme.</para>
-        /// <para>UseTokenLifetime: true.</para>
+        /// <para>UseTokenLifetime: false.</para>
         /// </remarks>
         /// <param name="authenticationScheme"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationScheme property.</param>
         [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectOptions.set_Caption(System.String)", Justification = "Not a LOC field")]
@@ -223,9 +223,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token.
         /// If the token does not provide lifetime information then normal session lifetimes will be used.
-        /// This is enabled by default.
+        /// This is disabled by default.
         /// </summary>
-        public bool UseTokenLifetime { get; set; } = true;
+        public bool UseTokenLifetime { get; set; }
 
         /// <summary>
         /// Defines whether access and refresh tokens should be stored in the

From 852f44a3691c02c379b586fe7ef3dc0cb4cea6ab Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 24 Sep 2015 14:53:31 -0700
Subject: [PATCH 351/900] Rename JwtBearer events

---
 ...ectBearerEvents.cs => IJwtBearerEvents.cs} |  8 ++---
 ...ontext.cs => JwtBearerChallengeContext.cs} |  4 +--
 ...nectBearerEvents.cs => JwtBearerEvents.cs} | 16 ++++-----
 ...ivedContext.cs => ReceivedTokenContext.cs} |  6 ++--
 ...vedContext.cs => ReceivingTokenContext.cs} |  4 +--
 ...ngeContext.cs => TokenValidatedContext.cs} |  4 +--
 .../JwtBearerHandler.cs                       | 36 +++++++++----------
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 14 ++++----
 8 files changed, 46 insertions(+), 46 deletions(-)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{IOpenIdConnectBearerEvents.cs => IJwtBearerEvents.cs} (82%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{SecurityTokenValidatedContext.cs => JwtBearerChallengeContext.cs} (64%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{OpenIdConnectBearerEvents.cs => JwtBearerEvents.cs} (64%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{SecurityTokenReceivedContext.cs => ReceivedTokenContext.cs} (58%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{MessageReceivedContext.cs => ReceivingTokenContext.cs} (76%)
 rename src/Microsoft.AspNet.Authentication.JwtBearer/Events/{AuthenticationChallengeContext.cs => TokenValidatedContext.cs} (64%)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
similarity index 82%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
index d4d280484d..cf47ab47ea 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IOpenIdConnectBearerEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
@@ -21,21 +21,21 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        Task MessageReceived(MessageReceivedContext context);
+        Task ReceivingToken(ReceivingTokenContext context);
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        Task SecurityTokenReceived(SecurityTokenReceivedContext context);
+        Task ReceivedToken(ReceivedTokenContext context);
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        Task SecurityTokenValidated(SecurityTokenValidatedContext context);
+        Task ValidatedToken(ValidatedTokenContext context);
 
         /// <summary>
         /// Invoked to apply a challenge sent back to the caller.
         /// </summary>
-        Task ApplyChallenge(AuthenticationChallengeContext context);
+        Task Challenge(JwtBearerChallengeContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
similarity index 64%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index 488e8e6b02..b67c5b9e55 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenValidatedContext : BaseControlContext<JwtBearerOptions>
+    public class JwtBearerChallengeContext : BaseControlContext<JwtBearerOptions>
     {
-        public SecurityTokenValidatedContext(HttpContext context, JwtBearerOptions options)
+        public JwtBearerChallengeContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
similarity index 64%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index e4aa6ed8e0..e9832862b2 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/OpenIdConnectBearerEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -23,22 +23,22 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
+        public Func<ReceivingTokenContext, Task> OnReceivingToken { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked with the security token that has been extracted from the protocol message.
         /// </summary>
-        public Func<SecurityTokenReceivedContext, Task> OnSecurityTokenReceived { get; set; } = context => Task.FromResult(0);
+        public Func<ReceivedTokenContext, Task> OnReceivedToken { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<SecurityTokenValidatedContext, Task> OnSecurityTokenValidated { get; set; } = context => Task.FromResult(0);
+        public Func<ValidatedTokenContext, Task> OnValidatedToken { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked to apply a challenge sent back to the caller.
         /// </summary>
-        public Func<AuthenticationChallengeContext, Task> OnApplyChallenge { get; set; } = context =>
+        public Func<JwtBearerChallengeContext, Task> OnChallenge { get; set; } = context =>
         {
             context.HttpContext.Response.Headers.Append("WWW-Authenticate", context.Options.Challenge);
             return Task.FromResult(0);
@@ -46,12 +46,12 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
-        public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
+        public virtual Task ReceivingToken(ReceivingTokenContext context) => OnReceivingToken(context);
 
-        public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) => OnSecurityTokenReceived(context);
+        public virtual Task ReceivedToken(ReceivedTokenContext context) => OnReceivedToken(context);
 
-        public virtual Task SecurityTokenValidated(SecurityTokenValidatedContext context) => OnSecurityTokenValidated(context);
+        public virtual Task ValidatedToken(ValidatedTokenContext context) => OnValidatedToken(context);
 
-        public virtual Task ApplyChallenge(AuthenticationChallengeContext context) => OnApplyChallenge(context);
+        public virtual Task Challenge(JwtBearerChallengeContext context) => OnChallenge(context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
similarity index 58%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
index 5aedda1d84..1cf0eefb1b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/SecurityTokenReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
@@ -5,13 +5,13 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class SecurityTokenReceivedContext : BaseControlContext<JwtBearerOptions>
+    public class ReceivedTokenContext : BaseControlContext<JwtBearerOptions>
     {
-        public SecurityTokenReceivedContext(HttpContext context, JwtBearerOptions options)
+        public ReceivedTokenContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
 
-        public string SecurityToken { get; set; }
+        public string Token { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
similarity index 76%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
index cd940ef679..3f85c55214 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class MessageReceivedContext : BaseControlContext<JwtBearerOptions>
+    public class ReceivingTokenContext : BaseControlContext<JwtBearerOptions>
     {
-        public MessageReceivedContext(HttpContext context, JwtBearerOptions options)
+        public ReceivingTokenContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
similarity index 64%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
rename to src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index 44f44d5b3e..3d95e4acc0 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationChallengeContext : BaseControlContext<JwtBearerOptions>
+    public class ValidatedTokenContext : BaseControlContext<JwtBearerOptions>
     {
-        public AuthenticationChallengeContext(HttpContext context, JwtBearerOptions options)
+        public ValidatedTokenContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 2577f897eb..cc8a838331 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -26,22 +26,22 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             try
             {
                 // Give application opportunity to find from a different location, adjust, or reject token
-                var messageReceivedContext = new MessageReceivedContext(Context, Options);
+                var receivingTokenContext = new ReceivingTokenContext(Context, Options);
 
                 // event can set the token
-                await Options.Events.MessageReceived(messageReceivedContext);
-                if (messageReceivedContext.HandledResponse)
+                await Options.Events.ReceivingToken(receivingTokenContext);
+                if (receivingTokenContext.HandledResponse)
                 {
-                    return messageReceivedContext.AuthenticationTicket;
+                    return receivingTokenContext.AuthenticationTicket;
                 }
 
-                if (messageReceivedContext.Skipped)
+                if (receivingTokenContext.Skipped)
                 {
                     return null;
                 }
 
                 // If application retrieved token from somewhere else, use that.
-                token = messageReceivedContext.Token;
+                token = receivingTokenContext.Token;
 
                 if (string.IsNullOrEmpty(token))
                 {
@@ -66,18 +66,18 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 }
 
                 // notify user token was received
-                var securityTokenReceivedContext = new SecurityTokenReceivedContext(Context, Options)
+                var receivedTokenContext = new ReceivedTokenContext(Context, Options)
                 {
-                    SecurityToken = token,
+                    Token = token,
                 };
 
-                await Options.Events.SecurityTokenReceived(securityTokenReceivedContext);
-                if (securityTokenReceivedContext.HandledResponse)
+                await Options.Events.ReceivedToken(receivedTokenContext);
+                if (receivedTokenContext.HandledResponse)
                 {
-                    return securityTokenReceivedContext.AuthenticationTicket;
+                    return receivedTokenContext.AuthenticationTicket;
                 }
 
-                if (securityTokenReceivedContext.Skipped)
+                if (receivedTokenContext.Skipped)
                 {
                     return null;
                 }
@@ -110,18 +110,18 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         var principal = validator.ValidateToken(token, validationParameters, out validatedToken);
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
-                        var securityTokenValidatedContext = new SecurityTokenValidatedContext(Context, Options)
+                        var validatedTokenContext = new ValidatedTokenContext(Context, Options)
                         {
                             AuthenticationTicket = ticket
                         };
 
-                        await Options.Events.SecurityTokenValidated(securityTokenValidatedContext);
-                        if (securityTokenValidatedContext.HandledResponse)
+                        await Options.Events.ValidatedToken(validatedTokenContext);
+                        if (validatedTokenContext.HandledResponse)
                         {
-                            return securityTokenValidatedContext.AuthenticationTicket;
+                            return validatedTokenContext.AuthenticationTicket;
                         }
 
-                        if (securityTokenValidatedContext.Skipped)
+                        if (validatedTokenContext.Skipped)
                         {
                             return null;
                         }
@@ -165,7 +165,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             Response.StatusCode = 401;
-            await Options.Events.ApplyChallenge(new AuthenticationChallengeContext(Context, Options));
+            await Options.Events.Challenge(new JwtBearerChallengeContext(Context, Options));
             return false;
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 24bc6ccec4..96ea604ec5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -68,7 +68,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                 options.Events = new JwtBearerEvents()
                 {
-                    OnMessageReceived = context =>
+                    OnReceivingToken = context =>
                     {
                         var claims = new[]
                         {
@@ -118,7 +118,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                 options.Events = new JwtBearerEvents()
                 {
-                    OnSecurityTokenReceived = context =>
+                    OnReceivedToken = context =>
                     {
                         var claims = new[]
                         {
@@ -152,7 +152,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                 options.Events = new JwtBearerEvents()
                 {
-                    OnSecurityTokenValidated = context =>
+                    OnValidatedToken = context =>
                     {
                         // Retrieve the NameIdentifier claim from the identity
                         // returned by the custom security token validator.
@@ -189,12 +189,12 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                 options.Events = new JwtBearerEvents()
                 {
-                    OnMessageReceived = context =>
+                    OnReceivingToken = context =>
                     {
                         context.Token = "CustomToken";
                         return Task.FromResult<object>(null);
                     },
-                    OnSecurityTokenReceived = context =>
+                    OnReceivedToken = context =>
                     {
                         var claims = new[]
                         {
@@ -226,7 +226,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.Events = new JwtBearerEvents()
                 {
-                    OnSecurityTokenReceived = context =>
+                    OnReceivedToken = context =>
                     {
                         var claims = new[]
                         {
@@ -257,7 +257,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             {
                 options.Events = new JwtBearerEvents()
                 {
-                    OnSecurityTokenReceived = context =>
+                    OnReceivedToken = context =>
                     {
                         var claims = new[]
                         {

From 78cf065b88c23f6795178d6977a217ea8aaac74f Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 28 Sep 2015 15:34:53 -0700
Subject: [PATCH 352/900] #493 Upate to IdentityModel beta8 dependencies.

---
 .../Properties/launchSettings.json            |  4 +-
 samples/OpenIdConnectSample/Startup.cs        |  3 +
 samples/OpenIdConnectSample/project.json      |  4 +-
 .../project.json                              |  2 +-
 .../OpenIdConnectHandler.cs                   | 82 ++++++++++---------
 .../OpenIdConnectOptions.cs                   |  2 +-
 .../project.json                              |  2 +-
 ...nIdConnectHandlerForTestingAuthenticate.cs |  3 +-
 8 files changed, 56 insertions(+), 46 deletions(-)

diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index d8622657cf..a744c05c54 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -10,12 +10,12 @@
     "kestrel": {
       "commandName": "kestrel",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:5004"
+      "launchUrl": "http://localhost:42023"
     },
     "web": {
       "commandName": "web",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:12345"
+      "launchUrl": "http://localhost:42023"
     }
   }
 }
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 3a0a289e72..177e866d7b 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -6,6 +6,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.Logging;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace OpenIdConnectSample
 {
@@ -28,8 +29,10 @@ namespace OpenIdConnectSample
             app.UseOpenIdConnectAuthentication(options =>
             {
                 options.ClientId = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
+                options.ClientSecret = "Yse2iP7tO1Azq0iDajNisMaTSnIDv+FXmAsFuXr+Cy8="; // for code flow
                 options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
                 options.RedirectUri = "http://localhost:42023";
+                options.ResponseType = OpenIdConnectResponseTypes.Code;
             });
 
             app.Run(async context =>
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index ad9c36c6f7..2dbf30c6bd 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -13,8 +13,8 @@
         "dnxcore50": { }
     },
     "commands": {
-        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
-        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5004"
+        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:42023",
+        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:42023"
     },
     "webroot": "wwwroot"
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index f05599e083..722ed90f88 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -8,7 +8,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta7-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta8-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index ea5f844bac..1c044332cc 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -320,7 +320,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // response_mode=query (explicit or not) and a response_type containing id_token
                 // or token are not considered as a safe combination and MUST be rejected.
                 // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
-                if (!string.IsNullOrEmpty(message.IdToken) || !string.IsNullOrEmpty(message.Token))
+                if (!string.IsNullOrEmpty(message.IdToken) || !string.IsNullOrEmpty(message.AccessToken))
                 {
                     Logger.LogError("An OpenID Connect response cannot contain an identity token " +
                                     "or an access token when using response_mode=query");
@@ -359,7 +359,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // Fail if state is missing, it's required for the correlation id.
                 if (string.IsNullOrEmpty(message.State))
                 {
-                    Logger.LogError(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
+                    // This wasn't a valid ODIC message, it may not have been intended for us.
+                    Logger.LogVerbose(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
                     return null;
                 }
 
@@ -462,6 +463,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             AuthenticationTicket ticket = null;
             JwtSecurityToken jwt = null;
 
+            Options.ProtocolValidator.ValidateAuthenticationResponse(new OpenIdConnectProtocolValidationContext()
+            {
+                ClientId = Options.ClientId,
+                ProtocolMessage = message,
+            });
+
             var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
@@ -498,7 +505,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             ticket = ValidateToken(tokenEndpointResponse.ProtocolMessage.IdToken, message, properties, validationParameters, out jwt);
 
-            ValidateOpenIdConnectProtocol(null, message);
+            var nonce = jwt?.Payload.Nonce;
+            if (!string.IsNullOrEmpty(nonce))
+            {
+                nonce = ReadNonceCookie(nonce);
+            }
+
+            Options.ProtocolValidator.ValidateTokenResponse(new OpenIdConnectProtocolValidationContext()
+            {
+                ClientId = Options.ClientId,
+                ProtocolMessage = tokenEndpointResponse.ProtocolMessage,
+                ValidatedIdToken = jwt,
+                Nonce = nonce
+            });
 
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse);
             if (authenticationValidatedContext.HandledResponse)
@@ -520,7 +539,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
                 Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint);
-                ticket = await GetUserInformationAsync(tokenEndpointResponse.ProtocolMessage, ticket);
+                ticket = await GetUserInformationAsync(tokenEndpointResponse.ProtocolMessage, jwt, ticket);
             }
 
             return ticket;
@@ -535,7 +554,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var validationParameters = Options.TokenValidationParameters.Clone();
             var ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
 
-            ValidateOpenIdConnectProtocol(jwt, message);
+            var nonce = jwt?.Payload.Nonce;
+            if (!string.IsNullOrEmpty(nonce))
+            {
+                nonce = ReadNonceCookie(nonce);
+            }
+
+            Options.ProtocolValidator.ValidateAuthenticationResponse(new OpenIdConnectProtocolValidationContext()
+            {
+                ClientId = Options.ClientId,
+                ProtocolMessage = message,
+                ValidatedIdToken = jwt,
+                Nonce = nonce
+            });
 
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse: null);
             if (authenticationValidatedContext.HandledResponse)
@@ -619,7 +650,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="message">message that is being processed</param>
         /// <param name="ticket">authentication ticket with claims principal and identities</param>
         /// <returns>Authentication ticket with identity with additional claims, if any.</returns>
-        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
+        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)
         {
             var userInfoEndpoint = _configuration?.UserInfoEndpoint;
 
@@ -634,6 +665,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var responseMessage = await Backchannel.SendAsync(requestMessage);
             responseMessage.EnsureSuccessStatusCode();
             var userInfoResponse = await responseMessage.Content.ReadAsStringAsync();
+            var userInfoEndpointJwt = new JwtSecurityToken(userInfoResponse);
             var user = JObject.Parse(userInfoResponse);
 
             var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
@@ -648,20 +680,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             ticket = userInformationReceivedContext.AuthenticationTicket;
             user = userInformationReceivedContext.User;
 
+            Options.ProtocolValidator.ValidateUserInfoResponse(new OpenIdConnectProtocolValidationContext()
+            {
+                UserInfoEndpointResponse = userInfoEndpointJwt,
+                ValidatedIdToken = jwt,
+            });
+
             var identity = (ClaimsIdentity)ticket.Principal.Identity;
-            var subjectClaimType = identity.FindFirst(ClaimTypes.NameIdentifier);
-            if (subjectClaimType == null)
-            {
-                throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0041_Subject_Claim_Not_Found, identity.ToString()));
-            }
-
-            var userInfoSubjectClaimValue = user.Value<string>(JwtRegisteredClaimNames.Sub);
-
-            // check if the sub claim matches
-            if (userInfoSubjectClaimValue == null || !string.Equals(userInfoSubjectClaimValue, subjectClaimType.Value, StringComparison.Ordinal))
-            {
-                throw new OpenIdConnectProtocolException(Resources.OIDCH_0039_Subject_Claim_Mismatch);
-            }
 
             foreach (var claim in identity.Claims)
             {
@@ -1097,25 +1122,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return ticket;
         }
 
-        private void ValidateOpenIdConnectProtocol(JwtSecurityToken jwt, OpenIdConnectMessage message)
-        {
-            string nonce = jwt?.Payload.Nonce;
-            if (!string.IsNullOrEmpty(nonce))
-            {
-                nonce = ReadNonceCookie(nonce);
-            }
-
-            var protocolValidationContext = new OpenIdConnectProtocolValidationContext
-            {
-                ProtocolMessage = message,
-                IdToken = jwt,
-                ClientId = Options.ClientId,
-                Nonce = nonce
-            };
-
-            Options.ProtocolValidator.Validate(protocolValidationContext);
-        }
-
         /// <summary>
         /// Calls InvokeReplyPathAsync
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index fedc2db7be..aa77d09040 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -145,7 +145,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
         public OpenIdConnectProtocolValidator ProtocolValidator { get; set; } = new OpenIdConnectProtocolValidator()
         {
-            RequireState = false,
+            RequireStateValidation = false,
             NonceLifetime = TimeSpan.FromMinutes(15)
         };
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index c81a8d085b..15fe781773 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -8,7 +8,7 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta7-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta8-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
index f9cd88d57e..79e96d7d1c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
@@ -33,7 +34,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             return Task.FromResult(new OpenIdConnectTokenEndpointResponse(jsonResponse));
         }
 
-        protected override Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, AuthenticationTicket ticket)
+        protected override Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)
         {
             var claimsIdentity = (ClaimsIdentity)ticket.Principal.Identity;
             if (claimsIdentity == null)

From 88d1bb0cfe23fb61ad161b4053c098ff6e9fd970 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 28 Sep 2015 23:15:52 -0700
Subject: [PATCH 353/900] Updating to release NuGet.config.

---
 NuGet.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 3cca57b4c2..9a4755a7ca 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcirelease/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
     <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly" />
   </packageSources>

From 6ed7d1f3c09c065c8e2c09f1cd09389947451746 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 28 Sep 2015 08:03:31 -0700
Subject: [PATCH 354/900] Replace NotNullAttribute with thrown exceptions

---
 .../ChunkingCookieManager.cs                  | 68 +++++++++++++++++--
 .../CookieAppBuilderExtensions.cs             | 27 ++++++--
 .../CookieAuthenticationHandler.cs            |  8 ++-
 .../CookieAuthenticationMiddleware.cs         | 36 ++++++++--
 .../CookieAuthenticationOptions.cs            |  7 +-
 .../CookieServiceCollectionExtensions.cs      | 25 ++++++-
 .../Events/CookieValidatePrincipalContext.cs  | 19 +++++-
 .../project.json                              |  4 +-
 .../FacebookAppBuilderExtensions.cs           | 20 +++++-
 .../FacebookHelper.cs                         | 52 ++++++++++++--
 .../FacebookMiddleware.cs                     | 43 ++++++++++--
 .../project.json                              |  4 +-
 .../GoogleAppBuilderExtensions.cs             | 20 +++++-
 .../GoogleHelper.cs                           | 61 +++++++++++++++--
 .../GoogleMiddleware.cs                       | 44 ++++++++++--
 .../project.json                              |  6 +-
 .../JwtBearerAppBuilderExtensions.cs          | 21 ++++--
 .../JwtBearerMiddleware.cs                    | 29 ++++++--
 .../project.json                              |  4 +-
 .../MicrosoftAccountAppBuilderExtensions.cs   | 20 +++++-
 .../MicrosoftAccountHelper.cs                 | 53 +++++++++++++--
 .../MicrosoftAccountMiddleware.cs             | 44 ++++++++++--
 .../project.json                              |  6 +-
 .../Events/OAuthCreatingTicketContext.cs      | 46 ++++++++++---
 .../OAuthExtensions.cs                        | 26 +++++--
 .../OAuthHandler.cs                           | 26 +++++--
 .../OAuthMiddleware.cs                        | 43 ++++++++++--
 .../project.json                              |  4 +-
 .../OpenIdConnectExtensions.cs                | 20 +++++-
 .../OpenIdConnectHandler.cs                   | 24 +++++--
 .../OpenIdConnectMiddleware.cs                | 52 +++++++++++---
 .../project.json                              |  5 +-
 .../Messages/RequestTokenSerializer.cs        | 21 +++++-
 .../TwitterAppBuilderExtensions.cs            | 20 +++++-
 .../TwitterHandler.cs                         | 14 ++--
 .../TwitterMiddleware.cs                      | 43 ++++++++++--
 .../project.json                              |  6 +-
 .../AuthenticationHandler.cs                  | 22 +++++-
 .../AuthenticationMiddleware.cs               | 29 ++++++--
 ...thenticationServiceCollectionExtensions.cs | 20 +++++-
 .../ClaimsTransformationMiddleware.cs         | 19 ++++--
 .../DataHandler/PropertiesSerializer.cs       | 21 +++++-
 .../DataHandler/TicketSerializer.cs           | 65 +++++++++++++++---
 .../project.json                              |  4 +-
 .../AuthorizationContext.cs                   | 12 +++-
 .../AuthorizationOptions.cs                   | 34 ++++++++--
 .../AuthorizationPolicy.cs                    | 39 +++++++++--
 .../AuthorizationPolicyBuilder.cs             | 57 +++++++++++++---
 ...uthorizationServiceCollectionExtensions.cs | 20 +++++-
 .../AuthorizationServiceExtensions.cs         | 50 ++++++++++++--
 .../ClaimsAuthorizationRequirement.cs         |  8 ++-
 .../DefaultAuthorizationService.cs            | 14 +++-
 .../IAuthorizationService.cs                  |  5 +-
 .../NameAuthorizationRequirement.cs           |  9 ++-
 .../RolesAuthorizationRequirement.cs          |  8 ++-
 .../project.json                              |  4 +-
 .../project.json                              |  3 +
 57 files changed, 1187 insertions(+), 227 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
index 73beb79503..95838f409f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
@@ -6,7 +6,6 @@ using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Primitives;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.Net.Http.Headers;
@@ -66,8 +65,18 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="context"></param>
         /// <param name="key"></param>
         /// <returns>The reassembled cookie, if any, or null.</returns>
-        public string GetRequestCookie([NotNull] HttpContext context, [NotNull] string key)
+        public string GetRequestCookie(HttpContext context, string key)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
             var requestCookies = context.Request.Cookies;
             var value = requestCookies[key];
             var chunksCount = ParseChunksCount(value);
@@ -123,8 +132,23 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="key"></param>
         /// <param name="value"></param>
         /// <param name="options"></param>
-        public void AppendResponseCookie([NotNull] HttpContext context, [NotNull] string key, string value, [NotNull] CookieOptions options)
+        public void AppendResponseCookie(HttpContext context, string key, string value, CookieOptions options)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             var escapedKey = Encoder.UrlEncode(key);
 
             var template = new SetCookieHeaderValue(escapedKey)
@@ -198,8 +222,23 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="context"></param>
         /// <param name="key"></param>
         /// <param name="options"></param>
-        public void DeleteCookie([NotNull] HttpContext context, [NotNull] string key, [NotNull] CookieOptions options)
+        public void DeleteCookie(HttpContext context, string key, CookieOptions options)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             var escapedKey = Encoder.UrlEncode(key);
             var keys = new List<string>();
             keys.Add(escapedKey + "=");
@@ -266,18 +305,33 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
         }
 
-        private static bool IsQuoted([NotNull] string value)
+        private static bool IsQuoted(string value)
         {
+            if (value == null)
+            {
+                throw new ArgumentNullException(nameof(value));
+            }
+
             return value.Length >= 2 && value[0] == '"' && value[value.Length - 1] == '"';
         }
 
-        private static string RemoveQuotes([NotNull] string value)
+        private static string RemoveQuotes(string value)
         {
+            if (value == null)
+            {
+                throw new ArgumentNullException(nameof(value));
+            }
+
             return value.Substring(1, value.Length - 2);
         }
 
-        private static string Quote([NotNull] string value)
+        private static string Quote(string value)
         {
+            if (value == null)
+            {
+                throw new ArgumentNullException(nameof(value));
+            }
+
             return '"' + value + '"';
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 2ed5f99827..ef4a252a39 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -17,8 +16,13 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app)
+        public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
             return app.UseCookieAuthentication(new CookieAuthenticationOptions());
         }
 
@@ -28,8 +32,13 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
         /// <param name="configureOptions">Used to configure the options for the middleware</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions)
+        public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
             var options = new CookieAuthenticationOptions();
             if (configureOptions != null)
             {
@@ -44,8 +53,18 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
         /// <param name="options">Used to configure the middleware</param>
         /// <returns>The original app parameter</returns>
-        public static IApplicationBuilder UseCookieAuthentication([NotNull] this IApplicationBuilder app, [NotNull] CookieAuthenticationOptions options)
+        public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 5ddbde3891..e8c100adf8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -9,7 +9,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.Primitives;
 using Microsoft.Net.Http.Headers;
@@ -402,8 +401,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return true;
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
+        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
             var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri;
             try
             {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 900ad5505d..faa8fd99d9 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.WebEncoders;
 
@@ -13,13 +12,38 @@ namespace Microsoft.AspNet.Authentication.Cookies
     public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
     {
         public CookieAuthenticationMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] IDataProtectionProvider dataProtectionProvider,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder urlEncoder,
-            [NotNull] CookieAuthenticationOptions options)
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder urlEncoder,
+            CookieAuthenticationOptions options)
             : base(next, options, loggerFactory, urlEncoder)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (dataProtectionProvider == null)
+            {
+                throw new ArgumentNullException(nameof(dataProtectionProvider));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (urlEncoder == null)
+            {
+                throw new ArgumentNullException(nameof(urlEncoder));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             if (Options.Events == null)
             {
                 Options.Events = new CookieAuthenticationEvents();
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 1a1f71bd40..bf10e155b5 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authentication.Cookies
@@ -39,9 +38,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public string CookieName
         {
             get { return _cookieName; }
-            [param: NotNull]
             set
             {
+                if (value == null)
+                {
+                    throw new ArgumentNullException(nameof(value));
+                }
+
                 _cookieName = value;
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index d609f12bde..5fb59747b8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.Configuration;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
@@ -13,13 +12,33 @@ namespace Microsoft.Framework.DependencyInjection
     /// </summary>
     public static class CookieServiceCollectionExtensions
     {
-        public static IServiceCollection AddCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<CookieAuthenticationOptions> configure)
+        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, Action<CookieAuthenticationOptions> configure)
         {
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+
+            if (configure == null)
+            {
+                throw new ArgumentNullException(nameof(configure));
+            }
+
             return services.Configure(configure);
         }
 
-        public static IServiceCollection AddCookieAuthentication([NotNull] this IServiceCollection services, [NotNull] IConfiguration config)
+        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, IConfiguration config)
         {
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+
+            if (config == null)
+            {
+                throw new ArgumentNullException(nameof(config));
+            }
+
             return services.Configure<CookieAuthenticationOptions>(config);
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index 5a95fe639f..a37f776d9e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -19,9 +19,24 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="context"></param>
         /// <param name="ticket">Contains the initial values for identity and extra data</param>
         /// <param name="options"></param>
-        public CookieValidatePrincipalContext([NotNull] HttpContext context, [NotNull] AuthenticationTicket ticket, [NotNull] CookieAuthenticationOptions options)
+        public CookieValidatePrincipalContext(HttpContext context, AuthenticationTicket ticket, CookieAuthenticationOptions options)
             : base(context, options)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             Principal = ticket.Principal;
             Properties = ticket.Properties;
         }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index 34d775f155..c7aea2a71f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.WebEncoders": "1.0.0-*",
         "Newtonsoft.Json": "6.0.6"
     },
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 0e6fc8a971..0df075e356 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Facebook;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -17,8 +16,18 @@ namespace Microsoft.AspNet.Builder
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, [NotNull] FacebookOptions options)
+        public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, FacebookOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<FacebookMiddleware>(options);
         }
 
@@ -28,8 +37,13 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="configureOptions">Configures the options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication([NotNull] this IApplicationBuilder app, Action<FacebookOptions> configureOptions)
+        public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, Action<FacebookOptions> configureOptions)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
             var options = new FacebookOptions();
             if (configureOptions != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs
index f3a99e6c49..bb950f32a3 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.Framework.Internal;
+using System;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Facebook
@@ -15,26 +15,66 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <summary>
         /// Gets the Facebook user ID.
         /// </summary>
-        public static string GetId([NotNull] JObject user) => user.Value<string>("id");
+        public static string GetId(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("id");
+        }
 
         /// <summary>
         /// Gets the user's name.
         /// </summary>
-        public static string GetName([NotNull] JObject user) => user.Value<string>("name");
+        public static string GetName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("name");
+        }
 
         /// <summary>
         /// Gets the user's link.
         /// </summary>
-        public static string GetLink([NotNull] JObject user) => user.Value<string>("link");
+        public static string GetLink(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            return user.Value<string>("link");
+        }
 
         /// <summary>
         /// Gets the Facebook username.
         /// </summary>
-        public static string GetUserName([NotNull] JObject user) => user.Value<string>("username");
+        public static string GetUserName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("username");
+        }
+
 
         /// <summary>
         /// Gets the Facebook email.
         /// </summary>
-        public static string GetEmail([NotNull] JObject user) => user.Value<string>("email");
+        public static string GetEmail(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("email");
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index aa518d5df2..b2893852e9 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -6,7 +6,6 @@ using System.Globalization;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
@@ -29,14 +28,44 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// <param name="options">Configuration options for the middleware.</param>
         /// <param name="configureOptions"></param>
         public FacebookMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] IDataProtectionProvider dataProtectionProvider,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] FacebookOptions options)
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            IOptions<SharedAuthenticationOptions> sharedOptions,
+            FacebookOptions options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (dataProtectionProvider == null)
+            {
+                throw new ArgumentNullException(nameof(dataProtectionProvider));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
+            if (sharedOptions == null)
+            {
+                throw new ArgumentNullException(nameof(sharedOptions));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             if (string.IsNullOrEmpty(Options.AppId))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppId)));
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index f481284509..e68e580669 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 7d1599ff52..08226c527c 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Google;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -18,8 +17,18 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The Middleware options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, [NotNull] GoogleOptions options)
+        public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, GoogleOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<GoogleMiddleware>(options);
         }
 
@@ -30,8 +39,13 @@ namespace Microsoft.AspNet.Builder
         /// <param name="configureOptions">Used to configure Middleware options.</param>
         /// <param name="optionsName">Name of the options instance to be used</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication([NotNull] this IApplicationBuilder app, Action<GoogleOptions> configureOptions)
+        public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, Action<GoogleOptions> configureOptions)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
             var options = new GoogleOptions();
             if (configureOptions != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
index e8618f3e31..a30e7d1fc2 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using Microsoft.Framework.Internal;
 using Newtonsoft.Json.Linq;
 
@@ -15,32 +16,80 @@ namespace Microsoft.AspNet.Authentication.Google
         /// <summary>
         /// Gets the Google user ID.
         /// </summary>
-        public static string GetId([NotNull] JObject user) => user.Value<string>("id");
+        public static string GetId(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("id");
+        }
 
         /// <summary>
         /// Gets the user's name.
         /// </summary>
-        public static string GetName([NotNull] JObject user) => user.Value<string>("displayName");
+        public static string GetName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("displayName");
+        }
 
         /// <summary>
         /// Gets the user's given name.
         /// </summary>
-        public static string GetGivenName([NotNull] JObject user) => TryGetValue(user, "name", "givenName");
+        public static string GetGivenName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return TryGetValue(user, "name", "givenName");
+        }
 
         /// <summary>
         /// Gets the user's family name.
         /// </summary>
-        public static string GetFamilyName([NotNull] JObject user) => TryGetValue(user, "name", "familyName");
+        public static string GetFamilyName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return TryGetValue(user, "name", "familyName");
+        }
 
         /// <summary>
         /// Gets the user's profile link.
         /// </summary>
-        public static string GetProfile([NotNull] JObject user) => user.Value<string>("url");
+        public static string GetProfile(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("url");
+        }
 
         /// <summary>
         /// Gets the user's email.
         /// </summary>
-        public static string GetEmail([NotNull] JObject user) => TryGetFirstValue(user, "emails", "value");
+        public static string GetEmail(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return TryGetFirstValue(user, "emails", "value");
+        }
 
         // Get the given subProperty from a property.
         private static string TryGetValue(JObject user, string propertyName, string subProperty)
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index 43dd9ba80e..1d97d5ec5c 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
@@ -29,14 +29,44 @@ namespace Microsoft.AspNet.Authentication.Google
         /// <param name="options">Configuration options for the middleware.</param>
         /// <param name="configureOptions"></param>
         public GoogleMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] IDataProtectionProvider dataProtectionProvider,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] GoogleOptions options)
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            IOptions<SharedAuthenticationOptions> sharedOptions,
+            GoogleOptions options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (dataProtectionProvider == null)
+            {
+                throw new ArgumentNullException(nameof(dataProtectionProvider));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
+            if (sharedOptions == null)
+            {
+                throw new ArgumentNullException(nameof(sharedOptions));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             if (Options.Scope.Count == 0)
             {
                 // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to 
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index ab65c2cf78..6f59f918f1 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index be2d51b1b9..7330aa7b3c 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -3,8 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.JwtBearer;
-using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -24,8 +22,18 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the bearer header.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, [NotNull] JwtBearerOptions options)
+        public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<JwtBearerMiddleware>(options);
         }
 
@@ -40,8 +48,13 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="configureOptions">Used to configure Middleware options.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
+        public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
             var options = new JwtBearerOptions();
             if (configureOptions != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index ce919a9206..26e9e1e804 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
@@ -25,12 +24,32 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// extension method.
         /// </summary>
         public JwtBearerMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            [NotNull] JwtBearerOptions options)
+            RequestDelegate next,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            JwtBearerOptions options)
             : base(next, options, loggerFactory, encoder)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             if (Options.Events == null)
             {
                 Options.Events = new JwtBearerEvents();
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 722ed90f88..e1b5de2dfd 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta8-*"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 9fe1887bbf..c890b7a9e2 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -12,13 +11,28 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class MicrosoftAccountAuthenticationExtensions
     {
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, [NotNull] MicrosoftAccountOptions options)
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, MicrosoftAccountOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
         }
 
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication([NotNull] this IApplicationBuilder app, Action<MicrosoftAccountOptions> configureOptions)
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, Action<MicrosoftAccountOptions> configureOptions)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
             var options = new MicrosoftAccountOptions();
             if (configureOptions != null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
index 8de7ad6138..b0573688e9 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.Framework.Internal;
+using System;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
@@ -15,27 +15,66 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// <summary>
         /// Gets the Microsoft Account user ID.
         /// </summary>
-        public static string GetId([NotNull] JObject user) => user.Value<string>("id");
+        public static string GetId(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("id");
+        }
 
         /// <summary>
         /// Gets the user's name.
         /// </summary>
-        public static string GetName([NotNull] JObject user) => user.Value<string>("name");
+        public static string GetName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("name");
+        }
 
         /// <summary>
         /// Gets the user's first name.
         /// </summary>
-        public static string GetFirstName([NotNull] JObject user) => user.Value<string>("first_name");
+        public static string GetFirstName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("first_name");
+        }
 
         /// <summary>
         /// Gets the user's last name.
         /// </summary>
-        public static string GetLastName([NotNull] JObject user) => user.Value<string>("last_name");
+        public static string GetLastName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("last_name");
+        }
 
         /// <summary>
         /// Gets the user's email address.
         /// </summary>
-        public static string GetEmail([NotNull] JObject user) => user.Value<JObject>("emails")
-                                                                    ?.Value<string>("preferred");
+        public static string GetEmail(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<JObject>("emails")?.Value<string>("preferred");
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 9f2c5d96e8..167baa9901 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
@@ -27,14 +27,44 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
         /// <param name="options">Configuration options for the middleware.</param>
         /// <param name="configureOptions"></param>
         public MicrosoftAccountMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] IDataProtectionProvider dataProtectionProvider,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] MicrosoftAccountOptions options)
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            IOptions<SharedAuthenticationOptions> sharedOptions,
+            MicrosoftAccountOptions options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (dataProtectionProvider == null)
+            {
+                throw new ArgumentNullException(nameof(dataProtectionProvider));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
+            if (sharedOptions == null)
+            {
+                throw new ArgumentNullException(nameof(sharedOptions));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             if (Options.Scope.Count == 0)
             {
                 // LiveID requires a scope string, so if the user didn't set one we go for the least possible.
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index bcc6b3df0c..e5fd920b7f 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index 2bbacbfd2e..315f89225b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -7,7 +7,6 @@ using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.Internal;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
@@ -25,10 +24,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         public OAuthCreatingTicketContext(
-            [NotNull] HttpContext context,
-            [NotNull] OAuthOptions options,
-            [NotNull] HttpClient backchannel,
-            [NotNull] OAuthTokenResponse tokens)
+            HttpContext context,
+            OAuthOptions options,
+            HttpClient backchannel,
+            OAuthTokenResponse tokens)
             : this(context, options, backchannel, tokens, user: new JObject())
         {
         }
@@ -42,13 +41,38 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         /// <param name="user">The JSON-serialized user.</param>
         public OAuthCreatingTicketContext(
-            [NotNull] HttpContext context,
-            [NotNull] OAuthOptions options,
-            [NotNull] HttpClient backchannel,
-            [NotNull] OAuthTokenResponse tokens,
-            [NotNull] JObject user)
+            HttpContext context,
+            OAuthOptions options,
+            HttpClient backchannel,
+            OAuthTokenResponse tokens,
+            JObject user)
             : base(context, options)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            if (backchannel == null)
+            {
+                throw new ArgumentNullException(nameof(backchannel));
+            }
+
+            if (tokens == null)
+            {
+                throw new ArgumentNullException(nameof(tokens));
+            }
+
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
             TokenResponse = tokens;
             Backchannel = backchannel;
             User = user;
@@ -96,7 +120,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 return null;
             }
         }
-        
+
         /// <summary>
         /// Gets the backchannel used to communicate with the provider.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
index 813f3cdfeb..ecc03f428e 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
@@ -3,8 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -19,8 +17,18 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="configureOptions">Configures the middleware options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] Action<OAuthOptions> configureOptions)
+        public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, Action<OAuthOptions> configureOptions)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
+
             var options = new OAuthOptions();
             if (configureOptions != null)
             {
@@ -35,8 +43,18 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
         /// <param name="options">The middleware configuration options.</param>
         /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OAuthOptions options)
+        public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, OAuthOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(options);
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index c2c3481597..fcf693b249 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -13,7 +13,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.WebUtilities;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.Primitives;
 using Newtonsoft.Json.Linq;
@@ -148,7 +147,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                                                     ClaimValueTypes.String, Options.ClaimsIssuer));
                     }
                 }
-                
+
                 return await CreateTicketAsync(identity, properties, tokens);
             }
             catch (Exception ex)
@@ -188,7 +187,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 Principal = new ClaimsPrincipal(identity),
                 Properties = properties
             };
-            
+
             await Options.Events.CreatingTicket(context);
 
             if (context.Principal?.Identity == null)
@@ -199,8 +198,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
+        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
             var properties = new AuthenticationProperties(context.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
@@ -257,8 +261,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return string.Join(" ", Options.Scope);
         }
 
-        protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
+        protected void GenerateCorrelationId(AuthenticationProperties properties)
         {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
             var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
 
             var nonceBytes = new byte[32];
@@ -276,8 +285,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
             Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
         }
 
-        protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
+        protected bool ValidateCorrelationId(AuthenticationProperties properties)
         {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
             var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
             var correlationCookie = Request.Cookies[correlationKey];
             if (string.IsNullOrEmpty(correlationCookie))
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index 5030fd9673..f9bca2c49b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -7,7 +7,6 @@ using System.Globalization;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
@@ -28,14 +27,44 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="loggerFactory"></param>
         /// <param name="options">Configuration options for the middleware.</param>
         public OAuthMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] IDataProtectionProvider dataProtectionProvider,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] TOptions options)
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            IOptions<SharedAuthenticationOptions> sharedOptions,
+            TOptions options)
             : base(next, options, loggerFactory, encoder)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (dataProtectionProvider == null)
+            {
+                throw new ArgumentNullException(nameof(dataProtectionProvider));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
+            if (sharedOptions == null)
+            {
+                throw new ArgumentNullException(nameof(sharedOptions));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             // todo: review error handling
             if (string.IsNullOrEmpty(Options.AuthenticationScheme))
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index d9d3429cfd..374ed755b5 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index e8bcf935df..20fc9c85ea 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -18,8 +17,13 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication([NotNull] this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions)
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
 
             var options = new OpenIdConnectOptions();
             if (configureOptions != null)
@@ -35,8 +39,18 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The application builder</param>
         /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
         /// <returns>The application builder</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication([NotNull] this IApplicationBuilder app, [NotNull] OpenIdConnectOptions options)
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<OpenIdConnectMiddleware>(options);
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 1c044332cc..0f5179a264 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -16,7 +16,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.Net.Http.Headers;
@@ -160,8 +159,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         /// <returns></returns>
         /// <remarks>Uses log id's OIDCH-0026 - OIDCH-0050, next num: 37</remarks>
-        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
+        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
             Logger.LogDebug(Resources.OIDCH_0026_ApplyResponseChallengeAsync, this.GetType());
 
             // order for local RedirectUri
@@ -727,7 +731,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="saveRefreshToken">A <see cref="bool"/> indicating whether the refresh token should be stored.</param>
         private void SaveTokens(ClaimsPrincipal principal, OpenIdConnectMessage message, bool saveRefreshToken)
         {
-            var identity = (ClaimsIdentity) principal.Identity;
+            var identity = (ClaimsIdentity)principal.Identity;
 
             if (!string.IsNullOrEmpty(message.AccessToken))
             {
@@ -827,8 +831,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return null;
         }
 
-        private void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
+        private void GenerateCorrelationId(AuthenticationProperties properties)
         {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
             var correlationKey = OpenIdConnectDefaults.CookieStatePrefix;
 
             var nonceBytes = new byte[32];
@@ -847,8 +856,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             Response.Cookies.Append(correlationKey + correlationId, NonceProperty, cookieOptions);
         }
 
-        private bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
+        private bool ValidateCorrelationId(AuthenticationProperties properties)
         {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
             var correlationKey = OpenIdConnectDefaults.CookieStatePrefix;
 
             string correlationId;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index d2ccf3c1a9..8207eb4741 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -8,7 +8,6 @@ using System.Text;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
@@ -34,15 +33,50 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="options"></param>
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         public OpenIdConnectMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] IDataProtectionProvider dataProtectionProvider,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            [NotNull] IServiceProvider services,
-            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] OpenIdConnectOptions options)
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            IServiceProvider services,
+            IOptions<SharedAuthenticationOptions> sharedOptions,
+            OpenIdConnectOptions options)
             : base(next, options, loggerFactory, encoder)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (dataProtectionProvider == null)
+            {
+                throw new ArgumentNullException(nameof(dataProtectionProvider));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+
+            if (sharedOptions == null)
+            {
+                throw new ArgumentNullException(nameof(sharedOptions));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(sharedOptions.Value.SignInScheme))
             {
                 Options.SignInScheme = sharedOptions.Value.SignInScheme;
@@ -74,7 +108,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
             }
-            
+
             // if the user has not set the AuthorizeCallback, set it from the redirect_uri
             if (!Options.CallbackPath.HasValue)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 15fe781773..b2dd3f594f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta8-*"
     },
     "frameworks": {
@@ -18,7 +20,6 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Collections.Specialized": "4.0.1-beta-*",
                 "System.Net.Http": "4.0.1-beta-*"
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index 30ab884c80..6d3adeb1c9 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
@@ -56,8 +56,18 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// </summary>
         /// <param name="writer">The writer to use in writing the token</param>
         /// <param name="token">The token to write</param>
-        public static void Write([NotNull] BinaryWriter writer, [NotNull] RequestToken token)
+        public static void Write(BinaryWriter writer, RequestToken token)
         {
+            if (writer == null)
+            {
+                throw new ArgumentNullException(nameof(writer));
+            }
+
+            if (token == null)
+            {
+                throw new ArgumentNullException(nameof(token));
+            }
+
             writer.Write(FormatVersion);
             writer.Write(token.Token);
             writer.Write(token.TokenSecret);
@@ -70,8 +80,13 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// </summary>
         /// <param name="reader">The reader to use in reading the token bytes</param>
         /// <returns>The token</returns>
-        public static RequestToken Read([NotNull] BinaryReader reader)
+        public static RequestToken Read(BinaryReader reader)
         {
+            if (reader == null)
+            {
+                throw new ArgumentNullException(nameof(reader));
+            }
+
             if (reader.ReadInt32() != FormatVersion)
             {
                 return null;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 5a274c2413..baef3e96a8 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Twitter;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -12,8 +11,13 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class TwitterAppBuilderExtensions
     {
-        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, Action<TwitterOptions> configureOptions = null)
+        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, Action<TwitterOptions> configureOptions = null)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
             var options = new TwitterOptions();
             if (configureOptions != null)
             {
@@ -22,8 +26,18 @@ namespace Microsoft.AspNet.Builder
             return app.UseTwitterAuthentication(options);
         }
 
-        public static IApplicationBuilder UseTwitterAuthentication([NotNull] this IApplicationBuilder app, [NotNull] TwitterOptions options)
+        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, TwitterOptions options)
         {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             return app.UseMiddleware<TwitterMiddleware>(options);
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index c6e2ac1ea9..5bfbc5c731 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -14,7 +14,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.AspNet.WebUtilities;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.Primitives;
 
@@ -91,7 +90,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 Response.Cookies.Delete(StateCookie, cookieOptions);
 
                 var accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
-                
+
                 var identity = new ClaimsIdentity(new[]
                 {
                     new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
@@ -105,7 +104,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 {
                     identity.AddClaim(new Claim("access_token", accessToken.Token, ClaimValueTypes.String, Options.ClaimsIssuer));
                 }
-                
+
                 return await CreateTicketAsync(identity, properties, accessToken);
             }
             catch (Exception ex)
@@ -124,7 +123,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             };
 
             await Options.Events.CreatingTicket(context);
-            
+
             if (context.Principal?.Identity == null)
             {
                 return null;
@@ -133,8 +132,13 @@ namespace Microsoft.AspNet.Authentication.Twitter
             return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
+        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
             var properties = new AuthenticationProperties(context.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index ce5693f92e..268b6bec2d 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -7,7 +7,6 @@ using System.Globalization;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.OptionsModel;
 using Microsoft.Framework.WebEncoders;
@@ -33,14 +32,44 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <param name="options">Configuration options for the middleware</param>
         /// <param name="configureOptions"></param>
         public TwitterMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] IDataProtectionProvider dataProtectionProvider,
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder,
-            [NotNull] IOptions<SharedAuthenticationOptions> sharedOptions,
-            [NotNull] TwitterOptions options)
+            RequestDelegate next,
+            IDataProtectionProvider dataProtectionProvider,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder,
+            IOptions<SharedAuthenticationOptions> sharedOptions,
+            TwitterOptions options)
             : base(next, options, loggerFactory, encoder)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (dataProtectionProvider == null)
+            {
+                throw new ArgumentNullException(nameof(dataProtectionProvider));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
+            if (sharedOptions == null)
+            {
+                throw new ArgumentNullException(nameof(sharedOptions));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             if (string.IsNullOrEmpty(Options.ConsumerSecret))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerSecret)));
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index c0268cc5d0..b117d8c4ec 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -5,9 +5,11 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
-        "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" }
+        "Microsoft.AspNet.Authentication": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index d576f1014c..5990d12358 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -63,8 +63,28 @@ namespace Microsoft.AspNet.Authentication
         /// <param name="context">The utility object to observe the current request and response</param>
         /// <param name="logger">The logging factory used to create loggers</param>
         /// <returns>async completion</returns>
-        public async Task InitializeAsync([NotNull] TOptions options, [NotNull] HttpContext context, [NotNull] ILogger logger, [NotNull] IUrlEncoder encoder)
+        public async Task InitializeAsync(TOptions options, HttpContext context, ILogger logger, IUrlEncoder encoder)
         {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (logger == null)
+            {
+                throw new ArgumentNullException(nameof(logger));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
             Options = options;
             Context = context;
             OriginalPathBase = Request.PathBase;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index 9736325570..15dcce5bcd 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -5,7 +5,6 @@ using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.Logging;
 using Microsoft.Framework.WebEncoders;
 
@@ -16,11 +15,31 @@ namespace Microsoft.AspNet.Authentication
         private readonly RequestDelegate _next;
 
         protected AuthenticationMiddleware(
-            [NotNull] RequestDelegate next, 
-            [NotNull] TOptions options, 
-            [NotNull] ILoggerFactory loggerFactory,
-            [NotNull] IUrlEncoder encoder)
+            RequestDelegate next,
+            TOptions options,
+            ILoggerFactory loggerFactory,
+            IUrlEncoder encoder)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            if (loggerFactory == null)
+            {
+                throw new ArgumentNullException(nameof(loggerFactory));
+            }
+
+            if (encoder == null)
+            {
+                throw new ArgumentNullException(nameof(encoder));
+            }
+
             Options = options;
             Logger = loggerFactory.CreateLogger(this.GetType().FullName);
             UrlEncoder = encoder;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index fbe65663e2..286238b50f 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -3,21 +3,35 @@
 
 using System;
 using Microsoft.AspNet.Authentication;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
     public static class AuthenticationServiceCollectionExtensions
     {
-        public static IServiceCollection AddAuthentication([NotNull] this IServiceCollection services)
+        public static IServiceCollection AddAuthentication(this IServiceCollection services)
         {
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+
             services.AddWebEncoders();
             services.AddDataProtection();
             return services;
         }
 
-        public static IServiceCollection AddAuthentication([NotNull] this IServiceCollection services, [NotNull] Action<SharedAuthenticationOptions> configureOptions)
+        public static IServiceCollection AddAuthentication(this IServiceCollection services, Action<SharedAuthenticationOptions> configureOptions)
         {
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
+
             services.Configure(configureOptions);
             return services.AddAuthentication();
         }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index b4c95310c4..2d2f3461ba 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -13,9 +13,19 @@ namespace Microsoft.AspNet.Authentication
         private readonly RequestDelegate _next;
 
         public ClaimsTransformationMiddleware(
-            [NotNull] RequestDelegate next,
-            [NotNull] ClaimsTransformationOptions options)
+            RequestDelegate next,
+            ClaimsTransformationOptions options)
         {
+            if (next == null)
+            {
+                throw new ArgumentNullException(nameof(next));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
             Options = options;
             _next = next;
         }
@@ -26,7 +36,8 @@ namespace Microsoft.AspNet.Authentication
         {
             var handler = new ClaimsTransformationHandler(Options.Transformer);
             handler.RegisterAuthenticationHandler(context.GetAuthentication());
-            try {
+            try
+            {
                 if (Options.Transformer != null)
                 {
                     context.User = await Options.Transformer.TransformAsync(context.User);
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
index 462a5e3163..e6d6bc1d81 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -41,8 +41,18 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationProperties properties)
+        public virtual void Write(BinaryWriter writer, AuthenticationProperties properties)
         {
+            if (writer == null)
+            {
+                throw new ArgumentNullException(nameof(writer));
+            }
+
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
             writer.Write(FormatVersion);
             writer.Write(properties.Items.Count);
 
@@ -53,8 +63,13 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual AuthenticationProperties Read([NotNull] BinaryReader reader)
+        public virtual AuthenticationProperties Read(BinaryReader reader)
         {
+            if (reader == null)
+            {
+                throw new ArgumentNullException(nameof(reader));
+            }
+
             if (reader.ReadInt32() != FormatVersion)
             {
                 return null;
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
index 1568f58ec2..44d304004f 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
@@ -5,7 +5,6 @@ using System;
 using System.IO;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -39,8 +38,18 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual void Write([NotNull] BinaryWriter writer, [NotNull] AuthenticationTicket ticket)
+        public virtual void Write(BinaryWriter writer, AuthenticationTicket ticket)
         {
+            if (writer == null)
+            {
+                throw new ArgumentNullException(nameof(writer));
+            }
+
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+
             writer.Write(FormatVersion);
             writer.Write(ticket.AuthenticationScheme);
 
@@ -61,8 +70,18 @@ namespace Microsoft.AspNet.Authentication
             PropertiesSerializer.Default.Write(writer, ticket.Properties);
         }
 
-        protected virtual void WriteIdentity([NotNull] BinaryWriter writer, [NotNull] ClaimsIdentity identity)
+        protected virtual void WriteIdentity(BinaryWriter writer, ClaimsIdentity identity)
         {
+            if (writer == null)
+            {
+                throw new ArgumentNullException(nameof(writer));
+            }
+
+            if (identity == null)
+            {
+                throw new ArgumentNullException(nameof(identity));
+            }
+
             var authenticationType = identity.AuthenticationType ?? string.Empty;
 
             writer.Write(authenticationType);
@@ -99,8 +118,18 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        protected virtual void WriteClaim([NotNull] BinaryWriter writer, [NotNull] Claim claim)
+        protected virtual void WriteClaim(BinaryWriter writer, Claim claim)
         {
+            if (writer == null)
+            {
+                throw new ArgumentNullException(nameof(writer));
+            }
+
+            if (claim == null)
+            {
+                throw new ArgumentNullException(nameof(claim));
+            }
+
             WriteWithDefault(writer, claim.Type, claim.Subject?.NameClaimType ?? ClaimsIdentity.DefaultNameClaimType);
             writer.Write(claim.Value);
             WriteWithDefault(writer, claim.ValueType, ClaimValueTypes.String);
@@ -117,8 +146,13 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public virtual AuthenticationTicket Read([NotNull] BinaryReader reader)
+        public virtual AuthenticationTicket Read(BinaryReader reader)
         {
+            if (reader == null)
+            {
+                throw new ArgumentNullException(nameof(reader));
+            }
+
             if (reader.ReadInt32() != FormatVersion)
             {
                 return null;
@@ -145,8 +179,13 @@ namespace Microsoft.AspNet.Authentication
             return new AuthenticationTicket(new ClaimsPrincipal(identities), properties, scheme);
         }
 
-        protected virtual ClaimsIdentity ReadIdentity([NotNull] BinaryReader reader)
+        protected virtual ClaimsIdentity ReadIdentity(BinaryReader reader)
         {
+            if (reader == null)
+            {
+                throw new ArgumentNullException(nameof(reader));
+            }
+
             var authenticationType = reader.ReadString();
             var nameClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultNameClaimType);
             var roleClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultRoleClaimType);
@@ -181,8 +220,18 @@ namespace Microsoft.AspNet.Authentication
             return identity;
         }
 
-        protected virtual Claim ReadClaim([NotNull] BinaryReader reader, [NotNull] ClaimsIdentity identity)
+        protected virtual Claim ReadClaim(BinaryReader reader, ClaimsIdentity identity)
         {
+            if (reader == null)
+            {
+                throw new ArgumentNullException(nameof(reader));
+            }
+
+            if (identity == null)
+            {
+                throw new ArgumentNullException(nameof(identity));
+            }
+
             var type = ReadWithDefault(reader, identity.NameClaimType);
             var value = reader.ReadString();
             var valueType = ReadWithDefault(reader, ClaimValueTypes.String);
@@ -193,7 +242,7 @@ namespace Microsoft.AspNet.Authentication
 
             // Read the number of properties stored in the claim.
             var count = reader.ReadInt32();
-            
+
             for (var index = 0; index != count; ++index)
             {
                 var key = reader.ReadString();
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 0c36e3000c..656d0b2f22 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -5,12 +5,14 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.SecurityHelper.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Microsoft.Framework.WebEncoders": "1.0.0-*"
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
index 54f6b6bbc4..93f4da651d 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -18,10 +18,15 @@ namespace Microsoft.AspNet.Authorization
         private bool _succeedCalled;
 
         public AuthorizationContext(
-            [NotNull] IEnumerable<IAuthorizationRequirement> requirements, 
+            IEnumerable<IAuthorizationRequirement> requirements,
             ClaimsPrincipal user,
             object resource)
         {
+            if (requirements == null)
+            {
+                throw new ArgumentNullException(nameof(requirements));
+            }
+
             Requirements = requirements;
             User = user;
             Resource = resource;
@@ -36,7 +41,8 @@ namespace Microsoft.AspNet.Authorization
 
         public bool HasFailed { get { return _failCalled; } }
 
-        public bool HasSucceeded {
+        public bool HasSucceeded
+        {
             get
             {
                 return !_failCalled && _succeedCalled && !PendingRequirements.Any();
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
index c2931a52cb..66627b458c 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -16,21 +15,46 @@ namespace Microsoft.AspNet.Authorization
         /// </summary>
         public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
 
-        public void AddPolicy([NotNull] string name, [NotNull] AuthorizationPolicy policy)
+        public void AddPolicy(string name, AuthorizationPolicy policy)
         {
+            if (name == null)
+            {
+                throw new ArgumentNullException(nameof(name));
+            }
+
+            if (policy == null)
+            {
+                throw new ArgumentNullException(nameof(policy));
+            }
+
             PolicyMap[name] = policy;
         }
 
-        public void AddPolicy([NotNull] string name, [NotNull] Action<AuthorizationPolicyBuilder> configurePolicy)
+        public void AddPolicy(string name, Action<AuthorizationPolicyBuilder> configurePolicy)
         {
+            if (name == null)
+            {
+                throw new ArgumentNullException(nameof(name));
+            }
+
+            if (configurePolicy == null)
+            {
+                throw new ArgumentNullException(nameof(configurePolicy));
+            }
+
             var policyBuilder = new AuthorizationPolicyBuilder();
             configurePolicy(policyBuilder);
             PolicyMap[name] = policyBuilder.Build();
         }
 
-        public AuthorizationPolicy GetPolicy([NotNull] string name)
+        public AuthorizationPolicy GetPolicy(string name)
         {
+            if (name == null)
+            {
+                throw new ArgumentNullException(nameof(name));
+            }
+
             return PolicyMap.ContainsKey(name) ? PolicyMap[name] : null;
         }
-   }
+    }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 1efb4afd24..bb7af889bc 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -4,14 +4,23 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationPolicy
     {
-        public AuthorizationPolicy([NotNull] IEnumerable<IAuthorizationRequirement> requirements, [NotNull] IEnumerable<string> activeAuthenticationSchemes)
+        public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> activeAuthenticationSchemes)
         {
+            if (requirements == null)
+            {
+                throw new ArgumentNullException(nameof(requirements));
+            }
+
+            if (activeAuthenticationSchemes == null)
+            {
+                throw new ArgumentNullException(nameof(activeAuthenticationSchemes));
+            }
+
             if (requirements.Count() == 0)
             {
                 throw new InvalidOperationException(Resources.Exception_AuthorizationPolicyEmpty);
@@ -23,13 +32,23 @@ namespace Microsoft.AspNet.Authorization
         public IReadOnlyList<IAuthorizationRequirement> Requirements { get; }
         public IReadOnlyList<string> ActiveAuthenticationSchemes { get; }
 
-        public static AuthorizationPolicy Combine([NotNull] params AuthorizationPolicy[] policies)
+        public static AuthorizationPolicy Combine(params AuthorizationPolicy[] policies)
         {
+            if (policies == null)
+            {
+                throw new ArgumentNullException(nameof(policies));
+            }
+
             return Combine((IEnumerable<AuthorizationPolicy>)policies);
         }
 
-        public static AuthorizationPolicy Combine([NotNull] IEnumerable<AuthorizationPolicy> policies)
+        public static AuthorizationPolicy Combine(IEnumerable<AuthorizationPolicy> policies)
         {
+            if (policies == null)
+            {
+                throw new ArgumentNullException(nameof(policies));
+            }
+
             var builder = new AuthorizationPolicyBuilder();
             foreach (var policy in policies)
             {
@@ -38,8 +57,18 @@ namespace Microsoft.AspNet.Authorization
             return builder.Build();
         }
 
-        public static AuthorizationPolicy Combine([NotNull] AuthorizationOptions options, [NotNull] IEnumerable<AuthorizeAttribute> attributes)
+        public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<AuthorizeAttribute> attributes)
         {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            if (attributes == null)
+            {
+                throw new ArgumentNullException(nameof(attributes));
+            }
+
             var policyBuilder = new AuthorizationPolicyBuilder();
             var any = false;
             foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>())
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index 7cc20d06b3..331317fef6 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -41,43 +40,78 @@ namespace Microsoft.AspNet.Authorization
             return this;
         }
 
-        public AuthorizationPolicyBuilder Combine([NotNull] AuthorizationPolicy policy)
+        public AuthorizationPolicyBuilder Combine(AuthorizationPolicy policy)
         {
+            if (policy == null)
+            {
+                throw new ArgumentNullException(nameof(policy));
+            }
+
             AddAuthenticationSchemes(policy.ActiveAuthenticationSchemes.ToArray());
             AddRequirements(policy.Requirements.ToArray());
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType, params string[] requiredValues)
+        public AuthorizationPolicyBuilder RequireClaim(string claimType, params string[] requiredValues)
         {
+            if (claimType == null)
+            {
+                throw new ArgumentNullException(nameof(claimType));
+            }
+
             return RequireClaim(claimType, (IEnumerable<string>)requiredValues);
         }
 
-        public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType, IEnumerable<string> requiredValues)
+        public AuthorizationPolicyBuilder RequireClaim(string claimType, IEnumerable<string> requiredValues)
         {
+            if (claimType == null)
+            {
+                throw new ArgumentNullException(nameof(claimType));
+            }
+
             Requirements.Add(new ClaimsAuthorizationRequirement(claimType, requiredValues));
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequireClaim([NotNull] string claimType)
+        public AuthorizationPolicyBuilder RequireClaim(string claimType)
         {
+            if (claimType == null)
+            {
+                throw new ArgumentNullException(nameof(claimType));
+            }
+
             Requirements.Add(new ClaimsAuthorizationRequirement(claimType, allowedValues: null));
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequireRole([NotNull] params string[] roles)
+        public AuthorizationPolicyBuilder RequireRole(params string[] roles)
         {
+            if (roles == null)
+            {
+                throw new ArgumentNullException(nameof(roles));
+            }
+
             return RequireRole((IEnumerable<string>)roles);
         }
 
-        public AuthorizationPolicyBuilder RequireRole([NotNull] IEnumerable<string> roles)
+        public AuthorizationPolicyBuilder RequireRole(IEnumerable<string> roles)
         {
+            if (roles == null)
+            {
+                throw new ArgumentNullException(nameof(roles));
+            }
+
             Requirements.Add(new RolesAuthorizationRequirement(roles));
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequireUserName([NotNull] string userName)
+        public AuthorizationPolicyBuilder RequireUserName(string userName)
         {
+            if (userName == null)
+            {
+                throw new ArgumentNullException(nameof(userName));
+            }
+
             Requirements.Add(new NameAuthorizationRequirement(userName));
             return this;
         }
@@ -88,8 +122,13 @@ namespace Microsoft.AspNet.Authorization
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequireDelegate([NotNull] Action<AuthorizationContext, DelegateRequirement> handler)
+        public AuthorizationPolicyBuilder RequireDelegate(Action<AuthorizationContext, DelegateRequirement> handler)
         {
+            if (handler == null)
+            {
+                throw new ArgumentNullException(nameof(handler));
+            }
+
             Requirements.Add(new DelegateRequirement(handler));
             return this;
         }
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
index 2d085a7902..4b1015ade6 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -4,22 +4,36 @@
 using System;
 using Microsoft.AspNet.Authorization;
 using Microsoft.Framework.DependencyInjection.Extensions;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.Framework.DependencyInjection
 {
     public static class AuthorizationServiceCollectionExtensions
     {
-        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services)
+        public static IServiceCollection AddAuthorization(this IServiceCollection services)
         {
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+
             services.AddOptions();
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             return services;
         }
 
-        public static IServiceCollection AddAuthorization([NotNull] this IServiceCollection services, [NotNull] Action<AuthorizationOptions> configure)
+        public static IServiceCollection AddAuthorization(this IServiceCollection services, Action<AuthorizationOptions> configure)
         {
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+
+            if (configure == null)
+            {
+                throw new ArgumentNullException(nameof(configure));
+            }
+
             services.Configure(configure);
             return services.AddAuthorization();
         }
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
index 27b74c4a5b..5ab5b03e73 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -17,8 +17,18 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource"></param>
         /// <param name="requirement"></param>
         /// <returns></returns>
-        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] IAuthorizationRequirement requirement)
+        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
         {
+            if (service == null)
+            {
+                throw new ArgumentNullException(nameof(service));
+            }
+
+            if (requirement == null)
+            {
+                throw new ArgumentNullException(nameof(requirement));
+            }
+
             return service.AuthorizeAsync(user, resource, new IAuthorizationRequirement[] { requirement });
         }
 
@@ -30,8 +40,18 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource">The resource the policy should be checked with.</param>
         /// <param name="policy">The policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, object resource, [NotNull] AuthorizationPolicy policy)
+        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, AuthorizationPolicy policy)
         {
+            if (service == null)
+            {
+                throw new ArgumentNullException(nameof(service));
+            }
+
+            if (policy == null)
+            {
+                throw new ArgumentNullException(nameof(policy));
+            }
+
             return service.AuthorizeAsync(user, resource, policy.Requirements.ToArray());
         }
 
@@ -42,8 +62,18 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="user">The user to check the policy against.</param>
         /// <param name="policy">The policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] AuthorizationPolicy policy)
+        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, AuthorizationPolicy policy)
         {
+            if (service == null)
+            {
+                throw new ArgumentNullException(nameof(service));
+            }
+
+            if (policy == null)
+            {
+                throw new ArgumentNullException(nameof(policy));
+            }
+
             return service.AuthorizeAsync(user, resource: null, policy: policy);
         }
 
@@ -54,8 +84,18 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="user">The user to check the policy against.</param>
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        public static Task<bool> AuthorizeAsync([NotNull] this IAuthorizationService service, ClaimsPrincipal user, [NotNull] string policyName)
+        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, string policyName)
         {
+            if (service == null)
+            {
+                throw new ArgumentNullException(nameof(service));
+            }
+
+            if (policyName == null)
+            {
+                throw new ArgumentNullException(nameof(policyName));
+            }
+
             return service.AuthorizeAsync(user, resource: null, policyName: policyName);
         }
     }
diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
index fa061d28c8..905e74f39a 100644
--- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -12,8 +11,13 @@ namespace Microsoft.AspNet.Authorization
     // If AllowedValues is null or empty, that means any claim is valid
     public class ClaimsAuthorizationRequirement : AuthorizationHandler<ClaimsAuthorizationRequirement>, IAuthorizationRequirement
     {
-        public ClaimsAuthorizationRequirement([NotNull] string claimType, IEnumerable<string> allowedValues)
+        public ClaimsAuthorizationRequirement(string claimType, IEnumerable<string> allowedValues)
         {
+            if (claimType == null)
+            {
+                throw new ArgumentNullException(nameof(claimType));
+            }
+
             ClaimType = claimType;
             AllowedValues = allowedValues;
         }
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index 4095c623e7..b18c92031d 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Framework.Internal;
 using Microsoft.Framework.OptionsModel;
 
 namespace Microsoft.AspNet.Authorization
@@ -21,8 +21,13 @@ namespace Microsoft.AspNet.Authorization
             _options = options.Value;
         }
 
-        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements)
+        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
         {
+            if (requirements == null)
+            {
+                throw new ArgumentNullException(nameof(requirements));
+            }
+
             var authContext = new AuthorizationContext(requirements, user, resource);
             foreach (var handler in _handlers)
             {
@@ -33,6 +38,11 @@ namespace Microsoft.AspNet.Authorization
 
         public Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
         {
+            if (policyName == null)
+            {
+                throw new ArgumentNullException(nameof(policyName));
+            }
+
             var policy = _options.GetPolicy(policyName);
             return (policy == null)
                 ? Task.FromResult(false)
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
index 1afa0ae5dd..a9dbe06cdd 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
@@ -4,7 +4,6 @@
 using System.Collections.Generic;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -20,7 +19,7 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource"></param>
         /// <param name="requirements"></param>
         /// <returns></returns>
-        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] IEnumerable<IAuthorizationRequirement> requirements);
+        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements);
 
         /// <summary>
         /// Checks if a user meets a specific authorization policy
@@ -29,6 +28,6 @@ namespace Microsoft.AspNet.Authorization
         /// <param name="resource">The resource the policy should be checked with.</param>
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
-        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, [NotNull] string policyName);
+        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
index 5798a0efd0..45820e6a9a 100644
--- a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
@@ -2,9 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -13,8 +11,13 @@ namespace Microsoft.AspNet.Authorization
     /// </summary>
     public class NameAuthorizationRequirement : AuthorizationHandler<NameAuthorizationRequirement>, IAuthorizationRequirement
     {
-        public NameAuthorizationRequirement([NotNull] string requiredName)
+        public NameAuthorizationRequirement(string requiredName)
         {
+            if (requiredName == null)
+            {
+                throw new ArgumentNullException(nameof(requiredName));
+            }
+
             RequiredName = requiredName;
         }
 
diff --git a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
index 8521c43c12..fb8647d75e 100644
--- a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Framework.Internal;
 
 namespace Microsoft.AspNet.Authorization
 {
@@ -12,8 +11,13 @@ namespace Microsoft.AspNet.Authorization
     // If AllowedRoles is null or empty, that means any role is valid
     public class RolesAuthorizationRequirement : AuthorizationHandler<RolesAuthorizationRequirement>, IAuthorizationRequirement
     {
-        public RolesAuthorizationRequirement([NotNull] IEnumerable<string> allowedRoles)
+        public RolesAuthorizationRequirement(IEnumerable<string> allowedRoles)
         {
+            if (allowedRoles == null)
+            {
+                throw new ArgumentNullException(nameof(allowedRoles));
+            }
+
             if (allowedRoles.Count() == 0)
             {
                 throw new InvalidOperationException(Resources.Exception_RoleRequirementEmpty);
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 7d2e324d5c..92768710bc 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -5,10 +5,12 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.Http.Features": "1.0.0-*",
         "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.CookiePolicy/project.json b/src/Microsoft.AspNet.CookiePolicy/project.json
index 6d78e5eb89..252f0867ec 100644
--- a/src/Microsoft.AspNet.CookiePolicy/project.json
+++ b/src/Microsoft.AspNet.CookiePolicy/project.json
@@ -5,6 +5,9 @@
         "type": "git",
         "url": "git://github.com/aspnet/security"
     },
+    "compilationOptions": {
+        "warningsAsErrors": true
+    },
     "dependencies": {
         "Microsoft.AspNet.Http": "1.0.0-*"
     },

From 81a8f273ecd38eba61f2bcf42a021cd0623ce6c7 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 30 Sep 2015 11:16:25 -0700
Subject: [PATCH 355/900] Switching to release AzureAD feed

---
 NuGet.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.config b/NuGet.config
index 9a4755a7ca..da0f6aea62 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -3,6 +3,6 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcirelease/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
-    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly" />
+    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstackrelease/api/v3/index.json" />
   </packageSources>
 </configuration>

From 52c8c5f58387ba22c7d1f442b53f0d4a70465cf6 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Thu, 1 Oct 2015 11:58:38 -0700
Subject: [PATCH 356/900] Update 'build.cmd' alias parameter to use full name.

---
 build.cmd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.cmd b/build.cmd
index 177997c42e..70d974a61f 100644
--- a/build.cmd
+++ b/build.cmd
@@ -30,7 +30,7 @@ IF "%SKIP_DNX_INSTALL%"=="1" goto run
 IF %BUILDCMD_DNX_VERSION%=="" (
 	CALL packages\KoreBuild\build\dnvm upgrade -runtime CLR -arch x86
 ) ELSE (
-	CALL packages\KoreBuild\build\dnvm install %BUILDCMD_DNX_VERSION% -runtime CLR -arch x86 -a default
+	CALL packages\KoreBuild\build\dnvm install %BUILDCMD_DNX_VERSION% -runtime CLR -arch x86 -alias default
 )
 CALL packages\KoreBuild\build\dnvm install default -runtime CoreCLR -arch x86
 

From 6c529eae7ac1d36ff9981d742aab44b83ed9d83d Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Sat, 3 Oct 2015 15:44:47 -0700
Subject: [PATCH 357/900] Renaming Microsoft.Framework.* ->
 Microsoft.Extensions.*

---
 samples/CookieSample/Startup.cs                           | 4 ++--
 samples/CookieSample/project.json                         | 2 +-
 samples/CookieSessionSample/MemoryCacheTicketStore.cs     | 4 ++--
 samples/CookieSessionSample/Startup.cs                    | 4 ++--
 samples/CookieSessionSample/project.json                  | 4 ++--
 samples/OpenIdConnectSample/Startup.cs                    | 6 +++---
 samples/OpenIdConnectSample/project.json                  | 2 +-
 samples/SocialSample/Startup.cs                           | 4 ++--
 samples/SocialSample/project.json                         | 2 +-
 .../ChunkingCookieManager.cs                              | 4 ++--
 .../CookieAuthenticationHandler.cs                        | 4 ++--
 .../CookieAuthenticationMiddleware.cs                     | 4 ++--
 .../CookieAuthenticationOptions.cs                        | 2 +-
 .../CookieServiceCollectionExtensions.cs                  | 4 ++--
 src/Microsoft.AspNet.Authentication.Cookies/project.json  | 2 +-
 .../FacebookMiddleware.cs                                 | 6 +++---
 .../GoogleHelper.cs                                       | 2 +-
 .../GoogleMiddleware.cs                                   | 6 +++---
 .../JwtBearerHandler.cs                                   | 2 +-
 .../JwtBearerMiddleware.cs                                | 4 ++--
 .../MicrosoftAccountMiddleware.cs                         | 6 +++---
 src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs | 4 ++--
 .../OAuthMiddleware.cs                                    | 6 +++---
 .../OpenIdConnectHandler.cs                               | 2 +-
 .../OpenIdConnectMiddleware.cs                            | 6 +++---
 .../OpenIdConnectOptions.cs                               | 2 +-
 .../TwitterHandler.cs                                     | 4 ++--
 .../TwitterMiddleware.cs                                  | 6 +++---
 .../AuthenticationHandler.cs                              | 6 +++---
 .../AuthenticationMiddleware.cs                           | 4 ++--
 .../AuthenticationServiceCollectionExtensions.cs          | 2 +-
 src/Microsoft.AspNet.Authentication/project.json          | 8 ++++----
 .../AuthorizationServiceCollectionExtensions.cs           | 4 ++--
 .../DefaultAuthorizationService.cs                        | 2 +-
 src/Microsoft.AspNet.Authorization/project.json           | 4 ++--
 .../AuthenticationHandlerFacts.cs                         | 4 ++--
 .../Cookies/CookieMiddlewareTests.cs                      | 2 +-
 .../Facebook/FacebookMiddlewareTests.cs                   | 4 ++--
 .../Google/GoogleMiddlewareTests.cs                       | 4 ++--
 .../JwtBearer/JwtBearerMiddlewareTests.cs                 | 2 +-
 .../MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs   | 4 ++--
 .../AuthenticationPropertiesFormaterKeyValue.cs           | 4 ++--
 .../OpenIdConnect/ExpectedQueryValues.cs                  | 2 +-
 .../OpenIdConnect/InMemoryLogger.cs                       | 4 ++--
 .../OpenIdConnect/InMemoryLoggerFactory.cs                | 4 ++--
 .../OpenIdConnect/LogEntry.cs                             | 4 ++--
 .../OpenIdConnect/LoggingUtilities.cs                     | 4 ++--
 .../OpenIdConnect/OpenIdConnectHandlerTests.cs            | 6 +++---
 .../OpenIdConnectMiddlewareForTestingAuthenticate.cs      | 8 ++++----
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs         | 4 ++--
 .../Twitter/TwitterMiddlewareTests.cs                     | 2 +-
 .../DefaultAuthorizationServiceTests.cs                   | 2 +-
 test/Microsoft.AspNet.Authorization.Test/project.json     | 2 +-
 test/Microsoft.AspNet.CookiePolicy.Test/project.json      | 2 +-
 54 files changed, 103 insertions(+), 103 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 6fd616bd7f..b21a6a85b9 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -3,8 +3,8 @@ using System.Security.Claims;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 
 namespace CookieSample
 {
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 1b7c3471ca..4464f21fe2 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -4,7 +4,7 @@
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.Framework.Logging.Console": "1.0.0-*",
+        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
         "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "commands": {
diff --git a/samples/CookieSessionSample/MemoryCacheTicketStore.cs b/samples/CookieSessionSample/MemoryCacheTicketStore.cs
index e308825edc..833ad35ac8 100644
--- a/samples/CookieSessionSample/MemoryCacheTicketStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheTicketStore.cs
@@ -1,8 +1,8 @@
-using System;
+using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.Framework.Caching.Memory;
+using Microsoft.Extensions.Caching.Memory;
 
 namespace CookieSessionSample
 {
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 941911ad73..3e89f67ca6 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -4,8 +4,8 @@ using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 
 namespace CookieSessionSample
 {
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 73a19f94e6..be0b1ae052 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -4,8 +4,8 @@
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.Caching.Memory": "1.0.0-*",
-        "Microsoft.Framework.Logging.Console": "1.0.0-*",
+        "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
+        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
         "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "commands": {
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 177e866d7b..2001cd979a 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,11 +1,11 @@
-using System.Linq;
+using System.Linq;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace OpenIdConnectSample
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 2dbf30c6bd..7397fe51e6 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -5,7 +5,7 @@
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.Logging.Console": "1.0.0-*",
+        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
         "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "frameworks": {
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 3ebe511560..9915784d72 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -9,8 +9,8 @@ using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
 
 namespace CookieSample
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 5e94c6d106..48b78d3584 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -8,7 +8,7 @@
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Framework.Logging.Console": "1.0.0-*",
+        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
         "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
     },
     "commands": {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
index 95838f409f..dbd94f844d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
@@ -6,8 +6,8 @@ using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Primitives;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Primitives;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index e8c100adf8..5ea99ad2b0 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -9,8 +9,8 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.Primitives;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index faa8fd99d9..bce9648b87 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -4,8 +4,8 @@
 using System;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index bf10e155b5..472ea80eac 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.OptionsModel;
+using Microsoft.Extensions.OptionsModel;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index 5fb59747b8..260539b551 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -3,9 +3,9 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.Framework.Configuration;
+using Microsoft.Extensions.Configuration;
 
-namespace Microsoft.Framework.DependencyInjection
+namespace Microsoft.Extensions.DependencyInjection
 {
     /// <summary>
     /// Extension methods provided by the cookies authentication middleware
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index c7aea2a71f..d767f187aa 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -10,7 +10,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Framework.WebEncoders": "1.0.0-*",
+        "Microsoft.Extensions.WebEncoders": "1.0.0-*",
         "Newtonsoft.Json": "6.0.6"
     },
     "frameworks": {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index b2893852e9..8976b93fe0 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -6,9 +6,9 @@ using System.Globalization;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
index a30e7d1fc2..5327ddcb2e 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.Framework.Internal;
+using Microsoft.Extensions.Internal;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.Google
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index 1d97d5ec5c..fe398c5f6e 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -6,9 +6,9 @@ using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index cc8a838331..9627c0e1f0 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -7,7 +7,7 @@ using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index 26e9e1e804..2a97054797 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -4,8 +4,8 @@
 using System;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 167baa9901..f93b0feca8 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -5,9 +5,9 @@ using System;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index fcf693b249..ea6803b496 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -13,8 +13,8 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.WebUtilities;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.Primitives;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index f9bca2c49b..d980a5e305 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -7,9 +7,9 @@ using System.Globalization;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 0f5179a264..231c082137 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -16,7 +16,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 8207eb4741..17b2d3b594 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -8,9 +8,9 @@ using System.Text;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index aa77d09040..91f4e1089e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -10,7 +10,7 @@ using System.Net.Http;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index 5bfbc5c731..38c0897d1d 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -14,8 +14,8 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.AspNet.WebUtilities;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.Primitives;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index 268b6bec2d..ec75f449ec 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -7,9 +7,9 @@ using System.Globalization;
 using System.Net.Http;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 5990d12358..2b256ee2bc 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -5,9 +5,9 @@ using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Framework.Internal;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Internal;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index 15dcce5bcd..ebf25c2174 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -5,8 +5,8 @@ using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
 {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index 286238b50f..a9ee391788 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -4,7 +4,7 @@
 using System;
 using Microsoft.AspNet.Authentication;
 
-namespace Microsoft.Framework.DependencyInjection
+namespace Microsoft.Extensions.DependencyInjection
 {
     public static class AuthenticationServiceCollectionExtensions
     {
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 656d0b2f22..c4132c0be1 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -12,10 +12,10 @@
         "Microsoft.AspNet.DataProtection": "1.0.0-*",
         "Microsoft.AspNet.Http": "1.0.0-*",
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Framework.SecurityHelper.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.Framework.OptionsModel": "1.0.0-*",
-        "Microsoft.Framework.WebEncoders": "1.0.0-*"
+        "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
+        "Microsoft.Extensions.SecurityHelper.Sources": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Extensions.OptionsModel": "1.0.0-*",
+        "Microsoft.Extensions.WebEncoders": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
index 4b1015ade6..f00d44a59c 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -3,9 +3,9 @@
 
 using System;
 using Microsoft.AspNet.Authorization;
-using Microsoft.Framework.DependencyInjection.Extensions;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 
-namespace Microsoft.Framework.DependencyInjection
+namespace Microsoft.Extensions.DependencyInjection
 {
     public static class AuthorizationServiceCollectionExtensions
     {
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index b18c92031d..9730ba0d9f 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -6,7 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Framework.OptionsModel;
+using Microsoft.Extensions.OptionsModel;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 92768710bc..a1513125b1 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -10,8 +10,8 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Http.Features": "1.0.0-*",
-        "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Framework.OptionsModel": "1.0.0-*"
+        "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
+        "Microsoft.Extensions.OptionsModel": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index 711e0f4b71..e0ea9720d6 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -8,8 +8,8 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.Primitives;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index a097d98292..5a38ca1ad1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -18,7 +18,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index f0cefe6561..efab3c54d1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -14,8 +14,8 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json;
 using Xunit;
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 617b6862a3..b6335093c1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -14,8 +14,8 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json;
 using Xunit;
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 96ea604ec5..efaef75e10 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -12,7 +12,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 8ad48c8fde..a7d8a8b095 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -14,8 +14,8 @@ using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json;
 using Xunit;
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
index 6aaf42bd39..66fab419fd 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
@@ -1,10 +1,10 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Text;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
index ff48272b7d..aae31676d1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
@@ -5,7 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Text;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
index 67a2668c6d..a8bdbe8be4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
@@ -1,10 +1,10 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
index bd65d09de5..3185e6518f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
@@ -1,8 +1,8 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
index 6f46195788..285d42a66c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
@@ -1,10 +1,10 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 // this controls if the logs are written to the console.
 // they can be reviewed for general content.
 
 using System;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
index f8886e4842..b8d9e6e0c9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 // this controls if the logs are written to the console.
 // they can be reviewed for general content.
@@ -6,7 +6,7 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
-using Microsoft.Framework.Logging;
+using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 1cb1cb5890..d01f3e6d63 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -13,9 +13,9 @@ using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index 46c04ab7a9..b144e838d9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -1,13 +1,13 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
-using Microsoft.Framework.Logging;
-using Microsoft.Framework.OptionsModel;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 8675319307..8b6eaf4d44 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -16,8 +16,8 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
-using Microsoft.Framework.WebEncoders;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Moq;
 using Xunit;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 9b73806a90..d64474ae0a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -9,7 +9,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.TestHost;
-using Microsoft.Framework.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Twitter
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index e08dbeb003..fbf67ec15a 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -6,7 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Framework.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
 namespace Microsoft.AspNet.Authorization.Test
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index d00f53b651..7bbe7ed75b 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -4,7 +4,7 @@
   },
   "dependencies": {
     "Microsoft.AspNet.Authorization": "1.0.0-*",
-    "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+    "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
     "xunit.runner.aspnet": "2.0.0-aspnet-*"
   },
   "commands": {
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/project.json b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
index 588852a032..6303a9f6ac 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
@@ -5,7 +5,7 @@
     "dependencies": {
         "Microsoft.AspNet.CookiePolicy": "1.0.0-*",
         "Microsoft.AspNet.TestHost": "1.0.0-*",
-        "Microsoft.Framework.DependencyInjection": "1.0.0-*",
+        "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
         "xunit.runner.aspnet": "2.0.0-aspnet-*"
     },
     "commands": {

From 9e02ef9b7b94a3f1d55be3374a68e4160bbba914 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Sat, 3 Oct 2015 17:03:34 -0700
Subject: [PATCH 358/900] Fixing build break

---
 .../AuthenticationHandlerFacts.cs                 | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index e0ea9720d6..bd51958cf8 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -96,7 +96,10 @@ namespace Microsoft.AspNet.Authentication
                 var handler = new CountHandler();
                 var context = new DefaultHttpContext();
                 context.Features.Set<IHttpResponseFeature>(new TestResponse());
-                await handler.InitializeAsync(new CountOptions(), context, new LoggerFactory().CreateLogger("CountHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                await handler.InitializeAsync(
+                    new CountOptions(), context,
+                    new LoggerFactory().CreateLogger("CountHandler"),
+                    Extensions.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 handler.Options.AutomaticAuthentication = true;
                 return handler;
@@ -119,7 +122,10 @@ namespace Microsoft.AspNet.Authentication
                 var handler = new TestHandler();
                 var context = new DefaultHttpContext();
                 context.Features.Set<IHttpResponseFeature>(new TestResponse());
-                await handler.InitializeAsync(new TestOptions(), context, new LoggerFactory().CreateLogger("TestHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                await handler.InitializeAsync(
+                    new TestOptions(), context,
+                    new LoggerFactory().CreateLogger("TestHandler"),
+                    Extensions.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 return handler;
             }
@@ -149,7 +155,10 @@ namespace Microsoft.AspNet.Authentication
                 var handler = new TestAutoHandler();
                 var context = new DefaultHttpContext();
                 context.Features.Set<IHttpResponseFeature>(new TestResponse());
-                await handler.InitializeAsync(new TestAutoOptions(), context, new LoggerFactory().CreateLogger("TestAutoHandler"), Framework.WebEncoders.UrlEncoder.Default);
+                await handler.InitializeAsync(
+                    new TestAutoOptions(), context,
+                    new LoggerFactory().CreateLogger("TestAutoHandler"),
+                    Extensions.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 handler.Options.AutomaticAuthentication = auto;
                 return handler;

From 8d8943bcfe1efd441e161f959987240b5b17c62c Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 8 Oct 2015 17:02:43 -0700
Subject: [PATCH 359/900] Disable JWT Bearer test failing on Mono.

---
 .../JwtBearer/JwtBearerMiddlewareTests.cs                    | 5 ++++-
 test/Microsoft.AspNet.Authentication.Test/project.json       | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index efaef75e10..4728ef7515 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -12,6 +12,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
+using Microsoft.AspNet.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
@@ -19,7 +20,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     public class JwtBearerMiddlewareTests
     {
-        [Fact]
+        [ConditionalFact]
+        [FrameworkSkipCondition(RuntimeFrameworks.Mono)]
+        // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/179
         public async Task BearerTokenValidation()
         {
             var server = CreateServer(options =>
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 10f0e221a2..7ec802b3ba 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -12,6 +12,7 @@
     "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNet.DataProtection": "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "Microsoft.AspNet.Testing": "1.0.0-*",
     "Moq": "4.2.1312.1622",
     "xunit.runner.aspnet": "2.0.0-aspnet-*"
   },

From 7e9313648472f330d1c9f0e1aa2cc4e410e5be28 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Sat, 10 Oct 2015 19:09:23 -0700
Subject: [PATCH 360/900] React to aspnet/Universe#290 fix - pick up latest
 `build.cmd` and `build.sh` files - go back to Mono Beta feed (version 4.0.4)
 in Travis builds   - avoid frequent `mono .nuget/nuget.exe` failures   - skip
 test that fails with this Mono version

---
 .travis.yml                                   |  4 +--
 build.cmd                                     | 25 ++++++++++---------
 build.sh                                      | 12 +++++----
 .../DataHandler/TicketSerializerTests.cs      |  6 ++++-
 4 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 98c31725ef..c31316acec 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,6 @@
 language: csharp
 sudo: false
 mono:
-  - alpha
+  - beta
 script:
-  - ./build.sh --quiet verify
\ No newline at end of file
+  - ./build.sh --quiet verify
diff --git a/build.cmd b/build.cmd
index 70d974a61f..84dc87e480 100644
--- a/build.cmd
+++ b/build.cmd
@@ -18,22 +18,23 @@ md .nuget
 copy %CACHED_NUGET% .nuget\nuget.exe > nul
 
 :restore
-IF EXIST packages\KoreBuild goto run
+IF EXIST packages\Sake goto getdnx
 IF %BUILDCMD_KOREBUILD_VERSION%=="" (
-	.nuget\nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
+    .nuget\nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 ) ELSE (
-	.nuget\nuget.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
+    .nuget\nuget.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
 )
-.nuget\nuget.exe install Sake -ExcludeVersion -Out packages
+.nuget\NuGet.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
 
-IF "%SKIP_DNX_INSTALL%"=="1" goto run
-IF %BUILDCMD_DNX_VERSION%=="" (
-	CALL packages\KoreBuild\build\dnvm upgrade -runtime CLR -arch x86
+:getdnx
+IF "%SKIP_DNX_INSTALL%"=="" (
+    IF "%BUILDCMD_DNX_VERSION%"=="" (
+        BUILDCMD_DNX_VERSION=latest
+    )
+    CALL packages\KoreBuild\build\dnvm install %BUILDCMD_DNX_VERSION% -runtime CoreCLR -arch x86 -alias default
+    CALL packages\KoreBuild\build\dnvm install default -runtime CLR -arch x86 -alias default
 ) ELSE (
-	CALL packages\KoreBuild\build\dnvm install %BUILDCMD_DNX_VERSION% -runtime CLR -arch x86 -alias default
+    CALL packages\KoreBuild\build\dnvm use default -runtime CLR -arch x86
 )
-CALL packages\KoreBuild\build\dnvm install default -runtime CoreCLR -arch x86
 
-:run
-CALL packages\KoreBuild\build\dnvm use default -runtime CLR -arch x86
-packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
\ No newline at end of file
+packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
diff --git a/build.sh b/build.sh
index 0c66139817..da4e3fcd1c 100755
--- a/build.sh
+++ b/build.sh
@@ -24,18 +24,20 @@ if test ! -e .nuget; then
     cp $cachePath .nuget/nuget.exe
 fi
 
-if test ! -d packages/KoreBuild; then
+if test ! -d packages/Sake; then
     mono .nuget/nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
-    mono .nuget/nuget.exe install Sake -ExcludeVersion -Out packages
+    mono .nuget/nuget.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
 fi
 
 if ! type dnvm > /dev/null 2>&1; then
     source packages/KoreBuild/build/dnvm.sh
 fi
 
-if ! type dnx > /dev/null 2>&1; then
-    dnvm upgrade
+if ! type dnx > /dev/null 2>&1 || [ -z "$SKIP_DNX_INSTALL" ]; then
+    dnvm install latest -runtime coreclr -alias default
+    dnvm install default -runtime mono -alias default
+else
+    dnvm use default -runtime mono
 fi
 
 mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"
-
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
index 28811a9eca..a218209d44 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
@@ -6,6 +6,7 @@ using System.IO;
 using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Testing.xunit;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
@@ -97,7 +98,10 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        [Fact]
+        [ConditionalFact]
+        [FrameworkSkipCondition(
+            RuntimeFrameworks.Mono,
+            SkipReason = "Test fails with Mono 4.0.4. Build rarely reaches testing with Mono 4.2.1")]
         public void CanRoundTripClaimProperties()
         {
             var serializer = new TicketSerializer();

From 291997e9954537e2f3463a0d9d1666097b009b35 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 12 Oct 2015 11:08:53 -0700
Subject: [PATCH 361/900] React to IHttpResponseFeature changes.

---
 .../AuthenticationHandlerFacts.cs                            | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index bd51958cf8..b39693103f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -2,14 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.IO;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Primitives;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication
@@ -193,7 +192,7 @@ namespace Microsoft.AspNet.Authentication
                 }
             }
 
-            public IDictionary<string, StringValues> Headers
+            public IHeaderDictionary Headers
             {
                 get
                 {

From bfc1fcf4217eeec97583b530db22d087d39fecb3 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Mon, 12 Oct 2015 13:19:51 -0700
Subject: [PATCH 362/900] Fix local build break

---
 build.cmd | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/build.cmd b/build.cmd
index 84dc87e480..553e3929a0 100644
--- a/build.cmd
+++ b/build.cmd
@@ -4,8 +4,8 @@ cd %~dp0
 SETLOCAL
 SET NUGET_VERSION=latest
 SET CACHED_NUGET=%LocalAppData%\NuGet\nuget.%NUGET_VERSION%.exe
-SET BUILDCMD_KOREBUILD_VERSION=""
-SET BUILDCMD_DNX_VERSION=""
+SET BUILDCMD_KOREBUILD_VERSION=
+SET BUILDCMD_DNX_VERSION=
 
 IF EXIST %CACHED_NUGET% goto copynuget
 echo Downloading latest version of NuGet.exe...
@@ -19,7 +19,7 @@ copy %CACHED_NUGET% .nuget\nuget.exe > nul
 
 :restore
 IF EXIST packages\Sake goto getdnx
-IF %BUILDCMD_KOREBUILD_VERSION%=="" (
+IF "%BUILDCMD_KOREBUILD_VERSION%"=="" (
     .nuget\nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
 ) ELSE (
     .nuget\nuget.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
@@ -27,10 +27,10 @@ IF %BUILDCMD_KOREBUILD_VERSION%=="" (
 .nuget\NuGet.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
 
 :getdnx
+IF "%BUILDCMD_DNX_VERSION%"=="" (
+    SET BUILDCMD_DNX_VERSION=latest
+)
 IF "%SKIP_DNX_INSTALL%"=="" (
-    IF "%BUILDCMD_DNX_VERSION%"=="" (
-        BUILDCMD_DNX_VERSION=latest
-    )
     CALL packages\KoreBuild\build\dnvm install %BUILDCMD_DNX_VERSION% -runtime CoreCLR -arch x86 -alias default
     CALL packages\KoreBuild\build\dnvm install default -runtime CLR -arch x86 -alias default
 ) ELSE (

From 409b50269a9d85618a31f84a3ffc2868abb3eeea Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 14 Oct 2015 23:08:43 -0700
Subject: [PATCH 363/900] Add RemoteAuthenticationHandler base/error handling
 logic

---
 samples/CookieSample/Startup.cs               |   2 +-
 samples/CookieSessionSample/Startup.cs        |   2 +-
 samples/OpenIdConnectSample/Startup.cs        |   2 +-
 samples/SocialSample/Startup.cs               |   3 +-
 .../CookieAuthenticationHandler.cs            | 313 +++++++-----------
 .../Events/BaseCookieContext.cs               |  28 ++
 .../Events/CookieAuthenticationEvents.cs      |  11 -
 .../Events/CookieExceptionContext.cs          |  98 ------
 .../Events/CookieRedirectContext.cs           |   2 +-
 .../Events/CookieSignedInContext.cs           |   2 +-
 .../Events/CookieSigningInContext.cs          |   2 +-
 .../Events/CookieSigningOutContext.cs         |   2 +-
 .../Events/CookieValidatePrincipalContext.cs  |   2 +-
 .../Events/ICookieAuthenticationEvents.cs     |   6 -
 .../Events/AuthenticationFailedContext.cs     |   2 +-
 .../Events/BaseJwtBearerContext.cs            |  24 ++
 .../Events/JwtBearerChallengeContext.cs       |   2 +-
 .../Events/ReceivedTokenContext.cs            |   2 +-
 .../Events/ReceivingTokenContext.cs           |   2 +-
 .../Events/TokenValidatedContext.cs           |   2 +-
 .../JwtBearerHandler.cs                       |  26 +-
 .../Events/BaseValidatingContext.cs           | 113 -------
 .../Events/BaseValidatingTicketContext.cs     |  59 ----
 .../Events/IOAuthEvents.cs                    |   9 +-
 .../Events/OAuthChallengeContext.cs           |  31 --
 .../Events/OAuthCreatingTicketContext.cs      |   7 +-
 .../Events/OAuthEvents.cs                     |  16 +-
 .../OAuthRedirectToAuthorizationContext.cs    |   7 +-
 .../OAuthHandler.cs                           | 192 ++++-------
 .../OAuthMiddleware.cs                        |   9 +
 .../OAuthOptions.cs                           |  51 +--
 .../Events/AuthenticationCompletedContext.cs  |  15 -
 .../Events/AuthenticationFailedContext.cs     |   4 +-
 .../Events/AuthenticationValidatedContext.cs  |   4 +-
 .../AuthorizationCodeReceivedContext.cs       |   7 +-
 .../AuthorizationResponseReceivedContext.cs   |   4 +-
 .../Events/BaseOpenIdConnectContext.cs        |  27 ++
 .../Events/IOpenIdConnectEvents.cs            |   7 +-
 .../Events/MessageReceivedContext.cs          |   4 +-
 .../Events/OpenIdConnectEvents.cs             |   9 +-
 .../Events/RedirectContext.cs                 |   7 +-
 .../Events/TokenResponseReceivedContext.cs    |   8 +-
 .../Events/UserInformationReceivedContext.cs  |   4 +-
 .../OpenIdConnectHandler.cs                   | 123 ++-----
 .../OpenIdConnectMiddleware.cs                |  11 +-
 .../OpenIdConnectOptions.cs                   |  47 +--
 .../Properties/Resources.Designer.cs          |   4 +-
 .../Resources.resx                            |   2 +-
 .../Events/BaseTwitterContext.cs              |  26 ++
 .../Events/ITwitterEvents.cs                  |   9 +-
 .../Events/TwitterCreatingTicketContext.cs    |   5 +-
 .../Events/TwitterEvents.cs                   |  14 +-
 ...rRedirectToAuthorizationEndpointContext.cs |   2 +-
 .../TwitterHandler.cs                         | 219 ++++--------
 .../TwitterMiddleware.cs                      |   4 +
 .../TwitterOptions.cs                         |  48 +--
 .../AuthenticateResult.cs                     |  58 ++++
 .../AuthenticationHandler.cs                  |  74 +++--
 .../AuthenticationMiddleware.cs               |   3 +-
 .../AuthenticationOptions.cs                  |  13 +-
 .../Events/BaseContext`1.cs                   |  33 --
 .../Events/BaseControlContext.cs              |   4 +-
 .../Events/ErrorContext.cs                    |  26 ++
 .../Events/IRemoteAuthenticationEvents.cs     |  20 ++
 .../Events/RemoteAuthenticationEvents.cs      |  25 ++
 ...gInContext.cs => TicketReceivedContext.cs} |  21 +-
 .../RemoteAuthenticationHandler.cs            | 101 ++++++
 .../RemoteAuthenticationOptions.cs            |  53 +++
 .../project.json                              |  12 +-
 .../AuthorizationPolicy.cs                    |  12 +-
 .../AuthorizationPolicyBuilder.cs             |  16 +-
 .../AuthenticationHandlerFacts.cs             |  55 ++-
 .../Cookies/CookieMiddlewareTests.cs          |  15 +-
 .../Facebook/FacebookMiddlewareTests.cs       |  10 +-
 .../Google/GoogleMiddlewareTests.cs           | 185 ++++++++++-
 .../JwtBearer/JwtBearerMiddlewareTests.cs     |  14 +-
 .../MicrosoftAccountMiddlewareTests.cs        |   2 +-
 ...nIdConnectHandlerForTestingAuthenticate.cs |  10 +-
 .../OpenIdConnectHandlerTests.cs              |   1 +
 .../OpenIdConnectMiddlewareTests.cs           |   6 +-
 .../Twitter/TwitterMiddlewareTests.cs         |  18 +
 .../AuthorizationPolicyFacts.cs               |  12 +-
 82 files changed, 1095 insertions(+), 1347 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.Cookies/Events/CookieExceptionContext.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingTicketContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthChallengeContext.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
 create mode 100644 src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/AuthenticateResult.cs
 delete mode 100644 src/Microsoft.AspNet.Authentication/Events/BaseContext`1.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/Events/ErrorContext.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs
 rename src/Microsoft.AspNet.Authentication/Events/{SigningInContext.cs => TicketReceivedContext.cs} (56%)
 create mode 100644 src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index b21a6a85b9..2d77ae1bb4 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -21,7 +21,7 @@ namespace CookieSample
 
             app.UseCookieAuthentication(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
             });
 
             app.Run(async context =>
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 3e89f67ca6..5affb5afaf 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -22,7 +22,7 @@ namespace CookieSessionSample
 
             app.UseCookieAuthentication(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
                 options.SessionStore = new MemoryCacheTicketStore();
             });
 
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 2001cd979a..546d1f7640 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -23,7 +23,7 @@ namespace OpenIdConnectSample
 
             app.UseCookieAuthentication(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
             });
 
             app.UseOpenIdConnectAuthentication(options =>
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 9915784d72..4fd444ea89 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -29,7 +29,8 @@ namespace CookieSample
 
             app.UseCookieAuthentication(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
+                options.AutomaticChallenge = true;
                 options.LoginPath = new PathString("/login");
             });
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 5ea99ad2b0..f135c3f01f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -101,43 +101,28 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return ticket;
         }
 
-        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
-            AuthenticationTicket ticket = null;
-            try
+            var ticket = await EnsureCookieTicket();
+            if (ticket == null)
             {
-                ticket = await EnsureCookieTicket();
-                if (ticket == null)
-                {
-                    return null;
-                }
-
-                var context = new CookieValidatePrincipalContext(Context, ticket, Options);
-                await Options.Events.ValidatePrincipal(context);
-
-                if (context.Principal == null)
-                {
-                    return null;
-                }
-
-                if (context.ShouldRenew)
-                {
-                    _shouldRenew = true;
-                }
-
-                return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
+                return AuthenticateResult.Failed("No ticket.");
             }
-            catch (Exception exception)
+
+            var context = new CookieValidatePrincipalContext(Context, ticket, Options);
+            await Options.Events.ValidatePrincipal(context);
+
+            if (context.Principal == null)
             {
-                var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.Authenticate, exception, ticket);
-                await Options.Events.Exception(exceptionContext);
-                if (exceptionContext.Rethrow)
-                {
-                    throw;
-                }
-                return exceptionContext.Ticket;
+                return AuthenticateResult.Failed("No principal.");
             }
+
+            if (context.ShouldRenew)
+            {
+                _shouldRenew = true;
+            }
+
+            return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme));
         }
 
         private CookieOptions BuildCookieOptions()
@@ -167,8 +152,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return;
             }
 
-            var ticket = await HandleAuthenticateOnceAsync();
-            try
+            // REVIEW: Should this check if there was an error, and then if that error was already handled??
+            var ticket = (await HandleAuthenticateOnceAsync())?.Ticket;
+            if (ticket != null)
             {
                 if (_renewIssuedUtc.HasValue)
                 {
@@ -205,141 +191,105 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
                 await ApplyHeaders(shouldRedirectToReturnUrl: false);
             }
-            catch (Exception exception)
-            {
-                var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.FinishResponse, exception, ticket);
-                await Options.Events.Exception(exceptionContext);
-                if (exceptionContext.Rethrow)
-                {
-                    throw;
-                }
-            }
         }
 
         protected override async Task HandleSignInAsync(SignInContext signin)
         {
             var ticket = await EnsureCookieTicket();
-            try
+            var cookieOptions = BuildCookieOptions();
+
+            var signInContext = new CookieSigningInContext(
+                Context,
+                Options,
+                Options.AuthenticationScheme,
+                signin.Principal,
+                new AuthenticationProperties(signin.Properties),
+                cookieOptions);
+
+            DateTimeOffset issuedUtc;
+            if (signInContext.Properties.IssuedUtc.HasValue)
             {
-                var cookieOptions = BuildCookieOptions();
-
-                var signInContext = new CookieSigningInContext(
-                    Context,
-                    Options,
-                    Options.AuthenticationScheme,
-                    signin.Principal,
-                    new AuthenticationProperties(signin.Properties),
-                    cookieOptions);
-
-                DateTimeOffset issuedUtc;
-                if (signInContext.Properties.IssuedUtc.HasValue)
-                {
-                    issuedUtc = signInContext.Properties.IssuedUtc.Value;
-                }
-                else
-                {
-                    issuedUtc = Options.SystemClock.UtcNow;
-                    signInContext.Properties.IssuedUtc = issuedUtc;
-                }
-
-                if (!signInContext.Properties.ExpiresUtc.HasValue)
-                {
-                    signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
-                }
-
-                await Options.Events.SigningIn(signInContext);
-
-                if (signInContext.Properties.IsPersistent)
-                {
-                    var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
-                    signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
-                }
-
-                ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
-                if (Options.SessionStore != null)
-                {
-                    if (_sessionKey != null)
-                    {
-                        await Options.SessionStore.RemoveAsync(_sessionKey);
-                    }
-                    _sessionKey = await Options.SessionStore.StoreAsync(ticket);
-                    var principal = new ClaimsPrincipal(
-                        new ClaimsIdentity(
-                            new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
-                            Options.ClaimsIssuer));
-                    ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
-                }
-                var cookieValue = Options.TicketDataFormat.Protect(ticket);
-
-                Options.CookieManager.AppendResponseCookie(
-                    Context,
-                    Options.CookieName,
-                    cookieValue,
-                    signInContext.CookieOptions);
-
-                var signedInContext = new CookieSignedInContext(
-                    Context,
-                    Options,
-                    Options.AuthenticationScheme,
-                    signInContext.Principal,
-                    signInContext.Properties);
-
-                await Options.Events.SignedIn(signedInContext);
-
-                // Only redirect on the login path
-                var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
-                await ApplyHeaders(shouldRedirect);
+                issuedUtc = signInContext.Properties.IssuedUtc.Value;
             }
-            catch (Exception exception)
+            else
             {
-                var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.SignIn, exception, ticket);
-                await Options.Events.Exception(exceptionContext);
-                if (exceptionContext.Rethrow)
-                {
-                    throw;
-                }
+                issuedUtc = Options.SystemClock.UtcNow;
+                signInContext.Properties.IssuedUtc = issuedUtc;
             }
+
+            if (!signInContext.Properties.ExpiresUtc.HasValue)
+            {
+                signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
+            }
+
+            await Options.Events.SigningIn(signInContext);
+
+            if (signInContext.Properties.IsPersistent)
+            {
+                var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
+                signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
+            }
+
+            ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
+            if (Options.SessionStore != null)
+            {
+                if (_sessionKey != null)
+                {
+                    await Options.SessionStore.RemoveAsync(_sessionKey);
+                }
+                _sessionKey = await Options.SessionStore.StoreAsync(ticket);
+                var principal = new ClaimsPrincipal(
+                    new ClaimsIdentity(
+                        new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
+                        Options.ClaimsIssuer));
+                ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+            }
+            var cookieValue = Options.TicketDataFormat.Protect(ticket);
+
+            Options.CookieManager.AppendResponseCookie(
+                Context,
+                Options.CookieName,
+                cookieValue,
+                signInContext.CookieOptions);
+
+            var signedInContext = new CookieSignedInContext(
+                Context,
+                Options,
+                Options.AuthenticationScheme,
+                signInContext.Principal,
+                signInContext.Properties);
+
+            await Options.Events.SignedIn(signedInContext);
+
+            // Only redirect on the login path
+            var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
+            await ApplyHeaders(shouldRedirect);
         }
 
         protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
         {
             var ticket = await EnsureCookieTicket();
-            try
+            var cookieOptions = BuildCookieOptions();
+            if (Options.SessionStore != null && _sessionKey != null)
             {
-                var cookieOptions = BuildCookieOptions();
-                if (Options.SessionStore != null && _sessionKey != null)
-                {
-                    await Options.SessionStore.RemoveAsync(_sessionKey);
-                }
-
-                var context = new CookieSigningOutContext(
-                    Context,
-                    Options,
-                    cookieOptions);
-
-                await Options.Events.SigningOut(context);
-
-                Options.CookieManager.DeleteCookie(
-                    Context,
-                    Options.CookieName,
-                    context.CookieOptions);
-
-                // Only redirect on the logout path
-                var shouldRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
-                await ApplyHeaders(shouldRedirect);
-            }
-            catch (Exception exception)
-            {
-                var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.SignOut, exception, ticket);
-                await Options.Events.Exception(exceptionContext);
-                if (exceptionContext.Rethrow)
-                {
-                    throw;
-                }
+                await Options.SessionStore.RemoveAsync(_sessionKey);
             }
+
+            var context = new CookieSigningOutContext(
+                Context,
+                Options,
+                cookieOptions);
+
+            await Options.Events.SigningOut(context);
+
+            Options.CookieManager.DeleteCookie(
+                Context,
+                Options.CookieName,
+                context.CookieOptions);
+
+            // Only redirect on the logout path
+            var shouldRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
+            await ApplyHeaders(shouldRedirect);
         }
 
         private async Task ApplyHeaders(bool shouldRedirectToReturnUrl)
@@ -374,30 +324,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return path[0] == '/' && path[1] != '/' && path[1] != '\\';
         }
 
-        protected async override Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
-            try
-            {
-                var accessDeniedUri =
-                    Request.Scheme +
-                    "://" +
-                    Request.Host +
-                    OriginalPathBase +
-                    Options.AccessDeniedPath;
+            var accessDeniedUri =
+                Request.Scheme +
+                "://" +
+                Request.Host +
+                OriginalPathBase +
+                Options.AccessDeniedPath;
 
-                var redirectContext = new CookieRedirectContext(Context, Options, accessDeniedUri);
-                await Options.Events.RedirectToAccessDenied(redirectContext);
-            }
-            catch (Exception exception)
-            {
-                var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.Forbidden, exception, ticket: null);
-                await Options.Events.Exception(exceptionContext);
-                if (exceptionContext.Rethrow)
-                {
-                    throw;
-                }
-            }
+            var redirectContext = new CookieRedirectContext(Context, Options, accessDeniedUri);
+            await Options.Events.RedirectToAccessDenied(redirectContext);
             return true;
         }
 
@@ -409,28 +346,16 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
 
             var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri;
-            try
+            if (string.IsNullOrEmpty(redirectUri))
             {
-                if (string.IsNullOrEmpty(redirectUri))
-                {
-                    redirectUri = OriginalPathBase + Request.Path + Request.QueryString;
-                }
+                redirectUri = OriginalPathBase + Request.Path + Request.QueryString;
+            }
 
-                var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-                var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri));
-                await Options.Events.RedirectToLogin(redirectContext);
-            }
-            catch (Exception exception)
-            {
-                var exceptionContext = new CookieExceptionContext(Context, Options,
-                    CookieExceptionContext.ExceptionLocation.Unauthorized, exception, ticket: null);
-                await Options.Events.Exception(exceptionContext);
-                if (exceptionContext.Rethrow)
-                {
-                    throw;
-                }
-            }
+            var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
+            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri));
+            await Options.Events.RedirectToLogin(redirectContext);
             return true;
+
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs
new file mode 100644
index 0000000000..6a437551fe
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs
@@ -0,0 +1,28 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
+
+namespace Microsoft.AspNet.Authentication.Cookies
+{
+    public class BaseCookieContext : BaseContext
+    {
+        public BaseCookieContext(
+            HttpContext context,
+            CookieAuthenticationOptions options)
+            : base(context)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            Options = options;
+        }
+
+        public CookieAuthenticationOptions Options { get; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index b8b88060b5..43ad5b0e70 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -42,11 +42,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return Task.FromResult(0);
         };
 
-        /// <summary>
-        /// A delegate assigned to this property will be invoked when the related method is called.
-        /// </summary>
-        public Func<CookieExceptionContext, Task> OnException { get; set; } = context => Task.FromResult(0);
-
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
@@ -95,11 +90,5 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// </summary>
         /// <param name="context">Contains information about the event</param>
         public virtual Task RedirectToAccessDenied(CookieRedirectContext context) => OnRedirect(context);
-
-        /// <summary>
-        /// Implements the interface method by invoking the related delegate method.
-        /// </summary>
-        /// <param name="context">Contains information about the event</param>
-        public virtual Task Exception(CookieExceptionContext context) => OnException(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieExceptionContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieExceptionContext.cs
deleted file mode 100644
index 62ec2eb934..0000000000
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieExceptionContext.cs
+++ /dev/null
@@ -1,98 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Diagnostics.CodeAnalysis;
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication.Cookies
-{
-    /// <summary>
-    /// Context object passed to the ICookieAuthenticationProvider method Exception.
-    /// </summary>    
-    public class CookieExceptionContext : BaseContext<CookieAuthenticationOptions>
-    {
-        /// <summary>
-        /// Creates a new instance of the context object.
-        /// </summary>
-        /// <param name="context">The HTTP request context</param>
-        /// <param name="options">The middleware options</param>
-        /// <param name="location">The location of the exception</param>
-        /// <param name="exception">The exception thrown.</param>
-        /// <param name="ticket">The current ticket, if any.</param>
-        public CookieExceptionContext(
-            HttpContext context,
-            CookieAuthenticationOptions options,
-            ExceptionLocation location,
-            Exception exception,
-            AuthenticationTicket ticket)
-            : base(context, options)
-        {
-            Location = location;
-            Exception = exception;
-            Rethrow = true;
-            Ticket = ticket;
-        }
-
-        /// <summary>
-        /// The code paths where exceptions may be reported.
-        /// </summary>
-        [SuppressMessage("Microsoft.Design", "CA1034:NestedTypesShouldNotBeVisible", Scope = "type",
-            Target = "Microsoft.Owin.Security.Cookies.CookieExceptionContext+ExceptionLocation", Justification = "It is a directly related option.")]
-        public enum ExceptionLocation
-        {
-            /// <summary>
-            /// The exception was reported in the Authenticate code path.
-            /// </summary>
-            Authenticate,
-
-            /// <summary>
-            /// The exception was reported in the FinishResponse code path, during sign-in, sign-out, or refresh.
-            /// </summary>
-            FinishResponse,
-
-            /// <summary>
-            /// The exception was reported in the Unauthorized code path, during redirect generation.
-            /// </summary>
-            Unauthorized,
-
-            /// <summary>
-            /// The exception was reported in the Forbidden code path, during redirect generation.
-            /// </summary>
-            Forbidden,
-
-            /// <summary>
-            /// The exception was reported in the SignIn code path
-            /// </summary>
-            SignIn,
-
-            /// <summary>
-            /// The exception was reported in the SignOut code path
-            /// </summary>
-            SignOut,
-
-        }
-
-        /// <summary>
-        /// The code path the exception occurred in.
-        /// </summary>
-        public ExceptionLocation Location { get; private set; }
-
-        /// <summary>
-        /// The exception thrown.
-        /// </summary>
-        public Exception Exception { get; private set; }
-
-        /// <summary>
-        /// True if the exception should be re-thrown (default), false if it should be suppressed. 
-        /// </summary>
-        public bool Rethrow { get; set; }
-
-        /// <summary>
-        /// The current authentication ticket, if any.
-        /// In the AuthenticateAsync code path, if the given exception is not re-thrown then this ticket
-        /// will be returned to the application. The ticket may be replaced if needed.
-        /// </summary>
-        public AuthenticationTicket Ticket { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
index 0687b9d280..07a69dc358 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware 
     /// </summary>
-    public class CookieRedirectContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieRedirectContext : BaseCookieContext
     {
         /// <summary>
         /// Creates a new context object.
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
index d8ac62a24e..838f73e621 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SignedIn.
     /// </summary>    
-    public class CookieSignedInContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieSignedInContext : BaseCookieContext
     {
         /// <summary>
         /// Creates a new instance of the context object.
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
index 9bac7dc534..cf630fc31d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SigningIn.
     /// </summary>    
-    public class CookieSigningInContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieSigningInContext : BaseCookieContext
     {
         /// <summary>
         /// Creates a new instance of the context object.
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
index a529060ada..55a9c762d8 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SigningOut    
     /// </summary>
-    public class CookieSigningOutContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieSigningOutContext : BaseCookieContext
     {
         /// <summary>
         /// 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index a37f776d9e..af06533855 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationProvider method ValidatePrincipal.
     /// </summary>
-    public class CookieValidatePrincipalContext : BaseContext<CookieAuthenticationOptions>
+    public class CookieValidatePrincipalContext : BaseCookieContext
     {
         /// <summary>
         /// Creates a new instance of the context object.
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
index 9458b4f243..9c3cc912dd 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
@@ -60,11 +60,5 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// </summary>
         /// <param name="context">Contains information about the login session as well as information about the authentication cookie.</param>
         Task SigningOut(CookieSigningOutContext context);
-
-        /// <summary>
-        /// Called when an exception occurs during request or response processing.
-        /// </summary>
-        /// <param name="context">Contains information about the exception that occurred</param>
-        Task Exception(CookieExceptionContext context);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index 2ac80c4f73..f8848d210d 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -6,7 +6,7 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class AuthenticationFailedContext : BaseControlContext<JwtBearerOptions>
+    public class AuthenticationFailedContext : BaseJwtBearerContext
     {
         public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
new file mode 100644
index 0000000000..91dd8cea22
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
@@ -0,0 +1,24 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Authentication.JwtBearer
+{
+    public class BaseJwtBearerContext : BaseControlContext
+    {
+        public BaseJwtBearerContext(HttpContext context, JwtBearerOptions options)
+            : base(context)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            Options = options;
+        }
+
+        public JwtBearerOptions Options { get; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index b67c5b9e55..7a6ce6991a 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -5,7 +5,7 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class JwtBearerChallengeContext : BaseControlContext<JwtBearerOptions>
+    public class JwtBearerChallengeContext : BaseJwtBearerContext
     {
         public JwtBearerChallengeContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
index 1cf0eefb1b..0aadaf2a99 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
@@ -5,7 +5,7 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class ReceivedTokenContext : BaseControlContext<JwtBearerOptions>
+    public class ReceivedTokenContext : BaseJwtBearerContext
     {
         public ReceivedTokenContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
index 3f85c55214..b0d824f3f7 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
@@ -5,7 +5,7 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class ReceivingTokenContext : BaseControlContext<JwtBearerOptions>
+    public class ReceivingTokenContext : BaseJwtBearerContext
     {
         public ReceivingTokenContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index 3d95e4acc0..9ae2fa68aa 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -5,7 +5,7 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
-    public class ValidatedTokenContext : BaseControlContext<JwtBearerOptions>
+    public class ValidatedTokenContext : BaseJwtBearerContext
     {
         public ValidatedTokenContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 9627c0e1f0..79ca1a084d 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -20,7 +20,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
         /// </summary>
         /// <returns></returns>
-        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
             string token = null;
             try
@@ -32,12 +32,12 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 await Options.Events.ReceivingToken(receivingTokenContext);
                 if (receivingTokenContext.HandledResponse)
                 {
-                    return receivingTokenContext.AuthenticationTicket;
+                    return AuthenticateResult.Success(receivingTokenContext.AuthenticationTicket);
                 }
 
                 if (receivingTokenContext.Skipped)
                 {
-                    return null;
+                    return AuthenticateResult.Success(ticket: null);
                 }
 
                 // If application retrieved token from somewhere else, use that.
@@ -50,7 +50,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     // If no authorization header found, nothing to process further
                     if (string.IsNullOrEmpty(authorization))
                     {
-                        return null;
+                        return AuthenticateResult.Failed("No authorization header.");
                     }
 
                     if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
@@ -61,7 +61,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     // If no token found, no further work possible
                     if (string.IsNullOrEmpty(token))
                     {
-                        return null;
+                        return AuthenticateResult.Failed("No bearer token.");
                     }
                 }
 
@@ -74,12 +74,12 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 await Options.Events.ReceivedToken(receivedTokenContext);
                 if (receivedTokenContext.HandledResponse)
                 {
-                    return receivedTokenContext.AuthenticationTicket;
+                    return AuthenticateResult.Success(receivedTokenContext.AuthenticationTicket);
                 }
 
                 if (receivedTokenContext.Skipped)
                 {
-                    return null;
+                    return AuthenticateResult.Success(ticket: null);
                 }
 
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -118,18 +118,19 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         await Options.Events.ValidatedToken(validatedTokenContext);
                         if (validatedTokenContext.HandledResponse)
                         {
-                            return validatedTokenContext.AuthenticationTicket;
+                            return AuthenticateResult.Success(validatedTokenContext.AuthenticationTicket);
                         }
 
                         if (validatedTokenContext.Skipped)
                         {
-                            return null;
+                            return AuthenticateResult.Success(ticket: null);
                         }
 
-                        return ticket;
+                        return AuthenticateResult.Success(ticket);
                     }
                 }
 
+                // REVIEW: this maybe return an error instead?
                 throw new InvalidOperationException("No SecurityTokenValidator available for token: " + token ?? "null");
             }
             catch (Exception ex)
@@ -150,12 +151,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 await Options.Events.AuthenticationFailed(authenticationFailedContext);
                 if (authenticationFailedContext.HandledResponse)
                 {
-                    return authenticationFailedContext.AuthenticationTicket;
+                    return AuthenticateResult.Success(authenticationFailedContext.AuthenticationTicket);
                 }
-
                 if (authenticationFailedContext.Skipped)
                 {
-                    return null;
+                    return AuthenticateResult.Success(ticket: null);
                 }
 
                 throw;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingContext.cs
deleted file mode 100644
index 7ce31e63f8..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingContext.cs
+++ /dev/null
@@ -1,113 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    /// <summary>
-    /// Base class used for certain event contexts
-    /// </summary>
-    public abstract class BaseValidatingContext<TOptions> : BaseContext<TOptions>
-    {
-        /// <summary>
-        /// Initializes base class used for certain event contexts
-        /// </summary>
-        protected BaseValidatingContext(
-            HttpContext context,
-            TOptions options)
-            : base(context, options)
-        {
-        }
-
-        /// <summary>
-        /// True if application code has called any of the Validate methods on this context.
-        /// </summary>
-        public bool IsValidated { get; private set; }
-
-        /// <summary>
-        /// True if application code has called any of the SetError methods on this context.
-        /// </summary>
-        public bool HasError { get; private set; }
-
-        /// <summary>
-        /// The error argument provided when SetError was called on this context. This is eventually
-        /// returned to the client app as the OAuth "error" parameter.
-        /// </summary>
-        public string Error { get; private set; }
-
-        /// <summary>
-        /// The optional errorDescription argument provided when SetError was called on this context. This is eventually
-        /// returned to the client app as the OAuth "error_description" parameter.
-        /// </summary>
-        public string ErrorDescription { get; private set; }
-
-        /// <summary>
-        /// The optional errorUri argument provided when SetError was called on this context. This is eventually
-        /// returned to the client app as the OAuth "error_uri" parameter.
-        /// </summary>
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "error_uri is a string value in the protocol")]
-        public string ErrorUri { get; private set; }
-
-        /// <summary>
-        /// Marks this context as validated by the application. IsValidated becomes true and HasError becomes false as a result of calling.
-        /// </summary>
-        /// <returns>True if the validation has taken effect.</returns>
-        public virtual bool Validated()
-        {
-            IsValidated = true;
-            HasError = false;
-            return true;
-        }
-
-        /// <summary>
-        /// Marks this context as not validated by the application. IsValidated and HasError become false as a result of calling.
-        /// </summary>
-        public virtual void Rejected()
-        {
-            IsValidated = false;
-            HasError = false;
-        }
-
-        /// <summary>
-        /// Marks this context as not validated by the application and assigns various error information properties. 
-        /// HasError becomes true and IsValidated becomes false as a result of calling.
-        /// </summary>
-        /// <param name="error">Assigned to the Error property</param>
-        public void SetError(string error)
-        {
-            SetError(error, null);
-        }
-
-        /// <summary>
-        /// Marks this context as not validated by the application and assigns various error information properties. 
-        /// HasError becomes true and IsValidated becomes false as a result of calling.
-        /// </summary>
-        /// <param name="error">Assigned to the Error property</param>
-        /// <param name="errorDescription">Assigned to the ErrorDescription property</param>
-        public void SetError(string error,
-            string errorDescription)
-        {
-            SetError(error, errorDescription, null);
-        }
-
-        /// <summary>
-        /// Marks this context as not validated by the application and assigns various error information properties. 
-        /// HasError becomes true and IsValidated becomes false as a result of calling.
-        /// </summary>
-        /// <param name="error">Assigned to the Error property</param>
-        /// <param name="errorDescription">Assigned to the ErrorDescription property</param>
-        /// <param name="errorUri">Assigned to the ErrorUri property</param>
-        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "error_uri is a string value in the protocol")]
-        public void SetError(string error,
-            string errorDescription,
-            string errorUri)
-        {
-            Error = error;
-            ErrorDescription = errorDescription;
-            ErrorUri = errorUri;
-            Rejected();
-            HasError = true;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingTicketContext.cs
deleted file mode 100644
index 6d088c8531..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/BaseValidatingTicketContext.cs
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Security.Claims;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    /// <summary>
-    /// Base class used for certain event contexts
-    /// </summary>
-    public abstract class BaseValidatingTicketContext<TOptions> : BaseValidatingContext<TOptions>
-    {
-        /// <summary>
-        /// Initializes base class used for certain event contexts
-        /// </summary>
-        protected BaseValidatingTicketContext(
-            HttpContext context,
-            TOptions options,
-            AuthenticationTicket ticket)
-            : base(context, options)
-        {
-            Ticket = ticket;
-        }
-
-        /// <summary>
-        /// Contains the identity and properties for the application to authenticate. If the Validated method
-        /// is invoked with an AuthenticationTicket or ClaimsIdentity argument, that new value is assigned to 
-        /// this property in addition to changing IsValidated to true.
-        /// </summary>
-        public AuthenticationTicket Ticket { get; private set; }
-
-        /// <summary>
-        /// Replaces the ticket information on this context and marks it as as validated by the application. 
-        /// IsValidated becomes true and HasError becomes false as a result of calling.
-        /// </summary>
-        /// <param name="ticket">Assigned to the Ticket property</param>
-        /// <returns>True if the validation has taken effect.</returns>
-        public bool Validated(AuthenticationTicket ticket)
-        {
-            Ticket = ticket;
-            return Validated();
-        }
-
-        /// <summary>
-        /// Alters the ticket information on this context and marks it as as validated by the application. 
-        /// IsValidated becomes true and HasError becomes false as a result of calling.
-        /// </summary>
-        /// <param name="identity">Assigned to the Ticket.Identity property</param>
-        /// <returns>True if the validation has taken effect.</returns>
-        public bool Validated(ClaimsPrincipal principal)
-        {
-            AuthenticationProperties properties = Ticket != null ? Ticket.Properties : new AuthenticationProperties();
-            // TODO: Ticket can be null, need to revisit
-            return Validated(new AuthenticationTicket(principal, properties, Ticket.AuthenticationScheme));
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
index 82f4bc4155..4c800c9844 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Specifies callback methods which the <see cref="OAuthMiddleware"/> invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IOAuthEvents
+    public interface IOAuthEvents : IRemoteAuthenticationEvents
     {
         /// <summary>
         /// Invoked after the provider successfully authenticates a user. This can be used to retrieve user information.
@@ -18,13 +18,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         Task CreatingTicket(OAuthCreatingTicketContext context);
 
-        /// <summary>
-        /// Invoked prior to the <see cref="ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task SigningIn(SigningInContext context);
-
         /// <summary>
         /// Called when a Challenge causes a redirect to the authorize endpoint.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthChallengeContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthChallengeContext.cs
deleted file mode 100644
index b9eccd02f1..0000000000
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthChallengeContext.cs
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication.OAuth
-{
-    /// <summary>
-    /// Specifies the HTTP response header for the bearer authentication scheme.
-    /// </summary>
-    public class OAuthChallengeContext : BaseContext
-    {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthRequestTokenContext"/>
-        /// </summary>
-        /// <param name="context">HTTP environment</param>
-        /// <param name="challenge">The www-authenticate header value.</param>
-        public OAuthChallengeContext(
-            HttpContext context,
-            string challenge)
-            : base(context)
-        {
-            Challenge = challenge;
-        }
-
-        /// <summary>
-        /// The www-authenticate header value.
-        /// </summary>
-        public string Challenge { get; protected set; }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index 315f89225b..05961d5ee5 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -14,7 +14,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class OAuthCreatingTicketContext : BaseContext<OAuthOptions>
+    public class OAuthCreatingTicketContext : BaseContext
     {
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
@@ -46,7 +46,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             HttpClient backchannel,
             OAuthTokenResponse tokens,
             JObject user)
-            : base(context, options)
+            : base(context)
         {
             if (context == null)
             {
@@ -76,8 +76,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
             TokenResponse = tokens;
             Backchannel = backchannel;
             User = user;
+            Options = options;
         }
 
+        public OAuthOptions Options { get; }
+
         /// <summary>
         /// Gets the JSON-serialized user or an empty
         /// <see cref="JObject"/> if it is not available.
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
index 424c982805..07de38640c 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
@@ -9,18 +9,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Default <see cref="IOAuthEvents"/> implementation.
     /// </summary>
-    public class OAuthEvents : IOAuthEvents
+    public class OAuthEvents : RemoteAuthenticationEvents, IOAuthEvents
     {
         /// <summary>
         /// Gets or sets the function that is invoked when the CreatingTicket method is invoked.
         /// </summary>
         public Func<OAuthCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.FromResult(0);
 
-        /// <summary>
-        /// Gets or sets the function that is invoked when the SigningIn method is invoked.
-        /// </summary>
-        public Func<SigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
-
         /// <summary>
         /// Gets or sets the delegate that is invoked when the RedirectToAuthorizationEndpoint method is invoked.
         /// </summary>
@@ -37,17 +32,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         public virtual Task CreatingTicket(OAuthCreatingTicketContext context) => OnCreatingTicket(context);
 
-        /// <summary>
-        /// Invoked prior to the <see cref="ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="ClaimsIdentity"/></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task SigningIn(SigningInContext context) => OnSigningIn(context);
-
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
         public virtual Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context) => OnRedirectToAuthorizationEndpoint(context);
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
index 636cb933fe..7cc85f11a1 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Context passed when a Challenge causes a redirect to authorize endpoint in the middleware.
     /// </summary>
-    public class OAuthRedirectToAuthorizationContext : BaseContext<OAuthOptions>
+    public class OAuthRedirectToAuthorizationContext : BaseContext
     {
         /// <summary>
         /// Creates a new context object.
@@ -18,12 +18,15 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
         public OAuthRedirectToAuthorizationContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
-            : base(context, options)
+            : base(context)
         {
             RedirectUri = redirectUri;
             Properties = properties;
+            Options = options;
         }
 
+        public OAuthOptions Options { get; }
+
         /// <summary>
         /// Gets the URI used for the redirect operation.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index ea6803b496..5db46991bb 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -12,14 +12,13 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Extensions;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.AspNet.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
-    public class OAuthHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : OAuthOptions
+    public class OAuthHandler<TOptions> : RemoteAuthenticationHandler<TOptions> where TOptions : OAuthOptions
     {
         private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
@@ -30,131 +29,71 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected HttpClient Backchannel { get; private set; }
 
-        public override async Task<bool> InvokeAsync()
-        {
-            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
-            {
-                return await InvokeReturnPathAsync();
-            }
-            return false;
-        }
-
-        public async Task<bool> InvokeReturnPathAsync()
-        {
-            var ticket = await HandleAuthenticateOnceAsync();
-            if (ticket == null)
-            {
-                Logger.LogWarning("Invalid return state, unable to redirect.");
-                Response.StatusCode = 500;
-                return true;
-            }
-
-            var context = new SigningInContext(Context, ticket)
-            {
-                SignInScheme = Options.SignInScheme,
-                RedirectUri = ticket.Properties.RedirectUri,
-            };
-            ticket.Properties.RedirectUri = null;
-
-            await Options.Events.SigningIn(context);
-
-            if (context.SignInScheme != null && context.Principal != null)
-            {
-                await Context.Authentication.SignInAsync(context.SignInScheme, context.Principal, context.Properties);
-            }
-
-            if (!context.IsRequestCompleted && context.RedirectUri != null)
-            {
-                if (context.Principal == null)
-                {
-                    // add a redirect hint that sign-in failed in some way
-                    context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
-                }
-                Response.Redirect(context.RedirectUri);
-                context.RequestCompleted();
-            }
-
-            return context.IsRequestCompleted;
-        }
-
-        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
+        protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
             AuthenticationProperties properties = null;
-            try
+            var query = Request.Query;
+
+            var error = query["error"];
+            if (!StringValues.IsNullOrEmpty(error))
             {
-                var query = Request.Query;
+                return AuthenticateResult.Failed(error);
+            }
 
-                // TODO: Is this a standard error returned by servers?
-                var value = query["error"];
-                if (!StringValues.IsNullOrEmpty(value))
+            var code = query["code"];
+            var state = query["state"];
+
+            properties = Options.StateDataFormat.Unprotect(state);
+            if (properties == null)
+            {
+                return AuthenticateResult.Failed("The oauth state was missing or invalid.");
+            }
+
+            // OAuth2 10.12 CSRF
+            if (!ValidateCorrelationId(properties))
+            {
+                return AuthenticateResult.Failed("Correlation failed.");
+            }
+
+            if (StringValues.IsNullOrEmpty(code))
+            {
+                return AuthenticateResult.Failed("Code was not found.");
+            }
+
+            var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
+
+            if (string.IsNullOrEmpty(tokens.AccessToken))
+            {
+                return AuthenticateResult.Failed("Access token was not found.");
+            }
+
+            var identity = new ClaimsIdentity(Options.ClaimsIssuer);
+
+            if (Options.SaveTokensAsClaims)
+            {
+                identity.AddClaim(new Claim("access_token", tokens.AccessToken,
+                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+
+                if (!string.IsNullOrEmpty(tokens.RefreshToken))
                 {
-                    Logger.LogVerbose("Remote server returned an error: " + Request.QueryString);
-                    // TODO: Fail request rather than passing through?
-                    return null;
-                }
-
-                var code = query["code"];
-                var state = query["state"];
-
-                properties = Options.StateDataFormat.Unprotect(state);
-                if (properties == null)
-                {
-                    return null;
-                }
-
-                // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties))
-                {
-                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
-                }
-
-                if (StringValues.IsNullOrEmpty(code))
-                {
-                    // Null if the remote server returns an error.
-                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
-                }
-
-                var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
-
-                if (string.IsNullOrEmpty(tokens.AccessToken))
-                {
-                    Logger.LogWarning("Access token was not found");
-                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
-                }
-
-                var identity = new ClaimsIdentity(Options.ClaimsIssuer);
-
-                if (Options.SaveTokensAsClaims)
-                {
-                    identity.AddClaim(new Claim("access_token", tokens.AccessToken,
+                    identity.AddClaim(new Claim("refresh_token", tokens.RefreshToken,
                                                 ClaimValueTypes.String, Options.ClaimsIssuer));
-
-                    if (!string.IsNullOrEmpty(tokens.RefreshToken))
-                    {
-                        identity.AddClaim(new Claim("refresh_token", tokens.RefreshToken,
-                                                    ClaimValueTypes.String, Options.ClaimsIssuer));
-                    }
-
-                    if (!string.IsNullOrEmpty(tokens.TokenType))
-                    {
-                        identity.AddClaim(new Claim("token_type", tokens.TokenType,
-                                                    ClaimValueTypes.String, Options.ClaimsIssuer));
-                    }
-
-                    if (!string.IsNullOrEmpty(tokens.ExpiresIn))
-                    {
-                        identity.AddClaim(new Claim("expires_in", tokens.ExpiresIn,
-                                                    ClaimValueTypes.String, Options.ClaimsIssuer));
-                    }
                 }
 
-                return await CreateTicketAsync(identity, properties, tokens);
-            }
-            catch (Exception ex)
-            {
-                Logger.LogError("Authentication failed", ex);
-                return new AuthenticationTicket(properties, Options.AuthenticationScheme);
+                if (!string.IsNullOrEmpty(tokens.TokenType))
+                {
+                    identity.AddClaim(new Claim("token_type", tokens.TokenType,
+                                                ClaimValueTypes.String, Options.ClaimsIssuer));
+                }
+
+                if (!string.IsNullOrEmpty(tokens.ExpiresIn))
+                {
+                    identity.AddClaim(new Claim("expires_in", tokens.ExpiresIn,
+                                                ClaimValueTypes.String, Options.ClaimsIssuer));
+                }
             }
+
+            return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, tokens));
         }
 
         protected virtual async Task<OAuthTokenResponse> ExchangeCodeAsync(string code, string redirectUri)
@@ -176,7 +115,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
             var response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
             response.EnsureSuccessStatusCode();
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
-
             return new OAuthTokenResponse(payload);
         }
 
@@ -215,7 +153,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
             GenerateCorrelationId(properties);
 
             var authorizationEndpoint = BuildChallengeUrl(properties, BuildRedirectUri(Options.CallbackPath));
-
             var redirectContext = new OAuthRedirectToAuthorizationContext(
                 Context, Options,
                 properties, authorizationEndpoint);
@@ -223,21 +160,6 @@ namespace Microsoft.AspNet.Authentication.OAuth
             return true;
         }
 
-        protected override Task HandleSignOutAsync(SignOutContext context)
-        {
-            throw new NotSupportedException();
-        }
-
-        protected override Task HandleSignInAsync(SignInContext context)
-        {
-            throw new NotSupportedException();
-        }
-
-        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
-        {
-            throw new NotSupportedException();
-        }
-
         protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
         {
             var scope = FormatScope();
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index d980a5e305..1b318a90a7 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -91,6 +91,11 @@ namespace Microsoft.AspNet.Authentication.OAuth
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint)));
             }
 
+            if (!Options.CallbackPath.HasValue)
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.CallbackPath)));
+            }
+
             if (Options.Events == null)
             {
                 Options.Events = new OAuthEvents();
@@ -112,6 +117,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
             {
                 Options.SignInScheme = sharedOptions.Value.SignInScheme;
             }
+            if (string.IsNullOrEmpty(Options.SignInScheme))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.SignInScheme)));
+            }
         }
 
         protected HttpClient Backchannel { get; private set; }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
index db29438cc0..fa1471bb21 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
@@ -12,8 +12,13 @@ namespace Microsoft.AspNet.Authentication.OAuth
     /// <summary>
     /// Configuration options for <see cref="OAuthMiddleware"/>.
     /// </summary>
-    public class OAuthOptions : AuthenticationOptions
+    public class OAuthOptions : RemoteAuthenticationOptions
     {
+        public OAuthOptions()
+        {
+            Events = new OAuthEvents();
+        }
+
         /// <summary>
         /// Gets or sets the provider-assigned client id.
         /// </summary>
@@ -41,54 +46,20 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// </summary>
         public string UserInformationEndpoint { get; set; }
 
-        /// <summary>
-        /// Get or sets the text that the user can display on a sign in user interface.
-        /// </summary>
-        public string DisplayName
-        {
-            get { return Description.DisplayName; }
-            set { Description.DisplayName = value; }
-        }
-
-        /// <summary>
-        /// Gets or sets timeout value in milliseconds for back channel communications with the auth provider.
-        /// </summary>
-        /// <value>
-        /// The back channel timeout.
-        /// </value>
-        public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60);
-
-        /// <summary>
-        /// The HttpMessageHandler used to communicate with the auth provider.
-        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
-        /// can be downcast to a WebRequestHandler.
-        /// </summary>
-        public HttpMessageHandler BackchannelHttpHandler { get; set; }
-
         /// <summary>
         /// Gets or sets the <see cref="IOAuthEvents"/> used to handle authentication events.
         /// </summary>
-        public IOAuthEvents Events { get; set; } = new OAuthEvents();
+        public new IOAuthEvents Events
+        {
+            get { return (IOAuthEvents)base.Events; }
+            set { base.Events = value; }
+        }
 
         /// <summary>
         /// A list of permissions to request.
         /// </summary>
         public IList<string> Scope { get; } = new List<string>();
 
-        /// <summary>
-        /// The request path within the application's base path where the user-agent will be returned.
-        /// The middleware will process this request when it arrives.
-        /// </summary>
-        public PathString CallbackPath { get; set; }
-
-        /// <summary>
-        /// Gets or sets the authentication scheme corresponding to the middleware
-        /// responsible of persisting user's identity after a successful authentication.
-        /// This value typically corresponds to a cookie middleware registered in the Startup class.
-        /// When omitted, <see cref="SharedAuthenticationOptions.SignInScheme"/> is used as a fallback value.
-        /// </summary>
-        public string SignInScheme { get; set; }
-
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs
deleted file mode 100644
index 820b4f948b..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationCompletedContext.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    public class AuthenticationCompletedContext : BaseControlContext<OpenIdConnectOptions>
-    {
-        public AuthenticationCompletedContext(HttpContext context, OpenIdConnectOptions options)
-            : base(context, options)
-        {
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
index ef5307c469..6c8edb9f41 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -7,7 +7,7 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class AuthenticationFailedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthenticationFailedContext : BaseOpenIdConnectContext
     {
         public AuthenticationFailedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
@@ -15,7 +15,5 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         public Exception Exception { get; set; }
-
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
index 15d5f73046..e38b67b46b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
@@ -6,15 +6,13 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class AuthenticationValidatedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthenticationValidatedContext : BaseOpenIdConnectContext
     {
         public AuthenticationValidatedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-
         public OpenIdConnectTokenEndpointResponse TokenEndpointResponse { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 53e44cdf62..9489e5c25f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
     /// </summary>
-    public class AuthorizationCodeReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthorizationCodeReceivedContext : BaseOpenIdConnectContext
     {
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
@@ -31,11 +31,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public JwtSecurityToken JwtSecurityToken { get; set; }
 
-        /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
-        /// </summary>
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-
         /// <summary>
         /// Gets or sets the 'redirect_uri'.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
index cd2a3c65b9..e433d28744 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
@@ -7,15 +7,13 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class AuthorizationResponseReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    public class AuthorizationResponseReceivedContext : BaseOpenIdConnectContext
     {
         public AuthorizationResponseReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-
         public AuthenticationProperties Properties { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
new file mode 100644
index 0000000000..76d63e27b1
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
@@ -0,0 +1,27 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNet.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNet.Authentication.OpenIdConnect
+{
+    public class BaseOpenIdConnectContext : BaseControlContext
+    {
+        public BaseOpenIdConnectContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            Options = options;
+        }
+
+        public OpenIdConnectOptions Options { get; }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
index a5953743be..b6bcfd57dc 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
@@ -8,13 +8,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
     /// </summary>
-    public interface IOpenIdConnectEvents
+    public interface IOpenIdConnectEvents : IRemoteAuthenticationEvents
     {
-        /// <summary>
-        /// Invoked when the authentication process completes.
-        /// </summary>
-        Task AuthenticationCompleted(AuthenticationCompletedContext context);
-
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index ecbf082779..6439257cba 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -6,15 +6,13 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class MessageReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    public class MessageReceivedContext : BaseOpenIdConnectContext
     {
         public MessageReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-
         /// <summary>
         /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index a2d65c12b5..c84e5546a1 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -9,13 +9,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
     /// </summary>
-    public class OpenIdConnectEvents : IOpenIdConnectEvents
+    public class OpenIdConnectEvents : RemoteAuthenticationEvents, IOpenIdConnectEvents
     {
-        /// <summary>
-        /// Invoked when the authentication process completes.
-        /// </summary>
-        public Func<AuthenticationCompletedContext, Task> OnAuthenticationCompleted { get; set; } = context => Task.FromResult(0);
-
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
@@ -61,8 +56,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public Func<UserInformationReceivedContext, Task> OnUserInformationReceived { get; set; } = context => Task.FromResult(0);
 
-        public virtual Task AuthenticationCompleted(AuthenticationCompletedContext context) => OnAuthenticationCompleted(context);
-
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
         public virtual Task AuthenticationValidated(AuthenticationValidatedContext context) => OnAuthenticationValidated(context);
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
index 14b168aaad..dcd06843c5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -10,16 +10,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// When a user configures the <see cref="OpenIdConnectMiddleware"/> to be notified prior to redirecting to an IdentityProvider
     /// an instance of <see cref="RedirectContext"/> is passed to the 'RedirectToAuthenticationEndpoint' or 'RedirectToEndSessionEndpoint' events.
     /// </summary>
-    public class RedirectContext : BaseControlContext<OpenIdConnectOptions>
+    public class RedirectContext : BaseOpenIdConnectContext
     {
         public RedirectContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
-
-        /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
-        /// </summary>
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index e4f1bd7a0c..95751f4119 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -6,7 +6,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
     /// </summary>
-    public class TokenResponseReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    public class TokenResponseReceivedContext : BaseOpenIdConnectContext
     {
         /// <summary>
         /// Creates a <see cref="TokenResponseReceivedContext"/>
@@ -20,11 +20,5 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// Gets or sets the <see cref="OpenIdConnectTokenEndpointResponse"/> that contains the tokens and json response received after redeeming the code at the token endpoint.
         /// </summary>
         public OpenIdConnectTokenEndpointResponse TokenEndpointResponse { get; set; }
-
-        /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectMessage"/>.
-        /// </summary>
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
index 27c989bb6d..fa0bc92773 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
@@ -7,15 +7,13 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
-    public class UserInformationReceivedContext : BaseControlContext<OpenIdConnectOptions>
+    public class UserInformationReceivedContext : BaseOpenIdConnectContext
     {
         public UserInformationReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
         }
 
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-
         public JObject User { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 231c082137..9a62cba956 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// A per-request authentication handler for the OpenIdConnectAuthenticationMiddleware.
     /// </summary>
-    public class OpenIdConnectHandler : AuthenticationHandler<OpenIdConnectOptions>
+    public class OpenIdConnectHandler : RemoteAuthenticationHandler<OpenIdConnectOptions>
     {
         private const string NonceProperty = "N";
         private const string UriSchemeDelimiter = "://";
@@ -263,7 +263,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
 
                 Response.Redirect(redirectUri);
-
                 return true;
             }
             else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
@@ -292,12 +291,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Response.Headers[HeaderNames.Expires] = "-1";
 
                 await Response.Body.WriteAsync(buffer, 0, buffer.Length);
-
                 return true;
             }
 
-            Logger.LogError("An unsupported authentication method has been configured: {0}", Options.AuthenticationMethod);
-            return false;
+            throw new NotImplementedException($"An unsupported authentication method has been configured: {Options.AuthenticationMethod}");
         }
 
         /// <summary>
@@ -305,16 +302,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
         /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
-        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
+        protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
             Logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
 
-            // Allow login to be constrained to a specific path. Need to make this runtime configurable.
-            if (Options.CallbackPath.HasValue && Options.CallbackPath != (Request.PathBase + Request.Path))
-            {
-                return null;
-            }
-
             OpenIdConnectMessage message = null;
 
             if (string.Equals(Request.Method, "GET", StringComparison.OrdinalIgnoreCase))
@@ -326,9 +317,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
                 if (!string.IsNullOrEmpty(message.IdToken) || !string.IsNullOrEmpty(message.AccessToken))
                 {
-                    Logger.LogError("An OpenID Connect response cannot contain an identity token " +
-                                    "or an access token when using response_mode=query");
-                    return null;
+                    return AuthenticateResult.Failed("An OpenID Connect response cannot contain an " +
+                            "identity token or an access token when using response_mode=query");
                 }
             }
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
@@ -344,7 +334,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (message == null)
             {
-                return null;
+                return AuthenticateResult.Failed("No message.");
             }
 
             try
@@ -352,11 +342,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var messageReceivedContext = await RunMessageReceivedEventAsync(message);
                 if (messageReceivedContext.HandledResponse)
                 {
-                    return messageReceivedContext.AuthenticationTicket;
+                    return AuthenticateResult.Success(messageReceivedContext.AuthenticationTicket);
                 }
                 else if (messageReceivedContext.Skipped)
                 {
-                    return null;
+                    return AuthenticateResult.Success(ticket: null);
                 }
                 message = messageReceivedContext.ProtocolMessage;
 
@@ -365,7 +355,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     // This wasn't a valid ODIC message, it may not have been intended for us.
                     Logger.LogVerbose(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
-                    return null;
+                    return AuthenticateResult.Failed(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
                 }
 
                 // if state exists and we failed to 'unprotect' this is not a message we should process.
@@ -373,24 +363,24 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 if (properties == null)
                 {
                     Logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
-                    return null;
+                    return AuthenticateResult.Failed(Resources.OIDCH_0005_MessageStateIsInvalid);
                 }
 
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(message.Error))
                 {
+                    // REVIEW: this error formatting is pretty nuts
                     Logger.LogError(Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
-                    throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null"));
+                    return AuthenticateResult.Failed(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null")));
                 }
 
                 string userstate = null;
                 properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out userstate);
                 message.State = userstate;
 
-
                 if (!ValidateCorrelationId(properties))
                 {
-                    return null;
+                    return AuthenticateResult.Failed("Correlation failed.");
                 }
 
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -409,12 +399,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 if (authorizationResponseReceivedContext.HandledResponse)
                 {
                     Logger.LogVerbose("AuthorizationResponseReceived.HandledResponse");
-                    return authorizationResponseReceivedContext.AuthenticationTicket;
+                    return AuthenticateResult.Success(authorizationResponseReceivedContext.AuthenticationTicket);
                 }
                 else if (authorizationResponseReceivedContext.Skipped)
                 {
                     Logger.LogVerbose("AuthorizationResponseReceived.Skipped");
-                    return null;
+                    return AuthenticateResult.Success(ticket: null);
                 }
                 message = authorizationResponseReceivedContext.ProtocolMessage;
                 properties = authorizationResponseReceivedContext.Properties;
@@ -430,7 +420,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 else
                 {
                     Logger.LogDebug(Resources.OIDCH_0045_Id_Token_Code_Missing);
-                    return null;
+                    return AuthenticateResult.Failed(Resources.OIDCH_0045_Id_Token_Code_Missing);
                 }
             }
             catch (Exception exception)
@@ -450,11 +440,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var authenticationFailedContext = await RunAuthenticationFailedEventAsync(message, exception);
                 if (authenticationFailedContext.HandledResponse)
                 {
-                    return authenticationFailedContext.AuthenticationTicket;
+                    return AuthenticateResult.Success(authenticationFailedContext.AuthenticationTicket);
                 }
                 else if (authenticationFailedContext.Skipped)
                 {
-                    return null;
+                    return AuthenticateResult.Success(ticket: null);
                 }
 
                 throw;
@@ -462,7 +452,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         // Authorization Code Flow
-        private async Task<AuthenticationTicket> HandleCodeOnlyFlow(OpenIdConnectMessage message, AuthenticationProperties properties)
+        private async Task<AuthenticateResult> HandleCodeOnlyFlow(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             AuthenticationTicket ticket = null;
             JwtSecurityToken jwt = null;
@@ -476,11 +466,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
-                return authorizationCodeReceivedContext.AuthenticationTicket;
+                return AuthenticateResult.Success(authorizationCodeReceivedContext.AuthenticationTicket);
             }
             else if (authorizationCodeReceivedContext.Skipped)
             {
-                return null;
+                return AuthenticateResult.Success(ticket: null);
             }
             message = authorizationCodeReceivedContext.ProtocolMessage;
             var code = authorizationCodeReceivedContext.Code;
@@ -493,11 +483,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(message, tokenEndpointResponse);
             if (authorizationCodeRedeemedContext.HandledResponse)
             {
-                return authorizationCodeRedeemedContext.AuthenticationTicket;
+                return AuthenticateResult.Success(authorizationCodeRedeemedContext.AuthenticationTicket);
             }
             else if (authorizationCodeRedeemedContext.Skipped)
             {
-                return null;
+                return AuthenticateResult.Success(ticket: null);
             }
 
             message = authorizationCodeRedeemedContext.ProtocolMessage;
@@ -526,11 +516,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse);
             if (authenticationValidatedContext.HandledResponse)
             {
-                return authenticationValidatedContext.AuthenticationTicket;
+                return AuthenticateResult.Success(authenticationValidatedContext.AuthenticationTicket);
             }
             else if (authenticationValidatedContext.Skipped)
             {
-                return null;
+                return AuthenticateResult.Success(ticket: null);
             }
             ticket = authenticationValidatedContext.AuthenticationTicket;
 
@@ -546,11 +536,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 ticket = await GetUserInformationAsync(tokenEndpointResponse.ProtocolMessage, jwt, ticket);
             }
 
-            return ticket;
+            return AuthenticateResult.Success(ticket);
         }
 
         // Implicit Flow or Hybrid Flow
-        private async Task<AuthenticationTicket> HandleIdTokenFlows(OpenIdConnectMessage message, AuthenticationProperties properties)
+        private async Task<AuthenticateResult> HandleIdTokenFlows(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
 
@@ -575,11 +565,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse: null);
             if (authenticationValidatedContext.HandledResponse)
             {
-                return authenticationValidatedContext.AuthenticationTicket;
+                return AuthenticateResult.Success(authenticationValidatedContext.AuthenticationTicket);
             }
             else if (authenticationValidatedContext.Skipped)
             {
-                return null;
+                return AuthenticateResult.Success(ticket: null);
             }
             message = authenticationValidatedContext.ProtocolMessage;
             ticket = authenticationValidatedContext.AuthenticationTicket;
@@ -590,11 +580,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
                 if (authorizationCodeReceivedContext.HandledResponse)
                 {
-                    return authorizationCodeReceivedContext.AuthenticationTicket;
+                    return AuthenticateResult.Success(authorizationCodeReceivedContext.AuthenticationTicket);
                 }
                 else if (authorizationCodeReceivedContext.Skipped)
                 {
-                    return null;
+                    return AuthenticateResult.Success(ticket: null);
                 }
                 message = authorizationCodeReceivedContext.ProtocolMessage;
                 ticket = authorizationCodeReceivedContext.AuthenticationTicket;
@@ -619,7 +609,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
             }
 
-            return ticket;
+            return AuthenticateResult.Success(ticket);
         }
 
         /// <summary>
@@ -1135,54 +1125,5 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             return ticket;
         }
-
-        /// <summary>
-        /// Calls InvokeReplyPathAsync
-        /// </summary>
-        /// <returns>True if the request was handled, false if the next middleware should be invoked.</returns>
-        public override Task<bool> InvokeAsync()
-        {
-            return InvokeReturnPathAsync();
-        }
-
-        private async Task<bool> InvokeReturnPathAsync()
-        {
-            var ticket = await HandleAuthenticateOnceAsync();
-            if (ticket != null)
-            {
-                Logger.LogDebug("Authentication completed.");
-
-                var authenticationCompletedContext = new AuthenticationCompletedContext(Context, Options)
-                {
-                    AuthenticationTicket = ticket,
-                };
-                await Options.Events.AuthenticationCompleted(authenticationCompletedContext);
-                if (authenticationCompletedContext.HandledResponse)
-                {
-                    Logger.LogVerbose("The AuthenticationCompleted event returned Handled.");
-                    return true;
-                }
-                else if (authenticationCompletedContext.Skipped)
-                {
-                    Logger.LogVerbose("The AuthenticationCompleted event returned Skipped.");
-                    return false;
-                }
-                ticket = authenticationCompletedContext.AuthenticationTicket;
-
-                if (ticket.Principal != null)
-                {
-                    await Request.HttpContext.Authentication.SignInAsync(Options.SignInScheme, ticket.Principal, ticket.Properties);
-                }
-
-                // Redirect back to the original secured resource, if any.
-                if (!string.IsNullOrEmpty(ticket.Properties.RedirectUri))
-                {
-                    Response.Redirect(ticket.Properties.RedirectUri);
-                    return true;
-                }
-            }
-
-            return false;
-        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 17b2d3b594..82a393ae4b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -77,10 +77,19 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(options));
             }
 
-            if (string.IsNullOrEmpty(Options.SignInScheme) && !string.IsNullOrEmpty(sharedOptions.Value.SignInScheme))
+            if (!Options.CallbackPath.HasValue)
+            {
+                throw new ArgumentException("Options.CallbackPath must be provided.");
+            }
+
+            if (string.IsNullOrEmpty(Options.SignInScheme))
             {
                 Options.SignInScheme = sharedOptions.Value.SignInScheme;
             }
+            if (string.IsNullOrEmpty(Options.SignInScheme))
+            {
+                throw new ArgumentException("Options.SignInScheme is required.");
+            }
 
             if (Options.HtmlEncoder == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 91f4e1089e..c79451d225 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -6,8 +6,6 @@ using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
-using System.Net.Http;
-using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Extensions.WebEncoders;
@@ -19,7 +17,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// <summary>
     /// Configuration options for <see cref="OpenIdConnectOptions"/>
     /// </summary>
-    public class OpenIdConnectOptions : AuthenticationOptions
+    public class OpenIdConnectOptions : RemoteAuthenticationOptions
     {
         /// <summary>
         /// Initializes a new <see cref="OpenIdConnectOptions"/>
@@ -50,6 +48,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
             AuthenticationScheme = authenticationScheme;
             DisplayName = OpenIdConnectDefaults.Caption;
+            CallbackPath = new PathString("/signin-oidc");
+            Events = new OpenIdConnectEvents();
         }
 
         /// <summary>
@@ -65,36 +65,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public string Authority { get; set; }
 
-        /// <summary>
-        /// The HttpMessageHandler used to retrieve metadata.
-        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value
-        /// is a WebRequestHandler.
-        /// </summary>
-        public HttpMessageHandler BackchannelHttpHandler { get; set; }
-
-        /// <summary>
-        /// Gets or sets the timeout when using the backchannel to make an http call.
-        /// </summary>
-        [SuppressMessage("Microsoft.Usage", "CA2208:InstantiateArgumentExceptionsCorrectly", Justification = "By design we use the property name in the exception")]
-        public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60);
-
-        /// <summary>
-        /// Get or sets the text that the user can display on a sign in user interface.
-        /// </summary>
-        public string DisplayName
-        {
-            get { return Description.DisplayName; }
-            set { Description.DisplayName = value; }
-        }
-
-        /// <summary>
-        /// An optional constrained path on which to process the authentication callback.
-        /// If not provided and RedirectUri is available, this value will be generated from RedirectUri.
-        /// </summary>
-        /// <remarks>If you set this value, then the <see cref="OpenIdConnectHandler"/> will only listen for posts at this address. 
-        /// If the IdentityProvider does not post to this address, you may end up in a 401 -> IdentityProvider -> Client -> 401 -> ...</remarks>
-        public PathString CallbackPath { get; set; }
-
         /// <summary>
         /// Gets or sets the 'client_id'.
         /// </summary>
@@ -136,7 +106,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Gets or sets the <see cref="IOpenIdConnectEvents"/> to notify when processing OpenIdConnect messages.
         /// </summary>
-        public IOpenIdConnectEvents Events { get; set; } = new OpenIdConnectEvents();
+        public new IOpenIdConnectEvents Events
+        {
+            get { return (IOpenIdConnectEvents)base.Events; }
+            set { base.Events = value; }
+        }
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
@@ -194,11 +168,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public IList<string> Scope { get; } = new List<string> { "openid", "profile" };
 
-        /// <summary>
-        /// Gets or sets the SignInScheme which will be used to set the <see cref="ClaimsIdentity.AuthenticationType"/>.
-        /// </summary>
-        public string SignInScheme { get; set; }
-
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
index 5e7b7154ca..f034114845 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
@@ -107,7 +107,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication
+        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthenticate
         /// </summary>
         internal static string OIDCH_0029_ChallengContextEqualsNull
         {
@@ -115,7 +115,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication
+        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthenticate
         /// </summary>
         internal static string FormatOIDCH_0029_ChallengContextEqualsNull()
         {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index 64de5d6a23..4c8eeebd7e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -136,7 +136,7 @@
     <value>OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.</value>
   </data>
   <data name="OIDCH_0029_ChallengContextEqualsNull" xml:space="preserve">
-    <value>OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthentication</value>
+    <value>OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthenticate</value>
   </data>
   <data name="OIDCH_0030_Using_Properties_RedirectUri" xml:space="preserve">
     <value>OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.</value>
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs
new file mode 100644
index 0000000000..5a2f337581
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Authentication.Twitter
+{
+    /// <summary>
+    /// Base class for other Twitter contexts.
+    /// </summary>
+    public class BaseTwitterContext : BaseContext
+    {
+        /// <summary>
+        /// Initializes a <see cref="BaseTwitterContext"/>
+        /// </summary>
+        /// <param name="context">The HTTP environment</param>
+        /// <param name="options">The options for Twitter</param>
+        public BaseTwitterContext(HttpContext context, TwitterOptions options)
+            : base(context)
+        {
+            Options = options;
+        }
+
+        public TwitterOptions Options { get; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
index cb793eb994..cea4a99bf6 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// Specifies callback methods which the <see cref="TwitterMiddleware"></see> invokes to enable developer control over the authentication process. />
     /// </summary>
-    public interface ITwitterEvents
+    public interface ITwitterEvents : IRemoteAuthenticationEvents
     {
         /// <summary>
         /// Invoked whenever Twitter succesfully authenticates a user
@@ -17,13 +17,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         Task CreatingTicket(TwitterCreatingTicketContext context);
 
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task SigningIn(SigningInContext context);
-
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index d002554cda..d727eeb152 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class TwitterCreatingTicketContext : BaseContext
+    public class TwitterCreatingTicketContext : BaseTwitterContext
     {
         /// <summary>
         /// Initializes a <see cref="TwitterCreatingTicketContext"/>
@@ -22,11 +22,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <param name="accessTokenSecret">Twitter access token secret</param>
         public TwitterCreatingTicketContext(
             HttpContext context,
+            TwitterOptions options,
             string userId,
             string screenName,
             string accessToken,
             string accessTokenSecret)
-            : base(context)
+            : base(context, options)
         {
             UserId = userId;
             ScreenName = screenName;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
index f73e4b617f..1941e7990f 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
@@ -9,18 +9,13 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// Default <see cref="ITwitterEvents"/> implementation.
     /// </summary>
-    public class TwitterEvents : ITwitterEvents
+    public class TwitterEvents : RemoteAuthenticationEvents, ITwitterEvents
     {
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
         /// </summary>
         public Func<TwitterCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.FromResult(0);
 
-        /// <summary>
-        /// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
-        /// </summary>
-        public Func<SigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
-
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
         /// </summary>
@@ -37,13 +32,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         public virtual Task CreatingTicket(TwitterCreatingTicketContext context) => OnCreatingTicket(context);
 
-        /// <summary>
-        /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        public virtual Task SigningIn(SigningInContext context) => OnSigningIn(context);
-
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
index 4a26ce6ebe..455f522029 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
     /// </summary>
-    public class TwitterRedirectToAuthorizationEndpointContext : BaseContext<TwitterOptions>
+    public class TwitterRedirectToAuthorizationEndpointContext : BaseTwitterContext
     {
         /// <summary>
         /// Creates a new context object.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index 38c0897d1d..da92af5485 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -19,7 +19,7 @@ using Microsoft.Extensions.Primitives;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
-    internal class TwitterHandler : AuthenticationHandler<TwitterOptions>
+    internal class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
     {
         private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
         private const string StateCookie = "__TwitterState";
@@ -34,89 +34,70 @@ namespace Microsoft.AspNet.Authentication.Twitter
             _httpClient = httpClient;
         }
 
-        public override async Task<bool> InvokeAsync()
-        {
-            if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
-            {
-                return await InvokeReturnPathAsync();
-            }
-            return false;
-        }
-
-        protected override async Task<AuthenticationTicket> HandleAuthenticateAsync()
+        protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
             AuthenticationProperties properties = null;
-            try
+            var query = Request.Query;
+            var protectedRequestToken = Request.Cookies[StateCookie];
+
+            var requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
+
+            if (requestToken == null)
             {
-                var query = Request.Query;
-                var protectedRequestToken = Request.Cookies[StateCookie];
-
-                var requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
-
-                if (requestToken == null)
-                {
-                    Logger.LogWarning("Invalid state");
-                    return null;
-                }
-
-                properties = requestToken.Properties;
-
-                var returnedToken = query["oauth_token"];
-                if (StringValues.IsNullOrEmpty(returnedToken))
-                {
-                    Logger.LogWarning("Missing oauth_token");
-                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
-                }
-
-                if (!string.Equals(returnedToken, requestToken.Token, StringComparison.Ordinal))
-                {
-                    Logger.LogWarning("Unmatched token");
-                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
-                }
-
-                var oauthVerifier = query["oauth_verifier"];
-                if (StringValues.IsNullOrEmpty(oauthVerifier))
-                {
-                    Logger.LogWarning("Missing or blank oauth_verifier");
-                    return new AuthenticationTicket(properties, Options.AuthenticationScheme);
-                }
-
-                var cookieOptions = new CookieOptions
-                {
-                    HttpOnly = true,
-                    Secure = Request.IsHttps
-                };
-
-                Response.Cookies.Delete(StateCookie, cookieOptions);
-
-                var accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
-
-                var identity = new ClaimsIdentity(new[]
-                {
-                    new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
-                    new Claim(ClaimTypes.Name, accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer),
-                    new Claim("urn:twitter:userid", accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
-                    new Claim("urn:twitter:screenname", accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer)
-                },
-                Options.ClaimsIssuer);
-
-                if (Options.SaveTokensAsClaims)
-                {
-                    identity.AddClaim(new Claim("access_token", accessToken.Token, ClaimValueTypes.String, Options.ClaimsIssuer));
-                }
-
-                return await CreateTicketAsync(identity, properties, accessToken);
+                return AuthenticateResult.Failed("Invalid state cookie.");
             }
-            catch (Exception ex)
+
+            properties = requestToken.Properties;
+
+            // REVIEW: see which of these are really errors
+
+            var returnedToken = query["oauth_token"];
+            if (StringValues.IsNullOrEmpty(returnedToken))
             {
-                Logger.LogError("Authentication failed", ex);
-                return new AuthenticationTicket(properties, Options.AuthenticationScheme);
+                return AuthenticateResult.Failed("Missing oauth_token");
             }
+
+            if (!string.Equals(returnedToken, requestToken.Token, StringComparison.Ordinal))
+            {
+                return AuthenticateResult.Failed("Unmatched token");
+            }
+
+            var oauthVerifier = query["oauth_verifier"];
+            if (StringValues.IsNullOrEmpty(oauthVerifier))
+            {
+                return AuthenticateResult.Failed("Missing or blank oauth_verifier");
+            }
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsHttps
+            };
+
+            Response.Cookies.Delete(StateCookie, cookieOptions);
+
+            var accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
+
+            var identity = new ClaimsIdentity(new[]
+            {
+                new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
+                new Claim(ClaimTypes.Name, accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer),
+                new Claim("urn:twitter:userid", accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
+                new Claim("urn:twitter:screenname", accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer)
+            },
+            Options.ClaimsIssuer);
+
+            if (Options.SaveTokensAsClaims)
+            {
+                identity.AddClaim(new Claim("access_token", accessToken.Token, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, accessToken));
         }
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, AccessToken token)
         {
-            var context = new TwitterCreatingTicketContext(Context, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
+            var context = new TwitterCreatingTicketContext(Context, Options, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
             {
                 Principal = new ClaimsPrincipal(identity),
                 Properties = properties
@@ -145,83 +126,23 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 properties.RedirectUri = CurrentUri;
             }
 
+            // If CallbackConfirmed is false, this will throw
             var requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, BuildRedirectUri(Options.CallbackPath), properties);
-            if (requestToken.CallbackConfirmed)
+            var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
+
+            var cookieOptions = new CookieOptions
             {
-                var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
-
-                var cookieOptions = new CookieOptions
-                {
-                    HttpOnly = true,
-                    Secure = Request.IsHttps
-                };
-
-                Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
-
-                var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(
-                    Context, Options,
-                    properties, twitterAuthenticationEndpoint);
-                await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
-                return true;
-            }
-            else
-            {
-                Logger.LogError("requestToken CallbackConfirmed!=true");
-            }
-            return false; // REVIEW: Make sure this should not stop other handlers
-        }
-
-        public async Task<bool> InvokeReturnPathAsync()
-        {
-            var model = await HandleAuthenticateOnceAsync();
-            if (model == null)
-            {
-                Logger.LogWarning("Invalid return state, unable to redirect.");
-                Response.StatusCode = 500;
-                return true;
-            }
-
-            var context = new SigningInContext(Context, model)
-            {
-                SignInScheme = Options.SignInScheme,
-                RedirectUri = model.Properties.RedirectUri
+                HttpOnly = true,
+                Secure = Request.IsHttps
             };
-            model.Properties.RedirectUri = null;
 
-            await Options.Events.SigningIn(context);
+            Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
 
-            if (context.SignInScheme != null && context.Principal != null)
-            {
-                await Context.Authentication.SignInAsync(context.SignInScheme, context.Principal, context.Properties);
-            }
-
-            if (!context.IsRequestCompleted && context.RedirectUri != null)
-            {
-                if (context.Principal == null)
-                {
-                    // add a redirect hint that sign-in failed in some way
-                    context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied");
-                }
-                Response.Redirect(context.RedirectUri);
-                context.RequestCompleted();
-            }
-
-            return context.IsRequestCompleted;
-        }
-
-        protected override Task HandleSignOutAsync(SignOutContext context)
-        {
-            throw new NotSupportedException();
-        }
-
-        protected override Task HandleSignInAsync(SignInContext context)
-        {
-            throw new NotSupportedException();
-        }
-
-        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
-        {
-            throw new NotSupportedException();
+            var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(
+                Context, Options,
+                properties, twitterAuthenticationEndpoint);
+            await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
+            return true;
         }
 
         private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
@@ -275,12 +196,12 @@ namespace Microsoft.AspNet.Authentication.Twitter
             string responseText = await response.Content.ReadAsStringAsync();
 
             var responseParameters = new FormCollection(FormReader.ReadForm(responseText));
-            if (string.Equals(responseParameters["oauth_callback_confirmed"], "true", StringComparison.Ordinal))
+            if (!string.Equals(responseParameters["oauth_callback_confirmed"], "true", StringComparison.Ordinal))
             {
-                return new RequestToken { Token = Uri.UnescapeDataString(responseParameters["oauth_token"]), TokenSecret = Uri.UnescapeDataString(responseParameters["oauth_token_secret"]), CallbackConfirmed = true, Properties = properties };
+                throw new Exception("Twitter oauth_callback_confirmed is not true.");
             }
 
-            return new RequestToken();
+            return new RequestToken { Token = Uri.UnescapeDataString(responseParameters["oauth_token"]), TokenSecret = Uri.UnescapeDataString(responseParameters["oauth_token_secret"]), CallbackConfirmed = true, Properties = properties };
         }
 
         private async Task<AccessToken> ObtainAccessTokenAsync(string consumerKey, string consumerSecret, RequestToken token, string verifier)
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index ec75f449ec..2eeb010c53 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -78,6 +78,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerKey)));
             }
+            if (!Options.CallbackPath.HasValue)
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.CallbackPath)));
+            }
 
             if (Options.Events == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
index f057de36a8..dae6fa6b20 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     /// <summary>
     /// Options for the Twitter authentication middleware.
     /// </summary>
-    public class TwitterOptions : AuthenticationOptions
+    public class TwitterOptions : RemoteAuthenticationOptions
     {
         /// <summary>
         /// Initializes a new instance of the <see cref="TwitterOptions"/> class.
@@ -21,6 +21,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-twitter");
             BackchannelTimeout = TimeSpan.FromSeconds(60);
+            Events = new TwitterEvents();
         }
 
         /// <summary>
@@ -35,45 +36,6 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <value>The consumer secret used to sign requests to Twitter.</value>
         public string ConsumerSecret { get; set; }
 
-        /// <summary>
-        /// Gets or sets timeout value in milliseconds for back channel communications with Twitter.
-        /// </summary>
-        /// <value>
-        /// The back channel timeout.
-        /// </value>
-        public TimeSpan BackchannelTimeout { get; set; }
-
-        /// <summary>
-        /// The HttpMessageHandler used to communicate with Twitter.
-        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
-        /// can be downcast to a WebRequestHandler.
-        /// </summary>
-        public HttpMessageHandler BackchannelHttpHandler { get; set; }
-
-        /// <summary>
-        /// Get or sets the text that the user can display on a sign in user interface.
-        /// </summary>
-        public string DisplayName
-        {
-            get { return Description.DisplayName; }
-            set { Description.DisplayName = value; }
-        }
-
-        /// <summary>
-        /// The request path within the application's base path where the user-agent will be returned.
-        /// The middleware will process this request when it arrives.
-        /// Default value is "/signin-twitter".
-        /// </summary>
-        public PathString CallbackPath { get; set; }
-
-        /// <summary>
-        /// Gets or sets the authentication scheme corresponding to the middleware
-        /// responsible of persisting user's identity after a successful authentication.
-        /// This value typically corresponds to a cookie middleware registered in the Startup class.
-        /// When omitted, <see cref="SharedAuthenticationOptions.SignInScheme"/> is used as a fallback value.
-        /// </summary>
-        public string SignInScheme { get; set; }
-
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
@@ -82,7 +44,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
         /// <summary>
         /// Gets or sets the <see cref="ITwitterEvents"/> used to handle authentication events.
         /// </summary>
-        public ITwitterEvents Events { get; set; }
+        public new ITwitterEvents Events
+        {
+            get { return (ITwitterEvents)base.Events; }
+            set { base.Events = value; }
+        }
 
         /// <summary>
         /// Defines whether access tokens should be stored in the
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs b/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs
new file mode 100644
index 0000000000..4f733fe7fd
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs
@@ -0,0 +1,58 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Microsoft.AspNet.Http.Authentication;
+
+namespace Microsoft.AspNet.Authentication
+{
+    /// <summary>
+    /// Contains the result of an Authenticate call
+    /// </summary>
+    public class AuthenticateResult
+    {
+        private AuthenticateResult() { }
+
+        /// <summary>
+        /// If a ticket was produced, authenticate was successful.
+        /// </summary>
+        public bool Succeeded
+        {
+            get
+            {
+                return Ticket != null;
+            }
+        }
+
+        /// <summary>
+        /// The authentication ticket.
+        /// </summary>
+        public AuthenticationTicket Ticket { get; private set; }
+
+        /// <summary>
+        /// Holds error information caused by authentication.
+        /// </summary>
+        public Exception Error { get; private set; }
+
+        public static AuthenticateResult Success(AuthenticationTicket ticket)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+            return new AuthenticateResult() { Ticket = ticket };
+        }
+
+        public static AuthenticateResult Failed(Exception error)
+        {
+            return new AuthenticateResult() { Error = error };
+        }
+
+        public static AuthenticateResult Failed(string errorMessage)
+        {
+            return new AuthenticateResult() { Error = new Exception(errorMessage) };
+        }
+
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 2b256ee2bc..c55dc50d77 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
@@ -17,7 +18,7 @@ namespace Microsoft.AspNet.Authentication
     /// <typeparam name="TOptions">Specifies which type for of AuthenticationOptions property</typeparam>
     public abstract class AuthenticationHandler<TOptions> : IAuthenticationHandler where TOptions : AuthenticationOptions
     {
-        private Task<AuthenticationTicket> _authenticateTask;
+        private Task<AuthenticateResult> _authenticateTask;
         private bool _finishCalled;
 
         protected bool SignInAccepted { get; set; }
@@ -96,10 +97,10 @@ namespace Microsoft.AspNet.Authentication
 
             Response.OnStarting(OnStartingCallback, this);
 
-            // Automatic authentication is the empty scheme
-            if (ShouldHandleScheme(string.Empty))
+            if (ShouldHandleScheme(AuthenticationManager.AutomaticScheme, Options.AutomaticAuthenticate))
             {
-                var ticket = await HandleAuthenticateOnceAsync();
+                var result = await HandleAuthenticateOnceAsync();
+                var ticket = result?.Ticket;
                 if (ticket?.Principal != null)
                 {
                     Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
@@ -139,7 +140,7 @@ namespace Microsoft.AspNet.Authentication
 
         private async Task HandleAutomaticChallengeIfNeeded()
         {
-            if (!ChallengeCalled && Options.AutomaticAuthentication && Response.StatusCode == 401)
+            if (!ChallengeCalled && Options.AutomaticChallenge && Response.StatusCode == 401)
             {
                 await HandleUnauthorizedAsync(new ChallengeContext(Options.AuthenticationScheme));
             }
@@ -169,7 +170,7 @@ namespace Microsoft.AspNet.Authentication
         /// <returns>Returning false will cause the common code to call the next middleware in line. Returning true will
         /// cause the common code to begin the async completion journey without calling the rest of the middleware
         /// pipeline.</returns>
-        public virtual Task<bool> InvokeAsync()
+        public virtual Task<bool> HandleRequestAsync()
         {
             return Task.FromResult(false);
         }
@@ -184,35 +185,46 @@ namespace Microsoft.AspNet.Authentication
             }
         }
 
-        public bool ShouldHandleScheme(string authenticationScheme)
+        public bool ShouldHandleScheme(string authenticationScheme, bool handleAutomatic)
         {
             return string.Equals(Options.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
-                (Options.AutomaticAuthentication && string.IsNullOrEmpty(authenticationScheme));
+                (handleAutomatic && string.Equals(authenticationScheme, AuthenticationManager.AutomaticScheme, StringComparison.Ordinal));
         }
 
         public async Task AuthenticateAsync(AuthenticateContext context)
         {
-            if (ShouldHandleScheme(context.AuthenticationScheme))
+            var handled = false;
+            if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticAuthenticate))
             {
                 // Calling Authenticate more than once should always return the original value. 
-                var ticket = await HandleAuthenticateOnceAsync();
-                if (ticket?.Principal != null)
+                var result = await HandleAuthenticateOnceAsync();
+
+                if (result?.Error != null)
                 {
-                    context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
+                    context.Failed(result.Error);
                 }
                 else
                 {
-                    context.NotAuthenticated();
+                    var ticket = result?.Ticket;
+                    if (ticket?.Principal != null)
+                    {
+                        context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
+                        handled = true;
+                    }
+                    else
+                    {
+                        context.NotAuthenticated();
+                    }
                 }
             }
 
-            if (PriorHandler != null)
+            if (PriorHandler != null && !handled)
             {
                 await PriorHandler.AuthenticateAsync(context);
             }
         }
 
-        protected Task<AuthenticationTicket> HandleAuthenticateOnceAsync()
+        protected Task<AuthenticateResult> HandleAuthenticateOnceAsync()
         {
             if (_authenticateTask == null)
             {
@@ -221,18 +233,17 @@ namespace Microsoft.AspNet.Authentication
             return _authenticateTask;
         }
 
-        protected abstract Task<AuthenticationTicket> HandleAuthenticateAsync();
+        protected abstract Task<AuthenticateResult> HandleAuthenticateAsync();
 
         public async Task SignInAsync(SignInContext context)
         {
-            if (ShouldHandleScheme(context.AuthenticationScheme))
+            if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
             {
                 SignInAccepted = true;
                 await HandleSignInAsync(context);
                 context.Accept();
             }
-
-            if (PriorHandler != null)
+            else if (PriorHandler != null)
             {
                 await PriorHandler.SignInAsync(context);
             }
@@ -245,14 +256,13 @@ namespace Microsoft.AspNet.Authentication
 
         public async Task SignOutAsync(SignOutContext context)
         {
-            if (ShouldHandleScheme(context.AuthenticationScheme))
+            if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
             {
                 SignOutAccepted = true;
                 await HandleSignOutAsync(context);
                 context.Accept();
             }
-
-            if (PriorHandler != null)
+            else if (PriorHandler != null)
             {
                 await PriorHandler.SignOutAsync(context);
             }
@@ -263,10 +273,6 @@ namespace Microsoft.AspNet.Authentication
             return Task.FromResult(0);
         }
 
-        /// <summary>
-        /// </summary>
-        /// <param name="context"></param>
-        /// <returns>True if no other handlers should be called</returns>
         protected virtual Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
             Response.StatusCode = 403;
@@ -288,24 +294,20 @@ namespace Microsoft.AspNet.Authentication
 
         public async Task ChallengeAsync(ChallengeContext context)
         {
-            bool handled = false;
             ChallengeCalled = true;
-            if (ShouldHandleScheme(context.AuthenticationScheme))
+            var handled = false;
+            if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
             {
                 switch (context.Behavior)
                 {
                     case ChallengeBehavior.Automatic:
                         // If there is a principal already, invoke the forbidden code path
-                        var ticket = await HandleAuthenticateOnceAsync();
-                        if (ticket?.Principal != null)
+                        var result = await HandleAuthenticateOnceAsync();
+                        if (result?.Ticket?.Principal != null)
                         {
-                            handled = await HandleForbiddenAsync(context);
+                            goto case ChallengeBehavior.Forbidden;
                         }
-                        else
-                        {
-                            handled = await HandleUnauthorizedAsync(context);
-                        }
-                        break;
+                        goto case ChallengeBehavior.Unauthorized;
                     case ChallengeBehavior.Unauthorized:
                         handled = await HandleUnauthorizedAsync(context);
                         break;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index ebf25c2174..0f26048bbc 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Authentication
             await handler.InitializeAsync(Options, context, Logger, UrlEncoder);
             try
             {
-                if (!await handler.InvokeAsync())
+                if (!await handler.HandleRequestAsync())
                 {
                     await _next(context);
                 }
@@ -84,7 +84,6 @@ namespace Microsoft.AspNet.Authentication
                 }
                 throw;
             }
-            await handler.TeardownAsync();
         }
 
         protected abstract AuthenticationHandler<TOptions> CreateHandler();
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
index 54f8a7a352..7583642443 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
@@ -27,11 +27,16 @@ namespace Microsoft.AspNet.Authentication
         }
 
         /// <summary>
-        /// If true the authentication middleware alter the request user coming in and
-        /// alter 401 Unauthorized responses going out. If false the authentication middleware will only provide
-        /// identity and alter responses when explicitly indicated by the AuthenticationScheme.
+        /// If true the authentication middleware alter the request user coming in. If false the authentication middleware will only provide
+        /// identity when explicitly indicated by the AuthenticationScheme.
         /// </summary>
-        public bool AutomaticAuthentication { get; set; }
+        public bool AutomaticAuthenticate { get; set; }
+
+        /// <summary>
+        /// If true the authentication middleware should handle automatic challenge.
+        /// If false the authentication middleware will only alter responses when explicitly indicated by the AuthenticationScheme.
+        /// </summary>
+        public bool AutomaticChallenge { get; set; }
 
         /// <summary>
         /// Gets or sets the issuer that should be used for any claims that are created
diff --git a/src/Microsoft.AspNet.Authentication/Events/BaseContext`1.cs b/src/Microsoft.AspNet.Authentication/Events/BaseContext`1.cs
deleted file mode 100644
index 24a8ef53d4..0000000000
--- a/src/Microsoft.AspNet.Authentication/Events/BaseContext`1.cs
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.Http;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Base class used for certain event contexts
-    /// </summary>
-    public abstract class BaseContext<TOptions>
-    {
-        protected BaseContext(HttpContext context, TOptions options)
-        {
-            HttpContext = context;
-            Options = options;
-        }
-
-        public HttpContext HttpContext { get; private set; }
-
-        public TOptions Options { get; private set; }
-
-        public HttpRequest Request
-        {
-            get { return HttpContext.Request; }
-        }
-
-        public HttpResponse Response
-        {
-            get { return HttpContext.Response; }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
index 1f83f062e1..5e28dfc6c1 100644
--- a/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
@@ -5,9 +5,9 @@ using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
-    public class BaseControlContext<TOptions> : BaseContext<TOptions>
+    public class BaseControlContext : BaseContext
     {
-        protected BaseControlContext(HttpContext context, TOptions options) : base(context, options)
+        protected BaseControlContext(HttpContext context) : base(context)
         {
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/Events/ErrorContext.cs b/src/Microsoft.AspNet.Authentication/Events/ErrorContext.cs
new file mode 100644
index 0000000000..a8ef4b5944
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/Events/ErrorContext.cs
@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Authentication
+{
+    /// <summary>
+    /// Provides error context information to middleware providers.
+    /// </summary>
+    public class ErrorContext : BaseControlContext
+    {
+        public ErrorContext(HttpContext context, Exception error)
+            : base(context)
+        {
+            Error = error;
+        }
+
+        /// <summary>
+        /// User friendly error message for the error.
+        /// </summary>
+        public Exception Error { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs
new file mode 100644
index 0000000000..e19fd10b28
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs
@@ -0,0 +1,20 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public interface IRemoteAuthenticationEvents
+    {
+        /// <summary>
+        /// Invoked when the remote authentication process has an error.
+        /// </summary>
+        Task RemoteError(ErrorContext context);
+
+        /// <summary>
+        /// Invoked before sign in.
+        /// </summary>
+        Task TicketReceived(TicketReceivedContext context);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs
new file mode 100644
index 0000000000..fce53b9927
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class RemoteAuthenticationEvents : IRemoteAuthenticationEvents
+    {
+        public Func<ErrorContext, Task> OnRemoteError { get; set; } = context => Task.FromResult(0);
+
+        public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => Task.FromResult(0);
+
+        /// <summary>
+        /// Invoked when there is a remote error
+        /// </summary>
+        public virtual Task RemoteError(ErrorContext context) => OnRemoteError(context);
+
+        /// <summary>
+        /// Invoked after the remote ticket has been recieved.
+        /// </summary>
+        public virtual Task TicketReceived(TicketReceivedContext context) => OnTicketReceived(context);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/Events/SigningInContext.cs b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
similarity index 56%
rename from src/Microsoft.AspNet.Authentication/Events/SigningInContext.cs
rename to src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
index 30d38ae7f7..2021209820 100644
--- a/src/Microsoft.AspNet.Authentication/Events/SigningInContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
@@ -11,13 +10,12 @@ namespace Microsoft.AspNet.Authentication
     /// <summary>
     /// Provides context information to middleware providers.
     /// </summary>
-    public class SigningInContext : BaseContext
+    public class TicketReceivedContext : BaseControlContext
     {
-        public SigningInContext(
-            HttpContext context,
-            AuthenticationTicket ticket)
+        public TicketReceivedContext(HttpContext context, RemoteAuthenticationOptions options, AuthenticationTicket ticket)
             : base(context)
         {
+            Options = options;
             if (ticket != null)
             {
                 Principal = ticket.Principal;
@@ -27,17 +25,8 @@ namespace Microsoft.AspNet.Authentication
 
         public ClaimsPrincipal Principal { get; set; }
         public AuthenticationProperties Properties { get; set; }
+        public RemoteAuthenticationOptions Options { get; set; }
 
-        public bool IsRequestCompleted { get; private set; }
-
-        public void RequestCompleted()
-        {
-            IsRequestCompleted = true;
-        }
-
-        public string SignInScheme { get; set; }
-
-        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By design")]
-        public string RedirectUri { get; set; }
+        public string ReturnUri { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
new file mode 100644
index 0000000000..d9563e628f
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
@@ -0,0 +1,101 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.Extensions.Logging;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : RemoteAuthenticationOptions
+    {
+        public override async Task<bool> HandleRequestAsync()
+        {
+            if (Options.CallbackPath == Request.Path)
+            {
+                return await HandleRemoteCallbackAsync();
+            }
+            return false;
+        }
+
+        protected virtual async Task<bool> HandleRemoteCallbackAsync()
+        {
+            var authResult = await HandleRemoteAuthenticateAsync();
+            if (authResult == null || !authResult.Succeeded)
+            {
+                var errorContext = new ErrorContext(Context, authResult?.Error ?? new Exception("Invalid return state, unable to redirect."));
+                Logger.LogInformation("Error from RemoteAuthentication: " + errorContext.Error.Message);
+                await Options.Events.RemoteError(errorContext);
+                if (errorContext.HandledResponse)
+                {
+                    return true;
+                }
+                if (errorContext.Skipped)
+                {
+                    return false;
+                }
+
+                Context.Response.StatusCode = 500;
+                return true;
+            }
+
+            // We have a ticket if we get here
+            var ticket = authResult.Ticket;
+            var context = new TicketReceivedContext(Context, Options, ticket)
+            {
+                ReturnUri = ticket.Properties.RedirectUri,
+            };
+            // REVIEW: is this safe or good?
+            ticket.Properties.RedirectUri = null;
+
+            await Options.Events.TicketReceived(context);
+
+            if (context.HandledResponse)
+            {
+                Logger.LogVerbose("The SigningIn event returned Handled.");
+                return true;
+            }
+            else if (context.Skipped)
+            {
+                Logger.LogVerbose("The SigningIn event returned Skipped.");
+                return false;
+            }
+
+            if (context.Principal != null)
+            {
+                await Context.Authentication.SignInAsync(Options.SignInScheme, context.Principal, context.Properties);
+            }
+
+            if (context.ReturnUri != null)
+            {
+                Response.Redirect(context.ReturnUri);
+                return true;
+            }
+
+            return false;
+        }
+
+        protected abstract Task<AuthenticateResult> HandleRemoteAuthenticateAsync();
+
+        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            return Task.FromResult(AuthenticateResult.Failed("Remote authentication does not support authenticate"));
+        }
+
+        protected override Task HandleSignOutAsync(SignOutContext context)
+        {
+            throw new NotSupportedException();
+        }
+
+        protected override Task HandleSignInAsync(SignInContext context)
+        {
+            throw new NotSupportedException();
+        }
+
+        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        {
+            throw new NotSupportedException();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
new file mode 100644
index 0000000000..f5dad7267f
--- /dev/null
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
@@ -0,0 +1,53 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+
+namespace Microsoft.AspNet.Authentication
+{
+    public class RemoteAuthenticationOptions : AuthenticationOptions
+    {
+        /// <summary>
+        /// Gets or sets timeout value in milliseconds for back channel communications with Twitter.
+        /// </summary>
+        /// <value>
+        /// The back channel timeout.
+        /// </value>
+        public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60);
+
+        /// <summary>
+        /// The HttpMessageHandler used to communicate with Twitter.
+        /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
+        /// can be downcast to a WebRequestHandler.
+        /// </summary>
+        public HttpMessageHandler BackchannelHttpHandler { get; set; }
+
+        /// <summary>
+        /// The request path within the application's base path where the user-agent will be returned.
+        /// The middleware will process this request when it arrives.
+        /// </summary>
+        public PathString CallbackPath { get; set; }
+
+        /// <summary>
+        /// Gets or sets the authentication scheme corresponding to the middleware
+        /// responsible of persisting user's identity after a successful authentication.
+        /// This value typically corresponds to a cookie middleware registered in the Startup class.
+        /// When omitted, <see cref="SharedAuthenticationOptions.SignInScheme"/> is used as a fallback value.
+        /// </summary>
+        public string SignInScheme { get; set; }
+
+        /// <summary>
+        /// Get or sets the text that the user can display on a sign in user interface.
+        /// </summary>
+        public string DisplayName
+        {
+            get { return Description.DisplayName; }
+            set { Description.DisplayName = value; }
+        }
+
+        public IRemoteAuthenticationEvents Events = new RemoteAuthenticationEvents();
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index c4132c0be1..d82988e82b 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -18,7 +18,15 @@
         "Microsoft.Extensions.WebEncoders": "1.0.0-*"
     },
     "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
+        "dnx451": {
+            "frameworkAssemblies": {
+                "System.Net.Http": ""
+            }
+        },
+        "dnxcore50": {
+            "dependencies": {
+                "System.Net.Http": "4.0.1-beta-*"
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index bb7af889bc..2d8cf315d4 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -9,16 +9,16 @@ namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationPolicy
     {
-        public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> activeAuthenticationSchemes)
+        public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> authenticationSchemes)
         {
             if (requirements == null)
             {
                 throw new ArgumentNullException(nameof(requirements));
             }
 
-            if (activeAuthenticationSchemes == null)
+            if (authenticationSchemes == null)
             {
-                throw new ArgumentNullException(nameof(activeAuthenticationSchemes));
+                throw new ArgumentNullException(nameof(authenticationSchemes));
             }
 
             if (requirements.Count() == 0)
@@ -26,11 +26,11 @@ namespace Microsoft.AspNet.Authorization
                 throw new InvalidOperationException(Resources.Exception_AuthorizationPolicyEmpty);
             }
             Requirements = new List<IAuthorizationRequirement>(requirements).AsReadOnly();
-            ActiveAuthenticationSchemes = new List<string>(activeAuthenticationSchemes).AsReadOnly();
+            AuthenticationSchemes = new List<string>(authenticationSchemes).AsReadOnly();
         }
 
         public IReadOnlyList<IAuthorizationRequirement> Requirements { get; }
-        public IReadOnlyList<string> ActiveAuthenticationSchemes { get; }
+        public IReadOnlyList<string> AuthenticationSchemes { get; }
 
         public static AuthorizationPolicy Combine(params AuthorizationPolicy[] policies)
         {
@@ -96,7 +96,7 @@ namespace Microsoft.AspNet.Authorization
                 {
                     foreach (var authType in authTypesSplit)
                     {
-                        policyBuilder.ActiveAuthenticationSchemes.Add(authType);
+                        policyBuilder.AuthenticationSchemes.Add(authType);
                     }
                 }
                 if (useDefaultPolicy)
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index 331317fef6..aebd49e662 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -9,9 +9,9 @@ namespace Microsoft.AspNet.Authorization
 {
     public class AuthorizationPolicyBuilder
     {
-        public AuthorizationPolicyBuilder(params string[] activeAuthenticationSchemes)
+        public AuthorizationPolicyBuilder(params string[] authenticationSchemes)
         {
-            AddAuthenticationSchemes(activeAuthenticationSchemes);
+            AddAuthenticationSchemes(authenticationSchemes);
         }
 
         public AuthorizationPolicyBuilder(AuthorizationPolicy policy)
@@ -20,13 +20,13 @@ namespace Microsoft.AspNet.Authorization
         }
 
         public IList<IAuthorizationRequirement> Requirements { get; set; } = new List<IAuthorizationRequirement>();
-        public IList<string> ActiveAuthenticationSchemes { get; set; } = new List<string>();
+        public IList<string> AuthenticationSchemes { get; set; } = new List<string>();
 
-        public AuthorizationPolicyBuilder AddAuthenticationSchemes(params string[] activeAuthTypes)
+        public AuthorizationPolicyBuilder AddAuthenticationSchemes(params string[] schemes)
         {
-            foreach (var authType in activeAuthTypes)
+            foreach (var authType in schemes)
             {
-                ActiveAuthenticationSchemes.Add(authType);
+                AuthenticationSchemes.Add(authType);
             }
             return this;
         }
@@ -47,7 +47,7 @@ namespace Microsoft.AspNet.Authorization
                 throw new ArgumentNullException(nameof(policy));
             }
 
-            AddAuthenticationSchemes(policy.ActiveAuthenticationSchemes.ToArray());
+            AddAuthenticationSchemes(policy.AuthenticationSchemes.ToArray());
             AddRequirements(policy.Requirements.ToArray());
             return this;
         }
@@ -135,7 +135,7 @@ namespace Microsoft.AspNet.Authorization
 
         public AuthorizationPolicy Build()
         {
-            return new AuthorizationPolicy(Requirements, ActiveAuthenticationSchemes.Distinct());
+            return new AuthorizationPolicy(Requirements, AuthenticationSchemes.Distinct());
         }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index b39693103f..e8423dbba1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -5,6 +5,7 @@ using System;
 using System.IO;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.Http.Internal;
@@ -19,10 +20,10 @@ namespace Microsoft.AspNet.Authentication
         public async Task ShouldHandleSchemeAreDeterminedOnlyByMatchingAuthenticationScheme()
         {
             var handler = await TestHandler.Create("Alpha");
-            var passiveNoMatch = handler.ShouldHandleScheme("Beta");
+            var passiveNoMatch = handler.ShouldHandleScheme("Beta", handleAutomatic: false);
 
             handler = await TestHandler.Create("Alpha");
-            var passiveWithMatch = handler.ShouldHandleScheme("Alpha");
+            var passiveWithMatch = handler.ShouldHandleScheme("Alpha", handleAutomatic: false);
 
             Assert.False(passiveNoMatch);
             Assert.True(passiveWithMatch);
@@ -32,47 +33,37 @@ namespace Microsoft.AspNet.Authentication
         public async Task AutomaticHandlerInAutomaticModeHandlesEmptyChallenges()
         {
             var handler = await TestAutoHandler.Create("ignored", true);
-            Assert.True(handler.ShouldHandleScheme(""));
+            Assert.True(handler.ShouldHandleScheme(AuthenticationManager.AutomaticScheme, handleAutomatic: true));
         }
 
-        [Fact]
-        public async Task AutomaticHandlerHandlesNullScheme()
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData("        ")]
+        [InlineData("notmatched")]
+        public async Task AutomaticHandlerDoesNotHandleSchemes(string scheme)
         {
             var handler = await TestAutoHandler.Create("ignored", true);
-            Assert.True(handler.ShouldHandleScheme(null));
-        }
-
-        [Fact]
-        public async Task AutomaticHandlerIgnoresWhitespaceScheme()
-        {
-            var handler = await TestAutoHandler.Create("ignored", true);
-            Assert.False(handler.ShouldHandleScheme("    "));
+            Assert.False(handler.ShouldHandleScheme(scheme, handleAutomatic: true));
         }
 
         [Fact]
         public async Task AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
         {
             var handler = await TestAutoHandler.Create("Alpha", true);
-            Assert.True(handler.ShouldHandleScheme("Alpha"));
-        }
-
-        [Fact]
-        public async Task AutomaticHandlerShouldNotHandleChallengeWhenSchemeDoesNotMatches()
-        {
-            var handler = await TestAutoHandler.Create("Dog", true);
-            Assert.False(handler.ShouldHandleScheme("Alpha"));
+            Assert.True(handler.ShouldHandleScheme("Alpha", handleAutomatic: true));
         }
 
         [Fact]
         public async Task AutomaticHandlerShouldNotHandleChallengeWhenSchemesNotEmpty()
         {
             var handler = await TestAutoHandler.Create(null, true);
-            Assert.False(handler.ShouldHandleScheme("Alpha"));
+            Assert.False(handler.ShouldHandleScheme("Alpha", handleAutomatic: true));
         }
 
         [Theory]
         [InlineData("Alpha")]
-        [InlineData("")]
+        [InlineData("Automatic")]
         public async Task AuthHandlerAuthenticateCachesTicket(string scheme)
         {
             var handler = await CountHandler.Create(scheme);
@@ -100,14 +91,14 @@ namespace Microsoft.AspNet.Authentication
                     new LoggerFactory().CreateLogger("CountHandler"),
                     Extensions.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
-                handler.Options.AutomaticAuthentication = true;
+                handler.Options.AutomaticAuthenticate = true;
                 return handler;
             }
 
-            protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
+            protected override Task<AuthenticateResult> HandleAuthenticateAsync()
             {
                 AuthCount++;
-                return Task.FromResult(new AuthenticationTicket(null, null));
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new Http.Authentication.AuthenticationProperties(), "whatever")));
             }
 
         }
@@ -129,9 +120,9 @@ namespace Microsoft.AspNet.Authentication
                 return handler;
             }
 
-            protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
+            protected override Task<AuthenticateResult> HandleAuthenticateAsync()
             {
-                return Task.FromResult<AuthenticationTicket>(null);
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new Http.Authentication.AuthenticationProperties(), "whatever")));
             }
         }
 
@@ -141,7 +132,7 @@ namespace Microsoft.AspNet.Authentication
         {
             public TestAutoOptions()
             {
-                AutomaticAuthentication = true;
+                AutomaticAuthenticate = true;
             }
         }
 
@@ -159,13 +150,13 @@ namespace Microsoft.AspNet.Authentication
                     new LoggerFactory().CreateLogger("TestAutoHandler"),
                     Extensions.WebEncoders.UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
-                handler.Options.AutomaticAuthentication = auto;
+                handler.Options.AutomaticAuthenticate = auto;
                 return handler;
             }
 
-            protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
+            protected override Task<AuthenticateResult> HandleAuthenticateAsync()
             {
-                return Task.FromResult<AuthenticationTicket>(null);
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new Http.Authentication.AuthenticationProperties(), "whatever")));
             }
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 5a38ca1ad1..82bb7a90fc 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var server = CreateServer(options =>
             {
                 options.LoginPath = new PathString("/login");
-                options.AutomaticAuthentication = auto;
+                options.AutomaticChallenge = auto;
             });
 
             var transaction = await SendAsync(server, "http://example.com/protected");
@@ -60,7 +60,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri()
         {
-            var server = CreateServer(options => options.AutomaticAuthentication = true);
+            var server = CreateServer(options => options.AutomaticChallenge = true);
 
             var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
@@ -573,7 +573,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var clock = new TestClock();
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = automatic;
+                options.AutomaticAuthenticate = automatic;
                 options.SystemClock = clock;
             }, 
             SignInAsAlice);
@@ -596,7 +596,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var clock = new TestClock();
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = automatic;
+                options.AutomaticAuthenticate = automatic;
                 options.SystemClock = clock;
             },
             SignInAsAlice);
@@ -617,7 +617,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var clock = new TestClock();
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = automatic;
+                options.AutomaticAuthenticate = automatic;
                 options.SystemClock = clock;
             },
             SignInAsAlice);
@@ -1002,10 +1002,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     }
                 });
             },
-            services =>
-            {
-                services.AddAuthentication();
-            });
+            services => services.AddAuthentication());
             server.BaseAddress = baseAddress;
             return server;
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index efab3c54d1..ae7e6ce652 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -18,6 +18,8 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json;
 using Xunit;
+using System.Diagnostics;
+using Microsoft.AspNet.Authentication.Cookies;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
@@ -45,7 +47,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                     app.UseCookieAuthentication(options =>
                     {
                         options.AuthenticationScheme = "External";
-                        options.AutomaticAuthentication = true;
+                        options.AutomaticAuthenticate = true;
                     });
                 },
                 services =>
@@ -158,11 +160,12 @@ namespace Microsoft.AspNet.Authentication.Facebook
         public async Task CustomUserInfoEndpointHasValidGraphQuery()
         {
             var customUserInfoEndpoint = "https://graph.facebook.com/me?fields=email,timezone,picture";
-            string finalUserInfoEndpoint = string.Empty;
+            var finalUserInfoEndpoint = string.Empty;
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("FacebookTest"));
             var server = CreateServer(
                 app =>
                 {
+                    app.UseCookieAuthentication();
                     app.UseFacebookAuthentication(options =>
                     {
                         options.AppId = "Test App Id";
@@ -200,11 +203,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
                             }
                         };
                     });
-                    app.UseCookieAuthentication();
                 },
                 services =>
                 {
-                    services.AddAuthentication();
+                    services.AddAuthentication(options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
                 }, handler: null);
 
             var properties = new AuthenticationProperties();
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index b6335093c1..48d513ad7b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -13,6 +13,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.WebEncoders;
@@ -88,7 +89,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.AutomaticAuthentication = true;
+                options.AutomaticChallenge = true;
             });
             var transaction = await server.SendAsync("https://example.com/401");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -119,7 +120,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.AutomaticAuthentication = true;
+                options.AutomaticChallenge = true;
             });
             var transaction = await server.SendAsync("https://example.com/401");
             Assert.Contains(".AspNet.Correlation.Google=", transaction.SetCookie.Single());
@@ -146,7 +147,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.AutomaticAuthentication = true;
+                options.AutomaticChallenge = true;
             });
             var transaction = await server.SendAsync("https://example.com/401");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -161,7 +162,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
-                options.AutomaticAuthentication = true;
+                options.AutomaticChallenge = true;
             },
             context =>
                 {
@@ -212,6 +213,29 @@ namespace Microsoft.AspNet.Authentication.Google
             Assert.Contains("custom=test", query);
         }
 
+        [Fact]
+        public async Task AuthenticateWillFail()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            },
+            async context => 
+            {
+                var req = context.Request;
+                var res = context.Response;
+                if (req.Path == new PathString("/auth"))
+                {
+                    var auth = new AuthenticateContext("Google");
+                    await context.Authentication.AuthenticateAsync(auth);
+                    Assert.NotNull(auth.Error);
+                }
+            });
+            var transaction = await server.SendAsync("https://example.com/auth");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
         [Fact]
         public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
         {
@@ -224,6 +248,40 @@ namespace Microsoft.AspNet.Authentication.Google
             Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
         }
 
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ReplyPathWithErrorFails(bool redirect)
+        {
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                if (redirect)
+                {
+                    options.Events = new OAuthEvents()
+                    {
+                        OnRemoteError = ctx =>
+                        {
+                            ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                            ctx.HandleResponse();
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
+            });
+            var transaction = await server.SendAsync("https://example.com/signin-google?error=OMG");
+            if (redirect)
+            {
+                Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+                Assert.Equal("/error?ErrorMessage=OMG", transaction.Response.Headers.GetValues("Location").First());
+            }
+            else
+            {
+                Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+            }
+        }
+
         [Theory]
         [InlineData(null)]
         [InlineData("CustomIssuer")]
@@ -305,8 +363,11 @@ namespace Microsoft.AspNet.Authentication.Google
             Assert.Equal("yup", transaction.FindClaimValue("xform"));
         }
 
-        [Fact]
-        public async Task ReplyPathWillRejectIfCodeIsInvalid()
+        // REVIEW: Fix this once we revisit error handling to not blow up
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ReplyPathWillThrowIfCodeIsInvalid(bool redirect)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
@@ -321,22 +382,50 @@ namespace Microsoft.AspNet.Authentication.Google
                         return new HttpResponseMessage(HttpStatusCode.BadRequest);
                     }
                 };
+                if (redirect)
+                {
+                    options.Events = new OAuthEvents()
+                    {
+                        OnRemoteError = ctx =>
+                        {
+                            ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                            ctx.HandleResponse();
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
+
             var state = stateFormat.Protect(properties);
-            var transaction = await server.SendAsync(
+
+            await Assert.ThrowsAsync<HttpRequestException>(() => server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
-                correlationKey + "=" + correlationValue);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Contains("error=access_denied", transaction.Response.Headers.Location.ToString());
+                correlationKey + "=" + correlationValue));
+
+            //var transaction = await server.SendAsync(
+            //    "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+            //    correlationKey + "=" + correlationValue);
+            //if (redirect)
+            //{
+            //    Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            //    Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode("Access token was not found."),
+            //        transaction.Response.Headers.GetValues("Location").First());
+            //}
+            //else
+            //{
+            //    Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+            //}
         }
 
-        [Fact]
-        public async Task ReplyPathWillRejectIfAccessTokenIsMissing()
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ReplyPathWillRejectIfAccessTokenIsMissing(bool redirect)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
@@ -351,6 +440,18 @@ namespace Microsoft.AspNet.Authentication.Google
                         return ReturnJsonResponse(new object());
                     }
                 };
+                if (redirect)
+                {
+                    options.Events = new OAuthEvents()
+                    {
+                        OnRemoteError = ctx =>
+                        {
+                            ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                            ctx.HandleResponse();
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
@@ -361,8 +462,16 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
                 correlationKey + "=" + correlationValue);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Contains("error=access_denied", transaction.Response.Headers.Location.ToString());
+            if (redirect)
+            {
+                Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode("Access token was not found."),
+                    transaction.Response.Headers.GetValues("Location").First());
+            }
+            else
+            {
+                Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+            }
         }
 
         [Fact]
@@ -420,7 +529,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         var refreshToken = context.RefreshToken;
                         context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
-                        return Task.FromResult<object>(null);
+                        return Task.FromResult(0);
                     }
                 };
             });
@@ -529,6 +638,50 @@ namespace Microsoft.AspNet.Authentication.Google
             Assert.Equal("/foo", transaction.Response.Headers.GetValues("Location").First());
         }
 
+        [Fact]
+        public async Task NoStateCauses500()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+            });
+
+            //Post a message to the Google middleware
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode");
+
+            Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task CanRedirectOnError()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.Events = new OAuthEvents()
+                {
+                    OnRemoteError = ctx =>
+                    {
+                        ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                        ctx.HandleResponse();
+                        return Task.FromResult(0);
+                    }
+                };
+            });
+
+            //Post a message to the Google middleware
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode");
+
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode("The oauth state was missing or invalid."),
+                transaction.Response.Headers.GetValues("Location").First());
+        }
 
         private static HttpResponseMessage ReturnJsonResponse(object content)
         {
@@ -545,7 +698,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 app.UseCookieAuthentication(options =>
                 {
                     options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
-                    options.AutomaticAuthentication = true;
+                    options.AutomaticAuthenticate = true;
                 });
                 app.UseGoogleAuthentication(configureOptions);
                 app.UseClaimsTransformation(p =>
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 4728ef7515..17e14d449d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
 
                 options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
                 options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
@@ -44,7 +44,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -55,7 +55,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
 
                 options.Events = new JwtBearerEvents()
                 {
@@ -117,7 +117,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
 
                 options.Events = new JwtBearerEvents()
                 {
@@ -151,7 +151,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
 
                 options.Events = new JwtBearerEvents()
                 {
@@ -188,7 +188,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         {
             var server = CreateServer(options =>
             {
-                options.AutomaticAuthentication = true;
+                options.AutomaticAuthenticate = true;
 
                 options.Events = new JwtBearerEvents()
                 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index a7d8a8b095..f30474f522 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -182,7 +182,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 app.UseCookieAuthentication(options =>
                 {
                     options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
-                    options.AutomaticAuthentication = true;
+                    options.AutomaticAuthenticate = true;
                 });
                 app.UseMicrosoftAccountAuthentication(configureOptions);
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
index 79e96d7d1c..ccdd74e3ff 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
@@ -5,8 +5,6 @@ using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Newtonsoft.Json.Linq;
 
@@ -17,16 +15,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// </summary>
     public class OpenIdConnectHandlerForTestingAuthenticate : OpenIdConnectHandler
     {
-        public OpenIdConnectHandlerForTestingAuthenticate()
-                    : base(null)
+        public OpenIdConnectHandlerForTestingAuthenticate() : base(null)
         {
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
-        {
-            return await base.HandleUnauthorizedAsync(context);
-        }
-
         protected override Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
         {
             var jsonResponse = new JObject();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index d01f3e6d63..1f695d97de 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -98,6 +98,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
             options.ClientId = Guid.NewGuid().ToString();
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            options.SignInScheme = "Cookies";
             options.Events = new OpenIdConnectEvents()
             {
                 OnTokenResponseReceived = context =>
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 8b6eaf4d44..0e7cf68e16 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -154,7 +154,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>();
             mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
             mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
-            options.AutomaticAuthentication = true;
+            options.AutomaticChallenge = true;
             options.Events = new OpenIdConnectEvents()
             {
                 OnRedirectToAuthenticationEndpoint = (context) =>
@@ -191,7 +191,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var server = CreateServer(options =>
             {
                 SetOptions(options, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
-                options.AutomaticAuthentication = challenge.Equals(ChallengeWithOutContext);
+                options.AutomaticChallenge = challenge.Equals(ChallengeWithOutContext);
                 options.Events = new OpenIdConnectEvents()
                 {
                     OnRedirectToAuthenticationEndpoint = context =>
@@ -306,7 +306,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static void DefaultChallengeOptions(OpenIdConnectOptions options)
         {
             options.AuthenticationScheme = "OpenIdConnectHandlerTest";
-            options.AutomaticAuthentication = true;
+            options.AutomaticChallenge = true;
             options.ClientId = Guid.NewGuid().ToString();
             options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
             options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index d64474ae0a..aa060482b6 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
@@ -10,6 +11,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.WebEncoders;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Twitter
@@ -61,6 +63,22 @@ namespace Microsoft.AspNet.Authentication.Twitter
             Assert.Contains("custom=test", query);
         }
 
+        [Fact]
+        public async Task BadSignInWill500()
+        {
+            var server = CreateServer(options =>
+            {
+                options.ConsumerKey = "Test Consumer Key";
+                options.ConsumerSecret = "Test Consumer Secret";
+            });
+
+            // Send a bogus sign in
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-twitter");
+
+            Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+        }
+
         [Fact]
         public async Task SignInThrows()
         {
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 5f04c2b78f..93aaeb6156 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -34,9 +34,9 @@ namespace Microsoft.AspNet.Authroization.Test
             var combined = AuthorizationPolicy.Combine(options, attributes);
 
             // Assert
-            Assert.Equal(2, combined.ActiveAuthenticationSchemes.Count());
-            Assert.True(combined.ActiveAuthenticationSchemes.Contains("dupe"));
-            Assert.True(combined.ActiveAuthenticationSchemes.Contains("roles"));
+            Assert.Equal(2, combined.AuthenticationSchemes.Count());
+            Assert.True(combined.AuthenticationSchemes.Contains("dupe"));
+            Assert.True(combined.AuthenticationSchemes.Contains("roles"));
             Assert.Equal(4, combined.Requirements.Count());
             Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
             Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
@@ -59,9 +59,9 @@ namespace Microsoft.AspNet.Authroization.Test
             var combined = AuthorizationPolicy.Combine(options, attributes);
 
             // Assert
-            Assert.Equal(2, combined.ActiveAuthenticationSchemes.Count());
-            Assert.True(combined.ActiveAuthenticationSchemes.Contains("dupe"));
-            Assert.True(combined.ActiveAuthenticationSchemes.Contains("default"));
+            Assert.Equal(2, combined.AuthenticationSchemes.Count());
+            Assert.True(combined.AuthenticationSchemes.Contains("dupe"));
+            Assert.True(combined.AuthenticationSchemes.Contains("default"));
             Assert.Equal(2, combined.Requirements.Count());
             Assert.False(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
             Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());

From 835903892771b9e833985c43bc3b967f66f31892 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 15 Oct 2015 16:51:12 -0700
Subject: [PATCH 364/900] Address remaining PR feedback + misc cleanup

---
 .../CookieAuthenticationDefaults.cs           |  4 +-
 .../CookieAuthenticationOptions.cs            |  5 +-
 .../FacebookDefaults.cs                       |  6 +-
 .../GoogleDefaults.cs                         |  6 +-
 .../JwtBearerOptions.cs                       |  5 +-
 .../MicrosoftAccountDefaults.cs               |  6 +-
 .../OpenIdConnectDefaults.cs                  | 12 +--
 .../OpenIdConnectHandler.cs                   | 28 +++----
 .../OpenIdConnectMiddleware.cs                | 17 ++--
 .../OpenIdConnectOptions.cs                   | 11 ---
 .../AuthenticationTicket.cs                   | 12 ++-
 .../DataHandler/TicketSerializer.cs           |  7 +-
 .../Events/TicketReceivedContext.cs           |  1 +
 .../RemoteAuthenticationHandler.cs            | 16 ++--
 .../AuthenticationHandlerFacts.cs             |  7 +-
 .../DataHandler/TicketSerializerTests.cs      | 16 ----
 .../Google/GoogleMiddlewareTests.cs           | 81 ++++++++++++++++++-
 ...nIdConnectHandlerForTestingAuthenticate.cs |  2 +-
 ...ConnectMiddlewareForTestingAuthenticate.cs |  3 +-
 19 files changed, 146 insertions(+), 99 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
index d47cca2052..715c251008 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -19,7 +19,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// The prefix used to provide a default CookieAuthenticationOptions.CookieName
         /// </summary>
-        public const string CookiePrefix = ".AspNet.";
+        public static readonly string CookiePrefix = ".AspNet.";
 
         /// <summary>
         /// The default value used by CookieAuthenticationMiddleware for the
@@ -45,6 +45,6 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// The default value of the CookieAuthenticationOptions.ReturnUrlParameter
         /// </summary>
-        public const string ReturnUrlParameter = "ReturnUrl";
+        public static readonly string ReturnUrlParameter = "ReturnUrl";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 472ea80eac..8bb1d39598 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.OptionsModel;
@@ -133,9 +134,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
 
         /// <summary>
-        /// The SystemClock provides access to the system's current time coordinates. If it is not provided a default instance is
-        /// used which calls DateTimeOffset.UtcNow. This is typically not replaced except for unit testing. 
+        /// For testing purposes only.
         /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public ISystemClock SystemClock { get; set; }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
index 765871274a..4877b25fc6 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
     {
         public const string AuthenticationScheme = "Facebook";
 
-        public const string AuthorizationEndpoint = "https://www.facebook.com/v2.2/dialog/oauth";
+        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.2/dialog/oauth";
 
-        public const string TokenEndpoint = "https://graph.facebook.com/v2.2/oauth/access_token";
+        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.2/oauth/access_token";
 
-        public const string UserInformationEndpoint = "https://graph.facebook.com/v2.2/me";
+        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.2/me";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
index 4085778d35..28fa46bc57 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNet.Authentication.Google
     {
         public const string AuthenticationScheme = "Google";
 
-        public const string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
+        public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
 
-        public const string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
+        public static readonly string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
 
-        public const string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
+        public static readonly string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
index 5aca4a1392..bd1f9ded6e 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.ComponentModel;
 using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
@@ -85,9 +86,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         public bool RefreshOnIssuerKeyNotFound { get; set; } = true;
 
         /// <summary>
-        /// Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on
-        /// DateTimeOffset.UtcNow. This is typically needed only for unit testing.
+        /// For testing purposes only.
         /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public ISystemClock SystemClock { get; set; } = new SystemClock();
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
index 4cfd9dda03..be0732ae6d 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
     {
         public const string AuthenticationScheme = "Microsoft";
 
-        public const string AuthorizationEndpoint = "https://login.live.com/oauth20_authorize.srf";
+        public static readonly string AuthorizationEndpoint = "https://login.live.com/oauth20_authorize.srf";
 
-        public const string TokenEndpoint = "https://login.live.com/oauth20_token.srf";
+        public static readonly string TokenEndpoint = "https://login.live.com/oauth20_token.srf";
 
-        public const string UserInformationEndpoint = "https://apis.live.net/v5.0/me";
+        public static readonly string UserInformationEndpoint = "https://apis.live.net/v5.0/me";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
index 3ddeb0fc88..e280a6afb1 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Constant used to identify state in openIdConnect protocol message.
         /// </summary>
-        public const string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
+        public static readonly string AuthenticationPropertiesKey = "OpenIdConnect.AuthenticationProperties";
 
         /// <summary>
         /// The default value used for OpenIdConnectOptions.AuthenticationScheme.
@@ -21,26 +21,26 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// The default value for OpenIdConnectOptions.Caption.
         /// </summary>
-        public const string Caption = "OpenIdConnect";
+        public static readonly string Caption = "OpenIdConnect";
 
         /// <summary>
         /// The prefix used to for the nonce in the cookie.
         /// </summary>
-        public const string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
+        public static readonly string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
 
         /// <summary>
         /// The prefix used for the state in the cookie.
         /// </summary>
-        public const string CookieStatePrefix = ".AspNet.OpenIdConnect.State.";
+        public static readonly string CookieStatePrefix = ".AspNet.OpenIdConnect.State.";
 
         /// <summary>
         /// The property for the RedirectUri that was used when asking for a 'authorizationCode'.
         /// </summary>
-        public const string RedirectUriForCodePropertiesKey = "OpenIdConnect.Code.RedirectUri";
+        public static readonly string RedirectUriForCodePropertiesKey = "OpenIdConnect.Code.RedirectUri";
 
         /// <summary>
         /// Constant used to identify userstate inside AuthenticationProperties that have been serialized in the 'state' parameter.
         /// </summary>
-        public const string UserstatePropertiesKey = "OpenIdConnect.Userstate";
+        public static readonly string UserstatePropertiesKey = "OpenIdConnect.Userstate";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9a62cba956..c6abe26eef 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -17,6 +17,7 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
@@ -52,9 +53,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         protected HttpClient Backchannel { get; private set; }
 
-        public OpenIdConnectHandler(HttpClient backchannel)
+        protected IHtmlEncoder HtmlEncoder { get; private set; }
+
+        public OpenIdConnectHandler(HttpClient backchannel, IHtmlEncoder htmlEncoder)
         {
             Backchannel = backchannel;
+            HtmlEncoder = htmlEncoder;
         }
 
         /// <summary>
@@ -129,14 +133,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     var inputs = new StringBuilder();
                     foreach (var parameter in message.Parameters)
                     {
-                        var name = Options.HtmlEncoder.HtmlEncode(parameter.Key);
-                        var value = Options.HtmlEncoder.HtmlEncode(parameter.Value);
+                        var name = HtmlEncoder.HtmlEncode(parameter.Key);
+                        var value = HtmlEncoder.HtmlEncode(parameter.Value);
 
                         var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
                         inputs.AppendLine(input);
                     }
 
-                    var issuer = Options.HtmlEncoder.HtmlEncode(message.IssuerAddress);
+                    var issuer = HtmlEncoder.HtmlEncode(message.IssuerAddress);
 
                     var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
                     var buffer = Encoding.UTF8.GetBytes(content);
@@ -170,18 +174,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
-            // 2. CurrentUri if Options.DefaultToCurrentUriOnRedirect is true)
+            // 2. CurrentUri if RedirectUri is not set)
             var properties = new AuthenticationProperties(context.Properties);
 
-            if (!string.IsNullOrEmpty(properties.RedirectUri))
+            if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                Logger.LogDebug(Resources.OIDCH_0030_Using_Properties_RedirectUri, properties.RedirectUri);
-            }
-            else if (Options.DefaultToCurrentUriOnRedirect)
-            {
-                Logger.LogDebug(Resources.OIDCH_0032_UsingCurrentUriRedirectUri, CurrentUri);
                 properties.RedirectUri = CurrentUri;
             }
+            Logger.LogDebug(Resources.OIDCH_0030_Using_Properties_RedirectUri, properties.RedirectUri);
 
             if (_configuration == null && Options.ConfigurationManager != null)
             {
@@ -270,14 +270,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var inputs = new StringBuilder();
                 foreach (var parameter in message.Parameters)
                 {
-                    var name = Options.HtmlEncoder.HtmlEncode(parameter.Key);
-                    var value = Options.HtmlEncoder.HtmlEncode(parameter.Value);
+                    var name = HtmlEncoder.HtmlEncode(parameter.Key);
+                    var value = HtmlEncoder.HtmlEncode(parameter.Value);
 
                     var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
                     inputs.AppendLine(input);
                 }
 
-                var issuer = Options.HtmlEncoder.HtmlEncode(message.IssuerAddress);
+                var issuer = HtmlEncoder.HtmlEncode(message.IssuerAddress);
 
                 var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
                 var buffer = Encoding.UTF8.GetBytes(content);
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 82a393ae4b..c0ecff39a8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -39,7 +39,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             IUrlEncoder encoder,
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            OpenIdConnectOptions options)
+            OpenIdConnectOptions options,
+            IHtmlEncoder htmlEncoder)
             : base(next, options, loggerFactory, encoder)
         {
             if (next == null)
@@ -77,6 +78,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(options));
             }
 
+            if (htmlEncoder == null)
+            {
+                throw new ArgumentNullException(nameof(htmlEncoder));
+            }
+
             if (!Options.CallbackPath.HasValue)
             {
                 throw new ArgumentException("Options.CallbackPath must be provided.");
@@ -91,10 +97,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 throw new ArgumentException("Options.SignInScheme is required.");
             }
 
-            if (Options.HtmlEncoder == null)
-            {
-                Options.HtmlEncoder = services.GetHtmlEncoder();
-            }
+            HtmlEncoder = htmlEncoder;
 
             if (Options.StateDataFormat == null)
             {
@@ -170,13 +173,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         protected HttpClient Backchannel { get; private set; }
 
+        protected IHtmlEncoder HtmlEncoder { get; private set; }
+
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
         /// </summary>
         /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OpenIdConnectOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler()
         {
-            return new OpenIdConnectHandler(Backchannel);
+            return new OpenIdConnectHandler(Backchannel, HtmlEncoder);
         }
 
         private class StringSerializer : IDataSerializer<string>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index c79451d225..b310ac4c2f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -87,12 +87,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }
 
-        /// <summary>
-        /// Gets or sets a value controlling if the 'CurrentUri' should be used as the 'local redirect' post authentication
-        /// if AuthenticationProperties.RedirectUri is null or empty.
-        /// </summary>
-        public bool DefaultToCurrentUriOnRedirect { get; set; }
-
         /// <summary>
         /// Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
         /// </summary>
@@ -202,10 +196,5 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// You can set this property to <c>false</c> to reduce the size of the final authentication cookie.
         /// </summary>
         public bool SaveTokensAsClaims { get; set; } = true;
-
-        /// <summary>
-        /// Gets or sets the <see cref="IHtmlEncoder"/> used to sanitize HTML outputs.
-        /// </summary>
-        public IHtmlEncoder HtmlEncoder { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs b/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
index e72385d879..dffcebc08e 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Security.Claims;
 using Microsoft.AspNet.Http.Authentication;
 
@@ -11,13 +12,6 @@ namespace Microsoft.AspNet.Authentication
     /// </summary>
     public class AuthenticationTicket
     {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
-        /// </summary>
-        /// <param name="properties">additional properties that can be consumed by the user or runtime.</param>
-        /// <param name="authenticationScheme">the authentication middleware that was responsible for this ticket.</param>
-        public AuthenticationTicket(AuthenticationProperties properties, string authenticationScheme) : this(null, properties, authenticationScheme) { }
-
         /// <summary>
         /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
         /// </summary>
@@ -26,6 +20,10 @@ namespace Microsoft.AspNet.Authentication
         /// <param name="authenticationScheme">the authentication middleware that was responsible for this ticket.</param>
         public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties properties, string authenticationScheme)
         {
+            if (principal == null)
+            {
+                throw new ArgumentNullException(nameof(principal));
+            }
             AuthenticationScheme = authenticationScheme;
             Principal = principal;
             Properties = properties ?? new AuthenticationProperties();
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
index 44d304004f..b27027d11b 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
@@ -53,13 +53,8 @@ namespace Microsoft.AspNet.Authentication
             writer.Write(FormatVersion);
             writer.Write(ticket.AuthenticationScheme);
 
-            var principal = ticket.Principal;
-            if (principal == null)
-            {
-                throw new ArgumentNullException("model.Principal");
-            }
-
             // Write the number of identities contained in the principal.
+            var principal = ticket.Principal;
             writer.Write(principal.Identities.Count());
 
             foreach (var identity in principal.Identities)
diff --git a/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
index 2021209820..b2c5adbc58 100644
--- a/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
@@ -16,6 +16,7 @@ namespace Microsoft.AspNet.Authentication
             : base(context)
         {
             Options = options;
+            AuthenticationTicket = ticket;
             if (ticket != null)
             {
                 Principal = ticket.Principal;
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
index d9563e628f..7e382edd06 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
@@ -62,18 +62,16 @@ namespace Microsoft.AspNet.Authentication
                 return false;
             }
 
-            if (context.Principal != null)
+            await Context.Authentication.SignInAsync(Options.SignInScheme, context.Principal, context.Properties);
+
+            // Default redirect path is the base path
+            if (string.IsNullOrEmpty(context.ReturnUri))
             {
-                await Context.Authentication.SignInAsync(Options.SignInScheme, context.Principal, context.Properties);
+                context.ReturnUri = "/";
             }
 
-            if (context.ReturnUri != null)
-            {
-                Response.Redirect(context.ReturnUri);
-                return true;
-            }
-
-            return false;
+            Response.Redirect(context.ReturnUri);
+            return true;
         }
 
         protected abstract Task<AuthenticateResult> HandleRemoteAuthenticateAsync();
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index e8423dbba1..765065045a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.IO;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
@@ -98,7 +99,7 @@ namespace Microsoft.AspNet.Authentication
             protected override Task<AuthenticateResult> HandleAuthenticateAsync()
             {
                 AuthCount++;
-                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new Http.Authentication.AuthenticationProperties(), "whatever")));
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
             }
 
         }
@@ -122,7 +123,7 @@ namespace Microsoft.AspNet.Authentication
 
             protected override Task<AuthenticateResult> HandleAuthenticateAsync()
             {
-                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new Http.Authentication.AuthenticationProperties(), "whatever")));
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
             }
         }
 
@@ -156,7 +157,7 @@ namespace Microsoft.AspNet.Authentication
 
             protected override Task<AuthenticateResult> HandleAuthenticateAsync()
             {
-                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new Http.Authentication.AuthenticationProperties(), "whatever")));
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
             }
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
index a218209d44..0ab8bce417 100644
--- a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
@@ -13,22 +13,6 @@ namespace Microsoft.AspNet.Authentication
 {
     public class TicketSerializerTests
     {
-        [Fact]
-        public void NullPrincipalThrows()
-        {
-            var serializer = new TicketSerializer();
-            var properties = new AuthenticationProperties();
-            properties.RedirectUri = "bye";
-            var ticket = new AuthenticationTicket(properties, "Hello");
-
-            using (var stream = new MemoryStream())
-            using (var writer = new BinaryWriter(stream))
-            using (var reader = new BinaryReader(stream))
-            {
-                Assert.Throws<ArgumentNullException>(() => serializer.Write(writer, ticket));
-            }
-        }
-
         [Fact]
         public void CanRoundTripEmptyPrincipal()
         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 48d513ad7b..9a19a5635b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -263,7 +263,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         OnRemoteError = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -388,7 +388,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         OnRemoteError = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -446,7 +446,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         OnRemoteError = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -554,6 +554,79 @@ namespace Microsoft.AspNet.Authentication.Google
             Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken"));
         }
 
+        [Fact]
+        public async Task NullRedirectUriWillRedirectToSlash()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(options =>
+            {
+                options.ClientId = "Test Id";
+                options.ClientSecret = "Test Secret";
+                options.StateDataFormat = stateFormat;
+                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                        {
+                            return ReturnJsonResponse(new
+                            {
+                                access_token = "Test Access Token",
+                                expires_in = 3600,
+                                token_type = "Bearer",
+                                refresh_token = "Test Refresh Token"
+                            });
+                        }
+                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        {
+                            return ReturnJsonResponse(new
+                            {
+                                id = "Test User ID",
+                                displayName = "Test Name",
+                                name = new
+                                {
+                                    familyName = "Test Family Name",
+                                    givenName = "Test Given Name"
+                                },
+                                url = "Profile link",
+                                emails = new[]
+                                    {
+                                        new
+                                        {
+                                            value = "Test email",
+                                            type = "account"
+                                        }
+                                    }
+                            });
+                        }
+
+                        return null;
+                    }
+                };
+                options.Events = new OAuthEvents
+                {
+                    OnTicketReceived = context =>
+                    {
+                        context.AuthenticationTicket.Properties.RedirectUri = null;
+                        return Task.FromResult(0);
+                    }
+                };
+            });
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                correlationKey + "=" + correlationValue);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+        }
+
         [Fact]
         public async Task ValidateAuthenticatedContext()
         {
@@ -667,7 +740,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     OnRemoteError = ctx =>
                     {
-                        ctx.Response.Redirect("/error?ErrorMessage=" + ctx.Error.Message);
+                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
index ccdd74e3ff..0be9b7d69b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     /// </summary>
     public class OpenIdConnectHandlerForTestingAuthenticate : OpenIdConnectHandler
     {
-        public OpenIdConnectHandlerForTestingAuthenticate() : base(null)
+        public OpenIdConnectHandlerForTestingAuthenticate() : base(null, null)
         {
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index b144e838d9..c39e0798d9 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -28,9 +28,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             OpenIdConnectOptions options,
+            IHtmlEncoder htmlEncoder,
             OpenIdConnectHandler handler = null
             )
-        : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options)
+        : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options, htmlEncoder)
         {
             _handler = handler;
             var customFactory = loggerFactory as InMemoryLoggerFactory;

From 3c925fc4bf4ae831ee85093dd738adf172b9e704 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <elipton@microsoft.com>
Date: Wed, 14 Oct 2015 22:40:57 -0700
Subject: [PATCH 365/900] Fix package descriptions with proper casing

#468
---
 src/Microsoft.AspNet.Authentication.JwtBearer/project.json     | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index e1b5de2dfd..c72f4bf01b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -1,6 +1,6 @@
 {
     "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to receive a OpenIdConnect bearer token.",
+    "description": "ASP.NET 5 middleware that enables an application to receive an OpenID Connect bearer token.",
     "repository": {
         "type": "git",
         "url": "git://github.com/aspnet/security"
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index b2dd3f594f..2b1b0b4ca9 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -1,6 +1,6 @@
 {
     "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to support OpenIdConnect authentication workflow.",
+    "description": "ASP.NET 5 middleware that enables an application to support the OpenID Connect authentication workflow.",
     "repository": {
         "type": "git",
         "url": "git://github.com/aspnet/security"

From b5712ef17607019a0b4c7cb8740ed113044a6e5c Mon Sep 17 00:00:00 2001
From: Eilon Lipton <elipton@microsoft.com>
Date: Thu, 15 Oct 2015 23:00:10 -0700
Subject: [PATCH 366/900] Remove a bunch of unused test code

The tests were testing nothing but themselves!
---
 .../OpenIdConnect/InMemoryLogger.cs           |  57 -------
 .../OpenIdConnect/InMemoryLoggerFactory.cs    |  41 -----
 .../OpenIdConnect/LogEntry.cs                 |  41 -----
 .../OpenIdConnect/LoggingUtilities.cs         | 148 ------------------
 .../OpenIdConnectHandlerTests.cs              |  24 ---
 ...ConnectMiddlewareForTestingAuthenticate.cs |   5 +-
 .../OpenIdConnect/TestUtilities.cs            |  95 +----------
 7 files changed, 3 insertions(+), 408 deletions(-)
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs

diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
deleted file mode 100644
index a8bdbe8be4..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLogger.cs
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using Microsoft.Extensions.Logging;
-
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
-{
-    public class InMemoryLogger : ILogger, IDisposable
-    {
-        LogLevel _logLevel = 0;
-
-        public InMemoryLogger(LogLevel logLevel = LogLevel.Debug)
-        {
-            _logLevel = logLevel;
-        }
-
-        List<LogEntry> _logEntries = new List<LogEntry>();
-
-        public IDisposable BeginScopeImpl(object state)
-        {
-            return this;
-        }
-
-        public void Dispose()
-        {
-        }
-
-        public bool IsEnabled(LogLevel logLevel)
-        {
-            return (logLevel >= _logLevel);
-        }
-
-        public void Log(LogLevel logLevel, int eventId, object state, Exception exception, Func<object, Exception, string> formatter)
-        {
-            if (IsEnabled(logLevel))
-            {                
-                var logEntry =
-                    new LogEntry
-                    {
-                        EventId = eventId,
-                        Exception = exception,
-                        Formatter = formatter,
-                        Level = logLevel,
-                        State = state,
-                    };
-
-                _logEntries.Add(logEntry);
-                Debug.WriteLine(logEntry.ToString());
-            }
-        }
-
-        public List<LogEntry> Logs { get { return _logEntries; } }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
deleted file mode 100644
index 3185e6518f..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/InMemoryLoggerFactory.cs
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.Extensions.Logging;
-
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
-{
-    public class InMemoryLoggerFactory : ILoggerFactory
-    {
-        InMemoryLogger _logger;
-        LogLevel _logLevel = LogLevel.Debug;
-
-        public InMemoryLoggerFactory(LogLevel logLevel)
-        {
-            _logLevel = logLevel;
-            _logger = new InMemoryLogger(_logLevel);
-        }
-
-        public LogLevel MinimumLevel
-        {
-            get { return _logLevel; }
-            set { _logLevel = value; }
-        }
-
-        public void AddProvider(ILoggerProvider provider)
-        {
-        }
-
-        public ILogger CreateLogger(string categoryName)
-        {
-            return _logger;
-        }
-
-        public void Dispose()
-        {
-        }
-
-        public InMemoryLogger Logger { get { return _logger; } }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
deleted file mode 100644
index 285d42a66c..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LogEntry.cs
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-// this controls if the logs are written to the console.
-// they can be reviewed for general content.
-
-using System;
-using Microsoft.Extensions.Logging;
-
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
-{
-    public class LogEntry
-    {
-        public LogEntry() { }
-
-        public int EventId { get; set; }
-
-        public Exception Exception { get; set; }
-
-        public Func<object, Exception, string> Formatter { get; set; }
-
-        public LogLevel Level { get; set; }
-
-        public object State { get; set; }
-
-        public override string ToString()
-        {
-            if (Formatter != null)
-            {
-                return Formatter(this.State, this.Exception);
-            }
-            else
-            {
-                string message = (Formatter != null ? Formatter(State, Exception) : (State?.ToString() ?? "null"));
-                message += ", LogLevel: " + Level.ToString();
-                message += ", EventId: " + EventId.ToString();
-                message += ", Exception: " + (Exception == null ? "null" : Exception.Message);
-                return message;
-            }
-        }
-    }    
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
deleted file mode 100644
index b8d9e6e0c9..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/LoggingUtilities.cs
+++ /dev/null
@@ -1,148 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-// this controls if the logs are written to the console.
-// they can be reviewed for general content.
-
-using System;
-using System.Collections.Generic;
-using System.Text;
-using Microsoft.Extensions.Logging;
-
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
-{
-    public class LoggingUtilities
-    {
-        static List<LogEntry> CompleteLogEntries;
-        static Dictionary<string, LogLevel> LogEntries;
-
-        static LoggingUtilities()
-        {
-            LogEntries =
-                new Dictionary<string, LogLevel>()
-                {
-                    { "OIDCH_0000:", LogLevel.Debug },
-                    { "OIDCH_0001:", LogLevel.Debug },
-                    { "OIDCH_0002:", LogLevel.Verbose },
-                    { "OIDCH_0003:", LogLevel.Verbose },
-                    { "OIDCH_0004:", LogLevel.Warning },
-                    { "OIDCH_0005:", LogLevel.Error },
-                    { "OIDCH_0006:", LogLevel.Error },
-                    { "OIDCH_0007:", LogLevel.Verbose },
-                    { "OIDCH_0008:", LogLevel.Verbose },
-                    { "OIDCH_0009:", LogLevel.Verbose },
-                    { "OIDCH_0010:", LogLevel.Error },
-                    { "OIDCH_0011:", LogLevel.Error },
-                    { "OIDCH_0012:", LogLevel.Verbose },
-                    { "OIDCH_0013:", LogLevel.Verbose },
-                    { "OIDCH_0014:", LogLevel.Debug },
-                    { "OIDCH_0015:", LogLevel.Verbose },
-                    { "OIDCH_0016:", LogLevel.Verbose },
-                    { "OIDCH_0017:", LogLevel.Error },
-                    { "OIDCH_0018:", LogLevel.Verbose },
-                    { "OIDCH_0019:", LogLevel.Verbose },
-                    { "OIDCH_0020:", LogLevel.Debug },
-                    { "OIDCH_0021:", LogLevel.Verbose },
-                    { "OIDCH_0026:", LogLevel.Error },
-                    { "OIDCH_0038:", LogLevel.Debug },
-                    { "OIDCH_0040:", LogLevel.Debug },
-                    { "OIDCH_0042:", LogLevel.Debug },
-                    { "OIDCH_0043:", LogLevel.Verbose },
-                    { "OIDCH_0044:", LogLevel.Verbose },
-                    { "OIDCH_0045:", LogLevel.Debug }
-            };
-
-            BuildLogEntryList();
-        }
-
-        /// <summary>
-        /// Builds the complete list of OpenIdConnect log entries that are available in the runtime.
-        /// </summary>
-        private static void BuildLogEntryList()
-        {
-            CompleteLogEntries = new List<LogEntry>();
-            foreach (var entry in LogEntries)
-            {
-                CompleteLogEntries.Add(new LogEntry { State = entry.Key, Level = entry.Value });
-            }
-        }
-
-        /// <summary>
-        /// Adds to errors if a variation if any are found.
-        /// </summary>
-        /// <param name="variation">if this has been seen before, errors will be appended, test results are easier to understand if this is unique.</param>
-        /// <param name="capturedLogs">these are the logs the runtime generated</param>
-        /// <param name="expectedLogs">these are the errors that were expected</param>
-        /// <param name="errors">the dictionary to record any errors</param>
-        public static void CheckLogs(List<LogEntry> capturedLogs, List<LogEntry> expectedLogs, List<Tuple<LogEntry, LogEntry>> errors)
-        {
-            if (capturedLogs.Count >= expectedLogs.Count)
-            {
-                for (int i = 0; i < capturedLogs.Count; i++)
-                {
-                    if (i + 1 > expectedLogs.Count)
-                    {
-                        errors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], null));
-                    }
-                    else
-                    {
-                        if (!TestUtilities.AreEqual<LogEntry>(capturedLogs[i], expectedLogs[i]))
-                        {
-                            errors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
-                        }
-                    }
-                }
-            }
-            else
-            {
-                for (int i = 0; i < expectedLogs.Count; i++)
-                {
-                    if (i + 1 > capturedLogs.Count)
-                    {
-                        errors.Add(new Tuple<LogEntry, LogEntry>(null, expectedLogs[i]));
-                    }
-                    else
-                    {
-                        if (!TestUtilities.AreEqual<LogEntry>(expectedLogs[i], capturedLogs[i]))
-                        {
-                            errors.Add(new Tuple<LogEntry, LogEntry>(capturedLogs[i], expectedLogs[i]));
-                        }
-                    }
-                }
-            }
-        }
-
-        public static string LoggingErrors(List<Tuple<LogEntry, LogEntry>> errors)
-        {
-            string loggingErrors = null;
-            if (errors.Count > 0)
-            {
-                var stringBuilder = new StringBuilder();
-                stringBuilder.AppendLine("");
-                foreach (var error in errors)
-                {
-                    stringBuilder.AppendLine("*Captured*, *Expected* : *" + (error.Item1?.ToString() ?? "null") + "*, *" + (error.Item2?.ToString() ?? "null") + "*");
-                }
-
-                loggingErrors = stringBuilder.ToString();
-            }
-
-            return loggingErrors;
-        }
-
-        /// <summary>
-        /// Populates a list of expected log entries for a test variation.
-        /// </summary>
-        /// <param name="items">the index for the <see cref="LogEntry"/> in CompleteLogEntries of interest.</param>
-        /// <returns>a <see cref="List{LogEntry}"/> that represents the expected entries for a test variation.</returns>
-        public static List<LogEntry> PopulateLogEntries(int[] items)
-        {
-            var entries = new List<LogEntry>();
-            foreach (var item in items)
-            {
-                entries.Add(CompleteLogEntries[item]);
-            }
-
-            return entries;
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 1f695d97de..b7d9608744 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -14,7 +14,6 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
@@ -30,29 +29,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private static SecurityToken specCompliantOpenIdConnect = new JwtSecurityToken("issuer", "audience", new List<Claim> { new Claim("iat", EpochTime.GetIntDate(DateTime.UtcNow).ToString()), new Claim("nonce", nonceForOpenIdConnect) }, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1));
         private const string ExpectedStateParameter = "expectedState";
 
-        /// <summary>
-        /// Sanity check that logging is filtering, hi / low water marks are checked
-        /// </summary>
-        [Fact]
-        public void LoggingLevel()
-        {
-            var logger = new InMemoryLogger(LogLevel.Debug);
-            Assert.True(logger.IsEnabled(LogLevel.Critical));
-            Assert.True(logger.IsEnabled(LogLevel.Debug));
-            Assert.True(logger.IsEnabled(LogLevel.Error));
-            Assert.True(logger.IsEnabled(LogLevel.Information));
-            Assert.True(logger.IsEnabled(LogLevel.Verbose));
-            Assert.True(logger.IsEnabled(LogLevel.Warning));
-
-            logger = new InMemoryLogger(LogLevel.Critical);
-            Assert.True(logger.IsEnabled(LogLevel.Critical));
-            Assert.False(logger.IsEnabled(LogLevel.Debug));
-            Assert.False(logger.IsEnabled(LogLevel.Error));
-            Assert.False(logger.IsEnabled(LogLevel.Information));
-            Assert.False(logger.IsEnabled(LogLevel.Verbose));
-            Assert.False(logger.IsEnabled(LogLevel.Warning));
-        }
-
         [Theory, MemberData(nameof(AuthenticateCoreStateDataSet))]
         public async Task AuthenticateCoreState(Action<OpenIdConnectOptions> action, OpenIdConnectMessage message)
         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index c39e0798d9..7d7afa56ec 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -21,7 +21,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         OpenIdConnectHandler _handler;
 
         public OpenIdConnectMiddlewareForTestingAuthenticate(
-            RequestDelegate next,            
+            RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             IUrlEncoder encoder,
@@ -34,9 +34,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options, htmlEncoder)
         {
             _handler = handler;
-            var customFactory = loggerFactory as InMemoryLoggerFactory;
-            if (customFactory != null)
-                Logger = customFactory.Logger;
         }
 
         protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler()
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
index dc138dec46..b5371965ca 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -14,97 +13,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
     {
         public const string DefaultHost = @"http://localhost";
 
-        public static bool AreEqual<T>(object obj1, object obj2, Func<object, object, bool> comparer = null) where T : class
-        {
-            if (obj1 == null && obj2 == null)
-            {
-                return true;
-            }
-
-            if (obj1 == null || obj2 == null)
-            {
-                return false;
-            }
-
-            if (obj1.GetType() != obj2.GetType())
-            {
-                return false;
-            }
-
-            if (obj1.GetType() != typeof(T))
-            {
-                return false;
-            }
-
-            if (comparer != null)
-            {
-                return comparer(obj1, obj2);
-            }
-
-            if (typeof(T) == typeof(LogEntry))
-            {
-                return AreEqual(obj1 as LogEntry, obj2 as LogEntry);
-            }
-            else if (typeof(T) == typeof(Exception))
-            {
-                return AreEqual(obj1 as Exception, obj2 as Exception);
-            }
-
-            throw new ArithmeticException("Unknown type, no comparer. Type: " + typeof(T).ToString());
-
-        }
-
-        /// <summary>
-        /// Never call this method directly, call AreObjectsEqual, as it deals with nulls and types"/>
-        /// </summary>
-        /// <param name="logEntry1"></param>
-        /// <param name="logEntry2"></param>
-        /// <returns></returns>
-        private static bool AreEqual(LogEntry logEntry1, LogEntry logEntry2)
-        {
-            if (logEntry1.EventId != logEntry2.EventId)
-            {
-                return false;
-            }
-
-            if (logEntry1.State == null && logEntry2.State == null)
-            {
-                return true;
-            }
-
-            if (logEntry1.State == null)
-            {
-                return false;
-            }
-
-            if (logEntry2.State == null)
-            {
-                return false;
-            }
-
-            string logValue1 = logEntry1.Formatter == null ? logEntry1.State.ToString() : logEntry1.Formatter(logEntry1.State, logEntry1.Exception);
-            string logValue2 = logEntry2.Formatter == null ? logEntry2.State.ToString() : logEntry2.Formatter(logEntry2.State, logEntry2.Exception);
-
-            return (logValue1.StartsWith(logValue2) || (logValue2.StartsWith(logValue1)));
-        }
-
-        /// <summary>
-        /// Never call this method directly, call AreObjectsEqual, as it deals with nulls and types"/>
-        /// </summary>
-        /// <param name="exception1"></param>
-        /// <param name="exception2"></param>
-        /// <returns></returns>
-        private static bool AreEqual(Exception exception1, Exception exception2)
-        {
-            if (!string.Equals(exception1.Message, exception2.Message))
-            {
-                return false;
-            }
-
-            return AreEqual<Exception>(exception1.InnerException, exception2.InnerException);
-        }
-
-        static public IConfigurationManager<OpenIdConnectConfiguration> DefaultOpenIdConnectConfigurationManager
+        public static IConfigurationManager<OpenIdConnectConfiguration> DefaultOpenIdConnectConfigurationManager
         {
             get
             {
@@ -112,7 +21,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             }
         }
 
-        static public OpenIdConnectConfiguration DefaultOpenIdConnectConfiguration
+        public static OpenIdConnectConfiguration DefaultOpenIdConnectConfiguration
         {
             get
             {

From f588677bb4c14b7321e9ae00e399bc10bee3594f Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 13 Oct 2015 11:50:35 -0700
Subject: [PATCH 367/900] #506 Update to Rc1 IdentityModel, update
 ValidateUserInfoEndpointResponse.

---
 samples/OpenIdConnectSample/Startup.cs        |  5 ++++-
 samples/OpenIdConnectSample/project.json      | 12 +++++------
 .../OpenIdConnectSample/wwwroot/web.config    |  9 ++++++++
 .../project.json                              |  2 +-
 .../OpenIdConnectHandler.cs                   | 21 +++++++++++++++----
 .../project.json                              |  2 +-
 6 files changed, 38 insertions(+), 13 deletions(-)
 create mode 100644 samples/OpenIdConnectSample/wwwroot/web.config

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 546d1f7640..9d14dd0b53 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -21,6 +21,8 @@ namespace OpenIdConnectSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
+            app.UseIISPlatformHandler();
+
             app.UseCookieAuthentication(options =>
             {
                 options.AutomaticAuthenticate = true;
@@ -31,8 +33,9 @@ namespace OpenIdConnectSample
                 options.ClientId = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
                 options.ClientSecret = "Yse2iP7tO1Azq0iDajNisMaTSnIDv+FXmAsFuXr+Cy8="; // for code flow
                 options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
-                options.RedirectUri = "http://localhost:42023";
+                options.RedirectUri = "http://localhost:42023/signin-oidc";
                 options.ResponseType = OpenIdConnectResponseTypes.Code;
+                options.GetClaimsFromUserInfoEndpoint = true;
             });
 
             app.Run(async context =>
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 7397fe51e6..6f27caa556 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -2,19 +2,19 @@
     "dependencies": {
         "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+        "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
+        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
+        "Microsoft.Extensions.Logging.Console": "1.0.0-*"
     },
     "frameworks": {
         "dnx451": { },
         "dnxcore50": { }
     },
     "commands": {
-        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:42023",
-        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:42023"
+        "web": "Microsoft.AspNet.Server.Kestrel",
+        "kestrel": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:42023",
+        "weblistener": "Microsoft.AspNet.Server.WebListener --server.urls http://localhost:42023"
     },
     "webroot": "wwwroot"
 }
diff --git a/samples/OpenIdConnectSample/wwwroot/web.config b/samples/OpenIdConnectSample/wwwroot/web.config
new file mode 100644
index 0000000000..9a0d90abf8
--- /dev/null
+++ b/samples/OpenIdConnectSample/wwwroot/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
+    </handlers>
+    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index c72f4bf01b..0bd5579989 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -10,7 +10,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta8-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-*"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index c6abe26eef..9997bd3cd2 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -659,8 +659,21 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var responseMessage = await Backchannel.SendAsync(requestMessage);
             responseMessage.EnsureSuccessStatusCode();
             var userInfoResponse = await responseMessage.Content.ReadAsStringAsync();
-            var userInfoEndpointJwt = new JwtSecurityToken(userInfoResponse);
-            var user = JObject.Parse(userInfoResponse);
+            JObject user;
+            var contentType = responseMessage.Content.Headers.ContentType;
+            if (contentType.MediaType.Equals("application/json", StringComparison.OrdinalIgnoreCase))
+            {
+                user = JObject.Parse(userInfoResponse);
+            }
+            else if (contentType.MediaType.Equals("application/jwt", StringComparison.OrdinalIgnoreCase))
+            {
+                var userInfoEndpointJwt = new JwtSecurityToken(userInfoResponse);
+                user = JObject.FromObject(userInfoEndpointJwt.Payload);
+            }
+            else
+            {
+                throw new NotSupportedException("Unknown response type: " + contentType.MediaType);
+            }
 
             var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
             if (userInformationReceivedContext.HandledResponse)
@@ -676,7 +689,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             Options.ProtocolValidator.ValidateUserInfoResponse(new OpenIdConnectProtocolValidationContext()
             {
-                UserInfoEndpointResponse = userInfoEndpointJwt,
+                UserInfoEndpointResponse = userInfoResponse,
                 ValidatedIdToken = jwt,
             });
 
@@ -710,7 +723,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 identity.AddClaim(new Claim(pair.Key, claimValue, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            return new AuthenticationTicket(new ClaimsPrincipal(identity), ticket.Properties, ticket.AuthenticationScheme);
+            return ticket;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 2b1b0b4ca9..062542d7e6 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -10,7 +10,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-beta8-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-*"
     },
     "frameworks": {
         "dnx451": {

From 42cba79e01872a69165ffc957ddcb7d79adf63da Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 16 Oct 2015 12:40:39 -0700
Subject: [PATCH 368/900] Enable tests for CoreCLR.

---
 .../Cookies/CookieMiddlewareTests.cs          | 10 ++----
 .../Facebook/FacebookMiddlewareTests.cs       |  6 ++--
 .../Google/GoogleMiddlewareTests.cs           |  8 ++---
 .../MicrosoftAccountMiddlewareTests.cs        |  2 +-
 .../OpenIdConnectMiddlewareTests.cs           | 34 ++++++++++++++-----
 .../TestExtensions.cs                         | 10 ++----
 .../project.json                              |  5 ++-
 .../TestExtensions.cs                         | 10 ++----
 .../project.json                              | 31 +++++++++--------
 9 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 82bb7a90fc..ff1a67d532 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -1020,14 +1020,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 xml.Add(result.Properties.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
             }
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
-                {
-                    xml.WriteTo(writer);
-                }
-                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
-            }
+            var xmlBytes = Encoding.UTF8.GetBytes(xml.ToString());
+            res.Body.Write(xmlBytes, 0, xmlBytes.Length);
         }
 
         private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index ae7e6ce652..ae212e9c2a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -176,7 +176,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                         {
                             Sender = req =>
                             {
-                                if (req.RequestUri.GetLeftPart(UriPartial.Path) == FacebookDefaults.TokenEndpoint)
+                                if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == FacebookDefaults.TokenEndpoint)
                                 {
                                     var res = new HttpResponseMessage(HttpStatusCode.OK);
                                     var tokenResponse = new Dictionary<string, string>
@@ -186,8 +186,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
                                     res.Content = new FormUrlEncodedContent(tokenResponse);
                                     return res;
                                 }
-                                if (req.RequestUri.GetLeftPart(UriPartial.Path) ==
-                                    new Uri(customUserInfoEndpoint).GetLeftPart(UriPartial.Path))
+                                if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) ==
+                                    new Uri(customUserInfoEndpoint).GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped))
                                 {
                                     finalUserInfoEndpoint = req.RequestUri.ToString();
                                     var res = new HttpResponseMessage(HttpStatusCode.OK);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 9a19a5635b..591e00cbd4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -307,7 +307,7 @@ namespace Microsoft.AspNet.Authentication.Google
                                 token_type = "Bearer"
                             });
                         }
-                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://www.googleapis.com/plus/v1/people/me")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -497,7 +497,7 @@ namespace Microsoft.AspNet.Authentication.Google
                                 refresh_token = "Test Refresh Token"
                             });
                         }
-                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://www.googleapis.com/plus/v1/people/me")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -577,7 +577,7 @@ namespace Microsoft.AspNet.Authentication.Google
                                 refresh_token = "Test Refresh Token"
                             });
                         }
-                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://www.googleapis.com/plus/v1/people/me")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -667,7 +667,7 @@ namespace Microsoft.AspNet.Authentication.Google
                                 refresh_token = "Test Refresh Token"
                             });
                         }
-                        else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://www.googleapis.com/plus/v1/people/me")
+                        else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://www.googleapis.com/plus/v1/people/me")
                         {
                             return ReturnJsonResponse(new
                             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index f30474f522..2768a18c36 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -126,7 +126,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                                     refresh_token = "Test Refresh Token"
                                 });
                             }
-                            else if (req.RequestUri.GetLeftPart(UriPartial.Path) == "https://apis.live.net/v5.0/me")
+                            else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://apis.live.net/v5.0/me")
                             {
                                 return ReturnJsonResponse(new
                                 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 0e7cf68e16..4d7e42cb1e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -19,7 +19,6 @@ using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Moq;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
@@ -151,24 +150,43 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         private static void SetProtocolMessageOptions(OpenIdConnectOptions options)
         {
-            var mockOpenIdConnectMessage = new Mock<OpenIdConnectMessage>();
-            mockOpenIdConnectMessage.Setup(m => m.CreateAuthenticationRequestUrl()).Returns(ExpectedAuthorizeRequest);
-            mockOpenIdConnectMessage.Setup(m => m.CreateLogoutRequestUrl()).Returns(ExpectedLogoutRequest);
+            var fakeOpenIdRequestMessage = new FakeOpenIdConnectMessage(ExpectedAuthorizeRequest, ExpectedLogoutRequest);
             options.AutomaticChallenge = true;
             options.Events = new OpenIdConnectEvents()
             {
                 OnRedirectToAuthenticationEndpoint = (context) =>
                 {
-                    context.ProtocolMessage = mockOpenIdConnectMessage.Object;
-                    return Task.FromResult<object>(null);
+                    context.ProtocolMessage = fakeOpenIdRequestMessage;
+                    return Task.FromResult(0);
                 },
                 OnRedirectToEndSessionEndpoint = (context) =>
                 {
-                    context.ProtocolMessage = mockOpenIdConnectMessage.Object;
-                    return Task.FromResult<object>(null);
+                    context.ProtocolMessage = fakeOpenIdRequestMessage;
+                    return Task.FromResult(0);
                 }
             };
         }
+        private class FakeOpenIdConnectMessage : OpenIdConnectMessage
+        {
+            private readonly string _authorizeRequest;
+            private readonly string _logoutRequest;
+
+            public FakeOpenIdConnectMessage(string authorizeRequest, string logoutRequest)
+            {
+                _authorizeRequest = authorizeRequest;
+                _logoutRequest = logoutRequest;
+            }
+
+            public override string CreateAuthenticationRequestUrl()
+            {
+                return _authorizeRequest;
+            }
+
+            public override string CreateLogoutRequestUrl()
+            {
+                return _logoutRequest;
+            }
+        }
 
         /// <summary>
         /// Tests for users who want to add 'state'. There are two ways to do it.
diff --git a/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs b/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs
index b406f5813f..8d3cdb7e29 100644
--- a/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs
@@ -60,14 +60,8 @@ namespace Microsoft.AspNet.Authentication
                         new XAttribute("issuer", claim.Issuer))));
                 }
             }
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
-                {
-                    xml.WriteTo(writer);
-                }
-                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
-            }
+            var xmlBytes = Encoding.UTF8.GetBytes(xml.ToString());
+            res.Body.Write(xmlBytes, 0, xmlBytes.Length);
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 7ec802b3ba..9b0c6a2375 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -13,14 +13,13 @@
     "Microsoft.AspNet.DataProtection": "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
     "Microsoft.AspNet.Testing": "1.0.0-*",
-    "Moq": "4.2.1312.1622",
     "xunit.runner.aspnet": "2.0.0-aspnet-*"
   },
   "commands": {
     "test": "xunit.runner.aspnet"
   },
   "frameworks": {
-    "dnx451": {
-    }
+    "dnx451": { },
+    "dnxcore50": { }
   }
 }
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs b/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs
index 90b01af4b2..9cd07cb362 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs
@@ -61,14 +61,8 @@ namespace Microsoft.AspNet.CookiePolicy
                         new XAttribute("issuer", claim.Issuer))));
                 }
             }
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
-                {
-                    xml.WriteTo(writer);
-                }
-                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
-            }
+            var xmlBytes = Encoding.UTF8.GetBytes(xml.ToString());
+            res.Body.Write(xmlBytes, 0, xmlBytes.Length);
         }
     }
 }
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/project.json b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
index 6303a9f6ac..509e749160 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
@@ -1,17 +1,18 @@
 {
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.CookiePolicy": "1.0.0-*",
-        "Microsoft.AspNet.TestHost": "1.0.0-*",
-        "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
-        "xunit.runner.aspnet": "2.0.0-aspnet-*"
-    },
-    "commands": {
-        "test": "xunit.runner.aspnet"
-    },
-    "frameworks": {
-        "dnx451": { }
-    }
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.CookiePolicy": "1.0.0-*",
+    "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
+    "xunit.runner.aspnet": "2.0.0-aspnet-*"
+  },
+  "commands": {
+    "test": "xunit.runner.aspnet"
+  },
+  "frameworks": {
+    "dnx451": { },
+    "dnxcore50": { }
+  }
 }

From c14119b612151d0d528b8cdb2bfaa2f11f55ef40 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 16 Oct 2015 16:01:54 -0700
Subject: [PATCH 369/900] #263 Consume ITlsTokenBindingFeature in
 CookieAuthMiddleware.

---
 .../CookieAuthenticationHandler.cs            | 13 ++-
 .../DataHandler/ISecureDataFormat.cs          |  2 +
 .../DataHandler/SecureDataFormat.cs           | 40 +++++++---
 .../DataHandler/SecureDataFormatTests.cs      | 80 +++++++++++++++++++
 ...uthenticationPropertiesFormaterKeyValue.cs | 11 ++-
 5 files changed, 131 insertions(+), 15 deletions(-)
 create mode 100644 test/Microsoft.AspNet.Authentication.Test/DataHandler/SecureDataFormatTests.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index f135c3f01f..4f61ca5822 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -8,6 +8,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
@@ -45,7 +46,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return null;
             }
 
-            var ticket = Options.TicketDataFormat.Unprotect(cookie);
+            var ticket = Options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding());
             if (ticket == null)
             {
                 Logger.LogWarning(@"Unprotect ticket failed");
@@ -175,7 +176,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
                 }
 
-                var cookieValue = Options.TicketDataFormat.Protect(ticket);
+                var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
 
                 var cookieOptions = BuildCookieOptions();
                 if (ticket.Properties.IsPersistent && _renewExpiresUtc.HasValue)
@@ -244,7 +245,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         Options.ClaimsIssuer));
                 ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
             }
-            var cookieValue = Options.TicketDataFormat.Protect(ticket);
+            var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
 
             Options.CookieManager.AppendResponseCookie(
                 Context,
@@ -357,5 +358,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return true;
 
         }
+
+        private string GetTlsTokenBinding()
+        {
+            var binding = Context.Features.Get<ITlsTokenBindingFeature>()?.GetProvidedTokenBindingId();
+            return binding == null ? null : Convert.ToBase64String(binding);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
index cd31bd2a32..c44729e125 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
@@ -6,6 +6,8 @@ namespace Microsoft.AspNet.Authentication
     public interface ISecureDataFormat<TData>
     {
         string Protect(TData data);
+        string Protect(TData data, string purpose);
         TData Unprotect(string protectedText);
+        TData Unprotect(string protectedText, string purpose);
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
index 3ede386433..339d3ed221 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
@@ -1,8 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.DataProtection;
 
 namespace Microsoft.AspNet.Authentication
@@ -20,14 +18,29 @@ namespace Microsoft.AspNet.Authentication
 
         public string Protect(TData data)
         {
-            byte[] userData = _serializer.Serialize(data);
-            byte[] protectedData = _protector.Protect(userData);
-            string protectedText = Base64UrlTextEncoder.Encode(protectedData);
-            return protectedText;
+            return Protect(data, purpose: null);
+        }
+
+        public string Protect(TData data, string purpose)
+        {
+            var userData = _serializer.Serialize(data);
+
+            var protector = _protector;
+            if (!string.IsNullOrEmpty(purpose))
+            {
+                protector = protector.CreateProtector(purpose);
+            }
+
+            var protectedData = protector.Protect(userData);
+            return Base64UrlTextEncoder.Encode(protectedData);
         }
 
-        [SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Exception will be traced")]
         public TData Unprotect(string protectedText)
+        {
+            return Unprotect(protectedText, purpose: null);
+        }
+
+        public TData Unprotect(string protectedText, string purpose)
         {
             try
             {
@@ -36,20 +49,25 @@ namespace Microsoft.AspNet.Authentication
                     return default(TData);
                 }
 
-                byte[] protectedData = Base64UrlTextEncoder.Decode(protectedText);
+                var protectedData = Base64UrlTextEncoder.Decode(protectedText);
                 if (protectedData == null)
                 {
                     return default(TData);
                 }
 
-                byte[] userData = _protector.Unprotect(protectedData);
+                var protector = _protector;
+                if (!string.IsNullOrEmpty(purpose))
+                {
+                    protector = protector.CreateProtector(purpose);
+                }
+
+                var userData = protector.Unprotect(protectedData);
                 if (userData == null)
                 {
                     return default(TData);
                 }
 
-                TData model = _serializer.Deserialize(userData);
-                return model;
+                return _serializer.Deserialize(userData);
             }
             catch
             {
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/SecureDataFormatTests.cs b/test/Microsoft.AspNet.Authentication.Test/DataHandler/SecureDataFormatTests.cs
new file mode 100644
index 0000000000..2cfdd4e793
--- /dev/null
+++ b/test/Microsoft.AspNet.Authentication.Test/DataHandler/SecureDataFormatTests.cs
@@ -0,0 +1,80 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Text;
+using Microsoft.AspNet.DataProtection;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNet.Authentication.DataHandler
+{
+    public class SecureDataFormatTests
+    {
+        public SecureDataFormatTests()
+        {
+            var serviceCollection = new ServiceCollection();
+            serviceCollection.AddDataProtection();
+            ServiceProvider = serviceCollection.BuildServiceProvider();
+        }
+
+        public IServiceProvider ServiceProvider { get; }
+
+        [Fact]
+        public void ProtectDataRoundTrips()
+        {
+            var provider = ServiceProvider.GetRequiredService<IDataProtectionProvider>();
+            var prototector = provider.CreateProtector("test");
+            var secureDataFormat = new SecureDataFormat<string>(new StringSerializer(), prototector);
+
+            string input = "abcdefghijklmnopqrstuvwxyz0123456789";
+            var protectedData = secureDataFormat.Protect(input);
+            var result = secureDataFormat.Unprotect(protectedData);
+            Assert.Equal(input, result);
+        }
+
+        [Fact]
+        public void ProtectWithPurposeRoundTrips()
+        {
+            var provider = ServiceProvider.GetRequiredService<IDataProtectionProvider>();
+            var prototector = provider.CreateProtector("test");
+            var secureDataFormat = new SecureDataFormat<string>(new StringSerializer(), prototector);
+
+            string input = "abcdefghijklmnopqrstuvwxyz0123456789";
+            string purpose = "purpose1";
+            var protectedData = secureDataFormat.Protect(input, purpose);
+            var result = secureDataFormat.Unprotect(protectedData, purpose);
+            Assert.Equal(input, result);
+        }
+
+        [Fact]
+        public void UnprotectWithDifferentPurposeFails()
+        {
+            var provider = ServiceProvider.GetRequiredService<IDataProtectionProvider>();
+            var prototector = provider.CreateProtector("test");
+            var secureDataFormat = new SecureDataFormat<string>(new StringSerializer(), prototector);
+
+            string input = "abcdefghijklmnopqrstuvwxyz0123456789";
+            string purpose = "purpose1";
+            var protectedData = secureDataFormat.Protect(input, purpose);
+            var result = secureDataFormat.Unprotect(protectedData); // Null other purpose
+            Assert.Null(result);
+
+            result = secureDataFormat.Unprotect(protectedData, "purpose2");
+            Assert.Null(result);
+        }
+
+        private class StringSerializer : IDataSerializer<string>
+        {
+            public byte[] Serialize(string model)
+            {
+                return Encoding.UTF8.GetBytes(model);
+            }
+
+            public string Deserialize(byte[] data)
+            {
+                return Encoding.UTF8.GetString(data);
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
index 66fab419fd..74b36d9cbe 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
@@ -31,8 +31,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             return sb.ToString();
         }
+        public string Protect(AuthenticationProperties data, string purpose)
+        {
+            return Protect(data);
+        }
 
-        AuthenticationProperties ISecureDataFormat<AuthenticationProperties>.Unprotect(string protectedText)
+        public AuthenticationProperties Unprotect(string protectedText)
         {
             if (string.IsNullOrEmpty(protectedText))
             {
@@ -58,5 +62,10 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             return propeties;
         }
+
+        public AuthenticationProperties Unprotect(string protectedText, string purpose)
+        {
+            return Unprotect(protectedText);
+        }
     }
 }

From 121e6891e71801ed54da8637aa79fb86c1d0c384 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <elipton@microsoft.com>
Date: Sat, 17 Oct 2015 16:50:16 -0700
Subject: [PATCH 370/900] Remove log codes from exception/log messages; don't
 localize logs

https://github.com/aspnet/Security/issues/414 and
https://github.com/aspnet/Security/issues/418

Also started putting in event ids for logs.
---
 .../OpenIdConnectHandler.cs                   | 104 +--
 .../Properties/Resources.Designer.cs          | 600 ++----------------
 .../Resources.resx                            | 123 +---
 3 files changed, 100 insertions(+), 727 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9997bd3cd2..f1e82cf89c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -107,12 +107,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Events.RedirectToEndSessionEndpoint(redirectContext);
                 if (redirectContext.HandledResponse)
                 {
-                    Logger.LogVerbose("RedirectToEndSessionEndpoint.HandledResponse");
+                    Logger.LogVerbose(1, "RedirectToEndSessionEndpoint.HandledResponse");
                     return;
                 }
                 else if (redirectContext.Skipped)
                 {
-                    Logger.LogVerbose("RedirectToEndSessionEndpoint.Skipped");
+                    Logger.LogVerbose(2, "RedirectToEndSessionEndpoint.Skipped");
                     return;
                 }
 
@@ -123,7 +123,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     var redirectUri = message.CreateLogoutRequestUrl();
                     if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                     {
-                        Logger.LogWarning(Resources.OIDCH_0051_RedirectUriLogoutIsNotWellFormed, redirectUri);
+                        Logger.LogWarning(3, "The query string for Logout is not a well-formed URI. Redirect URI: '{0}'.", redirectUri);
                     }
 
                     Response.Redirect(redirectUri);
@@ -170,7 +170,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(context));
             }
 
-            Logger.LogDebug(Resources.OIDCH_0026_ApplyResponseChallengeAsync, this.GetType());
+            Logger.LogDebug(4, "Entering {0}." + nameof(HandleUnauthorizedAsync), GetType());
 
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
@@ -181,7 +181,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 properties.RedirectUri = CurrentUri;
             }
-            Logger.LogDebug(Resources.OIDCH_0030_Using_Properties_RedirectUri, properties.RedirectUri);
+            Logger.LogDebug(5, "Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.", properties.RedirectUri);
 
             if (_configuration == null && Options.ConfigurationManager != null)
             {
@@ -223,12 +223,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.RedirectToAuthenticationEndpoint(redirectContext);
             if (redirectContext.HandledResponse)
             {
-                Logger.LogVerbose("RedirectToAuthenticationEndpoint.HandledResponse");
+                Logger.LogVerbose(6, "RedirectToAuthenticationEndpoint.HandledResponse");
                 return true;
             }
             else if (redirectContext.Skipped)
             {
-                Logger.LogVerbose("RedirectToAuthenticationEndpoint.Skipped");
+                Logger.LogVerbose(7, "RedirectToAuthenticationEndpoint.Skipped");
                 return false;
             }
 
@@ -242,7 +242,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var redirectUriForCode = message.RedirectUri;
             if (string.IsNullOrEmpty(redirectUriForCode))
             {
-                Logger.LogDebug(Resources.OIDCH_0031_Using_Options_RedirectUri, Options.RedirectUri);
+                Logger.LogDebug(8, "Using Options.RedirectUri for 'redirect_uri': '{0}'.", Options.RedirectUri);
                 redirectUriForCode = Options.RedirectUri;
             }
 
@@ -259,7 +259,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var redirectUri = message.CreateAuthenticationRequestUrl();
                 if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                 {
-                    Logger.LogWarning(Resources.OIDCH_0036_UriIsNotWellFormed, redirectUri);
+                    Logger.LogWarning(9, "The redirect URI is not well-formed. The URI is: '{0}'.", redirectUri);
                 }
 
                 Response.Redirect(redirectUri);
@@ -304,7 +304,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
         protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
-            Logger.LogDebug(Resources.OIDCH_0000_AuthenticateCoreAsync, this.GetType());
+            Logger.LogDebug(10, "Entering: {0}." + nameof(HandleRemoteAuthenticateAsync), GetType());
 
             OpenIdConnectMessage message = null;
 
@@ -354,24 +354,24 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 if (string.IsNullOrEmpty(message.State))
                 {
                     // This wasn't a valid ODIC message, it may not have been intended for us.
-                    Logger.LogVerbose(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
-                    return AuthenticateResult.Failed(Resources.OIDCH_0004_MessageStateIsNullOrEmpty);
+                    Logger.LogVerbose(11, "message.State is null or empty.");
+                    return AuthenticateResult.Failed(Resources.MessageStateIsNullOrEmpty);
                 }
 
                 // if state exists and we failed to 'unprotect' this is not a message we should process.
                 var properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(message.State));
                 if (properties == null)
                 {
-                    Logger.LogError(Resources.OIDCH_0005_MessageStateIsInvalid);
-                    return AuthenticateResult.Failed(Resources.OIDCH_0005_MessageStateIsInvalid);
+                    Logger.LogError(12, "Unable to unprotect the message.State.");
+                    return AuthenticateResult.Failed(Resources.MessageStateIsInvalid);
                 }
 
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(message.Error))
                 {
                     // REVIEW: this error formatting is pretty nuts
-                    Logger.LogError(Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
-                    return AuthenticateResult.Failed(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0006_MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null")));
+                    Logger.LogError(13, "Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.", message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
+                    return AuthenticateResult.Failed(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null")));
                 }
 
                 string userstate = null;
@@ -385,11 +385,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
-                    Logger.LogVerbose(Resources.OIDCH_0007_UpdatingConfiguration);
+                    Logger.LogVerbose(14, "Updating configuration");
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                Logger.LogDebug("Authorization response received.");
+                Logger.LogDebug(15, "Authorization response received.");
                 var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options)
                 {
                     ProtocolMessage = message,
@@ -398,12 +398,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
                 if (authorizationResponseReceivedContext.HandledResponse)
                 {
-                    Logger.LogVerbose("AuthorizationResponseReceived.HandledResponse");
+                    Logger.LogVerbose(16, "AuthorizationResponseReceived.HandledResponse");
                     return AuthenticateResult.Success(authorizationResponseReceivedContext.AuthenticationTicket);
                 }
                 else if (authorizationResponseReceivedContext.Skipped)
                 {
-                    Logger.LogVerbose("AuthorizationResponseReceived.Skipped");
+                    Logger.LogVerbose(17, "AuthorizationResponseReceived.Skipped");
                     return AuthenticateResult.Success(ticket: null);
                 }
                 message = authorizationResponseReceivedContext.ProtocolMessage;
@@ -419,20 +419,20 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
                 else
                 {
-                    Logger.LogDebug(Resources.OIDCH_0045_Id_Token_Code_Missing);
-                    return AuthenticateResult.Failed(Resources.OIDCH_0045_Id_Token_Code_Missing);
+                    Logger.LogDebug(18, "Cannot process the message. Both id_token and code are missing.");
+                    return AuthenticateResult.Failed(Resources.IdTokenCodeMissing);
                 }
             }
             catch (Exception exception)
             {
-                Logger.LogError(Resources.OIDCH_0017_ExceptionOccurredWhileProcessingMessage, exception);
+                Logger.LogError(19, "Exception occurred while processing message.", exception);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
                 if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
                     if (Options.ConfigurationManager != null)
                     {
-                        Logger.LogVerbose(Resources.OIDCH_0021_AutomaticConfigurationRefresh);
+                        Logger.LogVerbose(20, "exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.");
                         Options.ConfigurationManager.RequestRefresh();
                     }
                 }
@@ -476,7 +476,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var code = authorizationCodeReceivedContext.Code;
 
             // Redeeming authorization code for tokens
-            Logger.LogDebug(Resources.OIDCH_0038_Redeeming_Auth_Code, code);
+            Logger.LogDebug(21, "Id Token is null. Redeeming code '{0}' for tokens.", code);
 
             var tokenEndpointResponse = await RedeemAuthorizationCodeAsync(code, authorizationCodeReceivedContext.RedirectUri);
 
@@ -532,7 +532,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
-                Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint);
+                Logger.LogDebug(22, "Sending request to user info endpoint for retrieving claims.");
                 ticket = await GetUserInformationAsync(tokenEndpointResponse.ProtocolMessage, jwt, ticket);
             }
 
@@ -542,7 +542,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         // Implicit Flow or Hybrid Flow
         private async Task<AuthenticateResult> HandleIdTokenFlows(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
-            Logger.LogDebug(Resources.OIDCH_0020_IdTokenReceived, message.IdToken);
+            Logger.LogDebug(23, "'id_token' received: '{0}'", message.IdToken);
 
             JwtSecurityToken jwt = null;
             var validationParameters = Options.TokenValidationParameters.Clone();
@@ -650,7 +650,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (string.IsNullOrEmpty(userInfoEndpoint))
             {
-                Logger.LogWarning(Resources.OIDCH_0046_UserInfo_Endpoint_Not_Set);
+                Logger.LogWarning(24, nameof(_configuration.UserInfoEndpoint) + " is not set. Request to retrieve claims cannot be completed.");
                 return ticket;
             }
 
@@ -826,7 +826,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     }
                     catch (Exception ex)
                     {
-                        Logger.LogWarning("Failed to un-protect the nonce cookie.", ex);
+                        Logger.LogWarning(25, "Failed to un-protect the nonce cookie.", ex);
                     }
                 }
             }
@@ -873,7 +873,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 correlationKey,
                 out correlationId))
             {
-                Logger.LogWarning("{0} state property not found.", correlationKey);
+                Logger.LogWarning(26, "{0} state property not found.", correlationKey);
                 return false;
             }
 
@@ -884,7 +884,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var correlationCookie = Request.Cookies[cookieName];
             if (string.IsNullOrEmpty(correlationCookie))
             {
-                Logger.LogWarning("{0} cookie not found.", cookieName);
+                Logger.LogWarning(27, "{0} cookie not found.", cookieName);
                 return false;
             }
 
@@ -897,7 +897,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (!string.Equals(correlationCookie, NonceProperty, StringComparison.Ordinal))
             {
-                Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
+                Logger.LogWarning(28, "{0} correlation cookie and state property mismatch.", correlationKey);
                 return false;
             }
 
@@ -936,7 +936,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message)
         {
-            Logger.LogDebug(Resources.OIDCH_0001_MessageReceived, message.BuildRedirectUrl());
+            Logger.LogDebug(29, "MessageReceived: '{0}'", message.BuildRedirectUrl());
             var messageReceivedContext = new MessageReceivedContext(Context, Options)
             {
                 ProtocolMessage = message
@@ -945,11 +945,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.MessageReceived(messageReceivedContext);
             if (messageReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0002_MessageReceivedContextHandledResponse);
+                Logger.LogVerbose(30, "MessageReceivedContext.HandledResponse");
             }
             else if (messageReceivedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0003_MessageReceivedContextSkipped);
+                Logger.LogVerbose(31, "MessageReceivedContext.Skipped");
             }
 
             return messageReceivedContext;
@@ -960,7 +960,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var redirectUri = properties.Items.ContainsKey(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey) ?
                 properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey] : Options.RedirectUri;
 
-            Logger.LogDebug(Resources.OIDCH_0014_AuthorizationCodeReceived, message.Code);
+            Logger.LogDebug(32, "AuthorizationCode received: '{0}'", message.Code);
 
             var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options)
             {
@@ -974,11 +974,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse);
+                Logger.LogVerbose(33, "AuthorizationCodeReceivedContext.HandledResponse");
             }
             else if (authorizationCodeReceivedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0016_AuthorizationCodeReceivedContextSkipped);
+                Logger.LogVerbose(34, "AuthorizationCodeReceivedContext.Skipped");
             }
 
             return authorizationCodeReceivedContext;
@@ -986,7 +986,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
         {
-            Logger.LogDebug("Token response received.");
+            Logger.LogDebug(35, "Token response received.");
             var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options)
             {
                 ProtocolMessage = message,
@@ -996,11 +996,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.TokenResponseReceived(tokenResponseReceivedContext);
             if (tokenResponseReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse);
+                Logger.LogVerbose(36, "AuthorizationCodeRedeemedContext.HandledResponse");
             }
             else if (tokenResponseReceivedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0044_AuthorizationCodeRedeemedContextSkipped);
+                Logger.LogVerbose(37, "AuthorizationCodeRedeemedContext.Skipped");
             }
             return tokenResponseReceivedContext;
         }
@@ -1017,11 +1017,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.AuthenticationValidated(authenticationValidatedContext);
             if (authenticationValidatedContext.HandledResponse)
             {
-                Logger.LogVerbose("AuthenticationValidated.HandledResponse");
+                Logger.LogVerbose(38, "AuthenticationValidated.HandledResponse");
             }
             else if (authenticationValidatedContext.Skipped)
             {
-                Logger.LogVerbose("AuthenticationValidated.Skipped");
+                Logger.LogVerbose(39, "AuthenticationValidated.Skipped");
             }
 
             return authenticationValidatedContext;
@@ -1029,7 +1029,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<UserInformationReceivedContext> RunUserInformationReceivedEventAsync(AuthenticationTicket ticket, OpenIdConnectMessage message, JObject user)
         {
-            Logger.LogDebug("User information received:" + user.ToString());
+            Logger.LogDebug(40, "User information received: {0}", user.ToString());
 
             var userInformationReceivedContext = new UserInformationReceivedContext(Context, Options)
             {
@@ -1041,11 +1041,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.UserInformationReceived(userInformationReceivedContext);
             if (userInformationReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose("The UserInformationReceived event returned Handled.");
+                Logger.LogVerbose(41, "The UserInformationReceived event returned Handled.");
             }
             else if (userInformationReceivedContext.Skipped)
             {
-                Logger.LogVerbose("The UserInformationReceived event returned Skipped.");
+                Logger.LogVerbose(42, "The UserInformationReceived event returned Skipped.");
             }
 
             return userInformationReceivedContext;
@@ -1062,11 +1062,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.AuthenticationFailed(authenticationFailedContext);
             if (authenticationFailedContext.HandledResponse)
             {
-                Logger.LogVerbose(Resources.OIDCH_0018_AuthenticationFailedContextHandledResponse);
+                Logger.LogVerbose(43, "AuthenticationFailedContext.HandledResponse");
             }
             else if (authenticationFailedContext.Skipped)
             {
-                Logger.LogVerbose(Resources.OIDCH_0019_AuthenticationFailedContextSkipped);
+                Logger.LogVerbose(44, "AuthenticationFailedContext.Skipped");
             }
 
             return authenticationFailedContext;
@@ -1099,15 +1099,15 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 jwt = validatedToken as JwtSecurityToken;
                 if (jwt == null)
                 {
-                    Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType());
-                    throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
+                    Logger.LogError(45, "The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'", validatedToken?.GetType());
+                    throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
                 }
             }
 
             if (validatedToken == null)
             {
-                Logger.LogError(Resources.OIDCH_0011_UnableToValidateToken, idToken);
-                throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0011_UnableToValidateToken, idToken));
+                Logger.LogError(46, "Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'.", idToken);
+                throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
             }
 
             ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
index f034114845..64b345f959 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
@@ -11,627 +11,99 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             = new ResourceManager("Microsoft.AspNet.Authentication.OpenIdConnect.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
-        /// OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.
+        /// OpenIdConnectAuthenticationHandler: message.State is null or empty.
         /// </summary>
-        internal static string OIDCH_0101_BackChallnelLessThanZero
+        internal static string MessageStateIsNullOrEmpty
         {
-            get { return GetString("OIDCH_0101_BackChallnelLessThanZero"); }
+            get { return GetString("MessageStateIsNullOrEmpty"); }
         }
 
         /// <summary>
-        /// OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.
+        /// OpenIdConnectAuthenticationHandler: message.State is null or empty.
         /// </summary>
-        internal static string FormatOIDCH_0101_BackChallnelLessThanZero()
+        internal static string FormatMessageStateIsNullOrEmpty()
         {
-            return GetString("OIDCH_0101_BackChallnelLessThanZero");
+            return GetString("MessageStateIsNullOrEmpty");
         }
 
         /// <summary>
-        /// OIDCH_0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// Unable to unprotect the message.State.
         /// </summary>
-        internal static string OIDCH_0102_Exception_ValidatorHandlerMismatch
+        internal static string MessageStateIsInvalid
         {
-            get { return GetString("OIDCH_0102_Exception_ValidatorHandlerMismatch"); }
+            get { return GetString("MessageStateIsInvalid"); }
         }
 
         /// <summary>
-        /// OIDCH_0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// Unable to unprotect the message.State.
         /// </summary>
-        internal static string FormatOIDCH_0102_Exception_ValidatorHandlerMismatch()
+        internal static string FormatMessageStateIsInvalid()
         {
-            return GetString("OIDCH_0102_Exception_ValidatorHandlerMismatch");
+            return GetString("MessageStateIsInvalid");
         }
 
         /// <summary>
-        /// OIDC_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.
+        /// Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
         /// </summary>
-        internal static string OIDCH_0051_RedirectUriLogoutIsNotWellFormed
+        internal static string MessageContainsError
         {
-            get { return GetString("OIDCH_0051_RedirectUriLogoutIsNotWellFormed"); }
+            get { return GetString("MessageContainsError"); }
         }
 
         /// <summary>
-        /// OIDC_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.
+        /// Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
         /// </summary>
-        internal static string FormatOIDCH_0051_RedirectUriLogoutIsNotWellFormed(object p0)
+        internal static string FormatMessageContainsError(object p0, object p1, object p2)
         {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0051_RedirectUriLogoutIsNotWellFormed"), p0);
+            return string.Format(CultureInfo.CurrentCulture, GetString("MessageContainsError"), p0, p1, p2);
         }
 
         /// <summary>
-        /// OIDCH_0026: Entering: '{0}'
+        /// The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'.
         /// </summary>
-        internal static string OIDCH_0026_ApplyResponseChallengeAsync
+        internal static string ValidatedSecurityTokenNotJwt
         {
-            get { return GetString("OIDCH_0026_ApplyResponseChallengeAsync"); }
+            get { return GetString("ValidatedSecurityTokenNotJwt"); }
         }
 
         /// <summary>
-        /// OIDCH_0026: Entering: '{0}'
+        /// The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'.
         /// </summary>
-        internal static string FormatOIDCH_0026_ApplyResponseChallengeAsync(object p0)
+        internal static string FormatValidatedSecurityTokenNotJwt(object p0)
         {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0026_ApplyResponseChallengeAsync"), p0);
+            return string.Format(CultureInfo.CurrentCulture, GetString("ValidatedSecurityTokenNotJwt"), p0);
         }
 
         /// <summary>
-        /// OIDCH_0027: Converted 401 to 403.
+        /// Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
         /// </summary>
-        internal static string OIDCH_0027_401_ConvertedTo_403
+        internal static string UnableToValidateToken
         {
-            get { return GetString("OIDCH_0027_401_ConvertedTo_403"); }
+            get { return GetString("UnableToValidateToken"); }
         }
 
         /// <summary>
-        /// OIDCH_0027: Converted 401 to 403.
+        /// Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
         /// </summary>
-        internal static string FormatOIDCH_0027_401_ConvertedTo_403()
+        internal static string FormatUnableToValidateToken(object p0)
         {
-            return GetString("OIDCH_0027_401_ConvertedTo_403");
+            return string.Format(CultureInfo.CurrentCulture, GetString("UnableToValidateToken"), p0);
         }
 
         /// <summary>
-        /// OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.
+        /// Cannot process the message. Both id_token and code are missing.
         /// </summary>
-        internal static string OIDCH_0028_StatusCodeNot401
+        internal static string IdTokenCodeMissing
         {
-            get { return GetString("OIDCH_0028_StatusCodeNot401"); }
+            get { return GetString("IdTokenCodeMissing"); }
         }
 
         /// <summary>
-        /// OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.
+        /// Cannot process the message. Both id_token and code are missing.
         /// </summary>
-        internal static string FormatOIDCH_0028_StatusCodeNot401(object p0)
+        internal static string FormatIdTokenCodeMissing()
         {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0028_StatusCodeNot401"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthenticate
-        /// </summary>
-        internal static string OIDCH_0029_ChallengContextEqualsNull
-        {
-            get { return GetString("OIDCH_0029_ChallengContextEqualsNull"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthenticate
-        /// </summary>
-        internal static string FormatOIDCH_0029_ChallengContextEqualsNull()
-        {
-            return GetString("OIDCH_0029_ChallengContextEqualsNull");
-        }
-
-        /// <summary>
-        /// OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0030_Using_Properties_RedirectUri
-        {
-            get { return GetString("OIDCH_0030_Using_Properties_RedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0030_Using_Properties_RedirectUri(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0030_Using_Properties_RedirectUri"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.
-        /// </summary>
-        internal static string OIDCH_0031_Using_Options_RedirectUri
-        {
-            get { return GetString("OIDCH_0031_Using_Options_RedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0031_Using_Options_RedirectUri(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0031_Using_Options_RedirectUri"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0032_UsingCurrentUriRedirectUri
-        {
-            get { return GetString("OIDCH_0032_UsingCurrentUriRedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0032_UsingCurrentUriRedirectUri(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0032_UsingCurrentUriRedirectUri"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0033_NonceAlreadyExists
-        {
-            get { return GetString("OIDCH_0033_NonceAlreadyExists"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0033_NonceAlreadyExists(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0033_NonceAlreadyExists"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0036_UriIsNotWellFormed
-        {
-            get { return GetString("OIDCH_0036_UriIsNotWellFormed"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0036_UriIsNotWellFormed(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0036_UriIsNotWellFormed"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0037: RedirectUri is: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0037_RedirectUri
-        {
-            get { return GetString("OIDCH_0037_RedirectUri"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0037: RedirectUri is: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0037_RedirectUri(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0037_RedirectUri"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.
-        /// </summary>
-        internal static string OIDCH_0038_Redeeming_Auth_Code
-        {
-            get { return GetString("OIDCH_0038_Redeeming_Auth_Code"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.
-        /// </summary>
-        internal static string FormatOIDCH_0038_Redeeming_Auth_Code(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0038_Redeeming_Auth_Code"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.
-        /// </summary>
-        internal static string OIDCH_0039_Subject_Claim_Mismatch
-        {
-            get { return GetString("OIDCH_0039_Subject_Claim_Mismatch"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.
-        /// </summary>
-        internal static string FormatOIDCH_0039_Subject_Claim_Mismatch()
-        {
-            return GetString("OIDCH_0039_Subject_Claim_Mismatch");
-        }
-
-        /// <summary>
-        /// OIDCH_0040: Sending request to user info endpoint for retrieving claims.
-        /// </summary>
-        internal static string OIDCH_0040_Sending_Request_UIEndpoint
-        {
-            get { return GetString("OIDCH_0040_Sending_Request_UIEndpoint"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0040: Sending request to user info endpoint for retrieving claims.
-        /// </summary>
-        internal static string FormatOIDCH_0040_Sending_Request_UIEndpoint()
-        {
-            return GetString("OIDCH_0040_Sending_Request_UIEndpoint");
-        }
-
-        /// <summary>
-        /// OIDCH_0000: Entering: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0000_AuthenticateCoreAsync
-        {
-            get { return GetString("OIDCH_0000_AuthenticateCoreAsync"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0000: Entering: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0000_AuthenticateCoreAsync(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0000_AuthenticateCoreAsync"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0001: MessageReceived: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0001_MessageReceived
-        {
-            get { return GetString("OIDCH_0001_MessageReceived"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0001: MessageReceived: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0001_MessageReceived(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0001_MessageReceived"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0002: MessageReceivedContext.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0002_MessageReceivedContextHandledResponse
-        {
-            get { return GetString("OIDCH_0002_MessageReceivedContextHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0002: MessageReceivedContext.HandledResponse
-        /// </summary>
-        internal static string FormatOIDCH_0002_MessageReceivedContextHandledResponse()
-        {
-            return GetString("OIDCH_0002_MessageReceivedContextHandledResponse");
-        }
-
-        /// <summary>
-        /// OIDCH_0003: MessageReceivedContext.Skipped
-        /// </summary>
-        internal static string OIDCH_0003_MessageReceivedContextSkipped
-        {
-            get { return GetString("OIDCH_0003_MessageReceivedContextSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0003: MessageReceivedContext.Skipped
-        /// </summary>
-        internal static string FormatOIDCH_0003_MessageReceivedContextSkipped()
-        {
-            return GetString("OIDCH_0003_MessageReceivedContextSkipped");
-        }
-
-        /// <summary>
-        /// OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.
-        /// </summary>
-        internal static string OIDCH_0004_MessageStateIsNullOrEmpty
-        {
-            get { return GetString("OIDCH_0004_MessageStateIsNullOrEmpty"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.
-        /// </summary>
-        internal static string FormatOIDCH_0004_MessageStateIsNullOrEmpty()
-        {
-            return GetString("OIDCH_0004_MessageStateIsNullOrEmpty");
-        }
-
-        /// <summary>
-        /// OIDCH_0005: Unable to unprotect the message.State.
-        /// </summary>
-        internal static string OIDCH_0005_MessageStateIsInvalid
-        {
-            get { return GetString("OIDCH_0005_MessageStateIsInvalid"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0005: Unable to unprotect the message.State.
-        /// </summary>
-        internal static string FormatOIDCH_0005_MessageStateIsInvalid()
-        {
-            return GetString("OIDCH_0005_MessageStateIsInvalid");
-        }
-
-        /// <summary>
-        /// OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
-        /// </summary>
-        internal static string OIDCH_0006_MessageContainsError
-        {
-            get { return GetString("OIDCH_0006_MessageContainsError"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
-        /// </summary>
-        internal static string FormatOIDCH_0006_MessageContainsError(object p0, object p1, object p2)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0006_MessageContainsError"), p0, p1, p2);
-        }
-
-        /// <summary>
-        /// OIDCH_0007: Updating configuration
-        /// </summary>
-        internal static string OIDCH_0007_UpdatingConfiguration
-        {
-            get { return GetString("OIDCH_0007_UpdatingConfiguration"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0007: Updating configuration
-        /// </summary>
-        internal static string FormatOIDCH_0007_UpdatingConfiguration()
-        {
-            return GetString("OIDCH_0007_UpdatingConfiguration");
-        }
-
-        /// <summary>
-        /// OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0010_ValidatedSecurityTokenNotJwt
-        {
-            get { return GetString("OIDCH_0010_ValidatedSecurityTokenNotJwt"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0010_ValidatedSecurityTokenNotJwt(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0010_ValidatedSecurityTokenNotJwt"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
-        /// </summary>
-        internal static string OIDCH_0011_UnableToValidateToken
-        {
-            get { return GetString("OIDCH_0011_UnableToValidateToken"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
-        /// </summary>
-        internal static string FormatOIDCH_0011_UnableToValidateToken(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0011_UnableToValidateToken"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0014: AuthorizationCode received: '{0}'.
-        /// </summary>
-        internal static string OIDCH_0014_AuthorizationCodeReceived
-        {
-            get { return GetString("OIDCH_0014_AuthorizationCodeReceived"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0014: AuthorizationCode received: '{0}'.
-        /// </summary>
-        internal static string FormatOIDCH_0014_AuthorizationCodeReceived(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0014_AuthorizationCodeReceived"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0015: AuthorizationCodeReceivedContext.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse
-        {
-            get { return GetString("OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0015: AuthorizationCodeReceivedContext.HandledResponse
-        /// </summary>
-        internal static string FormatOIDCH_0015_AuthorizationCodeReceivedContextHandledResponse()
-        {
-            return GetString("OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse");
-        }
-
-        /// <summary>
-        /// OIDCH_0016: AuthorizationCodeReceivedContext.Skipped
-        /// </summary>
-        internal static string OIDCH_0016_AuthorizationCodeReceivedContextSkipped
-        {
-            get { return GetString("OIDCH_0016_AuthorizationCodeReceivedContextSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0016: AuthorizationCodeReceivedContext.Skipped
-        /// </summary>
-        internal static string FormatOIDCH_0016_AuthorizationCodeReceivedContextSkipped()
-        {
-            return GetString("OIDCH_0016_AuthorizationCodeReceivedContextSkipped");
-        }
-
-        /// <summary>
-        /// OIDCH_0017: Exception occurred while processing message.
-        /// </summary>
-        internal static string OIDCH_0017_ExceptionOccurredWhileProcessingMessage
-        {
-            get { return GetString("OIDCH_0017_ExceptionOccurredWhileProcessingMessage"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0017: Exception occurred while processing message.
-        /// </summary>
-        internal static string FormatOIDCH_0017_ExceptionOccurredWhileProcessingMessage()
-        {
-            return GetString("OIDCH_0017_ExceptionOccurredWhileProcessingMessage");
-        }
-
-        /// <summary>
-        /// OIDCH_0018: AuthenticationFailedContext.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0018_AuthenticationFailedContextHandledResponse
-        {
-            get { return GetString("OIDCH_0018_AuthenticationFailedContextHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0018: AuthenticationFailedContext.HandledResponse
-        /// </summary>
-        internal static string FormatOIDCH_0018_AuthenticationFailedContextHandledResponse()
-        {
-            return GetString("OIDCH_0018_AuthenticationFailedContextHandledResponse");
-        }
-
-        /// <summary>
-        /// OIDCH_0019: AuthenticationFailedContext.Skipped
-        /// </summary>
-        internal static string OIDCH_0019_AuthenticationFailedContextSkipped
-        {
-            get { return GetString("OIDCH_0019_AuthenticationFailedContextSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0019: AuthenticationFailedContext.Skipped
-        /// </summary>
-        internal static string FormatOIDCH_0019_AuthenticationFailedContextSkipped()
-        {
-            return GetString("OIDCH_0019_AuthenticationFailedContextSkipped");
-        }
-
-        /// <summary>
-        /// OIDCH_0020: 'id_token' received: '{0}'
-        /// </summary>
-        internal static string OIDCH_0020_IdTokenReceived
-        {
-            get { return GetString("OIDCH_0020_IdTokenReceived"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0020: 'id_token' received: '{0}'
-        /// </summary>
-        internal static string FormatOIDCH_0020_IdTokenReceived(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0020_IdTokenReceived"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.
-        /// </summary>
-        internal static string OIDCH_0021_AutomaticConfigurationRefresh
-        {
-            get { return GetString("OIDCH_0021_AutomaticConfigurationRefresh"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.
-        /// </summary>
-        internal static string FormatOIDCH_0021_AutomaticConfigurationRefresh()
-        {
-            return GetString("OIDCH_0021_AutomaticConfigurationRefresh");
-        }
-
-        /// <summary>
-        /// OIDCH_0041: Subject claim not found in {0}.
-        /// </summary>
-        internal static string OIDCH_0041_Subject_Claim_Not_Found
-        {
-            get { return GetString("OIDCH_0041_Subject_Claim_Not_Found"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0041: Subject claim not found in {0}.
-        /// </summary>
-        internal static string FormatOIDCH_0041_Subject_Claim_Not_Found(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OIDCH_0041_Subject_Claim_Not_Found"), p0);
-        }
-
-        /// <summary>
-        /// OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse
-        /// </summary>
-        internal static string OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse
-        {
-            get { return GetString("OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse
-        /// </summary>
-        internal static string FormatOIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse()
-        {
-            return GetString("OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse");
-        }
-
-        /// <summary>
-        /// OIDCH_0044: AuthorizationCodeRedeemedContext.Skipped
-        /// </summary>
-        internal static string OIDCH_0044_AuthorizationCodeRedeemedContextSkipped
-        {
-            get { return GetString("OIDCH_0044_AuthorizationCodeRedeemedContextSkipped"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0044: AuthorizationCodeRedeemedContext.Skipped
-        /// </summary>
-        internal static string FormatOIDCH_0044_AuthorizationCodeRedeemedContextSkipped()
-        {
-            return GetString("OIDCH_0044_AuthorizationCodeRedeemedContextSkipped");
-        }
-
-        /// <summary>
-        /// OIDCH_0045: Cannot process the message. Both id_token and code are missing.
-        /// </summary>
-        internal static string OIDCH_0045_Id_Token_Code_Missing
-        {
-            get { return GetString("OIDCH_0045_Id_Token_Code_Missing"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0045: Cannot process the message. Both id_token and code are missing.
-        /// </summary>
-        internal static string FormatOIDCH_0045_Id_Token_Code_Missing()
-        {
-            return GetString("OIDCH_0045_Id_Token_Code_Missing");
-        }
-
-        /// <summary>
-        /// OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.
-        /// </summary>
-        internal static string OIDCH_0046_UserInfo_Endpoint_Not_Set
-        {
-            get { return GetString("OIDCH_0046_UserInfo_Endpoint_Not_Set"); }
-        }
-
-        /// <summary>
-        /// OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.
-        /// </summary>
-        internal static string FormatOIDCH_0046_UserInfo_Endpoint_Not_Set()
-        {
-            return GetString("OIDCH_0046_UserInfo_Endpoint_Not_Set");
+            return GetString("IdTokenCodeMissing");
         }
 
         private static string GetString(string name, params string[] formatterNames)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
index 4c8eeebd7e..7f790fef43 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
@@ -117,121 +117,22 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <data name="OIDCH_0101_BackChallnelLessThanZero" xml:space="preserve">
-    <value>OIDCH_0101: BackchannelTimeout cannot be less or equal to TimeSpan.Zero.</value>
+  <data name="MessageStateIsNullOrEmpty" xml:space="preserve">
+    <value>OpenIdConnectAuthenticationHandler: message.State is null or empty.</value>
   </data>
-  <data name="OIDCH_0102_Exception_ValidatorHandlerMismatch" xml:space="preserve">
-    <value>OIDCH_0102: An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  <data name="MessageStateIsInvalid" xml:space="preserve">
+    <value>Unable to unprotect the message.State.</value>
   </data>
-  <data name="OIDCH_0051_RedirectUriLogoutIsNotWellFormed" xml:space="preserve">
-    <value>OIDC_0051: The query string for Logout is not a well formed URI. The runtime cannot redirect. Redirect uri: '{0}'.</value>
+  <data name="MessageContainsError" xml:space="preserve">
+    <value>Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.</value>
   </data>
-  <data name="OIDCH_0026_ApplyResponseChallengeAsync" xml:space="preserve">
-    <value>OIDCH_0026: Entering: '{0}'</value>
+  <data name="ValidatedSecurityTokenNotJwt" xml:space="preserve">
+    <value>The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'.</value>
   </data>
-  <data name="OIDCH_0027_401_ConvertedTo_403" xml:space="preserve">
-    <value>OIDCH_0027: Converted 401 to 403.</value>
+  <data name="UnableToValidateToken" xml:space="preserve">
+    <value>Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."</value>
   </data>
-  <data name="OIDCH_0028_StatusCodeNot401" xml:space="preserve">
-    <value>OIDCH_0028: Response.StatusCode != 401, StatusCode: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0029_ChallengContextEqualsNull" xml:space="preserve">
-    <value>OIDCH_0029: ChallengeContext == null AND !Options.AutomaticAuthenticate</value>
-  </data>
-  <data name="OIDCH_0030_Using_Properties_RedirectUri" xml:space="preserve">
-    <value>OIDCH_0030: Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0031_Using_Options_RedirectUri" xml:space="preserve">
-    <value>OIDCH_0031: Using Options.RedirectUri for 'redirect_uri': '{0}'.</value>
-  </data>
-  <data name="OIDCH_0032_UsingCurrentUriRedirectUri" xml:space="preserve">
-    <value>OIDCH_0032: using the CurrentUri for 'local redirect' post authentication: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0033_NonceAlreadyExists" xml:space="preserve">
-    <value>OIDCH_0033: ProtocolValidator.RequireNonce == true. The generated nonce already exists: this usually indicates the nonce is not unique or has been used. The nonce is: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0036_UriIsNotWellFormed" xml:space="preserve">
-    <value>OIDCH_0036: Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0037_RedirectUri" xml:space="preserve">
-    <value>OIDCH_0037: RedirectUri is: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0038_Redeeming_Auth_Code" xml:space="preserve">
-    <value>OIDCH_0038: Id Token is null. Redeeming code : {0} for tokens.</value>
-  </data>
-  <data name="OIDCH_0039_Subject_Claim_Mismatch" xml:space="preserve">
-    <value>OIDCH_0039: Subject claim received from userinfo endpoint does not match the one in the id token.</value>
-  </data>
-  <data name="OIDCH_0040_Sending_Request_UIEndpoint" xml:space="preserve">
-    <value>OIDCH_0040: Sending request to user info endpoint for retrieving claims.</value>
-  </data>
-  <data name="OIDCH_0000_AuthenticateCoreAsync" xml:space="preserve">
-    <value>OIDCH_0000: Entering: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0001_MessageReceived" xml:space="preserve">
-    <value>OIDCH_0001: MessageReceived: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0002_MessageReceivedContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0002: MessageReceivedContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0003_MessageReceivedContextSkipped" xml:space="preserve">
-    <value>OIDCH_0003: MessageReceivedContext.Skipped</value>
-  </data>
-  <data name="OIDCH_0004_MessageStateIsNullOrEmpty" xml:space="preserve">
-    <value>OIDCH_0004: OpenIdConnectAuthenticationHandler: message.State is null or empty.</value>
-  </data>
-  <data name="OIDCH_0005_MessageStateIsInvalid" xml:space="preserve">
-    <value>OIDCH_0005: Unable to unprotect the message.State.</value>
-  </data>
-  <data name="OIDCH_0006_MessageContainsError" xml:space="preserve">
-    <value>OIDCH_0006: Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.</value>
-  </data>
-  <data name="OIDCH_0007_UpdatingConfiguration" xml:space="preserve">
-    <value>OIDCH_0007: Updating configuration</value>
-  </data>
-  <data name="OIDCH_0010_ValidatedSecurityTokenNotJwt" xml:space="preserve">
-    <value>OIDCH_0010: Validated Security Token must be a JwtSecurityToken was: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0011_UnableToValidateToken" xml:space="preserve">
-    <value>OIDCH_0011: Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."</value>
-  </data>
-  <data name="OIDCH_0014_AuthorizationCodeReceived" xml:space="preserve">
-    <value>OIDCH_0014: AuthorizationCode received: '{0}'.</value>
-  </data>
-  <data name="OIDCH_0015_AuthorizationCodeReceivedContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0015: AuthorizationCodeReceivedContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0016_AuthorizationCodeReceivedContextSkipped" xml:space="preserve">
-    <value>OIDCH_0016: AuthorizationCodeReceivedContext.Skipped</value>
-  </data>
-  <data name="OIDCH_0017_ExceptionOccurredWhileProcessingMessage" xml:space="preserve">
-    <value>OIDCH_0017: Exception occurred while processing message.</value>
-  </data>
-  <data name="OIDCH_0018_AuthenticationFailedContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0018: AuthenticationFailedContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0019_AuthenticationFailedContextSkipped" xml:space="preserve">
-    <value>OIDCH_0019: AuthenticationFailedContext.Skipped</value>
-  </data>
-  <data name="OIDCH_0020_IdTokenReceived" xml:space="preserve">
-    <value>OIDCH_0020: 'id_token' received: '{0}'</value>
-  </data>
-  <data name="OIDCH_0021_AutomaticConfigurationRefresh" xml:space="preserve">
-    <value>OIDCH_0021: exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.</value>
-  </data>
-  <data name="OIDCH_0041_Subject_Claim_Not_Found" xml:space="preserve">
-    <value>OIDCH_0041: Subject claim not found in {0}.</value>
-  </data>
-  <data name="OIDCH_0043_AuthorizationCodeRedeemedContextHandledResponse" xml:space="preserve">
-    <value>OIDCH_0043: AuthorizationCodeRedeemedContext.HandledResponse</value>
-  </data>
-  <data name="OIDCH_0044_AuthorizationCodeRedeemedContextSkipped" xml:space="preserve">
-    <value>OIDCH_0044: AuthorizationCodeRedeemedContext.Skipped</value>
-  </data>
-  <data name="OIDCH_0045_Id_Token_Code_Missing" xml:space="preserve">
-    <value>OIDCH_0045: Cannot process the message. Both id_token and code are missing.</value>
-  </data>
-  <data name="OIDCH_0046_UserInfo_Endpoint_Not_Set" xml:space="preserve">
-    <value>OIDCH_0046: UserInfo endpoint is not set. Request to retrieve claims from userinfo endpoint cannot be completed.</value>
+  <data name="IdTokenCodeMissing" xml:space="preserve">
+    <value>Cannot process the message. Both id_token and code are missing.</value>
   </data>
 </root>
\ No newline at end of file

From 0f78135f5d0bc88e3d009c47aba8971cf00823fe Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Thu, 15 Oct 2015 12:33:01 -0700
Subject: [PATCH 371/900] Moving AllowAnonymous attribute from MVC

---
 .../AllowAnonymousAttribute.cs                       | 12 ++++++++++++
 .../AuthorizationPolicy.cs                           |  2 +-
 .../IAllowAnonymous.cs                               |  9 +++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs
 create mode 100644 src/Microsoft.AspNet.Authorization/IAllowAnonymous.cs

diff --git a/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs b/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs
new file mode 100644
index 0000000000..30d0c49444
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs
@@ -0,0 +1,12 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Authorization
+{
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
+    public class AllowAnonymousAttribute : Attribute, IAllowAnonymous
+    {
+    }
+}
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 2d8cf315d4..096caeecd9 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -57,7 +57,7 @@ namespace Microsoft.AspNet.Authorization
             return builder.Build();
         }
 
-        public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<AuthorizeAttribute> attributes)
+        public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<IAuthorizeData> attributes)
         {
             if (options == null)
             {
diff --git a/src/Microsoft.AspNet.Authorization/IAllowAnonymous.cs b/src/Microsoft.AspNet.Authorization/IAllowAnonymous.cs
new file mode 100644
index 0000000000..3ba290a989
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/IAllowAnonymous.cs
@@ -0,0 +1,9 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Authorization
+{
+    public interface IAllowAnonymous
+    {
+    }
+}

From fd54c5af212d9cbf1340c715ddf513a9ba5dd004 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <elipton@microsoft.com>
Date: Mon, 19 Oct 2015 11:50:10 -0700
Subject: [PATCH 372/900] Add lots of missing doc comments. Also did some minor
 renames to match extension method patterns.

---
 .../CookieAppBuilderExtensions.cs             | 24 ++++++++--------
 .../CookieServiceCollectionExtensions.cs      | 16 +++++++++--
 .../FacebookAppBuilderExtensions.cs           | 17 +++++------
 .../GoogleAppBuilderExtensions.cs             | 21 +++++++-------
 .../JwtBearerAppBuilderExtensions.cs          | 20 +++++++------
 .../MicrosoftAccountAppBuilderExtensions.cs   | 16 +++++++++--
 ...nsions.cs => OAuthAppBuilderExtensions.cs} | 20 ++++++-------
 ...s => OpenIdConnectAppBuilderExtensions.cs} | 20 ++++++-------
 .../TwitterAppBuilderExtensions.cs            | 15 ++++++++--
 ...thenticationServiceCollectionExtensions.cs | 14 ++++++++++
 ...laimsTransformationAppBuilderExtensions.cs | 28 +++++++++----------
 .../AllowAnonymousAttribute.cs                |  3 ++
 ...uthorizationServiceCollectionExtensions.cs | 16 ++++++++++-
 .../AuthorizeAttribute.cs                     | 13 +++++++++
 .../IAuthorizeData.cs                         |  9 ++++++
 .../CookiePolicyAppBuilderExtensions.cs       | 18 ++++++------
 16 files changed, 180 insertions(+), 90 deletions(-)
 rename src/Microsoft.AspNet.Authentication.OAuth/{OAuthExtensions.cs => OAuthAppBuilderExtensions.cs} (61%)
 rename src/Microsoft.AspNet.Authentication.OpenIdConnect/{OpenIdConnectExtensions.cs => OpenIdConnectAppBuilderExtensions.cs} (54%)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index ef4a252a39..0a8cd12ce4 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -7,15 +7,15 @@ using Microsoft.AspNet.Authentication.Cookies;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods provided by the cookies authentication middleware
+    /// Extension methods to add cookie authentication capabilities to an HTTP application pipeline.
     /// </summary>
     public static class CookieAppBuilderExtensions
     {
         /// <summary>
-        /// Adds a cookie-based authentication middleware to your web application pipeline.
+        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
         /// </summary>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
@@ -27,11 +27,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Adds a cookie-based authentication middleware to your web application pipeline.
+        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
         /// </summary>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="configureOptions">Used to configure the options for the middleware</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="CookieAuthenticationOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions)
         {
             if (app == null)
@@ -48,11 +48,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Adds a cookie-based authentication middleware to your web application pipeline.
+        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
         /// </summary>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="options">Used to configure the middleware</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="JwtBearerOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
         {
             if (app == null)
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
index 260539b551..00132beac2 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
@@ -8,10 +8,16 @@ using Microsoft.Extensions.Configuration;
 namespace Microsoft.Extensions.DependencyInjection
 {
     /// <summary>
-    /// Extension methods provided by the cookies authentication middleware
+    /// Extension methods for setting up cookie authentication services in an <see cref="IServiceCollection" />.
     /// </summary>
     public static class CookieServiceCollectionExtensions
     {
+        /// <summary>
+        /// Adds cookie authentication services to the specified <see cref="IServiceCollection" />. 
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
+        /// <param name="configure">An action delegate to configure the provided <see cref="CookieAuthenticationOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, Action<CookieAuthenticationOptions> configure)
         {
             if (services == null)
@@ -27,6 +33,12 @@ namespace Microsoft.Extensions.DependencyInjection
             return services.Configure(configure);
         }
 
+        /// <summary>
+        /// Adds cookie authentication services to the specified <see cref="IServiceCollection" />. 
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
+        /// <param name="config">An <see cref="IConfiguration"/> instance that contains configuration data representing  a <see cref="CookieAuthenticationOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, IConfiguration config)
         {
             if (services == null)
@@ -42,4 +54,4 @@ namespace Microsoft.Extensions.DependencyInjection
             return services.Configure<CookieAuthenticationOptions>(config);
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 0df075e356..0889ec6ece 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -7,15 +7,16 @@ using Microsoft.AspNet.Authentication.Facebook;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="FacebookMiddleware"/>.
+    /// Extension methods to add Facebook authentication capabilities to an HTTP application pipeline.
     /// </summary>
     public static class FacebookAppBuilderExtensions
     {
         /// <summary>
-        /// Authenticate users using Facebook.
+        /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="FacebookOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, FacebookOptions options)
         {
             if (app == null)
@@ -32,11 +33,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Authenticate users using Facebook.
+        /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="configureOptions">Configures the options.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="FacebookOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, Action<FacebookOptions> configureOptions)
         {
             if (app == null)
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 08226c527c..67993bbc2e 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -7,16 +7,16 @@ using Microsoft.AspNet.Authentication.Google;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="GoogleMiddleware"/>.
+    /// Extension methods to add Google authentication capabilities to an HTTP application pipeline.
     /// </summary>
     public static class GoogleAppBuilderExtensions
     {
         /// <summary>
-        /// Authenticate users using Google OAuth 2.0.
+        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="options">The Middleware options.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="GoogleOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, GoogleOptions options)
         {
             if (app == null)
@@ -33,12 +33,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Authenticate users using Google OAuth 2.0.
+        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="configureOptions">Used to configure Middleware options.</param>
-        /// <param name="optionsName">Name of the options instance to be used</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="GoogleOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, Action<GoogleOptions> configureOptions)
         {
             if (app == null)
@@ -54,4 +53,4 @@ namespace Microsoft.AspNet.Builder
             return app.UseGoogleAuthentication(options);
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 7330aa7b3c..80494f09d8 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -7,21 +7,22 @@ using Microsoft.AspNet.Authentication.JwtBearer;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods to add OpenIdConnect Bearer authentication capabilities to an HTTP application pipeline
+    /// Extension methods to add OpenIdConnect Bearer authentication capabilities to an HTTP application pipeline.
     /// </summary>
     public static class JwtBearerAppBuilderExtensions
     {
         /// <summary>
-        /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
+        /// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
+        /// This middleware understands appropriately
         /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
         /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
         /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
         /// any time to obtain the claims from the request's bearer token.
         /// See also http://tools.ietf.org/html/rfc6749
         /// </summary>
-        /// <param name="app">The application builder</param>
-        /// <param name="options">Options which control the processing of the bearer header.</param>
-        /// <returns>The application builder</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="JwtBearerOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
         {
             if (app == null)
@@ -38,16 +39,17 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
+        /// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
+        /// This middleware understands appropriately
         /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
         /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
         /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
         /// any time to obtain the claims from the request's bearer token.
         /// See also http://tools.ietf.org/html/rfc6749
         /// </summary>
-        /// <param name="app">The application builder</param>
-        /// <param name="configureOptions">Used to configure Middleware options.</param>
-        /// <returns>The application builder</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="JwtBearerOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
         {
             if (app == null)
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index c890b7a9e2..37a8d4180d 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -7,10 +7,16 @@ using Microsoft.AspNet.Authentication.MicrosoftAccount;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="MicrosoftAccountMiddleware"/>
+    /// Extension methods to add Microsoft Account authentication capabilities to an HTTP application pipeline.
     /// </summary>
-    public static class MicrosoftAccountAuthenticationExtensions
+    public static class MicrosoftAccountAppBuilderExtensions
     {
+        /// <summary>
+        /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="MicrosoftAccountOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, MicrosoftAccountOptions options)
         {
             if (app == null)
@@ -26,6 +32,12 @@ namespace Microsoft.AspNet.Builder
             return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
         }
 
+        /// <summary>
+        /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="MicrosoftAccountOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, Action<MicrosoftAccountOptions> configureOptions)
         {
             if (app == null)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
similarity index 61%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index ecc03f428e..18aa623624 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -7,16 +7,16 @@ using Microsoft.AspNet.Authentication.OAuth;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="OAuthMiddleware"/>
+    /// Extension methods to add OAuth 2.0 authentication capabilities to an HTTP application pipeline.
     /// </summary>
-    public static class OAuthExtensions
+    public static class OAuthAppBuilderExtensions
     {
         /// <summary>
-        /// Authenticate users using OAuth.
+        /// Adds the <see cref="OAuthMiddleware{TOptions}"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OAuth 2.0 authentication capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="configureOptions">Configures the middleware options.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="OAuthOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, Action<OAuthOptions> configureOptions)
         {
             if (app == null)
@@ -38,11 +38,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Authenticate users using OAuth.
+        /// Adds the <see cref="OAuthMiddleware{TOptions}"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OAuth 2.0 authentication capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> passed to the configure method.</param>
-        /// <param name="options">The middleware configuration options.</param>
-        /// <returns>The updated <see cref="IApplicationBuilder"/>.</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="OAuthOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, OAuthOptions options)
         {
             if (app == null)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
similarity index 54%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
rename to src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index 20fc9c85ea..f9b064137f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -7,16 +7,16 @@ using Microsoft.AspNet.Authentication.OpenIdConnect;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="OpenIdConnectMiddleware"/>
+    /// Extension methods to add OpenID Connect authentication capabilities to an HTTP application pipeline.
     /// </summary>
-    public static class OpenIdConnectExtensions
+    public static class OpenIdConnectAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="OpenIdConnectMiddleware"/> into the ASP.NET runtime.
+        /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
         /// </summary>
-        /// <param name="app">The application builder</param>
-        /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
-        /// <returns>The application builder</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">An action delegate to configure the provided <see cref="OpenIdConnectOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions)
         {
             if (app == null)
@@ -34,11 +34,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Adds the <see cref="OpenIdConnectMiddleware"/> into the ASP.NET runtime.
+        /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
         /// </summary>
-        /// <param name="app">The application builder</param>
-        /// <param name="options">Options which control the processing of the OpenIdConnect protocol and token validation.</param>
-        /// <returns>The application builder</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">An <see cref="OpenIdConnectOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
         {
             if (app == null)
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index baef3e96a8..efff5937ae 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -7,10 +7,16 @@ using Microsoft.AspNet.Authentication.Twitter;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods for using <see cref="TwitterMiddleware"/>
+    /// Extension methods to add Twitter authentication capabilities to an HTTP application pipeline.
     /// </summary>
     public static class TwitterAppBuilderExtensions
     {
+        /// <summary>
+        /// Adds the <see cref="TwitterMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Twitter authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="TwitterOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, Action<TwitterOptions> configureOptions = null)
         {
             if (app == null)
@@ -26,6 +32,12 @@ namespace Microsoft.AspNet.Builder
             return app.UseTwitterAuthentication(options);
         }
 
+        /// <summary>
+        /// Adds the <see cref="TwitterMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Twitter authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="TwitterOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, TwitterOptions options)
         {
             if (app == null)
@@ -40,6 +52,5 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<TwitterMiddleware>(options);
         }
-
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
index a9ee391788..72032f53b0 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -6,8 +6,16 @@ using Microsoft.AspNet.Authentication;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
+    /// <summary>
+    /// Extension methods for setting up authentication services in an <see cref="IServiceCollection" />.
+    /// </summary>
     public static class AuthenticationServiceCollectionExtensions
     {
+        /// <summary>
+        /// Adds authentication services to the specified <see cref="IServiceCollection" />. 
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IServiceCollection AddAuthentication(this IServiceCollection services)
         {
             if (services == null)
@@ -20,6 +28,12 @@ namespace Microsoft.Extensions.DependencyInjection
             return services;
         }
 
+        /// <summary>
+        /// Adds authentication services to the specified <see cref="IServiceCollection" />. 
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="SharedAuthenticationOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IServiceCollection AddAuthentication(this IServiceCollection services, Action<SharedAuthenticationOptions> configureOptions)
         {
             if (services == null)
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index def2c935ba..4086c95915 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -9,27 +9,27 @@ using Microsoft.AspNet.Authentication;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods provided by the claims transformation authentication middleware
+    /// Extension methods to add claims transformation capabilities to an HTTP application pipeline.
     /// </summary>
     public static class ClaimsTransformationAppBuilderExtensions
     {
         /// <summary>
-        /// Adds a claims transformation middleware to your web application pipeline.
+        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
         /// </summary>
-        /// <param name="options">The options for the middleware</param>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="ClaimsTransformationOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, ClaimsTransformationOptions options)
         {
             return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
         }
 
         /// <summary>
-        /// Adds a claims transformation middleware to your web application pipeline.
+        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
         /// </summary>
-        /// <param name="options">The options for the middleware</param>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="transform">A function that asynchronously transforms one <see cref="ClaimsPrincipal"/> to another.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Func<ClaimsPrincipal, Task<ClaimsPrincipal>> transform)
         {
             var options = new ClaimsTransformationOptions();
@@ -41,11 +41,11 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Adds a claims transformation middleware to your web application pipeline.
+        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
         /// </summary>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="configureOptions">Used to configure the options for the middleware</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="ClaimsTransformationOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Action<ClaimsTransformationOptions> configureOptions)
         {
             var options = new ClaimsTransformationOptions();
@@ -56,4 +56,4 @@ namespace Microsoft.AspNet.Builder
             return app.UseClaimsTransformation(options);
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs b/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs
index 30d0c49444..b61a01446b 100644
--- a/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs
+++ b/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs
@@ -5,6 +5,9 @@ using System;
 
 namespace Microsoft.AspNet.Authorization
 {
+    /// <summary>
+    /// Specifies that the class or method that this attribute is applied to does not require authorization.
+    /// </summary>
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
     public class AllowAnonymousAttribute : Attribute, IAllowAnonymous
     {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
index f00d44a59c..cbf0b922aa 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -7,8 +7,16 @@ using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
+    /// <summary>
+    /// Extension methods for setting up authorization services in an <see cref="IServiceCollection" />.
+    /// </summary>
     public static class AuthorizationServiceCollectionExtensions
     {
+        /// <summary>
+        /// Adds authorization services to the specified <see cref="IServiceCollection" />. 
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IServiceCollection AddAuthorization(this IServiceCollection services)
         {
             if (services == null)
@@ -22,6 +30,12 @@ namespace Microsoft.Extensions.DependencyInjection
             return services;
         }
 
+        /// <summary>
+        /// Adds authorization services to the specified <see cref="IServiceCollection" />. 
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
+        /// <param name="configure">An action delegate to configure the provided <see cref="AuthorizationOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IServiceCollection AddAuthorization(this IServiceCollection services, Action<AuthorizationOptions> configure)
         {
             if (services == null)
@@ -38,4 +52,4 @@ namespace Microsoft.Extensions.DependencyInjection
             return services.AddAuthorization();
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
index cffc17dbd5..a20436ce99 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
@@ -5,21 +5,34 @@ using System;
 
 namespace Microsoft.AspNet.Authorization
 {
+    /// <summary>
+    /// Specifies that the class or method that this attribute is applied to requires the specified authorization.
+    /// </summary>
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
     public class AuthorizeAttribute : Attribute, IAuthorizeData
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AuthorizeAttribute"/> class. 
+        /// </summary>
         public AuthorizeAttribute() { }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AuthorizeAttribute"/> class with the specified policy. 
+        /// </summary>
+        /// <param name="policy">The name of the policy to require for authorization.</param>
         public AuthorizeAttribute(string policy)
         {
             Policy = policy;
         }
 
+        /// <inheritdoc />
         public string Policy { get; set; }
 
+        /// <inheritdoc />
         // REVIEW: can we get rid of the , deliminated in Roles/AuthTypes
         public string Roles { get; set; }
 
+        /// <inheritdoc />
         public string ActiveAuthenticationSchemes { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs b/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs
index 2571fb28e7..a49b4892a1 100644
--- a/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs
+++ b/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs
@@ -3,10 +3,19 @@
 
 namespace Microsoft.AspNet.Authorization
 {
+    /// <summary>
+    /// Defines the set of data required to apply authorization rules to a resource.
+    /// </summary>
     public interface IAuthorizeData
     {
+        /// <summary>
+        /// Gets or sets the policy name that determines access to the resource.
+        /// </summary>
         string Policy { get; set; }
 
+        /// <summary>
+        /// Gets or sets a comma-separated list of roles that are allowed to access the resource.
+        /// </summary>
         string Roles { get; set; }
 
         string ActiveAuthenticationSchemes { get; set; }
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
index aa8c9af016..f8a4af52f0 100644
--- a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -7,27 +7,27 @@ using Microsoft.AspNet.CookiePolicy;
 namespace Microsoft.AspNet.Builder
 {
     /// <summary>
-    /// Extension methods provided by the cookie policy middleware
+    /// Extension methods to add cookie policy capabilities to an HTTP application pipeline.
     /// </summary>
     public static class CookiePolicyAppBuilderExtensions
     {
         /// <summary>
-        /// Adds a cookie policy middleware to your web application pipeline.
+        /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
         /// </summary>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="options">The options for the middleware</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="CookiePolicyOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, CookiePolicyOptions options)
         {
             return app.UseMiddleware<CookiePolicyMiddleware>(options);
         }
 
         /// <summary>
-        /// Adds a cookie policy middleware to your web application pipeline.
+        /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
         /// </summary>
-        /// <param name="app">The IApplicationBuilder passed to your configuration method</param>
-        /// <param name="configureOptions">Used to configure the options for the middleware</param>
-        /// <returns>The original app parameter</returns>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="CookiePolicyOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, Action<CookiePolicyOptions> configureOptions)
         {
             var options = new CookiePolicyOptions();

From e0464c950853909aa3491c65b519db47bb22679f Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 20 Oct 2015 13:47:59 -0700
Subject: [PATCH 373/900] Add some basic logging to AuthZ/N

---
 .../AuthenticationHandler.cs                  |  7 +++++
 .../DefaultAuthorizationService.cs            | 31 +++++++++++++++++--
 .../DefaultAuthorizationServiceTests.cs       |  1 +
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index c55dc50d77..dcdf0badf7 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -104,6 +104,7 @@ namespace Microsoft.AspNet.Authentication
                 if (ticket?.Principal != null)
                 {
                     Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
+                    Logger.LogInformation(0, "HttContext.User merged via AutomaticAuthentication from authenticationScheme: {scheme}.", Options.AuthenticationScheme);
                 }
             }
         }
@@ -209,11 +210,13 @@ namespace Microsoft.AspNet.Authentication
                     if (ticket?.Principal != null)
                     {
                         context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
+                        Logger.LogInformation(1, "AuthenticationScheme: {scheme} was successfully authenticated.", Options.AuthenticationScheme);
                         handled = true;
                     }
                     else
                     {
                         context.NotAuthenticated();
+                        Logger.LogVerbose(2, "AuthenticationScheme: {scheme} was not authenticated.", Options.AuthenticationScheme);
                     }
                 }
             }
@@ -241,6 +244,7 @@ namespace Microsoft.AspNet.Authentication
             {
                 SignInAccepted = true;
                 await HandleSignInAsync(context);
+                Logger.LogInformation(3, "AuthenticationScheme: {scheme} signed in.", Options.AuthenticationScheme);
                 context.Accept();
             }
             else if (PriorHandler != null)
@@ -260,6 +264,7 @@ namespace Microsoft.AspNet.Authentication
             {
                 SignOutAccepted = true;
                 await HandleSignOutAsync(context);
+                Logger.LogInformation(4, "AuthenticationScheme: {scheme} signed out.", Options.AuthenticationScheme);
                 context.Accept();
             }
             else if (PriorHandler != null)
@@ -310,9 +315,11 @@ namespace Microsoft.AspNet.Authentication
                         goto case ChallengeBehavior.Unauthorized;
                     case ChallengeBehavior.Unauthorized:
                         handled = await HandleUnauthorizedAsync(context);
+                        Logger.LogInformation(5, "AuthenticationScheme: {scheme} was challenged.", Options.AuthenticationScheme);
                         break;
                     case ChallengeBehavior.Forbidden:
                         handled = await HandleForbiddenAsync(context);
+                        Logger.LogInformation(6, "AuthenticationScheme: {scheme} was forbidden.", Options.AuthenticationScheme);
                         break;
                 }
                 context.Accept();
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index 9730ba0d9f..2e2702ff6a 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
 
 namespace Microsoft.AspNet.Authorization
@@ -14,13 +15,29 @@ namespace Microsoft.AspNet.Authorization
     {
         private readonly IList<IAuthorizationHandler> _handlers;
         private readonly AuthorizationOptions _options;
+        private readonly ILogger _logger;
 
-        public DefaultAuthorizationService(IOptions<AuthorizationOptions> options, IEnumerable<IAuthorizationHandler> handlers)
+        public DefaultAuthorizationService(IOptions<AuthorizationOptions> options, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
         {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+            if (handlers == null)
+            {
+                throw new ArgumentNullException(nameof(handlers));
+            }
+            if (logger == null)
+            {
+                throw new ArgumentNullException(nameof(logger));
+            }
+
             _handlers = handlers.ToArray();
             _options = options.Value;
+            _logger = logger;
         }
 
+
         public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
         {
             if (requirements == null)
@@ -33,7 +50,17 @@ namespace Microsoft.AspNet.Authorization
             {
                 await handler.HandleAsync(authContext);
             }
-            return authContext.HasSucceeded;
+
+            if (authContext.HasSucceeded)
+            {
+                _logger.LogInformation(0, "Authorization was successful for user: {userName}.", user?.Identity?.Name);
+                return true;
+            }
+            else
+            {
+                _logger.LogInformation(1, "Authorization failed for user: {userName}.", user?.Identity?.Name);
+                return false;
+            }
         }
 
         public Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index fbf67ec15a..3ee2e547c5 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -17,6 +17,7 @@ namespace Microsoft.AspNet.Authorization.Test
         {
             var services = new ServiceCollection();
             services.AddAuthorization();
+            services.AddLogging();
             if (setupServices != null)
             {
                 setupServices(services);

From 2b259e8b99e519946cbd782da20398a426c2a9d7 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 20 Oct 2015 13:56:40 -0700
Subject: [PATCH 374/900] Remove deprecated AddCookieAuthentication methods

---
 .../CookieServiceCollectionExtensions.cs      | 57 -------------------
 1 file changed, 57 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
deleted file mode 100644
index 00132beac2..0000000000
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieServiceCollectionExtensions.cs
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.Extensions.Configuration;
-
-namespace Microsoft.Extensions.DependencyInjection
-{
-    /// <summary>
-    /// Extension methods for setting up cookie authentication services in an <see cref="IServiceCollection" />.
-    /// </summary>
-    public static class CookieServiceCollectionExtensions
-    {
-        /// <summary>
-        /// Adds cookie authentication services to the specified <see cref="IServiceCollection" />. 
-        /// </summary>
-        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
-        /// <param name="configure">An action delegate to configure the provided <see cref="CookieAuthenticationOptions"/>.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, Action<CookieAuthenticationOptions> configure)
-        {
-            if (services == null)
-            {
-                throw new ArgumentNullException(nameof(services));
-            }
-
-            if (configure == null)
-            {
-                throw new ArgumentNullException(nameof(configure));
-            }
-
-            return services.Configure(configure);
-        }
-
-        /// <summary>
-        /// Adds cookie authentication services to the specified <see cref="IServiceCollection" />. 
-        /// </summary>
-        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
-        /// <param name="config">An <see cref="IConfiguration"/> instance that contains configuration data representing  a <see cref="CookieAuthenticationOptions"/>.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, IConfiguration config)
-        {
-            if (services == null)
-            {
-                throw new ArgumentNullException(nameof(services));
-            }
-
-            if (config == null)
-            {
-                throw new ArgumentNullException(nameof(config));
-            }
-
-            return services.Configure<CookieAuthenticationOptions>(config);
-        }
-    }
-}

From 00c81d41aaeeb2d9ba48932c083681a9ba7a20a7 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 21 Oct 2015 11:24:10 -0700
Subject: [PATCH 375/900] Use fixed version of OpenIdConnect

---
 src/Microsoft.AspNet.Authentication.JwtBearer/project.json     | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 0bd5579989..519033d276 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -10,7 +10,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-210191231"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 062542d7e6..8bf0acf25e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -10,7 +10,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-*"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-210191231"
     },
     "frameworks": {
         "dnx451": {

From ef61b14d6a66f9913b98c38fe25aa23d18be8be3 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 20 Oct 2015 13:33:25 -0700
Subject: [PATCH 376/900] #501 Replace OpenIdConnectTokenEndpointResponse with
 an OpenIdConnectMessage

---
 .../Events/AuthenticationValidatedContext.cs  |  2 +-
 .../Events/TokenResponseReceivedContext.cs    |  4 +--
 .../OpenIdConnectHandler.cs                   | 16 ++++-----
 .../OpenIdConnectTokenEndpointResponse.cs     | 36 -------------------
 ...nIdConnectHandlerForTestingAuthenticate.cs |  4 +--
 5 files changed, 13 insertions(+), 49 deletions(-)
 delete mode 100644 src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
index e38b67b46b..b12aedce22 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
@@ -13,6 +13,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
         }
 
-        public OpenIdConnectTokenEndpointResponse TokenEndpointResponse { get; set; }
+        public OpenIdConnectMessage TokenEndpointResponse { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index 95751f4119..19c58dca9f 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -17,8 +17,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// Gets or sets the <see cref="OpenIdConnectTokenEndpointResponse"/> that contains the tokens and json response received after redeeming the code at the token endpoint.
+        /// Gets or sets the <see cref="OpenIdConnectMessage"/> that contains the tokens received after redeeming the code at the token endpoint.
         /// </summary>
-        public OpenIdConnectTokenEndpointResponse TokenEndpointResponse { get; set; }
+        public OpenIdConnectMessage TokenEndpointResponse { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index f1e82cf89c..8cc9c16070 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -497,7 +497,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var validationParameters = Options.TokenValidationParameters.Clone();
             validationParameters.ValidateSignature = false;
 
-            ticket = ValidateToken(tokenEndpointResponse.ProtocolMessage.IdToken, message, properties, validationParameters, out jwt);
+            ticket = ValidateToken(tokenEndpointResponse.IdToken, message, properties, validationParameters, out jwt);
 
             var nonce = jwt?.Payload.Nonce;
             if (!string.IsNullOrEmpty(nonce))
@@ -508,7 +508,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             Options.ProtocolValidator.ValidateTokenResponse(new OpenIdConnectProtocolValidationContext()
             {
                 ClientId = Options.ClientId,
-                ProtocolMessage = tokenEndpointResponse.ProtocolMessage,
+                ProtocolMessage = tokenEndpointResponse,
                 ValidatedIdToken = jwt,
                 Nonce = nonce
             });
@@ -527,13 +527,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.SaveTokensAsClaims)
             {
                 // Persist the tokens extracted from the token response.
-                SaveTokens(ticket.Principal, tokenEndpointResponse.ProtocolMessage, saveRefreshToken: true);
+                SaveTokens(ticket.Principal, tokenEndpointResponse, saveRefreshToken: true);
             }
 
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
                 Logger.LogDebug(22, "Sending request to user info endpoint for retrieving claims.");
-                ticket = await GetUserInformationAsync(tokenEndpointResponse.ProtocolMessage, jwt, ticket);
+                ticket = await GetUserInformationAsync(tokenEndpointResponse, jwt, ticket);
             }
 
             return AuthenticateResult.Success(ticket);
@@ -618,7 +618,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="authorizationCode">The authorization code to redeem.</param>
         /// <param name="redirectUri">Uri that was passed in the request sent for the authorization code.</param>
         /// <returns>OpenIdConnect message that has tokens inside it.</returns>
-        protected virtual async Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
+        protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
         {
             var openIdMessage = new OpenIdConnectMessage()
             {
@@ -635,7 +635,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             responseMessage.EnsureSuccessStatusCode();
             var tokenResonse = await responseMessage.Content.ReadAsStringAsync();
             var jsonTokenResponse = JObject.Parse(tokenResonse);
-            return new OpenIdConnectTokenEndpointResponse(jsonTokenResponse);
+            return new OpenIdConnectMessage(jsonTokenResponse);
         }
 
         /// <summary>
@@ -984,7 +984,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return authorizationCodeReceivedContext;
         }
 
-        private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
+        private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse)
         {
             Logger.LogDebug(35, "Token response received.");
             var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options)
@@ -1005,7 +1005,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return tokenResponseReceivedContext;
         }
 
-        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, OpenIdConnectTokenEndpointResponse tokenEndpointResponse)
+        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, OpenIdConnectMessage tokenEndpointResponse)
         {
             var authenticationValidatedContext = new AuthenticationValidatedContext(Context, Options)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
deleted file mode 100644
index 4216e1eab5..0000000000
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectTokenEndpointResponse.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Newtonsoft.Json.Linq;
-
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
-{
-    /// <summary>
-    /// Class to store the response returned from token endpoint
-    /// </summary>
-    public class OpenIdConnectTokenEndpointResponse
-    {
-        public OpenIdConnectTokenEndpointResponse(JObject jsonResponse)
-        {
-            JsonResponse = jsonResponse;
-            ProtocolMessage = new OpenIdConnectMessage()
-            {
-                AccessToken = JsonResponse.Value<string>(OpenIdConnectParameterNames.AccessToken),
-                IdToken = JsonResponse.Value<string>(OpenIdConnectParameterNames.IdToken),
-                TokenType = JsonResponse.Value<string>(OpenIdConnectParameterNames.TokenType),
-                ExpiresIn = JsonResponse.Value<string>(OpenIdConnectParameterNames.ExpiresIn)
-            };
-        }
-
-        /// <summary>
-        /// OpenIdConnect message that contains the id token and access tokens
-        /// </summary>
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-
-        /// <summary>
-        /// Json response returned from the token endpoint
-        /// </summary>
-        public JObject JsonResponse { get; set; }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
index 0be9b7d69b..c0333cb2f4 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
@@ -19,11 +19,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
         }
 
-        protected override Task<OpenIdConnectTokenEndpointResponse> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
+        protected override Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
         {
             var jsonResponse = new JObject();
             jsonResponse.Add(OpenIdConnectParameterNames.IdToken, "test token");
-            return Task.FromResult(new OpenIdConnectTokenEndpointResponse(jsonResponse));
+            return Task.FromResult(new OpenIdConnectMessage(jsonResponse));
         }
 
         protected override Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)

From defc9faac06958b89ad3bf8fa28a135265cef46f Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 20 Oct 2015 14:01:57 -0700
Subject: [PATCH 377/900] Don't call resource handlers without required
 resource

---
 .../AuthorizationHandler.cs                   |  8 +--
 .../DefaultAuthorizationServiceTests.cs       | 51 +++++++++++++++++--
 2 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
index f5418841ab..84e0160fee 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
@@ -40,10 +40,12 @@ namespace Microsoft.AspNet.Authorization
     {
         public virtual async Task HandleAsync(AuthorizationContext context)
         {
-            var resource = context.Resource as TResource;
-            foreach (var req in context.Requirements.OfType<TRequirement>())
+            if (context.Resource is TResource)
             {
-                await HandleAsync(context, req, resource);
+                foreach (var req in context.Requirements.OfType<TRequirement>())
+                {
+                    await HandleAsync(context, req, (TResource)context.Resource);
+                }
             }
         }
 
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 3ee2e547c5..3b5d68360f 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -813,6 +813,35 @@ namespace Microsoft.AspNet.Authorization.Test
             Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Create));
         }
 
+        public class NotCalledHandler : AuthorizationHandler<OperationAuthorizationRequirement, string>
+        {
+            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, string resource)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        [Fact]
+        public async Task DoesNotCallHandlerWithWrongResourceType()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddTransient<IAuthorizationHandler, NotCalledHandler>();
+            });
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] {
+                        new Claim("SuperUser", "yes")
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            // Assert
+            Assert.False(await authorizationService.AuthorizeAsync(user, 1, Operations.Edit));
+        }
+
         [Fact]
         public async Task CanAuthorizeOnlyAllowedOperations()
         {
@@ -820,15 +849,29 @@ namespace Microsoft.AspNet.Authorization.Test
             var authorizationService = BuildAuthorizationService(services =>
             {
                 services.AddInstance<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
-                services.AddTransient<IAuthorizationHandler, SuperUserHandler>();
             });
             var user = new ClaimsPrincipal();
 
             // Act
             // Assert
-            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Edit));
-            Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Delete));
-            Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Create));
+            Assert.True(await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Edit));
+            Assert.False(await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Delete));
+            Assert.False(await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Create));
+        }
+
+        [Fact]
+        public async Task AuthorizeHandlerNotCalledWithNullResource()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddInstance<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
+            });
+            var user = new ClaimsPrincipal();
+
+            // Act
+            // Assert
+            Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Edit));
         }
 
         [Fact]

From b09777fe386251f0077a5f8820d1d80007008df7 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 20 Oct 2015 15:43:13 -0700
Subject: [PATCH 378/900] Update samples with error handling

---
 samples/SocialSample/Startup.cs | 36 +++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 4fd444ea89..d9db3b1a3d 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -2,15 +2,18 @@ using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
+using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.Google;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json.Linq;
 
 namespace CookieSample
@@ -58,6 +61,17 @@ namespace CookieSample
             {
                 options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
                 options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
+                options.Events = new OAuthEvents()
+                {
+                    OnRemoteError = ctx =>
+
+                    {
+                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                        ctx.HandleResponse();
+                        return Task.FromResult(0);
+                    }
+                };
+
             });
 
             // https://apps.twitter.com/
@@ -65,6 +79,15 @@ namespace CookieSample
             {
                 options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g";
                 options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
+                options.Events = new TwitterEvents()
+                {
+                    OnRemoteError = ctx =>
+                    {
+                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                        ctx.HandleResponse();
+                        return Task.FromResult(0);
+                    }
+                };
             });
 
             /* https://account.live.com/developers/applications
@@ -217,6 +240,19 @@ namespace CookieSample
                 });
             });
 
+            // Display the remote error
+            app.Map("/error", errorApp =>
+            {
+                errorApp.Run(async context =>
+                {
+                    context.Response.ContentType = "text/html";
+                    await context.Response.WriteAsync("<html><body>");
+                    await context.Response.WriteAsync("An remote error has occured: " + context.Request.Query["ErrorMessage"] + "<br>");
+                    await context.Response.WriteAsync("<a href=\"/\">Home</a>");
+                    await context.Response.WriteAsync("</body></html>");
+                });
+            });
+
             // Deny anonymous request beyond this point.
             app.Use(async (context, next) =>
             {

From e72a5639024eba48a021960f2bc141372c337afc Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 21 Oct 2015 15:19:16 -0700
Subject: [PATCH 379/900] Add initial Owin Security cookie interop package

---
 Security.sln                                  |  30 ++
 .../CookieAuthenticationMiddleware.cs         |   3 +-
 .../CookieAuthenticationOptions.cs            |   6 +
 .../DataHandler/TicketSerializer.cs           |   1 +
 .../AspNetTicketDataFormat.cs                 |  17 ++
 .../AspNetTicketSerializer.cs                 | 220 ++++++++++++++
 .../CookieAuthenticationExtensions.cs         |  26 ++
 .../DataProtectorShim.cs                      |  31 ++
 .../DefaultCompatibilityConstants.cs          |  22 ++
 ...rosoft.Owin.Security.Cookies.Interop.xproj |  19 ++
 .../project.json                              |  14 +
 .../Cookies/CookieMiddlewareTests.cs          |   2 -
 .../project.json                              |   1 -
 ...t.Owin.Security.Cookies.Interop.Test.xproj |  19 ++
 .../TicketInteropTests.cs                     | 269 ++++++++++++++++++
 ...y-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml |  16 ++
 .../project.json                              |  18 ++
 17 files changed, 710 insertions(+), 4 deletions(-)
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketDataFormat.cs
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketSerializer.cs
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/DataProtectorShim.cs
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/project.json
 create mode 100644 test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
 create mode 100644 test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
 create mode 100644 test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml
 create mode 100644 test/Microsoft.Owin.Security.Cookies.Interop.Test/project.json

diff --git a/Security.sln b/Security.sln
index 486611009f..6367cfeadf 100644
--- a/Security.sln
+++ b/Security.sln
@@ -50,6 +50,10 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePoli
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Cookies.Interop", "src\Microsoft.Owin.Security.Cookies.Interop\Microsoft.Owin.Security.Cookies.Interop.xproj", "{21A56E78-31DE-4868-9778-7E4DBE2A4E35}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Cookies.Interop.Test", "test\Microsoft.Owin.Security.Cookies.Interop.Test\Microsoft.Owin.Security.Cookies.Interop.Test.xproj", "{73E8E654-A2AC-4848-95F3-EB55512F6C39}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -270,6 +274,30 @@ Global
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|x86.Build.0 = Debug|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Any CPU.Build.0 = Release|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|x86.ActiveCfg = Release|Any CPU
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|x86.Build.0 = Release|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|x86.Build.0 = Debug|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Any CPU.Build.0 = Release|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|x86.ActiveCfg = Release|Any CPU
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -293,5 +321,7 @@ Global
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{1790E052-646F-4529-B90E-6FEA95520D69} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{21A56E78-31DE-4868-9778-7E4DBE2A4E35} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{73E8E654-A2AC-4848-95F3-EB55512F6C39} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index bce9648b87..aca234da08 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -54,7 +54,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
             if (Options.TicketDataFormat == null)
             {
-                var dataProtector = dataProtectionProvider.CreateProtector(typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
+                var provider = Options.DataProtectionProvider ?? dataProtectionProvider;
+                var dataProtector = provider.CreateProtector(typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
             if (Options.CookieManager == null)
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 8bb1d39598..1d0484ab64 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,6 +4,7 @@
 using System;
 using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.OptionsModel;
 
@@ -74,6 +75,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// </summary>
         public CookieSecureOption CookieSecure { get; set; }
 
+        /// <summary>
+        /// If set this will be used by the CookieAuthenticationMiddleware for data protection.
+        /// </summary>
+        public IDataProtectionProvider DataProtectionProvider { get; set; }
+
         /// <summary>
         /// Controls how much time the cookie will remain valid from the point it is created. The expiration
         /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored 
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
index b27027d11b..8fae5f9235 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
@@ -8,6 +8,7 @@ using System.Security.Claims;
 
 namespace Microsoft.AspNet.Authentication
 {
+    // This MUST be kept in sync with Microsoft.Owin.Security.Cookies.AspNetTicketSerializer
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
         private const string DefaultStringPlaceholder = "\0";
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketDataFormat.cs b/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketDataFormat.cs
new file mode 100644
index 0000000000..48ded33091
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketDataFormat.cs
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Owin.Security.DataHandler;
+using Microsoft.Owin.Security.DataHandler.Encoder;
+using Microsoft.Owin.Security.DataProtection;
+
+namespace Microsoft.Owin.Security.Cookies.Interop
+{
+    public class AspNetTicketDataFormat : SecureDataFormat<AuthenticationTicket>
+    {
+        public AspNetTicketDataFormat(IDataProtector protector)
+            : base(new AspNetTicketSerializer(), protector, TextEncodings.Base64Url)
+        {
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketSerializer.cs b/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketSerializer.cs
new file mode 100644
index 0000000000..8727f7c46b
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketSerializer.cs
@@ -0,0 +1,220 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.Owin.Security.DataHandler.Serializer;
+
+namespace Microsoft.Owin.Security.Cookies.Interop
+{
+    // This MUST be kept in sync with Microsoft.AspNet.Authentication.DataHandler.TicketSerializer
+    public class AspNetTicketSerializer : IDataSerializer<AuthenticationTicket>
+    {
+        private const string DefaultStringPlaceholder = "\0";
+        private const int FormatVersion = 5;
+
+        public static TicketSerializer Default { get; } = new TicketSerializer();
+
+        public virtual byte[] Serialize(AuthenticationTicket ticket)
+        {
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new BinaryWriter(memory))
+                {
+                    Write(writer, ticket);
+                }
+                return memory.ToArray();
+            }
+        }
+
+        public virtual AuthenticationTicket Deserialize(byte[] data)
+        {
+            using (var memory = new MemoryStream(data))
+            {
+                using (var reader = new BinaryReader(memory))
+                {
+                    return Read(reader);
+                }
+            }
+        }
+
+        public virtual void Write(BinaryWriter writer, AuthenticationTicket ticket)
+        {
+            writer.Write(FormatVersion);
+            writer.Write(ticket.Identity.AuthenticationType);
+
+            var identity = ticket.Identity;
+            if (identity == null)
+            {
+                throw new ArgumentNullException("ticket.Identity");
+            }
+
+            // There is always a single identity
+            writer.Write(1);
+            WriteIdentity(writer, identity);
+            PropertiesSerializer.Write(writer, ticket.Properties);
+        }
+
+        protected virtual void WriteIdentity(BinaryWriter writer, ClaimsIdentity identity)
+        {
+            var authenticationType = identity.AuthenticationType ?? string.Empty;
+
+            writer.Write(authenticationType);
+            WriteWithDefault(writer, identity.NameClaimType, ClaimsIdentity.DefaultNameClaimType);
+            WriteWithDefault(writer, identity.RoleClaimType, ClaimsIdentity.DefaultRoleClaimType);
+
+            // Write the number of claims contained in the identity.
+            writer.Write(identity.Claims.Count());
+
+            foreach (var claim in identity.Claims)
+            {
+                WriteClaim(writer, claim);
+            }
+
+            var bootstrap = identity.BootstrapContext as string;
+            if (!string.IsNullOrEmpty(bootstrap))
+            {
+                writer.Write(true);
+                writer.Write(bootstrap);
+            }
+            else
+            {
+                writer.Write(false);
+            }
+
+            if (identity.Actor != null)
+            {
+                writer.Write(true);
+                WriteIdentity(writer, identity.Actor);
+            }
+            else
+            {
+                writer.Write(false);
+            }
+        }
+
+        protected virtual void WriteClaim(BinaryWriter writer, Claim claim)
+        {
+            WriteWithDefault(writer, claim.Type, claim.Subject?.NameClaimType ?? ClaimsIdentity.DefaultNameClaimType);
+            writer.Write(claim.Value);
+            WriteWithDefault(writer, claim.ValueType, ClaimValueTypes.String);
+            WriteWithDefault(writer, claim.Issuer, ClaimsIdentity.DefaultIssuer);
+            WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+
+            // Write the number of properties contained in the claim.
+            writer.Write(claim.Properties.Count);
+
+            foreach (var property in claim.Properties)
+            {
+                writer.Write(property.Key ?? string.Empty);
+                writer.Write(property.Value ?? string.Empty);
+            }
+        }
+
+        public virtual AuthenticationTicket Read(BinaryReader reader)
+        {
+            if (reader.ReadInt32() != FormatVersion)
+            {
+                return null;
+            }
+
+            var scheme = reader.ReadString();
+
+            // Any identities after the first will be ignored.
+            var count = reader.ReadInt32();
+            if (count < 0)
+            {
+                return null;
+            }
+
+            var identity = ReadIdentity(reader);
+            var properties = PropertiesSerializer.Read(reader);
+
+            return new AuthenticationTicket(identity, properties);
+        }
+
+        protected virtual ClaimsIdentity ReadIdentity(BinaryReader reader)
+        {
+            var authenticationType = reader.ReadString();
+            var nameClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultNameClaimType);
+            var roleClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultRoleClaimType);
+
+            // Read the number of claims contained
+            // in the serialized identity.
+            var count = reader.ReadInt32();
+
+            var identity = new ClaimsIdentity(authenticationType, nameClaimType, roleClaimType);
+
+            for (int index = 0; index != count; ++index)
+            {
+                var claim = ReadClaim(reader, identity);
+
+                identity.AddClaim(claim);
+            }
+
+            // Determine whether the identity
+            // has a bootstrap context attached.
+            if (reader.ReadBoolean())
+            {
+                identity.BootstrapContext = reader.ReadString();
+            }
+
+            // Determine whether the identity
+            // has an actor identity attached.
+            if (reader.ReadBoolean())
+            {
+                identity.Actor = ReadIdentity(reader);
+            }
+
+            return identity;
+        }
+
+        protected virtual Claim ReadClaim(BinaryReader reader, ClaimsIdentity identity)
+        {
+            var type = ReadWithDefault(reader, identity.NameClaimType);
+            var value = reader.ReadString();
+            var valueType = ReadWithDefault(reader, ClaimValueTypes.String);
+            var issuer = ReadWithDefault(reader, ClaimsIdentity.DefaultIssuer);
+            var originalIssuer = ReadWithDefault(reader, issuer);
+
+            var claim = new Claim(type, value, valueType, issuer, originalIssuer, identity);
+
+            // Read the number of properties stored in the claim.
+            var count = reader.ReadInt32();
+
+            for (var index = 0; index != count; ++index)
+            {
+                var key = reader.ReadString();
+                var propertyValue = reader.ReadString();
+
+                claim.Properties.Add(key, propertyValue);
+            }
+
+            return claim;
+        }
+
+        private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
+        {
+            if (string.Equals(value, defaultValue, StringComparison.Ordinal))
+            {
+                writer.Write(DefaultStringPlaceholder);
+            }
+            else
+            {
+                writer.Write(value);
+            }
+        }
+
+        private static string ReadWithDefault(BinaryReader reader, string defaultValue)
+        {
+            var value = reader.ReadString();
+            if (string.Equals(value, DefaultStringPlaceholder, StringComparison.Ordinal))
+            {
+                return defaultValue;
+            }
+            return value;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs b/src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs
new file mode 100644
index 0000000000..3bbe74aad6
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.DataProtection;
+using Microsoft.Owin.Security.Cookies;
+using Microsoft.Owin.Security.Cookies.Interop;
+
+namespace Owin
+{
+    public static class CookieAuthenticationExtensions
+    {
+        public static IAppBuilder UseCookieAuthentication(
+            this IAppBuilder app,
+            CookieAuthenticationOptions options,
+            DataProtectionProvider dataProtectionProvider,
+            PipelineStage stage = PipelineStage.Authenticate)
+        {
+            var dataProtector = dataProtectionProvider.CreateProtector(
+                "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
+                options.AuthenticationType, "v2");
+            options.TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector));
+
+            return app.UseCookieAuthentication(options, stage);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/DataProtectorShim.cs b/src/Microsoft.Owin.Security.Cookies.Interop/DataProtectorShim.cs
new file mode 100644
index 0000000000..0dab249aea
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/DataProtectorShim.cs
@@ -0,0 +1,31 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.DataProtection;
+
+namespace Microsoft.Owin.Security.Cookies.Interop
+{
+    /// <summary>
+    /// Converts an <see cref="IDataProtector"/> to an
+    /// <see cref="Microsoft.Owin.Security.DataProtection.IDataProtector"/>.
+    /// </summary>
+    internal sealed class DataProtectorShim : Microsoft.Owin.Security.DataProtection.IDataProtector
+    {
+        private readonly IDataProtector _protector;
+
+        public DataProtectorShim(IDataProtector protector)
+        {
+            _protector = protector;
+        }
+
+        public byte[] Protect(byte[] userData)
+        {
+            return _protector.Protect(userData);
+        }
+
+        public byte[] Unprotect(byte[] protectedData)
+        {
+            return _protector.Unprotect(protectedData);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs b/src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs
new file mode 100644
index 0000000000..b403033e32
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs
@@ -0,0 +1,22 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Identity
+{
+    /// <summary>
+    /// Helpful constants for working with the authentication cookie compatibility shim.
+    /// </summary>
+    public static class DefaultCompatibilityConstants
+    {
+        /// <summary>
+        /// The default authentication type for application authentication cookies.
+        /// </summary>
+        public const string ApplicationCookieAuthenticationType = "Microsoft.AspNet.Identity.Application.AuthType";
+
+        /// <summary>
+        /// The default cookie name for application authentication cookies.
+        /// Used by <see cref="CookieAuthenticationOptions.CookieName"/>.
+        /// </summary>
+        public const string CookieName = ".AspNet.Microsoft.AspNet.Identity.Application";
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj b/src/Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj
new file mode 100644
index 0000000000..fd666b061d
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>21a56e78-31de-4868-9778-7e4dbe2a4e35</ProjectGuid>
+    <RootNamespace>Microsoft.Owin.Security.Cookies.Shareable</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/project.json b/src/Microsoft.Owin.Security.Cookies.Interop/project.json
new file mode 100644
index 0000000000..58830a72cc
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/project.json
@@ -0,0 +1,14 @@
+{
+    "version": "1.0.0-*",
+    "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security.Cookies and Microsoft.AspNet.Authentication.Cookies.",
+    "dependencies": {
+    },
+    "frameworks": {
+        "net451": {
+            "dependencies": {
+                "Microsoft.AspNet.DataProtection.Extensions": "1.0.0-*",
+                "Microsoft.Owin.Security.Cookies": "3.0.1"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index ff1a67d532..3f40b1cebb 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -10,7 +9,6 @@ using System.Security.Claims;
 using System.Security.Principal;
 using System.Text;
 using System.Threading.Tasks;
-using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index 9b0c6a2375..af0759d42b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -10,7 +10,6 @@
     "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
     "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
-    "Microsoft.AspNet.DataProtection": "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
     "Microsoft.AspNet.Testing": "1.0.0-*",
     "xunit.runner.aspnet": "2.0.0-aspnet-*"
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj b/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
new file mode 100644
index 0000000000..26bc63e140
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>73e8e654-a2ac-4848-95f3-eb55512f6c39</ProjectGuid>
+    <RootNamespace>Microsoft.Owin.Security.Cookies.Interop.Test</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
new file mode 100644
index 0000000000..63ab2d36cd
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
@@ -0,0 +1,269 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Linq;
+using System.Net.Http;
+using Microsoft.AspNet.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Builder;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Owin;
+using Microsoft.Owin.Security.Cookies;
+using Microsoft.Owin.Security.Cookies.Interop;
+using Microsoft.Owin.Testing;
+using Owin;
+using Xunit;
+
+namespace Microsoft.AspNet.CookiePolicy.Test
+{
+    public class TicketInteropTests
+    {
+        [Fact]
+        public void NewSerializerCanReadInteropTicket()
+        {
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim("Test", "Value"));
+
+            var expires = DateTime.Today;
+            var issued = new DateTime(1979, 11, 11);
+            var properties = new Owin.Security.AuthenticationProperties();
+            properties.IsPersistent = true;
+            properties.RedirectUri = "/redirect";
+            properties.Dictionary["key"] = "value";
+            properties.ExpiresUtc = expires;
+            properties.IssuedUtc = issued;
+
+            var interopTicket = new Owin.Security.AuthenticationTicket(identity, properties);
+            var interopSerializer = new AspNetTicketSerializer();
+
+            var bytes = interopSerializer.Serialize(interopTicket);
+
+            var newSerializer = new TicketSerializer();
+            var newTicket = newSerializer.Deserialize(bytes);
+
+            Assert.NotNull(newTicket);
+            Assert.Equal(1, newTicket.Principal.Identities.Count());
+            var newIdentity = newTicket.Principal.Identity as ClaimsIdentity;
+            Assert.NotNull(newIdentity);
+            Assert.Equal("scheme", newIdentity.AuthenticationType);
+            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
+            Assert.NotNull(newTicket.Properties);
+            Assert.True(newTicket.Properties.IsPersistent);
+            Assert.Equal("/redirect", newTicket.Properties.RedirectUri);
+            Assert.Equal("value", newTicket.Properties.Items["key"]);
+            Assert.Equal(expires, newTicket.Properties.ExpiresUtc);
+            Assert.Equal(issued, newTicket.Properties.IssuedUtc);
+        }
+
+        [Fact]
+        public void InteropSerializerCanReadNewTicket()
+        {
+            var user = new ClaimsPrincipal();
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim("Test", "Value"));
+            user.AddIdentity(identity);
+
+            var expires = DateTime.Today;
+            var issued = new DateTime(1979, 11, 11);
+            var properties = new Http.Authentication.AuthenticationProperties();
+            properties.IsPersistent = true;
+            properties.RedirectUri = "/redirect";
+            properties.Items["key"] = "value";
+            properties.ExpiresUtc = expires;
+            properties.IssuedUtc = issued;
+
+            var newTicket = new AuthenticationTicket(user, properties, "scheme");
+            var newSerializer = new TicketSerializer();
+
+            var bytes = newSerializer.Serialize(newTicket);
+
+            var interopSerializer = new AspNetTicketSerializer();
+            var interopTicket = interopSerializer.Deserialize(bytes);
+
+            Assert.NotNull(interopTicket);
+            var newIdentity = interopTicket.Identity;
+            Assert.NotNull(newIdentity);
+            Assert.Equal("scheme", newIdentity.AuthenticationType);
+            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
+            Assert.NotNull(interopTicket.Properties);
+            Assert.True(interopTicket.Properties.IsPersistent);
+            Assert.Equal("/redirect", interopTicket.Properties.RedirectUri);
+            Assert.Equal("value", interopTicket.Properties.Dictionary["key"]);
+            Assert.Equal(expires, interopTicket.Properties.ExpiresUtc);
+            Assert.Equal(issued, interopTicket.Properties.IssuedUtc);
+        }
+
+        [Fact]
+        public async Task AspNet5WithInteropCookieContainsIdentity()
+        {
+            var identity = new ClaimsIdentity("Cookies");
+            identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
+
+            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("."));
+
+            var interopServer = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+                app.UseCookieAuthentication(new CookieAuthenticationOptions(), dataProtection);
+                app.Run(context =>
+                {
+                    context.Authentication.SignIn(identity);
+                    return Task.FromResult(0);
+                });
+            });
+
+            var transaction = await SendAsync(interopServer, "http://example.com");
+
+            var newServer = TestHost.TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
+                app.Run(async context => 
+                {
+                    var result = await context.Authentication.AuthenticateAsync("Cookies");
+                    await context.Response.WriteAsync(result.Identity.Name);
+                });
+            }, services => services.AddAuthentication());
+
+            var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
+            request.Headers.Add("Cookie", transaction.SetCookie.Split(new[] { ';' }, 2).First());
+            var response = await newServer.CreateClient().SendAsync(request);
+
+            Assert.Equal("Alice", await response.Content.ReadAsStringAsync());
+        }
+
+        [Fact]
+        public async Task InteropWithNewCookieContainsIdentity()
+        {
+            var user = new ClaimsPrincipal();
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
+            user.AddIdentity(identity);
+
+            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("."));
+
+            var newServer = TestHost.TestServer.Create(app =>
+            {
+                app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
+                app.Run(context => context.Authentication.SignInAsync("Cookies", user));
+            }, services => services.AddAuthentication());
+
+            var cookie = await SendAndGetCookie(newServer, "http://example.com/login");
+
+            var server = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+                app.UseCookieAuthentication(new CookieAuthenticationOptions(), dataProtection);
+                app.Run(async context =>
+                {
+                    var result = await context.Authentication.AuthenticateAsync("Cookies");
+                    Describe(context.Response, result);
+                });
+            });
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookie);
+
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+        }
+
+        private static async Task<string> SendAndGetCookie(TestHost.TestServer server, string uri)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            var response = await server.CreateClient().SendAsync(request);
+            if (response.Headers.Contains("Set-Cookie"))
+            {
+                return response.Headers.GetValues("Set-Cookie").ToList().First();
+            }
+            return null;
+        }
+
+        private static string FindClaimValue(Transaction transaction, string claimType)
+        {
+            XElement claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+            if (claim == null)
+            {
+                return null;
+            }
+            return claim.Attribute("value").Value;
+        }
+
+        private static void Describe(IOwinResponse res, Owin.Security.AuthenticateResult result)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (result != null && result.Identity != null)
+            {
+                xml.Add(result.Identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+            }
+            if (result != null && result.Properties != null)
+            {
+                xml.Add(result.Properties.Dictionary.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null, bool ajaxRequest = false)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+            if (ajaxRequest)
+            {
+                request.Headers.Add("X-Requested-With", "XMLHttpRequest");
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.HttpClient.SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").SingleOrDefault();
+            }
+            if (!string.IsNullOrEmpty(transaction.SetCookie))
+            {
+                transaction.CookieNameValue = transaction.SetCookie.Split(new[] { ';' }, 2).First();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+
+            public string SetCookie { get; set; }
+            public string CookieNameValue { get; set; }
+
+            public string ResponseText { get; set; }
+            public XElement ResponseElement { get; set; }
+        }
+
+    }
+}
+
+
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml b/test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml
new file mode 100644
index 0000000000..67d822bca5
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<key id="38ae71c9-485f-46f6-8b5d-a1da2230875f" version="1">
+  <creationDate>2015-10-21T22:18:44.8335016Z</creationDate>
+  <activationDate>2015-10-21T22:18:44.8335016Z</activationDate>
+  <expirationDate>2016-01-19T22:18:44.8335016Z</expirationDate>
+  <descriptor deserializerType="Microsoft.AspNet.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNet.DataProtection, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null">
+    <descriptor>
+      <encryption algorithm="AES_256_CBC" />
+      <validation algorithm="HMACSHA256" />
+      <masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection">
+        <!-- Warning: the key below is in an unencrypted form. -->
+        <value>7LN6JAKaUxuHQmzldfRpxCuHZtkEoG6Zrvc0LaNXgP0Ful2wYocEwlB7JRdkKAEcmY53W5wqVNSVfcgln+hNVA==</value>
+      </masterKey>
+    </descriptor>
+  </descriptor>
+</key>
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/project.json b/test/Microsoft.Owin.Security.Cookies.Interop.Test/project.json
new file mode 100644
index 0000000000..c206ad20eb
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Cookies.Interop.Test/project.json
@@ -0,0 +1,18 @@
+{
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "Microsoft.Owin.Security.Cookies.Interop": "1.0.0-*",
+    "Microsoft.Owin.Testing": "3.0.1",
+    "xunit.runner.aspnet": "2.0.0-aspnet-*"
+  },
+  "commands": {
+    "test": "xunit.runner.aspnet"
+  },
+  "frameworks": {
+    "dnx451": { }
+  }
+}

From 8f0e08dbce35fc0fa051e0d194fe20d79bb193a3 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 21 Oct 2015 15:21:40 -0700
Subject: [PATCH 380/900] Nuke test key

---
 .../key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml | 16 ----------------
 1 file changed, 16 deletions(-)
 delete mode 100644 test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml

diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml b/test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml
deleted file mode 100644
index 67d822bca5..0000000000
--- a/test/Microsoft.Owin.Security.Cookies.Interop.Test/key-38ae71c9-485f-46f6-8b5d-a1da2230875f.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<key id="38ae71c9-485f-46f6-8b5d-a1da2230875f" version="1">
-  <creationDate>2015-10-21T22:18:44.8335016Z</creationDate>
-  <activationDate>2015-10-21T22:18:44.8335016Z</activationDate>
-  <expirationDate>2016-01-19T22:18:44.8335016Z</expirationDate>
-  <descriptor deserializerType="Microsoft.AspNet.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNet.DataProtection, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null">
-    <descriptor>
-      <encryption algorithm="AES_256_CBC" />
-      <validation algorithm="HMACSHA256" />
-      <masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection">
-        <!-- Warning: the key below is in an unencrypted form. -->
-        <value>7LN6JAKaUxuHQmzldfRpxCuHZtkEoG6Zrvc0LaNXgP0Ful2wYocEwlB7JRdkKAEcmY53W5wqVNSVfcgln+hNVA==</value>
-      </masterKey>
-    </descriptor>
-  </descriptor>
-</key>
\ No newline at end of file

From 7dfac2fd787f081986f7e9865323dcd85a0ef60a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 21 Oct 2015 15:23:39 -0700
Subject: [PATCH 381/900] Add assembly info for new project

---
 .../Properties/AssemblyInfo.cs                            | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs

diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..b2437d9ad6
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs
@@ -0,0 +1,8 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+using System.Resources;
+
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file

From 0eaec216b10981fc4b55b5539cf9768526826043 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 21 Oct 2015 16:45:20 -0700
Subject: [PATCH 382/900] AuthZ API review changes

---
 .../AuthorizationPolicyBuilder.cs               |  1 +
 .../AuthorizationServiceCollectionExtensions.cs |  1 +
 .../DefaultAuthorizationService.cs              |  9 +++++----
 .../ClaimsAuthorizationRequirement.cs           |  2 +-
 .../{ => Infrastructure}/DelegateRequirement.cs |  2 +-
 .../DenyAnonymousAuthorizationRequirement.cs    |  2 +-
 .../NameAuthorizationRequirement.cs             |  2 +-
 .../OperationAuthorizationRequirement.cs        |  2 +-
 .../PassThroughAuthorizationHandler.cs          |  2 +-
 .../RolesAuthorizationRequirement.cs            |  2 +-
 .../AuthorizationPolicyFacts.cs                 |  1 +
 .../DefaultAuthorizationServiceTests.cs         | 17 +++++------------
 12 files changed, 20 insertions(+), 23 deletions(-)
 rename src/Microsoft.AspNet.Authorization/{ => Infrastructure}/ClaimsAuthorizationRequirement.cs (97%)
 rename src/Microsoft.AspNet.Authorization/{ => Infrastructure}/DelegateRequirement.cs (92%)
 rename src/Microsoft.AspNet.Authorization/{ => Infrastructure}/DenyAnonymousAuthorizationRequirement.cs (93%)
 rename src/Microsoft.AspNet.Authorization/{ => Infrastructure}/NameAuthorizationRequirement.cs (95%)
 rename src/Microsoft.AspNet.Authorization/{ => Infrastructure}/OperationAuthorizationRequirement.cs (84%)
 rename src/Microsoft.AspNet.Authorization/{ => Infrastructure}/PassThroughAuthorizationHandler.cs (90%)
 rename src/Microsoft.AspNet.Authorization/{ => Infrastructure}/RolesAuthorizationRequirement.cs (96%)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index aebd49e662..a0378f9c15 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using Microsoft.AspNet.Authorization.Infrastructure;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
index cbf0b922aa..dff8bf6fcd 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authorization;
+using Microsoft.AspNet.Authorization.Infrastructure;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace Microsoft.Extensions.DependencyInjection
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index 2e2702ff6a..40e16107c0 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -37,7 +37,6 @@ namespace Microsoft.AspNet.Authorization
             _logger = logger;
         }
 
-
         public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
         {
             if (requirements == null)
@@ -71,9 +70,11 @@ namespace Microsoft.AspNet.Authorization
             }
 
             var policy = _options.GetPolicy(policyName);
-            return (policy == null)
-                ? Task.FromResult(false)
-                : this.AuthorizeAsync(user, resource, policy);
+            if (policy == null)
+            {
+                throw new InvalidOperationException($"No policy found: {policyName}.");
+            }
+            return this.AuthorizeAsync(user, resource, policy);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
similarity index 97%
rename from src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
index 905e74f39a..82e3ac5b69 100644
--- a/src/Microsoft.AspNet.Authorization/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
@@ -5,7 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authorization.Infrastructure
 {
     // Must contain a claim with the specified name, and at least one of the required values
     // If AllowedValues is null or empty, that means any claim is valid
diff --git a/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs
similarity index 92%
rename from src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
rename to src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs
index ea985d5e91..834060bb64 100644
--- a/src/Microsoft.AspNet.Authorization/DelegateRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authorization.Infrastructure
 {
     public class DelegateRequirement : AuthorizationHandler<DelegateRequirement>, IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
similarity index 93%
rename from src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
index 8dcc9b1eee..1011baef3e 100644
--- a/src/Microsoft.AspNet.Authorization/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
@@ -3,7 +3,7 @@
 
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authorization.Infrastructure
 {
     public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs
similarity index 95%
rename from src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs
index 45820e6a9a..dc9ea9eda2 100644
--- a/src/Microsoft.AspNet.Authorization/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authorization.Infrastructure
 {
     /// <summary>
     /// Requirement that ensures a specific Name
diff --git a/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
similarity index 84%
rename from src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
index 13732d0196..0beaaa2448 100644
--- a/src/Microsoft.AspNet.Authorization/OperationAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authorization.Infrastructure
 {
     public class OperationAuthorizationRequirement : IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
similarity index 90%
rename from src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
rename to src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
index b1d3b84210..1ea353f934 100644
--- a/src/Microsoft.AspNet.Authorization/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
@@ -4,7 +4,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authorization.Infrastructure
 {
     public class PassThroughAuthorizationHandler : IAuthorizationHandler
     {
diff --git a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
similarity index 96%
rename from src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
rename to src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
index fb8647d75e..21b3729de1 100644
--- a/src/Microsoft.AspNet.Authorization/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
@@ -5,7 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNet.Authorization.Infrastructure
 {
     // Must belong to with one of specified roles
     // If AllowedRoles is null or empty, that means any role is valid
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 93aaeb6156..03eccd2a62 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Linq;
 using Microsoft.AspNet.Authorization;
+using Microsoft.AspNet.Authorization.Infrastructure;
 using Xunit;
 
 namespace Microsoft.AspNet.Authroization.Test
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 3b5d68360f..7844f612b9 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authorization.Infrastructure;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
@@ -268,23 +269,15 @@ namespace Microsoft.AspNet.Authorization.Test
         }
 
         [Fact]
-        public async Task Authorize_ShouldNotAllowIfUnknownPolicy()
+        public async Task Authorize_ThrowsWithUnknownPolicy()
         {
             // Arrange
             var authorizationService = BuildAuthorizationService();
-            var user = new ClaimsPrincipal(
-                new ClaimsIdentity(
-                    new Claim[] {
-                        new Claim("Permission", "CanViewComment"),
-                    },
-                    null)
-                );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
-
             // Assert
-            Assert.False(allowed);
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => authorizationService.AuthorizeAsync(new ClaimsPrincipal(), "whatever", "BogusPolicy"));
+            Assert.Equal("No policy found: BogusPolicy.", exception.Message);
         }
 
         [Fact]
@@ -459,7 +452,7 @@ namespace Microsoft.AspNet.Authorization.Test
                 );
 
             // Act
-            var allowed = await authorizationService.AuthorizeAsync(user, "Any");
+            var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
             Assert.False(allowed);

From 5566433686d149b31dcd0369c9663cfd485de863 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 22 Oct 2015 00:33:47 -0700
Subject: [PATCH 383/900] Switching to generations TFMs

---
 .../project.json                              | 36 +++++------
 .../project.json                              | 36 +++++------
 .../project.json                              | 34 +++++------
 .../project.json                              | 34 +++++------
 .../project.json                              | 48 +++++++--------
 .../project.json                              | 46 +++++++--------
 .../project.json                              | 59 ++++++++++---------
 .../project.json                              | 38 ++++++------
 .../project.json                              | 34 +++++------
 9 files changed, 184 insertions(+), 181 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index d767f187aa..95044dbc6f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -1,20 +1,20 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
-    },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.Extensions.WebEncoders": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    }
+  "version": "1.0.0-*",
+  "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.Extensions.WebEncoders": "1.0.0-*",
+    "Newtonsoft.Json": "6.0.6"
+  },
+  "frameworks": {
+    "net451": {},
+    "dotnet5.4": {}
+  }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index e68e580669..d3c1d5edc2 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -1,19 +1,19 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
-    },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    }
-}
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
+    "Newtonsoft.Json": "6.0.6"
+  },
+  "frameworks": {
+    "net451": {},
+    "dotnet5.4": {}
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index 6f59f918f1..5be11d4d1d 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -1,18 +1,18 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
-    },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    }
-}
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
+  },
+  "frameworks": {
+    "net451": {},
+    "dotnet5.4": {}
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index e5fd920b7f..31510c2adb 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -1,18 +1,18 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
-    },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    }
-}
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
+  },
+  "frameworks": {
+    "net451": {},
+    "dotnet5.4": {}
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index 374ed755b5..21d823be1b 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -1,27 +1,27 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Newtonsoft.Json": "6.0.6"
+  },
+  "frameworks": {
+    "net451": {
+      "frameworkAssemblies": {
+        "System.Net.Http": ""
+      }
     },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Newtonsoft.Json": "6.0.6"
-    },
-    "frameworks": {
-        "dnx451": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Net.Http": "4.0.1-beta-*"
-            }
-        }
+    "dotnet5.4": {
+      "dependencies": {
+        "System.Net.Http": "4.0.1-beta-*"
+      }
     }
-}
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index b117d8c4ec..89c79bd64a 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -1,26 +1,26 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication": "1.0.0-*"
+  },
+  "frameworks": {
+    "net451": {
+      "frameworkAssemblies": {
+        "System.Net.Http": ""
+      }
     },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication": "1.0.0-*"
-    },
-    "frameworks": {
-        "dnx451": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Net.Http": "4.0.1-beta-*"
-            }
-        }
+    "dotnet5.4": {
+      "dependencies": {
+        "System.Net.Http": "4.0.1-beta-*"
+      }
     }
-}
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index d82988e82b..5e8501141c 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -1,32 +1,35 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 common types used by the various authentication middleware.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 common types used by the various authentication middleware.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.DataProtection": "1.0.0-*",
+    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
+    "Microsoft.Extensions.SecurityHelper.Sources": {
+      "type": "build",
+      "version": "1.0.0-*"
     },
-    "compilationOptions": {
-        "warningsAsErrors": true
+    "Microsoft.Extensions.OptionsModel": "1.0.0-*",
+    "Microsoft.Extensions.WebEncoders": "1.0.0-*"
+  },
+  "frameworks": {
+    "net451": {
+      "frameworkAssemblies": {
+        "System.Net.Http": ""
+      }
     },
-    "dependencies": {
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Http": "1.0.0-*",
-        "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
-        "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Extensions.SecurityHelper.Sources": { "type": "build", "version": "1.0.0-*" },
-        "Microsoft.Extensions.OptionsModel": "1.0.0-*",
-        "Microsoft.Extensions.WebEncoders": "1.0.0-*"
-    },
-    "frameworks": {
-        "dnx451": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Net.Http": "4.0.1-beta-*"
-            }
-        }
+    "dotnet5.4": {
+      "dependencies": {
+        "System.Net.Http": "4.0.1-beta-*"
+      }
     }
-}
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index a1513125b1..acefedeeb1 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -1,20 +1,20 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 authorization classes.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
-    },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Http.Features": "1.0.0-*",
-        "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
-        "Microsoft.Extensions.OptionsModel": "1.0.0-*"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    }
-}
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 authorization classes.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Http.Features": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
+    "Microsoft.Extensions.OptionsModel": "1.0.0-*"
+  },
+  "frameworks": {
+    "net451": {},
+    "dotnet5.4": {}
+  }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/project.json b/src/Microsoft.AspNet.CookiePolicy/project.json
index 252f0867ec..4b70bf0212 100644
--- a/src/Microsoft.AspNet.CookiePolicy/project.json
+++ b/src/Microsoft.AspNet.CookiePolicy/project.json
@@ -1,18 +1,18 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 cookie policy classes.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
-    },
-    "compilationOptions": {
-        "warningsAsErrors": true
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Http": "1.0.0-*"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    }
-}
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 cookie policy classes.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Http": "1.0.0-*"
+  },
+  "frameworks": {
+    "net451": {},
+    "dotnet5.4": {}
+  }
+}
\ No newline at end of file

From 35b724873402849b73ab28e919f5994365195126 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 22 Oct 2015 14:54:51 -0700
Subject: [PATCH 384/900] #455 Remove RedirectUri from OIDC, use CallbackPath.

---
 samples/OpenIdConnectSample/Startup.cs        |  1 -
 .../OpenIdConnectHandler.cs                   | 19 ++++---------------
 .../OpenIdConnectMiddleware.cs                | 10 ----------
 .../OpenIdConnectOptions.cs                   |  6 ------
 .../OpenIdConnectMiddlewareTests.cs           |  4 +---
 5 files changed, 5 insertions(+), 35 deletions(-)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 9d14dd0b53..73fe2b8b49 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -33,7 +33,6 @@ namespace OpenIdConnectSample
                 options.ClientId = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
                 options.ClientSecret = "Yse2iP7tO1Azq0iDajNisMaTSnIDv+FXmAsFuXr+Cy8="; // for code flow
                 options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
-                options.RedirectUri = "http://localhost:42023/signin-oidc";
                 options.ResponseType = OpenIdConnectResponseTypes.Code;
                 options.GetClaimsFromUserInfoEndpoint = true;
             });
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 8cc9c16070..81b42227a6 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -192,7 +192,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 ClientId = Options.ClientId,
                 IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty,
-                RedirectUri = Options.RedirectUri,
+                RedirectUri = BuildRedirectUri(Options.CallbackPath),
                 Resource = Options.Resource,
                 ResponseType = Options.ResponseType,
                 Scope = string.Join(" ", Options.Scope)
@@ -239,18 +239,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 properties.Items[OpenIdConnectDefaults.UserstatePropertiesKey] = message.State;
             }
 
-            var redirectUriForCode = message.RedirectUri;
-            if (string.IsNullOrEmpty(redirectUriForCode))
-            {
-                Logger.LogDebug(8, "Using Options.RedirectUri for 'redirect_uri': '{0}'.", Options.RedirectUri);
-                redirectUriForCode = Options.RedirectUri;
-            }
-
-            if (!string.IsNullOrEmpty(redirectUriForCode))
-            {
-                // When redeeming a 'code' for an AccessToken, this value is needed
-                properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, redirectUriForCode);
-            }
+            // When redeeming a 'code' for an AccessToken, this value is needed
+            properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, message.RedirectUri);
 
             message.State = Options.StateDataFormat.Protect(properties);
 
@@ -957,8 +947,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
         {
-            var redirectUri = properties.Items.ContainsKey(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey) ?
-                properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey] : Options.RedirectUri;
+            var redirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey];
 
             Logger.LogDebug(32, "AuthorizationCode received: '{0}'", message.Code);
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index c0ecff39a8..c332befc93 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -121,16 +121,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
             }
 
-            // if the user has not set the AuthorizeCallback, set it from the redirect_uri
-            if (!Options.CallbackPath.HasValue)
-            {
-                Uri redirectUri;
-                if (!string.IsNullOrEmpty(Options.RedirectUri) && Uri.TryCreate(Options.RedirectUri, UriKind.Absolute, out redirectUri))
-                {
-                    // Redirect_Uri must be a very specific, case sensitive value, so we can't generate it. Instead we generate AuthorizeCallback from it.
-                    Options.CallbackPath = PathString.FromUriComponent(redirectUri);
-                }
-            }
 
             if (Options.Events == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index b310ac4c2f..ca66eef02d 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -125,12 +125,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "This is the term used in the spec.")]
         public string PostLogoutRedirectUri { get; set; }
 
-        /// <summary>
-        /// Gets or sets the 'redirect_uri'.
-        /// </summary>
-        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By Design")]
-        public string RedirectUri { get; set; }
-
         /// <summary>
         /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
         /// recovery in the event of a signature key rollover. This is enabled by default.
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 4d7e42cb1e..d5794003d1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -215,6 +215,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     OnRedirectToAuthenticationEndpoint = context =>
                     {
                         context.ProtocolMessage.State = userState;
+                        context.ProtocolMessage.RedirectUri = queryValues.RedirectUri;
                         return Task.FromResult<object>(null);
                     }
 
@@ -285,8 +286,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 if (param.Equals(OpenIdConnectParameterNames.ClientId))
                     options.ClientId = queryValues.ClientId;
-                else if (param.Equals(OpenIdConnectParameterNames.RedirectUri))
-                    options.RedirectUri = queryValues.RedirectUri;
                 else if (param.Equals(OpenIdConnectParameterNames.Resource))
                     options.Resource = queryValues.Resource;
                 else if (param.Equals(OpenIdConnectParameterNames.Scope)) {
@@ -309,7 +308,6 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 new List<string>
                 {
                     OpenIdConnectParameterNames.ClientId,
-                    OpenIdConnectParameterNames.RedirectUri,
                     OpenIdConnectParameterNames.Resource,
                     OpenIdConnectParameterNames.ResponseMode,
                     OpenIdConnectParameterNames.Scope,

From 1d2c6ba1223748df02a879622e8deb6ac23db5b7 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 23 Oct 2015 14:39:42 -0700
Subject: [PATCH 385/900] Cookies no longer redirects for AJAX requests

---
 .../Events/CookieAuthenticationEvents.cs      | 76 +++++++++++++++--
 .../Cookies/CookieMiddlewareTests.cs          | 82 +++++++++++++++++--
 .../TicketInteropTests.cs                     |  6 +-
 3 files changed, 146 insertions(+), 18 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 43ad5b0e70..615eb2b0c7 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -36,12 +37,75 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirect { get; set; } = context =>
+        public Func<CookieRedirectContext, Task> OnRedirectToLogin { get; set; } = context =>
         {
-            context.Response.Redirect(context.RedirectUri);
+            if (IsAjaxRequest(context.Request))
+            {
+                context.Response.Headers["Location"] = context.RedirectUri;
+                context.Response.StatusCode = 401;
+            }
+            else
+            {
+                context.Response.Redirect(context.RedirectUri);
+            }
             return Task.FromResult(0);
         };
 
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called.
+        /// </summary>
+        public Func<CookieRedirectContext, Task> OnRedirectToAccessDenied { get; set; } = context =>
+        {
+            if (IsAjaxRequest(context.Request))
+            {
+                context.Response.Headers["Location"] = context.RedirectUri;
+                context.Response.StatusCode = 403;
+            }
+            else
+            {
+                context.Response.Redirect(context.RedirectUri);
+            }
+            return Task.FromResult(0);
+        };
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called.
+        /// </summary>
+        public Func<CookieRedirectContext, Task> OnRedirectToLogout { get; set; } = context =>
+        {
+            if (IsAjaxRequest(context.Request))
+            {
+                context.Response.Headers["Location"] = context.RedirectUri;
+            }
+            else
+            {
+                context.Response.Redirect(context.RedirectUri);
+            }
+            return Task.FromResult(0);
+        };
+
+        /// <summary>
+        /// A delegate assigned to this property will be invoked when the related method is called.
+        /// </summary>
+        public Func<CookieRedirectContext, Task> OnRedirectToReturnUrl { get; set; } = context =>
+        {
+            if (IsAjaxRequest(context.Request))
+            {
+                context.Response.Headers["Location"] = context.RedirectUri;
+            }
+            else
+            {
+                context.Response.Redirect(context.RedirectUri);
+            }
+            return Task.FromResult(0);
+        };
+
+        private static bool IsAjaxRequest(HttpRequest request)
+        {
+            return request.Query["X-Requested-With"] == "XMLHttpRequest" ||
+                request.Headers["X-Requested-With"] == "XMLHttpRequest";
+        }		
+
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
@@ -71,24 +135,24 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToLogout(CookieRedirectContext context) => OnRedirect(context);
+        public virtual Task RedirectToLogout(CookieRedirectContext context) => OnRedirectToLogout(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToLogin(CookieRedirectContext context) => OnRedirect(context);
+        public virtual Task RedirectToLogin(CookieRedirectContext context) => OnRedirectToLogin(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToReturnUrl(CookieRedirectContext context) => OnRedirect(context);
+        public virtual Task RedirectToReturnUrl(CookieRedirectContext context) => OnRedirectToReturnUrl(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToAccessDenied(CookieRedirectContext context) => OnRedirect(context);
+        public virtual Task RedirectToAccessDenied(CookieRedirectContext context) => OnRedirectToAccessDenied(context);
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 3f40b1cebb..646375b880 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -33,6 +33,67 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
         }
 
+        [Fact]
+        public async Task AjaxLoginRedirectToReturnUrlTurnsInto200WithLocationHeader()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticChallenge = true;
+                options.LoginPath = "/login";
+            });
+
+            var transaction = await SendAsync(server, "http://example.com/protected?X-Requested-With=XMLHttpRequest");
+            Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
+            var responded = transaction.Response.Headers.GetValues("Location");
+            Assert.Equal(1, responded.Count());
+            Assert.True(responded.Single().StartsWith("http://example.com/login"));
+        }
+
+        [Fact]
+        public async Task AjaxForbidTurnsInto403WithLocationHeader()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AccessDeniedPath = "/denied";
+            });
+
+            var transaction = await SendAsync(server, "http://example.com/forbid?X-Requested-With=XMLHttpRequest");
+            Assert.Equal(HttpStatusCode.Forbidden, transaction.Response.StatusCode);
+            var responded = transaction.Response.Headers.GetValues("Location");
+            Assert.Equal(1, responded.Count());
+            Assert.True(responded.Single().StartsWith("http://example.com/denied"));
+        }
+
+        [Fact]
+        public async Task AjaxLogoutRedirectToReturnUrlTurnsInto200WithLocationHeader()
+        {
+            var server = CreateServer(options =>
+            {
+                options.LogoutPath = "/signout";
+            });
+
+            var transaction = await SendAsync(server, "http://example.com/signout?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            var responded = transaction.Response.Headers.GetValues("Location");
+            Assert.Equal(1, responded.Count());
+            Assert.True(responded.Single().StartsWith("/"));
+        }
+
+        [Fact]
+        public async Task AjaxChallengeRedirectTurnsInto200WithLocationHeader()
+        {
+            var server = CreateServer(options =>
+            {
+            });
+
+            var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
+            Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
+            var responded = transaction.Response.Headers.GetValues("Location");
+            Assert.Equal(1, responded.Count());
+            Assert.True(responded.Single().StartsWith("http://example.com/Account/Login"));
+        }
+
+
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
@@ -225,9 +286,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var server = CreateServer(options =>
             {
                 options.SystemClock = clock;
-            }, 
-            SignInAsAlice, 
-            baseAddress: null, 
+            },
+            SignInAsAlice,
+            baseAddress: null,
             claimsTransform: o => o.Transformer = new ClaimsTransformer
             {
                 OnTransform = p =>
@@ -401,7 +462,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
-            
+
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.NotNull(transaction2.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
@@ -554,7 +615,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             context =>
             {
                 Assert.Equal(new PathString("/base"), context.Request.PathBase);
-                return context.Authentication.SignInAsync("Cookies", 
+                return context.Authentication.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
             },
             new Uri("http://example.com/base"));
@@ -573,7 +634,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             {
                 options.AutomaticAuthenticate = automatic;
                 options.SystemClock = clock;
-            }, 
+            },
             SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -708,7 +769,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var server = TestServer.Create(app =>
             {
                 app.UseCookieAuthentication();
-                app.Run(async context => {
+                app.Run(async context =>
+                {
                     await Assert.ThrowsAsync<InvalidOperationException>(() => context.Authentication.ChallengeAsync());
                 });
             }, services => services.AddAuthentication());
@@ -739,7 +801,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var server = TestServer.Create(app =>
             {
                 app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
-                app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies", 
+                app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
                     new ClaimsPrincipal())));
             },
                 services => services.AddAuthentication());
@@ -970,6 +1032,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     {
                         await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     }
+                    else if (req.Path == new PathString("/signout"))
+                    {
+                        await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    }
                     else if (req.Path == new PathString("/unauthorized"))
                     {
                         await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
index 63ab2d36cd..725c5b1f2f 100644
--- a/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
@@ -106,8 +106,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             var identity = new ClaimsIdentity("Cookies");
             identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
 
-            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("."));
-
+            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
             var interopServer = TestServer.Create(app =>
             {
                 app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
@@ -146,8 +145,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
             user.AddIdentity(identity);
 
-            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("."));
-
+            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
             var newServer = TestHost.TestServer.Create(app =>
             {
                 app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);

From 204ab0b860d0c97f77373310becdff5f1c95103b Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 23 Oct 2015 14:56:17 -0700
Subject: [PATCH 386/900] Fix build break

---
 .../Events/CookieAuthenticationEvents.cs                      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 615eb2b0c7..e78db2a87d 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -102,8 +102,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private static bool IsAjaxRequest(HttpRequest request)
         {
-            return request.Query["X-Requested-With"] == "XMLHttpRequest" ||
-                request.Headers["X-Requested-With"] == "XMLHttpRequest";
+            return string.Equals(request.Query["X-Requested-With"], "XMLHttpRequest", StringComparison.Ordinal) ||
+                string.Equals(request.Headers["X-Requested-With"], "XMLHttpRequest", StringComparison.Ordinal);
         }		
 
         /// <summary>

From 9c9cf3d31403cbe9c31660153105001af3bc4013 Mon Sep 17 00:00:00 2001
From: Ryan Nowak <nowakra@gmail.com>
Date: Fri, 23 Oct 2015 14:57:33 -0700
Subject: [PATCH 387/900] React to break change in StringValues

---
 .../ChunkingCookieManager.cs                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
index dbd94f844d..6cda19b466 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
@@ -87,7 +87,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
                 {
                     var chunk = requestCookies[key + "C" + chunkId.ToString(CultureInfo.InvariantCulture)];
-                    if (chunk == null)
+                    if (chunk.Count == 0)
                     {
                         if (ThrowForPartialCookies)
                         {

From 57a64298c05044802ae2db3e93bae270840ba149 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 29 Sep 2015 16:33:48 -0700
Subject: [PATCH 388/900] #485 OIDC RequireHttpsMetadata

---
 .../JwtBearerMiddleware.cs                                | 8 +++++++-
 .../JwtBearerOptions.cs                                   | 6 ++++++
 .../OpenIdConnectMiddleware.cs                            | 8 +++++++-
 .../OpenIdConnectOptions.cs                               | 6 ++++++
 4 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index 2a97054797..54d225c3e3 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -79,11 +79,17 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         Options.MetadataAddress += ".well-known/openid-configuration";
                     }
 
+                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+                    {
+                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+                    }
+
                     var httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
                     httpClient.Timeout = Options.BackchannelTimeout;
                     httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
 
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(), httpClient);
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+                        new HttpDocumentRetriever(httpClient) { RequireHttps = Options.RequireHttpsMetadata });
                 }
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
index bd1f9ded6e..1ab2a8b131 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -25,6 +25,12 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
         }
 
+        /// <summary>
+        /// Gets or sets if HTTPS is required for the metadata address or authority.
+        /// The default is true. This should be disabled only in development environments.
+        /// </summary>
+        public bool RequireHttpsMetadata { get; set; } = true;
+
         /// <summary>
         /// Gets or sets the discovery endpoint for obtaining metadata
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index c332befc93..691c861949 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -156,7 +156,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                         Options.MetadataAddress += ".well-known/openid-configuration";
                     }
 
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(), Backchannel);
+                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+                    {
+                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+                    }
+
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+                        new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata });
                 }
             }
         }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index ca66eef02d..a139f96515 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -92,6 +92,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// </summary>
         public bool GetClaimsFromUserInfoEndpoint { get; set; }
 
+        /// <summary>
+        /// Gets or sets if HTTPS is required for the metadata address or authority.
+        /// The default is true. This should be disabled only in development environments.
+        /// </summary>
+        public bool RequireHttpsMetadata { get; set; } = true;
+
         /// <summary>
         /// Gets or sets the discovery endpoint for obtaining metadata
         /// </summary>

From 53a6771fa4c70a389e9ffec67a3163af08028f60 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 28 Oct 2015 12:43:08 -0700
Subject: [PATCH 389/900] Updating to release NuGet.config.

---
 NuGet.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index a6026c9cf9..0346645407 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcirelease/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
     <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly/api/v3/index.json" />
   </packageSources>

From 1db7574ad6d25727f71d39338534879358018cac Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 29 Oct 2015 14:49:20 -0700
Subject: [PATCH 390/900] Update to release NuGet.config for AzureAd.

---
 NuGet.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.config b/NuGet.config
index 0346645407..da0f6aea62 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -3,6 +3,6 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcirelease/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
-    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly/api/v3/index.json" />
+    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstackrelease/api/v3/index.json" />
   </packageSources>
 </configuration>

From 1a59b385a012ac0873fb599fbe6c648b10088fd5 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 30 Oct 2015 11:39:39 -0700
Subject: [PATCH 391/900] React to WebEncoders changes.

---
 samples/SocialSample/Startup.cs               |  6 +--
 .../ChunkingCookieManager.cs                  | 12 +++---
 .../CookieAuthenticationMiddleware.cs         |  4 +-
 .../FacebookMiddleware.cs                     |  4 +-
 .../GoogleMiddleware.cs                       |  4 +-
 .../JwtBearerMiddleware.cs                    |  4 +-
 .../MicrosoftAccountMiddleware.cs             |  4 +-
 .../OAuthMiddleware.cs                        |  4 +-
 .../OpenIdConnectHandler.cs                   | 18 ++++-----
 .../OpenIdConnectMiddleware.cs                |  8 ++--
 .../TwitterHandler.cs                         | 20 +++++-----
 .../TwitterMiddleware.cs                      |  4 +-
 .../AuthenticationHandler.cs                  |  6 +--
 .../AuthenticationMiddleware.cs               |  6 +--
 .../AuthenticationHandlerFacts.cs             |  7 ++--
 .../Facebook/FacebookMiddlewareTests.cs       | 15 ++++----
 .../Google/GoogleMiddlewareTests.cs           | 38 +++++++++----------
 .../MicrosoftAccountMiddlewareTests.cs        |  4 +-
 ...uthenticationPropertiesFormaterKeyValue.cs |  4 +-
 .../OpenIdConnect/ExpectedQueryValues.cs      | 14 +++----
 .../OpenIdConnectHandlerTests.cs              |  8 ++--
 ...ConnectMiddlewareForTestingAuthenticate.cs |  6 +--
 .../OpenIdConnectMiddlewareTests.cs           |  6 +--
 23 files changed, 103 insertions(+), 103 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index d9db3b1a3d..0b76698aaa 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -2,6 +2,7 @@ using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.Google;
@@ -13,7 +14,6 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json.Linq;
 
 namespace CookieSample
@@ -66,7 +66,7 @@ namespace CookieSample
                     OnRemoteError = ctx =>
 
                     {
-                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
@@ -83,7 +83,7 @@ namespace CookieSample
                 {
                     OnRemoteError = ctx =>
                     {
-                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
index 6cda19b466..7560cd1456 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
@@ -5,9 +5,9 @@ using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Primitives;
-using Microsoft.Extensions.WebEncoders;
 using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNet.Authentication.Cookies
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     /// </summary>
     public class ChunkingCookieManager : ICookieManager
     {
-        public ChunkingCookieManager(IUrlEncoder urlEncoder)
+        public ChunkingCookieManager(UrlEncoder urlEncoder)
         {
             // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
             // See http://browsercookielimits.x64.me/.
@@ -41,7 +41,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// </summary>
         public bool ThrowForPartialCookies { get; set; }
 
-        private IUrlEncoder Encoder { get; set; }
+        private UrlEncoder Encoder { get; set; }
 
         // Parse the "chunks:XX" to determine how many chunks there should be.
         private static int ParseChunksCount(string value)
@@ -149,7 +149,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 throw new ArgumentNullException(nameof(options));
             }
 
-            var escapedKey = Encoder.UrlEncode(key);
+            var escapedKey = Encoder.Encode(key);
 
             var template = new SetCookieHeaderValue(escapedKey)
             {
@@ -169,7 +169,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 quoted = true;
                 value = RemoveQuotes(value);
             }
-            var escapedValue = Encoder.UrlEncode(value);
+            var escapedValue = Encoder.Encode(value);
 
             // Normal cookie
             var responseHeaders = context.Response.Headers;
@@ -239,7 +239,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 throw new ArgumentNullException(nameof(options));
             }
 
-            var escapedKey = Encoder.UrlEncode(key);
+            var escapedKey = Encoder.Encode(key);
             var keys = new List<string>();
             keys.Add(escapedKey + "=");
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index aca234da08..1f2572ffea 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -15,7 +15,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder urlEncoder,
+            UrlEncoder urlEncoder,
             CookieAuthenticationOptions options)
             : base(next, options, loggerFactory, urlEncoder)
         {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index 8976b93fe0..711d3e5630 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -3,12 +3,12 @@
 
 using System;
 using System.Globalization;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
@@ -31,7 +31,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             FacebookOptions options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index fe398c5f6e..e32e0c8f55 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -3,12 +3,12 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
@@ -32,7 +32,7 @@ namespace Microsoft.AspNet.Authentication.Google
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             GoogleOptions options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index 54d225c3e3..da6d21c1c8 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -3,9 +3,9 @@
 
 using System;
 using System.Net.Http;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Builder;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         public JwtBearerMiddleware(
             RequestDelegate next,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             JwtBearerOptions options)
             : base(next, options, loggerFactory, encoder)
         {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index f93b0feca8..a20d08d5f1 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -2,12 +2,12 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             MicrosoftAccountOptions options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index 1b318a90a7..127eba20cb 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -5,11 +5,11 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             TOptions options)
             : base(next, options, loggerFactory, encoder)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 81b42227a6..b0472703a8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -12,12 +12,12 @@ using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
@@ -53,9 +53,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         protected HttpClient Backchannel { get; private set; }
 
-        protected IHtmlEncoder HtmlEncoder { get; private set; }
+        protected HtmlEncoder HtmlEncoder { get; private set; }
 
-        public OpenIdConnectHandler(HttpClient backchannel, IHtmlEncoder htmlEncoder)
+        public OpenIdConnectHandler(HttpClient backchannel, HtmlEncoder htmlEncoder)
         {
             Backchannel = backchannel;
             HtmlEncoder = htmlEncoder;
@@ -133,14 +133,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     var inputs = new StringBuilder();
                     foreach (var parameter in message.Parameters)
                     {
-                        var name = HtmlEncoder.HtmlEncode(parameter.Key);
-                        var value = HtmlEncoder.HtmlEncode(parameter.Value);
+                        var name = HtmlEncoder.Encode(parameter.Key);
+                        var value = HtmlEncoder.Encode(parameter.Value);
 
                         var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
                         inputs.AppendLine(input);
                     }
 
-                    var issuer = HtmlEncoder.HtmlEncode(message.IssuerAddress);
+                    var issuer = HtmlEncoder.Encode(message.IssuerAddress);
 
                     var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
                     var buffer = Encoding.UTF8.GetBytes(content);
@@ -260,14 +260,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var inputs = new StringBuilder();
                 foreach (var parameter in message.Parameters)
                 {
-                    var name = HtmlEncoder.HtmlEncode(parameter.Key);
-                    var value = HtmlEncoder.HtmlEncode(parameter.Value);
+                    var name = HtmlEncoder.Encode(parameter.Key);
+                    var value = HtmlEncoder.Encode(parameter.Value);
 
                     var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
                     inputs.AppendLine(input);
                 }
 
-                var issuer = HtmlEncoder.HtmlEncode(message.IssuerAddress);
+                var issuer = HtmlEncoder.Encode(message.IssuerAddress);
 
                 var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
                 var buffer = Encoding.UTF8.GetBytes(content);
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 691c861949..4ce09644ea 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -5,12 +5,12 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Text;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
-using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -36,11 +36,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             OpenIdConnectOptions options,
-            IHtmlEncoder htmlEncoder)
+            HtmlEncoder htmlEncoder)
             : base(next, options, loggerFactory, encoder)
         {
             if (next == null)
@@ -169,7 +169,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         protected HttpClient Backchannel { get; private set; }
 
-        protected IHtmlEncoder HtmlEncoder { get; private set; }
+        protected HtmlEncoder HtmlEncoder { get; private set; }
 
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index da92af5485..61709aafdc 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -164,7 +164,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var parameterBuilder = new StringBuilder();
             foreach (var authorizationKey in authorizationParts)
             {
-                parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.UrlEncode(authorizationKey.Key), UrlEncoder.UrlEncode(authorizationKey.Value));
+                parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.Encode(authorizationKey.Key), UrlEncoder.Encode(authorizationKey.Value));
             }
             parameterBuilder.Length--;
             var parameterString = parameterBuilder.ToString();
@@ -172,9 +172,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var canonicalizedRequestBuilder = new StringBuilder();
             canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(RequestTokenEndpoint));
+            canonicalizedRequestBuilder.Append(UrlEncoder.Encode(RequestTokenEndpoint));
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(parameterString));
+            canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
 
             var signature = ComputeSignature(consumerSecret, null, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
@@ -184,7 +184,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             foreach (var authorizationPart in authorizationParts)
             {
                 authorizationHeaderBuilder.AppendFormat(
-                    "{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.UrlEncode(authorizationPart.Value));
+                    "{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.Encode(authorizationPart.Value));
             }
             authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
 
@@ -226,7 +226,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var parameterBuilder = new StringBuilder();
             foreach (var authorizationKey in authorizationParts)
             {
-                parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.UrlEncode(authorizationKey.Key), UrlEncoder.UrlEncode(authorizationKey.Value));
+                parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.Encode(authorizationKey.Key), UrlEncoder.Encode(authorizationKey.Value));
             }
             parameterBuilder.Length--;
             var parameterString = parameterBuilder.ToString();
@@ -234,9 +234,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var canonicalizedRequestBuilder = new StringBuilder();
             canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(AccessTokenEndpoint));
+            canonicalizedRequestBuilder.Append(UrlEncoder.Encode(AccessTokenEndpoint));
             canonicalizedRequestBuilder.Append("&");
-            canonicalizedRequestBuilder.Append(UrlEncoder.UrlEncode(parameterString));
+            canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
 
             var signature = ComputeSignature(consumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
@@ -247,7 +247,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             foreach (var authorizationPart in authorizationParts)
             {
                 authorizationHeaderBuilder.AppendFormat(
-                    "{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.UrlEncode(authorizationPart.Value));
+                    "{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.Encode(authorizationPart.Value));
             }
             authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
 
@@ -294,8 +294,8 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 algorithm.Key = Encoding.ASCII.GetBytes(
                     string.Format(CultureInfo.InvariantCulture,
                         "{0}&{1}",
-                        UrlEncoder.UrlEncode(consumerSecret),
-                        string.IsNullOrEmpty(tokenSecret) ? string.Empty : UrlEncoder.UrlEncode(tokenSecret)));
+                        UrlEncoder.Encode(consumerSecret),
+                        string.IsNullOrEmpty(tokenSecret) ? string.Empty : UrlEncoder.Encode(tokenSecret)));
                 var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(signatureData));
                 return Convert.ToBase64String(hash);
             }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index 2eeb010c53..bcfbe00149 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -5,11 +5,11 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
@@ -35,7 +35,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             TwitterOptions options)
             : base(next, options, loggerFactory, encoder)
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index dcdf0badf7..7c4102cf39 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -2,13 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -43,7 +43,7 @@ namespace Microsoft.AspNet.Authentication
 
         protected ILogger Logger { get; private set; }
 
-        protected IUrlEncoder UrlEncoder { get; private set; }
+        protected UrlEncoder UrlEncoder { get; private set; }
 
         public IAuthenticationHandler PriorHandler { get; set; }
 
@@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Authentication
         /// <param name="context">The utility object to observe the current request and response</param>
         /// <param name="logger">The logging factory used to create loggers</param>
         /// <returns>async completion</returns>
-        public async Task InitializeAsync(TOptions options, HttpContext context, ILogger logger, IUrlEncoder encoder)
+        public async Task InitializeAsync(TOptions options, HttpContext context, ILogger logger, UrlEncoder encoder)
         {
             if (options == null)
             {
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index 0f26048bbc..ce668e5c2d 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -18,7 +18,7 @@ namespace Microsoft.AspNet.Authentication
             RequestDelegate next,
             TOptions options,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder)
+            UrlEncoder encoder)
         {
             if (next == null)
             {
@@ -59,7 +59,7 @@ namespace Microsoft.AspNet.Authentication
 
         public ILogger Logger { get; set; }
 
-        public IUrlEncoder UrlEncoder { get; set; }
+        public UrlEncoder UrlEncoder { get; set; }
 
         public async Task Invoke(HttpContext context)
         {
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index 765065045a..073d6f1e4b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -4,6 +4,7 @@
 using System;
 using System.IO;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
@@ -90,7 +91,7 @@ namespace Microsoft.AspNet.Authentication
                 await handler.InitializeAsync(
                     new CountOptions(), context,
                     new LoggerFactory().CreateLogger("CountHandler"),
-                    Extensions.WebEncoders.UrlEncoder.Default);
+                    UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 handler.Options.AutomaticAuthenticate = true;
                 return handler;
@@ -116,7 +117,7 @@ namespace Microsoft.AspNet.Authentication
                 await handler.InitializeAsync(
                     new TestOptions(), context,
                     new LoggerFactory().CreateLogger("TestHandler"),
-                    Extensions.WebEncoders.UrlEncoder.Default);
+                    UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 return handler;
             }
@@ -149,7 +150,7 @@ namespace Microsoft.AspNet.Authentication
                 await handler.InitializeAsync(
                     new TestAutoOptions(), context,
                     new LoggerFactory().CreateLogger("TestAutoHandler"),
-                    Extensions.WebEncoders.UrlEncoder.Default);
+                    UrlEncoder.Default);
                 handler.Options.AuthenticationScheme = scheme;
                 handler.Options.AutomaticAuthenticate = auto;
                 return handler;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index ae212e9c2a..21ace654ee 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -2,12 +2,14 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
-using System.Collections.Generic;
 using System.Text;
-using System.Linq;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
@@ -15,11 +17,8 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json;
 using Xunit;
-using System.Diagnostics;
-using Microsoft.AspNet.Authentication.Cookies;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
@@ -90,7 +89,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
-            Assert.Contains("redirect_uri=" + UrlEncoder.Default.UrlEncode("http://example.com/base/signin-facebook"), location);
+            Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
             Assert.Contains("scope=", location);
             Assert.Contains("state=", location);
         }
@@ -117,7 +116,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
-            Assert.Contains("redirect_uri="+ UrlEncoder.Default.UrlEncode("http://example.com/signin-facebook"), location);
+            Assert.Contains("redirect_uri="+ UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
             Assert.Contains("scope=", location);
             Assert.Contains("state=", location);
         }
@@ -216,7 +215,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
-                "https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 591e00cbd4..beda30bbdf 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -7,6 +7,7 @@ using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
@@ -16,7 +17,6 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -137,7 +137,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            Assert.Contains("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"), query);
+            Assert.Contains("&scope=" + UrlEncoder.Default.Encode("openid profile email"), query);
         }
 
         [Fact]
@@ -152,7 +152,7 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync("https://example.com/401");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            Assert.Contains("&scope=" + UrlEncoder.Default.UrlEncode("openid profile email"), query);
+            Assert.Contains("&scope=" + UrlEncoder.Default.Encode("openid profile email"), query);
         }
 
         [Fact]
@@ -185,10 +185,10 @@ namespace Microsoft.AspNet.Authentication.Google
             var transaction = await server.SendAsync("https://example.com/challenge2");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
-            Assert.Contains("scope=" + UrlEncoder.Default.UrlEncode("https://www.googleapis.com/auth/plus.login"), query);
+            Assert.Contains("scope=" + UrlEncoder.Default.Encode("https://www.googleapis.com/auth/plus.login"), query);
             Assert.Contains("access_type=offline", query);
             Assert.Contains("approval_prompt=force", query);
-            Assert.Contains("login_hint=" + UrlEncoder.Default.UrlEncode("test@example.com"), query);
+            Assert.Contains("login_hint=" + UrlEncoder.Default.Encode("test@example.com"), query);
         }
 
         [Fact]
@@ -263,7 +263,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         OnRemoteError = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -341,7 +341,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
-                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
@@ -388,7 +388,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         OnRemoteError = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -404,16 +404,16 @@ namespace Microsoft.AspNet.Authentication.Google
             var state = stateFormat.Protect(properties);
 
             await Assert.ThrowsAsync<HttpRequestException>(() => server.SendAsync(
-                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue));
 
             //var transaction = await server.SendAsync(
-            //    "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+            //    "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
             //    correlationKey + "=" + correlationValue);
             //if (redirect)
             //{
             //    Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            //    Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode("Access token was not found."),
+            //    Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("Access token was not found."),
             //        transaction.Response.Headers.GetValues("Location").First());
             //}
             //else
@@ -446,7 +446,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     {
                         OnRemoteError = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -460,12 +460,12 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
-                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
             if (redirect)
             {
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode("Access token was not found."),
+                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("Access token was not found."),
                     transaction.Response.Headers.GetValues("Location").First());
             }
             else
@@ -540,7 +540,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
-                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
@@ -618,7 +618,7 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.Items.Add(correlationKey, correlationValue);
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
-                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/", transaction.Response.Headers.GetValues("Location").First());
@@ -704,7 +704,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
             //Post a message to the Google middleware
             var transaction = await server.SendAsync(
-                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -740,7 +740,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     OnRemoteError = ctx =>
                     {
-                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode(ctx.Error.Message));
+                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
@@ -752,7 +752,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 "https://example.com/signin-google?code=TestCode");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.UrlEncode("The oauth state was missing or invalid."),
+            Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("The oauth state was missing or invalid."),
                 transaction.Response.Headers.GetValues("Location").First());
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 2768a18c36..650c86465e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -6,6 +6,7 @@ using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
@@ -15,7 +16,6 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.WebEncoders;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -161,7 +161,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
-                "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
+                "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
index 74b36d9cbe..66cc84621b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
@@ -3,8 +3,8 @@
 
 using System;
 using System.Text;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var sb = new StringBuilder();
             foreach(var item in data.Items)
             {
-                sb.Append(encoder.UrlEncode(item.Key) + " " + encoder.UrlEncode(item.Value) + " ");
+                sb.Append(encoder.Encode(item.Key) + " " + encoder.Encode(item.Value) + " ");
             }
 
             return sb.ToString();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
index aae31676d1..d1f65aed2a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
@@ -5,7 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Text;
-using Microsoft.Extensions.WebEncoders;
+using System.Text.Encodings.Web;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
@@ -144,32 +144,32 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         public string ExpectedClientId
         {
-            get { return OpenIdConnectParameterNames.ClientId + "=" + Encoder.UrlEncode(ClientId); }
+            get { return OpenIdConnectParameterNames.ClientId + "=" + Encoder.Encode(ClientId); }
         }
 
         public string ExpectedRedirectUri
         {
-            get { return OpenIdConnectParameterNames.RedirectUri + "=" + Encoder.UrlEncode(RedirectUri); }
+            get { return OpenIdConnectParameterNames.RedirectUri + "=" + Encoder.Encode(RedirectUri); }
         }
 
         public string ExpectedResource
         {
-            get { return OpenIdConnectParameterNames.Resource + "=" + Encoder.UrlEncode(Resource); }
+            get { return OpenIdConnectParameterNames.Resource + "=" + Encoder.Encode(Resource); }
         }
 
         public string ExpectedResponseMode
         {
-            get { return OpenIdConnectParameterNames.ResponseMode + "=" + Encoder.UrlEncode(ResponseMode); }
+            get { return OpenIdConnectParameterNames.ResponseMode + "=" + Encoder.Encode(ResponseMode); }
         }
 
         public string ExpectedScope
         {
-            get { return OpenIdConnectParameterNames.Scope + "=" + Encoder.UrlEncode(Scope); }
+            get { return OpenIdConnectParameterNames.Scope + "=" + Encoder.Encode(Scope); }
         }
 
         public string ExpectedState
         {
-            get { return Encoder.UrlEncode(State); }
+            get { return Encoder.Encode(State); }
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index b7d9608744..3c48657d1c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -8,13 +8,13 @@ using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Net.Http;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
@@ -48,7 +48,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 // expected user state is added to the message.Parameters.Items[ExpectedStateParameter]
                 // Userstate == null
                 var message = new OpenIdConnectMessage();
-                message.State = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
+                message.State = UrlEncoder.Default.Encode(formater.Protect(properties));
                 message.Code = Guid.NewGuid().ToString();
                 message.Parameters.Add(ExpectedStateParameter, null);
                 dataset.Add(SetStateOptions, message);
@@ -59,7 +59,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 var userstate = Guid.NewGuid().ToString();
                 message.Code = Guid.NewGuid().ToString();
                 properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userstate);
-                message.State = UrlEncoder.Default.UrlEncode(formater.Protect(properties));
+                message.State = UrlEncoder.Default.Encode(formater.Protect(properties));
                 message.Parameters.Add(ExpectedStateParameter, userstate);
                 dataset.Add(SetStateOptions, message);
                 return dataset;
@@ -92,7 +92,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             };
         }
 
-        private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, IUrlEncoder encoder, OpenIdConnectHandler handler = null)
+        private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, UrlEncoder encoder, OpenIdConnectHandler handler = null)
         {
             return TestServer.Create(
                 app =>
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index 7d7afa56ec..da8f450796 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -2,12 +2,12 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
-using Microsoft.Extensions.WebEncoders;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {
@@ -24,11 +24,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
-            IUrlEncoder encoder,
+            UrlEncoder encoder,
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
             OpenIdConnectOptions options,
-            IHtmlEncoder htmlEncoder,
+            HtmlEncoder htmlEncoder,
             OpenIdConnectHandler handler = null
             )
         : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options, htmlEncoder)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index d5794003d1..b9f0f26f89 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -8,6 +8,7 @@ using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNet.Authentication.Cookies;
@@ -17,7 +18,6 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
@@ -358,7 +358,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             var transaction = await SendAsync(server, DefaultHost + Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Contains(UrlEncoder.Default.UrlEncode("https://example.com/logout"), transaction.Response.Headers.Location.AbsoluteUri);
+            Assert.Contains(UrlEncoder.Default.Encode("https://example.com/logout"), transaction.Response.Headers.Location.AbsoluteUri);
         }
 
         [Fact]
@@ -375,7 +375,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
             var transaction = await SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Contains(UrlEncoder.Default.UrlEncode("http://www.example.com/specific_redirect_uri"), transaction.Response.Headers.Location.AbsoluteUri);
+            Assert.Contains(UrlEncoder.Default.Encode("http://www.example.com/specific_redirect_uri"), transaction.Response.Headers.Location.AbsoluteUri);
         }
 
         private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)

From c71c7a381005dbaa85a0fd54f3141b9a96469e96 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Fri, 30 Oct 2015 14:14:34 -0700
Subject: [PATCH 392/900] Reacting to RequestDelegate namespace change

---
 .../CookieAuthenticationMiddleware.cs                           | 2 +-
 .../FacebookMiddleware.cs                                       | 2 +-
 src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs  | 2 +-
 .../JwtBearerMiddleware.cs                                      | 2 +-
 .../MicrosoftAccountMiddleware.cs                               | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs    | 2 +-
 .../OpenIdConnectMiddleware.cs                                  | 1 -
 .../TwitterMiddleware.cs                                        | 2 +-
 src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs | 1 -
 .../ClaimsTransformationMiddleware.cs                           | 1 -
 src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs     | 1 -
 .../OpenIdConnectMiddlewareForTestingAuthenticate.cs            | 2 +-
 12 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 1f2572ffea..9ec4064843 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -3,8 +3,8 @@
 
 using System;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNet.Authentication.Cookies
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index 711d3e5630..3789163810 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -5,8 +5,8 @@ using System;
 using System.Globalization;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index e32e0c8f55..152cc6290a 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -5,8 +5,8 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index da6d21c1c8..ad518b9667 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Net.Http;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index a20d08d5f1..590e0d7785 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -4,8 +4,8 @@
 using System;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index 127eba20cb..10b7bdf425 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -6,8 +6,8 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 4ce09644ea..52023d99d7 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -6,7 +6,6 @@ using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Text;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index bcfbe00149..3c214b0d71 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -6,8 +6,8 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index ce668e5c2d..ef7cb5056d 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index 2d2f3461ba..c84777cd81 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
index d726d80cde..5c49b9e180 100644
--- a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Internal;
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index da8f450796..17b27128af 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -4,8 +4,8 @@
 using System;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.OptionsModel;
 

From e9d2c53ebc2b44adc398d5734cabf1cf31ab01c5 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 2 Nov 2015 15:56:49 -0800
Subject: [PATCH 393/900] React to IRequestCookieCollection changes.

---
 .../ChunkingCookieManager.cs                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
index 7560cd1456..70d7096cbf 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
@@ -87,7 +87,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
                 {
                     var chunk = requestCookies[key + "C" + chunkId.ToString(CultureInfo.InvariantCulture)];
-                    if (chunk.Count == 0)
+                    if (string.IsNullOrEmpty(chunk))
                     {
                         if (ThrowForPartialCookies)
                         {

From a363368dc8449d01a809c28f6e073219e61c52c5 Mon Sep 17 00:00:00 2001
From: Cesar Blum Silveira <cesars@microsoft.com>
Date: Tue, 3 Nov 2015 12:29:44 -0800
Subject: [PATCH 394/900] Strong name everything.

---
 .../project.json                                  |   3 ++-
 .../project.json                                  |   3 ++-
 .../project.json                                  |   3 ++-
 .../project.json                                  |   5 +++--
 .../project.json                                  |   3 ++-
 .../project.json                                  |   3 ++-
 .../project.json                                  |   5 +++--
 .../project.json                                  |   3 ++-
 src/Microsoft.AspNet.Authentication/project.json  |   3 ++-
 src/Microsoft.AspNet.Authorization/project.json   |   3 ++-
 src/Microsoft.AspNet.CookiePolicy/project.json    |   3 ++-
 .../project.json                                  |   4 ++++
 tools/Key.snk                                     | Bin 0 -> 596 bytes
 13 files changed, 28 insertions(+), 13 deletions(-)
 create mode 100644 tools/Key.snk

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index 95044dbc6f..b9b1d5d308 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNet.Authentication.Facebook/project.json
index d3c1d5edc2..0c64cafa91 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNet.Authentication.Facebook/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNet.Authentication.Google/project.json
index 5be11d4d1d..47736748c5 100644
--- a/src/Microsoft.AspNet.Authentication.Google/project.json
+++ b/src/Microsoft.AspNet.Authentication.Google/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 519033d276..8c6cbde75b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -6,11 +6,12 @@
         "url": "git://github.com/aspnet/security"
     },
     "compilationOptions": {
-        "warningsAsErrors": true
+        "warningsAsErrors": true,
+        "keyFile": "../../tools/Key.snk"
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-210191231"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211021236"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
index 31510c2adb..b1528b9352 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index 21d823be1b..5684154933 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 8bf0acf25e..0cad5419a4 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -6,11 +6,12 @@
         "url": "git://github.com/aspnet/security"
     },
     "compilationOptions": {
-        "warningsAsErrors": true
+      "warningsAsErrors": true,
+      "keyFile": "../../tools/Key.snk"
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-210191231"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211021236"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index 89c79bd64a..112a742581 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication": "1.0.0-*"
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index 5e8501141c..bef600babb 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.DataProtection": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index acefedeeb1..0cd2647ce6 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Http.Features": "1.0.0-*",
diff --git a/src/Microsoft.AspNet.CookiePolicy/project.json b/src/Microsoft.AspNet.CookiePolicy/project.json
index 4b70bf0212..3eab1d58f9 100644
--- a/src/Microsoft.AspNet.CookiePolicy/project.json
+++ b/src/Microsoft.AspNet.CookiePolicy/project.json
@@ -6,7 +6,8 @@
     "url": "git://github.com/aspnet/security"
   },
   "compilationOptions": {
-    "warningsAsErrors": true
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
     "Microsoft.AspNet.Http": "1.0.0-*"
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/project.json b/src/Microsoft.Owin.Security.Cookies.Interop/project.json
index 58830a72cc..30053b01ee 100644
--- a/src/Microsoft.Owin.Security.Cookies.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Cookies.Interop/project.json
@@ -1,5 +1,9 @@
 {
     "version": "1.0.0-*",
+    "compilationOptions": {
+        "warningsAsErrors": true,
+        "keyFile": "../../tools/Key.snk"
+    },
     "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security.Cookies and Microsoft.AspNet.Authentication.Cookies.",
     "dependencies": {
     },
diff --git a/tools/Key.snk b/tools/Key.snk
new file mode 100644
index 0000000000000000000000000000000000000000..e10e4889c125d3120cd9e81582243d70f7cbb806
GIT binary patch
literal 596
zcmV-a0;~N80ssI2Bme+XQ$aES1ONa50098=Iw=HCsn<ZsvmrW@<$Q#+a>z~#iVhm&
zj%TU(_THUee?3yHBjk$37y<Fzl?uL)9ivSuo;#}B6dD)De)Gj;-CpGdOOelGyF6;R
zKXR)&ujxGx!@@L+c2BRcvA}aZ<rG=2t43G@guk71#NvTux6R^5_>sB?i5#7WD$={H
zV4B!OxRPrb|8)HPg~A}8P>^=#y<)56#=E&NzcjOtPK~<4n6GHt=K$ro*T(lhby_@U
zEk(hLzk1H)0yXj<Uf8HnEtBu!TuA*PmAf$cXle6YkpNq+@Z60ghGtVxe6)1Ajj1}d
ztgvi4bgJz|V`P;etzc8pF-FM#N`%JUpHzaYX*mMNIn*G};u}`O51u$`rvZggFup%y
z5Uu>{A_5>fk-TgNoP|q6(tP2xo8zt8i%212CWM#AeCd?`hS|4~L({h~Moo(~vy&3Z
z1uI}`fd^*>o=rwbAGymj6RM^pZm(*Kfhs+Y1#`-2JPWZMK8@;ZW<LR4v7CQcE4@!q
z)U49ij|+<|%~kIOLZlXjf9x6h%%!xHcL2a{5I|b;$2l^>Ck2+9bX4YP);~fj-BU*R
zQPvW<DAZ8Z6e#YE!zCp+7M)hVxqP}{4}~6lG=>v$89!{R<a!lIoEa{Dc+j_%E<}+-
z!)tmG_q8@!i7JE*V%)C;o#1~$Q2B~A145=eCJ9-fwL>l9wM+zR>_TSkn^voYxA?2G
iKnV#iZ6Ah`K>b=@=IjYJXrxL124zR(38)nxe+&q_$QXwJ

literal 0
HcmV?d00001


From 238fdf24e8b0e3c5e84cd8dc7f7324502a439429 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 3 Nov 2015 12:37:35 -0800
Subject: [PATCH 395/900] Further improve error handling for OAuth providers

---
 .../FacebookHandler.cs                        |  2 +-
 .../OAuthHandler.cs                           | 30 +++++++--
 .../OAuthTokenResponse.cs                     | 19 +++++-
 .../RemoteAuthenticationHandler.cs            |  3 +-
 .../Google/GoogleMiddlewareTests.cs           | 64 +++++++++----------
 .../Twitter/TwitterMiddlewareTests.cs         |  8 +--
 6 files changed, 80 insertions(+), 46 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
index cd6c2d1f73..e25fef4967 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
@@ -46,7 +46,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             }
 
             // The refresh token is not available.
-            return new OAuthTokenResponse(payload);
+            return OAuthTokenResponse.Success(payload);
         }
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index 5db46991bb..c0f05aa0dc 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -7,6 +7,7 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Security.Cryptography;
+using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
@@ -62,9 +63,14 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
             var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
 
+            if (tokens.Error != null)
+            {
+                return AuthenticateResult.Failed(tokens.Error);
+            }
+
             if (string.IsNullOrEmpty(tokens.AccessToken))
             {
-                return AuthenticateResult.Failed("Access token was not found.");
+                return AuthenticateResult.Failed("Failed to retrieve access token.");
             }
 
             var identity = new ClaimsIdentity(Options.ClaimsIssuer);
@@ -113,9 +119,25 @@ namespace Microsoft.AspNet.Authentication.OAuth
             requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
             requestMessage.Content = requestContent;
             var response = await Backchannel.SendAsync(requestMessage, Context.RequestAborted);
-            response.EnsureSuccessStatusCode();
-            var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
-            return new OAuthTokenResponse(payload);
+            if (response.IsSuccessStatusCode)
+            {
+                var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
+                return OAuthTokenResponse.Success(payload);
+            }
+            else
+            {
+                var error = "OAuth token endpoint failure: " + await Display(response);
+                return OAuthTokenResponse.Failed(new Exception(error));
+            }
+        }
+
+        private static async Task<string> Display(HttpResponseMessage response)
+        {
+            var output = new StringBuilder();
+            output.Append("Status: " + response.StatusCode + ";");
+            output.Append("Headers: " + response.Headers.ToString() + ";");
+            output.Append("Body: " + await response.Content.ReadAsStringAsync() + ";");
+            return output.ToString();
         }
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs
index f796669553..7a45120b4a 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs
@@ -1,13 +1,14 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
     public class OAuthTokenResponse
     {
-        public OAuthTokenResponse(JObject response)
+        private OAuthTokenResponse(JObject response)
         {
             Response = response;
             AccessToken = response.Value<string>("access_token");
@@ -16,10 +17,26 @@ namespace Microsoft.AspNet.Authentication.OAuth
             ExpiresIn = response.Value<string>("expires_in");
         }
 
+        private OAuthTokenResponse(Exception error)
+        {
+            Error = error;
+        }
+
+        public static OAuthTokenResponse Success(JObject response)
+        {
+            return new OAuthTokenResponse(response);
+        }
+
+        public static OAuthTokenResponse Failed(Exception error)
+        {
+            return new OAuthTokenResponse(error);
+        }
+
         public JObject Response { get; set; }
         public string AccessToken { get; set; }
         public string TokenType { get; set; }
         public string RefreshToken { get; set; }
         public string ExpiresIn { get; set; }
+        public Exception Error { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
index 7e382edd06..0851b1b5ce 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
@@ -36,8 +36,7 @@ namespace Microsoft.AspNet.Authentication
                     return false;
                 }
 
-                Context.Response.StatusCode = 500;
-                return true;
+                throw new AggregateException("Unhandled remote error.", errorContext.Error);
             }
 
             // We have a ticket if we get here
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index beda30bbdf..ab822206de 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -244,8 +244,8 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientId = "Test Id";
                 options.ClientSecret = "Test Secret";
             });
-            var transaction = await server.SendAsync("https://example.com/signin-google?code=TestCode");
-            Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+            var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?code=TestCode"));
+            Assert.Equal("The oauth state was missing or invalid.", error.Message);
         }
 
         [Theory]
@@ -270,15 +270,16 @@ namespace Microsoft.AspNet.Authentication.Google
                     };
                 }
             });
-            var transaction = await server.SendAsync("https://example.com/signin-google?error=OMG");
             if (redirect)
             {
+                var transaction = await server.SendAsync("https://example.com/signin-google?error=OMG");
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
                 Assert.Equal("/error?ErrorMessage=OMG", transaction.Response.Headers.GetValues("Location").First());
             }
             else
             {
-                Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+                var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?error=OMG"));
+                Assert.Equal("OMG", error.Message);
             }
         }
 
@@ -379,7 +380,8 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        return new HttpResponseMessage(HttpStatusCode.BadRequest);
+                        return ReturnJsonResponse(new { Error = "Error" }, 
+                            HttpStatusCode.BadRequest);
                     }
                 };
                 if (redirect)
@@ -402,24 +404,21 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.RedirectUri = "/me";
 
             var state = stateFormat.Protect(properties);
-
-            await Assert.ThrowsAsync<HttpRequestException>(() => server.SendAsync(
+            var sendTask = server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue));
-
-            //var transaction = await server.SendAsync(
-            //    "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-            //    correlationKey + "=" + correlationValue);
-            //if (redirect)
-            //{
-            //    Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            //    Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("Access token was not found."),
-            //        transaction.Response.Headers.GetValues("Location").First());
-            //}
-            //else
-            //{
-            //    Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
-            //}
+                correlationKey + "=" + correlationValue);
+            if (redirect)
+            {
+                var transaction = await sendTask;
+                Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("OAuth token endpoint failure: Status: BadRequest;Headers: ;Body: {\"Error\":\"Error\"};"),
+                    transaction.Response.Headers.GetValues("Location").First());
+            }
+            else
+            {
+                var error = await Assert.ThrowsAnyAsync<Exception>(() => sendTask);
+                Assert.Equal("OAuth token endpoint failure: Status: BadRequest;Headers: ;Body: {\"Error\":\"Error\"};", error.Message);
+            }
         }
 
         [Theory]
@@ -459,18 +458,20 @@ namespace Microsoft.AspNet.Authentication.Google
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
-            var transaction = await server.SendAsync(
+            var sendTask = server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
                 correlationKey + "=" + correlationValue);
             if (redirect)
             {
+                var transaction = await sendTask;
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("Access token was not found."),
+                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("Failed to retrieve access token."),
                     transaction.Response.Headers.GetValues("Location").First());
             }
             else
             {
-                Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+                var error = await Assert.ThrowsAnyAsync<Exception>(() => sendTask);
+                Assert.Equal("Failed to retrieve access token.", error.Message);
             }
         }
 
@@ -712,9 +713,8 @@ namespace Microsoft.AspNet.Authentication.Google
         }
 
         [Fact]
-        public async Task NoStateCauses500()
+        public async Task NoStateCausesException()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
             var server = CreateServer(options =>
             {
                 options.ClientId = "Test Id";
@@ -722,10 +722,8 @@ namespace Microsoft.AspNet.Authentication.Google
             });
 
             //Post a message to the Google middleware
-            var transaction = await server.SendAsync(
-                "https://example.com/signin-google?code=TestCode");
-
-            Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+            var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?code=TestCode"));
+            Assert.Equal("The oauth state was missing or invalid.", error.Message);
         }
 
         [Fact]
@@ -756,9 +754,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 transaction.Response.Headers.GetValues("Location").First());
         }
 
-        private static HttpResponseMessage ReturnJsonResponse(object content)
+        private static HttpResponseMessage ReturnJsonResponse(object content, HttpStatusCode code = HttpStatusCode.OK)
         {
-            var res = new HttpResponseMessage(HttpStatusCode.OK);
+            var res = new HttpResponseMessage(code);
             var text = JsonConvert.SerializeObject(content);
             res.Content = new StringContent(text, Encoding.UTF8, "application/json");
             return res;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index aa060482b6..e66090144c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         }
 
         [Fact]
-        public async Task BadSignInWill500()
+        public async Task BadSignInWillThrow()
         {
             var server = CreateServer(options =>
             {
@@ -73,10 +73,8 @@ namespace Microsoft.AspNet.Authentication.Twitter
             });
 
             // Send a bogus sign in
-            var transaction = await server.SendAsync(
-                "https://example.com/signin-twitter");
-
-            Assert.Equal(HttpStatusCode.InternalServerError, transaction.Response.StatusCode);
+            var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-twitter"));
+            Assert.Equal("Invalid state cookie.", error.Message);
         }
 
         [Fact]

From dc6e916bd465628c3e6441925cdb16239a0b82b9 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 4 Nov 2015 13:54:37 -0800
Subject: [PATCH 396/900] Cookies Forbid now includes ReturnUrl

---
 .../CookieAuthenticationHandler.cs                | 15 +++++++--------
 .../Cookies/CookieMiddlewareTests.cs              |  1 +
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 4f61ca5822..ad7dc7e862 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -327,14 +327,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
-            var accessDeniedUri =
-                Request.Scheme +
-                "://" +
-                Request.Host +
-                OriginalPathBase +
-                Options.AccessDeniedPath;
-
-            var redirectContext = new CookieRedirectContext(Context, Options, accessDeniedUri);
+            var returnUrl = new AuthenticationProperties(context.Properties).RedirectUri;
+            if (string.IsNullOrEmpty(returnUrl))
+            {
+                returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
+            }
+            var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
+            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri));
             await Options.Events.RedirectToAccessDenied(redirectContext);
             return true;
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 646375b880..8af2b88780 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -645,6 +645,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
             var location = transaction2.Response.Headers.Location;
             Assert.Equal("/Account/AccessDenied", location.LocalPath);
+            Assert.Equal("?ReturnUrl=%2Fchallenge", location.Query);
         }
 
         [Theory]

From bcb02a06efef17c1912febe7c23ceaa62bbc74e2 Mon Sep 17 00:00:00 2001
From: Cesar Blum Silveira <cesars@microsoft.com>
Date: Thu, 5 Nov 2015 11:50:33 -0800
Subject: [PATCH 397/900] Update IdentityModel dependencies to strong named
 version.

---
 src/Microsoft.AspNet.Authentication.JwtBearer/project.json     | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 519033d276..50b4d69aee 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -10,7 +10,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-210191231"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211050742"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 8bf0acf25e..3bc3ce7e66 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -10,7 +10,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-210191231"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211050742"
     },
     "frameworks": {
         "dnx451": {

From 216d3a0656df1aeee031d4afa4a4afb54957719a Mon Sep 17 00:00:00 2001
From: Cesar Blum Silveira <cesars@microsoft.com>
Date: Fri, 6 Nov 2015 04:27:33 -0800
Subject: [PATCH 398/900] Fix some authentication unit tests failing on Linux
 and OS X.

---
 .../Google/GoogleMiddlewareTests.cs                    | 10 +++++-----
 .../Twitter/TwitterMiddlewareTests.cs                  |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index ab822206de..514ce126f3 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -245,7 +245,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
             });
             var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?code=TestCode"));
-            Assert.Equal("The oauth state was missing or invalid.", error.Message);
+            Assert.Equal("The oauth state was missing or invalid.", error.GetBaseException().Message);
         }
 
         [Theory]
@@ -279,7 +279,7 @@ namespace Microsoft.AspNet.Authentication.Google
             else
             {
                 var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?error=OMG"));
-                Assert.Equal("OMG", error.Message);
+                Assert.Equal("OMG", error.GetBaseException().Message);
             }
         }
 
@@ -417,7 +417,7 @@ namespace Microsoft.AspNet.Authentication.Google
             else
             {
                 var error = await Assert.ThrowsAnyAsync<Exception>(() => sendTask);
-                Assert.Equal("OAuth token endpoint failure: Status: BadRequest;Headers: ;Body: {\"Error\":\"Error\"};", error.Message);
+                Assert.Equal("OAuth token endpoint failure: Status: BadRequest;Headers: ;Body: {\"Error\":\"Error\"};", error.GetBaseException().Message);
             }
         }
 
@@ -471,7 +471,7 @@ namespace Microsoft.AspNet.Authentication.Google
             else
             {
                 var error = await Assert.ThrowsAnyAsync<Exception>(() => sendTask);
-                Assert.Equal("Failed to retrieve access token.", error.Message);
+                Assert.Equal("Failed to retrieve access token.", error.GetBaseException().Message);
             }
         }
 
@@ -723,7 +723,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
             //Post a message to the Google middleware
             var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?code=TestCode"));
-            Assert.Equal("The oauth state was missing or invalid.", error.Message);
+            Assert.Equal("The oauth state was missing or invalid.", error.GetBaseException().Message);
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index e66090144c..36589a12d5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -74,7 +74,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             // Send a bogus sign in
             var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-twitter"));
-            Assert.Equal("Invalid state cookie.", error.Message);
+            Assert.Equal("Invalid state cookie.", error.GetBaseException().Message);
         }
 
         [Fact]

From 6dfc95b5823c8f85954f358997b25e72320d61c2 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <Eilon@users.noreply.github.com>
Date: Sat, 7 Nov 2015 12:04:16 -0800
Subject: [PATCH 399/900] Update to newer OIDC library

---
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 0cad5419a4..e83aa69526 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -11,7 +11,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211021236"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211061307"
     },
     "frameworks": {
         "dnx451": {

From b04c4041f3cdb2e3fb85e72b0e859870255f1e69 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 9 Nov 2015 10:43:53 -0800
Subject: [PATCH 400/900] Update OIDC dependencies to 211090924.

---
 src/Microsoft.AspNet.Authentication.JwtBearer/project.json     | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 8c6cbde75b..9877657d33 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -11,7 +11,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211021236"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211090924"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index e83aa69526..7f88ff58af 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -11,7 +11,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211061307"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211090924"
     },
     "frameworks": {
         "dnx451": {

From d6cdb4bbfe5d6b346687d82fc1176aec1affb5e9 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Thu, 12 Nov 2015 12:24:08 -0800
Subject: [PATCH 401/900] Remove System beta tag in project.json for coreclr
 packages.

---
 src/Microsoft.AspNet.Authentication.JwtBearer/project.json    | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/project.json        | 4 ++--
 .../project.json                                              | 2 +-
 src/Microsoft.AspNet.Authentication.Twitter/project.json      | 4 ++--
 src/Microsoft.AspNet.Authentication/project.json              | 4 ++--
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index dce6112e3e..9db6f35949 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -21,7 +21,7 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Net.Http": "4.0.1-beta-*"
+                "System.Net.Http": "4.0.1-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNet.Authentication.OAuth/project.json
index 5684154933..1d6833e3ef 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNet.Authentication.OAuth/project.json
@@ -21,8 +21,8 @@
     },
     "dotnet5.4": {
       "dependencies": {
-        "System.Net.Http": "4.0.1-beta-*"
+        "System.Net.Http": "4.0.1-*"
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 099594d6b1..d740f4a939 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -21,7 +21,7 @@
         },
         "dnxcore50": {
             "dependencies": {
-                "System.Net.Http": "4.0.1-beta-*"
+                "System.Net.Http": "4.0.1-*"
             }
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNet.Authentication.Twitter/project.json
index 112a742581..6c4124a1b5 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNet.Authentication.Twitter/project.json
@@ -20,8 +20,8 @@
     },
     "dotnet5.4": {
       "dependencies": {
-        "System.Net.Http": "4.0.1-beta-*"
+        "System.Net.Http": "4.0.1-*"
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index bef600babb..c4b246641a 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -29,8 +29,8 @@
     },
     "dotnet5.4": {
       "dependencies": {
-        "System.Net.Http": "4.0.1-beta-*"
+        "System.Net.Http": "4.0.1-*"
       }
     }
   }
-}
\ No newline at end of file
+}

From b05f8771ae4f6fcc4e3a6fded04046eedfb59e12 Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Thu, 12 Nov 2015 15:19:43 -0800
Subject: [PATCH 402/900] Removed comment

---
 .../OpenIdConnectHandler.cs                                      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index b0472703a8..eb88f43696 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -359,7 +359,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(message.Error))
                 {
-                    // REVIEW: this error formatting is pretty nuts
                     Logger.LogError(13, "Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.", message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
                     return AuthenticateResult.Failed(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null")));
                 }

From de107ffe61d15c7074fc56fa1da6428e3c0e7de1 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 13 Nov 2015 11:27:39 -0800
Subject: [PATCH 403/900] Cookies now defaults to AutomaticAuthenticate true
 again

---
 .../CookieAuthenticationOptions.cs                               | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 1d0484ab64..88d41c6635 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -23,6 +23,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public CookieAuthenticationOptions()
         {
             AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+            AutomaticAuthenticate = true;
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;

From 5e99883c57a08d855fac26bbab9fe1b204f8e713 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 13 Nov 2015 11:27:44 -0800
Subject: [PATCH 404/900] Reacting to DI changes

---
 .../DefaultAuthorizationServiceTests.cs                     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 7844f612b9..968f1151bb 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -788,7 +788,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.AddInstance<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
+                services.AddSingleton<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
                 services.AddTransient<IAuthorizationHandler, SuperUserHandler>();
             });
             var user = new ClaimsPrincipal(
@@ -841,7 +841,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.AddInstance<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
+                services.AddSingleton<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
             });
             var user = new ClaimsPrincipal();
 
@@ -858,7 +858,7 @@ namespace Microsoft.AspNet.Authorization.Test
             // Arrange
             var authorizationService = BuildAuthorizationService(services =>
             {
-                services.AddInstance<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
+                services.AddSingleton<IAuthorizationHandler>(new ExpenseReportAuthorizationHandler(new OperationAuthorizationRequirement[] { Operations.Edit }));
             });
             var user = new ClaimsPrincipal();
 

From 3a1d645308e79e823752b801a7480d971312bf0a Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 16 Nov 2015 11:38:47 -0800
Subject: [PATCH 405/900] Update IdentityModel dependencies.

---
 src/Microsoft.AspNet.Authentication.JwtBearer/project.json     | 2 +-
 src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 9877657d33..19027cad50 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -11,7 +11,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211090924"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211161024"
     },
     "frameworks": {
         "dnx451": {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index 7f88ff58af..9450af3615 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -11,7 +11,7 @@
     },
     "dependencies": {
         "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211090924"
+        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211161024"
     },
     "frameworks": {
         "dnx451": {

From 432850900f9999a9c0f0c1c3d12d715023a242d2 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Tue, 17 Nov 2015 14:33:41 -0800
Subject: [PATCH 406/900] Move Travis to supported Linux distribution - use
 Ubuntu 14.04 (Trusty)   - Travis support for Trusty is in Beta and currently
 requires `sudo` - run `dnu restore` with DNX Core since aspnet/External#49 is
 not fixed in Mono versions we can use - add required dependencies for DNX
 Core to `.travis.yml` - addresses part of aspnet/Universe#290

---
 .travis.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index c31316acec..2fc624899f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,18 @@
 language: csharp
-sudo: false
+sudo: required
+dist: trusty
+addons:
+  apt:
+    packages:
+    - gettext
+    - libcurl4-openssl-dev
+    - libicu-dev
+    - libssl-dev
+    - libunwind8
+    - zlib1g
+env:
+  - KOREBUILD_DNU_RESTORE_CORECLR=true
 mono:
-  - beta
+  - 4.0.5
 script:
   - ./build.sh --quiet verify

From 620622f260ba235c864d753262c0e6e923db93a5 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 19 Nov 2015 15:06:20 -0800
Subject: [PATCH 407/900] Include error_desc/error_uri as well for OAuth

---
 .../OAuthHandler.cs                               | 15 ++++++++++++++-
 .../Google/GoogleMiddlewareTests.cs               |  9 +++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index c0f05aa0dc..1d9c95d3cd 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -38,7 +38,20 @@ namespace Microsoft.AspNet.Authentication.OAuth
             var error = query["error"];
             if (!StringValues.IsNullOrEmpty(error))
             {
-                return AuthenticateResult.Failed(error);
+                var errorMessage = new StringBuilder();
+                errorMessage.Append(error);
+                var errorDescription = query["error_description"];
+                if (!StringValues.IsNullOrEmpty(errorDescription))
+                {
+                    errorMessage.Append(";Description=").Append(errorDescription);
+                }
+                var errorUri = query["error_uri"];
+                if (!StringValues.IsNullOrEmpty(errorUri))
+                {
+                    errorMessage.Append(";Uri=").Append(errorUri);
+                }
+
+                return AuthenticateResult.Failed(errorMessage.ToString());
             }
 
             var code = query["code"];
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 514ce126f3..5914722c5d 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -270,16 +270,17 @@ namespace Microsoft.AspNet.Authentication.Google
                     };
                 }
             });
+            var sendTask = server.SendAsync("https://example.com/signin-google?error=OMG&error_description=SoBad&error_uri=foobar");
             if (redirect)
             {
-                var transaction = await server.SendAsync("https://example.com/signin-google?error=OMG");
+                var transaction = await sendTask;
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-                Assert.Equal("/error?ErrorMessage=OMG", transaction.Response.Headers.GetValues("Location").First());
+                Assert.Equal("/error?ErrorMessage=OMG"+UrlEncoder.Default.Encode(";Description=SoBad;Uri=foobar"), transaction.Response.Headers.GetValues("Location").First());
             }
             else
             {
-                var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?error=OMG"));
-                Assert.Equal("OMG", error.GetBaseException().Message);
+                var error = await Assert.ThrowsAnyAsync<Exception>(() => sendTask);
+                Assert.Equal("OMG;Description=SoBad;Uri=foobar", error.GetBaseException().Message);
             }
         }
 

From 4cf32eb6787f82de9448945f2c0962a10cc05b4b Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 30 Nov 2015 11:56:57 -0800
Subject: [PATCH 408/900] #411 Handle validation failures from ValidateToken.

---
 .../JwtBearerHandler.cs                       | 61 +++++++++++++++----
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 50 +++++++++++++++
 2 files changed, 99 insertions(+), 12 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 79ca1a084d..beb77486f4 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -2,8 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.IdentityModel.Tokens;
 using System.Linq;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
@@ -34,7 +36,6 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 {
                     return AuthenticateResult.Success(receivingTokenContext.AuthenticationTicket);
                 }
-
                 if (receivingTokenContext.Skipped)
                 {
                     return AuthenticateResult.Success(ticket: null);
@@ -76,7 +77,6 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 {
                     return AuthenticateResult.Success(receivedTokenContext.AuthenticationTicket);
                 }
-
                 if (receivedTokenContext.Skipped)
                 {
                     return AuthenticateResult.Success(ticket: null);
@@ -103,12 +103,37 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
                 }
 
+                List<Exception> validationFailures = null;
                 SecurityToken validatedToken;
                 foreach (var validator in Options.SecurityTokenValidators)
                 {
                     if (validator.CanReadToken(token))
                     {
-                        var principal = validator.ValidateToken(token, validationParameters, out validatedToken);
+                        ClaimsPrincipal principal;
+                        try
+                        {
+                            principal = validator.ValidateToken(token, validationParameters, out validatedToken);
+                        }
+                        catch (Exception ex)
+                        {
+                            Logger.LogInformation("Failed to validate the token: " + token, ex);
+
+                            // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
+                            if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                            {
+                                Options.ConfigurationManager.RequestRefresh();
+                            }
+
+                            if (validationFailures == null)
+                            {
+                                validationFailures = new List<Exception>(1);
+                            }
+                            validationFailures.Add(ex);
+                            continue;
+                        }
+
+                        Logger.LogInformation("Successfully validated the token");
+
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
                         var validatedTokenContext = new ValidatedTokenContext(Context, Options)
                         {
@@ -120,7 +145,6 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         {
                             return AuthenticateResult.Success(validatedTokenContext.AuthenticationTicket);
                         }
-
                         if (validatedTokenContext.Skipped)
                         {
                             return AuthenticateResult.Success(ticket: null);
@@ -130,19 +154,32 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     }
                 }
 
-                // REVIEW: this maybe return an error instead?
-                throw new InvalidOperationException("No SecurityTokenValidator available for token: " + token ?? "null");
+                if (validationFailures != null)
+                {
+                    var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+                    {
+                        Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures)
+                    };
+
+                    await Options.Events.AuthenticationFailed(authenticationFailedContext);
+                    if (authenticationFailedContext.HandledResponse)
+                    {
+                        return AuthenticateResult.Success(authenticationFailedContext.AuthenticationTicket);
+                    }
+                    if (authenticationFailedContext.Skipped)
+                    {
+                        return AuthenticateResult.Success(ticket: null);
+                    }
+
+                    return AuthenticateResult.Failed(authenticationFailedContext.Exception);
+                }
+
+                return AuthenticateResult.Failed("No SecurityTokenValidator available for token: " + token ?? "[null]");
             }
             catch (Exception ex)
             {
                 Logger.LogError("Exception occurred while processing message", ex);
 
-                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
-                if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
-                {
-                    Options.ConfigurationManager.RequestRefresh();
-                }
-
                 var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
                 {
                     Exception = ex
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 17e14d449d..aaef7ffa91 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -112,6 +112,34 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
+        [Fact]
+        public async Task UnrecognizedTokenReceived()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthenticate = true;
+            });
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal("", response.ResponseText);
+        }
+
+        [Fact]
+        public async Task InvalidTokenReceived()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthenticate = true;
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new InvalidTokenValidator());
+            });
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal("", response.ResponseText);
+        }
+
         [Fact]
         public async Task CustomTokenReceived()
         {
@@ -284,6 +312,28 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
+        class InvalidTokenValidator : ISecurityTokenValidator
+        {
+            public InvalidTokenValidator()
+            {
+            }
+
+            public bool CanValidateToken => true;
+
+            public int MaximumTokenSizeInBytes
+            {
+                get { throw new NotImplementedException(); }
+                set { throw new NotImplementedException(); }
+            }
+
+            public bool CanReadToken(string securityToken) => true;
+
+            public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
+            {
+                throw new SecurityTokenException("InvalidToken");
+            }
+        }
+
         class BlobTokenValidator : ISecurityTokenValidator
         {
             public BlobTokenValidator(string authenticationScheme)

From 51cc52e855b942e6ff26af532530fbf4af40f3d5 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 30 Nov 2015 11:57:49 -0800
Subject: [PATCH 409/900] Tooling sample updates.

---
 samples/CookieSample/Properties/launchSettings.json | 13 ++++++++++++-
 .../Properties/launchSettings.json                  | 13 ++++++++++++-
 .../Properties/launchSettings.json                  | 13 ++++++++++++-
 samples/SocialSample/Properties/launchSettings.json | 13 ++++++++++++-
 ...crosoft.Owin.Security.Cookies.Interop.Test.xproj |  4 +++-
 5 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/samples/CookieSample/Properties/launchSettings.json b/samples/CookieSample/Properties/launchSettings.json
index 381ef9b50e..9077103681 100644
--- a/samples/CookieSample/Properties/launchSettings.json
+++ b/samples/CookieSample/Properties/launchSettings.json
@@ -1,4 +1,12 @@
 {
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:1788/",
+      "sslPort": 0
+    }
+  },
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
@@ -10,7 +18,10 @@
     "web": {
       "commandName": "web",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:12345"
+      "launchUrl": "http://localhost:12345",
+      "environmentVariables": {
+        "Hosting:Environment": "Development"
+      }
     },
     "kestrel": {
       "commandName": "kestrel",
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/samples/CookieSessionSample/Properties/launchSettings.json
index 381ef9b50e..f4fbdd3fde 100644
--- a/samples/CookieSessionSample/Properties/launchSettings.json
+++ b/samples/CookieSessionSample/Properties/launchSettings.json
@@ -1,4 +1,12 @@
 {
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:1790/",
+      "sslPort": 0
+    }
+  },
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
@@ -10,7 +18,10 @@
     "web": {
       "commandName": "web",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:12345"
+      "launchUrl": "http://localhost:12345",
+      "environmentVariables": {
+        "Hosting:Environment": "Development"
+      }
     },
     "kestrel": {
       "commandName": "kestrel",
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index a744c05c54..174032b7bc 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -1,4 +1,12 @@
 {
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:1791/",
+      "sslPort": 0
+    }
+  },
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
@@ -15,7 +23,10 @@
     "web": {
       "commandName": "web",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:42023"
+      "launchUrl": "http://localhost:42023",
+      "environmentVariables": {
+        "Hosting:Environment": "Development"
+      }
     }
   }
 }
\ No newline at end of file
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index 88e42ba2bb..3481e55c44 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -1,4 +1,12 @@
 {
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:1789/",
+      "sslPort": 0
+    }
+  },
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
@@ -15,7 +23,10 @@
     "web": {
       "commandName": "web",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:54540/"
+      "launchUrl": "http://localhost:54540/",
+      "environmentVariables": {
+        "Hosting:Environment": "Development"
+      }
     }
   }
 }
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj b/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
index 26bc63e140..3341cf4e6e 100644
--- a/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
+++ b/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
@@ -11,9 +11,11 @@
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
-
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file

From 909a14e504370e2b09a3d438c8ab4cda777cebd5 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 30 Nov 2015 12:33:51 -0800
Subject: [PATCH 410/900] Enable CoreClr tests on Travis.

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 2fc624899f..c0befaffcf 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,7 +11,7 @@ addons:
     - libunwind8
     - zlib1g
 env:
-  - KOREBUILD_DNU_RESTORE_CORECLR=true
+  - KOREBUILD_DNU_RESTORE_CORECLR=true KOREBUILD_TEST_DNXCORE=true
 mono:
   - 4.0.5
 script:

From b77d22cfcb9b09933671f6538e341143d896c48b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Novotn=C3=BD?= <lukas@dramiel.com>
Date: Tue, 1 Dec 2015 18:20:37 +0100
Subject: [PATCH 411/900] Update url of basic authentication example

Url of the example implementation of basic authentication has changed to https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.AspNet.Authentication.Basic due to namespace change.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9577d9d771..b994c1eeac 100644
--- a/README.md
+++ b/README.md
@@ -11,4 +11,4 @@ This project is part of ASP.NET 5. You can find samples, documentation and getti
 
 ### Notes
 
-ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes, as a shared secret authentication mechanism for server to server communication, or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.Security.BasicAuthentication).
+ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes, as a shared secret authentication mechanism for server to server communication, or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.AspNet.Authentication.Basic).

From 0db9a16c915ba5e686f6e001af82853edca63e09 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 1 Dec 2015 10:22:04 -0800
Subject: [PATCH 412/900] Use the newest build of OpenIdConnect packages cloned
 to AspNet feeds.

Fixes #576
---
 NuGet.config                                  |  1 -
 .../project.json                              | 48 +++++++++----------
 .../project.json                              | 48 +++++++++----------
 3 files changed, 48 insertions(+), 49 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index a6026c9cf9..5500f6d507 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -3,6 +3,5 @@
   <packageSources>
     <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
-    <add key="AzureAD" value="http://www.myget.org/F/azureadwebstacknightly/api/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 9db6f35949..264e9c2c3b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -1,28 +1,28 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to receive an OpenID Connect bearer token.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 middleware that enables an application to receive an OpenID Connect bearer token.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
+  },
+  "frameworks": {
+    "net451": {
+      "frameworkAssemblies": {
+        "System.Net.Http": ""
+      }
     },
-    "compilationOptions": {
-        "warningsAsErrors": true,
-        "keyFile": "../../tools/Key.snk"
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211050742"
-    },
-    "frameworks": {
-        "dnx451": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Net.Http": "4.0.1-*"
-            }
-        }
+    "dotnet54": {
+      "dependencies": {
+        "System.Net.Http": "4.0.1-*"
+      }
     }
+  }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index d740f4a939..f8011df77e 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -1,28 +1,28 @@
 {
-    "version": "1.0.0-*",
-    "description": "ASP.NET 5 middleware that enables an application to support the OpenID Connect authentication workflow.",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/aspnet/security"
+  "version": "1.0.0-*",
+  "description": "ASP.NET 5 middleware that enables an application to support the OpenID Connect authentication workflow.",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/aspnet/security"
+  },
+  "compilationOptions": {
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk"
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
+  },
+  "frameworks": {
+    "net451": {
+      "frameworkAssemblies": {
+        "System.Net.Http": ""
+      }
     },
-    "compilationOptions": {
-      "warningsAsErrors": true,
-      "keyFile": "../../tools/Key.snk"
-    },
-    "dependencies": {
-        "Microsoft.AspNet.Authentication": "1.0.0-*",
-        "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-rc1-211050742"
-    },
-    "frameworks": {
-        "dnx451": {
-            "frameworkAssemblies": {
-                "System.Net.Http": ""
-            }
-        },
-        "dnxcore50": {
-            "dependencies": {
-                "System.Net.Http": "4.0.1-*"
-            }
-        }
+    "dotnet54": {
+      "dependencies": {
+        "System.Net.Http": "4.0.1-*"
+      }
     }
+  }
 }

From b81f947042dc7b43224416021962061e1bb2649b Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 1 Dec 2015 10:55:47 -0800
Subject: [PATCH 413/900] Remove unused references

---
 .../project.json                                     | 12 ++----------
 .../project.json                                     | 12 ++----------
 2 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
index 264e9c2c3b..16b169298b 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/project.json
@@ -14,15 +14,7 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Net.Http": ""
-      }
-    },
-    "dotnet54": {
-      "dependencies": {
-        "System.Net.Http": "4.0.1-*"
-      }
-    }
+    "net451": { },
+    "dotnet54": { }
   }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
index f8011df77e..58d9d5a407 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
@@ -14,15 +14,7 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Net.Http": ""
-      }
-    },
-    "dotnet54": {
-      "dependencies": {
-        "System.Net.Http": "4.0.1-*"
-      }
-    }
+    "net451": { },
+    "dotnet54": { }
   }
 }

From 17e9a3336f5eea7962dd66136ad1c27853c50649 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 1 Dec 2015 15:54:12 -0800
Subject: [PATCH 414/900] Update the sample dependencies, commands, etc..

---
 samples/CookieSample/project.json             | 35 +++++++--------
 samples/CookieSample/wwwroot/web.config       |  9 ++++
 samples/CookieSessionSample/project.json      | 35 +++++++--------
 .../CookieSessionSample/wwwroot/web.config    |  9 ++++
 samples/OpenIdConnectSample/project.json      | 35 +++++++--------
 .../Properties/launchSettings.json            |  2 +-
 samples/SocialSample/project.json             | 44 +++++++++----------
 samples/SocialSample/wwwroot/.gitkeep         |  0
 samples/SocialSample/wwwroot/web.config       |  9 ++++
 9 files changed, 99 insertions(+), 79 deletions(-)
 create mode 100644 samples/CookieSample/wwwroot/web.config
 create mode 100644 samples/CookieSessionSample/wwwroot/web.config
 delete mode 100644 samples/SocialSample/wwwroot/.gitkeep
 create mode 100644 samples/SocialSample/wwwroot/web.config

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 4464f21fe2..030c149834 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,21 +1,18 @@
 {
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
-    },
-    "commands": {
-        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
-        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5004"
-    },
-    "frameworks": {
-        "dnx451": {
-        },
-        "dnxcore50": {
-        }
-    },
-    "webroot":"wwwroot"
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.DataProtection": "1.0.0-*",
+    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+  },
+  "commands": {
+    "web": "Microsoft.AspNet.Server.Kestrel",
+    "weblistener": "Microsoft.AspNet.Server.WebListener"
+  },
+  "frameworks": {
+    "dnx451": { },
+    "dnxcore50": { }
+  }
 }
diff --git a/samples/CookieSample/wwwroot/web.config b/samples/CookieSample/wwwroot/web.config
new file mode 100644
index 0000000000..9a0d90abf8
--- /dev/null
+++ b/samples/CookieSample/wwwroot/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
+    </handlers>
+    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index be0b1ae052..a1c5ad3c6c 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,20 +1,19 @@
 {
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
-        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
-    },
-    "commands": {
-        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:12345",
-        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5004"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    },
-    "webroot": "wwwroot"
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.DataProtection": "1.0.0-*",
+    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+  },
+  "commands": {
+    "web": "Microsoft.AspNet.Server.Kestrel",
+    "weblistener": "Microsoft.AspNet.Server.WebListener"
+  },
+  "frameworks": {
+    "dnx451": { },
+    "dnxcore50": { }
+  }
 }
diff --git a/samples/CookieSessionSample/wwwroot/web.config b/samples/CookieSessionSample/wwwroot/web.config
new file mode 100644
index 0000000000..9a0d90abf8
--- /dev/null
+++ b/samples/CookieSessionSample/wwwroot/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
+    </handlers>
+    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 6f27caa556..918dbcf3f1 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,20 +1,19 @@
 {
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
-        "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
-        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Extensions.Logging.Console": "1.0.0-*"
-    },
-    "frameworks": {
-        "dnx451": { },
-        "dnxcore50": { }
-    },
-    "commands": {
-        "web": "Microsoft.AspNet.Server.Kestrel",
-        "kestrel": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:42023",
-        "weblistener": "Microsoft.AspNet.Server.WebListener --server.urls http://localhost:42023"
-    },
-    "webroot": "wwwroot"
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
+    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+  },
+  "frameworks": {
+    "dnx451": { },
+    "dnxcore50": { }
+  },
+  "commands": {
+    "web": "Microsoft.AspNet.Server.Kestrel",
+    "kestrel": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:42023",
+    "weblistener": "Microsoft.AspNet.Server.WebListener --server.urls http://localhost:42023"
+  }
 }
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index 3481e55c44..dcfe9f5144 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -3,7 +3,7 @@
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:1789/",
+      "applicationUrl": "http://localhost:54540",
       "sslPort": 0
     }
   },
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 48b78d3584..823ac24c01 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,25 +1,23 @@
 {
-    "dependencies": {
-        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
-        "Microsoft.AspNet.DataProtection": "1.0.0-*",
-        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
-        "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-        "Microsoft.AspNet.Server.Kestrel": "1.0.0-*"
-    },
-    "commands": {
-        "web": "Microsoft.AspNet.Hosting server=Microsoft.AspNet.Server.WebListener server.urls=http://localhost:54540",
-        "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:54540"
-    },
-    "frameworks": {
-        "dnx451": {
-        },
-        "dnxcore50": {
-        }
-    },
-    "webroot": "wwwroot"
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
+    "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
+    "Microsoft.AspNet.DataProtection": "1.0.0-*",
+    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+  },
+  "commands": {
+    "web": "Microsoft.AspNet.Server.Kestrel",
+    "kestrel": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:54540",
+    "weblistener": "Microsoft.AspNet.Server.WebListener --server.urls=http://localhost:54540"
+  },
+  "frameworks": {
+    "dnx451": { },
+    "dnxcore50": { }
+  }
 }
diff --git a/samples/SocialSample/wwwroot/.gitkeep b/samples/SocialSample/wwwroot/.gitkeep
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/samples/SocialSample/wwwroot/web.config b/samples/SocialSample/wwwroot/web.config
new file mode 100644
index 0000000000..9a0d90abf8
--- /dev/null
+++ b/samples/SocialSample/wwwroot/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
+    </handlers>
+    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
+  </system.webServer>
+</configuration>
\ No newline at end of file

From a18181d363f5cc659b7ae324dbf52668022e9307 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Dec 2015 10:16:29 -0800
Subject: [PATCH 415/900] #565 Update facebook APIs to v2.5.

---
 samples/SocialSample/Startup.cs               | 28 ++++++++++++++--
 .../FacebookDefaults.cs                       |  6 ++--
 .../FacebookHandler.cs                        | 32 +++----------------
 .../FacebookOptions.cs                        | 10 +++++-
 .../Facebook/FacebookMiddlewareTests.cs       | 14 ++++----
 5 files changed, 48 insertions(+), 42 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 0b76698aaa..972f3ccc0f 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
@@ -5,6 +6,7 @@ using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.Facebook;
 using Microsoft.AspNet.Authentication.Google;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
@@ -30,6 +32,24 @@ namespace CookieSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
+            // Simple error page to avoid a repo dependency.
+            app.Use(async (context, next) =>
+            {
+                try
+                {
+                    await next();
+                }
+                catch (Exception ex)
+                {
+                    if (context.Response.HasStarted)
+                    {
+                        throw;
+                    }
+                    context.Response.StatusCode = 500;
+                    await context.Response.WriteAsync(ex.ToString());
+                }
+            });
+
             app.UseCookieAuthentication(options =>
             {
                 options.AutomaticAuthenticate = true;
@@ -38,10 +58,12 @@ namespace CookieSample
             });
 
             // https://developers.facebook.com/apps/
-            app.UseFacebookAuthentication(options =>
+            app.UseFacebookAuthentication(new FacebookOptions()
             {
-                options.AppId = "569522623154478";
-                options.AppSecret = "a124463c4719c94b4228d9a240e5dc1a";
+                AppId = "569522623154478",
+                AppSecret = "a124463c4719c94b4228d9a240e5dc1a",
+                Scope = { "email" },
+                Fields = { "name", "email" },
             });
 
             app.UseOAuthAuthentication(new OAuthOptions
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
index 4877b25fc6..d2896a5ce5 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
     {
         public const string AuthenticationScheme = "Facebook";
 
-        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.2/dialog/oauth";
+        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.5/dialog/oauth";
 
-        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.2/oauth/access_token";
+        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.5/oauth/access_token";
 
-        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.2/me";
+        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.5/me";
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
index e25fef4967..d390384710 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
@@ -10,8 +9,6 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Extensions;
-using Microsoft.AspNet.Http.Internal;
 using Microsoft.AspNet.WebUtilities;
 using Newtonsoft.Json.Linq;
 
@@ -24,31 +21,6 @@ namespace Microsoft.AspNet.Authentication.Facebook
         {
         }
 
-        protected override async Task<OAuthTokenResponse> ExchangeCodeAsync(string code, string redirectUri)
-        {
-            var queryBuilder = new QueryBuilder()
-            {
-                { "grant_type", "authorization_code" },
-                { "code", code },
-                { "redirect_uri", redirectUri },
-                { "client_id", Options.AppId },
-                { "client_secret", Options.AppSecret },
-            };
-
-            var response = await Backchannel.GetAsync(Options.TokenEndpoint + queryBuilder.ToString(), Context.RequestAborted);
-            response.EnsureSuccessStatusCode();
-
-            var form = new FormCollection(FormReader.ReadForm(await response.Content.ReadAsStringAsync()));
-            var payload = new JObject();
-            foreach (string key in form.Keys)
-            {
-                payload.Add(string.Equals(key, "expires", StringComparison.OrdinalIgnoreCase) ? "expires_in" : key, (string)form[key]);
-            }
-
-            // The refresh token is not available.
-            return OAuthTokenResponse.Success(payload);
-        }
-
         protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
             var endpoint = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "access_token", tokens.AccessToken);
@@ -56,6 +28,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
             {
                 endpoint = QueryHelpers.AddQueryString(endpoint, "appsecret_proof", GenerateAppSecretProof(tokens.AccessToken));
             }
+            if (Options.Fields.Count > 0)
+            {
+                endpoint = QueryHelpers.AddQueryString(endpoint, "fields", string.Join(",", Options.Fields));
+            }
 
             var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
             response.EnsureSuccessStatusCode();
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
index aa829cb377..0bf6a37166 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
@@ -1,8 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
+using System.Collections.Generic;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
@@ -24,6 +25,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             TokenEndpoint = FacebookDefaults.TokenEndpoint;
             UserInformationEndpoint = FacebookDefaults.UserInformationEndpoint;
             SaveTokensAsClaims = false;
+            Fields = new List<string>();
         }
 
         // Facebook uses a non-standard term for this field.
@@ -51,5 +53,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
         /// This is enabled by default.
         /// </summary>
         public bool SendAppSecretProof { get; set; }
+
+        /// <summary>
+        /// The list of fields to retrieve from the UserInformationEndpoint.
+        /// https://developers.facebook.com/docs/graph-api/reference/user
+        /// </summary>
+        public IList<string> Fields { get; }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 21ace654ee..c1796c3dec 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -86,7 +86,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/base/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
@@ -113,7 +113,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri="+ UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
@@ -147,7 +147,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.2/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=", location);
@@ -178,11 +178,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
                                 if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == FacebookDefaults.TokenEndpoint)
                                 {
                                     var res = new HttpResponseMessage(HttpStatusCode.OK);
-                                    var tokenResponse = new Dictionary<string, string>
+                                    var graphResponse = JsonConvert.SerializeObject(new
                                     {
-                                        { "access_token", "TestAuthToken" },
-                                    };
-                                    res.Content = new FormUrlEncodedContent(tokenResponse);
+                                        access_token = "TestAuthToken"
+                                    });
+                                    res.Content = new StringContent(graphResponse, Encoding.UTF8);
                                     return res;
                                 }
                                 if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) ==

From 92c479869bb8f2a76a0af1c8969880d2b609d3ad Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Dec 2015 11:51:43 -0800
Subject: [PATCH 416/900] #600 Update the Twitter AuthenticationEndpoint

---
 src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs   | 2 +-
 .../Twitter/TwitterMiddlewareTests.cs                           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index 61709aafdc..8ea5ae42d6 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -24,7 +24,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
         private const string StateCookie = "__TwitterState";
         private const string RequestTokenEndpoint = "https://api.twitter.com/oauth/request_token";
-        private const string AuthenticationEndpoint = "https://twitter.com/oauth/authenticate?oauth_token=";
+        private const string AuthenticationEndpoint = "https://api.twitter.com/oauth/authenticate?oauth_token=";
         private const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
 
         private readonly HttpClient _httpClient;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 36589a12d5..668f874811 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -148,7 +148,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://twitter.com/oauth/authenticate?oauth_token=", location);
+            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
         }
 
         private static TestServer CreateServer(Action<TwitterOptions> configure, Func<HttpContext, bool> handler = null)

From 3d8886a06461a4d3282c60db6253059cde6e5278 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 2 Dec 2015 11:04:44 -0800
Subject: [PATCH 417/900] #566 Update Google token endpoint.

---
 .../GoogleDefaults.cs                            |  2 +-
 .../Google/GoogleMiddlewareTests.cs              | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
index 28fa46bc57..ebd05602ab 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
         public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
 
-        public static readonly string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
+        public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v3/token";
 
         public static readonly string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
     }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 5914722c5d..2e3336e057 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -300,7 +300,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -332,7 +332,7 @@ namespace Microsoft.AspNet.Authentication.Google
                             });
                         }
 
-                        return null;
+                        throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
                 };
             });
@@ -489,7 +489,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -522,7 +522,7 @@ namespace Microsoft.AspNet.Authentication.Google
                             });
                         }
 
-                        return null;
+                        throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
                 };
                 options.Events = new OAuthEvents
@@ -569,7 +569,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -602,7 +602,7 @@ namespace Microsoft.AspNet.Authentication.Google
                             });
                         }
 
-                        return null;
+                        throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
                 };
                 options.Events = new OAuthEvents
@@ -659,7 +659,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://accounts.google.com/o/oauth2/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -692,7 +692,7 @@ namespace Microsoft.AspNet.Authentication.Google
                             });
                         }
 
-                        return null;
+                        throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
                 };
             });

From 17072b141795718eb88428a4b510a08676449f38 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 1 Dec 2015 14:06:12 -0800
Subject: [PATCH 418/900] #574 Add a JwtBearer sample.

---
 Security.sln                                  |  15 +++
 samples/JwtBearerSample/JwtBearerSample.xproj |  25 +++++
 .../Properties/launchSettings.json            |  25 +++++
 samples/JwtBearerSample/Startup.cs            | 104 ++++++++++++++++++
 samples/JwtBearerSample/Todo.cs               |   8 ++
 samples/JwtBearerSample/project.json          |  27 +++++
 .../wwwroot/App/Scripts/app.js                |  28 +++++
 .../wwwroot/App/Scripts/homeCtrl.js           |  13 +++
 .../wwwroot/App/Scripts/indexCtrl.js          |   5 +
 .../wwwroot/App/Scripts/todoListCtrl.js       |  71 ++++++++++++
 .../wwwroot/App/Scripts/todoListSvc.js        |  24 ++++
 .../wwwroot/App/Scripts/userDataCtrl.js       |   6 +
 .../wwwroot/App/Views/Home.html               |   3 +
 .../wwwroot/App/Views/TodoList.html           |  24 ++++
 .../wwwroot/App/Views/UserData.html           |  23 ++++
 samples/JwtBearerSample/wwwroot/index.html    |  68 ++++++++++++
 samples/JwtBearerSample/wwwroot/web.config    |   9 ++
 17 files changed, 478 insertions(+)
 create mode 100644 samples/JwtBearerSample/JwtBearerSample.xproj
 create mode 100644 samples/JwtBearerSample/Properties/launchSettings.json
 create mode 100644 samples/JwtBearerSample/Startup.cs
 create mode 100644 samples/JwtBearerSample/Todo.cs
 create mode 100644 samples/JwtBearerSample/project.json
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Scripts/app.js
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Views/Home.html
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
 create mode 100644 samples/JwtBearerSample/wwwroot/App/Views/UserData.html
 create mode 100644 samples/JwtBearerSample/wwwroot/index.html
 create mode 100644 samples/JwtBearerSample/wwwroot/web.config

diff --git a/Security.sln b/Security.sln
index 6367cfeadf..77ed552842 100644
--- a/Security.sln
+++ b/Security.sln
@@ -54,6 +54,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Coo
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Cookies.Interop.Test", "test\Microsoft.Owin.Security.Cookies.Interop.Test\Microsoft.Owin.Security.Cookies.Interop.Test.xproj", "{73E8E654-A2AC-4848-95F3-EB55512F6C39}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "JwtBearerSample", "samples\JwtBearerSample\JwtBearerSample.xproj", "{D399B84F-591B-4E98-92BA-B0F63E7B6957}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -298,6 +300,18 @@ Global
 		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|x86.ActiveCfg = Release|Any CPU
 		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|x86.Build.0 = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x86.Build.0 = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.ActiveCfg = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -323,5 +337,6 @@ Global
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{21A56E78-31DE-4868-9778-7E4DBE2A4E35} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{73E8E654-A2AC-4848-95F3-EB55512F6C39} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/JwtBearerSample/JwtBearerSample.xproj b/samples/JwtBearerSample/JwtBearerSample.xproj
new file mode 100644
index 0000000000..15adb23f1b
--- /dev/null
+++ b/samples/JwtBearerSample/JwtBearerSample.xproj
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>d399b84f-591b-4e98-92ba-b0f63e7b6957</ProjectGuid>
+    <RootNamespace>JwtBearerSample</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <DnxInvisibleContent Include="bower.json" />
+    <DnxInvisibleContent Include=".bowerrc" />
+    <DnxInvisibleContent Include="package.json" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
diff --git a/samples/JwtBearerSample/Properties/launchSettings.json b/samples/JwtBearerSample/Properties/launchSettings.json
new file mode 100644
index 0000000000..af63bba52f
--- /dev/null
+++ b/samples/JwtBearerSample/Properties/launchSettings.json
@@ -0,0 +1,25 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:42023",
+      "sslPort": 0
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNET_ENVIRONMENT": "Development"
+      }
+    },
+    "web": {
+      "commandName": "web",
+      "environmentVariables": {
+        "Hosting:Environment": "Development"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
new file mode 100644
index 0000000000..5d2bd6400f
--- /dev/null
+++ b/samples/JwtBearerSample/Startup.cs
@@ -0,0 +1,104 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
+using Microsoft.AspNet.Http;
+using Microsoft.Extensions.DependencyInjection;
+using Newtonsoft.Json.Linq;
+
+namespace JwtBearerSample
+{
+    public class Startup
+    {
+        // Shared between users in memory
+        public IList<Todo> Todos { get; } = new List<Todo>();
+
+        // This method gets called by the runtime. Use this method to add services to the container.
+        // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddAuthentication();
+        }
+
+        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
+        public void Configure(IApplicationBuilder app)
+        {
+            // Simple error page to avoid a repo dependency.
+            app.Use(async (context, next) =>
+            {
+                try
+                {
+                    await next();
+                }
+                catch (Exception ex)
+                {
+                    if (context.Response.HasStarted)
+                    {
+                        throw;
+                    }
+                    context.Response.StatusCode = 500;
+                    await context.Response.WriteAsync(ex.ToString());
+                }
+            });
+
+            app.UseIISPlatformHandler();
+
+            app.UseDefaultFiles();
+            app.UseStaticFiles();
+
+            app.UseJwtBearerAuthentication(options =>
+            {
+                options.AutomaticAuthenticate = true;
+                options.AutomaticChallenge = true;
+                // You also need to update /wwwroot/app/scripts/app.js
+                options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
+                options.Audience = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
+            });
+
+            // [Authorize] would usually handle this
+            app.Use(async (context, next) =>
+            {
+                // Use this if options.AutomaticAuthenticate = false
+                // var user = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+
+                var user = context.User; // We can do this because of  options.AutomaticAuthenticate = true; above.
+                if (user?.Identity?.IsAuthenticated ?? false)
+                {
+                    await next();
+                }
+                else
+                {
+                    // We can do this because of options.AutomaticChallenge = true; above
+                    await context.Authentication.ChallengeAsync();
+                }
+            });
+
+            // MVC would usually handle this:
+            app.Map("/api/TodoList", todoApp =>
+            {
+                todoApp.Run(async context =>
+                {
+                    var response = context.Response;
+                    if (context.Request.Method.Equals("POST", System.StringComparison.OrdinalIgnoreCase))
+                    {
+                        var reader = new StreamReader(context.Request.Body);
+                        var body = await reader.ReadToEndAsync();
+                        var obj = JObject.Parse(body);
+                        var todo = new Todo() { Description = obj["Description"].Value<string>(), Owner = context.User.Identity.Name };
+                        Todos.Add(todo);
+                    }
+                    else
+                    {
+                        response.ContentType = "application/json";
+                        var json = JToken.FromObject(Todos);
+                        await response.WriteAsync(json.ToString());
+                    }
+                });
+            });
+        }
+
+        // Entry point for the application.
+        public static void Main(string[] args) => WebApplication.Run<Startup>(args);
+    }
+}
diff --git a/samples/JwtBearerSample/Todo.cs b/samples/JwtBearerSample/Todo.cs
new file mode 100644
index 0000000000..3ddf40414e
--- /dev/null
+++ b/samples/JwtBearerSample/Todo.cs
@@ -0,0 +1,8 @@
+namespace JwtBearerSample
+{
+    public class Todo
+    {
+        public string Description { get; set; }
+        public string Owner { get; set; }
+    }
+}
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
new file mode 100644
index 0000000000..2e9dca157a
--- /dev/null
+++ b/samples/JwtBearerSample/project.json
@@ -0,0 +1,27 @@
+{
+  "version": "1.0.0-*",
+  "compilationOptions": {
+    "emitEntryPoint": true
+  },
+  "dependencies": {
+    "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
+    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNet.StaticFiles": "1.0.0-*"
+  },
+  "commands": {
+    "web": "Microsoft.AspNet.Server.Kestrel"
+  },
+  "frameworks": {
+    "dnx451": { },
+    "dnxcore50": { }
+  },
+  "exclude": [
+    "wwwroot",
+    "node_modules"
+  ],
+  "publishExclude": [
+    "**.user",
+    "**.vspscc"
+  ]
+}
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/app.js b/samples/JwtBearerSample/wwwroot/App/Scripts/app.js
new file mode 100644
index 0000000000..b45cb760b2
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Scripts/app.js
@@ -0,0 +1,28 @@
+'use strict';
+angular.module('todoApp', ['ngRoute','AdalAngular'])
+.config(['$routeProvider', '$httpProvider', 'adalAuthenticationServiceProvider', function ($routeProvider, $httpProvider, adalProvider) {
+
+    $routeProvider.when("/Home", {
+        controller: "homeCtrl",
+        templateUrl: "/App/Views/Home.html",
+    }).when("/TodoList", {
+        controller: "todoListCtrl",
+        templateUrl: "/App/Views/TodoList.html",
+        requireADLogin: true,
+    }).when("/UserData", {
+        controller: "userDataCtrl",
+        templateUrl: "/App/Views/UserData.html",
+    }).otherwise({ redirectTo: "/Home" });
+
+    adalProvider.init(
+        {
+            instance: 'https://login.microsoftonline.com/', 
+            tenant: 'tratcheroutlook.onmicrosoft.com',
+            clientId: '63a87a83-64b9-4ac1-b2c5-092126f8474f',
+            extraQueryParameter: 'nux=1',
+            // cacheLocation: 'localStorage', // enable this for IE, as sessionStorage does not work for localhost.
+        },
+        $httpProvider
+        );
+   
+}]);
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js b/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
new file mode 100644
index 0000000000..09a3beae53
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
@@ -0,0 +1,13 @@
+'use strict';
+angular.module('todoApp')
+.controller('homeCtrl', ['$scope', 'adalAuthenticationService','$location', function ($scope, adalService, $location) {
+    $scope.login = function () {
+        adalService.login();
+    };
+    $scope.logout = function () {
+        adalService.logOut();
+    };
+    $scope.isActive = function (viewLocation) {        
+        return viewLocation === $location.path();
+    };
+}]);
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js b/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
new file mode 100644
index 0000000000..baaa4b2421
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
@@ -0,0 +1,5 @@
+'use strict';
+angular.module('todoApp')
+.controller('indexCtrl', ['$scope', 'adalAuthenticationService', function ($scope, adalService) {
+
+}]);
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js b/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
new file mode 100644
index 0000000000..7dbd4f29ca
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
@@ -0,0 +1,71 @@
+'use strict';
+angular.module('todoApp')
+.controller('todoListCtrl', ['$scope', '$location', 'todoListSvc', 'adalAuthenticationService', function ($scope, $location, todoListSvc, adalService) {
+    $scope.error = "";
+    $scope.loadingMessage = "Loading...";
+    $scope.todoList = null;
+    $scope.editingInProgress = false;
+    $scope.newTodoCaption = "";
+
+
+    $scope.editInProgressTodo = {
+        Description: "",
+        ID: 0
+    };
+
+    
+
+    $scope.editSwitch = function (todo) {
+        todo.edit = !todo.edit;
+        if (todo.edit) {
+            $scope.editInProgressTodo.Description = todo.Description;
+            $scope.editInProgressTodo.ID = todo.ID;
+            $scope.editingInProgress = true;
+        } else {
+            $scope.editingInProgress = false;
+        }
+    };
+
+    $scope.populate = function () {
+        todoListSvc.getItems().success(function (results) {
+            $scope.todoList = results;
+            $scope.loadingMessage = "";
+        }).error(function (err) {
+            $scope.error = err;
+            $scope.loadingMessage = "";
+        })
+    };
+    $scope.delete = function (id) {
+        todoListSvc.deleteItem(id).success(function (results) {
+            $scope.loadingMessage = "";
+            $scope.populate();
+        }).error(function (err) {
+            $scope.error = err;
+            $scope.loadingMessage = "";
+        })
+    };
+    $scope.update = function (todo) {
+        todoListSvc.putItem($scope.editInProgressTodo).success(function (results) {
+            $scope.loadingMsg = "";
+            $scope.populate();
+            $scope.editSwitch(todo);
+        }).error(function (err) {
+            $scope.error = err;
+            $scope.loadingMessage = "";
+        })
+    };
+    $scope.add = function () {
+
+        todoListSvc.postItem({
+            'Description': $scope.newTodoCaption,
+            'Owner': adalService.userInfo.userName
+        }).success(function (results) {
+            $scope.loadingMsg = "";
+            $scope.newTodoCaption = "";
+            $scope.populate();
+        }).error(function (err) {
+            $scope.error = err;
+            $scope.loadingMsg = "";
+        })
+    };
+}]);
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js b/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
new file mode 100644
index 0000000000..87d0641084
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
@@ -0,0 +1,24 @@
+'use strict';
+angular.module('todoApp')
+.factory('todoListSvc', ['$http', function ($http) {
+    return {
+        getItems : function(){
+            return $http.get('/api/TodoList');
+        },
+        getItem : function(id){
+            return $http.get('/api/TodoList/' + id);
+        },
+        postItem : function(item){
+            return $http.post('/api/TodoList/',item);
+        },
+        putItem : function(item){
+            return $http.put('/api/TodoList/', item);
+        },
+        deleteItem : function(id){
+            return $http({
+                method: 'DELETE',
+                url: '/api/TodoList/' + id
+            });
+        }
+    };
+}]);
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js b/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
new file mode 100644
index 0000000000..1b2511fdcc
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
@@ -0,0 +1,6 @@
+'use strict';
+angular.module('todoApp')
+.controller('userDataCtrl', ['$scope', 'adalAuthenticationService', function ($scope, adalService) {
+
+
+}]);
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/Home.html b/samples/JwtBearerSample/wwwroot/App/Views/Home.html
new file mode 100644
index 0000000000..49f14e1d5b
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Views/Home.html
@@ -0,0 +1,3 @@
+<div>
+    home sweet home
+</div>
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html b/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
new file mode 100644
index 0000000000..8ade518a5c
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
@@ -0,0 +1,24 @@
+<div ng-init="populate()">
+    <p class="error">{{error}}</p>
+    <p>{{loadingMessage}}</p>
+    <div class="panel">
+        <div class="input-group">
+            <input ng-model="newTodoCaption" class="form-control" />
+            <span class="input-group-btn">
+                <button ng-click="add();" class="btn btn-default">Add</button>
+            </span>
+        </div>
+        <table class="table table-striped">
+            <tbody>
+                <tr data-ng-repeat="item in todoList">
+                    <td>
+                        <p data-ng-hide="item.edit">{{item.Description}}</p>                      
+                    </td>
+                    <td>
+                        <p data-ng-hide="item.edit">{{item.Owner}}</p>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </div>
+</div>
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/UserData.html b/samples/JwtBearerSample/wwwroot/App/Views/UserData.html
new file mode 100644
index 0000000000..cacd57edb9
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/App/Views/UserData.html
@@ -0,0 +1,23 @@
+<div>
+    <h3>
+        Id_token content
+    </h3>
+    <p>{{userInfo.userName}}</p>
+    <p>aud:{{userInfo.profile.aud}}</p>
+    <p>iss:{{userInfo.profile.iss}}</p>
+    <p>iat:{{userInfo.profile.iat}}</p>
+    <p>nbf:{{userInfo.profile.nbf}}</p>
+    <p>exp:{{userInfo.profile.exp}}</p>
+    <p>ver:{{userInfo.profile.ver}}</p>
+    <p>tid:{{userInfo.profile.tid}}</p>
+    <p>amr:{{userInfo.profile.amr}}</p>
+    <p>oid:{{userInfo.profile.oid}}</p>
+    <p>upn:{{userInfo.profile.upn}}</p>
+    <p>unique_name:{{userInfo.profile.unique_name}}</p>
+    <p>sub:{{userInfo.profile.sub}}</p>
+    <p>family_name:{{userInfo.profile.family_name}}</p>
+    <p>given_name:{{userInfo.profile.given_name}}</p>
+    <p>pwd_exp:{{userInfo.profile.pwd_exp}}</p>
+    <p>pwd_url:{{userInfo.profile.pwd_url}}</p>
+
+</div>
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/index.html b/samples/JwtBearerSample/wwwroot/index.html
new file mode 100644
index 0000000000..f71dccb693
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/index.html
@@ -0,0 +1,68 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <title>Todo List: a SPA sample demonstrating Azure AD and ADAL JS</title>
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap-theme.min.css">
+</head>
+<body ng-app="todoApp" ng-controller="homeCtrl" role="document">
+
+
+    <div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+        <div class="container">
+            <div class="navbar-header">
+                <button type="button" class="navbar-toggle collapsed"
+                        data-toggle="collapse"
+                        data-target=".navbar-collapse">
+
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </button>
+                <a class="navbar-brand" href="#/Home">ADAL JS Sample</a>
+            </div>
+            <div class="navbar-collapse collapse">
+                <ul class="nav navbar-nav">
+                    <li ng-class="{ active: isActive('/Home') }"><a href="#/Home">Home</a></li>
+                    <li ng-class="{ active: isActive('/TodoList') }"><a href="#/TodoList">Todo List</a></li>
+                    <li ng-class="{ active: isActive('/UserData') }"><a href="#/UserData" ng-show="userInfo.isAuthenticated">User</a></li>
+                </ul>
+                <ul class="nav navbar-nav navbar-right">
+                    <li><a class="btn btn-link" ng-show="userInfo.isAuthenticated" ng-click="logout()">Logout</a></li>
+                    <li><a class="btn btn-link" ng-hide="userInfo.isAuthenticated" ng-click="login()">Login</a></li>
+                </ul>
+            </div>
+        </div>
+    </div>
+
+
+    <br />
+    <div class="container" role="main">
+        <div class="row">
+            <div class="col-xs-10 col-xs-offset-1" style="background-color:azure">
+                <div class="page-header">
+                    <h1>Todo List</h1>
+                </div>
+                <p>This sample demonstrates how to take advantage of ADAL JS for adding Azure AD authentication to your AngularJS apps.</p>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-xs-10 col-xs-offset-1">
+                <div ng-view class="panel-body">
+
+                </div>
+            </div>
+        </div>
+        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
+        <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.25/angular.min.js"></script>
+        <script src="https://code.angularjs.org/1.2.25/angular-route.js"></script>
+        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
+        <script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.0/js/adal.min.js"></script>
+        <script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.0/js/adal-angular.min.js"></script>
+        <script src="App/Scripts/app.js"></script>
+        <script src="App/Scripts/homeCtrl.js"></script>
+        <script src="App/Scripts/userDataCtrl.js"></script>
+        <script src="App/Scripts/todoListCtrl.js"></script>
+        <script src="App/Scripts/todoListSvc.js"></script>
+</body>
+</html>
diff --git a/samples/JwtBearerSample/wwwroot/web.config b/samples/JwtBearerSample/wwwroot/web.config
new file mode 100644
index 0000000000..8485f6719f
--- /dev/null
+++ b/samples/JwtBearerSample/wwwroot/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
+    </handlers>
+    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" stdoutLogEnabled="false" startupTimeLimit="3600"/>
+  </system.webServer>
+</configuration>

From f24c35f1a93ed0d6de3cda2b4ab15906f5f6d56b Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 7 Dec 2015 13:37:56 -0800
Subject: [PATCH 419/900] Promote SaveTokensAsClaims to RemoteAuthOptions

---
 .../FacebookOptions.cs                                    | 1 -
 .../GoogleOptions.cs                                      | 1 -
 .../MicrosoftAccountOptions.cs                            | 1 -
 src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs | 8 --------
 .../OpenIdConnectOptions.cs                               | 7 -------
 .../TwitterOptions.cs                                     | 8 --------
 .../RemoteAuthenticationOptions.cs                        | 8 ++++++++
 7 files changed, 8 insertions(+), 26 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
index 0bf6a37166..b6ceb5f0f0 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
@@ -24,7 +24,6 @@ namespace Microsoft.AspNet.Authentication.Facebook
             AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
             TokenEndpoint = FacebookDefaults.TokenEndpoint;
             UserInformationEndpoint = FacebookDefaults.UserInformationEndpoint;
-            SaveTokensAsClaims = false;
             Fields = new List<string>();
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
index ca736f34e5..2c00278c78 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
@@ -22,7 +22,6 @@ namespace Microsoft.AspNet.Authentication.Google
             AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleDefaults.TokenEndpoint;
             UserInformationEndpoint = GoogleDefaults.UserInformationEndpoint;
-            SaveTokensAsClaims = false;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 8c89ef20d5..3339cf4ccd 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -22,7 +22,6 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
             UserInformationEndpoint = MicrosoftAccountDefaults.UserInformationEndpoint;
-            SaveTokensAsClaims = false;
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
index fa1471bb21..ba689e66b1 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
@@ -64,13 +64,5 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
         public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
-
-        /// <summary>
-        /// Defines whether access and refresh tokens should be stored in the
-        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
-        /// You can set this property to <c>false</c> to reduce the size of the final
-        /// authentication cookie. Note that social providers set this property to <c>false</c> by default.
-        /// </summary>
-        public bool SaveTokensAsClaims { get; set; } = true;
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index a139f96515..dc2cce9964 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -189,12 +189,5 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// This is disabled by default.
         /// </summary>
         public bool UseTokenLifetime { get; set; }
-
-        /// <summary>
-        /// Defines whether access and refresh tokens should be stored in the
-        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
-        /// You can set this property to <c>false</c> to reduce the size of the final authentication cookie.
-        /// </summary>
-        public bool SaveTokensAsClaims { get; set; } = true;
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
index dae6fa6b20..85e266326a 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
@@ -49,13 +49,5 @@ namespace Microsoft.AspNet.Authentication.Twitter
             get { return (ITwitterEvents)base.Events; }
             set { base.Events = value; }
         }
-
-        /// <summary>
-        /// Defines whether access tokens should be stored in the
-        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
-        /// This property is set to <c>false</c> by default to reduce
-        /// the size of the final authentication cookie.
-        /// </summary>
-        public bool SaveTokensAsClaims { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
index f5dad7267f..5fb3b4caf6 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
@@ -48,6 +48,14 @@ namespace Microsoft.AspNet.Authentication
             set { Description.DisplayName = value; }
         }
 
+        /// <summary>
+        /// Defines whether access and refresh tokens should be stored in the
+        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
+        /// This property is set to <c>false</c> by default to reduce
+        /// the size of the final authentication cookie.
+        /// </summary>
+        public bool SaveTokensAsClaims { get; set; }
+
         public IRemoteAuthenticationEvents Events = new RemoteAuthenticationEvents();
     }
 }
\ No newline at end of file

From 4c1943b281cb97c440fc66018112819061b9d0a3 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Sun, 6 Dec 2015 18:32:28 -0800
Subject: [PATCH 420/900] Reacting to verbose rename

---
 .../OpenIdConnectHandler.cs                   | 66 +++++++++----------
 .../TwitterHandler.cs                         |  4 +-
 .../AuthenticationHandler.cs                  |  2 +-
 .../RemoteAuthenticationHandler.cs            |  4 +-
 4 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index eb88f43696..5780bccfe7 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -107,12 +107,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Events.RedirectToEndSessionEndpoint(redirectContext);
                 if (redirectContext.HandledResponse)
                 {
-                    Logger.LogVerbose(1, "RedirectToEndSessionEndpoint.HandledResponse");
+                    Logger.LogDebug(1, "RedirectToEndSessionEndpoint.HandledResponse");
                     return;
                 }
                 else if (redirectContext.Skipped)
                 {
-                    Logger.LogVerbose(2, "RedirectToEndSessionEndpoint.Skipped");
+                    Logger.LogDebug(2, "RedirectToEndSessionEndpoint.Skipped");
                     return;
                 }
 
@@ -170,7 +170,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(context));
             }
 
-            Logger.LogDebug(4, "Entering {0}." + nameof(HandleUnauthorizedAsync), GetType());
+            Logger.LogTrace(4, "Entering {0}." + nameof(HandleUnauthorizedAsync), GetType());
 
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
@@ -181,7 +181,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 properties.RedirectUri = CurrentUri;
             }
-            Logger.LogDebug(5, "Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.", properties.RedirectUri);
+            Logger.LogTrace(5, "Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.", properties.RedirectUri);
 
             if (_configuration == null && Options.ConfigurationManager != null)
             {
@@ -223,12 +223,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.RedirectToAuthenticationEndpoint(redirectContext);
             if (redirectContext.HandledResponse)
             {
-                Logger.LogVerbose(6, "RedirectToAuthenticationEndpoint.HandledResponse");
+                Logger.LogDebug(6, "RedirectToAuthenticationEndpoint.HandledResponse");
                 return true;
             }
             else if (redirectContext.Skipped)
             {
-                Logger.LogVerbose(7, "RedirectToAuthenticationEndpoint.Skipped");
+                Logger.LogDebug(7, "RedirectToAuthenticationEndpoint.Skipped");
                 return false;
             }
 
@@ -294,7 +294,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
         protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
-            Logger.LogDebug(10, "Entering: {0}." + nameof(HandleRemoteAuthenticateAsync), GetType());
+            Logger.LogTrace(10, "Entering: {0}." + nameof(HandleRemoteAuthenticateAsync), GetType());
 
             OpenIdConnectMessage message = null;
 
@@ -344,7 +344,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 if (string.IsNullOrEmpty(message.State))
                 {
                     // This wasn't a valid ODIC message, it may not have been intended for us.
-                    Logger.LogVerbose(11, "message.State is null or empty.");
+                    Logger.LogDebug(11, "message.State is null or empty.");
                     return AuthenticateResult.Failed(Resources.MessageStateIsNullOrEmpty);
                 }
 
@@ -374,11 +374,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
-                    Logger.LogVerbose(14, "Updating configuration");
+                    Logger.LogDebug(14, "Updating configuration");
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                Logger.LogDebug(15, "Authorization response received.");
+                Logger.LogTrace(15, "Authorization response received.");
                 var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options)
                 {
                     ProtocolMessage = message,
@@ -387,12 +387,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
                 if (authorizationResponseReceivedContext.HandledResponse)
                 {
-                    Logger.LogVerbose(16, "AuthorizationResponseReceived.HandledResponse");
+                    Logger.LogDebug(16, "AuthorizationResponseReceived.HandledResponse");
                     return AuthenticateResult.Success(authorizationResponseReceivedContext.AuthenticationTicket);
                 }
                 else if (authorizationResponseReceivedContext.Skipped)
                 {
-                    Logger.LogVerbose(17, "AuthorizationResponseReceived.Skipped");
+                    Logger.LogDebug(17, "AuthorizationResponseReceived.Skipped");
                     return AuthenticateResult.Success(ticket: null);
                 }
                 message = authorizationResponseReceivedContext.ProtocolMessage;
@@ -408,7 +408,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
                 else
                 {
-                    Logger.LogDebug(18, "Cannot process the message. Both id_token and code are missing.");
+                    Logger.LogTrace(18, "Cannot process the message. Both id_token and code are missing.");
                     return AuthenticateResult.Failed(Resources.IdTokenCodeMissing);
                 }
             }
@@ -421,7 +421,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     if (Options.ConfigurationManager != null)
                     {
-                        Logger.LogVerbose(20, "exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.");
+                        Logger.LogDebug(20, "exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.");
                         Options.ConfigurationManager.RequestRefresh();
                     }
                 }
@@ -465,7 +465,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var code = authorizationCodeReceivedContext.Code;
 
             // Redeeming authorization code for tokens
-            Logger.LogDebug(21, "Id Token is null. Redeeming code '{0}' for tokens.", code);
+            Logger.LogTrace(21, "Id Token is null. Redeeming code '{0}' for tokens.", code);
 
             var tokenEndpointResponse = await RedeemAuthorizationCodeAsync(code, authorizationCodeReceivedContext.RedirectUri);
 
@@ -521,7 +521,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (Options.GetClaimsFromUserInfoEndpoint)
             {
-                Logger.LogDebug(22, "Sending request to user info endpoint for retrieving claims.");
+                Logger.LogTrace(22, "Sending request to user info endpoint for retrieving claims.");
                 ticket = await GetUserInformationAsync(tokenEndpointResponse, jwt, ticket);
             }
 
@@ -531,7 +531,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         // Implicit Flow or Hybrid Flow
         private async Task<AuthenticateResult> HandleIdTokenFlows(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
-            Logger.LogDebug(23, "'id_token' received: '{0}'", message.IdToken);
+            Logger.LogTrace(23, "'id_token' received: '{0}'", message.IdToken);
 
             JwtSecurityToken jwt = null;
             var validationParameters = Options.TokenValidationParameters.Clone();
@@ -925,7 +925,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message)
         {
-            Logger.LogDebug(29, "MessageReceived: '{0}'", message.BuildRedirectUrl());
+            Logger.LogTrace(29, "MessageReceived: '{0}'", message.BuildRedirectUrl());
             var messageReceivedContext = new MessageReceivedContext(Context, Options)
             {
                 ProtocolMessage = message
@@ -934,11 +934,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.MessageReceived(messageReceivedContext);
             if (messageReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(30, "MessageReceivedContext.HandledResponse");
+                Logger.LogDebug(30, "MessageReceivedContext.HandledResponse");
             }
             else if (messageReceivedContext.Skipped)
             {
-                Logger.LogVerbose(31, "MessageReceivedContext.Skipped");
+                Logger.LogDebug(31, "MessageReceivedContext.Skipped");
             }
 
             return messageReceivedContext;
@@ -948,7 +948,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
             var redirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey];
 
-            Logger.LogDebug(32, "AuthorizationCode received: '{0}'", message.Code);
+            Logger.LogTrace(32, "AuthorizationCode received: '{0}'", message.Code);
 
             var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options)
             {
@@ -962,11 +962,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(33, "AuthorizationCodeReceivedContext.HandledResponse");
+                Logger.LogDebug(33, "AuthorizationCodeReceivedContext.HandledResponse");
             }
             else if (authorizationCodeReceivedContext.Skipped)
             {
-                Logger.LogVerbose(34, "AuthorizationCodeReceivedContext.Skipped");
+                Logger.LogDebug(34, "AuthorizationCodeReceivedContext.Skipped");
             }
 
             return authorizationCodeReceivedContext;
@@ -974,7 +974,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse)
         {
-            Logger.LogDebug(35, "Token response received.");
+            Logger.LogTrace(35, "Token response received.");
             var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options)
             {
                 ProtocolMessage = message,
@@ -984,11 +984,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.TokenResponseReceived(tokenResponseReceivedContext);
             if (tokenResponseReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(36, "AuthorizationCodeRedeemedContext.HandledResponse");
+                Logger.LogDebug(36, "AuthorizationCodeRedeemedContext.HandledResponse");
             }
             else if (tokenResponseReceivedContext.Skipped)
             {
-                Logger.LogVerbose(37, "AuthorizationCodeRedeemedContext.Skipped");
+                Logger.LogDebug(37, "AuthorizationCodeRedeemedContext.Skipped");
             }
             return tokenResponseReceivedContext;
         }
@@ -1005,11 +1005,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.AuthenticationValidated(authenticationValidatedContext);
             if (authenticationValidatedContext.HandledResponse)
             {
-                Logger.LogVerbose(38, "AuthenticationValidated.HandledResponse");
+                Logger.LogDebug(38, "AuthenticationValidated.HandledResponse");
             }
             else if (authenticationValidatedContext.Skipped)
             {
-                Logger.LogVerbose(39, "AuthenticationValidated.Skipped");
+                Logger.LogDebug(39, "AuthenticationValidated.Skipped");
             }
 
             return authenticationValidatedContext;
@@ -1017,7 +1017,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
         private async Task<UserInformationReceivedContext> RunUserInformationReceivedEventAsync(AuthenticationTicket ticket, OpenIdConnectMessage message, JObject user)
         {
-            Logger.LogDebug(40, "User information received: {0}", user.ToString());
+            Logger.LogTrace(40, "User information received: {0}", user.ToString());
 
             var userInformationReceivedContext = new UserInformationReceivedContext(Context, Options)
             {
@@ -1029,11 +1029,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.UserInformationReceived(userInformationReceivedContext);
             if (userInformationReceivedContext.HandledResponse)
             {
-                Logger.LogVerbose(41, "The UserInformationReceived event returned Handled.");
+                Logger.LogDebug(41, "The UserInformationReceived event returned Handled.");
             }
             else if (userInformationReceivedContext.Skipped)
             {
-                Logger.LogVerbose(42, "The UserInformationReceived event returned Skipped.");
+                Logger.LogDebug(42, "The UserInformationReceived event returned Skipped.");
             }
 
             return userInformationReceivedContext;
@@ -1050,11 +1050,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             await Options.Events.AuthenticationFailed(authenticationFailedContext);
             if (authenticationFailedContext.HandledResponse)
             {
-                Logger.LogVerbose(43, "AuthenticationFailedContext.HandledResponse");
+                Logger.LogDebug(43, "AuthenticationFailedContext.HandledResponse");
             }
             else if (authenticationFailedContext.Skipped)
             {
-                Logger.LogVerbose(44, "AuthenticationFailedContext.Skipped");
+                Logger.LogDebug(44, "AuthenticationFailedContext.Skipped");
             }
 
             return authenticationFailedContext;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index 8ea5ae42d6..312c8c281e 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -147,7 +147,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
         {
-            Logger.LogVerbose("ObtainRequestToken");
+            Logger.LogDebug("ObtainRequestToken");
 
             var nonce = Guid.NewGuid().ToString("N");
 
@@ -208,7 +208,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
         {
             // https://dev.twitter.com/docs/api/1/post/oauth/access_token
 
-            Logger.LogVerbose("ObtainAccessToken");
+            Logger.LogDebug("ObtainAccessToken");
 
             var nonce = Guid.NewGuid().ToString("N");
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 7c4102cf39..6dd298fbc7 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -216,7 +216,7 @@ namespace Microsoft.AspNet.Authentication
                     else
                     {
                         context.NotAuthenticated();
-                        Logger.LogVerbose(2, "AuthenticationScheme: {scheme} was not authenticated.", Options.AuthenticationScheme);
+                        Logger.LogDebug(2, "AuthenticationScheme: {scheme} was not authenticated.", Options.AuthenticationScheme);
                     }
                 }
             }
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
index 0851b1b5ce..8c58d072dd 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
@@ -52,12 +52,12 @@ namespace Microsoft.AspNet.Authentication
 
             if (context.HandledResponse)
             {
-                Logger.LogVerbose("The SigningIn event returned Handled.");
+                Logger.LogDebug("The SigningIn event returned Handled.");
                 return true;
             }
             else if (context.Skipped)
             {
-                Logger.LogVerbose("The SigningIn event returned Skipped.");
+                Logger.LogDebug("The SigningIn event returned Skipped.");
                 return false;
             }
 

From 0623f3b741f1e98c48a4fe5cf88b77c1d3133a77 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 9 Dec 2015 10:52:30 -0800
Subject: [PATCH 421/900] #555 Make SkipToNextMiddleware work on events.

---
 samples/JwtBearerSample/Startup.cs            |   2 +
 .../Properties/launchSettings.json            |   2 +-
 samples/SocialSample/Startup.cs               |  10 +-
 .../CookieAuthenticationHandler.cs            |  44 +++--
 .../Events/JwtBearerEvents.cs                 |   8 +-
 .../JwtBearerHandler.cs                       |  34 +++-
 .../OAuthHandler.cs                           |  20 +-
 .../OpenIdConnectHandler.cs                   |  32 ++--
 .../TwitterHandler.cs                         |   8 +-
 .../AuthenticateResult.cs                     |  24 ++-
 .../AuthenticationHandler.cs                  |   8 +-
 .../{ErrorContext.cs => FailureContext.cs}    |  11 +-
 .../Events/IRemoteAuthenticationEvents.cs     |   2 +-
 .../Events/RemoteAuthenticationEvents.cs      |   8 +-
 .../RemoteAuthenticationHandler.cs            |  14 +-
 .../Google/GoogleMiddlewareTests.cs           |  24 +--
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 172 +++++++++++++++++-
 17 files changed, 307 insertions(+), 116 deletions(-)
 rename src/Microsoft.AspNet.Authentication/Events/{ErrorContext.cs => FailureContext.cs} (60%)

diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 5d2bd6400f..c79cbda951 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -5,6 +5,7 @@ using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
 
 namespace JwtBearerSample
@@ -91,6 +92,7 @@ namespace JwtBearerSample
                     else
                     {
                         response.ContentType = "application/json";
+                        response.Headers[HeaderNames.CacheControl] = "no-cache";
                         var json = JToken.FromObject(Todos);
                         await response.WriteAsync(json.ToString());
                     }
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index 174032b7bc..3d9d32eebe 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -3,7 +3,7 @@
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:1791/",
+      "applicationUrl": "http://localhost:42023",
       "sslPort": 0
     }
   },
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 972f3ccc0f..01d26fcdf3 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -85,10 +85,10 @@ namespace CookieSample
                 options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
                 options.Events = new OAuthEvents()
                 {
-                    OnRemoteError = ctx =>
+                    OnRemoteFailure = ctx =>
 
                     {
-                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
+                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
@@ -103,9 +103,9 @@ namespace CookieSample
                 options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
                 options.Events = new TwitterEvents()
                 {
-                    OnRemoteError = ctx =>
+                    OnRemoteFailure = ctx =>
                     {
-                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
+                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
@@ -269,7 +269,7 @@ namespace CookieSample
                 {
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
-                    await context.Response.WriteAsync("An remote error has occured: " + context.Request.Query["ErrorMessage"] + "<br>");
+                    await context.Response.WriteAsync("An remote failure has occurred: " + context.Request.Query["FailureMessage"] + "<br>");
                     await context.Response.WriteAsync("<a href=\"/\">Home</a>");
                     await context.Response.WriteAsync("</body></html>");
                 });
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index ad7dc7e862..e65640feaf 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -10,7 +10,6 @@ using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
@@ -26,31 +25,30 @@ namespace Microsoft.AspNet.Authentication.Cookies
         private DateTimeOffset? _renewIssuedUtc;
         private DateTimeOffset? _renewExpiresUtc;
         private string _sessionKey;
-        private Task<AuthenticationTicket> _cookieTicketTask;
+        private Task<AuthenticateResult> _readCookieTask;
 
-        private Task<AuthenticationTicket> EnsureCookieTicket()
+        private Task<AuthenticateResult> EnsureCookieTicket()
         {
             // We only need to read the ticket once
-            if (_cookieTicketTask == null)
+            if (_readCookieTask == null)
             {
-                _cookieTicketTask = ReadCookieTicket();
+                _readCookieTask = ReadCookieTicket();
             }
-            return _cookieTicketTask;
+            return _readCookieTask;
         }
 
-        private async Task<AuthenticationTicket> ReadCookieTicket()
+        private async Task<AuthenticateResult> ReadCookieTicket()
         {
             var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
             if (string.IsNullOrEmpty(cookie))
             {
-                return null;
+                return AuthenticateResult.Skip();
             }
 
             var ticket = Options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding());
             if (ticket == null)
             {
-                Logger.LogWarning(@"Unprotect ticket failed");
-                return null;
+                return AuthenticateResult.Fail("Unprotect ticket failed");
             }
 
             if (Options.SessionStore != null)
@@ -58,15 +56,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 var claim = ticket.Principal.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
                 if (claim == null)
                 {
-                    Logger.LogWarning(@"SessionId missing");
-                    return null;
+                    return AuthenticateResult.Fail("SessionId missing");
                 }
                 _sessionKey = claim.Value;
                 ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
                 if (ticket == null)
                 {
-                    Logger.LogWarning(@"Identity missing in session store");
-                    return null;
+                    return AuthenticateResult.Fail("Identity missing in session store");
                 }
             }
 
@@ -80,7 +76,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 {
                     await Options.SessionStore.RemoveAsync(_sessionKey);
                 }
-                return null;
+                return AuthenticateResult.Fail("Ticket expired");
             }
 
             var allowRefresh = ticket.Properties.AllowRefresh ?? true;
@@ -99,23 +95,23 @@ namespace Microsoft.AspNet.Authentication.Cookies
             }
 
             // Finally we have a valid ticket
-            return ticket;
+            return AuthenticateResult.Success(ticket);
         }
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
-            var ticket = await EnsureCookieTicket();
-            if (ticket == null)
+            var result = await EnsureCookieTicket();
+            if (!result.Succeeded)
             {
-                return AuthenticateResult.Failed("No ticket.");
+                return result;
             }
 
-            var context = new CookieValidatePrincipalContext(Context, ticket, Options);
+            var context = new CookieValidatePrincipalContext(Context, result.Ticket, Options);
             await Options.Events.ValidatePrincipal(context);
 
             if (context.Principal == null)
             {
-                return AuthenticateResult.Failed("No principal.");
+                return AuthenticateResult.Fail("No principal.");
             }
 
             if (context.ShouldRenew)
@@ -196,7 +192,8 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override async Task HandleSignInAsync(SignInContext signin)
         {
-            var ticket = await EnsureCookieTicket();
+            // Process the request cookie to initialize members like _sessionKey.
+            var result = await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
 
             var signInContext = new CookieSigningInContext(
@@ -231,7 +228,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
             }
 
-            ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
+            var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
             if (Options.SessionStore != null)
             {
                 if (_sessionKey != null)
@@ -269,6 +266,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
         {
+            // Process the request cookie to initialize members like _sessionKey.
             var ticket = await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
             if (Options.SessionStore != null && _sessionKey != null)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index e9832862b2..7fcf922e57 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -36,13 +36,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         public Func<ValidatedTokenContext, Task> OnValidatedToken { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked to apply a challenge sent back to the caller.
+        /// Invoked before a challenge is sent back to the caller.
         /// </summary>
-        public Func<JwtBearerChallengeContext, Task> OnChallenge { get; set; } = context =>
-        {
-            context.HttpContext.Response.Headers.Append("WWW-Authenticate", context.Options.Challenge);
-            return Task.FromResult(0);
-        };
+        public Func<JwtBearerChallengeContext, Task> OnChallenge { get; set; } = context => Task.FromResult(0);
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index beb77486f4..645cf2cdef 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -7,10 +7,12 @@ using System.IdentityModel.Tokens;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
@@ -38,7 +40,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 }
                 if (receivingTokenContext.Skipped)
                 {
-                    return AuthenticateResult.Success(ticket: null);
+                    return AuthenticateResult.Skip();
                 }
 
                 // If application retrieved token from somewhere else, use that.
@@ -51,7 +53,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     // If no authorization header found, nothing to process further
                     if (string.IsNullOrEmpty(authorization))
                     {
-                        return AuthenticateResult.Failed("No authorization header.");
+                        return AuthenticateResult.Skip();
                     }
 
                     if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
@@ -62,7 +64,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     // If no token found, no further work possible
                     if (string.IsNullOrEmpty(token))
                     {
-                        return AuthenticateResult.Failed("No bearer token.");
+                        return AuthenticateResult.Skip();
                     }
                 }
 
@@ -79,7 +81,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 }
                 if (receivedTokenContext.Skipped)
                 {
-                    return AuthenticateResult.Success(ticket: null);
+                    return AuthenticateResult.Skip();
                 }
 
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -147,7 +149,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         }
                         if (validatedTokenContext.Skipped)
                         {
-                            return AuthenticateResult.Success(ticket: null);
+                            return AuthenticateResult.Skip();
                         }
 
                         return AuthenticateResult.Success(ticket);
@@ -168,13 +170,13 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     }
                     if (authenticationFailedContext.Skipped)
                     {
-                        return AuthenticateResult.Success(ticket: null);
+                        return AuthenticateResult.Skip();
                     }
 
-                    return AuthenticateResult.Failed(authenticationFailedContext.Exception);
+                    return AuthenticateResult.Fail(authenticationFailedContext.Exception);
                 }
 
-                return AuthenticateResult.Failed("No SecurityTokenValidator available for token: " + token ?? "[null]");
+                return AuthenticateResult.Fail("No SecurityTokenValidator available for token: " + token ?? "[null]");
             }
             catch (Exception ex)
             {
@@ -192,7 +194,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 }
                 if (authenticationFailedContext.Skipped)
                 {
-                    return AuthenticateResult.Success(ticket: null);
+                    return AuthenticateResult.Skip();
                 }
 
                 throw;
@@ -201,8 +203,20 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
+            var eventContext = new JwtBearerChallengeContext(Context, Options);
+            await Options.Events.Challenge(eventContext);
+            if (eventContext.HandledResponse)
+            {
+                return true;
+            }
+            if (eventContext.Skipped)
+            {
+                return false;
+            }
+
             Response.StatusCode = 401;
-            await Options.Events.Challenge(new JwtBearerChallengeContext(Context, Options));
+            Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge);
+
             return false;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index 1d9c95d3cd..1d36e1437d 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -38,20 +38,20 @@ namespace Microsoft.AspNet.Authentication.OAuth
             var error = query["error"];
             if (!StringValues.IsNullOrEmpty(error))
             {
-                var errorMessage = new StringBuilder();
-                errorMessage.Append(error);
+                var failureMessage = new StringBuilder();
+                failureMessage.Append(error);
                 var errorDescription = query["error_description"];
                 if (!StringValues.IsNullOrEmpty(errorDescription))
                 {
-                    errorMessage.Append(";Description=").Append(errorDescription);
+                    failureMessage.Append(";Description=").Append(errorDescription);
                 }
                 var errorUri = query["error_uri"];
                 if (!StringValues.IsNullOrEmpty(errorUri))
                 {
-                    errorMessage.Append(";Uri=").Append(errorUri);
+                    failureMessage.Append(";Uri=").Append(errorUri);
                 }
 
-                return AuthenticateResult.Failed(errorMessage.ToString());
+                return AuthenticateResult.Fail(failureMessage.ToString());
             }
 
             var code = query["code"];
@@ -60,30 +60,30 @@ namespace Microsoft.AspNet.Authentication.OAuth
             properties = Options.StateDataFormat.Unprotect(state);
             if (properties == null)
             {
-                return AuthenticateResult.Failed("The oauth state was missing or invalid.");
+                return AuthenticateResult.Fail("The oauth state was missing or invalid.");
             }
 
             // OAuth2 10.12 CSRF
             if (!ValidateCorrelationId(properties))
             {
-                return AuthenticateResult.Failed("Correlation failed.");
+                return AuthenticateResult.Fail("Correlation failed.");
             }
 
             if (StringValues.IsNullOrEmpty(code))
             {
-                return AuthenticateResult.Failed("Code was not found.");
+                return AuthenticateResult.Fail("Code was not found.");
             }
 
             var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
 
             if (tokens.Error != null)
             {
-                return AuthenticateResult.Failed(tokens.Error);
+                return AuthenticateResult.Fail(tokens.Error);
             }
 
             if (string.IsNullOrEmpty(tokens.AccessToken))
             {
-                return AuthenticateResult.Failed("Failed to retrieve access token.");
+                return AuthenticateResult.Fail("Failed to retrieve access token.");
             }
 
             var identity = new ClaimsIdentity(Options.ClaimsIssuer);
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 5780bccfe7..124d8f543a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -307,7 +307,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
                 if (!string.IsNullOrEmpty(message.IdToken) || !string.IsNullOrEmpty(message.AccessToken))
                 {
-                    return AuthenticateResult.Failed("An OpenID Connect response cannot contain an " +
+                    return AuthenticateResult.Fail("An OpenID Connect response cannot contain an " +
                             "identity token or an access token when using response_mode=query");
                 }
             }
@@ -324,7 +324,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (message == null)
             {
-                return AuthenticateResult.Failed("No message.");
+                return AuthenticateResult.Fail("No message.");
             }
 
             try
@@ -336,7 +336,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
                 else if (messageReceivedContext.Skipped)
                 {
-                    return AuthenticateResult.Success(ticket: null);
+                    return AuthenticateResult.Skip();
                 }
                 message = messageReceivedContext.ProtocolMessage;
 
@@ -345,7 +345,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     // This wasn't a valid ODIC message, it may not have been intended for us.
                     Logger.LogDebug(11, "message.State is null or empty.");
-                    return AuthenticateResult.Failed(Resources.MessageStateIsNullOrEmpty);
+                    return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
                 }
 
                 // if state exists and we failed to 'unprotect' this is not a message we should process.
@@ -353,14 +353,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 if (properties == null)
                 {
                     Logger.LogError(12, "Unable to unprotect the message.State.");
-                    return AuthenticateResult.Failed(Resources.MessageStateIsInvalid);
+                    return AuthenticateResult.Fail(Resources.MessageStateIsInvalid);
                 }
 
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(message.Error))
                 {
                     Logger.LogError(13, "Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.", message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
-                    return AuthenticateResult.Failed(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null")));
+                    return AuthenticateResult.Fail(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null")));
                 }
 
                 string userstate = null;
@@ -369,7 +369,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
                 if (!ValidateCorrelationId(properties))
                 {
-                    return AuthenticateResult.Failed("Correlation failed.");
+                    return AuthenticateResult.Fail("Correlation failed.");
                 }
 
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -393,7 +393,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 else if (authorizationResponseReceivedContext.Skipped)
                 {
                     Logger.LogDebug(17, "AuthorizationResponseReceived.Skipped");
-                    return AuthenticateResult.Success(ticket: null);
+                    return AuthenticateResult.Skip();
                 }
                 message = authorizationResponseReceivedContext.ProtocolMessage;
                 properties = authorizationResponseReceivedContext.Properties;
@@ -409,7 +409,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 else
                 {
                     Logger.LogTrace(18, "Cannot process the message. Both id_token and code are missing.");
-                    return AuthenticateResult.Failed(Resources.IdTokenCodeMissing);
+                    return AuthenticateResult.Fail(Resources.IdTokenCodeMissing);
                 }
             }
             catch (Exception exception)
@@ -433,7 +433,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
                 else if (authenticationFailedContext.Skipped)
                 {
-                    return AuthenticateResult.Success(ticket: null);
+                    return AuthenticateResult.Skip();
                 }
 
                 throw;
@@ -459,7 +459,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             else if (authorizationCodeReceivedContext.Skipped)
             {
-                return AuthenticateResult.Success(ticket: null);
+                return AuthenticateResult.Skip();
             }
             message = authorizationCodeReceivedContext.ProtocolMessage;
             var code = authorizationCodeReceivedContext.Code;
@@ -476,7 +476,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             else if (authorizationCodeRedeemedContext.Skipped)
             {
-                return AuthenticateResult.Success(ticket: null);
+                return AuthenticateResult.Skip();
             }
 
             message = authorizationCodeRedeemedContext.ProtocolMessage;
@@ -509,7 +509,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             else if (authenticationValidatedContext.Skipped)
             {
-                return AuthenticateResult.Success(ticket: null);
+                return AuthenticateResult.Skip();
             }
             ticket = authenticationValidatedContext.AuthenticationTicket;
 
@@ -558,7 +558,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             else if (authenticationValidatedContext.Skipped)
             {
-                return AuthenticateResult.Success(ticket: null);
+                return AuthenticateResult.Skip();
             }
             message = authenticationValidatedContext.ProtocolMessage;
             ticket = authenticationValidatedContext.AuthenticationTicket;
@@ -573,7 +573,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
                 else if (authorizationCodeReceivedContext.Skipped)
                 {
-                    return AuthenticateResult.Success(ticket: null);
+                    return AuthenticateResult.Skip();
                 }
                 message = authorizationCodeReceivedContext.ProtocolMessage;
                 ticket = authorizationCodeReceivedContext.AuthenticationTicket;
@@ -671,7 +671,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             }
             else if (userInformationReceivedContext.Skipped)
             {
-                return null;
+                return ticket;
             }
             ticket = userInformationReceivedContext.AuthenticationTicket;
             user = userInformationReceivedContext.User;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index 312c8c281e..0552ed2d76 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -44,7 +44,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
             if (requestToken == null)
             {
-                return AuthenticateResult.Failed("Invalid state cookie.");
+                return AuthenticateResult.Fail("Invalid state cookie.");
             }
 
             properties = requestToken.Properties;
@@ -54,18 +54,18 @@ namespace Microsoft.AspNet.Authentication.Twitter
             var returnedToken = query["oauth_token"];
             if (StringValues.IsNullOrEmpty(returnedToken))
             {
-                return AuthenticateResult.Failed("Missing oauth_token");
+                return AuthenticateResult.Fail("Missing oauth_token");
             }
 
             if (!string.Equals(returnedToken, requestToken.Token, StringComparison.Ordinal))
             {
-                return AuthenticateResult.Failed("Unmatched token");
+                return AuthenticateResult.Fail("Unmatched token");
             }
 
             var oauthVerifier = query["oauth_verifier"];
             if (StringValues.IsNullOrEmpty(oauthVerifier))
             {
-                return AuthenticateResult.Failed("Missing or blank oauth_verifier");
+                return AuthenticateResult.Fail("Missing or blank oauth_verifier");
             }
 
             var cookieOptions = new CookieOptions
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs b/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs
index 4f733fe7fd..25d87a4633 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs
@@ -2,8 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Claims;
-using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -31,9 +29,14 @@ namespace Microsoft.AspNet.Authentication
         public AuthenticationTicket Ticket { get; private set; }
 
         /// <summary>
-        /// Holds error information caused by authentication.
+        /// Holds failure information from the authentication.
         /// </summary>
-        public Exception Error { get; private set; }
+        public Exception Failure { get; private set; }
+
+        /// <summary>
+        /// Indicates that this stage of authentication was skipped by user intervention.
+        /// </summary>
+        public bool Skipped { get; private set; }
 
         public static AuthenticateResult Success(AuthenticationTicket ticket)
         {
@@ -44,14 +47,19 @@ namespace Microsoft.AspNet.Authentication
             return new AuthenticateResult() { Ticket = ticket };
         }
 
-        public static AuthenticateResult Failed(Exception error)
+        public static AuthenticateResult Skip()
         {
-            return new AuthenticateResult() { Error = error };
+            return new AuthenticateResult() { Skipped = true };
         }
 
-        public static AuthenticateResult Failed(string errorMessage)
+        public static AuthenticateResult Fail(Exception failure)
         {
-            return new AuthenticateResult() { Error = new Exception(errorMessage) };
+            return new AuthenticateResult() { Failure = failure };
+        }
+
+        public static AuthenticateResult Fail(string failureMessage)
+        {
+            return new AuthenticateResult() { Failure = new Exception(failureMessage) };
         }
 
     }
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 6dd298fbc7..9beeb24823 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -100,6 +100,10 @@ namespace Microsoft.AspNet.Authentication
             if (ShouldHandleScheme(AuthenticationManager.AutomaticScheme, Options.AutomaticAuthenticate))
             {
                 var result = await HandleAuthenticateOnceAsync();
+                if (result.Failure != null)
+                {
+                    Logger.LogInformation(0, $"{Options.AuthenticationScheme} not authenticated: " + result.Failure.Message);
+                }
                 var ticket = result?.Ticket;
                 if (ticket?.Principal != null)
                 {
@@ -200,9 +204,9 @@ namespace Microsoft.AspNet.Authentication
                 // Calling Authenticate more than once should always return the original value. 
                 var result = await HandleAuthenticateOnceAsync();
 
-                if (result?.Error != null)
+                if (result?.Failure != null)
                 {
-                    context.Failed(result.Error);
+                    context.Failed(result.Failure);
                 }
                 else
                 {
diff --git a/src/Microsoft.AspNet.Authentication/Events/ErrorContext.cs b/src/Microsoft.AspNet.Authentication/Events/FailureContext.cs
similarity index 60%
rename from src/Microsoft.AspNet.Authentication/Events/ErrorContext.cs
rename to src/Microsoft.AspNet.Authentication/Events/FailureContext.cs
index a8ef4b5944..e0475d7363 100644
--- a/src/Microsoft.AspNet.Authentication/Events/ErrorContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/FailureContext.cs
@@ -2,25 +2,24 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication
 {
     /// <summary>
-    /// Provides error context information to middleware providers.
+    /// Provides failure context information to middleware providers.
     /// </summary>
-    public class ErrorContext : BaseControlContext
+    public class FailureContext : BaseControlContext
     {
-        public ErrorContext(HttpContext context, Exception error)
+        public FailureContext(HttpContext context, Exception failure)
             : base(context)
         {
-            Error = error;
+            Failure = failure;
         }
 
         /// <summary>
         /// User friendly error message for the error.
         /// </summary>
-        public Exception Error { get; set; }
+        public Exception Failure { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs
index e19fd10b28..666783fd9c 100644
--- a/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNet.Authentication
         /// <summary>
         /// Invoked when the remote authentication process has an error.
         /// </summary>
-        Task RemoteError(ErrorContext context);
+        Task RemoteFailure(FailureContext context);
 
         /// <summary>
         /// Invoked before sign in.
diff --git a/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs
index fce53b9927..d1c90be2f0 100644
--- a/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -8,17 +8,17 @@ namespace Microsoft.AspNet.Authentication
 {
     public class RemoteAuthenticationEvents : IRemoteAuthenticationEvents
     {
-        public Func<ErrorContext, Task> OnRemoteError { get; set; } = context => Task.FromResult(0);
+        public Func<FailureContext, Task> OnRemoteFailure { get; set; } = context => Task.FromResult(0);
 
         public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
-        /// Invoked when there is a remote error
+        /// Invoked when there is a remote failure
         /// </summary>
-        public virtual Task RemoteError(ErrorContext context) => OnRemoteError(context);
+        public virtual Task RemoteFailure(FailureContext context) => OnRemoteFailure(context);
 
         /// <summary>
-        /// Invoked after the remote ticket has been recieved.
+        /// Invoked after the remote ticket has been received.
         /// </summary>
         public virtual Task TicketReceived(TicketReceivedContext context) => OnTicketReceived(context);
     }
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
index 8c58d072dd..dda9063697 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
@@ -22,11 +22,15 @@ namespace Microsoft.AspNet.Authentication
         protected virtual async Task<bool> HandleRemoteCallbackAsync()
         {
             var authResult = await HandleRemoteAuthenticateAsync();
+            if (authResult != null && authResult.Skipped)
+            {
+                return false;
+            }
             if (authResult == null || !authResult.Succeeded)
             {
-                var errorContext = new ErrorContext(Context, authResult?.Error ?? new Exception("Invalid return state, unable to redirect."));
-                Logger.LogInformation("Error from RemoteAuthentication: " + errorContext.Error.Message);
-                await Options.Events.RemoteError(errorContext);
+                var errorContext = new FailureContext(Context, authResult?.Failure ?? new Exception("Invalid return state, unable to redirect."));
+                Logger.LogInformation("Error from RemoteAuthentication: " + errorContext.Failure.Message);
+                await Options.Events.RemoteFailure(errorContext);
                 if (errorContext.HandledResponse)
                 {
                     return true;
@@ -36,7 +40,7 @@ namespace Microsoft.AspNet.Authentication
                     return false;
                 }
 
-                throw new AggregateException("Unhandled remote error.", errorContext.Error);
+                throw new AggregateException("Unhandled remote failure.", errorContext.Failure);
             }
 
             // We have a ticket if we get here
@@ -77,7 +81,7 @@ namespace Microsoft.AspNet.Authentication
 
         protected override Task<AuthenticateResult> HandleAuthenticateAsync()
         {
-            return Task.FromResult(AuthenticateResult.Failed("Remote authentication does not support authenticate"));
+            return Task.FromResult(AuthenticateResult.Fail("Remote authentication does not support authenticate"));
         }
 
         protected override Task HandleSignOutAsync(SignOutContext context)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 2e3336e057..77fc762840 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -261,9 +261,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     options.Events = new OAuthEvents()
                     {
-                        OnRemoteError = ctx =>
+                        OnRemoteFailure = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
+                            ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -275,7 +275,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 var transaction = await sendTask;
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-                Assert.Equal("/error?ErrorMessage=OMG"+UrlEncoder.Default.Encode(";Description=SoBad;Uri=foobar"), transaction.Response.Headers.GetValues("Location").First());
+                Assert.Equal("/error?FailureMessage=OMG"+UrlEncoder.Default.Encode(";Description=SoBad;Uri=foobar"), transaction.Response.Headers.GetValues("Location").First());
             }
             else
             {
@@ -389,9 +389,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     options.Events = new OAuthEvents()
                     {
-                        OnRemoteError = ctx =>
+                        OnRemoteFailure = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
+                            ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -412,7 +412,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 var transaction = await sendTask;
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("OAuth token endpoint failure: Status: BadRequest;Headers: ;Body: {\"Error\":\"Error\"};"),
+                Assert.Equal("/error?FailureMessage=" + UrlEncoder.Default.Encode("OAuth token endpoint failure: Status: BadRequest;Headers: ;Body: {\"Error\":\"Error\"};"),
                     transaction.Response.Headers.GetValues("Location").First());
             }
             else
@@ -444,9 +444,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     options.Events = new OAuthEvents()
                     {
-                        OnRemoteError = ctx =>
+                        OnRemoteFailure = ctx =>
                         {
-                            ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
+                            ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
                             ctx.HandleResponse();
                             return Task.FromResult(0);
                         }
@@ -466,7 +466,7 @@ namespace Microsoft.AspNet.Authentication.Google
             {
                 var transaction = await sendTask;
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-                Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("Failed to retrieve access token."),
+                Assert.Equal("/error?FailureMessage=" + UrlEncoder.Default.Encode("Failed to retrieve access token."),
                     transaction.Response.Headers.GetValues("Location").First());
             }
             else
@@ -737,9 +737,9 @@ namespace Microsoft.AspNet.Authentication.Google
                 options.ClientSecret = "Test Secret";
                 options.Events = new OAuthEvents()
                 {
-                    OnRemoteError = ctx =>
+                    OnRemoteFailure = ctx =>
                     {
-                        ctx.Response.Redirect("/error?ErrorMessage=" + UrlEncoder.Default.Encode(ctx.Error.Message));
+                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
@@ -751,7 +751,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 "https://example.com/signin-google?code=TestCode");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/error?ErrorMessage=" + UrlEncoder.Default.Encode("The oauth state was missing or invalid."),
+            Assert.Equal("/error?FailureMessage=" + UrlEncoder.Default.Encode("The oauth state was missing or invalid."),
                 transaction.Response.Headers.GetValues("Location").First());
         }
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index aaef7ffa91..6100957cac 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -11,6 +11,7 @@ using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.AspNet.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
@@ -312,6 +313,163 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
+        [Fact]
+        public async Task EventOnReceivingTokenSkipped_NoMoreEventsExecuted()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthenticate = true;
+
+                options.Events = new JwtBearerEvents()
+                {
+                    OnReceivingToken = context =>
+                    {
+                        context.SkipToNextMiddleware();
+                        return Task.FromResult(0);
+                    },
+                    OnReceivedToken = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                    OnValidatedToken = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        throw new NotImplementedException(context.Exception.ToString());
+                    },
+                    OnChallenge = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                };
+            });
+
+            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
+        [Fact]
+        public async Task EventOnReceivedTokenSkipped_NoMoreEventsExecuted()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthenticate = true;
+
+                options.Events = new JwtBearerEvents()
+                {
+                    OnReceivedToken = context =>
+                    {
+                        context.SkipToNextMiddleware();
+                        return Task.FromResult(0);
+                    },
+                    OnValidatedToken = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        throw new NotImplementedException(context.Exception.ToString());
+                    },
+                    OnChallenge = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                };
+            });
+
+            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
+        [Fact]
+        public async Task EventOnValidatedTokenSkipped_NoMoreEventsExecuted()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthenticate = true;
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+                options.Events = new JwtBearerEvents()
+                {
+                    OnValidatedToken = context =>
+                    {
+                        context.SkipToNextMiddleware();
+                        return Task.FromResult(0);
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        throw new NotImplementedException(context.Exception.ToString());
+                    },
+                    OnChallenge = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                };
+            });
+
+            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
+        [Fact]
+        public async Task EventOnAuthenticationFailedSkipped_NoMoreEventsExecuted()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthenticate = true;
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+                options.Events = new JwtBearerEvents()
+                {
+                    OnValidatedToken = context =>
+                    {
+                        throw new Exception("Test Exception");
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        context.SkipToNextMiddleware();
+                        return Task.FromResult(0);
+                    },
+                    OnChallenge = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                };
+            });
+
+            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
+        [Fact]
+        public async Task EventOnChallengeSkipped_ResponseNotModified()
+        {
+            var server = CreateServer(options =>
+            {
+                options.AutomaticAuthenticate = true;
+                options.AutomaticChallenge = true;
+                options.Events = new JwtBearerEvents()
+                {
+                    OnChallenge = context =>
+                    {
+                        context.SkipToNextMiddleware();
+                        return Task.FromResult(0);
+                    },
+                };
+            });
+
+            var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Empty(response.Response.Headers.WwwAuthenticate);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
         class InvalidTokenValidator : ISecurityTokenValidator
         {
             public InvalidTokenValidator()
@@ -387,7 +545,17 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                 app.Use(async (context, next) =>
                 {
-                    if (context.Request.Path == new PathString("/oauth"))
+                    if (context.Request.Path == new PathString("/checkforerrors"))
+                    {
+                        var authContext = new AuthenticateContext(Http.Authentication.AuthenticationManager.AutomaticScheme);
+                        await context.Authentication.AuthenticateAsync(authContext);
+                        if (authContext.Error != null)
+                        {
+                            throw new Exception("Failed to authenticate", authContext.Error);
+                        }
+                        return;
+                    }
+                    else if (context.Request.Path == new PathString("/oauth"))
                     {
                         if (context.User == null ||
                             context.User.Identity == null ||
@@ -408,14 +576,12 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                         await context.Response.WriteAsync(identifier.Value);
                     }
-
                     else if (context.Request.Path == new PathString("/unauthorized"))
                     {
                         // Simulate Authorization failure 
                         var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
                         await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
                     }
-
                     else if (context.Request.Path == new PathString("/signIn"))
                     {
                         await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));

From a1ed3e3748248eae66578eb2799f075512a7639f Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 11 Dec 2015 12:23:59 -0800
Subject: [PATCH 422/900] Updating to release NuGet.config.

---
 NuGet.config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 5500f6d507..71b9724a09 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcirelease/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>

From 965a86e404207a3e37e31cad9b82fb1d5e279bfa Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 10 Dec 2015 12:00:03 -0800
Subject: [PATCH 423/900] #593 Convert samples to use UserSecrets.

---
 samples/JwtBearerSample/Startup.cs       | 15 +++++-
 samples/JwtBearerSample/project.json     |  6 ++-
 samples/OpenIdConnectSample/Startup.cs   | 17 +++++--
 samples/OpenIdConnectSample/project.json |  4 +-
 samples/SocialSample/Startup.cs          | 62 ++++++++++++++++--------
 samples/SocialSample/config.json         | 10 ++++
 samples/SocialSample/project.json        |  4 +-
 7 files changed, 89 insertions(+), 29 deletions(-)
 create mode 100644 samples/SocialSample/config.json

diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index c79cbda951..33e8076955 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -4,6 +4,7 @@ using System.IO;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
@@ -12,6 +13,16 @@ namespace JwtBearerSample
 {
     public class Startup
     {
+        public Startup()
+        {
+            Configuration = new ConfigurationBuilder()
+                .AddEnvironmentVariables()
+                .AddUserSecrets()
+                .Build();
+        }
+
+        public IConfiguration Configuration { get; set; }
+
         // Shared between users in memory
         public IList<Todo> Todos { get; } = new List<Todo>();
 
@@ -53,8 +64,8 @@ namespace JwtBearerSample
                 options.AutomaticAuthenticate = true;
                 options.AutomaticChallenge = true;
                 // You also need to update /wwwroot/app/scripts/app.js
-                options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
-                options.Audience = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
+                options.Authority = Configuration["jwt:authority"];
+                options.Audience = Configuration["jwt:audience"];
             });
 
             // [Authorize] would usually handle this
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 2e9dca157a..cc2350bb97 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -7,7 +7,8 @@
     "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
     "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNet.StaticFiles": "1.0.0-*"
+    "Microsoft.AspNet.StaticFiles": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*"
   },
   "commands": {
     "web": "Microsoft.AspNet.Server.Kestrel"
@@ -23,5 +24,6 @@
   "publishExclude": [
     "**.user",
     "**.vspscc"
-  ]
+  ],
+  "userSecretsId": "aspnet5-JwtBearerSample-20151210102827"
 }
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 73fe2b8b49..3e39d36541 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -4,6 +4,7 @@ using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -12,6 +13,16 @@ namespace OpenIdConnectSample
 {
     public class Startup
     {
+        public Startup()
+        {
+            Configuration = new ConfigurationBuilder()
+                .AddEnvironmentVariables()
+                .AddUserSecrets()
+                .Build();
+        }
+
+        public IConfiguration Configuration { get; set; }
+
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication(sharedOptions => sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
@@ -30,9 +41,9 @@ namespace OpenIdConnectSample
 
             app.UseOpenIdConnectAuthentication(options =>
             {
-                options.ClientId = "63a87a83-64b9-4ac1-b2c5-092126f8474f";
-                options.ClientSecret = "Yse2iP7tO1Azq0iDajNisMaTSnIDv+FXmAsFuXr+Cy8="; // for code flow
-                options.Authority = "https://login.windows.net/tratcheroutlook.onmicrosoft.com";
+                options.ClientId = Configuration["oidc:clientid"];
+                options.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
+                options.Authority = Configuration["oidc:authority"];
                 options.ResponseType = OpenIdConnectResponseTypes.Code;
                 options.GetClaimsFromUserInfoEndpoint = true;
             });
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 918dbcf3f1..21f0633824 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -5,6 +5,7 @@
     "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "frameworks": {
@@ -15,5 +16,6 @@
     "web": "Microsoft.AspNet.Server.Kestrel",
     "kestrel": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:42023",
     "weblistener": "Microsoft.AspNet.Server.WebListener --server.urls http://localhost:42023"
-  }
+  },
+  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
 }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 01d26fcdf3..5ca189aa91 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -14,6 +14,7 @@ using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
@@ -23,6 +24,17 @@ namespace CookieSample
     /* Note all servers must use the same address and port because these are pre-registered with the various providers. */
     public class Startup
     {
+        public Startup()
+        {
+            Configuration = new ConfigurationBuilder()
+                .AddEnvironmentVariables()
+                .AddJsonFile("config.json")
+                .AddUserSecrets()
+                .Build();
+        }
+
+        public IConfiguration Configuration { get; set; }
+
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication(options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
@@ -57,32 +69,36 @@ namespace CookieSample
                 options.LoginPath = new PathString("/login");
             });
 
+            // You must first create an app with facebook and add it's ID and Secret to your config.json or user-secrets.
             // https://developers.facebook.com/apps/
             app.UseFacebookAuthentication(new FacebookOptions()
             {
-                AppId = "569522623154478",
-                AppSecret = "a124463c4719c94b4228d9a240e5dc1a",
+                AppId = Configuration["facebook:appid"],
+                AppSecret = Configuration["facebook:appsecret"],
                 Scope = { "email" },
                 Fields = { "name", "email" },
             });
 
+            // See config.json
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "Google-AccessToken",
                 DisplayName = "Google-AccessToken",
-                ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
-                ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f",
+                ClientId = Configuration["google:clientid"],
+                ClientSecret = Configuration["google:clientsecret"],
                 CallbackPath = new PathString("/signin-google-token"),
                 AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint,
                 TokenEndpoint = GoogleDefaults.TokenEndpoint,
-                Scope = { "openid", "profile", "email" }
+                Scope = { "openid", "profile", "email" },
+                SaveTokensAsClaims = true
             });
 
+            // See config.json
             // https://console.developers.google.com/project
             app.UseGoogleAuthentication(options =>
             {
-                options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
-                options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
+                options.ClientId = Configuration["google:clientid"];
+                options.ClientSecret = Configuration["google:clientsecret"];
                 options.Events = new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
@@ -96,11 +112,12 @@ namespace CookieSample
 
             });
 
+            // See config.json
             // https://apps.twitter.com/
             app.UseTwitterAuthentication(options =>
             {
-                options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g";
-                options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
+                options.ConsumerKey = Configuration["twitter:consumerkey"];
+                options.ConsumerSecret = Configuration["twitter:consumersecret"];
                 options.Events = new TwitterEvents()
                 {
                     OnRemoteFailure = ctx =>
@@ -112,6 +129,7 @@ namespace CookieSample
                 };
             });
 
+            // You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
             /* https://account.live.com/developers/applications
             The MicrosoftAccount service has restrictions that prevent the use of http://localhost:54540/ for test applications.
             As such, here is how to change this sample to uses http://mssecsample.localhost.this:54540/ instead.
@@ -133,46 +151,50 @@ namespace CookieSample
             {
                 AuthenticationScheme = "Microsoft-AccessToken",
                 DisplayName = "MicrosoftAccount-AccessToken - Requires project changes",
-                ClientId = "00000000480FF62E",
-                ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr",
+                ClientId = Configuration["msa:clientid"],
+                ClientSecret = Configuration["msa:clientsecret"],
                 CallbackPath = new PathString("/signin-microsoft-token"),
                 AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
                 TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
-                Scope = { "wl.basic" }
+                Scope = { "wl.basic" },
+                SaveTokensAsClaims = true
             });
 
+            // You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
             app.UseMicrosoftAccountAuthentication(options =>
             {
                 options.DisplayName = "MicrosoftAccount - Requires project changes";
-                options.ClientId = "00000000480FF62E";
-                options.ClientSecret = "bLw2JIvf8Y1TaToipPEqxTVlOeJwCUsr";
+                options.ClientId = Configuration["msa:clientid"];
+                options.ClientSecret = Configuration["msa:clientsecret"];
                 options.Scope.Add("wl.emails");
             });
 
+            // See config.json
             // https://github.com/settings/applications/
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "GitHub-AccessToken",
                 DisplayName = "Github-AccessToken",
-                ClientId = "8c0c5a572abe8fe89588",
-                ClientSecret = "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda",
+                ClientId = Configuration["github-token:clientid"],
+                ClientSecret = Configuration["github-token:clientsecret"],
                 CallbackPath = new PathString("/signin-github-token"),
                 AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
-                TokenEndpoint = "https://github.com/login/oauth/access_token"
+                TokenEndpoint = "https://github.com/login/oauth/access_token",
+                SaveTokensAsClaims = true
             });
 
+            // See config.json
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "GitHub",
                 DisplayName = "Github",
-                ClientId = "49e302895d8b09ea5656",
-                ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b",
+                ClientId = Configuration["github:clientid"],
+                ClientSecret = Configuration["github:clientsecret"],
                 CallbackPath = new PathString("/signin-github"),
                 AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
                 TokenEndpoint = "https://github.com/login/oauth/access_token",
                 UserInformationEndpoint = "https://api.github.com/user",
                 ClaimsIssuer = "OAuth2-Github",
-                SaveTokensAsClaims = false,
                 // Retrieving user information is unique to each provider.
                 Events = new OAuthEvents
                 {
diff --git a/samples/SocialSample/config.json b/samples/SocialSample/config.json
new file mode 100644
index 0000000000..13d3ff94a0
--- /dev/null
+++ b/samples/SocialSample/config.json
@@ -0,0 +1,10 @@
+{
+  "google:clientid": "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
+  "google:clientsecret": "n2Q-GEw9RQjzcRbU3qhfTj8f",
+  "twitter:consumerkey": "6XaCTaLbMqfj6ww3zvZ5g",
+  "twitter:consumersecret": "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI",
+  "github:clientid": "49e302895d8b09ea5656",
+  "github:clientsecret": "98f1bf028608901e9df91d64ee61536fe562064b",
+  "github-token:clientid": "8c0c5a572abe8fe89588",
+  "github-token:clientsecret": "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda"
+}
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 823ac24c01..14c7606f15 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -9,6 +9,7 @@
     "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "commands": {
@@ -19,5 +20,6 @@
   "frameworks": {
     "dnx451": { },
     "dnxcore50": { }
-  }
+  },
+  "userSecretsId": "aspnet5-SocialSample-20151210111056"
 }

From a0418070231e7444721047a4153eaaa05876b449 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Fri, 18 Dec 2015 10:49:37 -0800
Subject: [PATCH 424/900] Reacting to new Hosting API

---
 .../Properties/launchSettings.json            |   5 -
 samples/CookieSample/Startup.cs               |  11 +
 samples/CookieSample/hosting.json             |   3 +
 samples/CookieSample/project.json             |   7 +-
 .../Properties/launchSettings.json            |   5 -
 samples/CookieSessionSample/Startup.cs        |  11 +
 samples/CookieSessionSample/hosting.json      |   3 +
 samples/CookieSessionSample/project.json      |   7 +-
 samples/JwtBearerSample/Startup.cs            |  10 +-
 samples/JwtBearerSample/hosting.json          |   3 +
 samples/JwtBearerSample/project.json          |   2 +-
 .../Properties/launchSettings.json            |   8 +-
 samples/OpenIdConnectSample/Startup.cs        |  11 +
 samples/OpenIdConnectSample/hosting.json      |   3 +
 samples/OpenIdConnectSample/project.json      |   8 +-
 .../Properties/launchSettings.json            |   9 +-
 samples/SocialSample/Startup.cs               |  13 +-
 samples/SocialSample/hosting.json             |   3 +
 samples/SocialSample/project.json             |   8 +-
 .../Cookies/CookieMiddlewareTests.cs          | 323 ++++++++++--------
 .../Facebook/FacebookMiddlewareTests.cs       |  28 +-
 .../Google/GoogleMiddlewareTests.cs           | 133 ++++----
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 107 +++---
 .../MicrosoftAccountMiddlewareTests.cs        |  87 ++---
 .../OpenIdConnectHandlerTests.cs              |  13 +-
 .../OpenIdConnectMiddlewareTests.cs           | 109 +++---
 .../Twitter/TwitterMiddlewareTests.cs         |  71 ++--
 .../CookiePolicyTests.cs                      |  35 +-
 .../TicketInteropTests.cs                     |  33 +-
 29 files changed, 590 insertions(+), 479 deletions(-)
 create mode 100644 samples/CookieSample/hosting.json
 create mode 100644 samples/CookieSessionSample/hosting.json
 create mode 100644 samples/JwtBearerSample/hosting.json
 create mode 100644 samples/OpenIdConnectSample/hosting.json
 create mode 100644 samples/SocialSample/hosting.json

diff --git a/samples/CookieSample/Properties/launchSettings.json b/samples/CookieSample/Properties/launchSettings.json
index 9077103681..c85de8d26e 100644
--- a/samples/CookieSample/Properties/launchSettings.json
+++ b/samples/CookieSample/Properties/launchSettings.json
@@ -22,11 +22,6 @@
       "environmentVariables": {
         "Hosting:Environment": "Development"
       }
-    },
-    "kestrel": {
-      "commandName": "kestrel",
-      "launchBrowser": true,
-      "launchUrl": "http://localhost:5004"
     }
   }
 }
\ No newline at end of file
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 2d77ae1bb4..dca9105128 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -2,6 +2,7 @@ using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -40,5 +41,15 @@ namespace CookieSample
                 await context.Response.WriteAsync("Hello old timer");
             });
         }
+
+        public static void Main(string[] args)
+        {
+            var application = new WebApplicationBuilder()
+                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseStartup<Startup>()
+                .Build();
+
+            application.Run();
+        }
     }
 }
\ No newline at end of file
diff --git a/samples/CookieSample/hosting.json b/samples/CookieSample/hosting.json
new file mode 100644
index 0000000000..f8ef14574d
--- /dev/null
+++ b/samples/CookieSample/hosting.json
@@ -0,0 +1,3 @@
+{
+  "server": "Microsoft.AspNet.Server.Kestrel"
+}
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 030c149834..20c5e0249d 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -4,12 +4,13 @@
     "Microsoft.AspNet.DataProtection": "1.0.0-*",
     "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
+  "compilationOptions": {
+    "emitEntryPoint": true
+  },
   "commands": {
-    "web": "Microsoft.AspNet.Server.Kestrel",
-    "weblistener": "Microsoft.AspNet.Server.WebListener"
+    "web": "CookieSample"
   },
   "frameworks": {
     "dnx451": { },
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/samples/CookieSessionSample/Properties/launchSettings.json
index f4fbdd3fde..8d4a0316ab 100644
--- a/samples/CookieSessionSample/Properties/launchSettings.json
+++ b/samples/CookieSessionSample/Properties/launchSettings.json
@@ -22,11 +22,6 @@
       "environmentVariables": {
         "Hosting:Environment": "Development"
       }
-    },
-    "kestrel": {
-      "commandName": "kestrel",
-      "launchBrowser": true,
-      "launchUrl": "http://localhost:5004"
     }
   }
 }
\ No newline at end of file
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 5affb5afaf..bf7200ca6a 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -3,6 +3,7 @@ using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -50,5 +51,15 @@ namespace CookieSessionSample
                 await context.Response.WriteAsync("Hello old timer");
             });
         }
+
+        public static void Main(string[] args)
+        {
+            var application = new WebApplicationBuilder()
+                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseStartup<Startup>()
+                .Build();
+
+            application.Run();
+        }
     }
 }
\ No newline at end of file
diff --git a/samples/CookieSessionSample/hosting.json b/samples/CookieSessionSample/hosting.json
new file mode 100644
index 0000000000..f8ef14574d
--- /dev/null
+++ b/samples/CookieSessionSample/hosting.json
@@ -0,0 +1,3 @@
+{
+  "server": "Microsoft.AspNet.Server.Kestrel"
+}
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index a1c5ad3c6c..cddabac495 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -4,13 +4,14 @@
     "Microsoft.AspNet.DataProtection": "1.0.0-*",
     "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
+  "compilationOptions": {
+    "emitEntryPoint": true
+  },
   "commands": {
-    "web": "Microsoft.AspNet.Server.Kestrel",
-    "weblistener": "Microsoft.AspNet.Server.WebListener"
+    "web": "CookieSessionSample"
   },
   "frameworks": {
     "dnx451": { },
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 33e8076955..88032b8e69 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -112,6 +112,14 @@ namespace JwtBearerSample
         }
 
         // Entry point for the application.
-        public static void Main(string[] args) => WebApplication.Run<Startup>(args);
+        public static void Main(string[] args)
+        {
+            var application = new WebApplicationBuilder()
+                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseStartup<Startup>()
+                .Build();
+
+            application.Run();
+        }
     }
 }
diff --git a/samples/JwtBearerSample/hosting.json b/samples/JwtBearerSample/hosting.json
new file mode 100644
index 0000000000..f8ef14574d
--- /dev/null
+++ b/samples/JwtBearerSample/hosting.json
@@ -0,0 +1,3 @@
+{
+  "server": "Microsoft.AspNet.Server.Kestrel"
+}
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index cc2350bb97..bfb35107ef 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -11,7 +11,7 @@
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*"
   },
   "commands": {
-    "web": "Microsoft.AspNet.Server.Kestrel"
+    "web": "JwtBearerSample"
   },
   "frameworks": {
     "dnx451": { },
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index 3d9d32eebe..c75dba9f49 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -15,17 +15,13 @@
         "ASPNET_ENV": "Development"
       }
     },
-    "kestrel": {
-      "commandName": "kestrel",
-      "launchBrowser": true,
-      "launchUrl": "http://localhost:42023"
-    },
     "web": {
       "commandName": "web",
       "launchBrowser": true,
       "launchUrl": "http://localhost:42023",
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "Hosting:Environment": "Development",
+        "ASPNET_server.urls": "http://localhost:42023"
       }
     }
   }
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 3e39d36541..67a979ea91 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -2,6 +2,7 @@ using System.Linq;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Extensions.Configuration;
@@ -63,5 +64,15 @@ namespace OpenIdConnectSample
                 await context.Response.WriteAsync("Hello Authenticated User");
             });
         }
+
+        public static void Main(string[] args)
+        {
+            var application = new WebApplicationBuilder()
+                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseStartup<Startup>()
+                .Build();
+
+            application.Run();
+        }
     }
 }
diff --git a/samples/OpenIdConnectSample/hosting.json b/samples/OpenIdConnectSample/hosting.json
new file mode 100644
index 0000000000..f8ef14574d
--- /dev/null
+++ b/samples/OpenIdConnectSample/hosting.json
@@ -0,0 +1,3 @@
+{
+  "server": "Microsoft.AspNet.Server.Kestrel"
+}
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 21f0633824..9a204e1425 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -4,7 +4,6 @@
     "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
@@ -12,10 +11,11 @@
     "dnx451": { },
     "dnxcore50": { }
   },
+  "compilationOptions": {
+    "emitEntryPoint": true
+  },
   "commands": {
-    "web": "Microsoft.AspNet.Server.Kestrel",
-    "kestrel": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:42023",
-    "weblistener": "Microsoft.AspNet.Server.WebListener --server.urls http://localhost:42023"
+    "web": "OpenIdConnectSample"
   },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
 }
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index dcfe9f5144..b10006b86c 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -10,22 +10,17 @@
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
-      "launchBrowser": true,
       "environmentVariables": {
         "ASPNET_ENV": "Development"
       }
     },
-    "kestrel": {
-      "commandName": "kestrel",
-      "launchBrowser": true,
-      "launchUrl": "http://localhost:54540/"
-    },
     "web": {
       "commandName": "web",
       "launchBrowser": true,
       "launchUrl": "http://localhost:54540/",
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "Hosting:Environment": "Development",
+        "ASPNET_server.urls": "http://localhost:54540/"
       }
     }
   }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 5ca189aa91..59c57862ae 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -12,6 +12,7 @@ using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.Extensions.Configuration;
@@ -160,7 +161,7 @@ namespace CookieSample
                 SaveTokensAsClaims = true
             });
 
-            // You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
+            //// You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
             app.UseMicrosoftAccountAuthentication(options =>
             {
                 options.DisplayName = "MicrosoftAccount - Requires project changes";
@@ -323,5 +324,15 @@ namespace CookieSample
                 await context.Response.WriteAsync("</body></html>");
             });
         }
+
+        public static void Main(string[] args)
+        {
+            var application = new WebApplicationBuilder()
+                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseStartup<Startup>()
+                .Build();
+
+            application.Run();
+        }
     }
 }
diff --git a/samples/SocialSample/hosting.json b/samples/SocialSample/hosting.json
new file mode 100644
index 0000000000..f8ef14574d
--- /dev/null
+++ b/samples/SocialSample/hosting.json
@@ -0,0 +1,3 @@
+{
+  "server": "Microsoft.AspNet.Server.Kestrel"
+}
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 14c7606f15..53ade790cd 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -8,14 +8,14 @@
     "Microsoft.AspNet.DataProtection": "1.0.0-*",
     "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
+  "compilationOptions": {
+    "emitEntryPoint": true
+  },
   "commands": {
-    "web": "Microsoft.AspNet.Server.Kestrel",
-    "kestrel": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:54540",
-    "weblistener": "Microsoft.AspNet.Server.WebListener --server.urls=http://localhost:54540"
+    "web": "SocialSample"
   },
   "frameworks": {
     "dnx451": { },
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 8af2b88780..db27680d42 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -12,6 +12,7 @@ using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
@@ -748,12 +749,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectChallenge()
         {
-            var server = TestServer.Create(app =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
                     app.UseCookieAuthentication(options => options.LoginPath = new PathString("/page"));
                     app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
-                },
-                services => services.AddAuthentication());
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login");
 
@@ -767,14 +770,17 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task ChallengeDoesNotSet401OnUnauthorized()
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication();
-                app.Run(async context =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    await Assert.ThrowsAsync<InvalidOperationException>(() => context.Authentication.ChallengeAsync());
-                });
-            }, services => services.AddAuthentication());
+                    app.UseCookieAuthentication();
+                    app.Run(async context =>
+                    {
+                        await Assert.ThrowsAsync<InvalidOperationException>(() => context.Authentication.ChallengeAsync());
+                    });
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -783,12 +789,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task UseCookieWithInstanceDoesntUseSharedOptions()
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.CookieName = "One");
-                app.UseCookieAuthentication(new CookieAuthenticationOptions());
-                app.Run(context => context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
-            }, services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(options => options.CookieName = "One");
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions());
+                    app.Run(context => context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com");
 
@@ -799,13 +808,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWithSignInOnlyRedirectToReturnUrlOnLoginPath()
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
-                app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
-                    new ClaimsPrincipal())));
-            },
-                services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
+                    app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
+                        new ClaimsPrincipal())));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/notlogin?ReturnUrl=%2Fpage");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -815,13 +826,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectSignInRedirectToReturnUrl()
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
-                app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
-                    new ClaimsPrincipal())));
-            },
-            services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
+                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
+                        new ClaimsPrincipal())));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login?ReturnUrl=%2Fpage");
 
@@ -835,12 +848,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWithSignOutOnlyRedirectToReturnUrlOnLogoutPath()
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
-                app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
-            },
-            services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
+                    app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/notlogout?ReturnUrl=%2Fpage");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -850,12 +865,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectSignOutRedirectToReturnUrl()
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
-                app.Map("/logout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
-            },
-            services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
+                    app.Map("/logout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/logout?ReturnUrl=%2Fpage");
 
@@ -869,12 +886,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectAccessDenied()
         {
-            var server = TestServer.Create(app =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
                     app.UseCookieAuthentication(options => options.AccessDeniedPath = new PathString("/denied"));
                     app.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
-                },
-                services => services.AddAuthentication());
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/forbid");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -886,13 +905,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task NestedMapWillNotAffectLogin()
         {
-            var server = TestServer.Create(app =>
-                app.Map("/base", map =>
-                {
-                    map.UseCookieAuthentication(options => options.LoginPath = new PathString("/page"));
-                    map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
-                }),
-                services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                    app.Map("/base", map =>
+                    {
+                        map.UseCookieAuthentication(options => options.LoginPath = new PathString("/page"));
+                        map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
+                    }))
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/base/login");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -905,13 +926,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task NestedMapWillNotAffectAccessDenied()
         {
-            var server = TestServer.Create(app =>
-                app.Map("/base", map =>
-                {
-                    map.UseCookieAuthentication(options => options.AccessDeniedPath = new PathString("/denied"));
-                    map.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
-                }),
-                services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                    app.Map("/base", map =>
+                    {
+                        map.UseCookieAuthentication(options => options.AccessDeniedPath = new PathString("/denied"));
+                        map.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
+                    }))
+                    .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/base/forbid");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -925,39 +948,43 @@ namespace Microsoft.AspNet.Authentication.Cookies
         {
 
             var dp = new NoOpDataProtector();
-            var server1 = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options =>
+            var builder1 = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    options.TicketDataFormat = new TicketDataFormat(dp);
-                    options.CookieName = "Cookie";
-                });
-                app.Use((context, next) =>
-                    context.Authentication.SignInAsync("Cookies",
-                                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
-                                    new AuthenticationProperties()));
-            },
-            services => services.AddAuthentication());
+                    app.UseCookieAuthentication(options =>
+                    {
+                        options.TicketDataFormat = new TicketDataFormat(dp);
+                        options.CookieName = "Cookie";
+                    });
+                    app.Use((context, next) =>
+                        context.Authentication.SignInAsync("Cookies",
+                                        new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
+                                        new AuthenticationProperties()));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server1 = new TestServer(builder1);
 
             var transaction = await SendAsync(server1, "http://example.com/stuff");
             Assert.NotNull(transaction.SetCookie);
 
-            var server2 = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options =>
+            var builder2 = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    options.AuthenticationScheme = "Cookies";
-                    options.CookieName = "Cookie";
-                    options.TicketDataFormat = new TicketDataFormat(dp);
-                });
-                app.Use(async (context, next) =>
-                {
-                    var authContext = new AuthenticateContext("Cookies");
-                    await context.Authentication.AuthenticateAsync(authContext);
-                    Describe(context.Response, authContext);
-                });
-            },
-            services => services.AddAuthentication());
+                    app.UseCookieAuthentication(options =>
+                    {
+                        options.AuthenticationScheme = "Cookies";
+                        options.CookieName = "Cookie";
+                        options.TicketDataFormat = new TicketDataFormat(dp);
+                    });
+                    app.Use(async (context, next) =>
+                    {
+                        var authContext = new AuthenticateContext("Cookies");
+                        await context.Authentication.AuthenticateAsync(authContext);
+                        Describe(context.Response, authContext);
+                    });
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server2 = new TestServer(builder2);
             var transaction2 = await SendAsync(server2, "http://example.com/stuff", transaction.CookieNameValue);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
         }
@@ -1003,71 +1030,73 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null, Uri baseAddress = null, Action<ClaimsTransformationOptions> claimsTransform = null)
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(configureOptions);
-                // app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookie2" });
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(configureOptions);
+                    // app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookie2" });
 
-                if (claimsTransform != null)
-                {
-                    app.UseClaimsTransformation(claimsTransform);
-                }
-                app.Use(async (context, next) =>
-                {
-                    var req = context.Request;
-                    var res = context.Response;
-                    PathString remainder;
-                    if (req.Path == new PathString("/normal"))
+                    if (claimsTransform != null)
                     {
-                        res.StatusCode = 200;
+                        app.UseClaimsTransformation(claimsTransform);
                     }
-                    else if (req.Path == new PathString("/protected"))
+                    app.Use(async (context, next) =>
                     {
-                        res.StatusCode = 401;
-                    }
-                    else if (req.Path == new PathString("/forbid")) // Simulate forbidden 
-                    {
-                        await context.Authentication.ForbidAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    }
-                    else if (req.Path == new PathString("/challenge"))
-                    {
-                        await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    }
-                    else if (req.Path == new PathString("/signout"))
-                    {
-                        await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    }
-                    else if (req.Path == new PathString("/unauthorized"))
-                    {
-                        await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
-                    }
-                    else if (req.Path == new PathString("/protected/CustomRedirect"))
-                    {
-                        await context.Authentication.ChallengeAsync(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
-                    }
-                    else if (req.Path == new PathString("/me"))
-                    {
-                        var authContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
-                        authContext.Authenticated(context.User, properties: null, description: null);
-                        Describe(res, authContext);
-                    }
-                    else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
-                    {
-                        var authContext = new AuthenticateContext(remainder.Value.Substring(1));
-                        await context.Authentication.AuthenticateAsync(authContext);
-                        Describe(res, authContext);
-                    }
-                    else if (req.Path == new PathString("/testpath") && testpath != null)
-                    {
-                        await testpath(context);
-                    }
-                    else
-                    {
-                        await next();
-                    }
-                });
-            },
-            services => services.AddAuthentication());
+                        var req = context.Request;
+                        var res = context.Response;
+                        PathString remainder;
+                        if (req.Path == new PathString("/normal"))
+                        {
+                            res.StatusCode = 200;
+                        }
+                        else if (req.Path == new PathString("/protected"))
+                        {
+                            res.StatusCode = 401;
+                        }
+                        else if (req.Path == new PathString("/forbid")) // Simulate forbidden 
+                        {
+                            await context.Authentication.ForbidAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                        }
+                        else if (req.Path == new PathString("/challenge"))
+                        {
+                            await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                        }
+                        else if (req.Path == new PathString("/signout"))
+                        {
+                            await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                        }
+                        else if (req.Path == new PathString("/unauthorized"))
+                        {
+                            await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
+                        }
+                        else if (req.Path == new PathString("/protected/CustomRedirect"))
+                        {
+                            await context.Authentication.ChallengeAsync(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
+                        }
+                        else if (req.Path == new PathString("/me"))
+                        {
+                            var authContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
+                            authContext.Authenticated(context.User, properties: null, description: null);
+                            Describe(res, authContext);
+                        }
+                        else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
+                        {
+                            var authContext = new AuthenticateContext(remainder.Value.Substring(1));
+                            await context.Authentication.AuthenticateAsync(authContext);
+                            Describe(res, authContext);
+                        }
+                        else if (req.Path == new PathString("/testpath") && testpath != null)
+                        {
+                            await testpath(context);
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var server = new TestServer(builder);
             server.BaseAddress = baseAddress;
             return server;
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index c1796c3dec..5263dadb57 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -13,6 +12,7 @@ using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
@@ -226,21 +226,23 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
         {
-            return TestServer.Create(app =>
-            {
-                if (configure != null)
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    configure(app);
-                }
-                app.Use(async (context, next) =>
-                {
-                    if (handler == null || !handler(context))
+                    if (configure != null)
                     {
-                        await next();
+                        configure(app);
                     }
-                });
-            },
-            configureServices);
+                    app.Use(async (context, next) =>
+                    {
+                        if (handler == null || !handler(context))
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(configureServices);
+            return new TestServer(builder);
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 77fc762840..11fbe67e51 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -12,6 +12,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
@@ -765,74 +766,76 @@ namespace Microsoft.AspNet.Authentication.Google
 
         private static TestServer CreateServer(Action<GoogleOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
-            return TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
-                    options.AutomaticAuthenticate = true;
-                });
-                app.UseGoogleAuthentication(configureOptions);
-                app.UseClaimsTransformation(p =>
+                    app.UseCookieAuthentication(options =>
+                    {
+                        options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
+                        options.AutomaticAuthenticate = true;
+                    });
+                    app.UseGoogleAuthentication(configureOptions);
+                    app.UseClaimsTransformation(p =>
+                    {
+                        var id = new ClaimsIdentity("xform");
+                        id.AddClaim(new Claim("xform", "yup"));
+                        p.AddIdentity(id);
+                        return Task.FromResult(p);
+                    });
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+                        if (req.Path == new PathString("/challenge"))
+                        {
+                            await context.Authentication.ChallengeAsync("Google");
+                        }
+                        else if (req.Path == new PathString("/me"))
+                        {
+                            res.Describe(context.User);
+                        }
+                        else if (req.Path == new PathString("/unauthorized"))
+                        {
+                            // Simulate Authorization failure 
+                            var result = await context.Authentication.AuthenticateAsync("Google");
+                            await context.Authentication.ChallengeAsync("Google");
+                        }
+                        else if (req.Path == new PathString("/unauthorizedAuto"))
+                        {
+                            var result = await context.Authentication.AuthenticateAsync("Google");
+                            await context.Authentication.ChallengeAsync();
+                        }
+                        else if (req.Path == new PathString("/401"))
+                        {
+                            res.StatusCode = 401;
+                        }
+                        else if (req.Path == new PathString("/signIn"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Google", new ClaimsPrincipal()));
+                        }
+                        else if (req.Path == new PathString("/signOut"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Google"));
+                        }
+                        else if (req.Path == new PathString("/forbid"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Google"));
+                        }
+                        else if (testpath != null)
+                        {
+                            await testpath(context);
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
                 {
-                    var id = new ClaimsIdentity("xform");
-                    id.AddClaim(new Claim("xform", "yup"));
-                    p.AddIdentity(id);
-                    return Task.FromResult(p);
+                    services.AddAuthentication(options => options.SignInScheme = TestExtensions.CookieAuthenticationScheme);
                 });
-                app.Use(async (context, next) =>
-                {
-                    var req = context.Request;
-                    var res = context.Response;
-                    if (req.Path == new PathString("/challenge"))
-                    {
-                        await context.Authentication.ChallengeAsync("Google");
-                    }
-                    else if (req.Path == new PathString("/me"))
-                    {
-                        res.Describe(context.User);
-                    }
-                    else if (req.Path == new PathString("/unauthorized"))
-                    {
-                        // Simulate Authorization failure 
-                        var result = await context.Authentication.AuthenticateAsync("Google");
-                        await context.Authentication.ChallengeAsync("Google");
-                    }
-                    else if (req.Path == new PathString("/unauthorizedAuto"))
-                    {
-                        var result = await context.Authentication.AuthenticateAsync("Google");
-                        await context.Authentication.ChallengeAsync();
-                    }
-                    else if (req.Path == new PathString("/401"))
-                    {
-                        res.StatusCode = 401;
-                    }
-                    else if (req.Path == new PathString("/signIn"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Google", new ClaimsPrincipal()));
-                    }
-                    else if (req.Path == new PathString("/signOut"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Google"));
-                    }
-                    else if (req.Path == new PathString("/forbid"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Google"));
-                    }
-                    else if (testpath != null)
-                    {
-                        await testpath(context);
-                    }
-                    else
-                    {
-                        await next();
-                    }
-                });
-            },
-            services =>
-            {
-                services.AddAuthentication(options => options.SignInScheme = TestExtensions.CookieAuthenticationScheme);
-            });
+            return new TestServer(builder);
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 6100957cac..6bea890b17 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -9,6 +9,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
@@ -536,67 +537,69 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
         private static TestServer CreateServer(Action<JwtBearerOptions> configureOptions, Func<HttpContext, bool> handler = null)
         {
-            return TestServer.Create(app =>
-            {
-                if (configureOptions != null)
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    app.UseJwtBearerAuthentication(configureOptions);
-                }
-
-                app.Use(async (context, next) =>
-                {
-                    if (context.Request.Path == new PathString("/checkforerrors"))
+                    if (configureOptions != null)
                     {
-                        var authContext = new AuthenticateContext(Http.Authentication.AuthenticationManager.AutomaticScheme);
-                        await context.Authentication.AuthenticateAsync(authContext);
-                        if (authContext.Error != null)
-                        {
-                            throw new Exception("Failed to authenticate", authContext.Error);
-                        }
-                        return;
+                        app.UseJwtBearerAuthentication(configureOptions);
                     }
-                    else if (context.Request.Path == new PathString("/oauth"))
-                    {
-                        if (context.User == null ||
-                            context.User.Identity == null ||
-                            !context.User.Identity.IsAuthenticated)
-                        {
-                            context.Response.StatusCode = 401;
 
+                    app.Use(async (context, next) =>
+                    {
+                        if (context.Request.Path == new PathString("/checkforerrors"))
+                        {
+                            var authContext = new AuthenticateContext(Http.Authentication.AuthenticationManager.AutomaticScheme);
+                            await context.Authentication.AuthenticateAsync(authContext);
+                            if (authContext.Error != null)
+                            {
+                                throw new Exception("Failed to authenticate", authContext.Error);
+                            }
                             return;
                         }
-
-                        var identifier = context.User.FindFirst(ClaimTypes.NameIdentifier);
-                        if (identifier == null)
+                        else if (context.Request.Path == new PathString("/oauth"))
                         {
-                            context.Response.StatusCode = 500;
+                            if (context.User == null ||
+                                context.User.Identity == null ||
+                                !context.User.Identity.IsAuthenticated)
+                            {
+                                context.Response.StatusCode = 401;
 
-                            return;
+                                return;
+                            }
+
+                            var identifier = context.User.FindFirst(ClaimTypes.NameIdentifier);
+                            if (identifier == null)
+                            {
+                                context.Response.StatusCode = 500;
+
+                                return;
+                            }
+
+                            await context.Response.WriteAsync(identifier.Value);
                         }
-
-                        await context.Response.WriteAsync(identifier.Value);
-                    }
-                    else if (context.Request.Path == new PathString("/unauthorized"))
-                    {
-                        // Simulate Authorization failure 
-                        var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
-                        await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
-                    }
-                    else if (context.Request.Path == new PathString("/signIn"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
-                    }
-                    else if (context.Request.Path == new PathString("/signOut"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
-                    }
-                    else
-                    {
-                        await next();
-                    }
-                });
-            },
-            services => services.AddAuthentication());
+                        else if (context.Request.Path == new PathString("/unauthorized"))
+                        {
+                            // Simulate Authorization failure 
+                            var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+                            await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
+                        }
+                        else if (context.Request.Path == new PathString("/signIn"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                        }
+                        else if (context.Request.Path == new PathString("/signOut"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            return new TestServer(builder);
         }
 
         // TODO: see if we can share the TestExtensions SendAsync method (only diff is auth header)
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 650c86465e..1b5bd483b7 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -12,6 +12,7 @@ using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
@@ -177,53 +178,55 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
 
         private static TestServer CreateServer(Action<MicrosoftAccountOptions> configureOptions)
         {
-            return TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
-                    options.AutomaticAuthenticate = true;
-                });
-                app.UseMicrosoftAccountAuthentication(configureOptions);
+                    app.UseCookieAuthentication(options =>
+                    {
+                        options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
+                        options.AutomaticAuthenticate = true;
+                    });
+                    app.UseMicrosoftAccountAuthentication(configureOptions);
 
-                app.Use(async (context, next) =>
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+                        if (req.Path == new PathString("/challenge"))
+                        {
+                            await context.Authentication.ChallengeAsync("Microsoft");
+                        }
+                        else if (req.Path == new PathString("/me"))
+                        {
+                            res.Describe(context.User);
+                        }
+                        else if (req.Path == new PathString("/signIn"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Microsoft", new ClaimsPrincipal()));
+                        }
+                        else if (req.Path == new PathString("/signOut"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Microsoft"));
+                        }
+                        else if (req.Path == new PathString("/forbid"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Microsoft"));
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
                 {
-                    var req = context.Request;
-                    var res = context.Response;
-                    if (req.Path == new PathString("/challenge"))
+                    services.AddAuthentication();
+                    services.Configure<SharedAuthenticationOptions>(options =>
                     {
-                        await context.Authentication.ChallengeAsync("Microsoft");
-                    }
-                    else if (req.Path == new PathString("/me"))
-                    {
-                        res.Describe(context.User);
-                    }
-                    else if (req.Path == new PathString("/signIn"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Microsoft", new ClaimsPrincipal()));
-                    }
-                    else if (req.Path == new PathString("/signOut"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Microsoft"));
-                    }
-                    else if (req.Path == new PathString("/forbid"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Microsoft"));
-                    }
-                    else
-                    {
-                        await next();
-                    }
+                        options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
+                    });
                 });
-            },
-            services =>
-            {
-                services.AddAuthentication();
-                services.Configure<SharedAuthenticationOptions>(options =>
-                {
-                    options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
-                });
-            });
+            return new TestServer(builder);
         }
 
         private static HttpResponseMessage ReturnJsonResponse(object content)
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 3c48657d1c..99b7040ea5 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -12,6 +12,7 @@ using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
@@ -94,8 +95,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, UrlEncoder encoder, OpenIdConnectHandler handler = null)
         {
-            return TestServer.Create(
-                app =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
                     var options = new OpenIdConnectOptions();
                     configureOptions(options);
@@ -104,13 +105,13 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     {
                         await next();
                     });
-                },
-                services =>
+                })
+                .ConfigureServices(services =>
                 {
                     services.AddWebEncoders();
                     services.AddDataProtection();
-                }
-            );
+                });
+            return new TestServer(builder);
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index b9f0f26f89..9446be945a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -14,6 +14,7 @@ using System.Xml.Linq;
 using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
@@ -380,63 +381,65 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
         {
-            return TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    options.AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                });
-                app.UseOpenIdConnectAuthentication(configureOptions);
-                app.Use(async (context, next) =>
-                {
-                    var req = context.Request;
-                    var res = context.Response;
+                    app.UseCookieAuthentication(options =>
+                    {
+                        options.AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                    });
+                    app.UseOpenIdConnectAuthentication(configureOptions);
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
 
-                    if (req.Path == new PathString(Challenge))
-                    {
-                        await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
-                    }
-                    else if (req.Path == new PathString(ChallengeWithProperties))
-                    {
-                        await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
-                    }
-                    else if (req.Path == new PathString(ChallengeWithOutContext))
-                    {
-                        res.StatusCode = 401;
-                    }
-                    else if (req.Path == new PathString(Signin))
-                    {
-                        // REVIEW: this used to just be res.SignIn()
-                        await context.Authentication.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal());
-                    }
-                    else if (req.Path == new PathString(Signout))
-                    {
-                        await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
-                    }
-                    else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
-                    {
-                        await context.Authentication.SignOutAsync(
-                            OpenIdConnectDefaults.AuthenticationScheme,
-                            new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
-                    }
-                    else if (handler != null)
-                    {
-                        await handler(context);
-                    }
-                    else
-                    {
-                        await next();
-                    }
-                });
-            },
-            services =>
-            {
-                services.AddAuthentication();
-                services.Configure<SharedAuthenticationOptions>(options =>
+                        if (req.Path == new PathString(Challenge))
+                        {
+                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                        }
+                        else if (req.Path == new PathString(ChallengeWithProperties))
+                        {
+                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
+                        }
+                        else if (req.Path == new PathString(ChallengeWithOutContext))
+                        {
+                            res.StatusCode = 401;
+                        }
+                        else if (req.Path == new PathString(Signin))
+                        {
+                            // REVIEW: this used to just be res.SignIn()
+                            await context.Authentication.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal());
+                        }
+                        else if (req.Path == new PathString(Signout))
+                        {
+                            await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                        }
+                        else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
+                        {
+                            await context.Authentication.SignOutAsync(
+                                OpenIdConnectDefaults.AuthenticationScheme,
+                                new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
+                        }
+                        else if (handler != null)
+                        {
+                            await handler(context);
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
                 {
-                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                    services.AddAuthentication();
+                    services.Configure<SharedAuthenticationOptions>(options =>
+                    {
+                        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                    });
                 });
-            });
+            return new TestServer(builder);
         }
 
         private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 668f874811..db77d7f5ff 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -1,17 +1,16 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.WebEncoders;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Twitter
@@ -153,43 +152,45 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         private static TestServer CreateServer(Action<TwitterOptions> configure, Func<HttpContext, bool> handler = null)
         {
-            return TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    options.AuthenticationScheme = "External";
-                });
-                app.UseTwitterAuthentication(configure);
-                app.Use(async (context, next) =>
+                    app.UseCookieAuthentication(options =>
+                    {
+                        options.AuthenticationScheme = "External";
+                    });
+                    app.UseTwitterAuthentication(configure);
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+                        if (req.Path == new PathString("/signIn"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Twitter", new ClaimsPrincipal()));
+                        }
+                        else if (req.Path == new PathString("/signOut"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Twitter"));
+                        }
+                        else if (req.Path == new PathString("/forbid"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Twitter"));
+                        }
+                        else if (handler == null || !handler(context))
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
                 {
-                    var req = context.Request;
-                    var res = context.Response;
-                    if (req.Path == new PathString("/signIn"))
+                    services.AddAuthentication();
+                    services.Configure<SharedAuthenticationOptions>(options =>
                     {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Twitter", new ClaimsPrincipal()));
-                    }
-                    else if (req.Path == new PathString("/signOut"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Twitter"));
-                    }
-                    else if (req.Path == new PathString("/forbid"))
-                    {
-                        await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Twitter"));
-                    }
-                    else if (handler == null || !handler(context))
-                    {
-                        await next();
-                    }
+                        options.SignInScheme = "External";
+                    });
                 });
-            },
-            services =>
-            {
-                services.AddAuthentication();
-                services.Configure<SharedAuthenticationOptions>(options =>
-                {
-                    options.SignInScheme = "External";
-                });
-            });
+            return new TestServer(builder);
         }
     }
 }
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
index 78f20c9cf1..4b798c5613 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Internal;
@@ -129,18 +130,20 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         [Fact]
         public async Task CookiePolicyCanHijackAppend()
         {
-            var server = TestServer.Create(app =>
-            {
-                app.UseCookiePolicy(options => options.OnAppendCookie = ctx => ctx.CookieName = ctx.CookieValue = "Hao");
-                app.Run(context =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    context.Response.Cookies.Append("A", "A");
-                    context.Response.Cookies.Append("B", "B", new CookieOptions { Secure = false });
-                    context.Response.Cookies.Append("C", "C", new CookieOptions());
-                    context.Response.Cookies.Append("D", "D", new CookieOptions { Secure = true });
-                    return Task.FromResult(0);
+                    app.UseCookiePolicy(options => options.OnAppendCookie = ctx => ctx.CookieName = ctx.CookieValue = "Hao");
+                    app.Run(context =>
+                    {
+                        context.Response.Cookies.Append("A", "A");
+                        context.Response.Cookies.Append("B", "B", new CookieOptions { Secure = false });
+                        context.Response.Cookies.Append("C", "C", new CookieOptions());
+                        context.Response.Cookies.Append("D", "D", new CookieOptions { Secure = true });
+                        return Task.FromResult(0);
+                    });
                 });
-            });
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login");
 
@@ -154,7 +157,8 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         [Fact]
         public async Task CookiePolicyCanHijackDelete()
         {
-            var server = TestServer.Create(app =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
             {
                 app.UseCookiePolicy(options => options.OnDeleteCookie = ctx => ctx.CookieName = "A");
                 app.Run(context =>
@@ -166,6 +170,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
                     return Task.FromResult(0);
                 });
             });
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login");
 
@@ -177,7 +182,8 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         [Fact]
         public async Task CookiePolicyCallsCookieFeature()
         {
-            var server = TestServer.Create(app =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
             {
                 app.Use(next => context =>
                 {
@@ -194,6 +200,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
                     return context.Response.WriteAsync("Done");
                 });
             });
+            var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login");
             Assert.Equal("Done", transaction.ResponseText);
@@ -251,7 +258,8 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             RequestDelegate configureSetup,
             params RequestTest[] tests)
         {
-            var server = TestServer.Create(app =>
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
             {
                 app.Map(path, map =>
                 {
@@ -259,6 +267,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
                     map.Run(configureSetup);
                 });
             });
+            var server = new TestServer(builder);
             foreach (var test in tests)
             {
                 await test.Execute(server);
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
index 725c5b1f2f..71acba5978 100644
--- a/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
@@ -13,6 +13,7 @@ using System.Xml;
 using System.Xml.Linq;
 using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Hosting;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Owin;
 using Microsoft.Owin.Security.Cookies;
@@ -120,15 +121,18 @@ namespace Microsoft.AspNet.CookiePolicy.Test
 
             var transaction = await SendAsync(interopServer, "http://example.com");
 
-            var newServer = TestHost.TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
-                app.Run(async context => 
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
                 {
-                    var result = await context.Authentication.AuthenticateAsync("Cookies");
-                    await context.Response.WriteAsync(result.Identity.Name);
-                });
-            }, services => services.AddAuthentication());
+                    app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
+                    app.Run(async context => 
+                    {
+                        var result = await context.Authentication.AuthenticateAsync("Cookies");
+                        await context.Response.WriteAsync(result.Identity.Name);
+                    });
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var newServer = new TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
             request.Headers.Add("Cookie", transaction.SetCookie.Split(new[] { ';' }, 2).First());
@@ -146,11 +150,14 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             user.AddIdentity(identity);
 
             var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
-            var newServer = TestHost.TestServer.Create(app =>
-            {
-                app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
-                app.Run(context => context.Authentication.SignInAsync("Cookies", user));
-            }, services => services.AddAuthentication());
+            var builder = new WebApplicationBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
+                    app.Run(context => context.Authentication.SignInAsync("Cookies", user));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var newServer = new TestHost.TestServer(builder);
 
             var cookie = await SendAndGetCookie(newServer, "http://example.com/login");
 

From e4df43611da85fd4ffdf340d1b3790656c44a672 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Sun, 20 Dec 2015 19:44:21 -0800
Subject: [PATCH 425/900] React to IdentityModel namespace changes.

---
 .../JwtBearerHandler.cs                                        | 2 +-
 .../JwtBearerOptions.cs                                        | 2 +-
 .../OpenIdConnectHandler.cs                                    | 2 +-
 .../OpenIdConnectOptions.cs                                    | 3 +--
 .../JwtBearer/JwtBearerMiddlewareTests.cs                      | 2 +-
 .../OpenIdConnect/OpenIdConnectHandlerTests.cs                 | 2 +-
 6 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 645cf2cdef..6983041327 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.IdentityModel.Tokens;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
@@ -12,6 +11,7 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
index 1ab2a8b131..ad2160c06a 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -4,11 +4,11 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
-using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 124d8f543a..9f8e4f9572 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Globalization;
-using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Net.Http;
@@ -19,6 +18,7 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index dc2cce9964..06b7442de0 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -4,13 +4,12 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
-using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.Extensions.WebEncoders;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 6bea890b17..7dee0f0ffb 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.IdentityModel.Tokens;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
@@ -16,6 +15,7 @@ using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.AspNet.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 99b7040ea5..801cc71f95 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Net.Http;
@@ -17,6 +16,7 @@ using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect

From 84279c07cfdf4871516092c32344ce34d952a6a5 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 21 Dec 2015 15:02:14 -0800
Subject: [PATCH 426/900] OptionsModel => Options rename

---
 .../CookieAuthenticationOptions.cs                              | 2 +-
 .../FacebookMiddleware.cs                                       | 2 +-
 src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs  | 2 +-
 .../MicrosoftAccountMiddleware.cs                               | 2 +-
 src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs    | 2 +-
 .../OpenIdConnectMiddleware.cs                                  | 2 +-
 .../TwitterMiddleware.cs                                        | 2 +-
 src/Microsoft.AspNet.Authentication/project.json                | 2 +-
 .../DefaultAuthorizationService.cs                              | 2 +-
 src/Microsoft.AspNet.Authorization/project.json                 | 2 +-
 .../OpenIdConnectMiddlewareForTestingAuthenticate.cs            | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 88d41c6635..830b559c96 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -6,7 +6,7 @@ using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index 3789163810..441145681d 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.Facebook
 {
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index 152cc6290a..55d2b0ed13 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.Google
 {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 590e0d7785..c398b9279e 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -7,7 +7,7 @@ using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index 10b7bdf425..ea145fa6de 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -9,7 +9,7 @@ using System.Text.Encodings.Web;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 52023d99d7..a6f9971705 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -9,7 +9,7 @@ using System.Text.Encodings.Web;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index 3c214b0d71..e1a1c17211 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -9,7 +9,7 @@ using System.Text.Encodings.Web;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.Twitter
 {
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index c4b246641a..ef36e17f03 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -18,7 +18,7 @@
       "type": "build",
       "version": "1.0.0-*"
     },
-    "Microsoft.Extensions.OptionsModel": "1.0.0-*",
+    "Microsoft.Extensions.Options": "1.0.0-*",
     "Microsoft.Extensions.WebEncoders": "1.0.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
index 40e16107c0..2c1fcd20d1 100644
--- a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
@@ -7,7 +7,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authorization
 {
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNet.Authorization/project.json
index 0cd2647ce6..14245e4d2f 100644
--- a/src/Microsoft.AspNet.Authorization/project.json
+++ b/src/Microsoft.AspNet.Authorization/project.json
@@ -12,7 +12,7 @@
   "dependencies": {
     "Microsoft.AspNet.Http.Features": "1.0.0-*",
     "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
-    "Microsoft.Extensions.OptionsModel": "1.0.0-*"
+    "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index 17b27128af..2a91eecdbc 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -7,7 +7,7 @@ using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.OptionsModel;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 {

From 5837ce160ac5faf792bf2a64af7b5e38a22e6510 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Mon, 21 Dec 2015 17:06:48 -0800
Subject: [PATCH 427/900] Stardardizing middleware to use ConfigureOption
 lambda

---
 samples/SocialSample/Startup.cs               | 97 ++++++++++---------
 .../CookieAppBuilderExtensions.cs             | 31 ++----
 .../FacebookAppBuilderExtensions.cs           | 33 ++-----
 .../GoogleAppBuilderExtensions.cs             | 33 ++-----
 .../JwtBearerAppBuilderExtensions.cs          | 39 ++------
 .../MicrosoftAccountAppBuilderExtensions.cs   | 33 ++-----
 .../OAuthAppBuilderExtensions.cs              | 26 +----
 .../OAuthOptions.cs                           |  3 -
 .../OpenIdConnectAppBuilderExtensions.cs      | 32 ++----
 .../TwitterAppBuilderExtensions.cs            | 29 +-----
 ...laimsTransformationAppBuilderExtensions.cs | 43 ++++----
 .../CookiePolicyAppBuilderExtensions.cs       | 26 +++--
 .../Cookies/CookieMiddlewareTests.cs          |  2 +-
 13 files changed, 131 insertions(+), 296 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 59c57862ae..f1bc5b335f 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -72,26 +72,29 @@ namespace CookieSample
 
             // You must first create an app with facebook and add it's ID and Secret to your config.json or user-secrets.
             // https://developers.facebook.com/apps/
-            app.UseFacebookAuthentication(new FacebookOptions()
+            app.UseFacebookAuthentication(options =>
             {
-                AppId = Configuration["facebook:appid"],
-                AppSecret = Configuration["facebook:appsecret"],
-                Scope = { "email" },
-                Fields = { "name", "email" },
+                options.AppId = Configuration["facebook:appid"];
+                options.AppSecret = Configuration["facebook:appsecret"];
+                options.Scope.Add("email");
+                options.Fields.Add("name");
+                options.Fields.Add("email");
             });
 
             // See config.json
-            app.UseOAuthAuthentication(new OAuthOptions
+            app.UseOAuthAuthentication(options =>
             {
-                AuthenticationScheme = "Google-AccessToken",
-                DisplayName = "Google-AccessToken",
-                ClientId = Configuration["google:clientid"],
-                ClientSecret = Configuration["google:clientsecret"],
-                CallbackPath = new PathString("/signin-google-token"),
-                AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint,
-                TokenEndpoint = GoogleDefaults.TokenEndpoint,
-                Scope = { "openid", "profile", "email" },
-                SaveTokensAsClaims = true
+                options.AuthenticationScheme = "Google-AccessToken";
+                options.DisplayName = "Google-AccessToken";
+                options.ClientId = Configuration["google:clientid"];
+                options.ClientSecret = Configuration["google:clientsecret"];
+                options.CallbackPath = new PathString("/signin-google-token");
+                options.AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
+                options.TokenEndpoint = GoogleDefaults.TokenEndpoint;
+                options.Scope.Add("openid");
+                options.Scope.Add("profile");
+                options.Scope.Add("email");
+                options.SaveTokensAsClaims = true;
             });
 
             // See config.json
@@ -148,17 +151,17 @@ namespace CookieSample
             The sample app can then be run via:
              dnx . web
             */
-            app.UseOAuthAuthentication(new OAuthOptions
+            app.UseOAuthAuthentication(options => 
             {
-                AuthenticationScheme = "Microsoft-AccessToken",
-                DisplayName = "MicrosoftAccount-AccessToken - Requires project changes",
-                ClientId = Configuration["msa:clientid"],
-                ClientSecret = Configuration["msa:clientsecret"],
-                CallbackPath = new PathString("/signin-microsoft-token"),
-                AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
-                TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
-                Scope = { "wl.basic" },
-                SaveTokensAsClaims = true
+                options.AuthenticationScheme = "Microsoft-AccessToken";
+                options.DisplayName = "MicrosoftAccount-AccessToken - Requires project changes";
+                options.ClientId = Configuration["msa:clientid"];
+                options.ClientSecret = Configuration["msa:clientsecret"];
+                options.CallbackPath = new PathString("/signin-microsoft-token");
+                options.AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
+                options.TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
+                options.Scope.Add("wl.basic");
+                options.SaveTokensAsClaims = true;
             });
 
             //// You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
@@ -172,32 +175,32 @@ namespace CookieSample
 
             // See config.json
             // https://github.com/settings/applications/
-            app.UseOAuthAuthentication(new OAuthOptions
+            app.UseOAuthAuthentication(options =>
             {
-                AuthenticationScheme = "GitHub-AccessToken",
-                DisplayName = "Github-AccessToken",
-                ClientId = Configuration["github-token:clientid"],
-                ClientSecret = Configuration["github-token:clientsecret"],
-                CallbackPath = new PathString("/signin-github-token"),
-                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
-                TokenEndpoint = "https://github.com/login/oauth/access_token",
-                SaveTokensAsClaims = true
+                options.AuthenticationScheme = "GitHub-AccessToken";
+                options.DisplayName = "Github-AccessToken";
+                options.ClientId = Configuration["github-token:clientid"];
+                options.ClientSecret = Configuration["github-token:clientsecret"];
+                options.CallbackPath = new PathString("/signin-github-token");
+                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
+                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
+                options.SaveTokensAsClaims = true;
             });
 
             // See config.json
-            app.UseOAuthAuthentication(new OAuthOptions
+            app.UseOAuthAuthentication(options =>
             {
-                AuthenticationScheme = "GitHub",
-                DisplayName = "Github",
-                ClientId = Configuration["github:clientid"],
-                ClientSecret = Configuration["github:clientsecret"],
-                CallbackPath = new PathString("/signin-github"),
-                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
-                TokenEndpoint = "https://github.com/login/oauth/access_token",
-                UserInformationEndpoint = "https://api.github.com/user",
-                ClaimsIssuer = "OAuth2-Github",
+                options.AuthenticationScheme = "GitHub";
+                options.DisplayName = "Github";
+                options.ClientId = Configuration["github:clientid"];
+                options.ClientSecret = Configuration["github:clientsecret"];
+                options.CallbackPath = new PathString("/signin-github");
+                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
+                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
+                options.UserInformationEndpoint = "https://api.github.com/user";
+                options.ClaimsIssuer = "OAuth2-Github";
                 // Retrieving user information is unique to each provider.
-                Events = new OAuthEvents
+                options.Events = new OAuthEvents
                 {
                     OnCreatingTicket = async context =>
                     {
@@ -210,7 +213,7 @@ namespace CookieSample
                         response.EnsureSuccessStatusCode();
 
                         var user = JObject.Parse(await response.Content.ReadAsStringAsync());
-                        
+
                         var identifier = user.Value<string>("id");
                         if (!string.IsNullOrEmpty(identifier))
                         {
@@ -243,7 +246,7 @@ namespace CookieSample
                                 ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                     }
-                }
+                };
             });
 
             // Choose an authentication type
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 0a8cd12ce4..46539f875c 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -23,7 +23,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(app));
             }
 
-            return app.UseCookieAuthentication(new CookieAuthenticationOptions());
+            return app.UseCookieAuthentication(options => { });
         }
 
         /// <summary>
@@ -38,32 +38,13 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
 
             var options = new CookieAuthenticationOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseCookieAuthentication(options);
-        }
-
-        /// <summary>
-        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="JwtBearerOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
+            configureOptions(options);
 
             return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
         }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 0889ec6ece..cc9b73f48b 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -11,27 +11,6 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class FacebookAppBuilderExtensions
     {
-        /// <summary>
-        /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="FacebookOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, FacebookOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<FacebookMiddleware>(options);
-        }
-
         /// <summary>
         /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
         /// </summary>
@@ -44,13 +23,15 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
 
             var options = new FacebookOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseFacebookAuthentication(options);
+            configureOptions(options);
+
+            return app.UseMiddleware<FacebookMiddleware>(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 67993bbc2e..88e56928f8 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -11,27 +11,6 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class GoogleAppBuilderExtensions
     {
-        /// <summary>
-        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="GoogleOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, GoogleOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<GoogleMiddleware>(options);
-        }
-
         /// <summary>
         /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
         /// </summary>
@@ -44,13 +23,15 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
 
             var options = new GoogleOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseGoogleAuthentication(options);
+            configureOptions(options);
+
+            return app.UseMiddleware<GoogleMiddleware>(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 80494f09d8..0a1d01e446 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -11,33 +11,6 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class JwtBearerAppBuilderExtensions
     {
-        /// <summary>
-        /// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
-        /// This middleware understands appropriately
-        /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
-        /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
-        /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
-        /// any time to obtain the claims from the request's bearer token.
-        /// See also http://tools.ietf.org/html/rfc6749
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="JwtBearerOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<JwtBearerMiddleware>(options);
-        }
-
         /// <summary>
         /// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
         /// This middleware understands appropriately
@@ -56,13 +29,15 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
 
             var options = new JwtBearerOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseJwtBearerAuthentication(options);
+            configureOptions(options);
+
+            return app.UseMiddleware<JwtBearerMiddleware>(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 37a8d4180d..34b2ae0709 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -11,27 +11,6 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class MicrosoftAccountAppBuilderExtensions
     {
-        /// <summary>
-        /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="MicrosoftAccountOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, MicrosoftAccountOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
-        }
-
         /// <summary>
         /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
         /// </summary>
@@ -44,13 +23,15 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
 
             var options = new MicrosoftAccountOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseMicrosoftAccountAuthentication(options);
+            configureOptions(options);
+
+            return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index 18aa623624..93db92caba 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -23,37 +23,13 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
-
             if (configureOptions == null)
             {
                 throw new ArgumentNullException(nameof(configureOptions));
             }
 
             var options = new OAuthOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseOAuthAuthentication(options);
-        }
-
-        /// <summary>
-        /// Adds the <see cref="OAuthMiddleware{TOptions}"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OAuth 2.0 authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="OAuthOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, OAuthOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
+            configureOptions(options);
 
             return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(options);
         }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
index ba689e66b1..a79c546725 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
@@ -1,10 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Collections.Generic;
-using System.Net.Http;
-using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.OAuth
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index f9b064137f..5f22512261 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">An action delegate to configure the provided <see cref="OpenIdConnectOptions"/>.</param>
+        /// <param name="configureOptions">An action delegate to configure the provided <see cref="OpenIdConnectOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions)
         {
@@ -23,33 +23,13 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
-
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
 
             var options = new OpenIdConnectOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseOpenIdConnectAuthentication(options);
-        }
-
-        /// <summary>
-        /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">An <see cref="OpenIdConnectOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
+            configureOptions(options);
 
             return app.UseMiddleware<OpenIdConnectMiddleware>(options);
         }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index efff5937ae..024d04e697 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -23,32 +23,13 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
 
             var options = new TwitterOptions();
-            if (configureOptions != null)
-            {
-                configureOptions(options);
-            }
-            return app.UseTwitterAuthentication(options);
-        }
-
-        /// <summary>
-        /// Adds the <see cref="TwitterMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Twitter authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="TwitterOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, TwitterOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
+            configureOptions(options);
 
             return app.UseMiddleware<TwitterMiddleware>(options);
         }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index 4086c95915..702e65627b 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -13,17 +13,6 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class ClaimsTransformationAppBuilderExtensions
     {
-        /// <summary>
-        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="ClaimsTransformationOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, ClaimsTransformationOptions options)
-        {
-            return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
-        }
-
         /// <summary>
         /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
         /// </summary>
@@ -32,12 +21,19 @@ namespace Microsoft.AspNet.Builder
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Func<ClaimsPrincipal, Task<ClaimsPrincipal>> transform)
         {
-            var options = new ClaimsTransformationOptions();
-            options.Transformer = new ClaimsTransformer
+            if (app == null)
             {
-                OnTransform = transform
-            };
-            return app.UseClaimsTransformation(options);
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (transform == null)
+            {
+                throw new ArgumentNullException(nameof(transform));
+            }
+
+            return app.UseClaimsTransformation(options => 
+            {
+                options.Transformer = new ClaimsTransformer { OnTransform = transform };
+            });
         }
 
         /// <summary>
@@ -48,12 +44,19 @@ namespace Microsoft.AspNet.Builder
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Action<ClaimsTransformationOptions> configureOptions)
         {
-            var options = new ClaimsTransformationOptions();
-            if (configureOptions != null)
+            if (app == null)
             {
-                configureOptions(options);
+                throw new ArgumentNullException(nameof(app));
             }
-            return app.UseClaimsTransformation(options);
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
+
+            var options = new ClaimsTransformationOptions();
+            configureOptions(options);
+
+            return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
         }
     }
 }
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
index f8a4af52f0..c44a39360e 100644
--- a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -11,17 +11,6 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class CookiePolicyAppBuilderExtensions
     {
-        /// <summary>
-        /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="CookiePolicyOptions"/> that specifies options for the middleware.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, CookiePolicyOptions options)
-        {
-            return app.UseMiddleware<CookiePolicyMiddleware>(options);
-        }
-
         /// <summary>
         /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
         /// </summary>
@@ -30,12 +19,19 @@ namespace Microsoft.AspNet.Builder
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, Action<CookiePolicyOptions> configureOptions)
         {
-            var options = new CookiePolicyOptions();
-            if (configureOptions != null)
+            if (app == null)
             {
-                configureOptions(options);
+                throw new ArgumentNullException(nameof(app));
             }
-            return app.UseCookiePolicy(options);
+            if (configureOptions == null)
+            {
+                throw new ArgumentNullException(nameof(configureOptions));
+            }
+
+            var options = new CookiePolicyOptions();
+            configureOptions(options);
+
+            return app.UseMiddleware<CookiePolicyMiddleware>(options);
         }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index db27680d42..852b63f3e0 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -793,7 +793,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(options => options.CookieName = "One");
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions());
+                    app.UseCookieAuthentication();
                     app.Run(context => context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
                 })
                 .ConfigureServices(services => services.AddAuthentication());

From 2d21b72561c1c7092ee7eb389dee0dff1cf45b79 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Wed, 23 Dec 2015 15:26:41 -0800
Subject: [PATCH 428/900] Adding back middleware initialization with options
 instance.

---
 .../CookieAppBuilderExtensions.cs             | 20 ++++++++++++++
 .../FacebookAppBuilderExtensions.cs           | 20 ++++++++++++++
 .../GoogleAppBuilderExtensions.cs             | 20 ++++++++++++++
 .../JwtBearerAppBuilderExtensions.cs          | 26 +++++++++++++++++++
 .../MicrosoftAccountAppBuilderExtensions.cs   | 20 ++++++++++++++
 .../OAuthAppBuilderExtensions.cs              | 20 ++++++++++++++
 .../OpenIdConnectAppBuilderExtensions.cs      | 20 ++++++++++++++
 .../TwitterAppBuilderExtensions.cs            | 22 +++++++++++++++-
 ...laimsTransformationAppBuilderExtensions.cs | 20 ++++++++++++++
 .../CookiePolicyAppBuilderExtensions.cs       | 20 ++++++++++++++
 10 files changed, 207 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 46539f875c..f990df58aa 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -48,5 +48,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="CookieAuthenticationOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index cc9b73f48b..f649790a1a 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -33,5 +33,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<FacebookMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="FacebookOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, FacebookOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<FacebookMiddleware>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 88e56928f8..34f65b112e 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -33,5 +33,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<GoogleMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="GoogleOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, GoogleOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<GoogleMiddleware>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 0a1d01e446..da36d17f08 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -39,5 +39,31 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<JwtBearerMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
+        /// This middleware understands appropriately
+        /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
+        /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
+        /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
+        /// any time to obtain the claims from the request's bearer token.
+        /// See also http://tools.ietf.org/html/rfc6749
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A  <see cref="JwtBearerOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<JwtBearerMiddleware>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 34b2ae0709..4066fa4ed7 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -33,5 +33,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="MicrosoftAccountOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, MicrosoftAccountOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index 93db92caba..5599407ca3 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -33,5 +33,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="OAuthMiddleware{TOptions}"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OAuth 2.0 authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="OAuthOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, OAuthOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index 5f22512261..329820417c 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -33,5 +33,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<OpenIdConnectMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="configureOptions">A <see cref="OpenIdConnectOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<OpenIdConnectMiddleware>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 024d04e697..1701122b0a 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNet.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
         /// <param name="configureOptions">An action delegate to configure the provided <see cref="TwitterOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, Action<TwitterOptions> configureOptions = null)
+        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, Action<TwitterOptions> configureOptions)
         {
             if (app == null)
             {
@@ -33,5 +33,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<TwitterMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="TwitterMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Twitter authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">An action delegate to configure the provided <see cref="TwitterOptions"/>.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, TwitterOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<TwitterMiddleware>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index 702e65627b..21f80419f7 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -58,5 +58,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">The <see cref="ClaimsTransformationOptions"/> to configure the middleware with.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, ClaimsTransformationOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
+        }
     }
 }
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
index c44a39360e..95d52e55f0 100644
--- a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -33,5 +33,25 @@ namespace Microsoft.AspNet.Builder
 
             return app.UseMiddleware<CookiePolicyMiddleware>(options);
         }
+
+        /// <summary>
+        /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="options">A <see cref="CookiePolicyOptions"/> that specifies options for the middleware.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, CookiePolicyOptions options)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            return app.UseMiddleware<CookiePolicyMiddleware>(options);
+        }
     }
 }
\ No newline at end of file

From 6850e3b3b65d0ed80e65c62f51d0654ba44bc1f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Lain=C3=A9?= <vlaine@digitaleo.com>
Date: Mon, 28 Dec 2015 14:47:15 +0100
Subject: [PATCH 429/900] Fix missing Trim in Roles and Schemes split

---
 .../AuthorizationPolicy.cs                    |  7 +++-
 .../AuthorizationPolicyFacts.cs               | 34 +++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 096caeecd9..1882efb51b 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -88,6 +88,9 @@ namespace Microsoft.AspNet.Authorization
                 var rolesSplit = authorizeAttribute.Roles?.Split(',');
                 if (rolesSplit != null && rolesSplit.Any())
                 {
+                    for (int i = 0; i < rolesSplit.Length; ++i)
+                        rolesSplit[i] = rolesSplit[i]?.Trim();
+
                     policyBuilder.RequireRole(rolesSplit);
                     useDefaultPolicy = false;
                 }
@@ -96,7 +99,9 @@ namespace Microsoft.AspNet.Authorization
                 {
                     foreach (var authType in authTypesSplit)
                     {
-                        policyBuilder.AuthenticationSchemes.Add(authType);
+                        if (string.IsNullOrEmpty(authType))
+                            continue;
+                        policyBuilder.AuthenticationSchemes.Add(authType.Trim());
                     }
                 }
                 if (useDefaultPolicy)
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 03eccd2a62..487888d1f4 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -67,5 +67,39 @@ namespace Microsoft.AspNet.Authroization.Test
             Assert.False(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
             Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
         }
+
+        [Fact]
+        public void CombineMustTrimRoles()
+        {
+            // Arrange
+            var attributes = new AuthorizeAttribute[] {
+                new AuthorizeAttribute("2") { Roles = "r1 , r2" }
+            };
+            var options = new AuthorizationOptions();
+
+            var combined = AuthorizationPolicy.Combine(options, attributes);
+
+            Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement));
+            var rolesAuthorizationRequirement = combined.Requirements.OfType<RolesAuthorizationRequirement>().First();
+            Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count());
+            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r1")));
+            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r2")));
+        }
+
+        [Fact]
+        public void CombineMustTrimAuthenticationScheme()
+        {
+            // Arrange
+            var attributes = new AuthorizeAttribute[] {
+                new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "a1 , a2" }
+            };
+            var options = new AuthorizationOptions();
+
+            var combined = AuthorizationPolicy.Combine(options, attributes);
+
+            Assert.Equal(2, combined.AuthenticationSchemes.Count());
+            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a1")));
+            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a2")));
+        }
     }
 }
\ No newline at end of file

From ee6a57e9a2f4b7fa3c19ecaff637bf277ee690a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Lain=C3=A9?= <vlaine@digitaleo.com>
Date: Mon, 28 Dec 2015 14:55:13 +0100
Subject: [PATCH 430/900] Fix unit tests

---
 .../AuthorizationPolicyFacts.cs                               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 487888d1f4..8807fa840f 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -73,7 +73,7 @@ namespace Microsoft.AspNet.Authroization.Test
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
-                new AuthorizeAttribute("2") { Roles = "r1 , r2" }
+                new AuthorizeAttribute() { Roles = "r1 , r2" }
             };
             var options = new AuthorizationOptions();
 
@@ -91,7 +91,7 @@ namespace Microsoft.AspNet.Authroization.Test
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
-                new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "a1 , a2" }
+                new AuthorizeAttribute() { ActiveAuthenticationSchemes = "a1 , a2" }
             };
             var options = new AuthorizationOptions();
 

From 9a5da5861b1f16f96e5bf1ff96de7a787c25b974 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Lain=C3=A9?= <vlaine@digitaleo.com>
Date: Mon, 28 Dec 2015 23:57:42 +0100
Subject: [PATCH 431/900] Fix coding style and handle case where empty roles &
 schemes are empty

---
 .../AuthorizationPolicy.cs                    | 18 ++++----
 .../AuthorizationPolicyFacts.cs               | 42 +++++++++++++++++++
 2 files changed, 53 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 1882efb51b..3e6d0a773d 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -85,23 +85,27 @@ namespace Microsoft.AspNet.Authorization
                     policyBuilder.Combine(policy);
                     useDefaultPolicy = false;
                 }
-                var rolesSplit = authorizeAttribute.Roles?.Split(',');
+                var rolesSplit = authorizeAttribute.Roles?.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
                 if (rolesSplit != null && rolesSplit.Any())
                 {
                     for (int i = 0; i < rolesSplit.Length; ++i)
-                        rolesSplit[i] = rolesSplit[i]?.Trim();
+                    {    
+                        rolesSplit[i] = rolesSplit[i].Trim(); 
+                    }
 
-                    policyBuilder.RequireRole(rolesSplit);
+                    policyBuilder.RequireRole(rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)));
                     useDefaultPolicy = false;
                 }
-                var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
+                var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
                 if (authTypesSplit != null && authTypesSplit.Any())
                 {
                     foreach (var authType in authTypesSplit)
                     {
-                        if (string.IsNullOrEmpty(authType))
-                            continue;
-                        policyBuilder.AuthenticationSchemes.Add(authType.Trim());
+                        var trimmedAuthType = authType.Trim();
+                        if(!string.IsNullOrWhiteSpace(trimmedAuthType))
+                        {
+                            policyBuilder.AuthenticationSchemes.Add(trimmedAuthType);
+                        }
                     }
                 }
                 if (useDefaultPolicy)
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
index 8807fa840f..97430a1215 100644
--- a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -77,8 +77,10 @@ namespace Microsoft.AspNet.Authroization.Test
             };
             var options = new AuthorizationOptions();
 
+            // Act
             var combined = AuthorizationPolicy.Combine(options, attributes);
 
+            // Assert
             Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement));
             var rolesAuthorizationRequirement = combined.Requirements.OfType<RolesAuthorizationRequirement>().First();
             Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count());
@@ -95,11 +97,51 @@ namespace Microsoft.AspNet.Authroization.Test
             };
             var options = new AuthorizationOptions();
 
+            // Act
             var combined = AuthorizationPolicy.Combine(options, attributes);
 
+            // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
             Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a1")));
             Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a2")));
         }
+        
+        [Fact]
+        public void CombineMustIgnoreEmptyAuthenticationScheme()
+        {
+            // Arrange
+            var attributes = new AuthorizeAttribute[] {
+                new AuthorizeAttribute() { ActiveAuthenticationSchemes = "a1 , , ,,, a2" }
+            };
+            var options = new AuthorizationOptions();
+
+            // Act
+            var combined = AuthorizationPolicy.Combine(options, attributes);
+
+            // Assert
+            Assert.Equal(2, combined.AuthenticationSchemes.Count());
+            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a1")));
+            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a2")));
+        }
+        
+        [Fact]
+        public void CombineMustIgnoreEmptyRoles()
+        {
+            // Arrange
+            var attributes = new AuthorizeAttribute[] {
+                new AuthorizeAttribute() { Roles = "r1 , ,, , r2" }
+            };
+            var options = new AuthorizationOptions();
+
+            // Act
+            var combined = AuthorizationPolicy.Combine(options, attributes);
+
+            // Assert
+            Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement));
+            var rolesAuthorizationRequirement = combined.Requirements.OfType<RolesAuthorizationRequirement>().First();
+            Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count());
+            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r1")));
+            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r2")));
+        }
     }
 }
\ No newline at end of file

From 9bf861307cd7d0edbebebd578a4ba7eab7096ef6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Lain=C3=A9?= <vlaine@digitaleo.com>
Date: Wed, 30 Dec 2015 12:04:00 +0100
Subject: [PATCH 432/900] Rework the empty or space only filtering in Roles and
 Schemes

---
 .../AuthorizationPolicy.cs                       | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
index 3e6d0a773d..befcb3c277 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
@@ -85,26 +85,22 @@ namespace Microsoft.AspNet.Authorization
                     policyBuilder.Combine(policy);
                     useDefaultPolicy = false;
                 }
-                var rolesSplit = authorizeAttribute.Roles?.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
+                var rolesSplit = authorizeAttribute.Roles?.Split(',');
                 if (rolesSplit != null && rolesSplit.Any())
                 {
-                    for (int i = 0; i < rolesSplit.Length; ++i)
-                    {    
-                        rolesSplit[i] = rolesSplit[i].Trim(); 
-                    }
+                    var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
 
-                    policyBuilder.RequireRole(rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)));
+                    policyBuilder.RequireRole(trimmedRolesSplit);
                     useDefaultPolicy = false;
                 }
-                var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
+                var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
                 if (authTypesSplit != null && authTypesSplit.Any())
                 {
                     foreach (var authType in authTypesSplit)
                     {
-                        var trimmedAuthType = authType.Trim();
-                        if(!string.IsNullOrWhiteSpace(trimmedAuthType))
+                        if (!string.IsNullOrWhiteSpace(authType))
                         {
-                            policyBuilder.AuthenticationSchemes.Add(trimmedAuthType);
+                            policyBuilder.AuthenticationSchemes.Add(authType.Trim());
                         }
                     }
                 }

From 74961cac493644922840b9e34c67a7a778871582 Mon Sep 17 00:00:00 2001
From: Nicholas Nelson <nicholaspnelson@hotmail.com>
Date: Wed, 30 Dec 2015 16:50:42 -0500
Subject: [PATCH 433/900] fix typo in log message HttContext.User
 merged...=>HttpContext.User merged

---
 src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index 9beeb24823..c45fdfa7e6 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -108,7 +108,7 @@ namespace Microsoft.AspNet.Authentication
                 if (ticket?.Principal != null)
                 {
                     Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
-                    Logger.LogInformation(0, "HttContext.User merged via AutomaticAuthentication from authenticationScheme: {scheme}.", Options.AuthenticationScheme);
+                    Logger.LogInformation(0, "HttpContext.User merged via AutomaticAuthentication from authenticationScheme: {scheme}.", Options.AuthenticationScheme);
                 }
             }
         }

From 5c33ecd895e036cf9e2df64689ee5cccadbe97e5 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Mon, 4 Jan 2016 11:39:09 -0800
Subject: [PATCH 434/900] Disabling JwtBearer TokenValidationTest which is
 using an expired token

---
 .../JwtBearer/JwtBearerMiddlewareTests.cs                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 7dee0f0ffb..33f573ca18 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     public class JwtBearerMiddlewareTests
     {
-        [ConditionalFact]
+        [ConditionalFact(Skip = "Need to remove dependency on AAD since the generated tokens will expire")]
         [FrameworkSkipCondition(RuntimeFrameworks.Mono)]
         // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/179
         public async Task BearerTokenValidation()

From d38fb1e49dfc037d379b8841add915f0964b63f1 Mon Sep 17 00:00:00 2001
From: Osmozy <os_mo08@hotmail.com>
Date: Tue, 17 Nov 2015 00:28:50 +0300
Subject: [PATCH 435/900] Summary of the changes  - No need to set the
 authenticationType in the Authorize_ShouldAllowIfClaimIsPresent unit test,
 since we already have another unit test for these functionality.  - Specified
 the authentication scheme of the authorization policy  in the
 Authorize_ShouldAllowIfClaimIsPresentWithSpecifiedAuthType unit test

---
 .../DefaultAuthorizationServiceTests.cs                    | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 968f1151bb..63f1168991 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -45,7 +45,7 @@ namespace Microsoft.AspNet.Authorization.Test
                     options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
                 });
             });
-            var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));
+            var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }));
 
             // Act
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
@@ -62,7 +62,10 @@ namespace Microsoft.AspNet.Authorization.Test
             {
                 services.AddAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequireClaim("Permission", "CanViewPage"));
+                    options.AddPolicy("Basic", policy => {
+                        policy.AddAuthenticationSchemes("Basic");
+                        policy.RequireClaim("Permission", "CanViewPage");
+                    });
                 });
             });
             var user = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanViewPage") }, "Basic"));

From f195ed3bab934aa0862a86390285c625f4e12386 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 4 Jan 2016 13:30:40 -0800
Subject: [PATCH 436/900] Allow value type resources for AuthZ

---
 .../AuthorizationHandler.cs                   |  7 ++--
 .../DefaultAuthorizationServiceTests.cs       | 33 +++++++++++++++++++
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
index 84e0160fee..bdfe8b1c13 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
@@ -35,7 +35,6 @@ namespace Microsoft.AspNet.Authorization
     }
 
     public abstract class AuthorizationHandler<TRequirement, TResource> : IAuthorizationHandler
-        where TResource : class
         where TRequirement : IAuthorizationRequirement
     {
         public virtual async Task HandleAsync(AuthorizationContext context)
@@ -57,13 +56,11 @@ namespace Microsoft.AspNet.Authorization
 
         public virtual void Handle(AuthorizationContext context)
         {
-            var resource = context.Resource as TResource;
-            // REVIEW: should we allow null resources?
-            if (resource != null)
+            if (context.Resource is TResource)
             {
                 foreach (var req in context.Requirements.OfType<TRequirement>())
                 {
-                    Handle(context, req, resource);
+                    Handle(context, req, (TResource)context.Resource);
                 }
             }
         }
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 63f1168991..f2b28f6aba 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -817,6 +817,39 @@ namespace Microsoft.AspNet.Authorization.Test
             }
         }
 
+        public class EvenHandler : AuthorizationHandler<OperationAuthorizationRequirement, int>
+        {
+            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, int id)
+            {
+                if (id % 2 == 0)
+                {
+                    context.Succeed(requirement);
+                }
+            }
+        }
+
+        [Fact]
+        public async Task CanUseValueTypeResource()
+        {
+            // Arrange
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddTransient<IAuthorizationHandler, EvenHandler>();
+            });
+            var user = new ClaimsPrincipal(
+                new ClaimsIdentity(
+                    new Claim[] {
+                    },
+                    "AuthType")
+                );
+
+            // Act
+            // Assert
+            Assert.False(await authorizationService.AuthorizeAsync(user, 1, Operations.Edit));
+            Assert.True(await authorizationService.AuthorizeAsync(user, 2, Operations.Edit));
+        }
+
+
         [Fact]
         public async Task DoesNotCallHandlerWithWrongResourceType()
         {

From 3257a82367e946a351cc1eaa02a9bb5dae2a432b Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 5 Jan 2016 14:32:31 -0800
Subject: [PATCH 437/900] Expose AuthenticationProperties in events

---
 .../CookieAuthenticationHandler.cs            | 21 ++++----
 .../Events/CookieRedirectContext.cs           |  6 ++-
 .../Events/CookieSignedInContext.cs           |  6 +--
 .../Events/CookieSigningInContext.cs          |  2 +-
 .../Events/CookieSigningOutContext.cs         | 16 ++++---
 .../FacebookHandler.cs                        |  8 +---
 .../GoogleHandler.cs                          |  8 +---
 .../Events/JwtBearerChallengeContext.cs       |  6 ++-
 .../JwtBearerHandler.cs                       |  2 +-
 .../MicrosoftAccountHandler.cs                |  7 +--
 .../Events/OAuthCreatingTicketContext.cs      | 12 ++++-
 .../OAuthHandler.cs                           |  6 +--
 .../Events/AuthenticationValidatedContext.cs  |  6 ++-
 .../AuthorizationCodeReceivedContext.cs       |  9 ++--
 .../AuthorizationResponseReceivedContext.cs   |  5 +-
 .../Events/RedirectContext.cs                 |  6 ++-
 .../Events/TokenResponseReceivedContext.cs    |  6 ++-
 .../OpenIdConnectHandler.cs                   | 25 +++++-----
 .../Cookies/CookieMiddlewareTests.cs          | 48 +++++++++++++++++++
 19 files changed, 138 insertions(+), 67 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index e65640feaf..7cef596140 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -186,7 +186,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                     cookieValue,
                     cookieOptions);
 
-                await ApplyHeaders(shouldRedirectToReturnUrl: false);
+                await ApplyHeaders(shouldRedirectToReturnUrl: false, properties: ticket.Properties);
             }
         }
 
@@ -261,7 +261,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             // Only redirect on the login path
             var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
-            await ApplyHeaders(shouldRedirect);
+            await ApplyHeaders(shouldRedirect, signedInContext.Properties);
         }
 
         protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
@@ -277,6 +277,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var context = new CookieSigningOutContext(
                 Context,
                 Options,
+                new AuthenticationProperties(signOutContext.Properties),
                 cookieOptions);
 
             await Options.Events.SigningOut(context);
@@ -288,10 +289,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             // Only redirect on the logout path
             var shouldRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
-            await ApplyHeaders(shouldRedirect);
+            await ApplyHeaders(shouldRedirect, context.Properties);
         }
 
-        private async Task ApplyHeaders(bool shouldRedirectToReturnUrl)
+        private async Task ApplyHeaders(bool shouldRedirectToReturnUrl, AuthenticationProperties properties)
         {
             Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
             Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
@@ -303,7 +304,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 if (!StringValues.IsNullOrEmpty(redirectUri)
                     && IsHostRelative(redirectUri))
                 {
-                    var redirectContext = new CookieRedirectContext(Context, Options, redirectUri);
+                    var redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
                     await Options.Events.RedirectToReturnUrl(redirectContext);
                 }
             }
@@ -325,13 +326,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
-            var returnUrl = new AuthenticationProperties(context.Properties).RedirectUri;
+            var properties = new AuthenticationProperties(context.Properties);
+            var returnUrl = properties.RedirectUri;
             if (string.IsNullOrEmpty(returnUrl))
             {
                 returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
             }
             var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
-            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri));
+            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri), properties);
             await Options.Events.RedirectToAccessDenied(redirectContext);
             return true;
         }
@@ -343,14 +345,15 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri;
+            var properties = new AuthenticationProperties(context.Properties);
+            var redirectUri = properties.RedirectUri;
             if (string.IsNullOrEmpty(redirectUri))
             {
                 redirectUri = OriginalPathBase + Request.Path + Request.QueryString;
             }
 
             var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri));
+            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri), properties);
             await Options.Events.RedirectToLogin(redirectContext);
             return true;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
index 07a69dc358..437e8927e1 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -3,6 +3,7 @@
 
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -18,10 +19,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="options">The cookie middleware options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
         [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "Represents header value")]
-        public CookieRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri)
+        public CookieRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri, AuthenticationProperties properties)
             : base(context, options)
         {
             RedirectUri = redirectUri;
+            Properties = properties;
         }
 
         /// <summary>
@@ -29,5 +31,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// </summary>
         [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Represents header value")]
         public string RedirectUri { get; set; }
+
+        public AuthenticationProperties Properties { get; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
index 838f73e621..17f5090cda 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -36,16 +36,16 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// The name of the AuthenticationScheme creating a cookie
         /// </summary>
-        public string AuthenticationScheme { get; private set; }
+        public string AuthenticationScheme { get; }
 
         /// <summary>
         /// Contains the claims that were converted into the outgoing cookie.
         /// </summary>
-        public ClaimsPrincipal Principal { get; private set; }
+        public ClaimsPrincipal Principal { get; }
 
         /// <summary>
         /// Contains the extra data that was contained in the outgoing cookie.
         /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
+        public AuthenticationProperties Properties { get; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
index cf630fc31d..fa441b4b0e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -39,7 +39,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// The name of the AuthenticationScheme creating a cookie
         /// </summary>
-        public string AuthenticationScheme { get; private set; }
+        public string AuthenticationScheme { get; }
 
         /// <summary>
         /// Contains the claims about to be converted into the outgoing cookie.
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
index 55a9c762d8..a510dbcb59 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -16,20 +17,23 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <param name="context"></param>
         /// <param name="options"></param>
         /// <param name="cookieOptions"></param>
-        public CookieSigningOutContext(HttpContext context, CookieAuthenticationOptions options, CookieOptions cookieOptions)
+        public CookieSigningOutContext(
+            HttpContext context, 
+            CookieAuthenticationOptions options, 
+            AuthenticationProperties properties, 
+            CookieOptions cookieOptions)
             : base(context, options)
         {
             CookieOptions = cookieOptions;
+            Properties = properties;
         }
 
         /// <summary>
         /// The options for creating the outgoing cookie.
         /// May be replace or altered during the SigningOut call.
         /// </summary>
-        public CookieOptions CookieOptions
-        {
-            get;
-            set;
-        }
+        public CookieOptions CookieOptions { get; set; }
+
+        public AuthenticationProperties Properties { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
index d390384710..8d9548c428 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
@@ -37,12 +37,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
             response.EnsureSuccessStatusCode();
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
-            
-            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens, payload)
-            {
-                Properties = properties,
-                Principal = new ClaimsPrincipal(identity)
-            };
+
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens, payload);
 
             var identifier = FacebookHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
index 1d692b4549..f1a1eb145e 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
@@ -31,12 +31,8 @@ namespace Microsoft.AspNet.Authentication.Google
             response.EnsureSuccessStatusCode();
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
-            
-            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens, payload)
-            {
-                Properties = properties,
-                Principal = new ClaimsPrincipal(identity)
-            };
+
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens, payload);
 
             var identifier = GoogleHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index 7a6ce6991a..ae6b9d4c69 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -2,14 +2,18 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
 {
     public class JwtBearerChallengeContext : BaseJwtBearerContext
     {
-        public JwtBearerChallengeContext(HttpContext context, JwtBearerOptions options)
+        public JwtBearerChallengeContext(HttpContext context, JwtBearerOptions options, AuthenticationProperties properties)
             : base(context, options)
         {
+            Properties = properties;
         }
+
+        public AuthenticationProperties Properties { get; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 6983041327..74faa2e63f 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -203,7 +203,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
-            var eventContext = new JwtBearerChallengeContext(Context, Options);
+            var eventContext = new JwtBearerChallengeContext(Context, Options, new AuthenticationProperties(context.Properties));
             await Options.Events.Challenge(eventContext);
             if (eventContext.HandledResponse)
             {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 940b115444..6c775906d3 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -27,13 +27,8 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             response.EnsureSuccessStatusCode();
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
-            
-            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens, payload)
-            {
-                Properties = properties,
-                Principal = new ClaimsPrincipal(identity)
-            };
 
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens, payload);
             var identifier = MicrosoftAccountHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
             {
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index 05961d5ee5..bae81bf8e9 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -19,28 +19,36 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
+        /// <param name="principal">The <see cref="ClaimsPrincipal"/> representing the user.</param>
+        /// <param name="properties">Property bag for common authentication properties.</param>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         public OAuthCreatingTicketContext(
+            ClaimsPrincipal principal,
+            AuthenticationProperties properties,
             HttpContext context,
             OAuthOptions options,
             HttpClient backchannel,
             OAuthTokenResponse tokens)
-            : this(context, options, backchannel, tokens, user: new JObject())
+            : this(principal, properties, context, options, backchannel, tokens, user: new JObject())
         {
         }
 
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
+        /// <param name="principal">The <see cref="ClaimsPrincipal"/> representing the user.</param>
+        /// <param name="properties">Property bag for common authentication properties.</param>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         /// <param name="user">The JSON-serialized user.</param>
         public OAuthCreatingTicketContext(
+            ClaimsPrincipal principal,
+            AuthenticationProperties properties,
             HttpContext context,
             OAuthOptions options,
             HttpClient backchannel,
@@ -77,6 +85,8 @@ namespace Microsoft.AspNet.Authentication.OAuth
             Backchannel = backchannel;
             User = user;
             Options = options;
+            Principal = principal;
+            Properties = properties;
         }
 
         public OAuthOptions Options { get; }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index 1d36e1437d..c7a3c5efa4 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -155,11 +155,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var context = new OAuthCreatingTicketContext(Context, Options, Backchannel, tokens)
-            {
-                Principal = new ClaimsPrincipal(identity),
-                Properties = properties
-            };
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens);
 
             await Options.Events.CreatingTicket(context);
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
index b12aedce22..f9998b83e7 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
@@ -2,17 +2,21 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     public class AuthenticationValidatedContext : BaseOpenIdConnectContext
     {
-        public AuthenticationValidatedContext(HttpContext context, OpenIdConnectOptions options)
+        public AuthenticationValidatedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
             : base(context, options)
         {
+            Properties = properties;
         }
 
+        public AuthenticationProperties Properties { get; }
+
         public OpenIdConnectMessage TokenEndpointResponse { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 9489e5c25f..59f4d49115 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -4,7 +4,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
@@ -16,11 +16,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options)
+        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
             : base(context, options)
-        { 
+        {
+            Properties = properties;
         }
 
+        public AuthenticationProperties Properties { get; set; }
+
         /// <summary>
         /// Gets or sets the 'code'.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
index e433d28744..8e8b86a13a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
@@ -9,11 +9,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
     public class AuthorizationResponseReceivedContext : BaseOpenIdConnectContext
     {
-        public AuthorizationResponseReceivedContext(HttpContext context, OpenIdConnectOptions options)
+        public AuthorizationResponseReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
             : base(context, options)
         {
+            Properties = properties;
         }
 
-        public AuthenticationProperties Properties { get; set; }
+        public AuthenticationProperties Properties { get; }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
index dcd06843c5..fa1ef30d08 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
@@ -12,9 +13,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     /// </summary>
     public class RedirectContext : BaseOpenIdConnectContext
     {
-        public RedirectContext(HttpContext context, OpenIdConnectOptions options)
+        public RedirectContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
             : base(context, options)
         {
+            Properties = properties;
         }
+
+        public AuthenticationProperties Properties { get; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index 19c58dca9f..e9522f70d8 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -1,4 +1,5 @@
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
@@ -11,11 +12,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="TokenResponseReceivedContext"/>
         /// </summary>
-        public TokenResponseReceivedContext(HttpContext context, OpenIdConnectOptions options)
+        public TokenResponseReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
             : base(context, options)
         {
+            Properties = properties;
         }
 
+        public AuthenticationProperties Properties { get; }
+
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectMessage"/> that contains the tokens received after redeeming the code at the token endpoint.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9f8e4f9572..14472b4b9a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -99,7 +99,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     message.IdTokenHint = principal?.FindFirst(OpenIdConnectParameterNames.IdToken)?.Value;
                 }
 
-                var redirectContext = new RedirectContext(Context, Options)
+                var redirectContext = new RedirectContext(Context, Options, properties)
                 {
                     ProtocolMessage = message
                 };
@@ -215,7 +215,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             GenerateCorrelationId(properties);
 
-            var redirectContext = new RedirectContext(Context, Options)
+            var redirectContext = new RedirectContext(Context, Options, properties)
             {
                 ProtocolMessage = message
             };
@@ -379,10 +379,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 }
 
                 Logger.LogTrace(15, "Authorization response received.");
-                var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options)
+                var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options, properties)
                 {
-                    ProtocolMessage = message,
-                    Properties = properties
+                    ProtocolMessage = message
                 };
                 await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
                 if (authorizationResponseReceivedContext.HandledResponse)
@@ -469,7 +468,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             var tokenEndpointResponse = await RedeemAuthorizationCodeAsync(code, authorizationCodeReceivedContext.RedirectUri);
 
-            var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(message, tokenEndpointResponse);
+            var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(message, tokenEndpointResponse, properties);
             if (authorizationCodeRedeemedContext.HandledResponse)
             {
                 return AuthenticateResult.Success(authorizationCodeRedeemedContext.AuthenticationTicket);
@@ -502,7 +501,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Nonce = nonce
             });
 
-            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse);
+            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, properties, tokenEndpointResponse);
             if (authenticationValidatedContext.HandledResponse)
             {
                 return AuthenticateResult.Success(authenticationValidatedContext.AuthenticationTicket);
@@ -551,7 +550,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Nonce = nonce
             });
 
-            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, tokenEndpointResponse: null);
+            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, properties, tokenEndpointResponse: null);
             if (authenticationValidatedContext.HandledResponse)
             {
                 return AuthenticateResult.Success(authenticationValidatedContext.AuthenticationTicket);
@@ -950,7 +949,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             Logger.LogTrace(32, "AuthorizationCode received: '{0}'", message.Code);
 
-            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options)
+            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options, properties)
             {
                 Code = message.Code,
                 ProtocolMessage = message,
@@ -972,10 +971,10 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return authorizationCodeReceivedContext;
         }
 
-        private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse)
+        private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties)
         {
             Logger.LogTrace(35, "Token response received.");
-            var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options)
+            var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options, properties)
             {
                 ProtocolMessage = message,
                 TokenEndpointResponse = tokenEndpointResponse
@@ -993,9 +992,9 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             return tokenResponseReceivedContext;
         }
 
-        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, OpenIdConnectMessage tokenEndpointResponse)
+        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, AuthenticationProperties properties, OpenIdConnectMessage tokenEndpointResponse)
         {
-            var authenticationValidatedContext = new AuthenticationValidatedContext(Context, Options)
+            var authenticationValidatedContext = new AuthenticationValidatedContext(Context, Options, properties)
             {
                 AuthenticationTicket = ticket,
                 ProtocolMessage = message,
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 852b63f3e0..329b0d176e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -533,6 +533,54 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
+        [Fact]
+        public async Task CookieValidatorOnlyCalledOnce()
+        {
+            var clock = new TestClock();
+            var server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = false;
+                options.Events = new CookieAuthenticationEvents
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.ShouldRenew = true;
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.Authentication.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.NotNull(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+
+            clock.Add(TimeSpan.FromMinutes(5));
+
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
+            Assert.NotNull(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
+
+            clock.Add(TimeSpan.FromMinutes(6));
+
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.Null(transaction4.SetCookie);
+            Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
+
+            clock.Add(TimeSpan.FromMinutes(5));
+
+            var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
+            Assert.Null(transaction5.SetCookie);
+            Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
+        }
+
+
         [Fact]
         public async Task CookieExpirationCanBeOverridenInEvent()
         {

From 7a23028527d6aaf3d468a8d943a118a0c751f523 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 5 Jan 2016 15:46:58 -0800
Subject: [PATCH 438/900] Switch to AuthenticationTicket in OAuth event

---
 .../FacebookHandler.cs                        |  5 +--
 .../GoogleHandler.cs                          |  5 +--
 .../JwtBearerHandler.cs                       | 12 +++----
 .../MicrosoftAccountHandler.cs                |  6 ++--
 .../Events/OAuthCreatingTicketContext.cs      | 32 +++++++------------
 .../OAuthHandler.cs                           | 12 ++-----
 .../OpenIdConnectHandler.cs                   | 32 +++++++++----------
 .../Events/BaseControlContext.cs              |  6 ++--
 .../Events/TicketReceivedContext.cs           |  2 +-
 .../Google/GoogleMiddlewareTests.cs           |  4 +--
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 12 +++----
 .../MicrosoftAccountMiddlewareTests.cs        |  2 +-
 12 files changed, 58 insertions(+), 72 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
index 8d9548c428..44bc1468ee 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
@@ -38,7 +38,8 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens, payload);
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
 
             var identifier = FacebookHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
@@ -78,7 +79,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
             await Options.Events.CreatingTicket(context);
 
-            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
+            return context.Ticket;
         }
 
         private string GenerateAppSecretProof(string accessToken)
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
index f1a1eb145e..e4b50132ad 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
@@ -32,7 +32,8 @@ namespace Microsoft.AspNet.Authentication.Google
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens, payload);
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
 
             var identifier = GoogleHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
@@ -72,7 +73,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
             await Options.Events.CreatingTicket(context);
 
-            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
+            return context.Ticket;
         }
 
         // TODO: Abstract this properties override pattern into the base class?
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 74faa2e63f..08640019c9 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 await Options.Events.ReceivingToken(receivingTokenContext);
                 if (receivingTokenContext.HandledResponse)
                 {
-                    return AuthenticateResult.Success(receivingTokenContext.AuthenticationTicket);
+                    return AuthenticateResult.Success(receivingTokenContext.Ticket);
                 }
                 if (receivingTokenContext.Skipped)
                 {
@@ -77,7 +77,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 await Options.Events.ReceivedToken(receivedTokenContext);
                 if (receivedTokenContext.HandledResponse)
                 {
-                    return AuthenticateResult.Success(receivedTokenContext.AuthenticationTicket);
+                    return AuthenticateResult.Success(receivedTokenContext.Ticket);
                 }
                 if (receivedTokenContext.Skipped)
                 {
@@ -139,13 +139,13 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
                         var validatedTokenContext = new ValidatedTokenContext(Context, Options)
                         {
-                            AuthenticationTicket = ticket
+                            Ticket = ticket
                         };
 
                         await Options.Events.ValidatedToken(validatedTokenContext);
                         if (validatedTokenContext.HandledResponse)
                         {
-                            return AuthenticateResult.Success(validatedTokenContext.AuthenticationTicket);
+                            return AuthenticateResult.Success(validatedTokenContext.Ticket);
                         }
                         if (validatedTokenContext.Skipped)
                         {
@@ -166,7 +166,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     await Options.Events.AuthenticationFailed(authenticationFailedContext);
                     if (authenticationFailedContext.HandledResponse)
                     {
-                        return AuthenticateResult.Success(authenticationFailedContext.AuthenticationTicket);
+                        return AuthenticateResult.Success(authenticationFailedContext.Ticket);
                     }
                     if (authenticationFailedContext.Skipped)
                     {
@@ -190,7 +190,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                 await Options.Events.AuthenticationFailed(authenticationFailedContext);
                 if (authenticationFailedContext.HandledResponse)
                 {
-                    return AuthenticateResult.Success(authenticationFailedContext.AuthenticationTicket);
+                    return AuthenticateResult.Success(authenticationFailedContext.Ticket);
                 }
                 if (authenticationFailedContext.Skipped)
                 {
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 6c775906d3..35dcc92239 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -28,7 +28,8 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens, payload);
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
             var identifier = MicrosoftAccountHelper.GetId(payload);
             if (!string.IsNullOrEmpty(identifier))
             {
@@ -50,8 +51,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             }
 
             await Options.Events.CreatingTicket(context);
-
-            return new AuthenticationTicket(context.Principal, context.Properties, context.Options.AuthenticationScheme);
+            return context.Ticket;
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index bae81bf8e9..835bb2e3ae 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -19,36 +19,32 @@ namespace Microsoft.AspNet.Authentication.OAuth
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
-        /// <param name="principal">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <param name="properties">Property bag for common authentication properties.</param>
+        /// <param name="ticket">The <see cref="AuthenticationTicket"/>.</param>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         public OAuthCreatingTicketContext(
-            ClaimsPrincipal principal,
-            AuthenticationProperties properties,
+            AuthenticationTicket ticket,
             HttpContext context,
             OAuthOptions options,
             HttpClient backchannel,
             OAuthTokenResponse tokens)
-            : this(principal, properties, context, options, backchannel, tokens, user: new JObject())
+            : this(ticket, context, options, backchannel, tokens, user: new JObject())
         {
         }
 
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
-        /// <param name="principal">The <see cref="ClaimsPrincipal"/> representing the user.</param>
-        /// <param name="properties">Property bag for common authentication properties.</param>
+        /// <param name="ticket">The <see cref="AuthenticationTicket"/>.</param>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         /// <param name="user">The JSON-serialized user.</param>
         public OAuthCreatingTicketContext(
-            ClaimsPrincipal principal,
-            AuthenticationProperties properties,
+            AuthenticationTicket ticket,
             HttpContext context,
             OAuthOptions options,
             HttpClient backchannel,
@@ -85,8 +81,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             Backchannel = backchannel;
             User = user;
             Options = options;
-            Principal = principal;
-            Properties = properties;
+            Ticket = ticket;
         }
 
         public OAuthOptions Options { get; }
@@ -140,19 +135,14 @@ namespace Microsoft.AspNet.Authentication.OAuth
         public HttpClient Backchannel { get; }
 
         /// <summary>
-        /// Gets the <see cref="ClaimsPrincipal"/> representing the user.
+        /// The <see cref="AuthenticationTicket"/> that will be created.
         /// </summary>
-        public ClaimsPrincipal Principal { get; set; }
+        public AuthenticationTicket Ticket { get; set; }
 
         /// <summary>
-        /// Gets the main identity exposed by <see cref="Principal"/>.
-        /// This property returns <c>null</c> when <see cref="Principal"/> is <c>null</c>.
+        /// Gets the main identity exposed by <see cref="Ticket"/>.
+        /// This property returns <c>null</c> when <see cref="Ticket"/> is <c>null</c>.
         /// </summary>
-        public ClaimsIdentity Identity => Principal?.Identity as ClaimsIdentity;
-
-        /// <summary>
-        /// Gets or sets a property bag for common authentication properties.
-        /// </summary>
-        public AuthenticationProperties Properties { get; set; }
+        public ClaimsIdentity Identity => Ticket?.Principal.Identity as ClaimsIdentity;
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index c7a3c5efa4..6f197d86bc 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -155,16 +155,10 @@ namespace Microsoft.AspNet.Authentication.OAuth
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Options, Backchannel, tokens);
-
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens);
             await Options.Events.CreatingTicket(context);
-
-            if (context.Principal?.Identity == null)
-            {
-                return null;
-            }
-
-            return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
+            return context.Ticket;
         }
 
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 14472b4b9a..2d157e48c3 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -332,7 +332,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var messageReceivedContext = await RunMessageReceivedEventAsync(message);
                 if (messageReceivedContext.HandledResponse)
                 {
-                    return AuthenticateResult.Success(messageReceivedContext.AuthenticationTicket);
+                    return AuthenticateResult.Success(messageReceivedContext.Ticket);
                 }
                 else if (messageReceivedContext.Skipped)
                 {
@@ -387,7 +387,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 if (authorizationResponseReceivedContext.HandledResponse)
                 {
                     Logger.LogDebug(16, "AuthorizationResponseReceived.HandledResponse");
-                    return AuthenticateResult.Success(authorizationResponseReceivedContext.AuthenticationTicket);
+                    return AuthenticateResult.Success(authorizationResponseReceivedContext.Ticket);
                 }
                 else if (authorizationResponseReceivedContext.Skipped)
                 {
@@ -428,7 +428,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var authenticationFailedContext = await RunAuthenticationFailedEventAsync(message, exception);
                 if (authenticationFailedContext.HandledResponse)
                 {
-                    return AuthenticateResult.Success(authenticationFailedContext.AuthenticationTicket);
+                    return AuthenticateResult.Success(authenticationFailedContext.Ticket);
                 }
                 else if (authenticationFailedContext.Skipped)
                 {
@@ -454,7 +454,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
-                return AuthenticateResult.Success(authorizationCodeReceivedContext.AuthenticationTicket);
+                return AuthenticateResult.Success(authorizationCodeReceivedContext.Ticket);
             }
             else if (authorizationCodeReceivedContext.Skipped)
             {
@@ -471,7 +471,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(message, tokenEndpointResponse, properties);
             if (authorizationCodeRedeemedContext.HandledResponse)
             {
-                return AuthenticateResult.Success(authorizationCodeRedeemedContext.AuthenticationTicket);
+                return AuthenticateResult.Success(authorizationCodeRedeemedContext.Ticket);
             }
             else if (authorizationCodeRedeemedContext.Skipped)
             {
@@ -504,13 +504,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, properties, tokenEndpointResponse);
             if (authenticationValidatedContext.HandledResponse)
             {
-                return AuthenticateResult.Success(authenticationValidatedContext.AuthenticationTicket);
+                return AuthenticateResult.Success(authenticationValidatedContext.Ticket);
             }
             else if (authenticationValidatedContext.Skipped)
             {
                 return AuthenticateResult.Skip();
             }
-            ticket = authenticationValidatedContext.AuthenticationTicket;
+            ticket = authenticationValidatedContext.Ticket;
 
             if (Options.SaveTokensAsClaims)
             {
@@ -553,14 +553,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, properties, tokenEndpointResponse: null);
             if (authenticationValidatedContext.HandledResponse)
             {
-                return AuthenticateResult.Success(authenticationValidatedContext.AuthenticationTicket);
+                return AuthenticateResult.Success(authenticationValidatedContext.Ticket);
             }
             else if (authenticationValidatedContext.Skipped)
             {
                 return AuthenticateResult.Skip();
             }
             message = authenticationValidatedContext.ProtocolMessage;
-            ticket = authenticationValidatedContext.AuthenticationTicket;
+            ticket = authenticationValidatedContext.Ticket;
 
             // Hybrid Flow
             if (message.Code != null)
@@ -568,14 +568,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
                 if (authorizationCodeReceivedContext.HandledResponse)
                 {
-                    return AuthenticateResult.Success(authorizationCodeReceivedContext.AuthenticationTicket);
+                    return AuthenticateResult.Success(authorizationCodeReceivedContext.Ticket);
                 }
                 else if (authorizationCodeReceivedContext.Skipped)
                 {
                     return AuthenticateResult.Skip();
                 }
                 message = authorizationCodeReceivedContext.ProtocolMessage;
-                ticket = authorizationCodeReceivedContext.AuthenticationTicket;
+                ticket = authorizationCodeReceivedContext.Ticket;
 
                 if (Options.SaveTokensAsClaims)
                 {
@@ -666,13 +666,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
             if (userInformationReceivedContext.HandledResponse)
             {
-                return userInformationReceivedContext.AuthenticationTicket;
+                return userInformationReceivedContext.Ticket;
             }
             else if (userInformationReceivedContext.Skipped)
             {
                 return ticket;
             }
-            ticket = userInformationReceivedContext.AuthenticationTicket;
+            ticket = userInformationReceivedContext.Ticket;
             user = userInformationReceivedContext.User;
 
             Options.ProtocolValidator.ValidateUserInfoResponse(new OpenIdConnectProtocolValidationContext()
@@ -954,7 +954,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 Code = message.Code,
                 ProtocolMessage = message,
                 RedirectUri = redirectUri,
-                AuthenticationTicket = ticket,
+                Ticket = ticket,
                 JwtSecurityToken = jwt
             };
 
@@ -996,7 +996,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         {
             var authenticationValidatedContext = new AuthenticationValidatedContext(Context, Options, properties)
             {
-                AuthenticationTicket = ticket,
+                Ticket = ticket,
                 ProtocolMessage = message,
                 TokenEndpointResponse = tokenEndpointResponse,
             };
@@ -1020,7 +1020,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             var userInformationReceivedContext = new UserInformationReceivedContext(Context, Options)
             {
-                AuthenticationTicket = ticket,
+                Ticket = ticket,
                 ProtocolMessage = message,
                 User = user,
             };
diff --git a/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
index 5e28dfc6c1..4e986c808e 100644
--- a/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
@@ -26,7 +26,7 @@ namespace Microsoft.AspNet.Authentication
         /// <summary>
         /// Discontinue all processing for this request and return to the client.
         /// The caller is responsible for generating the full response.
-        /// Set the <see cref="AuthenticationTicket"/> to trigger SignIn.
+        /// Set the <see cref="Ticket"/> to trigger SignIn.
         /// </summary>
         public void HandleResponse()
         {
@@ -43,8 +43,8 @@ namespace Microsoft.AspNet.Authentication
         }
 
         /// <summary>
-        /// Gets or set the <see cref="AuthenticationTicket"/> to return if this event signals it handled the event.
+        /// Gets or set the <see cref="Ticket"/> to return if this event signals it handled the event.
         /// </summary>
-        public AuthenticationTicket AuthenticationTicket { get; set; }
+        public AuthenticationTicket Ticket { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
index b2c5adbc58..28f6649fee 100644
--- a/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNet.Authentication
             : base(context)
         {
             Options = options;
-            AuthenticationTicket = ticket;
+            Ticket = ticket;
             if (ticket != null)
             {
                 Principal = ticket.Principal;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 11fbe67e51..dcfe91e5a1 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -531,7 +531,7 @@ namespace Microsoft.AspNet.Authentication.Google
                     OnCreatingTicket = context =>
                     {
                         var refreshToken = context.RefreshToken;
-                        context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
+                        context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
                         return Task.FromResult(0);
                     }
                 };
@@ -610,7 +610,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 {
                     OnTicketReceived = context =>
                     {
-                        context.AuthenticationTicket.Properties.RedirectUri = null;
+                        context.Ticket.Properties.RedirectUri = null;
                         return Task.FromResult(0);
                     }
                 };
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 33f573ca18..a3e7fbd54e 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -82,7 +82,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                             new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                         };
 
-                        context.AuthenticationTicket = new AuthenticationTicket(
+                        context.Ticket = new AuthenticationTicket(
                             new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
                             new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
@@ -160,7 +160,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                             new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                         };
 
-                        context.AuthenticationTicket = new AuthenticationTicket(
+                        context.Ticket = new AuthenticationTicket(
                             new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
                             new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
@@ -189,7 +189,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         // Retrieve the NameIdentifier claim from the identity
                         // returned by the custom security token validator.
-                        var identity = (ClaimsIdentity)context.AuthenticationTicket.Principal.Identity;
+                        var identity = (ClaimsIdentity)context.Ticket.Principal.Identity;
                         var identifier = identity.FindFirst(ClaimTypes.NameIdentifier);
 
                         Assert.Equal("Bob le Tout Puissant", identifier.Value);
@@ -236,7 +236,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                             new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                         };
 
-                        context.AuthenticationTicket = new AuthenticationTicket(
+                        context.Ticket = new AuthenticationTicket(
                             new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
                             new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
@@ -268,7 +268,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                             new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                         };
 
-                        context.AuthenticationTicket = new AuthenticationTicket(
+                        context.Ticket = new AuthenticationTicket(
                             new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
                             new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
@@ -299,7 +299,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                             new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                         };
 
-                        context.AuthenticationTicket = new AuthenticationTicket(
+                        context.Ticket = new AuthenticationTicket(
                             new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
                             new AuthenticationProperties(), context.Options.AuthenticationScheme);
 
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 1b5bd483b7..849cdfe0a2 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -150,7 +150,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                         OnCreatingTicket = context =>
                         {
                             var refreshToken = context.RefreshToken;
-                            context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
+                            context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
                             return Task.FromResult<object>(null);
                         }
                     };

From 5bcc1bfc260978b0bea9b981056dd0beb31df400 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 8 Jan 2016 13:22:55 -0800
Subject: [PATCH 439/900] Also refresh expires/Issues when renewing cookie

---
 .../CookieAuthenticationHandler.cs            | 64 +++++++++++--------
 .../Cookies/CookieMiddlewareTests.cs          | 55 ++++++++++++++++
 2 files changed, 94 insertions(+), 25 deletions(-)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 7cef596140..82a47ecaeb 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -21,9 +21,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
         private const string HeaderValueMinusOne = "-1";
         private const string SessionIdClaim = "Microsoft.AspNet.Authentication.Cookies-SessionId";
 
-        private bool _shouldRenew;
-        private DateTimeOffset? _renewIssuedUtc;
-        private DateTimeOffset? _renewExpiresUtc;
+        private bool _shouldRefresh;
+        private DateTimeOffset? _refreshIssuedUtc;
+        private DateTimeOffset? _refreshExpiresUtc;
         private string _sessionKey;
         private Task<AuthenticateResult> _readCookieTask;
 
@@ -37,6 +37,33 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return _readCookieTask;
         }
 
+        private void CheckForRefresh(AuthenticationTicket ticket)
+        {
+            var currentUtc = Options.SystemClock.UtcNow;
+            var issuedUtc = ticket.Properties.IssuedUtc;
+            var expiresUtc = ticket.Properties.ExpiresUtc;
+            var allowRefresh = ticket.Properties.AllowRefresh ?? true;
+            if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration && allowRefresh)
+            {
+                var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
+                var timeRemaining = expiresUtc.Value.Subtract(currentUtc);
+
+                if (timeRemaining < timeElapsed)
+                {
+                    RequestRefresh(ticket);
+                }
+            }
+        }
+
+        private void RequestRefresh(AuthenticationTicket ticket)
+        {
+            _shouldRefresh = true;
+            var currentUtc = Options.SystemClock.UtcNow;
+            _refreshIssuedUtc = currentUtc;
+            var timeSpan = ticket.Properties.ExpiresUtc.Value.Subtract(ticket.Properties.IssuedUtc.Value);
+            _refreshExpiresUtc = currentUtc.Add(timeSpan);
+        }
+
         private async Task<AuthenticateResult> ReadCookieTicket()
         {
             var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
@@ -79,20 +106,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 return AuthenticateResult.Fail("Ticket expired");
             }
 
-            var allowRefresh = ticket.Properties.AllowRefresh ?? true;
-            if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration && allowRefresh)
-            {
-                var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
-                var timeRemaining = expiresUtc.Value.Subtract(currentUtc);
-
-                if (timeRemaining < timeElapsed)
-                {
-                    _shouldRenew = true;
-                    _renewIssuedUtc = currentUtc;
-                    var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
-                    _renewExpiresUtc = currentUtc.Add(timeSpan);
-                }
-            }
+            CheckForRefresh(ticket);
 
             // Finally we have a valid ticket
             return AuthenticateResult.Success(ticket);
@@ -116,7 +130,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
             if (context.ShouldRenew)
             {
-                _shouldRenew = true;
+                RequestRefresh(result.Ticket);
             }
 
             return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme));
@@ -144,7 +158,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         protected override async Task FinishResponseAsync()
         {
             // Only renew if requested, and neither sign in or sign out was called
-            if (!_shouldRenew || SignInAccepted || SignOutAccepted)
+            if (!_shouldRefresh || SignInAccepted || SignOutAccepted)
             {
                 return;
             }
@@ -153,13 +167,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var ticket = (await HandleAuthenticateOnceAsync())?.Ticket;
             if (ticket != null)
             {
-                if (_renewIssuedUtc.HasValue)
+                if (_refreshIssuedUtc.HasValue)
                 {
-                    ticket.Properties.IssuedUtc = _renewIssuedUtc;
+                    ticket.Properties.IssuedUtc = _refreshIssuedUtc;
                 }
-                if (_renewExpiresUtc.HasValue)
+                if (_refreshExpiresUtc.HasValue)
                 {
-                    ticket.Properties.ExpiresUtc = _renewExpiresUtc;
+                    ticket.Properties.ExpiresUtc = _refreshExpiresUtc;
                 }
 
                 if (Options.SessionStore != null && _sessionKey != null)
@@ -175,9 +189,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
 
                 var cookieOptions = BuildCookieOptions();
-                if (ticket.Properties.IsPersistent && _renewExpiresUtc.HasValue)
+                if (ticket.Properties.IsPersistent && _refreshExpiresUtc.HasValue)
                 {
-                    cookieOptions.Expires = _renewExpiresUtc.Value.ToUniversalTime().DateTime;
+                    cookieOptions.Expires = _refreshExpiresUtc.Value.ToUniversalTime().DateTime;
                 }
 
                 Options.CookieManager.AppendResponseCookie(
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 329b0d176e..ffcf6d8792 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -580,6 +580,61 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ShouldRenewUpdatesIssuedExpiredUtc(bool sliding)
+        {
+            var clock = new TestClock();
+            DateTimeOffset? lastValidateIssuedDate = null;
+            DateTimeOffset? lastExpiresDate = null;
+            var server = CreateServer(options =>
+            {
+                options.SystemClock = clock;
+                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                options.SlidingExpiration = sliding;
+                options.Events = new CookieAuthenticationEvents
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        lastValidateIssuedDate = ctx.Properties.IssuedUtc;
+                        lastExpiresDate = ctx.Properties.ExpiresUtc;
+                        ctx.ShouldRenew = true;
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.Authentication.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.NotNull(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+
+            Assert.NotNull(lastValidateIssuedDate);
+            Assert.NotNull(lastExpiresDate);
+
+            var firstIssueDate = lastValidateIssuedDate;
+            var firstExpiresDate = lastExpiresDate;
+
+            clock.Add(TimeSpan.FromMinutes(1));
+
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
+            Assert.NotNull(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
+
+            clock.Add(TimeSpan.FromMinutes(2));
+
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
+            Assert.NotNull(transaction4.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
+
+            Assert.NotEqual(lastValidateIssuedDate, firstIssueDate);
+            Assert.NotEqual(firstExpiresDate, lastExpiresDate);
+        }
 
         [Fact]
         public async Task CookieExpirationCanBeOverridenInEvent()

From f4aafe04e09d4a51568f2d171712f5cafe1b2a3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Mon, 4 Jan 2016 20:58:49 +0100
Subject: [PATCH 440/900] Replace Microsoft.Owin.Security.Cookies.Interop by
 Microsoft.Owin.Security.Interop

---
 Security.sln                                  |  60 ++++-----
 .../DataHandler/TicketDataFormat.cs           |   3 +-
 .../DataHandler/TicketSerializer.cs           |   2 +-
 .../CookieAuthenticationExtensions.cs         |  26 ----
 .../DefaultCompatibilityConstants.cs          |  22 ----
 .../Properties/AssemblyInfo.cs                |   8 --
 .../project.json                              |  18 ---
 .../AspNetTicketDataFormat.cs                 |   4 +-
 .../AspNetTicketSerializer.cs                 |   4 +-
 .../DataProtectorShim.cs                      |   4 +-
 .../Microsoft.Owin.Security.Interop.xproj}    |  11 +-
 .../Properties/AssemblyInfo.cs                |  23 ++++
 .../project.json                              |  15 +++
 .../CookieInteropTests.cs}                    | 121 +++++-------------
 ...icrosoft.Owin.Security.Interop.Test.xproj} |   4 +-
 .../Properties/AssemblyInfo.cs                |  23 ++++
 .../TicketInteropTests.cs                     |  91 +++++++++++++
 .../project.json                              |   5 +-
 18 files changed, 232 insertions(+), 212 deletions(-)
 delete mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs
 delete mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs
 delete mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs
 delete mode 100644 src/Microsoft.Owin.Security.Cookies.Interop/project.json
 rename src/{Microsoft.Owin.Security.Cookies.Interop => Microsoft.Owin.Security.Interop}/AspNetTicketDataFormat.cs (78%)
 rename src/{Microsoft.Owin.Security.Cookies.Interop => Microsoft.Owin.Security.Interop}/AspNetTicketSerializer.cs (98%)
 rename src/{Microsoft.Owin.Security.Cookies.Interop => Microsoft.Owin.Security.Interop}/DataProtectorShim.cs (84%)
 rename src/{Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj => Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj} (70%)
 create mode 100644 src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/project.json
 rename test/{Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs => Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs} (63%)
 rename test/{Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj => Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj} (87%)
 create mode 100644 test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
 create mode 100644 test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
 rename test/{Microsoft.Owin.Security.Cookies.Interop.Test => Microsoft.Owin.Security.Interop.Test}/project.json (78%)

diff --git a/Security.sln b/Security.sln
index 77ed552842..28ecb032ed 100644
--- a/Security.sln
+++ b/Security.sln
@@ -50,12 +50,12 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePoli
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Cookies.Interop", "src\Microsoft.Owin.Security.Cookies.Interop\Microsoft.Owin.Security.Cookies.Interop.xproj", "{21A56E78-31DE-4868-9778-7E4DBE2A4E35}"
-EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Cookies.Interop.Test", "test\Microsoft.Owin.Security.Cookies.Interop.Test\Microsoft.Owin.Security.Cookies.Interop.Test.xproj", "{73E8E654-A2AC-4848-95F3-EB55512F6C39}"
-EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "JwtBearerSample", "samples\JwtBearerSample\JwtBearerSample.xproj", "{D399B84F-591B-4E98-92BA-B0F63E7B6957}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Interop", "src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.xproj", "{A7922DD8-09F1-43E4-938B-CC523EA08898}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Interop.Test", "test\Microsoft.Owin.Security.Interop.Test\Microsoft.Owin.Security.Interop.Test.xproj", "{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -276,30 +276,6 @@ Global
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Debug|x86.Build.0 = Debug|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Any CPU.Build.0 = Release|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|x86.ActiveCfg = Release|Any CPU
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35}.Release|x86.Build.0 = Release|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Debug|x86.Build.0 = Debug|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Any CPU.Build.0 = Release|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|x86.ActiveCfg = Release|Any CPU
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39}.Release|x86.Build.0 = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -312,6 +288,30 @@ Global
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.ActiveCfg = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -335,8 +335,8 @@ Global
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{1790E052-646F-4529-B90E-6FEA95520D69} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{21A56E78-31DE-4868-9778-7E4DBE2A4E35} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{73E8E654-A2AC-4848-95F3-EB55512F6C39} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{A7922DD8-09F1-43E4-938B-CC523EA08898} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
index a252b138ca..63f97cc9e4 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
@@ -7,7 +7,8 @@ namespace Microsoft.AspNet.Authentication
 {
     public class TicketDataFormat : SecureDataFormat<AuthenticationTicket>
     {
-        public TicketDataFormat(IDataProtector protector) : base(new TicketSerializer(), protector)
+        public TicketDataFormat(IDataProtector protector)
+            : base(TicketSerializer.Default, protector)
         {
         }
     }
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
index 8fae5f9235..36b2695923 100644
--- a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
+++ b/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
@@ -8,7 +8,7 @@ using System.Security.Claims;
 
 namespace Microsoft.AspNet.Authentication
 {
-    // This MUST be kept in sync with Microsoft.Owin.Security.Cookies.AspNetTicketSerializer
+    // This MUST be kept in sync with Microsoft.Owin.Security.Interop.AspNetTicketSerializer
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
     {
         private const string DefaultStringPlaceholder = "\0";
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs b/src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs
deleted file mode 100644
index 3bbe74aad6..0000000000
--- a/src/Microsoft.Owin.Security.Cookies.Interop/CookieAuthenticationExtensions.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNet.DataProtection;
-using Microsoft.Owin.Security.Cookies;
-using Microsoft.Owin.Security.Cookies.Interop;
-
-namespace Owin
-{
-    public static class CookieAuthenticationExtensions
-    {
-        public static IAppBuilder UseCookieAuthentication(
-            this IAppBuilder app,
-            CookieAuthenticationOptions options,
-            DataProtectionProvider dataProtectionProvider,
-            PipelineStage stage = PipelineStage.Authenticate)
-        {
-            var dataProtector = dataProtectionProvider.CreateProtector(
-                "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
-                options.AuthenticationType, "v2");
-            options.TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector));
-
-            return app.UseCookieAuthentication(options, stage);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs b/src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs
deleted file mode 100644
index b403033e32..0000000000
--- a/src/Microsoft.Owin.Security.Cookies.Interop/DefaultCompatibilityConstants.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNet.Identity
-{
-    /// <summary>
-    /// Helpful constants for working with the authentication cookie compatibility shim.
-    /// </summary>
-    public static class DefaultCompatibilityConstants
-    {
-        /// <summary>
-        /// The default authentication type for application authentication cookies.
-        /// </summary>
-        public const string ApplicationCookieAuthenticationType = "Microsoft.AspNet.Identity.Application.AuthType";
-
-        /// <summary>
-        /// The default cookie name for application authentication cookies.
-        /// Used by <see cref="CookieAuthenticationOptions.CookieName"/>.
-        /// </summary>
-        public const string CookieName = ".AspNet.Microsoft.AspNet.Identity.Application";
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs
deleted file mode 100644
index b2437d9ad6..0000000000
--- a/src/Microsoft.Owin.Security.Cookies.Interop/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/project.json b/src/Microsoft.Owin.Security.Cookies.Interop/project.json
deleted file mode 100644
index 30053b01ee..0000000000
--- a/src/Microsoft.Owin.Security.Cookies.Interop/project.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "version": "1.0.0-*",
-    "compilationOptions": {
-        "warningsAsErrors": true,
-        "keyFile": "../../tools/Key.snk"
-    },
-    "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security.Cookies and Microsoft.AspNet.Authentication.Cookies.",
-    "dependencies": {
-    },
-    "frameworks": {
-        "net451": {
-            "dependencies": {
-                "Microsoft.AspNet.DataProtection.Extensions": "1.0.0-*",
-                "Microsoft.Owin.Security.Cookies": "3.0.1"
-            }
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketDataFormat.cs b/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
similarity index 78%
rename from src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketDataFormat.cs
rename to src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
index 48ded33091..f1a07c5bf7 100644
--- a/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketDataFormat.cs
+++ b/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
@@ -5,12 +5,12 @@ using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataHandler.Encoder;
 using Microsoft.Owin.Security.DataProtection;
 
-namespace Microsoft.Owin.Security.Cookies.Interop
+namespace Microsoft.Owin.Security.Interop
 {
     public class AspNetTicketDataFormat : SecureDataFormat<AuthenticationTicket>
     {
         public AspNetTicketDataFormat(IDataProtector protector)
-            : base(new AspNetTicketSerializer(), protector, TextEncodings.Base64Url)
+            : base(AspNetTicketSerializer.Default, protector, TextEncodings.Base64Url)
         {
         }
     }
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketSerializer.cs b/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
similarity index 98%
rename from src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketSerializer.cs
rename to src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
index 8727f7c46b..2bfc44fde9 100644
--- a/src/Microsoft.Owin.Security.Cookies.Interop/AspNetTicketSerializer.cs
+++ b/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
@@ -7,7 +7,7 @@ using System.Linq;
 using System.Security.Claims;
 using Microsoft.Owin.Security.DataHandler.Serializer;
 
-namespace Microsoft.Owin.Security.Cookies.Interop
+namespace Microsoft.Owin.Security.Interop
 {
     // This MUST be kept in sync with Microsoft.AspNet.Authentication.DataHandler.TicketSerializer
     public class AspNetTicketSerializer : IDataSerializer<AuthenticationTicket>
@@ -15,7 +15,7 @@ namespace Microsoft.Owin.Security.Cookies.Interop
         private const string DefaultStringPlaceholder = "\0";
         private const int FormatVersion = 5;
 
-        public static TicketSerializer Default { get; } = new TicketSerializer();
+        public static AspNetTicketSerializer Default { get; } = new AspNetTicketSerializer();
 
         public virtual byte[] Serialize(AuthenticationTicket ticket)
         {
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/DataProtectorShim.cs b/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
similarity index 84%
rename from src/Microsoft.Owin.Security.Cookies.Interop/DataProtectorShim.cs
rename to src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
index 0dab249aea..9dc7eedda9 100644
--- a/src/Microsoft.Owin.Security.Cookies.Interop/DataProtectorShim.cs
+++ b/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
@@ -3,13 +3,13 @@
 
 using Microsoft.AspNet.DataProtection;
 
-namespace Microsoft.Owin.Security.Cookies.Interop
+namespace Microsoft.Owin.Security.Interop
 {
     /// <summary>
     /// Converts an <see cref="IDataProtector"/> to an
     /// <see cref="Microsoft.Owin.Security.DataProtection.IDataProtector"/>.
     /// </summary>
-    internal sealed class DataProtectorShim : Microsoft.Owin.Security.DataProtection.IDataProtector
+    public sealed class DataProtectorShim : Microsoft.Owin.Security.DataProtection.IDataProtector
     {
         private readonly IDataProtector _protector;
 
diff --git a/src/Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
similarity index 70%
rename from src/Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj
rename to src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
index fd666b061d..bb58ad7121 100644
--- a/src/Microsoft.Owin.Security.Cookies.Interop/Microsoft.Owin.Security.Cookies.Interop.xproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
@@ -4,16 +4,17 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
+
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>21a56e78-31de-4868-9778-7e4dbe2a4e35</ProjectGuid>
-    <RootNamespace>Microsoft.Owin.Security.Cookies.Shareable</RootNamespace>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <ProjectGuid>a7922dd8-09f1-43e4-938b-cc523ea08898</ProjectGuid>
+    <RootNamespace>Microsoft.Owin.Security.Interop</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
 
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..4f0007e9c6
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
@@ -0,0 +1,23 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Microsoft.Owin.Security.Interop")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Microsoft.Owin.Security.Interop")]
+[assembly: AssemblyCopyright("Copyright ©  2016")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("a7922dd8-09f1-43e4-938b-cc523ea08898")]
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
new file mode 100644
index 0000000000..b3c352a874
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -0,0 +1,15 @@
+{
+    "version": "1.0.0-*",
+    "compilationOptions": {
+        "warningsAsErrors": true,
+        "keyFile": "../../tools/Key.snk"
+    },
+    "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNet.Authentication.",
+    "dependencies": {
+        "Microsoft.AspNet.DataProtection.Extensions": "1.0.0-*",
+        "Microsoft.Owin.Security": "3.0.1"
+    },
+    "frameworks": {
+        "net451": { }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
similarity index 63%
rename from test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
rename to test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index 71acba5978..9ef81bc7f5 100644
--- a/test/Microsoft.Owin.Security.Cookies.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -1,117 +1,48 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
-using Microsoft.AspNet.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
-using Microsoft.AspNet.Authentication;
 using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Hosting;
+using Microsoft.AspNet.Http;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Owin;
 using Microsoft.Owin.Security.Cookies;
-using Microsoft.Owin.Security.Cookies.Interop;
 using Microsoft.Owin.Testing;
 using Owin;
 using Xunit;
 
-namespace Microsoft.AspNet.CookiePolicy.Test
+namespace Microsoft.Owin.Security.Interop
 {
-    public class TicketInteropTests
+    public class CookiesInteropTests
     {
-        [Fact]
-        public void NewSerializerCanReadInteropTicket()
-        {
-            var identity = new ClaimsIdentity("scheme");
-            identity.AddClaim(new Claim("Test", "Value"));
-
-            var expires = DateTime.Today;
-            var issued = new DateTime(1979, 11, 11);
-            var properties = new Owin.Security.AuthenticationProperties();
-            properties.IsPersistent = true;
-            properties.RedirectUri = "/redirect";
-            properties.Dictionary["key"] = "value";
-            properties.ExpiresUtc = expires;
-            properties.IssuedUtc = issued;
-
-            var interopTicket = new Owin.Security.AuthenticationTicket(identity, properties);
-            var interopSerializer = new AspNetTicketSerializer();
-
-            var bytes = interopSerializer.Serialize(interopTicket);
-
-            var newSerializer = new TicketSerializer();
-            var newTicket = newSerializer.Deserialize(bytes);
-
-            Assert.NotNull(newTicket);
-            Assert.Equal(1, newTicket.Principal.Identities.Count());
-            var newIdentity = newTicket.Principal.Identity as ClaimsIdentity;
-            Assert.NotNull(newIdentity);
-            Assert.Equal("scheme", newIdentity.AuthenticationType);
-            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
-            Assert.NotNull(newTicket.Properties);
-            Assert.True(newTicket.Properties.IsPersistent);
-            Assert.Equal("/redirect", newTicket.Properties.RedirectUri);
-            Assert.Equal("value", newTicket.Properties.Items["key"]);
-            Assert.Equal(expires, newTicket.Properties.ExpiresUtc);
-            Assert.Equal(issued, newTicket.Properties.IssuedUtc);
-        }
-
-        [Fact]
-        public void InteropSerializerCanReadNewTicket()
-        {
-            var user = new ClaimsPrincipal();
-            var identity = new ClaimsIdentity("scheme");
-            identity.AddClaim(new Claim("Test", "Value"));
-            user.AddIdentity(identity);
-
-            var expires = DateTime.Today;
-            var issued = new DateTime(1979, 11, 11);
-            var properties = new Http.Authentication.AuthenticationProperties();
-            properties.IsPersistent = true;
-            properties.RedirectUri = "/redirect";
-            properties.Items["key"] = "value";
-            properties.ExpiresUtc = expires;
-            properties.IssuedUtc = issued;
-
-            var newTicket = new AuthenticationTicket(user, properties, "scheme");
-            var newSerializer = new TicketSerializer();
-
-            var bytes = newSerializer.Serialize(newTicket);
-
-            var interopSerializer = new AspNetTicketSerializer();
-            var interopTicket = interopSerializer.Deserialize(bytes);
-
-            Assert.NotNull(interopTicket);
-            var newIdentity = interopTicket.Identity;
-            Assert.NotNull(newIdentity);
-            Assert.Equal("scheme", newIdentity.AuthenticationType);
-            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
-            Assert.NotNull(interopTicket.Properties);
-            Assert.True(interopTicket.Properties.IsPersistent);
-            Assert.Equal("/redirect", interopTicket.Properties.RedirectUri);
-            Assert.Equal("value", interopTicket.Properties.Dictionary["key"]);
-            Assert.Equal(expires, interopTicket.Properties.ExpiresUtc);
-            Assert.Equal(issued, interopTicket.Properties.IssuedUtc);
-        }
-
         [Fact]
         public async Task AspNet5WithInteropCookieContainsIdentity()
         {
             var identity = new ClaimsIdentity("Cookies");
             identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
 
-            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
+                CookieAuthenticationDefaults.AuthenticationType, "v2");
+
             var interopServer = TestServer.Create(app =>
             {
                 app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
-                app.UseCookieAuthentication(new CookieAuthenticationOptions(), dataProtection);
+
+                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector))
+                });
+
                 app.Run(context =>
                 {
                     context.Authentication.SignIn(identity);
@@ -132,7 +63,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
                     });
                 })
                 .ConfigureServices(services => services.AddAuthentication());
-            var newServer = new TestHost.TestServer(builder);
+            var newServer = new AspNet.TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
             request.Headers.Add("Cookie", transaction.SetCookie.Split(new[] { ';' }, 2).First());
@@ -149,7 +80,11 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
             user.AddIdentity(identity);
 
-            var dataProtection = new DataProtection.DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
+                CookieAuthenticationDefaults.AuthenticationType, "v2");
+
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
@@ -157,14 +92,19 @@ namespace Microsoft.AspNet.CookiePolicy.Test
                     app.Run(context => context.Authentication.SignInAsync("Cookies", user));
                 })
                 .ConfigureServices(services => services.AddAuthentication());
-            var newServer = new TestHost.TestServer(builder);
+            var newServer = new AspNet.TestHost.TestServer(builder);
 
             var cookie = await SendAndGetCookie(newServer, "http://example.com/login");
 
             var server = TestServer.Create(app =>
             {
                 app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
-                app.UseCookieAuthentication(new CookieAuthenticationOptions(), dataProtection);
+
+                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector))
+                });
+
                 app.Run(async context =>
                 {
                     var result = await context.Authentication.AuthenticateAsync("Cookies");
@@ -177,7 +117,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
-        private static async Task<string> SendAndGetCookie(TestHost.TestServer server, string uri)
+        private static async Task<string> SendAndGetCookie(AspNet.TestHost.TestServer server, string uri)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
             var response = await server.CreateClient().SendAsync(request);
@@ -271,4 +211,3 @@ namespace Microsoft.AspNet.CookiePolicy.Test
     }
 }
 
-
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
similarity index 87%
rename from test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
rename to test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
index 3341cf4e6e..c3f5e576de 100644
--- a/test/Microsoft.Owin.Security.Cookies.Interop.Test/Microsoft.Owin.Security.Cookies.Interop.Test.xproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
@@ -6,8 +6,8 @@
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
-    <ProjectGuid>73e8e654-a2ac-4848-95f3-eb55512f6c39</ProjectGuid>
-    <RootNamespace>Microsoft.Owin.Security.Cookies.Interop.Test</RootNamespace>
+    <ProjectGuid>a2b5dc39-68d5-4145-a8cc-6aeab7d33a24</ProjectGuid>
+    <RootNamespace>Microsoft.Owin.Security.Interop.Test</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs b/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..10b3c4ae5f
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
@@ -0,0 +1,23 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Microsoft.Owin.Security.Interop.Test")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Microsoft.Owin.Security.Interop.Test")]
+[assembly: AssemblyCopyright("Copyright ©  2016")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("a2b5dc39-68d5-4145-a8cc-6aeab7d33a24")]
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
new file mode 100644
index 0000000000..7810805523
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
@@ -0,0 +1,91 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNet.Authentication;
+using Xunit;
+
+namespace Microsoft.Owin.Security.Interop.Test
+{
+    public class TicketInteropTests
+    {
+        [Fact]
+        public void NewSerializerCanReadInteropTicket()
+        {
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim("Test", "Value"));
+
+            var expires = DateTime.Today;
+            var issued = new DateTime(1979, 11, 11);
+            var properties = new Owin.Security.AuthenticationProperties();
+            properties.IsPersistent = true;
+            properties.RedirectUri = "/redirect";
+            properties.Dictionary["key"] = "value";
+            properties.ExpiresUtc = expires;
+            properties.IssuedUtc = issued;
+
+            var interopTicket = new Owin.Security.AuthenticationTicket(identity, properties);
+            var interopSerializer = new AspNetTicketSerializer();
+
+            var bytes = interopSerializer.Serialize(interopTicket);
+
+            var newSerializer = new TicketSerializer();
+            var newTicket = newSerializer.Deserialize(bytes);
+
+            Assert.NotNull(newTicket);
+            Assert.Equal(1, newTicket.Principal.Identities.Count());
+            var newIdentity = newTicket.Principal.Identity as ClaimsIdentity;
+            Assert.NotNull(newIdentity);
+            Assert.Equal("scheme", newIdentity.AuthenticationType);
+            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
+            Assert.NotNull(newTicket.Properties);
+            Assert.True(newTicket.Properties.IsPersistent);
+            Assert.Equal("/redirect", newTicket.Properties.RedirectUri);
+            Assert.Equal("value", newTicket.Properties.Items["key"]);
+            Assert.Equal(expires, newTicket.Properties.ExpiresUtc);
+            Assert.Equal(issued, newTicket.Properties.IssuedUtc);
+        }
+
+        [Fact]
+        public void InteropSerializerCanReadNewTicket()
+        {
+            var user = new ClaimsPrincipal();
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim("Test", "Value"));
+            user.AddIdentity(identity);
+
+            var expires = DateTime.Today;
+            var issued = new DateTime(1979, 11, 11);
+            var properties = new AspNet.Http.Authentication.AuthenticationProperties();
+            properties.IsPersistent = true;
+            properties.RedirectUri = "/redirect";
+            properties.Items["key"] = "value";
+            properties.ExpiresUtc = expires;
+            properties.IssuedUtc = issued;
+
+            var newTicket = new AspNet.Authentication.AuthenticationTicket(user, properties, "scheme");
+            var newSerializer = new TicketSerializer();
+
+            var bytes = newSerializer.Serialize(newTicket);
+
+            var interopSerializer = new AspNetTicketSerializer();
+            var interopTicket = interopSerializer.Deserialize(bytes);
+
+            Assert.NotNull(interopTicket);
+            var newIdentity = interopTicket.Identity;
+            Assert.NotNull(newIdentity);
+            Assert.Equal("scheme", newIdentity.AuthenticationType);
+            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
+            Assert.NotNull(interopTicket.Properties);
+            Assert.True(interopTicket.Properties.IsPersistent);
+            Assert.Equal("/redirect", interopTicket.Properties.RedirectUri);
+            Assert.Equal("value", interopTicket.Properties.Dictionary["key"]);
+            Assert.Equal(expires, interopTicket.Properties.ExpiresUtc);
+            Assert.Equal(issued, interopTicket.Properties.IssuedUtc);
+        }
+    }
+}
+
+
diff --git a/test/Microsoft.Owin.Security.Cookies.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
similarity index 78%
rename from test/Microsoft.Owin.Security.Cookies.Interop.Test/project.json
rename to test/Microsoft.Owin.Security.Interop.Test/project.json
index c206ad20eb..585c87aa16 100644
--- a/test/Microsoft.Owin.Security.Cookies.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -1,11 +1,12 @@
-{
+{
   "compilationOptions": {
     "warningsAsErrors": true
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
-    "Microsoft.Owin.Security.Cookies.Interop": "1.0.0-*",
+    "Microsoft.Owin.Security.Cookies": "3.0.1",
+    "Microsoft.Owin.Security.Interop": "1.0.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
     "xunit.runner.aspnet": "2.0.0-aspnet-*"
   },

From 139070df59b53014f81120c11e1caadb5850c0db Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 8 Jan 2016 14:25:50 -0800
Subject: [PATCH 441/900] Fix AssemblyInfo for Security.Interop.

---
 .../Properties/AssemblyInfo.cs                | 25 ++++++-------------
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs b/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
index 10b3c4ae5f..0675f8c9a1 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
@@ -1,23 +1,12 @@
-using System.Reflection;
-using System.Runtime.CompilerServices;
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+using System.Resources;
 using System.Runtime.InteropServices;
 
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Microsoft.Owin.Security.Interop.Test")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Microsoft.Owin.Security.Interop.Test")]
-[assembly: AssemblyCopyright("Copyright ©  2016")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
 
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 [assembly: Guid("a2b5dc39-68d5-4145-a8cc-6aeab7d33a24")]

From 990e412326fd68e7add4e7909a43e27444e12ad4 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 8 Jan 2016 14:47:40 -0800
Subject: [PATCH 442/900] Actually fix the AssemblyInfo

---
 .../Properties/AssemblyInfo.cs                | 25 ++++++-------------
 .../Properties/AssemblyInfo.cs                | 12 ---------
 2 files changed, 7 insertions(+), 30 deletions(-)
 delete mode 100644 test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs

diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
index 4f0007e9c6..c0526726a4 100644
--- a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
@@ -1,23 +1,12 @@
-using System.Reflection;
-using System.Runtime.CompilerServices;
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Reflection;
+using System.Resources;
 using System.Runtime.InteropServices;
 
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Microsoft.Owin.Security.Interop")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Microsoft.Owin.Security.Interop")]
-[assembly: AssemblyCopyright("Copyright ©  2016")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
+[assembly: AssemblyMetadata("Serviceable", "True")]
+[assembly: NeutralResourcesLanguage("en-us")]
 
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 [assembly: Guid("a7922dd8-09f1-43e4-938b-cc523ea08898")]
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs b/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
deleted file mode 100644
index 0675f8c9a1..0000000000
--- a/test/Microsoft.Owin.Security.Interop.Test/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-using System.Runtime.InteropServices;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("a2b5dc39-68d5-4145-a8cc-6aeab7d33a24")]

From 417ca6cbe3ddf914b37b0a6b5c16a9d2e48215be Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Wed, 6 Jan 2016 13:58:30 -0800
Subject: [PATCH 443/900] Updating to new options pattern

---
 samples/CookieSample/Startup.cs               |   4 +-
 samples/CookieSessionSample/Startup.cs        |   6 +-
 samples/JwtBearerSample/Startup.cs            |  10 +-
 samples/OpenIdConnectSample/Startup.cs        |  16 +-
 samples/SocialSample/Startup.cs               | 134 ++++----
 .../CookieAppBuilderExtensions.cs             |  30 +-
 .../CookieAuthenticationHandler.cs            |   1 +
 .../CookieAuthenticationMiddleware.cs         |  24 +-
 .../CookieAuthenticationOptions.cs            |   4 +-
 .../Events/BaseCookieContext.cs               |   3 +-
 .../Events/CookieRedirectContext.cs           |   1 +
 .../Events/CookieSignedInContext.cs           |   1 +
 .../Events/CookieSigningInContext.cs          |   1 +
 .../Events/CookieSigningOutContext.cs         |   1 +
 .../Events/CookieValidatePrincipalContext.cs  |   1 +
 .../project.json                              |   1 +
 .../FacebookAppBuilderExtensions.cs           |  15 +-
 .../FacebookHandler.cs                        |   1 +
 .../FacebookMiddleware.cs                     |   3 +-
 .../FacebookOptions.cs                        |   4 +-
 .../GoogleAppBuilderExtensions.cs             |  15 +-
 .../GoogleHandler.cs                          |   3 +-
 .../GoogleMiddleware.cs                       |   3 +-
 .../GoogleOptions.cs                          |   4 +-
 .../Events/AuthenticationFailedContext.cs     |   1 +
 .../Events/BaseJwtBearerContext.cs            |   1 +
 .../Events/JwtBearerChallengeContext.cs       |   1 +
 .../Events/ReceivedTokenContext.cs            |   1 +
 .../Events/ReceivingTokenContext.cs           |   1 +
 .../Events/TokenValidatedContext.cs           |   1 +
 .../JwtBearerAppBuilderExtensions.cs          |  15 +-
 .../JwtBearerHandler.cs                       |   1 +
 .../JwtBearerMiddleware.cs                    |   4 +-
 .../JwtBearerOptions.cs                       |   4 +-
 .../MicrosoftAccountAppBuilderExtensions.cs   |  15 +-
 .../MicrosoftAccountHandler.cs                |   1 +
 .../MicrosoftAccountMiddleware.cs             |   3 +-
 .../MicrosoftAccountOptions.cs                |   4 +-
 .../Events/OAuthCreatingTicketContext.cs      |   2 +-
 .../OAuthRedirectToAuthorizationContext.cs    |   1 +
 .../OAuthAppBuilderExtensions.cs              |  15 +-
 .../OAuthHandler.cs                           |   1 +
 .../OAuthMiddleware.cs                        |   3 +-
 .../OAuthOptions.cs                           |   4 +-
 .../Events/AuthenticationFailedContext.cs     |   2 +-
 .../Events/AuthenticationValidatedContext.cs  |   1 +
 .../AuthorizationCodeReceivedContext.cs       |   1 +
 .../AuthorizationResponseReceivedContext.cs   |   2 +-
 .../Events/BaseOpenIdConnectContext.cs        |   1 +
 .../Events/MessageReceivedContext.cs          |   2 +-
 .../Events/RedirectContext.cs                 |   2 +-
 .../Events/TokenResponseReceivedContext.cs    |   6 +-
 .../Events/UserInformationReceivedContext.cs  |   2 +-
 .../OpenIdConnectAppBuilderExtensions.cs      |  15 +-
 .../OpenIdConnectHandler.cs                   |   1 +
 .../OpenIdConnectMiddleware.cs                |   3 +-
 .../OpenIdConnectOptions.cs                   |   4 +-
 .../Events/BaseTwitterContext.cs              |   1 +
 .../Events/TwitterCreatingTicketContext.cs    |   1 +
 ...rRedirectToAuthorizationEndpointContext.cs |   1 +
 .../TwitterAppBuilderExtensions.cs            |  15 +-
 .../TwitterHandler.cs                         |   1 +
 .../TwitterMiddleware.cs                      |   3 +-
 .../TwitterOptions.cs                         |   5 +-
 .../AuthenticationHandler.cs                  |   1 +
 .../AuthenticationMiddleware.cs               |   6 +-
 .../AuthenticationOptions.cs                  |   2 +-
 ...laimsTransformationAppBuilderExtensions.cs |  47 ++-
 .../ClaimsTransformationMiddleware.cs         |   6 +-
 .../ClaimsTransformationOptions.cs            |   4 +-
 .../Events/TicketReceivedContext.cs           |   1 +
 .../RemoteAuthenticationHandler.cs            |   1 +
 .../RemoteAuthenticationOptions.cs            |   4 +-
 ...uthorizationServiceCollectionExtensions.cs |   3 +-
 .../CookiePolicyAppBuilderExtensions.cs       |  15 +-
 .../CookiePolicyMiddleware.cs                 |   7 +-
 .../CookiePolicyOptions.cs                    |   3 +-
 .../project.json                              |   3 +-
 .../AuthenticationHandlerFacts.cs             |   1 +
 .../Cookies/CookieMiddlewareTests.cs          | 311 ++++++++++--------
 .../Facebook/FacebookMiddlewareTests.cs       |  57 ++--
 .../Google/GoogleMiddlewareTests.cs           | 265 +++++++--------
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 160 +++++----
 .../MicrosoftAccountMiddlewareTests.cs        |  72 ++--
 .../OpenIdConnectHandlerTests.cs              |  23 +-
 ...ConnectMiddlewareForTestingAuthenticate.cs |   3 +-
 .../OpenIdConnectMiddlewareTests.cs           | 128 ++++---
 .../Twitter/TwitterMiddlewareTests.cs         |  62 ++--
 .../DefaultAuthorizationServiceTests.cs       |   1 +
 .../CookiePolicyTests.cs                      |  44 ++-
 .../CookieInteropTests.cs                     |  14 +-
 91 files changed, 838 insertions(+), 840 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index dca9105128..b3327ac81c 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -20,9 +20,9 @@ namespace CookieSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication(options =>
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
             {
-                options.AutomaticAuthenticate = true;
+                AutomaticAuthenticate = true
             });
 
             app.Run(async context =>
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index bf7200ca6a..6160f56b95 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -21,10 +21,10 @@ namespace CookieSessionSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication(options =>
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
             {
-                options.AutomaticAuthenticate = true;
-                options.SessionStore = new MemoryCacheTicketStore();
+                AutomaticAuthenticate = true,
+                SessionStore = new MemoryCacheTicketStore()
             });
 
             app.Run(async context =>
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 88032b8e69..db91629bcf 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -59,13 +59,13 @@ namespace JwtBearerSample
             app.UseDefaultFiles();
             app.UseStaticFiles();
 
-            app.UseJwtBearerAuthentication(options =>
+            app.UseJwtBearerAuthentication(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-                options.AutomaticChallenge = true;
+                AutomaticAuthenticate = true,
+                AutomaticChallenge = true,
                 // You also need to update /wwwroot/app/scripts/app.js
-                options.Authority = Configuration["jwt:authority"];
-                options.Audience = Configuration["jwt:audience"];
+                Authority = Configuration["jwt:authority"],
+                Audience = Configuration["jwt:audience"]
             });
 
             // [Authorize] would usually handle this
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 67a979ea91..bf4a4bc759 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -35,18 +35,18 @@ namespace OpenIdConnectSample
 
             app.UseIISPlatformHandler();
 
-            app.UseCookieAuthentication(options =>
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
             {
-                options.AutomaticAuthenticate = true;
+                AutomaticAuthenticate = true
             });
 
-            app.UseOpenIdConnectAuthentication(options =>
+            app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
             {
-                options.ClientId = Configuration["oidc:clientid"];
-                options.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
-                options.Authority = Configuration["oidc:authority"];
-                options.ResponseType = OpenIdConnectResponseTypes.Code;
-                options.GetClaimsFromUserInfoEndpoint = true;
+                ClientId = Configuration["oidc:clientid"],
+                ClientSecret = Configuration["oidc:clientsecret"], // for code flow
+                Authority = Configuration["oidc:authority"],
+                ResponseType = OpenIdConnectResponseTypes.Code,
+                GetClaimsFromUserInfoEndpoint = true
             });
 
             app.Run(async context =>
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index f1bc5b335f..65067ada8e 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -63,47 +63,44 @@ namespace CookieSample
                 }
             });
 
-            app.UseCookieAuthentication(options =>
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
             {
-                options.AutomaticAuthenticate = true;
-                options.AutomaticChallenge = true;
-                options.LoginPath = new PathString("/login");
+                AutomaticAuthenticate = true,
+                AutomaticChallenge = true,
+                LoginPath = new PathString("/login")
             });
 
             // You must first create an app with facebook and add it's ID and Secret to your config.json or user-secrets.
             // https://developers.facebook.com/apps/
-            app.UseFacebookAuthentication(options =>
+            app.UseFacebookAuthentication(new FacebookOptions
             {
-                options.AppId = Configuration["facebook:appid"];
-                options.AppSecret = Configuration["facebook:appsecret"];
-                options.Scope.Add("email");
-                options.Fields.Add("name");
-                options.Fields.Add("email");
+                AppId = Configuration["facebook:appid"],
+                AppSecret = Configuration["facebook:appsecret"],
+                Scope = { "email" },
+                Fields = { "name", "email" }
             });
 
             // See config.json
-            app.UseOAuthAuthentication(options =>
+            app.UseOAuthAuthentication(new OAuthOptions
             {
-                options.AuthenticationScheme = "Google-AccessToken";
-                options.DisplayName = "Google-AccessToken";
-                options.ClientId = Configuration["google:clientid"];
-                options.ClientSecret = Configuration["google:clientsecret"];
-                options.CallbackPath = new PathString("/signin-google-token");
-                options.AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
-                options.TokenEndpoint = GoogleDefaults.TokenEndpoint;
-                options.Scope.Add("openid");
-                options.Scope.Add("profile");
-                options.Scope.Add("email");
-                options.SaveTokensAsClaims = true;
+                AuthenticationScheme = "Google-AccessToken",
+                DisplayName = "Google-AccessToken",
+                ClientId = Configuration["google:clientid"],
+                ClientSecret = Configuration["google:clientsecret"],
+                CallbackPath = new PathString("/signin-google-token"),
+                AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint,
+                TokenEndpoint = GoogleDefaults.TokenEndpoint,
+                Scope = { "openid", "profile", "email" },
+                SaveTokensAsClaims = true
             });
 
             // See config.json
             // https://console.developers.google.com/project
-            app.UseGoogleAuthentication(options =>
+            app.UseGoogleAuthentication(new GoogleOptions
             {
-                options.ClientId = Configuration["google:clientid"];
-                options.ClientSecret = Configuration["google:clientsecret"];
-                options.Events = new OAuthEvents()
+                ClientId = Configuration["google:clientid"],
+                ClientSecret = Configuration["google:clientsecret"],
+                Events = new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
 
@@ -112,17 +109,16 @@ namespace CookieSample
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                };
-
+                }
             });
 
             // See config.json
             // https://apps.twitter.com/
-            app.UseTwitterAuthentication(options =>
+            app.UseTwitterAuthentication(new TwitterOptions
             {
-                options.ConsumerKey = Configuration["twitter:consumerkey"];
-                options.ConsumerSecret = Configuration["twitter:consumersecret"];
-                options.Events = new TwitterEvents()
+                ConsumerKey = Configuration["twitter:consumerkey"],
+                ConsumerSecret = Configuration["twitter:consumersecret"],
+                Events = new TwitterEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -130,7 +126,7 @@ namespace CookieSample
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                };
+                }
             });
 
             // You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
@@ -151,56 +147,56 @@ namespace CookieSample
             The sample app can then be run via:
              dnx . web
             */
-            app.UseOAuthAuthentication(options => 
+            app.UseOAuthAuthentication(new OAuthOptions
             {
-                options.AuthenticationScheme = "Microsoft-AccessToken";
-                options.DisplayName = "MicrosoftAccount-AccessToken - Requires project changes";
-                options.ClientId = Configuration["msa:clientid"];
-                options.ClientSecret = Configuration["msa:clientsecret"];
-                options.CallbackPath = new PathString("/signin-microsoft-token");
-                options.AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
-                options.TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
-                options.Scope.Add("wl.basic");
-                options.SaveTokensAsClaims = true;
+                AuthenticationScheme = "Microsoft-AccessToken",
+                DisplayName = "MicrosoftAccount-AccessToken - Requires project changes",
+                ClientId = Configuration["msa:clientid"],
+                ClientSecret = Configuration["msa:clientsecret"],
+                CallbackPath = new PathString("/signin-microsoft-token"),
+                AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
+                TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
+                Scope = { "wl.basic" },
+                SaveTokensAsClaims = true
             });
 
             //// You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
-            app.UseMicrosoftAccountAuthentication(options =>
+            app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
             {
-                options.DisplayName = "MicrosoftAccount - Requires project changes";
-                options.ClientId = Configuration["msa:clientid"];
-                options.ClientSecret = Configuration["msa:clientsecret"];
-                options.Scope.Add("wl.emails");
+                DisplayName = "MicrosoftAccount - Requires project changes",
+                ClientId = Configuration["msa:clientid"],
+                ClientSecret = Configuration["msa:clientsecret"],
+                Scope = { "wl.emails" }
             });
 
             // See config.json
             // https://github.com/settings/applications/
-            app.UseOAuthAuthentication(options =>
+            app.UseOAuthAuthentication(new OAuthOptions
             {
-                options.AuthenticationScheme = "GitHub-AccessToken";
-                options.DisplayName = "Github-AccessToken";
-                options.ClientId = Configuration["github-token:clientid"];
-                options.ClientSecret = Configuration["github-token:clientsecret"];
-                options.CallbackPath = new PathString("/signin-github-token");
-                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
-                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
-                options.SaveTokensAsClaims = true;
+                AuthenticationScheme = "GitHub-AccessToken",
+                DisplayName = "Github-AccessToken",
+                ClientId = Configuration["github-token:clientid"],
+                ClientSecret = Configuration["github-token:clientsecret"],
+                CallbackPath = new PathString("/signin-github-token"),
+                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
+                TokenEndpoint = "https://github.com/login/oauth/access_token",
+                SaveTokensAsClaims = true
             });
 
             // See config.json
-            app.UseOAuthAuthentication(options =>
+            app.UseOAuthAuthentication(new OAuthOptions
             {
-                options.AuthenticationScheme = "GitHub";
-                options.DisplayName = "Github";
-                options.ClientId = Configuration["github:clientid"];
-                options.ClientSecret = Configuration["github:clientsecret"];
-                options.CallbackPath = new PathString("/signin-github");
-                options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
-                options.TokenEndpoint = "https://github.com/login/oauth/access_token";
-                options.UserInformationEndpoint = "https://api.github.com/user";
-                options.ClaimsIssuer = "OAuth2-Github";
+                AuthenticationScheme = "GitHub",
+                DisplayName = "Github",
+                ClientId = Configuration["github:clientid"],
+                ClientSecret = Configuration["github:clientsecret"],
+                CallbackPath = new PathString("/signin-github"),
+                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
+                TokenEndpoint = "https://github.com/login/oauth/access_token",
+                UserInformationEndpoint = "https://api.github.com/user",
+                ClaimsIssuer = "OAuth2-Github",
                 // Retrieving user information is unique to each provider.
-                options.Events = new OAuthEvents
+                Events = new OAuthEvents
                 {
                     OnCreatingTicket = async context =>
                     {
@@ -246,7 +242,7 @@ namespace CookieSample
                                 ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                     }
-                };
+                }
             });
 
             // Choose an authentication type
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
index f990df58aa..8582648877 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -22,31 +23,8 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
-
-            return app.UseCookieAuthentication(options => { });
-        }
-
-        /// <summary>
-        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="CookieAuthenticationOptions"/>.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
-
-            var options = new CookieAuthenticationOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
+            
+            return app.UseMiddleware<CookieAuthenticationMiddleware>();
         }
 
         /// <summary>
@@ -66,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<CookieAuthenticationMiddleware>(options);
+            return app.UseMiddleware<CookieAuthenticationMiddleware>(Options.Create(options));
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
index 82a47ecaeb..040539d4d9 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -6,6 +6,7 @@ using System;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features;
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index 9ec4064843..c15b10d345 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -3,9 +3,11 @@
 
 using System;
 using System.Text.Encodings.Web;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
@@ -16,34 +18,14 @@ namespace Microsoft.AspNet.Authentication.Cookies
             IDataProtectionProvider dataProtectionProvider,
             ILoggerFactory loggerFactory,
             UrlEncoder urlEncoder,
-            CookieAuthenticationOptions options)
+            IOptions<CookieAuthenticationOptions> options)
             : base(next, options, loggerFactory, urlEncoder)
         {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
             if (dataProtectionProvider == null)
             {
                 throw new ArgumentNullException(nameof(dataProtectionProvider));
             }
 
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (urlEncoder == null)
-            {
-                throw new ArgumentNullException(nameof(urlEncoder));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
             if (Options.Events == null)
             {
                 Options.Events = new CookieAuthenticationEvents();
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
index 830b559c96..075353887f 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,11 +4,13 @@
 using System;
 using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Contains the options used by the CookiesAuthenticationMiddleware
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs
index 6a437551fe..d3e9127eed 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs
@@ -2,9 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Claims;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
 
 namespace Microsoft.AspNet.Authentication.Cookies
 {
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
index 437e8927e1..4f0266b855 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Diagnostics.CodeAnalysis;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
index 17f5090cda..2412722c08 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
index fa441b4b0e..709549d0aa 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
index a510dbcb59..2de962ef4e 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index af06533855..435499bf57 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Security.Claims;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNet.Authentication.Cookies/project.json
index b9b1d5d308..8a6fdac7be 100644
--- a/src/Microsoft.AspNet.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNet.Authentication.Cookies/project.json
@@ -11,6 +11,7 @@
   },
   "dependencies": {
     "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.Extensions.Options": "1.0.0-*",
     "Microsoft.Extensions.WebEncoders": "1.0.0-*",
     "Newtonsoft.Json": "6.0.6"
   },
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index f649790a1a..19ff8fa67e 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Facebook;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,23 +16,15 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="FacebookOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, Action<FacebookOptions> configureOptions)
+        public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new FacebookOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<FacebookMiddleware>(options);
+            return app.UseMiddleware<FacebookMiddleware>();
         }
 
         /// <summary>
@@ -51,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<FacebookMiddleware>(options);
+            return app.UseMiddleware<FacebookMiddleware>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
index 44bc1468ee..7c74b253f3 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
@@ -8,6 +8,7 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.WebUtilities;
 using Newtonsoft.Json.Linq;
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
index 441145681d..f6d04171a9 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
@@ -5,6 +5,7 @@ using System;
 using System.Globalization;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
@@ -33,7 +34,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
             ILoggerFactory loggerFactory,
             UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            FacebookOptions options)
+            IOptions<FacebookOptions> options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
             if (next == null)
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
index b6ceb5f0f0..25e02cf778 100644
--- a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
-using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Authentication.Facebook;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Facebook
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="FacebookMiddleware"/>.
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
index 34f65b112e..e380ebf475 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Google;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,23 +16,15 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="GoogleOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, Action<GoogleOptions> configureOptions)
+        public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new GoogleOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<GoogleMiddleware>(options);
+            return app.UseMiddleware<GoogleMiddleware>();
         }
 
         /// <summary>
@@ -51,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<GoogleMiddleware>(options);
+            return app.UseMiddleware<GoogleMiddleware>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
index e4b50132ad..675e424422 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
@@ -7,8 +7,9 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.WebUtilities;
 using Newtonsoft.Json.Linq;
 
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
index 55d2b0ed13..72ec3dee98 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
@@ -5,6 +5,7 @@ using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
@@ -34,7 +35,7 @@ namespace Microsoft.AspNet.Authentication.Google
             ILoggerFactory loggerFactory,
             UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            GoogleOptions options)
+            IOptions<GoogleOptions> options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
             if (next == null)
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
index 2c00278c78..eb1f0c3f1b 100644
--- a/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Authentication.Google;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Google
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="GoogleMiddleware"/>.
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index f8848d210d..02898af9c9 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
index 91dd8cea22..50ed9ffc5f 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index ae6b9d4c69..403e8ab7fd 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
index 0aadaf2a99..a0c7a98c29 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
index b0d824f3f7..16ee6c1cee 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index 9ae2fa68aa..1f6e24e922 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.JwtBearer
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index da36d17f08..bea74d7412 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.JwtBearer;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -21,23 +22,15 @@ namespace Microsoft.AspNet.Builder
         /// See also http://tools.ietf.org/html/rfc6749
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="JwtBearerOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
+        public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new JwtBearerOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<JwtBearerMiddleware>(options);
+            return app.UseMiddleware<JwtBearerMiddleware>();
         }
 
         /// <summary>
@@ -63,7 +56,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<JwtBearerMiddleware>(options);
+            return app.UseMiddleware<JwtBearerMiddleware>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
index 08640019c9..be6e83c036 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -6,6 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
index ad518b9667..7102cb61af 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -4,8 +4,10 @@
 using System;
 using System.Net.Http;
 using System.Text.Encodings.Web;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -27,7 +29,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             RequestDelegate next,
             ILoggerFactory loggerFactory,
             UrlEncoder encoder,
-            JwtBearerOptions options)
+            IOptions<JwtBearerOptions> options)
             : base(next, options, loggerFactory, encoder)
         {
             if (next == null)
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
index ad2160c06a..b028d0b5e8 100644
--- a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -6,11 +6,13 @@ using System.Collections.Generic;
 using System.ComponentModel;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 4066fa4ed7..1986227da3 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,23 +16,15 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="MicrosoftAccountOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, Action<MicrosoftAccountOptions> configureOptions)
+        public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new MicrosoftAccountOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
+            return app.UseMiddleware<MicrosoftAccountMiddleware>();
         }
 
         /// <summary>
@@ -51,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<MicrosoftAccountMiddleware>(options);
+            return app.UseMiddleware<MicrosoftAccountMiddleware>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 35dcc92239..f28c7ffc7f 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -6,6 +6,7 @@ using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http.Authentication;
 using Newtonsoft.Json.Linq;
 
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index c398b9279e..5f0e36bb45 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
@@ -32,7 +33,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
             ILoggerFactory loggerFactory,
             UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            MicrosoftAccountOptions options)
+            IOptions<MicrosoftAccountOptions> options)
             : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
         {
             if (next == null)
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 3339cf4ccd..392df69bf7 100644
--- a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNet.Authentication.MicrosoftAccount;
 
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="MicrosoftAccountMiddleware"/>.
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index 835bb2e3ae..c2b35349ee 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -5,8 +5,8 @@ using System;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OAuth
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
index 7cc85f11a1..8e3599605f 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index 5599407ca3..8d71400bae 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,23 +16,15 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="OAuthMiddleware{TOptions}"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OAuth 2.0 authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="OAuthOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, Action<OAuthOptions> configureOptions)
+        public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new OAuthOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(options);
+            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>();
         }
 
         /// <summary>
@@ -51,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(options);
+            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
index 6f197d86bc..632932a3fb 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
@@ -9,6 +9,7 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Extensions;
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
index ea145fa6de..72d34cbf78 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
@@ -6,6 +6,7 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
@@ -32,7 +33,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
             ILoggerFactory loggerFactory,
             UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            TOptions options)
+            IOptions<TOptions> options)
             : base(next, options, loggerFactory, encoder)
         {
             if (next == null)
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
index a79c546725..d53e0a8bcd 100644
--- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
@@ -2,9 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="OAuthMiddleware"/>.
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
index 6c8edb9f41..a120c24026 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
index f9998b83e7..2469ef5c86 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 59f4d49115..f43be81981 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -3,6 +3,7 @@
 
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
index 8e8b86a13a..e0c74c8db5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
index 76d63e27b1..e207c836a5 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index 6439257cba..cb42c0f9bc 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -1,8 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
index fa1ef30d08..a87c3398ed 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
 {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index e9522f70d8..0e12bc2914 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -1,4 +1,8 @@
-using Microsoft.AspNet.Http;
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
index fa0bc92773..80935354af 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
@@ -1,8 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNet.Authentication.OpenIdConnect
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index 329820417c..63cfe5009a 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,23 +16,15 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="OpenIdConnectOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action<OpenIdConnectOptions> configureOptions)
+        public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new OpenIdConnectOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<OpenIdConnectMiddleware>(options);
+            return app.UseMiddleware<OpenIdConnectMiddleware>();
         }
 
         /// <summary>
@@ -51,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<OpenIdConnectMiddleware>(options);
+            return app.UseMiddleware<OpenIdConnectMiddleware>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 2d157e48c3..12d61e334b 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -13,6 +13,7 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index a6f9971705..5dcd74d3c1 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -6,6 +6,7 @@ using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Text;
 using System.Text.Encodings.Web;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
@@ -38,7 +39,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             UrlEncoder encoder,
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            OpenIdConnectOptions options,
+            IOptions<OpenIdConnectOptions> options,
             HtmlEncoder htmlEncoder)
             : base(next, options, loggerFactory, encoder)
         {
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 06b7442de0..af7a621de0 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -5,13 +5,15 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="OpenIdConnectOptions"/>
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs
index 5a2f337581..d928fdcc71 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 
 namespace Microsoft.AspNet.Authentication.Twitter
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index d727eeb152..d5537ef95c 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
index 455f522029..5569e82735 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 1701122b0a..6303707521 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.Authentication.Twitter;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,23 +16,15 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="TwitterMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Twitter authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="TwitterOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, Action<TwitterOptions> configureOptions)
+        public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new TwitterOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<TwitterMiddleware>(options);
+            return app.UseMiddleware<TwitterMiddleware>();
         }
 
         /// <summary>
@@ -51,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<TwitterMiddleware>(options);
+            return app.UseMiddleware<TwitterMiddleware>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
index 0552ed2d76..3de3b37fdf 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
@@ -9,6 +9,7 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
index e1a1c17211..6b708a3a73 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
@@ -6,6 +6,7 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
@@ -37,7 +38,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
             ILoggerFactory loggerFactory,
             UrlEncoder encoder,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            TwitterOptions options)
+            IOptions<TwitterOptions> options)
             : base(next, options, loggerFactory, encoder)
         {
             if (next == null)
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
index 85e266326a..19a3ca78aa 100644
--- a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
@@ -2,10 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Net.Http;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Twitter;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Options for the Twitter authentication middleware.
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
index c45fdfa7e6..f68bddaf89 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features.Authentication;
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
index ef7cb5056d..08e325bc0b 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
@@ -4,8 +4,10 @@
 using System;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -15,7 +17,7 @@ namespace Microsoft.AspNet.Authentication
 
         protected AuthenticationMiddleware(
             RequestDelegate next,
-            TOptions options,
+            IOptions<TOptions> options,
             ILoggerFactory loggerFactory,
             UrlEncoder encoder)
         {
@@ -39,7 +41,7 @@ namespace Microsoft.AspNet.Authentication
                 throw new ArgumentNullException(nameof(encoder));
             }
 
-            Options = options;
+            Options = options.Value;
             Logger = loggerFactory.CreateLogger(this.GetType().FullName);
             UrlEncoder = encoder;
 
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
index 7583642443..5f8e562935 100644
--- a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
@@ -3,7 +3,7 @@
 
 using Microsoft.AspNet.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Builder
 {
     /// <summary>
     /// Base Options for all authentication middleware
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index 21f80419f7..7dfa482174 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -5,6 +5,7 @@ using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -13,6 +14,21 @@ namespace Microsoft.AspNet.Builder
     /// </summary>
     public static class ClaimsTransformationAppBuilderExtensions
     {
+        /// <summary>
+        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+
+            return app.UseMiddleware<ClaimsTransformationMiddleware>();
+        }
+
         /// <summary>
         /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
         /// </summary>
@@ -30,35 +46,12 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(transform));
             }
 
-            return app.UseClaimsTransformation(options => 
+            return app.UseClaimsTransformation(new ClaimsTransformationOptions 
             {
-                options.Transformer = new ClaimsTransformer { OnTransform = transform };
+                Transformer = new ClaimsTransformer { OnTransform = transform }
             });
         }
-
-        /// <summary>
-        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="ClaimsTransformationOptions"/>.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Action<ClaimsTransformationOptions> configureOptions)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
-
-            var options = new ClaimsTransformationOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
-        }
-
+        
         /// <summary>
         /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
         /// </summary>
@@ -76,7 +69,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<ClaimsTransformationMiddleware>(options);
+            return app.UseMiddleware<ClaimsTransformationMiddleware>(Options.Create(options));
         }
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
index c84777cd81..f490af4a4f 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
@@ -3,7 +3,9 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Authentication
 {
@@ -13,7 +15,7 @@ namespace Microsoft.AspNet.Authentication
 
         public ClaimsTransformationMiddleware(
             RequestDelegate next,
-            ClaimsTransformationOptions options)
+            IOptions<ClaimsTransformationOptions> options)
         {
             if (next == null)
             {
@@ -25,7 +27,7 @@ namespace Microsoft.AspNet.Authentication
                 throw new ArgumentNullException(nameof(options));
             }
 
-            Options = options;
+            Options = options.Value;
             _next = next;
         }
 
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
index 19475ba023..e1ca6b9004 100644
--- a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
@@ -1,7 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication
+using Microsoft.AspNet.Authentication;
+
+namespace Microsoft.AspNet.Builder
 {
     public class ClaimsTransformationOptions
     {
diff --git a/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
index 28f6649fee..0663248cf1 100644
--- a/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
+++ b/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
index dda9063697..cc1487d55d 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
index 5fb3b4caf6..afaee6c7b1 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
@@ -3,10 +3,10 @@
 
 using System;
 using System.Net.Http;
-using System.Threading.Tasks;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNet.Builder
 {
     public class RemoteAuthenticationOptions : AuthenticationOptions
     {
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
index dff8bf6fcd..599a8fb27c 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -24,8 +24,7 @@ namespace Microsoft.Extensions.DependencyInjection
             {
                 throw new ArgumentNullException(nameof(services));
             }
-
-            services.AddOptions();
+            
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             return services;
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
index 95d52e55f0..02cbd22f96 100644
--- a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNet.CookiePolicy;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -15,23 +16,15 @@ namespace Microsoft.AspNet.Builder
         /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="CookiePolicyOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, Action<CookiePolicyOptions> configureOptions)
+        public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app)
         {
             if (app == null)
             {
                 throw new ArgumentNullException(nameof(app));
             }
-            if (configureOptions == null)
-            {
-                throw new ArgumentNullException(nameof(configureOptions));
-            }
 
-            var options = new CookiePolicyOptions();
-            configureOptions(options);
-
-            return app.UseMiddleware<CookiePolicyMiddleware>(options);
+            return app.UseMiddleware<CookiePolicyMiddleware>();
         }
 
         /// <summary>
@@ -51,7 +44,7 @@ namespace Microsoft.AspNet.Builder
                 throw new ArgumentNullException(nameof(options));
             }
 
-            return app.UseMiddleware<CookiePolicyMiddleware>(options);
+            return app.UseMiddleware<CookiePolicyMiddleware>(Options.Create(options));
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
index 5c49b9e180..2fb299d165 100644
--- a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
@@ -3,9 +3,10 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Features;
 using Microsoft.AspNet.Http.Features.Internal;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNet.CookiePolicy
 {
@@ -15,9 +16,9 @@ namespace Microsoft.AspNet.CookiePolicy
 
         public CookiePolicyMiddleware(
             RequestDelegate next,
-            CookiePolicyOptions options)
+            IOptions<CookiePolicyOptions> options)
         {
-            Options = options;
+            Options = options.Value;
             _next = next;
         }
 
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs
index ce5a866980..ffc2fa7b74 100644
--- a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs
@@ -2,8 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.CookiePolicy;
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNet.Builder
 {
     public class CookiePolicyOptions
     {
diff --git a/src/Microsoft.AspNet.CookiePolicy/project.json b/src/Microsoft.AspNet.CookiePolicy/project.json
index 3eab1d58f9..79ccda4a15 100644
--- a/src/Microsoft.AspNet.CookiePolicy/project.json
+++ b/src/Microsoft.AspNet.CookiePolicy/project.json
@@ -10,7 +10,8 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Http": "1.0.0-*"
+    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
index 073d6f1e4b..b5935938ae 100644
--- a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -6,6 +6,7 @@ using System.IO;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Http.Features;
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index ffcf6d8792..7827566a9f 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -27,9 +27,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task NormalRequestPassesThrough()
         {
-            var server = CreateServer(options =>
-            {
-            });
+            var server = CreateServer(new CookieAuthenticationOptions());
             var response = await server.CreateClient().GetAsync("http://example.com/normal");
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
         }
@@ -37,10 +35,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task AjaxLoginRedirectToReturnUrlTurnsInto200WithLocationHeader()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.AutomaticChallenge = true;
-                options.LoginPath = "/login";
+                AutomaticChallenge = true,
+                LoginPath = "/login"
             });
 
             var transaction = await SendAsync(server, "http://example.com/protected?X-Requested-With=XMLHttpRequest");
@@ -53,9 +51,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task AjaxForbidTurnsInto403WithLocationHeader()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.AccessDeniedPath = "/denied";
+                AccessDeniedPath = "/denied"
             });
 
             var transaction = await SendAsync(server, "http://example.com/forbid?X-Requested-With=XMLHttpRequest");
@@ -68,9 +66,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task AjaxLogoutRedirectToReturnUrlTurnsInto200WithLocationHeader()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.LogoutPath = "/signout";
+                LogoutPath = "/signout"
             });
 
             var transaction = await SendAsync(server, "http://example.com/signout?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
@@ -83,9 +81,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task AjaxChallengeRedirectTurnsInto200WithLocationHeader()
         {
-            var server = CreateServer(options =>
-            {
-            });
+            var server = CreateServer(new CookieAuthenticationOptions());
 
             var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
             Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
@@ -100,10 +96,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [InlineData(false)]
         public async Task ProtectedRequestShouldRedirectToLoginOnlyWhenAutomatic(bool auto)
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.LoginPath = new PathString("/login");
-                options.AutomaticChallenge = auto;
+                LoginPath = new PathString("/login"),
+                AutomaticChallenge = auto
             });
 
             var transaction = await SendAsync(server, "http://example.com/protected");
@@ -120,7 +116,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri()
         {
-            var server = CreateServer(options => options.AutomaticChallenge = true);
+            var server = CreateServer(new CookieAuthenticationOptions
+            {
+                AutomaticChallenge = true
+            });
 
             var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
@@ -151,10 +150,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task SignInCausesDefaultCookieToBeCreated()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.LoginPath = new PathString("/login");
-                options.CookieName = "TestCookie";
+                LoginPath = new PathString("/login"),
+                CookieName = "TestCookie"
             }, SignInAsAlice);
 
             var transaction = await SendAsync(server, "http://example.com/testpath");
@@ -171,10 +170,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task SignInWrongAuthTypeThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.LoginPath = new PathString("/login");
-                options.CookieName = "TestCookie";
+                LoginPath = new PathString("/login"),
+                CookieName = "TestCookie"
             }, SignInAsWrong);
 
             await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -183,10 +182,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task SignOutWrongAuthTypeThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.LoginPath = new PathString("/login");
-                options.CookieName = "TestCookie";
+                LoginPath = new PathString("/login"),
+                CookieName = "TestCookie"
             }, SignOutAsWrong);
 
             await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -204,11 +203,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
             string requestUri,
             bool shouldBeSecureOnly)
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.LoginPath = new PathString("/login");
-                options.CookieName = "TestCookie";
-                options.CookieSecure = cookieSecureOption;
+                LoginPath = new PathString("/login"),
+                CookieName = "TestCookie",
+                CookieSecure = cookieSecureOption
             }, SignInAsAlice);
 
             var transaction = await SendAsync(server, requestUri);
@@ -227,13 +226,13 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task CookieOptionsAlterSetCookieHeader()
         {
-            TestServer server1 = CreateServer(options =>
+            TestServer server1 = CreateServer(new CookieAuthenticationOptions
             {
-                options.CookieName = "TestCookie";
-                options.CookiePath = "/foo";
-                options.CookieDomain = "another.com";
-                options.CookieSecure = CookieSecureOption.Always;
-                options.CookieHttpOnly = true;
+                CookieName = "TestCookie",
+                CookiePath = "/foo",
+                CookieDomain = "another.com",
+                CookieSecure = CookieSecureOption.Always,
+                CookieHttpOnly = true
             }, SignInAsAlice, new Uri("http://example.com/base"));
 
             var transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
@@ -246,11 +245,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
             Assert.Contains(" secure", setCookie1);
             Assert.Contains(" httponly", setCookie1);
 
-            var server2 = CreateServer(options =>
+            var server2 = CreateServer(new CookieAuthenticationOptions
             {
-                options.CookieName = "SecondCookie";
-                options.CookieSecure = CookieSecureOption.Never;
-                options.CookieHttpOnly = false;
+                CookieName = "SecondCookie",
+                CookieSecure = CookieSecureOption.Never,
+                CookieHttpOnly = false
             }, SignInAsAlice, new Uri("http://example.com/base"));
 
             var transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
@@ -268,9 +267,9 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieContainsIdentity()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
+                SystemClock = clock
             }, SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -284,24 +283,27 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieAppliesClaimsTransform()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
+                SystemClock = clock
             },
             SignInAsAlice,
             baseAddress: null,
-            claimsTransform: o => o.Transformer = new ClaimsTransformer
+            claimsTransform: new ClaimsTransformationOptions
             {
-                OnTransform = p =>
+                Transformer = new ClaimsTransformer
                 {
-                    if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                    OnTransform = p =>
                     {
-                        // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
-                        var id = new ClaimsIdentity("xform");
-                        id.AddClaim(new Claim("xform", "yup"));
-                        p.AddIdentity(id);
+                        if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                        {
+                            // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
+                            var id = new ClaimsIdentity("xform");
+                            id.AddClaim(new Claim("xform", "yup"));
+                            p.AddIdentity(id);
+                        }
+                        return Task.FromResult(p);
                     }
-                    return Task.FromResult(p);
                 }
             });
 
@@ -318,11 +320,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieStopsWorkingAfterExpiration()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = false;
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false
             }, SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -349,11 +351,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieExpirationCanBeOverridenInSignin()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = false;
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false
             },
             context =>
                 context.Authentication.SignInAsync("Cookies",
@@ -384,18 +386,18 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task ExpiredCookieWithValidatorStillExpired()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.Events = new CookieAuthenticationEvents
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                };
+                }
             },
             context =>
                 context.Authentication.SignInAsync("Cookies",
@@ -414,12 +416,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieCanBeRejectedAndSignedOutByValidator()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = false;
-                options.Events = new CookieAuthenticationEvents
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false,
+                Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
@@ -427,7 +429,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         ctx.HttpContext.Authentication.SignOutAsync("Cookies");
                         return Task.FromResult(0);
                     }
-                };
+                }
             },
             context =>
                 context.Authentication.SignInAsync("Cookies",
@@ -444,19 +446,19 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieCanBeRenewedByValidator()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = false;
-                options.Events = new CookieAuthenticationEvents
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false,
+                Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                };
+                }
             },
             context =>
                 context.Authentication.SignInAsync("Cookies",
@@ -491,18 +493,18 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieCanBeRenewedByValidatorWithSlidingExpiry()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.Events = new CookieAuthenticationEvents
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                };
+                }
             },
             context =>
                 context.Authentication.SignInAsync("Cookies",
@@ -537,19 +539,19 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieValidatorOnlyCalledOnce()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = false;
-                options.Events = new CookieAuthenticationEvents
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false,
+                Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                };
+                }
             },
             context =>
                 context.Authentication.SignInAsync("Cookies",
@@ -588,12 +590,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var clock = new TestClock();
             DateTimeOffset? lastValidateIssuedDate = null;
             DateTimeOffset? lastExpiresDate = null;
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = sliding;
-                options.Events = new CookieAuthenticationEvents
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = sliding,
+                Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
@@ -602,7 +604,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                };
+                }
             },
             context =>
                 context.Authentication.SignInAsync("Cookies",
@@ -640,19 +642,19 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieExpirationCanBeOverridenInEvent()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = false;
-                options.Events = new CookieAuthenticationEvents()
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = false,
+                Events = new CookieAuthenticationEvents()
                 {
                     OnSigningIn = context =>
                     {
                         context.Properties.ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5));
                         return Task.FromResult(0);
                     }
-                };
+                }
             }, SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -678,11 +680,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieIsRenewedWithSlidingExpiration()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
-                options.SlidingExpiration = true;
+                SystemClock = clock,
+                ExpireTimeSpan = TimeSpan.FromMinutes(10),
+                SlidingExpiration = true
             }, SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -715,7 +717,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieUsesPathBaseByDefault()
         {
             var clock = new TestClock();
-            var server = CreateServer(options => { },
+            var server = CreateServer(new CookieAuthenticationOptions(),
             context =>
             {
                 Assert.Equal(new PathString("/base"), context.Request.PathBase);
@@ -734,10 +736,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieTurnsChallengeIntoForbidWithCookie(bool automatic)
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.AutomaticAuthenticate = automatic;
-                options.SystemClock = clock;
+                AutomaticAuthenticate = automatic,
+                SystemClock = clock
             },
             SignInAsAlice);
 
@@ -758,10 +760,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieChallengeRedirectsToLoginWithoutCookie(bool automatic)
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.AutomaticAuthenticate = automatic;
-                options.SystemClock = clock;
+                AutomaticAuthenticate = automatic,
+                SystemClock = clock
             },
             SignInAsAlice);
 
@@ -779,10 +781,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieForbidRedirectsWithoutCookie(bool automatic)
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.AutomaticAuthenticate = automatic;
-                options.SystemClock = clock;
+                AutomaticAuthenticate = automatic,
+                SystemClock = clock
             },
             SignInAsAlice);
 
@@ -798,10 +800,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieTurns401ToAccessDeniedWhenSetWithCookie()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.AccessDeniedPath = new PathString("/accessdenied");
+                SystemClock = clock,
+                AccessDeniedPath = new PathString("/accessdenied")
             },
             SignInAsAlice);
 
@@ -819,10 +821,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieChallengeRedirectsWithLoginPath()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.LoginPath = new PathString("/page");
+                SystemClock = clock,
+                LoginPath = new PathString("/page")
             });
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -836,10 +838,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
         public async Task CookieChallengeWithUnauthorizedRedirectsToLoginIfNotAuthenticated()
         {
             var clock = new TestClock();
-            var server = CreateServer(options =>
+            var server = CreateServer(new CookieAuthenticationOptions
             {
-                options.SystemClock = clock;
-                options.LoginPath = new PathString("/page");
+                SystemClock = clock,
+                LoginPath = new PathString("/page")
             });
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -855,7 +857,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.LoginPath = new PathString("/page"));
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        LoginPath = new PathString("/page")
+                    });
                     app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
                 })
                 .ConfigureServices(services => services.AddAuthentication());
@@ -895,7 +900,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.CookieName = "One");
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        CookieName = "One"
+                    });
                     app.UseCookieAuthentication();
                     app.Run(context => context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
                 })
@@ -914,7 +922,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        LoginPath = new PathString("/login")
+                    });
                     app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
                         new ClaimsPrincipal())));
                 })
@@ -932,7 +943,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.LoginPath = new PathString("/login"));
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        LoginPath = new PathString("/login")
+                    });
                     app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
                         new ClaimsPrincipal())));
                 })
@@ -954,7 +968,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        LogoutPath = new PathString("/logout")
+                    });
                     app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
                 })
                 .ConfigureServices(services => services.AddAuthentication());
@@ -971,7 +988,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.LogoutPath = new PathString("/logout"));
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        LogoutPath = new PathString("/logout")
+                    });
                     app.Map("/logout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
                 })
                 .ConfigureServices(services => services.AddAuthentication());
@@ -992,7 +1012,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.AccessDeniedPath = new PathString("/denied"));
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        AccessDeniedPath = new PathString("/denied")
+                    });
                     app.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
                 })
                 .ConfigureServices(services => services.AddAuthentication());
@@ -1012,7 +1035,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 .Configure(app =>
                     app.Map("/base", map =>
                     {
-                        map.UseCookieAuthentication(options => options.LoginPath = new PathString("/page"));
+                        map.UseCookieAuthentication(new CookieAuthenticationOptions
+                        {
+                            LoginPath = new PathString("/page")
+                        });
                         map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
                     }))
                 .ConfigureServices(services => services.AddAuthentication());
@@ -1033,7 +1059,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
                 .Configure(app =>
                     app.Map("/base", map =>
                     {
-                        map.UseCookieAuthentication(options => options.AccessDeniedPath = new PathString("/denied"));
+                        map.UseCookieAuthentication(new CookieAuthenticationOptions
+                        {
+                            AccessDeniedPath = new PathString("/denied")
+                        });
                         map.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
                     }))
                     .ConfigureServices(services => services.AddAuthentication());
@@ -1054,10 +1083,10 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder1 = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options =>
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
                     {
-                        options.TicketDataFormat = new TicketDataFormat(dp);
-                        options.CookieName = "Cookie";
+                        TicketDataFormat = new TicketDataFormat(dp),
+                        CookieName = "Cookie"
                     });
                     app.Use((context, next) =>
                         context.Authentication.SignInAsync("Cookies",
@@ -1073,11 +1102,11 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var builder2 = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options =>
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
                     {
-                        options.AuthenticationScheme = "Cookies";
-                        options.CookieName = "Cookie";
-                        options.TicketDataFormat = new TicketDataFormat(dp);
+                        AuthenticationScheme = "Cookies",
+                        CookieName = "Cookie",
+                        TicketDataFormat = new TicketDataFormat(dp)
                     });
                     app.Use(async (context, next) =>
                     {
@@ -1131,12 +1160,12 @@ namespace Microsoft.AspNet.Authentication.Cookies
             return me;
         }
 
-        private static TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null, Uri baseAddress = null, Action<ClaimsTransformationOptions> claimsTransform = null)
+        private static TestServer CreateServer(CookieAuthenticationOptions options, Func<HttpContext, Task> testpath = null, Uri baseAddress = null, ClaimsTransformationOptions claimsTransform = null)
         {
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(configureOptions);
+                    app.UseCookieAuthentication(options);
                     // app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookie2" });
 
                     if (claimsTransform != null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 5263dadb57..95dcb2e5b7 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -30,23 +30,23 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(new FacebookOptions
                     {
-                        options.AppId = "Test App Id";
-                        options.AppSecret = "Test App Secret";
-                        options.Events = new OAuthEvents
+                        AppId = "Test App Id",
+                        AppSecret = "Test App Secret",
+                        Events = new OAuthEvents
                         {
                             OnRedirectToAuthorizationEndpoint = context =>
                             {
                                 context.Response.Redirect(context.RedirectUri + "&custom=test");
                                 return Task.FromResult(0);
                             }
-                        };
+                        }
                     });
-                    app.UseCookieAuthentication(options =>
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
                     {
-                        options.AuthenticationScheme = "External";
-                        options.AutomaticAuthenticate = true;
+                        AuthenticationScheme = "External",
+                        AutomaticAuthenticate = true
                     });
                 },
                 services =>
@@ -73,11 +73,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
         {
             var server = CreateServer(app =>
                 app.Map("/base", map => {
-                    map.UseFacebookAuthentication(options =>
+                    map.UseFacebookAuthentication(new FacebookOptions
                     {
-                        options.AppId = "Test App Id";
-                        options.AppSecret = "Test App Secret";
-                        options.SignInScheme = "External";
+                        AppId = "Test App Id",
+                        AppSecret = "Test App Secret",
+                        SignInScheme = "External"
                     });
                     map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
                 }),
@@ -100,11 +100,11 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(new FacebookOptions
                     {
-                        options.AppId = "Test App Id";
-                        options.AppSecret = "Test App Secret";
-                        options.SignInScheme = "External";
+                        AppId = "Test App Id",
+                        AppSecret = "Test App Secret",
+                        SignInScheme = "External"
                     });
                     app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
                 },
@@ -127,12 +127,15 @@ namespace Microsoft.AspNet.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(new FacebookOptions
                     {
-                        options.AppId = "Test App Id";
-                        options.AppSecret = "Test App Secret";
+                        AppId = "Test App Id",
+                        AppSecret = "Test App Secret"
+                    });
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        AuthenticationScheme = "External"
                     });
-                    app.UseCookieAuthentication(options => options.AuthenticationScheme = "External");
                 },
                 services =>
                 {
@@ -165,13 +168,13 @@ namespace Microsoft.AspNet.Authentication.Facebook
                 app =>
                 {
                     app.UseCookieAuthentication();
-                    app.UseFacebookAuthentication(options =>
+                    app.UseFacebookAuthentication(new FacebookOptions
                     {
-                        options.AppId = "Test App Id";
-                        options.AppSecret = "Test App Secret";
-                        options.StateDataFormat = stateFormat;
-                        options.UserInformationEndpoint = customUserInfoEndpoint;
-                        options.BackchannelHttpHandler = new TestHttpMessageHandler
+                        AppId = "Test App Id",
+                        AppSecret = "Test App Secret",
+                        StateDataFormat = stateFormat,
+                        UserInformationEndpoint = customUserInfoEndpoint,
+                        BackchannelHttpHandler = new TestHttpMessageHandler
                         {
                             Sender = req =>
                             {
@@ -200,7 +203,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
                                 }
                                 return null;
                             }
-                        };
+                        }
                     });
                 },
                 services =>
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index dcfe91e5a1..6a6f028282 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -28,10 +28,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -50,10 +50,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task SignInThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -62,10 +62,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task SignOutThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -74,10 +74,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ForbidThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -86,11 +86,11 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task Challenge401WillTriggerRedirection()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.AutomaticChallenge = true;
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                AutomaticChallenge = true
             });
             var transaction = await server.SendAsync("https://example.com/401");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -105,10 +105,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ChallengeWillSetCorrelationCookie()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Contains(".AspNet.Correlation.Google=", transaction.SetCookie.Single());
@@ -117,11 +117,11 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task Challenge401WillSetCorrelationCookie()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.AutomaticChallenge = true;
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                AutomaticChallenge = true
             });
             var transaction = await server.SendAsync("https://example.com/401");
             Assert.Contains(".AspNet.Correlation.Google=", transaction.SetCookie.Single());
@@ -130,10 +130,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ChallengeWillSetDefaultScope()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -144,11 +144,11 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task Challenge401WillSetDefaultScope()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.AutomaticChallenge = true;
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                AutomaticChallenge = true
             });
             var transaction = await server.SendAsync("https://example.com/401");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -159,11 +159,11 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.AutomaticChallenge = true;
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                AutomaticChallenge = true
             },
             context =>
                 {
@@ -195,18 +195,18 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.Events = new OAuthEvents
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                Events = new OAuthEvents
                 {
                     OnRedirectToAuthorizationEndpoint = context =>
                     {
                         context.Response.Redirect(context.RedirectUri + "&custom=test");
                         return Task.FromResult(0);
                     }
-                };
+                }
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -217,10 +217,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task AuthenticateWillFail()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             },
             async context => 
             {
@@ -240,10 +240,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?code=TestCode"));
             Assert.Equal("The oauth state was missing or invalid.", error.GetBaseException().Message);
@@ -254,22 +254,19 @@ namespace Microsoft.AspNet.Authentication.Google
         [InlineData(false)]
         public async Task ReplyPathWithErrorFails(bool redirect)
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                if (redirect)
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                Events = redirect ? new OAuthEvents()
                 {
-                    options.Events = new OAuthEvents()
+                    OnRemoteFailure = ctx =>
                     {
-                        OnRemoteFailure = ctx =>
-                        {
-                            ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
-                            ctx.HandleResponse();
-                            return Task.FromResult(0);
-                        }
-                    };
-                }
+                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
+                        ctx.HandleResponse();
+                        return Task.FromResult(0);
+                    }
+                } : new OAuthEvents()
             });
             var sendTask = server.SendAsync("https://example.com/signin-google?error=OMG&error_description=SoBad&error_uri=foobar");
             if (redirect)
@@ -291,13 +288,13 @@ namespace Microsoft.AspNet.Authentication.Google
         public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState(string claimsIssuer)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.StateDataFormat = stateFormat;
-                options.ClaimsIssuer = claimsIssuer;
-                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                StateDataFormat = stateFormat,
+                ClaimsIssuer = claimsIssuer,
+                BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -335,7 +332,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                };
+                }
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
@@ -373,31 +370,28 @@ namespace Microsoft.AspNet.Authentication.Google
         public async Task ReplyPathWillThrowIfCodeIsInvalid(bool redirect)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.StateDataFormat = stateFormat;
-                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
-                        return ReturnJsonResponse(new { Error = "Error" }, 
+                        return ReturnJsonResponse(new { Error = "Error" },
                             HttpStatusCode.BadRequest);
                     }
-                };
-                if (redirect)
+                },
+                Events = redirect ? new OAuthEvents()
                 {
-                    options.Events = new OAuthEvents()
+                    OnRemoteFailure = ctx =>
                     {
-                        OnRemoteFailure = ctx =>
-                        {
-                            ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
-                            ctx.HandleResponse();
-                            return Task.FromResult(0);
-                        }
-                    };
-                }
+                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
+                        ctx.HandleResponse();
+                        return Task.FromResult(0);
+                    }
+                } : new OAuthEvents()
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
@@ -429,30 +423,27 @@ namespace Microsoft.AspNet.Authentication.Google
         public async Task ReplyPathWillRejectIfAccessTokenIsMissing(bool redirect)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.StateDataFormat = stateFormat;
-                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
                         return ReturnJsonResponse(new object());
                     }
-                };
-                if (redirect)
+                },
+                Events = redirect ? new OAuthEvents()
                 {
-                    options.Events = new OAuthEvents()
+                    OnRemoteFailure = ctx =>
                     {
-                        OnRemoteFailure = ctx =>
-                        {
-                            ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
-                            ctx.HandleResponse();
-                            return Task.FromResult(0);
-                        }
-                    };
-                }
+                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
+                        ctx.HandleResponse();
+                        return Task.FromResult(0);
+                    }
+                } : new OAuthEvents()
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
@@ -481,12 +472,12 @@ namespace Microsoft.AspNet.Authentication.Google
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.StateDataFormat = stateFormat;
-                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -525,8 +516,8 @@ namespace Microsoft.AspNet.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                };
-                options.Events = new OAuthEvents
+                },
+                Events = new OAuthEvents
                 {
                     OnCreatingTicket = context =>
                     {
@@ -534,7 +525,7 @@ namespace Microsoft.AspNet.Authentication.Google
                         context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
                         return Task.FromResult(0);
                     }
-                };
+                }
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
@@ -561,12 +552,12 @@ namespace Microsoft.AspNet.Authentication.Google
         public async Task NullRedirectUriWillRedirectToSlash()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.StateDataFormat = stateFormat;
-                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -605,15 +596,15 @@ namespace Microsoft.AspNet.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                };
-                options.Events = new OAuthEvents
+                },
+                Events = new OAuthEvents
                 {
                     OnTicketReceived = context =>
                     {
                         context.Ticket.Properties.RedirectUri = null;
                         return Task.FromResult(0);
                     }
-                };
+                }
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Google";
@@ -634,13 +625,13 @@ namespace Microsoft.AspNet.Authentication.Google
         public async Task ValidateAuthenticatedContext()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.StateDataFormat = stateFormat;
-                options.AccessType = "offline";
-                options.Events = new OAuthEvents()
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                StateDataFormat = stateFormat,
+                AccessType = "offline",
+                Events = new OAuthEvents()
                 {
                     OnCreatingTicket = context =>
                     {
@@ -655,8 +646,8 @@ namespace Microsoft.AspNet.Authentication.Google
                         Assert.Equal(GoogleHelper.GetGivenName(context.User), "Test Given Name");
                         return Task.FromResult(0);
                     }
-                };
-                options.BackchannelHttpHandler = new TestHttpMessageHandler
+                },
+                BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -695,7 +686,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                };
+                }
             });
 
             var properties = new AuthenticationProperties();
@@ -717,10 +708,10 @@ namespace Microsoft.AspNet.Authentication.Google
         [Fact]
         public async Task NoStateCausesException()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
 
             //Post a message to the Google middleware
@@ -732,11 +723,11 @@ namespace Microsoft.AspNet.Authentication.Google
         public async Task CanRedirectOnError()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
-            var server = CreateServer(options =>
+            var server = CreateServer(new GoogleOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
-                options.Events = new OAuthEvents()
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                Events = new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -744,7 +735,7 @@ namespace Microsoft.AspNet.Authentication.Google
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                };
+                }
             });
 
             //Post a message to the Google middleware
@@ -764,17 +755,17 @@ namespace Microsoft.AspNet.Authentication.Google
             return res;
         }
 
-        private static TestServer CreateServer(Action<GoogleOptions> configureOptions, Func<HttpContext, Task> testpath = null)
+        private static TestServer CreateServer(GoogleOptions options, Func<HttpContext, Task> testpath = null)
         {
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options =>
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
                     {
-                        options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
-                        options.AutomaticAuthenticate = true;
+                        AuthenticationScheme = TestExtensions.CookieAuthenticationScheme,
+                        AutomaticAuthenticate = true
                     });
-                    app.UseGoogleAuthentication(configureOptions);
+                    app.UseGoogleAuthentication(options);
                     app.UseClaimsTransformation(p =>
                     {
                         var id = new ClaimsIdentity("xform");
@@ -833,7 +824,7 @@ namespace Microsoft.AspNet.Authentication.Google
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication(options => options.SignInScheme = TestExtensions.CookieAuthenticationScheme);
+                    services.AddAuthentication(authOptions => authOptions.SignInScheme = TestExtensions.CookieAuthenticationScheme);
                 });
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index a3e7fbd54e..2732d0caaa 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
@@ -27,14 +28,14 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/179
         public async Task BearerTokenValidation()
         {
-            var server = CreateServer(options =>
+            var options = new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-
-                options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
-                options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
-                options.TokenValidationParameters.ValidateLifetime = false;
-            });
+                AutomaticAuthenticate = true,
+                Authority = "https://login.windows.net/tushartest.onmicrosoft.com",
+                Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt"
+            };
+            options.TokenValidationParameters.ValidateLifetime = false;
+            var server = CreateServer(options);
 
             var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
             var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
@@ -44,9 +45,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task SignInThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
+                AutomaticAuthenticate = true
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -55,9 +56,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task SignOutThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
+                AutomaticAuthenticate = true
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -67,11 +68,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task CustomHeaderReceived()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnReceivingToken = context =>
                     {
@@ -90,7 +90,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                         return Task.FromResult<object>(null);
                     }
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "someHeader someblob");
@@ -101,7 +101,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task NoHeaderReceived()
         {
-            var server = CreateServer(options => { });
+            var server = CreateServer(new JwtBearerOptions());
             var response = await SendAsync(server, "http://example.com/oauth");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
@@ -109,7 +109,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task HeaderWithoutBearerReceived()
         {
-            var server = CreateServer(options => { });
+            var server = CreateServer(new JwtBearerOptions());
             var response = await SendAsync(server, "http://example.com/oauth","Token");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
@@ -117,9 +117,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task UnrecognizedTokenReceived()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
+                AutomaticAuthenticate = true
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
@@ -130,12 +130,13 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task InvalidTokenReceived()
         {
-            var server = CreateServer(options =>
+            var options = new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-                options.SecurityTokenValidators.Clear();
-                options.SecurityTokenValidators.Add(new InvalidTokenValidator());
-            });
+                AutomaticAuthenticate = true
+            };
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new InvalidTokenValidator());
+            var server = CreateServer(options);
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -145,11 +146,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task CustomTokenReceived()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnReceivedToken = context =>
                     {
@@ -168,7 +168,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                         return Task.FromResult<object>(null);
                     }
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
@@ -179,11 +179,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task CustomTokenValidated()
         {
-            var server = CreateServer(options =>
+            var options = new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnValidatedToken = context =>
                     {
@@ -203,10 +202,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                         return Task.FromResult<object>(null);
                     }
-                };
-
-                options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme));
-            });
+                }
+            };
+            options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme));
+            var server = CreateServer(options);
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -216,11 +215,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task RetrievingTokenFromAlternateLocation()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnReceivingToken = context =>
                     {
@@ -244,7 +242,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                         return Task.FromResult<object>(null);
                     }
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
@@ -255,9 +253,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task BearerTurns401To403IfAuthenticated()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.Events = new JwtBearerEvents()
+                Events = new JwtBearerEvents()
                 {
                     OnReceivedToken = context =>
                     {
@@ -276,7 +274,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                         return Task.FromResult<object>(null);
                     }
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
@@ -286,9 +284,9 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task BearerDoesNothingTo401IfNotAuthenticated()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.Events = new JwtBearerEvents()
+                Events = new JwtBearerEvents()
                 {
                     OnReceivedToken = context =>
                     {
@@ -307,7 +305,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
                         return Task.FromResult<object>(null);
                     }
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized");
@@ -317,11 +315,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task EventOnReceivingTokenSkipped_NoMoreEventsExecuted()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnReceivingToken = context =>
                     {
@@ -344,7 +341,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
@@ -355,11 +352,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task EventOnReceivedTokenSkipped_NoMoreEventsExecuted()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnReceivedToken = context =>
                     {
@@ -378,7 +374,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
@@ -389,12 +385,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task EventOnValidatedTokenSkipped_NoMoreEventsExecuted()
         {
-            var server = CreateServer(options =>
+            var options = new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-                options.SecurityTokenValidators.Clear();
-                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnValidatedToken = context =>
                     {
@@ -409,8 +403,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                };
-            });
+                }
+            };
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            var server = CreateServer(options);
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -420,12 +417,10 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task EventOnAuthenticationFailedSkipped_NoMoreEventsExecuted()
         {
-            var server = CreateServer(options =>
+            var options = new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-                options.SecurityTokenValidators.Clear();
-                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                Events = new JwtBearerEvents()
                 {
                     OnValidatedToken = context =>
                     {
@@ -440,8 +435,11 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                };
-            });
+                }
+            };
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            var server = CreateServer(options);
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -451,18 +449,18 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
         [Fact]
         public async Task EventOnChallengeSkipped_ResponseNotModified()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new JwtBearerOptions
             {
-                options.AutomaticAuthenticate = true;
-                options.AutomaticChallenge = true;
-                options.Events = new JwtBearerEvents()
+                AutomaticAuthenticate = true,
+                AutomaticChallenge = true,
+                Events = new JwtBearerEvents()
                 {
                     OnChallenge = context =>
                     {
                         context.SkipToNextMiddleware();
                         return Task.FromResult(0);
                     },
-                };
+                }
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
@@ -535,14 +533,14 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
             }
         }
 
-        private static TestServer CreateServer(Action<JwtBearerOptions> configureOptions, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(JwtBearerOptions options, Func<HttpContext, bool> handler = null)
         {
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    if (configureOptions != null)
+                    if (options != null)
                     {
-                        app.UseJwtBearerAuthentication(configureOptions);
+                        app.UseJwtBearerAuthentication(options);
                     }
 
                     app.Use(async (context, next) =>
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 849cdfe0a2..29f6e0edcc 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -8,7 +8,6 @@ using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
@@ -27,19 +26,18 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var server = CreateServer(
-                options =>
+            var server = CreateServer(new MicrosoftAccountOptions
                 {
-                    options.ClientId = "Test Client Id";
-                    options.ClientSecret = "Test Client Secret";
-                    options.Events = new OAuthEvents
+                    ClientId = "Test Client Id",
+                    ClientSecret = "Test Client Secret",
+                    Events = new OAuthEvents
                     {
                         OnRedirectToAuthorizationEndpoint = context =>
                         {
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
                             return Task.FromResult(0);
                         }
-                    };
+                    }
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -50,10 +48,10 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task SignInThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new MicrosoftAccountOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -62,10 +60,10 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task SignOutThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new MicrosoftAccountOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -74,10 +72,10 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task ForbidThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new MicrosoftAccountOptions
             {
-                options.ClientId = "Test Id";
-                options.ClientSecret = "Test Secret";
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -86,11 +84,10 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
-            var server = CreateServer(
-                options =>
-                {
-                    options.ClientId = "Test Client Id";
-                    options.ClientSecret = "Test Client Secret";
+            var server = CreateServer(new MicrosoftAccountOptions
+            {
+                    ClientId = "Test Client Id",
+                    ClientSecret = "Test Client Secret"
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -107,13 +104,12 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("MsftTest"));
-            var server = CreateServer(
-                options =>
-                {
-                    options.ClientId = "Test Client Id";
-                    options.ClientSecret = "Test Client Secret";
-                    options.StateDataFormat = stateFormat;
-                    options.BackchannelHttpHandler = new TestHttpMessageHandler
+            var server = CreateServer(new MicrosoftAccountOptions
+            {
+                    ClientId = "Test Client Id",
+                    ClientSecret = "Test Client Secret",
+                    StateDataFormat = stateFormat,
+                    BackchannelHttpHandler = new TestHttpMessageHandler
                     {
                         Sender = req =>
                         {
@@ -144,8 +140,8 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
 
                             return null;
                         }
-                    };
-                    options.Events = new OAuthEvents
+                    },
+                    Events = new OAuthEvents
                     {
                         OnCreatingTicket = context =>
                         {
@@ -153,7 +149,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                             context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
                             return Task.FromResult<object>(null);
                         }
-                    };
+                    }
                 });
             var properties = new AuthenticationProperties();
             var correlationKey = ".AspNet.Correlation.Microsoft";
@@ -176,17 +172,17 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
             Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken"));
         }
 
-        private static TestServer CreateServer(Action<MicrosoftAccountOptions> configureOptions)
+        private static TestServer CreateServer(MicrosoftAccountOptions options)
         {
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options =>
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
                     {
-                        options.AuthenticationScheme = TestExtensions.CookieAuthenticationScheme;
-                        options.AutomaticAuthenticate = true;
+                        AuthenticationScheme = TestExtensions.CookieAuthenticationScheme,
+                        AutomaticAuthenticate = true
                     });
-                    app.UseMicrosoftAccountAuthentication(configureOptions);
+                    app.UseMicrosoftAccountAuthentication(options);
 
                     app.Use(async (context, next) =>
                     {
@@ -221,9 +217,9 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
                 .ConfigureServices(services =>
                 {
                     services.AddAuthentication();
-                    services.Configure<SharedAuthenticationOptions>(options =>
+                    services.Configure<SharedAuthenticationOptions>(authOptions =>
                     {
-                        options.SignInScheme = TestExtensions.CookieAuthenticationScheme;
+                        authOptions.SignInScheme = TestExtensions.CookieAuthenticationScheme;
                     });
                 });
             return new TestServer(builder);
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 801cc71f95..0166c13e48 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -15,6 +15,7 @@ using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Xunit;
@@ -31,20 +32,20 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         private const string ExpectedStateParameter = "expectedState";
 
         [Theory, MemberData(nameof(AuthenticateCoreStateDataSet))]
-        public async Task AuthenticateCoreState(Action<OpenIdConnectOptions> action, OpenIdConnectMessage message)
+        public async Task AuthenticateCoreState(OpenIdConnectOptions option, OpenIdConnectMessage message)
         {
             var handler = new OpenIdConnectHandlerForTestingAuthenticate();
-            var server = CreateServer(action, UrlEncoder.Default, handler);
+            var server = CreateServer(option, UrlEncoder.Default, handler);
             await server.CreateClient().PostAsync("http://localhost", new FormUrlEncodedContent(message.Parameters.Where(pair => pair.Value != null)));
         }
 
-        public static TheoryData<Action<OpenIdConnectOptions>, OpenIdConnectMessage> AuthenticateCoreStateDataSet
+        public static TheoryData<OpenIdConnectOptions, OpenIdConnectMessage> AuthenticateCoreStateDataSet
         {
             get
             {
                 var formater = new AuthenticationPropertiesFormaterKeyValue();
                 var properties = new AuthenticationProperties();
-                var dataset = new TheoryData<Action<OpenIdConnectOptions>, OpenIdConnectMessage>();
+                var dataset = new TheoryData<OpenIdConnectOptions, OpenIdConnectMessage>();
 
                 // expected user state is added to the message.Parameters.Items[ExpectedStateParameter]
                 // Userstate == null
@@ -52,7 +53,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 message.State = UrlEncoder.Default.Encode(formater.Protect(properties));
                 message.Code = Guid.NewGuid().ToString();
                 message.Parameters.Add(ExpectedStateParameter, null);
-                dataset.Add(SetStateOptions, message);
+                dataset.Add(GetStateOptions(), message);
 
                 // Userstate != null
                 message = new OpenIdConnectMessage();
@@ -62,15 +63,16 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userstate);
                 message.State = UrlEncoder.Default.Encode(formater.Protect(properties));
                 message.Parameters.Add(ExpectedStateParameter, userstate);
-                dataset.Add(SetStateOptions, message);
+                dataset.Add(GetStateOptions(), message);
                 return dataset;
             }
         }
 
         // Setup an event to check for expected state.
         // The state gets set by the runtime after the 'MessageReceivedContext'
-        private static void SetStateOptions(OpenIdConnectOptions options)
+        private static OpenIdConnectOptions GetStateOptions()
         {
+            var options = new OpenIdConnectOptions();
             options.AuthenticationScheme = "OpenIdConnectHandlerTest";
             options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
             options.ClientId = Guid.NewGuid().ToString();
@@ -91,16 +93,15 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     return Task.FromResult<object>(null);
                 }
             };
+            return options;
         }
 
-        private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, UrlEncoder encoder, OpenIdConnectHandler handler = null)
+        private static TestServer CreateServer(OpenIdConnectOptions options, UrlEncoder encoder, OpenIdConnectHandler handler = null)
         {
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    var options = new OpenIdConnectOptions();
-                    configureOptions(options);
-                    app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(options, encoder, handler);
+                    app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(Options.Create(options), encoder, handler);
                     app.Use(async (context, next) =>
                     {
                         await next();
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
index 2a91eecdbc..c73cf8f942 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Text.Encodings.Web;
 using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
 using Microsoft.Extensions.Logging;
@@ -27,7 +28,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             UrlEncoder encoder,
             IServiceProvider services,
             IOptions<SharedAuthenticationOptions> sharedOptions,
-            OpenIdConnectOptions options,
+            IOptions<OpenIdConnectOptions> options,
             HtmlEncoder htmlEncoder,
             OpenIdConnectHandler handler = null
             )
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 9446be945a..992f7b9c90 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -42,12 +42,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task ChallengeWillIssueHtmlFormWhenEnabled()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new OpenIdConnectOptions
             {
-                options.Authority = DefaultAuthority;
-                options.ClientId = "Test Id";
-                options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-                options.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost;
+                Authority = DefaultAuthority,
+                ClientId = "Test Id",
+                Configuration = TestUtilities.DefaultOpenIdConnectConfiguration,
+                AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost
             });
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -61,10 +61,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             var queryValues = ExpectedQueryValues.Defaults(DefaultAuthority);
             queryValues.State = OpenIdConnectDefaults.AuthenticationPropertiesKey + "=" + stateDataFormat.Protect(new AuthenticationProperties());
-            var server = CreateServer(options =>
-            {
-                SetOptions(options, DefaultParameters(), queryValues);
-            });
+            var server = CreateServer(GetOptions(DefaultParameters(), queryValues));
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -74,11 +71,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task ChallengeWillSetNonceAndStateCookies()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new OpenIdConnectOptions
             {
-                options.Authority = DefaultAuthority;
-                options.ClientId = "Test Id";
-                options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
+                Authority = DefaultAuthority,
+                ClientId = "Test Id",
+                Configuration = TestUtilities.DefaultOpenIdConnectConfiguration
             });
             var transaction = await SendAsync(server, DefaultHost + Challenge);
 
@@ -95,10 +92,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         public async Task ChallengeWillUseOptionsProperties()
         {
             var queryValues = new ExpectedQueryValues(DefaultAuthority);
-            var server = CreateServer(options =>
-            {
-                SetOptions(options, DefaultParameters(), queryValues);
-            });
+            var server = CreateServer(GetOptions(DefaultParameters(), queryValues));
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -121,7 +115,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 RequestType = OpenIdConnectRequestType.AuthenticationRequest
             };
-            var server = CreateServer(SetProtocolMessageOptions);
+            var server = CreateServer(GetProtocolMessageOptions());
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
@@ -143,14 +137,15 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 RequestType = OpenIdConnectRequestType.LogoutRequest
             };
-            var server = CreateServer(SetProtocolMessageOptions);
+            var server = CreateServer(GetProtocolMessageOptions());
             var transaction = await SendAsync(server, DefaultHost + Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] { });
         }
 
-        private static void SetProtocolMessageOptions(OpenIdConnectOptions options)
+        private static OpenIdConnectOptions GetProtocolMessageOptions()
         {
+            var options = new OpenIdConnectOptions();
             var fakeOpenIdRequestMessage = new FakeOpenIdConnectMessage(ExpectedAuthorizeRequest, ExpectedLogoutRequest);
             options.AutomaticChallenge = true;
             options.Events = new OpenIdConnectEvents()
@@ -166,7 +161,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                     return Task.FromResult(0);
                 }
             };
+            return options;
         }
+
         private class FakeOpenIdConnectMessage : OpenIdConnectMessage
         {
             private readonly string _authorizeRequest;
@@ -207,21 +204,19 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 properties.Items.Add("item1", Guid.NewGuid().ToString());
             }
 
-            var server = CreateServer(options =>
+            var options = GetOptions(DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
+            options.AutomaticChallenge = challenge.Equals(ChallengeWithOutContext);
+            options.Events = new OpenIdConnectEvents()
             {
-                SetOptions(options, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
-                options.AutomaticChallenge = challenge.Equals(ChallengeWithOutContext);
-                options.Events = new OpenIdConnectEvents()
+                OnRedirectToAuthenticationEndpoint = context =>
                 {
-                    OnRedirectToAuthenticationEndpoint = context =>
-                    {
-                        context.ProtocolMessage.State = userState;
-                        context.ProtocolMessage.RedirectUri = queryValues.RedirectUri;
-                        return Task.FromResult<object>(null);
-                    }
+                    context.ProtocolMessage.State = userState;
+                    context.ProtocolMessage.RedirectUri = queryValues.RedirectUri;
+                    return Task.FromResult<object>(null);
+                }
 
-                };
-            }, null, properties);
+            };
+            var server = CreateServer(options, null, properties);
 
             var transaction = await SendAsync(server, DefaultHost + challenge);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -260,29 +255,28 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         {
             var queryValues = new ExpectedQueryValues(DefaultAuthority);
             var queryValuesSetInEvent = new ExpectedQueryValues(DefaultAuthority);
-            var server = CreateServer(options =>
+            var options = GetOptions(DefaultParameters(), queryValues);
+            options.Events = new OpenIdConnectEvents()
             {
-                SetOptions(options, DefaultParameters(), queryValues);
-                options.Events = new OpenIdConnectEvents()
+                OnRedirectToAuthenticationEndpoint = context =>
                 {
-                    OnRedirectToAuthenticationEndpoint = context =>
-                    {
-                        context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
-                        context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;
-                        context.ProtocolMessage.Resource = queryValuesSetInEvent.Resource;
-                        context.ProtocolMessage.Scope = queryValuesSetInEvent.Scope;
-                        return Task.FromResult<object>(null);
-                    }
-                };
-            });
+                    context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
+                    context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;
+                    context.ProtocolMessage.Resource = queryValuesSetInEvent.Resource;
+                    context.ProtocolMessage.Scope = queryValuesSetInEvent.Scope;
+                    return Task.FromResult<object>(null);
+                }
+            };
+            var server = CreateServer(options);
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             queryValuesSetInEvent.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
         }
 
-        private void SetOptions(OpenIdConnectOptions options, List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
+        private OpenIdConnectOptions GetOptions(List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
         {
+            var options = new OpenIdConnectOptions();
             foreach (var param in parameters)
             {
                 if (param.Equals(OpenIdConnectParameterNames.ClientId))
@@ -301,6 +295,8 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             options.Authority = queryValues.Authority;
             options.Configuration = queryValues.Configuration;
             options.StateDataFormat = secureDataFormat ?? new AuthenticationPropertiesFormaterKeyValue();
+
+            return options;
         }
 
         private List<string> DefaultParameters(string[] additionalParams = null)
@@ -333,11 +329,11 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         public async Task SignOutWithDefaultRedirectUri()
         {
             var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-            var server = CreateServer(options =>
+            var server = CreateServer(new OpenIdConnectOptions
             {
-                options.Authority = DefaultAuthority;
-                options.ClientId = "Test Id";
-                options.Configuration = configuration;
+                Authority = DefaultAuthority,
+                ClientId = "Test Id",
+                Configuration = configuration
             });
 
             var transaction = await SendAsync(server, DefaultHost + Signout);
@@ -349,12 +345,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         public async Task SignOutWithCustomRedirectUri()
         {
             var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-            var server = CreateServer(options =>
+            var server = CreateServer(new OpenIdConnectOptions
             {
-                options.Authority = DefaultAuthority;
-                options.ClientId = "Test Id";
-                options.Configuration = configuration;
-                options.PostLogoutRedirectUri = "https://example.com/logout";
+                Authority = DefaultAuthority,
+                ClientId = "Test Id",
+                Configuration = configuration,
+                PostLogoutRedirectUri = "https://example.com/logout"
             });
 
             var transaction = await SendAsync(server, DefaultHost + Signout);
@@ -366,12 +362,12 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
         public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
         {
             var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-            var server = CreateServer(options =>
+            var server = CreateServer(new OpenIdConnectOptions
             {
-                options.Authority = DefaultAuthority;
-                options.ClientId = "Test Id";
-                options.Configuration = configuration;
-                options.PostLogoutRedirectUri = "https://example.com/logout";
+                Authority = DefaultAuthority,
+                ClientId = "Test Id",
+                Configuration = configuration,
+                PostLogoutRedirectUri = "https://example.com/logout"
             });
 
             var transaction = await SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
@@ -379,16 +375,16 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             Assert.Contains(UrlEncoder.Default.Encode("http://www.example.com/specific_redirect_uri"), transaction.Response.Headers.Location.AbsoluteUri);
         }
 
-        private static TestServer CreateServer(Action<OpenIdConnectOptions> configureOptions, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
+        private static TestServer CreateServer(OpenIdConnectOptions options, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
         {
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options =>
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
                     {
-                        options.AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme
                     });
-                    app.UseOpenIdConnectAuthentication(configureOptions);
+                    app.UseOpenIdConnectAuthentication(options);
                     app.Use(async (context, next) =>
                     {
                         var req = context.Request;
@@ -434,9 +430,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
                 .ConfigureServices(services =>
                 {
                     services.AddAuthentication();
-                    services.Configure<SharedAuthenticationOptions>(options =>
+                    services.Configure<SharedAuthenticationOptions>(authOptions =>
                     {
-                        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        authOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     });
                 });
             return new TestServer(builder);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index db77d7f5ff..2d00d617de 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -20,19 +20,19 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new TwitterOptions
                 {
-                    options.ConsumerKey = "Test Consumer Key";
-                    options.ConsumerSecret = "Test Consumer Secret";
-                    options.Events = new TwitterEvents
+                    ConsumerKey = "Test Consumer Key",
+                    ConsumerSecret = "Test Consumer Secret",
+                    Events = new TwitterEvents
                     {
                         OnRedirectToAuthorizationEndpoint = context =>
                         {
                             context.Response.Redirect(context.RedirectUri + "&custom=test");
                             return Task.FromResult(0);
                         }
-                    };
-                    options.BackchannelHttpHandler = new TestHttpMessageHandler
+                    },
+                    BackchannelHttpHandler = new TestHttpMessageHandler
                     {
                         Sender = req =>
                         {
@@ -48,7 +48,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                             }
                             return null;
                         }
-                    };
+                    }
                 },
                 context => 
                 {
@@ -65,10 +65,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [Fact]
         public async Task BadSignInWillThrow()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new TwitterOptions
             {
-                options.ConsumerKey = "Test Consumer Key";
-                options.ConsumerSecret = "Test Consumer Secret";
+                ConsumerKey = "Test Consumer Key",
+                ConsumerSecret = "Test Consumer Secret"
             });
 
             // Send a bogus sign in
@@ -79,10 +79,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [Fact]
         public async Task SignInThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new TwitterOptions
             {
-                options.ConsumerKey = "Test Consumer Key";
-                options.ConsumerSecret = "Test Consumer Secret";
+                ConsumerKey = "Test Consumer Key",
+                ConsumerSecret = "Test Consumer Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -91,10 +91,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [Fact]
         public async Task SignOutThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new TwitterOptions
             {
-                options.ConsumerKey = "Test Consumer Key";
-                options.ConsumerSecret = "Test Consumer Secret";
+                ConsumerKey = "Test Consumer Key",
+                ConsumerSecret = "Test Consumer Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -103,10 +103,10 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [Fact]
         public async Task ForbidThrows()
         {
-            var server = CreateServer(options =>
+            var server = CreateServer(new TwitterOptions
             {
-                options.ConsumerKey = "Test Consumer Key";
-                options.ConsumerSecret = "Test Consumer Secret";
+                ConsumerKey = "Test Consumer Key",
+                ConsumerSecret = "Test Consumer Secret"
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -116,11 +116,11 @@ namespace Microsoft.AspNet.Authentication.Twitter
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
-            var server = CreateServer(options =>
-                {
-                    options.ConsumerKey = "Test Consumer Key";
-                    options.ConsumerSecret = "Test Consumer Secret";
-                    options.BackchannelHttpHandler = new TestHttpMessageHandler
+            var server = CreateServer(new TwitterOptions
+            {
+                    ConsumerKey = "Test Consumer Key",
+                    ConsumerSecret = "Test Consumer Secret",
+                    BackchannelHttpHandler = new TestHttpMessageHandler
                     {
                         Sender = req =>
                         {
@@ -136,7 +136,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
                             }
                             return null;
                         }
-                    };
+                    }
                 },
                 context =>
                 {
@@ -150,16 +150,16 @@ namespace Microsoft.AspNet.Authentication.Twitter
             Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
         }
 
-        private static TestServer CreateServer(Action<TwitterOptions> configure, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(TwitterOptions options, Func<HttpContext, bool> handler = null)
         {
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options =>
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
                     {
-                        options.AuthenticationScheme = "External";
+                        AuthenticationScheme = "External"
                     });
-                    app.UseTwitterAuthentication(configure);
+                    app.UseTwitterAuthentication(options);
                     app.Use(async (context, next) =>
                     {
                         var req = context.Request;
@@ -185,9 +185,9 @@ namespace Microsoft.AspNet.Authentication.Twitter
                 .ConfigureServices(services =>
                 {
                     services.AddAuthentication();
-                    services.Configure<SharedAuthenticationOptions>(options =>
+                    services.Configure<SharedAuthenticationOptions>(authOptions =>
                     {
-                        options.SignInScheme = "External";
+                        authOptions.SignInScheme = "External";
                     });
                 });
             return new TestServer(builder);
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index f2b28f6aba..902bf17cea 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -19,6 +19,7 @@ namespace Microsoft.AspNet.Authorization.Test
             var services = new ServiceCollection();
             services.AddAuthorization();
             services.AddLogging();
+            services.AddOptions();
             if (setupServices != null)
             {
                 setupServices(services);
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
index 4b798c5613..d0639e627d 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
@@ -36,7 +36,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         public async Task SecureAlwaysSetsSecure()
         {
             await RunTest("/secureAlways",
-                options => options.Secure = SecurePolicy.Always,
+                new CookiePolicyOptions
+                {
+                    Secure = SecurePolicy.Always
+                },
                 SecureCookieAppends,
                 new RequestTest("http://example.com/secureAlways",
                 transaction =>
@@ -53,7 +56,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         public async Task SecureNoneLeavesSecureUnchanged()
         {
             await RunTest("/secureNone",
-                options => options.Secure = SecurePolicy.None,
+                new CookiePolicyOptions
+                {
+                    Secure = SecurePolicy.None
+                },
                 SecureCookieAppends,
                 new RequestTest("http://example.com/secureNone",
                 transaction =>
@@ -71,7 +77,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         public async Task SecureSameUsesRequest()
         {
             await RunTest("/secureSame",
-                options => options.Secure = SecurePolicy.SameAsRequest,
+                new CookiePolicyOptions
+                {
+                    Secure = SecurePolicy.SameAsRequest
+                },
                 SecureCookieAppends,
                 new RequestTest("http://example.com/secureSame",
                 transaction =>
@@ -97,7 +106,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         public async Task HttpOnlyAlwaysSetsItAlways()
         {
             await RunTest("/httpOnlyAlways",
-                options => options.HttpOnly = HttpOnlyPolicy.Always,
+                new CookiePolicyOptions
+                {
+                    HttpOnly = HttpOnlyPolicy.Always
+                },
                 HttpCookieAppends,
                 new RequestTest("http://example.com/httpOnlyAlways",
                 transaction =>
@@ -114,7 +126,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         public async Task HttpOnlyNoneLeavesItAlone()
         {
             await RunTest("/httpOnlyNone",
-                options => options.HttpOnly = HttpOnlyPolicy.None,
+                new CookiePolicyOptions
+                {
+                    HttpOnly = HttpOnlyPolicy.None
+                },
                 HttpCookieAppends,
                 new RequestTest("http://example.com/httpOnlyNone",
                 transaction =>
@@ -133,7 +148,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookiePolicy(options => options.OnAppendCookie = ctx => ctx.CookieName = ctx.CookieValue = "Hao");
+                    app.UseCookiePolicy(new CookiePolicyOptions
+                    {
+                        OnAppendCookie = ctx => ctx.CookieName = ctx.CookieValue = "Hao"
+                    });
                     app.Run(context =>
                     {
                         context.Response.Cookies.Append("A", "A");
@@ -160,7 +178,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
             {
-                app.UseCookiePolicy(options => options.OnDeleteCookie = ctx => ctx.CookieName = "A");
+                app.UseCookiePolicy(new CookiePolicyOptions
+                {
+                    OnDeleteCookie = ctx => ctx.CookieName = "A"
+                });
                 app.Run(context =>
                 {
                     context.Response.Cookies.Delete("A");
@@ -190,7 +211,10 @@ namespace Microsoft.AspNet.CookiePolicy.Test
                     context.Features.Set<IResponseCookiesFeature>(new TestCookieFeature());
                     return next(context);
                 });
-                app.UseCookiePolicy(options => options.OnDeleteCookie = ctx => ctx.CookieName = "A");
+                app.UseCookiePolicy(new CookiePolicyOptions
+                {
+                    OnDeleteCookie = ctx => ctx.CookieName = "A"
+                });
                 app.Run(context =>
                 {
                     Assert.Throws<NotImplementedException>(() => context.Response.Cookies.Delete("A"));
@@ -254,7 +278,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
 
         private async Task RunTest(
             string path, 
-            Action<CookiePolicyOptions> configureCookiePolicy,
+            CookiePolicyOptions cookiePolicy,
             RequestDelegate configureSetup,
             params RequestTest[] tests)
         {
@@ -263,7 +287,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             {
                 app.Map(path, map =>
                 {
-                    map.UseCookiePolicy(configureCookiePolicy);
+                    map.UseCookiePolicy(cookiePolicy);
                     map.Run(configureSetup);
                 });
             });
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index 9ef81bc7f5..c7645a2874 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -38,7 +38,7 @@ namespace Microsoft.Owin.Security.Interop
             {
                 app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
 
-                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
                 {
                     TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector))
                 });
@@ -55,7 +55,10 @@ namespace Microsoft.Owin.Security.Interop
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
+                    app.UseCookieAuthentication(new AspNet.Builder.CookieAuthenticationOptions
+                    {
+                        DataProtectionProvider = dataProtection
+                    });
                     app.Run(async context => 
                     {
                         var result = await context.Authentication.AuthenticateAsync("Cookies");
@@ -88,7 +91,10 @@ namespace Microsoft.Owin.Security.Interop
             var builder = new WebApplicationBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options => options.DataProtectionProvider = dataProtection);
+                    app.UseCookieAuthentication(new AspNet.Builder.CookieAuthenticationOptions
+                    {
+                        DataProtectionProvider = dataProtection
+                    });
                     app.Run(context => context.Authentication.SignInAsync("Cookies", user));
                 })
                 .ConfigureServices(services => services.AddAuthentication());
@@ -100,7 +106,7 @@ namespace Microsoft.Owin.Security.Interop
             {
                 app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
 
-                app.UseCookieAuthentication(new CookieAuthenticationOptions
+                app.UseCookieAuthentication(new Owin.Security.Cookies.CookieAuthenticationOptions
                 {
                     TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector))
                 });

From 197a2aa3fa14bf97f0b8e89ba85acf87dd08cd4b Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 12 Jan 2016 15:41:35 -0800
Subject: [PATCH 444/900] React to Hosting API change.

---
 samples/CookieSample/Startup.cs                     | 1 +
 samples/CookieSessionSample/Startup.cs              | 1 +
 samples/JwtBearerSample/Startup.cs                  | 1 +
 samples/OpenIdConnectSample/Startup.cs              | 1 +
 samples/SocialSample/Properties/launchSettings.json | 1 +
 samples/SocialSample/Startup.cs                     | 2 +-
 6 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index b3327ac81c..64376e26e9 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -46,6 +46,7 @@ namespace CookieSample
         {
             var application = new WebApplicationBuilder()
                 .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 6160f56b95..d9504d942a 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -56,6 +56,7 @@ namespace CookieSessionSample
         {
             var application = new WebApplicationBuilder()
                 .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index db91629bcf..abfd83735f 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -116,6 +116,7 @@ namespace JwtBearerSample
         {
             var application = new WebApplicationBuilder()
                 .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index bf4a4bc759..50452d1730 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -69,6 +69,7 @@ namespace OpenIdConnectSample
         {
             var application = new WebApplicationBuilder()
                 .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index b10006b86c..15c91efdcb 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -10,6 +10,7 @@
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
+      "launchBrowser": true,
       "environmentVariables": {
         "ASPNET_ENV": "Development"
       }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 65067ada8e..e466c019d4 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -6,7 +6,6 @@ using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.Facebook;
 using Microsoft.AspNet.Authentication.Google;
 using Microsoft.AspNet.Authentication.MicrosoftAccount;
 using Microsoft.AspNet.Authentication.OAuth;
@@ -328,6 +327,7 @@ namespace CookieSample
         {
             var application = new WebApplicationBuilder()
                 .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+                .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 

From 2e1a8b31cd0c520ffd69ba7818313ae9a9f688a4 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 15 Jan 2016 14:47:33 -0800
Subject: [PATCH 445/900] Rename Delegate => AssertionRequirement

And moar sugar...
---
 .../AuthorizationPolicyBuilder.cs             | 13 +++++---
 .../Infrastructure/AssertionRequirement.cs    | 33 +++++++++++++++++++
 .../Infrastructure/DelegateRequirement.cs     | 22 -------------
 .../DefaultAuthorizationServiceTests.cs       |  4 +--
 4 files changed, 44 insertions(+), 28 deletions(-)
 create mode 100644 src/Microsoft.AspNet.Authorization/Infrastructure/AssertionRequirement.cs
 delete mode 100644 src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs

diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
index a0378f9c15..053ff49605 100644
--- a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
@@ -123,14 +123,19 @@ namespace Microsoft.AspNet.Authorization
             return this;
         }
 
-        public AuthorizationPolicyBuilder RequireDelegate(Action<AuthorizationContext, DelegateRequirement> handler)
+        /// <summary>
+        /// Requires that this Function returns true
+        /// </summary>
+        /// <param name="assert">Function that must return true</param>
+        /// <returns></returns>
+        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationContext, bool> assert)
         {
-            if (handler == null)
+            if (assert == null)
             {
-                throw new ArgumentNullException(nameof(handler));
+                throw new ArgumentNullException(nameof(assert));
             }
 
-            Requirements.Add(new DelegateRequirement(handler));
+            Requirements.Add(new AssertionRequirement(assert));
             return this;
         }
 
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/AssertionRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/AssertionRequirement.cs
new file mode 100644
index 0000000000..b0eb44cf9b
--- /dev/null
+++ b/src/Microsoft.AspNet.Authorization/Infrastructure/AssertionRequirement.cs
@@ -0,0 +1,33 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNet.Authorization.Infrastructure
+{
+    public class AssertionRequirement : AuthorizationHandler<AssertionRequirement>, IAuthorizationRequirement
+    {
+        /// <summary>
+        /// Function that is called to handle this requirement
+        /// </summary>
+        public Func<AuthorizationContext, bool> Handler { get; }
+
+        public AssertionRequirement(Func<AuthorizationContext, bool> assert)
+        {
+            if (assert == null)
+            {
+                throw new ArgumentNullException(nameof(assert));
+            }
+
+            Handler = assert;
+        }
+
+        protected override void Handle(AuthorizationContext context, AssertionRequirement requirement)
+        {
+            if (Handler(context))
+            {
+                context.Succeed(requirement);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs b/src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs
deleted file mode 100644
index 834060bb64..0000000000
--- a/src/Microsoft.AspNet.Authorization/Infrastructure/DelegateRequirement.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNet.Authorization.Infrastructure
-{
-    public class DelegateRequirement : AuthorizationHandler<DelegateRequirement>, IAuthorizationRequirement
-    {
-        public Action<AuthorizationContext, DelegateRequirement> Handler { get; }
-
-        public DelegateRequirement(Action<AuthorizationContext, DelegateRequirement> handleMe)
-        {
-            Handler = handleMe;
-        }
-
-        protected override void Handle(AuthorizationContext context, DelegateRequirement requirement)
-        {
-            Handler(context, requirement);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 902bf17cea..fc4377aebe 100644
--- a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -905,13 +905,13 @@ namespace Microsoft.AspNet.Authorization.Test
         }
 
         [Fact]
-        public async Task CanAuthorizeWithDelegateRequirement()
+        public async Task CanAuthorizeWithAssertionRequirement()
         {
             var authorizationService = BuildAuthorizationService(services =>
             {
                 services.AddAuthorization(options =>
                 {
-                    options.AddPolicy("Basic", policy => policy.RequireDelegate((context, req) => context.Succeed(req)));
+                    options.AddPolicy("Basic", policy => policy.RequireAssertion(context => true));
                 });
             });
             var user = new ClaimsPrincipal();

From 10fdfcc5c8b9703801cda59618e84c467bc5d30e Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Tue, 12 Jan 2016 11:05:17 -0800
Subject: [PATCH 446/900] Build with dotnet

---
 .gitattributes                                |  1 +
 .gitignore                                    |  2 +
 .travis.yml                                   |  8 ++-
 appveyor.yml                                  |  2 +-
 build.cmd                                     | 68 +++++++++----------
 build.sh                                      | 42 ++++++------
 makefile.shade                                |  7 --
 .../project.json                              | 25 +++++--
 .../project.json                              | 22 ++++--
 .../project.json                              | 27 ++++++--
 .../project.json                              | 17 +++--
 11 files changed, 134 insertions(+), 87 deletions(-)
 delete mode 100644 makefile.shade

diff --git a/.gitattributes b/.gitattributes
index bdaa5ba982..97b827b758 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -48,3 +48,4 @@
 *.fsproj text=auto
 *.dbproj text=auto
 *.sln text=auto eol=crlf
+*.sh eol=lf
diff --git a/.gitignore b/.gitignore
index ac82da7568..a2eb01c895 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,5 @@ nuget.exe
 *.ipch
 *.sln.ide
 project.lock.json
+.build/
+.testPublish/
diff --git a/.travis.yml b/.travis.yml
index c0befaffcf..bf811dc26a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -10,9 +10,11 @@ addons:
     - libssl-dev
     - libunwind8
     - zlib1g
-env:
-  - KOREBUILD_DNU_RESTORE_CORECLR=true KOREBUILD_TEST_DNXCORE=true
 mono:
   - 4.0.5
+os:
+  - linux
+  - osx
+osx_image: xcode7.1
 script:
-  - ./build.sh --quiet verify
+  - ./build.sh verify
\ No newline at end of file
diff --git a/appveyor.yml b/appveyor.yml
index 636a7618d3..3fab83e134 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,7 +1,7 @@
 init:
   - git config --global core.autocrlf true
 build_script:
-  - build.cmd --quiet verify
+  - build.cmd verify
 clone_depth: 1
 test: off
 deploy: off
\ No newline at end of file
diff --git a/build.cmd b/build.cmd
index 553e3929a0..ebb619e737 100644
--- a/build.cmd
+++ b/build.cmd
@@ -1,40 +1,40 @@
-@echo off
-cd %~dp0
-
+@ECHO off
 SETLOCAL
+
+SET REPO_FOLDER=%~dp0
+CD %REPO_FOLDER%
+
+SET BUILD_FOLDER=.build
+SET KOREBUILD_FOLDER=%BUILD_FOLDER%\KoreBuild-dotnet
+SET KOREBUILD_VERSION=
+
+SET NUGET_PATH=%BUILD_FOLDER%\NuGet.exe
 SET NUGET_VERSION=latest
 SET CACHED_NUGET=%LocalAppData%\NuGet\nuget.%NUGET_VERSION%.exe
-SET BUILDCMD_KOREBUILD_VERSION=
-SET BUILDCMD_DNX_VERSION=
 
-IF EXIST %CACHED_NUGET% goto copynuget
-echo Downloading latest version of NuGet.exe...
-IF NOT EXIST %LocalAppData%\NuGet md %LocalAppData%\NuGet
-@powershell -NoProfile -ExecutionPolicy unrestricted -Command "$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest 'https://dist.nuget.org/win-x86-commandline/%NUGET_VERSION%/nuget.exe' -OutFile '%CACHED_NUGET%'"
-
-:copynuget
-IF EXIST .nuget\nuget.exe goto restore
-md .nuget
-copy %CACHED_NUGET% .nuget\nuget.exe > nul
-
-:restore
-IF EXIST packages\Sake goto getdnx
-IF "%BUILDCMD_KOREBUILD_VERSION%"=="" (
-    .nuget\nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
-) ELSE (
-    .nuget\nuget.exe install KoreBuild -version %BUILDCMD_KOREBUILD_VERSION% -ExcludeVersion -o packages -nocache -pre
-)
-.nuget\NuGet.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
-
-:getdnx
-IF "%BUILDCMD_DNX_VERSION%"=="" (
-    SET BUILDCMD_DNX_VERSION=latest
-)
-IF "%SKIP_DNX_INSTALL%"=="" (
-    CALL packages\KoreBuild\build\dnvm install %BUILDCMD_DNX_VERSION% -runtime CoreCLR -arch x86 -alias default
-    CALL packages\KoreBuild\build\dnvm install default -runtime CLR -arch x86 -alias default
-) ELSE (
-    CALL packages\KoreBuild\build\dnvm use default -runtime CLR -arch x86
+IF NOT EXIST %BUILD_FOLDER% (
+    md %BUILD_FOLDER%
 )
 
-packages\Sake\tools\Sake.exe -I packages\KoreBuild\build -f makefile.shade %*
+IF NOT EXIST %NUGET_PATH% (
+    IF NOT EXIST %CACHED_NUGET% (
+        echo Downloading latest version of NuGet.exe...
+        IF NOT EXIST %LocalAppData%\NuGet ( 
+            md %LocalAppData%\NuGet
+        )
+        @powershell -NoProfile -ExecutionPolicy unrestricted -Command "$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest 'https://dist.nuget.org/win-x86-commandline/%NUGET_VERSION%/nuget.exe' -OutFile '%CACHED_NUGET%'"
+    )
+
+    copy %CACHED_NUGET% %NUGET_PATH% > nul
+)
+
+IF NOT EXIST %KOREBUILD_FOLDER% (
+    SET KOREBUILD_DOWNLOAD_ARGS=
+    IF NOT "%KOREBUILD_VERSION%"=="" (
+        SET KOREBUILD_DOWNLOAD_ARGS=-version %KOREBUILD_VERSION%
+    )
+    
+    %BUILD_FOLDER%\nuget.exe install KoreBuild-dotnet -ExcludeVersion -o %BUILD_FOLDER% -nocache -pre %KOREBUILD_DOWNLOAD_ARGS%
+)
+
+"%KOREBUILD_FOLDER%\build\KoreBuild.cmd" %*
diff --git a/build.sh b/build.sh
index da4e3fcd1c..263fb667a8 100755
--- a/build.sh
+++ b/build.sh
@@ -1,5 +1,10 @@
 #!/usr/bin/env bash
 
+buildFolder=.build
+koreBuildFolder=$buildFolder/KoreBuild-dotnet
+
+nugetPath=$buildFolder/nuget.exe
+
 if test `uname` = Darwin; then
     cachedir=~/Library/Caches/KBuild
 else
@@ -11,33 +16,30 @@ else
 fi
 mkdir -p $cachedir
 nugetVersion=latest
-cachePath=$cachedir/nuget.$nugetVersion.exe
+cacheNuget=$cachedir/nuget.$nugetVersion.exe
 
-url=https://dist.nuget.org/win-x86-commandline/$nugetVersion/nuget.exe
+nugetUrl=https://dist.nuget.org/win-x86-commandline/$nugetVersion/nuget.exe
 
-if test ! -f $cachePath; then
-    wget -O $cachePath $url 2>/dev/null || curl -o $cachePath --location $url /dev/null
+if test ! -d $buildFolder; then
+    mkdir $buildFolder
 fi
 
-if test ! -e .nuget; then
-    mkdir .nuget
-    cp $cachePath .nuget/nuget.exe
+if test ! -f $nugetPath; then
+    if test ! -f $cacheNuget; then
+        wget -O $cacheNuget $nugetUrl 2>/dev/null || curl -o $cacheNuget --location $nugetUrl /dev/null
+    fi
+
+    cp $cacheNuget $nugetPath
 fi
 
-if test ! -d packages/Sake; then
-    mono .nuget/nuget.exe install KoreBuild -ExcludeVersion -o packages -nocache -pre
-    mono .nuget/nuget.exe install Sake -ExcludeVersion -Source https://www.nuget.org/api/v2/ -Out packages
+if test ! -d $koreBuildFolder; then
+    mono $nugetPath install KoreBuild-dotnet -ExcludeVersion -o $buildFolder -nocache -pre
+    chmod +x $koreBuildFolder/build/KoreBuild.sh
 fi
 
-if ! type dnvm > /dev/null 2>&1; then
-    source packages/KoreBuild/build/dnvm.sh
+makeFile=makefile.shade
+if [ ! -e $makeFile ]; then
+    makeFile=$koreBuildFolder/build/makefile.shade
 fi
 
-if ! type dnx > /dev/null 2>&1 || [ -z "$SKIP_DNX_INSTALL" ]; then
-    dnvm install latest -runtime coreclr -alias default
-    dnvm install default -runtime mono -alias default
-else
-    dnvm use default -runtime mono
-fi
-
-mono packages/Sake/tools/Sake.exe -I packages/KoreBuild/build -f makefile.shade "$@"
+./$koreBuildFolder/build/KoreBuild.sh -n $nugetPath -m $makeFile "$@"
diff --git a/makefile.shade b/makefile.shade
deleted file mode 100644
index 562494d144..0000000000
--- a/makefile.shade
+++ /dev/null
@@ -1,7 +0,0 @@
-
-var VERSION='0.1'
-var FULL_VERSION='0.1'
-var AUTHORS='Microsoft Open Technologies, Inc.'
-
-use-standard-lifecycle
-k-standard-goals
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNet.Authentication.Test/project.json
index af0759d42b..f9a5e1f3ee 100644
--- a/test/Microsoft.AspNet.Authentication.Test/project.json
+++ b/test/Microsoft.AspNet.Authentication.Test/project.json
@@ -12,13 +12,26 @@
     "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
     "Microsoft.AspNet.Testing": "1.0.0-*",
-    "xunit.runner.aspnet": "2.0.0-aspnet-*"
-  },
-  "commands": {
-    "test": "xunit.runner.aspnet"
+    "xunit": "2.1.0"
   },
   "frameworks": {
-    "dnx451": { },
-    "dnxcore50": { }
+    "dnx451": {
+     "frameworkAssemblies": {
+        "System.Runtime": "",
+        "System.Threading.Tasks": ""
+      },
+      "dependencies": {
+        "xunit.runner.console": "2.1.0"
+      }
+    },
+    "dnxcore50": { 
+      "dependencies": {
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
+      }
+    }
+  },
+  "testRunner": "xunit",
+  "commands": {
+    "test": "xunit.runner.aspnet"
   }
 }
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNet.Authorization.Test/project.json
index 7bbe7ed75b..1fa1347e16 100644
--- a/test/Microsoft.AspNet.Authorization.Test/project.json
+++ b/test/Microsoft.AspNet.Authorization.Test/project.json
@@ -5,15 +5,27 @@
   "dependencies": {
     "Microsoft.AspNet.Authorization": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
-    "xunit.runner.aspnet": "2.0.0-aspnet-*"
-  },
-  "commands": {
-    "test": "xunit.runner.aspnet"
+    "Microsoft.Extensions.Logging": "1.0.0-*",
+    "xunit": "2.1.0"
   },
   "frameworks": {
     "dnx451": {
+     "frameworkAssemblies": {
+        "System.Runtime": "",
+        "System.Threading.Tasks": ""
+      },
+      "dependencies": {
+        "xunit.runner.console": "2.1.0"
+      }
     },
-    "dnxcore50": {
+    "dnxcore50": { 
+      "dependencies": {
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
+      }
     }
+  },
+  "testRunner": "xunit",
+  "commands": {
+    "test": "xunit.runner.aspnet"
   }
 }
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/project.json b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
index 509e749160..66d7c743f4 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/project.json
@@ -6,13 +6,28 @@
     "Microsoft.AspNet.CookiePolicy": "1.0.0-*",
     "Microsoft.AspNet.TestHost": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
-    "xunit.runner.aspnet": "2.0.0-aspnet-*"
-  },
-  "commands": {
-    "test": "xunit.runner.aspnet"
+    "xunit": "2.1.0"
   },
   "frameworks": {
-    "dnx451": { },
-    "dnxcore50": { }
+    "dnx451": {
+     "frameworkAssemblies": {
+        "System.Runtime": "",
+        "System.Threading.Tasks": "",
+        "System.Xml.Linq": ""
+      },
+      "dependencies": {
+        "xunit.runner.console": "2.1.0"
+      }
+    },
+    "dnxcore50": { 
+      "dependencies": {
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
+      }
+    }
+  },
+  "testRunner": "xunit",
+  "commands": {
+    "test": "xunit.runner.aspnet"
   }
+
 }
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index 585c87aa16..e4af613d9e 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -8,12 +8,19 @@
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.0.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
-    "xunit.runner.aspnet": "2.0.0-aspnet-*"
-  },
-  "commands": {
-    "test": "xunit.runner.aspnet"
+    "xunit": "2.1.0",
+    "xunit.runner.console": "2.1.0"
   },
   "frameworks": {
-    "dnx451": { }
+    "dnx451": {
+     "frameworkAssemblies": {
+        "System.Runtime": "",
+        "System.Threading.Tasks": ""
+      }
+    }
+  },
+  "testRunner": "xunit",
+  "commands": {
+    "test": "xunit.runner.aspnet"
   }
 }

From 0f9875df0a43f1a84fbf113341cac636d547c283 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Sun, 17 Jan 2016 17:09:38 -0800
Subject: [PATCH 447/900] Reacting to hosting rename

---
 .gitignore                                    |  1 +
 samples/CookieSample/Startup.cs               |  6 ++---
 samples/CookieSessionSample/Startup.cs        |  6 ++---
 samples/JwtBearerSample/Startup.cs            |  6 ++---
 samples/OpenIdConnectSample/Startup.cs        |  6 ++---
 samples/SocialSample/Startup.cs               |  6 ++---
 .../Cookies/CookieMiddlewareTests.cs          | 26 +++++++++----------
 .../Facebook/FacebookMiddlewareTests.cs       |  2 +-
 .../Google/GoogleMiddlewareTests.cs           |  2 +-
 .../JwtBearer/JwtBearerMiddlewareTests.cs     |  2 +-
 .../MicrosoftAccountMiddlewareTests.cs        |  2 +-
 .../OpenIdConnectHandlerTests.cs              |  2 +-
 .../OpenIdConnectMiddlewareTests.cs           |  2 +-
 .../Twitter/TwitterMiddlewareTests.cs         |  2 +-
 .../CookiePolicyTests.cs                      |  8 +++---
 .../CookieInteropTests.cs                     |  4 +--
 16 files changed, 42 insertions(+), 41 deletions(-)

diff --git a/.gitignore b/.gitignore
index a2eb01c895..0f91ad1208 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,4 @@ nuget.exe
 project.lock.json
 .build/
 .testPublish/
+/.vs/
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 64376e26e9..a1a5d5bbc1 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -44,13 +44,13 @@ namespace CookieSample
 
         public static void Main(string[] args)
         {
-            var application = new WebApplicationBuilder()
-                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+            var host = new WebHostBuilder()
+                .UseDefaultConfiguration(args)
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
-            application.Run();
+            host.Run();
         }
     }
 }
\ No newline at end of file
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index d9504d942a..6c6c6f3606 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -54,13 +54,13 @@ namespace CookieSessionSample
 
         public static void Main(string[] args)
         {
-            var application = new WebApplicationBuilder()
-                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+            var host = new WebHostBuilder()
+                .UseDefaultConfiguration(args)
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
-            application.Run();
+            host.Run();
         }
     }
 }
\ No newline at end of file
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index abfd83735f..4ef2f6610e 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -114,13 +114,13 @@ namespace JwtBearerSample
         // Entry point for the application.
         public static void Main(string[] args)
         {
-            var application = new WebApplicationBuilder()
-                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+            var host = new WebHostBuilder()
+                .UseDefaultConfiguration(args)
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
-            application.Run();
+            host.Run();
         }
     }
 }
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 50452d1730..1d40a0a92f 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -67,13 +67,13 @@ namespace OpenIdConnectSample
 
         public static void Main(string[] args)
         {
-            var application = new WebApplicationBuilder()
-                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+            var host = new WebHostBuilder()
+                .UseDefaultConfiguration(args)
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
-            application.Run();
+            host.Run();
         }
     }
 }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index e466c019d4..2641725df9 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -325,13 +325,13 @@ namespace CookieSample
 
         public static void Main(string[] args)
         {
-            var application = new WebApplicationBuilder()
-                .UseConfiguration(WebApplicationConfiguration.GetDefault(args))
+            var host = new WebHostBuilder()
+                .UseDefaultConfiguration(args)
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
 
-            application.Run();
+            host.Run();
         }
     }
 }
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 7827566a9f..e6fc0d709b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -854,7 +854,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectChallenge()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -878,7 +878,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task ChallengeDoesNotSet401OnUnauthorized()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication();
@@ -897,7 +897,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task UseCookieWithInstanceDoesntUseSharedOptions()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -919,7 +919,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWithSignInOnlyRedirectToReturnUrlOnLoginPath()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -940,7 +940,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectSignInRedirectToReturnUrl()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -965,7 +965,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWithSignOutOnlyRedirectToReturnUrlOnLogoutPath()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -985,7 +985,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectSignOutRedirectToReturnUrl()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -1009,7 +1009,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task MapWillNotAffectAccessDenied()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -1031,7 +1031,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task NestedMapWillNotAffectLogin()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                     app.Map("/base", map =>
                     {
@@ -1055,7 +1055,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         [Fact]
         public async Task NestedMapWillNotAffectAccessDenied()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                     app.Map("/base", map =>
                     {
@@ -1080,7 +1080,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         {
 
             var dp = new NoOpDataProtector();
-            var builder1 = new WebApplicationBuilder()
+            var builder1 = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -1099,7 +1099,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
             var transaction = await SendAsync(server1, "http://example.com/stuff");
             Assert.NotNull(transaction.SetCookie);
 
-            var builder2 = new WebApplicationBuilder()
+            var builder2 = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -1162,7 +1162,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
 
         private static TestServer CreateServer(CookieAuthenticationOptions options, Func<HttpContext, Task> testpath = null, Uri baseAddress = null, ClaimsTransformationOptions claimsTransform = null)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(options);
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 95dcb2e5b7..764b63a15a 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -229,7 +229,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     if (configure != null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 6a6f028282..29cc78403c 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -757,7 +757,7 @@ namespace Microsoft.AspNet.Authentication.Google
 
         private static TestServer CreateServer(GoogleOptions options, Func<HttpContext, Task> testpath = null)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 2732d0caaa..6ff7751a93 100644
--- a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -535,7 +535,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
 
         private static TestServer CreateServer(JwtBearerOptions options, Func<HttpContext, bool> handler = null)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     if (options != null)
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 29f6e0edcc..6d41f5a7a6 100644
--- a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -174,7 +174,7 @@ namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
 
         private static TestServer CreateServer(MicrosoftAccountOptions options)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
index 0166c13e48..fa49055391 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
@@ -98,7 +98,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         private static TestServer CreateServer(OpenIdConnectOptions options, UrlEncoder encoder, OpenIdConnectHandler handler = null)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(Options.Create(options), encoder, handler);
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 992f7b9c90..6661eeb542 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -377,7 +377,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
 
         private static TestServer CreateServer(OpenIdConnectOptions options, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 2d00d617de..173de5a82b 100644
--- a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -152,7 +152,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
 
         private static TestServer CreateServer(TwitterOptions options, Func<HttpContext, bool> handler = null)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new CookieAuthenticationOptions
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
index d0639e627d..f8529e0191 100644
--- a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
@@ -145,7 +145,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         [Fact]
         public async Task CookiePolicyCanHijackAppend()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookiePolicy(new CookiePolicyOptions
@@ -175,7 +175,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         [Fact]
         public async Task CookiePolicyCanHijackDelete()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
             {
                 app.UseCookiePolicy(new CookiePolicyOptions
@@ -203,7 +203,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
         [Fact]
         public async Task CookiePolicyCallsCookieFeature()
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
             {
                 app.Use(next => context =>
@@ -282,7 +282,7 @@ namespace Microsoft.AspNet.CookiePolicy.Test
             RequestDelegate configureSetup,
             params RequestTest[] tests)
         {
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
             {
                 app.Map(path, map =>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index c7645a2874..996e181607 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -52,7 +52,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var transaction = await SendAsync(interopServer, "http://example.com");
 
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new AspNet.Builder.CookieAuthenticationOptions
@@ -88,7 +88,7 @@ namespace Microsoft.Owin.Security.Interop
                 "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
                 CookieAuthenticationDefaults.AuthenticationType, "v2");
 
-            var builder = new WebApplicationBuilder()
+            var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
                     app.UseCookieAuthentication(new AspNet.Builder.CookieAuthenticationOptions

From de2cb12f5c767a3f08c6081163732324876cd96c Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 21 Jan 2016 17:14:15 -0800
Subject: [PATCH 448/900] OIDC cleanup

---
 samples/OpenIdConnectSample/Startup.cs        |   3 +-
 .../OpenIdConnectHandler.cs                   |  69 ++++++----
 .../OpenIdConnectOptions.cs                   |  19 +--
 .../RemoteAuthenticationOptions.cs            |   4 +-
 ...nIdConnectHandlerForTestingAuthenticate.cs |  40 ------
 .../OpenIdConnectHandlerTests.cs              | 118 ------------------
 ...ConnectMiddlewareForTestingAuthenticate.cs |  45 -------
 .../OpenIdConnect/TestUtilities.cs            |   6 +-
 8 files changed, 65 insertions(+), 239 deletions(-)
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
 delete mode 100644 test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 1d40a0a92f..7c469ef299 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -26,7 +26,8 @@ namespace OpenIdConnectSample
 
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication(sharedOptions => sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
+            services.AddAuthentication(sharedOptions =>
+                sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 12d61e334b..e9f4d3ae00 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -84,21 +84,29 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // 1. properties.Redirect
                 // 2. Options.PostLogoutRedirectUri
                 var properties = new AuthenticationProperties(signout.Properties);
-                if (!string.IsNullOrEmpty(properties.RedirectUri))
+                var logoutRedirectUri = properties.RedirectUri;
+                if (!string.IsNullOrEmpty(logoutRedirectUri))
                 {
-                    message.PostLogoutRedirectUri = properties.RedirectUri;
+                    // Relative to PathBase
+                    if (logoutRedirectUri.StartsWith("/", StringComparison.Ordinal))
+                    {
+                        logoutRedirectUri = BuildRedirectUri(logoutRedirectUri);
+                    }
+                    message.PostLogoutRedirectUri = logoutRedirectUri;
                 }
                 else if (!string.IsNullOrEmpty(Options.PostLogoutRedirectUri))
                 {
-                    message.PostLogoutRedirectUri = Options.PostLogoutRedirectUri;
+                    logoutRedirectUri = Options.PostLogoutRedirectUri;
+                    // Relative to PathBase
+                    if (logoutRedirectUri.StartsWith("/", StringComparison.Ordinal))
+                    {
+                        logoutRedirectUri = BuildRedirectUri(logoutRedirectUri);
+                    }
+                    message.PostLogoutRedirectUri = logoutRedirectUri;
                 }
 
-                if (!string.IsNullOrEmpty(Options.SignInScheme))
-                {
-                    var principal = await Context.Authentication.AuthenticateAsync(Options.SignInScheme);
-
-                    message.IdTokenHint = principal?.FindFirst(OpenIdConnectParameterNames.IdToken)?.Value;
-                }
+                var principal = await Context.Authentication.AuthenticateAsync(Options.SignInScheme);
+                message.IdTokenHint = principal?.FindFirst(OpenIdConnectParameterNames.IdToken)?.Value;
 
                 var redirectContext = new RedirectContext(Context, Options, properties)
                 {
@@ -308,6 +316,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
                 if (!string.IsNullOrEmpty(message.IdToken) || !string.IsNullOrEmpty(message.AccessToken))
                 {
+                    if (Options.SkipUnrecognizedRequests)
+                    {
+                        // Not for us?
+                        return AuthenticateResult.Skip();
+                    }
                     return AuthenticateResult.Fail("An OpenID Connect response cannot contain an " +
                             "identity token or an access token when using response_mode=query");
                 }
@@ -325,6 +338,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
 
             if (message == null)
             {
+                if (Options.SkipUnrecognizedRequests)
+                {
+                    // Not for us?
+                    return AuthenticateResult.Skip();
+                }
                 return AuthenticateResult.Fail("No message.");
             }
 
@@ -344,7 +362,11 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 // Fail if state is missing, it's required for the correlation id.
                 if (string.IsNullOrEmpty(message.State))
                 {
-                    // This wasn't a valid ODIC message, it may not have been intended for us.
+                    // This wasn't a valid OIDC message, it may not have been intended for us.
+                    if (Options.SkipUnrecognizedRequests)
+                    {
+                        return AuthenticateResult.Skip();
+                    }
                     Logger.LogDebug(11, "message.State is null or empty.");
                     return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
                 }
@@ -353,7 +375,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 var properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(message.State));
                 if (properties == null)
                 {
-                    Logger.LogError(12, "Unable to unprotect the message.State.");
+                    if (Options.SkipUnrecognizedRequests)
+                    {
+                        // Not for us?
+                        return AuthenticateResult.Skip();
+                    }
+                    Logger.LogError(12, "Unable to read the message.State.");
                     return AuthenticateResult.Fail(Resources.MessageStateIsInvalid);
                 }
 
@@ -516,7 +543,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             if (Options.SaveTokensAsClaims)
             {
                 // Persist the tokens extracted from the token response.
-                SaveTokens(ticket.Principal, tokenEndpointResponse, saveRefreshToken: true);
+                SaveTokens(ticket.Principal, tokenEndpointResponse, jwt.Issuer, saveRefreshToken: true);
             }
 
             if (Options.GetClaimsFromUserInfoEndpoint)
@@ -582,7 +609,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                 {
                     // TODO: call SaveTokens with the token response and set
                     // saveRefreshToken to true when the hybrid flow is fully implemented.
-                    SaveTokens(ticket.Principal, message, saveRefreshToken: false);
+                    SaveTokens(ticket.Principal, message, jwt.Issuer, saveRefreshToken: false);
                 }
             }
             // Implicit Flow
@@ -594,7 +621,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
                     // response, since it's not a valid parameter when using the implicit flow.
                     // See http://openid.net/specs/openid-connect-core-1_0.html#Authentication
                     // and https://tools.ietf.org/html/rfc6749#section-4.2.2.
-                    SaveTokens(ticket.Principal, message, saveRefreshToken: false);
+                    SaveTokens(ticket.Principal, message, jwt.Issuer, saveRefreshToken: false);
                 }
             }
 
@@ -709,7 +736,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
             {
                 JToken value;
                 var claimValue = user.TryGetValue(pair.Key, out value) ? value.ToString() : null;
-                identity.AddClaim(new Claim(pair.Key, claimValue, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim(pair.Key, claimValue, ClaimValueTypes.String, jwt.Issuer));
             }
 
             return ticket;
@@ -721,38 +748,38 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <param name="principal">The principal in which tokens are saved.</param>
         /// <param name="message">The OpenID Connect response.</param>
         /// <param name="saveRefreshToken">A <see cref="bool"/> indicating whether the refresh token should be stored.</param>
-        private void SaveTokens(ClaimsPrincipal principal, OpenIdConnectMessage message, bool saveRefreshToken)
+        private void SaveTokens(ClaimsPrincipal principal, OpenIdConnectMessage message, string issuer, bool saveRefreshToken)
         {
             var identity = (ClaimsIdentity)principal.Identity;
 
             if (!string.IsNullOrEmpty(message.AccessToken))
             {
                 identity.AddClaim(new Claim(OpenIdConnectParameterNames.AccessToken, message.AccessToken,
-                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+                                            ClaimValueTypes.String, issuer));
             }
 
             if (!string.IsNullOrEmpty(message.IdToken))
             {
                 identity.AddClaim(new Claim(OpenIdConnectParameterNames.IdToken, message.IdToken,
-                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+                                            ClaimValueTypes.String, issuer));
             }
 
             if (saveRefreshToken && !string.IsNullOrEmpty(message.RefreshToken))
             {
                 identity.AddClaim(new Claim(OpenIdConnectParameterNames.RefreshToken, message.RefreshToken,
-                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+                                            ClaimValueTypes.String, issuer));
             }
 
             if (!string.IsNullOrEmpty(message.TokenType))
             {
                 identity.AddClaim(new Claim(OpenIdConnectParameterNames.TokenType, message.TokenType,
-                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+                                            ClaimValueTypes.String, issuer));
             }
 
             if (!string.IsNullOrEmpty(message.ExpiresIn))
             {
                 identity.AddClaim(new Claim(OpenIdConnectParameterNames.ExpiresIn, message.ExpiresIn,
-                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+                                            ClaimValueTypes.String, issuer));
             }
         }
 
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index af7a621de0..cd31e27d01 100644
--- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -48,19 +48,12 @@ namespace Microsoft.AspNet.Builder
         public OpenIdConnectOptions(string authenticationScheme)
         {
             AuthenticationScheme = authenticationScheme;
+            AutomaticChallenge = true;
             DisplayName = OpenIdConnectDefaults.Caption;
             CallbackPath = new PathString("/signin-oidc");
             Events = new OpenIdConnectEvents();
         }
 
-        /// <summary>
-        /// Gets or sets the expected audience for any received JWT token.
-        /// </summary>
-        /// <value>
-        /// The expected audience for any received JWT token.
-        /// </value>
-        public string Audience { get; set; }
-
         /// <summary>
         /// Gets or sets the Authority to use when making OpenIdConnect calls.
         /// </summary>
@@ -141,7 +134,7 @@ namespace Microsoft.AspNet.Builder
         /// <summary>
         /// Gets or sets the method used to redirect the user agent to the identity provider.
         /// </summary>
-        public OpenIdConnectRedirectBehavior AuthenticationMethod { get; set; }
+        public OpenIdConnectRedirectBehavior AuthenticationMethod { get; set; } = OpenIdConnectRedirectBehavior.RedirectGet;
 
         /// <summary>
         /// Gets or sets the 'resource'.
@@ -190,5 +183,13 @@ namespace Microsoft.AspNet.Builder
         /// This is disabled by default.
         /// </summary>
         public bool UseTokenLifetime { get; set; }
+
+        /// <summary>
+        /// Indicates if requests to the CallbackPath may also be for other components. If enabled the middleware will pass
+        /// requests through that do not contain OpenIdConnect authentication responses. Disabling this and setting the
+        /// CallbackPath to a dedicated endpoint may provide better error handling.
+        /// This is disabled by default.
+        /// </summary>
+        public bool SkipUnrecognizedRequests { get; set; } = false;
     }
 }
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
index afaee6c7b1..9392379398 100644
--- a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNet.Builder
     public class RemoteAuthenticationOptions : AuthenticationOptions
     {
         /// <summary>
-        /// Gets or sets timeout value in milliseconds for back channel communications with Twitter.
+        /// Gets or sets timeout value in milliseconds for back channel communications with the remote provider.
         /// </summary>
         /// <value>
         /// The back channel timeout.
@@ -50,7 +50,7 @@ namespace Microsoft.AspNet.Builder
 
         /// <summary>
         /// Defines whether access and refresh tokens should be stored in the
-        /// <see cref="ClaimsPrincipal"/> after a successful authentication.
+        /// <see cref="ClaimsPrincipal"/> after a successful authorization with the remote provider.
         /// This property is set to <c>false</c> by default to reduce
         /// the size of the final authentication cookie.
         /// </summary>
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
deleted file mode 100644
index c0333cb2f4..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerForTestingAuthenticate.cs
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.IdentityModel.Tokens.Jwt;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Newtonsoft.Json.Linq;
-
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
-{
-    /// <summary>
-    ///  Allows for custom processing of ApplyResponseChallenge, ApplyResponseGrant and AuthenticateCore
-    /// </summary>
-    public class OpenIdConnectHandlerForTestingAuthenticate : OpenIdConnectHandler
-    {
-        public OpenIdConnectHandlerForTestingAuthenticate() : base(null, null)
-        {
-        }
-
-        protected override Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
-        {
-            var jsonResponse = new JObject();
-            jsonResponse.Add(OpenIdConnectParameterNames.IdToken, "test token");
-            return Task.FromResult(new OpenIdConnectMessage(jsonResponse));
-        }
-
-        protected override Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)
-        {
-            var claimsIdentity = (ClaimsIdentity)ticket.Principal.Identity;
-            if (claimsIdentity == null)
-            {
-                claimsIdentity = new ClaimsIdentity();
-            }
-            claimsIdentity.AddClaim(new Claim("test claim", "test value"));
-            return Task.FromResult(new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), ticket.Properties, ticket.AuthenticationScheme));
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
deleted file mode 100644
index fa49055391..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
+++ /dev/null
@@ -1,118 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.IdentityModel.Tokens.Jwt;
-using System.Linq;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.TestHost;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Microsoft.IdentityModel.Tokens;
-using Xunit;
-
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
-{
-    /// <summary>
-    /// These tests are designed to test OpenIdConnectAuthenticationHandler.
-    /// </summary>
-    public class OpenIdConnectHandlerTests
-    {
-        private const string nonceForOpenIdConnect = "abc";
-        private static SecurityToken specCompliantOpenIdConnect = new JwtSecurityToken("issuer", "audience", new List<Claim> { new Claim("iat", EpochTime.GetIntDate(DateTime.UtcNow).ToString()), new Claim("nonce", nonceForOpenIdConnect) }, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1));
-        private const string ExpectedStateParameter = "expectedState";
-
-        [Theory, MemberData(nameof(AuthenticateCoreStateDataSet))]
-        public async Task AuthenticateCoreState(OpenIdConnectOptions option, OpenIdConnectMessage message)
-        {
-            var handler = new OpenIdConnectHandlerForTestingAuthenticate();
-            var server = CreateServer(option, UrlEncoder.Default, handler);
-            await server.CreateClient().PostAsync("http://localhost", new FormUrlEncodedContent(message.Parameters.Where(pair => pair.Value != null)));
-        }
-
-        public static TheoryData<OpenIdConnectOptions, OpenIdConnectMessage> AuthenticateCoreStateDataSet
-        {
-            get
-            {
-                var formater = new AuthenticationPropertiesFormaterKeyValue();
-                var properties = new AuthenticationProperties();
-                var dataset = new TheoryData<OpenIdConnectOptions, OpenIdConnectMessage>();
-
-                // expected user state is added to the message.Parameters.Items[ExpectedStateParameter]
-                // Userstate == null
-                var message = new OpenIdConnectMessage();
-                message.State = UrlEncoder.Default.Encode(formater.Protect(properties));
-                message.Code = Guid.NewGuid().ToString();
-                message.Parameters.Add(ExpectedStateParameter, null);
-                dataset.Add(GetStateOptions(), message);
-
-                // Userstate != null
-                message = new OpenIdConnectMessage();
-                properties.Items.Clear();
-                var userstate = Guid.NewGuid().ToString();
-                message.Code = Guid.NewGuid().ToString();
-                properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userstate);
-                message.State = UrlEncoder.Default.Encode(formater.Protect(properties));
-                message.Parameters.Add(ExpectedStateParameter, userstate);
-                dataset.Add(GetStateOptions(), message);
-                return dataset;
-            }
-        }
-
-        // Setup an event to check for expected state.
-        // The state gets set by the runtime after the 'MessageReceivedContext'
-        private static OpenIdConnectOptions GetStateOptions()
-        {
-            var options = new OpenIdConnectOptions();
-            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
-            options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
-            options.ClientId = Guid.NewGuid().ToString();
-            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            options.SignInScheme = "Cookies";
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnTokenResponseReceived = context =>
-                {
-                    context.HandleResponse();
-                    if (context.ProtocolMessage.State == null && !context.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
-                        return Task.FromResult<object>(null);
-
-                    if (context.ProtocolMessage.State == null || !context.ProtocolMessage.Parameters.ContainsKey(ExpectedStateParameter))
-                        Assert.True(false, "(context.ProtocolMessage.State=!= null || !context.ProtocolMessage.Parameters.ContainsKey(expectedState)");
-
-                    Assert.Equal(context.ProtocolMessage.State, context.ProtocolMessage.Parameters[ExpectedStateParameter]);
-                    return Task.FromResult<object>(null);
-                }
-            };
-            return options;
-        }
-
-        private static TestServer CreateServer(OpenIdConnectOptions options, UrlEncoder encoder, OpenIdConnectHandler handler = null)
-        {
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseMiddleware<OpenIdConnectMiddlewareForTestingAuthenticate>(Options.Create(options), encoder, handler);
-                    app.Use(async (context, next) =>
-                    {
-                        await next();
-                    });
-                })
-                .ConfigureServices(services =>
-                {
-                    services.AddWebEncoders();
-                    services.AddDataProtection();
-                });
-            return new TestServer(builder);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
deleted file mode 100644
index c73cf8f942..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareForTestingAuthenticate.cs
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text.Encodings.Web;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
-{
-
-    /// <summary>
-    /// pass a <see cref="OpenIdConnectHandler"/> as the AuthenticationHandler
-    /// configured to handle certain messages.
-    /// </summary>
-    public class OpenIdConnectMiddlewareForTestingAuthenticate : OpenIdConnectMiddleware
-    {
-        OpenIdConnectHandler _handler;
-
-        public OpenIdConnectMiddlewareForTestingAuthenticate(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IServiceProvider services,
-            IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<OpenIdConnectOptions> options,
-            HtmlEncoder htmlEncoder,
-            OpenIdConnectHandler handler = null
-            )
-        : base(next, dataProtectionProvider, loggerFactory, encoder, services, sharedOptions, options, htmlEncoder)
-        {
-            _handler = handler;
-        }
-
-        protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler()
-        {
-            return _handler ?? base.CreateHandler();
-        }
-    }
-}
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
index b5371965ca..e48aa66043 100644
--- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -27,9 +27,9 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
             {
                 return new OpenIdConnectConfiguration()
                 {
-                    AuthorizationEndpoint = @"https://login.windows.net/common/oauth2/authorize",
-                    EndSessionEndpoint = @"https://login.windows.net/common/oauth2/endsessionendpoint",
-                    TokenEndpoint = @"https://login.windows.net/common/oauth2/token",
+                    AuthorizationEndpoint = @"https://login.microsoftonline.com/common/oauth2/authorize",
+                    EndSessionEndpoint = @"https://login.microsoftonline.com/common/oauth2/endsessionendpoint",
+                    TokenEndpoint = @"https://login.microsoftonline.com/common/oauth2/token",
                 };
             }
         }

From ba757d7a458398d3c2a7874b6556e86648f094be Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Fri, 22 Jan 2016 12:16:26 -0800
Subject: [PATCH 449/900] Rename AspNet 5 folders and files.

See https://github.com/aspnet/Announcements/issues/144 for more information.
---
 .../ChunkingCookieManager.cs                        |   0
 .../Constants.cs                                    |   0
 .../CookieAppBuilderExtensions.cs                   |   0
 .../CookieAuthenticationDefaults.cs                 |   0
 .../CookieAuthenticationHandler.cs                  |   0
 .../CookieAuthenticationMiddleware.cs               |   0
 .../CookieAuthenticationOptions.cs                  |   0
 .../CookieSecureOption.cs                           |   0
 .../Events/BaseCookieContext.cs                     |   0
 .../Events/CookieAuthenticationEvents.cs            |   0
 .../Events/CookieRedirectContext.cs                 |   0
 .../Events/CookieSignedInContext.cs                 |   0
 .../Events/CookieSigningInContext.cs                |   0
 .../Events/CookieSigningOutContext.cs               |   0
 .../Events/CookieValidatePrincipalContext.cs        |   0
 .../Events/ICookieAuthenticationEvents.cs           |   0
 .../ICookieManager.cs                               |   0
 .../ITicketStore.cs                                 |   0
 ...crosoft.AspNetCore.Authentication.Cookies.xproj} |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 .../FacebookAppBuilderExtensions.cs                 |   0
 .../FacebookDefaults.cs                             |   0
 .../FacebookHandler.cs                              |   0
 .../FacebookHelper.cs                               |   0
 .../FacebookMiddleware.cs                           |   0
 .../FacebookOptions.cs                              |   0
 ...rosoft.AspNetCore.Authentication.Facebook.xproj} |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 .../GoogleAppBuilderExtensions.cs                   |   0
 .../GoogleDefaults.cs                               |   0
 .../GoogleHandler.cs                                |   0
 .../GoogleHelper.cs                                 |   0
 .../GoogleMiddleware.cs                             |   0
 .../GoogleOptions.cs                                |   0
 ...icrosoft.AspNetCore.Authentication.Google.xproj} |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 .../Events/AuthenticationFailedContext.cs           |   0
 .../Events/BaseJwtBearerContext.cs                  |   0
 .../Events/IJwtBearerEvents.cs                      |   0
 .../Events/JwtBearerChallengeContext.cs             |   0
 .../Events/JwtBearerEvents.cs                       |   0
 .../Events/ReceivedTokenContext.cs                  |   0
 .../Events/ReceivingTokenContext.cs                 |   0
 .../Events/TokenValidatedContext.cs                 |   0
 .../JwtBearerAppBuilderExtensions.cs                |   0
 .../JwtBearerDefaults.cs                            |   0
 .../JwtBearerHandler.cs                             |   0
 .../JwtBearerMiddleware.cs                          |   0
 .../JwtBearerOptions.cs                             |   0
 ...osoft.AspNetCore.Authentication.JwtBearer.xproj} |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 ...spNetCore.Authentication.MicrosoftAccount.xproj} |   0
 .../MicrosoftAccountAppBuilderExtensions.cs         |   0
 .../MicrosoftAccountDefaults.cs                     |   0
 .../MicrosoftAccountHandler.cs                      |   0
 .../MicrosoftAccountHelper.cs                       |   0
 .../MicrosoftAccountMiddleware.cs                   |   0
 .../MicrosoftAccountOptions.cs                      |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 .../Constants.cs                                    |   0
 .../Events/IOAuthEvents.cs                          |   0
 .../Events/OAuthCreatingTicketContext.cs            |   0
 .../Events/OAuthEvents.cs                           |   0
 .../Events/OAuthRedirectToAuthorizationContext.cs   |   0
 ...Microsoft.AspNetCore.Authentication.OAuth.xproj} |   0
 .../OAuthAppBuilderExtensions.cs                    |   0
 .../OAuthHandler.cs                                 |   0
 .../OAuthMiddleware.cs                              |   0
 .../OAuthOptions.cs                                 |   0
 .../OAuthTokenResponse.cs                           |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 .../Events/AuthenticationFailedContext.cs           |   0
 .../Events/AuthenticationValidatedContext.cs        |   0
 .../Events/AuthorizationCodeReceivedContext.cs      |   0
 .../Events/AuthorizationResponseReceivedContext.cs  |   0
 .../Events/BaseOpenIdConnectContext.cs              |   0
 .../Events/IOpenIdConnectEvents.cs                  |   0
 .../Events/MessageReceivedContext.cs                |   0
 .../Events/OpenIdConnectEvents.cs                   |   0
 .../Events/RedirectContext.cs                       |   0
 .../Events/TokenResponseReceivedContext.cs          |   0
 .../Events/UserInformationReceivedContext.cs        |   0
 ...t.AspNetCore.Authentication.OpenIdConnect.xproj} |   0
 .../OpenIdConnectAppBuilderExtensions.cs            |   0
 .../OpenIdConnectDefaults.cs                        |   0
 .../OpenIdConnectHandler.cs                         |   0
 .../OpenIdConnectMiddleware.cs                      |   0
 .../OpenIdConnectOptions.cs                         |   0
 .../OpenIdConnectRedirectBehavior .cs               |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 .../Events/BaseTwitterContext.cs                    |   0
 .../Events/ITwitterEvents.cs                        |   0
 .../Events/TwitterCreatingTicketContext.cs          |   0
 .../Events/TwitterEvents.cs                         |   0
 ...TwitterRedirectToAuthorizationEndpointContext.cs |   0
 .../Messages/AccessToken.cs                         |   0
 .../Messages/RequestToken.cs                        |   0
 .../Messages/RequestTokenSerializer.cs              |   0
 ...crosoft.AspNetCore.Authentication.Twitter.xproj} |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../TwitterAppBuilderExtensions.cs                  |   0
 .../TwitterDefaults.cs                              |   0
 .../TwitterHandler.cs                               |   0
 .../TwitterMiddleware.cs                            |   0
 .../TwitterOptions.cs                               |   0
 .../project.json                                    |   0
 .../AuthenticateResult.cs                           |   0
 .../AuthenticationHandler.cs                        |   0
 .../AuthenticationMiddleware.cs                     |   0
 .../AuthenticationOptions.cs                        |   0
 .../AuthenticationServiceCollectionExtensions.cs    |   0
 .../AuthenticationTicket.cs                         |   0
 .../ClaimsTransformationAppBuilderExtensions.cs     |   0
 .../ClaimsTransformationHandler.cs                  |   0
 .../ClaimsTransformationMiddleware.cs               |   0
 .../ClaimsTransformationOptions.cs                  |   0
 .../ClaimsTransformer.cs                            |   0
 .../DataHandler/IDataSerializer.cs                  |   0
 .../DataHandler/ISecureDataFormat.cs                |   0
 .../DataHandler/PropertiesDataFormat.cs             |   0
 .../DataHandler/PropertiesSerializer.cs             |   0
 .../DataHandler/SecureDataFormat.cs                 |   0
 .../DataHandler/TextEncoder.cs                      |   0
 .../DataHandler/TicketDataFormat.cs                 |   0
 .../DataHandler/TicketSerializer.cs                 |   0
 .../Events/BaseContext.cs                           |   0
 .../Events/BaseControlContext.cs                    |   0
 .../Events/EventResultState.cs                      |   0
 .../Events/FailureContext.cs                        |   0
 .../Events/IRemoteAuthenticationEvents.cs           |   0
 .../Events/RemoteAuthenticationEvents.cs            |   0
 .../Events/TicketReceivedContext.cs                 |   0
 .../HttpContextExtensions.cs                        |   0
 .../IClaimsTransformer.cs                           |   0
 .../ISystemClock.cs                                 |   0
 .../Microsoft.AspNetCore.Authentication.xproj}      |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../RemoteAuthenticationHandler.cs                  |   0
 .../RemoteAuthenticationOptions.cs                  |   0
 .../Resources.resx                                  |   0
 .../SharedAuthenticationOptions.cs                  |   0
 .../SystemClock.cs                                  |   0
 .../Win32.cs                                        |   0
 .../project.json                                    |   0
 .../AllowAnonymousAttribute.cs                      |   0
 .../AuthorizationContext.cs                         |   0
 .../AuthorizationHandler.cs                         |   0
 .../AuthorizationOptions.cs                         |   0
 .../AuthorizationPolicy.cs                          |   0
 .../AuthorizationPolicyBuilder.cs                   |   0
 .../AuthorizationServiceCollectionExtensions.cs     |   0
 .../AuthorizationServiceExtensions.cs               |   0
 .../AuthorizeAttribute.cs                           |   0
 .../DefaultAuthorizationService.cs                  |   0
 .../IAllowAnonymous.cs                              |   0
 .../IAuthorizationHandler.cs                        |   0
 .../IAuthorizationRequirement.cs                    |   0
 .../IAuthorizationService.cs                        |   0
 .../IAuthorizeData.cs                               |   0
 .../Infrastructure/AssertionRequirement.cs          |   0
 .../ClaimsAuthorizationRequirement.cs               |   0
 .../DenyAnonymousAuthorizationRequirement.cs        |   0
 .../Infrastructure/NameAuthorizationRequirement.cs  |   0
 .../OperationAuthorizationRequirement.cs            |   0
 .../PassThroughAuthorizationHandler.cs              |   0
 .../Infrastructure/RolesAuthorizationRequirement.cs |   0
 .../Microsoft.AspNetCore.Authorization.xproj}       |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../Properties/Resources.Designer.cs                |   0
 .../Resources.resx                                  |   0
 .../project.json                                    |   0
 .../AppendCookieContext.cs                          |   0
 .../CookiePolicyAppBuilderExtensions.cs             |   0
 .../CookiePolicyMiddleware.cs                       |   0
 .../CookiePolicyOptions.cs                          |   0
 .../DeleteCookieContext.cs                          |   0
 .../HttpOnlyPolicy.cs                               |   0
 .../Microsoft.AspNetCore.CookiePolicy.xproj}        |   0
 .../Properties/AssemblyInfo.cs                      |   0
 .../SecurePolicy.cs                                 |   0
 .../project.json                                    |   0
 .../AuthenticationHandlerFacts.cs                   |   0
 .../Cookies/CookieMiddlewareTests.cs                |   0
 .../Cookies/Infrastructure/CookieChunkingTests.cs   |   0
 .../DataHandler/Base64UrlTextEncoderTests.cs        |   0
 .../DataHandler/SecureDataFormatTests.cs            |   0
 .../DataHandler/TicketSerializerTests.cs            |   0
 .../Facebook/FacebookMiddlewareTests.cs             |   0
 .../Google/GoogleMiddlewareTests.cs                 |   0
 .../JwtBearer/JwtBearerMiddlewareTests.cs           |   0
 .../Microsoft.AspNetCore.Authentication.Test.xproj} |   0
 .../MicrosoftAccountMiddlewareTests.cs              |   0
 .../AuthenticationPropertiesFormaterKeyValue.cs     |   0
 .../OpenIdConnect/ExpectedQueryValues.cs            |   0
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs   |   0
 .../OpenIdConnect/TestUtilities.cs                  |   0
 .../TestClock.cs                                    |   0
 .../TestExtensions.cs                               |   0
 .../TestHttpMessageHandler.cs                       |   0
 .../Transaction.cs                                  |   0
 .../Twitter/TwitterMiddlewareTests.cs               |   0
 .../katanatest.redmond.corp.microsoft.com.cer       | Bin
 .../project.json                                    |   0
 .../selfSigned.cer                                  | Bin
 .../AuthorizationPolicyFacts.cs                     |   0
 .../DefaultAuthorizationServiceTests.cs             |   0
 .../Microsoft.AspNetCore.Authorization.Test.xproj}  |   0
 .../project.json                                    |   0
 .../CookiePolicyTests.cs                            |   0
 .../Microsoft.AspNetCore.CookiePolicy.Test.xproj}   |   0
 .../TestExtensions.cs                               |   0
 .../Transaction.cs                                  |   0
 .../project.json                                    |   0
 237 files changed, 0 insertions(+), 0 deletions(-)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/ChunkingCookieManager.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Constants.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/CookieAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/CookieAuthenticationDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/CookieAuthenticationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/CookieAuthenticationMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/CookieAuthenticationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/CookieSecureOption.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/BaseCookieContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/CookieAuthenticationEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/CookieRedirectContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/CookieSignedInContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/CookieSigningInContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/CookieSigningOutContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/CookieValidatePrincipalContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Events/ICookieAuthenticationEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/ICookieManager.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/ITicketStore.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj => Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.Cookies => Microsoft.AspNetCore.Authentication.Cookies}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/FacebookAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/FacebookDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/FacebookHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/FacebookHelper.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/FacebookMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/FacebookOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj => Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.Facebook => Microsoft.AspNetCore.Authentication.Facebook}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/GoogleAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/GoogleDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/GoogleHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/GoogleHelper.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/GoogleMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/GoogleOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj => Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.Google => Microsoft.AspNetCore.Authentication.Google}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/AuthenticationFailedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/BaseJwtBearerContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/IJwtBearerEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/JwtBearerChallengeContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/JwtBearerEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/ReceivedTokenContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/ReceivingTokenContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Events/TokenValidatedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/JwtBearerAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/JwtBearerDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/JwtBearerHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/JwtBearerMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/JwtBearerOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj => Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.JwtBearer => Microsoft.AspNetCore.Authentication.JwtBearer}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj => Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/MicrosoftAccountAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/MicrosoftAccountDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/MicrosoftAccountHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/MicrosoftAccountHelper.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/MicrosoftAccountMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/MicrosoftAccountOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.MicrosoftAccount => Microsoft.AspNetCore.Authentication.MicrosoftAccount}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Constants.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Events/IOAuthEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Events/OAuthCreatingTicketContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Events/OAuthEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Events/OAuthRedirectToAuthorizationContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj => Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/OAuthAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/OAuthHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/OAuthMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/OAuthOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/OAuthTokenResponse.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.OAuth => Microsoft.AspNetCore.Authentication.OAuth}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/AuthenticationFailedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/AuthenticationValidatedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/AuthorizationCodeReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/AuthorizationResponseReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/BaseOpenIdConnectContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/IOpenIdConnectEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/MessageReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/OpenIdConnectEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/RedirectContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/TokenResponseReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Events/UserInformationReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj => Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/OpenIdConnectAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/OpenIdConnectDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/OpenIdConnectHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/OpenIdConnectMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/OpenIdConnectOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/OpenIdConnectRedirectBehavior .cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.OpenIdConnect => Microsoft.AspNetCore.Authentication.OpenIdConnect}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Events/BaseTwitterContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Events/ITwitterEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Events/TwitterCreatingTicketContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Events/TwitterEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Events/TwitterRedirectToAuthorizationEndpointContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Messages/AccessToken.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Messages/RequestToken.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Messages/RequestTokenSerializer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj => Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/TwitterAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/TwitterDefaults.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/TwitterHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/TwitterMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/TwitterOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication.Twitter => Microsoft.AspNetCore.Authentication.Twitter}/project.json (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/AuthenticateResult.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/AuthenticationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/AuthenticationMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/AuthenticationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/AuthenticationServiceCollectionExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/AuthenticationTicket.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/ClaimsTransformationAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/ClaimsTransformationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/ClaimsTransformationMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/ClaimsTransformationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/ClaimsTransformer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/IDataSerializer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/ISecureDataFormat.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/PropertiesDataFormat.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/PropertiesSerializer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/SecureDataFormat.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/TextEncoder.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/TicketDataFormat.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/DataHandler/TicketSerializer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Events/BaseContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Events/BaseControlContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Events/EventResultState.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Events/FailureContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Events/IRemoteAuthenticationEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Events/RemoteAuthenticationEvents.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Events/TicketReceivedContext.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/HttpContextExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/IClaimsTransformer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/ISystemClock.cs (100%)
 rename src/{Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj => Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj} (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/RemoteAuthenticationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/RemoteAuthenticationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/SharedAuthenticationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/SystemClock.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/Win32.cs (100%)
 rename src/{Microsoft.AspNet.Authentication => Microsoft.AspNetCore.Authentication}/project.json (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AllowAnonymousAttribute.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizationContext.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizationOptions.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizationPolicy.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizationPolicyBuilder.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizationServiceCollectionExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizationServiceExtensions.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/AuthorizeAttribute.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/DefaultAuthorizationService.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/IAllowAnonymous.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/IAuthorizationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/IAuthorizationRequirement.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/IAuthorizationService.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/IAuthorizeData.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Infrastructure/AssertionRequirement.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Infrastructure/ClaimsAuthorizationRequirement.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Infrastructure/DenyAnonymousAuthorizationRequirement.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Infrastructure/NameAuthorizationRequirement.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Infrastructure/OperationAuthorizationRequirement.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Infrastructure/PassThroughAuthorizationHandler.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Infrastructure/RolesAuthorizationRequirement.cs (100%)
 rename src/{Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj => Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj} (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Properties/Resources.Designer.cs (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/Resources.resx (100%)
 rename src/{Microsoft.AspNet.Authorization => Microsoft.AspNetCore.Authorization}/project.json (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/AppendCookieContext.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/CookiePolicyAppBuilderExtensions.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/CookiePolicyMiddleware.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/CookiePolicyOptions.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/DeleteCookieContext.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/HttpOnlyPolicy.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy/Microsoft.AspNet.CookiePolicy.xproj => Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj} (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/Properties/AssemblyInfo.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/SecurePolicy.cs (100%)
 rename src/{Microsoft.AspNet.CookiePolicy => Microsoft.AspNetCore.CookiePolicy}/project.json (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/AuthenticationHandlerFacts.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/Cookies/CookieMiddlewareTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/Cookies/Infrastructure/CookieChunkingTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/DataHandler/Base64UrlTextEncoderTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/DataHandler/SecureDataFormatTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/DataHandler/TicketSerializerTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/Facebook/FacebookMiddlewareTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/Google/GoogleMiddlewareTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/JwtBearer/JwtBearerMiddlewareTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj => Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj} (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/OpenIdConnect/ExpectedQueryValues.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/OpenIdConnect/OpenIdConnectMiddlewareTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/OpenIdConnect/TestUtilities.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/TestClock.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/TestExtensions.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/TestHttpMessageHandler.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/Transaction.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/Twitter/TwitterMiddlewareTests.cs (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/katanatest.redmond.corp.microsoft.com.cer (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/project.json (100%)
 rename test/{Microsoft.AspNet.Authentication.Test => Microsoft.AspNetCore.Authentication.Test}/selfSigned.cer (100%)
 rename test/{Microsoft.AspNet.Authorization.Test => Microsoft.AspNetCore.Authorization.Test}/AuthorizationPolicyFacts.cs (100%)
 rename test/{Microsoft.AspNet.Authorization.Test => Microsoft.AspNetCore.Authorization.Test}/DefaultAuthorizationServiceTests.cs (100%)
 rename test/{Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj => Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj} (100%)
 rename test/{Microsoft.AspNet.Authorization.Test => Microsoft.AspNetCore.Authorization.Test}/project.json (100%)
 rename test/{Microsoft.AspNet.CookiePolicy.Test => Microsoft.AspNetCore.CookiePolicy.Test}/CookiePolicyTests.cs (100%)
 rename test/{Microsoft.AspNet.CookiePolicy.Test/Microsoft.AspNet.CookiePolicy.Test.xproj => Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj} (100%)
 rename test/{Microsoft.AspNet.CookiePolicy.Test => Microsoft.AspNetCore.CookiePolicy.Test}/TestExtensions.cs (100%)
 rename test/{Microsoft.AspNet.CookiePolicy.Test => Microsoft.AspNetCore.CookiePolicy.Test}/Transaction.cs (100%)
 rename test/{Microsoft.AspNet.CookiePolicy.Test => Microsoft.AspNetCore.CookiePolicy.Test}/project.json (100%)

diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/ChunkingCookieManager.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Constants.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Constants.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/CookieAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/CookieSecureOption.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/BaseCookieContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieRedirectContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSignedInContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningInContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieSigningOutContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ICookieManager.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/ICookieManager.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/ITicketStore.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/ITicketStore.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Microsoft.AspNet.Authentication.Cookies.xproj
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/Resources.resx b/src/Microsoft.AspNetCore.Authentication.Cookies/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.Cookies/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Cookies/project.json
rename to src/Microsoft.AspNetCore.Authentication.Cookies/project.json
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookDefaults.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookHelper.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/FacebookOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/Microsoft.AspNet.Authentication.Facebook.xproj
rename to src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/Resources.resx b/src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Facebook/project.json
rename to src/Microsoft.AspNetCore.Authentication.Facebook/project.json
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleDefaults.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleHelper.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/GoogleOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/Microsoft.AspNet.Authentication.Google.xproj
rename to src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.Google/Resources.resx b/src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Google/project.json
rename to src/Microsoft.AspNetCore.Authentication.Google/project.json
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/JwtBearerEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Events/TokenValidatedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerDefaults.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/JwtBearerOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Microsoft.AspNet.Authentication.JwtBearer.xproj
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.JwtBearer/project.json
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/Microsoft.AspNet.Authentication.MicrosoftAccount.xproj
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.resx b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.MicrosoftAccount/project.json
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Constants.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Constants.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/IOAuthEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Microsoft.AspNet.Authentication.OAuth.xproj
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/OAuthTokenResponse.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/Resources.resx b/src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OAuth/project.json
rename to src/Microsoft.AspNetCore.Authentication.OAuth/project.json
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/RedirectContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Microsoft.AspNet.Authentication.OpenIdConnect.xproj
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.OpenIdConnect/project.json
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/BaseTwitterContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/ITwitterEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterEvents.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Messages/AccessToken.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestToken.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Messages/RequestTokenSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Microsoft.AspNet.Authentication.Twitter.xproj
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/Resources.resx b/src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterDefaults.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterHandler.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/TwitterOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication.Twitter/project.json
rename to src/Microsoft.AspNetCore.Authentication.Twitter/project.json
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticateResult.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/AuthenticateResult.cs
rename to src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
rename to src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/AuthenticationMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/AuthenticationOptions.cs
rename to src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/AuthenticationServiceCollectionExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs
rename to src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/ClaimsTransformationAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationHandler.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/ClaimsTransformationHandler.cs
rename to src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/ClaimsTransformationMiddleware.cs
rename to src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/ClaimsTransformationOptions.cs
rename to src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication/ClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/ClaimsTransformer.cs
rename to src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/IDataSerializer.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/IDataSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/ISecureDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/PropertiesDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/PropertiesSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/SecureDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TextEncoder.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/TextEncoder.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/TicketDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs
diff --git a/src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/DataHandler/TicketSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs
diff --git a/src/Microsoft.AspNet.Authentication/Events/BaseContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Events/BaseContext.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
diff --git a/src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Events/BaseControlContext.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
diff --git a/src/Microsoft.AspNet.Authentication/Events/EventResultState.cs b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Events/EventResultState.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
diff --git a/src/Microsoft.AspNet.Authentication/Events/FailureContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Events/FailureContext.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
diff --git a/src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Events/IRemoteAuthenticationEvents.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Events/RemoteAuthenticationEvents.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Events/TicketReceivedContext.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
diff --git a/src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/HttpContextExtensions.cs
rename to src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
diff --git a/src/Microsoft.AspNet.Authentication/IClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/IClaimsTransformer.cs
rename to src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
diff --git a/src/Microsoft.AspNet.Authentication/ISystemClock.cs b/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/ISystemClock.cs
rename to src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
diff --git a/src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Microsoft.AspNet.Authentication.xproj
rename to src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
diff --git a/src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authentication/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/RemoteAuthenticationHandler.cs
rename to src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/RemoteAuthenticationOptions.cs
rename to src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication/Resources.resx b/src/Microsoft.AspNetCore.Authentication/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Resources.resx
rename to src/Microsoft.AspNetCore.Authentication/Resources.resx
diff --git a/src/Microsoft.AspNet.Authentication/SharedAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/SharedAuthenticationOptions.cs
rename to src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNet.Authentication/SystemClock.cs b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/SystemClock.cs
rename to src/Microsoft.AspNetCore.Authentication/SystemClock.cs
diff --git a/src/Microsoft.AspNet.Authentication/Win32.cs b/src/Microsoft.AspNetCore.Authentication/Win32.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/Win32.cs
rename to src/Microsoft.AspNetCore.Authentication/Win32.cs
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authentication/project.json
rename to src/Microsoft.AspNetCore.Authentication/project.json
diff --git a/src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs b/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AllowAnonymousAttribute.cs
rename to src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationContext.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizationContext.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizationHandler.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizationOptions.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizationPolicy.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizationPolicyBuilder.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizationServiceCollectionExtensions.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizationServiceExtensions.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
diff --git a/src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/AuthorizeAttribute.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
diff --git a/src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/DefaultAuthorizationService.cs
rename to src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
diff --git a/src/Microsoft.AspNet.Authorization/IAllowAnonymous.cs b/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/IAllowAnonymous.cs
rename to src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/IAuthorizationHandler.cs
rename to src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/IAuthorizationRequirement.cs
rename to src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/IAuthorizationService.cs
rename to src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
diff --git a/src/Microsoft.AspNet.Authorization/IAuthorizeData.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/IAuthorizeData.cs
rename to src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/AssertionRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Infrastructure/AssertionRequirement.cs
rename to src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
rename to src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
rename to src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Infrastructure/NameAuthorizationRequirement.cs
rename to src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
rename to src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
rename to src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
diff --git a/src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
rename to src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Microsoft.AspNet.Authorization.xproj
rename to src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
diff --git a/src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Properties/Resources.Designer.cs
rename to src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNet.Authorization/Resources.resx b/src/Microsoft.AspNetCore.Authorization/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/Resources.resx
rename to src/Microsoft.AspNetCore.Authorization/Resources.resx
diff --git a/src/Microsoft.AspNet.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
similarity index 100%
rename from src/Microsoft.AspNet.Authorization/project.json
rename to src/Microsoft.AspNetCore.Authorization/project.json
diff --git a/src/Microsoft.AspNet.CookiePolicy/AppendCookieContext.cs b/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/AppendCookieContext.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/CookiePolicyOptions.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/DeleteCookieContext.cs b/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/DeleteCookieContext.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/HttpOnlyPolicy.cs b/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/HttpOnlyPolicy.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/Microsoft.AspNet.CookiePolicy.xproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/Microsoft.AspNet.CookiePolicy.xproj
rename to src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
diff --git a/src/Microsoft.AspNet.CookiePolicy/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/Properties/AssemblyInfo.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/SecurePolicy.cs b/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/SecurePolicy.cs
rename to src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
diff --git a/src/Microsoft.AspNet.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
similarity index 100%
rename from src/Microsoft.AspNet.CookiePolicy/project.json
rename to src/Microsoft.AspNetCore.CookiePolicy/project.json
diff --git a/test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/AuthenticationHandlerFacts.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Cookies/CookieMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/SecureDataFormatTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/DataHandler/SecureDataFormatTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/DataHandler/TicketSerializerTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Google/GoogleMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Microsoft.AspNet.Authentication.Test.xproj
rename to test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
diff --git a/test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/TestUtilities.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/TestClock.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/TestClock.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/TestExtensions.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/TestHttpMessageHandler.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/TestHttpMessageHandler.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/Transaction.cs b/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Transaction.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
diff --git a/test/Microsoft.AspNet.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer b/test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
rename to test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
diff --git a/test/Microsoft.AspNet.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/project.json
rename to test/Microsoft.AspNetCore.Authentication.Test/project.json
diff --git a/test/Microsoft.AspNet.Authentication.Test/selfSigned.cer b/test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
similarity index 100%
rename from test/Microsoft.AspNet.Authentication.Test/selfSigned.cer
rename to test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
diff --git a/test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authorization.Test/AuthorizationPolicyFacts.cs
rename to test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
diff --git a/test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.Authorization.Test/DefaultAuthorizationServiceTests.cs
rename to test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
diff --git a/test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
similarity index 100%
rename from test/Microsoft.AspNet.Authorization.Test/Microsoft.AspNet.Authorization.Test.xproj
rename to test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
diff --git a/test/Microsoft.AspNet.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
similarity index 100%
rename from test/Microsoft.AspNet.Authorization.Test/project.json
rename to test/Microsoft.AspNetCore.Authorization.Test/project.json
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
similarity index 100%
rename from test/Microsoft.AspNet.CookiePolicy.Test/CookiePolicyTests.cs
rename to test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/Microsoft.AspNet.CookiePolicy.Test.xproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
similarity index 100%
rename from test/Microsoft.AspNet.CookiePolicy.Test/Microsoft.AspNet.CookiePolicy.Test.xproj
rename to test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNet.CookiePolicy.Test/TestExtensions.cs
rename to test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/Transaction.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
similarity index 100%
rename from test/Microsoft.AspNet.CookiePolicy.Test/Transaction.cs
rename to test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
diff --git a/test/Microsoft.AspNet.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
similarity index 100%
rename from test/Microsoft.AspNet.CookiePolicy.Test/project.json
rename to test/Microsoft.AspNetCore.CookiePolicy.Test/project.json

From c0d587e7c2246f208e2c82e9deafd19058c1c2f2 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Fri, 22 Jan 2016 12:16:38 -0800
Subject: [PATCH 450/900] Rename AspNet 5 file contents.

See https://github.com/aspnet/Announcements/issues/144 for more information.
---
 NuGetPackageVerifier.json                     | 22 +++++++-------
 Security.sln                                  | 30 +++++++++----------
 samples/CookieSample/Startup.cs               |  8 ++---
 samples/CookieSample/hosting.json             |  4 +--
 samples/CookieSample/project.json             |  8 ++---
 .../MemoryCacheTicketStore.cs                 |  4 +--
 samples/CookieSessionSample/Startup.cs        |  8 ++---
 samples/CookieSessionSample/hosting.json      |  4 +--
 samples/CookieSessionSample/project.json      |  8 ++---
 samples/JwtBearerSample/Startup.cs            |  8 ++---
 samples/JwtBearerSample/hosting.json          |  4 +--
 samples/JwtBearerSample/project.json          | 10 +++----
 samples/OpenIdConnectSample/Startup.cs        | 12 ++++----
 samples/OpenIdConnectSample/hosting.json      |  4 +--
 samples/OpenIdConnectSample/project.json      |  8 ++---
 samples/SocialSample/Startup.cs               | 18 +++++------
 samples/SocialSample/hosting.json             |  4 +--
 samples/SocialSample/project.json             | 16 +++++-----
 .../ChunkingCookieManager.cs                  |  4 +--
 .../Constants.cs                              |  2 +-
 .../CookieAppBuilderExtensions.cs             |  4 +--
 .../CookieAuthenticationDefaults.cs           |  6 ++--
 .../CookieAuthenticationHandler.cs            | 14 ++++-----
 .../CookieAuthenticationMiddleware.cs         |  8 ++---
 .../CookieAuthenticationOptions.cs            | 12 ++++----
 .../CookieSecureOption.cs                     |  2 +-
 .../Events/BaseCookieContext.cs               |  6 ++--
 .../Events/CookieAuthenticationEvents.cs      |  4 +--
 .../Events/CookieRedirectContext.cs           |  8 ++---
 .../Events/CookieSignedInContext.cs           |  8 ++---
 .../Events/CookieSigningInContext.cs          |  8 ++---
 .../Events/CookieSigningOutContext.cs         |  8 ++---
 .../Events/CookieValidatePrincipalContext.cs  |  8 ++---
 .../Events/ICookieAuthenticationEvents.cs     |  2 +-
 .../ICookieManager.cs                         |  4 +--
 .../ITicketStore.cs                           |  2 +-
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../FacebookAppBuilderExtensions.cs           |  4 +--
 .../FacebookDefaults.cs                       |  2 +-
 .../FacebookHandler.cs                        | 10 +++----
 .../FacebookHelper.cs                         |  2 +-
 .../FacebookMiddleware.cs                     | 10 +++----
 .../FacebookOptions.cs                        |  6 ++--
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../GoogleAppBuilderExtensions.cs             |  4 +--
 .../GoogleDefaults.cs                         |  2 +-
 .../GoogleHandler.cs                          | 10 +++----
 .../GoogleHelper.cs                           |  2 +-
 .../GoogleMiddleware.cs                       | 10 +++----
 .../GoogleOptions.cs                          |  6 ++--
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../Events/AuthenticationFailedContext.cs     |  6 ++--
 .../Events/BaseJwtBearerContext.cs            |  6 ++--
 .../Events/IJwtBearerEvents.cs                |  2 +-
 .../Events/JwtBearerChallengeContext.cs       |  8 ++---
 .../Events/JwtBearerEvents.cs                 |  4 +--
 .../Events/ReceivedTokenContext.cs            |  6 ++--
 .../Events/ReceivingTokenContext.cs           |  6 ++--
 .../Events/TokenValidatedContext.cs           |  6 ++--
 .../JwtBearerAppBuilderExtensions.cs          |  4 +--
 .../JwtBearerDefaults.cs                      |  2 +-
 .../JwtBearerHandler.cs                       | 10 +++----
 .../JwtBearerMiddleware.cs                    |  6 ++--
 .../JwtBearerOptions.cs                       |  6 ++--
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../MicrosoftAccountAppBuilderExtensions.cs   |  4 +--
 .../MicrosoftAccountDefaults.cs               |  2 +-
 .../MicrosoftAccountHandler.cs                |  8 ++---
 .../MicrosoftAccountHelper.cs                 |  2 +-
 .../MicrosoftAccountMiddleware.cs             | 10 +++----
 .../MicrosoftAccountOptions.cs                |  6 ++--
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../Constants.cs                              |  4 +--
 .../Events/IOAuthEvents.cs                    |  2 +-
 .../Events/OAuthCreatingTicketContext.cs      |  6 ++--
 .../Events/OAuthEvents.cs                     |  2 +-
 .../OAuthRedirectToAuthorizationContext.cs    |  8 ++---
 .../OAuthAppBuilderExtensions.cs              |  4 +--
 .../OAuthHandler.cs                           | 12 ++++----
 .../OAuthMiddleware.cs                        |  8 ++---
 .../OAuthOptions.cs                           |  8 ++---
 .../OAuthTokenResponse.cs                     |  2 +-
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../Events/AuthenticationFailedContext.cs     |  6 ++--
 .../Events/AuthenticationValidatedContext.cs  |  8 ++---
 .../AuthorizationCodeReceivedContext.cs       |  8 ++---
 .../AuthorizationResponseReceivedContext.cs   |  8 ++---
 .../Events/BaseOpenIdConnectContext.cs        |  6 ++--
 .../Events/IOpenIdConnectEvents.cs            |  2 +-
 .../Events/MessageReceivedContext.cs          |  6 ++--
 .../Events/OpenIdConnectEvents.cs             |  2 +-
 .../Events/RedirectContext.cs                 |  8 ++---
 .../Events/TokenResponseReceivedContext.cs    | 10 +++----
 .../Events/UserInformationReceivedContext.cs  |  8 ++---
 .../OpenIdConnectAppBuilderExtensions.cs      |  4 +--
 .../OpenIdConnectDefaults.cs                  |  6 ++--
 .../OpenIdConnectHandler.cs                   | 10 +++----
 .../OpenIdConnectMiddleware.cs                |  8 ++---
 .../OpenIdConnectOptions.cs                   | 10 +++----
 .../OpenIdConnectRedirectBehavior .cs         |  2 +-
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../Events/BaseTwitterContext.cs              |  6 ++--
 .../Events/ITwitterEvents.cs                  |  2 +-
 .../Events/TwitterCreatingTicketContext.cs    |  8 ++---
 .../Events/TwitterEvents.cs                   |  2 +-
 ...rRedirectToAuthorizationEndpointContext.cs |  8 ++---
 .../Messages/AccessToken.cs                   |  2 +-
 .../Messages/RequestToken.cs                  |  4 +--
 .../Messages/RequestTokenSerializer.cs        |  4 +--
 .../Properties/Resources.Designer.cs          |  4 +--
 .../TwitterAppBuilderExtensions.cs            |  4 +--
 .../TwitterDefaults.cs                        |  2 +-
 .../TwitterHandler.cs                         | 14 ++++-----
 .../TwitterMiddleware.cs                      |  8 ++---
 .../TwitterOptions.cs                         |  8 ++---
 .../project.json                              |  2 +-
 .../AuthenticateResult.cs                     |  2 +-
 .../AuthenticationHandler.cs                  | 10 +++----
 .../AuthenticationMiddleware.cs               |  6 ++--
 .../AuthenticationOptions.cs                  |  4 +--
 ...thenticationServiceCollectionExtensions.cs |  2 +-
 .../AuthenticationTicket.cs                   |  4 +--
 ...laimsTransformationAppBuilderExtensions.cs |  4 +--
 .../ClaimsTransformationHandler.cs            |  4 +--
 .../ClaimsTransformationMiddleware.cs         |  6 ++--
 .../ClaimsTransformationOptions.cs            |  4 +--
 .../ClaimsTransformer.cs                      |  2 +-
 .../DataHandler/IDataSerializer.cs            |  2 +-
 .../DataHandler/ISecureDataFormat.cs          |  2 +-
 .../DataHandler/PropertiesDataFormat.cs       |  6 ++--
 .../DataHandler/PropertiesSerializer.cs       |  4 +--
 .../DataHandler/SecureDataFormat.cs           |  4 +--
 .../DataHandler/TextEncoder.cs                |  2 +-
 .../DataHandler/TicketDataFormat.cs           |  4 +--
 .../DataHandler/TicketSerializer.cs           |  2 +-
 .../Events/BaseContext.cs                     |  4 +--
 .../Events/BaseControlContext.cs              |  4 +--
 .../Events/EventResultState.cs                |  2 +-
 .../Events/FailureContext.cs                  |  4 +--
 .../Events/IRemoteAuthenticationEvents.cs     |  2 +-
 .../Events/RemoteAuthenticationEvents.cs      |  2 +-
 .../Events/TicketReceivedContext.cs           |  8 ++---
 .../HttpContextExtensions.cs                  | 10 +++----
 .../IClaimsTransformer.cs                     |  2 +-
 .../ISystemClock.cs                           |  2 +-
 .../Properties/Resources.Designer.cs          |  4 +--
 .../RemoteAuthenticationHandler.cs            |  6 ++--
 .../RemoteAuthenticationOptions.cs            |  6 ++--
 .../SharedAuthenticationOptions.cs            |  2 +-
 .../SystemClock.cs                            |  2 +-
 .../project.json                              |  6 ++--
 .../AllowAnonymousAttribute.cs                |  2 +-
 .../AuthorizationContext.cs                   |  2 +-
 .../AuthorizationHandler.cs                   |  2 +-
 .../AuthorizationOptions.cs                   |  2 +-
 .../AuthorizationPolicy.cs                    |  2 +-
 .../AuthorizationPolicyBuilder.cs             |  4 +--
 ...uthorizationServiceCollectionExtensions.cs |  4 +--
 .../AuthorizationServiceExtensions.cs         |  2 +-
 .../AuthorizeAttribute.cs                     |  2 +-
 .../DefaultAuthorizationService.cs            |  2 +-
 .../IAllowAnonymous.cs                        |  2 +-
 .../IAuthorizationHandler.cs                  |  2 +-
 .../IAuthorizationRequirement.cs              |  2 +-
 .../IAuthorizationService.cs                  |  2 +-
 .../IAuthorizeData.cs                         |  2 +-
 .../Infrastructure/AssertionRequirement.cs    |  2 +-
 .../ClaimsAuthorizationRequirement.cs         |  2 +-
 .../DenyAnonymousAuthorizationRequirement.cs  |  2 +-
 .../NameAuthorizationRequirement.cs           |  2 +-
 .../OperationAuthorizationRequirement.cs      |  2 +-
 .../PassThroughAuthorizationHandler.cs        |  2 +-
 .../RolesAuthorizationRequirement.cs          |  2 +-
 .../Properties/Resources.Designer.cs          |  4 +--
 .../project.json                              |  2 +-
 .../AppendCookieContext.cs                    |  4 +--
 .../CookiePolicyAppBuilderExtensions.cs       |  4 +--
 .../CookiePolicyMiddleware.cs                 |  8 ++---
 .../CookiePolicyOptions.cs                    |  4 +--
 .../DeleteCookieContext.cs                    |  4 +--
 .../HttpOnlyPolicy.cs                         |  2 +-
 .../Microsoft.AspNetCore.CookiePolicy.xproj   |  4 +--
 .../SecurePolicy.cs                           |  2 +-
 .../project.json                              |  2 +-
 .../AspNetTicketSerializer.cs                 |  2 +-
 .../DataProtectorShim.cs                      |  2 +-
 .../project.json                              |  6 ++--
 .../AuthenticationHandlerFacts.cs             | 14 ++++-----
 .../Cookies/CookieMiddlewareTests.cs          | 16 +++++-----
 .../Infrastructure/CookieChunkingTests.cs     |  6 ++--
 .../DataHandler/Base64UrlTextEncoderTests.cs  |  2 +-
 .../DataHandler/SecureDataFormatTests.cs      |  6 ++--
 .../DataHandler/TicketSerializerTests.cs      |  6 ++--
 .../Facebook/FacebookMiddlewareTests.cs       | 18 +++++------
 .../Google/GoogleMiddlewareTests.cs           | 18 +++++------
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 16 +++++-----
 .../MicrosoftAccountMiddlewareTests.cs        | 16 +++++-----
 ...uthenticationPropertiesFormaterKeyValue.cs |  4 +--
 .../OpenIdConnect/ExpectedQueryValues.cs      |  2 +-
 .../OpenIdConnectMiddlewareTests.cs           | 16 +++++-----
 .../OpenIdConnect/TestUtilities.cs            |  2 +-
 .../TestClock.cs                              |  4 +--
 .../TestExtensions.cs                         |  6 ++--
 .../TestHttpMessageHandler.cs                 |  2 +-
 .../Transaction.cs                            |  2 +-
 .../Twitter/TwitterMiddlewareTests.cs         | 10 +++----
 .../project.json                              | 18 +++++------
 .../AuthorizationPolicyFacts.cs               |  6 ++--
 .../DefaultAuthorizationServiceTests.cs       |  4 +--
 .../project.json                              |  2 +-
 .../CookiePolicyTests.cs                      | 14 ++++-----
 ...crosoft.AspNetCore.CookiePolicy.Test.xproj |  4 +--
 .../TestExtensions.cs                         |  6 ++--
 .../Transaction.cs                            |  2 +-
 .../project.json                              |  4 +--
 .../CookieInteropTests.cs                     | 14 ++++-----
 .../TicketInteropTests.cs                     |  2 +-
 .../project.json                              |  6 ++--
 225 files changed, 618 insertions(+), 618 deletions(-)

diff --git a/NuGetPackageVerifier.json b/NuGetPackageVerifier.json
index c3d5401e6b..4c7cf6982f 100644
--- a/NuGetPackageVerifier.json
+++ b/NuGetPackageVerifier.json
@@ -9,17 +9,17 @@
             "StrictSemanticVersionValidationRule"
         ],
         "packages": {
-            "Microsoft.AspNet.Authentication": { },
-            "Microsoft.AspNet.Authentication.Cookies": { },
-            "Microsoft.AspNet.Authentication.Facebook": { },
-            "Microsoft.AspNet.Authentication.Google": { },
-            "Microsoft.AspNet.Authentication.JwtBearer": { },
-            "Microsoft.AspNet.Authentication.MicrosoftAccount": { },
-            "Microsoft.AspNet.Authentication.OAuth": { },
-            "Microsoft.AspNet.Authentication.OpenIdConnect": { },
-            "Microsoft.AspNet.Authentication.Twitter": { },
-            "Microsoft.AspNet.Authorization": { },
-            "Microsoft.AspNet.CookiePolicy": { }
+            "Microsoft.AspNetCore.Authentication": { },
+            "Microsoft.AspNetCore.Authentication.Cookies": { },
+            "Microsoft.AspNetCore.Authentication.Facebook": { },
+            "Microsoft.AspNetCore.Authentication.Google": { },
+            "Microsoft.AspNetCore.Authentication.JwtBearer": { },
+            "Microsoft.AspNetCore.Authentication.MicrosoftAccount": { },
+            "Microsoft.AspNetCore.Authentication.OAuth": { },
+            "Microsoft.AspNetCore.Authentication.OpenIdConnect": { },
+            "Microsoft.AspNetCore.Authentication.Twitter": { },
+            "Microsoft.AspNetCore.Authorization": { },
+            "Microsoft.AspNetCore.CookiePolicy": { }
         }
     },
     "Default": { // Rules to run for packages not listed in any other set.
diff --git a/Security.sln b/Security.sln
index 28ecb032ed..4c24c1d22f 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,4 +1,4 @@
-
+
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
 VisualStudioVersion = 14.0.23107.0
@@ -22,33 +22,33 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSessionSample", "samp
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnectSample", "samples\OpenIdConnectSample\OpenIdConnectSample.xproj", "{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Cookies", "src\Microsoft.AspNet.Authentication.Cookies\Microsoft.AspNet.Authentication.Cookies.xproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Cookies", "src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.xproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication", "src\Microsoft.AspNet.Authentication\Microsoft.AspNet.Authentication.xproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication", "src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.xproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Facebook", "src\Microsoft.AspNet.Authentication.Facebook\Microsoft.AspNet.Authentication.Facebook.xproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Facebook", "src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.xproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Google", "src\Microsoft.AspNet.Authentication.Google\Microsoft.AspNet.Authentication.Google.xproj", "{76579C39-B829-490D-B8BE-1BD35FE8412E}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Google", "src\Microsoft.AspNetCore.Authentication.Google\Microsoft.AspNetCore.Authentication.Google.xproj", "{76579C39-B829-490D-B8BE-1BD35FE8412E}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OpenIdConnect", "src\Microsoft.AspNet.Authentication.OpenIdConnect\Microsoft.AspNet.Authentication.OpenIdConnect.xproj", "{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.OpenIdConnect", "src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj", "{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.MicrosoftAccount", "src\Microsoft.AspNet.Authentication.MicrosoftAccount\Microsoft.AspNet.Authentication.MicrosoftAccount.xproj", "{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.MicrosoftAccount", "src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj", "{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Twitter", "src\Microsoft.AspNet.Authentication.Twitter\Microsoft.AspNet.Authentication.Twitter.xproj", "{0330FFF6-B4B5-42DD-8C99-26A789569000}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Twitter", "src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.xproj", "{0330FFF6-B4B5-42DD-8C99-26A789569000}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.OAuth", "src\Microsoft.AspNet.Authentication.OAuth\Microsoft.AspNet.Authentication.OAuth.xproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.OAuth", "src\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.xproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.Test", "test\Microsoft.AspNet.Authentication.Test\Microsoft.AspNet.Authentication.Test.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Test", "test\Microsoft.AspNetCore.Authentication.Test\Microsoft.AspNetCore.Authentication.Test.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization.Test", "test\Microsoft.AspNet.Authorization.Test\Microsoft.AspNet.Authorization.Test.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authorization.Test", "test\Microsoft.AspNetCore.Authorization.Test\Microsoft.AspNetCore.Authorization.Test.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authorization", "src\Microsoft.AspNet.Authorization\Microsoft.AspNet.Authorization.xproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authorization", "src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.xproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePolicy", "src\Microsoft.AspNet.CookiePolicy\Microsoft.AspNet.CookiePolicy.xproj", "{86183DC3-02A8-4A68-8B60-71ECEC066E79}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.CookiePolicy", "src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.xproj", "{86183DC3-02A8-4A68-8B60-71ECEC066E79}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.CookiePolicy.Test", "test\Microsoft.AspNet.CookiePolicy.Test\Microsoft.AspNet.CookiePolicy.Test.xproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.CookiePolicy.Test", "test\Microsoft.AspNetCore.CookiePolicy.Test\Microsoft.AspNetCore.CookiePolicy.Test.xproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Authentication.JwtBearer", "src\Microsoft.AspNet.Authentication.JwtBearer\Microsoft.AspNet.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.JwtBearer", "src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "JwtBearerSample", "samples\JwtBearerSample\JwtBearerSample.xproj", "{D399B84F-591B-4E98-92BA-B0F63E7B6957}"
 EndProject
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index a1a5d5bbc1..1f8b494c41 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,9 +1,9 @@
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 
diff --git a/samples/CookieSample/hosting.json b/samples/CookieSample/hosting.json
index f8ef14574d..6a93dbafa8 100644
--- a/samples/CookieSample/hosting.json
+++ b/samples/CookieSample/hosting.json
@@ -1,3 +1,3 @@
-{
-  "server": "Microsoft.AspNet.Server.Kestrel"
+{
+  "server": "Microsoft.AspNetCore.Server.Kestrel"
 }
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 20c5e0249d..22d51833b2 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,9 +1,9 @@
 {
   "dependencies": {
-    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.DataProtection": "1.0.0-*",
-    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
-    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
+    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "compilationOptions": {
diff --git a/samples/CookieSessionSample/MemoryCacheTicketStore.cs b/samples/CookieSessionSample/MemoryCacheTicketStore.cs
index 833ad35ac8..ebb660361b 100644
--- a/samples/CookieSessionSample/MemoryCacheTicketStore.cs
+++ b/samples/CookieSessionSample/MemoryCacheTicketStore.cs
@@ -1,7 +1,7 @@
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.Caching.Memory;
 
 namespace CookieSessionSample
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 6c6c6f3606..57593d8789 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -1,10 +1,10 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 
diff --git a/samples/CookieSessionSample/hosting.json b/samples/CookieSessionSample/hosting.json
index f8ef14574d..6a93dbafa8 100644
--- a/samples/CookieSessionSample/hosting.json
+++ b/samples/CookieSessionSample/hosting.json
@@ -1,3 +1,3 @@
-{
-  "server": "Microsoft.AspNet.Server.Kestrel"
+{
+  "server": "Microsoft.AspNetCore.Server.Kestrel"
 }
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index cddabac495..dd58262480 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,9 +1,9 @@
 {
   "dependencies": {
-    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.DataProtection": "1.0.0-*",
-    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
-    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
+    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 4ef2f6610e..34ee646c77 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -1,9 +1,9 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Net.Http.Headers;
diff --git a/samples/JwtBearerSample/hosting.json b/samples/JwtBearerSample/hosting.json
index f8ef14574d..6a93dbafa8 100644
--- a/samples/JwtBearerSample/hosting.json
+++ b/samples/JwtBearerSample/hosting.json
@@ -1,3 +1,3 @@
-{
-  "server": "Microsoft.AspNet.Server.Kestrel"
+{
+  "server": "Microsoft.AspNetCore.Server.Kestrel"
 }
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index bfb35107ef..9ba387d674 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -1,13 +1,13 @@
-{
+{
   "version": "1.0.0-*",
   "compilationOptions": {
     "emitEntryPoint": true
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
-    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
-    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNet.StaticFiles": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
+    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNetCore.StaticFiles": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*"
   },
   "commands": {
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 7c469ef299..11a95a5717 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,10 +1,10 @@
 using System.Linq;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
diff --git a/samples/OpenIdConnectSample/hosting.json b/samples/OpenIdConnectSample/hosting.json
index f8ef14574d..6a93dbafa8 100644
--- a/samples/OpenIdConnectSample/hosting.json
+++ b/samples/OpenIdConnectSample/hosting.json
@@ -1,3 +1,3 @@
-{
-  "server": "Microsoft.AspNet.Server.Kestrel"
+{
+  "server": "Microsoft.AspNetCore.Server.Kestrel"
 }
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 9a204e1425..3b2caff5e2 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,9 +1,9 @@
 {
   "dependencies": {
-    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
-    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
-    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
+    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 2641725df9..e959943798 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -5,15 +5,15 @@ using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.Google;
-using Microsoft.AspNet.Authentication.MicrosoftAccount;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Authentication.Twitter;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
diff --git a/samples/SocialSample/hosting.json b/samples/SocialSample/hosting.json
index f8ef14574d..6a93dbafa8 100644
--- a/samples/SocialSample/hosting.json
+++ b/samples/SocialSample/hosting.json
@@ -1,3 +1,3 @@
-{
-  "server": "Microsoft.AspNet.Server.Kestrel"
+{
+  "server": "Microsoft.AspNetCore.Server.Kestrel"
 }
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 53ade790cd..a8eb114c99 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,13 +1,13 @@
 {
   "dependencies": {
-    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
-    "Microsoft.AspNet.DataProtection": "1.0.0-*",
-    "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
-    "Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
+    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
index 70d7096cbf..380e6f9374 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
@@ -6,11 +6,11 @@ using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
index c9d6194ba5..3aabf94c15 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     internal static class Constants
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 8582648877..765d1f51cd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add cookie authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
index 715c251008..2baa9e45cd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Diagnostics.CodeAnalysis;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Default values related to cookie-based authentication middleware
@@ -19,7 +19,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
         /// <summary>
         /// The prefix used to provide a default CookieAuthenticationOptions.CookieName
         /// </summary>
-        public static readonly string CookiePrefix = ".AspNet.";
+        public static readonly string CookiePrefix = ".AspNetCore.";
 
         /// <summary>
         /// The default value used by CookieAuthenticationMiddleware for the
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 040539d4d9..b056d0787b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -6,21 +6,21 @@ using System;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features;
-using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     internal class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
     {
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueMinusOne = "-1";
-        private const string SessionIdClaim = "Microsoft.AspNet.Authentication.Cookies-SessionId";
+        private const string SessionIdClaim = "Microsoft.AspNetCore.Authentication.Cookies-SessionId";
 
         private bool _shouldRefresh;
         private DateTimeOffset? _refreshIssuedUtc;
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index c15b10d345..ff54957cfe 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -3,13 +3,13 @@
 
 using System;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 075353887f..dc1a63bbf3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,13 +4,13 @@
 using System;
 using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Contains the options used by the CookiesAuthenticationMiddleware
@@ -36,7 +36,7 @@ namespace Microsoft.AspNet.Builder
         }
 
         /// <summary>
-        /// Determines the cookie name used to persist the identity. The default value is ".AspNet.Cookies".
+        /// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies".
         /// This value should be changed if you change the name of the AuthenticationScheme, especially if your
         /// system uses the cookie authentication middleware multiple times.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
index 83d34d0aec..5a35415d1b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Determines how the identity cookie's security property is set.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
index d3e9127eed..e5423fed23 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     public class BaseCookieContext : BaseContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index e78db2a87d..ffe687e5f2 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -3,9 +3,9 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// This default implementation of the ICookieAuthenticationEvents may be used if the 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
index 4f0266b855..e946548f49 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Diagnostics.CodeAnalysis;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
index 2412722c08..cfb7c5f1d8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SignedIn.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
index 709549d0aa..d8b2307f32 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SigningIn.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
index 2de962ef4e..ab5858e369 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SigningOut    
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index 435499bf57..d2c1fd42f6 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -3,11 +3,11 @@
 
 using System;
 using System.Security.Claims;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Context object passed to the ICookieAuthenticationProvider method ValidatePrincipal.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
index 9c3cc912dd..1406d872dc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="CookieAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
index 0aa9855ee3..4514fefa97 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// This is used by the CookieAuthenticationMiddleware to process request and response cookies.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
index 418dec45e4..cff11a8929 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
@@ -2,7 +2,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
     /// This provides an abstract storage mechanic to preserve identity information on the server
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs
index ede713df8c..e2719f39d2 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Cookies
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.Cookies.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.Cookies.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The cookie key and options are larger than ChunksSize, leaving no room for data.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 8a6fdac7be..de5c6c09dc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
     "Microsoft.Extensions.Options": "1.0.0-*",
     "Microsoft.Extensions.WebEncoders": "1.0.0-*",
     "Newtonsoft.Json": "6.0.6"
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 19ff8fa67e..0435db794f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.Facebook;
+using Microsoft.AspNetCore.Authentication.Facebook;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add Facebook authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
index d2896a5ce5..da65e246ba 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.Facebook
+namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     public static class FacebookDefaults
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 7c74b253f3..126f48d66d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -7,13 +7,13 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.WebUtilities;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.WebUtilities;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.Facebook
+namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     internal class FacebookHandler : OAuthHandler<FacebookOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
index bb950f32a3..af68a7c32a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
@@ -4,7 +4,7 @@
 using System;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.Facebook
+namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     /// <summary>
     /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
index f6d04171a9..4ceda639cc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
@@ -4,14 +4,14 @@
 using System;
 using System.Globalization;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication.Facebook
+namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using Facebook.
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
index 25e02cf778..af82c6f9a7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
-using Microsoft.AspNet.Authentication.Facebook;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication.Facebook;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="FacebookMiddleware"/>.
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
index 69c6675755..a3a2f28745 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.Facebook
+namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Facebook
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.Facebook.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.Facebook.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The '{0}' option must be provided.
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 0c64cafa91..2a11e8fd5c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*",
     "Newtonsoft.Json": "6.0.6"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
index e380ebf475..fe693a61b7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.Google;
+using Microsoft.AspNetCore.Authentication.Google;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add Google authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
index ebd05602ab..06fd12eb1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.Google
+namespace Microsoft.AspNetCore.Authentication.Google
 {
     public static class GoogleDefaults
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 675e424422..affde917aa 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -7,13 +7,13 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.WebUtilities;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.WebUtilities;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.Google
+namespace Microsoft.AspNetCore.Authentication.Google
 {
     internal class GoogleHandler : OAuthHandler<GoogleOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
index 5327ddcb2e..0a763d5696 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
@@ -5,7 +5,7 @@ using System;
 using Microsoft.Extensions.Internal;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.Google
+namespace Microsoft.AspNetCore.Authentication.Google
 {
     /// <summary>
     /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
index 72ec3dee98..565d89b0cf 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
@@ -4,14 +4,14 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication.Google
+namespace Microsoft.AspNetCore.Authentication.Google
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using Google OAuth 2.0.
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
index eb1f0c3f1b..208d710650 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication.Google;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="GoogleMiddleware"/>.
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
index 5003d937b4..690c5a2803 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.Google
+namespace Microsoft.AspNetCore.Authentication.Google
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Google
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.Google.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.Google.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The '{0}' option must be provided.
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 47736748c5..10862c3180 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index 02898af9c9..b3e0f0bdc8 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class AuthenticationFailedContext : BaseJwtBearerContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
index 50ed9ffc5f..5c28f2976e 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class BaseJwtBearerContext : BaseControlContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
index cf47ab47ea..4ad6f7c21b 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
@@ -6,7 +6,7 @@ using System.Threading.Tasks;
 /// <summary>
 /// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
     /// OpenIdConnect bearer token middleware events.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index 403e8ab7fd..b3a4d21ba6 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class JwtBearerChallengeContext : BaseJwtBearerContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index 7fcf922e57..5fc8a6b6c9 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -3,12 +3,12 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
 /// <summary>
 /// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
 /// </summary>
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
     /// OpenIdConnect bearer token middleware events.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
index a0c7a98c29..e38c49cf15 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class ReceivedTokenContext : BaseJwtBearerContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
index 16ee6c1cee..e93ad824ad 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class ReceivingTokenContext : BaseJwtBearerContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index 1f6e24e922..3a1dad812f 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class ValidatedTokenContext : BaseJwtBearerContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index bea74d7412..13c06ca382 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add OpenIdConnect Bearer authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
index 5b73bf1569..649edf94bb 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
     /// Default values used by bearer authentication.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index be6e83c036..67889d51db 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -6,16 +6,16 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     internal class JwtBearerHandler : AuthenticationHandler<JwtBearerOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
index 7102cb61af..bfb38793f3 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
@@ -4,14 +4,14 @@
 using System;
 using System.Net.Http;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
     /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index b028d0b5e8..0a08ff3e44 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -6,13 +6,13 @@ using System.Collections.Generic;
 using System.ComponentModel;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Options class provides information needed to control Bearer Authentication middleware behavior
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
index 79bbbe4497..ef1d784f22 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.JwtBearer
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.JwtBearer.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.JwtBearer.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The '{0}' option must be provided.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 16b169298b..0ff2727364 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 1986227da3..660dd2e818 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add Microsoft Account authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
index be0732ae6d..d853794779 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     public static class MicrosoftAccountDefaults
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index f28c7ffc7f..245fbed87d 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -5,12 +5,12 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http.Authentication;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     internal class MicrosoftAccountHandler : OAuthHandler<MicrosoftAccountOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
index b0573688e9..8b88cbc44c 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
@@ -4,7 +4,7 @@
 using System;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 5f0e36bb45..8daa9b2add 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -3,14 +3,14 @@
 
 using System;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using the Microsoft Account service.
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 392df69bf7..7adfa57057 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="MicrosoftAccountMiddleware"/>.
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
index 6a20332bd6..618d143eed 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.MicrosoftAccount
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.MicrosoftAccount
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.MicrosoftAccount.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.MicrosoftAccount.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The user does not have an id.
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index b1528b9352..db03dbd5c7 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication.OAuth": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs
index 53114e2443..fb4d8b76d8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     internal static class Constants
     {
         internal const string SecurityAuthenticate = "security.Authenticate";
-        internal const string CorrelationPrefix = ".AspNet.Correlation.";
+        internal const string CorrelationPrefix = ".AspNetCore.Correlation.";
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
index 4c800c9844..76a238e07d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="OAuthMiddleware"/> invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index c2b35349ee..15f9c91c74 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -5,11 +5,11 @@ using System;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
index 07de38640c..cf1528e280 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
     /// Default <see cref="IOAuthEvents"/> implementation.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
index 8e3599605f..5dcbd568cb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
     /// Context passed when a Challenge causes a redirect to authorize endpoint in the middleware.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index 8d71400bae..eebeaf7a37 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.OAuth;
+using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add OAuth 2.0 authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 632932a3fb..7f59443bf3 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -9,16 +9,16 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Extensions;
-using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Extensions;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     public class OAuthHandler<TOptions> : RemoteAuthenticationHandler<TOptions> where TOptions : OAuthOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
index 72d34cbf78..401537e831 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
@@ -6,13 +6,13 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
     /// An ASP.NET middleware for authenticating users using OAuth services.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index d53e0a8bcd..230c7362ad 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="OAuthMiddleware"/>.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
index 7a45120b4a..aa4026b009 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
@@ -4,7 +4,7 @@
 using System;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     public class OAuthTokenResponse
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
index d17513cbaa..00c7b848b5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.OAuth
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.OAuth
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.OAuth.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.OAuth.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The '{0}' option must be provided.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 1d6833e3ef..352ccfe905 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
     "Newtonsoft.Json": "6.0.6"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
index a120c24026..776f78d6e7 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class AuthenticationFailedContext : BaseOpenIdConnectContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
index 2469ef5c86..4e19796457 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
@@ -1,12 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class AuthenticationValidatedContext : BaseOpenIdConnectContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index f43be81981..d1737cd259 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -3,11 +3,11 @@
 
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
index e0c74c8db5..7d17d3cf80 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class AuthorizationResponseReceivedContext : BaseOpenIdConnectContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
index e207c836a5..d2f56a4ce2 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class BaseOpenIdConnectContext : BaseControlContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
index b6bcfd57dc..da956acf82 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index cb42c0f9bc..d535f35f92 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class MessageReceivedContext : BaseOpenIdConnectContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index c84e5546a1..249342eecf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
index a87c3398ed..59b1c0efd1 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// When a user configures the <see cref="OpenIdConnectMiddleware"/> to be notified prior to redirecting to an IdentityProvider
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index 0e12bc2914..b4a9ad6d11 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -1,12 +1,12 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
index 80935354af..c0a53db447 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
@@ -1,11 +1,11 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class UserInformationReceivedContext : BaseOpenIdConnectContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index 63cfe5009a..07aefec424 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add OpenID Connect authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
index e280a6afb1..378c594479 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// Default values related to OpenIdConnect authentication middleware
@@ -26,12 +26,12 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
         /// <summary>
         /// The prefix used to for the nonce in the cookie.
         /// </summary>
-        public static readonly string CookieNoncePrefix = ".AspNet.OpenIdConnect.Nonce.";
+        public static readonly string CookieNoncePrefix = ".AspNetCore.OpenIdConnect.Nonce.";
 
         /// <summary>
         /// The prefix used for the state in the cookie.
         /// </summary>
-        public static readonly string CookieStatePrefix = ".AspNet.OpenIdConnect.State.";
+        public static readonly string CookieStatePrefix = ".AspNetCore.OpenIdConnect.State.";
 
         /// <summary>
         /// The property for the RedirectUri that was used when asking for a 'authorizationCode'.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index e9f4d3ae00..8ade6ee631 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -13,17 +13,17 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// A per-request authentication handler for the OpenIdConnectAuthenticationMiddleware.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 5dcd74d3c1..09901cf372 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -6,15 +6,15 @@ using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Text;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// ASP.NET middleware for obtaining identities using OpenIdConnect protocol.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index cd31e27d01..4ae05a2bba 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -5,15 +5,15 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Configuration options for <see cref="OpenIdConnectOptions"/>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs
index 5c0176627f..2f419df18a 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs	
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs	
@@ -1,4 +1,4 @@
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
     /// Lists the different authentication methods used to
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
index 64b345f959..65a9273a0d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.OpenIdConnect.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.OpenIdConnect.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// OpenIdConnectAuthenticationHandler: message.State is null or empty.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 58d9d5a407..04354e3512 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
index d928fdcc71..5f00cb18bc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// Base class for other Twitter contexts.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
index cea4a99bf6..76b487b966 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// Specifies callback methods which the <see cref="TwitterMiddleware"></see> invokes to enable developer control over the authentication process. />
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index d5537ef95c..97d1d176a9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
index 1941e7990f..99122e8553 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// Default <see cref="ITwitterEvents"/> implementation.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
index 5569e82735..aa1da43edb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
@@ -1,11 +1,11 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
index 880cf69d93..550163bec8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// The Twitter access token retrieved from the access token endpoint.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
index 94a766e020..04c334e3d3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// The Twitter request token obtained from the request token endpoint.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index 6d3adeb1c9..a96a379c18 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -4,9 +4,9 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// Serializes and deserializes Twitter request and access tokens so that they can be used by other application components.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
index 9a385b546d..d60c2fc734 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication.Twitter
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.Twitter.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.Twitter.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The '{0}' option must be provided.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 6303707521..df6ca1d024 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication.Twitter;
+using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add Twitter authentication capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
index a546dba9cd..0610ccfc9d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     public static class TwitterDefaults
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 3de3b37fdf..a4a1a08020 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -9,16 +9,16 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.AspNet.Http.Internal;
-using Microsoft.AspNet.WebUtilities;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.Http.Internal;
+using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     internal class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
index 6b708a3a73..1a1e199cc1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
@@ -6,13 +6,13 @@ using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
     /// ASP.NET middleware for authenticating users using Twitter
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 19a3ca78aa..cd13d1798f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication;
-using Microsoft.AspNet.Authentication.Twitter;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Options for the Twitter authentication middleware.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 6c4124a1b5..67ebf2c0db 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication": "1.0.0-*"
   },
   "frameworks": {
     "net451": {
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
index 25d87a4633..fb97931cbb 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Contains the result of an Authenticate call
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index f68bddaf89..ff98a10318 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -4,14 +4,14 @@
 using System;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Base class for the per-request work performed by most authentication middleware.
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
index 08e325bc0b..ad63b17614 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
@@ -4,12 +4,12 @@
 using System;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions, new()
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
index 5f8e562935..8f1fb06912 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Base Options for all authentication middleware
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 72032f53b0..9ce76d7e62 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -2,7 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication;
+using Microsoft.AspNetCore.Authentication;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
index dffcebc08e..1d56a8fb34 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
@@ -3,9 +3,9 @@
 
 using System;
 using System.Security.Claims;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Contains user identity information as well as additional authentication state.
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index 7dfa482174..1cc76b946e 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -4,10 +4,10 @@
 using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add claims transformation capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
index 954f26032f..78d9a0845b 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
-using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Handler that applies ClaimsTransformation to authentication
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
index f490af4a4f..2e2216bc25 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
@@ -3,11 +3,11 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class ClaimsTransformationMiddleware
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
index e1ca6b9004..7772457a02 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Authentication;
+using Microsoft.AspNetCore.Authentication;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     public class ClaimsTransformationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
index e824689d1c..b8e7ea3e1c 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
@@ -5,7 +5,7 @@ using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class ClaimsTransformer : IClaimsTransformer
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs
index 4fc7b49bec..ad9c523005 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public interface IDataSerializer<TModel>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs
index c44729e125..73b1b882b5 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public interface ISecureDataFormat<TData>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs
index 956794815e..3d31e4bd2d 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs
@@ -1,10 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class PropertiesDataFormat : SecureDataFormat<AuthenticationProperties>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
index e6d6bc1d81..542553cf2b 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
@@ -5,9 +5,9 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.IO;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class PropertiesSerializer : IDataSerializer<AuthenticationProperties>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs
index 339d3ed221..f35025d8bb 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNetCore.DataProtection;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class SecureDataFormat<TData> : ISecureDataFormat<TData>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
index 009413ed0a..c07a314b05 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public static class Base64UrlTextEncoder
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs
index 63f97cc9e4..e43943cfc8 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNetCore.DataProtection;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class TicketDataFormat : SecureDataFormat<AuthenticationTicket>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs
index 36b2695923..e33ec71725 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs
@@ -6,7 +6,7 @@ using System.IO;
 using System.Linq;
 using System.Security.Claims;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     // This MUST be kept in sync with Microsoft.Owin.Security.Interop.AspNetTicketSerializer
     public class TicketSerializer : IDataSerializer<AuthenticationTicket>
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
index 0286871e98..10b3325d4f 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public abstract class BaseContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
index 4e986c808e..db81ad704c 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class BaseControlContext : BaseContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
index c3437ddff6..80a6f949ab 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public enum EventResultState
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
index e0475d7363..35af9cee30 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Provides failure context information to middleware providers.
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
index 666783fd9c..e2109a0651 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public interface IRemoteAuthenticationEvents
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
index d1c90be2f0..ee45b8afd9 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class RemoteAuthenticationEvents : IRemoteAuthenticationEvents
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
index 0663248cf1..5d5fd4883c 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
@@ -2,11 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Provides context information to middleware providers.
diff --git a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
index 0234f22cdb..eea17bcc3c 100644
--- a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
@@ -1,12 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Features;
-using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication.Internal;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication.Internal;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     internal static class HttpContextExtensions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
index a4e4e2f25e..03eece9318 100644
--- a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
@@ -4,7 +4,7 @@
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public interface IClaimsTransformer
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs b/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
index dedb6d36af..5582669861 100644
--- a/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Abstracts the system clock to facilitate testing.
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
index b1dc46b068..29dd7c67e2 100644
--- a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authentication
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authentication.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index cc1487d55d..ef4a1db52d 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -3,11 +3,11 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http.Features.Authentication;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : RemoteAuthenticationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 9392379398..86fcdcc97b 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -3,10 +3,10 @@
 
 using System;
 using System.Net.Http;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authentication;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     public class RemoteAuthenticationOptions : AuthenticationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
index 5a03a279fa..bf30cae9e3 100644
--- a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class SharedAuthenticationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
index 405b8afa26..0f9c2a30a0 100644
--- a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
+++ b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
@@ -4,7 +4,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Provides access to the normal system clock.
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index ef36e17f03..c7a58a242c 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -10,9 +10,9 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.DataProtection": "1.0.0-*",
-    "Microsoft.AspNet.Http": "1.0.0-*",
-    "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
+    "Microsoft.AspNetCore.Http": "1.0.0-*",
+    "Microsoft.AspNetCore.Http.Extensions": "1.0.0-*",
     "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
     "Microsoft.Extensions.SecurityHelper.Sources": {
       "type": "build",
diff --git a/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs b/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
index b61a01446b..cb3f1b1728 100644
--- a/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     /// <summary>
     /// Specifies that the class or method that this attribute is applied to does not require authorization.
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs
index 93f4da651d..455adb0dda 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs
@@ -6,7 +6,7 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     /// <summary>
     /// Contains authorization information used by <see cref="IAuthorizationHandler"/>.
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
index bdfe8b1c13..2bd90aad42 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
@@ -4,7 +4,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public abstract class AuthorizationHandler<TRequirement> : IAuthorizationHandler
         where TRequirement : IAuthorizationRequirement
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
index 66627b458c..c3019c907f 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public class AuthorizationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
index befcb3c277..97aa5b381b 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
@@ -5,7 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public class AuthorizationPolicy
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
index 053ff49605..0cc0195e60 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
@@ -4,9 +4,9 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.AspNet.Authorization.Infrastructure;
+using Microsoft.AspNetCore.Authorization.Infrastructure;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public class AuthorizationPolicyBuilder
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
index 599a8fb27c..120dffda57 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authorization;
-using Microsoft.AspNet.Authorization.Infrastructure;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Authorization.Infrastructure;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace Microsoft.Extensions.DependencyInjection
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
index 5ab5b03e73..a2b0a755cf 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
@@ -6,7 +6,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public static class AuthorizationServiceExtensions
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
index a20436ce99..cdfab44f17 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     /// <summary>
     /// Specifies that the class or method that this attribute is applied to requires the specified authorization.
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 2c1fcd20d1..d501f1b20e 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -9,7 +9,7 @@ using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public class DefaultAuthorizationService : IAuthorizationService
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs b/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
index 3ba290a989..7593e0ad3c 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public interface IAllowAnonymous
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
index 84ebbc9a3e..fc8ba6e7ff 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
@@ -3,7 +3,7 @@
 
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public interface IAuthorizationHandler
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
index 19857b618e..800789a8ca 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     public interface IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
index a9dbe06cdd..e3b9fec91e 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
@@ -5,7 +5,7 @@ using System.Collections.Generic;
 using System.Security.Claims;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     /// <summary>
     /// Checks policy based permissions for a user
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
index a49b4892a1..3371134b48 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     /// <summary>
     /// Defines the set of data required to apply authorization rules to a resource.
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
index b0eb44cf9b..0d3ab2bf28 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
@@ -3,7 +3,7 @@
 
 using System;
 
-namespace Microsoft.AspNet.Authorization.Infrastructure
+namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     public class AssertionRequirement : AuthorizationHandler<AssertionRequirement>, IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
index 82e3ac5b69..bff54954d9 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
@@ -5,7 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization.Infrastructure
+namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     // Must contain a claim with the specified name, and at least one of the required values
     // If AllowedValues is null or empty, that means any claim is valid
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
index 1011baef3e..44ab475de0 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
@@ -3,7 +3,7 @@
 
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization.Infrastructure
+namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
index dc9ea9eda2..a4f2455a69 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization.Infrastructure
+namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     /// <summary>
     /// Requirement that ensures a specific Name
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
index 0beaaa2448..455d66ff24 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.Authorization.Infrastructure
+namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     public class OperationAuthorizationRequirement : IAuthorizationRequirement
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
index 1ea353f934..480e2de0cb 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
@@ -4,7 +4,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authorization.Infrastructure
+namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     public class PassThroughAuthorizationHandler : IAuthorizationHandler
     {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
index 21b3729de1..217e3ea0c1 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
@@ -5,7 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 
-namespace Microsoft.AspNet.Authorization.Infrastructure
+namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     // Must belong to with one of specified roles
     // If AllowedRoles is null or empty, that means any role is valid
diff --git a/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
index 9242639ffa..116001e659 100644
--- a/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
@@ -1,5 +1,5 @@
 // <auto-generated />
-namespace Microsoft.AspNet.Authorization
+namespace Microsoft.AspNetCore.Authorization
 {
     using System.Globalization;
     using System.Reflection;
@@ -8,7 +8,7 @@ namespace Microsoft.AspNet.Authorization
     internal static class Resources
     {
         private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNet.Authorization.Resources", typeof(Resources).GetTypeInfo().Assembly);
+            = new ResourceManager("Microsoft.AspNetCore.Authorization.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
         /// <summary>
         /// AuthorizationPolicy must have at least one requirement.
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 14245e4d2f..79691d0a48 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Http.Features": "1.0.0-*",
+    "Microsoft.AspNetCore.Http.Features": "1.0.0-*",
     "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
     "Microsoft.Extensions.Options": "1.0.0-*"
   },
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs b/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
index f9d8166612..1b13251f73 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNetCore.CookiePolicy
 {
     public class AppendCookieContext
     {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
index 02cbd22f96..bb5700fc62 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.CookiePolicy;
+using Microsoft.AspNetCore.CookiePolicy;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
     /// Extension methods to add cookie policy capabilities to an HTTP application pipeline.
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index 2fb299d165..d9a65028c7 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -3,12 +3,12 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Features.Internal;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features.Internal;
 using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNetCore.CookiePolicy
 {
     public class CookiePolicyMiddleware
     {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index ffc2fa7b74..812c714288 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.CookiePolicy;
+using Microsoft.AspNetCore.CookiePolicy;
 
-namespace Microsoft.AspNet.Builder
+namespace Microsoft.AspNetCore.Builder
 {
     public class CookiePolicyOptions
     {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs b/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
index c8cd208fbf..f0693bf71f 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
@@ -1,9 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNetCore.CookiePolicy
 {
     public class DeleteCookieContext
     {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs b/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
index 276e3ed3ee..82305f4754 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNetCore.CookiePolicy
 {
     public enum HttpOnlyPolicy
     {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
index 7790eac278..4b5fbfe3b9 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -7,7 +7,7 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>86183dc3-02a8-4a68-8b60-71ecec066e79</ProjectGuid>
-    <RootNamespace>Microsoft.AspNet.CookiePolicy</RootNamespace>
+    <RootNamespace>Microsoft.AspNetCore.CookiePolicy</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs b/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
index 962ecddff7..c0dd639f1c 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNetCore.CookiePolicy
 {
     public enum SecurePolicy
     {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index 79ccda4a15..a2c04f1455 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -10,7 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNet.Http": "1.0.0-*",
+    "Microsoft.AspNetCore.Http": "1.0.0-*",
     "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs b/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
index 2bfc44fde9..6a1019fbc8 100644
--- a/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
+++ b/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
@@ -9,7 +9,7 @@ using Microsoft.Owin.Security.DataHandler.Serializer;
 
 namespace Microsoft.Owin.Security.Interop
 {
-    // This MUST be kept in sync with Microsoft.AspNet.Authentication.DataHandler.TicketSerializer
+    // This MUST be kept in sync with Microsoft.AspNetCore.Authentication.DataHandler.TicketSerializer
     public class AspNetTicketSerializer : IDataSerializer<AuthenticationTicket>
     {
         private const string DefaultStringPlaceholder = "\0";
diff --git a/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs b/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
index 9dc7eedda9..7313588948 100644
--- a/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
+++ b/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNetCore.DataProtection;
 
 namespace Microsoft.Owin.Security.Interop
 {
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index b3c352a874..953428b7b4 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -1,12 +1,12 @@
-{
+{
     "version": "1.0.0-*",
     "compilationOptions": {
         "warningsAsErrors": true,
         "keyFile": "../../tools/Key.snk"
     },
-    "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNet.Authentication.",
+    "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.",
     "dependencies": {
-        "Microsoft.AspNet.DataProtection.Extensions": "1.0.0-*",
+        "Microsoft.AspNetCore.DataProtection.Extensions": "1.0.0-*",
         "Microsoft.Owin.Security": "3.0.1"
     },
     "frameworks": {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
index b5935938ae..431c35bdb5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -6,16 +6,16 @@ using System.IO;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features;
-using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.AspNet.Http.Internal;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.Http.Internal;
 using Microsoft.Extensions.Logging;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class AuthenticationHandlerFacts
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index e6fc0d709b..158c480516 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -10,17 +10,17 @@ using System.Security.Principal;
 using System.Text;
 using System.Threading.Tasks;
 using System.Xml.Linq;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     public class CookieMiddlewareTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 84d496918a..71590727cb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -3,11 +3,11 @@
 
 using System;
 using System.Collections.Generic;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Internal;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Internal;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Cookies.Infrastructure
+namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
 {
     public class CookieChunkingTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
index 8e62684303..3195298c0d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
@@ -3,7 +3,7 @@
 
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class Base64UrlTextEncoderTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs
index 2cfdd4e793..bda4b09fa7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs
@@ -1,13 +1,13 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using System.Text;
-using Microsoft.AspNet.DataProtection;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.DataHandler
+namespace Microsoft.AspNetCore.Authentication.DataHandler
 {
     public class SecureDataFormatTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs
index 0ab8bce417..8eeedde0da 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs
@@ -5,11 +5,11 @@ using System;
 using System.IO;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Testing.xunit;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Testing.xunit;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class TicketSerializerTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index 764b63a15a..fa2bed53fd 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -8,19 +8,19 @@ using System.Net.Http;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Newtonsoft.Json;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Facebook
+namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     public class FacebookMiddlewareTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 29cc78403c..7daec9863b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -9,19 +9,19 @@ using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Newtonsoft.Json;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Google
+namespace Microsoft.AspNetCore.Authentication.Google
 {
     public class GoogleMiddlewareTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 6ff7751a93..72d13a4c9e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -8,18 +8,18 @@ using System.Net.Http;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using System.Xml.Linq;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.Http.Features.Authentication;
-using Microsoft.AspNet.TestHost;
-using Microsoft.AspNet.Testing.xunit;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.AspNetCore.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class JwtBearerMiddlewareTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 6d41f5a7a6..f80ee21229 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -8,18 +8,18 @@ using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authentication.OAuth;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Newtonsoft.Json;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Tests.MicrosoftAccount
+namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
 {
     public class MicrosoftAccountMiddlewareTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
index 66cc84621b..494e2d92a7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
@@ -4,9 +4,9 @@
 using System;
 using System.Text;
 using System.Text.Encodings.Web;
-using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 {
     /// <summary>
     /// This formatter creates an easy to read string of the format: "'key1' 'value1' ..."
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
index d1f65aed2a..66fc2f4bab 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
@@ -9,7 +9,7 @@ using System.Text.Encodings.Web;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 {
     /// <summary>
     /// This helper class is used to check that query string parameters are as expected.
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 6661eeb542..4c95083d57 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -11,18 +11,18 @@ using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using System.Xml.Linq;
-using Microsoft.AspNet.Authentication.Cookies;
-using Microsoft.AspNet.Authentication.OpenIdConnect;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Authentication;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 {
     public class OpenIdConnectMiddlewareTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs
index e48aa66043..6247c85b43 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs
@@ -4,7 +4,7 @@
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 {
     /// <summary>
     /// These utilities are designed to test openidconnect related flows
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
index 20495125d4..c34e4fd2da 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNet.Authentication;
+using Microsoft.AspNetCore.Authentication;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class TestClock : ISystemClock
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
index 8d3cdb7e29..2e9001dd8c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
@@ -9,10 +9,10 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public static class TestExtensions
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
index 1a93b16df5..5289e38809 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
@@ -5,7 +5,7 @@ using System;
 using System.Net.Http;
 using System.Threading.Tasks;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class TestHttpMessageHandler : HttpMessageHandler
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs b/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
index e32c3b9261..56058b850f 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
@@ -6,7 +6,7 @@ using System.Linq;
 using System.Net.Http;
 using System.Xml.Linq;
 
-namespace Microsoft.AspNet.Authentication
+namespace Microsoft.AspNetCore.Authentication
 {
     public class Transaction
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
index 173de5a82b..2ca2223b97 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
@@ -6,14 +6,14 @@ using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
-namespace Microsoft.AspNet.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     public class TwitterMiddlewareTests
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index f9a5e1f3ee..5f6dcb9aeb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -3,15 +3,15 @@
     "warningsAsErrors": true
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
-    "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
-    "Microsoft.AspNet.TestHost": "1.0.0-*",
-    "Microsoft.AspNet.Testing": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.0.0-*",
+    "Microsoft.AspNetCore.Testing": "1.0.0-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
index 97430a1215..f74e461523 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -3,11 +3,11 @@
 
 using System;
 using System.Linq;
-using Microsoft.AspNet.Authorization;
-using Microsoft.AspNet.Authorization.Infrastructure;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Authorization.Infrastructure;
 using Xunit;
 
-namespace Microsoft.AspNet.Authroization.Test
+namespace Microsoft.AspNetCore.Authroization.Test
 {
     public class AuthorizationPolicyFacts
     {
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index fc4377aebe..89b7d779a5 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -6,11 +6,11 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Authorization.Infrastructure;
+using Microsoft.AspNetCore.Authorization.Infrastructure;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
-namespace Microsoft.AspNet.Authorization.Test
+namespace Microsoft.AspNetCore.Authorization.Test
 {
     public class DefaultAuthorizationServiceTests
     {
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 1fa1347e16..b271d43eb8 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -3,7 +3,7 @@
     "warningsAsErrors": true
   },
   "dependencies": {
-    "Microsoft.AspNet.Authorization": "1.0.0-*",
+    "Microsoft.AspNetCore.Authorization": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
     "Microsoft.Extensions.Logging": "1.0.0-*",
     "xunit": "2.1.0"
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index f8529e0191..fde6034974 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -3,15 +3,15 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Features;
-using Microsoft.AspNet.Http.Features.Internal;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Http.Features.Internal;
+using Microsoft.AspNetCore.TestHost;
 using Xunit;
 
-namespace Microsoft.AspNet.CookiePolicy.Test
+namespace Microsoft.AspNetCore.CookiePolicy.Test
 {
     public class CookiePolicyTests
     {
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
index b0a49fdddf..b04b3cd612 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -7,7 +7,7 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>1790e052-646f-4529-b90e-6fea95520d69</ProjectGuid>
-    <RootNamespace>Microsoft.AspNet.CookiePolicy.Test</RootNamespace>
+    <RootNamespace>Microsoft.AspNetCore.CookiePolicy.Test</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
     <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
   </PropertyGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
index 9cd07cb362..9456094d41 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
@@ -9,10 +9,10 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
-using Microsoft.AspNet.Http;
-using Microsoft.AspNet.TestHost;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNetCore.CookiePolicy
 {
     // REVIEW: Should find a shared home for these potentially (Copied from Auth tests)
     public static class TestExtensions
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
index afa9c0c99f..25457e991d 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
@@ -6,7 +6,7 @@ using System.Linq;
 using System.Net.Http;
 using System.Xml.Linq;
 
-namespace Microsoft.AspNet.CookiePolicy
+namespace Microsoft.AspNetCore.CookiePolicy
 {
     // REVIEW: Should find a shared home for these potentially (Copied from Auth tests)
     public class Transaction
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 66d7c743f4..4ee196a260 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -3,8 +3,8 @@
     "warningsAsErrors": true
   },
   "dependencies": {
-    "Microsoft.AspNet.CookiePolicy": "1.0.0-*",
-    "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
     "xunit": "2.1.0"
   },
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index 996e181607..08df190117 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.IO;
@@ -9,10 +9,10 @@ using System.Text;
 using System.Threading.Tasks;
 using System.Xml;
 using System.Xml.Linq;
-using Microsoft.AspNet.Builder;
-using Microsoft.AspNet.DataProtection;
-using Microsoft.AspNet.Hosting;
-using Microsoft.AspNet.Http;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Owin.Security.Cookies;
 using Microsoft.Owin.Testing;
@@ -31,7 +31,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
                 CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var interopServer = TestServer.Create(app =>
@@ -85,7 +85,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
                 CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var builder = new WebHostBuilder()
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
index 7810805523..06073e8b72 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.AspNet.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Xunit;
 
 namespace Microsoft.Owin.Security.Interop.Test
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index e4af613d9e..660f338685 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -1,10 +1,10 @@
-{
+{
   "compilationOptions": {
     "warningsAsErrors": true
   },
   "dependencies": {
-    "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNet.TestHost": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.0.0-*",
     "Microsoft.Owin.Testing": "3.0.1",

From a5b288897d2981c241133b8d37aa22136b653e3a Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Fri, 22 Jan 2016 12:39:16 -0800
Subject: [PATCH 451/900] Update ASP.NET 5 versions for ASP.NET Core.

See https://github.com/aspnet/Announcements/issues/144 for more information.
---
 samples/OpenIdConnectSample/project.json                  | 8 ++++----
 .../project.json                                          | 8 ++++----
 .../Microsoft.AspNetCore.Authentication.Test/project.json | 8 ++++----
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 3b2caff5e2..b0befb5403 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,15 +1,15 @@
 {
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "frameworks": {
-    "dnx451": { },
-    "dnxcore50": { }
+    "dnx451": {},
+    "dnxcore50": {}
   },
   "compilationOptions": {
     "emitEntryPoint": true
@@ -18,4 +18,4 @@
     "web": "OpenIdConnectSample"
   },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 04354e3512..40825201c6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "0.1.0-*",
   "description": "ASP.NET 5 middleware that enables an application to support the OpenID Connect authentication workflow.",
   "repository": {
     "type": "git",
@@ -14,7 +14,7 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "dotnet54": { }
+    "net451": {},
+    "dotnet54": {}
   }
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 5f6dcb9aeb..dcaa71f520 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -8,7 +8,7 @@
     "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
     "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
@@ -16,7 +16,7 @@
   },
   "frameworks": {
     "dnx451": {
-     "frameworkAssemblies": {
+      "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": ""
       },
@@ -24,7 +24,7 @@
         "xunit.runner.console": "2.1.0"
       }
     },
-    "dnxcore50": { 
+    "dnxcore50": {
       "dependencies": {
         "xunit.runner.aspnet": "2.0.0-aspnet-*"
       }
@@ -34,4 +34,4 @@
   "commands": {
     "test": "xunit.runner.aspnet"
   }
-}
+}
\ No newline at end of file

From 38de3d6013fd40329b7972c3249cdf76086258c2 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 22 Jan 2016 16:03:21 -0800
Subject: [PATCH 452/900] #526 Change from storing expires_in to calculating
 expires_at.

---
 .../OAuthHandler.cs                                  | 12 ++++++++++--
 .../OAuthOptions.cs                                  |  7 +++++++
 .../OpenIdConnectHandler.cs                          | 11 +++++++++--
 .../OpenIdConnectOptions.cs                          |  7 +++++++
 4 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 7f59443bf3..c31f6e29ed 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
@@ -108,8 +109,15 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
                 if (!string.IsNullOrEmpty(tokens.ExpiresIn))
                 {
-                    identity.AddClaim(new Claim("expires_in", tokens.ExpiresIn,
-                                                ClaimValueTypes.String, Options.ClaimsIssuer));
+                    int value;
+                    if (int.TryParse(tokens.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out value))
+                    {
+                        var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
+                        // https://www.w3.org/TR/xmlschema-2/#dateTime
+                        // https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
+                        identity.AddClaim(new Claim("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture),
+                                                    ClaimValueTypes.DateTime, Options.ClaimsIssuer));
+                    }
                 }
             }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index 230c7362ad..a094e681ba 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
+using System.ComponentModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Http.Authentication;
@@ -63,5 +64,11 @@ namespace Microsoft.AspNetCore.Builder
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
         public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+
+        /// <summary>
+        /// For testing purposes only.
+        /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 8ade6ee631..379beba2de 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -778,8 +778,15 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             if (!string.IsNullOrEmpty(message.ExpiresIn))
             {
-                identity.AddClaim(new Claim(OpenIdConnectParameterNames.ExpiresIn, message.ExpiresIn,
-                                            ClaimValueTypes.String, issuer));
+                int value;
+                if (int.TryParse(message.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out value))
+                {
+                    var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
+                    // https://www.w3.org/TR/xmlschema-2/#dateTime
+                    // https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
+                    identity.AddClaim(new Claim("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture),
+                                                ClaimValueTypes.DateTime, issuer));
+                }
             }
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 4ae05a2bba..9e8eef1e19 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.AspNetCore.Authentication;
@@ -191,5 +192,11 @@ namespace Microsoft.AspNetCore.Builder
         /// This is disabled by default.
         /// </summary>
         public bool SkipUnrecognizedRequests { get; set; } = false;
+
+        /// <summary>
+        /// For testing purposes only.
+        /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }

From 0c6a805405f8d572b61f9bdc489a86d8825483ff Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 22 Jan 2016 16:11:47 -0800
Subject: [PATCH 453/900] #632 Save twitters access token secret as a claim.

---
 .../TwitterHandler.cs                                            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index a4a1a08020..3b66f3128f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -91,6 +91,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             if (Options.SaveTokensAsClaims)
             {
                 identity.AddClaim(new Claim("access_token", accessToken.Token, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("access_token_secret", accessToken.TokenSecret, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
             return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, accessToken));

From 3780a475283c45c79fd0d4363312e59d482fb09a Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Sun, 24 Jan 2016 19:21:40 -0800
Subject: [PATCH 454/900] Fix tests broken by renames.

---
 .../Cookies/CookieMiddlewareTests.cs          |  8 +++----
 .../Facebook/FacebookMiddlewareTests.cs       |  2 +-
 .../Google/GoogleMiddlewareTests.cs           | 22 +++++++++----------
 .../MicrosoftAccountMiddlewareTests.cs        |  4 ++--
 .../OpenIdConnectMiddlewareTests.cs           |  2 +-
 .../Transaction.cs                            |  2 +-
 .../Transaction.cs                            |  2 +-
 .../CookieInteropTests.cs                     | 20 ++++++++++-------
 .../TicketInteropTests.cs                     |  4 ++--
 9 files changed, 35 insertions(+), 31 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 158c480516..785d5bfa62 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -438,7 +438,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
-            Assert.Contains(".AspNet.Cookies=; expires=", transaction2.SetCookie);
+            Assert.Contains(".AspNetCore.Cookies=; expires=", transaction2.SetCookie);
             Assert.Null(FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
@@ -913,7 +913,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await server.SendAsync("http://example.com");
 
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.True(transaction.SetCookie[0].StartsWith(".AspNet.Cookies="));
+            Assert.True(transaction.SetCookie[0].StartsWith(".AspNetCore.Cookies="));
         }
 
         [Fact]
@@ -979,7 +979,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             var transaction = await server.SendAsync("http://example.com/notlogout?ReturnUrl=%2Fpage");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.Contains(".AspNet.Cookies=; expires=", transaction.SetCookie[0]);
+            Assert.Contains(".AspNetCore.Cookies=; expires=", transaction.SetCookie[0]);
         }
 
         [Fact]
@@ -1000,7 +1000,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await server.SendAsync("http://example.com/logout?ReturnUrl=%2Fpage");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Contains(".AspNet.Cookies=; expires=", transaction.SetCookie[0]);
+            Assert.Contains(".AspNetCore.Cookies=; expires=", transaction.SetCookie[0]);
 
             var location = transaction.Response.Headers.Location;
             Assert.Equal("/page", location.OriginalString);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index fa2bed53fd..aadb62f51b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -212,7 +212,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 }, handler: null);
 
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Facebook";
+            var correlationKey = ".AspNetCore.Correlation.Facebook";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 7daec9863b..854c49ce97 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -111,7 +111,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
-            Assert.Contains(".AspNet.Correlation.Google=", transaction.SetCookie.Single());
+            Assert.Contains(".AspNetCore.Correlation.Google=", transaction.SetCookie.Single());
         }
 
         [Fact]
@@ -124,7 +124,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 AutomaticChallenge = true
             });
             var transaction = await server.SendAsync("https://example.com/401");
-            Assert.Contains(".AspNet.Correlation.Google=", transaction.SetCookie.Single());
+            Assert.Contains(".AspNetCore.Correlation.Google=", transaction.SetCookie.Single());
         }
 
         [Fact]
@@ -335,7 +335,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 }
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationKey = ".AspNetCore.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
@@ -347,7 +347,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
             Assert.Contains(correlationKey, transaction.SetCookie[0]);
-            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/me", authCookie);
@@ -394,7 +394,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 } : new OAuthEvents()
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationKey = ".AspNetCore.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
@@ -446,7 +446,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 } : new OAuthEvents()
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationKey = ".AspNetCore.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
@@ -528,7 +528,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 }
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationKey = ".AspNetCore.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
@@ -540,7 +540,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
             Assert.Contains(correlationKey, transaction.SetCookie[0]);
-            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/me", authCookie);
@@ -607,7 +607,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 }
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationKey = ".AspNetCore.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             var state = stateFormat.Protect(properties);
@@ -618,7 +618,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal("/", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
             Assert.Contains(correlationKey, transaction.SetCookie[0]);
-            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
         }
 
         [Fact]
@@ -690,7 +690,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             });
 
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Google";
+            var correlationKey = ".AspNetCore.Correlation.Google";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/foo";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index f80ee21229..2aad3cfef7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -152,7 +152,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                     }
                 });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNet.Correlation.Microsoft";
+            var correlationKey = ".AspNetCore.Correlation.Microsoft";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
@@ -164,7 +164,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
             Assert.Contains(correlationKey, transaction.SetCookie[0]);
-            Assert.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/me", authCookie);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 4c95083d57..040812d88b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -486,7 +486,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 {
                     if (SetCookie != null && SetCookie.Count > 0)
                     {
-                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet.Cookie="));
+                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNetCore.Cookie="));
                         if (authCookie != null)
                         {
                             return authCookie.Substring(0, authCookie.IndexOf(';'));
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs b/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
index 56058b850f..63f8af1bb2 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
@@ -24,7 +24,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 if (SetCookie != null && SetCookie.Count > 0)
                 {
-                    var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme + "="));
+                    var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme + "="));
                     if (authCookie != null)
                     {
                         return authCookie.Substring(0, authCookie.IndexOf(';'));
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
index 25457e991d..040e0b3391 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
@@ -25,7 +25,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
             {
                 if (SetCookie != null && SetCookie.Count > 0)
                 {
-                    var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNet." + TestExtensions.CookieAuthenticationScheme + "="));
+                    var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme + "="));
                     if (authCookie != null)
                     {
                         return authCookie.Substring(0, authCookie.IndexOf(';'));
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index 08df190117..ef80b78e6e 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -24,7 +24,7 @@ namespace Microsoft.Owin.Security.Interop
     public class CookiesInteropTests
     {
         [Fact]
-        public async Task AspNet5WithInteropCookieContainsIdentity()
+        public async Task AspNetCoreWithInteropCookieContainsIdentity()
         {
             var identity = new ClaimsIdentity("Cookies");
             identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
@@ -40,7 +40,9 @@ namespace Microsoft.Owin.Security.Interop
 
                 app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
                 {
-                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector))
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
                 });
 
                 app.Run(context =>
@@ -55,7 +57,7 @@ namespace Microsoft.Owin.Security.Interop
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new AspNet.Builder.CookieAuthenticationOptions
+                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
                     {
                         DataProtectionProvider = dataProtection
                     });
@@ -66,7 +68,7 @@ namespace Microsoft.Owin.Security.Interop
                     });
                 })
                 .ConfigureServices(services => services.AddAuthentication());
-            var newServer = new AspNet.TestHost.TestServer(builder);
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
             request.Headers.Add("Cookie", transaction.SetCookie.Split(new[] { ';' }, 2).First());
@@ -91,14 +93,14 @@ namespace Microsoft.Owin.Security.Interop
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new AspNet.Builder.CookieAuthenticationOptions
+                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
                     {
                         DataProtectionProvider = dataProtection
                     });
                     app.Run(context => context.Authentication.SignInAsync("Cookies", user));
                 })
                 .ConfigureServices(services => services.AddAuthentication());
-            var newServer = new AspNet.TestHost.TestServer(builder);
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var cookie = await SendAndGetCookie(newServer, "http://example.com/login");
 
@@ -108,7 +110,9 @@ namespace Microsoft.Owin.Security.Interop
 
                 app.UseCookieAuthentication(new Owin.Security.Cookies.CookieAuthenticationOptions
                 {
-                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector))
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
                 });
 
                 app.Run(async context =>
@@ -123,7 +127,7 @@ namespace Microsoft.Owin.Security.Interop
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
-        private static async Task<string> SendAndGetCookie(AspNet.TestHost.TestServer server, string uri)
+        private static async Task<string> SendAndGetCookie(AspNetCore.TestHost.TestServer server, string uri)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
             var response = await server.CreateClient().SendAsync(request);
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
index 06073e8b72..7b2d261bbf 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
@@ -58,14 +58,14 @@ namespace Microsoft.Owin.Security.Interop.Test
 
             var expires = DateTime.Today;
             var issued = new DateTime(1979, 11, 11);
-            var properties = new AspNet.Http.Authentication.AuthenticationProperties();
+            var properties = new AspNetCore.Http.Authentication.AuthenticationProperties();
             properties.IsPersistent = true;
             properties.RedirectUri = "/redirect";
             properties.Items["key"] = "value";
             properties.ExpiresUtc = expires;
             properties.IssuedUtc = issued;
 
-            var newTicket = new AspNet.Authentication.AuthenticationTicket(user, properties, "scheme");
+            var newTicket = new AspNetCore.Authentication.AuthenticationTicket(user, properties, "scheme");
             var newSerializer = new TicketSerializer();
 
             var bytes = newSerializer.Serialize(newTicket);

From a1aeb4313e420712f519f2df8aab6056c0deb2c0 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Sun, 24 Jan 2016 23:57:17 -0800
Subject: [PATCH 455/900] Remove unused dependency

- The authorization stack doesn't depend on AspNetCore at all really
---
 src/Microsoft.AspNetCore.Authorization/project.json | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 79691d0a48..688fd84037 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -10,12 +10,15 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Http.Features": "1.0.0-*",
     "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
     "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {},
-    "dotnet5.4": {}
+    "net451": { },
+    "dotnet5.4": {
+      "dependencies": {
+        "System.Security.Claims": "4.0.1-*"
+      }
+    }
   }
 }
\ No newline at end of file

From 9c41eb958e1725be1331d8cc64ae49539088a0c3 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 26 Jan 2016 14:28:49 -0800
Subject: [PATCH 456/900] React to IdentityModel breaking change.

---
 .../OpenIdConnectHandler.cs                                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 379beba2de..3650101472 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -511,7 +511,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             // no need to validate signature when token is received using "code flow" as per spec [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
             var validationParameters = Options.TokenValidationParameters.Clone();
-            validationParameters.ValidateSignature = false;
+            validationParameters.RequireSignedTokens = false;
 
             ticket = ValidateToken(tokenEndpointResponse.IdToken, message, properties, validationParameters, out jwt);
 

From 00ceeb026262bc848404d056416709dc306a57df Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 27 Jan 2016 13:36:53 -0800
Subject: [PATCH 457/900] Add IAuthorizationPolicyProvider support

---
 ...uthorizationServiceCollectionExtensions.cs |  1 +
 .../DefaultAuthorizationPolicyProvider.cs     | 37 ++++++++++++
 .../DefaultAuthorizationService.cs            | 17 +++---
 .../IAuthorizationPolicyProvider.cs           | 20 +++++++
 .../DefaultAuthorizationServiceTests.cs       | 59 +++++++++++++++++++
 .../project.json                              |  1 +
 6 files changed, 126 insertions(+), 9 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
index 120dffda57..d03f9ed746 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -26,6 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
             }
             
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
+            services.TryAdd(ServiceDescriptor.Transient<IAuthorizationPolicyProvider, DefaultAuthorizationPolicyProvider>());
             services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             return services;
         }
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
new file mode 100644
index 0000000000..97b806e87d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
@@ -0,0 +1,37 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// A type which can provide a <see cref="AuthorizationPolicy"/> for a particular name.
+    /// </summary>
+    public class DefaultAuthorizationPolicyProvider : IAuthorizationPolicyProvider
+    {
+        private readonly AuthorizationOptions _options;
+
+        public DefaultAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            _options = options.Value;
+        } 
+
+        /// <summary>
+        /// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
+        /// </summary>
+        /// <param name="policyName"></param>
+        /// <returns></returns>
+        public virtual Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
+        {
+            return Task.FromResult(_options.GetPolicy(policyName));
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index d501f1b20e..c5bdcc7a76 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -7,21 +7,20 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authorization
 {
     public class DefaultAuthorizationService : IAuthorizationService
     {
+        private readonly IAuthorizationPolicyProvider _policyProvider;
         private readonly IList<IAuthorizationHandler> _handlers;
-        private readonly AuthorizationOptions _options;
         private readonly ILogger _logger;
 
-        public DefaultAuthorizationService(IOptions<AuthorizationOptions> options, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
         {
-            if (options == null)
+            if (policyProvider == null)
             {
-                throw new ArgumentNullException(nameof(options));
+                throw new ArgumentNullException(nameof(policyProvider));
             }
             if (handlers == null)
             {
@@ -33,7 +32,7 @@ namespace Microsoft.AspNetCore.Authorization
             }
 
             _handlers = handlers.ToArray();
-            _options = options.Value;
+            _policyProvider = policyProvider;
             _logger = logger;
         }
 
@@ -62,19 +61,19 @@ namespace Microsoft.AspNetCore.Authorization
             }
         }
 
-        public Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
+        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
         {
             if (policyName == null)
             {
                 throw new ArgumentNullException(nameof(policyName));
             }
 
-            var policy = _options.GetPolicy(policyName);
+            var policy = await _policyProvider.GetPolicyAsync(policyName);
             if (policy == null)
             {
                 throw new InvalidOperationException($"No policy found: {policyName}.");
             }
-            return this.AuthorizeAsync(user, resource, policy);
+            return await this.AuthorizeAsync(user, resource, policy);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
new file mode 100644
index 0000000000..1a0dbace60
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
@@ -0,0 +1,20 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// A type which can provide a <see cref="AuthorizationPolicy"/> for a particular name.
+    /// </summary>
+    public interface IAuthorizationPolicyProvider
+    {
+        /// <summary>
+        /// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
+        /// </summary>
+        /// <param name="policyName"></param>
+        /// <returns></returns>
+        Task<AuthorizationPolicy> GetPolicyAsync(string policyName);
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 89b7d779a5..60988448ba 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -922,5 +922,64 @@ namespace Microsoft.AspNetCore.Authorization.Test
             // Assert
             Assert.True(allowed);
         }
+
+        public class StaticPolicyProvider : IAuthorizationPolicyProvider
+        {
+            public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
+            {
+                return Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
+            }
+        }
+
+        [Fact]
+        public async Task CanReplaceDefaultPolicyProvider()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                // This will ignore the policy options
+                services.AddSingleton<IAuthorizationPolicyProvider, StaticPolicyProvider>();
+                services.AddAuthorization(options =>
+                {
+                    options.AddPolicy("Basic", policy => policy.RequireAssertion(context => true));
+                });
+            });
+            var user = new ClaimsPrincipal();
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
+
+            // Assert
+            Assert.False(allowed);
+        }
+
+        public class DynamicPolicyProvider : IAuthorizationPolicyProvider
+        {
+            public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
+            {
+                return Task.FromResult(new AuthorizationPolicyBuilder().RequireClaim(policyName).Build());
+            }
+        }
+
+        [Fact]
+        public async Task CanUseDynamicPolicyProvider()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                // This will ignore the policy options
+                services.AddSingleton<IAuthorizationPolicyProvider, DynamicPolicyProvider>();
+                services.AddAuthorization(options => { });
+            });
+            var id = new ClaimsIdentity();
+            id.AddClaim(new Claim("1", "1"));
+            id.AddClaim(new Claim("2", "2"));
+            var user = new ClaimsPrincipal(id);
+
+            // Act
+            // Assert
+            Assert.False(await authorizationService.AuthorizeAsync(user, "0"));
+            Assert.True(await authorizationService.AuthorizeAsync(user, "1"));
+            Assert.True(await authorizationService.AuthorizeAsync(user, "2"));
+            Assert.False(await authorizationService.AuthorizeAsync(user, "3"));
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index b271d43eb8..a2b212276f 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -4,6 +4,7 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authorization": "1.0.0-*",
+    "Microsoft.AspNetCore.Testing": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
     "Microsoft.Extensions.Logging": "1.0.0-*",
     "xunit": "2.1.0"

From 297c72aa2176265d680b0d102ac1932220919053 Mon Sep 17 00:00:00 2001
From: Brennan <brecon@microsoft.com>
Date: Thu, 21 Jan 2016 10:02:03 -0800
Subject: [PATCH 458/900] React to Logging API changes

---
 .../JwtBearerHandler.cs                                       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 67889d51db..00ecae0fb2 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -119,7 +119,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                         catch (Exception ex)
                         {
-                            Logger.LogInformation("Failed to validate the token: " + token, ex);
+                            Logger.LogInformation(0, ex, "Failed to validate the token: " + token);
 
                             // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
                             if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
@@ -181,7 +181,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
             catch (Exception ex)
             {
-                Logger.LogError("Exception occurred while processing message", ex);
+                Logger.LogError(0, ex, "Exception occurred while processing message");
 
                 var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
                 {

From a80c5e6d85a4a5f9c1a18c97c8b01f82306516ef Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 27 Jan 2016 14:44:18 -0800
Subject: [PATCH 459/900] #614 Standardize the pattern for scope defaults.

---
 samples/SocialSample/Startup.cs                        |  6 +++---
 .../GoogleMiddleware.cs                                | 10 ----------
 .../GoogleOptions.cs                                   |  3 +++
 .../MicrosoftAccountMiddleware.cs                      |  7 -------
 .../MicrosoftAccountOptions.cs                         |  1 +
 5 files changed, 7 insertions(+), 20 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index e959943798..8e6cd1768f 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -133,18 +133,18 @@ namespace CookieSample
             The MicrosoftAccount service has restrictions that prevent the use of http://localhost:54540/ for test applications.
             As such, here is how to change this sample to uses http://mssecsample.localhost.this:54540/ instead.
 
-            Edit the Project.json file and replace http://localhost:54540/ with http://mssecsample.localhost.this:54540/.
+            Edit the hosting.json file and add "server.urls": "http://mssecsample.localhost.this:54540/".
 
             From an admin command console first enter:
              notepad C:\Windows\System32\drivers\etc\hosts
             and add this to the file, save, and exit (and reboot?):
              127.0.0.1 MsSecSample.localhost.this
 
-            Then you can choose to run the app as admin (see below) or add the following ACL as admin:
+            [WebListener] Then you can choose to run the app as admin (see below) or add the following ACL as admin:
              netsh http add urlacl url=http://mssecsample.localhost.this:54540/ user=[domain\user]
 
             The sample app can then be run via:
-             dnx . web
+             dnx web
             */
             app.UseOAuthAuthentication(new OAuthOptions
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
index 565d89b0cf..f81497f26a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
@@ -67,16 +67,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
             {
                 throw new ArgumentNullException(nameof(options));
             }
-
-            if (Options.Scope.Count == 0)
-            {
-                // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to 
-                // "openid profile email" to get basic user information.
-                // TODO: Should we just add these by default when we create the Options?
-                Options.Scope.Add("openid");
-                Options.Scope.Add("profile");
-                Options.Scope.Add("email");
-            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
index 208d710650..3d93b96ea8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
@@ -22,6 +22,9 @@ namespace Microsoft.AspNetCore.Builder
             AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleDefaults.TokenEndpoint;
             UserInformationEndpoint = GoogleDefaults.UserInformationEndpoint;
+            Scope.Add("openid");
+            Scope.Add("profile");
+            Scope.Add("email");
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 8daa9b2add..e7ba9f8117 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -65,13 +65,6 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
             {
                 throw new ArgumentNullException(nameof(options));
             }
-
-            if (Options.Scope.Count == 0)
-            {
-                // LiveID requires a scope string, so if the user didn't set one we go for the least possible.
-                // TODO: Should we just add these by default when we create the Options?
-                Options.Scope.Add("wl.basic");
-            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 7adfa57057..2783bcef1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -22,6 +22,7 @@ namespace Microsoft.AspNetCore.Builder
             AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
             UserInformationEndpoint = MicrosoftAccountDefaults.UserInformationEndpoint;
+            Scope.Add("wl.basic");
         }
     }
 }

From 80dc5759cc1f9cd447724ff068cc8253fe7b2b1c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 27 Jan 2016 16:35:43 -0800
Subject: [PATCH 460/900] Async overloads for AuthZ RequireAssertion

---
 .../AuthorizationPolicyBuilder.cs             | 17 +++++++++++++++
 .../Infrastructure/AssertionRequirement.cs    | 21 ++++++++++++++-----
 .../DefaultAuthorizationServiceTests.cs       | 19 +++++++++++++++++
 3 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
index 0cc0195e60..965ffe02ef 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authorization
@@ -139,6 +140,22 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Requires that this Function returns true
+        /// </summary>
+        /// <param name="assert">Function that must return true</param>
+        /// <returns></returns>
+        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationContext, Task<bool>> assert)
+        {
+            if (assert == null)
+            {
+                throw new ArgumentNullException(nameof(assert));
+            }
+
+            Requirements.Add(new AssertionRequirement(assert));
+            return this;
+        }
+
         public AuthorizationPolicy Build()
         {
             return new AuthorizationPolicy(Requirements, AuthenticationSchemes.Distinct());
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
index 0d3ab2bf28..0cc1751a49 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
@@ -2,15 +2,16 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
-    public class AssertionRequirement : AuthorizationHandler<AssertionRequirement>, IAuthorizationRequirement
+    public class AssertionRequirement : IAuthorizationHandler, IAuthorizationRequirement
     {
         /// <summary>
         /// Function that is called to handle this requirement
         /// </summary>
-        public Func<AuthorizationContext, bool> Handler { get; }
+        public Func<AuthorizationContext, Task<bool>> Handler { get; }
 
         public AssertionRequirement(Func<AuthorizationContext, bool> assert)
         {
@@ -19,14 +20,24 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                 throw new ArgumentNullException(nameof(assert));
             }
 
+            Handler = context => Task.FromResult(assert(context));
+        }
+
+        public AssertionRequirement(Func<AuthorizationContext, Task<bool>> assert)
+        {
+            if (assert == null)
+            {
+                throw new ArgumentNullException(nameof(assert));
+            }
+
             Handler = assert;
         }
 
-        protected override void Handle(AuthorizationContext context, AssertionRequirement requirement)
+        public async Task HandleAsync(AuthorizationContext context)
         {
-            if (Handler(context))
+            if (await Handler(context))
             {
-                context.Succeed(requirement);
+                context.Succeed(this);
             }
         }
     }
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 60988448ba..7f11916940 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -923,6 +923,25 @@ namespace Microsoft.AspNetCore.Authorization.Test
             Assert.True(allowed);
         }
 
+        [Fact]
+        public async Task CanAuthorizeWithAsyncAssertionRequirement()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddAuthorization(options =>
+                {
+                    options.AddPolicy("Basic", policy => policy.RequireAssertion(context => Task.FromResult(true)));
+                });
+            });
+            var user = new ClaimsPrincipal();
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
+
+            // Assert
+            Assert.True(allowed);
+        }
+
         public class StaticPolicyProvider : IAuthorizationPolicyProvider
         {
             public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)

From e737f3207e8ceb80f6bcf1286b4ea0fec9ea72ea Mon Sep 17 00:00:00 2001
From: Mike Surcouf <mps_surcouf@hotmail.com>
Date: Tue, 26 Jan 2016 13:38:50 +0000
Subject: [PATCH 461/900] Remove username from Facebook

Add default fields for Facebook

Remove default fields except name and email

Add all the core fields for Facebook

Fix location and field uniqueness
---
 .../FacebookHandler.cs                        |  70 +++++++--
 .../FacebookHelper.cs                         | 148 ++++++++++++++++--
 .../FacebookMiddleware.cs                     |   1 +
 .../FacebookOptions.cs                        |   7 +-
 4 files changed, 202 insertions(+), 24 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 126f48d66d..675ae51494 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -48,10 +48,22 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var userName = FacebookHelper.GetUserName(payload);
-            if (!string.IsNullOrEmpty(userName))
+            var ageRangeMin = FacebookHelper.GetAgeRangeMin(payload);
+            if (!string.IsNullOrEmpty(ageRangeMin))
             {
-                identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("urn:facebook:age_range_min", ageRangeMin, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var ageRangeMax = FacebookHelper.GetAgeRangeMax(payload);
+            if (!string.IsNullOrEmpty(ageRangeMax))
+            {
+                identity.AddClaim(new Claim("urn:facebook:age_range_max", ageRangeMax, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var birthday = FacebookHelper.GetBirthday(payload);
+            if (!string.IsNullOrEmpty(birthday))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.DateOfBirth, birthday, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
             var email = FacebookHelper.GetEmail(payload);
@@ -60,16 +72,22 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var name = FacebookHelper.GetName(payload);
-            if (!string.IsNullOrEmpty(name))
+            var firstName = FacebookHelper.GetFirstName(payload);
+            if (!string.IsNullOrEmpty(firstName))
             {
-                identity.AddClaim(new Claim("urn:facebook:name", name, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim(ClaimTypes.GivenName, firstName, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
 
-                // Many Facebook accounts do not set the UserName field.  Fall back to the Name field instead.
-                if (string.IsNullOrEmpty(userName))
-                {
-                    identity.AddClaim(new Claim(identity.NameClaimType, name, ClaimValueTypes.String, Options.ClaimsIssuer));
-                }
+            var gender = FacebookHelper.GetGender(payload);
+            if (!string.IsNullOrEmpty(gender))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Gender, gender, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var lastName = FacebookHelper.GetLastName(payload);
+            if (!string.IsNullOrEmpty(lastName))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Surname, lastName, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
             var link = FacebookHelper.GetLink(payload);
@@ -78,6 +96,36 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
+            var location = FacebookHelper.GetLocation(payload);
+            if (!string.IsNullOrEmpty(location))
+            {
+                identity.AddClaim(new Claim("urn:facebook:location", location, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var locale = FacebookHelper.GetLocale(payload);
+            if (!string.IsNullOrEmpty(locale))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Locality, locale, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var middleName = FacebookHelper.GetMiddleName(payload);
+            if (!string.IsNullOrEmpty(middleName))
+            {
+                identity.AddClaim(new Claim("urn:facebook:middle_name", middleName, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var name = FacebookHelper.GetName(payload);
+            if (!string.IsNullOrEmpty(name))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+ 
+            var timeZone = FacebookHelper.GetTimeZone(payload);
+            if (!string.IsNullOrEmpty(timeZone))
+            {
+                identity.AddClaim(new Claim("urn:facebook:timezone", timeZone, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
             await Options.Events.CreatingTicket(context);
 
             return context.Ticket;
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
index af68a7c32a..48e3590990 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
@@ -26,16 +26,91 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         }
 
         /// <summary>
-        /// Gets the user's name.
+        /// Gets the user's min age.
         /// </summary>
-        public static string GetName(JObject user)
+        public static string GetAgeRangeMin(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            return TryGetValue(user, "age_range", "min");
+        }
+
+        /// <summary>
+        /// Gets the user's max age.
+        /// </summary>
+        public static string GetAgeRangeMax(JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user.Value<string>("name");
+            return TryGetValue(user, "age_range", "max");
+        }
+
+        /// <summary>
+        /// Gets the user's birthday.
+        /// </summary>
+        public static string GetBirthday(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            return user.Value<string>("birthday");
+        }
+
+        /// <summary>
+        /// Gets the Facebook email.
+        /// </summary>
+        public static string GetEmail(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("email");
+        }
+
+        /// <summary>
+        /// Gets the user's first name.
+        /// </summary>
+        public static string GetFirstName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("first_name");
+        }
+
+        /// <summary>
+        /// Gets the user's gender.
+        /// </summary>
+        public static string GetGender(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            return user.Value<string>("gender");
+        }
+
+        /// <summary>
+        /// Gets the user's family name.
+        /// </summary>
+        public static string GetLastName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("last_name");
         }
 
         /// <summary>
@@ -51,30 +126,81 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         }
 
         /// <summary>
-        /// Gets the Facebook username.
+        /// Gets the user's location.
         /// </summary>
-        public static string GetUserName(JObject user)
+        public static string GetLocation(JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
-
-            return user.Value<string>("username");
+            return TryGetValue(user, "location", "name");
         }
 
-
         /// <summary>
-        /// Gets the Facebook email.
+        /// Gets the user's locale.
         /// </summary>
-        public static string GetEmail(JObject user)
+        public static string GetLocale(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            return user.Value<string>("locale");
+        }
+
+        /// <summary>
+        /// Gets the user's middle name.
+        /// </summary>
+        public static string GetMiddleName(JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user.Value<string>("email");
+            return user.Value<string>("middle_name");
         }
+
+        /// <summary>
+        /// Gets the user's name.
+        /// </summary>
+        public static string GetName(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            return user.Value<string>("name");
+        }
+
+        /// <summary>
+        /// Gets the user's timezone.
+        /// </summary>
+        public static string GetTimeZone(JObject user)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            return user.Value<string>("timezone");
+        }
+
+        // Get the given subProperty from a property.
+        private static string TryGetValue(JObject user, string propertyName, string subProperty)
+        {
+            JToken value;
+            if (user.TryGetValue(propertyName, out value))
+            {
+                var subObject = JObject.Parse(value.ToString());
+                if (subObject != null && subObject.TryGetValue(subProperty, out value))
+                {
+                    return value.ToString();
+                }
+            }
+            return null;
+        }
+
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
index 4ceda639cc..16b60e1dd4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
@@ -71,6 +71,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppId)));
             }
+
             if (string.IsNullOrEmpty(Options.AppSecret))
             {
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppSecret)));
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
index af82c6f9a7..ac6987f3df 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
@@ -24,7 +24,10 @@ namespace Microsoft.AspNetCore.Builder
             AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
             TokenEndpoint = FacebookDefaults.TokenEndpoint;
             UserInformationEndpoint = FacebookDefaults.UserInformationEndpoint;
-            Fields = new List<string>();
+            Scope.Add("public_profile");
+            Scope.Add("email");
+            Fields.Add("name");
+            Fields.Add("email");
         }
 
         // Facebook uses a non-standard term for this field.
@@ -57,6 +60,6 @@ namespace Microsoft.AspNetCore.Builder
         /// The list of fields to retrieve from the UserInformationEndpoint.
         /// https://developers.facebook.com/docs/graph-api/reference/user
         /// </summary>
-        public IList<string> Fields { get; }
+        public ICollection<string> Fields { get; } = new HashSet<string>();
     }
 }

From e00453af4dffdd861de65de88b4ecdfe8adc9e59 Mon Sep 17 00:00:00 2001
From: Mike Surcouf <mps_surcouf@hotmail.com>
Date: Thu, 4 Feb 2016 09:08:03 +0000
Subject: [PATCH 462/900] Ensure scope has no duplicates

---
 src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs | 4 ++--
 .../OpenIdConnectOptions.cs                                   | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index a094e681ba..22d5e35573 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -56,9 +56,9 @@ namespace Microsoft.AspNetCore.Builder
         }
 
         /// <summary>
-        /// A list of permissions to request.
+        /// Gets the list of permissions to request.
         /// </summary>
-        public IList<string> Scope { get; } = new List<string>();
+        public ICollection<string> Scope { get; } = new HashSet<string>();
 
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 9e8eef1e19..de7bee1633 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -53,6 +53,8 @@ namespace Microsoft.AspNetCore.Builder
             DisplayName = OpenIdConnectDefaults.Caption;
             CallbackPath = new PathString("/signin-oidc");
             Events = new OpenIdConnectEvents();
+            Scope.Add("openid");
+            Scope.Add("profile");
         }
 
         /// <summary>
@@ -155,7 +157,7 @@ namespace Microsoft.AspNetCore.Builder
         /// <summary>
         /// Gets the list of permissions to request.
         /// </summary>
-        public IList<string> Scope { get; } = new List<string> { "openid", "profile" };
+        public ICollection<string> Scope { get; } = new HashSet<string>();
 
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.

From 1b4ccd0ddfc97f57818fdaee0989518760e4d0c0 Mon Sep 17 00:00:00 2001
From: Hisham Bin Ateya <hishamco_2007@hotmail.com>
Date: Thu, 4 Feb 2016 13:31:57 +0300
Subject: [PATCH 463/900] Add 'UseServer'

---
 samples/CookieSample/Startup.cs          | 1 +
 samples/CookieSample/hosting.json        | 3 ---
 samples/CookieSessionSample/Startup.cs   | 1 +
 samples/CookieSessionSample/hosting.json | 3 ---
 samples/JwtBearerSample/Startup.cs       | 1 +
 samples/JwtBearerSample/hosting.json     | 3 ---
 samples/OpenIdConnectSample/Startup.cs   | 1 +
 samples/OpenIdConnectSample/hosting.json | 3 ---
 samples/SocialSample/Startup.cs          | 1 +
 samples/SocialSample/hosting.json        | 3 ---
 10 files changed, 5 insertions(+), 15 deletions(-)
 delete mode 100644 samples/CookieSample/hosting.json
 delete mode 100644 samples/CookieSessionSample/hosting.json
 delete mode 100644 samples/JwtBearerSample/hosting.json
 delete mode 100644 samples/OpenIdConnectSample/hosting.json
 delete mode 100644 samples/SocialSample/hosting.json

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 1f8b494c41..8b0568b313 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -46,6 +46,7 @@ namespace CookieSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultConfiguration(args)
+                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
diff --git a/samples/CookieSample/hosting.json b/samples/CookieSample/hosting.json
deleted file mode 100644
index 6a93dbafa8..0000000000
--- a/samples/CookieSample/hosting.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "server": "Microsoft.AspNetCore.Server.Kestrel"
-}
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 57593d8789..3db8f11556 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -56,6 +56,7 @@ namespace CookieSessionSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultConfiguration(args)
+                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
diff --git a/samples/CookieSessionSample/hosting.json b/samples/CookieSessionSample/hosting.json
deleted file mode 100644
index 6a93dbafa8..0000000000
--- a/samples/CookieSessionSample/hosting.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "server": "Microsoft.AspNetCore.Server.Kestrel"
-}
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 34ee646c77..3a4ecfba6c 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -116,6 +116,7 @@ namespace JwtBearerSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultConfiguration(args)
+                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
diff --git a/samples/JwtBearerSample/hosting.json b/samples/JwtBearerSample/hosting.json
deleted file mode 100644
index 6a93dbafa8..0000000000
--- a/samples/JwtBearerSample/hosting.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "server": "Microsoft.AspNetCore.Server.Kestrel"
-}
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 11a95a5717..f0f9feb3ae 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -70,6 +70,7 @@ namespace OpenIdConnectSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultConfiguration(args)
+                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
diff --git a/samples/OpenIdConnectSample/hosting.json b/samples/OpenIdConnectSample/hosting.json
deleted file mode 100644
index 6a93dbafa8..0000000000
--- a/samples/OpenIdConnectSample/hosting.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "server": "Microsoft.AspNetCore.Server.Kestrel"
-}
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 8e6cd1768f..ffbaf8dc59 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -327,6 +327,7 @@ namespace CookieSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultConfiguration(args)
+                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
diff --git a/samples/SocialSample/hosting.json b/samples/SocialSample/hosting.json
deleted file mode 100644
index 6a93dbafa8..0000000000
--- a/samples/SocialSample/hosting.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "server": "Microsoft.AspNetCore.Server.Kestrel"
-}

From c2194ea99d5acdcf755c31a33005d36844f633c2 Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Thu, 4 Feb 2016 15:50:27 -0800
Subject: [PATCH 464/900] Updated Json.Net versions

---
 src/Microsoft.AspNetCore.Authentication.Cookies/project.json  | 3 +--
 src/Microsoft.AspNetCore.Authentication.Facebook/project.json | 3 +--
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json    | 2 +-
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index de5c6c09dc..5ceb5b7a64 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -12,8 +12,7 @@
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
     "Microsoft.Extensions.Options": "1.0.0-*",
-    "Microsoft.Extensions.WebEncoders": "1.0.0-*",
-    "Newtonsoft.Json": "6.0.6"
+    "Microsoft.Extensions.WebEncoders": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 2a11e8fd5c..479a08011a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -10,8 +10,7 @@
     "keyFile": "../../tools/Key.snk"
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*",
-    "Newtonsoft.Json": "6.0.6"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 352ccfe905..5049862100 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "6.0.6"
+    "Newtonsoft.Json": "8.0.2"
   },
   "frameworks": {
     "net451": {

From bafb097e9f8a770d31c8d1558729330d93fb47f8 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Sat, 6 Feb 2016 19:10:09 -0800
Subject: [PATCH 465/900] Update to new CLI.

- Added appropriate imports/net core platform libraries.
---
 samples/CookieSample/project.json                           | 3 ++-
 samples/CookieSessionSample/project.json                    | 3 ++-
 samples/JwtBearerSample/project.json                        | 3 ++-
 samples/OpenIdConnectSample/project.json                    | 3 ++-
 samples/SocialSample/project.json                           | 3 ++-
 .../project.json                                            | 4 +++-
 src/Microsoft.AspNetCore.Authentication.Google/project.json | 4 +++-
 .../project.json                                            | 4 +++-
 .../project.json                                            | 4 +++-
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json  | 3 ++-
 .../project.json                                            | 4 +++-
 src/Microsoft.AspNetCore.Authentication/project.json        | 3 ++-
 test/Microsoft.AspNetCore.Authentication.Test/project.json  | 5 ++++-
 test/Microsoft.AspNetCore.Authorization.Test/project.json   | 6 ++++--
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json    | 6 ++++--
 test/Microsoft.Owin.Security.Interop.Test/project.json      | 1 +
 16 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 22d51833b2..fa17dd9cf3 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -4,7 +4,8 @@
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "compilationOptions": {
     "emitEntryPoint": true
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index dd58262480..8de831b403 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -5,7 +5,8 @@
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "compilationOptions": {
     "emitEntryPoint": true
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 9ba387d674..436a2203be 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -8,7 +8,8 @@
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNetCore.StaticFiles": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*"
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "commands": {
     "web": "JwtBearerSample"
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index b0befb5403..e5bec9e8c6 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -5,7 +5,8 @@
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "frameworks": {
     "dnx451": {},
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index a8eb114c99..00570902f6 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -9,7 +9,8 @@
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "compilationOptions": {
     "emitEntryPoint": true
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 479a08011a..5dbf6f6cfb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -14,6 +14,8 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {}
+    "dotnet5.4": {
+      "imports": "portable-net451+win8"
+    }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 10862c3180..929424cc14 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -14,6 +14,8 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {}
+    "dotnet5.4": {
+      "imports": "portable-net451+win8"
+    }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 0ff2727364..f6e200b7c2 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -15,6 +15,8 @@
   },
   "frameworks": {
     "net451": { },
-    "dotnet54": { }
+    "dotnet5.4": {
+      "imports": "portable-net451+win8"
+    }
   }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index db03dbd5c7..c415b2a63f 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -14,6 +14,8 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {}
+    "dotnet5.4": {
+      "imports": "portable-net451+win8"
+    }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 5049862100..c5128412c4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -22,7 +22,8 @@
     "dotnet5.4": {
       "dependencies": {
         "System.Net.Http": "4.0.1-*"
-      }
+      },
+      "imports": "portable-net451+win8"
     }
   }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 40825201c6..90487a898b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -15,6 +15,8 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet54": {}
+    "dotnet5.4": {
+      "imports": "portable-net451+win8"
+    }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index c7a58a242c..d34a6697bc 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -30,7 +30,8 @@
     "dotnet5.4": {
       "dependencies": {
         "System.Net.Http": "4.0.1-*"
-      }
+      },
+      "imports": "portable-net451"
     }
   }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index dcaa71f520..2048801a64 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -12,6 +12,7 @@
     "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
@@ -26,8 +27,10 @@
     },
     "dnxcore50": {
       "dependencies": {
+        "System.Runtime": "4.0.21-*",
         "xunit.runner.aspnet": "2.0.0-aspnet-*"
-      }
+      },
+      "imports": "portable-net451+win8"
     }
   },
   "testRunner": "xunit",
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index a2b212276f..d5d5544626 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -7,6 +7,7 @@
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
     "Microsoft.Extensions.Logging": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
@@ -19,10 +20,11 @@
         "xunit.runner.console": "2.1.0"
       }
     },
-    "dnxcore50": { 
+    "dnxcore50": {
       "dependencies": {
         "xunit.runner.aspnet": "2.0.0-aspnet-*"
-      }
+      },
+      "imports": "portable-net451+win8"
     }
   },
   "testRunner": "xunit",
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 4ee196a260..d39a059744 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -6,6 +6,7 @@
     "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
@@ -19,10 +20,11 @@
         "xunit.runner.console": "2.1.0"
       }
     },
-    "dnxcore50": { 
+    "dnxcore50": {
       "dependencies": {
         "xunit.runner.aspnet": "2.0.0-aspnet-*"
-      }
+      },
+      "imports": "portable-net451+win8"
     }
   },
   "testRunner": "xunit",
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index 660f338685..46fd46b489 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -8,6 +8,7 @@
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.0.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0",
     "xunit.runner.console": "2.1.0"
   },

From bbcabc0212a298ec5d30ed7f25aa9ee40c511a20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Mon, 18 Jan 2016 00:20:44 +0100
Subject: [PATCH 466/900] Move GenerateCorrelationId and ValidateCorrelationId
 to RemoteAuthenticationHandler

---
 .../Constants.cs                              | 12 ---
 .../OAuthHandler.cs                           | 77 ++-----------------
 .../OpenIdConnectDefaults.cs                  |  5 --
 .../OpenIdConnectHandler.cs                   | 77 ++-----------------
 .../TwitterHandler.cs                         |  6 +-
 .../TwitterOptions.cs                         |  7 ++
 .../RemoteAuthenticationHandler.cs            | 75 ++++++++++++++++++
 .../RemoteAuthenticationOptions.cs            |  5 ++
 .../Facebook/FacebookMiddlewareTests.cs       |  4 +-
 .../Google/GoogleMiddlewareTests.cs           | 34 ++++----
 .../MicrosoftAccountMiddlewareTests.cs        |  6 +-
 ...uthenticationPropertiesFormaterKeyValue.cs |  3 +-
 .../OpenIdConnectMiddlewareTests.cs           |  2 +-
 13 files changed, 126 insertions(+), 187 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs
deleted file mode 100644
index fb4d8b76d8..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Constants.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNetCore.Authentication.OAuth
-{
-    internal static class Constants
-    {
-        internal const string SecurityAuthenticate = "security.Authenticate";
-        internal const string CorrelationPrefix = ".AspNetCore.Correlation.";
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index c31f6e29ed..7a06bee702 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -7,15 +7,12 @@ using System.Globalization;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
-using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
 
@@ -23,8 +20,6 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     public class OAuthHandler<TOptions> : RemoteAuthenticationHandler<TOptions> where TOptions : OAuthOptions
     {
-        private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
-
         public OAuthHandler(HttpClient backchannel)
         {
             Backchannel = backchannel;
@@ -177,7 +172,11 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties);
+            var properties = new AuthenticationProperties(context.Properties)
+            {
+                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
+            };
+
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
@@ -216,71 +215,5 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             // OAuth2 3.3 space separated
             return string.Join(" ", Options.Scope);
         }
-
-        protected void GenerateCorrelationId(AuthenticationProperties properties)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-
-            var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
-
-            var nonceBytes = new byte[32];
-            CryptoRandom.GetBytes(nonceBytes);
-            var correlationId = Base64UrlTextEncoder.Encode(nonceBytes);
-
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                Secure = Request.IsHttps
-            };
-
-            properties.Items[correlationKey] = correlationId;
-
-            Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
-        }
-
-        protected bool ValidateCorrelationId(AuthenticationProperties properties)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-
-            var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
-            var correlationCookie = Request.Cookies[correlationKey];
-            if (string.IsNullOrEmpty(correlationCookie))
-            {
-                Logger.LogWarning("{0} cookie not found.", correlationKey);
-                return false;
-            }
-
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                Secure = Request.IsHttps
-            };
-            Response.Cookies.Delete(correlationKey, cookieOptions);
-
-            string correlationExtra;
-            if (!properties.Items.TryGetValue(
-                correlationKey,
-                out correlationExtra))
-            {
-                Logger.LogWarning("{0} state property not found.", correlationKey);
-                return false;
-            }
-
-            properties.Items.Remove(correlationKey);
-
-            if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
-            {
-                Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
-                return false;
-            }
-
-            return true;
-        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
index 378c594479..a099a72769 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
@@ -28,11 +28,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         public static readonly string CookieNoncePrefix = ".AspNetCore.OpenIdConnect.Nonce.";
 
-        /// <summary>
-        /// The prefix used for the state in the cookie.
-        /// </summary>
-        public static readonly string CookieStatePrefix = ".AspNetCore.OpenIdConnect.State.";
-
         /// <summary>
         /// The property for the RedirectUri that was used when asking for a 'authorizationCode'.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 3650101472..f7c675ff32 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -184,7 +184,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri if RedirectUri is not set)
-            var properties = new AuthenticationProperties(context.Properties);
+            var properties = new AuthenticationProperties(context.Properties)
+            {
+                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
+            };
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
@@ -810,7 +813,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 {
                     HttpOnly = true,
                     Secure = Request.IsHttps,
-                    Expires = DateTime.UtcNow + Options.ProtocolValidator.NonceLifetime
+                    Expires = Options.SystemClock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
                 });
         }
 
@@ -857,76 +860,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             return null;
         }
 
-        private void GenerateCorrelationId(AuthenticationProperties properties)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-
-            var correlationKey = OpenIdConnectDefaults.CookieStatePrefix;
-
-            var nonceBytes = new byte[32];
-            CryptoRandom.GetBytes(nonceBytes);
-            var correlationId = Base64UrlTextEncoder.Encode(nonceBytes);
-
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                Secure = Request.IsHttps,
-                Expires = DateTime.UtcNow + Options.ProtocolValidator.NonceLifetime
-            };
-
-            properties.Items[correlationKey] = correlationId;
-
-            Response.Cookies.Append(correlationKey + correlationId, NonceProperty, cookieOptions);
-        }
-
-        private bool ValidateCorrelationId(AuthenticationProperties properties)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-
-            var correlationKey = OpenIdConnectDefaults.CookieStatePrefix;
-
-            string correlationId;
-            if (!properties.Items.TryGetValue(
-                correlationKey,
-                out correlationId))
-            {
-                Logger.LogWarning(26, "{0} state property not found.", correlationKey);
-                return false;
-            }
-
-            properties.Items.Remove(correlationKey);
-
-            var cookieName = correlationKey + correlationId;
-
-            var correlationCookie = Request.Cookies[cookieName];
-            if (string.IsNullOrEmpty(correlationCookie))
-            {
-                Logger.LogWarning(27, "{0} cookie not found.", cookieName);
-                return false;
-            }
-
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                Secure = Request.IsHttps
-            };
-            Response.Cookies.Delete(cookieName, cookieOptions);
-
-            if (!string.Equals(correlationCookie, NonceProperty, StringComparison.Ordinal))
-            {
-                Logger.LogWarning(28, "{0} correlation cookie and state property mismatch.", correlationKey);
-                return false;
-            }
-
-            return true;
-        }
-
         private AuthenticationProperties GetPropertiesFromState(string state)
         {
             // assume a well formed query string: <a=b&>OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey=kasjd;fljasldkjflksdj<&c=d>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 3b66f3128f..c39cce1210 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -122,7 +122,11 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties);
+            var properties = new AuthenticationProperties(context.Properties)
+            {
+                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
+            };
+
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index cd13d1798f..77fb0bd7a8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.ComponentModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.AspNetCore.Http;
@@ -50,5 +51,11 @@ namespace Microsoft.AspNetCore.Builder
             get { return (ITwitterEvents)base.Events; }
             set { base.Events = value; }
         }
+
+        /// <summary>
+        /// For testing purposes only.
+        /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index ef4a1db52d..bf64109a2c 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -2,15 +2,24 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNetCore.Authentication
 {
     public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : RemoteAuthenticationOptions
     {
+        private const string CorrelationPrefix = ".AspNetCore.Correlation.";
+        private const string CorrelationProperty = ".xsrf";
+        private const string CorrelationMarker = "N";
+
+        private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
+
         public override async Task<bool> HandleRequestAsync()
         {
             if (Options.CallbackPath == Request.Path)
@@ -99,5 +108,71 @@ namespace Microsoft.AspNetCore.Authentication
         {
             throw new NotSupportedException();
         }
+
+        protected virtual void GenerateCorrelationId(AuthenticationProperties properties)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
+            var bytes = new byte[32];
+            CryptoRandom.GetBytes(bytes);
+            var correlationId = Base64UrlTextEncoder.Encode(bytes);
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsHttps,
+                Expires = properties.ExpiresUtc
+            };
+
+            properties.Items[CorrelationProperty] = correlationId;
+
+            var cookieName = CorrelationPrefix + Options.AuthenticationScheme + "." + correlationId;
+
+            Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions);
+        }
+
+        protected virtual bool ValidateCorrelationId(AuthenticationProperties properties)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
+            string correlationId;
+            if (!properties.Items.TryGetValue(CorrelationProperty, out correlationId))
+            {
+                Logger.LogWarning(26, "{0} state property not found.", CorrelationPrefix);
+                return false;
+            }
+
+            properties.Items.Remove(CorrelationProperty);
+
+            var cookieName = CorrelationPrefix + Options.AuthenticationScheme + "." + correlationId;
+
+            var correlationCookie = Request.Cookies[cookieName];
+            if (string.IsNullOrEmpty(correlationCookie))
+            {
+                Logger.LogWarning(27, "'{0}' cookie not found.", cookieName);
+                return false;
+            }
+
+            var cookieOptions = new CookieOptions
+            {
+                HttpOnly = true,
+                Secure = Request.IsHttps
+            };
+            Response.Cookies.Delete(cookieName, cookieOptions);
+
+            if (!string.Equals(correlationCookie, CorrelationMarker, StringComparison.Ordinal))
+            {
+                Logger.LogWarning(28, "The correlation cookie value '{0}' did not match the expected value '{1}'.", cookieName);
+                return false;
+            }
+
+            return true;
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 86fcdcc97b..0388c04bda 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -56,6 +56,11 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public bool SaveTokensAsClaims { get; set; }
 
+        /// <summary>
+        /// Gets or sets the time limit for completing the authentication flow (15 minutes by default).
+        /// </summary>
+        public TimeSpan RemoteAuthenticationTimeout { get; set; } = TimeSpan.FromMinutes(15);
+
         public IRemoteAuthenticationEvents Events = new RemoteAuthenticationEvents();
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index aadb62f51b..eaa339d153 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -212,14 +212,14 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 }, handler: null);
 
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Facebook";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
                 "https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Facebook.{correlationValue}=N");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(1, finalUserInfoEndpoint.Count(c => c == '?'));
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 854c49ce97..6a07808127 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -111,7 +111,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 ClientSecret = "Test Secret"
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
-            Assert.Contains(".AspNetCore.Correlation.Google=", transaction.SetCookie.Single());
+            Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.Google."));
         }
 
         [Fact]
@@ -124,7 +124,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 AutomaticChallenge = true
             });
             var transaction = await server.SendAsync("https://example.com/401");
-            Assert.Contains(".AspNetCore.Correlation.Google=", transaction.SetCookie.Single());
+            Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.Google."));
         }
 
         [Fact]
@@ -335,18 +335,18 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 }
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Google";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
-            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]);
             Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
@@ -394,7 +394,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 } : new OAuthEvents()
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Google";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
@@ -402,7 +402,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var state = stateFormat.Protect(properties);
             var sendTask = server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
             if (redirect)
             {
                 var transaction = await sendTask;
@@ -446,14 +446,14 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 } : new OAuthEvents()
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Google";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var sendTask = server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
             if (redirect)
             {
                 var transaction = await sendTask;
@@ -528,18 +528,18 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 }
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Google";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
-            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]);
             Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
@@ -607,17 +607,17 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 }
             });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Google";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
-            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]);
             Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
         }
 
@@ -690,7 +690,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             });
 
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Google";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/foo";
@@ -699,7 +699,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             //Post a message to the Google middleware
             var transaction = await server.SendAsync(
                 "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/foo", transaction.Response.Headers.GetValues("Location").First());
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 2aad3cfef7..f5a43b8ed2 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -152,18 +152,18 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                     }
                 });
             var properties = new AuthenticationProperties();
-            var correlationKey = ".AspNetCore.Correlation.Microsoft";
+            var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
             properties.Items.Add(correlationKey, correlationValue);
             properties.RedirectUri = "/me";
             var state = stateFormat.Protect(properties);
             var transaction = await server.SendAsync(
                 "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                correlationKey + "=" + correlationValue);
+                $".AspNetCore.Correlation.Microsoft.{correlationValue}=N");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
             Assert.Equal(2, transaction.SetCookie.Count);
-            Assert.Contains(correlationKey, transaction.SetCookie[0]);
+            Assert.Contains($".AspNetCore.Correlation.Microsoft.{correlationValue}", transaction.SetCookie[0]);
             Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
 
             var authCookie = transaction.AuthenticationCookieValue;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
index 494e2d92a7..1be4b80bca 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
@@ -22,11 +22,10 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 return "null";
             }
 
-            var encoder = UrlEncoder.Default;
             var sb = new StringBuilder();
             foreach(var item in data.Items)
             {
-                sb.Append(encoder.Encode(item.Key) + " " + encoder.Encode(item.Value) + " ");
+                sb.Append(Uri.EscapeDataString(item.Key) + " " + Uri.EscapeDataString(item.Value) + " ");
             }
 
             return sb.ToString();
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 040812d88b..cadcf80884 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -84,7 +84,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.Contains("expires", firstCookie);
 
             var secondCookie = transaction.SetCookie.Skip(1).First();
-            Assert.Contains(OpenIdConnectDefaults.CookieStatePrefix, secondCookie);
+            Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
             Assert.Contains("expires", secondCookie);
         }
 

From 34bc9c52e1d9bd7aa6fe84fe60aaf7d1f6eb099f Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 3 Feb 2016 16:12:53 -0800
Subject: [PATCH 467/900] #456 Unify OIDC Code/IdToken/Hybride flows.

---
 samples/OpenIdConnectSample/Startup.cs        |  50 ++-
 .../OpenIdConnectHandler.cs                   | 425 ++++++++----------
 2 files changed, 232 insertions(+), 243 deletions(-)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index f0f9feb3ae..ddcf9fa2b2 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Linq;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -34,6 +35,28 @@ namespace OpenIdConnectSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
+            // Simple error page
+            app.Use(async (context, next) =>
+            {
+                try
+                {
+                    await next();
+                }
+                catch (Exception ex)
+                {
+                    if (!context.Response.HasStarted)
+                    {
+                        context.Response.Clear();
+                        context.Response.StatusCode = 500;
+                        await context.Response.WriteAsync(ex.ToString());
+                    }
+                    else
+                    {
+                        throw;
+                    }
+                }
+            });
+
             app.UseIISPlatformHandler();
 
             app.UseCookieAuthentication(new CookieAuthenticationOptions
@@ -52,17 +75,30 @@ namespace OpenIdConnectSample
 
             app.Run(async context =>
             {
-                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
+                if (context.Request.Path.Equals("/signout"))
                 {
-                    await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
-
-                    context.Response.ContentType = "text/plain";
-                    await context.Response.WriteAsync("Hello First timer");
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    context.Response.ContentType = "text/html";
+                    await context.Response.WriteAsync($"<html><body>Signing out {context.User.Identity.Name}<br>{Environment.NewLine}");
+                    await context.Response.WriteAsync("<a href=\"/\">Sign In</a>");
+                    await context.Response.WriteAsync($"</body></html>");
                     return;
                 }
 
-                context.Response.ContentType = "text/plain";
-                await context.Response.WriteAsync("Hello Authenticated User");
+                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
+                {
+                    await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+                    return;
+                }
+
+                context.Response.ContentType = "text/html";
+                await context.Response.WriteAsync($"<html><body>Hello Authenticated User {context.User.Identity.Name}<br>{Environment.NewLine}");
+                foreach (var claim in context.User.Claims)
+                {
+                    await context.Response.WriteAsync($"{claim.Type}: {claim.Value}<br>{Environment.NewLine}");
+                }
+                await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a>");
+                await context.Response.WriteAsync($"</body></html>");
             });
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index f7c675ff32..4084e21007 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -308,16 +308,16 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         {
             Logger.LogTrace(10, "Entering: {0}." + nameof(HandleRemoteAuthenticateAsync), GetType());
 
-            OpenIdConnectMessage message = null;
+            OpenIdConnectMessage authorizationResponse = null;
 
             if (string.Equals(Request.Method, "GET", StringComparison.OrdinalIgnoreCase))
             {
-                message = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
+                authorizationResponse = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
 
                 // response_mode=query (explicit or not) and a response_type containing id_token
                 // or token are not considered as a safe combination and MUST be rejected.
                 // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
-                if (!string.IsNullOrEmpty(message.IdToken) || !string.IsNullOrEmpty(message.AccessToken))
+                if (!string.IsNullOrEmpty(authorizationResponse.IdToken) || !string.IsNullOrEmpty(authorizationResponse.AccessToken))
                 {
                     if (Options.SkipUnrecognizedRequests)
                     {
@@ -336,10 +336,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
               && Request.Body.CanRead)
             {
                 var form = await Request.ReadFormAsync();
-                message = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
+                authorizationResponse = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
             }
 
-            if (message == null)
+            if (authorizationResponse == null)
             {
                 if (Options.SkipUnrecognizedRequests)
                 {
@@ -349,54 +349,52 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 return AuthenticateResult.Fail("No message.");
             }
 
+            AuthenticateResult result;
+
             try
             {
-                var messageReceivedContext = await RunMessageReceivedEventAsync(message);
-                if (messageReceivedContext.HandledResponse)
+                var messageReceivedContext = await RunMessageReceivedEventAsync(authorizationResponse);
+                if (CheckEventResult(messageReceivedContext, out result))
                 {
-                    return AuthenticateResult.Success(messageReceivedContext.Ticket);
+                    return result;
                 }
-                else if (messageReceivedContext.Skipped)
-                {
-                    return AuthenticateResult.Skip();
-                }
-                message = messageReceivedContext.ProtocolMessage;
+                authorizationResponse = messageReceivedContext.ProtocolMessage;
 
                 // Fail if state is missing, it's required for the correlation id.
-                if (string.IsNullOrEmpty(message.State))
+                if (string.IsNullOrEmpty(authorizationResponse.State))
                 {
                     // This wasn't a valid OIDC message, it may not have been intended for us.
+                    Logger.LogDebug(11, "message.State is null or empty.");
                     if (Options.SkipUnrecognizedRequests)
                     {
                         return AuthenticateResult.Skip();
                     }
-                    Logger.LogDebug(11, "message.State is null or empty.");
                     return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
                 }
 
                 // if state exists and we failed to 'unprotect' this is not a message we should process.
-                var properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(message.State));
+                var properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(authorizationResponse.State));
                 if (properties == null)
                 {
+                    Logger.LogDebug(12, "Unable to read the message.State.");
                     if (Options.SkipUnrecognizedRequests)
                     {
                         // Not for us?
                         return AuthenticateResult.Skip();
                     }
-                    Logger.LogError(12, "Unable to read the message.State.");
                     return AuthenticateResult.Fail(Resources.MessageStateIsInvalid);
                 }
 
                 // if any of the error fields are set, throw error null
-                if (!string.IsNullOrEmpty(message.Error))
+                if (!string.IsNullOrEmpty(authorizationResponse.Error))
                 {
-                    Logger.LogError(13, "Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.", message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null");
-                    return AuthenticateResult.Fail(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, message.Error, message.ErrorDescription ?? "ErrorDecription null", message.ErrorUri ?? "ErrorUri null")));
+                    Logger.LogError(13, "Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.", authorizationResponse.Error, authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null");
+                    return AuthenticateResult.Fail(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, authorizationResponse.Error, authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null")));
                 }
 
                 string userstate = null;
                 properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out userstate);
-                message.State = userstate;
+                authorizationResponse.State = userstate;
 
                 if (!ValidateCorrelationId(properties))
                 {
@@ -409,38 +407,113 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                Logger.LogTrace(15, "Authorization response received.");
-                var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options, properties)
+                var authorizationResponseReceivedContext = await RunAuthorizationResponseReceivedEventAsync(authorizationResponse, properties);
+                if (CheckEventResult(authorizationResponseReceivedContext, out result))
                 {
-                    ProtocolMessage = message
-                };
-                await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
-                if (authorizationResponseReceivedContext.HandledResponse)
-                {
-                    Logger.LogDebug(16, "AuthorizationResponseReceived.HandledResponse");
-                    return AuthenticateResult.Success(authorizationResponseReceivedContext.Ticket);
+                    return result;
                 }
-                else if (authorizationResponseReceivedContext.Skipped)
-                {
-                    Logger.LogDebug(17, "AuthorizationResponseReceived.Skipped");
-                    return AuthenticateResult.Skip();
-                }
-                message = authorizationResponseReceivedContext.ProtocolMessage;
+                authorizationResponse = authorizationResponseReceivedContext.ProtocolMessage;
                 properties = authorizationResponseReceivedContext.Properties;
 
-                if (string.IsNullOrEmpty(message.IdToken) && !string.IsNullOrEmpty(message.Code))
+                PopulateSessionProperties(authorizationResponse, properties);
+
+                AuthenticationTicket ticket = null;
+                JwtSecurityToken jwt = null;
+                string nonce = null;
+                var validationParameters = Options.TokenValidationParameters.Clone();
+
+                // Hybrid or Implicit flow
+                if (!string.IsNullOrEmpty(authorizationResponse.IdToken))
                 {
-                    return await HandleCodeOnlyFlow(message, properties);
+                    Logger.LogDebug(23, "'id_token' received.");
+                    ticket = ValidateToken(authorizationResponse.IdToken, properties, validationParameters, out jwt);
+
+                    nonce = jwt?.Payload.Nonce;
+                    if (!string.IsNullOrEmpty(nonce))
+                    {
+                        nonce = ReadNonceCookie(nonce);
+                    }
                 }
-                else if (!string.IsNullOrEmpty(message.IdToken))
+
+                Options.ProtocolValidator.ValidateAuthenticationResponse(new OpenIdConnectProtocolValidationContext()
                 {
-                    return await HandleIdTokenFlows(message, properties);
-                }
-                else
+                    ClientId = Options.ClientId,
+                    ProtocolMessage = authorizationResponse,
+                    ValidatedIdToken = jwt,
+                    Nonce = nonce
+                });
+
+                // TODO: AuthorizationResponseValidated event?
+
+                OpenIdConnectMessage tokenEndpointResponse = null;
+
+                // Authorization Code or Hybrid flow
+                if (!string.IsNullOrEmpty(authorizationResponse.Code))
                 {
-                    Logger.LogTrace(18, "Cannot process the message. Both id_token and code are missing.");
-                    return AuthenticateResult.Fail(Resources.IdTokenCodeMissing);
+                    // TODO: Does this event provide any value over AuthorizationResponseReceived or AuthorizationResponseValidated?
+                    var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(authorizationResponse, properties, ticket, jwt);
+                    if (CheckEventResult(authorizationCodeReceivedContext, out result))
+                    {
+                        return result;
+                    }
+                    authorizationResponse = authorizationCodeReceivedContext.ProtocolMessage;
+                    var code = authorizationCodeReceivedContext.Code;
+
+                    tokenEndpointResponse = await RedeemAuthorizationCodeAsync(code, authorizationCodeReceivedContext.RedirectUri);
+
+                    var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties);
+                    if (CheckEventResult(authorizationCodeRedeemedContext, out result))
+                    {
+                        return result;
+                    }
+                    authorizationResponse = authorizationCodeRedeemedContext.ProtocolMessage;
+                    tokenEndpointResponse = authorizationCodeRedeemedContext.TokenEndpointResponse;
+
+                    // We only have to process the IdToken if we didn't already get one in the AuthorizationResponse
+                    if (ticket == null)
+                    {
+                        // no need to validate signature when token is received using "code flow" as per spec
+                        // [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
+                        validationParameters.RequireSignedTokens = false;
+
+                        ticket = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out jwt);
+
+                        nonce = jwt?.Payload.Nonce;
+                        if (!string.IsNullOrEmpty(nonce))
+                        {
+                            nonce = ReadNonceCookie(nonce);
+                        }
+                    }
+
+                    Options.ProtocolValidator.ValidateTokenResponse(new OpenIdConnectProtocolValidationContext()
+                    {
+                        ClientId = Options.ClientId,
+                        ProtocolMessage = tokenEndpointResponse,
+                        ValidatedIdToken = jwt,
+                        Nonce = nonce
+                    });
                 }
+
+                var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(authorizationResponse, ticket, properties, tokenEndpointResponse);
+                if (CheckEventResult(authenticationValidatedContext, out result))
+                {
+                    return result;
+                }
+                authorizationResponse = authenticationValidatedContext.ProtocolMessage;
+                tokenEndpointResponse = authenticationValidatedContext.TokenEndpointResponse;
+                ticket = authenticationValidatedContext.Ticket;
+
+                if (Options.SaveTokensAsClaims)
+                {
+                    SaveTokens(ticket.Principal, tokenEndpointResponse ?? authorizationResponse, jwt.Issuer);
+                }
+
+                if (Options.GetClaimsFromUserInfoEndpoint)
+                {
+                    return await GetUserInformationAsync(tokenEndpointResponse ?? authorizationResponse, jwt, ticket);
+                }
+
+                return AuthenticateResult.Success(ticket);
             }
             catch (Exception exception)
             {
@@ -456,179 +529,43 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     }
                 }
 
-                var authenticationFailedContext = await RunAuthenticationFailedEventAsync(message, exception);
-                if (authenticationFailedContext.HandledResponse)
+                var authenticationFailedContext = await RunAuthenticationFailedEventAsync(authorizationResponse, exception);
+                if (CheckEventResult(authenticationFailedContext, out result))
                 {
-                    return AuthenticateResult.Success(authenticationFailedContext.Ticket);
-                }
-                else if (authenticationFailedContext.Skipped)
-                {
-                    return AuthenticateResult.Skip();
+                    return result;
                 }
 
-                throw;
+                return AuthenticateResult.Fail(exception);
             }
         }
 
-        // Authorization Code Flow
-        private async Task<AuthenticateResult> HandleCodeOnlyFlow(OpenIdConnectMessage message, AuthenticationProperties properties)
+        private bool CheckEventResult(BaseControlContext context, out AuthenticateResult result)
         {
-            AuthenticationTicket ticket = null;
-            JwtSecurityToken jwt = null;
-
-            Options.ProtocolValidator.ValidateAuthenticationResponse(new OpenIdConnectProtocolValidationContext()
+            if (context.HandledResponse)
             {
-                ClientId = Options.ClientId,
-                ProtocolMessage = message,
-            });
-
-            var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
-            if (authorizationCodeReceivedContext.HandledResponse)
-            {
-                return AuthenticateResult.Success(authorizationCodeReceivedContext.Ticket);
+                result = AuthenticateResult.Success(context.Ticket);
+                return true;
             }
-            else if (authorizationCodeReceivedContext.Skipped)
+            else if (context.Skipped)
             {
-                return AuthenticateResult.Skip();
+                result = AuthenticateResult.Skip();
+                return true;
             }
-            message = authorizationCodeReceivedContext.ProtocolMessage;
-            var code = authorizationCodeReceivedContext.Code;
-
-            // Redeeming authorization code for tokens
-            Logger.LogTrace(21, "Id Token is null. Redeeming code '{0}' for tokens.", code);
-
-            var tokenEndpointResponse = await RedeemAuthorizationCodeAsync(code, authorizationCodeReceivedContext.RedirectUri);
-
-            var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(message, tokenEndpointResponse, properties);
-            if (authorizationCodeRedeemedContext.HandledResponse)
-            {
-                return AuthenticateResult.Success(authorizationCodeRedeemedContext.Ticket);
-            }
-            else if (authorizationCodeRedeemedContext.Skipped)
-            {
-                return AuthenticateResult.Skip();
-            }
-
-            message = authorizationCodeRedeemedContext.ProtocolMessage;
-            tokenEndpointResponse = authorizationCodeRedeemedContext.TokenEndpointResponse;
-
-            // no need to validate signature when token is received using "code flow" as per spec [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
-            var validationParameters = Options.TokenValidationParameters.Clone();
-            validationParameters.RequireSignedTokens = false;
-
-            ticket = ValidateToken(tokenEndpointResponse.IdToken, message, properties, validationParameters, out jwt);
-
-            var nonce = jwt?.Payload.Nonce;
-            if (!string.IsNullOrEmpty(nonce))
-            {
-                nonce = ReadNonceCookie(nonce);
-            }
-
-            Options.ProtocolValidator.ValidateTokenResponse(new OpenIdConnectProtocolValidationContext()
-            {
-                ClientId = Options.ClientId,
-                ProtocolMessage = tokenEndpointResponse,
-                ValidatedIdToken = jwt,
-                Nonce = nonce
-            });
-
-            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, properties, tokenEndpointResponse);
-            if (authenticationValidatedContext.HandledResponse)
-            {
-                return AuthenticateResult.Success(authenticationValidatedContext.Ticket);
-            }
-            else if (authenticationValidatedContext.Skipped)
-            {
-                return AuthenticateResult.Skip();
-            }
-            ticket = authenticationValidatedContext.Ticket;
-
-            if (Options.SaveTokensAsClaims)
-            {
-                // Persist the tokens extracted from the token response.
-                SaveTokens(ticket.Principal, tokenEndpointResponse, jwt.Issuer, saveRefreshToken: true);
-            }
-
-            if (Options.GetClaimsFromUserInfoEndpoint)
-            {
-                Logger.LogTrace(22, "Sending request to user info endpoint for retrieving claims.");
-                ticket = await GetUserInformationAsync(tokenEndpointResponse, jwt, ticket);
-            }
-
-            return AuthenticateResult.Success(ticket);
+            result = null;
+            return false;
         }
 
-        // Implicit Flow or Hybrid Flow
-        private async Task<AuthenticateResult> HandleIdTokenFlows(OpenIdConnectMessage message, AuthenticationProperties properties)
+        private void PopulateSessionProperties(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
-            Logger.LogTrace(23, "'id_token' received: '{0}'", message.IdToken);
-
-            JwtSecurityToken jwt = null;
-            var validationParameters = Options.TokenValidationParameters.Clone();
-            var ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
-
-            var nonce = jwt?.Payload.Nonce;
-            if (!string.IsNullOrEmpty(nonce))
+            if (!string.IsNullOrEmpty(message.SessionState))
             {
-                nonce = ReadNonceCookie(nonce);
+                properties.Items[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
             }
 
-            Options.ProtocolValidator.ValidateAuthenticationResponse(new OpenIdConnectProtocolValidationContext()
+            if (!string.IsNullOrEmpty(_configuration.CheckSessionIframe))
             {
-                ClientId = Options.ClientId,
-                ProtocolMessage = message,
-                ValidatedIdToken = jwt,
-                Nonce = nonce
-            });
-
-            var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(message, ticket, properties, tokenEndpointResponse: null);
-            if (authenticationValidatedContext.HandledResponse)
-            {
-                return AuthenticateResult.Success(authenticationValidatedContext.Ticket);
+                properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
             }
-            else if (authenticationValidatedContext.Skipped)
-            {
-                return AuthenticateResult.Skip();
-            }
-            message = authenticationValidatedContext.ProtocolMessage;
-            ticket = authenticationValidatedContext.Ticket;
-
-            // Hybrid Flow
-            if (message.Code != null)
-            {
-                var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(message, properties, ticket, jwt);
-                if (authorizationCodeReceivedContext.HandledResponse)
-                {
-                    return AuthenticateResult.Success(authorizationCodeReceivedContext.Ticket);
-                }
-                else if (authorizationCodeReceivedContext.Skipped)
-                {
-                    return AuthenticateResult.Skip();
-                }
-                message = authorizationCodeReceivedContext.ProtocolMessage;
-                ticket = authorizationCodeReceivedContext.Ticket;
-
-                if (Options.SaveTokensAsClaims)
-                {
-                    // TODO: call SaveTokens with the token response and set
-                    // saveRefreshToken to true when the hybrid flow is fully implemented.
-                    SaveTokens(ticket.Principal, message, jwt.Issuer, saveRefreshToken: false);
-                }
-            }
-            // Implicit Flow
-            else
-            {
-                if (Options.SaveTokensAsClaims)
-                {
-                    // Note: don't save the refresh token when it is extracted from the authorization
-                    // response, since it's not a valid parameter when using the implicit flow.
-                    // See http://openid.net/specs/openid-connect-core-1_0.html#Authentication
-                    // and https://tools.ietf.org/html/rfc6749#section-4.2.2.
-                    SaveTokens(ticket.Principal, message, jwt.Issuer, saveRefreshToken: false);
-                }
-            }
-
-            return AuthenticateResult.Success(ticket);
         }
 
         /// <summary>
@@ -639,6 +576,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <returns>OpenIdConnect message that has tokens inside it.</returns>
         protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
         {
+            Logger.LogDebug(21, "Redeeming code for tokens.");
+
             var openIdMessage = new OpenIdConnectMessage()
             {
                 ClientId = Options.ClientId,
@@ -648,6 +587,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 RedirectUri = redirectUri
             };
 
+            // TODO: Event that lets you customize the message. E.g. use certificates, specify resources.
+
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.TokenEndpoint);
             requestMessage.Content = new FormUrlEncodedContent(openIdMessage.Parameters);
             var responseMessage = await Backchannel.SendAsync(requestMessage);
@@ -663,21 +604,28 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <param name="message">message that is being processed</param>
         /// <param name="ticket">authentication ticket with claims principal and identities</param>
         /// <returns>Authentication ticket with identity with additional claims, if any.</returns>
-        protected virtual async Task<AuthenticationTicket> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)
+        protected virtual async Task<AuthenticateResult> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)
         {
             var userInfoEndpoint = _configuration?.UserInfoEndpoint;
 
             if (string.IsNullOrEmpty(userInfoEndpoint))
             {
-                Logger.LogWarning(24, nameof(_configuration.UserInfoEndpoint) + " is not set. Request to retrieve claims cannot be completed.");
-                return ticket;
+                Logger.LogDebug(24, $"{nameof(_configuration.UserInfoEndpoint)} is not set. Claims cannot be retrieved.");
+                return AuthenticateResult.Success(ticket);
             }
+            if (string.IsNullOrEmpty(message.AccessToken))
+            {
+                Logger.LogDebug(47, "The access_token is not available. Claims cannot be retrieved.");
+                return AuthenticateResult.Success(ticket);
+            }
+            Logger.LogTrace(22, "Retrieving claims from the user info endpoint.");
 
             var requestMessage = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
             requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", message.AccessToken);
             var responseMessage = await Backchannel.SendAsync(requestMessage);
             responseMessage.EnsureSuccessStatusCode();
             var userInfoResponse = await responseMessage.Content.ReadAsStringAsync();
+
             JObject user;
             var contentType = responseMessage.Content.Headers.ContentType;
             if (contentType.MediaType.Equals("application/json", StringComparison.OrdinalIgnoreCase))
@@ -691,17 +639,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
             else
             {
-                throw new NotSupportedException("Unknown response type: " + contentType.MediaType);
+                return AuthenticateResult.Fail("Unknown response type: " + contentType.MediaType);
             }
 
             var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
-            if (userInformationReceivedContext.HandledResponse)
+            AuthenticateResult result;
+            if (CheckEventResult(userInformationReceivedContext, out result))
             {
-                return userInformationReceivedContext.Ticket;
-            }
-            else if (userInformationReceivedContext.Skipped)
-            {
-                return ticket;
+                return result;
             }
             ticket = userInformationReceivedContext.Ticket;
             user = userInformationReceivedContext.User;
@@ -742,7 +687,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 identity.AddClaim(new Claim(pair.Key, claimValue, ClaimValueTypes.String, jwt.Issuer));
             }
 
-            return ticket;
+            return AuthenticateResult.Success(ticket);
         }
 
         /// <summary>
@@ -750,8 +695,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         /// <param name="principal">The principal in which tokens are saved.</param>
         /// <param name="message">The OpenID Connect response.</param>
-        /// <param name="saveRefreshToken">A <see cref="bool"/> indicating whether the refresh token should be stored.</param>
-        private void SaveTokens(ClaimsPrincipal principal, OpenIdConnectMessage message, string issuer, bool saveRefreshToken)
+        private void SaveTokens(ClaimsPrincipal principal, OpenIdConnectMessage message, string issuer)
         {
             var identity = (ClaimsIdentity)principal.Identity;
 
@@ -767,7 +711,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                                             ClaimValueTypes.String, issuer));
             }
 
-            if (saveRefreshToken && !string.IsNullOrEmpty(message.RefreshToken))
+            if (!string.IsNullOrEmpty(message.RefreshToken))
             {
                 identity.AddClaim(new Claim(OpenIdConnectParameterNames.RefreshToken, message.RefreshToken,
                                             ClaimValueTypes.String, issuer));
@@ -911,6 +855,25 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             return messageReceivedContext;
         }
 
+        private async Task<AuthorizationResponseReceivedContext> RunAuthorizationResponseReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties)
+        {
+            Logger.LogTrace(15, "Authorization response received.");
+            var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options, properties)
+            {
+                ProtocolMessage = message
+            };
+            await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
+            if (authorizationResponseReceivedContext.HandledResponse)
+            {
+                Logger.LogDebug(16, "AuthorizationResponseReceived.HandledResponse");
+            }
+            else if (authorizationResponseReceivedContext.Skipped)
+            {
+                Logger.LogDebug(17, "AuthorizationResponseReceived.Skipped");
+            }
+            return authorizationResponseReceivedContext;
+        }
+
         private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
         {
             var redirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey];
@@ -960,13 +923,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             return tokenResponseReceivedContext;
         }
 
-        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, AuthenticationProperties properties, OpenIdConnectMessage tokenEndpointResponse)
+        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, AuthenticationProperties properties, OpenIdConnectMessage tokenResponse)
         {
             var authenticationValidatedContext = new AuthenticationValidatedContext(Context, Options, properties)
             {
                 Ticket = ticket,
                 ProtocolMessage = message,
-                TokenEndpointResponse = tokenEndpointResponse,
+                TokenEndpointResponse = tokenResponse,
             };
 
             await Options.Events.AuthenticationValidated(authenticationValidatedContext);
@@ -1027,10 +990,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             return authenticationFailedContext;
         }
 
-        private AuthenticationTicket ValidateToken(string idToken, OpenIdConnectMessage message, AuthenticationProperties properties, TokenValidationParameters validationParameters, out JwtSecurityToken jwt)
+        private AuthenticationTicket ValidateToken(string idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, out JwtSecurityToken jwt)
         {
-            AuthenticationTicket ticket = null;
-            jwt = null;
+            if (!Options.SecurityTokenValidator.CanReadToken(idToken))
+            {
+                Logger.LogError(48, "Unable to read the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'.", idToken);
+                throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
+            }
 
             if (_configuration != null)
             {
@@ -1047,16 +1013,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
 
             SecurityToken validatedToken = null;
-            ClaimsPrincipal principal = null;
-            if (Options.SecurityTokenValidator.CanReadToken(idToken))
+            var principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out validatedToken);
+            jwt = validatedToken as JwtSecurityToken;
+            if (jwt == null)
             {
-                principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out validatedToken);
-                jwt = validatedToken as JwtSecurityToken;
-                if (jwt == null)
-                {
-                    Logger.LogError(45, "The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'", validatedToken?.GetType());
-                    throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
-                }
+                Logger.LogError(45, "The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'", validatedToken?.GetType());
+                throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
             }
 
             if (validatedToken == null)
@@ -1065,16 +1027,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
             }
 
-            ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
-            if (!string.IsNullOrEmpty(message.SessionState))
-            {
-                ticket.Properties.Items[OpenIdConnectSessionProperties.SessionState] = message.SessionState;
-            }
-
-            if (_configuration != null && !string.IsNullOrEmpty(_configuration.CheckSessionIframe))
-            {
-                ticket.Properties.Items[OpenIdConnectSessionProperties.CheckSessionIFrame] = _configuration.CheckSessionIframe;
-            }
+            var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
 
             if (Options.UseTokenLifetime)
             {

From 552afb87b5b048e5de0cb84abe956a8786da13e7 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Wed, 10 Feb 2016 05:47:19 -0800
Subject: [PATCH 468/900] Enable tests to run using dotnet xunit runner

---
 .../project.json                              | 19 +++++++---------
 .../project.json                              | 21 ++++++++----------
 .../project.json                              | 22 ++++++++-----------
 3 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 2048801a64..58a7082455 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -16,6 +16,13 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
+    "dnxcore50": {
+      "dependencies": {
+        "System.Runtime": "4.0.21-*",
+        "dotnet-test-xunit": "1.0.0-dev-*"
+      },
+      "imports": "portable-net451+win8"
+    },
     "dnx451": {
       "frameworkAssemblies": {
         "System.Runtime": "",
@@ -24,17 +31,7 @@
       "dependencies": {
         "xunit.runner.console": "2.1.0"
       }
-    },
-    "dnxcore50": {
-      "dependencies": {
-        "System.Runtime": "4.0.21-*",
-        "xunit.runner.aspnet": "2.0.0-aspnet-*"
-      },
-      "imports": "portable-net451+win8"
     }
   },
-  "testRunner": "xunit",
-  "commands": {
-    "test": "xunit.runner.aspnet"
-  }
+  "testRunner": "xunit"
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index d5d5544626..abe001fe46 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -11,24 +11,21 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
+    "dnxcore50": {
+      "dependencies": {
+        "dotnet-test-xunit": "1.0.0-dev-*" 
+      },
+      "imports": "portable-net451+win8"
+    },
     "dnx451": {
-     "frameworkAssemblies": {
+      "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": ""
       },
       "dependencies": {
         "xunit.runner.console": "2.1.0"
       }
-    },
-    "dnxcore50": {
-      "dependencies": {
-        "xunit.runner.aspnet": "2.0.0-aspnet-*"
-      },
-      "imports": "portable-net451+win8"
     }
   },
-  "testRunner": "xunit",
-  "commands": {
-    "test": "xunit.runner.aspnet"
-  }
-}
+  "testRunner": "xunit"
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index d39a059744..248e085c26 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -10,8 +10,14 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
+    "dnxcore50": {
+      "dependencies": {
+        "dotnet-test-xunit": "1.0.0-dev-*"
+      },
+      "imports": "portable-net451+win8"
+    },
     "dnx451": {
-     "frameworkAssemblies": {
+      "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": "",
         "System.Xml.Linq": ""
@@ -19,17 +25,7 @@
       "dependencies": {
         "xunit.runner.console": "2.1.0"
       }
-    },
-    "dnxcore50": {
-      "dependencies": {
-        "xunit.runner.aspnet": "2.0.0-aspnet-*"
-      },
-      "imports": "portable-net451+win8"
     }
   },
-  "testRunner": "xunit",
-  "commands": {
-    "test": "xunit.runner.aspnet"
-  }
-
-}
+  "testRunner": "xunit"
+}
\ No newline at end of file

From 2dc353e21991aa35424b37cc14239d52ccb245b1 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Sat, 13 Feb 2016 21:20:20 -0800
Subject: [PATCH 469/900] Fixed 1300 errors reported in VS on build

---
 test/Microsoft.AspNetCore.Authentication.Test/project.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 58a7082455..b3ca2d48d8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -18,7 +18,6 @@
   "frameworks": {
     "dnxcore50": {
       "dependencies": {
-        "System.Runtime": "4.0.21-*",
         "dotnet-test-xunit": "1.0.0-dev-*"
       },
       "imports": "portable-net451+win8"

From 0372daeebf59a79db0c054a37583b7d254f13bbe Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Fri, 19 Feb 2016 12:37:51 -0800
Subject: [PATCH 470/900] Updating test TFMs for custom test discovery

---
 .../Microsoft.AspNetCore.Authentication.Test/project.json | 4 ++--
 test/Microsoft.AspNetCore.Authorization.Test/project.json | 4 ++--
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json  | 4 ++--
 test/Microsoft.Owin.Security.Interop.Test/project.json    | 8 +++-----
 4 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index b3ca2d48d8..eb36173bf2 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -22,7 +22,7 @@
       },
       "imports": "portable-net451+win8"
     },
-    "dnx451": {
+    "net451": {
       "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": ""
@@ -33,4 +33,4 @@
     }
   },
   "testRunner": "xunit"
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index abe001fe46..651b9acb69 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -17,7 +17,7 @@
       },
       "imports": "portable-net451+win8"
     },
-    "dnx451": {
+    "net451": {
       "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": ""
@@ -28,4 +28,4 @@
     }
   },
   "testRunner": "xunit"
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 248e085c26..db1fce596a 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -16,7 +16,7 @@
       },
       "imports": "portable-net451+win8"
     },
-    "dnx451": {
+    "net451": {
       "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": "",
@@ -28,4 +28,4 @@
     }
   },
   "testRunner": "xunit"
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index 46fd46b489..ae53f6e2f7 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -13,15 +13,13 @@
     "xunit.runner.console": "2.1.0"
   },
   "frameworks": {
-    "dnx451": {
+    "net451": {
      "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": ""
       }
     }
   },
-  "testRunner": "xunit",
-  "commands": {
-    "test": "xunit.runner.aspnet"
-  }
+  "testRunner": "xunit"
 }
+

From 9bbbe535f2e979333d523a229ddd034af15c20cb Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 19 Feb 2016 12:24:40 -0800
Subject: [PATCH 471/900] #690 Enable custom OIDC authorization code
 redemption.

---
 Security.sln                                  |  18 +-
 .../AuthPropertiesTokenCache.cs               |  56 ++++++
 .../OpenIdConnect.AzureAdSample.xproj         |  23 +++
 .../Properties/launchSettings.json            |  25 +++
 .../OpenIdConnect.AzureAdSample/Startup.cs    | 171 ++++++++++++++++++
 .../OpenIdConnect.AzureAdSample/project.json  |  23 +++
 .../wwwroot/web.config                        |   9 +
 .../AuthorizationCodeReceivedContext.cs       |  74 ++++++--
 .../OpenIdConnectHandler.cs                   |  72 ++++----
 9 files changed, 423 insertions(+), 48 deletions(-)
 create mode 100644 samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
 create mode 100644 samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
 create mode 100644 samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
 create mode 100644 samples/OpenIdConnect.AzureAdSample/Startup.cs
 create mode 100644 samples/OpenIdConnect.AzureAdSample/project.json
 create mode 100644 samples/OpenIdConnect.AzureAdSample/wwwroot/web.config

diff --git a/Security.sln b/Security.sln
index 4c24c1d22f..2ed873270c 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,6 @@
-
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.23107.0
+VisualStudioVersion = 14.0.24720.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -56,6 +55,8 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Int
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Interop.Test", "test\Microsoft.Owin.Security.Interop.Test\Microsoft.Owin.Security.Interop.Test.xproj", "{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnect.AzureAdSample", "samples\OpenIdConnect.AzureAdSample\OpenIdConnect.AzureAdSample.xproj", "{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -312,6 +313,18 @@ Global
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.ActiveCfg = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.Build.0 = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x86.Build.0 = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.ActiveCfg = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -338,5 +351,6 @@ Global
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{A7922DD8-09F1-43E4-938B-CC523EA08898} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs b/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
new file mode 100644
index 0000000000..f174174cf8
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
@@ -0,0 +1,56 @@
+using System;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.IdentityModel.Clients.ActiveDirectory;
+
+namespace OpenIdConnect.AzureAdSample
+{
+    public class AuthPropertiesTokenCache : TokenCache
+    {
+        private const string TokenCacheKey = ".TokenCache";
+
+        private AuthenticationProperties _authProperties;
+
+        public bool HasCacheChanged { get; internal set; }
+
+        public AuthPropertiesTokenCache(AuthenticationProperties authProperties) : base()
+        {
+            _authProperties = authProperties;
+            BeforeAccess = BeforeAccessNotification;
+            AfterAccess = AfterAccessNotification;
+            BeforeWrite = BeforeWriteNotification;
+
+            string cachedTokensText;
+            if (authProperties.Items.TryGetValue(TokenCacheKey, out cachedTokensText))
+            {
+                var cachedTokens = Convert.FromBase64String(cachedTokensText);
+                Deserialize(cachedTokens);
+            }
+        }
+
+        // Notification raised before ADAL accesses the cache.
+        // This is your chance to update the in-memory copy from the DB, if the in-memory version is stale
+        private void BeforeAccessNotification(TokenCacheNotificationArgs args)
+        {
+
+        }
+
+        // Notification raised after ADAL accessed the cache.
+        // If the HasStateChanged flag is set, ADAL changed the content of the cache
+        private void AfterAccessNotification(TokenCacheNotificationArgs args)
+        {
+            // if state changed
+            if (HasStateChanged)
+            {
+                HasCacheChanged = true;
+                var cachedTokens = Serialize();
+                var cachedTokensText = Convert.ToBase64String(cachedTokens);
+                _authProperties.Items[TokenCacheKey] = cachedTokensText;
+            }
+        }
+
+        private void BeforeWriteNotification(TokenCacheNotificationArgs args)
+        {
+            // if you want to ensure that no concurrent write take place, use this notification to place a lock on the entry
+        }
+    }
+}
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
new file mode 100644
index 0000000000..c7b0ff10ed
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>3a7ad414-ebde-4f92-b307-4e8f19b6117e</ProjectGuid>
+    <RootNamespace>OpenIdConnect.AzureAdSample</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <DnxInvisibleContent Include="bower.json" />
+    <DnxInvisibleContent Include=".bowerrc" />
+    <DnxInvisibleContent Include="package.json" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
new file mode 100644
index 0000000000..22d7eec72e
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
@@ -0,0 +1,25 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:42023",
+      "sslPort": 0
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "Hosting:Environment": "Development"
+      }
+    },
+    "web": {
+      "commandName": "web",
+      "environmentVariables": {
+        "Hosting:Environment": "Development"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
new file mode 100644
index 0000000000..c5ddafd5ff
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -0,0 +1,171 @@
+using System;
+using System.Linq;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Extensions;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.IdentityModel.Clients.ActiveDirectory;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace OpenIdConnect.AzureAdSample
+{
+    public class Startup
+    {
+        private const string GraphResourceID = "https://graph.windows.net";
+
+        public Startup()
+        {
+            Configuration = new ConfigurationBuilder()
+                .AddEnvironmentVariables()
+                .AddUserSecrets()
+                .Build();
+        }
+
+        public IConfiguration Configuration { get; set; }
+
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddAuthentication(sharedOptions =>
+                sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
+        }
+
+        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        {
+            loggerfactory.AddConsole(LogLevel.Information);
+
+            // Simple error page
+            app.Use(async (context, next) =>
+            {
+                try
+                {
+                    await next();
+                }
+                catch (Exception ex)
+                {
+                    if (!context.Response.HasStarted)
+                    {
+                        context.Response.Clear();
+                        context.Response.StatusCode = 500;
+                        await context.Response.WriteAsync(ex.ToString());
+                    }
+                    else
+                    {
+                        throw;
+                    }
+                }
+            });
+
+            app.UseIISPlatformHandler();
+
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
+            {
+                AutomaticAuthenticate = true
+            });
+
+            var clientId = Configuration["oidc:clientid"];
+            var clientSecret = Configuration["oidc:clientsecret"];
+            var authority = Configuration["oidc:authority"];
+            var resource = "https://graph.windows.net";
+            app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
+            {
+                ClientId = clientId,
+                ClientSecret = clientSecret, // for code flow
+                Authority = authority,
+                ResponseType = OpenIdConnectResponseTypes.CodeIdToken,
+                // GetClaimsFromUserInfoEndpoint = true,
+                Events = new OpenIdConnectEvents()
+                {
+                    OnAuthorizationCodeReceived = async context =>
+                    {
+                        var request = context.HttpContext.Request;
+                        var currentUri = UriHelper.Encode(request.Scheme, request.Host, request.PathBase, request.Path);
+                        var credential = new ClientCredential(clientId, clientSecret);                                 
+                        var authContext = new AuthenticationContext(authority, new AuthPropertiesTokenCache(context.Properties));
+
+                        var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
+                            context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);
+
+                        context.HandleCodeRedemption(result.AccessToken, result.IdToken);
+                    }
+                }
+            });
+
+            app.Run(async context =>
+            {
+                if (context.Request.Path.Equals("/signout"))
+                {
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    context.Response.ContentType = "text/html";
+                    await context.Response.WriteAsync($"<html><body>Signing out {context.User.Identity.Name}<br>{Environment.NewLine}");
+                    await context.Response.WriteAsync("<a href=\"/\">Sign In</a>");
+                    await context.Response.WriteAsync($"</body></html>");
+                    return;
+                }
+
+                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
+                {
+                    await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+                    return;
+                }
+
+                context.Response.ContentType = "text/html";
+                await context.Response.WriteAsync($"<html><body>Hello Authenticated User {context.User.Identity.Name}<br>{Environment.NewLine}");
+                await context.Response.WriteAsync("Claims:<br>" + Environment.NewLine);
+                foreach (var claim in context.User.Claims)
+                {
+                    await context.Response.WriteAsync($"{claim.Type}: {claim.Value}<br>{Environment.NewLine}");
+                }
+
+                await context.Response.WriteAsync("Tokens:<br>" + Environment.NewLine);
+                try
+                {
+                    // Retrieve the auth session with the cached tokens
+                    var authenticateContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.Authentication.AuthenticateAsync(authenticateContext);
+                    var authProperties = new AuthenticationProperties(authenticateContext.Properties);
+                    var tokenCache = new AuthPropertiesTokenCache(authProperties);
+
+                    // Use ADAL to get the right token
+                    var authContext = new AuthenticationContext(authority, tokenCache);
+                    var credential = new ClientCredential(clientId, clientSecret);
+                    string userObjectID = context.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
+                    var result = authContext.AcquireTokenSilent(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
+
+                    // Update the cookie with the modified tokens
+                    if (tokenCache.HasCacheChanged)
+                    {
+                        await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, authenticateContext.Principal, authProperties);
+                    }
+
+                    await context.Response.WriteAsync($"access_token: {result.AccessToken}<br>{Environment.NewLine}");
+                }
+                catch (Exception ex)
+                {
+                    await context.Response.WriteAsync($"AquireToken error: {ex.Message}<br>{Environment.NewLine}");
+                }
+
+                await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a>");
+                await context.Response.WriteAsync($"</body></html>");
+            });
+        }
+
+        public static void Main(string[] args)
+        {
+            var host = new WebHostBuilder()
+                .UseDefaultConfiguration(args)
+                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
+                .UseIISPlatformHandlerUrl()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+    }
+}
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
new file mode 100644
index 0000000000..dabb9262fc
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -0,0 +1,23 @@
+{
+  "dependencies": {
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
+    "Microsoft.AspNetCore.Http.Extensions": "1.0.0-*",
+    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.IdentityModel.Clients.ActiveDirectory": "2.22.302111727",
+    "Microsoft.NETCore.Platforms": "1.0.1-*"
+  },
+  "frameworks": {
+    "dnx451": { }
+  },
+  "compilationOptions": {
+    "emitEntryPoint": true
+  },
+  "commands": {
+    "web": "OpenIdConnect.AzureAdSample"
+  },
+  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
+}
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/wwwroot/web.config b/samples/OpenIdConnect.AzureAdSample/wwwroot/web.config
new file mode 100644
index 0000000000..8485f6719f
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/wwwroot/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
+    </handlers>
+    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" stdoutLogEnabled="false" startupTimeLimit="3600"/>
+  </system.webServer>
+</configuration>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index d1737cd259..49c863e4b8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -1,11 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
+using System.Net.Http;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
@@ -17,29 +18,76 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
+        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
-            Properties = properties;
         }
 
         public AuthenticationProperties Properties { get; set; }
 
         /// <summary>
-        /// Gets or sets the 'code'.
-        /// </summary>
-        public string Code { get; set; }
-
-        /// <summary>
-        /// Gets or sets the <see cref="JwtSecurityToken"/> that was received in the id_token + code OpenIdConnectRequest.
+        /// Gets or sets the <see cref="JwtSecurityToken"/> that was received in the authentication response, if any.
         /// </summary>
         public JwtSecurityToken JwtSecurityToken { get; set; }
 
         /// <summary>
-        /// Gets or sets the 'redirect_uri'.
+        /// The request that will be sent to the token endpoint and is available for customization.
         /// </summary>
-        /// <remarks>This is the redirect_uri that was sent in the id_token + code OpenIdConnectRequest.</remarks>
-        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "user controlled, not necessarily a URI")]
-        public string RedirectUri { get; set; }
+        public OpenIdConnectMessage TokenEndpointRequest { get; set; }
+
+        /// <summary>
+        /// The configured communication channel to the identity provider for use when making custom requests to the token endpoint.
+        /// </summary>
+        public HttpClient Backchannel { get; internal set; }
+
+        /// <summary>
+        /// If the developer chooses to redeem the code themselves then they can provide the resulting tokens here. This is the
+        /// same as calling HandleCodeRedemption. If set then the middleware will not attempt to redeem the code. An IdToken
+        /// is required if one had not been previously received in the authorization response. An access token is optional
+        /// if the middleware is to contact the user-info endpoint.
+        /// </summary>
+        public OpenIdConnectMessage TokenEndpointResponse { get; set; }
+
+        /// <summary>
+        /// Indicates if the developer choose to handle (or skip) the code redemption. If true then the middleware will not attempt
+        /// to redeem the code. See HandleCodeRedemption and TokenEndpointResponse.
+        /// </summary>
+        public bool HandledCodeRedemption => TokenEndpointResponse != null;
+
+        /// <summary>
+        /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+        /// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
+        /// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
+        /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+        /// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
+        /// </summary>
+        public void HandleCodeRedemption()
+        {
+            TokenEndpointResponse = new OpenIdConnectMessage();
+        }
+
+        /// <summary>
+        /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+        /// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
+        /// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
+        /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+        /// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
+        /// </summary>
+        public void HandleCodeRedemption(string accessToken, string idToken)
+        {
+            TokenEndpointResponse = new OpenIdConnectMessage() { AccessToken = accessToken, IdToken = idToken };
+        }
+
+        /// <summary>
+        /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+        /// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
+        /// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
+        /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+        /// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
+        /// </summary>
+        public void HandleCodeRedemption(OpenIdConnectMessage tokenEndpointResponse)
+        {
+            TokenEndpointResponse = tokenEndpointResponse;
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 4084e21007..4dc4a32b85 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -303,7 +303,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Invoked to process incoming OpenIdConnect messages.
         /// </summary>
         /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
-        /// <remarks>Uses log id's OIDCH-0000 - OIDCH-0025</remarks>
         protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
             Logger.LogTrace(10, "Entering: {0}." + nameof(HandleRemoteAuthenticateAsync), GetType());
@@ -450,16 +449,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // Authorization Code or Hybrid flow
                 if (!string.IsNullOrEmpty(authorizationResponse.Code))
                 {
-                    // TODO: Does this event provide any value over AuthorizationResponseReceived or AuthorizationResponseValidated?
                     var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(authorizationResponse, properties, ticket, jwt);
                     if (CheckEventResult(authorizationCodeReceivedContext, out result))
                     {
                         return result;
                     }
                     authorizationResponse = authorizationCodeReceivedContext.ProtocolMessage;
-                    var code = authorizationCodeReceivedContext.Code;
+                    properties = authorizationCodeReceivedContext.Properties;
+                    var tokenEndpointRequest = authorizationCodeReceivedContext.TokenEndpointRequest;
+                    // If the developer redeemed the code themselves...
+                    tokenEndpointResponse = authorizationCodeReceivedContext.TokenEndpointResponse;
+                    ticket = authorizationCodeReceivedContext.Ticket;
+                    jwt = authorizationCodeReceivedContext.JwtSecurityToken;
 
-                    tokenEndpointResponse = await RedeemAuthorizationCodeAsync(code, authorizationCodeReceivedContext.RedirectUri);
+                    if (!authorizationCodeReceivedContext.HandledCodeRedemption)
+                    {
+                        tokenEndpointResponse = await RedeemAuthorizationCodeAsync(tokenEndpointRequest);
+                    }
 
                     var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties);
                     if (CheckEventResult(authorizationCodeRedeemedContext, out result))
@@ -485,13 +491,17 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         }
                     }
 
-                    Options.ProtocolValidator.ValidateTokenResponse(new OpenIdConnectProtocolValidationContext()
+                    // Validate the token response if it wasn't provided manually
+                    if (!authorizationCodeReceivedContext.HandledCodeRedemption)
                     {
-                        ClientId = Options.ClientId,
-                        ProtocolMessage = tokenEndpointResponse,
-                        ValidatedIdToken = jwt,
-                        Nonce = nonce
-                    });
+                        Options.ProtocolValidator.ValidateTokenResponse(new OpenIdConnectProtocolValidationContext()
+                        {
+                            ClientId = Options.ClientId,
+                            ProtocolMessage = tokenEndpointResponse,
+                            ValidatedIdToken = jwt,
+                            Nonce = nonce
+                        });
+                    }
                 }
 
                 var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(authorizationResponse, ticket, properties, tokenEndpointResponse);
@@ -574,23 +584,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <param name="authorizationCode">The authorization code to redeem.</param>
         /// <param name="redirectUri">Uri that was passed in the request sent for the authorization code.</param>
         /// <returns>OpenIdConnect message that has tokens inside it.</returns>
-        protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(string authorizationCode, string redirectUri)
+        protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
         {
             Logger.LogDebug(21, "Redeeming code for tokens.");
-
-            var openIdMessage = new OpenIdConnectMessage()
-            {
-                ClientId = Options.ClientId,
-                ClientSecret = Options.ClientSecret,
-                Code = authorizationCode,
-                GrantType = "authorization_code",
-                RedirectUri = redirectUri
-            };
-
-            // TODO: Event that lets you customize the message. E.g. use certificates, specify resources.
-
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.TokenEndpoint);
-            requestMessage.Content = new FormUrlEncodedContent(openIdMessage.Parameters);
+            requestMessage.Content = new FormUrlEncodedContent(tokenEndpointRequest.Parameters);
             var responseMessage = await Backchannel.SendAsync(requestMessage);
             responseMessage.EnsureSuccessStatusCode();
             var tokenResonse = await responseMessage.Content.ReadAsStringAsync();
@@ -874,19 +872,27 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             return authorizationResponseReceivedContext;
         }
 
-        private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
+        private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
         {
-            var redirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey];
+            Logger.LogTrace(32, "AuthorizationCode received");
 
-            Logger.LogTrace(32, "AuthorizationCode received: '{0}'", message.Code);
-
-            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options, properties)
+            var tokenEndpointRequest = new OpenIdConnectMessage()
             {
-                Code = message.Code,
-                ProtocolMessage = message,
-                RedirectUri = redirectUri,
+                ClientId = Options.ClientId,
+                ClientSecret = Options.ClientSecret,
+                Code = authorizationResponse.Code,
+                GrantType = OpenIdConnectGrantTypes.AuthorizationCode,
+                RedirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]
+            };
+
+            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options)
+            {
+                ProtocolMessage = authorizationResponse,
+                Properties = properties,
+                TokenEndpointRequest = tokenEndpointRequest,
                 Ticket = ticket,
-                JwtSecurityToken = jwt
+                JwtSecurityToken = jwt,
+                Backchannel = Backchannel,
             };
 
             await Options.Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);

From a9ac505088024afc671dd340b9fc80c488959e60 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Wed, 24 Feb 2016 13:04:07 -0800
Subject: [PATCH 472/900] Use Mono 4.0.5 - Mono beta is now 4.2.1 which doesn't
 work reliably with `nuget.exe`   - see also aspnet/External#48

---
 build.cmd | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/build.cmd b/build.cmd
index ebb619e737..95b049cf63 100644
--- a/build.cmd
+++ b/build.cmd
@@ -2,7 +2,7 @@
 SETLOCAL
 
 SET REPO_FOLDER=%~dp0
-CD %REPO_FOLDER%
+CD "%REPO_FOLDER%"
 
 SET BUILD_FOLDER=.build
 SET KOREBUILD_FOLDER=%BUILD_FOLDER%\KoreBuild-dotnet
@@ -28,12 +28,11 @@ IF NOT EXIST %NUGET_PATH% (
     copy %CACHED_NUGET% %NUGET_PATH% > nul
 )
 
+SET KOREBUILD_DOWNLOAD_ARGS=
+IF NOT "%KOREBUILD_VERSION%"=="" (
+    SET KOREBUILD_DOWNLOAD_ARGS=-version %KOREBUILD_VERSION%
+)
 IF NOT EXIST %KOREBUILD_FOLDER% (
-    SET KOREBUILD_DOWNLOAD_ARGS=
-    IF NOT "%KOREBUILD_VERSION%"=="" (
-        SET KOREBUILD_DOWNLOAD_ARGS=-version %KOREBUILD_VERSION%
-    )
-    
     %BUILD_FOLDER%\nuget.exe install KoreBuild-dotnet -ExcludeVersion -o %BUILD_FOLDER% -nocache -pre %KOREBUILD_DOWNLOAD_ARGS%
 )
 

From 4499c55109fa59a0336ce73763027bd850a9761e Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Sat, 27 Feb 2016 12:51:14 -0800
Subject: [PATCH 473/900] Update the build scripts

---
 build.cmd | 41 ++-----------------------------------
 build.ps1 | 36 +++++++++++++++++++++++++++++++++
 build.sh  | 60 +++++++++++++++++++++++--------------------------------
 3 files changed, 63 insertions(+), 74 deletions(-)
 create mode 100644 build.ps1

diff --git a/build.cmd b/build.cmd
index 95b049cf63..2fa024b15e 100644
--- a/build.cmd
+++ b/build.cmd
@@ -1,39 +1,2 @@
-@ECHO off
-SETLOCAL
-
-SET REPO_FOLDER=%~dp0
-CD "%REPO_FOLDER%"
-
-SET BUILD_FOLDER=.build
-SET KOREBUILD_FOLDER=%BUILD_FOLDER%\KoreBuild-dotnet
-SET KOREBUILD_VERSION=
-
-SET NUGET_PATH=%BUILD_FOLDER%\NuGet.exe
-SET NUGET_VERSION=latest
-SET CACHED_NUGET=%LocalAppData%\NuGet\nuget.%NUGET_VERSION%.exe
-
-IF NOT EXIST %BUILD_FOLDER% (
-    md %BUILD_FOLDER%
-)
-
-IF NOT EXIST %NUGET_PATH% (
-    IF NOT EXIST %CACHED_NUGET% (
-        echo Downloading latest version of NuGet.exe...
-        IF NOT EXIST %LocalAppData%\NuGet ( 
-            md %LocalAppData%\NuGet
-        )
-        @powershell -NoProfile -ExecutionPolicy unrestricted -Command "$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest 'https://dist.nuget.org/win-x86-commandline/%NUGET_VERSION%/nuget.exe' -OutFile '%CACHED_NUGET%'"
-    )
-
-    copy %CACHED_NUGET% %NUGET_PATH% > nul
-)
-
-SET KOREBUILD_DOWNLOAD_ARGS=
-IF NOT "%KOREBUILD_VERSION%"=="" (
-    SET KOREBUILD_DOWNLOAD_ARGS=-version %KOREBUILD_VERSION%
-)
-IF NOT EXIST %KOREBUILD_FOLDER% (
-    %BUILD_FOLDER%\nuget.exe install KoreBuild-dotnet -ExcludeVersion -o %BUILD_FOLDER% -nocache -pre %KOREBUILD_DOWNLOAD_ARGS%
-)
-
-"%KOREBUILD_FOLDER%\build\KoreBuild.cmd" %*
+@ECHO OFF
+PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0build.ps1' %*"
\ No newline at end of file
diff --git a/build.ps1 b/build.ps1
new file mode 100644
index 0000000000..4fd24a30d5
--- /dev/null
+++ b/build.ps1
@@ -0,0 +1,36 @@
+cd $PSScriptRoot
+
+$repoFolder = $PSScriptRoot
+$env:REPO_FOLDER = $repoFolder
+
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+if ($env:KOREBUILD_ZIP)
+{
+    $koreBuildZip=$env:KOREBUILD_ZIP
+}
+
+$buildFolder = ".build"
+$buildFile="$buildFolder\KoreBuild.ps1"
+
+if (!(Test-Path $buildFolder)) {
+    Write-Host "Downloading KoreBuild from $koreBuildZip"    
+    
+    $tempFolder=$env:TEMP + "\KoreBuild-" + [guid]::NewGuid()
+    New-Item -Path "$tempFolder" -Type directory | Out-Null
+
+    $localZipFile="$tempFolder\korebuild.zip"
+    
+    Invoke-WebRequest $koreBuildZip -OutFile $localZipFile
+    Add-Type -AssemblyName System.IO.Compression.FileSystem
+    [System.IO.Compression.ZipFile]::ExtractToDirectory($localZipFile, $tempFolder)
+    
+    New-Item -Path "$buildFolder" -Type directory | Out-Null
+    copy-item "$tempFolder\**\build\*" $buildFolder -Recurse
+
+    # Cleanup
+    if (Test-Path $tempFolder) {
+        Remove-Item -Recurse -Force $tempFolder
+    }
+}
+
+&"$buildFile" $args
\ No newline at end of file
diff --git a/build.sh b/build.sh
index 263fb667a8..79638d06b6 100755
--- a/build.sh
+++ b/build.sh
@@ -1,45 +1,35 @@
 #!/usr/bin/env bash
+repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+cd $repoFolder
 
-buildFolder=.build
-koreBuildFolder=$buildFolder/KoreBuild-dotnet
-
-nugetPath=$buildFolder/nuget.exe
-
-if test `uname` = Darwin; then
-    cachedir=~/Library/Caches/KBuild
-else
-    if [ -z $XDG_DATA_HOME ]; then
-        cachedir=$HOME/.local/share
-    else
-        cachedir=$XDG_DATA_HOME;
-    fi
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+if [ ! -z $KOREBUILD_ZIP ]; then
+    koreBuildZip=$KOREBUILD_ZIP
 fi
-mkdir -p $cachedir
-nugetVersion=latest
-cacheNuget=$cachedir/nuget.$nugetVersion.exe
 
-nugetUrl=https://dist.nuget.org/win-x86-commandline/$nugetVersion/nuget.exe
+buildFolder=".build"
+buildFile="$buildFolder/KoreBuild.sh"
 
 if test ! -d $buildFolder; then
+    echo "Downloading KoreBuild from $koreBuildZip"
+    
+    tempFolder="/tmp/KoreBuild-$(uuidgen)"    
+    mkdir $tempFolder
+    
+    localZipFile="$tempFolder/korebuild.zip"
+    
+    wget -O $localZipFile $koreBuildZip 2>/dev/null || curl -o $localZipFile --location $koreBuildZip /dev/null
+    unzip -q -d $tempFolder $localZipFile
+  
     mkdir $buildFolder
-fi
-
-if test ! -f $nugetPath; then
-    if test ! -f $cacheNuget; then
-        wget -O $cacheNuget $nugetUrl 2>/dev/null || curl -o $cacheNuget --location $nugetUrl /dev/null
+    cp -r $tempFolder/**/build/** $buildFolder
+    
+    chmod +x $buildFile
+    
+    # Cleanup
+    if test ! -d $tempFolder; then
+        rm -rf $tempFolder  
     fi
-
-    cp $cacheNuget $nugetPath
 fi
 
-if test ! -d $koreBuildFolder; then
-    mono $nugetPath install KoreBuild-dotnet -ExcludeVersion -o $buildFolder -nocache -pre
-    chmod +x $koreBuildFolder/build/KoreBuild.sh
-fi
-
-makeFile=makefile.shade
-if [ ! -e $makeFile ]; then
-    makeFile=$koreBuildFolder/build/makefile.shade
-fi
-
-./$koreBuildFolder/build/KoreBuild.sh -n $nugetPath -m $makeFile "$@"
+$buildFile -r $repoFolder "$@"

From 9a57f8116da0b1cd9eb2d7114df4a7ca42590057 Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Sun, 28 Feb 2016 10:12:17 -0800
Subject: [PATCH 474/900] Return the error code from build.cmd

---
 build.cmd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.cmd b/build.cmd
index 2fa024b15e..7d4894cb4a 100644
--- a/build.cmd
+++ b/build.cmd
@@ -1,2 +1,2 @@
 @ECHO OFF
-PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0build.ps1' %*"
\ No newline at end of file
+PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0build.ps1' %*; exit $LASTEXITCODE"
\ No newline at end of file

From e3979fd3feb5d55b47bb4115f2afd0cf61f632b0 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Tue, 1 Mar 2016 13:36:53 -0800
Subject: [PATCH 475/900] Transition to netstandard.

- dotnet5.X => netstandard1.y (where y = x-1).
- DNXCore50 => netstandardapp1.5.
- Applied the same changes to ifdefs.
---
 samples/CookieSample/project.json                     | 10 +++++++---
 samples/CookieSessionSample/project.json              | 10 +++++++---
 samples/JwtBearerSample/project.json                  | 10 +++++++---
 samples/OpenIdConnectSample/project.json              |  6 +++++-
 samples/SocialSample/project.json                     | 10 +++++++---
 .../project.json                                      |  6 +++++-
 .../project.json                                      |  7 +++++--
 .../project.json                                      |  7 +++++--
 .../project.json                                      | 11 +++++++----
 .../project.json                                      |  7 +++++--
 .../project.json                                      |  9 ++++++---
 .../project.json                                      |  7 +++++--
 .../project.json                                      |  9 ++++++---
 src/Microsoft.AspNetCore.Authentication/project.json  |  9 ++++++---
 src/Microsoft.AspNetCore.Authorization/project.json   |  9 ++++++---
 src/Microsoft.AspNetCore.CookiePolicy/project.json    |  6 +++++-
 .../project.json                                      |  9 ++++++---
 .../project.json                                      | 11 +++++++----
 .../project.json                                      |  9 ++++++---
 19 files changed, 113 insertions(+), 49 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index fa17dd9cf3..a3e9f4556d 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -14,7 +14,11 @@
     "web": "CookieSample"
   },
   "frameworks": {
-    "dnx451": { },
-    "dnxcore50": { }
+    "dnx451": {},
+    "netstandardapp1.5": {
+      "imports": [
+        "dnxcore50"
+      ]
+    }
   }
-}
+}
\ No newline at end of file
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 8de831b403..e60b1b355c 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -15,7 +15,11 @@
     "web": "CookieSessionSample"
   },
   "frameworks": {
-    "dnx451": { },
-    "dnxcore50": { }
+    "dnx451": {},
+    "netstandardapp1.5": {
+      "imports": [
+        "dnxcore50"
+      ]
+    }
   }
-}
+}
\ No newline at end of file
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 436a2203be..0f6a6c9df5 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -15,8 +15,12 @@
     "web": "JwtBearerSample"
   },
   "frameworks": {
-    "dnx451": { },
-    "dnxcore50": { }
+    "dnx451": {},
+    "netstandardapp1.5": {
+      "imports": [
+        "dnxcore50"
+      ]
+    }
   },
   "exclude": [
     "wwwroot",
@@ -27,4 +31,4 @@
     "**.vspscc"
   ],
   "userSecretsId": "aspnet5-JwtBearerSample-20151210102827"
-}
+}
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index e5bec9e8c6..12d88dfed1 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -10,7 +10,11 @@
   },
   "frameworks": {
     "dnx451": {},
-    "dnxcore50": {}
+    "netstandardapp1.5": {
+      "imports": [
+        "dnxcore50"
+      ]
+    }
   },
   "compilationOptions": {
     "emitEntryPoint": true
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 00570902f6..a4c71e0b70 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -19,8 +19,12 @@
     "web": "SocialSample"
   },
   "frameworks": {
-    "dnx451": { },
-    "dnxcore50": { }
+    "dnx451": {},
+    "netstandardapp1.5": {
+      "imports": [
+        "dnxcore50"
+      ]
+    }
   },
   "userSecretsId": "aspnet5-SocialSample-20151210111056"
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 5ceb5b7a64..46666ed124 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -16,6 +16,10 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {}
+    "netstandard1.3": {
+      "imports": [
+        "dotnet5.4"
+      ]
+    }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 5dbf6f6cfb..e93b2feb4d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -14,8 +14,11 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {
-      "imports": "portable-net451+win8"
+    "netstandard1.3": {
+      "imports": [
+        "dotnet5.4",
+        "portable-net451+win8"
+      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 929424cc14..d250dee275 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -14,8 +14,11 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {
-      "imports": "portable-net451+win8"
+    "netstandard1.3": {
+      "imports": [
+        "dotnet5.4",
+        "portable-net451+win8"
+      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index f6e200b7c2..21be97e4b8 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -14,9 +14,12 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "dotnet5.4": {
-      "imports": "portable-net451+win8"
+    "net451": {},
+    "netstandard1.3": {
+      "imports": [
+        "dotnet5.4",
+        "portable-net451+win8"
+      ]
     }
   }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index c415b2a63f..468955a931 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -14,8 +14,11 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {
-      "imports": "portable-net451+win8"
+    "netstandard1.3": {
+      "imports": [
+        "dotnet5.4",
+        "portable-net451+win8"
+      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index c5128412c4..dc073ab7ba 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -19,11 +19,14 @@
         "System.Net.Http": ""
       }
     },
-    "dotnet5.4": {
+    "netstandard1.3": {
       "dependencies": {
         "System.Net.Http": "4.0.1-*"
       },
-      "imports": "portable-net451+win8"
+      "imports": [
+        "dotnet5.4",
+        "portable-net451+win8"
+      ]
     }
   }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 90487a898b..fc58e6a890 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -15,8 +15,11 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {
-      "imports": "portable-net451+win8"
+    "netstandard1.3": {
+      "imports": [
+        "dotnet5.4",
+        "portable-net451+win8"
+      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 67ebf2c0db..8dd3556bcc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -18,10 +18,13 @@
         "System.Net.Http": ""
       }
     },
-    "dotnet5.4": {
+    "netstandard1.3": {
       "dependencies": {
         "System.Net.Http": "4.0.1-*"
-      }
+      },
+      "imports": [
+        "dotnet5.4"
+      ]
     }
   }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index d34a6697bc..73f7ed80d2 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -27,11 +27,14 @@
         "System.Net.Http": ""
       }
     },
-    "dotnet5.4": {
+    "netstandard1.3": {
       "dependencies": {
         "System.Net.Http": "4.0.1-*"
       },
-      "imports": "portable-net451"
+      "imports": [
+        "dotnet5.4",
+        "portable-net451"
+      ]
     }
   }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 688fd84037..f07e8d2d5d 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -14,11 +14,14 @@
     "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "dotnet5.4": {
+    "net451": {},
+    "netstandard1.3": {
       "dependencies": {
         "System.Security.Claims": "4.0.1-*"
-      }
+      },
+      "imports": [
+        "dotnet5.4"
+      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index a2c04f1455..ce4c552dc9 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -15,6 +15,10 @@
   },
   "frameworks": {
     "net451": {},
-    "dotnet5.4": {}
+    "netstandard1.3": {
+      "imports": [
+        "dotnet5.4"
+      ]
+    }
   }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index eb36173bf2..c05a8963b7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -16,11 +16,14 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
-    "dnxcore50": {
+    "netstandardapp1.5": {
       "dependencies": {
         "dotnet-test-xunit": "1.0.0-dev-*"
       },
-      "imports": "portable-net451+win8"
+      "imports": [
+        "dnxcore50",
+        "portable-net451+win8"
+      ]
     },
     "net451": {
       "frameworkAssemblies": {
@@ -33,4 +36,4 @@
     }
   },
   "testRunner": "xunit"
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 651b9acb69..560766c038 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -11,11 +11,14 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
-    "dnxcore50": {
+    "netstandardapp1.5": {
       "dependencies": {
-        "dotnet-test-xunit": "1.0.0-dev-*" 
+        "dotnet-test-xunit": "1.0.0-dev-*"
       },
-      "imports": "portable-net451+win8"
+      "imports": [
+        "dnxcore50",
+        "portable-net451+win8"
+      ]
     },
     "net451": {
       "frameworkAssemblies": {
@@ -28,4 +31,4 @@
     }
   },
   "testRunner": "xunit"
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index db1fce596a..f6dad148ab 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -10,11 +10,14 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
-    "dnxcore50": {
+    "netstandardapp1.5": {
       "dependencies": {
         "dotnet-test-xunit": "1.0.0-dev-*"
       },
-      "imports": "portable-net451+win8"
+      "imports": [
+        "dnxcore50",
+        "portable-net451+win8"
+      ]
     },
     "net451": {
       "frameworkAssemblies": {
@@ -28,4 +31,4 @@
     }
   },
   "testRunner": "xunit"
-}
+}
\ No newline at end of file

From e9760b48d039b40345f51bd14e61d44b6fb98d80 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <Eilon@users.noreply.github.com>
Date: Wed, 2 Mar 2016 09:31:20 -0800
Subject: [PATCH 476/900] Fixed broken link

Fixes https://github.com/aspnet/Security/issues/724.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b994c1eeac..02e65225c1 100644
--- a/README.md
+++ b/README.md
@@ -11,4 +11,4 @@ This project is part of ASP.NET 5. You can find samples, documentation and getti
 
 ### Notes
 
-ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes, as a shared secret authentication mechanism for server to server communication, or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.AspNet.Authentication.Basic).
+ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes, as a shared secret authentication mechanism for server to server communication, or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.AspNetCore.Authentication.Basic).

From b5300ad0e4c48a9d69b3be27df8bed9db3f959b2 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 2 Mar 2016 13:46:47 -0800
Subject: [PATCH 477/900] Update doc comments

---
 .../CookieAuthenticationOptions.cs             |  2 +-
 .../OpenIdConnectOptions.cs                    |  2 +-
 .../AuthenticationOptions.cs                   |  2 +-
 .../ClaimsTransformationOptions.cs             |  6 ++++++
 .../IClaimsTransformer.cs                      |  8 ++++++++
 .../RemoteAuthenticationOptions.cs             |  3 +++
 .../AuthorizationOptions.cs                    | 18 ++++++++++++++++++
 .../CookiePolicyOptions.cs                     | 16 ++++++++++++++++
 8 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index dc1a63bbf3..51cf43a0f1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -13,7 +13,7 @@ using Microsoft.Extensions.Options;
 namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
-    /// Contains the options used by the CookiesAuthenticationMiddleware
+    /// Configuration options for <see cref="CookieAuthenticationMiddleware"/>.
     /// </summary>
     public class CookieAuthenticationOptions : AuthenticationOptions, IOptions<CookieAuthenticationOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index de7bee1633..1b179c3369 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -17,7 +17,7 @@ using Microsoft.IdentityModel.Tokens;
 namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
-    /// Configuration options for <see cref="OpenIdConnectOptions"/>
+    /// Configuration options for <see cref="OpenIdConnectMiddleware"/>
     /// </summary>
     public class OpenIdConnectOptions : RemoteAuthenticationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
index 8f1fb06912..04d050b06e 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
@@ -6,7 +6,7 @@ using Microsoft.AspNetCore.Http.Authentication;
 namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
-    /// Base Options for all authentication middleware
+    /// Base Options for all authentication middleware.
     /// </summary>
     public abstract class AuthenticationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
index 7772457a02..70a76f27c6 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
@@ -5,8 +5,14 @@ using Microsoft.AspNetCore.Authentication;
 
 namespace Microsoft.AspNetCore.Builder
 {
+    /// <summary>
+    /// Contains the options used by the <see cref="ClaimsTransformationMiddleware"/>.
+    /// </summary>
     public class ClaimsTransformationOptions
     {
+        /// <summary>
+        /// Responsible for transforming the claims principal.
+        /// </summary>
         public IClaimsTransformer Transformer { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
index 03eece9318..5111c79714 100644
--- a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
@@ -6,8 +6,16 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authentication
 {
+    /// <summary>
+    /// Used for claims transformation.
+    /// </summary>
     public interface IClaimsTransformer
     {
+        /// <summary>
+        /// Provides a central transformation point to change the specified principal.
+        /// </summary>
+        /// <param name="principal">The principal to transform.</param>
+        /// <returns>The transformed principal.</returns>
         Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 0388c04bda..43e011c40e 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -8,6 +8,9 @@ using Microsoft.AspNetCore.Authentication;
 
 namespace Microsoft.AspNetCore.Builder
 {
+    /// <summary>
+    /// Contains the options used by the <see cref="RemoteAuthenticationHandler"/>.
+    /// </summary>
     public class RemoteAuthenticationOptions : AuthenticationOptions
     {
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
index c3019c907f..94799af29b 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
@@ -6,6 +6,9 @@ using System.Collections.Generic;
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Provides programmatic configuration used by <see cref="IAuthorizationService"/> and <see cref="IAuthorizationPolicyProvider"/>.
+    /// </summary>
     public class AuthorizationOptions
     {
         private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>(StringComparer.OrdinalIgnoreCase);
@@ -15,6 +18,11 @@ namespace Microsoft.AspNetCore.Authorization
         /// </summary>
         public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
 
+        /// <summary>
+        /// Add an authorization policy with the provided name.
+        /// </summary>
+        /// <param name="name">The name of the policy.</param>
+        /// <param name="policy">The authorization policy.</param>
         public void AddPolicy(string name, AuthorizationPolicy policy)
         {
             if (name == null)
@@ -30,6 +38,11 @@ namespace Microsoft.AspNetCore.Authorization
             PolicyMap[name] = policy;
         }
 
+        /// <summary>
+        /// Add a policy that is built from a delegate with the provided name.
+        /// </summary>
+        /// <param name="name">The name of the policy.</param>
+        /// <param name="configurePolicy">The delegate that will be used to build the policy.</param>
         public void AddPolicy(string name, Action<AuthorizationPolicyBuilder> configurePolicy)
         {
             if (name == null)
@@ -47,6 +60,11 @@ namespace Microsoft.AspNetCore.Authorization
             PolicyMap[name] = policyBuilder.Build();
         }
 
+        /// <summary>
+        /// Returns the policy for the specified name, or null if a policy with the name does not exist.
+        /// </summary>
+        /// <param name="name">The name of the policy to return.</param>
+        /// <returns>The policy for the specified name, or null if a policy with the name does not exist.</returns>
         public AuthorizationPolicy GetPolicy(string name)
         {
             if (name == null)
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index 812c714288..8201b58639 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -6,12 +6,28 @@ using Microsoft.AspNetCore.CookiePolicy;
 
 namespace Microsoft.AspNetCore.Builder
 {
+    /// <summary>
+    /// Provides programmatic configuration for the <see cref="CookiePolicyMiddleware"/>.
+    /// </summary>
     public class CookiePolicyOptions
     {
+        /// <summary>
+        /// Affects whether cookies must be HttpOnly.
+        /// </summary>
         public HttpOnlyPolicy HttpOnly { get; set; } = HttpOnlyPolicy.None;
+        /// <summary>
+        /// Affects whether cookies must be Secure.
+        /// </summary>
         public SecurePolicy Secure { get; set; } = SecurePolicy.None;
 
+        /// <summary>
+        /// Called when a cookie is appended.
+        /// </summary>
         public Action<AppendCookieContext> OnAppendCookie { get; set; }
+
+        /// <summary>
+        /// Called when a cookie is deleted.
+        /// </summary>
         public Action<DeleteCookieContext> OnDeleteCookie { get; set; }
     }
 }
\ No newline at end of file

From fbb628298cfabb610464388c42b7a8392295145a Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Wed, 2 Mar 2016 21:20:11 -0800
Subject: [PATCH 478/900] Remove project name from output path -
 aspnet/Coherence-Signed#187 - remove `<RootNamespace>` settings but maintain
 other unique aspects e.g. `<DnxInvisibleContent ... />` - in a few cases,
 standardize on VS version `14.0` and not something more specific

---
 samples/CookieSample/CookieSample.xproj                  | 2 +-
 samples/CookieSessionSample/CookieSessionSample.xproj    | 2 +-
 samples/JwtBearerSample/JwtBearerSample.xproj            | 7 ++-----
 .../OpenIdConnect.AzureAdSample.xproj                    | 3 +--
 samples/OpenIdConnectSample/OpenIdConnectSample.xproj    | 2 +-
 samples/SocialSample/SocialSample.xproj                  | 2 +-
 .../Microsoft.AspNetCore.Authentication.Cookies.xproj    | 2 +-
 .../Microsoft.AspNetCore.Authentication.Facebook.xproj   | 2 +-
 .../Microsoft.AspNetCore.Authentication.Google.xproj     | 2 +-
 .../Microsoft.AspNetCore.Authentication.JwtBearer.xproj  | 2 +-
 ...soft.AspNetCore.Authentication.MicrosoftAccount.xproj | 2 +-
 .../Microsoft.AspNetCore.Authentication.OAuth.xproj      | 2 +-
 ...crosoft.AspNetCore.Authentication.OpenIdConnect.xproj | 2 +-
 .../Microsoft.AspNetCore.Authentication.Twitter.xproj    | 2 +-
 .../Microsoft.AspNetCore.Authentication.xproj            | 2 +-
 .../Microsoft.AspNetCore.Authorization.xproj             | 2 +-
 .../Microsoft.AspNetCore.CookiePolicy.xproj              | 6 ++----
 .../Microsoft.Owin.Security.Interop.xproj                | 9 +++------
 .../Microsoft.AspNetCore.Authentication.Test.xproj       | 2 +-
 .../Microsoft.AspNetCore.Authorization.Test.xproj        | 2 +-
 .../Microsoft.AspNetCore.CookiePolicy.Test.xproj         | 5 ++---
 .../Microsoft.Owin.Security.Interop.Test.xproj           | 3 +--
 22 files changed, 27 insertions(+), 38 deletions(-)

diff --git a/samples/CookieSample/CookieSample.xproj b/samples/CookieSample/CookieSample.xproj
index 50d06f00e8..bb23e6481a 100644
--- a/samples/CookieSample/CookieSample.xproj
+++ b/samples/CookieSample/CookieSample.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>558c2c2a-aed8-49de-bb60-d5f8ae06c714</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/samples/CookieSessionSample/CookieSessionSample.xproj b/samples/CookieSessionSample/CookieSessionSample.xproj
index ec3d4dd5e6..c81393af16 100644
--- a/samples/CookieSessionSample/CookieSessionSample.xproj
+++ b/samples/CookieSessionSample/CookieSessionSample.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>19711880-46da-4a26-9e0f-9b2e41d27651</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/samples/JwtBearerSample/JwtBearerSample.xproj b/samples/JwtBearerSample/JwtBearerSample.xproj
index 15adb23f1b..ed0c9b32bd 100644
--- a/samples/JwtBearerSample/JwtBearerSample.xproj
+++ b/samples/JwtBearerSample/JwtBearerSample.xproj
@@ -4,15 +4,12 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>d399b84f-591b-4e98-92ba-b0f63e7b6957</ProjectGuid>
-    <RootNamespace>JwtBearerSample</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
-
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
@@ -22,4 +19,4 @@
     <DnxInvisibleContent Include="package.json" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
index c7b0ff10ed..e3495a2118 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
@@ -7,9 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>3a7ad414-ebde-4f92-b307-4e8f19b6117e</ProjectGuid>
-    <RootNamespace>OpenIdConnect.AzureAdSample</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
index 1f0879ea47..905bce8e3b 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>bef0f5c3-ef4e-4649-9c49-d5e279a3ca2b</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/samples/SocialSample/SocialSample.xproj b/samples/SocialSample/SocialSample.xproj
index 3d2aa528d0..775eebbc26 100644
--- a/samples/SocialSample/SocialSample.xproj
+++ b/samples/SocialSample/SocialSample.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>8c73d216-332d-41d8-bfd0-45bc4bc36552</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
index bc93d6322f..8c4f3cd41f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>fc152cc4-054b-457e-8d91-389c5de3c561</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
index 68ee50c4b7..3952592121 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>eeaaee68-607b-4e33-af3e-45c66b4dba5a</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
index f92646ce65..ff412f08ae 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>76579c39-b829-490d-b8be-1bd35fe8412e</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
index ef8673b48c..8d87a04b76 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>2755BFE5-7421-4A31-A644-F817DF5CAA98</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
index c15c0534e8..52dd6cb676 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>acb45e19-f520-4d0c-8916-b0ceb9c017fe</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
index 962888b9de..34a397bd59 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>1657c79e-7755-4aee-9d61-571295b69a30</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
index 9ae8192f24..2f970b5136 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>35115d55-b69e-46d4-bb33-c9e9e6ec5e7a</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
index 55deb0714f..5fba7a9742 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>0330fff6-b4b5-42dd-8c99-26a789569000</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
index fe12613f9e..e03db08476 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>2286250a-52c8-4126-9f93-b1e45f0ad078</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
index be8ba0e0ea..c6a57567b4 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>6ab3e514-5894-4131-9399-dc7d5284addb</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
index 4b5fbfe3b9..5ffad968d9 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -7,11 +7,9 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>86183dc3-02a8-4a68-8b60-71ecec066e79</ProjectGuid>
-    <RootNamespace>Microsoft.AspNetCore.CookiePolicy</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
-
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
index bb58ad7121..c6b01504ae 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
@@ -4,17 +4,14 @@
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
   </PropertyGroup>
-
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>a7922dd8-09f1-43e4-938b-cc523ea08898</ProjectGuid>
-    <RootNamespace>Microsoft.Owin.Security.Interop</RootNamespace>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
-
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
   </PropertyGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
index aaf23b99e3..aec10ee939 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>8da26cd1-1302-4cfd-9270-9fa1b7c6138b</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
index 579dd0f442..d596a5bb47 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
@@ -8,7 +8,7 @@
   <PropertyGroup Label="Globals">
     <ProjectGuid>7af5ad96-eb6e-4d0e-8abe-c0b543c0f4c2</ProjectGuid>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
index b04b3cd612..cf42659a08 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
@@ -7,9 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>1790e052-646f-4529-b90e-6fea95520d69</ProjectGuid>
-    <RootNamespace>Microsoft.AspNetCore.CookiePolicy.Test</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
index c3f5e576de..96d5b6c5a0 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
@@ -7,9 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>a2b5dc39-68d5-4145-a8cc-6aeab7d33a24</ProjectGuid>
-    <RootNamespace>Microsoft.Owin.Security.Interop.Test</RootNamespace>
     <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>

From cedef4dcbaf6f0b7a36270bbe13040e8b4103aed Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 3 Mar 2016 06:39:15 -0800
Subject: [PATCH 479/900] Fix build break

---
 src/Microsoft.AspNetCore.Authorization/project.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index f07e8d2d5d..511a05d56c 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -14,7 +14,11 @@
     "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": {
+      "frameworkAssemblies": {
+        "System.Runtime": { "type": "build" }
+      }
+    },
     "netstandard1.3": {
       "dependencies": {
         "System.Security.Claims": "4.0.1-*"

From ace166fa31af61a6c9924873e6bdcb45e7785d5d Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 3 Mar 2016 12:50:46 -0800
Subject: [PATCH 480/900] Save tokens in auth properties instead of claims

---
 samples/SocialSample/Startup.cs               |  66 ++++----
 .../JwtBearerHandler.cs                       |   8 +
 .../JwtBearerOptions.cs                       |   6 +
 .../OAuthHandler.cs                           |  23 +--
 .../OpenIdConnectHandler.cs                   |  27 ++--
 .../TwitterHandler.cs                         |   8 +-
 .../AuthenticationToken.cs                    |  12 ++
 .../RemoteAuthenticationOptions.cs            |  16 +-
 .../TokenExtensions.cs                        | 115 ++++++++++++++
 .../Google/GoogleMiddlewareTests.cs           |  15 ++
 .../TestExtensions.cs                         |  19 +++
 .../TokenExtensionTests.cs                    | 144 ++++++++++++++++++
 .../Transaction.cs                            |  12 ++
 13 files changed, 404 insertions(+), 67 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index ffbaf8dc59..4ab304c32e 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -5,6 +5,7 @@ using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.Google;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
@@ -71,13 +72,13 @@ namespace CookieSample
 
             // You must first create an app with facebook and add it's ID and Secret to your config.json or user-secrets.
             // https://developers.facebook.com/apps/
-            app.UseFacebookAuthentication(new FacebookOptions
-            {
-                AppId = Configuration["facebook:appid"],
-                AppSecret = Configuration["facebook:appsecret"],
-                Scope = { "email" },
-                Fields = { "name", "email" }
-            });
+            //app.UseFacebookAuthentication(new FacebookOptions
+            //{
+            //    AppId = Configuration["facebook:appid"],
+            //    AppSecret = Configuration["facebook:appsecret"],
+            //    Scope = { "email" },
+            //    Fields = { "name", "email" }
+            //});
 
             // See config.json
             app.UseOAuthAuthentication(new OAuthOptions
@@ -90,7 +91,7 @@ namespace CookieSample
                 AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint,
                 TokenEndpoint = GoogleDefaults.TokenEndpoint,
                 Scope = { "openid", "profile", "email" },
-                SaveTokensAsClaims = true
+                SaveTokens = true
             });
 
             // See config.json
@@ -146,27 +147,27 @@ namespace CookieSample
             The sample app can then be run via:
              dnx web
             */
-            app.UseOAuthAuthentication(new OAuthOptions
-            {
-                AuthenticationScheme = "Microsoft-AccessToken",
-                DisplayName = "MicrosoftAccount-AccessToken - Requires project changes",
-                ClientId = Configuration["msa:clientid"],
-                ClientSecret = Configuration["msa:clientsecret"],
-                CallbackPath = new PathString("/signin-microsoft-token"),
-                AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
-                TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
-                Scope = { "wl.basic" },
-                SaveTokensAsClaims = true
-            });
+            //app.UseOAuthAuthentication(new OAuthOptions
+            //{
+            //    AuthenticationScheme = "Microsoft-AccessToken",
+            //    DisplayName = "MicrosoftAccount-AccessToken - Requires project changes",
+            //    ClientId = Configuration["msa:clientid"],
+            //    ClientSecret = Configuration["msa:clientsecret"],
+            //    CallbackPath = new PathString("/signin-microsoft-token"),
+            //    AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
+            //    TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
+            //    Scope = { "wl.basic" },
+            //    SaveTokens = true
+            //});
 
-            //// You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
-            app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
-            {
-                DisplayName = "MicrosoftAccount - Requires project changes",
-                ClientId = Configuration["msa:clientid"],
-                ClientSecret = Configuration["msa:clientsecret"],
-                Scope = { "wl.emails" }
-            });
+            ////// You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
+            //app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
+            //{
+            //    DisplayName = "MicrosoftAccount - Requires project changes",
+            //    ClientId = Configuration["msa:clientid"],
+            //    ClientSecret = Configuration["msa:clientsecret"],
+            //    Scope = { "wl.emails" }
+            //});
 
             // See config.json
             // https://github.com/settings/applications/
@@ -179,7 +180,7 @@ namespace CookieSample
                 CallbackPath = new PathString("/signin-github-token"),
                 AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
                 TokenEndpoint = "https://github.com/login/oauth/access_token",
-                SaveTokensAsClaims = true
+                SaveTokens = true
             });
 
             // See config.json
@@ -318,6 +319,13 @@ namespace CookieSample
                 {
                     await context.Response.WriteAsync(claim.Type + ": " + claim.Value + "<br>");
                 }
+
+                await context.Response.WriteAsync("Tokens:<br>");
+                
+                await context.Response.WriteAsync("Access Token: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "access_token") + "<br>");
+                await context.Response.WriteAsync("Refresh Token: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "refresh_token") + "<br>");
+                await context.Response.WriteAsync("Token Type: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "token_type") + "<br>");
+                await context.Response.WriteAsync("expires_at: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "expires_at") + "<br>");
                 await context.Response.WriteAsync("<a href=\"/logout\">Logout</a>");
                 await context.Response.WriteAsync("</body></html>");
             });
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 00ecae0fb2..613dfbc152 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -153,6 +153,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                             return AuthenticateResult.Skip();
                         }
 
+                        if (Options.SaveToken)
+                        {
+                            ticket.Properties.StoreTokens(new[]
+                            {
+                                new AuthenticationToken { Name = "access_token", Value = token }
+                            });
+                        }
+
                         return AuthenticateResult.Success(ticket);
                     }
                 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index 0a08ff3e44..a4b5ef2ae2 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -110,5 +110,11 @@ namespace Microsoft.AspNetCore.Builder
         /// <remarks>Contains the types and definitions required for validating a token.</remarks>
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
         public TokenValidationParameters TokenValidationParameters { get; set; } = new TokenValidationParameters();
+
+        /// <summary>
+        /// Defines whether the bearer token should be stored in the
+        /// <see cref="AuthenticationProperties"/> after a successful authorization.
+        /// </summary>
+        public bool SaveToken { get; set; } = true;
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 7a06bee702..ddd26d9f01 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -85,21 +85,19 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
             var identity = new ClaimsIdentity(Options.ClaimsIssuer);
 
-            if (Options.SaveTokensAsClaims)
+            if (Options.SaveTokens)
             {
-                identity.AddClaim(new Claim("access_token", tokens.AccessToken,
-                                            ClaimValueTypes.String, Options.ClaimsIssuer));
+                var authTokens = new List<AuthenticationToken>();
 
+                authTokens.Add(new AuthenticationToken { Name = "access_token", Value = tokens.AccessToken });
                 if (!string.IsNullOrEmpty(tokens.RefreshToken))
                 {
-                    identity.AddClaim(new Claim("refresh_token", tokens.RefreshToken,
-                                                ClaimValueTypes.String, Options.ClaimsIssuer));
+                    authTokens.Add(new AuthenticationToken { Name = "refresh_token", Value = tokens.RefreshToken });
                 }
 
                 if (!string.IsNullOrEmpty(tokens.TokenType))
                 {
-                    identity.AddClaim(new Claim("token_type", tokens.TokenType,
-                                                ClaimValueTypes.String, Options.ClaimsIssuer));
+                    authTokens.Add(new AuthenticationToken { Name = "token_type", Value = tokens.TokenType });
                 }
 
                 if (!string.IsNullOrEmpty(tokens.ExpiresIn))
@@ -107,13 +105,18 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     int value;
                     if (int.TryParse(tokens.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out value))
                     {
-                        var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
                         // https://www.w3.org/TR/xmlschema-2/#dateTime
                         // https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
-                        identity.AddClaim(new Claim("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture),
-                                                    ClaimValueTypes.DateTime, Options.ClaimsIssuer));
+                        var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
+                        authTokens.Add(new AuthenticationToken
+                        {
+                            Name = "expires_at",
+                            Value = expiresAt.ToString("o", CultureInfo.InvariantCulture)
+                        });
                     }
                 }
+
+                properties.StoreTokens(authTokens);
             }
 
             return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, tokens));
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 4dc4a32b85..3c7f044386 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -105,9 +105,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     message.PostLogoutRedirectUri = logoutRedirectUri;
                 }
 
-                var principal = await Context.Authentication.AuthenticateAsync(Options.SignInScheme);
-                message.IdTokenHint = principal?.FindFirst(OpenIdConnectParameterNames.IdToken)?.Value;
-
+                message.IdTokenHint = await Context.Authentication.GetTokenAsync(OpenIdConnectParameterNames.IdToken);
                 var redirectContext = new RedirectContext(Context, Options, properties)
                 {
                     ProtocolMessage = message
@@ -513,9 +511,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 tokenEndpointResponse = authenticationValidatedContext.TokenEndpointResponse;
                 ticket = authenticationValidatedContext.Ticket;
 
-                if (Options.SaveTokensAsClaims)
+                if (Options.SaveTokens)
                 {
-                    SaveTokens(ticket.Principal, tokenEndpointResponse ?? authorizationResponse, jwt.Issuer);
+                    SaveTokens(ticket.Properties, tokenEndpointResponse ?? authorizationResponse);
                 }
 
                 if (Options.GetClaimsFromUserInfoEndpoint)
@@ -693,32 +691,28 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         /// <param name="principal">The principal in which tokens are saved.</param>
         /// <param name="message">The OpenID Connect response.</param>
-        private void SaveTokens(ClaimsPrincipal principal, OpenIdConnectMessage message, string issuer)
+        private void SaveTokens(AuthenticationProperties properties, OpenIdConnectMessage message)
         {
-            var identity = (ClaimsIdentity)principal.Identity;
+            var tokens = new List<AuthenticationToken>();
 
             if (!string.IsNullOrEmpty(message.AccessToken))
             {
-                identity.AddClaim(new Claim(OpenIdConnectParameterNames.AccessToken, message.AccessToken,
-                                            ClaimValueTypes.String, issuer));
+                tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.AccessToken, Value = message.AccessToken });
             }
 
             if (!string.IsNullOrEmpty(message.IdToken))
             {
-                identity.AddClaim(new Claim(OpenIdConnectParameterNames.IdToken, message.IdToken,
-                                            ClaimValueTypes.String, issuer));
+                tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.IdToken, Value = message.IdToken });
             }
 
             if (!string.IsNullOrEmpty(message.RefreshToken))
             {
-                identity.AddClaim(new Claim(OpenIdConnectParameterNames.RefreshToken, message.RefreshToken,
-                                            ClaimValueTypes.String, issuer));
+                tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.RefreshToken, Value = message.RefreshToken });
             }
 
             if (!string.IsNullOrEmpty(message.TokenType))
             {
-                identity.AddClaim(new Claim(OpenIdConnectParameterNames.TokenType, message.TokenType,
-                                            ClaimValueTypes.String, issuer));
+                tokens.Add(new AuthenticationToken { Name = OpenIdConnectParameterNames.TokenType, Value = message.TokenType });
             }
 
             if (!string.IsNullOrEmpty(message.ExpiresIn))
@@ -729,8 +723,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
                     // https://www.w3.org/TR/xmlschema-2/#dateTime
                     // https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
-                    identity.AddClaim(new Claim("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture),
-                                                ClaimValueTypes.DateTime, issuer));
+                    tokens.Add(new AuthenticationToken { Name = "expires_at", Value = expiresAt.ToString("o", CultureInfo.InvariantCulture) });
                 }
             }
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index c39cce1210..d856a9b845 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -88,10 +88,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             },
             Options.ClaimsIssuer);
 
-            if (Options.SaveTokensAsClaims)
+            if (Options.SaveTokens)
             {
-                identity.AddClaim(new Claim("access_token", accessToken.Token, ClaimValueTypes.String, Options.ClaimsIssuer));
-                identity.AddClaim(new Claim("access_token_secret", accessToken.TokenSecret, ClaimValueTypes.String, Options.ClaimsIssuer));
+                properties.StoreTokens(new [] {
+                    new AuthenticationToken { Name = "access_token", Value = accessToken.Token },
+                    new AuthenticationToken { Name = "access_token_secret", Value = accessToken.TokenSecret }
+                });
             }
 
             return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, accessToken));
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
new file mode 100644
index 0000000000..6503f0bb85
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
@@ -0,0 +1,12 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class AuthenticationToken
+    {
+        public string Name { get; set; }
+        public string Value { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 43e011c40e..d925be8ec4 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -51,19 +51,19 @@ namespace Microsoft.AspNetCore.Builder
             set { Description.DisplayName = value; }
         }
 
-        /// <summary>
-        /// Defines whether access and refresh tokens should be stored in the
-        /// <see cref="ClaimsPrincipal"/> after a successful authorization with the remote provider.
-        /// This property is set to <c>false</c> by default to reduce
-        /// the size of the final authentication cookie.
-        /// </summary>
-        public bool SaveTokensAsClaims { get; set; }
-
         /// <summary>
         /// Gets or sets the time limit for completing the authentication flow (15 minutes by default).
         /// </summary>
         public TimeSpan RemoteAuthenticationTimeout { get; set; } = TimeSpan.FromMinutes(15);
 
         public IRemoteAuthenticationEvents Events = new RemoteAuthenticationEvents();
+
+        /// <summary>
+        /// Defines whether access and refresh tokens should be stored in the
+        /// <see cref="AuthenticationProperties"/> after a successful authorization.
+        /// This property is set to <c>false</c> by default to reduce
+        /// the size of the final authentication cookie.
+        /// </summary>
+        public bool SaveTokens { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs b/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
new file mode 100644
index 0000000000..8065139baf
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
@@ -0,0 +1,115 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public static class AuthenticationTokenExtensions
+    {
+        private static string TokenNamesKey = ".TokenNames";
+        private static string TokenKeyPrefix = ".Token.";
+
+        public static void StoreTokens(this AuthenticationProperties properties, IEnumerable<AuthenticationToken> tokens)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+            if (tokens == null)
+            {
+                throw new ArgumentNullException(nameof(tokens));
+            }
+
+            // Clear old tokens first
+            var oldTokens = properties.GetTokens();
+            foreach (var t in oldTokens)
+            {
+                properties.Items.Remove(TokenKeyPrefix + t.Name);
+            }
+            properties.Items.Remove(TokenNamesKey);
+
+            var tokenNames = new List<string>();
+            foreach (var token in tokens)
+            {
+                // REVIEW: should probably check that there are no ; in the token name and throw or encode
+                tokenNames.Add(token.Name);
+                properties.Items[TokenKeyPrefix+token.Name] = token.Value;
+            }
+            if (tokenNames.Count > 0)
+            {
+                properties.Items[TokenNamesKey] = string.Join(";", tokenNames.ToArray());
+            }
+        }
+
+        public static string GetTokenValue(this AuthenticationProperties properties, string tokenName)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+            if (tokenName == null)
+            {
+                throw new ArgumentNullException(nameof(tokenName));
+            }
+
+            var tokenKey = TokenKeyPrefix + tokenName;
+            return properties.Items.ContainsKey(tokenKey)
+                ? properties.Items[tokenKey]
+                : null;
+        }
+
+        public static IEnumerable<AuthenticationToken> GetTokens(this AuthenticationProperties properties)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+
+            var tokens = new List<AuthenticationToken>();
+            if (properties.Items.ContainsKey(TokenNamesKey))
+            {
+                var tokenNames = properties.Items[TokenNamesKey].Split(';');
+                foreach (var name in tokenNames)
+                {
+                    var token = properties.GetTokenValue(name);
+                    if (token != null)
+                    {
+                        tokens.Add(new AuthenticationToken { Name = name, Value = token });
+                    }
+                }
+            }
+
+            return tokens;
+        }
+
+        public static Task<string> GetTokenAsync(this AuthenticationManager manager, string tokenName)
+        {
+            return manager.GetTokenAsync(AuthenticationManager.AutomaticScheme, tokenName);
+        }
+
+        public static async Task<string> GetTokenAsync(this AuthenticationManager manager, string signInScheme, string tokenName)
+        {
+            if (manager == null)
+            {
+                throw new ArgumentNullException(nameof(manager));
+            }
+            if (signInScheme == null)
+            {
+                throw new ArgumentNullException(nameof(signInScheme));
+            }
+            if (tokenName == null)
+            {
+                throw new ArgumentNullException(nameof(tokenName));
+            }
+
+            var authContext = new AuthenticateContext(signInScheme);
+            await manager.AuthenticateAsync(authContext);
+            return new AuthenticationProperties(authContext.Properties).GetTokenValue(tokenName);
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 6a07808127..6a3442e826 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -292,6 +292,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             {
                 ClientId = "Test Id",
                 ClientSecret = "Test Secret",
+                SaveTokens = true,
                 StateDataFormat = stateFormat,
                 ClaimsIssuer = claimsIssuer,
                 BackchannelHttpHandler = new TestHttpMessageHandler
@@ -334,6 +335,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                     }
                 }
             });
+
             var properties = new AuthenticationProperties();
             var correlationKey = ".xsrf";
             var correlationValue = "TestCorrelationId";
@@ -361,6 +363,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
             // Ensure claims transformation 
             Assert.Equal("yup", transaction.FindClaimValue("xform"));
+
+            transaction = await server.SendAsync("https://example.com/tokens", authCookie);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal("Test Access Token", transaction.FindTokenValue("access_token"));
+            Assert.Equal("Bearer", transaction.FindTokenValue("token_type"));
+            Assert.NotNull(transaction.FindTokenValue("expires_at"));
         }
 
         // REVIEW: Fix this once we revisit error handling to not blow up
@@ -781,6 +789,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         {
                             await context.Authentication.ChallengeAsync("Google");
                         }
+                        else if (req.Path == new PathString("/tokens"))
+                        {
+                            var authContext = new AuthenticateContext(TestExtensions.CookieAuthenticationScheme);
+                            await context.Authentication.AuthenticateAsync(authContext);
+                            var tokens = AuthenticationToken.GetTokens(new AuthenticationProperties(authContext.Properties));
+                            res.Describe(tokens);
+                        }
                         else if (req.Path == new PathString("/me"))
                         {
                             res.Describe(context.User);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
index 2e9001dd8c..87d6d95a2c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
@@ -63,5 +64,23 @@ namespace Microsoft.AspNetCore.Authentication
             var xmlBytes = Encoding.UTF8.GetBytes(xml.ToString());
             res.Body.Write(xmlBytes, 0, xmlBytes.Length);
         }
+
+        public static void Describe(this HttpResponse res, IEnumerable<AuthenticationToken> tokens)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (tokens != null)
+            {
+                foreach (var token in tokens)
+                {
+                    xml.Add(new XElement("token", new XAttribute("name", token.Name),
+                        new XAttribute("value", token.Value)));
+                }
+            }
+            var xmlBytes = Encoding.UTF8.GetBytes(xml.ToString());
+            res.Body.Write(xmlBytes, 0, xmlBytes.Length);
+        }
+
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
new file mode 100644
index 0000000000..ef030d1154
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
@@ -0,0 +1,144 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication.Internal;
+using Microsoft.AspNetCore.Http.Internal;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class TokenExtensionTests
+    {
+        [Fact]
+        public void CanStoreMultipleTokens()
+        {
+            var props = new AuthenticationProperties();
+            var tokens = new List<AuthenticationToken>();
+            var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
+            var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
+            var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
+            tokens.Add(tok1);
+            tokens.Add(tok2);
+            tokens.Add(tok3);
+            props.StoreTokens(tokens);
+
+            Assert.Equal("1", props.GetTokenValue("One"));
+            Assert.Equal("2", props.GetTokenValue("Two"));
+            Assert.Equal("3", props.GetTokenValue("Three"));
+            Assert.Equal(3, props.GetTokens().Count());
+        }
+
+        [Fact]
+        public void SubsequentStoreTokenDeletesPreviousTokens()
+        {
+            var props = new AuthenticationProperties();
+            var tokens = new List<AuthenticationToken>();
+            var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
+            var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
+            var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
+            tokens.Add(tok1);
+            tokens.Add(tok2);
+            tokens.Add(tok3);
+
+            props.StoreTokens(tokens);
+
+            props.StoreTokens(new[] { new AuthenticationToken { Name = "Zero", Value = "0" } });
+
+            Assert.Equal("0", props.GetTokenValue("Zero"));
+            Assert.Equal(null, props.GetTokenValue("One"));
+            Assert.Equal(null, props.GetTokenValue("Two"));
+            Assert.Equal(null, props.GetTokenValue("Three"));
+            Assert.Equal(1, props.GetTokens().Count());
+        }
+
+        [Fact]
+        public void CanUpdateTokens()
+        {
+            var props = new AuthenticationProperties();
+            var tokens = new List<AuthenticationToken>();
+            var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
+            var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
+            var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
+            tokens.Add(tok1);
+            tokens.Add(tok2);
+            tokens.Add(tok3);
+            props.StoreTokens(tokens);
+
+            tok1.Value = ".1";
+            tok2.Value = ".2";
+            tok3.Value = ".3";
+            props.StoreTokens(tokens);
+
+            Assert.Equal(".1", props.GetTokenValue("One"));
+            Assert.Equal(".2", props.GetTokenValue("Two"));
+            Assert.Equal(".3", props.GetTokenValue("Three"));
+            Assert.Equal(3, props.GetTokens().Count());
+        }
+
+        public class TestAuthHandler : IAuthenticationHandler
+        {
+            private readonly AuthenticationProperties _props;
+            public TestAuthHandler(AuthenticationProperties props)
+            {
+                _props = props;
+            }
+
+            public Task AuthenticateAsync(AuthenticateContext context)
+            {
+                context.Authenticated(new ClaimsPrincipal(), _props.Items, new Dictionary<string, object>());
+                return Task.FromResult(0);
+            }
+
+            public Task ChallengeAsync(ChallengeContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public void GetDescriptions(DescribeSchemesContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignInAsync(SignInContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignOutAsync(SignOutContext context)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        [Fact]
+        public async Task CanGetTokenFromContext()
+        {
+            var props = new AuthenticationProperties();
+            var tokens = new List<AuthenticationToken>();
+            var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
+            var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
+            var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
+            tokens.Add(tok1);
+            tokens.Add(tok2);
+            tokens.Add(tok3);
+            props.StoreTokens(tokens);
+
+            var context = new DefaultHttpContext();
+            var handler = new TestAuthHandler(props);
+            context.Features.Set<IHttpAuthenticationFeature>(new HttpAuthenticationFeature() { Handler = handler });
+
+            Assert.Equal("1", await context.Authentication.GetTokenAsync("One"));
+            Assert.Equal("2", await context.Authentication.GetTokenAsync("Two"));
+            Assert.Equal("3", await context.Authentication.GetTokenAsync("Three"));
+        }
+
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs b/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
index 63f8af1bb2..f7128a6f11 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
@@ -46,5 +46,17 @@ namespace Microsoft.AspNetCore.Authentication
             }
             return claim.Attribute("value").Value;
         }
+
+        public string FindTokenValue(string name)
+        {
+            var claim = ResponseElement.Elements("token")
+                .SingleOrDefault(elt => elt.Attribute("name").Value == name);
+            if (claim == null)
+            {
+                return null;
+            }
+            return claim.Attribute("value").Value;
+        }
+
     }
 }

From 0ab5cdc6ad38666bd142c6834f36997717c6a547 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 3 Mar 2016 14:01:24 -0800
Subject: [PATCH 481/900] Fix bad rebase

---
 samples/SocialSample/Startup.cs                           | 8 ++++----
 .../Google/GoogleMiddlewareTests.cs                       | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 4ab304c32e..ed3f09a14a 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -322,10 +322,10 @@ namespace CookieSample
 
                 await context.Response.WriteAsync("Tokens:<br>");
                 
-                await context.Response.WriteAsync("Access Token: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "access_token") + "<br>");
-                await context.Response.WriteAsync("Refresh Token: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "refresh_token") + "<br>");
-                await context.Response.WriteAsync("Token Type: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "token_type") + "<br>");
-                await context.Response.WriteAsync("expires_at: " + await AuthenticationToken.GetTokenAsync(context, CookieAuthenticationDefaults.AuthenticationScheme, "expires_at") + "<br>");
+                await context.Response.WriteAsync("Access Token: " + await context.Authentication.GetTokenAsync("access_token") + "<br>");
+                await context.Response.WriteAsync("Refresh Token: " + await context.Authentication.GetTokenAsync("refresh_token") + "<br>");
+                await context.Response.WriteAsync("Token Type: " + await context.Authentication.GetTokenAsync("token_type") + "<br>");
+                await context.Response.WriteAsync("expires_at: " + await context.Authentication.GetTokenAsync("expires_at") + "<br>");
                 await context.Response.WriteAsync("<a href=\"/logout\">Logout</a>");
                 await context.Response.WriteAsync("</body></html>");
             });
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 6a3442e826..96bb574fb3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -793,7 +793,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         {
                             var authContext = new AuthenticateContext(TestExtensions.CookieAuthenticationScheme);
                             await context.Authentication.AuthenticateAsync(authContext);
-                            var tokens = AuthenticationToken.GetTokens(new AuthenticationProperties(authContext.Properties));
+                            var tokens = new AuthenticationProperties(authContext.Properties).GetTokens();
                             res.Describe(tokens);
                         }
                         else if (req.Path == new PathString("/me"))

From 94e0088eea883c3dc9a268f1c3939dfe958f8870 Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Thu, 3 Mar 2016 17:33:22 -0800
Subject: [PATCH 482/900] Added Company, Copyright and Product attributes to
 AssemblyInfo

---
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 5 ++++-
 .../Properties/AssemblyInfo.cs                               | 4 +++-
 12 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
index b2437d9ad6..76feceeff0 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
@@ -5,4 +5,7 @@ using System.Reflection;
 using System.Resources;
 
 [assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
\ No newline at end of file
+[assembly: NeutralResourcesLanguage("en-us")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
index c0526726a4..1fe857fd92 100644
--- a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Reflection;
@@ -10,3 +10,5 @@ using System.Runtime.InteropServices;
 
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 [assembly: Guid("a7922dd8-09f1-43e4-938b-cc523ea08898")]
+[assembly: AssemblyCompany("Microsoft Corporation.")]
+[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]

From 909c34271113d3db7ce2bb742f76fd742c3f1913 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 4 Mar 2016 09:44:19 -0800
Subject: [PATCH 483/900] Small sample updates.

---
 samples/SocialSample/Startup.cs | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index ed3f09a14a..108ad6ff86 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -72,13 +72,14 @@ namespace CookieSample
 
             // You must first create an app with facebook and add it's ID and Secret to your config.json or user-secrets.
             // https://developers.facebook.com/apps/
-            //app.UseFacebookAuthentication(new FacebookOptions
-            //{
-            //    AppId = Configuration["facebook:appid"],
-            //    AppSecret = Configuration["facebook:appsecret"],
-            //    Scope = { "email" },
-            //    Fields = { "name", "email" }
-            //});
+            app.UseFacebookAuthentication(new FacebookOptions
+            {
+                AppId = Configuration["facebook:appid"],
+                AppSecret = Configuration["facebook:appsecret"],
+                Scope = { "email" },
+                Fields = { "name", "email" },
+                SaveTokens = true,
+            });
 
             // See config.json
             app.UseOAuthAuthentication(new OAuthOptions
@@ -100,6 +101,7 @@ namespace CookieSample
             {
                 ClientId = Configuration["google:clientid"],
                 ClientSecret = Configuration["google:clientsecret"],
+                SaveTokens = true,
                 Events = new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
@@ -118,6 +120,7 @@ namespace CookieSample
             {
                 ConsumerKey = Configuration["twitter:consumerkey"],
                 ConsumerSecret = Configuration["twitter:consumersecret"],
+                SaveTokens = true,
                 Events = new TwitterEvents()
                 {
                     OnRemoteFailure = ctx =>
@@ -195,6 +198,7 @@ namespace CookieSample
                 TokenEndpoint = "https://github.com/login/oauth/access_token",
                 UserInformationEndpoint = "https://api.github.com/user",
                 ClaimsIssuer = "OAuth2-Github",
+                SaveTokens = true,
                 // Retrieving user information is unique to each provider.
                 Events = new OAuthEvents
                 {

From 8645ca0dc505d559cf4ef7649e6c548fc0db06b4 Mon Sep 17 00:00:00 2001
From: Osman M Elsayed <osman.m.elsayed@gmail.com>
Date: Sat, 30 Jan 2016 02:38:55 +0300
Subject: [PATCH 484/900] Update MicrosoftAccount to use converged auth
 -Updated MicrosoftAccountDefaults to use app model v2 & graph API -Updated
 MicrosoftAccountHelper to extract user info from the user object returned by
 the graph API -Updated MicrosoftAccountMiddlewareTests accordingly -Added the
 app model v2 client credentials to SocialSample/config.json -Configured
 SocialSample to use SSL

Startup.cs
- Sorted namespaces
- Dropped openid scope from Microsoft-AccessToken
project.json
- Sorted dependencies
MicrosoftAccountHelper.cs
- Removed name claim transofmation
- renamed GetName, GetFirstName & GetLastName
---
 .../Properties/launchSettings.json            |   8 +-
 samples/SocialSample/Startup.cs               | 100 +++++++++++-------
 .../SocialSample/compiler/resources/cert.pfx  | Bin 0 -> 2483 bytes
 samples/SocialSample/config.json              |   4 +-
 samples/SocialSample/project.json             |  11 +-
 .../MicrosoftAccountDefaults.cs               |   6 +-
 .../MicrosoftAccountHandler.cs                |  16 ++-
 .../MicrosoftAccountHelper.cs                 |  21 ++--
 .../MicrosoftAccountOptions.cs                |   2 +-
 .../MicrosoftAccountMiddlewareTests.cs        |  17 ++-
 10 files changed, 114 insertions(+), 71 deletions(-)
 create mode 100644 samples/SocialSample/compiler/resources/cert.pfx

diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index 15c91efdcb..e9d26ad03e 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -4,13 +4,14 @@
     "anonymousAuthentication": true,
     "iisExpress": {
       "applicationUrl": "http://localhost:54540",
-      "sslPort": 0
+      "sslPort": 44318
     }
   },
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
       "launchBrowser": true,
+      "launchUrl": "https://localhost:44318/",
       "environmentVariables": {
         "ASPNET_ENV": "Development"
       }
@@ -18,10 +19,9 @@
     "web": {
       "commandName": "web",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:54540/",
+      "launchUrl": "https://localhost:54541/",
       "environmentVariables": {
-        "Hosting:Environment": "Development",
-        "ASPNET_server.urls": "http://localhost:54540/"
+        "Hosting:Environment": "Development"
       }
     }
   }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 108ad6ff86..358a031cd3 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,8 +1,11 @@
 using System;
+using System.IO;
 using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
+using System.Reflection;
 using System.Security.Claims;
+using System.Security.Cryptography.X509Certificates;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
@@ -15,12 +18,15 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.HttpOverrides;
+using Microsoft.AspNetCore.Server.Kestrel.Filter;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.FileProviders;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
 
-namespace CookieSample
+namespace SocialSample
 {
     /* Note all servers must use the same address and port because these are pre-registered with the various providers. */
     public class Startup
@@ -45,6 +51,10 @@ namespace CookieSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
+            //Configure SSL
+            var serverCertificate = LoadCertificate();
+            app.UseKestrelHttps(serverCertificate);
+
             // Simple error page to avoid a repo dependency.
             app.Use(async (context, next) =>
             {
@@ -63,6 +73,12 @@ namespace CookieSample
                 }
             });
 
+            // Forward the scheme from IISPlatformHandler
+            app.UseForwardedHeaders(new ForwardedHeadersOptions()
+            {
+                ForwardedHeaders = ForwardedHeaders.XForwardedProto,
+            });
+
             app.UseCookieAuthentication(new CookieAuthenticationOptions
             {
                 AutomaticAuthenticate = true,
@@ -105,7 +121,6 @@ namespace CookieSample
                 Events = new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
-
                     {
                         ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
                         ctx.HandleResponse();
@@ -132,45 +147,34 @@ namespace CookieSample
                 }
             });
 
-            // You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
-            /* https://account.live.com/developers/applications
-            The MicrosoftAccount service has restrictions that prevent the use of http://localhost:54540/ for test applications.
-            As such, here is how to change this sample to uses http://mssecsample.localhost.this:54540/ instead.
-
-            Edit the hosting.json file and add "server.urls": "http://mssecsample.localhost.this:54540/".
-
-            From an admin command console first enter:
-             notepad C:\Windows\System32\drivers\etc\hosts
-            and add this to the file, save, and exit (and reboot?):
-             127.0.0.1 MsSecSample.localhost.this
-
-            [WebListener] Then you can choose to run the app as admin (see below) or add the following ACL as admin:
-             netsh http add urlacl url=http://mssecsample.localhost.this:54540/ user=[domain\user]
-
-            The sample app can then be run via:
-             dnx web
+            /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
+               Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
+               https://localhost:54541/
             */
-            //app.UseOAuthAuthentication(new OAuthOptions
-            //{
-            //    AuthenticationScheme = "Microsoft-AccessToken",
-            //    DisplayName = "MicrosoftAccount-AccessToken - Requires project changes",
-            //    ClientId = Configuration["msa:clientid"],
-            //    ClientSecret = Configuration["msa:clientsecret"],
-            //    CallbackPath = new PathString("/signin-microsoft-token"),
-            //    AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
-            //    TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
-            //    Scope = { "wl.basic" },
-            //    SaveTokens = true
-            //});
+            // See config.json
+            // https://apps.dev.microsoft.com/
+            app.UseOAuthAuthentication(new OAuthOptions
+            {
+                AuthenticationScheme = "Microsoft-AccessToken",
+                DisplayName = "MicrosoftAccount-AccessToken",
+                ClientId = Configuration["msa:clientid"],
+                ClientSecret = Configuration["msa:clientsecret"],
+                CallbackPath = new PathString("/signin-microsoft-token"),
+                AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
+                TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
+                Scope = { "https://graph.microsoft.com/user.read" },
+                SaveTokens = true
+            });
 
-            ////// You must first create an app with live.com and add it's ID and Secret to your config.json or user-secrets.
-            //app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
-            //{
-            //    DisplayName = "MicrosoftAccount - Requires project changes",
-            //    ClientId = Configuration["msa:clientid"],
-            //    ClientSecret = Configuration["msa:clientsecret"],
-            //    Scope = { "wl.emails" }
-            //});
+            // See config.json
+            // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
+            app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
+            {
+                DisplayName = "MicrosoftAccount",
+                ClientId = Configuration["msa:clientid"],
+                ClientSecret = Configuration["msa:clientsecret"],
+                SaveTokens = true
+            });
 
             // See config.json
             // https://github.com/settings/applications/
@@ -346,5 +350,23 @@ namespace CookieSample
 
             host.Run();
         }
+
+        private X509Certificate2 LoadCertificate()
+        {
+            var socialSampleAssembly = GetType().GetTypeInfo().Assembly;
+            var embeddedFileProvider = new EmbeddedFileProvider(socialSampleAssembly, "SocialSample");
+            var certificateFileInfo = embeddedFileProvider.GetFileInfo("compiler/resources/cert.pfx");
+            using (var certificateStream = certificateFileInfo.CreateReadStream())
+            {
+                byte[] certificatePayload;
+                using (var memoryStream = new MemoryStream())
+                {
+                    certificateStream.CopyTo(memoryStream);
+                    certificatePayload = memoryStream.ToArray();
+                }
+
+                return new X509Certificate2(certificatePayload, "testPassword");
+            }
+        }
     }
 }
diff --git a/samples/SocialSample/compiler/resources/cert.pfx b/samples/SocialSample/compiler/resources/cert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..7118908c2d730670c16e9f8b2c532a262c951989
GIT binary patch
literal 2483
zcmaKuc|27A8pqF>IWr86E&Q@(n=B)p$ug!;QVB6xij*z;uPLG!yCz#DQB)+9G$9m9
zQU)=DWXU?*EZIw<WSLy<>G!+0d++P@yZ4Xhoagg?p6B~|Ue7tN=Ny=UD?x#1n1MTq
z#c9MHh+D#gd|(a(cN}8i91v^=GcdgW3SmA$49p~gM-dys3jVWdg8+!iVL)pz1LDE5
zSb=|G<ZvN~KSQ!Q?rxD74~61uhZs=bU|nHHhtzT%{?4gfkgeydWXp04c*|$}bPuHR
zd9|7E;X!^&{+qu^YbHy7k@TeBncU!-)SA=Ul}%hyl>An(@R=(Ux!MfS9@}sFu-xDd
zIt2+mqSq$glwy_6UNs<2?(<xC6Ykp~$VcCkmP5a+xjNXHmeRsK)ipX={rj--0f&zM
z?&IF}F4EZs>qERU!gJ;5j}Pp&6trxG=wi)=@k(w2+fJVnc+qvXV<ox4QF~W&d~evJ
z3iC`kffp++kAB#EK7XV{bW*$WU0=;+0fW{64=vwMBJT_FCfH=KWfzgI8Z&3qHE&u<
zxK54EW)>zy(>Om4;L|^)R`t*3nTpAmEmTl(#i!RV#a0t#u6>Q9mY`-Nmcs7$XjXT7
zUmCD`O~_j7!%R#I?cG-7C^hcH)@l?WC1vyw$FFu_(r)jhOq6p}W8sG7NO{YTy8tG4
zrb$tTkag*G?(7lfoGx$4YWui>{{@}-FB2ub=}RX{1zx?j)s-##J9|G7E1@-;7Nuln
z9MQoX7FJ76+D#XXT@ZZmLZCufIdf3@OigG6m8I7!GT=7VD|>?6e!z9=eT}*E_tSn6
zl+clHCZ-kcIR#gen#LjMJW8>0QtViaQB#FhqsCb0YPYr3;jRITl@V9Aph24D?r2d`
zetCyyCg<*O-u+<Rbhx`bB1^AkxSlF$vc*%fKJ;7AI=3`O<;s^qmdb3}BGI&$Js>M&
zW^ptmT|}p$VAOZpmbQ1{5fK-6ytEvre#Po}6c2URn`viQAF2+e?Z~PK2&pd>7=7)I
zTCYm)@3PFRu_6a6Kb)IpCzQ%e3l%O#SDA+$Pq{Dk{HCqi7z>qd{nVpebffL7h{c4(
zmhXn~G+C27S3(IfC)q2KON=YwqHXEo%zc40DgWLzF{%RIdr@RcLu90qMSHf!Y<pL%
z?`-+`Lf@hK-X5CBDo4Vt!S$$%hHYZVV0F<AZ#BivPyD%i!?QT;&+m2KGwDUg87**H
zXF%UhGM9Ubo!RO<{9bSirORDYnprG=e7AC;kw}|?rf9o{>}JaqP<={8_Rfe;ddR5=
zKEo;^Yip&^m((#{czE{kUga3-@`*;&EwO}Jt>QdURP2P>ob^j-A!qld-0S_pm)kjs
zkNo48oZnMt){W~o8g^f;4#?lRLr-T@f}wH1o~-Iq=NEVtTVEZ`vrW~!>2yh%;Bc~H
zHl&OK>n@d`*e19*9#v>zZpU?I);f7}IPIfSSk#N|ujE492Itg)l!)TJ19@FE^x|p=
zH16NC7OfK&|6_!AnWfTIf^YPOa&`|nbk3VR0vql6&s@y1V3QOU%(`Re+<LyvjlGl=
zz-XC#DU8*S{O-EKR8yaqb4=CEFOh7zHA#>kJgrz?r9!{^wOQ4W-eng23gc}f(LxIs
zH_Ls~5izbjcRQH#WH6s6hR;zn>j_R8aJ$A)6xNneu8UI-vWV8Z@HZu&WwvG5q{1ZS
zdZeVf{Pv5-u281~y;aJe*x%Uv0@biMZ$vPbKj}O`(SOWQc~kJX<h@14F)xzPwd%>`
zXR&d4DtA<BD(%~qyw0eqH)lIt!?oSyKE5$1&k-?oPkRD4S4AZ*Pe$iwT=ROd+=PP%
zESC05u~-{k`p#ONyM4~AOJ0Zc0j87AzlAscT9-Hp5*C6$003b7e?xJSx%>e@2RH$^
z0os5*;0eIUeJi3Uh`A%44x(XzjClG8BO~-r_A}odiRuHo2-86#`mhrgN5p~<$RLY?
zq(kynfF<CIBn1F|Kp<jXz*#^6utlyv$!WkFQ6`8V0{A1$577b0QT~9>A5{v#p+EA1
z5aoe1763EQHorRm`C&ktKn(OQ1n)$Q{GZz&jRb`eDEMpl<0O#+)DMV(T7ns<Z!iNK
z%0Z(*6iQ_KvpbsE4Z<Z<xqFIoF8(7h4vQfQp;2-e02U{S!6I1nVF<kuNAq)cqxtv+
zo`vOq!;^Gj3P}&v+fIThj)>IzCG{QuM->B9g7Lrl2SE&gW`M!~(un|y0fIn=b^6_$
z9{zEzgYI~39xn0ZP*9qBL%fg7rg$ttt&TOmvfNNO<6FT0ZavM$Y4CYLQGIcIYv9Y&
zBGPUh&QTfW;V2!)oIra@s&d968y-y}Y|ww(R$GzWS*V&)k@W0>Slem{|HdTCjm;_5
zwY*A8W3nUbemE^_f0ng$tbd<`sr?TO-_&VCw+F#7P@LkIl$1PzTBoPY1b88EIO>UO
zP-NK7+g2yD3U6g3i|iA6+su>54sf_Sk0F=)1|9odnCM4u2<cEM&<eQiZ&rr2JL>Rs
z=&Y?-V&VquSN%3FJ2~ZGweP~iLs|w=l@9yu$tj@}Dp?e-2JUsqOoswdXb=E%&0te_
zA2M+{5Hf-dqD7=yw*r@A*xkn(1IS~nfP}k}e?4Bt|9g(eph4hFX_|S6nj1&Sz9z^=
zRw~<&-9d@FzTn6S*RVE{Wj5lgLJr9HLB8S9CgOm*>XA8*y<ryV+pXFUF4;|A*HjRC
zgT5a$Vz2i)_sBuvMuMu=@gHK(uiWQerS=@Lw3Cx?ZrDe67lZ6I32Wuy-xZvzX6i^E
z_bkug(lkQX7KLL=l3hF~c&{7zDn%2KHgZ01>4`JE;^s$=bqD#U4;e5C&x&ggKIAVL
zrQ)Yd8|{>7Z(6*B&7&4&9(*vDOfHMuR-Dk1IZia*XM^EZUD^{?cWG>J>KrtElc*{K
zaVl(7SN2cH4I6Q$bZOpJ8e5LKaG7p;?tJ~#+9QrTYU@f#5`Vo7cEX!szCT}iX-K^2
w#3o+<vGdszOTfH?mwL2vCR+>=C+lQz2J+SOEzVX(eJ)e7=eicC{rr9U2VGDcdH?_b

literal 0
HcmV?d00001

diff --git a/samples/SocialSample/config.json b/samples/SocialSample/config.json
index 13d3ff94a0..5c1453e39f 100644
--- a/samples/SocialSample/config.json
+++ b/samples/SocialSample/config.json
@@ -6,5 +6,7 @@
   "github:clientid": "49e302895d8b09ea5656",
   "github:clientsecret": "98f1bf028608901e9df91d64ee61536fe562064b",
   "github-token:clientid": "8c0c5a572abe8fe89588",
-  "github-token:clientsecret": "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda"
+  "github-token:clientsecret": "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda",
+  "msa:clientid": "e2105565-1f56-434a-ae61-9849ebaf606c",
+  "msa:clientsecret": "pjqtt3RXrFwcfSJyQ0BeUez"
 }
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index a4c71e0b70..1d02230294 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -6,9 +6,12 @@
     "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
+    "Microsoft.AspNetCore.HttpOverrides": "1.0.0-*",
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
+    "Microsoft.Extensions.FileProviders.Embedded":  "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
@@ -26,5 +29,9 @@
       ]
     }
   },
-  "userSecretsId": "aspnet5-SocialSample-20151210111056"
-}
\ No newline at end of file
+  "userSecretsId": "aspnet5-SocialSample-20151210111056",
+  "content": [
+    "config.json",
+    "project.json"
+  ]
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
index d853794779..0d272f9792 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
     {
         public const string AuthenticationScheme = "Microsoft";
 
-        public static readonly string AuthorizationEndpoint = "https://login.live.com/oauth20_authorize.srf";
+        public static readonly string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
 
-        public static readonly string TokenEndpoint = "https://login.live.com/oauth20_token.srf";
+        public static readonly string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
 
-        public static readonly string UserInformationEndpoint = "https://apis.live.net/v5.0/me";
+        public static readonly string UserInformationEndpoint = "https://graph.microsoft.com/v1.0/me";
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 245fbed87d..8b9177625c 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -38,13 +38,27 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
                 identity.AddClaim(new Claim("urn:microsoftaccount:id", identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
-            var name = MicrosoftAccountHelper.GetName(payload);
+            var name = MicrosoftAccountHelper.GetDisplayName(payload);
             if (!string.IsNullOrEmpty(name))
             {
                 identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
                 identity.AddClaim(new Claim("urn:microsoftaccount:name", name, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
 
+            var givenName = MicrosoftAccountHelper.GetGivenName(payload);
+            if (!string.IsNullOrEmpty(givenName))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("urn:microsoftaccount:givenname", givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
+            var surname = MicrosoftAccountHelper.GetSurname(payload);
+            if (!string.IsNullOrEmpty(surname))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Surname, surname, ClaimValueTypes.String, Options.ClaimsIssuer));
+                identity.AddClaim(new Claim("urn:microsoftaccount:surname", surname, ClaimValueTypes.String, Options.ClaimsIssuer));
+            }
+
             var email = MicrosoftAccountHelper.GetEmail(payload);
             if (!string.IsNullOrEmpty(email))
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
index 8b88cbc44c..cce8dcc73b 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
@@ -8,7 +8,8 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     /// <summary>
     /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
-    /// instance retrieved from Google after a successful authentication process.
+    /// instance retrieved from Microsoft after a successful authentication process.
+    /// http://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/user
     /// </summary>
     public static class MicrosoftAccountHelper
     {
@@ -28,40 +29,40 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
         /// <summary>
         /// Gets the user's name.
         /// </summary>
-        public static string GetName(JObject user)
+        public static string GetDisplayName(JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user.Value<string>("name");
+            return user.Value<string>("displayName");
         }
 
         /// <summary>
-        /// Gets the user's first name.
+        /// Gets the user's given name.
         /// </summary>
-        public static string GetFirstName(JObject user)
+        public static string GetGivenName(JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user.Value<string>("first_name");
+            return user.Value<string>("givenName");
         }
 
         /// <summary>
-        /// Gets the user's last name.
+        /// Gets the user's surname.
         /// </summary>
-        public static string GetLastName(JObject user)
+        public static string GetSurname(JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user.Value<string>("last_name");
+            return user.Value<string>("surname");
         }
 
         /// <summary>
@@ -74,7 +75,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user.Value<JObject>("emails")?.Value<string>("preferred");
+            return user.Value<string>("mail") ?? user.Value<string>("userPrincipalName");
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 2783bcef1f..625d4baf9c 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNetCore.Builder
             AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
             UserInformationEndpoint = MicrosoftAccountDefaults.UserInformationEndpoint;
-            Scope.Add("wl.basic");
+            Scope.Add("https://graph.microsoft.com/user.read");
         }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index f5a43b8ed2..0ddfb5a3c7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -92,7 +92,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://login.live.com/oauth20_authorize.srf", location);
+            Assert.Contains("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=", location);
@@ -113,7 +113,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                     {
                         Sender = req =>
                         {
-                            if (req.RequestUri.AbsoluteUri == "https://login.live.com/oauth20_token.srf")
+                            if (req.RequestUri.AbsoluteUri == "https://login.microsoftonline.com/common/oauth2/v2.0/token")
                             {
                                 return ReturnJsonResponse(new
                                 {
@@ -123,18 +123,15 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                                     refresh_token = "Test Refresh Token"
                                 });
                             }
-                            else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://apis.live.net/v5.0/me")
+                            else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://graph.microsoft.com/v1.0/me")
                             {
                                 return ReturnJsonResponse(new
                                 {
                                     id = "Test User ID",
-                                    name = "Test Name",
-                                    first_name = "Test Given Name",
-                                    last_name = "Test Family Name",
-                                    emails = new
-                                    {
-                                        preferred = "Test email"
-                                    }
+                                    displayName = "Test Name",
+                                    givenName = "Test Given Name",
+                                    surname = "Test Family Name",
+                                    mail =  "Test email"
                                 });
                             }
 

From ef6dd4138400e443aba56c4372270c132d541dd4 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 4 Mar 2016 12:55:32 -0800
Subject: [PATCH 485/900] SaveTokens in OIDC

---
 .../OpenIdConnectHandler.cs                                     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 3c7f044386..1e804ef314 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -726,6 +726,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     tokens.Add(new AuthenticationToken { Name = "expires_at", Value = expiresAt.ToString("o", CultureInfo.InvariantCulture) });
                 }
             }
+
+            properties.StoreTokens(tokens);
         }
 
         /// <summary>

From 9dfe4d96996cf65a7013b5b0eb329aab80434199 Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Fri, 4 Mar 2016 15:49:20 -0800
Subject: [PATCH 486/900] Enabled xml doc generation

---
 NuGetPackageVerifier.json                       | 17 ++++-------------
 .../Events/CookieRedirectContext.cs             |  1 +
 .../Events/CookieSigningOutContext.cs           |  1 +
 .../Events/CookieValidatePrincipalContext.cs    |  2 +-
 .../project.json                                |  4 +++-
 .../FacebookMiddleware.cs                       |  5 ++---
 .../project.json                                |  4 +++-
 .../GoogleMiddleware.cs                         |  5 ++---
 .../project.json                                |  4 +++-
 .../Events/IJwtBearerEvents.cs                  |  5 +----
 .../Events/JwtBearerEvents.cs                   |  6 +-----
 .../JwtBearerOptions.cs                         |  2 +-
 .../project.json                                |  4 +++-
 .../MicrosoftAccountMiddleware.cs               |  5 ++---
 .../project.json                                |  4 +++-
 .../Events/IOAuthEvents.cs                      |  4 ++--
 .../Events/OAuthEvents.cs                       |  4 ++--
 .../OAuthRedirectToAuthorizationContext.cs      |  1 +
 .../OAuthMiddleware.cs                          |  8 +++++---
 .../OAuthOptions.cs                             |  2 +-
 .../project.json                                |  4 +++-
 .../OpenIdConnectAppBuilderExtensions.cs        |  2 +-
 .../OpenIdConnectHandler.cs                     | 12 ++++++------
 .../OpenIdConnectMiddleware.cs                  |  5 +++--
 .../project.json                                |  4 +++-
 .../Events/ITwitterEvents.cs                    |  2 +-
 .../Events/TwitterCreatingTicketContext.cs      |  1 +
 .../Events/TwitterEvents.cs                     |  2 +-
 .../TwitterMiddleware.cs                        |  5 ++---
 .../project.json                                |  4 +++-
 .../AuthenticationHandler.cs                    |  1 +
 .../RemoteAuthenticationOptions.cs              |  4 ++--
 .../project.json                                |  4 +++-
 .../AuthorizationServiceExtensions.cs           |  1 +
 .../project.json                                |  4 +++-
 .../project.json                                |  4 +++-
 .../Properties/AssemblyInfo.cs                  |  1 +
 .../project.json                                | 10 ++++++----
 38 files changed, 86 insertions(+), 72 deletions(-)

diff --git a/NuGetPackageVerifier.json b/NuGetPackageVerifier.json
index 4c7cf6982f..9f3414fbc4 100644
--- a/NuGetPackageVerifier.json
+++ b/NuGetPackageVerifier.json
@@ -1,12 +1,7 @@
 {
     "adx": { // Packages written by the ADX team and that ship on NuGet.org
         "rules": [
-            "AssemblyHasDocumentFileRule",
-            "AssemblyHasVersionAttributesRule",
-            "AssemblyHasServicingAttributeRule",
-            "AssemblyHasNeutralResourcesLanguageAttributeRule",
-            "SatellitePackageRule",
-            "StrictSemanticVersionValidationRule"
+            "AdxVerificationCompositeRule"
         ],
         "packages": {
             "Microsoft.AspNetCore.Authentication": { },
@@ -19,17 +14,13 @@
             "Microsoft.AspNetCore.Authentication.OpenIdConnect": { },
             "Microsoft.AspNetCore.Authentication.Twitter": { },
             "Microsoft.AspNetCore.Authorization": { },
-            "Microsoft.AspNetCore.CookiePolicy": { }
+            "Microsoft.AspNetCore.CookiePolicy": { },
+            "Microsoft.Owin.Security.Interop": { }
         }
     },
     "Default": { // Rules to run for packages not listed in any other set.
         "rules": [
-            "AssemblyHasDocumentFileRule",
-            "AssemblyHasVersionAttributesRule",
-            "AssemblyHasServicingAttributeRule",
-            "AssemblyHasNeutralResourcesLanguageAttributeRule",
-            "SatellitePackageRule",
-            "StrictSemanticVersionValidationRule"
+            "DefaultCompositeRule"
         ]
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
index e946548f49..c26cd5d662 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -19,6 +19,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <param name="context">The HTTP request context</param>
         /// <param name="options">The cookie middleware options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
+        /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
         [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "Represents header value")]
         public CookieRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri, AuthenticationProperties properties)
             : base(context, options)
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
index ab5858e369..51c04a56b9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -17,6 +17,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         /// <param name="context"></param>
         /// <param name="options"></param>
+        /// <param name="properties"></param>
         /// <param name="cookieOptions"></param>
         public CookieSigningOutContext(
             HttpContext context, 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index d2c1fd42f6..57a28191c8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// Called to replace the claims principal. The supplied principal will replace the value of the 
         /// Principal property, which determines the identity of the authenticated request.
         /// </summary>
-        /// <param name="identity">The identity used as the replacement</param>
+        /// <param name="principal">The <see cref="ClaimsPrincipal"/> used as the replacement</param>
         public void ReplacePrincipal(ClaimsPrincipal principal)
         {
             Principal = principal;
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 46666ed124..0029e6a897 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
index 16b60e1dd4..e4a76e0e93 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
@@ -27,7 +27,6 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         /// <param name="encoder"></param>
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
-        /// <param name="configureOptions"></param>
         public FacebookMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
@@ -79,9 +78,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         }
 
         /// <summary>
-        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="FacebookOptions"/> supplied to the constructor.</returns>
+        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="FacebookOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<FacebookOptions> CreateHandler()
         {
             return new FacebookHandler(Backchannel);
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index e93b2feb4d..3cd595a96e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
index f81497f26a..190dc4b25a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
@@ -28,7 +28,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
         /// <param name="encoder"></param>
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
-        /// <param name="configureOptions"></param>
         public GoogleMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
@@ -70,9 +69,9 @@ namespace Microsoft.AspNetCore.Authentication.Google
         }
 
         /// <summary>
-        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="GoogleOptions"/> supplied to the constructor.</returns>
+        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="GoogleOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<GoogleOptions> CreateHandler()
         {
             return new GoogleHandler(Backchannel);
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index d250dee275..702d45aefd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
index 4ad6f7c21b..2e023db130 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
@@ -3,13 +3,10 @@
 
 using System.Threading.Tasks;
 
-/// <summary>
-/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
-/// </summary>
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
-    /// OpenIdConnect bearer token middleware events.
+    /// Specifies events which the <see cref="JwtBearerMiddleware"/> invokes to enable developer control over the authentication process.
     /// </summary>
     public interface IJwtBearerEvents
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index 5fc8a6b6c9..a14f238078 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -3,15 +3,11 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
 
-/// <summary>
-/// Specifies events which the <see cref="JwtBearerAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
-/// </summary>
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
-    /// OpenIdConnect bearer token middleware events.
+    /// Specifies events which the <see cref="JwtBearerMiddleware"/> invokes to enable developer control over the authentication process.
     /// </summary>
     public class JwtBearerEvents : IJwtBearerEvents
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index a4b5ef2ae2..c350c38baf 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -113,7 +113,7 @@ namespace Microsoft.AspNetCore.Builder
 
         /// <summary>
         /// Defines whether the bearer token should be stored in the
-        /// <see cref="AuthenticationProperties"/> after a successful authorization.
+        /// <see cref="Http.Authentication.AuthenticationProperties"/> after a successful authorization.
         /// </summary>
         public bool SaveToken { get; set; } = true;
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 21be97e4b8..091deca827 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index e7ba9f8117..fc9866826b 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -26,7 +26,6 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
         /// <param name="encoder"></param>
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware.</param>
-        /// <param name="configureOptions"></param>
         public MicrosoftAccountMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
@@ -68,9 +67,9 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
         }
 
         /// <summary>
-        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="MicrosoftAccountOptions"/> supplied to the constructor.</returns>
+        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="MicrosoftAccountOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<MicrosoftAccountOptions> CreateHandler()
         {
             return new MicrosoftAccountHandler(Backchannel);
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index 468955a931..e0a2fceb0d 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
index 76a238e07d..29316732cc 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
@@ -6,7 +6,7 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
-    /// Specifies callback methods which the <see cref="OAuthMiddleware"/> invokes to enable developer control over the authentication process.
+    /// Specifies callback methods which the <see cref="OAuthMiddleware{T}"/> invokes to enable developer control over the authentication process.
     /// </summary>
     public interface IOAuthEvents : IRemoteAuthenticationEvents
     {
@@ -21,7 +21,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Called when a Challenge causes a redirect to the authorize endpoint.
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
+        /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge.</param>
         Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
index cf1528e280..44c4260516 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
@@ -28,14 +28,14 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Invoked after the provider successfully authenticates a user.
         /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="ClaimsIdentity"/>.</param>
+        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
         /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
         public virtual Task CreatingTicket(OAuthCreatingTicketContext context) => OnCreatingTicket(context);
 
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
+        /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge.</param>
         public virtual Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context) => OnRedirectToAuthorizationEndpoint(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
index 5dcbd568cb..63eaa35376 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
@@ -16,6 +16,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// Creates a new context object.
         /// </summary>
         /// <param name="context">The HTTP request context.</param>
+        /// <param name="options">The <see cref="OAuthOptions"/>.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
         public OAuthRedirectToAuthorizationContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
index 401537e831..1a16d2aa3b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
@@ -21,11 +21,13 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
     public class OAuthMiddleware<TOptions> : AuthenticationMiddleware<TOptions> where TOptions : OAuthOptions, new()
     {
         /// <summary>
-        /// Initializes a new <see cref="OAuthAuthenticationMiddleware"/>.
+        /// Initializes a new <see cref="OAuthMiddleware{T}"/>.
         /// </summary>
         /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"></param>
         /// <param name="loggerFactory"></param>
+        /// <param name="encoder">The <see cref="UrlEncoder"/>.</param>
+        /// <param name="sharedOptions">The <see cref="SharedAuthenticationOptions"/> configuration options for this middleware.</param>
         /// <param name="options">Configuration options for the middleware.</param>
         public OAuthMiddleware(
             RequestDelegate next,
@@ -127,9 +129,9 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         protected HttpClient Backchannel { get; private set; }
 
         /// <summary>
-        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OAuthOptions"/> supplied to the constructor.</returns>
+        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="OAuthOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<TOptions> CreateHandler()
         {
             return new OAuthHandler<TOptions>(Backchannel);
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index 22d5e35573..57ecba2f48 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -10,7 +10,7 @@ using Microsoft.AspNetCore.Http.Authentication;
 namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
-    /// Configuration options for <see cref="OAuthMiddleware"/>.
+    /// Configuration options for <see cref="OAuthMiddleware{T}"/>.
     /// </summary>
     public class OAuthOptions : RemoteAuthenticationOptions
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index dc073ab7ba..b8f056facb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index 07aefec424..dde12494de 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -31,7 +31,7 @@ namespace Microsoft.AspNetCore.Builder
         /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="configureOptions">A <see cref="OpenIdConnectOptions"/> that specifies options for the middleware.</param>
+        /// <param name="options">A <see cref="OpenIdConnectOptions"/> that specifies options for the middleware.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 1e804ef314..9c157e57bf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -579,8 +579,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Redeems the authorization code for tokens at the token endpoint
         /// </summary>
-        /// <param name="authorizationCode">The authorization code to redeem.</param>
-        /// <param name="redirectUri">Uri that was passed in the request sent for the authorization code.</param>
+        /// <param name="tokenEndpointRequest">The request that will be sent to the token endpoint and is available for customization.</param>
         /// <returns>OpenIdConnect message that has tokens inside it.</returns>
         protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
         {
@@ -598,6 +597,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Goes to UserInfo endpoint to retrieve additional claims and add any unique claims to the given identity.
         /// </summary>
         /// <param name="message">message that is being processed</param>
+        /// <param name="jwt">The <see cref="JwtSecurityToken"/>.</param>
         /// <param name="ticket">authentication ticket with claims principal and identities</param>
         /// <returns>Authentication ticket with identity with additional claims, if any.</returns>
         protected virtual async Task<AuthenticateResult> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)
@@ -689,7 +689,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Save the tokens contained in the <see cref="OpenIdConnectMessage"/> in the <see cref="ClaimsPrincipal"/>.
         /// </summary>
-        /// <param name="principal">The principal in which tokens are saved.</param>
+        /// <param name="properties">The <see cref="AuthenticationProperties"/> in which tokens are saved.</param>
         /// <param name="message">The OpenID Connect response.</param>
         private void SaveTokens(AuthenticationProperties properties, OpenIdConnectMessage message)
         {
@@ -734,7 +734,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Adds the nonce to <see cref="HttpResponse.Cookies"/>.
         /// </summary>
         /// <param name="nonce">the nonce to remember.</param>
-        /// <remarks><see cref="HttpResponse.Cookies.Append"/>is called to add a cookie with the name: 'OpenIdConnectAuthenticationDefaults.Nonce + <see cref="OpenIdConnectOptions.StringDataFormat.Protect"/>(nonce)'.
+        /// <remarks><see cref="M:IResponseCookies.Append"/> of <see cref="HttpResponse.Cookies"/> is called to add a cookie with the name: 'OpenIdConnectAuthenticationDefaults.Nonce + <see cref="M:ISecureDataFormat{TData}.Protect"/>(nonce)' of <see cref="OpenIdConnectOptions.StringDataFormat"/>.
         /// The value of the cookie is: "N".</remarks>
         private void WriteNonceCookie(string nonce)
         {
@@ -759,8 +759,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         /// <param name="nonce">the nonce that we are looking for.</param>
         /// <returns>echos 'nonce' if a cookie is found that matches, null otherwise.</returns>
-        /// <remarks>Examine <see cref="HttpRequest.Cookies.Keys"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
-        /// <see cref="OpenIdConnectOptions.StringDataFormat.Unprotect"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="HttpResponse.Cookies.Delete"/> is called.</remarks>
+        /// <remarks>Examine <see cref="IRequestCookieCollection.Keys"/> of <see cref="HttpRequest.Cookies"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
+        /// <see cref="M:ISecureDataFormat{TData}.Unprotect"/> of <see cref="OpenIdConnectOptions.StringDataFormat"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="M:IResponseCookies.Delete"/> of <see cref="HttpResponse.Cookies"/> is called.</remarks>
         private string ReadNonceCookie(string nonce)
         {
             if (nonce == null)
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 09901cf372..86ba433123 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -31,6 +31,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <param name="services"></param>
         /// <param name="sharedOptions"></param>
         /// <param name="options"></param>
+        /// <param name="htmlEncoder">The <see cref="HtmlEncoder"/>.</param>
         [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         public OpenIdConnectMiddleware(
             RequestDelegate next,
@@ -172,9 +173,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         protected HtmlEncoder HtmlEncoder { get; private set; }
 
         /// <summary>
-        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="OpenIdConnectOptions"/> supplied to the constructor.</returns>
+        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="OpenIdConnectOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler()
         {
             return new OpenIdConnectHandler(Backchannel, HtmlEncoder);
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index fc58e6a890..870884c4df 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
index 76b487b966..006fafc731 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
@@ -20,7 +20,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge </param>
         Task RedirectToAuthorizationEndpoint(TwitterRedirectToAuthorizationEndpointContext context);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index 97d1d176a9..04a45ac6d8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -17,6 +17,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// Initializes a <see cref="TwitterCreatingTicketContext"/>
         /// </summary>
         /// <param name="context">The HTTP environment</param>
+        /// <param name="options">The options for Twitter</param>
         /// <param name="userId">Twitter user ID</param>
         /// <param name="screenName">Twitter screen name</param>
         /// <param name="accessToken">Twitter access token</param>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
index 99122e8553..21c5b57a7f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
@@ -35,7 +35,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
+        /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge </param>
         public virtual Task RedirectToAuthorizationEndpoint(TwitterRedirectToAuthorizationEndpointContext context) => OnRedirectToAuthorizationEndpoint(context);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
index 1a1e199cc1..7845b4bbcc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
@@ -31,7 +31,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <param name="encoder"></param>
         /// <param name="sharedOptions"></param>
         /// <param name="options">Configuration options for the middleware</param>
-        /// <param name="configureOptions"></param>
         public TwitterMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
@@ -115,9 +114,9 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         }
 
         /// <summary>
-        /// Provides the <see cref="AuthenticationHandler"/> object for processing authentication-related requests.
+        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler"/> configured with the <see cref="TwitterOptions"/> supplied to the constructor.</returns>
+        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="TwitterOptions"/> supplied to the constructor.</returns>
         protected override AuthenticationHandler<TwitterOptions> CreateHandler()
         {
             return new TwitterHandler(_httpClient);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 8dd3556bcc..3dbaf2bf6c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*"
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index ff98a10318..f50fd3dbbd 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -64,6 +64,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="options">The original options passed by the application control behavior</param>
         /// <param name="context">The utility object to observe the current request and response</param>
         /// <param name="logger">The logging factory used to create loggers</param>
+        /// <param name="encoder">The <see cref="UrlEncoder"/>.</param>
         /// <returns>async completion</returns>
         public async Task InitializeAsync(TOptions options, HttpContext context, ILogger logger, UrlEncoder encoder)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index d925be8ec4..a78c14bbec 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -9,7 +9,7 @@ using Microsoft.AspNetCore.Authentication;
 namespace Microsoft.AspNetCore.Builder
 {
     /// <summary>
-    /// Contains the options used by the <see cref="RemoteAuthenticationHandler"/>.
+    /// Contains the options used by the <see cref="RemoteAuthenticationHandler{T}"/>.
     /// </summary>
     public class RemoteAuthenticationOptions : AuthenticationOptions
     {
@@ -60,7 +60,7 @@ namespace Microsoft.AspNetCore.Builder
 
         /// <summary>
         /// Defines whether access and refresh tokens should be stored in the
-        /// <see cref="AuthenticationProperties"/> after a successful authorization.
+        /// <see cref="Http.Authentication.AuthenticationProperties"/> after a successful authorization.
         /// This property is set to <c>false</c> by default to reduce
         /// the size of the final authentication cookie.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 73f7ed80d2..8339dc0c31 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
index a2b0a755cf..8979c5c632 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
@@ -13,6 +13,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Checks if a user meets a specific requirement for the specified resource
         /// </summary>
+        /// <param name="service">The <see cref="IAuthorizationService"/>.</param>
         /// <param name="user"></param>
         /// <param name="resource"></param>
         /// <param name="requirement"></param>
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 511a05d56c..7a53cad1db 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index ce4c552dc9..1c2a549bef 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -7,7 +7,9 @@
   },
   "compilationOptions": {
     "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk"
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Http": "1.0.0-*",
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
index 1fe857fd92..56cb77fdc5 100644
--- a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
@@ -12,3 +12,4 @@ using System.Runtime.InteropServices;
 [assembly: Guid("a7922dd8-09f1-43e4-938b-cc523ea08898")]
 [assembly: AssemblyCompany("Microsoft Corporation.")]
 [assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
+[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index 953428b7b4..741385c83a 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -1,9 +1,11 @@
 {
     "version": "1.0.0-*",
-    "compilationOptions": {
-        "warningsAsErrors": true,
-        "keyFile": "../../tools/Key.snk"
-    },
+  "compilationOptions": {
+    "warningsAsErrors": true,
+    "keyFile": "../../tools/Key.snk",
+    "nowarn": [ "CS1591" ],
+    "xmlDoc": true
+  },
     "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.",
     "dependencies": {
         "Microsoft.AspNetCore.DataProtection.Extensions": "1.0.0-*",

From e160f5e6c02877f7bee3f9ca1ecbe77264101de1 Mon Sep 17 00:00:00 2001
From: Victor Hurdugaci <victor.hurdugaci@microsoft.com>
Date: Mon, 7 Mar 2016 20:55:02 -0800
Subject: [PATCH 487/900] Update the build scripts to the latest version

---
 build.ps1 | 33 ++++++++++++++++++++++++++++++++-
 build.sh  | 15 +++++++++++++--
 2 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/build.ps1 b/build.ps1
index 4fd24a30d5..8f2f99691a 100644
--- a/build.ps1
+++ b/build.ps1
@@ -1,3 +1,33 @@
+$ErrorActionPreference = "Stop"
+
+function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $retries) 
+{
+    while($true)
+    {
+        try
+        {
+            Invoke-WebRequest $url -OutFile $downloadLocation
+            break
+        }
+        catch
+        {
+            $exceptionMessage = $_.Exception.Message
+            Write-Host "Failed to download '$url': $exceptionMessage"
+            if ($retries -gt 0) {
+                $retries--
+                Write-Host "Waiting 10 seconds before retrying. Retries left: $retries"
+                Start-Sleep -Seconds 10
+
+            }
+            else 
+            {
+                $exception = $_.Exception
+                throw $exception
+            }
+        }
+    }
+}
+
 cd $PSScriptRoot
 
 $repoFolder = $PSScriptRoot
@@ -20,7 +50,8 @@ if (!(Test-Path $buildFolder)) {
 
     $localZipFile="$tempFolder\korebuild.zip"
     
-    Invoke-WebRequest $koreBuildZip -OutFile $localZipFile
+    DownloadWithRetry -url $koreBuildZip -downloadLocation $localZipFile -retries 6
+
     Add-Type -AssemblyName System.IO.Compression.FileSystem
     [System.IO.Compression.ZipFile]::ExtractToDirectory($localZipFile, $tempFolder)
     
diff --git a/build.sh b/build.sh
index 79638d06b6..f4208100eb 100755
--- a/build.sh
+++ b/build.sh
@@ -18,7 +18,18 @@ if test ! -d $buildFolder; then
     
     localZipFile="$tempFolder/korebuild.zip"
     
-    wget -O $localZipFile $koreBuildZip 2>/dev/null || curl -o $localZipFile --location $koreBuildZip /dev/null
+    retries=6
+    until (wget -O $localZipFile $koreBuildZip 2>/dev/null || curl -o $localZipFile --location $koreBuildZip 2>/dev/null)
+    do
+        echo "Failed to download '$koreBuildZip'"
+        if [ "$retries" -le 0 ]; then
+            exit 1
+        fi
+        retries=$((retries - 1))
+        echo "Waiting 10 seconds before retrying. Retries left: $retries"
+        sleep 10s
+    done
+    
     unzip -q -d $tempFolder $localZipFile
   
     mkdir $buildFolder
@@ -32,4 +43,4 @@ if test ! -d $buildFolder; then
     fi
 fi
 
-$buildFile -r $repoFolder "$@"
+$buildFile -r $repoFolder "$@"
\ No newline at end of file

From 553e036d2840844d25b879fb2ec2472bf1c66187 Mon Sep 17 00:00:00 2001
From: Mike Surcouf <mps_surcouf@hotmail.com>
Date: Wed, 9 Mar 2016 11:04:11 +0000
Subject: [PATCH 488/900] Add GivenName and Surname default claims to
 FacebookOptions

---
 .../FacebookOptions.cs                                          | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
index ac6987f3df..8e86b37c1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
@@ -28,6 +28,8 @@ namespace Microsoft.AspNetCore.Builder
             Scope.Add("email");
             Fields.Add("name");
             Fields.Add("email");
+            Fields.Add("first_name");
+            Fields.Add("last_name");
         }
 
         // Facebook uses a non-standard term for this field.

From a5fcddc0a8d306218c54e4cafcc99c6754d22089 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 7 Mar 2016 15:59:34 -0800
Subject: [PATCH 489/900] #704 unregister auth handlers during unwind.

---
 .../AuthenticationMiddleware.cs                              | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
index ad63b17614..a01490c3e4 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
@@ -73,7 +73,7 @@ namespace Microsoft.AspNetCore.Authentication
                     await _next(context);
                 }
             }
-            catch (Exception)
+            finally
             {
                 try
                 {
@@ -81,9 +81,8 @@ namespace Microsoft.AspNetCore.Authentication
                 }
                 catch (Exception)
                 {
-                    // Don't mask the original exception
+                    // Don't mask the original exception, if any
                 }
-                throw;
             }
         }
 

From ebad0ad76803f27fda252c826ec5e4634af6e3fb Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 9 Mar 2016 16:35:15 -0800
Subject: [PATCH 490/900] Limit the branches that build on our public CI. [ci
 skip]

---
 .travis.yml  | 6 ++++++
 appveyor.yml | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index bf811dc26a..dd4686f39c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -16,5 +16,11 @@ os:
   - linux
   - osx
 osx_image: xcode7.1
+branches:
+  only:
+    - master
+    - release
+    - dev
+    - /^(.*\\/)?ci-.*$/
 script:
   - ./build.sh verify
\ No newline at end of file
diff --git a/appveyor.yml b/appveyor.yml
index 3fab83e134..c6d5f7d997 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,5 +1,11 @@
 init:
   - git config --global core.autocrlf true
+branches:
+  only:
+    - master
+    - release
+    - dev
+    - /^(.*\\/)?ci-.*$/
 build_script:
   - build.cmd verify
 clone_depth: 1

From 26965fd1e178e6a5654348819be5097f2f6db551 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 9 Mar 2016 17:44:49 -0800
Subject: [PATCH 491/900] Fix backslashes in yml config.

[ci skip]
---
 .travis.yml  | 2 +-
 appveyor.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index dd4686f39c..df22f7a880 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -21,6 +21,6 @@ branches:
     - master
     - release
     - dev
-    - /^(.*\\/)?ci-.*$/
+    - /^(.*\/)?ci-.*$/
 script:
   - ./build.sh verify
\ No newline at end of file
diff --git a/appveyor.yml b/appveyor.yml
index c6d5f7d997..b9a9bcd1e6 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -5,7 +5,7 @@ branches:
     - master
     - release
     - dev
-    - /^(.*\\/)?ci-.*$/
+    - /^(.*\/)?ci-.*$/
 build_script:
   - build.cmd verify
 clone_depth: 1

From d78f7edfc7d3084c430eb129e3d6b8f703ff8eb9 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <elipton@microsoft.com>
Date: Tue, 8 Mar 2016 00:22:33 -0800
Subject: [PATCH 492/900] Fix package metadata

And also a few other Core-related renames.
---
 README.md                                     |  7 +++---
 .../project.json                              |  9 +++++--
 .../FacebookMiddleware.cs                     |  2 +-
 .../project.json                              |  9 +++++--
 .../GoogleMiddleware.cs                       |  2 +-
 .../project.json                              |  9 +++++--
 .../project.json                              |  9 +++++--
 .../MicrosoftAccountMiddleware.cs             |  2 +-
 .../project.json                              |  9 +++++--
 .../OAuthMiddleware.cs                        |  4 ++--
 .../project.json                              |  7 +++++-
 .../OpenIdConnectMiddleware.cs                |  6 ++---
 .../project.json                              |  9 +++++--
 .../TwitterMiddleware.cs                      |  4 ++--
 .../project.json                              |  7 +++++-
 .../project.json                              |  7 +++++-
 .../project.json                              |  6 ++++-
 .../project.json                              |  7 ++++--
 .../project.json                              | 24 ++++++++++++-------
 .../CookieInteropTests.cs                     |  4 ++--
 20 files changed, 101 insertions(+), 42 deletions(-)

diff --git a/README.md b/README.md
index 02e65225c1..f32798072d 100644
--- a/README.md
+++ b/README.md
@@ -5,10 +5,11 @@ AppVeyor: [![AppVeyor](https://ci.appveyor.com/api/projects/status/fujhh8n956v5o
 
 Travis:   [![Travis](https://travis-ci.org/aspnet/Security.svg?branch=dev)](https://travis-ci.org/aspnet/Security)
 
-ASP.NET Security contains the security and authorization middlewares for ASP.NET 5.
-
-This project is part of ASP.NET 5. You can find samples, documentation and getting started instructions for ASP.NET 5 at the [Home](https://github.com/aspnet/home) repo.
+Contains the security and authorization middlewares for ASP.NET Core.
 
 ### Notes
 
 ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes, as a shared secret authentication mechanism for server to server communication, or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.AspNetCore.Authentication.Basic).
+
+
+This project is part of ASP.NET Core. You can find samples, documentation and getting started instructions for ASP.NET Core at the [Home](https://github.com/aspnet/home) repo.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 0029e6a897..b1148ce00c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.",
+  "description": "ASP.NET Core middleware that enables an application to use cookie based authentication.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
@@ -17,7 +22,7 @@
     "Microsoft.Extensions.WebEncoders": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netstandard1.3": {
       "imports": [
         "dotnet5.4"
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
index e4a76e0e93..ac57e8ddeb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
@@ -14,7 +14,7 @@ using Microsoft.Extensions.Options;
 namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     /// <summary>
-    /// An ASP.NET middleware for authenticating users using Facebook.
+    /// An ASP.NET Core middleware for authenticating users using Facebook.
     /// </summary>
     public class FacebookMiddleware : OAuthMiddleware<FacebookOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 3cd595a96e..2fe5040003 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
+  "description": "ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
@@ -15,7 +20,7 @@
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netstandard1.3": {
       "imports": [
         "dotnet5.4",
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
index 190dc4b25a..ba6fb7d2ef 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
@@ -14,7 +14,7 @@ using Microsoft.Extensions.Options;
 namespace Microsoft.AspNetCore.Authentication.Google
 {
     /// <summary>
-    /// An ASP.NET middleware for authenticating users using Google OAuth 2.0.
+    /// An ASP.NET Core middleware for authenticating users using Google OAuth 2.0.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class GoogleMiddleware : OAuthMiddleware<GoogleOptions>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 702d45aefd..ed29e86ae4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 contains middlewares to support Google's OpenId and OAuth 2.0 authentication workflows.",
+  "description": "ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
@@ -15,7 +20,7 @@
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netstandard1.3": {
       "imports": [
         "dotnet5.4",
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 091deca827..e86e914152 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 middleware that enables an application to receive an OpenID Connect bearer token.",
+  "description": "ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
@@ -16,7 +21,7 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netstandard1.3": {
       "imports": [
         "dotnet5.4",
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index fc9866826b..3ad1bf5571 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -13,7 +13,7 @@ using Microsoft.Extensions.Options;
 namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     /// <summary>
-    /// An ASP.NET middleware for authenticating users using the Microsoft Account service.
+    /// An ASP.NET Core middleware for authenticating users using the Microsoft Account service.
     /// </summary>
     public class MicrosoftAccountMiddleware : OAuthMiddleware<MicrosoftAccountOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index e0a2fceb0d..7507e1eb4c 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 middleware that enables an application to support the Microsoft Account authentication workflow.",
+  "description": "ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
@@ -15,7 +20,7 @@
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netstandard1.3": {
       "imports": [
         "dotnet5.4",
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
index 1a16d2aa3b..7ef1863226 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
@@ -15,7 +15,7 @@ using Microsoft.Extensions.Options;
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
-    /// An ASP.NET middleware for authenticating users using OAuth services.
+    /// An ASP.NET Core middleware for authenticating users using OAuth services.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class OAuthMiddleware<TOptions> : AuthenticationMiddleware<TOptions> where TOptions : OAuthOptions, new()
@@ -112,7 +112,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             }
 
             Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET OAuth middleware");
+            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OAuth middleware");
             Backchannel.Timeout = Options.BackchannelTimeout;
             Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index b8f056facb..978dea7cc7 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
+  "description": "ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 86ba433123..76936e25a6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -17,14 +17,14 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// ASP.NET middleware for obtaining identities using OpenIdConnect protocol.
+    /// ASP.NET Core middleware for obtaining identities using OpenIdConnect protocol.
     /// </summary>
     public class OpenIdConnectMiddleware : AuthenticationMiddleware<OpenIdConnectOptions>
     {
         /// <summary>
         /// Initializes a <see cref="OpenIdConnectMiddleware"/>
         /// </summary>
-        /// <param name="next">The next middleware in the ASP.NET pipeline to invoke.</param>
+        /// <param name="next">The next middleware in the middleware pipeline to invoke.</param>
         /// <param name="dataProtectionProvider"> provider for creating a data protector.</param>
         /// <param name="loggerFactory">factory for creating a <see cref="ILogger"/>.</param>
         /// <param name="encoder"></param>
@@ -134,7 +134,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
 
             Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET OpenIdConnect middleware");
+            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect middleware");
             Backchannel.Timeout = Options.BackchannelTimeout;
             Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 870884c4df..eee5f0942f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -1,6 +1,11 @@
 {
   "version": "0.1.0-*",
-  "description": "ASP.NET 5 middleware that enables an application to support the OpenID Connect authentication workflow.",
+  "description": "ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
@@ -16,7 +21,7 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netstandard1.3": {
       "imports": [
         "dotnet5.4",
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
index 7845b4bbcc..542115117f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
@@ -15,7 +15,7 @@ using Microsoft.Extensions.Options;
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
-    /// ASP.NET middleware for authenticating users using Twitter
+    /// ASP.NET Core middleware for authenticating users using Twitter.
     /// </summary>
     [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class TwitterMiddleware : AuthenticationMiddleware<TwitterOptions>
@@ -109,7 +109,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             _httpClient.Timeout = Options.BackchannelTimeout;
             _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
             _httpClient.DefaultRequestHeaders.Accept.ParseAdd("*/*");
-            _httpClient.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Twitter middleware");
+            _httpClient.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core Twitter middleware");
             _httpClient.DefaultRequestHeaders.ExpectContinue = false;
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 3dbaf2bf6c..73e5c9b7af 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
+  "description": "ASP.NET Core middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 8339dc0c31..f02351c2cd 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -1,6 +1,11 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 common types used by the various authentication middleware.",
+  "description": "ASP.NET Core common types used by the various authentication middleware components.",
+  "tags": [
+    "aspnetcore",
+    "authentication",
+    "security"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 7a53cad1db..e75441dc84 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -1,6 +1,10 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 authorization classes.",
+  "description": "ASP.NET 5 authorization classes.\r\nCommonly used types:\r\nMicrosoft.AspNetCore.Authorization.AllowAnonymousAttribute\r\nMicrosoft.AspNetCore.Authorization.AuthorizeAttribute",
+  "tags": [
+    "aspnetcore",
+    "authorization"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index 1c2a549bef..f1c7b77b91 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -1,6 +1,9 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 cookie policy classes.",
+  "description": "ASP.NET Core cookie policy classes to control the behavior of cookies.",
+  "tags": [
+    "aspnetcore"
+  ],
   "repository": {
     "type": "git",
     "url": "git://github.com/aspnet/security"
@@ -16,7 +19,7 @@
     "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netstandard1.3": {
       "imports": [
         "dotnet5.4"
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index 741385c83a..691b16c42d 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -1,17 +1,23 @@
 {
-    "version": "1.0.0-*",
+  "version": "1.0.0-*",
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [ "CS1591" ],
     "xmlDoc": true
   },
-    "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.",
-    "dependencies": {
-        "Microsoft.AspNetCore.DataProtection.Extensions": "1.0.0-*",
-        "Microsoft.Owin.Security": "3.0.1"
-    },
-    "frameworks": {
-        "net451": { }
-    }
+  "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.",
+  "tags": [
+    "aspnetcore",
+    "katana",
+    "owin",
+    "security"
+  ],
+  "dependencies": {
+    "Microsoft.AspNetCore.DataProtection.Extensions": "1.0.0-*",
+    "Microsoft.Owin.Security": "3.0.1"
+  },
+  "frameworks": {
+    "net451": { }
+  }
 }
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index ef80b78e6e..3c08f58bd6 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -31,7 +31,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var interopServer = TestServer.Create(app =>
@@ -87,7 +87,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var builder = new WebHostBuilder()

From 4bfeba2a3c2baf6ac74f9853a0388501c3931690 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <Eilon@users.noreply.github.com>
Date: Thu, 10 Mar 2016 15:16:54 -0800
Subject: [PATCH 493/900] Update project.json

@tratcher said :shipit:
---
 src/Microsoft.AspNetCore.Authorization/project.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index e75441dc84..9d65386a8f 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -1,6 +1,6 @@
 {
   "version": "1.0.0-*",
-  "description": "ASP.NET 5 authorization classes.\r\nCommonly used types:\r\nMicrosoft.AspNetCore.Authorization.AllowAnonymousAttribute\r\nMicrosoft.AspNetCore.Authorization.AuthorizeAttribute",
+  "description": "ASP.NET Core authorization classes.\r\nCommonly used types:\r\nMicrosoft.AspNetCore.Authorization.AllowAnonymousAttribute\r\nMicrosoft.AspNetCore.Authorization.AuthorizeAttribute",
   "tags": [
     "aspnetcore",
     "authorization"
@@ -34,4 +34,4 @@
       ]
     }
   }
-}
\ No newline at end of file
+}

From f5c1c45db20fd4592a3f49d4dc1d39dc5f62108c Mon Sep 17 00:00:00 2001
From: Dovydas Navickas <dovydas.nav@gmail.com>
Date: Sun, 6 Mar 2016 01:48:08 +0200
Subject: [PATCH 494/900] IClaimsTransofrmer updated to take
 ClaimsTransformationContext instead of ClaimsPrincipal in TransformAsync
 method. #718

---
 .../ClaimsTransformationAppBuilderExtensions.cs   |  6 +++---
 .../ClaimsTransformationContext.cs                | 15 +++++++++++++++
 .../ClaimsTransformationHandler.cs                | 11 +++++++++--
 .../ClaimsTransformationMiddleware.cs             |  8 ++++++--
 .../ClaimsTransformer.cs                          |  6 +++---
 .../IClaimsTransformer.cs                         |  4 ++--
 .../Cookies/CookieMiddlewareTests.cs              |  8 ++++----
 .../Google/GoogleMiddlewareTests.cs               | 10 +++++-----
 8 files changed, 47 insertions(+), 21 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs

diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
index 1cc76b946e..1edb4a0f4b 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
@@ -35,7 +35,7 @@ namespace Microsoft.AspNetCore.Builder
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
         /// <param name="transform">A function that asynchronously transforms one <see cref="ClaimsPrincipal"/> to another.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Func<ClaimsPrincipal, Task<ClaimsPrincipal>> transform)
+        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Func<ClaimsTransformationContext, Task<ClaimsPrincipal>> transform)
         {
             if (app == null)
             {
@@ -46,12 +46,12 @@ namespace Microsoft.AspNetCore.Builder
                 throw new ArgumentNullException(nameof(transform));
             }
 
-            return app.UseClaimsTransformation(new ClaimsTransformationOptions 
+            return app.UseClaimsTransformation(new ClaimsTransformationOptions
             {
                 Transformer = new ClaimsTransformer { OnTransform = transform }
             });
         }
-        
+
         /// <summary>
         /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs
new file mode 100644
index 0000000000..3c363ca98f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs
@@ -0,0 +1,15 @@
+using Microsoft.AspNetCore.Http;
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class ClaimsTransformationContext
+    {
+        public ClaimsTransformationContext(HttpContext context)
+        {
+            Context = context;
+        }
+        public HttpContext Context { get; }
+        public ClaimsPrincipal Principal { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
index 78d9a0845b..7a2c47e401 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication
@@ -12,10 +13,12 @@ namespace Microsoft.AspNetCore.Authentication
     public class ClaimsTransformationHandler : IAuthenticationHandler
     {
         private readonly IClaimsTransformer _transform;
+        private readonly HttpContext _httpContext;
 
-        public ClaimsTransformationHandler(IClaimsTransformer transform)
+        public ClaimsTransformationHandler(IClaimsTransformer transform, HttpContext httpContext)
         {
             _transform = transform;
+            _httpContext = httpContext;
         }
 
         public IAuthenticationHandler PriorHandler { get; set; }
@@ -27,8 +30,12 @@ namespace Microsoft.AspNetCore.Authentication
                 await PriorHandler.AuthenticateAsync(context);
                 if (_transform != null && context?.Principal != null)
                 {
+                    var transformationContext = new ClaimsTransformationContext(_httpContext)
+                    {
+                        Principal = context.Principal
+                    };
                     context.Authenticated(
-                        await _transform.TransformAsync(context.Principal),
+                        await _transform.TransformAsync(transformationContext),
                         context.Properties,
                         context.Description);
                 }
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
index 2e2216bc25..53f6a07a87 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
@@ -35,13 +35,17 @@ namespace Microsoft.AspNetCore.Authentication
 
         public async Task Invoke(HttpContext context)
         {
-            var handler = new ClaimsTransformationHandler(Options.Transformer);
+            var handler = new ClaimsTransformationHandler(Options.Transformer, context);
             handler.RegisterAuthenticationHandler(context.GetAuthentication());
             try
             {
                 if (Options.Transformer != null)
                 {
-                    context.User = await Options.Transformer.TransformAsync(context.User);
+                    var transformationContext = new ClaimsTransformationContext(context)
+                    {
+                        Principal = context.User
+                    };
+                    context.User = await Options.Transformer.TransformAsync(transformationContext);
                 }
                 await _next(context);
             }
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
index b8e7ea3e1c..db05db0e5b 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
@@ -9,11 +9,11 @@ namespace Microsoft.AspNetCore.Authentication
 {
     public class ClaimsTransformer : IClaimsTransformer
     {
-        public Func<ClaimsPrincipal, Task<ClaimsPrincipal>> OnTransform { get; set; }
+        public Func<ClaimsTransformationContext, Task<ClaimsPrincipal>> OnTransform { get; set; }
 
-        public virtual Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
+        public virtual Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
         {
-            return OnTransform?.Invoke(principal) ?? Task.FromResult(principal);
+            return OnTransform?.Invoke(context) ?? Task.FromResult(context.Principal);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
index 5111c79714..cd42915c0a 100644
--- a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
@@ -14,8 +14,8 @@ namespace Microsoft.AspNetCore.Authentication
         /// <summary>
         /// Provides a central transformation point to change the specified principal.
         /// </summary>
-        /// <param name="principal">The principal to transform.</param>
+        /// <param name="context"><see cref="ClaimsTransformationContext"/> containing principal to transform and current HttpContext.</param>
         /// <returns>The transformed principal.</returns>
-        Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal);
+        Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context);
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 785d5bfa62..5049f39e55 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -293,16 +293,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 Transformer = new ClaimsTransformer
                 {
-                    OnTransform = p =>
+                    OnTransform = context =>
                     {
-                        if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                        if (!context.Principal.Identities.Any(i => i.AuthenticationType == "xform"))
                         {
                             // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
                             var id = new ClaimsIdentity("xform");
                             id.AddClaim(new Claim("xform", "yup"));
-                            p.AddIdentity(id);
+                            context.Principal.AddIdentity(id);
                         }
-                        return Task.FromResult(p);
+                        return Task.FromResult(context.Principal);
                     }
                 }
             });
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 96bb574fb3..31fb9e3175 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -222,7 +222,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 ClientId = "Test Id",
                 ClientSecret = "Test Secret"
             },
-            async context => 
+            async context =>
             {
                 var req = context.Request;
                 var res = context.Response;
@@ -273,7 +273,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             {
                 var transaction = await sendTask;
                 Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-                Assert.Equal("/error?FailureMessage=OMG"+UrlEncoder.Default.Encode(";Description=SoBad;Uri=foobar"), transaction.Response.Headers.GetValues("Location").First());
+                Assert.Equal("/error?FailureMessage=OMG" + UrlEncoder.Default.Encode(";Description=SoBad;Uri=foobar"), transaction.Response.Headers.GetValues("Location").First());
             }
             else
             {
@@ -774,12 +774,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         AutomaticAuthenticate = true
                     });
                     app.UseGoogleAuthentication(options);
-                    app.UseClaimsTransformation(p =>
+                    app.UseClaimsTransformation(context =>
                     {
                         var id = new ClaimsIdentity("xform");
                         id.AddClaim(new Claim("xform", "yup"));
-                        p.AddIdentity(id);
-                        return Task.FromResult(p);
+                        context.Principal.AddIdentity(id);
+                        return Task.FromResult(context.Principal);
                     });
                     app.Use(async (context, next) =>
                     {

From 1a8d5317a90d478745d5a8532dfb313e897705de Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Mon, 14 Mar 2016 14:50:57 -0700
Subject: [PATCH 495/900] Updated Json.Net version

---
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 978dea7cc7..c02bfe8972 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -18,7 +18,7 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "8.0.2"
+    "Newtonsoft.Json": "8.0.3"
   },
   "frameworks": {
     "net451": {

From 22f55d5937d310079b4b0c81e30666ce6725de12 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Tue, 15 Mar 2016 18:28:56 -0700
Subject: [PATCH 496/900] Reacting to DataProtection changes

---
 .../CookieInteropTests.cs                                     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index 3c08f58bd6..2abb115e47 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -29,7 +29,7 @@ namespace Microsoft.Owin.Security.Interop
             var identity = new ClaimsIdentity("Cookies");
             identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
 
-            var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
                 "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 CookieAuthenticationDefaults.AuthenticationType, "v2");
@@ -85,7 +85,7 @@ namespace Microsoft.Owin.Security.Interop
             identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
             user.AddIdentity(identity);
 
-            var dataProtection = new DataProtectionProvider(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
                 "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 CookieAuthenticationDefaults.AuthenticationType, "v2");

From 81bf1c20961fe90849396ff3e69e5ad4f4269945 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Thu, 17 Mar 2016 15:33:17 -0700
Subject: [PATCH 497/900] Cleanup transitive dependencies

---
 samples/OpenIdConnect.AzureAdSample/project.json         | 1 -
 .../project.json                                         | 9 +--------
 .../project.json                                         | 9 +--------
 3 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index dabb9262fc..a25fc16613 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -2,7 +2,6 @@
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
-    "Microsoft.AspNetCore.Http.Extensions": "1.0.0-*",
     "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index c02bfe8972..c6658208e5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -21,15 +21,8 @@
     "Newtonsoft.Json": "8.0.3"
   },
   "frameworks": {
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Net.Http": ""
-      }
-    },
+    "net451": { },
     "netstandard1.3": {
-      "dependencies": {
-        "System.Net.Http": "4.0.1-*"
-      },
       "imports": [
         "dotnet5.4",
         "portable-net451+win8"
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 73e5c9b7af..718d51747f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -20,15 +20,8 @@
     "Microsoft.AspNetCore.Authentication": "1.0.0-*"
   },
   "frameworks": {
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Net.Http": ""
-      }
-    },
+    "net451": { },
     "netstandard1.3": {
-      "dependencies": {
-        "System.Net.Http": "4.0.1-*"
-      },
       "imports": [
         "dotnet5.4"
       ]

From 9361960b2f8aaf8bb329dd5dce0f9e7659179799 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Thu, 17 Mar 2016 22:26:02 -0700
Subject: [PATCH 498/900] React to HttpAbstractions change: No features in
 `.Internal` namespace - see issue aspnet/HttpAbstractions#561 and pull
 aspnet/HttpAbstractions#589

---
 .../CookiePolicyMiddleware.cs                                  | 1 +
 .../CookiePolicyTests.cs                                       | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index d9a65028c7..b8bb1264eb 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -5,6 +5,7 @@ using System;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Http.Features.Internal;
 using Microsoft.Extensions.Options;
 
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index fde6034974..307002d1f3 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -7,7 +7,6 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
-using Microsoft.AspNetCore.Http.Features.Internal;
 using Microsoft.AspNetCore.TestHost;
 using Xunit;
 
@@ -277,7 +276,7 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
         }
 
         private async Task RunTest(
-            string path, 
+            string path,
             CookiePolicyOptions cookiePolicy,
             RequestDelegate configureSetup,
             params RequestTest[] tests)

From 22d133cefa20926b25eeb82779343b23a221117f Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 22 Mar 2016 14:51:18 -0700
Subject: [PATCH 499/900] Reacting to CoreCLR package changes

---
 .../CookieAuthenticationDefaults.cs                           | 4 ----
 .../CookieAuthenticationOptions.cs                            | 4 ----
 .../Events/CookieRedirectContext.cs                           | 3 ---
 .../GoogleMiddleware.cs                                       | 2 --
 .../OAuthMiddleware.cs                                        | 2 --
 .../OpenIdConnectMiddleware.cs                                | 2 --
 .../OpenIdConnectOptions.cs                                   | 4 ----
 .../Messages/RequestTokenSerializer.cs                        | 3 ---
 .../TwitterMiddleware.cs                                      | 2 --
 .../DataHandler/PropertiesSerializer.cs                       | 3 ---
 10 files changed, 29 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
index 2baa9e45cd..ad0e17a096 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
@@ -25,21 +24,18 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// The default value used by CookieAuthenticationMiddleware for the
         /// CookieAuthenticationOptions.LoginPath
         /// </summary>
-        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
         public static readonly PathString LoginPath = new PathString("/Account/Login");
 
         /// <summary>
         /// The default value used by CookieAuthenticationMiddleware for the
         /// CookieAuthenticationOptions.LogoutPath
         /// </summary>
-        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "By design")]
         public static readonly PathString LogoutPath = new PathString("/Account/Logout");
 
         /// <summary>
         /// The default value used by CookieAuthenticationMiddleware for the
         /// CookieAuthenticationOptions.AccessDeniedPath
         /// </summary>
-        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
         public static readonly PathString AccessDeniedPath = new PathString("/Account/AccessDenied");
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 51cf43a0f1..8a451c9c71 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.ComponentModel;
-using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.DataProtection;
@@ -103,13 +102,11 @@ namespace Microsoft.AspNetCore.Builder
         /// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back  
         /// to the url which caused the original unauthorized status code.
         /// </summary>
-        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "By design")]
         public PathString LoginPath { get; set; }
 
         /// <summary>
         /// If the LogoutPath is provided the middleware then a request to that path will redirect based on the ReturnUrlParameter.
         /// </summary>
-        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "By design")]
         public PathString LogoutPath { get; set; }
 
         /// <summary>
@@ -124,7 +121,6 @@ namespace Microsoft.AspNetCore.Builder
         /// string parameter looked for when a request arrives on the login path or logout path, in order to return to the 
         /// original url after the action is performed.
         /// </summary>
-        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "ReturnUrl is the name of a querystring parameter")]
         public string ReturnUrlParameter { get; set; }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
index c26cd5d662..2cbb5ff095 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
@@ -20,7 +19,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <param name="options">The cookie middleware options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
         /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
-        [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", MessageId = "2#", Justification = "Represents header value")]
         public CookieRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri, AuthenticationProperties properties)
             : base(context, options)
         {
@@ -31,7 +29,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// Gets or Sets the URI used for the redirect operation.
         /// </summary>
-        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Represents header value")]
         public string RedirectUri { get; set; }
 
         public AuthenticationProperties Properties { get; }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
index ba6fb7d2ef..eb98e447b3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Text.Encodings.Web;
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Builder;
@@ -16,7 +15,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
     /// <summary>
     /// An ASP.NET Core middleware for authenticating users using Google OAuth 2.0.
     /// </summary>
-    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class GoogleMiddleware : OAuthMiddleware<GoogleOptions>
     {
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
index 7ef1863226..75139c1c80 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
@@ -17,7 +16,6 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
     /// <summary>
     /// An ASP.NET Core middleware for authenticating users using OAuth services.
     /// </summary>
-    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class OAuthMiddleware<TOptions> : AuthenticationMiddleware<TOptions> where TOptions : OAuthOptions, new()
     {
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 76936e25a6..80f2ca2ba3 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Text;
 using System.Text.Encodings.Web;
@@ -32,7 +31,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <param name="sharedOptions"></param>
         /// <param name="options"></param>
         /// <param name="htmlEncoder">The <see cref="HtmlEncoder"/>.</param>
-        [SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "Managed by caller")]
         public OpenIdConnectMiddleware(
             RequestDelegate next,
             IDataProtectionProvider dataProtectionProvider,
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 1b179c3369..acf9d77e40 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel;
-using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -45,7 +44,6 @@ namespace Microsoft.AspNetCore.Builder
         /// <para>UseTokenLifetime: false.</para>
         /// </remarks>
         /// <param name="authenticationScheme"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationScheme property.</param>
-        [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectOptions.set_Caption(System.String)", Justification = "Not a LOC field")]
         public OpenIdConnectOptions(string authenticationScheme)
         {
             AuthenticationScheme = authenticationScheme;
@@ -124,8 +122,6 @@ namespace Microsoft.AspNetCore.Builder
         /// Gets or sets the 'post_logout_redirect_uri'
         /// </summary>
         /// <remarks>This is sent to the OP as the redirect for the user-agent.</remarks>
-        [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "By design")]
-        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Logout", Justification = "This is the term used in the spec.")]
         public string PostLogoutRedirectUri { get; set; }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
index a96a379c18..88b10d3d60 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using Microsoft.AspNetCore.Http.Authentication;
 
@@ -20,7 +19,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// </summary>
         /// <param name="model">The token to serialize</param>
         /// <returns>A byte array containing the serialized token</returns>
-        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
         public virtual byte[] Serialize(RequestToken model)
         {
             using (var memory = new MemoryStream())
@@ -39,7 +37,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// </summary>
         /// <param name="data">A byte array containing the serialized token</param>
         /// <returns>The Twitter request token</returns>
-        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
         public virtual RequestToken Deserialize(byte[] data)
         {
             using (var memory = new MemoryStream(data))
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
index 542115117f..67fb903dd1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
 using System.Text.Encodings.Web;
@@ -17,7 +16,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
     /// <summary>
     /// ASP.NET Core middleware for authenticating users using Twitter.
     /// </summary>
-    [SuppressMessage("Microsoft.Design", "CA1001:TypesThatOwnDisposableFieldsShouldBeDisposable", Justification = "Middleware are not disposable.")]
     public class TwitterMiddleware : AuthenticationMiddleware<TwitterOptions>
     {
         private readonly HttpClient _httpClient;
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
index 542553cf2b..dd30b45ae0 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using Microsoft.AspNetCore.Http.Authentication;
 
@@ -15,7 +14,6 @@ namespace Microsoft.AspNetCore.Authentication
 
         public static PropertiesSerializer Default { get; } = new PropertiesSerializer();
 
-        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
         public virtual byte[] Serialize(AuthenticationProperties model)
         {
             using (var memory = new MemoryStream())
@@ -29,7 +27,6 @@ namespace Microsoft.AspNetCore.Authentication
             }
         }
 
-        [SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Dispose is idempotent")]
         public virtual AuthenticationProperties Deserialize(byte[] data)
         {
             using (var memory = new MemoryStream(data))

From 7ec3da701cebcd36df07367e06b321fb743fbf94 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 23 Mar 2016 16:15:16 -0700
Subject: [PATCH 500/900] Reacting to CoreFx package changes

---
 .../project.json                                              | 4 ++--
 .../project.json                                              | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index e86e914152..3efa9c0647 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -22,9 +22,9 @@
   },
   "frameworks": {
     "net451": { },
-    "netstandard1.3": {
+    "netstandard1.4": {
       "imports": [
-        "dotnet5.4",
+        "dotnet5.5",
         "portable-net451+win8"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index eee5f0942f..7be775cfe0 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -22,9 +22,9 @@
   },
   "frameworks": {
     "net451": { },
-    "netstandard1.3": {
+    "netstandard1.4": {
       "imports": [
-        "dotnet5.4",
+        "dotnet5.5",
         "portable-net451+win8"
       ]
     }

From 6d4a80e747b3fddf73cc7fb1ce6c75c235aaa7d7 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Thu, 11 Feb 2016 16:08:27 -0800
Subject: [PATCH 501/900] [Fixes #532] Replace hard-coded logging event ids
 with a class of consts

---
 .../JwtBearerHandler.cs                       |   6 +-
 .../LoggingExtensions.cs                      |  45 ++
 .../LoggingExtensions.cs                      | 446 ++++++++++++++++++
 .../OpenIdConnectHandler.cs                   |  93 ++--
 .../LoggingExtensions.cs                      |  36 ++
 .../TwitterHandler.cs                         |   4 +-
 .../AuthenticationHandler.cs                  |  20 +-
 .../LoggingExtensions.cs                      | 175 +++++++
 .../RemoteAuthenticationHandler.cs            |  12 +-
 .../DefaultAuthorizationService.cs            |   4 +-
 .../LoggingExtensions.cs                      |  35 ++
 11 files changed, 809 insertions(+), 67 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 613dfbc152..b1d2d702eb 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -119,7 +119,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                         catch (Exception ex)
                         {
-                            Logger.LogInformation(0, ex, "Failed to validate the token: " + token);
+                            Logger.TokenValidationFailed(token, ex);
 
                             // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
                             if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
@@ -135,7 +135,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                             continue;
                         }
 
-                        Logger.LogInformation("Successfully validated the token");
+                        Logger.TokenValidationSucceeded();
 
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
                         var validatedTokenContext = new ValidatedTokenContext(Context, Options)
@@ -189,7 +189,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
             catch (Exception ex)
             {
-                Logger.LogError(0, ex, "Exception occurred while processing message");
+                Logger.ErrorProcessingMessage(ex);
 
                 var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
                 {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
new file mode 100644
index 0000000000..643da92906
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
@@ -0,0 +1,45 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, string, Exception> _tokenValidationFailed;
+        private static Action<ILogger, string, Exception> _tokenValidationSucceeded;
+        private static Action<ILogger, Exception> _errorProcessingMessage;
+
+        static LoggingExtensions()
+        {
+            _tokenValidationFailed = LoggerMessage.Define<string>(
+                eventId: 1,
+                logLevel: LogLevel.Information,
+                formatString: "Failed to validate the token {Token}.");
+            _tokenValidationSucceeded = LoggerMessage.Define<string>(
+                eventId: 2,
+                logLevel: LogLevel.Information,
+                formatString: "Successfully validated the token.");
+            _errorProcessingMessage = LoggerMessage.Define(
+                eventId: 3,
+                logLevel: LogLevel.Error,
+                formatString: "Exception occurred while processing message.");
+        }
+
+        public static void TokenValidationFailed(this ILogger logger, string token, Exception ex)
+        {
+            _tokenValidationFailed(logger, token, ex);
+        }
+
+        public static void TokenValidationSucceeded(this ILogger logger)
+        {
+            _tokenValidationSucceeded(logger, null, null);
+        }
+
+        public static void ErrorProcessingMessage(this ILogger logger, Exception ex)
+        {
+            _errorProcessingMessage(logger, ex);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
new file mode 100644
index 0000000000..8d45c9918c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -0,0 +1,446 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, Exception> _redirectToEndSessionEndpointHandledResponse;
+        private static Action<ILogger, Exception> _redirectToEndSessionEndpointSkipped;
+        private static Action<ILogger, Exception> _redirectToAuthenticationEndpointHandledResponse;
+        private static Action<ILogger, Exception> _redirectToAuthenticationEndpointSkipped;
+        private static Action<ILogger, Exception> _updatingConfiguration;
+        private static Action<ILogger, Exception> _receivedIdToken;
+        private static Action<ILogger, Exception> _redeemingCodeForTokens;
+        private static Action<ILogger, string, Exception> _enteringOpenIdAuthenticationHandlerHandleRemoteAuthenticateAsync;
+        private static Action<ILogger, string, Exception> _enteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync;
+        private static Action<ILogger, string, Exception> _messageReceived;
+        private static Action<ILogger, Exception> _messageReceivedContextHandledResponse;
+        private static Action<ILogger, Exception> _messageReceivedContextSkipped;
+        private static Action<ILogger, Exception> _authorizationResponseReceived;
+        private static Action<ILogger, Exception> _authorizationCodeReceived;
+        private static Action<ILogger, Exception> _configurationManagerRequestRefreshCalled;
+        private static Action<ILogger, Exception> _tokenResponseReceived;
+        private static Action<ILogger, Exception> _authorizationResponseReceivedHandledResponse;
+        private static Action<ILogger, Exception> _authorizationResponseReceivedSkipped;
+        private static Action<ILogger, Exception> _authenticationFailedContextHandledResponse;
+        private static Action<ILogger, Exception> _authenticationFailedContextSkipped;
+        private static Action<ILogger, Exception> _authorizationCodeReceivedContextHandledResponse;
+        private static Action<ILogger, Exception> _authorizationCodeReceivedContextSkipped;
+        private static Action<ILogger, Exception> _authorizationCodeRedeemedContextHandledResponse;
+        private static Action<ILogger, Exception> _authorizationCodeRedeemedContextSkipped;
+        private static Action<ILogger, Exception> _authenticationValidatedHandledResponse;
+        private static Action<ILogger, Exception> _authenticationValidatedtSkipped;
+        private static Action<ILogger, string, Exception> _userInformationReceived;
+        private static Action<ILogger, Exception> _userInformationReceivedHandledResponse;
+        private static Action<ILogger, Exception> _userInformationReceivedSkipped;
+        private static Action<ILogger, string, Exception> _invalidLogoutQueryStringRedirectUrl;
+        private static Action<ILogger, Exception> _nullOrEmptyAuthorizationResponseState;
+        private static Action<ILogger, Exception> _unableToReadAuthorizationResponseState;
+        private static Action<ILogger, string, string, string, Exception> _authorizationResponseError;
+        private static Action<ILogger, Exception> _exceptionProcessingMessage;
+        private static Action<ILogger, Exception> _accessTokenNotAvailable;
+        private static Action<ILogger, Exception> _retrievingClaims;
+        private static Action<ILogger, Exception> _userInfoEndpointNotSet;
+        private static Action<ILogger, Exception> _unableToProtectNonceCookie;
+        private static Action<ILogger, string, Exception> _invalidAuthenticationRequestUrl;
+        private static Action<ILogger, string, Exception> _unableToReadIdToken;
+        private static Action<ILogger, string, Exception> _invalidSecurityTokenType;
+        private static Action<ILogger, string, Exception> _unableToValidateIdToken;
+        private static Action<ILogger, string, Exception> _postAuthenticationLocalRedirect;
+
+        static LoggingExtensions()
+        {
+            // Final
+            _redirectToEndSessionEndpointHandledResponse = LoggerMessage.Define(
+                eventId: 1,
+                logLevel: LogLevel.Debug,
+                formatString: "RedirectToEndSessionEndpoint.HandledResponse");
+            _redirectToEndSessionEndpointSkipped = LoggerMessage.Define(
+                eventId: 2,
+                logLevel: LogLevel.Debug,
+                formatString: "RedirectToEndSessionEndpoint.Skipped");
+            _invalidLogoutQueryStringRedirectUrl = LoggerMessage.Define<string>(
+                eventId: 3,
+                logLevel: LogLevel.Warning,
+                formatString: "The query string for Logout is not a well-formed URI. Redirect URI: '{RedirectUrl}'.");
+            _enteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync = LoggerMessage.Define<string>(
+                eventId: 4,
+                logLevel: LogLevel.Trace,
+                formatString: "Entering {OpenIdConnectHandlerType}'s HandleUnauthorizedAsync.");
+            _postAuthenticationLocalRedirect = LoggerMessage.Define<string>(
+                eventId: 5,
+                logLevel: LogLevel.Trace,
+                formatString: "Using properties.RedirectUri for 'local redirect' post authentication: '{RedirectUri}'.");
+            _redirectToAuthenticationEndpointHandledResponse = LoggerMessage.Define(
+                eventId: 6,
+                logLevel: LogLevel.Debug,
+                formatString: "RedirectToAuthenticationEndpoint.HandledResponse");
+            _redirectToAuthenticationEndpointSkipped = LoggerMessage.Define(
+                eventId: 7,
+                logLevel: LogLevel.Debug,
+                formatString: "RedirectToAuthenticationEndpoint.Skipped");
+            _invalidAuthenticationRequestUrl = LoggerMessage.Define<string>(
+                eventId: 8,
+                logLevel: LogLevel.Warning,
+                formatString: "The redirect URI is not well-formed. The URI is: '{AuthenticationRequestUrl}'.");
+            _enteringOpenIdAuthenticationHandlerHandleRemoteAuthenticateAsync = LoggerMessage.Define<string>(
+                eventId: 9,
+                logLevel: LogLevel.Trace,
+                formatString: "Entering {OpenIdConnectHandlerType}'s HandleRemoteAuthenticateAsync.");
+            _nullOrEmptyAuthorizationResponseState = LoggerMessage.Define(
+                eventId: 10,
+                logLevel: LogLevel.Debug,
+                formatString: "message.State is null or empty.");
+            _unableToReadAuthorizationResponseState = LoggerMessage.Define(
+                eventId: 11,
+                logLevel: LogLevel.Debug,
+                formatString: "Unable to read the message.State.");
+            _authorizationResponseError = LoggerMessage.Define<string, string, string>(
+                eventId: 12,
+                logLevel: LogLevel.Error,
+                formatString: "Message contains error: '{Error}', error_description: '{ErrorDescription}', error_uri: '{ErrorUri}'.");
+            _updatingConfiguration = LoggerMessage.Define(
+                eventId: 13,
+                logLevel: LogLevel.Debug,
+                formatString: "Updating configuration");
+            _authorizationResponseReceived = LoggerMessage.Define(
+                eventId: 14,
+                logLevel: LogLevel.Trace,
+                formatString: "Authorization response received.");
+            _authorizationResponseReceivedHandledResponse = LoggerMessage.Define(
+                eventId: 15,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthorizationResponseReceived.HandledResponse");
+            _authorizationResponseReceivedSkipped = LoggerMessage.Define(
+                eventId: 16,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthorizationResponseReceived.Skipped");
+            _exceptionProcessingMessage = LoggerMessage.Define(
+                eventId: 17,
+                logLevel: LogLevel.Error,
+                formatString: "Exception occurred while processing message.");
+            _configurationManagerRequestRefreshCalled = LoggerMessage.Define(
+                eventId: 18,
+                logLevel: LogLevel.Debug,
+                formatString: "Exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.");
+            _redeemingCodeForTokens = LoggerMessage.Define(
+                eventId: 19,
+                logLevel: LogLevel.Debug,
+                formatString: "Redeeming code for tokens.");
+            _retrievingClaims = LoggerMessage.Define(
+                eventId: 20,
+                logLevel: LogLevel.Trace,
+                formatString: "Retrieving claims from the user info endpoint.");
+            _receivedIdToken = LoggerMessage.Define(
+                eventId: 21,
+                logLevel: LogLevel.Debug,
+                formatString: "Received 'id_token'");
+            _userInfoEndpointNotSet = LoggerMessage.Define(
+                eventId: 22,
+                logLevel: LogLevel.Debug,
+                formatString: "UserInfoEndpoint is not set. Claims cannot be retrieved.");
+            _unableToProtectNonceCookie = LoggerMessage.Define(
+                eventId: 23,
+                logLevel: LogLevel.Warning,
+                formatString: "Failed to un-protect the nonce cookie.");
+            _messageReceived = LoggerMessage.Define<string>(
+                eventId: 24,
+                logLevel: LogLevel.Trace,
+                formatString: "MessageReceived: '{RedirectUrl}'.");
+            _messageReceivedContextHandledResponse = LoggerMessage.Define(
+                eventId: 25,
+                logLevel: LogLevel.Debug,
+                formatString: "MessageReceivedContext.HandledResponse");
+            _messageReceivedContextSkipped = LoggerMessage.Define(
+                eventId: 26,
+                logLevel: LogLevel.Debug,
+                formatString: "MessageReceivedContext.Skipped");
+            _authorizationCodeReceived = LoggerMessage.Define(
+                eventId: 27,
+                logLevel: LogLevel.Trace,
+                formatString: "Authorization code received.");
+            _authorizationCodeReceivedContextHandledResponse = LoggerMessage.Define(
+                eventId: 28,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthorizationCodeReceivedContext.HandledResponse");
+            _authorizationCodeReceivedContextSkipped = LoggerMessage.Define(
+                eventId: 29,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthorizationCodeReceivedContext.Skipped");
+            _tokenResponseReceived = LoggerMessage.Define(
+                eventId: 30,
+                logLevel: LogLevel.Trace,
+                formatString: "Token response received.");
+            _authorizationCodeRedeemedContextHandledResponse = LoggerMessage.Define(
+                eventId: 31,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthorizationCodeRedeemedContext.HandledResponse");
+            _authorizationCodeRedeemedContextSkipped = LoggerMessage.Define(
+                eventId: 32,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthorizationCodeRedeemedContext.Skipped");
+            _authenticationValidatedHandledResponse = LoggerMessage.Define(
+                eventId: 33,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthenticationFailedContext.HandledResponse");
+            _authenticationValidatedtSkipped = LoggerMessage.Define(
+                eventId: 34,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthenticationFailedContext.Skipped");
+            _userInformationReceived = LoggerMessage.Define<string>(
+               eventId: 35,
+               logLevel: LogLevel.Trace,
+               formatString: "User information received: {User}");
+            _userInformationReceivedHandledResponse = LoggerMessage.Define(
+                eventId: 36,
+                logLevel: LogLevel.Debug,
+                formatString: "The UserInformationReceived event returned Handled.");
+            _userInformationReceivedSkipped = LoggerMessage.Define(
+                eventId: 37,
+                logLevel: LogLevel.Debug,
+                formatString: "The UserInformationReceived event returned Skipped.");
+            _authenticationFailedContextHandledResponse = LoggerMessage.Define(
+                eventId: 38,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthenticationFailedContext.HandledResponse");
+            _authenticationFailedContextSkipped = LoggerMessage.Define(
+                eventId: 39,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthenticationFailedContext.Skipped");
+            _invalidSecurityTokenType = LoggerMessage.Define<string>(
+               eventId: 40,
+               logLevel: LogLevel.Error,
+               formatString: "The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{SecurityTokenType}'");
+            _unableToValidateIdToken = LoggerMessage.Define<string>(
+               eventId: 41,
+               logLevel: LogLevel.Error,
+               formatString: "Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{IdToken}'.");
+            _accessTokenNotAvailable = LoggerMessage.Define(
+               eventId: 42,
+               logLevel: LogLevel.Debug,
+               formatString: "The access_token is not available. Claims cannot be retrieved.");
+            _unableToReadIdToken = LoggerMessage.Define<string>(
+               eventId: 43,
+               logLevel: LogLevel.Error,
+               formatString: "Unable to read the 'id_token', no suitable ISecurityTokenValidator was found for: '{IdToken}'.");
+        }
+
+        public static void UpdatingConfiguration(this ILogger logger)
+        {
+            _updatingConfiguration(logger, null);
+        }
+
+        public static void ConfigurationManagerRequestRefreshCalled(this ILogger logger)
+        {
+            _configurationManagerRequestRefreshCalled(logger, null);
+        }
+
+        public static void AuthorizationCodeReceived(this ILogger logger)
+        {
+            _authorizationCodeReceived(logger, null);
+        }
+
+        public static void TokenResponseReceived(this ILogger logger)
+        {
+            _tokenResponseReceived(logger, null);
+        }
+
+        public static void ReceivedIdToken(this ILogger logger)
+        {
+            _receivedIdToken(logger, null);
+        }
+
+        public static void RedeemingCodeForTokens(this ILogger logger)
+        {
+            _redeemingCodeForTokens(logger, null);
+        }
+
+        public static void AuthorizationResponseReceived(this ILogger logger)
+        {
+            _authorizationResponseReceived(logger, null);
+        }
+
+        public static void AuthorizationResponseReceivedHandledResponse(this ILogger logger)
+        {
+            _authorizationResponseReceivedHandledResponse(logger, null);
+        }
+
+        public static void AuthorizationResponseReceivedSkipped(this ILogger logger)
+        {
+            _authorizationResponseReceivedSkipped(logger, null);
+        }
+
+        public static void AuthorizationCodeReceivedContextHandledResponse(this ILogger logger)
+        {
+            _authorizationCodeReceivedContextHandledResponse(logger, null);
+        }
+
+        public static void AuthorizationCodeReceivedContextSkipped(this ILogger logger)
+        {
+            _authorizationCodeReceivedContextSkipped(logger, null);
+        }
+
+        public static void AuthorizationCodeRedeemedContextHandledResponse(this ILogger logger)
+        {
+            _authorizationCodeRedeemedContextHandledResponse(logger, null);
+        }
+
+        public static void AuthorizationCodeRedeemedContextSkipped(this ILogger logger)
+        {
+            _authorizationCodeRedeemedContextSkipped(logger, null);
+        }
+
+        public static void AuthenticationValidatedHandledResponse(this ILogger logger)
+        {
+            _authenticationValidatedHandledResponse(logger, null);
+        }
+
+        public static void AuthenticationValidatedSkipped(this ILogger logger)
+        {
+            _authenticationValidatedtSkipped(logger, null);
+        }
+
+        public static void AuthenticationFailedContextHandledResponse(this ILogger logger)
+        {
+            _authenticationFailedContextHandledResponse(logger, null);
+        }
+
+        public static void AuthenticationFailedContextSkipped(this ILogger logger)
+        {
+            _authenticationFailedContextSkipped(logger, null);
+        }
+
+        public static void MessageReceived(this ILogger logger, string redirectUrl)
+        {
+            _messageReceived(logger, redirectUrl, null);
+        }
+
+        public static void MessageReceivedContextHandledResponse(this ILogger logger)
+        {
+            _messageReceivedContextHandledResponse(logger, null);
+        }
+
+        public static void MessageReceivedContextSkipped(this ILogger logger)
+        {
+            _messageReceivedContextSkipped(logger, null);
+        }
+
+        public static void RedirectToEndSessionEndpointHandledResponse(this ILogger logger)
+        {
+            _redirectToEndSessionEndpointHandledResponse(logger, null);
+        }
+
+        public static void RedirectToEndSessionEndpointSkipped(this ILogger logger)
+        {
+            _redirectToEndSessionEndpointSkipped(logger, null);
+        }
+
+        public static void RedirectToAuthenticationEndpointHandledResponse(this ILogger logger)
+        {
+            _redirectToAuthenticationEndpointHandledResponse(logger, null);
+        }
+
+        public static void RedirectToAuthenticationEndpointSkipped(this ILogger logger)
+        {
+            _redirectToAuthenticationEndpointSkipped(logger, null);
+        }
+
+        public static void UserInformationReceivedHandledResponse(this ILogger logger)
+        {
+            _userInformationReceivedHandledResponse(logger, null);
+        }
+
+        public static void UserInformationReceivedSkipped(this ILogger logger)
+        {
+            _userInformationReceivedSkipped(logger, null);
+        }
+
+        public static void InvalidLogoutQueryStringRedirectUrl(this ILogger logger, string redirectUrl)
+        {
+            _invalidLogoutQueryStringRedirectUrl(logger, redirectUrl, null);
+        }
+
+        public static void NullOrEmptyAuthorizationResponseState(this ILogger logger)
+        {
+            _nullOrEmptyAuthorizationResponseState(logger, null);
+        }
+
+        public static void UnableToReadAuthorizationResponseState(this ILogger logger)
+        {
+            _unableToReadAuthorizationResponseState(logger, null);
+        }
+
+        public static void AuthorizationResponseError(this ILogger logger, string error, string errorDescription, string errorUri)
+        {
+            _authorizationResponseError(logger, error, errorDescription, errorUri, null);
+        }
+
+        public static void ExceptionProcessingMessage(this ILogger logger, Exception ex)
+        {
+            _exceptionProcessingMessage(logger, ex);
+        }
+
+        public static void AccessTokenNotAvailable(this ILogger logger)
+        {
+            _accessTokenNotAvailable(logger, null);
+        }
+
+        public static void RetrievingClaims(this ILogger logger)
+        {
+            _retrievingClaims(logger, null);
+        }
+
+        public static void UserInfoEndpointNotSet(this ILogger logger)
+        {
+            _userInfoEndpointNotSet(logger, null);
+        }
+
+        public static void UnableToProtectNonceCookie(this ILogger logger, Exception ex)
+        {
+            _unableToProtectNonceCookie(logger, ex);
+        }
+
+        public static void InvalidAuthenticationRequestUrl(this ILogger logger, string redirectUri)
+        {
+            _invalidAuthenticationRequestUrl(logger, redirectUri, null);
+        }
+
+        public static void UnableToReadIdToken(this ILogger logger, string idToken)
+        {
+            _unableToReadIdToken(logger, idToken, null);
+        }
+
+        public static void InvalidSecurityTokenType(this ILogger logger, string tokenType)
+        {
+            _invalidSecurityTokenType(logger, tokenType, null);
+        }
+
+        public static void UnableToValidateIdToken(this ILogger logger, string idToken)
+        {
+            _unableToValidateIdToken(logger, idToken, null);
+        }
+
+        public static void EnteringOpenIdAuthenticationHandlerHandleRemoteAuthenticateAsync(this ILogger logger, string openIdConnectHandlerTypeName)
+        {
+            _enteringOpenIdAuthenticationHandlerHandleRemoteAuthenticateAsync(logger, openIdConnectHandlerTypeName, null);
+        }
+
+        public static void EnteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync(this ILogger logger, string openIdConnectHandlerTypeName)
+        {
+            _enteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync(logger, openIdConnectHandlerTypeName, null);
+        }
+
+        public static void UserInformationReceived(this ILogger logger, string user)
+        {
+            _userInformationReceived(logger, user, null);
+        }
+
+        public static void PostAuthenticationLocalRedirect(this ILogger logger, string redirectUri)
+        {
+            _postAuthenticationLocalRedirect(logger, redirectUri, null);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9c157e57bf..5c534696b8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -114,12 +114,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 await Options.Events.RedirectToEndSessionEndpoint(redirectContext);
                 if (redirectContext.HandledResponse)
                 {
-                    Logger.LogDebug(1, "RedirectToEndSessionEndpoint.HandledResponse");
+                    Logger.RedirectToEndSessionEndpointHandledResponse();
                     return;
                 }
                 else if (redirectContext.Skipped)
                 {
-                    Logger.LogDebug(2, "RedirectToEndSessionEndpoint.Skipped");
+                    Logger.RedirectToEndSessionEndpointSkipped();
                     return;
                 }
 
@@ -130,7 +130,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     var redirectUri = message.CreateLogoutRequestUrl();
                     if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                     {
-                        Logger.LogWarning(3, "The query string for Logout is not a well-formed URI. Redirect URI: '{0}'.", redirectUri);
+                        Logger.InvalidLogoutQueryStringRedirectUrl(redirectUri);
                     }
 
                     Response.Redirect(redirectUri);
@@ -177,7 +177,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(context));
             }
 
-            Logger.LogTrace(4, "Entering {0}." + nameof(HandleUnauthorizedAsync), GetType());
+            Logger.EnteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync(GetType().FullName);
 
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
@@ -191,7 +191,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             {
                 properties.RedirectUri = CurrentUri;
             }
-            Logger.LogTrace(5, "Using properties.RedirectUri for 'local redirect' post authentication: '{0}'.", properties.RedirectUri);
+            Logger.PostAuthenticationLocalRedirect(properties.RedirectUri);
 
             if (_configuration == null && Options.ConfigurationManager != null)
             {
@@ -233,12 +233,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.RedirectToAuthenticationEndpoint(redirectContext);
             if (redirectContext.HandledResponse)
             {
-                Logger.LogDebug(6, "RedirectToAuthenticationEndpoint.HandledResponse");
+                Logger.RedirectToAuthenticationEndpointHandledResponse();
                 return true;
             }
             else if (redirectContext.Skipped)
             {
-                Logger.LogDebug(7, "RedirectToAuthenticationEndpoint.Skipped");
+                Logger.RedirectToAuthenticationEndpointSkipped();
                 return false;
             }
 
@@ -259,7 +259,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 var redirectUri = message.CreateAuthenticationRequestUrl();
                 if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
                 {
-                    Logger.LogWarning(9, "The redirect URI is not well-formed. The URI is: '{0}'.", redirectUri);
+                    Logger.InvalidAuthenticationRequestUrl(redirectUri);
                 }
 
                 Response.Redirect(redirectUri);
@@ -303,7 +303,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
         protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
-            Logger.LogTrace(10, "Entering: {0}." + nameof(HandleRemoteAuthenticateAsync), GetType());
+            Logger.EnteringOpenIdAuthenticationHandlerHandleRemoteAuthenticateAsync(GetType().FullName);
 
             OpenIdConnectMessage authorizationResponse = null;
 
@@ -361,7 +361,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 if (string.IsNullOrEmpty(authorizationResponse.State))
                 {
                     // This wasn't a valid OIDC message, it may not have been intended for us.
-                    Logger.LogDebug(11, "message.State is null or empty.");
+                    Logger.NullOrEmptyAuthorizationResponseState();
                     if (Options.SkipUnrecognizedRequests)
                     {
                         return AuthenticateResult.Skip();
@@ -373,7 +373,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 var properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(authorizationResponse.State));
                 if (properties == null)
                 {
-                    Logger.LogDebug(12, "Unable to read the message.State.");
+                    Logger.UnableToReadAuthorizationResponseState();
                     if (Options.SkipUnrecognizedRequests)
                     {
                         // Not for us?
@@ -385,7 +385,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(authorizationResponse.Error))
                 {
-                    Logger.LogError(13, "Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.", authorizationResponse.Error, authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null");
+                    Logger.AuthorizationResponseError(
+                        authorizationResponse.Error,
+                        authorizationResponse.ErrorDescription ?? "ErrorDecription null",
+                        authorizationResponse.ErrorUri ?? "ErrorUri null");
+
                     return AuthenticateResult.Fail(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, authorizationResponse.Error, authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null")));
                 }
 
@@ -400,7 +404,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
-                    Logger.LogDebug(14, "Updating configuration");
+                    Logger.UpdatingConfiguration();
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
@@ -422,7 +426,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // Hybrid or Implicit flow
                 if (!string.IsNullOrEmpty(authorizationResponse.IdToken))
                 {
-                    Logger.LogDebug(23, "'id_token' received.");
+                    Logger.ReceivedIdToken();
                     ticket = ValidateToken(authorizationResponse.IdToken, properties, validationParameters, out jwt);
 
                     nonce = jwt?.Payload.Nonce;
@@ -525,14 +529,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
             catch (Exception exception)
             {
-                Logger.LogError(19, "Exception occurred while processing message.", exception);
+                Logger.ExceptionProcessingMessage(exception);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
                 if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                 {
                     if (Options.ConfigurationManager != null)
                     {
-                        Logger.LogDebug(20, "exception of type 'SecurityTokenSignatureKeyNotFoundException' thrown, Options.ConfigurationManager.RequestRefresh() called.");
+                        Logger.ConfigurationManagerRequestRefreshCalled();
                         Options.ConfigurationManager.RequestRefresh();
                     }
                 }
@@ -583,7 +587,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <returns>OpenIdConnect message that has tokens inside it.</returns>
         protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
         {
-            Logger.LogDebug(21, "Redeeming code for tokens.");
+            Logger.RedeemingCodeForTokens();
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.TokenEndpoint);
             requestMessage.Content = new FormUrlEncodedContent(tokenEndpointRequest.Parameters);
             var responseMessage = await Backchannel.SendAsync(requestMessage);
@@ -606,16 +610,15 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             if (string.IsNullOrEmpty(userInfoEndpoint))
             {
-                Logger.LogDebug(24, $"{nameof(_configuration.UserInfoEndpoint)} is not set. Claims cannot be retrieved.");
+                Logger.UserInfoEndpointNotSet();
                 return AuthenticateResult.Success(ticket);
             }
             if (string.IsNullOrEmpty(message.AccessToken))
             {
-                Logger.LogDebug(47, "The access_token is not available. Claims cannot be retrieved.");
+                Logger.AccessTokenNotAvailable();
                 return AuthenticateResult.Success(ticket);
             }
-            Logger.LogTrace(22, "Retrieving claims from the user info endpoint.");
-
+            Logger.RetrievingClaims();
             var requestMessage = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
             requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", message.AccessToken);
             var responseMessage = await Backchannel.SendAsync(requestMessage);
@@ -789,7 +792,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     }
                     catch (Exception ex)
                     {
-                        Logger.LogWarning(25, "Failed to un-protect the nonce cookie.", ex);
+                        Logger.UnableToProtectNonceCookie(ex);
                     }
                 }
             }
@@ -829,7 +832,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message)
         {
-            Logger.LogTrace(29, "MessageReceived: '{0}'", message.BuildRedirectUrl());
+            Logger.MessageReceived(message.BuildRedirectUrl());
             var messageReceivedContext = new MessageReceivedContext(Context, Options)
             {
                 ProtocolMessage = message
@@ -838,11 +841,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.MessageReceived(messageReceivedContext);
             if (messageReceivedContext.HandledResponse)
             {
-                Logger.LogDebug(30, "MessageReceivedContext.HandledResponse");
+                Logger.MessageReceivedContextHandledResponse();
             }
             else if (messageReceivedContext.Skipped)
             {
-                Logger.LogDebug(31, "MessageReceivedContext.Skipped");
+                Logger.MessageReceivedContextSkipped();
             }
 
             return messageReceivedContext;
@@ -850,7 +853,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         private async Task<AuthorizationResponseReceivedContext> RunAuthorizationResponseReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
-            Logger.LogTrace(15, "Authorization response received.");
+            Logger.AuthorizationResponseReceived();
             var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options, properties)
             {
                 ProtocolMessage = message
@@ -858,18 +861,18 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
             if (authorizationResponseReceivedContext.HandledResponse)
             {
-                Logger.LogDebug(16, "AuthorizationResponseReceived.HandledResponse");
+                Logger.AuthorizationResponseReceivedHandledResponse();
             }
             else if (authorizationResponseReceivedContext.Skipped)
             {
-                Logger.LogDebug(17, "AuthorizationResponseReceived.Skipped");
+                Logger.AuthorizationResponseReceivedSkipped();
             }
             return authorizationResponseReceivedContext;
         }
 
         private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
         {
-            Logger.LogTrace(32, "AuthorizationCode received");
+            Logger.AuthorizationCodeReceived();
 
             var tokenEndpointRequest = new OpenIdConnectMessage()
             {
@@ -893,11 +896,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
-                Logger.LogDebug(33, "AuthorizationCodeReceivedContext.HandledResponse");
+                Logger.AuthorizationCodeReceivedContextHandledResponse();
             }
             else if (authorizationCodeReceivedContext.Skipped)
             {
-                Logger.LogDebug(34, "AuthorizationCodeReceivedContext.Skipped");
+                Logger.AuthorizationCodeReceivedContextSkipped();
             }
 
             return authorizationCodeReceivedContext;
@@ -905,7 +908,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties)
         {
-            Logger.LogTrace(35, "Token response received.");
+            Logger.TokenResponseReceived();
+
             var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options, properties)
             {
                 ProtocolMessage = message,
@@ -915,12 +919,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.TokenResponseReceived(tokenResponseReceivedContext);
             if (tokenResponseReceivedContext.HandledResponse)
             {
-                Logger.LogDebug(36, "AuthorizationCodeRedeemedContext.HandledResponse");
+                Logger.AuthorizationCodeRedeemedContextHandledResponse();
             }
             else if (tokenResponseReceivedContext.Skipped)
             {
-                Logger.LogDebug(37, "AuthorizationCodeRedeemedContext.Skipped");
+                Logger.AuthorizationCodeRedeemedContextSkipped();
             }
+
             return tokenResponseReceivedContext;
         }
 
@@ -936,11 +941,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.AuthenticationValidated(authenticationValidatedContext);
             if (authenticationValidatedContext.HandledResponse)
             {
-                Logger.LogDebug(38, "AuthenticationValidated.HandledResponse");
+                Logger.AuthenticationValidatedHandledResponse();
             }
             else if (authenticationValidatedContext.Skipped)
             {
-                Logger.LogDebug(39, "AuthenticationValidated.Skipped");
+                Logger.AuthenticationValidatedSkipped();
             }
 
             return authenticationValidatedContext;
@@ -948,7 +953,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         private async Task<UserInformationReceivedContext> RunUserInformationReceivedEventAsync(AuthenticationTicket ticket, OpenIdConnectMessage message, JObject user)
         {
-            Logger.LogTrace(40, "User information received: {0}", user.ToString());
+            Logger.UserInformationReceived(user.ToString());
 
             var userInformationReceivedContext = new UserInformationReceivedContext(Context, Options)
             {
@@ -960,11 +965,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.UserInformationReceived(userInformationReceivedContext);
             if (userInformationReceivedContext.HandledResponse)
             {
-                Logger.LogDebug(41, "The UserInformationReceived event returned Handled.");
+                Logger.UserInformationReceivedHandledResponse();
             }
             else if (userInformationReceivedContext.Skipped)
             {
-                Logger.LogDebug(42, "The UserInformationReceived event returned Skipped.");
+                Logger.UserInformationReceivedSkipped();
             }
 
             return userInformationReceivedContext;
@@ -981,11 +986,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             await Options.Events.AuthenticationFailed(authenticationFailedContext);
             if (authenticationFailedContext.HandledResponse)
             {
-                Logger.LogDebug(43, "AuthenticationFailedContext.HandledResponse");
+                Logger.AuthenticationFailedContextHandledResponse();
             }
             else if (authenticationFailedContext.Skipped)
             {
-                Logger.LogDebug(44, "AuthenticationFailedContext.Skipped");
+                Logger.AuthenticationFailedContextSkipped();
             }
 
             return authenticationFailedContext;
@@ -995,7 +1000,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         {
             if (!Options.SecurityTokenValidator.CanReadToken(idToken))
             {
-                Logger.LogError(48, "Unable to read the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'.", idToken);
+                Logger.UnableToReadIdToken(idToken);
                 throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
             }
 
@@ -1018,13 +1023,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             jwt = validatedToken as JwtSecurityToken;
             if (jwt == null)
             {
-                Logger.LogError(45, "The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'", validatedToken?.GetType());
+                Logger.InvalidSecurityTokenType(validatedToken?.GetType().ToString());
                 throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.ValidatedSecurityTokenNotJwt, validatedToken?.GetType()));
             }
 
             if (validatedToken == null)
             {
-                Logger.LogError(46, "Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'.", idToken);
+                Logger.UnableToValidateIdToken(idToken);
                 throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
             }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
new file mode 100644
index 0000000000..21a4ac541d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
@@ -0,0 +1,36 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, Exception> _obtainRequestToken;
+        private static Action<ILogger, Exception> _obtainAccessToken;
+
+        static LoggingExtensions()
+        {
+            _obtainRequestToken = LoggerMessage.Define(
+                eventId: 1,
+                logLevel: LogLevel.Debug,
+                formatString: "ObtainRequestToken");
+            _obtainAccessToken = LoggerMessage.Define(
+                eventId: 2,
+                logLevel: LogLevel.Debug,
+                formatString: "ObtainAccessToken");
+
+        }
+
+        public static void ObtainAccessToken(this ILogger logger)
+        {
+            _obtainAccessToken(logger, null);
+        }
+
+        public static void ObtainRequestToken(this ILogger logger)
+        {
+            _obtainRequestToken(logger, null);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index d856a9b845..d7383e9393 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -155,7 +155,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
         private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
         {
-            Logger.LogDebug("ObtainRequestToken");
+            Logger.ObtainRequestToken();
 
             var nonce = Guid.NewGuid().ToString("N");
 
@@ -216,7 +216,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         {
             // https://dev.twitter.com/docs/api/1/post/oauth/access_token
 
-            Logger.LogDebug("ObtainAccessToken");
+            Logger.ObtainAccessToken();
 
             var nonce = Guid.NewGuid().ToString("N");
 
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index f50fd3dbbd..ebb25af212 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -104,13 +104,13 @@ namespace Microsoft.AspNetCore.Authentication
                 var result = await HandleAuthenticateOnceAsync();
                 if (result.Failure != null)
                 {
-                    Logger.LogInformation(0, $"{Options.AuthenticationScheme} not authenticated: " + result.Failure.Message);
+                    Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Options.AuthenticationScheme, result.Failure.Message);
                 }
                 var ticket = result?.Ticket;
                 if (ticket?.Principal != null)
                 {
                     Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
-                    Logger.LogInformation(0, "HttpContext.User merged via AutomaticAuthentication from authenticationScheme: {scheme}.", Options.AuthenticationScheme);
+                    Logger.UserPrinicpalMerged(Options.AuthenticationScheme);
                 }
             }
         }
@@ -171,7 +171,7 @@ namespace Microsoft.AspNetCore.Authentication
 
         /// <summary>
         /// Called once by common code after initialization. If an authentication middleware responds directly to
-        /// specifically known paths it must override this virtual, compare the request path to it's known paths, 
+        /// specifically known paths it must override this virtual, compare the request path to it's known paths,
         /// provide any response information as appropriate, and true to stop further processing.
         /// </summary>
         /// <returns>Returning false will cause the common code to call the next middleware in line. Returning true will
@@ -203,7 +203,7 @@ namespace Microsoft.AspNetCore.Authentication
             var handled = false;
             if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticAuthenticate))
             {
-                // Calling Authenticate more than once should always return the original value. 
+                // Calling Authenticate more than once should always return the original value.
                 var result = await HandleAuthenticateOnceAsync();
 
                 if (result?.Failure != null)
@@ -216,13 +216,13 @@ namespace Microsoft.AspNetCore.Authentication
                     if (ticket?.Principal != null)
                     {
                         context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
-                        Logger.LogInformation(1, "AuthenticationScheme: {scheme} was successfully authenticated.", Options.AuthenticationScheme);
+                        Logger.AuthenticationSchemeAuthenticated(Options.AuthenticationScheme);
                         handled = true;
                     }
                     else
                     {
                         context.NotAuthenticated();
-                        Logger.LogDebug(2, "AuthenticationScheme: {scheme} was not authenticated.", Options.AuthenticationScheme);
+                        Logger.AuthenticationSchemeNotAuthenticated(Options.AuthenticationScheme);
                     }
                 }
             }
@@ -250,7 +250,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 SignInAccepted = true;
                 await HandleSignInAsync(context);
-                Logger.LogInformation(3, "AuthenticationScheme: {scheme} signed in.", Options.AuthenticationScheme);
+                Logger.AuthenticationSchemeSignedIn(Options.AuthenticationScheme);
                 context.Accept();
             }
             else if (PriorHandler != null)
@@ -270,7 +270,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 SignOutAccepted = true;
                 await HandleSignOutAsync(context);
-                Logger.LogInformation(4, "AuthenticationScheme: {scheme} signed out.", Options.AuthenticationScheme);
+                Logger.AuthenticationSchemeSignedOut(Options.AuthenticationScheme);
                 context.Accept();
             }
             else if (PriorHandler != null)
@@ -321,11 +321,11 @@ namespace Microsoft.AspNetCore.Authentication
                         goto case ChallengeBehavior.Unauthorized;
                     case ChallengeBehavior.Unauthorized:
                         handled = await HandleUnauthorizedAsync(context);
-                        Logger.LogInformation(5, "AuthenticationScheme: {scheme} was challenged.", Options.AuthenticationScheme);
+                        Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
                         break;
                     case ChallengeBehavior.Forbidden:
                         handled = await HandleForbiddenAsync(context);
-                        Logger.LogInformation(6, "AuthenticationScheme: {scheme} was forbidden.", Options.AuthenticationScheme);
+                        Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
                         break;
                 }
                 context.Accept();
diff --git a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
new file mode 100644
index 0000000000..49fc8db050
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
@@ -0,0 +1,175 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, string, Exception> _authSchemeAuthenticated;
+        private static Action<ILogger, string, Exception> _authSchemeNotAuthenticated;
+        private static Action<ILogger, string, string, Exception> _authSchemeNotAuthenticatedWithFailure;
+        private static Action<ILogger, string, Exception> _authSchemeSignedIn;
+        private static Action<ILogger, string, Exception> _authSchemeSignedOut;
+        private static Action<ILogger, string, Exception> _authSchemeChallenged;
+        private static Action<ILogger, string, Exception> _authSchemeForbidden;
+        private static Action<ILogger, string, Exception> _userAuthorizationFailed;
+        private static Action<ILogger, string, Exception> _userAuthorizationSucceeded;
+        private static Action<ILogger, string, Exception> _userPrincipalMerged;
+        private static Action<ILogger, string, Exception> _remoteAuthenticationError;
+        private static Action<ILogger, Exception> _signInHandled;
+        private static Action<ILogger, Exception> _signInSkipped;
+        private static Action<ILogger, string, Exception> _correlationPropertyNotFound;
+        private static Action<ILogger, string, Exception> _correlationCookieNotFound;
+        private static Action<ILogger, string, string, Exception> _unexpectedCorrelationCookieValue;
+
+        static LoggingExtensions()
+        {
+            _userAuthorizationSucceeded = LoggerMessage.Define<string>(
+                eventId: 1,
+                logLevel: LogLevel.Information,
+                formatString: "Authorization was successful for user: {UserName}.");
+            _userAuthorizationFailed = LoggerMessage.Define<string>(
+                eventId: 2,
+                logLevel: LogLevel.Information,
+                formatString: "Authorization failed for user: {UserName}.");
+            _userPrincipalMerged = LoggerMessage.Define<string>(
+                eventId: 3,
+                logLevel: LogLevel.Information,
+                formatString: "HttpContext.User merged via AutomaticAuthentication from authenticationScheme: {AuthenticationScheme}.");
+            _remoteAuthenticationError = LoggerMessage.Define<string>(
+                eventId: 4,
+                logLevel: LogLevel.Information,
+                formatString: "Error from RemoteAuthentication: {ErrorMessage}.");
+            _signInHandled = LoggerMessage.Define(
+                eventId: 5,
+                logLevel: LogLevel.Debug,
+                formatString: "The SigningIn event returned Handled.");
+            _signInSkipped = LoggerMessage.Define(
+                eventId: 6,
+                logLevel: LogLevel.Debug,
+                formatString: "The SigningIn event returned Skipped.");
+            _authSchemeNotAuthenticatedWithFailure = LoggerMessage.Define<string, string>(
+                eventId: 7,
+                logLevel: LogLevel.Information,
+                formatString: "{AuthenticationScheme} was not authenticated. Failure message: {FailureMessage}");
+            _authSchemeAuthenticated = LoggerMessage.Define<string>(
+                eventId: 8,
+                logLevel: LogLevel.Information,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} was successfully authenticated.");
+            _authSchemeNotAuthenticated = LoggerMessage.Define<string>(
+                eventId: 9,
+                logLevel: LogLevel.Debug,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} was not authenticated.");
+            _authSchemeSignedIn = LoggerMessage.Define<string>(
+                eventId: 10,
+                logLevel: LogLevel.Information,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} signed in.");
+            _authSchemeSignedOut = LoggerMessage.Define<string>(
+                eventId: 11,
+                logLevel: LogLevel.Information,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} signed out.");
+            _authSchemeChallenged = LoggerMessage.Define<string>(
+                eventId: 12,
+                logLevel: LogLevel.Information,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} was challenged.");
+            _authSchemeForbidden = LoggerMessage.Define<string>(
+                eventId: 13,
+                logLevel: LogLevel.Information,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} was forbidden.");
+            _correlationPropertyNotFound = LoggerMessage.Define<string>(
+                eventId: 14,
+                logLevel: LogLevel.Warning,
+                formatString: "{CorrelationProperty} state property not found.");
+            _correlationCookieNotFound = LoggerMessage.Define<string>(
+                eventId: 15,
+                logLevel: LogLevel.Warning,
+                formatString: "'{CorrelationCookieName}' cookie not found.");
+            _unexpectedCorrelationCookieValue = LoggerMessage.Define<string, string>(
+               eventId: 16,
+               logLevel: LogLevel.Warning,
+               formatString: "The correlation cookie value '{CorrelationCookieName}' did not match the expected value '{CorrelationCookieValue}'.");
+        }
+
+        public static void AuthenticationSchemeAuthenticated(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeAuthenticated(logger, authenticationScheme, null);
+        }
+
+        public static void AuthenticationSchemeNotAuthenticated(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeNotAuthenticated(logger, authenticationScheme, null);
+        }
+
+        public static void AuthenticationSchemeNotAuthenticatedWithFailure(this ILogger logger, string authenticationScheme, string failureMessage)
+        {
+            _authSchemeNotAuthenticatedWithFailure(logger, authenticationScheme, failureMessage, null);
+        }
+
+        public static void AuthenticationSchemeSignedIn(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeSignedIn(logger, authenticationScheme, null);
+        }
+
+        public static void AuthenticationSchemeSignedOut(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeSignedOut(logger, authenticationScheme, null);
+        }
+
+        public static void AuthenticationSchemeChallenged(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeChallenged(logger, authenticationScheme, null);
+        }
+
+        public static void AuthenticationSchemeForbidden(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeForbidden(logger, authenticationScheme, null);
+        }
+
+        public static void UserAuthorizationSucceeded(this ILogger logger, string userName)
+        {
+            _userAuthorizationSucceeded(logger, userName, null);
+        }
+
+        public static void UserAuthorizationFailed(this ILogger logger, string userName)
+        {
+            _userAuthorizationFailed(logger, userName, null);
+        }
+
+        public static void UserPrinicpalMerged(this ILogger logger, string authenticationScheme)
+        {
+            _userPrincipalMerged(logger, authenticationScheme, null);
+        }
+
+        public static void RemoteAuthenticationError(this ILogger logger, string errorMessage)
+        {
+            _remoteAuthenticationError(logger, errorMessage, null);
+        }
+
+        public static void SigninHandled(this ILogger logger)
+        {
+            _signInHandled(logger, null);
+        }
+
+        public static void SigninSkipped(this ILogger logger)
+        {
+            _signInSkipped(logger, null);
+        }
+
+        public static void CorrelationPropertyNotFound(this ILogger logger, string correlationPrefix)
+        {
+            _correlationPropertyNotFound(logger, correlationPrefix, null);
+        }
+
+        public static void CorrelationCookieNotFound(this ILogger logger, string cookieName)
+        {
+            _correlationCookieNotFound(logger, cookieName, null);
+        }
+
+        public static void UnexpectedCorrelationCookieValue(this ILogger logger, string cookieName, string cookieValue)
+        {
+            _unexpectedCorrelationCookieValue(logger, cookieName, cookieValue, null);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index bf64109a2c..d6cc4ce7fc 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -39,7 +39,7 @@ namespace Microsoft.AspNetCore.Authentication
             if (authResult == null || !authResult.Succeeded)
             {
                 var errorContext = new FailureContext(Context, authResult?.Failure ?? new Exception("Invalid return state, unable to redirect."));
-                Logger.LogInformation("Error from RemoteAuthentication: " + errorContext.Failure.Message);
+                Logger.RemoteAuthenticationError(errorContext.Failure.Message);
                 await Options.Events.RemoteFailure(errorContext);
                 if (errorContext.HandledResponse)
                 {
@@ -66,12 +66,12 @@ namespace Microsoft.AspNetCore.Authentication
 
             if (context.HandledResponse)
             {
-                Logger.LogDebug("The SigningIn event returned Handled.");
+                Logger.SigninHandled();
                 return true;
             }
             else if (context.Skipped)
             {
-                Logger.LogDebug("The SigningIn event returned Skipped.");
+                Logger.SigninSkipped();
                 return false;
             }
 
@@ -144,7 +144,7 @@ namespace Microsoft.AspNetCore.Authentication
             string correlationId;
             if (!properties.Items.TryGetValue(CorrelationProperty, out correlationId))
             {
-                Logger.LogWarning(26, "{0} state property not found.", CorrelationPrefix);
+                Logger.CorrelationPropertyNotFound(CorrelationPrefix);
                 return false;
             }
 
@@ -155,7 +155,7 @@ namespace Microsoft.AspNetCore.Authentication
             var correlationCookie = Request.Cookies[cookieName];
             if (string.IsNullOrEmpty(correlationCookie))
             {
-                Logger.LogWarning(27, "'{0}' cookie not found.", cookieName);
+                Logger.CorrelationCookieNotFound(cookieName);
                 return false;
             }
 
@@ -168,7 +168,7 @@ namespace Microsoft.AspNetCore.Authentication
 
             if (!string.Equals(correlationCookie, CorrelationMarker, StringComparison.Ordinal))
             {
-                Logger.LogWarning(28, "The correlation cookie value '{0}' did not match the expected value '{1}'.", cookieName);
+                Logger.UnexpectedCorrelationCookieValue(cookieName, correlationCookie);
                 return false;
             }
 
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index c5bdcc7a76..7d46ac8b82 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -51,12 +51,12 @@ namespace Microsoft.AspNetCore.Authorization
 
             if (authContext.HasSucceeded)
             {
-                _logger.LogInformation(0, "Authorization was successful for user: {userName}.", user?.Identity?.Name);
+                _logger.UserAuthorizationSucceeded(user?.Identity?.Name);
                 return true;
             }
             else
             {
-                _logger.LogInformation(1, "Authorization failed for user: {userName}.", user?.Identity?.Name);
+                _logger.UserAuthorizationFailed(user?.Identity?.Name);
                 return false;
             }
         }
diff --git a/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
new file mode 100644
index 0000000000..1d524dd74e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
@@ -0,0 +1,35 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, string, Exception> _userAuthorizationFailed;
+        private static Action<ILogger, string, Exception> _userAuthorizationSucceeded;
+
+        static LoggingExtensions()
+        {
+            _userAuthorizationSucceeded = LoggerMessage.Define<string>(
+                eventId: 1,
+                logLevel: LogLevel.Information,
+                formatString: "Authorization was successful for user: {UserName}.");
+            _userAuthorizationFailed = LoggerMessage.Define<string>(
+                eventId: 2,
+                logLevel: LogLevel.Information,
+                formatString: "Authorization failed for user: {UserName}.");
+        }
+
+        public static void UserAuthorizationSucceeded(this ILogger logger, string userName)
+        {
+            _userAuthorizationSucceeded(logger, userName, null);
+        }
+
+        public static void UserAuthorizationFailed(this ILogger logger, string userName)
+        {
+            _userAuthorizationFailed(logger, userName, null);
+        }
+    }
+}

From a2aa94c4240607d982d6e8e94145f74756ffe662 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Tue, 22 Mar 2016 11:53:20 -0700
Subject: [PATCH 502/900] Reacting to Hosting changes

---
 samples/CookieSample/Startup.cs                | 2 +-
 samples/CookieSessionSample/Startup.cs         | 2 +-
 samples/JwtBearerSample/Startup.cs             | 2 +-
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 2 +-
 samples/OpenIdConnectSample/Startup.cs         | 2 +-
 samples/SocialSample/Startup.cs                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 8b0568b313..043664f1dc 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -45,7 +45,7 @@ namespace CookieSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultConfiguration(args)
+                .UseDefaultHostingConfiguration(args)
                 .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 3db8f11556..71da6aa1f5 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -55,7 +55,7 @@ namespace CookieSessionSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultConfiguration(args)
+                .UseDefaultHostingConfiguration(args)
                 .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 3a4ecfba6c..1df7e11a39 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -115,7 +115,7 @@ namespace JwtBearerSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultConfiguration(args)
+                .UseDefaultHostingConfiguration(args)
                 .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index c5ddafd5ff..f2f9489bf5 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -159,7 +159,7 @@ namespace OpenIdConnect.AzureAdSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultConfiguration(args)
+                .UseDefaultHostingConfiguration(args)
                 .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index ddcf9fa2b2..ff156a77fb 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -105,7 +105,7 @@ namespace OpenIdConnectSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultConfiguration(args)
+                .UseDefaultHostingConfiguration(args)
                 .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 358a031cd3..e9c7f6141d 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -342,7 +342,7 @@ namespace SocialSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultConfiguration(args)
+                .UseDefaultHostingConfiguration(args)
                 .UseServer("Microsoft.AspNetCore.Server.Kestrel")
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()

From 6a0e58e3ffba30096f64eecba51ca6650ba0e6ae Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Fri, 25 Mar 2016 02:46:34 -0700
Subject: [PATCH 503/900] Fixed build

---
 test/Microsoft.AspNetCore.Authentication.Test/project.json | 5 +++--
 test/Microsoft.AspNetCore.Authorization.Test/project.json  | 5 +++--
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json   | 5 +++--
 test/Microsoft.Owin.Security.Interop.Test/project.json     | 1 -
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index c05a8963b7..07137861a4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -12,13 +12,14 @@
     "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
     "netstandardapp1.5": {
       "dependencies": {
-        "dotnet-test-xunit": "1.0.0-dev-*"
+        "dotnet-test-xunit": "1.0.0-dev-*",
+        "NETStandard.Library": "1.5.0-*",
+        "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
         "dnxcore50",
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 560766c038..0bc8910ce9 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -7,13 +7,14 @@
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
     "Microsoft.Extensions.Logging": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
     "netstandardapp1.5": {
       "dependencies": {
-        "dotnet-test-xunit": "1.0.0-dev-*"
+        "dotnet-test-xunit": "1.0.0-dev-*",
+        "NETStandard.Library": "1.5.0-*",
+        "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
         "dnxcore50",
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index f6dad148ab..8d529ea87c 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -6,13 +6,14 @@
     "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
     "netstandardapp1.5": {
       "dependencies": {
-        "dotnet-test-xunit": "1.0.0-dev-*"
+        "dotnet-test-xunit": "1.0.0-dev-*",
+        "NETStandard.Library": "1.5.0-*",
+        "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
         "dnxcore50",
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index ae53f6e2f7..0f156822df 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -8,7 +8,6 @@
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.0.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "xunit": "2.1.0",
     "xunit.runner.console": "2.1.0"
   },

From 3f596108aac3d8fc7fb40d39e19a7f897a90c198 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 15 Mar 2016 15:19:25 -0700
Subject: [PATCH 504/900] #690 OIDC & JWT event refactoring.

---
 .../Properties/launchSettings.json            |   2 +-
 samples/JwtBearerSample/Startup.cs            |   6 +-
 samples/JwtBearerSample/project.json          |   6 +-
 .../Properties/launchSettings.json            |   2 +-
 .../OpenIdConnect.AzureAdSample/Startup.cs    |   5 +-
 .../OpenIdConnect.AzureAdSample/project.json  |   3 +
 .../Properties/launchSettings.json            |   2 +-
 samples/OpenIdConnectSample/Startup.cs        |   5 +-
 samples/OpenIdConnectSample/project.json      |   5 +-
 .../Events/IJwtBearerEvents.cs                |   9 +-
 .../Events/JwtBearerEvents.cs                 |  15 +-
 ...enContext.cs => MessageReceivedContext.cs} |   4 +-
 .../Events/ReceivedTokenContext.cs            |  18 --
 .../Events/TokenValidatedContext.cs           |   7 +-
 .../JwtBearerHandler.cs                       |  63 ++----
 .../JwtBearerOptions.cs                       |   2 +
 .../AuthorizationResponseReceivedContext.cs   |  20 --
 .../Events/IOpenIdConnectEvents.cs            |  19 +-
 .../Events/MessageReceivedContext.cs          |   3 +
 .../Events/OpenIdConnectEvents.cs             |  29 +--
 ...tedContext.cs => TokenValidatedContext.cs} |  18 +-
 .../LoggingExtensions.cs                      | 110 ++++-----
 .../OpenIdConnectHandler.cs                   | 210 ++++++++----------
 .../Events/BaseControlContext.cs              |  16 ++
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 181 +++------------
 .../OpenIdConnectMiddlewareTests.cs           |   8 +-
 26 files changed, 278 insertions(+), 490 deletions(-)
 rename src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/{ReceivingTokenContext.cs => MessageReceivedContext.cs} (79%)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
 rename src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/{AuthenticationValidatedContext.cs => TokenValidatedContext.cs} (52%)

diff --git a/samples/JwtBearerSample/Properties/launchSettings.json b/samples/JwtBearerSample/Properties/launchSettings.json
index af63bba52f..49cbac543a 100644
--- a/samples/JwtBearerSample/Properties/launchSettings.json
+++ b/samples/JwtBearerSample/Properties/launchSettings.json
@@ -12,7 +12,7 @@
       "commandName": "IISExpress",
       "launchBrowser": true,
       "environmentVariables": {
-        "ASPNET_ENVIRONMENT": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
     "web": {
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 1df7e11a39..78e6d0f406 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -61,8 +61,6 @@ namespace JwtBearerSample
 
             app.UseJwtBearerAuthentication(new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
-                AutomaticChallenge = true,
                 // You also need to update /wwwroot/app/scripts/app.js
                 Authority = Configuration["jwt:authority"],
                 Audience = Configuration["jwt:audience"]
@@ -74,14 +72,14 @@ namespace JwtBearerSample
                 // Use this if options.AutomaticAuthenticate = false
                 // var user = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
 
-                var user = context.User; // We can do this because of  options.AutomaticAuthenticate = true; above.
+                var user = context.User; // We can do this because of  options.AutomaticAuthenticate = true;
                 if (user?.Identity?.IsAuthenticated ?? false)
                 {
                     await next();
                 }
                 else
                 {
-                    // We can do this because of options.AutomaticChallenge = true; above
+                    // We can do this because of options.AutomaticChallenge = true;
                     await context.Authentication.ChallengeAsync();
                 }
             });
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 0f6a6c9df5..a271c2b5c7 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -15,7 +15,7 @@
     "web": "JwtBearerSample"
   },
   "frameworks": {
-    "dnx451": {},
+    "dnx451": { },
     "netstandardapp1.5": {
       "imports": [
         "dnxcore50"
@@ -30,5 +30,9 @@
     "**.user",
     "**.vspscc"
   ],
+  "content": [
+    "project.json",
+    "wwwroot"
+  ],
   "userSecretsId": "aspnet5-JwtBearerSample-20151210102827"
 }
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
index 22d7eec72e..49cbac543a 100644
--- a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
@@ -12,7 +12,7 @@
       "commandName": "IISExpress",
       "launchBrowser": true,
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
     "web": {
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index f2f9489bf5..3bbae57b4a 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -64,10 +64,7 @@ namespace OpenIdConnect.AzureAdSample
 
             app.UseIISPlatformHandler();
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = true
-            });
+            app.UseCookieAuthentication(new CookieAuthenticationOptions());
 
             var clientId = Configuration["oidc:clientid"];
             var clientSecret = Configuration["oidc:clientsecret"];
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index a25fc16613..fd74610190 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -18,5 +18,8 @@
   "commands": {
     "web": "OpenIdConnect.AzureAdSample"
   },
+  "content": [
+    "project.json"
+  ],
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
 }
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index c75dba9f49..5a0163016a 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -12,7 +12,7 @@
       "commandName": "IISExpress",
       "launchBrowser": true,
       "environmentVariables": {
-        "ASPNET_ENV": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
     "web": {
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index ff156a77fb..bad559aa22 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -59,10 +59,7 @@ namespace OpenIdConnectSample
 
             app.UseIISPlatformHandler();
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = true
-            });
+            app.UseCookieAuthentication(new CookieAuthenticationOptions());
 
             app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
             {
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 12d88dfed1..4fd829a22c 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -9,7 +9,7 @@
     "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "frameworks": {
-    "dnx451": {},
+    "dnx451": { },
     "netstandardapp1.5": {
       "imports": [
         "dnxcore50"
@@ -22,5 +22,8 @@
   "commands": {
     "web": "OpenIdConnectSample"
   },
+  "content": [
+    "project.json"
+  ],
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
index 2e023db130..a7b8aeb552 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
@@ -18,17 +18,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        Task ReceivingToken(ReceivingTokenContext context);
-
-        /// <summary>
-        /// Invoked with the security token that has been extracted from the protocol message.
-        /// </summary>
-        Task ReceivedToken(ReceivedTokenContext context);
+        Task MessageReceived(MessageReceivedContext context);
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        Task ValidatedToken(ValidatedTokenContext context);
+        Task TokenValidated(TokenValidatedContext context);
 
         /// <summary>
         /// Invoked to apply a challenge sent back to the caller.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index a14f238078..38a877f668 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -19,17 +19,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<ReceivingTokenContext, Task> OnReceivingToken { get; set; } = context => Task.FromResult(0);
-
-        /// <summary>
-        /// Invoked with the security token that has been extracted from the protocol message.
-        /// </summary>
-        public Func<ReceivedTokenContext, Task> OnReceivedToken { get; set; } = context => Task.FromResult(0);
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<ValidatedTokenContext, Task> OnValidatedToken { get; set; } = context => Task.FromResult(0);
+        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked before a challenge is sent back to the caller.
@@ -38,11 +33,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
-        public virtual Task ReceivingToken(ReceivingTokenContext context) => OnReceivingToken(context);
+        public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
 
-        public virtual Task ReceivedToken(ReceivedTokenContext context) => OnReceivedToken(context);
-
-        public virtual Task ValidatedToken(ValidatedTokenContext context) => OnValidatedToken(context);
+        public virtual Task TokenValidated(TokenValidatedContext context) => OnTokenValidated(context);
 
         public virtual Task Challenge(JwtBearerChallengeContext context) => OnChallenge(context);
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
similarity index 79%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index e93ad824ad..a23f8356da 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivingTokenContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -6,9 +6,9 @@ using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class ReceivingTokenContext : BaseJwtBearerContext
+    public class MessageReceivedContext : BaseJwtBearerContext
     {
-        public ReceivingTokenContext(HttpContext context, JwtBearerOptions options)
+        public MessageReceivedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
deleted file mode 100644
index e38c49cf15..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/ReceivedTokenContext.cs
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication.JwtBearer
-{
-    public class ReceivedTokenContext : BaseJwtBearerContext
-    {
-        public ReceivedTokenContext(HttpContext context, JwtBearerOptions options)
-            : base(context, options)
-        {
-        }
-
-        public string Token { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index 3a1dad812f..d6de5ca873 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -3,14 +3,17 @@
 
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class ValidatedTokenContext : BaseJwtBearerContext
+    public class TokenValidatedContext : BaseJwtBearerContext
     {
-        public ValidatedTokenContext(HttpContext context, JwtBearerOptions options)
+        public TokenValidatedContext(HttpContext context, JwtBearerOptions options)
             : base(context, options)
         {
         }
+
+        public SecurityToken SecurityToken { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index b1d2d702eb..40a0b2efd7 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -28,24 +28,21 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
             string token = null;
+            AuthenticateResult result = null;
             try
             {
                 // Give application opportunity to find from a different location, adjust, or reject token
-                var receivingTokenContext = new ReceivingTokenContext(Context, Options);
+                var messageReceivedContext = new MessageReceivedContext(Context, Options);
 
                 // event can set the token
-                await Options.Events.ReceivingToken(receivingTokenContext);
-                if (receivingTokenContext.HandledResponse)
+                await Options.Events.MessageReceived(messageReceivedContext);
+                if (messageReceivedContext.CheckEventResult(out result))
                 {
-                    return AuthenticateResult.Success(receivingTokenContext.Ticket);
-                }
-                if (receivingTokenContext.Skipped)
-                {
-                    return AuthenticateResult.Skip();
+                    return result;
                 }
 
                 // If application retrieved token from somewhere else, use that.
-                token = receivingTokenContext.Token;
+                token = messageReceivedContext.Token;
 
                 if (string.IsNullOrEmpty(token))
                 {
@@ -69,22 +66,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     }
                 }
 
-                // notify user token was received
-                var receivedTokenContext = new ReceivedTokenContext(Context, Options)
-                {
-                    Token = token,
-                };
-
-                await Options.Events.ReceivedToken(receivedTokenContext);
-                if (receivedTokenContext.HandledResponse)
-                {
-                    return AuthenticateResult.Success(receivedTokenContext.Ticket);
-                }
-                if (receivedTokenContext.Skipped)
-                {
-                    return AuthenticateResult.Skip();
-                }
-
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
@@ -138,20 +119,18 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         Logger.TokenValidationSucceeded();
 
                         var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
-                        var validatedTokenContext = new ValidatedTokenContext(Context, Options)
+                        var tokenValidatedContext = new TokenValidatedContext(Context, Options)
                         {
-                            Ticket = ticket
+                            Ticket = ticket,
+                            SecurityToken = validatedToken,
                         };
 
-                        await Options.Events.ValidatedToken(validatedTokenContext);
-                        if (validatedTokenContext.HandledResponse)
+                        await Options.Events.TokenValidated(tokenValidatedContext);
+                        if (tokenValidatedContext.CheckEventResult(out result))
                         {
-                            return AuthenticateResult.Success(validatedTokenContext.Ticket);
-                        }
-                        if (validatedTokenContext.Skipped)
-                        {
-                            return AuthenticateResult.Skip();
+                            return result;
                         }
+                        ticket = tokenValidatedContext.Ticket;
 
                         if (Options.SaveToken)
                         {
@@ -173,13 +152,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     };
 
                     await Options.Events.AuthenticationFailed(authenticationFailedContext);
-                    if (authenticationFailedContext.HandledResponse)
+                    if (authenticationFailedContext.CheckEventResult(out result))
                     {
-                        return AuthenticateResult.Success(authenticationFailedContext.Ticket);
-                    }
-                    if (authenticationFailedContext.Skipped)
-                    {
-                        return AuthenticateResult.Skip();
+                        return result;
                     }
 
                     return AuthenticateResult.Fail(authenticationFailedContext.Exception);
@@ -197,13 +172,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 };
 
                 await Options.Events.AuthenticationFailed(authenticationFailedContext);
-                if (authenticationFailedContext.HandledResponse)
+                if (authenticationFailedContext.CheckEventResult(out result))
                 {
-                    return AuthenticateResult.Success(authenticationFailedContext.Ticket);
-                }
-                if (authenticationFailedContext.Skipped)
-                {
-                    return AuthenticateResult.Skip();
+                    return result;
                 }
 
                 throw;
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index c350c38baf..837928e777 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -25,6 +25,8 @@ namespace Microsoft.AspNetCore.Builder
         public JwtBearerOptions() : base()
         {
             AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
+            AutomaticAuthenticate = true;
+            AutomaticChallenge = true;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
deleted file mode 100644
index 7d17d3cf80..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationResponseReceivedContext.cs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
-{
-    public class AuthorizationResponseReceivedContext : BaseOpenIdConnectContext
-    {
-        public AuthorizationResponseReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
-            : base(context, options)
-        {
-            Properties = properties;
-        }
-
-        public AuthenticationProperties Properties { get; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
index da956acf82..57600cee8d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
@@ -15,21 +15,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         Task AuthenticationFailed(AuthenticationFailedContext context);
 
-        /// <summary>
-        /// Invoked after the id token has passed validation and a ClaimsIdentity has been generated.
-        /// </summary>
-        Task AuthenticationValidated(AuthenticationValidatedContext context);
-
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
         Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context);
 
-        /// <summary>
-        /// Invoked when an authorization response is received.
-        /// </summary>
-        Task AuthorizationResponseReceived(AuthorizationResponseReceivedContext context);
-
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
@@ -38,18 +28,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        Task RedirectToAuthenticationEndpoint(RedirectContext context);
+        Task RedirectToIdentityProvider(RedirectContext context);
 
         /// <summary>
         /// Invoked before redirecting to the identity provider to sign out.
         /// </summary>
-        Task RedirectToEndSessionEndpoint(RedirectContext context);
+        Task RedirectToIdentityProviderForSignOut(RedirectContext context);
 
         /// <summary>
         /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
         Task TokenResponseReceived(TokenResponseReceivedContext context);
 
+        /// <summary>
+        /// Invoked when an IdToken has been validated and produced an AuthenticationTicket.
+        /// </summary>
+        Task TokenValidated(TokenValidatedContext context);
+
         /// <summary>
         /// Invoked when user information is retrieved from the UserInfoEndpoint.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index d535f35f92..b2554969c1 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -3,6 +3,7 @@
 
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
@@ -17,5 +18,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
         /// </summary>
         public string Token { get; set; }
+
+        public AuthenticationProperties Properties { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index 249342eecf..9893b72072 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -16,21 +16,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
 
-        /// <summary>
-        /// Invoked after the id token has passed validation and a ClaimsIdentity has been generated.
-        /// </summary>
-        public Func<AuthenticationValidatedContext, Task> OnAuthenticationValidated { get; set; } = context => Task.FromResult(0);
-
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
         public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => Task.FromResult(0);
 
-        /// <summary>
-        /// Invoked when an authorization response is received.
-        /// </summary>
-        public Func<AuthorizationResponseReceivedContext, Task> OnAuthorizationResponseReceived { get; set; } = context => Task.FromResult(0);
-
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
@@ -39,18 +29,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        public Func<RedirectContext, Task> OnRedirectToAuthenticationEndpoint { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked before redirecting to the identity provider to sign out.
         /// </summary>
-        public Func<RedirectContext, Task> OnRedirectToEndSessionEndpoint { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToIdentityProviderForSignOut { get; set; } = context => Task.FromResult(0);
 
         /// <summary>
         /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
         public Func<TokenResponseReceivedContext, Task> OnTokenResponseReceived { get; set; } = context => Task.FromResult(0);
 
+        /// <summary>
+        /// Invoked when an IdToken has been validated and produced an AuthenticationTicket.
+        /// </summary>
+        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => Task.FromResult(0);
+
         /// <summary>
         /// Invoked when user information is retrieved from the UserInfoEndpoint.
         /// </summary>
@@ -58,20 +53,18 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
-        public virtual Task AuthenticationValidated(AuthenticationValidatedContext context) => OnAuthenticationValidated(context);
-
         public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
 
-        public virtual Task AuthorizationResponseReceived(AuthorizationResponseReceivedContext context) => OnAuthorizationResponseReceived(context);
-
         public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
 
-        public virtual Task RedirectToAuthenticationEndpoint(RedirectContext context) => OnRedirectToAuthenticationEndpoint(context);
+        public virtual Task RedirectToIdentityProvider(RedirectContext context) => OnRedirectToIdentityProvider(context);
 
-        public virtual Task RedirectToEndSessionEndpoint(RedirectContext context) => OnRedirectToEndSessionEndpoint(context);
+        public virtual Task RedirectToIdentityProviderForSignOut(RedirectContext context) => OnRedirectToIdentityProviderForSignOut(context);
 
         public virtual Task TokenResponseReceived(TokenResponseReceivedContext context) => OnTokenResponseReceived(context);
 
+        public virtual Task TokenValidated(TokenValidatedContext context) => OnTokenValidated(context);
+
         public virtual Task UserInformationReceived(UserInformationReceivedContext context) => OnUserInformationReceived(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
similarity index 52%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
index 4e19796457..130a4d9873 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.IdentityModel.Tokens.Jwt;
+using System.Net.Http;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
@@ -8,16 +10,22 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
-    public class AuthenticationValidatedContext : BaseOpenIdConnectContext
+    public class TokenValidatedContext : BaseOpenIdConnectContext
     {
-        public AuthenticationValidatedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
+        /// <summary>
+        /// Creates a <see cref="TokenValidatedContext"/>
+        /// </summary>
+        public TokenValidatedContext(HttpContext context, OpenIdConnectOptions options)
             : base(context, options)
         {
-            Properties = properties;
         }
 
-        public AuthenticationProperties Properties { get; }
+        public AuthenticationProperties Properties { get; set; }
+        
+        public JwtSecurityToken SecurityToken { get; set; }
 
         public OpenIdConnectMessage TokenEndpointResponse { get; set; }
+
+        public string Nonce { get; set; }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
index 8d45c9918c..ff580ff266 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -7,10 +7,10 @@ namespace Microsoft.Extensions.Logging
 {
     internal static class LoggingExtensions
     {
-        private static Action<ILogger, Exception> _redirectToEndSessionEndpointHandledResponse;
-        private static Action<ILogger, Exception> _redirectToEndSessionEndpointSkipped;
-        private static Action<ILogger, Exception> _redirectToAuthenticationEndpointHandledResponse;
-        private static Action<ILogger, Exception> _redirectToAuthenticationEndpointSkipped;
+        private static Action<ILogger, Exception> _redirectToIdentityProviderForSignOutHandledResponse;
+        private static Action<ILogger, Exception> _redirectToIdentityProviderForSignOutSkipped;
+        private static Action<ILogger, Exception> _redirectToIdentityProviderHandledResponse;
+        private static Action<ILogger, Exception> _redirectToIdentityProviderSkipped;
         private static Action<ILogger, Exception> _updatingConfiguration;
         private static Action<ILogger, Exception> _receivedIdToken;
         private static Action<ILogger, Exception> _redeemingCodeForTokens;
@@ -19,20 +19,17 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, string, Exception> _messageReceived;
         private static Action<ILogger, Exception> _messageReceivedContextHandledResponse;
         private static Action<ILogger, Exception> _messageReceivedContextSkipped;
-        private static Action<ILogger, Exception> _authorizationResponseReceived;
         private static Action<ILogger, Exception> _authorizationCodeReceived;
         private static Action<ILogger, Exception> _configurationManagerRequestRefreshCalled;
         private static Action<ILogger, Exception> _tokenResponseReceived;
-        private static Action<ILogger, Exception> _authorizationResponseReceivedHandledResponse;
-        private static Action<ILogger, Exception> _authorizationResponseReceivedSkipped;
+        private static Action<ILogger, Exception> _tokenValidatedHandledResponse;
+        private static Action<ILogger, Exception> _tokenValidatedSkipped;
         private static Action<ILogger, Exception> _authenticationFailedContextHandledResponse;
         private static Action<ILogger, Exception> _authenticationFailedContextSkipped;
         private static Action<ILogger, Exception> _authorizationCodeReceivedContextHandledResponse;
         private static Action<ILogger, Exception> _authorizationCodeReceivedContextSkipped;
-        private static Action<ILogger, Exception> _authorizationCodeRedeemedContextHandledResponse;
-        private static Action<ILogger, Exception> _authorizationCodeRedeemedContextSkipped;
-        private static Action<ILogger, Exception> _authenticationValidatedHandledResponse;
-        private static Action<ILogger, Exception> _authenticationValidatedtSkipped;
+        private static Action<ILogger, Exception> _tokenResponseReceivedHandledResponse;
+        private static Action<ILogger, Exception> _tokenResponseReceivedSkipped;
         private static Action<ILogger, string, Exception> _userInformationReceived;
         private static Action<ILogger, Exception> _userInformationReceivedHandledResponse;
         private static Action<ILogger, Exception> _userInformationReceivedSkipped;
@@ -54,14 +51,14 @@ namespace Microsoft.Extensions.Logging
         static LoggingExtensions()
         {
             // Final
-            _redirectToEndSessionEndpointHandledResponse = LoggerMessage.Define(
+            _redirectToIdentityProviderForSignOutHandledResponse = LoggerMessage.Define(
                 eventId: 1,
                 logLevel: LogLevel.Debug,
-                formatString: "RedirectToEndSessionEndpoint.HandledResponse");
-            _redirectToEndSessionEndpointSkipped = LoggerMessage.Define(
+                formatString: "RedirectToIdentityProviderForSignOut.HandledResponse");
+            _redirectToIdentityProviderForSignOutSkipped = LoggerMessage.Define(
                 eventId: 2,
                 logLevel: LogLevel.Debug,
-                formatString: "RedirectToEndSessionEndpoint.Skipped");
+                formatString: "RedirectToIdentityProviderForSignOut.Skipped");
             _invalidLogoutQueryStringRedirectUrl = LoggerMessage.Define<string>(
                 eventId: 3,
                 logLevel: LogLevel.Warning,
@@ -74,14 +71,14 @@ namespace Microsoft.Extensions.Logging
                 eventId: 5,
                 logLevel: LogLevel.Trace,
                 formatString: "Using properties.RedirectUri for 'local redirect' post authentication: '{RedirectUri}'.");
-            _redirectToAuthenticationEndpointHandledResponse = LoggerMessage.Define(
+            _redirectToIdentityProviderHandledResponse = LoggerMessage.Define(
                 eventId: 6,
                 logLevel: LogLevel.Debug,
-                formatString: "RedirectToAuthenticationEndpoint.HandledResponse");
-            _redirectToAuthenticationEndpointSkipped = LoggerMessage.Define(
+                formatString: "RedirectToIdentityProvider.HandledResponse");
+            _redirectToIdentityProviderSkipped = LoggerMessage.Define(
                 eventId: 7,
                 logLevel: LogLevel.Debug,
-                formatString: "RedirectToAuthenticationEndpoint.Skipped");
+                formatString: "RedirectToIdentityProvider.Skipped");
             _invalidAuthenticationRequestUrl = LoggerMessage.Define<string>(
                 eventId: 8,
                 logLevel: LogLevel.Warning,
@@ -106,18 +103,14 @@ namespace Microsoft.Extensions.Logging
                 eventId: 13,
                 logLevel: LogLevel.Debug,
                 formatString: "Updating configuration");
-            _authorizationResponseReceived = LoggerMessage.Define(
-                eventId: 14,
-                logLevel: LogLevel.Trace,
-                formatString: "Authorization response received.");
-            _authorizationResponseReceivedHandledResponse = LoggerMessage.Define(
+            _tokenValidatedHandledResponse = LoggerMessage.Define(
                 eventId: 15,
                 logLevel: LogLevel.Debug,
-                formatString: "AuthorizationResponseReceived.HandledResponse");
-            _authorizationResponseReceivedSkipped = LoggerMessage.Define(
+                formatString: "TokenValidated.HandledResponse");
+            _tokenValidatedSkipped = LoggerMessage.Define(
                 eventId: 16,
                 logLevel: LogLevel.Debug,
-                formatString: "AuthorizationResponseReceived.Skipped");
+                formatString: "TokenValidated.Skipped");
             _exceptionProcessingMessage = LoggerMessage.Define(
                 eventId: 17,
                 logLevel: LogLevel.Error,
@@ -174,22 +167,14 @@ namespace Microsoft.Extensions.Logging
                 eventId: 30,
                 logLevel: LogLevel.Trace,
                 formatString: "Token response received.");
-            _authorizationCodeRedeemedContextHandledResponse = LoggerMessage.Define(
+            _tokenResponseReceivedHandledResponse = LoggerMessage.Define(
                 eventId: 31,
                 logLevel: LogLevel.Debug,
-                formatString: "AuthorizationCodeRedeemedContext.HandledResponse");
-            _authorizationCodeRedeemedContextSkipped = LoggerMessage.Define(
+                formatString: "TokenResponseReceived.HandledResponse");
+            _tokenResponseReceivedSkipped = LoggerMessage.Define(
                 eventId: 32,
                 logLevel: LogLevel.Debug,
-                formatString: "AuthorizationCodeRedeemedContext.Skipped");
-            _authenticationValidatedHandledResponse = LoggerMessage.Define(
-                eventId: 33,
-                logLevel: LogLevel.Debug,
-                formatString: "AuthenticationFailedContext.HandledResponse");
-            _authenticationValidatedtSkipped = LoggerMessage.Define(
-                eventId: 34,
-                logLevel: LogLevel.Debug,
-                formatString: "AuthenticationFailedContext.Skipped");
+                formatString: "TokenResponseReceived.Skipped");
             _userInformationReceived = LoggerMessage.Define<string>(
                eventId: 35,
                logLevel: LogLevel.Trace,
@@ -258,19 +243,14 @@ namespace Microsoft.Extensions.Logging
             _redeemingCodeForTokens(logger, null);
         }
 
-        public static void AuthorizationResponseReceived(this ILogger logger)
+        public static void TokenValidatedHandledResponse(this ILogger logger)
         {
-            _authorizationResponseReceived(logger, null);
+            _tokenValidatedHandledResponse(logger, null);
         }
 
-        public static void AuthorizationResponseReceivedHandledResponse(this ILogger logger)
+        public static void TokenValidatedSkipped(this ILogger logger)
         {
-            _authorizationResponseReceivedHandledResponse(logger, null);
-        }
-
-        public static void AuthorizationResponseReceivedSkipped(this ILogger logger)
-        {
-            _authorizationResponseReceivedSkipped(logger, null);
+            _tokenValidatedSkipped(logger, null);
         }
 
         public static void AuthorizationCodeReceivedContextHandledResponse(this ILogger logger)
@@ -283,24 +263,14 @@ namespace Microsoft.Extensions.Logging
             _authorizationCodeReceivedContextSkipped(logger, null);
         }
 
-        public static void AuthorizationCodeRedeemedContextHandledResponse(this ILogger logger)
+        public static void TokenResponseReceivedHandledResponse(this ILogger logger)
         {
-            _authorizationCodeRedeemedContextHandledResponse(logger, null);
+            _tokenResponseReceivedHandledResponse(logger, null);
         }
 
-        public static void AuthorizationCodeRedeemedContextSkipped(this ILogger logger)
+        public static void TokenResponseReceivedSkipped(this ILogger logger)
         {
-            _authorizationCodeRedeemedContextSkipped(logger, null);
-        }
-
-        public static void AuthenticationValidatedHandledResponse(this ILogger logger)
-        {
-            _authenticationValidatedHandledResponse(logger, null);
-        }
-
-        public static void AuthenticationValidatedSkipped(this ILogger logger)
-        {
-            _authenticationValidatedtSkipped(logger, null);
+            _tokenResponseReceivedSkipped(logger, null);
         }
 
         public static void AuthenticationFailedContextHandledResponse(this ILogger logger)
@@ -328,24 +298,24 @@ namespace Microsoft.Extensions.Logging
             _messageReceivedContextSkipped(logger, null);
         }
 
-        public static void RedirectToEndSessionEndpointHandledResponse(this ILogger logger)
+        public static void RedirectToIdentityProviderForSignOutHandledResponse(this ILogger logger)
         {
-            _redirectToEndSessionEndpointHandledResponse(logger, null);
+            _redirectToIdentityProviderForSignOutHandledResponse(logger, null);
         }
 
-        public static void RedirectToEndSessionEndpointSkipped(this ILogger logger)
+        public static void RedirectToIdentityProviderForSignOutSkipped(this ILogger logger)
         {
-            _redirectToEndSessionEndpointSkipped(logger, null);
+            _redirectToIdentityProviderForSignOutSkipped(logger, null);
         }
 
-        public static void RedirectToAuthenticationEndpointHandledResponse(this ILogger logger)
+        public static void RedirectToIdentityProviderHandledResponse(this ILogger logger)
         {
-            _redirectToAuthenticationEndpointHandledResponse(logger, null);
+            _redirectToIdentityProviderHandledResponse(logger, null);
         }
 
-        public static void RedirectToAuthenticationEndpointSkipped(this ILogger logger)
+        public static void RedirectToIdentityProviderSkipped(this ILogger logger)
         {
-            _redirectToAuthenticationEndpointSkipped(logger, null);
+            _redirectToIdentityProviderSkipped(logger, null);
         }
 
         public static void UserInformationReceivedHandledResponse(this ILogger logger)
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 5c534696b8..f85ba9c146 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -111,15 +111,15 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     ProtocolMessage = message
                 };
 
-                await Options.Events.RedirectToEndSessionEndpoint(redirectContext);
+                await Options.Events.RedirectToIdentityProviderForSignOut(redirectContext);
                 if (redirectContext.HandledResponse)
                 {
-                    Logger.RedirectToEndSessionEndpointHandledResponse();
+                    Logger.RedirectToIdentityProviderForSignOutHandledResponse();
                     return;
                 }
                 else if (redirectContext.Skipped)
                 {
-                    Logger.RedirectToEndSessionEndpointSkipped();
+                    Logger.RedirectToIdentityProviderForSignOutSkipped();
                     return;
                 }
 
@@ -169,7 +169,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Responds to a 401 Challenge. Sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
         /// </summary>
         /// <returns></returns>
-        /// <remarks>Uses log id's OIDCH-0026 - OIDCH-0050, next num: 37</remarks>
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             if (context == null)
@@ -230,15 +229,15 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 ProtocolMessage = message
             };
 
-            await Options.Events.RedirectToAuthenticationEndpoint(redirectContext);
+            await Options.Events.RedirectToIdentityProvider(redirectContext);
             if (redirectContext.HandledResponse)
             {
-                Logger.RedirectToAuthenticationEndpointHandledResponse();
+                Logger.RedirectToIdentityProviderHandledResponse();
                 return true;
             }
             else if (redirectContext.Skipped)
             {
-                Logger.RedirectToAuthenticationEndpointSkipped();
+                Logger.RedirectToIdentityProviderSkipped();
                 return false;
             }
 
@@ -350,27 +349,38 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             try
             {
-                var messageReceivedContext = await RunMessageReceivedEventAsync(authorizationResponse);
-                if (CheckEventResult(messageReceivedContext, out result))
+                AuthenticationProperties properties = null;
+                if (!string.IsNullOrEmpty(authorizationResponse.State))
+                {
+                    properties = Options.StateDataFormat.Unprotect(authorizationResponse.State);
+                }
+
+                var messageReceivedContext = await RunMessageReceivedEventAsync(authorizationResponse, properties);
+                if (messageReceivedContext.CheckEventResult(out result))
                 {
                     return result;
                 }
                 authorizationResponse = messageReceivedContext.ProtocolMessage;
+                properties = messageReceivedContext.Properties;
 
-                // Fail if state is missing, it's required for the correlation id.
-                if (string.IsNullOrEmpty(authorizationResponse.State))
+                if (properties == null)
                 {
-                    // This wasn't a valid OIDC message, it may not have been intended for us.
-                    Logger.NullOrEmptyAuthorizationResponseState();
-                    if (Options.SkipUnrecognizedRequests)
+                    // Fail if state is missing, it's required for the correlation id.
+                    if (string.IsNullOrEmpty(authorizationResponse.State))
                     {
-                        return AuthenticateResult.Skip();
+                        // This wasn't a valid OIDC message, it may not have been intended for us.
+                        Logger.NullOrEmptyAuthorizationResponseState();
+                        if (Options.SkipUnrecognizedRequests)
+                        {
+                            return AuthenticateResult.Skip();
+                        }
+                        return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
                     }
-                    return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
+
+                    // if state exists and we failed to 'unprotect' this is not a message we should process.
+                    properties = Options.StateDataFormat.Unprotect(authorizationResponse.State);
                 }
 
-                // if state exists and we failed to 'unprotect' this is not a message we should process.
-                var properties = Options.StateDataFormat.Unprotect(Uri.UnescapeDataString(authorizationResponse.State));
                 if (properties == null)
                 {
                     Logger.UnableToReadAuthorizationResponseState();
@@ -382,17 +392,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     return AuthenticateResult.Fail(Resources.MessageStateIsInvalid);
                 }
 
-                // if any of the error fields are set, throw error null
-                if (!string.IsNullOrEmpty(authorizationResponse.Error))
-                {
-                    Logger.AuthorizationResponseError(
-                        authorizationResponse.Error,
-                        authorizationResponse.ErrorDescription ?? "ErrorDecription null",
-                        authorizationResponse.ErrorUri ?? "ErrorUri null");
-
-                    return AuthenticateResult.Fail(new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, authorizationResponse.Error, authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null")));
-                }
-
                 string userstate = null;
                 properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out userstate);
                 authorizationResponse.State = userstate;
@@ -402,20 +401,25 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     return AuthenticateResult.Fail("Correlation failed.");
                 }
 
+                // if any of the error fields are set, throw error null
+                if (!string.IsNullOrEmpty(authorizationResponse.Error))
+                {
+                    Logger.AuthorizationResponseError(
+                        authorizationResponse.Error,
+                        authorizationResponse.ErrorDescription ?? "ErrorDecription null",
+                        authorizationResponse.ErrorUri ?? "ErrorUri null");
+
+                    return AuthenticateResult.Fail(new OpenIdConnectProtocolException(
+                        string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, authorizationResponse.Error,
+                        authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null")));
+                }
+
                 if (_configuration == null && Options.ConfigurationManager != null)
                 {
                     Logger.UpdatingConfiguration();
                     _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
                 }
 
-                var authorizationResponseReceivedContext = await RunAuthorizationResponseReceivedEventAsync(authorizationResponse, properties);
-                if (CheckEventResult(authorizationResponseReceivedContext, out result))
-                {
-                    return result;
-                }
-                authorizationResponse = authorizationResponseReceivedContext.ProtocolMessage;
-                properties = authorizationResponseReceivedContext.Properties;
-
                 PopulateSessionProperties(authorizationResponse, properties);
 
                 AuthenticationTicket ticket = null;
@@ -434,6 +438,17 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     {
                         nonce = ReadNonceCookie(nonce);
                     }
+
+                    var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, null, properties, ticket, jwt, nonce);
+                    if (tokenValidatedContext.CheckEventResult(out result))
+                    {
+                        return result;
+                    }
+                    authorizationResponse = tokenValidatedContext.ProtocolMessage;
+                    properties = tokenValidatedContext.Properties;
+                    ticket = tokenValidatedContext.Ticket;
+                    jwt = tokenValidatedContext.SecurityToken;
+                    nonce = tokenValidatedContext.Nonce;
                 }
 
                 Options.ProtocolValidator.ValidateAuthenticationResponse(new OpenIdConnectProtocolValidationContext()
@@ -444,15 +459,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     Nonce = nonce
                 });
 
-                // TODO: AuthorizationResponseValidated event?
-
                 OpenIdConnectMessage tokenEndpointResponse = null;
 
                 // Authorization Code or Hybrid flow
                 if (!string.IsNullOrEmpty(authorizationResponse.Code))
                 {
                     var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(authorizationResponse, properties, ticket, jwt);
-                    if (CheckEventResult(authorizationCodeReceivedContext, out result))
+                    if (authorizationCodeReceivedContext.CheckEventResult(out result))
                     {
                         return result;
                     }
@@ -469,13 +482,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         tokenEndpointResponse = await RedeemAuthorizationCodeAsync(tokenEndpointRequest);
                     }
 
-                    var authorizationCodeRedeemedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties);
-                    if (CheckEventResult(authorizationCodeRedeemedContext, out result))
+                    var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties);
+                    if (tokenResponseReceivedContext.CheckEventResult(out result))
                     {
                         return result;
                     }
-                    authorizationResponse = authorizationCodeRedeemedContext.ProtocolMessage;
-                    tokenEndpointResponse = authorizationCodeRedeemedContext.TokenEndpointResponse;
+                    authorizationResponse = tokenResponseReceivedContext.ProtocolMessage;
+                    tokenEndpointResponse = tokenResponseReceivedContext.TokenEndpointResponse;
 
                     // We only have to process the IdToken if we didn't already get one in the AuthorizationResponse
                     if (ticket == null)
@@ -491,6 +504,18 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         {
                             nonce = ReadNonceCookie(nonce);
                         }
+
+                        var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, tokenEndpointResponse, properties, ticket, jwt, nonce);
+                        if (tokenValidatedContext.CheckEventResult(out result))
+                        {
+                            return result;
+                        }
+                        authorizationResponse = tokenValidatedContext.ProtocolMessage;
+                        tokenEndpointResponse = tokenValidatedContext.TokenEndpointResponse;
+                        properties = tokenValidatedContext.Properties;
+                        ticket = tokenValidatedContext.Ticket;
+                        jwt = tokenValidatedContext.SecurityToken;
+                        nonce = tokenValidatedContext.Nonce;
                     }
 
                     // Validate the token response if it wasn't provided manually
@@ -506,15 +531,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     }
                 }
 
-                var authenticationValidatedContext = await RunAuthenticationValidatedEventAsync(authorizationResponse, ticket, properties, tokenEndpointResponse);
-                if (CheckEventResult(authenticationValidatedContext, out result))
-                {
-                    return result;
-                }
-                authorizationResponse = authenticationValidatedContext.ProtocolMessage;
-                tokenEndpointResponse = authenticationValidatedContext.TokenEndpointResponse;
-                ticket = authenticationValidatedContext.Ticket;
-
                 if (Options.SaveTokens)
                 {
                     SaveTokens(ticket.Properties, tokenEndpointResponse ?? authorizationResponse);
@@ -542,7 +558,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 }
 
                 var authenticationFailedContext = await RunAuthenticationFailedEventAsync(authorizationResponse, exception);
-                if (CheckEventResult(authenticationFailedContext, out result))
+                if (authenticationFailedContext.CheckEventResult(out result))
                 {
                     return result;
                 }
@@ -551,22 +567,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
         }
 
-        private bool CheckEventResult(BaseControlContext context, out AuthenticateResult result)
-        {
-            if (context.HandledResponse)
-            {
-                result = AuthenticateResult.Success(context.Ticket);
-                return true;
-            }
-            else if (context.Skipped)
-            {
-                result = AuthenticateResult.Skip();
-                return true;
-            }
-            result = null;
-            return false;
-        }
-
         private void PopulateSessionProperties(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             if (!string.IsNullOrEmpty(message.SessionState))
@@ -643,7 +643,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
             AuthenticateResult result;
-            if (CheckEventResult(userInformationReceivedContext, out result))
+            if (userInformationReceivedContext.CheckEventResult(out result))
             {
                 return result;
             }
@@ -830,12 +830,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
         }
 
-        private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message)
+        private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             Logger.MessageReceived(message.BuildRedirectUrl());
             var messageReceivedContext = new MessageReceivedContext(Context, Options)
             {
-                ProtocolMessage = message
+                ProtocolMessage = message,
+                Properties = properties,
             };
 
             await Options.Events.MessageReceived(messageReceivedContext);
@@ -851,23 +852,29 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             return messageReceivedContext;
         }
 
-        private async Task<AuthorizationResponseReceivedContext> RunAuthorizationResponseReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties)
+        private async Task<TokenValidatedContext> RunTokenValidatedEventAsync(OpenIdConnectMessage authorizationResponse, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt, string nonce)
         {
-            Logger.AuthorizationResponseReceived();
-            var authorizationResponseReceivedContext = new AuthorizationResponseReceivedContext(Context, Options, properties)
+            var tokenValidatedContext = new TokenValidatedContext(Context, Options)
             {
-                ProtocolMessage = message
+                ProtocolMessage = authorizationResponse,
+                TokenEndpointResponse = tokenEndpointResponse,
+                Properties = properties,
+                Ticket = ticket,
+                SecurityToken = jwt,
+                Nonce = nonce,
             };
-            await Options.Events.AuthorizationResponseReceived(authorizationResponseReceivedContext);
-            if (authorizationResponseReceivedContext.HandledResponse)
+
+            await Options.Events.TokenValidated(tokenValidatedContext);
+            if (tokenValidatedContext.HandledResponse)
             {
-                Logger.AuthorizationResponseReceivedHandledResponse();
+                Logger.TokenValidatedHandledResponse();
             }
-            else if (authorizationResponseReceivedContext.Skipped)
+            else if (tokenValidatedContext.Skipped)
             {
-                Logger.AuthorizationResponseReceivedSkipped();
+                Logger.TokenValidatedSkipped();
             }
-            return authorizationResponseReceivedContext;
+
+            return tokenValidatedContext;
         }
 
         private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
@@ -909,46 +916,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties)
         {
             Logger.TokenResponseReceived();
-
-            var tokenResponseReceivedContext = new TokenResponseReceivedContext(Context, Options, properties)
+            var eventContext = new TokenResponseReceivedContext(Context, Options, properties)
             {
                 ProtocolMessage = message,
                 TokenEndpointResponse = tokenEndpointResponse
             };
 
-            await Options.Events.TokenResponseReceived(tokenResponseReceivedContext);
-            if (tokenResponseReceivedContext.HandledResponse)
+            await Options.Events.TokenResponseReceived(eventContext);
+            if (eventContext.HandledResponse)
             {
-                Logger.AuthorizationCodeRedeemedContextHandledResponse();
+                Logger.TokenResponseReceivedHandledResponse();
             }
-            else if (tokenResponseReceivedContext.Skipped)
+            else if (eventContext.Skipped)
             {
-                Logger.AuthorizationCodeRedeemedContextSkipped();
+                Logger.TokenResponseReceivedSkipped();
             }
 
-            return tokenResponseReceivedContext;
-        }
-
-        private async Task<AuthenticationValidatedContext> RunAuthenticationValidatedEventAsync(OpenIdConnectMessage message, AuthenticationTicket ticket, AuthenticationProperties properties, OpenIdConnectMessage tokenResponse)
-        {
-            var authenticationValidatedContext = new AuthenticationValidatedContext(Context, Options, properties)
-            {
-                Ticket = ticket,
-                ProtocolMessage = message,
-                TokenEndpointResponse = tokenResponse,
-            };
-
-            await Options.Events.AuthenticationValidated(authenticationValidatedContext);
-            if (authenticationValidatedContext.HandledResponse)
-            {
-                Logger.AuthenticationValidatedHandledResponse();
-            }
-            else if (authenticationValidatedContext.Skipped)
-            {
-                Logger.AuthenticationValidatedSkipped();
-            }
-
-            return authenticationValidatedContext;
+            return eventContext;
         }
 
         private async Task<UserInformationReceivedContext> RunUserInformationReceivedEventAsync(AuthenticationTicket ticket, OpenIdConnectMessage message, JObject user)
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
index db81ad704c..24f3ba8e53 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
@@ -46,5 +46,21 @@ namespace Microsoft.AspNetCore.Authentication
         /// Gets or set the <see cref="Ticket"/> to return if this event signals it handled the event.
         /// </summary>
         public AuthenticationTicket Ticket { get; set; }
+
+        public bool CheckEventResult(out AuthenticateResult result)
+        {
+            if (HandledResponse)
+            {
+                result = AuthenticateResult.Success(Ticket);
+                return true;
+            }
+            else if (Skipped)
+            {
+                result = AuthenticateResult.Skip();
+                return true;
+            }
+            result = null;
+            return false;
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 72d13a4c9e..81c03dc83a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -73,7 +73,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
-                    OnReceivingToken = context =>
+                    OnMessageReceived = context =>
                     {
                         var claims = new[]
                         {
@@ -143,39 +143,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal("", response.ResponseText);
         }
 
-        [Fact]
-        public async Task CustomTokenReceived()
-        {
-            var server = CreateServer(new JwtBearerOptions
-            {
-                AutomaticAuthenticate = true,
-                Events = new JwtBearerEvents()
-                {
-                    OnReceivedToken = context =>
-                    {
-                        var claims = new[]
-                        {
-                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                        };
-
-                        context.Ticket = new AuthenticationTicket(
-                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
-
-                        context.HandleResponse();
-
-                        return Task.FromResult<object>(null);
-                    }
-                }
-            });
-
-            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
-            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
-            Assert.Equal("Bob le Magnifique", response.ResponseText);
-        }
-
         [Fact]
         public async Task CustomTokenValidated()
         {
@@ -184,7 +151,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
-                    OnValidatedToken = context =>
+                    OnTokenValidated = context =>
                     {
                         // Retrieve the NameIdentifier claim from the identity
                         // returned by the custom security token validator.
@@ -204,6 +171,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     }
                 }
             };
+            options.SecurityTokenValidators.Clear();
             options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme));
             var server = CreateServer(options);
 
@@ -215,67 +183,37 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task RetrievingTokenFromAlternateLocation()
         {
-            var server = CreateServer(new JwtBearerOptions
+            var options = new JwtBearerOptions()
             {
                 AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
-                    OnReceivingToken = context =>
+                    OnMessageReceived = context =>
                     {
                         context.Token = "CustomToken";
-                        return Task.FromResult<object>(null);
-                    },
-                    OnReceivedToken = context =>
-                    {
-                        var claims = new[]
-                        {
-                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                        };
-
-                        context.Ticket = new AuthenticationTicket(
-                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
-
-                        context.HandleResponse();
-
                         return Task.FromResult<object>(null);
                     }
                 }
-            });
+            };
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT", token =>
+            {
+                Assert.Equal("CustomToken", token);
+            }));
+            var server = CreateServer(options);
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
-            Assert.Equal("Bob le Magnifique", response.ResponseText);
+            Assert.Equal("Bob le Tout Puissant", response.ResponseText);
         }
 
         [Fact]
         public async Task BearerTurns401To403IfAuthenticated()
         {
-            var server = CreateServer(new JwtBearerOptions
-            {
-                Events = new JwtBearerEvents()
-                {
-                    OnReceivedToken = context =>
-                    {
-                        var claims = new[]
-                        {
-                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                        };
-
-                        context.Ticket = new AuthenticationTicket(
-                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
-
-                        context.HandleResponse();
-
-                        return Task.FromResult<object>(null);
-                    }
-                }
-            });
+            var options = new JwtBearerOptions();
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            var server = CreateServer(options);
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
             Assert.Equal(HttpStatusCode.Forbidden, response.Response.StatusCode);
@@ -284,52 +222,26 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task BearerDoesNothingTo401IfNotAuthenticated()
         {
-            var server = CreateServer(new JwtBearerOptions
-            {
-                Events = new JwtBearerEvents()
-                {
-                    OnReceivedToken = context =>
-                    {
-                        var claims = new[]
-                        {
-                            new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                            new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                            new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                        };
-
-                        context.Ticket = new AuthenticationTicket(
-                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
-
-                        context.HandleResponse();
-
-                        return Task.FromResult<object>(null);
-                    }
-                }
-            });
+            var server = CreateServer(new JwtBearerOptions());
 
             var response = await SendAsync(server, "http://example.com/unauthorized");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
         [Fact]
-        public async Task EventOnReceivingTokenSkipped_NoMoreEventsExecuted()
+        public async Task EventOnMessageReceivedSkipped_NoMoreEventsExecuted()
         {
             var server = CreateServer(new JwtBearerOptions
             {
                 AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
-                    OnReceivingToken = context =>
+                    OnMessageReceived = context =>
                     {
                         context.SkipToNextMiddleware();
                         return Task.FromResult(0);
                     },
-                    OnReceivedToken = context =>
-                    {
-                        throw new NotImplementedException();
-                    },
-                    OnValidatedToken = context =>
+                    OnTokenValidated = context =>
                     {
                         throw new NotImplementedException();
                     },
@@ -350,47 +262,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public async Task EventOnReceivedTokenSkipped_NoMoreEventsExecuted()
-        {
-            var server = CreateServer(new JwtBearerOptions
-            {
-                AutomaticAuthenticate = true,
-                Events = new JwtBearerEvents()
-                {
-                    OnReceivedToken = context =>
-                    {
-                        context.SkipToNextMiddleware();
-                        return Task.FromResult(0);
-                    },
-                    OnValidatedToken = context =>
-                    {
-                        throw new NotImplementedException();
-                    },
-                    OnAuthenticationFailed = context =>
-                    {
-                        throw new NotImplementedException(context.Exception.ToString());
-                    },
-                    OnChallenge = context =>
-                    {
-                        throw new NotImplementedException();
-                    },
-                }
-            });
-
-            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
-            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
-            Assert.Equal(string.Empty, response.ResponseText);
-        }
-
-        [Fact]
-        public async Task EventOnValidatedTokenSkipped_NoMoreEventsExecuted()
+        public async Task EventOnTokenValidatedSkipped_NoMoreEventsExecuted()
         {
             var options = new JwtBearerOptions
             {
                 AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
-                    OnValidatedToken = context =>
+                    OnTokenValidated = context =>
                     {
                         context.SkipToNextMiddleware();
                         return Task.FromResult(0);
@@ -422,7 +301,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
-                    OnValidatedToken = context =>
+                    OnTokenValidated = context =>
                     {
                         throw new Exception("Test Exception");
                     },
@@ -493,9 +372,17 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
         class BlobTokenValidator : ISecurityTokenValidator
         {
+            private Action<string> _tokenValidator;
+
             public BlobTokenValidator(string authenticationScheme)
             {
                 AuthenticationScheme = authenticationScheme;
+
+            }
+            public BlobTokenValidator(string authenticationScheme, Action<string> tokenValidator)
+            {
+                AuthenticationScheme = authenticationScheme;
+                _tokenValidator = tokenValidator;
             }
 
             public string AuthenticationScheme { get; }
@@ -519,6 +406,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
             {
                 validatedToken = null;
+                if (_tokenValidator != null)
+                {
+                    _tokenValidator(securityToken);
+                }
 
                 var claims = new[]
                 {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index cadcf80884..ebc59b9ee8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -150,12 +150,12 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             options.AutomaticChallenge = true;
             options.Events = new OpenIdConnectEvents()
             {
-                OnRedirectToAuthenticationEndpoint = (context) =>
+                OnRedirectToIdentityProvider = (context) =>
                 {
                     context.ProtocolMessage = fakeOpenIdRequestMessage;
                     return Task.FromResult(0);
                 },
-                OnRedirectToEndSessionEndpoint = (context) =>
+                OnRedirectToIdentityProviderForSignOut = (context) =>
                 {
                     context.ProtocolMessage = fakeOpenIdRequestMessage;
                     return Task.FromResult(0);
@@ -208,7 +208,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             options.AutomaticChallenge = challenge.Equals(ChallengeWithOutContext);
             options.Events = new OpenIdConnectEvents()
             {
-                OnRedirectToAuthenticationEndpoint = context =>
+                OnRedirectToIdentityProvider = context =>
                 {
                     context.ProtocolMessage.State = userState;
                     context.ProtocolMessage.RedirectUri = queryValues.RedirectUri;
@@ -258,7 +258,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var options = GetOptions(DefaultParameters(), queryValues);
             options.Events = new OpenIdConnectEvents()
             {
-                OnRedirectToAuthenticationEndpoint = context =>
+                OnRedirectToIdentityProvider = context =>
                 {
                     context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
                     context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;

From 4086d706284e0973f7e7ababa1da045697ad85be Mon Sep 17 00:00:00 2001
From: jacalvar <jacalvar@microsoft.com>
Date: Mon, 28 Mar 2016 15:43:22 -0700
Subject: [PATCH 505/900] Add comments to AddAuthentication extension methods

---
 .../AuthenticationServiceCollectionExtensions.cs              | 4 ++--
 .../AuthorizationServiceCollectionExtensions.cs               | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 9ce76d7e62..2aa320ae21 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -15,7 +15,7 @@ namespace Microsoft.Extensions.DependencyInjection
         /// Adds authentication services to the specified <see cref="IServiceCollection" />. 
         /// </summary>
         /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
+        /// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
         public static IServiceCollection AddAuthentication(this IServiceCollection services)
         {
             if (services == null)
@@ -33,7 +33,7 @@ namespace Microsoft.Extensions.DependencyInjection
         /// </summary>
         /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
         /// <param name="configureOptions">An action delegate to configure the provided <see cref="SharedAuthenticationOptions"/>.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
+        /// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
         public static IServiceCollection AddAuthentication(this IServiceCollection services, Action<SharedAuthenticationOptions> configureOptions)
         {
             if (services == null)
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
index d03f9ed746..c92be6232e 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -17,7 +17,7 @@ namespace Microsoft.Extensions.DependencyInjection
         /// Adds authorization services to the specified <see cref="IServiceCollection" />. 
         /// </summary>
         /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
+        /// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
         public static IServiceCollection AddAuthorization(this IServiceCollection services)
         {
             if (services == null)
@@ -36,7 +36,7 @@ namespace Microsoft.Extensions.DependencyInjection
         /// </summary>
         /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
         /// <param name="configure">An action delegate to configure the provided <see cref="AuthorizationOptions"/>.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
+        /// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
         public static IServiceCollection AddAuthorization(this IServiceCollection services, Action<AuthorizationOptions> configure)
         {
             if (services == null)

From babd83cf287e4cf5b33106b5df87a084f6d8d044 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Wed, 30 Mar 2016 15:51:02 -0700
Subject: [PATCH 506/900] Reacting to Kestrel extensions

---
 samples/CookieSample/Startup.cs                | 4 ++--
 samples/CookieSessionSample/Startup.cs         | 4 ++--
 samples/JwtBearerSample/Startup.cs             | 3 ++-
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 5 +++--
 samples/OpenIdConnectSample/Startup.cs         | 3 ++-
 samples/SocialSample/Startup.cs                | 3 ++-
 6 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 043664f1dc..4ad27b180b 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -46,7 +46,7 @@ namespace CookieSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
-                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
+                .UseKestrel()
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
@@ -54,4 +54,4 @@ namespace CookieSample
             host.Run();
         }
     }
-}
\ No newline at end of file
+}
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 71da6aa1f5..7843f66a1f 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -56,7 +56,7 @@ namespace CookieSessionSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
-                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
+                .UseKestrel()
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
@@ -64,4 +64,4 @@ namespace CookieSessionSample
             host.Run();
         }
     }
-}
\ No newline at end of file
+}
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 78e6d0f406..b0c2464f87 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -114,7 +114,7 @@ namespace JwtBearerSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
-                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
+                .UseKestrel()
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
@@ -123,3 +123,4 @@ namespace JwtBearerSample
         }
     }
 }
+
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 3bbae57b4a..3a73a090ac 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Linq;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -157,7 +157,7 @@ namespace OpenIdConnect.AzureAdSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
-                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
+                .UseKestrel()
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
@@ -166,3 +166,4 @@ namespace OpenIdConnect.AzureAdSample
         }
     }
 }
+
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index bad559aa22..76ac7c7120 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -103,7 +103,7 @@ namespace OpenIdConnectSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
-                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
+                .UseKestrel()
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
@@ -112,3 +112,4 @@ namespace OpenIdConnectSample
         }
     }
 }
+
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index e9c7f6141d..0e13b78e92 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -343,7 +343,7 @@ namespace SocialSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
-                .UseServer("Microsoft.AspNetCore.Server.Kestrel")
+                .UseKestrel()
                 .UseIISPlatformHandlerUrl()
                 .UseStartup<Startup>()
                 .Build();
@@ -370,3 +370,4 @@ namespace SocialSample
         }
     }
 }
+

From 16a0482238bde951dbba981aaf8e80345a32a23c Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Sun, 27 Mar 2016 21:46:45 -0700
Subject: [PATCH 507/900] React to HttpAbstractions namespace changes -
 aspnet/HttpAbstractions#549 and aspnet/HttpAbstractions#592 - clean up
 `using`s

---
 .../TwitterHandler.cs                                         | 1 -
 .../HttpContextExtensions.cs                                  | 2 --
 .../CookiePolicyMiddleware.cs                                 | 1 -
 .../AuthenticationHandlerFacts.cs                             | 1 -
 .../Cookies/Infrastructure/CookieChunkingTests.cs             | 2 --
 .../TokenExtensionTests.cs                                    | 4 +---
 6 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index d7383e9393..18aa0abcb2 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -13,7 +13,6 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.AspNetCore.Http.Internal;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
diff --git a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
index eea17bcc3c..0d245cf0a7 100644
--- a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
@@ -2,9 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication.Internal;
 
 namespace Microsoft.AspNetCore.Authentication
 {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index b8bb1264eb..7b52a58804 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -6,7 +6,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
-using Microsoft.AspNetCore.Http.Features.Internal;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.CookiePolicy
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
index 431c35bdb5..aa9aef07c2 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -11,7 +11,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.AspNetCore.Http.Internal;
 using Microsoft.Extensions.Logging;
 using Xunit;
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 71590727cb..4b92f08c8d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -2,9 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Internal;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
index ef030d1154..e8f2c16578 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
@@ -3,14 +3,12 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication.Internal;
-using Microsoft.AspNetCore.Http.Internal;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication

From 4d6ad51f8a9354d8e62cf8d66db97bd991b7d93c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 31 Mar 2016 13:09:32 -0700
Subject: [PATCH 508/900] Add fallback logging for username in AuthZ

---
 .../DefaultAuthorizationService.cs            | 27 +++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 7d46ac8b82..39d35d0ddf 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -5,6 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
+using System.Security.Principal;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 
@@ -51,16 +52,38 @@ namespace Microsoft.AspNetCore.Authorization
 
             if (authContext.HasSucceeded)
             {
-                _logger.UserAuthorizationSucceeded(user?.Identity?.Name);
+                _logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
                 return true;
             }
             else
             {
-                _logger.UserAuthorizationFailed(user?.Identity?.Name);
+                _logger.UserAuthorizationFailed(GetUserNameForLogging(user));
                 return false;
             }
         }
 
+        private string GetUserNameForLogging(ClaimsPrincipal user)
+        {
+            var identity = user?.Identity;
+            if (identity != null)
+            {
+                var name = identity.Name;
+                if (name != null)
+                {
+                    return name;
+                }
+                return GetClaimValue(identity, "sub")
+                    ?? GetClaimValue(identity, ClaimTypes.Name)
+                    ?? GetClaimValue(identity, ClaimTypes.NameIdentifier);
+            }
+            return null;
+        }
+
+        private static string GetClaimValue(IIdentity identity, string claimsType)
+        {
+            return (identity as ClaimsIdentity)?.FindFirst(claimsType)?.Value;
+        }
+
         public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
         {
             if (policyName == null)

From 5cd236c1b069cebecf53dbe6380e39933986eb47 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 1 Apr 2016 14:16:49 -0700
Subject: [PATCH 509/900] Guard against null ref

---
 .../AuthenticationHandler.cs                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index ebb25af212..639be0103a 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -102,7 +102,7 @@ namespace Microsoft.AspNetCore.Authentication
             if (ShouldHandleScheme(AuthenticationManager.AutomaticScheme, Options.AutomaticAuthenticate))
             {
                 var result = await HandleAuthenticateOnceAsync();
-                if (result.Failure != null)
+                if (result?.Failure != null)
                 {
                     Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Options.AuthenticationScheme, result.Failure.Message);
                 }

From 4c51e87971ec24d2ff43d92fa6a9101620e6afa1 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 6 Apr 2016 09:47:38 -0700
Subject: [PATCH 510/900] Updating to release.

---
 NuGet.config | 4 ++--
 build.ps1    | 2 +-
 build.sh     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 5500f6d507..71b9724a09 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcirelease/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/build.ps1 b/build.ps1
index 8f2f99691a..cf8bff13bb 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/release.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index f4208100eb..f88fe4052e 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/release.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi

From a41c578d887f77c027e00a916085968d88e8cee7 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 7 Apr 2016 15:47:09 -0700
Subject: [PATCH 511/900] Removing imports from src projects

---
 .../project.json                                  | 12 +++++-------
 .../project.json                                  |  7 ++++---
 .../project.json                                  |  7 ++++---
 .../project.json                                  |  7 ++++---
 .../project.json                                  |  7 ++++---
 .../project.json                                  |  7 ++++---
 .../project.json                                  |  7 ++++---
 .../project.json                                  | 12 +++++-------
 .../project.json                                  |  5 +++--
 .../project.json                                  | 15 ++++++++-------
 .../project.json                                  | 12 +++++-------
 11 files changed, 50 insertions(+), 48 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index b1148ce00c..82438e4025 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -13,7 +13,9 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
@@ -22,11 +24,7 @@
     "Microsoft.Extensions.WebEncoders": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "netstandard1.3": {
-      "imports": [
-        "dotnet5.4"
-      ]
-    }
+    "net451": {},
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 2fe5040003..6639914657 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -13,17 +13,18 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netstandard1.3": {
       "imports": [
-        "dotnet5.4",
         "portable-net451+win8"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index ed29e86ae4..9740543ec5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -13,17 +13,18 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netstandard1.3": {
       "imports": [
-        "dotnet5.4",
         "portable-net451+win8"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 3efa9c0647..204ad1aced 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -13,7 +13,9 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
@@ -21,10 +23,9 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netstandard1.4": {
       "imports": [
-        "dotnet5.5",
         "portable-net451+win8"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index 7507e1eb4c..be1c9099e6 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -13,17 +13,18 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netstandard1.3": {
       "imports": [
-        "dotnet5.4",
         "portable-net451+win8"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index c6658208e5..30a5c489e4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -13,7 +13,9 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
@@ -21,10 +23,9 @@
     "Newtonsoft.Json": "8.0.3"
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netstandard1.3": {
       "imports": [
-        "dotnet5.4",
         "portable-net451+win8"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 7be775cfe0..581abf9ce1 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -13,7 +13,9 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
@@ -21,10 +23,9 @@
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netstandard1.4": {
       "imports": [
-        "dotnet5.5",
         "portable-net451+win8"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 718d51747f..23ca0cf313 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -13,18 +13,16 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "netstandard1.3": {
-      "imports": [
-        "dotnet5.4"
-      ]
-    }
+    "net451": {},
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index f02351c2cd..ec5ff479c8 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -13,7 +13,9 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
@@ -39,7 +41,6 @@
         "System.Net.Http": "4.0.1-*"
       },
       "imports": [
-        "dotnet5.4",
         "portable-net451"
       ]
     }
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 9d65386a8f..0d14ab8ad8 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -12,7 +12,9 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
@@ -22,16 +24,15 @@
   "frameworks": {
     "net451": {
       "frameworkAssemblies": {
-        "System.Runtime": { "type": "build" }
+        "System.Runtime": {
+          "type": "build"
+        }
       }
     },
     "netstandard1.3": {
       "dependencies": {
         "System.Security.Claims": "4.0.1-*"
-      },
-      "imports": [
-        "dotnet5.4"
-      ]
+      }
     }
   }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index f1c7b77b91..72a86bf802 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -11,7 +11,9 @@
   "compilationOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "dependencies": {
@@ -19,11 +21,7 @@
     "Microsoft.Extensions.Options": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "netstandard1.3": {
-      "imports": [
-        "dotnet5.4"
-      ]
-    }
+    "net451": {},
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file

From ff536cc868d8e45a62689e1d61f81328417c33e5 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Thu, 7 Apr 2016 15:23:39 -0700
Subject: [PATCH 512/900] Move web.config and use ANCM

---
 samples/CookieSample/Startup.cs               |  2 +-
 samples/CookieSample/project.json             | 17 ++++++++------
 samples/CookieSample/web.config               |  9 ++++++++
 samples/CookieSample/wwwroot/.gitkeep         |  0
 samples/CookieSample/wwwroot/web.config       |  9 --------
 samples/CookieSessionSample/Startup.cs        |  2 +-
 samples/CookieSessionSample/project.json      | 17 ++++++++------
 samples/CookieSessionSample/web.config        |  9 ++++++++
 samples/CookieSessionSample/wwwroot/.gitkeep  |  0
 .../CookieSessionSample/wwwroot/web.config    |  9 --------
 samples/JwtBearerSample/Startup.cs            |  4 +---
 samples/JwtBearerSample/project.json          | 23 +++++++------------
 samples/JwtBearerSample/web.config            |  9 ++++++++
 samples/JwtBearerSample/wwwroot/web.config    |  9 --------
 .../OpenIdConnect.AzureAdSample/Startup.cs    |  4 +---
 .../OpenIdConnect.AzureAdSample/project.json  | 10 ++++----
 .../OpenIdConnect.AzureAdSample/web.config    |  9 ++++++++
 .../wwwroot/web.config                        |  9 --------
 samples/OpenIdConnectSample/Startup.cs        |  4 +---
 samples/OpenIdConnectSample/project.json      | 15 ++++++------
 samples/OpenIdConnectSample/web.config        |  9 ++++++++
 .../wwwroot/placeholder.html                  | 10 --------
 .../OpenIdConnectSample/wwwroot/web.config    |  9 --------
 samples/SocialSample/Startup.cs               |  8 +------
 samples/SocialSample/project.json             | 16 ++++++-------
 samples/SocialSample/web.config               |  9 ++++++++
 samples/SocialSample/wwwroot/web.config       |  9 --------
 27 files changed, 108 insertions(+), 132 deletions(-)
 create mode 100644 samples/CookieSample/web.config
 delete mode 100644 samples/CookieSample/wwwroot/.gitkeep
 delete mode 100644 samples/CookieSample/wwwroot/web.config
 create mode 100644 samples/CookieSessionSample/web.config
 delete mode 100644 samples/CookieSessionSample/wwwroot/.gitkeep
 delete mode 100644 samples/CookieSessionSample/wwwroot/web.config
 create mode 100644 samples/JwtBearerSample/web.config
 delete mode 100644 samples/JwtBearerSample/wwwroot/web.config
 create mode 100644 samples/OpenIdConnect.AzureAdSample/web.config
 delete mode 100644 samples/OpenIdConnect.AzureAdSample/wwwroot/web.config
 create mode 100644 samples/OpenIdConnectSample/web.config
 delete mode 100644 samples/OpenIdConnectSample/wwwroot/placeholder.html
 delete mode 100644 samples/OpenIdConnectSample/wwwroot/web.config
 create mode 100644 samples/SocialSample/web.config
 delete mode 100644 samples/SocialSample/wwwroot/web.config

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 4ad27b180b..49ac74a7fa 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -47,7 +47,7 @@ namespace CookieSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISPlatformHandlerUrl()
+                .UseIISIntegration()()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index a3e9f4556d..f61695c213 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -2,7 +2,7 @@
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
-    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*"
@@ -10,15 +10,18 @@
   "compilationOptions": {
     "emitEntryPoint": true
   },
-  "commands": {
-    "web": "CookieSample"
-  },
   "frameworks": {
-    "dnx451": {},
+    "net451": {},
     "netstandardapp1.5": {
       "imports": [
         "dnxcore50"
-      ]
+      ],
+      "dependencies": {
+          "NETStandard.Library": "1.5.0-*"
+      }
     }
-  }
+  },
+  "content": [
+    "web.config"
+  ]
 }
\ No newline at end of file
diff --git a/samples/CookieSample/web.config b/samples/CookieSample/web.config
new file mode 100644
index 0000000000..8d61177619
--- /dev/null
+++ b/samples/CookieSample/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
+    </handlers>
+    <aspNetCore processPath=".\CookieSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/CookieSample/wwwroot/.gitkeep b/samples/CookieSample/wwwroot/.gitkeep
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/samples/CookieSample/wwwroot/web.config b/samples/CookieSample/wwwroot/web.config
deleted file mode 100644
index 9a0d90abf8..0000000000
--- a/samples/CookieSample/wwwroot/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
-    </handlers>
-    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 7843f66a1f..d3b72bae20 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -57,7 +57,7 @@ namespace CookieSessionSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISPlatformHandlerUrl()
+                .UseIISIntegration()()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index e60b1b355c..deff15e38d 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -2,7 +2,7 @@
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
-    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
@@ -11,15 +11,18 @@
   "compilationOptions": {
     "emitEntryPoint": true
   },
-  "commands": {
-    "web": "CookieSessionSample"
-  },
   "frameworks": {
-    "dnx451": {},
+    "net451": {},
     "netstandardapp1.5": {
       "imports": [
         "dnxcore50"
-      ]
+      ],
+      "dependencies": {
+          "NETStandard.Library": "1.5.0-*"
+      }
     }
-  }
+  },
+  "content": [
+    "web.config"
+  ]
 }
\ No newline at end of file
diff --git a/samples/CookieSessionSample/web.config b/samples/CookieSessionSample/web.config
new file mode 100644
index 0000000000..fb7e915bfd
--- /dev/null
+++ b/samples/CookieSessionSample/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
+    </handlers>
+    <aspNetCore processPath=".\CookieSessionSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/wwwroot/.gitkeep b/samples/CookieSessionSample/wwwroot/.gitkeep
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/samples/CookieSessionSample/wwwroot/web.config b/samples/CookieSessionSample/wwwroot/web.config
deleted file mode 100644
index 9a0d90abf8..0000000000
--- a/samples/CookieSessionSample/wwwroot/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
-    </handlers>
-    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index b0c2464f87..9916955c36 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -54,8 +54,6 @@ namespace JwtBearerSample
                 }
             });
 
-            app.UseIISPlatformHandler();
-
             app.UseDefaultFiles();
             app.UseStaticFiles();
 
@@ -115,7 +113,7 @@ namespace JwtBearerSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISPlatformHandlerUrl()
+                .UseIISIntegration()()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index a271c2b5c7..f940b1b103 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -5,34 +5,27 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
-    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNetCore.StaticFiles": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
-  "commands": {
-    "web": "JwtBearerSample"
-  },
   "frameworks": {
-    "dnx451": { },
+    "net451": { },
     "netstandardapp1.5": {
       "imports": [
         "dnxcore50"
-      ]
+      ],
+      "dependencies": {
+          "NETStandard.Library": "1.5.0-*"
+      }
     }
   },
-  "exclude": [
-    "wwwroot",
-    "node_modules"
-  ],
-  "publishExclude": [
-    "**.user",
-    "**.vspscc"
-  ],
   "content": [
     "project.json",
-    "wwwroot"
+    "wwwroot",
+    "web.config"
   ],
   "userSecretsId": "aspnet5-JwtBearerSample-20151210102827"
 }
\ No newline at end of file
diff --git a/samples/JwtBearerSample/web.config b/samples/JwtBearerSample/web.config
new file mode 100644
index 0000000000..801dbfd85b
--- /dev/null
+++ b/samples/JwtBearerSample/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
+    </handlers>
+    <aspNetCore processPath=".\JwtBearerSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/JwtBearerSample/wwwroot/web.config b/samples/JwtBearerSample/wwwroot/web.config
deleted file mode 100644
index 8485f6719f..0000000000
--- a/samples/JwtBearerSample/wwwroot/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
-    </handlers>
-    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" stdoutLogEnabled="false" startupTimeLimit="3600"/>
-  </system.webServer>
-</configuration>
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 3a73a090ac..5841d6f2eb 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -62,8 +62,6 @@ namespace OpenIdConnect.AzureAdSample
                 }
             });
 
-            app.UseIISPlatformHandler();
-
             app.UseCookieAuthentication(new CookieAuthenticationOptions());
 
             var clientId = Configuration["oidc:clientid"];
@@ -158,7 +156,7 @@ namespace OpenIdConnect.AzureAdSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISPlatformHandlerUrl()
+                .UseIISIntegration()()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index fd74610190..6c7adf7f2d 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -2,7 +2,7 @@
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
-    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
@@ -10,16 +10,14 @@
     "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "frameworks": {
-    "dnx451": { }
+    "net451": { }
   },
   "compilationOptions": {
     "emitEntryPoint": true
   },
-  "commands": {
-    "web": "OpenIdConnect.AzureAdSample"
-  },
   "content": [
-    "project.json"
+    "project.json",
+    "web.config"
   ],
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
 }
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/web.config b/samples/OpenIdConnect.AzureAdSample/web.config
new file mode 100644
index 0000000000..cdcb5a6149
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
+    </handlers>
+    <aspNetCore processPath=".\OpenIdConnect.AzureAdSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/wwwroot/web.config b/samples/OpenIdConnect.AzureAdSample/wwwroot/web.config
deleted file mode 100644
index 8485f6719f..0000000000
--- a/samples/OpenIdConnect.AzureAdSample/wwwroot/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
-    </handlers>
-    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" stdoutLogEnabled="false" startupTimeLimit="3600"/>
-  </system.webServer>
-</configuration>
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 76ac7c7120..1591ac1196 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -57,8 +57,6 @@ namespace OpenIdConnectSample
                 }
             });
 
-            app.UseIISPlatformHandler();
-
             app.UseCookieAuthentication(new CookieAuthenticationOptions());
 
             app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
@@ -104,7 +102,7 @@ namespace OpenIdConnectSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISPlatformHandlerUrl()
+                .UseIISIntegration()()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 4fd829a22c..cd923e7e01 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -2,28 +2,29 @@
   "dependencies": {
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
-    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*"
   },
   "frameworks": {
-    "dnx451": { },
+    "net451": { },
     "netstandardapp1.5": {
       "imports": [
         "dnxcore50"
-      ]
+      ],
+      "dependencies": {
+          "NETStandard.Library": "1.5.0-*"
+      }
     }
   },
   "compilationOptions": {
     "emitEntryPoint": true
   },
-  "commands": {
-    "web": "OpenIdConnectSample"
-  },
   "content": [
-    "project.json"
+    "project.json",
+    "web.config"
   ],
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
 }
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/web.config b/samples/OpenIdConnectSample/web.config
new file mode 100644
index 0000000000..b1b731ccef
--- /dev/null
+++ b/samples/OpenIdConnectSample/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
+    </handlers>
+    <aspNetCore processPath=".\OpenIdConnectSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/wwwroot/placeholder.html b/samples/OpenIdConnectSample/wwwroot/placeholder.html
deleted file mode 100644
index 125a5a8cf1..0000000000
--- a/samples/OpenIdConnectSample/wwwroot/placeholder.html
+++ /dev/null
@@ -1,10 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <meta charset="utf-8" />
-    <title></title>
-</head>
-<body>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/wwwroot/web.config b/samples/OpenIdConnectSample/wwwroot/web.config
deleted file mode 100644
index 9a0d90abf8..0000000000
--- a/samples/OpenIdConnectSample/wwwroot/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
-    </handlers>
-    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 0e13b78e92..156af2a5c7 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -73,12 +73,6 @@ namespace SocialSample
                 }
             });
 
-            // Forward the scheme from IISPlatformHandler
-            app.UseForwardedHeaders(new ForwardedHeadersOptions()
-            {
-                ForwardedHeaders = ForwardedHeaders.XForwardedProto,
-            });
-
             app.UseCookieAuthentication(new CookieAuthenticationOptions
             {
                 AutomaticAuthenticate = true,
@@ -344,7 +338,7 @@ namespace SocialSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISPlatformHandlerUrl()
+                .UseIISIntegration()()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 1d02230294..edf9129fd8 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -6,8 +6,7 @@
     "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
-    "Microsoft.AspNetCore.HttpOverrides": "1.0.0-*",
-    "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
@@ -18,20 +17,21 @@
   "compilationOptions": {
     "emitEntryPoint": true
   },
-  "commands": {
-    "web": "SocialSample"
-  },
   "frameworks": {
-    "dnx451": {},
+    "net451": {},
     "netstandardapp1.5": {
       "imports": [
         "dnxcore50"
-      ]
+      ],
+      "dependencies": {
+          "NETStandard.Library": "1.5.0-*"
+      }
     }
   },
   "userSecretsId": "aspnet5-SocialSample-20151210111056",
   "content": [
     "config.json",
-    "project.json"
+    "project.json",
+    "web.config"
   ]
 }
diff --git a/samples/SocialSample/web.config b/samples/SocialSample/web.config
new file mode 100644
index 0000000000..5611f93f11
--- /dev/null
+++ b/samples/SocialSample/web.config
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<configuration>
+  <system.webServer>
+    <handlers>
+      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
+    </handlers>
+    <aspNetCore processPath=".\SocialSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+  </system.webServer>
+</configuration>
\ No newline at end of file
diff --git a/samples/SocialSample/wwwroot/web.config b/samples/SocialSample/wwwroot/web.config
deleted file mode 100644
index 9a0d90abf8..0000000000
--- a/samples/SocialSample/wwwroot/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
-    </handlers>
-    <httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" forwardWindowsAuthToken="false" startupTimeLimit="3600" />
-  </system.webServer>
-</configuration>
\ No newline at end of file

From 300b9cd90f7e32095355fcb3d4d0a3a5b0fa8aa0 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Mon, 11 Apr 2016 11:48:44 -0700
Subject: [PATCH 513/900] Fix typo when migrating to ANCM

---
 samples/CookieSample/Startup.cs                | 2 +-
 samples/CookieSessionSample/Startup.cs         | 2 +-
 samples/JwtBearerSample/Startup.cs             | 2 +-
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 2 +-
 samples/OpenIdConnectSample/Startup.cs         | 2 +-
 samples/SocialSample/Startup.cs                | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 49ac74a7fa..c2593c9090 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -47,7 +47,7 @@ namespace CookieSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISIntegration()()
+                .UseIISIntegration()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index d3b72bae20..423c961206 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -57,7 +57,7 @@ namespace CookieSessionSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISIntegration()()
+                .UseIISIntegration()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 9916955c36..c2dbfb7a9d 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -113,7 +113,7 @@ namespace JwtBearerSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISIntegration()()
+                .UseIISIntegration()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 5841d6f2eb..938a19c201 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -156,7 +156,7 @@ namespace OpenIdConnect.AzureAdSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISIntegration()()
+                .UseIISIntegration()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 1591ac1196..097ce771bc 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -102,7 +102,7 @@ namespace OpenIdConnectSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISIntegration()()
+                .UseIISIntegration()
                 .UseStartup<Startup>()
                 .Build();
 
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 156af2a5c7..e002894ce0 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -338,7 +338,7 @@ namespace SocialSample
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
-                .UseIISIntegration()()
+                .UseIISIntegration()
                 .UseStartup<Startup>()
                 .Build();
 

From 669c06098b387c32786cd1bbdb312e18620cea5c Mon Sep 17 00:00:00 2001
From: Mike Harder <mharder@microsoft.com>
Date: Wed, 13 Apr 2016 17:57:25 -0700
Subject: [PATCH 514/900] React to Kestrel config changes -
 aspnet/KestrelHttpServer#720

---
 samples/SocialSample/Startup.cs | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index e002894ce0..f109d65feb 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -51,10 +51,6 @@ namespace SocialSample
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            //Configure SSL
-            var serverCertificate = LoadCertificate();
-            app.UseKestrelHttps(serverCertificate);
-
             // Simple error page to avoid a repo dependency.
             app.Use(async (context, next) =>
             {
@@ -337,7 +333,12 @@ namespace SocialSample
         {
             var host = new WebHostBuilder()
                 .UseDefaultHostingConfiguration(args)
-                .UseKestrel()
+                .UseKestrel(options =>
+                {
+                    //Configure SSL
+                    var serverCertificate = LoadCertificate();
+                    options.UseHttps(serverCertificate);
+                })
                 .UseIISIntegration()
                 .UseStartup<Startup>()
                 .Build();
@@ -345,9 +346,9 @@ namespace SocialSample
             host.Run();
         }
 
-        private X509Certificate2 LoadCertificate()
+        private static X509Certificate2 LoadCertificate()
         {
-            var socialSampleAssembly = GetType().GetTypeInfo().Assembly;
+            var socialSampleAssembly = typeof(Startup).GetTypeInfo().Assembly;
             var embeddedFileProvider = new EmbeddedFileProvider(socialSampleAssembly, "SocialSample");
             var certificateFileInfo = embeddedFileProvider.GetFileInfo("compiler/resources/cert.pfx");
             using (var certificateStream = certificateFileInfo.CreateReadStream())

From 8023d1eb027efa890d931a26ad29668821e2a05f Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Thu, 14 Apr 2016 13:52:39 -0700
Subject: [PATCH 515/900] Add serialization.primitives for Newtonsoft.Json

---
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 30a5c489e4..a3b553c5d1 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -20,7 +20,8 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "8.0.3"
+    "Newtonsoft.Json": "8.0.3",
+    "System.Runtime.Serialization.Primitives": "4.1.1-*"
   },
   "frameworks": {
     "net451": {},

From 3db1f1e9fd40fbdf1a283f17e1d6f1eb69331a0f Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Thu, 14 Apr 2016 15:41:40 -0700
Subject: [PATCH 516/900] Move dependency to netstandard only

---
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index a3b553c5d1..a4ee111667 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -20,12 +20,14 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "8.0.3",
-    "System.Runtime.Serialization.Primitives": "4.1.1-*"
+    "Newtonsoft.Json": "8.0.3"
   },
   "frameworks": {
     "net451": {},
     "netstandard1.3": {
+      "dependencies": {
+        "System.Runtime.Serialization.Primitives": "4.1.1-*"
+      },
       "imports": [
         "portable-net451+win8"
       ]

From f6557c821d9c7750f13a64a7cd73063b642af16e Mon Sep 17 00:00:00 2001
From: Pavel Krymets <pavel@krymets.com>
Date: Fri, 15 Apr 2016 09:48:24 -0700
Subject: [PATCH 517/900] Migrate tests, tools and samples to portable

---
 samples/CookieSample/project.json                  | 10 ++++++----
 samples/CookieSessionSample/project.json           | 10 ++++++----
 samples/JwtBearerSample/project.json               | 12 +++++++-----
 samples/OpenIdConnectSample/project.json           | 12 +++++++-----
 samples/SocialSample/project.json                  | 14 ++++++++------
 .../project.json                                   |  7 +++++--
 .../project.json                                   |  7 +++++--
 .../project.json                                   |  7 +++++--
 8 files changed, 49 insertions(+), 30 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index f61695c213..45bf301882 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -4,20 +4,22 @@
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "compilationOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
     "net451": {},
-    "netstandardapp1.5": {
+    "netcoreapp1.0": {
       "imports": [
         "dnxcore50"
       ],
       "dependencies": {
-          "NETStandard.Library": "1.5.0-*"
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        }
       }
     }
   },
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index deff15e38d..47ed4e9192 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -5,20 +5,22 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "compilationOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
     "net451": {},
-    "netstandardapp1.5": {
+    "netcoreapp1.0": {
       "imports": [
         "dnxcore50"
       ],
       "dependencies": {
-          "NETStandard.Library": "1.5.0-*"
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        }
       }
     }
   },
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index f940b1b103..829ec7fa8b 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -8,17 +8,19 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNetCore.StaticFiles": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*"
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "netstandardapp1.5": {
+    "net451": {},
+    "netcoreapp1.0": {
       "imports": [
         "dnxcore50"
       ],
       "dependencies": {
-          "NETStandard.Library": "1.5.0-*"
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        }
       }
     }
   },
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index cd923e7e01..faeb6a0ee6 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -5,17 +5,19 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "frameworks": {
-    "net451": { },
-    "netstandardapp1.5": {
+    "net451": {},
+    "netcoreapp1.0": {
       "imports": [
         "dnxcore50"
       ],
       "dependencies": {
-          "NETStandard.Library": "1.5.0-*"
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        }
       }
     }
   },
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index edf9129fd8..66ab3ede66 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -10,21 +10,23 @@
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.FileProviders.Embedded":  "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*"
+    "Microsoft.Extensions.FileProviders.Embedded": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "compilationOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
     "net451": {},
-    "netstandardapp1.5": {
+    "netcoreapp1.0": {
       "imports": [
         "dnxcore50"
       ],
       "dependencies": {
-          "NETStandard.Library": "1.5.0-*"
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        }
       }
     }
   },
@@ -34,4 +36,4 @@
     "project.json",
     "web.config"
   ]
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 07137861a4..79219ed228 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -15,10 +15,13 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
-    "netstandardapp1.5": {
+    "netcoreapp1.0": {
       "dependencies": {
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        },
         "dotnet-test-xunit": "1.0.0-dev-*",
-        "NETStandard.Library": "1.5.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 0bc8910ce9..3002b7368c 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -10,10 +10,13 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
-    "netstandardapp1.5": {
+    "netcoreapp1.0": {
       "dependencies": {
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        },
         "dotnet-test-xunit": "1.0.0-dev-*",
-        "NETStandard.Library": "1.5.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 8d529ea87c..66b67c062b 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -9,10 +9,13 @@
     "xunit": "2.1.0"
   },
   "frameworks": {
-    "netstandardapp1.5": {
+    "netcoreapp1.0": {
       "dependencies": {
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        },
         "dotnet-test-xunit": "1.0.0-dev-*",
-        "NETStandard.Library": "1.5.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [

From e3667f7c26c90ab277fe472aca070e21befc2f49 Mon Sep 17 00:00:00 2001
From: Pavel Krymets <pavel@krymets.com>
Date: Mon, 18 Apr 2016 17:05:20 -0700
Subject: [PATCH 518/900] Bring Microsoft.NETCore.Platforms dependency back

---
 samples/CookieSample/project.json                         | 1 +
 samples/CookieSessionSample/project.json                  | 1 +
 samples/JwtBearerSample/project.json                      | 1 +
 samples/OpenIdConnect.AzureAdSample/project.json          | 8 ++++----
 samples/OpenIdConnectSample/project.json                  | 1 +
 samples/SocialSample/project.json                         | 1 +
 .../Microsoft.AspNetCore.Authentication.Test/project.json | 1 +
 test/Microsoft.AspNetCore.Authorization.Test/project.json | 1 +
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json  | 1 +
 test/Microsoft.Owin.Security.Interop.Test/project.json    | 6 +++---
 10 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 45bf301882..531ea474cd 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,5 +1,6 @@
 {
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 47ed4e9192..c1aee49c15 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,5 +1,6 @@
 {
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 829ec7fa8b..29ecf01579 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -4,6 +4,7 @@
     "emitEntryPoint": true
   },
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 6c7adf7f2d..b6879e5775 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -1,16 +1,16 @@
-{
+{
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.IdentityModel.Clients.ActiveDirectory": "2.22.302111727",
-    "Microsoft.NETCore.Platforms": "1.0.1-*"
+    "Microsoft.IdentityModel.Clients.ActiveDirectory": "2.22.302111727"
   },
   "frameworks": {
-    "net451": { }
+    "net451": {}
   },
   "compilationOptions": {
     "emitEntryPoint": true
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index faeb6a0ee6..553e170fc5 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,5 +1,6 @@
 {
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 66ab3ede66..fe1d2bfdc5 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,5 +1,6 @@
 {
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 79219ed228..b1ac8e97cc 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -3,6 +3,7 @@
     "warningsAsErrors": true
   },
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 3002b7368c..721986616a 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -3,6 +3,7 @@
     "warningsAsErrors": true
   },
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authorization": "1.0.0-*",
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 66b67c062b..f2283ce4f3 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -3,6 +3,7 @@
     "warningsAsErrors": true
   },
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index 0f156822df..dac3f8185e 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -3,6 +3,7 @@
     "warningsAsErrors": true
   },
   "dependencies": {
+    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Owin.Security.Cookies": "3.0.1",
@@ -13,12 +14,11 @@
   },
   "frameworks": {
     "net451": {
-     "frameworkAssemblies": {
+      "frameworkAssemblies": {
         "System.Runtime": "",
         "System.Threading.Tasks": ""
       }
     }
   },
   "testRunner": "xunit"
-}
-
+}
\ No newline at end of file

From 85b5eb28a04517167141650eda6427bfa466ccbc Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 19 Apr 2016 14:54:11 -0700
Subject: [PATCH 519/900] Use latest build of dotnet-test-xunit

---
 test/Microsoft.AspNetCore.Authentication.Test/project.json | 2 +-
 test/Microsoft.AspNetCore.Authorization.Test/project.json  | 2 +-
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index b1ac8e97cc..931b20be10 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -22,7 +22,7 @@
           "version": "1.0.0-*",
           "type": "platform"
         },
-        "dotnet-test-xunit": "1.0.0-dev-*",
+        "dotnet-test-xunit": "1.0.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 721986616a..a16a0ba374 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -17,7 +17,7 @@
           "version": "1.0.0-*",
           "type": "platform"
         },
-        "dotnet-test-xunit": "1.0.0-dev-*",
+        "dotnet-test-xunit": "1.0.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index f2283ce4f3..bb388af16f 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -16,7 +16,7 @@
           "version": "1.0.0-*",
           "type": "platform"
         },
-        "dotnet-test-xunit": "1.0.0-dev-*",
+        "dotnet-test-xunit": "1.0.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [

From c06cac5d307ab6cc2904bccb9591b6cd0748a1af Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 21 Apr 2016 14:46:40 -0700
Subject: [PATCH 520/900] #744 Change OIDC's default ResponseType to IdToken.

---
 .../OpenIdConnectOptions.cs                                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index acf9d77e40..cdbc9e0f0d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -148,7 +148,7 @@ namespace Microsoft.AspNetCore.Builder
         /// <summary>
         /// Gets or sets the 'response_type'.
         /// </summary>
-        public string ResponseType { get; set; } = OpenIdConnectResponseTypes.CodeIdToken;
+        public string ResponseType { get; set; } = OpenIdConnectResponseTypes.IdToken;
 
         /// <summary>
         /// Gets the list of permissions to request.

From 6e3ff403d4981cc276e3a262dc4263c74cfe2fdc Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Fri, 22 Apr 2016 09:32:34 -0700
Subject: [PATCH 521/900] [Fixes #794] Exception thrown when
 'Microsoft.AspNetCore.Authentication.JwtBearer' tries to log a message

---
 .../LoggingExtensions.cs                                    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
index 643da92906..008190f516 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
@@ -8,7 +8,7 @@ namespace Microsoft.Extensions.Logging
     internal static class LoggingExtensions
     {
         private static Action<ILogger, string, Exception> _tokenValidationFailed;
-        private static Action<ILogger, string, Exception> _tokenValidationSucceeded;
+        private static Action<ILogger, Exception> _tokenValidationSucceeded;
         private static Action<ILogger, Exception> _errorProcessingMessage;
 
         static LoggingExtensions()
@@ -17,7 +17,7 @@ namespace Microsoft.Extensions.Logging
                 eventId: 1,
                 logLevel: LogLevel.Information,
                 formatString: "Failed to validate the token {Token}.");
-            _tokenValidationSucceeded = LoggerMessage.Define<string>(
+            _tokenValidationSucceeded = LoggerMessage.Define(
                 eventId: 2,
                 logLevel: LogLevel.Information,
                 formatString: "Successfully validated the token.");
@@ -34,7 +34,7 @@ namespace Microsoft.Extensions.Logging
 
         public static void TokenValidationSucceeded(this ILogger logger)
         {
-            _tokenValidationSucceeded(logger, null, null);
+            _tokenValidationSucceeded(logger, null);
         }
 
         public static void ErrorProcessingMessage(this ILogger logger, Exception ex)

From 0cd7c7236bd2e3132378df4fe17862dd9ee1d9ab Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 25 Apr 2016 12:15:04 -0700
Subject: [PATCH 522/900] React to FormReader api change.

---
 .../TwitterHandler.cs                                         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 18aa0abcb2..fdb7e3e077 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -202,7 +202,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             response.EnsureSuccessStatusCode();
             string responseText = await response.Content.ReadAsStringAsync();
 
-            var responseParameters = new FormCollection(FormReader.ReadForm(responseText));
+            var responseParameters = new FormCollection(new FormReader(responseText).ReadForm());
             if (!string.Equals(responseParameters["oauth_callback_confirmed"], "true", StringComparison.Ordinal))
             {
                 throw new Exception("Twitter oauth_callback_confirmed is not true.");
@@ -277,7 +277,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             }
 
             var responseText = await response.Content.ReadAsStringAsync();
-            var responseParameters = new FormCollection(FormReader.ReadForm(responseText));
+            var responseParameters = new FormCollection(new FormReader(responseText).ReadForm());
 
             return new AccessToken
             {

From 32cb95c3eedc13333976a8f38b18665987f80796 Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Mon, 25 Apr 2016 13:07:00 -0700
Subject: [PATCH 523/900] Update web.config and add publish tool

---
 samples/CookieSample/project.json                | 11 ++++++++++-
 samples/CookieSample/web.config                  |  2 +-
 samples/CookieSessionSample/project.json         | 11 ++++++++++-
 samples/CookieSessionSample/web.config           |  2 +-
 samples/JwtBearerSample/project.json             | 11 ++++++++++-
 samples/JwtBearerSample/web.config               |  2 +-
 samples/OpenIdConnect.AzureAdSample/project.json | 11 ++++++++++-
 samples/OpenIdConnect.AzureAdSample/web.config   |  2 +-
 samples/OpenIdConnectSample/project.json         | 11 ++++++++++-
 samples/OpenIdConnectSample/web.config           |  2 +-
 samples/SocialSample/project.json                | 11 ++++++++++-
 samples/SocialSample/web.config                  |  2 +-
 12 files changed, 66 insertions(+), 12 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 531ea474cd..6da446848e 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -26,5 +26,14 @@
   },
   "content": [
     "web.config"
-  ]
+  ],
+  "tools": {
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
+      "version": "1.0.0-*",
+      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
+    }
+  },
+  "scripts": {
+    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
+  }
 }
\ No newline at end of file
diff --git a/samples/CookieSample/web.config b/samples/CookieSample/web.config
index 8d61177619..f7ac679334 100644
--- a/samples/CookieSample/web.config
+++ b/samples/CookieSample/web.config
@@ -4,6 +4,6 @@
     <handlers>
       <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
     </handlers>
-    <aspNetCore processPath=".\CookieSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
   </system.webServer>
 </configuration>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index c1aee49c15..3c83173804 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -27,5 +27,14 @@
   },
   "content": [
     "web.config"
-  ]
+  ],
+  "tools": {
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
+      "version": "1.0.0-*",
+      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
+    }
+  },
+  "scripts": {
+    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
+  }
 }
\ No newline at end of file
diff --git a/samples/CookieSessionSample/web.config b/samples/CookieSessionSample/web.config
index fb7e915bfd..f7ac679334 100644
--- a/samples/CookieSessionSample/web.config
+++ b/samples/CookieSessionSample/web.config
@@ -4,6 +4,6 @@
     <handlers>
       <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
     </handlers>
-    <aspNetCore processPath=".\CookieSessionSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
   </system.webServer>
 </configuration>
\ No newline at end of file
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 29ecf01579..c0b448b72c 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -30,5 +30,14 @@
     "wwwroot",
     "web.config"
   ],
-  "userSecretsId": "aspnet5-JwtBearerSample-20151210102827"
+  "userSecretsId": "aspnet5-JwtBearerSample-20151210102827",
+  "tools": {
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
+      "version": "1.0.0-*",
+      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
+    }
+  },
+  "scripts": {
+    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
+  }
 }
\ No newline at end of file
diff --git a/samples/JwtBearerSample/web.config b/samples/JwtBearerSample/web.config
index 801dbfd85b..f7ac679334 100644
--- a/samples/JwtBearerSample/web.config
+++ b/samples/JwtBearerSample/web.config
@@ -4,6 +4,6 @@
     <handlers>
       <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
     </handlers>
-    <aspNetCore processPath=".\JwtBearerSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
   </system.webServer>
 </configuration>
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index b6879e5775..da801b5c2d 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -19,5 +19,14 @@
     "project.json",
     "web.config"
   ],
-  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
+  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
+  "tools": {
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
+      "version": "1.0.0-*",
+      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
+    }
+  },
+  "scripts": {
+    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
+  }
 }
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/web.config b/samples/OpenIdConnect.AzureAdSample/web.config
index cdcb5a6149..f7ac679334 100644
--- a/samples/OpenIdConnect.AzureAdSample/web.config
+++ b/samples/OpenIdConnect.AzureAdSample/web.config
@@ -4,6 +4,6 @@
     <handlers>
       <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
     </handlers>
-    <aspNetCore processPath=".\OpenIdConnect.AzureAdSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
   </system.webServer>
 </configuration>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 553e170fc5..b907b68f98 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -29,5 +29,14 @@
     "project.json",
     "web.config"
   ],
-  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318"
+  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
+  "tools": {
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
+      "version": "1.0.0-*",
+      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
+    }
+  },
+  "scripts": {
+    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
+  }
 }
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/web.config b/samples/OpenIdConnectSample/web.config
index b1b731ccef..f7ac679334 100644
--- a/samples/OpenIdConnectSample/web.config
+++ b/samples/OpenIdConnectSample/web.config
@@ -4,6 +4,6 @@
     <handlers>
       <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
     </handlers>
-    <aspNetCore processPath=".\OpenIdConnectSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
   </system.webServer>
 </configuration>
\ No newline at end of file
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index fe1d2bfdc5..c37c5f2b16 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -36,5 +36,14 @@
     "config.json",
     "project.json",
     "web.config"
-  ]
+  ],
+  "tools": {
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
+      "version": "1.0.0-*",
+      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
+    }
+  },
+  "scripts": {
+    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
+  }
 }
\ No newline at end of file
diff --git a/samples/SocialSample/web.config b/samples/SocialSample/web.config
index 5611f93f11..f7ac679334 100644
--- a/samples/SocialSample/web.config
+++ b/samples/SocialSample/web.config
@@ -4,6 +4,6 @@
     <handlers>
       <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
     </handlers>
-    <aspNetCore processPath=".\SocialSample.exe" arguments="" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
+    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
   </system.webServer>
 </configuration>
\ No newline at end of file

From bb7290e9e1ce3552c47c4e4ed41e0f330a780cc2 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Wed, 27 Apr 2016 15:28:21 -0700
Subject: [PATCH 524/900] Remove references to UseDefaultConfiguration

---
 samples/CookieSample/Startup.cs                | 1 -
 samples/CookieSessionSample/Startup.cs         | 1 -
 samples/JwtBearerSample/Startup.cs             | 1 -
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 1 -
 samples/OpenIdConnectSample/Startup.cs         | 1 -
 samples/SocialSample/Startup.cs                | 1 -
 6 files changed, 6 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index c2593c9090..768415f0ce 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -45,7 +45,6 @@ namespace CookieSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 423c961206..4d3ea3aa67 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -55,7 +55,6 @@ namespace CookieSessionSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index c2dbfb7a9d..b2df5033e4 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -111,7 +111,6 @@ namespace JwtBearerSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 938a19c201..7d8cf23461 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -154,7 +154,6 @@ namespace OpenIdConnect.AzureAdSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 097ce771bc..ff68b471fa 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -100,7 +100,6 @@ namespace OpenIdConnectSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultHostingConfiguration(args)
                 .UseKestrel()
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index f109d65feb..bf09b3f6f2 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -332,7 +332,6 @@ namespace SocialSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseDefaultHostingConfiguration(args)
                 .UseKestrel(options =>
                 {
                     //Configure SSL

From 0bce133ee4c267484e36cc98f9ccf25f698761d7 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 28 Apr 2016 10:18:01 -0700
Subject: [PATCH 525/900] #765 Retrieve the email address from Twitter.

---
 samples/SocialSample/Startup.cs               |  19 +++-
 samples/SocialSample/config.json              |   4 +-
 .../Events/TwitterCreatingTicketContext.cs    |  20 +++-
 .../LoggingExtensions.cs                      |  10 ++
 .../TwitterHandler.cs                         | 102 +++++++++++++++---
 .../TwitterOptions.cs                         |   8 ++
 .../project.json                              |   9 +-
 7 files changed, 150 insertions(+), 22 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index bf09b3f6f2..474e43ae75 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -125,9 +125,18 @@ namespace SocialSample
             {
                 ConsumerKey = Configuration["twitter:consumerkey"],
                 ConsumerSecret = Configuration["twitter:consumersecret"],
+                // http://stackoverflow.com/questions/22627083/can-we-get-email-id-from-twitter-oauth-api/32852370#32852370
+                // http://stackoverflow.com/questions/36330675/get-users-email-from-twitter-api-for-external-login-authentication-asp-net-mvc?lq=1
+                RetrieveUserDetails = true,
                 SaveTokens = true,
                 Events = new TwitterEvents()
                 {
+                    OnCreatingTicket = ctx =>
+                    {
+                        var profilePic = ctx.User.Value<string>("profile_image_url");
+                        ctx.Principal.Identities.First().AddClaim(new Claim("urn:twitter:profilepicture", profilePic, ClaimTypes.Uri, ctx.Options.ClaimsIssuer));
+                        return Task.FromResult(0);
+                    },
                     OnRemoteFailure = ctx =>
                     {
                         ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
@@ -139,7 +148,7 @@ namespace SocialSample
 
             /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
                Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
-               https://localhost:54541/
+               https://localhost:44318/
             */
             // See config.json
             // https://apps.dev.microsoft.com/
@@ -232,6 +241,14 @@ namespace SocialSample
                                 ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
 
+                        var email = user.Value<string>("email");
+                        if (!string.IsNullOrEmpty(email))
+                        {
+                            context.Identity.AddClaim(new Claim(
+                                ClaimTypes.Email, email,
+                                ClaimValueTypes.Email, context.Options.ClaimsIssuer));
+                        }
+
                         var link = user.Value<string>("url");
                         if (!string.IsNullOrEmpty(link))
                         {
diff --git a/samples/SocialSample/config.json b/samples/SocialSample/config.json
index 5c1453e39f..11477998c0 100644
--- a/samples/SocialSample/config.json
+++ b/samples/SocialSample/config.json
@@ -1,8 +1,8 @@
 {
   "google:clientid": "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
   "google:clientsecret": "n2Q-GEw9RQjzcRbU3qhfTj8f",
-  "twitter:consumerkey": "6XaCTaLbMqfj6ww3zvZ5g",
-  "twitter:consumersecret": "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI",
+  "twitter:consumerkey": "VvNJRyGeqYBByN694UHudI2cv",
+  "twitter:consumersecret": "V2xEqWgmphPdlUXX4ARWsozl9lfbvr5wbAYw2LN8m6kZV7pt20",
   "github:clientid": "49e302895d8b09ea5656",
   "github:clientsecret": "98f1bf028608901e9df91d64ee61536fe562064b",
   "github-token:clientid": "8c0c5a572abe8fe89588",
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index 04a45ac6d8..435196a1e5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -5,6 +5,7 @@ using System.Security.Claims;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
+using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
@@ -22,40 +23,49 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <param name="screenName">Twitter screen name</param>
         /// <param name="accessToken">Twitter access token</param>
         /// <param name="accessTokenSecret">Twitter access token secret</param>
+        /// <param name="user">User details</param>
         public TwitterCreatingTicketContext(
             HttpContext context,
             TwitterOptions options,
             string userId,
             string screenName,
             string accessToken,
-            string accessTokenSecret)
+            string accessTokenSecret,
+            JObject user)
             : base(context, options)
         {
             UserId = userId;
             ScreenName = screenName;
             AccessToken = accessToken;
             AccessTokenSecret = accessTokenSecret;
+            User = user ?? new JObject();
         }
 
         /// <summary>
         /// Gets the Twitter user ID
         /// </summary>
-        public string UserId { get; private set; }
+        public string UserId { get; }
 
         /// <summary>
         /// Gets the Twitter screen name
         /// </summary>
-        public string ScreenName { get; private set; }
+        public string ScreenName { get; }
 
         /// <summary>
         /// Gets the Twitter access token
         /// </summary>
-        public string AccessToken { get; private set; }
+        public string AccessToken { get; }
 
         /// <summary>
         /// Gets the Twitter access token secret
         /// </summary>
-        public string AccessTokenSecret { get; private set; }
+        public string AccessTokenSecret { get; }
+
+        /// <summary>
+        /// Gets the JSON-serialized user or an empty
+        /// <see cref="JObject"/> if it is not available.
+        /// </summary>
+        public JObject User { get; }
 
         /// <summary>
         /// Gets the <see cref="ClaimsPrincipal"/> representing the user
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
index 21a4ac541d..2a2cd5da79 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
@@ -9,6 +9,7 @@ namespace Microsoft.Extensions.Logging
     {
         private static Action<ILogger, Exception> _obtainRequestToken;
         private static Action<ILogger, Exception> _obtainAccessToken;
+        private static Action<ILogger, Exception> _retrieveUserDetails;
 
         static LoggingExtensions()
         {
@@ -20,6 +21,10 @@ namespace Microsoft.Extensions.Logging
                 eventId: 2,
                 logLevel: LogLevel.Debug,
                 formatString: "ObtainAccessToken");
+            _retrieveUserDetails = LoggerMessage.Define(
+                eventId: 3,
+                logLevel: LogLevel.Debug,
+                formatString: "RetrieveUserDetails");
 
         }
 
@@ -32,5 +37,10 @@ namespace Microsoft.Extensions.Logging
         {
             _obtainRequestToken(logger, null);
         }
+
+        public static void RetrieveUserDetails(this ILogger logger)
+        {
+            _retrieveUserDetails(logger, null);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index fdb7e3e077..4fbf35aaa1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -16,6 +16,7 @@ using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
+using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
@@ -76,7 +77,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             Response.Cookies.Delete(StateCookie, cookieOptions);
 
-            var accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
+            var accessToken = await ObtainAccessTokenAsync(requestToken, oauthVerifier);
 
             var identity = new ClaimsIdentity(new[]
             {
@@ -87,6 +88,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             },
             Options.ClaimsIssuer);
 
+            JObject user = null;
+            if (Options.RetrieveUserDetails)
+            {
+                user = await RetrieveUserDetailsAsync(accessToken, identity);
+            }
+
             if (Options.SaveTokens)
             {
                 properties.StoreTokens(new [] {
@@ -95,12 +102,13 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 });
             }
 
-            return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, accessToken));
+            return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, accessToken, user));
         }
 
-        protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, AccessToken token)
+        protected virtual async Task<AuthenticationTicket> CreateTicketAsync(
+            ClaimsIdentity identity, AuthenticationProperties properties, AccessToken token, JObject user)
         {
-            var context = new TwitterCreatingTicketContext(Context, Options, token.UserId, token.ScreenName, token.Token, token.TokenSecret)
+            var context = new TwitterCreatingTicketContext(Context, Options, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
             {
                 Principal = new ClaimsPrincipal(identity),
                 Properties = properties
@@ -134,7 +142,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             }
 
             // If CallbackConfirmed is false, this will throw
-            var requestToken = await ObtainRequestTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, BuildRedirectUri(Options.CallbackPath), properties);
+            var requestToken = await ObtainRequestTokenAsync(BuildRedirectUri(Options.CallbackPath), properties);
             var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
 
             var cookieOptions = new CookieOptions
@@ -152,7 +160,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             return true;
         }
 
-        private async Task<RequestToken> ObtainRequestTokenAsync(string consumerKey, string consumerSecret, string callBackUri, AuthenticationProperties properties)
+        private async Task<RequestToken> ObtainRequestTokenAsync(string callBackUri, AuthenticationProperties properties)
         {
             Logger.ObtainRequestToken();
 
@@ -161,7 +169,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var authorizationParts = new SortedDictionary<string, string>
             {
                 { "oauth_callback", callBackUri },
-                { "oauth_consumer_key", consumerKey },
+                { "oauth_consumer_key", Options.ConsumerKey },
                 { "oauth_nonce", nonce },
                 { "oauth_signature_method", "HMAC-SHA1" },
                 { "oauth_timestamp", GenerateTimeStamp() },
@@ -183,7 +191,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             canonicalizedRequestBuilder.Append("&");
             canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
 
-            var signature = ComputeSignature(consumerSecret, null, canonicalizedRequestBuilder.ToString());
+            var signature = ComputeSignature(Options.ConsumerSecret, null, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
 
             var authorizationHeaderBuilder = new StringBuilder();
@@ -200,7 +208,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             var response = await _httpClient.SendAsync(request, Context.RequestAborted);
             response.EnsureSuccessStatusCode();
-            string responseText = await response.Content.ReadAsStringAsync();
+            var responseText = await response.Content.ReadAsStringAsync();
 
             var responseParameters = new FormCollection(new FormReader(responseText).ReadForm());
             if (!string.Equals(responseParameters["oauth_callback_confirmed"], "true", StringComparison.Ordinal))
@@ -211,7 +219,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             return new RequestToken { Token = Uri.UnescapeDataString(responseParameters["oauth_token"]), TokenSecret = Uri.UnescapeDataString(responseParameters["oauth_token_secret"]), CallbackConfirmed = true, Properties = properties };
         }
 
-        private async Task<AccessToken> ObtainAccessTokenAsync(string consumerKey, string consumerSecret, RequestToken token, string verifier)
+        private async Task<AccessToken> ObtainAccessTokenAsync(RequestToken token, string verifier)
         {
             // https://dev.twitter.com/docs/api/1/post/oauth/access_token
 
@@ -221,7 +229,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             var authorizationParts = new SortedDictionary<string, string>
             {
-                { "oauth_consumer_key", consumerKey },
+                { "oauth_consumer_key", Options.ConsumerKey },
                 { "oauth_nonce", nonce },
                 { "oauth_signature_method", "HMAC-SHA1" },
                 { "oauth_token", token.Token },
@@ -245,7 +253,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             canonicalizedRequestBuilder.Append("&");
             canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
 
-            var signature = ComputeSignature(consumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
+            var signature = ComputeSignature(Options.ConsumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
             authorizationParts.Add("oauth_signature", signature);
             authorizationParts.Remove("oauth_verifier");
 
@@ -288,6 +296,76 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             };
         }
 
+        // https://dev.twitter.com/rest/reference/get/account/verify_credentials
+        private async Task<JObject> RetrieveUserDetailsAsync(AccessToken accessToken, ClaimsIdentity identity)
+        {
+            Logger.RetrieveUserDetails();
+
+            var nonce = Guid.NewGuid().ToString("N");
+
+            var authorizationParts = new SortedDictionary<string, string>
+                        {
+                            { "oauth_consumer_key", Options.ConsumerKey },
+                            { "oauth_nonce", nonce },
+                            { "oauth_signature_method", "HMAC-SHA1" },
+                            { "oauth_timestamp", GenerateTimeStamp() },
+                            { "oauth_token", accessToken.Token },
+                            { "oauth_version", "1.0" }
+                        };
+
+            var parameterBuilder = new StringBuilder();
+            foreach (var authorizationKey in authorizationParts)
+            {
+                parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.Encode(authorizationKey.Key), UrlEncoder.Encode(authorizationKey.Value));
+            }
+            parameterBuilder.Length--;
+            var parameterString = parameterBuilder.ToString();
+
+            var resource_url = "https://api.twitter.com/1.1/account/verify_credentials.json";
+            var resource_query = "include_email=true";
+            var canonicalizedRequestBuilder = new StringBuilder();
+            canonicalizedRequestBuilder.Append(HttpMethod.Get.Method);
+            canonicalizedRequestBuilder.Append("&");
+            canonicalizedRequestBuilder.Append(UrlEncoder.Encode(resource_url));
+            canonicalizedRequestBuilder.Append("&");
+            canonicalizedRequestBuilder.Append(UrlEncoder.Encode(resource_query));
+            canonicalizedRequestBuilder.Append("%26");
+            canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
+
+            var signature = ComputeSignature(Options.ConsumerSecret, accessToken.TokenSecret, canonicalizedRequestBuilder.ToString());
+            authorizationParts.Add("oauth_signature", signature);
+
+            var authorizationHeaderBuilder = new StringBuilder();
+            authorizationHeaderBuilder.Append("OAuth ");
+            foreach (var authorizationPart in authorizationParts)
+            {
+                authorizationHeaderBuilder.AppendFormat(
+                    "{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.Encode(authorizationPart.Value));
+            }
+            authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
+
+            var request = new HttpRequestMessage(HttpMethod.Get, resource_url + "?include_email=true");
+            request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
+
+            var response = await _httpClient.SendAsync(request, Context.RequestAborted);
+            if (!response.IsSuccessStatusCode)
+            {
+                Logger.LogError("Email request failed with a status code of " + response.StatusCode);
+                response.EnsureSuccessStatusCode(); // throw
+            }
+            var responseText = await response.Content.ReadAsStringAsync();
+
+            var result = JObject.Parse(responseText);
+
+            var email = result.Value<string>("email");
+            if (!string.IsNullOrEmpty(email))
+            {
+                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.Email, Options.ClaimsIssuer));
+            }
+
+            return result;
+        }
+
         private static string GenerateTimeStamp()
         {
             var secondsSinceUnixEpocStart = DateTime.UtcNow - Epoch;
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 77fb0bd7a8..8ab399a8f9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -38,6 +38,14 @@ namespace Microsoft.AspNetCore.Builder
         /// <value>The consumer secret used to sign requests to Twitter.</value>
         public string ConsumerSecret { get; set; }
 
+        /// <summary>
+        /// Enables the retrieval user details during the authentication process, including
+        /// e-mail addresses. Retrieving e-mail addresses requires special permissions
+        /// from Twitter Support on a per application basis. The default is false.
+        /// See https://dev.twitter.com/rest/reference/get/account/verify_credentials
+        /// </summary>
+        public bool RetrieveUserDetails { get; set; }
+
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 23ca0cf313..a185aa415a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -19,10 +19,15 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
+    "Newtonsoft.Json": "8.0.3"
   },
   "frameworks": {
     "net451": {},
-    "netstandard1.3": {}
+    "netstandard1.3": {
+      "imports": [
+        "portable-net451+win8"
+      ]
+    }
   }
 }
\ No newline at end of file

From d5f29c1408db8e3f4aa9c02365ff66ab998cda75 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 28 Apr 2016 15:26:44 -0700
Subject: [PATCH 526/900] Fix build break

---
 samples/JwtBearerSample/project.json             | 3 ++-
 samples/OpenIdConnect.AzureAdSample/project.json | 3 ++-
 samples/OpenIdConnectSample/project.json         | 3 ++-
 samples/SocialSample/Startup.cs                  | 2 --
 samples/SocialSample/project.json                | 5 +++--
 5 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index c0b448b72c..f3895f83b1 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -9,7 +9,8 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.AspNetCore.StaticFiles": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*"
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index da801b5c2d..d47884d767 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -7,7 +7,8 @@
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.IdentityModel.Clients.ActiveDirectory": "2.22.302111727"
+    "Microsoft.IdentityModel.Clients.ActiveDirectory": "2.22.302111727",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
   },
   "frameworks": {
     "net451": {}
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index b907b68f98..62506bd540 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -6,7 +6,8 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index bf09b3f6f2..1767861a98 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -18,8 +18,6 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.HttpOverrides;
-using Microsoft.AspNetCore.Server.Kestrel.Filter;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.FileProviders;
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index c37c5f2b16..6ff162a319 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -12,13 +12,14 @@
     "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.FileProviders.Embedded": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
   },
   "compilationOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netcoreapp1.0": {
       "imports": [
         "dnxcore50"

From ba8c0c5018350ac3d6e239a5f2810f73aa1bbad5 Mon Sep 17 00:00:00 2001
From: Petr Onderka <gsvick@gmail.com>
Date: Thu, 28 Apr 2016 23:40:50 +0200
Subject: [PATCH 527/900] Removed space from file name

This caused broken link in API reference
---
 ...nnectRedirectBehavior .cs => OpenIdConnectRedirectBehavior.cs} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/Microsoft.AspNetCore.Authentication.OpenIdConnect/{OpenIdConnectRedirectBehavior .cs => OpenIdConnectRedirectBehavior.cs} (100%)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior .cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs

From f6cdb9faf9b1460d7dd46aed4b9c351f4222f20f Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 2 May 2016 11:27:26 -0700
Subject: [PATCH 528/900] Fix build warnings

---
 samples/CookieSample/project.json             | 10 +++++----
 samples/CookieSessionSample/project.json      | 10 +++++----
 samples/JwtBearerSample/project.json          | 14 +++++++-----
 .../OpenIdConnect.AzureAdSample/project.json  | 12 +++++-----
 samples/OpenIdConnectSample/project.json      | 12 +++++-----
 samples/SocialSample/project.json             | 16 ++++++++------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 20 +++++++++--------
 .../project.json                              | 18 ++++++++-------
 .../project.json                              | 16 ++++++++------
 .../project.json                              | 22 +++++++++++--------
 .../project.json                              |  4 ++--
 .../project.json                              |  4 ++--
 .../project.json                              |  4 ++--
 .../project.json                              |  2 +-
 22 files changed, 181 insertions(+), 143 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 6da446848e..c28a644d46 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -7,7 +7,7 @@
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
-  "compilationOptions": {
+  "buildOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
@@ -24,9 +24,11 @@
       }
     }
   },
-  "content": [
-    "web.config"
-  ],
+  "publishOptions": {
+    "include": [
+      "web.config"
+    ]
+  },
   "tools": {
     "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
       "version": "1.0.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 3c83173804..d3caf9364f 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -8,7 +8,7 @@
     "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
-  "compilationOptions": {
+  "buildOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
@@ -25,9 +25,11 @@
       }
     }
   },
-  "content": [
-    "web.config"
-  ],
+  "publishOptions": {
+    "include": [
+      "web.config"
+    ]
+  },
   "tools": {
     "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
       "version": "1.0.0-*",
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index f3895f83b1..a82778a76e 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -1,6 +1,6 @@
 {
   "version": "1.0.0-*",
-  "compilationOptions": {
+  "buildOptions": {
     "emitEntryPoint": true
   },
   "dependencies": {
@@ -26,11 +26,13 @@
       }
     }
   },
-  "content": [
-    "project.json",
-    "wwwroot",
-    "web.config"
-  ],
+  "publishOptions": {
+    "include": [
+      "project.json",
+      "wwwroot",
+      "web.config"
+    ]
+  },
   "userSecretsId": "aspnet5-JwtBearerSample-20151210102827",
   "tools": {
     "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index d47884d767..1524a76b53 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -13,13 +13,15 @@
   "frameworks": {
     "net451": {}
   },
-  "compilationOptions": {
+  "buildOptions": {
     "emitEntryPoint": true
   },
-  "content": [
-    "project.json",
-    "web.config"
-  ],
+  "publishOptions": {
+    "include": [
+      "project.json",
+      "web.config"
+    ]
+  },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
   "tools": {
     "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 62506bd540..4a8e637f65 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -23,13 +23,15 @@
       }
     }
   },
-  "compilationOptions": {
+  "buildOptions": {
     "emitEntryPoint": true
   },
-  "content": [
-    "project.json",
-    "web.config"
-  ],
+  "publishOptions": {
+    "include": [
+      "project.json",
+      "web.config"
+    ]
+  },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
   "tools": {
     "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 6ff162a319..faf517703f 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -15,11 +15,11 @@
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
     "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
   },
-  "compilationOptions": {
+  "buildOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netcoreapp1.0": {
       "imports": [
         "dnxcore50"
@@ -33,11 +33,13 @@
     }
   },
   "userSecretsId": "aspnet5-SocialSample-20151210111056",
-  "content": [
-    "config.json",
-    "project.json",
-    "web.config"
-  ],
+  "publishOptions": {
+    "include": [
+      "config.json",
+      "project.json",
+      "web.config"
+    ]
+  },
   "tools": {
     "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
       "version": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 82438e4025..c98a4bba1c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core middleware that enables an application to use cookie based authentication.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 6639914657..27b5f34eaf 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 9740543ec5..3051e5fa7d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 204ad1aced..f0c04896ec 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index be1c9099e6..3a7b5e03e5 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index a4ee111667..613cadae3f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 581abf9ce1..f053b2be3d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -1,16 +1,18 @@
 {
   "version": "0.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 23ca0cf313..dcd412412a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index ec5ff479c8..06de08d84b 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -1,16 +1,18 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core common types used by the various authentication middleware components.",
-  "tags": [
-    "aspnetcore",
-    "authentication",
-    "security"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authentication",
+      "security"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 0d14ab8ad8..0f9becfc82 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -1,15 +1,17 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core authorization classes.\r\nCommonly used types:\r\nMicrosoft.AspNetCore.Authorization.AllowAnonymousAttribute\r\nMicrosoft.AspNetCore.Authorization.AuthorizeAttribute",
-  "tags": [
-    "aspnetcore",
-    "authorization"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore",
+      "authorization"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index 72a86bf802..3cd40fd20c 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -1,14 +1,16 @@
 {
   "version": "1.0.0-*",
   "description": "ASP.NET Core cookie policy classes to control the behavior of cookies.",
-  "tags": [
-    "aspnetcore"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/aspnet/security"
+  "packOptions": {
+    "repository": {
+      "type": "git",
+      "url": "git://github.com/aspnet/security"
+    },
+    "tags": [
+      "aspnetcore"
+    ]
   },
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
     "nowarn": [
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index 691b16c42d..f94978e52a 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -1,23 +1,27 @@
 {
   "version": "1.0.0-*",
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
-    "nowarn": [ "CS1591" ],
+    "nowarn": [
+      "CS1591"
+    ],
     "xmlDoc": true
   },
   "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.",
-  "tags": [
-    "aspnetcore",
-    "katana",
-    "owin",
-    "security"
-  ],
+  "packOptions": {
+    "tags": [
+      "aspnetcore",
+      "katana",
+      "owin",
+      "security"
+    ]
+  },
   "dependencies": {
     "Microsoft.AspNetCore.DataProtection.Extensions": "1.0.0-*",
     "Microsoft.Owin.Security": "3.0.1"
   },
   "frameworks": {
-    "net451": { }
+    "net451": {}
   }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 931b20be10..e99be60ee8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -1,8 +1,9 @@
 {
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true
   },
   "dependencies": {
+    "dotnet-test-xunit": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
@@ -22,7 +23,6 @@
           "version": "1.0.0-*",
           "type": "platform"
         },
-        "dotnet-test-xunit": "1.0.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index a16a0ba374..11b3caf4d4 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -1,8 +1,9 @@
 {
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true
   },
   "dependencies": {
+    "dotnet-test-xunit": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authorization": "1.0.0-*",
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
@@ -17,7 +18,6 @@
           "version": "1.0.0-*",
           "type": "platform"
         },
-        "dotnet-test-xunit": "1.0.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index bb388af16f..6e64aba57d 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -1,8 +1,9 @@
 {
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true
   },
   "dependencies": {
+    "dotnet-test-xunit": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
@@ -16,7 +17,6 @@
           "version": "1.0.0-*",
           "type": "platform"
         },
-        "dotnet-test-xunit": "1.0.0-*",
         "System.Diagnostics.Process": "4.1.0-*"
       },
       "imports": [
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index dac3f8185e..cd3ae56096 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -1,5 +1,5 @@
 {
-  "compilationOptions": {
+  "buildOptions": {
     "warningsAsErrors": true
   },
   "dependencies": {

From a4c132ca74284dbfe731c88c4067a6d0c6dd52c2 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 2 May 2016 16:56:37 -0700
Subject: [PATCH 529/900] Adding dotnet-test-xunit

---
 test/Microsoft.Owin.Security.Interop.Test/project.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index cd3ae56096..4dac4d3a28 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -3,14 +3,14 @@
     "warningsAsErrors": true
   },
   "dependencies": {
+    "dotnet-test-xunit": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.0.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
-    "xunit": "2.1.0",
-    "xunit.runner.console": "2.1.0"
+    "xunit": "2.1.0"
   },
   "frameworks": {
     "net451": {

From 764525342000c37f98cb7fca6f999d4453a1b83c Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 3 May 2016 09:39:36 -0700
Subject: [PATCH 530/900] #808 Update OIDC to v1.0

---
 samples/OpenIdConnect.AzureAdSample/project.json                | 2 +-
 samples/OpenIdConnectSample/project.json                        | 2 +-
 .../project.json                                                | 2 +-
 test/Microsoft.AspNetCore.Authentication.Test/project.json      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 1524a76b53..40308478b9 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -2,7 +2,7 @@
   "dependencies": {
     "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 4a8e637f65..5f0744e0b7 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -2,7 +2,7 @@
   "dependencies": {
     "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index f053b2be3d..11d887e5c2 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "0.1.0-*",
+  "version": "1.0.0-*",
   "description": "ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.",
   "packOptions": {
     "repository": {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index e99be60ee8..01d03d2b30 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -10,7 +10,7 @@
     "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.AspNetCore.Testing": "1.0.0-*",

From 1a99fad0c69c75f81fc5f74d9044842ae3484e9b Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Mon, 16 May 2016 08:44:41 -0700
Subject: [PATCH 531/900] Rename AuthorizationContext

---
 .../AuthorizationHandler.cs                      | 16 ++++++++--------
 ...Context.cs => AuthorizationHandlerContext.cs} |  4 ++--
 .../AuthorizationPolicyBuilder.cs                |  4 ++--
 .../DefaultAuthorizationService.cs               |  2 +-
 .../IAuthorizationHandler.cs                     |  2 +-
 .../Infrastructure/AssertionRequirement.cs       |  8 ++++----
 .../ClaimsAuthorizationRequirement.cs            |  2 +-
 .../DenyAnonymousAuthorizationRequirement.cs     |  2 +-
 .../NameAuthorizationRequirement.cs              |  2 +-
 .../PassThroughAuthorizationHandler.cs           |  2 +-
 .../RolesAuthorizationRequirement.cs             |  2 +-
 .../DefaultAuthorizationServiceTests.cs          | 12 ++++++------
 12 files changed, 29 insertions(+), 29 deletions(-)
 rename src/Microsoft.AspNetCore.Authorization/{AuthorizationContext.cs => AuthorizationHandlerContext.cs} (95%)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
index 2bd90aad42..f6877f114e 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNetCore.Authorization
     public abstract class AuthorizationHandler<TRequirement> : IAuthorizationHandler
         where TRequirement : IAuthorizationRequirement
     {
-        public void Handle(AuthorizationContext context)
+        public void Handle(AuthorizationHandlerContext context)
         {
             foreach (var req in context.Requirements.OfType<TRequirement>())
             {
@@ -17,7 +17,7 @@ namespace Microsoft.AspNetCore.Authorization
             }
         }
 
-        public virtual async Task HandleAsync(AuthorizationContext context)
+        public virtual async Task HandleAsync(AuthorizationHandlerContext context)
         {
             foreach (var req in context.Requirements.OfType<TRequirement>())
             {
@@ -25,9 +25,9 @@ namespace Microsoft.AspNetCore.Authorization
             }
         }
 
-        protected abstract void Handle(AuthorizationContext context, TRequirement requirement);
+        protected abstract void Handle(AuthorizationHandlerContext context, TRequirement requirement);
 
-        protected virtual Task HandleAsync(AuthorizationContext context, TRequirement requirement)
+        protected virtual Task HandleAsync(AuthorizationHandlerContext context, TRequirement requirement)
         {
             Handle(context, requirement);
             return Task.FromResult(0);
@@ -37,7 +37,7 @@ namespace Microsoft.AspNetCore.Authorization
     public abstract class AuthorizationHandler<TRequirement, TResource> : IAuthorizationHandler
         where TRequirement : IAuthorizationRequirement
     {
-        public virtual async Task HandleAsync(AuthorizationContext context)
+        public virtual async Task HandleAsync(AuthorizationHandlerContext context)
         {
             if (context.Resource is TResource)
             {
@@ -48,13 +48,13 @@ namespace Microsoft.AspNetCore.Authorization
             }
         }
 
-        protected virtual Task HandleAsync(AuthorizationContext context, TRequirement requirement, TResource resource)
+        protected virtual Task HandleAsync(AuthorizationHandlerContext context, TRequirement requirement, TResource resource)
         {
             Handle(context, requirement, resource);
             return Task.FromResult(0);
         }
 
-        public virtual void Handle(AuthorizationContext context)
+        public virtual void Handle(AuthorizationHandlerContext context)
         {
             if (context.Resource is TResource)
             {
@@ -65,6 +65,6 @@ namespace Microsoft.AspNetCore.Authorization
             }
         }
 
-        protected abstract void Handle(AuthorizationContext context, TRequirement requirement, TResource resource);
+        protected abstract void Handle(AuthorizationHandlerContext context, TRequirement requirement, TResource resource);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
similarity index 95%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs
rename to src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
index 455adb0dda..2349feb319 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationContext.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
@@ -11,13 +11,13 @@ namespace Microsoft.AspNetCore.Authorization
     /// <summary>
     /// Contains authorization information used by <see cref="IAuthorizationHandler"/>.
     /// </summary>
-    public class AuthorizationContext
+    public class AuthorizationHandlerContext
     {
         private HashSet<IAuthorizationRequirement> _pendingRequirements;
         private bool _failCalled;
         private bool _succeedCalled;
 
-        public AuthorizationContext(
+        public AuthorizationHandlerContext(
             IEnumerable<IAuthorizationRequirement> requirements,
             ClaimsPrincipal user,
             object resource)
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
index 965ffe02ef..653727f5ee 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
@@ -129,7 +129,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// </summary>
         /// <param name="assert">Function that must return true</param>
         /// <returns></returns>
-        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationContext, bool> assert)
+        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationHandlerContext, bool> assert)
         {
             if (assert == null)
             {
@@ -145,7 +145,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// </summary>
         /// <param name="assert">Function that must return true</param>
         /// <returns></returns>
-        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationContext, Task<bool>> assert)
+        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationHandlerContext, Task<bool>> assert)
         {
             if (assert == null)
             {
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 39d35d0ddf..d90cf18031 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -44,7 +44,7 @@ namespace Microsoft.AspNetCore.Authorization
                 throw new ArgumentNullException(nameof(requirements));
             }
 
-            var authContext = new AuthorizationContext(requirements, user, resource);
+            var authContext = new AuthorizationHandlerContext(requirements, user, resource);
             foreach (var handler in _handlers)
             {
                 await handler.HandleAsync(authContext);
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
index fc8ba6e7ff..cf7896a30e 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
@@ -7,6 +7,6 @@ namespace Microsoft.AspNetCore.Authorization
 {
     public interface IAuthorizationHandler
     {
-        Task HandleAsync(AuthorizationContext context);
+        Task HandleAsync(AuthorizationHandlerContext context);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
index 0cc1751a49..2ddf065266 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
@@ -11,9 +11,9 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
         /// <summary>
         /// Function that is called to handle this requirement
         /// </summary>
-        public Func<AuthorizationContext, Task<bool>> Handler { get; }
+        public Func<AuthorizationHandlerContext, Task<bool>> Handler { get; }
 
-        public AssertionRequirement(Func<AuthorizationContext, bool> assert)
+        public AssertionRequirement(Func<AuthorizationHandlerContext, bool> assert)
         {
             if (assert == null)
             {
@@ -23,7 +23,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             Handler = context => Task.FromResult(assert(context));
         }
 
-        public AssertionRequirement(Func<AuthorizationContext, Task<bool>> assert)
+        public AssertionRequirement(Func<AuthorizationHandlerContext, Task<bool>> assert)
         {
             if (assert == null)
             {
@@ -33,7 +33,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             Handler = assert;
         }
 
-        public async Task HandleAsync(AuthorizationContext context)
+        public async Task HandleAsync(AuthorizationHandlerContext context)
         {
             if (await Handler(context))
             {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
index bff54954d9..644b33086d 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
@@ -25,7 +25,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
         public string ClaimType { get; }
         public IEnumerable<string> AllowedValues { get; }
 
-        protected override void Handle(AuthorizationContext context, ClaimsAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
index 44ab475de0..57ad22dff6 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
@@ -7,7 +7,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement
     {
-        protected override void Handle(AuthorizationContext context, DenyAnonymousAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationHandlerContext context, DenyAnonymousAuthorizationRequirement requirement)
         {
             var user = context.User;
             var userIsAnonymous =
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
index a4f2455a69..b0c4e6b101 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
@@ -23,7 +23,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
 
         public string RequiredName { get; }
 
-        protected override void Handle(AuthorizationContext context, NameAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationHandlerContext context, NameAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
index 480e2de0cb..d718591ec1 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     public class PassThroughAuthorizationHandler : IAuthorizationHandler
     {
-        public async Task HandleAsync(AuthorizationContext context)
+        public async Task HandleAsync(AuthorizationHandlerContext context)
         {
             foreach (var handler in context.Requirements.OfType<IAuthorizationHandler>())
             {
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
index 217e3ea0c1..a57a0e4c8e 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
 
         public IEnumerable<string> AllowedRoles { get; }
 
-        protected override void Handle(AuthorizationContext context, RolesAuthorizationRequirement requirement)
+        protected override void Handle(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 7f11916940..42948c936f 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -580,7 +580,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
         public class CustomRequirement : IAuthorizationRequirement { }
         public class CustomHandler : AuthorizationHandler<CustomRequirement>
         {
-            protected override void Handle(AuthorizationContext context, CustomRequirement requirement)
+            protected override void Handle(AuthorizationHandlerContext context, CustomRequirement requirement)
             {
                 context.Succeed(requirement);
             }
@@ -636,7 +636,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             public bool Succeed { get; set; }
 
-            protected override void Handle(AuthorizationContext context, PassThroughRequirement requirement)
+            protected override void Handle(AuthorizationHandlerContext context, PassThroughRequirement requirement)
             {
                 if (Succeed) {
                     context.Succeed(requirement);
@@ -766,7 +766,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             private IEnumerable<OperationAuthorizationRequirement> _allowed;
 
-            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
+            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
             {
                 if (_allowed.Contains(requirement))
                 {
@@ -777,7 +777,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
         public class SuperUserHandler : AuthorizationHandler<OperationAuthorizationRequirement>
         {
-            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement)
+            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement)
             {
                 if (context.User.HasClaim("SuperUser", "yes"))
                 {
@@ -812,7 +812,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
         public class NotCalledHandler : AuthorizationHandler<OperationAuthorizationRequirement, string>
         {
-            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, string resource)
+            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, string resource)
             {
                 throw new NotImplementedException();
             }
@@ -820,7 +820,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
         public class EvenHandler : AuthorizationHandler<OperationAuthorizationRequirement, int>
         {
-            protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, int id)
+            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, int id)
             {
                 if (id % 2 == 0)
                 {

From 6294badd972882ba707216c211095474ef8c4709 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 16 May 2016 12:18:50 -0700
Subject: [PATCH 532/900] Use a shared CookieSecurePolicy.

---
 .../CookieAuthenticationHandler.cs            |  4 +-
 .../CookieAuthenticationOptions.cs            |  6 +-
 .../CookieSecureOption.cs                     | 35 --------
 .../CookiePolicyMiddleware.cs                 |  8 +-
 .../CookiePolicyOptions.cs                    |  4 +-
 .../SecurePolicy.cs                           | 12 ---
 .../Cookies/CookieMiddlewareTests.cs          | 20 ++---
 .../CookiePolicyTests.cs                      | 81 +++++++++----------
 8 files changed, 62 insertions(+), 108 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
 delete mode 100644 src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index b056d0787b..3a8365a5b3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -145,13 +145,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 HttpOnly = Options.CookieHttpOnly,
                 Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"),
             };
-            if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
+            if (Options.CookieSecure == CookieSecurePolicy.SameAsRequest)
             {
                 cookieOptions.Secure = Request.IsHttps;
             }
             else
             {
-                cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
+                cookieOptions.Secure = Options.CookieSecure == CookieSecurePolicy.Always;
             }
             return cookieOptions;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 8a451c9c71..f9455f23a5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -29,7 +29,7 @@ namespace Microsoft.AspNetCore.Builder
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
             CookieHttpOnly = true;
-            CookieSecure = CookieSecureOption.SameAsRequest;
+            CookieSecure = CookieSecurePolicy.SameAsRequest;
             SystemClock = new SystemClock();
             Events = new CookieAuthenticationEvents();
         }
@@ -59,7 +59,7 @@ namespace Microsoft.AspNetCore.Builder
         public string CookieDomain { get; set; }
 
         /// <summary>
-        /// Determines the path used to create the cookie. The default value is "/" for highest browser compatability.
+        /// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility.
         /// </summary>
         public string CookiePath { get; set; }
 
@@ -75,7 +75,7 @@ namespace Microsoft.AspNetCore.Builder
         /// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
         /// and portions of your site are HTTP you may need to change this value.
         /// </summary>
-        public CookieSecureOption CookieSecure { get; set; }
+        public CookieSecurePolicy CookieSecure { get; set; }
 
         /// <summary>
         /// If set this will be used by the CookieAuthenticationMiddleware for data protection.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
deleted file mode 100644
index 5a35415d1b..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
-    /// <summary>
-    /// Determines how the identity cookie's security property is set.
-    /// </summary>
-    public enum CookieSecureOption
-    {
-        /// <summary>
-        /// If the URI that provides the cookie is HTTPS, then the cookie will only be returned to the server on 
-        /// subsequent HTTPS requests. Otherwise if the URI that provides the cookie is HTTP, then the cookie will 
-        /// be returned to the server on all HTTP and HTTPS requests. This is the default value because it ensures
-        /// HTTPS for all authenticated requests on deployed servers, and also supports HTTP for localhost development 
-        /// and for servers that do not have HTTPS support.
-        /// </summary>
-        SameAsRequest,
-
-        /// <summary>
-        /// CookieOptions.Secure is never marked true. Use this value when your login page is HTTPS, but other pages
-        /// on the site which are HTTP also require authentication information. This setting is not recommended because
-        /// the authentication information provided with an HTTP request may be observed and used by other computers
-        /// on your local network or wireless connection.
-        /// </summary>
-        Never,
-
-        /// <summary>
-        /// CookieOptions.Secure is always marked true. Use this value when your login page and all subsequent pages
-        /// requiring the authenticated identity are HTTPS. Local development will also need to be done with HTTPS urls.
-        /// </summary>
-        Always,
-    }
-}
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index 7b52a58804..46daaad810 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -74,7 +74,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
 
             private bool PolicyRequiresCookieOptions()
             {
-                return Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != SecurePolicy.None;
+                return Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != CookieSecurePolicy.None;
             }
 
             public void Append(string key, string value)
@@ -140,13 +140,13 @@ namespace Microsoft.AspNetCore.CookiePolicy
             {
                 switch (Policy.Secure)
                 {
-                    case SecurePolicy.Always:
+                    case CookieSecurePolicy.Always:
                         options.Secure = true;
                         break;
-                    case SecurePolicy.SameAsRequest:
+                    case CookieSecurePolicy.SameAsRequest:
                         options.Secure = Context.Request.IsHttps;
                         break;
-                    case SecurePolicy.None:
+                    case CookieSecurePolicy.None:
                         break;
                     default:
                         throw new InvalidOperationException();
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index 8201b58639..6aed18bfb0 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.CookiePolicy;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -15,10 +16,11 @@ namespace Microsoft.AspNetCore.Builder
         /// Affects whether cookies must be HttpOnly.
         /// </summary>
         public HttpOnlyPolicy HttpOnly { get; set; } = HttpOnlyPolicy.None;
+
         /// <summary>
         /// Affects whether cookies must be Secure.
         /// </summary>
-        public SecurePolicy Secure { get; set; } = SecurePolicy.None;
+        public CookieSecurePolicy Secure { get; set; } = CookieSecurePolicy.None;
 
         /// <summary>
         /// Called when a cookie is appended.
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs b/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
deleted file mode 100644
index c0dd639f1c..0000000000
--- a/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNetCore.CookiePolicy
-{
-    public enum SecurePolicy
-    {
-        None,
-        Always,
-        SameAsRequest
-    }
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 5049f39e55..fa4a4502ff 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -192,14 +192,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         }
 
         [Theory]
-        [InlineData(CookieSecureOption.Always, "http://example.com/testpath", true)]
-        [InlineData(CookieSecureOption.Always, "https://example.com/testpath", true)]
-        [InlineData(CookieSecureOption.Never, "http://example.com/testpath", false)]
-        [InlineData(CookieSecureOption.Never, "https://example.com/testpath", false)]
-        [InlineData(CookieSecureOption.SameAsRequest, "http://example.com/testpath", false)]
-        [InlineData(CookieSecureOption.SameAsRequest, "https://example.com/testpath", true)]
+        [InlineData(CookieSecurePolicy.Always, "http://example.com/testpath", true)]
+        [InlineData(CookieSecurePolicy.Always, "https://example.com/testpath", true)]
+        [InlineData(CookieSecurePolicy.None, "http://example.com/testpath", false)]
+        [InlineData(CookieSecurePolicy.None, "https://example.com/testpath", false)]
+        [InlineData(CookieSecurePolicy.SameAsRequest, "http://example.com/testpath", false)]
+        [InlineData(CookieSecurePolicy.SameAsRequest, "https://example.com/testpath", true)]
         public async Task SecureSignInCausesSecureOnlyCookieByDefault(
-            CookieSecureOption cookieSecureOption,
+            CookieSecurePolicy cookieSecurePolicy,
             string requestUri,
             bool shouldBeSecureOnly)
         {
@@ -207,7 +207,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 LoginPath = new PathString("/login"),
                 CookieName = "TestCookie",
-                CookieSecure = cookieSecureOption
+                CookieSecure = cookieSecurePolicy
             }, SignInAsAlice);
 
             var transaction = await SendAsync(server, requestUri);
@@ -231,7 +231,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 CookieName = "TestCookie",
                 CookiePath = "/foo",
                 CookieDomain = "another.com",
-                CookieSecure = CookieSecureOption.Always,
+                CookieSecure = CookieSecurePolicy.Always,
                 CookieHttpOnly = true
             }, SignInAsAlice, new Uri("http://example.com/base"));
 
@@ -248,7 +248,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var server2 = CreateServer(new CookieAuthenticationOptions
             {
                 CookieName = "SecondCookie",
-                CookieSecure = CookieSecureOption.Never,
+                CookieSecure = CookieSecurePolicy.None,
                 CookieHttpOnly = false
             }, SignInAsAlice, new Uri("http://example.com/base"));
 
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index 307002d1f3..f08d7fef8e 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -37,18 +37,18 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             await RunTest("/secureAlways",
                 new CookiePolicyOptions
                 {
-                    Secure = SecurePolicy.Always
+                    Secure = CookieSecurePolicy.Always
                 },
                 SecureCookieAppends,
                 new RequestTest("http://example.com/secureAlways",
-                transaction =>
-                {
-                    Assert.NotNull(transaction.SetCookie);
-                    Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
-                    Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
-                }));
+                    transaction =>
+                    {
+                        Assert.NotNull(transaction.SetCookie);
+                        Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                    }));
         }
 
         [Fact]
@@ -57,19 +57,18 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             await RunTest("/secureNone",
                 new CookiePolicyOptions
                 {
-                    Secure = SecurePolicy.None
+                    Secure = CookieSecurePolicy.None
                 },
                 SecureCookieAppends,
                 new RequestTest("http://example.com/secureNone",
-                transaction =>
-                {
-                    Assert.NotNull(transaction.SetCookie);
-                    Assert.NotNull(transaction.SetCookie);
-                    Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
-                    Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
-                }));
+                    transaction =>
+                    {
+                        Assert.NotNull(transaction.SetCookie);
+                        Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                    }));
         }
 
         [Fact]
@@ -78,27 +77,27 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             await RunTest("/secureSame",
                 new CookiePolicyOptions
                 {
-                    Secure = SecurePolicy.SameAsRequest
+                    Secure = CookieSecurePolicy.SameAsRequest
                 },
                 SecureCookieAppends,
                 new RequestTest("http://example.com/secureSame",
-                transaction =>
-                {
-                    Assert.NotNull(transaction.SetCookie);
-                    Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
-                    Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/", transaction.SetCookie[3]);
-                }),
+                    transaction =>
+                    {
+                        Assert.NotNull(transaction.SetCookie);
+                        Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/", transaction.SetCookie[3]);
+                    }),
                 new RequestTest("https://example.com/secureSame",
-                transaction =>
-                {
-                    Assert.NotNull(transaction.SetCookie);
-                    Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
-                    Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
-                }));
+                    transaction =>
+                    {
+                        Assert.NotNull(transaction.SetCookie);
+                        Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                    }));
         }
 
         [Fact]
@@ -283,13 +282,13 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
-            {
-                app.Map(path, map =>
                 {
-                    map.UseCookiePolicy(cookiePolicy);
-                    map.Run(configureSetup);
+                    app.Map(path, map =>
+                    {
+                        map.UseCookiePolicy(cookiePolicy);
+                        map.Run(configureSetup);
+                    });
                 });
-            });
             var server = new TestServer(builder);
             foreach (var test in tests)
             {

From 962a74c4883e00da0666296c7c1751495f443ac0 Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Mon, 16 May 2016 08:09:00 -0700
Subject: [PATCH 533/900] Add argument validation

---
 .../OpenIdConnectMiddleware.cs                | 12 +++-
 .../OpenIdConnectMiddlewareTests.cs           | 63 +++++++++++++++++++
 2 files changed, 74 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index 80f2ca2ba3..b08f8e944c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -82,6 +82,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(htmlEncoder));
             }
 
+            if (string.IsNullOrEmpty(Options.ClientId))
+            {
+                throw new ArgumentException("Options.ClientId must be provided", nameof(Options.ClientId));
+            }
+            
             if (!Options.CallbackPath.HasValue)
             {
                 throw new ArgumentException("Options.CallbackPath must be provided.");
@@ -120,7 +125,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
             }
 
-
             if (Options.Events == null)
             {
                 Options.Events = new OpenIdConnectEvents();
@@ -164,6 +168,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata });
                 }
             }
+            
+            if (Options.ConfigurationManager == null)
+            {
+                throw new InvalidOperationException($"Provide {nameof(Options.Authority)}, {nameof(Options.MetadataAddress)}, "
+                + $"{nameof(Options.Configuration)}, or {nameof(Options.ConfigurationManager)} to {nameof(OpenIdConnectOptions)}");
+            }
         }
 
         protected HttpClient Backchannel { get; private set; }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index ebc59b9ee8..20de135712 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -161,6 +161,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                     return Task.FromResult(0);
                 }
             };
+            options.ClientId = "Test Id";
+            options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             return options;
         }
 
@@ -550,5 +552,66 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             return nonceTime;
         }
+
+        [Fact]
+        public void ThrowsWithNoClientId()
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
+                    {
+                        SignInScheme = "TestScheme",
+                        Authority = DefaultAuthority,
+                        Configuration = TestUtilities.DefaultOpenIdConnectConfiguration,
+                        AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost
+                    });
+                }).ConfigureServices(services =>
+                {
+                    services.AddAuthentication();
+                });
+
+            try
+            {
+                var server = new TestServer(builder);
+            }
+            catch (ArgumentException e)
+            {
+                Assert.Equal("ClientId", e.ParamName);
+                return;
+            }
+
+            Assert.True(false);
+        }
+
+        [Fact]
+        public void ThrowsWithNoConfigurationValues()
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
+                    {
+                        SignInScheme = "TestScheme",
+                        ClientId = "Test Id",
+                        AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost
+                    });
+                }).ConfigureServices(services =>
+                {
+                    services.AddAuthentication();
+                });
+
+            try
+            {
+                var server = new TestServer(builder);
+            }
+            catch (InvalidOperationException e)
+            {
+                Assert.Equal("Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions", e.Message);
+                return;
+            }
+
+            Assert.True(false);
+        }
     }
 }
\ No newline at end of file

From 8b4b99b168c97b6c559ec0f971ae6389a669c153 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 17 May 2016 13:36:18 -0700
Subject: [PATCH 534/900] Clean up samples

---
 samples/CookieSample/Program.cs               | 24 ++++++++
 .../Properties/launchSettings.json            |  9 +--
 samples/CookieSample/Startup.cs               | 11 ----
 samples/CookieSample/project.json             |  1 +
 samples/CookieSessionSample/Program.cs        | 24 ++++++++
 .../Properties/launchSettings.json            |  9 +--
 samples/CookieSessionSample/Startup.cs        | 11 ----
 samples/CookieSessionSample/project.json      |  1 +
 samples/JwtBearerSample/Program.cs            | 24 ++++++++
 .../Properties/launchSettings.json            |  9 ++-
 samples/JwtBearerSample/Startup.cs            | 29 ++++------
 .../OpenIdConnect.AzureAdSample/Program.cs    | 24 ++++++++
 .../Properties/launchSettings.json            |  9 ++-
 .../OpenIdConnect.AzureAdSample/Startup.cs    | 28 ++++-----
 samples/OpenIdConnectSample/Program.cs        | 24 ++++++++
 .../Properties/launchSettings.json            |  8 +--
 samples/OpenIdConnectSample/Startup.cs        | 28 ++++-----
 samples/SocialSample/Program.cs               | 50 ++++++++++++++++
 .../Properties/launchSettings.json            |  9 +--
 samples/SocialSample/Startup.cs               | 57 +++++--------------
 .../{config.json => appsettings.json}         |  0
 samples/SocialSample/project.json             |  4 +-
 22 files changed, 254 insertions(+), 139 deletions(-)
 create mode 100644 samples/CookieSample/Program.cs
 create mode 100644 samples/CookieSessionSample/Program.cs
 create mode 100644 samples/JwtBearerSample/Program.cs
 create mode 100644 samples/OpenIdConnect.AzureAdSample/Program.cs
 create mode 100644 samples/OpenIdConnectSample/Program.cs
 create mode 100644 samples/SocialSample/Program.cs
 rename samples/SocialSample/{config.json => appsettings.json} (100%)

diff --git a/samples/CookieSample/Program.cs b/samples/CookieSample/Program.cs
new file mode 100644
index 0000000000..cd8aab3aee
--- /dev/null
+++ b/samples/CookieSample/Program.cs
@@ -0,0 +1,24 @@
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+
+namespace CookieSample
+{
+    public static class Program
+    {
+        public static void Main(string[] args)
+        {
+            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
+
+            var host = new WebHostBuilder()
+                .UseKestrel()
+                .UseConfiguration(config)
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+    }
+}
diff --git a/samples/CookieSample/Properties/launchSettings.json b/samples/CookieSample/Properties/launchSettings.json
index c85de8d26e..75da70bee0 100644
--- a/samples/CookieSample/Properties/launchSettings.json
+++ b/samples/CookieSample/Properties/launchSettings.json
@@ -12,15 +12,16 @@
       "commandName": "IISExpress",
       "launchBrowser": true,
       "environmentVariables": {
-        "ASPNET_ENV": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
-    "web": {
-      "commandName": "web",
+    "CookieSample": {
+      "commandName": "Project",
       "launchBrowser": true,
       "launchUrl": "http://localhost:12345",
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_SERVER.URLS": "http://localhost:12345"
       }
     }
   }
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 768415f0ce..002d878885 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -41,16 +41,5 @@ namespace CookieSample
                 await context.Response.WriteAsync("Hello old timer");
             });
         }
-
-        public static void Main(string[] args)
-        {
-            var host = new WebHostBuilder()
-                .UseKestrel()
-                .UseIISIntegration()
-                .UseStartup<Startup>()
-                .Build();
-
-            host.Run();
-        }
     }
 }
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index c28a644d46..954c366434 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -5,6 +5,7 @@
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "buildOptions": {
diff --git a/samples/CookieSessionSample/Program.cs b/samples/CookieSessionSample/Program.cs
new file mode 100644
index 0000000000..6b9014f5e9
--- /dev/null
+++ b/samples/CookieSessionSample/Program.cs
@@ -0,0 +1,24 @@
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+
+namespace CookieSessionSample
+{
+    public static class Program
+    {
+        public static void Main(string[] args)
+        {
+            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
+
+            var host = new WebHostBuilder()
+                .UseKestrel()
+                .UseConfiguration(config)
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+    }
+}
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/samples/CookieSessionSample/Properties/launchSettings.json
index 8d4a0316ab..15b478a0ed 100644
--- a/samples/CookieSessionSample/Properties/launchSettings.json
+++ b/samples/CookieSessionSample/Properties/launchSettings.json
@@ -12,15 +12,16 @@
       "commandName": "IISExpress",
       "launchBrowser": true,
       "environmentVariables": {
-        "ASPNET_ENV": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
-    "web": {
-      "commandName": "web",
+    "CookieSessionSample": {
+      "commandName": "Project",
       "launchBrowser": true,
       "launchUrl": "http://localhost:12345",
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_SERVER.URLS": "http://localhost:12345"
       }
     }
   }
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 4d3ea3aa67..ecb61ab665 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -51,16 +51,5 @@ namespace CookieSessionSample
                 await context.Response.WriteAsync("Hello old timer");
             });
         }
-
-        public static void Main(string[] args)
-        {
-            var host = new WebHostBuilder()
-                .UseKestrel()
-                .UseIISIntegration()
-                .UseStartup<Startup>()
-                .Build();
-
-            host.Run();
-        }
     }
 }
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index d3caf9364f..a3626218c4 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -6,6 +6,7 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
     "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*"
   },
   "buildOptions": {
diff --git a/samples/JwtBearerSample/Program.cs b/samples/JwtBearerSample/Program.cs
new file mode 100644
index 0000000000..82da93d591
--- /dev/null
+++ b/samples/JwtBearerSample/Program.cs
@@ -0,0 +1,24 @@
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+
+namespace JwtBearerSample
+{
+    public static class Program
+    {
+        public static void Main(string[] args)
+        {
+            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
+
+            var host = new WebHostBuilder()
+                .UseKestrel()
+                .UseConfiguration(config)
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+    }
+}
diff --git a/samples/JwtBearerSample/Properties/launchSettings.json b/samples/JwtBearerSample/Properties/launchSettings.json
index 49cbac543a..f5dfcd0181 100644
--- a/samples/JwtBearerSample/Properties/launchSettings.json
+++ b/samples/JwtBearerSample/Properties/launchSettings.json
@@ -15,10 +15,13 @@
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
-    "web": {
-      "commandName": "web",
+    "JwtBearer": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:42023",
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_SERVER.URLS": "http://localhost:42023"
       }
     }
   }
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index b2df5033e4..02611de8c4 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -13,12 +13,19 @@ namespace JwtBearerSample
 {
     public class Startup
     {
-        public Startup()
+        public Startup(IHostingEnvironment env)
         {
-            Configuration = new ConfigurationBuilder()
-                .AddEnvironmentVariables()
-                .AddUserSecrets()
-                .Build();
+            var builder = new ConfigurationBuilder()
+                .SetBasePath(env.ContentRootPath);
+
+            if (env.IsDevelopment())
+            {
+                // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
+                builder.AddUserSecrets();
+            }
+
+            builder.AddEnvironmentVariables();
+            Configuration = builder.Build();
         }
 
         public IConfiguration Configuration { get; set; }
@@ -106,18 +113,6 @@ namespace JwtBearerSample
                 });
             });
         }
-
-        // Entry point for the application.
-        public static void Main(string[] args)
-        {
-            var host = new WebHostBuilder()
-                .UseKestrel()
-                .UseIISIntegration()
-                .UseStartup<Startup>()
-                .Build();
-
-            host.Run();
-        }
     }
 }
 
diff --git a/samples/OpenIdConnect.AzureAdSample/Program.cs b/samples/OpenIdConnect.AzureAdSample/Program.cs
new file mode 100644
index 0000000000..5dcda4c86a
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/Program.cs
@@ -0,0 +1,24 @@
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+
+namespace OpenIdConnect.AzureAdSample
+{
+    public static class Program
+    {
+        public static void Main(string[] args)
+        {
+            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
+
+            var host = new WebHostBuilder()
+                .UseKestrel()
+                .UseConfiguration(config)
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+    }
+}
diff --git a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
index 49cbac543a..2ae08a6cc9 100644
--- a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
@@ -15,10 +15,13 @@
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
-    "web": {
-      "commandName": "web",
+    "OpenIdConnect": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "launchUrl": "http://localhost:42023",
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_SERVER.URLS": "http://localhost:42023"
       }
     }
   }
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 7d8cf23461..f4d0c37aaa 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -20,12 +20,19 @@ namespace OpenIdConnect.AzureAdSample
     {
         private const string GraphResourceID = "https://graph.windows.net";
 
-        public Startup()
+        public Startup(IHostingEnvironment env)
         {
-            Configuration = new ConfigurationBuilder()
-                .AddEnvironmentVariables()
-                .AddUserSecrets()
-                .Build();
+            var builder = new ConfigurationBuilder()
+                .SetBasePath(env.ContentRootPath);
+
+            if (env.IsDevelopment())
+            {
+                // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
+                builder.AddUserSecrets();
+            }
+
+            builder.AddEnvironmentVariables();
+            Configuration = builder.Build();
         }
 
         public IConfiguration Configuration { get; set; }
@@ -150,17 +157,6 @@ namespace OpenIdConnect.AzureAdSample
                 await context.Response.WriteAsync($"</body></html>");
             });
         }
-
-        public static void Main(string[] args)
-        {
-            var host = new WebHostBuilder()
-                .UseKestrel()
-                .UseIISIntegration()
-                .UseStartup<Startup>()
-                .Build();
-
-            host.Run();
-        }
     }
 }
 
diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
new file mode 100644
index 0000000000..a81f11dfb0
--- /dev/null
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -0,0 +1,24 @@
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+
+namespace OpenIdConnectSample
+{
+    public static class Program
+    {
+        public static void Main(string[] args)
+        {
+            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
+
+            var host = new WebHostBuilder()
+                .UseKestrel()
+                .UseConfiguration(config)
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+    }
+}
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index 5a0163016a..557b6921e2 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -15,13 +15,13 @@
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
-    "web": {
-      "commandName": "web",
+    "OpenIdConnectSample": {
+      "commandName": "Project",
       "launchBrowser": true,
       "launchUrl": "http://localhost:42023",
       "environmentVariables": {
-        "Hosting:Environment": "Development",
-        "ASPNET_server.urls": "http://localhost:42023"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_SERVER.URLS": "http://localhost:42023"
       }
     }
   }
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index ff68b471fa..c2f831e199 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -15,12 +15,19 @@ namespace OpenIdConnectSample
 {
     public class Startup
     {
-        public Startup()
+        public Startup(IHostingEnvironment env)
         {
-            Configuration = new ConfigurationBuilder()
-                .AddEnvironmentVariables()
-                .AddUserSecrets()
-                .Build();
+            var builder = new ConfigurationBuilder()
+                .SetBasePath(env.ContentRootPath);
+
+            if (env.IsDevelopment())
+            {
+                // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
+                builder.AddUserSecrets();
+            }
+
+            builder.AddEnvironmentVariables();
+            Configuration = builder.Build();
         }
 
         public IConfiguration Configuration { get; set; }
@@ -96,17 +103,6 @@ namespace OpenIdConnectSample
                 await context.Response.WriteAsync($"</body></html>");
             });
         }
-
-        public static void Main(string[] args)
-        {
-            var host = new WebHostBuilder()
-                .UseKestrel()
-                .UseIISIntegration()
-                .UseStartup<Startup>()
-                .Build();
-
-            host.Run();
-        }
     }
 }
 
diff --git a/samples/SocialSample/Program.cs b/samples/SocialSample/Program.cs
new file mode 100644
index 0000000000..386819e6f5
--- /dev/null
+++ b/samples/SocialSample/Program.cs
@@ -0,0 +1,50 @@
+using System.IO;
+using System.Reflection;
+using System.Security.Cryptography.X509Certificates;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.FileProviders;
+
+namespace SocialSample
+{
+    public static class Program
+    {
+        public static void Main(string[] args)
+        {
+            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
+
+            var host = new WebHostBuilder()
+                .UseKestrel(options =>
+                {
+                    //Configure SSL
+                    var serverCertificate = LoadCertificate();
+                    options.UseHttps(serverCertificate);
+                })
+                .UseConfiguration(config)
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+
+        private static X509Certificate2 LoadCertificate()
+        {
+            var socialSampleAssembly = typeof(Startup).GetTypeInfo().Assembly;
+            var embeddedFileProvider = new EmbeddedFileProvider(socialSampleAssembly, "SocialSample");
+            var certificateFileInfo = embeddedFileProvider.GetFileInfo("compiler/resources/cert.pfx");
+            using (var certificateStream = certificateFileInfo.CreateReadStream())
+            {
+                byte[] certificatePayload;
+                using (var memoryStream = new MemoryStream())
+                {
+                    certificateStream.CopyTo(memoryStream);
+                    certificatePayload = memoryStream.ToArray();
+                }
+
+                return new X509Certificate2(certificatePayload, "testPassword");
+            }
+        }
+    }
+}
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index e9d26ad03e..903a815886 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -13,15 +13,16 @@
       "launchBrowser": true,
       "launchUrl": "https://localhost:44318/",
       "environmentVariables": {
-        "ASPNET_ENV": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     },
-    "web": {
-      "commandName": "web",
+    "SocialSample": {
+      "commandName": "Project",
       "launchBrowser": true,
       "launchUrl": "https://localhost:54541/",
       "environmentVariables": {
-        "Hosting:Environment": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "ASPNETCORE_SERVER.URLS": "https://localhost:54541/"
       }
     }
   }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 7cad7de849..f8c7495d34 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,11 +1,8 @@
 using System;
-using System.IO;
 using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Reflection;
 using System.Security.Claims;
-using System.Security.Cryptography.X509Certificates;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
@@ -20,7 +17,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.FileProviders;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
 
@@ -29,13 +25,20 @@ namespace SocialSample
     /* Note all servers must use the same address and port because these are pre-registered with the various providers. */
     public class Startup
     {
-        public Startup()
+        public Startup(IHostingEnvironment env)
         {
-            Configuration = new ConfigurationBuilder()
-                .AddEnvironmentVariables()
-                .AddJsonFile("config.json")
-                .AddUserSecrets()
-                .Build();
+            var builder = new ConfigurationBuilder()
+                .SetBasePath(env.ContentRootPath)
+                .AddJsonFile("appsettings.json");
+
+            if (env.IsDevelopment())
+            {
+                // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
+                builder.AddUserSecrets();
+            }
+
+            builder.AddEnvironmentVariables();
+            Configuration = builder.Build();
         }
 
         public IConfiguration Configuration { get; set; }
@@ -343,40 +346,6 @@ namespace SocialSample
                 await context.Response.WriteAsync("</body></html>");
             });
         }
-
-        public static void Main(string[] args)
-        {
-            var host = new WebHostBuilder()
-                .UseKestrel(options =>
-                {
-                    //Configure SSL
-                    var serverCertificate = LoadCertificate();
-                    options.UseHttps(serverCertificate);
-                })
-                .UseIISIntegration()
-                .UseStartup<Startup>()
-                .Build();
-
-            host.Run();
-        }
-
-        private static X509Certificate2 LoadCertificate()
-        {
-            var socialSampleAssembly = typeof(Startup).GetTypeInfo().Assembly;
-            var embeddedFileProvider = new EmbeddedFileProvider(socialSampleAssembly, "SocialSample");
-            var certificateFileInfo = embeddedFileProvider.GetFileInfo("compiler/resources/cert.pfx");
-            using (var certificateStream = certificateFileInfo.CreateReadStream())
-            {
-                byte[] certificatePayload;
-                using (var memoryStream = new MemoryStream())
-                {
-                    certificateStream.CopyTo(memoryStream);
-                    certificatePayload = memoryStream.ToArray();
-                }
-
-                return new X509Certificate2(certificatePayload, "testPassword");
-            }
-        }
     }
 }
 
diff --git a/samples/SocialSample/config.json b/samples/SocialSample/appsettings.json
similarity index 100%
rename from samples/SocialSample/config.json
rename to samples/SocialSample/appsettings.json
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index faf517703f..fb19d3ec2a 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -19,7 +19,7 @@
     "emitEntryPoint": true
   },
   "frameworks": {
-    "net451": {},
+    "net451": { },
     "netcoreapp1.0": {
       "imports": [
         "dnxcore50"
@@ -35,7 +35,7 @@
   "userSecretsId": "aspnet5-SocialSample-20151210111056",
   "publishOptions": {
     "include": [
-      "config.json",
+      "appsettings.json",
       "project.json",
       "web.config"
     ]

From 621ccf889ca93042304e2f54ef61e6f05621781d Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Tue, 17 May 2016 14:34:03 -0700
Subject: [PATCH 535/900] React to updated CoreCLR packages

https://github.com/aspnet/Coherence/issues/97
---
 src/Microsoft.AspNetCore.Authentication/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 06de08d84b..e5107da8fc 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -40,7 +40,7 @@
     },
     "netstandard1.3": {
       "dependencies": {
-        "System.Net.Http": "4.0.1-*"
+        "System.Net.Http": "4.1.0-*"
       },
       "imports": [
         "portable-net451"

From 4c27df166b497636ab4aa1771619d228cb5b429c Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 18 May 2016 09:40:51 -0700
Subject: [PATCH 536/900] Revert "React to updated CoreCLR packages"

This reverts commit 621ccf889ca93042304e2f54ef61e6f05621781d.
---
 src/Microsoft.AspNetCore.Authentication/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index e5107da8fc..06de08d84b 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -40,7 +40,7 @@
     },
     "netstandard1.3": {
       "dependencies": {
-        "System.Net.Http": "4.1.0-*"
+        "System.Net.Http": "4.0.1-*"
       },
       "imports": [
         "portable-net451"

From bfbe7ec15d22914bdbdfd2bec989f160c03d8a50 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 20 May 2016 13:53:03 -0700
Subject: [PATCH 537/900] Update fb to v2.6

---
 .../FacebookDefaults.cs                                     | 6 +++---
 .../Facebook/FacebookMiddlewareTests.cs                     | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
index da65e246ba..012f95dcce 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
@@ -7,10 +7,10 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
     {
         public const string AuthenticationScheme = "Facebook";
 
-        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.5/dialog/oauth";
+        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.6/dialog/oauth";
 
-        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.5/oauth/access_token";
+        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.6/oauth/access_token";
 
-        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.5/me";
+        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.6/me";
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index eaa339d153..f38ca8afc8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -86,7 +86,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/base/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
@@ -113,7 +113,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri="+ UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
@@ -150,7 +150,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.5/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=", location);

From db7009531a23029e2516c52ca0d103149434f888 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 20 May 2016 14:00:08 -0700
Subject: [PATCH 538/900] Update google token endpoint to v4

---
 .../GoogleDefaults.cs                                     | 2 +-
 .../Google/GoogleMiddlewareTests.cs                       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
index 06fd12eb1f..c17ff6b2ab 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
@@ -9,7 +9,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
         public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
 
-        public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v3/token";
+        public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v4/token";
 
         public static readonly string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
     }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 31fb9e3175..42cecf81bd 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -299,7 +299,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v4/token")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -489,7 +489,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v4/token")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -569,7 +569,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v4/token")
                         {
                             return ReturnJsonResponse(new
                             {
@@ -659,7 +659,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 {
                     Sender = req =>
                     {
-                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
+                        if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v4/token")
                         {
                             return ReturnJsonResponse(new
                             {

From 59fc691f4152e6d5017176c0b700ee9834640481 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 17 May 2016 16:23:00 -0700
Subject: [PATCH 539/900] #667 #801 Handle authorize and forbid for redirecting
 handlers.

---
 samples/OpenIdConnectSample/Startup.cs        | 48 ++++++++++++++++---
 .../Properties/launchSettings.json            |  4 +-
 samples/SocialSample/Startup.cs               | 37 +++++++++-----
 .../RemoteAuthenticationHandler.cs            | 33 +++++++++++--
 4 files changed, 96 insertions(+), 26 deletions(-)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index c2f831e199..3fffe9ce69 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -81,25 +82,58 @@ namespace OpenIdConnectSample
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     context.Response.ContentType = "text/html";
-                    await context.Response.WriteAsync($"<html><body>Signing out {context.User.Identity.Name}<br>{Environment.NewLine}");
+                    await context.Response.WriteAsync($"<html><body>Signed out {context.User.Identity.Name}<br>{Environment.NewLine}");
                     await context.Response.WriteAsync("<a href=\"/\">Sign In</a>");
                     await context.Response.WriteAsync($"</body></html>");
                     return;
                 }
-
-                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
+                if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
-                    await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    context.Response.ContentType = "text/html";
+                    await context.Response.WriteAsync($"<html><body>Access Denied for user {context.User.Identity.Name} to resource '{context.Request.Query["ReturnUrl"]}'<br>{Environment.NewLine}");
+                    await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a>");
+                    await context.Response.WriteAsync($"</body></html>");
+                    return;
+                }
+
+                // CookieAuthenticationOptions.AutomaticAuthenticate = true (default) causes User to be set
+                var user = context.User;
+
+                // This is what [Authorize] calls
+                // var user = await context.Authentication.AuthenticateAsync(AuthenticationManager.AutomaticScheme);
+
+                // This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
+                // var user = await context.Authentication.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
+
+                // Not authenticated
+                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
+                {
+                    // This is what [Authorize] calls
+                    // The cookie middleware will intercept this 401 and redirect to /login
+                    await context.Authentication.ChallengeAsync();
+
+                    // This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
+                    // await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
+
+                    return;
+                }
+
+                // Authenticated, but not authorized
+                if (context.Request.Path.Equals("/restricted") && !user.Identities.Any(identity => identity.HasClaim("special", "true")))
+                {
+                    await context.Authentication.ChallengeAsync();
                     return;
                 }
 
                 context.Response.ContentType = "text/html";
-                await context.Response.WriteAsync($"<html><body>Hello Authenticated User {context.User.Identity.Name}<br>{Environment.NewLine}");
-                foreach (var claim in context.User.Claims)
+                await context.Response.WriteAsync($"<html><body>Hello Authenticated User {user.Identity.Name}<br>{Environment.NewLine}");
+                foreach (var claim in user.Claims)
                 {
                     await context.Response.WriteAsync($"{claim.Type}: {claim.Value}<br>{Environment.NewLine}");
                 }
-                await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a>");
+                await context.Response.WriteAsync("<a href=\"/restricted\">Restricted</a><br>");
+                await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a><br>");
                 await context.Response.WriteAsync($"</body></html>");
             });
         }
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index 903a815886..9224a4881c 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -19,10 +19,10 @@
     "SocialSample": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "https://localhost:54541/",
+      "launchUrl": "https://localhost:44318/",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_SERVER.URLS": "https://localhost:54541/"
+        "ASPNETCORE_SERVER.URLS": "https://localhost:44318/"
       }
     }
   }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index f8c7495d34..4f3a03d50d 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -313,21 +313,32 @@ namespace SocialSample
                 });
             });
 
-            // Deny anonymous request beyond this point.
-            app.Use(async (context, next) =>
-            {
-                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
-                {
-                    // The cookie middleware will intercept this 401 and redirect to /login
-                    await context.Authentication.ChallengeAsync();
-                    return;
-                }
-                await next();
-            });
 
-            // Display user information
             app.Run(async context =>
             {
+                // CookieAuthenticationOptions.AutomaticAuthenticate = true (default) causes User to be set
+                var user = context.User;
+
+                // This is what [Authorize] calls
+                // var user = await context.Authentication.AuthenticateAsync(AuthenticationManager.AutomaticScheme);
+
+                // This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
+                // var user = await context.Authentication.AuthenticateAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+
+                // Deny anonymous request beyond this point.
+                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
+                {
+                    // This is what [Authorize] calls
+                    // The cookie middleware will intercept this 401 and redirect to /login
+                    await context.Authentication.ChallengeAsync();
+
+                    // This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
+                    // await context.Authentication.ChallengeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+
+                    return;
+                }
+
+                // Display user information
                 context.Response.ContentType = "text/html";
                 await context.Response.WriteAsync("<html><body>");
                 await context.Response.WriteAsync("Hello " + (context.User.Identity.Name ?? "anonymous") + "<br>");
@@ -342,7 +353,7 @@ namespace SocialSample
                 await context.Response.WriteAsync("Refresh Token: " + await context.Authentication.GetTokenAsync("refresh_token") + "<br>");
                 await context.Response.WriteAsync("Token Type: " + await context.Authentication.GetTokenAsync("token_type") + "<br>");
                 await context.Response.WriteAsync("expires_at: " + await context.Authentication.GetTokenAsync("expires_at") + "<br>");
-                await context.Response.WriteAsync("<a href=\"/logout\">Logout</a>");
+                await context.Response.WriteAsync("<a href=\"/logout\">Logout</a><br>");
                 await context.Response.WriteAsync("</body></html>");
             });
         }
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index d6cc4ce7fc..f1ad0d0559 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -89,9 +89,32 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected abstract Task<AuthenticateResult> HandleRemoteAuthenticateAsync();
 
-        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
-            return Task.FromResult(AuthenticateResult.Fail("Remote authentication does not support authenticate"));
+            // Most RemoteAuthenticationHandlers will have a PriorHandler, but it might not be set up during unit tests.
+            if (PriorHandler != null)
+            {
+                var authenticateContext = new AuthenticateContext(Options.SignInScheme);
+                await PriorHandler.AuthenticateAsync(authenticateContext);
+                if (authenticateContext.Accepted)
+                {
+                    if (authenticateContext.Error != null)
+                    {
+                        return AuthenticateResult.Fail(authenticateContext.Error);
+                    }
+
+                    if (authenticateContext.Principal != null)
+                    {
+                        return AuthenticateResult.Success(new AuthenticationTicket(authenticateContext.Principal,
+                            new AuthenticationProperties(authenticateContext.Properties), Options.AuthenticationScheme));
+                    }
+
+                    return AuthenticateResult.Fail("Not authenticated");
+                }
+
+            }
+
+            return AuthenticateResult.Fail("Remote authentication does not support authenticate");
         }
 
         protected override Task HandleSignOutAsync(SignOutContext context)
@@ -104,9 +127,11 @@ namespace Microsoft.AspNetCore.Authentication
             throw new NotSupportedException();
         }
 
-        protected override Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
-            throw new NotSupportedException();
+            var challengeContext = new ChallengeContext(Options.SignInScheme, context.Properties, ChallengeBehavior.Forbidden);
+            await PriorHandler.ChallengeAsync(challengeContext);
+            return challengeContext.Accepted;
         }
 
         protected virtual void GenerateCorrelationId(AuthenticationProperties properties)

From 2634fe318d8b81a3fc6e7e67a2dca980fb9bcc69 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 24 May 2016 13:53:57 -0700
Subject: [PATCH 540/900] #814 Rework CookieAuth for compat with CookiePolicy.

---
 .../ChunkingCookieManager.cs                  | 114 ++-----
 .../CookieAuthenticationMiddleware.cs         |   2 +-
 .../ChunkingCookieManager.cs                  | 281 ++++++++++++++++++
 .../Constants.cs                              |  13 +
 .../Infrastructure/CookieChunkingTests.cs     |  68 +----
 .../CookiePolicyTests.cs                      |  99 ++++++
 .../project.json                              |   1 +
 .../CookieInteropTests.cs                     | 147 ++++++++-
 8 files changed, 569 insertions(+), 156 deletions(-)
 create mode 100644 src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/Constants.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
index 380e6f9374..c7bff38d1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
@@ -5,7 +5,6 @@ using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
-using System.Text.Encodings.Web;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
@@ -18,13 +17,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// </summary>
     public class ChunkingCookieManager : ICookieManager
     {
-        public ChunkingCookieManager(UrlEncoder urlEncoder)
+        private const string ChunkKeySuffix = "C";
+        private const string ChunkCountPrefix = "chunks-";
+
+        public ChunkingCookieManager()
         {
             // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
             // See http://browsercookielimits.x64.me/.
-            ChunkSize = 4090;
+            // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
+            ChunkSize = 4070;
             ThrowForPartialCookies = true;
-            Encoder = urlEncoder ?? UrlEncoder.Default;
         }
 
         /// <summary>
@@ -41,14 +43,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         public bool ThrowForPartialCookies { get; set; }
 
-        private UrlEncoder Encoder { get; set; }
-
-        // Parse the "chunks:XX" to determine how many chunks there should be.
+        // Parse the "chunks-XX" to determine how many chunks there should be.
         private static int ParseChunksCount(string value)
         {
-            if (value != null && value.StartsWith("chunks:", StringComparison.Ordinal))
+            if (value != null && value.StartsWith(ChunkCountPrefix, StringComparison.Ordinal))
             {
-                var chunksCountString = value.Substring("chunks:".Length);
+                var chunksCountString = value.Substring(ChunkCountPrefix.Length);
                 int chunksCount;
                 if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out chunksCount))
                 {
@@ -60,7 +60,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         /// <summary>
         /// Get the reassembled cookie. Non chunked cookies are returned normally.
-        /// Cookies with missing chunks just have their "chunks:XX" header returned.
+        /// Cookies with missing chunks just have their "chunks-XX" header returned.
         /// </summary>
         /// <param name="context"></param>
         /// <param name="key"></param>
@@ -82,11 +82,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var chunksCount = ParseChunksCount(value);
             if (chunksCount > 0)
             {
-                var quoted = false;
                 var chunks = new string[chunksCount];
                 for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
                 {
-                    var chunk = requestCookies[key + "C" + chunkId.ToString(CultureInfo.InvariantCulture)];
+                    var chunk = requestCookies[key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture)];
                     if (string.IsNullOrEmpty(chunk))
                     {
                         if (ThrowForPartialCookies)
@@ -102,20 +101,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         // Missing chunk, abort by returning the original cookie value. It may have been a false positive?
                         return value;
                     }
-                    if (IsQuoted(chunk))
-                    {
-                        // Note: Since we assume these cookies were generated by our code, then we can assume that if one cookie has quotes then they all do.
-                        quoted = true;
-                        chunk = RemoveQuotes(chunk);
-                    }
+
                     chunks[chunkId - 1] = chunk;
                 }
-                var merged = string.Join(string.Empty, chunks);
-                if (quoted)
-                {
-                    merged = Quote(merged);
-                }
-                return merged;
+
+                return string.Join(string.Empty, chunks);
             }
             return value;
         }
@@ -123,7 +113,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// Appends a new response cookie to the Set-Cookie header. If the cookie is larger than the given size limit
         /// then it will be broken down into multiple cookies as follows:
-        /// Set-Cookie: CookieName=chunks:3; path=/
+        /// Set-Cookie: CookieName=chunks-3; path=/
         /// Set-Cookie: CookieNameC1=Segment1; path=/
         /// Set-Cookie: CookieNameC2=Segment2; path=/
         /// Set-Cookie: CookieNameC3=Segment3; path=/
@@ -149,9 +139,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 throw new ArgumentNullException(nameof(options));
             }
 
-            var escapedKey = Encoder.Encode(key);
-
-            var template = new SetCookieHeaderValue(escapedKey)
+            var template = new SetCookieHeaderValue(key)
             {
                 Domain = options.Domain,
                 Expires = options.Expires,
@@ -163,22 +151,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var templateLength = template.ToString().Length;
 
             value = value ?? string.Empty;
-            var quoted = false;
-            if (IsQuoted(value))
-            {
-                quoted = true;
-                value = RemoveQuotes(value);
-            }
-            var escapedValue = Encoder.Encode(value);
 
             // Normal cookie
-            var responseHeaders = context.Response.Headers;
-            if (!ChunkSize.HasValue || ChunkSize.Value > templateLength + escapedValue.Length + (quoted ? 2 : 0))
+            var responseCookies = context.Response.Cookies;
+            if (!ChunkSize.HasValue || ChunkSize.Value > templateLength + value.Length)
             {
-                template.Value = quoted ? Quote(escapedValue) : escapedValue;
-                responseHeaders.Append(Constants.Headers.SetCookie, template.ToString());
+                responseCookies.Append(key, value, options);
             }
-            else if (ChunkSize.Value < templateLength + (quoted ? 2 : 0) + 10)
+            else if (ChunkSize.Value < templateLength + 10)
             {
                 // 10 is the minimum data we want to put in an individual cookie, including the cookie chunk identifier "CXX".
                 // No room for data, we can't chunk the options and name
@@ -188,30 +168,25 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 // Break the cookie down into multiple cookies.
                 // Key = CookieName, value = "Segment1Segment2Segment2"
-                // Set-Cookie: CookieName=chunks:3; path=/
+                // Set-Cookie: CookieName=chunks-3; path=/
                 // Set-Cookie: CookieNameC1="Segment1"; path=/
                 // Set-Cookie: CookieNameC2="Segment2"; path=/
                 // Set-Cookie: CookieNameC3="Segment3"; path=/
-                var dataSizePerCookie = ChunkSize.Value - templateLength - (quoted ? 2 : 0) - 3; // Budget 3 chars for the chunkid.
-                var cookieChunkCount = (int)Math.Ceiling(escapedValue.Length * 1.0 / dataSizePerCookie);
+                var dataSizePerCookie = ChunkSize.Value - templateLength - 3; // Budget 3 chars for the chunkid.
+                var cookieChunkCount = (int)Math.Ceiling(value.Length * 1.0 / dataSizePerCookie);
 
-                template.Value = "chunks:" + cookieChunkCount.ToString(CultureInfo.InvariantCulture);
-                responseHeaders.Append(Constants.Headers.SetCookie, template.ToString());
+                responseCookies.Append(key, ChunkCountPrefix + cookieChunkCount.ToString(CultureInfo.InvariantCulture), options);
 
-                var chunks = new string[cookieChunkCount];
                 var offset = 0;
                 for (var chunkId = 1; chunkId <= cookieChunkCount; chunkId++)
                 {
-                    var remainingLength = escapedValue.Length - offset;
+                    var remainingLength = value.Length - offset;
                     var length = Math.Min(dataSizePerCookie, remainingLength);
-                    var segment = escapedValue.Substring(offset, length);
+                    var segment = value.Substring(offset, length);
                     offset += length;
 
-                    template.Name = escapedKey + "C" + chunkId.ToString(CultureInfo.InvariantCulture);
-                    template.Value = quoted ? Quote(segment) : segment;
-                    chunks[chunkId - 1] = template.ToString();
+                    responseCookies.Append(key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture), segment, options);
                 }
-                responseHeaders.Append(Constants.Headers.SetCookie, chunks);
             }
         }
 
@@ -239,9 +214,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 throw new ArgumentNullException(nameof(options));
             }
 
-            var escapedKey = Encoder.Encode(key);
             var keys = new List<string>();
-            keys.Add(escapedKey + "=");
+            keys.Add(key + "=");
 
             var requestCookie = context.Request.Cookies[key];
             var chunks = ParseChunksCount(requestCookie);
@@ -249,7 +223,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 for (int i = 1; i <= chunks + 1; i++)
                 {
-                    var subkey = escapedKey + "C" + i.ToString(CultureInfo.InvariantCulture);
+                    var subkey = key + ChunkKeySuffix + i.ToString(CultureInfo.InvariantCulture);
                     keys.Add(subkey + "=");
                 }
             }
@@ -304,35 +278,5 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     });
             }
         }
-
-        private static bool IsQuoted(string value)
-        {
-            if (value == null)
-            {
-                throw new ArgumentNullException(nameof(value));
-            }
-
-            return value.Length >= 2 && value[0] == '"' && value[value.Length - 1] == '"';
-        }
-
-        private static string RemoveQuotes(string value)
-        {
-            if (value == null)
-            {
-                throw new ArgumentNullException(nameof(value));
-            }
-
-            return value.Substring(1, value.Length - 2);
-        }
-
-        private static string Quote(string value)
-        {
-            if (value == null)
-            {
-                throw new ArgumentNullException(nameof(value));
-            }
-
-            return '"' + value + '"';
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
index ff54957cfe..14d152a818 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
@@ -42,7 +42,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
             if (Options.CookieManager == null)
             {
-                Options.CookieManager = new ChunkingCookieManager(urlEncoder);
+                Options.CookieManager = new ChunkingCookieManager();
             }
             if (!Options.LoginPath.HasValue)
             {
diff --git a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs b/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
new file mode 100644
index 0000000000..b323258d9b
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
@@ -0,0 +1,281 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using Microsoft.Owin.Infrastructure;
+
+namespace Microsoft.Owin.Security.Interop
+{
+    // This MUST be kept in sync with Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager
+    /// <summary>
+    /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
+    /// from requests.
+    /// </summary>
+    public class ChunkingCookieManager : ICookieManager
+    {
+        private const string ChunkKeySuffix = "C";
+        private const string ChunkCountPrefix = "chunks-";
+
+        public ChunkingCookieManager()
+        {
+            // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
+            // See http://browsercookielimits.x64.me/.
+            // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
+            ChunkSize = 4070;
+            ThrowForPartialCookies = true;
+        }
+
+        /// <summary>
+        /// The maximum size of cookie to send back to the client. If a cookie exceeds this size it will be broken down into multiple
+        /// cookies. Set this value to null to disable this behavior. The default is 4090 characters, which is supported by all
+        /// common browsers.
+        ///
+        /// Note that browsers may also have limits on the total size of all cookies per domain, and on the number of cookies per domain.
+        /// </summary>
+        public int? ChunkSize { get; set; }
+
+        /// <summary>
+        /// Throw if not all chunks of a cookie are available on a request for re-assembly.
+        /// </summary>
+        public bool ThrowForPartialCookies { get; set; }
+
+        // Parse the "chunks-XX" to determine how many chunks there should be.
+        private static int ParseChunksCount(string value)
+        {
+            if (value != null && value.StartsWith(ChunkCountPrefix, StringComparison.Ordinal))
+            {
+                var chunksCountString = value.Substring(ChunkCountPrefix.Length);
+                int chunksCount;
+                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out chunksCount))
+                {
+                    return chunksCount;
+                }
+            }
+            return 0;
+        }
+
+        /// <summary>
+        /// Get the reassembled cookie. Non chunked cookies are returned normally.
+        /// Cookies with missing chunks just have their "chunks-XX" header returned.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <returns>The reassembled cookie, if any, or null.</returns>
+        public string GetRequestCookie(IOwinContext context, string key)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            var requestCookies = context.Request.Cookies;
+            var value = requestCookies[key];
+            var chunksCount = ParseChunksCount(value);
+            if (chunksCount > 0)
+            {
+                var chunks = new string[chunksCount];
+                for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
+                {
+                    var chunk = requestCookies[key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture)];
+                    if (string.IsNullOrEmpty(chunk))
+                    {
+                        if (ThrowForPartialCookies)
+                        {
+                            var totalSize = 0;
+                            for (int i = 0; i < chunkId - 1; i++)
+                            {
+                                totalSize += chunks[i].Length;
+                            }
+                            throw new FormatException(
+                                string.Format(CultureInfo.CurrentCulture, 
+                                "The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.",
+                                chunkId - 1, chunksCount, totalSize));
+                        }
+                        // Missing chunk, abort by returning the original cookie value. It may have been a false positive?
+                        return value;
+                    }
+
+                    chunks[chunkId - 1] = chunk;
+                }
+
+                return string.Join(string.Empty, chunks);
+            }
+            return value;
+        }
+
+        /// <summary>
+        /// Appends a new response cookie to the Set-Cookie header. If the cookie is larger than the given size limit
+        /// then it will be broken down into multiple cookies as follows:
+        /// Set-Cookie: CookieName=chunks-3; path=/
+        /// Set-Cookie: CookieNameC1=Segment1; path=/
+        /// Set-Cookie: CookieNameC2=Segment2; path=/
+        /// Set-Cookie: CookieNameC3=Segment3; path=/
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="value"></param>
+        /// <param name="options"></param>
+        public void AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            var pathHasValue = !string.IsNullOrEmpty(options.Path);
+            var expiresHasValue = options.Expires.HasValue;
+
+            var templateLength = key.Length + "=".Length
+                + (domainHasValue ? "; domain=".Length + options.Domain.Length : 0)
+                + (pathHasValue ? "; path=".Length + options.Path.Length : 0)
+                + (expiresHasValue ? "; expires=ddd, dd-MMM-yyyy HH:mm:ss GMT".Length : 0)
+                + (options.Secure ? "; secure".Length : 0)
+                + (options.HttpOnly ? "; HttpOnly".Length : 0);
+
+            // Normal cookie
+            var responseCookies = context.Response.Cookies;
+            if (!ChunkSize.HasValue || ChunkSize.Value > templateLength + value.Length)
+            {
+                responseCookies.Append(key, value, options);
+            }
+            else if (ChunkSize.Value < templateLength + 10)
+            {
+                // 10 is the minimum data we want to put in an individual cookie, including the cookie chunk identifier "CXX".
+                // No room for data, we can't chunk the options and name
+                throw new InvalidOperationException("The cookie key and options are larger than ChunksSize, leaving no room for data.");
+            }
+            else
+            {
+                // Break the cookie down into multiple cookies.
+                // Key = CookieName, value = "Segment1Segment2Segment2"
+                // Set-Cookie: CookieName=chunks-3; path=/
+                // Set-Cookie: CookieNameC1="Segment1"; path=/
+                // Set-Cookie: CookieNameC2="Segment2"; path=/
+                // Set-Cookie: CookieNameC3="Segment3"; path=/
+                var dataSizePerCookie = ChunkSize.Value - templateLength - 3; // Budget 3 chars for the chunkid.
+                var cookieChunkCount = (int)Math.Ceiling(value.Length * 1.0 / dataSizePerCookie);
+
+                responseCookies.Append(key, ChunkCountPrefix + cookieChunkCount.ToString(CultureInfo.InvariantCulture), options);
+
+                var offset = 0;
+                for (var chunkId = 1; chunkId <= cookieChunkCount; chunkId++)
+                {
+                    var remainingLength = value.Length - offset;
+                    var length = Math.Min(dataSizePerCookie, remainingLength);
+                    var segment = value.Substring(offset, length);
+                    offset += length;
+
+                    responseCookies.Append(key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture), segment, options);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Deletes the cookie with the given key by setting an expired state. If a matching chunked cookie exists on
+        /// the request, delete each chunk.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="options"></param>
+        public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            var keys = new List<string>();
+            keys.Add(key + "=");
+
+            var requestCookie = context.Request.Cookies[key];
+            var chunks = ParseChunksCount(requestCookie);
+            if (chunks > 0)
+            {
+                for (int i = 1; i <= chunks + 1; i++)
+                {
+                    var subkey = key + ChunkKeySuffix + i.ToString(CultureInfo.InvariantCulture);
+                    keys.Add(subkey + "=");
+                }
+            }
+
+            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            var pathHasValue = !string.IsNullOrEmpty(options.Path);
+
+            Func<string, bool> rejectPredicate;
+            Func<string, bool> predicate = value => keys.Any(k => value.StartsWith(k, StringComparison.OrdinalIgnoreCase));
+            if (domainHasValue)
+            {
+                rejectPredicate = value => predicate(value) && value.IndexOf("domain=" + options.Domain, StringComparison.OrdinalIgnoreCase) != -1;
+            }
+            else if (pathHasValue)
+            {
+                rejectPredicate = value => predicate(value) && value.IndexOf("path=" + options.Path, StringComparison.OrdinalIgnoreCase) != -1;
+            }
+            else
+            {
+                rejectPredicate = value => predicate(value);
+            }
+
+            var responseHeaders = context.Response.Headers;
+            string[] existingValues;
+            if (responseHeaders.TryGetValue(Constants.Headers.SetCookie, out existingValues) && existingValues != null)
+            {
+                responseHeaders.SetValues(Constants.Headers.SetCookie, existingValues.Where(value => !rejectPredicate(value)).ToArray());
+            }
+
+            AppendResponseCookie(
+                context,
+                key,
+                string.Empty,
+                new CookieOptions()
+                {
+                    Path = options.Path,
+                    Domain = options.Domain,
+                    Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
+                });
+
+            for (int i = 1; i <= chunks; i++)
+            {
+                AppendResponseCookie(
+                    context,
+                    key + "C" + i.ToString(CultureInfo.InvariantCulture),
+                    string.Empty,
+                    new CookieOptions()
+                    {
+                        Path = options.Path,
+                        Domain = options.Domain,
+                        Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
+                    });
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.Owin.Security.Interop/Constants.cs b/src/Microsoft.Owin.Security.Interop/Constants.cs
new file mode 100644
index 0000000000..1e75761b70
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/Constants.cs
@@ -0,0 +1,13 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.Owin.Security.Interop
+{
+    internal static class Constants
+    {
+        internal static class Headers
+        {
+            internal const string SetCookie = "Set-Cookie";
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
index 4b92f08c8d..670baf5db4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
             HttpContext context = new DefaultHttpContext();
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-            new ChunkingCookieManager(null) { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(1, values.Count);
             Assert.Equal("TestCookie=" + testString + "; path=/", values[0]);
@@ -27,12 +27,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
             HttpContext context = new DefaultHttpContext();
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-            new ChunkingCookieManager(null) { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            new ChunkingCookieManager() { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(9, values.Count);
             Assert.Equal<string[]>(new[]
             {
-                "TestCookie=chunks:8; path=/",
+                "TestCookie=chunks-8; path=/",
                 "TestCookieC1=abcdefgh; path=/",
                 "TestCookieC2=ijklmnop; path=/",
                 "TestCookieC3=qrstuvwx; path=/",
@@ -44,36 +44,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
             }, values);
         }
 
-        [Fact]
-        public void AppendLargeQuotedCookieWithLimit_QuotedChunked()
-        {
-            HttpContext context = new DefaultHttpContext();
-
-            string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
-            new ChunkingCookieManager(null) { ChunkSize = 32 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
-            var values = context.Response.Headers["Set-Cookie"];
-            Assert.Equal(9, values.Count);
-            Assert.Equal<string[]>(new[]
-            {
-                "TestCookie=chunks:8; path=/",
-                "TestCookieC1=\"abcdefgh\"; path=/",
-                "TestCookieC2=\"ijklmnop\"; path=/",
-                "TestCookieC3=\"qrstuvwx\"; path=/",
-                "TestCookieC4=\"yz012345\"; path=/",
-                "TestCookieC5=\"6789ABCD\"; path=/",
-                "TestCookieC6=\"EFGHIJKL\"; path=/",
-                "TestCookieC7=\"MNOPQRST\"; path=/",
-                "TestCookieC8=\"UVWXYZ\"; path=/",
-            }, values);
-        }
-
         [Fact]
         public void GetLargeChunkedCookie_Reassembled()
         {
             HttpContext context = new DefaultHttpContext();
             context.Request.Headers["Cookie"] = new[]
             {
-                "TestCookie=chunks:7",
+                "TestCookie=chunks-7",
                 "TestCookieC1=abcdefghi",
                 "TestCookieC2=jklmnopqr",
                 "TestCookieC3=stuvwxyz0",
@@ -83,39 +60,18 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
                 "TestCookieC7=STUVWXYZ"
             };
 
-            string result = new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie");
+            string result = new ChunkingCookieManager().GetRequestCookie(context, "TestCookie");
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
             Assert.Equal(testString, result);
         }
 
-        [Fact]
-        public void GetLargeChunkedCookieWithQuotes_Reassembled()
-        {
-            HttpContext context = new DefaultHttpContext();
-            context.Request.Headers["Cookie"] = new[]
-            {
-                "TestCookie=chunks:7",
-                "TestCookieC1=\"abcdefghi\"",
-                "TestCookieC2=\"jklmnopqr\"",
-                "TestCookieC3=\"stuvwxyz0\"",
-                "TestCookieC4=\"123456789\"",
-                "TestCookieC5=\"ABCDEFGHI\"",
-                "TestCookieC6=\"JKLMNOPQR\"",
-                "TestCookieC7=\"STUVWXYZ\""
-            };
-
-            string result = new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie");
-            string testString = "\"abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\"";
-            Assert.Equal(testString, result);
-        }
-
         [Fact]
         public void GetLargeChunkedCookieWithMissingChunk_ThrowingEnabled_Throws()
         {
             HttpContext context = new DefaultHttpContext();
             context.Request.Headers["Cookie"] = new[]
             {
-                "TestCookie=chunks:7",
+                "TestCookie=chunks-7",
                 "TestCookieC1=abcdefghi",
                 // Missing chunk "TestCookieC2=jklmnopqr",
                 "TestCookieC3=stuvwxyz0",
@@ -125,7 +81,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
                 "TestCookieC7=STUVWXYZ"
             };
 
-            Assert.Throws<FormatException>(() => new ChunkingCookieManager(null).GetRequestCookie(context, "TestCookie"));
+            Assert.Throws<FormatException>(() => new ChunkingCookieManager().GetRequestCookie(context, "TestCookie"));
         }
 
         [Fact]
@@ -134,7 +90,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
             HttpContext context = new DefaultHttpContext();
             context.Request.Headers["Cookie"] = new[]
             {
-                "TestCookie=chunks:7",
+                "TestCookie=chunks-7",
                 "TestCookieC1=abcdefghi",
                 // Missing chunk "TestCookieC2=jklmnopqr",
                 "TestCookieC3=stuvwxyz0",
@@ -144,8 +100,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
                 "TestCookieC7=STUVWXYZ"
             };
 
-            string result = new ChunkingCookieManager(null) { ThrowForPartialCookies = false }.GetRequestCookie(context, "TestCookie");
-            string testString = "chunks:7";
+            string result = new ChunkingCookieManager() { ThrowForPartialCookies = false }.GetRequestCookie(context, "TestCookie");
+            string testString = "chunks-7";
             Assert.Equal(testString, result);
         }
 
@@ -153,9 +109,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
         public void DeleteChunkedCookieWithOptions_AllDeleted()
         {
             HttpContext context = new DefaultHttpContext();
-            context.Request.Headers.Append("Cookie", "TestCookie=chunks:7");
+            context.Request.Headers.Append("Cookie", "TestCookie=chunks-7");
 
-            new ChunkingCookieManager(null).DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
+            new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
             var cookies = context.Response.Headers["Set-Cookie"];
             Assert.Equal(8, cookies.Count);
             Assert.Equal(new[]
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index f08d7fef8e..34d967617b 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -2,12 +2,17 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Security.Claims;
+using System.Security.Principal;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.CookiePolicy.Test
@@ -228,6 +233,100 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             Assert.Equal("Done", transaction.ResponseText);
         }
 
+        [Fact]
+        public async Task CookiePolicyAppliesToCookieAuth()
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services =>
+                {
+                    services.AddAuthentication();
+                })
+                .Configure(app =>
+                {
+                    app.UseCookiePolicy(new CookiePolicyOptions
+                    {
+                        HttpOnly = HttpOnlyPolicy.Always,
+                        Secure = CookieSecurePolicy.Always,
+                    });
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions()
+                    {
+                        CookieName = "TestCookie",
+                        CookieHttpOnly = false,
+                        CookieSecure = CookieSecurePolicy.None,
+                    });
+                    app.Run(context =>
+                    {
+                        return context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                            new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("TestUser", "Cookies"))));
+                    });
+                });
+            var server = new TestServer(builder);
+
+            var transaction = await server.SendAsync("http://example.com/login");
+
+            Assert.NotNull(transaction.SetCookie);
+            Assert.Equal(1, transaction.SetCookie.Count);
+            var cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[0]);
+            Assert.Equal("TestCookie", cookie.Name);
+            Assert.True(cookie.HttpOnly);
+            Assert.True(cookie.Secure);
+            Assert.Equal("/", cookie.Path);
+        }
+
+        [Fact]
+        public async Task CookiePolicyAppliesToCookieAuthChunks()
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services =>
+                {
+                    services.AddAuthentication();
+                })
+                .Configure(app =>
+                {
+                    app.UseCookiePolicy(new CookiePolicyOptions
+                    {
+                        HttpOnly = HttpOnlyPolicy.Always,
+                        Secure = CookieSecurePolicy.Always,
+                    });
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions()
+                    {
+                        CookieName = "TestCookie",
+                        CookieHttpOnly = false,
+                        CookieSecure = CookieSecurePolicy.None,
+                    });
+                    app.Run(context =>
+                    {
+                        return context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                            new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity(new string('c', 1024 * 5), "Cookies"))));
+                    });
+                });
+            var server = new TestServer(builder);
+
+            var transaction = await server.SendAsync("http://example.com/login");
+
+            Assert.NotNull(transaction.SetCookie);
+            Assert.Equal(3, transaction.SetCookie.Count);
+
+            var cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[0]);
+            Assert.Equal("TestCookie", cookie.Name);
+            Assert.Equal("chunks-2", cookie.Value);
+            Assert.True(cookie.HttpOnly);
+            Assert.True(cookie.Secure);
+            Assert.Equal("/", cookie.Path);
+
+            cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[1]);
+            Assert.Equal("TestCookieC1", cookie.Name);
+            Assert.True(cookie.HttpOnly);
+            Assert.True(cookie.Secure);
+            Assert.Equal("/", cookie.Path);
+
+            cookie = SetCookieHeaderValue.Parse(transaction.SetCookie[2]);
+            Assert.Equal("TestCookieC2", cookie.Name);
+            Assert.True(cookie.HttpOnly);
+            Assert.True(cookie.Secure);
+            Assert.Equal("/", cookie.Path);
+        }
+
         private class TestCookieFeature : IResponseCookiesFeature
         {
             public IResponseCookies Cookies { get; } = new BadCookies();
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 6e64aba57d..26cc946be1 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -5,6 +5,7 @@
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
     "Microsoft.NETCore.Platforms": "1.0.1-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index 2abb115e47..79288b026d 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
@@ -14,6 +15,7 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
 using Microsoft.Owin.Security.Cookies;
 using Microsoft.Owin.Testing;
 using Owin;
@@ -71,12 +73,73 @@ namespace Microsoft.Owin.Security.Interop
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
-            request.Headers.Add("Cookie", transaction.SetCookie.Split(new[] { ';' }, 2).First());
+            foreach (var cookie in SetCookieHeaderValue.ParseList(transaction.SetCookie))
+            {
+                request.Headers.Add("Cookie", cookie.Name + "=" + cookie.Value);
+            }
             var response = await newServer.CreateClient().SendAsync(request);
 
             Assert.Equal("Alice", await response.Content.ReadAsStringAsync());
         }
 
+        [Fact]
+        public async Task AspNetCoreWithLargeInteropCookieContainsIdentity()
+        {
+            var identity = new ClaimsIdentity("Cookies");
+            identity.AddClaim(new Claim(ClaimTypes.Name, new string('a', 1024 * 5)));
+
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
+                CookieAuthenticationDefaults.AuthenticationType, "v2");
+
+            var interopServer = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
+                    CookieManager = new ChunkingCookieManager(),
+                });
+
+                app.Run(context =>
+                {
+                    context.Authentication.SignIn(identity);
+                    return Task.FromResult(0);
+                });
+            });
+
+            var transaction = await SendAsync(interopServer, "http://example.com");
+
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
+                    {
+                        DataProtectionProvider = dataProtection
+                    });
+                    app.Run(async context =>
+                    {
+                        var result = await context.Authentication.AuthenticateAsync("Cookies");
+                        await context.Response.WriteAsync(result.Identity.Name);
+                    });
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
+
+            var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
+            foreach (var cookie in SetCookieHeaderValue.ParseList(transaction.SetCookie))
+            {
+                request.Headers.Add("Cookie", cookie.Name + "=" + cookie.Value);
+            }
+            var response = await newServer.CreateClient().SendAsync(request);
+
+            Assert.Equal(1024 * 5, (await response.Content.ReadAsStringAsync()).Length);
+        }
+
         [Fact]
         public async Task InteropWithNewCookieContainsIdentity()
         {
@@ -102,13 +165,13 @@ namespace Microsoft.Owin.Security.Interop
                 .ConfigureServices(services => services.AddAuthentication());
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
-            var cookie = await SendAndGetCookie(newServer, "http://example.com/login");
+            var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
 
             var server = TestServer.Create(app =>
             {
                 app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
 
-                app.UseCookieAuthentication(new Owin.Security.Cookies.CookieAuthenticationOptions
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
                 {
                     TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
                     CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
@@ -122,18 +185,74 @@ namespace Microsoft.Owin.Security.Interop
                 });
             });
 
-            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookie);
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookies);
 
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
-        private static async Task<string> SendAndGetCookie(AspNetCore.TestHost.TestServer server, string uri)
+        [Fact]
+        public async Task InteropWithLargeNewCookieContainsIdentity()
+        {
+            var user = new ClaimsPrincipal();
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim(ClaimTypes.Name, new string('a', 1024 * 5)));
+            user.AddIdentity(identity);
+
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
+                CookieAuthenticationDefaults.AuthenticationType, "v2");
+
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
+                    {
+                        DataProtectionProvider = dataProtection
+                    });
+                    app.Run(context => context.Authentication.SignInAsync("Cookies", user));
+                })
+                .ConfigureServices(services => services.AddAuthentication());
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
+
+            var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
+
+            var server = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
+                    CookieManager = new ChunkingCookieManager(),
+                });
+
+                app.Run(async context =>
+                {
+                    var result = await context.Authentication.AuthenticateAsync("Cookies");
+                    Describe(context.Response, result);
+                });
+            });
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookies);
+
+            Assert.Equal(1024 * 5, FindClaimValue(transaction2, ClaimTypes.Name).Length);
+        }
+
+        private static async Task<IList<string>> SendAndGetCookies(AspNetCore.TestHost.TestServer server, string uri)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
             var response = await server.CreateClient().SendAsync(request);
             if (response.Headers.Contains("Set-Cookie"))
             {
-                return response.Headers.GetValues("Set-Cookie").ToList().First();
+                IList<string> cookieHeaders = new List<string>();
+                foreach (var cookie in SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()))
+                {
+                    cookieHeaders.Add(cookie.Name + "=" + cookie.Value);
+                }
+                return cookieHeaders;
             }
             return null;
         }
@@ -148,7 +267,7 @@ namespace Microsoft.Owin.Security.Interop
             return claim.Attribute("value").Value;
         }
 
-        private static void Describe(IOwinResponse res, Owin.Security.AuthenticateResult result)
+        private static void Describe(IOwinResponse res, AuthenticateResult result)
         {
             res.StatusCode = 200;
             res.ContentType = "text/xml";
@@ -171,12 +290,12 @@ namespace Microsoft.Owin.Security.Interop
             }
         }
 
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null, bool ajaxRequest = false)
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, IList<string> cookieHeaders = null, bool ajaxRequest = false)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (!string.IsNullOrEmpty(cookieHeader))
+            if (cookieHeaders != null)
             {
-                request.Headers.Add("Cookie", cookieHeader);
+                request.Headers.Add("Cookie", cookieHeaders);
             }
             if (ajaxRequest)
             {
@@ -189,11 +308,11 @@ namespace Microsoft.Owin.Security.Interop
             };
             if (transaction.Response.Headers.Contains("Set-Cookie"))
             {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").SingleOrDefault();
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
             }
-            if (!string.IsNullOrEmpty(transaction.SetCookie))
+            if (transaction.SetCookie != null && transaction.SetCookie.Any())
             {
-                transaction.CookieNameValue = transaction.SetCookie.Split(new[] { ';' }, 2).First();
+                transaction.CookieNameValue = transaction.SetCookie.First().Split(new[] { ';' }, 2).First();
             }
             transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
 
@@ -211,7 +330,7 @@ namespace Microsoft.Owin.Security.Interop
             public HttpRequestMessage Request { get; set; }
             public HttpResponseMessage Response { get; set; }
 
-            public string SetCookie { get; set; }
+            public IList<string> SetCookie { get; set; }
             public string CookieNameValue { get; set; }
 
             public string ResponseText { get; set; }

From e57e01d02c35fc50160ff1ce0983450d7efeb1ce Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Thu, 26 May 2016 18:25:05 -0700
Subject: [PATCH 541/900] React to updated CoreCLR packages

https://github.com/aspnet/Coherence/issues/97
---
 src/Microsoft.AspNetCore.Authentication/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 06de08d84b..e5107da8fc 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -40,7 +40,7 @@
     },
     "netstandard1.3": {
       "dependencies": {
-        "System.Net.Http": "4.0.1-*"
+        "System.Net.Http": "4.1.0-*"
       },
       "imports": [
         "portable-net451"

From b358f571d673e230f612c08f95f9c5352a483375 Mon Sep 17 00:00:00 2001
From: Cesar Blum Silveira <cesars@microsoft.com>
Date: Fri, 27 May 2016 11:36:59 -0700
Subject: [PATCH 542/900] Fix OSX build on Travis.

---
 .travis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index df22f7a880..ceb3c7b67b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,5 +22,7 @@ branches:
     - release
     - dev
     - /^(.*\/)?ci-.*$/
+before_install:
+  - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; brew link --force openssl; fi
 script:
   - ./build.sh verify
\ No newline at end of file

From d6763bd77c931aeff1024cafd03255abfe55b753 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 25 May 2016 16:00:57 -0700
Subject: [PATCH 543/900] #423 Support distributed sign-out.

---
 samples/OpenIdConnectSample/Program.cs        |  32 +++++++++++++++---
 .../Properties/launchSettings.json            |   9 ++---
 samples/OpenIdConnectSample/Startup.cs        |  19 +++++++++++
 .../compiler/resources/cert.pfx               | Bin 0 -> 2483 bytes
 samples/OpenIdConnectSample/project.json      |   2 ++
 samples/SocialSample/Program.cs               |   3 --
 .../Events/IOpenIdConnectEvents.cs            |   5 +++
 .../Events/OpenIdConnectEvents.cs             |   7 ++++
 .../Events/RemoteSignoutContext.cs            |  16 +++++++++
 .../LoggingExtensions.cs                      |  30 ++++++++++++++++
 .../OpenIdConnectHandler.cs                   |  27 +++++++++++++++
 .../OpenIdConnectOptions.cs                   |  12 +++++++
 12 files changed, 150 insertions(+), 12 deletions(-)
 create mode 100644 samples/OpenIdConnectSample/compiler/resources/cert.pfx
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs

diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
index a81f11dfb0..fe77dd1a7c 100644
--- a/samples/OpenIdConnectSample/Program.cs
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -1,6 +1,8 @@
 using System.IO;
+using System.Reflection;
+using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.FileProviders;
 
 namespace OpenIdConnectSample
 {
@@ -8,11 +10,13 @@ namespace OpenIdConnectSample
     {
         public static void Main(string[] args)
         {
-            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
-
             var host = new WebHostBuilder()
-                .UseKestrel()
-                .UseConfiguration(config)
+                .UseKestrel(options =>
+                {
+                    //Configure SSL
+                    var serverCertificate = LoadCertificate();
+                    options.UseHttps(serverCertificate);
+                })
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
@@ -20,5 +24,23 @@ namespace OpenIdConnectSample
 
             host.Run();
         }
+
+        private static X509Certificate2 LoadCertificate()
+        {
+            var assembly = typeof(Startup).GetTypeInfo().Assembly;
+            var embeddedFileProvider = new EmbeddedFileProvider(assembly, "OpenIdConnectSample");
+            var certificateFileInfo = embeddedFileProvider.GetFileInfo("compiler/resources/cert.pfx");
+            using (var certificateStream = certificateFileInfo.CreateReadStream())
+            {
+                byte[] certificatePayload;
+                using (var memoryStream = new MemoryStream())
+                {
+                    certificateStream.CopyTo(memoryStream);
+                    certificatePayload = memoryStream.ToArray();
+                }
+
+                return new X509Certificate2(certificatePayload, "testPassword");
+            }
+        }
     }
 }
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index 557b6921e2..48610115fa 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -4,13 +4,14 @@
     "anonymousAuthentication": true,
     "iisExpress": {
       "applicationUrl": "http://localhost:42023",
-      "sslPort": 0
+      "sslPort": 44318
     }
   },
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
       "launchBrowser": true,
+      "launchUrl": "https://localhost:44318/",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
@@ -18,10 +19,10 @@
     "OpenIdConnectSample": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:42023",
+      "launchUrl": "https://localhost:44318/",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_SERVER.URLS": "http://localhost:42023"
+        "ASPNETCORE_URLS": "https://localhost:44318/",
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 3fffe9ce69..6beaa0a20b 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -78,6 +78,14 @@ namespace OpenIdConnectSample
 
             app.Run(async context =>
             {
+                if (context.Request.Path.Equals("/signedout"))
+                {
+                    context.Response.ContentType = "text/html";
+                    await context.Response.WriteAsync($"<html><body>You have been signed out.<br>{Environment.NewLine}");
+                    await context.Response.WriteAsync("<a href=\"/\">Sign In</a>");
+                    await context.Response.WriteAsync($"</body></html>");
+                    return;
+                }
                 if (context.Request.Path.Equals("/signout"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
@@ -87,6 +95,16 @@ namespace OpenIdConnectSample
                     await context.Response.WriteAsync($"</body></html>");
                     return;
                 }
+                if (context.Request.Path.Equals("/signout-remote"))
+                {
+                    // Redirects
+                    await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties()
+                    {
+                        RedirectUri = "/signedout"
+                    });
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    return;
+                }
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
@@ -134,6 +152,7 @@ namespace OpenIdConnectSample
                 }
                 await context.Response.WriteAsync("<a href=\"/restricted\">Restricted</a><br>");
                 await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a><br>");
+                await context.Response.WriteAsync("<a href=\"/signout-remote\">Sign Out Remote</a><br>");
                 await context.Response.WriteAsync($"</body></html>");
             });
         }
diff --git a/samples/OpenIdConnectSample/compiler/resources/cert.pfx b/samples/OpenIdConnectSample/compiler/resources/cert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..7118908c2d730670c16e9f8b2c532a262c951989
GIT binary patch
literal 2483
zcmaKuc|27A8pqF>IWr86E&Q@(n=B)p$ug!;QVB6xij*z;uPLG!yCz#DQB)+9G$9m9
zQU)=DWXU?*EZIw<WSLy<>G!+0d++P@yZ4Xhoagg?p6B~|Ue7tN=Ny=UD?x#1n1MTq
z#c9MHh+D#gd|(a(cN}8i91v^=GcdgW3SmA$49p~gM-dys3jVWdg8+!iVL)pz1LDE5
zSb=|G<ZvN~KSQ!Q?rxD74~61uhZs=bU|nHHhtzT%{?4gfkgeydWXp04c*|$}bPuHR
zd9|7E;X!^&{+qu^YbHy7k@TeBncU!-)SA=Ul}%hyl>An(@R=(Ux!MfS9@}sFu-xDd
zIt2+mqSq$glwy_6UNs<2?(<xC6Ykp~$VcCkmP5a+xjNXHmeRsK)ipX={rj--0f&zM
z?&IF}F4EZs>qERU!gJ;5j}Pp&6trxG=wi)=@k(w2+fJVnc+qvXV<ox4QF~W&d~evJ
z3iC`kffp++kAB#EK7XV{bW*$WU0=;+0fW{64=vwMBJT_FCfH=KWfzgI8Z&3qHE&u<
zxK54EW)>zy(>Om4;L|^)R`t*3nTpAmEmTl(#i!RV#a0t#u6>Q9mY`-Nmcs7$XjXT7
zUmCD`O~_j7!%R#I?cG-7C^hcH)@l?WC1vyw$FFu_(r)jhOq6p}W8sG7NO{YTy8tG4
zrb$tTkag*G?(7lfoGx$4YWui>{{@}-FB2ub=}RX{1zx?j)s-##J9|G7E1@-;7Nuln
z9MQoX7FJ76+D#XXT@ZZmLZCufIdf3@OigG6m8I7!GT=7VD|>?6e!z9=eT}*E_tSn6
zl+clHCZ-kcIR#gen#LjMJW8>0QtViaQB#FhqsCb0YPYr3;jRITl@V9Aph24D?r2d`
zetCyyCg<*O-u+<Rbhx`bB1^AkxSlF$vc*%fKJ;7AI=3`O<;s^qmdb3}BGI&$Js>M&
zW^ptmT|}p$VAOZpmbQ1{5fK-6ytEvre#Po}6c2URn`viQAF2+e?Z~PK2&pd>7=7)I
zTCYm)@3PFRu_6a6Kb)IpCzQ%e3l%O#SDA+$Pq{Dk{HCqi7z>qd{nVpebffL7h{c4(
zmhXn~G+C27S3(IfC)q2KON=YwqHXEo%zc40DgWLzF{%RIdr@RcLu90qMSHf!Y<pL%
z?`-+`Lf@hK-X5CBDo4Vt!S$$%hHYZVV0F<AZ#BivPyD%i!?QT;&+m2KGwDUg87**H
zXF%UhGM9Ubo!RO<{9bSirORDYnprG=e7AC;kw}|?rf9o{>}JaqP<={8_Rfe;ddR5=
zKEo;^Yip&^m((#{czE{kUga3-@`*;&EwO}Jt>QdURP2P>ob^j-A!qld-0S_pm)kjs
zkNo48oZnMt){W~o8g^f;4#?lRLr-T@f}wH1o~-Iq=NEVtTVEZ`vrW~!>2yh%;Bc~H
zHl&OK>n@d`*e19*9#v>zZpU?I);f7}IPIfSSk#N|ujE492Itg)l!)TJ19@FE^x|p=
zH16NC7OfK&|6_!AnWfTIf^YPOa&`|nbk3VR0vql6&s@y1V3QOU%(`Re+<LyvjlGl=
zz-XC#DU8*S{O-EKR8yaqb4=CEFOh7zHA#>kJgrz?r9!{^wOQ4W-eng23gc}f(LxIs
zH_Ls~5izbjcRQH#WH6s6hR;zn>j_R8aJ$A)6xNneu8UI-vWV8Z@HZu&WwvG5q{1ZS
zdZeVf{Pv5-u281~y;aJe*x%Uv0@biMZ$vPbKj}O`(SOWQc~kJX<h@14F)xzPwd%>`
zXR&d4DtA<BD(%~qyw0eqH)lIt!?oSyKE5$1&k-?oPkRD4S4AZ*Pe$iwT=ROd+=PP%
zESC05u~-{k`p#ONyM4~AOJ0Zc0j87AzlAscT9-Hp5*C6$003b7e?xJSx%>e@2RH$^
z0os5*;0eIUeJi3Uh`A%44x(XzjClG8BO~-r_A}odiRuHo2-86#`mhrgN5p~<$RLY?
zq(kynfF<CIBn1F|Kp<jXz*#^6utlyv$!WkFQ6`8V0{A1$577b0QT~9>A5{v#p+EA1
z5aoe1763EQHorRm`C&ktKn(OQ1n)$Q{GZz&jRb`eDEMpl<0O#+)DMV(T7ns<Z!iNK
z%0Z(*6iQ_KvpbsE4Z<Z<xqFIoF8(7h4vQfQp;2-e02U{S!6I1nVF<kuNAq)cqxtv+
zo`vOq!;^Gj3P}&v+fIThj)>IzCG{QuM->B9g7Lrl2SE&gW`M!~(un|y0fIn=b^6_$
z9{zEzgYI~39xn0ZP*9qBL%fg7rg$ttt&TOmvfNNO<6FT0ZavM$Y4CYLQGIcIYv9Y&
zBGPUh&QTfW;V2!)oIra@s&d968y-y}Y|ww(R$GzWS*V&)k@W0>Slem{|HdTCjm;_5
zwY*A8W3nUbemE^_f0ng$tbd<`sr?TO-_&VCw+F#7P@LkIl$1PzTBoPY1b88EIO>UO
zP-NK7+g2yD3U6g3i|iA6+su>54sf_Sk0F=)1|9odnCM4u2<cEM&<eQiZ&rr2JL>Rs
z=&Y?-V&VquSN%3FJ2~ZGweP~iLs|w=l@9yu$tj@}Dp?e-2JUsqOoswdXb=E%&0te_
zA2M+{5Hf-dqD7=yw*r@A*xkn(1IS~nfP}k}e?4Bt|9g(eph4hFX_|S6nj1&Sz9z^=
zRw~<&-9d@FzTn6S*RVE{Wj5lgLJr9HLB8S9CgOm*>XA8*y<ryV+pXFUF4;|A*HjRC
zgT5a$Vz2i)_sBuvMuMu=@gHK(uiWQerS=@Lw3Cx?ZrDe67lZ6I32Wuy-xZvzX6i^E
z_bkug(lkQX7KLL=l3hF~c&{7zDn%2KHgZ01>4`JE;^s$=bqD#U4;e5C&x&ggKIAVL
zrQ)Yd8|{>7Z(6*B&7&4&9(*vDOfHMuR-Dk1IZia*XM^EZUD^{?cWG>J>KrtElc*{K
zaVl(7SN2cH4I6Q$bZOpJ8e5LKaG7p;?tJ~#+9QrTYU@f#5`Vo7cEX!szCT}iX-K^2
w#3o+<vGdszOTfH?mwL2vCR+>=C+lQz2J+SOEzVX(eJ)e7=eicC{rr9U2VGDcdH?_b

literal 0
HcmV?d00001

diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 5f0744e0b7..32e19ca40e 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -5,7 +5,9 @@
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
+    "Microsoft.Extensions.FileProviders.Embedded": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
     "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
   },
diff --git a/samples/SocialSample/Program.cs b/samples/SocialSample/Program.cs
index 386819e6f5..f3cad66ad3 100644
--- a/samples/SocialSample/Program.cs
+++ b/samples/SocialSample/Program.cs
@@ -11,8 +11,6 @@ namespace SocialSample
     {
         public static void Main(string[] args)
         {
-            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
-
             var host = new WebHostBuilder()
                 .UseKestrel(options =>
                 {
@@ -20,7 +18,6 @@ namespace SocialSample
                     var serverCertificate = LoadCertificate();
                     options.UseHttps(serverCertificate);
                 })
-                .UseConfiguration(config)
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
index 57600cee8d..128fa08a3e 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
@@ -35,6 +35,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         Task RedirectToIdentityProviderForSignOut(RedirectContext context);
 
+        /// <summary>
+        /// Invoked when a request is received on the RemoteSignOutPath.
+        /// </summary>
+        Task RemoteSignOut(RemoteSignOutContext context);
+
         /// <summary>
         /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index 9893b72072..42d35b7982 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -36,6 +36,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         public Func<RedirectContext, Task> OnRedirectToIdentityProviderForSignOut { get; set; } = context => Task.FromResult(0);
 
+        /// <summary>
+        /// Invoked when a request is received on the RemoteSignOutPath.
+        /// </summary>
+        public Func<RemoteSignOutContext, Task> OnRemoteSignOut { get; set; } = context => Task.FromResult(0);
+
         /// <summary>
         /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
@@ -61,6 +66,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         public virtual Task RedirectToIdentityProviderForSignOut(RedirectContext context) => OnRedirectToIdentityProviderForSignOut(context);
 
+        public virtual Task RemoteSignOut(RemoteSignOutContext context) => OnRemoteSignOut(context);
+
         public virtual Task TokenResponseReceived(TokenResponseReceivedContext context) => OnTokenResponseReceived(context);
 
         public virtual Task TokenValidated(TokenValidatedContext context) => OnTokenValidated(context);
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
new file mode 100644
index 0000000000..b5077e035d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
+{
+    public class RemoteSignOutContext : BaseOpenIdConnectContext
+    {
+        public RemoteSignOutContext(HttpContext context, OpenIdConnectOptions options)
+            : base(context, options)
+        {
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
index ff580ff266..ef1d5d83b9 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -47,6 +47,9 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, string, Exception> _invalidSecurityTokenType;
         private static Action<ILogger, string, Exception> _unableToValidateIdToken;
         private static Action<ILogger, string, Exception> _postAuthenticationLocalRedirect;
+        private static Action<ILogger, Exception> _remoteSignOutHandledResponse;
+        private static Action<ILogger, Exception> _remoteSignOutSkipped;
+        private static Action<ILogger, Exception> _remoteSignOut;
 
         static LoggingExtensions()
         {
@@ -211,6 +214,18 @@ namespace Microsoft.Extensions.Logging
                eventId: 43,
                logLevel: LogLevel.Error,
                formatString: "Unable to read the 'id_token', no suitable ISecurityTokenValidator was found for: '{IdToken}'.");
+            _remoteSignOutHandledResponse = LoggerMessage.Define(
+               eventId: 44,
+               logLevel: LogLevel.Debug,
+               formatString: "RemoteSignOutContext.HandledResponse");
+            _remoteSignOutSkipped = LoggerMessage.Define(
+               eventId: 45,
+               logLevel: LogLevel.Debug,
+               formatString: "RemoteSignOutContext.Skipped");
+            _remoteSignOut = LoggerMessage.Define(
+               eventId: 46,
+               logLevel: LogLevel.Information,
+               formatString: "Remote signout request processed.");
         }
 
         public static void UpdatingConfiguration(this ILogger logger)
@@ -412,5 +427,20 @@ namespace Microsoft.Extensions.Logging
         {
             _postAuthenticationLocalRedirect(logger, redirectUri, null);
         }
+
+        public static void RemoteSignOutHandledResponse(this ILogger logger)
+        {
+            _remoteSignOutHandledResponse(logger, null);
+        }
+
+        public static void RemoteSignOutSkipped(this ILogger logger)
+        {
+            _remoteSignOutSkipped(logger, null);
+        }
+
+        public static void RemoteSignOut(this ILogger logger)
+        {
+            _remoteSignOut(logger, null);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index f85ba9c146..e23173ed18 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -62,6 +62,33 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             HtmlEncoder = htmlEncoder;
         }
 
+        public override async Task<bool> HandleRequestAsync()
+        {
+            if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path)
+            {
+                var remoteSignOutContext = new RemoteSignOutContext(Context, Options);
+                await Options.Events.RemoteSignOut(remoteSignOutContext);
+
+                if (remoteSignOutContext.HandledResponse)
+                {
+                    Logger.RemoteSignOutHandledResponse();
+                    return true;
+                }
+                if (remoteSignOutContext.Skipped)
+                {
+                    Logger.RemoteSignOutSkipped();
+                    return false;
+                }
+
+                Logger.RemoteSignOut();
+
+                // We've received a remote sign-out request
+                await Context.Authentication.SignOutAsync(Options.SignOutScheme ?? Options.SignInScheme);
+                return true;
+            }
+            return await base.HandleRequestAsync();
+        }
+
         /// <summary>
         /// Handles Signout
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index cdbc9e0f0d..c9b614acde 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -50,6 +50,7 @@ namespace Microsoft.AspNetCore.Builder
             AutomaticChallenge = true;
             DisplayName = OpenIdConnectDefaults.Caption;
             CallbackPath = new PathString("/signin-oidc");
+            RemoteSignOutPath = new PathString("/signout-oidc");
             Events = new OpenIdConnectEvents();
             Scope.Add("openid");
             Scope.Add("profile");
@@ -155,6 +156,17 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public ICollection<string> Scope { get; } = new HashSet<string>();
 
+        /// <summary>
+        /// Requests received on this path will cause the middleware to invoke SignOut using the SignInScheme.
+        /// </summary>
+        public PathString RemoteSignOutPath { get; set; }
+
+        /// <summary>
+        /// The Authentication Scheme to use with SignOut on the SignOutPath. SignInScheme will be used if this
+        /// is not set.
+        /// </summary>
+        public string SignOutScheme { get; set; }
+
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>

From 871885259bd4172a21fb8059fb609a2964845ba4 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 24 May 2016 10:34:39 -0700
Subject: [PATCH 544/900] Update the OIDC AzureAd sample.

---
 .../AuthPropertiesTokenCache.cs               | 69 +++++++++++++++----
 .../OpenIdConnect.AzureAdSample/Program.cs    |  3 -
 .../Properties/launchSettings.json            |  2 +-
 .../OpenIdConnect.AzureAdSample/Startup.cs    | 20 ++----
 .../OpenIdConnect.AzureAdSample/project.json  | 17 ++++-
 5 files changed, 75 insertions(+), 36 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs b/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
index f174174cf8..54989c13a4 100644
--- a/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
+++ b/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
@@ -1,5 +1,9 @@
 using System;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 
 namespace OpenIdConnect.AzureAdSample
@@ -8,46 +12,85 @@ namespace OpenIdConnect.AzureAdSample
     {
         private const string TokenCacheKey = ".TokenCache";
 
+        private HttpContext _httpContext;
+        private ClaimsPrincipal _principal;
         private AuthenticationProperties _authProperties;
+        private string _signInScheme;
 
-        public bool HasCacheChanged { get; internal set; }
-
-        public AuthPropertiesTokenCache(AuthenticationProperties authProperties) : base()
+        private AuthPropertiesTokenCache(AuthenticationProperties authProperties) : base()
         {
             _authProperties = authProperties;
-            BeforeAccess = BeforeAccessNotification;
-            AfterAccess = AfterAccessNotification;
+            BeforeAccess = BeforeAccessNotificationWithProperties;
+            AfterAccess = AfterAccessNotificationWithProperties;
             BeforeWrite = BeforeWriteNotification;
+        }
 
+        private AuthPropertiesTokenCache(HttpContext httpContext, string signInScheme) : base()
+        {
+            _httpContext = httpContext;
+            _signInScheme = signInScheme;
+            BeforeAccess = BeforeAccessNotificationWithContext;
+            AfterAccess = AfterAccessNotificationWithContext;
+            BeforeWrite = BeforeWriteNotification;
+        }
+
+        public static TokenCache ForCodeRedemption(AuthenticationProperties authProperties)
+        {
+            return new AuthPropertiesTokenCache(authProperties);
+        }
+
+        public static TokenCache ForApiCalls(HttpContext httpContext,
+            string signInScheme = CookieAuthenticationDefaults.AuthenticationScheme)
+        {
+            return new AuthPropertiesTokenCache(httpContext, signInScheme);
+        }
+
+        private void BeforeAccessNotificationWithProperties(TokenCacheNotificationArgs args)
+        {
             string cachedTokensText;
-            if (authProperties.Items.TryGetValue(TokenCacheKey, out cachedTokensText))
+            if (_authProperties.Items.TryGetValue(TokenCacheKey, out cachedTokensText))
             {
                 var cachedTokens = Convert.FromBase64String(cachedTokensText);
                 Deserialize(cachedTokens);
             }
         }
 
-        // Notification raised before ADAL accesses the cache.
-        // This is your chance to update the in-memory copy from the DB, if the in-memory version is stale
-        private void BeforeAccessNotification(TokenCacheNotificationArgs args)
+        private void BeforeAccessNotificationWithContext(TokenCacheNotificationArgs args)
         {
+            // Retrieve the auth session with the cached tokens
+             var authenticateContext = new AuthenticateContext(_signInScheme);
+            _httpContext.Authentication.AuthenticateAsync(authenticateContext).Wait();
+            _authProperties = new AuthenticationProperties(authenticateContext.Properties);
+            _principal = authenticateContext.Principal;
 
+            BeforeAccessNotificationWithProperties(args);
         }
 
-        // Notification raised after ADAL accessed the cache.
-        // If the HasStateChanged flag is set, ADAL changed the content of the cache
-        private void AfterAccessNotification(TokenCacheNotificationArgs args)
+        private void AfterAccessNotificationWithProperties(TokenCacheNotificationArgs args)
         {
             // if state changed
             if (HasStateChanged)
             {
-                HasCacheChanged = true;
                 var cachedTokens = Serialize();
                 var cachedTokensText = Convert.ToBase64String(cachedTokens);
                 _authProperties.Items[TokenCacheKey] = cachedTokensText;
             }
         }
 
+        private void AfterAccessNotificationWithContext(TokenCacheNotificationArgs args)
+        {
+            // if state changed
+            if (HasStateChanged)
+            {
+                AfterAccessNotificationWithProperties(args);
+
+                var cachedTokens = Serialize();
+                var cachedTokensText = Convert.ToBase64String(cachedTokens);
+                _authProperties.Items[TokenCacheKey] = cachedTokensText;
+                _httpContext.Authentication.SignInAsync(_signInScheme, _principal, _authProperties).Wait();
+            }
+        }
+
         private void BeforeWriteNotification(TokenCacheNotificationArgs args)
         {
             // if you want to ensure that no concurrent write take place, use this notification to place a lock on the entry
diff --git a/samples/OpenIdConnect.AzureAdSample/Program.cs b/samples/OpenIdConnect.AzureAdSample/Program.cs
index 5dcda4c86a..254668022d 100644
--- a/samples/OpenIdConnect.AzureAdSample/Program.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Program.cs
@@ -8,11 +8,8 @@ namespace OpenIdConnect.AzureAdSample
     {
         public static void Main(string[] args)
         {
-            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
-
             var host = new WebHostBuilder()
                 .UseKestrel()
-                .UseConfiguration(config)
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
index 2ae08a6cc9..62dc4ef778 100644
--- a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
@@ -21,7 +21,7 @@
       "launchUrl": "http://localhost:42023",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_SERVER.URLS": "http://localhost:42023"
+        "ASPNETCORE_URLS": "http://localhost:42023"
       }
     }
   }
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index f4d0c37aaa..37a49b7ab2 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -89,12 +89,12 @@ namespace OpenIdConnect.AzureAdSample
                         var request = context.HttpContext.Request;
                         var currentUri = UriHelper.Encode(request.Scheme, request.Host, request.PathBase, request.Path);
                         var credential = new ClientCredential(clientId, clientSecret);                                 
-                        var authContext = new AuthenticationContext(authority, new AuthPropertiesTokenCache(context.Properties));
+                        var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
 
                         var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
                             context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);
 
-                        context.HandleCodeRedemption(result.AccessToken, result.IdToken);
+                        context.HandleCodeRedemption();
                     }
                 }
             });
@@ -128,23 +128,11 @@ namespace OpenIdConnect.AzureAdSample
                 await context.Response.WriteAsync("Tokens:<br>" + Environment.NewLine);
                 try
                 {
-                    // Retrieve the auth session with the cached tokens
-                    var authenticateContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
-                    await context.Authentication.AuthenticateAsync(authenticateContext);
-                    var authProperties = new AuthenticationProperties(authenticateContext.Properties);
-                    var tokenCache = new AuthPropertiesTokenCache(authProperties);
-
                     // Use ADAL to get the right token
-                    var authContext = new AuthenticationContext(authority, tokenCache);
+                    var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForApiCalls(context, CookieAuthenticationDefaults.AuthenticationScheme));
                     var credential = new ClientCredential(clientId, clientSecret);
                     string userObjectID = context.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
-                    var result = authContext.AcquireTokenSilent(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
-
-                    // Update the cookie with the modified tokens
-                    if (tokenCache.HasCacheChanged)
-                    {
-                        await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, authenticateContext.Principal, authProperties);
-                    }
+                    var result = await authContext.AcquireTokenSilentAsync(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
 
                     await context.Response.WriteAsync($"access_token: {result.AccessToken}<br>{Environment.NewLine}");
                 }
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 40308478b9..04cc2d01e4 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -5,13 +5,24 @@
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.IdentityModel.Clients.ActiveDirectory": "2.22.302111727",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
+    "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.9.302261508-alpha"
   },
   "frameworks": {
-    "net451": {}
+    "net451": { },
+    "netcoreapp1.0": {
+      "imports": [
+        "dnxcore50"
+      ],
+      "dependencies": {
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        }
+      }
+    }
   },
   "buildOptions": {
     "emitEntryPoint": true

From 00990448bfd77a6ef119dc0096571b9be566fa8d Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 27 May 2016 15:04:05 -0700
Subject: [PATCH 545/900] Sample config cleanup.

---
 samples/CookieSample/Program.cs                            | 3 ---
 samples/CookieSample/Properties/launchSettings.json        | 2 +-
 samples/CookieSessionSample/Program.cs                     | 3 ---
 samples/CookieSessionSample/Properties/launchSettings.json | 2 +-
 samples/JwtBearerSample/Program.cs                         | 3 ---
 samples/JwtBearerSample/Properties/launchSettings.json     | 2 +-
 samples/SocialSample/Properties/launchSettings.json        | 2 +-
 7 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/samples/CookieSample/Program.cs b/samples/CookieSample/Program.cs
index cd8aab3aee..df74352e7c 100644
--- a/samples/CookieSample/Program.cs
+++ b/samples/CookieSample/Program.cs
@@ -8,11 +8,8 @@ namespace CookieSample
     {
         public static void Main(string[] args)
         {
-            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
-
             var host = new WebHostBuilder()
                 .UseKestrel()
-                .UseConfiguration(config)
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/CookieSample/Properties/launchSettings.json b/samples/CookieSample/Properties/launchSettings.json
index 75da70bee0..afe862f4f4 100644
--- a/samples/CookieSample/Properties/launchSettings.json
+++ b/samples/CookieSample/Properties/launchSettings.json
@@ -21,7 +21,7 @@
       "launchUrl": "http://localhost:12345",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_SERVER.URLS": "http://localhost:12345"
+        "ASPNETCORE_URLS": "http://localhost:12345"
       }
     }
   }
diff --git a/samples/CookieSessionSample/Program.cs b/samples/CookieSessionSample/Program.cs
index 6b9014f5e9..adf8f1f1a4 100644
--- a/samples/CookieSessionSample/Program.cs
+++ b/samples/CookieSessionSample/Program.cs
@@ -8,11 +8,8 @@ namespace CookieSessionSample
     {
         public static void Main(string[] args)
         {
-            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
-
             var host = new WebHostBuilder()
                 .UseKestrel()
-                .UseConfiguration(config)
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/samples/CookieSessionSample/Properties/launchSettings.json
index 15b478a0ed..edb6e4dd19 100644
--- a/samples/CookieSessionSample/Properties/launchSettings.json
+++ b/samples/CookieSessionSample/Properties/launchSettings.json
@@ -21,7 +21,7 @@
       "launchUrl": "http://localhost:12345",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_SERVER.URLS": "http://localhost:12345"
+        "ASPNETCORE_URLS": "http://localhost:12345"
       }
     }
   }
diff --git a/samples/JwtBearerSample/Program.cs b/samples/JwtBearerSample/Program.cs
index 82da93d591..44d2fe0c4f 100644
--- a/samples/JwtBearerSample/Program.cs
+++ b/samples/JwtBearerSample/Program.cs
@@ -8,11 +8,8 @@ namespace JwtBearerSample
     {
         public static void Main(string[] args)
         {
-            var config = new ConfigurationBuilder().AddEnvironmentVariables("ASPNETCORE_").Build();
-
             var host = new WebHostBuilder()
                 .UseKestrel()
-                .UseConfiguration(config)
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/JwtBearerSample/Properties/launchSettings.json b/samples/JwtBearerSample/Properties/launchSettings.json
index f5dfcd0181..e89788c48f 100644
--- a/samples/JwtBearerSample/Properties/launchSettings.json
+++ b/samples/JwtBearerSample/Properties/launchSettings.json
@@ -21,7 +21,7 @@
       "launchUrl": "http://localhost:42023",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_SERVER.URLS": "http://localhost:42023"
+        "ASPNETCORE_URLS": "http://localhost:42023"
       }
     }
   }
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index 9224a4881c..251bfbffd4 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -22,7 +22,7 @@
       "launchUrl": "https://localhost:44318/",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_SERVER.URLS": "https://localhost:44318/"
+        "ASPNETCORE_URLS": "https://localhost:44318/"
       }
     }
   }

From 080447e9aafa38a587d5672a76d563937b4e0a1e Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 27 May 2016 15:29:40 -0700
Subject: [PATCH 546/900] #780 Remove obsolete DateTime conversions

---
 .../CookieAuthenticationHandler.cs                            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 3a8365a5b3..eecd03065a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -192,7 +192,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 var cookieOptions = BuildCookieOptions();
                 if (ticket.Properties.IsPersistent && _refreshExpiresUtc.HasValue)
                 {
-                    cookieOptions.Expires = _refreshExpiresUtc.Value.ToUniversalTime().DateTime;
+                    cookieOptions.Expires = _refreshExpiresUtc.Value.ToUniversalTime();
                 }
 
                 Options.CookieManager.AppendResponseCookie(
@@ -240,7 +240,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             if (signInContext.Properties.IsPersistent)
             {
                 var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
-                signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
+                signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
             }
 
             var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);

From c257c9528f16db78a33eed810b9a66f796146b3c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 31 May 2016 13:45:30 -0700
Subject: [PATCH 547/900] AuthZ: Combine needs to use policy provider

Fixes https://github.com/aspnet/Security/issues/841
---
 .../AuthorizationPolicy.cs                    | 18 +++++-----
 .../DefaultAuthorizationPolicyProvider.cs     |  7 +++-
 .../IAuthorizationPolicyProvider.cs           |  6 ++++
 .../AuthorizationPolicyFacts.cs               | 36 ++++++++++++-------
 .../DefaultAuthorizationServiceTests.cs       | 18 ++++++++--
 5 files changed, 61 insertions(+), 24 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
index 97aa5b381b..171fe014d6 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization
 {
@@ -57,27 +58,27 @@ namespace Microsoft.AspNetCore.Authorization
             return builder.Build();
         }
 
-        public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<IAuthorizeData> attributes)
+        public static async Task<AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizeData> authorizeData)
         {
-            if (options == null)
+            if (policyProvider == null)
             {
-                throw new ArgumentNullException(nameof(options));
+                throw new ArgumentNullException(nameof(policyProvider));
             }
 
-            if (attributes == null)
+            if (authorizeData == null)
             {
-                throw new ArgumentNullException(nameof(attributes));
+                throw new ArgumentNullException(nameof(authorizeData));
             }
 
             var policyBuilder = new AuthorizationPolicyBuilder();
             var any = false;
-            foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>())
+            foreach (var authorizeAttribute in authorizeData.OfType<AuthorizeAttribute>())
             {
                 any = true;
                 var useDefaultPolicy = true;
                 if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy))
                 {
-                    var policy = options.GetPolicy(authorizeAttribute.Policy);
+                    var policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy);
                     if (policy == null)
                     {
                         throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy));
@@ -89,7 +90,6 @@ namespace Microsoft.AspNetCore.Authorization
                 if (rolesSplit != null && rolesSplit.Any())
                 {
                     var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
-
                     policyBuilder.RequireRole(trimmedRolesSplit);
                     useDefaultPolicy = false;
                 }
@@ -106,7 +106,7 @@ namespace Microsoft.AspNetCore.Authorization
                 }
                 if (useDefaultPolicy)
                 {
-                    policyBuilder.Combine(options.DefaultPolicy);
+                    policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync());
                 }
             }
             return any ? policyBuilder.Build() : null;
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
index 97b806e87d..e053e41f95 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
@@ -22,7 +22,12 @@ namespace Microsoft.AspNetCore.Authorization
             }
 
             _options = options.Value;
-        } 
+        }
+
+        public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
+        {
+            return Task.FromResult(_options.DefaultPolicy);
+        }
 
         /// <summary>
         /// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
index 1a0dbace60..ac141b327d 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
@@ -16,5 +16,11 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policyName"></param>
         /// <returns></returns>
         Task<AuthorizationPolicy> GetPolicyAsync(string policyName);
+
+        /// <summary>
+        /// Returns the default <see cref="AuthorizationPolicy"/>.
+        /// </summary>
+        /// <returns></returns>
+        Task<AuthorizationPolicy> GetDefaultPolicyAsync();
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
index f74e461523..6825dd868b 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -3,8 +3,10 @@
 
 using System;
 using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Authorization.Infrastructure;
+using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authroization.Test
@@ -18,7 +20,7 @@ namespace Microsoft.AspNetCore.Authroization.Test
         }
 
         [Fact]
-        public void CanCombineAuthorizeAttributes()
+        public async Task CanCombineAuthorizeAttributes()
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
@@ -31,8 +33,10 @@ namespace Microsoft.AspNetCore.Authroization.Test
             options.AddPolicy("1", policy => policy.RequireClaim("1"));
             options.AddPolicy("2", policy => policy.RequireClaim("2"));
 
+            var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
+
             // Act
-            var combined = AuthorizationPolicy.Combine(options, attributes);
+            var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
@@ -45,7 +49,7 @@ namespace Microsoft.AspNetCore.Authroization.Test
         }
 
         [Fact]
-        public void CanReplaceDefaultPolicy()
+        public async Task CanReplaceDefaultPolicy()
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
@@ -56,8 +60,10 @@ namespace Microsoft.AspNetCore.Authroization.Test
             options.DefaultPolicy = new AuthorizationPolicyBuilder("default").RequireClaim("default").Build();
             options.AddPolicy("2", policy => policy.RequireClaim("2"));
 
+            var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
+
             // Act
-            var combined = AuthorizationPolicy.Combine(options, attributes);
+            var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
@@ -69,16 +75,17 @@ namespace Microsoft.AspNetCore.Authroization.Test
         }
 
         [Fact]
-        public void CombineMustTrimRoles()
+        public async Task CombineMustTrimRoles()
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
                 new AuthorizeAttribute() { Roles = "r1 , r2" }
             };
             var options = new AuthorizationOptions();
+            var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
 
             // Act
-            var combined = AuthorizationPolicy.Combine(options, attributes);
+            var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
             Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement));
@@ -89,7 +96,7 @@ namespace Microsoft.AspNetCore.Authroization.Test
         }
 
         [Fact]
-        public void CombineMustTrimAuthenticationScheme()
+        public async Task CombineMustTrimAuthenticationScheme()
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
@@ -97,8 +104,10 @@ namespace Microsoft.AspNetCore.Authroization.Test
             };
             var options = new AuthorizationOptions();
 
+            var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
+
             // Act
-            var combined = AuthorizationPolicy.Combine(options, attributes);
+            var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
@@ -107,7 +116,7 @@ namespace Microsoft.AspNetCore.Authroization.Test
         }
         
         [Fact]
-        public void CombineMustIgnoreEmptyAuthenticationScheme()
+        public async Task CombineMustIgnoreEmptyAuthenticationScheme()
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
@@ -115,8 +124,10 @@ namespace Microsoft.AspNetCore.Authroization.Test
             };
             var options = new AuthorizationOptions();
 
+            var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
+
             // Act
-            var combined = AuthorizationPolicy.Combine(options, attributes);
+            var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
@@ -125,16 +136,17 @@ namespace Microsoft.AspNetCore.Authroization.Test
         }
         
         [Fact]
-        public void CombineMustIgnoreEmptyRoles()
+        public async Task CombineMustIgnoreEmptyRoles()
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
                 new AuthorizeAttribute() { Roles = "r1 , ,, , r2" }
             };
             var options = new AuthorizationOptions();
+            var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
 
             // Act
-            var combined = AuthorizationPolicy.Combine(options, attributes);
+            var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
             Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement));
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 42948c936f..b6383ffb48 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -8,6 +8,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization.Infrastructure;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authorization.Test
@@ -28,9 +29,12 @@ namespace Microsoft.AspNetCore.Authorization.Test
         }
 
         [Fact]
-        public void AuthorizeCombineThrowsOnUnknownPolicy()
+        public async Task AuthorizeCombineThrowsOnUnknownPolicy()
         {
-            Assert.Throws<InvalidOperationException>(() => AuthorizationPolicy.Combine(new AuthorizationOptions(), new AuthorizeAttribute[] {
+            var provider = new DefaultAuthorizationPolicyProvider(Options.Create(new AuthorizationOptions()));
+
+            // Act
+            await Assert.ThrowsAsync<InvalidOperationException>(() => AuthorizationPolicy.CombineAsync(provider, new AuthorizeAttribute[] {
                 new AuthorizeAttribute { Policy = "Wut" }
             }));
         }
@@ -944,6 +948,11 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
         public class StaticPolicyProvider : IAuthorizationPolicyProvider
         {
+            public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
+            {
+                return Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
+            }
+
             public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
             {
                 return Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
@@ -973,6 +982,11 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
         public class DynamicPolicyProvider : IAuthorizationPolicyProvider
         {
+            public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
+            {
+                return Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
+            }
+
             public Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
             {
                 return Task.FromResult(new AuthorizationPolicyBuilder().RequireClaim(policyName).Build());

From c9f8455dbc94162abce5687e8c7f95c6b59e6d3c Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 31 May 2016 15:56:43 -0700
Subject: [PATCH 548/900] Update sample ADAL dependency

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs   | 2 +-
 samples/OpenIdConnect.AzureAdSample/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 37a49b7ab2..2fc8ac19b2 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -45,7 +45,7 @@ namespace OpenIdConnect.AzureAdSample
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
-            loggerfactory.AddConsole(LogLevel.Information);
+            loggerfactory.AddConsole(Microsoft.Extensions.Logging.LogLevel.Information);
 
             // Simple error page
             app.Use(async (context, next) =>
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 04cc2d01e4..7727c0ba31 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -8,7 +8,7 @@
     "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.9.302261508-alpha"
+    "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.11.305310302-alpha"
   },
   "frameworks": {
     "net451": { },

From e299695974a5632d58d032c2f534dfe4daf44551 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 1 Jun 2016 07:10:16 -0700
Subject: [PATCH 549/900] #776 Show some JwtBearer errors in response headers

---
 .../Events/JwtBearerChallengeContext.cs       |  6 ++
 .../JwtBearerHandler.cs                       | 96 +++++++++++++++++-
 .../OpenIdConnectHandler.cs                   |  2 +-
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 98 ++++++++++++++-----
 4 files changed, 171 insertions(+), 31 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index b3a4d21ba6..b4dcf1147b 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
@@ -16,5 +17,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         public AuthenticationProperties Properties { get; }
+
+        /// <summary>
+        /// Any failures encountered during the authentication process.
+        /// </summary>
+        public Exception AuthenticateFailure { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 40a0b2efd7..077f1debdb 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -5,6 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
+using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
@@ -103,7 +104,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                             Logger.TokenValidationFailed(token, ex);
 
                             // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
-                            if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                            if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null
+                                && ex is SecurityTokenSignatureKeyNotFoundException)
                             {
                                 Options.ConfigurationManager.RequestRefresh();
                             }
@@ -183,7 +185,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
-            var eventContext = new JwtBearerChallengeContext(Context, Options, new AuthenticationProperties(context.Properties));
+            var authResult = await HandleAuthenticateOnceAsync();
+
+            var eventContext = new JwtBearerChallengeContext(Context, Options, new AuthenticationProperties(context.Properties))
+            {
+                AuthenticateFailure = authResult?.Failure,
+            };
             await Options.Events.Challenge(eventContext);
             if (eventContext.HandledResponse)
             {
@@ -195,11 +202,94 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
 
             Response.StatusCode = 401;
-            Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge);
+
+            var errorDescription = CreateErrorDescription(eventContext.AuthenticateFailure);
+
+            if (errorDescription.Length == 0)
+            {
+                Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge);
+            }
+            else
+            {
+                // https://tools.ietf.org/html/rfc6750#section-3.1
+                // WWW-Authenticate: Bearer realm="example", error="invalid_token", error_description="The access token expired"
+                var builder = new StringBuilder(Options.Challenge);
+                if (Options.Challenge.IndexOf(" ", StringComparison.Ordinal) > 0)
+                {
+                    // Only add a comma after the first param, if any
+                    builder.Append(',');
+                }
+                builder.Append(" error=\"invalid_token\", error_description=\"");
+                builder.Append(errorDescription);
+                builder.Append('\"');
+
+                Response.Headers.Append(HeaderNames.WWWAuthenticate, builder.ToString());
+            }
 
             return false;
         }
 
+        private static string CreateErrorDescription(Exception authFailure)
+        {
+            if (authFailure == null)
+            {
+                return string.Empty;
+            }
+
+            IEnumerable<Exception> exceptions;
+            if (authFailure is AggregateException)
+            {
+                var agEx = authFailure as AggregateException;
+                exceptions = agEx.InnerExceptions;
+            }
+            else
+            {
+                exceptions = new[] { authFailure };
+            }
+
+            var messages = new List<string>();
+
+            foreach (var ex in exceptions)
+            {
+                // Order sensitive, some of these exceptions derive from others
+                // and we want to display the most specific message possible.
+                if (ex is SecurityTokenInvalidAudienceException)
+                {
+                    messages.Add("The audience is invalid");
+                }
+                else if (ex is SecurityTokenInvalidIssuerException)
+                {
+                    messages.Add("The issuer is invalid");
+                }
+                else if (ex is SecurityTokenNoExpirationException)
+                {
+                    messages.Add("The token has no expiration");
+                }
+                else if (ex is SecurityTokenInvalidLifetimeException)
+                {
+                    messages.Add("The token lifetime is invalid");
+                }
+                else if (ex is SecurityTokenNotYetValidException)
+                {
+                    messages.Add("The token is not valid yet");
+                }
+                else if (ex is SecurityTokenExpiredException)
+                {
+                    messages.Add("The token is expired");
+                }
+                else if (ex is SecurityTokenSignatureKeyNotFoundException)
+                {
+                    messages.Add("The signature key was not found");
+                }
+                else if (ex is SecurityTokenInvalidSignatureException)
+                {
+                    messages.Add("The signature is invalid");
+                }
+            }
+
+            return string.Join("; ", messages);
+        }
+
         protected override Task HandleSignOutAsync(SignOutContext context)
         {
             throw new NotSupportedException();
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index e23173ed18..c674e21077 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -575,7 +575,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 Logger.ExceptionProcessingMessage(exception);
 
                 // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
-                if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                if (Options.RefreshOnIssuerKeyNotFound && exception is SecurityTokenSignatureKeyNotFoundException)
                 {
                     if (Options.ConfigurationManager != null)
                     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 81c03dc83a..5a10ef616f 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -2,9 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Reflection;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using System.Xml.Linq;
@@ -30,7 +31,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var options = new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
                 Authority = "https://login.windows.net/tushartest.onmicrosoft.com",
                 Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt"
             };
@@ -45,10 +45,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task SignInThrows()
         {
-            var server = CreateServer(new JwtBearerOptions
-            {
-                AutomaticAuthenticate = true
-            });
+            var server = CreateServer(new JwtBearerOptions());
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
@@ -56,10 +53,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task SignOutThrows()
         {
-            var server = CreateServer(new JwtBearerOptions
-            {
-                AutomaticAuthenticate = true
-            });
+            var server = CreateServer(new JwtBearerOptions());
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
@@ -70,7 +64,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var server = CreateServer(new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
@@ -117,10 +110,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task UnrecognizedTokenReceived()
         {
-            var server = CreateServer(new JwtBearerOptions
-            {
-                AutomaticAuthenticate = true
-            });
+            var server = CreateServer(new JwtBearerOptions());
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -130,16 +120,67 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task InvalidTokenReceived()
         {
-            var options = new JwtBearerOptions
-            {
-                AutomaticAuthenticate = true
-            };
+            var options = new JwtBearerOptions();
             options.SecurityTokenValidators.Clear();
             options.SecurityTokenValidators.Add(new InvalidTokenValidator());
             var server = CreateServer(options);
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal("Bearer", response.Response.Headers.WwwAuthenticate.First().ToString());
+            Assert.Equal("", response.ResponseText);
+        }
+
+        [Theory]
+        [InlineData(typeof(SecurityTokenInvalidAudienceException), "The audience is invalid")]
+        [InlineData(typeof(SecurityTokenInvalidIssuerException), "The issuer is invalid")]
+        [InlineData(typeof(SecurityTokenNoExpirationException), "The token has no expiration")]
+        [InlineData(typeof(SecurityTokenInvalidLifetimeException), "The token lifetime is invalid")]
+        [InlineData(typeof(SecurityTokenNotYetValidException), "The token is not valid yet")]
+        [InlineData(typeof(SecurityTokenExpiredException), "The token is expired")]
+        [InlineData(typeof(SecurityTokenInvalidSignatureException), "The signature is invalid")]
+        [InlineData(typeof(SecurityTokenSignatureKeyNotFoundException), "The signature key was not found")]
+        public async Task ExceptionReportedInHeaderForAuthenticationFailures(Type errorType, string message)
+        {
+            var options = new JwtBearerOptions();
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
+            var server = CreateServer(options);
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal($"Bearer error=\"invalid_token\", error_description=\"{message}\"", response.Response.Headers.WwwAuthenticate.First().ToString());
+            Assert.Equal("", response.ResponseText);
+        }
+
+        [Theory]
+        [InlineData(typeof(ArgumentException))]
+        public async Task ExceptionNotReportedInHeaderForOtherFailures(Type errorType)
+        {
+            var options = new JwtBearerOptions();
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
+            var server = CreateServer(options);
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal("Bearer", response.Response.Headers.WwwAuthenticate.First().ToString());
+            Assert.Equal("", response.ResponseText);
+        }
+
+        [Fact]
+        public async Task ExceptionsReportedInHeaderForMultipleAuthenticationFailures()
+        {
+            var options = new JwtBearerOptions();
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenInvalidAudienceException)));
+            options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenSignatureKeyNotFoundException)));
+            var server = CreateServer(options);
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal($"Bearer error=\"invalid_token\", error_description=\"The audience is invalid; The signature key was not found\"",
+                response.Response.Headers.WwwAuthenticate.First().ToString());
             Assert.Equal("", response.ResponseText);
         }
 
@@ -148,7 +189,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var options = new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
@@ -185,7 +225,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var options = new JwtBearerOptions()
             {
-                AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
@@ -233,7 +272,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var server = CreateServer(new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
@@ -266,7 +304,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var options = new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
@@ -298,7 +335,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var options = new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
                 Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
@@ -330,8 +366,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var server = CreateServer(new JwtBearerOptions
             {
-                AutomaticAuthenticate = true,
-                AutomaticChallenge = true,
                 Events = new JwtBearerEvents()
                 {
                     OnChallenge = context =>
@@ -352,8 +386,16 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             public InvalidTokenValidator()
             {
+                ExceptionType = typeof(SecurityTokenException);
             }
 
+            public InvalidTokenValidator(Type exceptionType)
+            {
+                ExceptionType = exceptionType;
+            }
+
+            public Type ExceptionType { get; set; }
+
             public bool CanValidateToken => true;
 
             public int MaximumTokenSizeInBytes
@@ -366,7 +408,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
             public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
             {
-                throw new SecurityTokenException("InvalidToken");
+                var constructor = ExceptionType.GetTypeInfo().GetConstructor(new[] { typeof(string) });
+                var exception = (Exception)constructor.Invoke(new[] { ExceptionType.Name });
+                throw exception;
             }
         }
 

From 56dca7e0bc2e65b21b68cf67720a1a1d48ee9dc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Tue, 31 May 2016 02:05:48 +0200
Subject: [PATCH 550/900] Add a 'sid' check to the OIDC middleware to prevent
 unsolicited logout when possible

---
 samples/OpenIdConnectSample/Startup.cs        |  4 +-
 samples/OpenIdConnectSample/project.json      |  1 +
 .../Events/RemoteSignoutContext.cs            |  7 +-
 .../LoggingExtensions.cs                      | 22 +++++
 .../OpenIdConnectHandler.cs                   | 89 ++++++++++++++-----
 .../OpenIdConnectMiddleware.cs                |  4 +
 6 files changed, 104 insertions(+), 23 deletions(-)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 6beaa0a20b..e9836506a3 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -6,7 +6,6 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -42,6 +41,7 @@ namespace OpenIdConnectSample
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
             loggerfactory.AddConsole(LogLevel.Information);
+            loggerfactory.AddDebug(LogLevel.Information);
 
             // Simple error page
             app.Use(async (context, next) =>
@@ -98,11 +98,11 @@ namespace OpenIdConnectSample
                 if (context.Request.Path.Equals("/signout-remote"))
                 {
                     // Redirects
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties()
                     {
                         RedirectUri = "/signedout"
                     });
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     return;
                 }
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 32e19ca40e..c507160fec 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -9,6 +9,7 @@
     "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
     "Microsoft.Extensions.FileProviders.Embedded": "1.0.0-*",
     "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.Extensions.Logging.Debug": "1.0.0-*",
     "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
index b5077e035d..a76dc9e592 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
@@ -3,14 +3,19 @@
 
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class RemoteSignOutContext : BaseOpenIdConnectContext
     {
-        public RemoteSignOutContext(HttpContext context, OpenIdConnectOptions options)
+        public RemoteSignOutContext(
+            HttpContext context,
+            OpenIdConnectOptions options,
+            OpenIdConnectMessage message)
             : base(context, options)
         {
+            ProtocolMessage = message;
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
index ef1d5d83b9..d0f3e12d90 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -50,6 +50,8 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, Exception> _remoteSignOutHandledResponse;
         private static Action<ILogger, Exception> _remoteSignOutSkipped;
         private static Action<ILogger, Exception> _remoteSignOut;
+        private static Action<ILogger, Exception> _remoteSignOutSessionIdMissing;
+        private static Action<ILogger, Exception> _remoteSignOutSessionIdInvalid;
 
         static LoggingExtensions()
         {
@@ -226,6 +228,16 @@ namespace Microsoft.Extensions.Logging
                eventId: 46,
                logLevel: LogLevel.Information,
                formatString: "Remote signout request processed.");
+            _remoteSignOutSessionIdMissing = LoggerMessage.Define(
+               eventId: 47,
+               logLevel: LogLevel.Error,
+               formatString: "The remote signout request was ignored because the 'sid' parameter " +
+                             "was missing, which may indicate an unsolicited logout.");
+            _remoteSignOutSessionIdInvalid = LoggerMessage.Define(
+               eventId: 48,
+               logLevel: LogLevel.Error,
+               formatString: "The remote signout request was ignored because the 'sid' parameter didn't match " +
+                             "the expected value, which may indicate an unsolicited logout.");
         }
 
         public static void UpdatingConfiguration(this ILogger logger)
@@ -442,5 +454,15 @@ namespace Microsoft.Extensions.Logging
         {
             _remoteSignOut(logger, null);
         }
+
+        public static void RemoteSignOutSessionIdMissing(this ILogger logger)
+        {
+            _remoteSignOutSessionIdMissing(logger, null);
+        }
+
+        public static void RemoteSignOutSessionIdInvalid(this ILogger logger)
+        {
+            _remoteSignOutSessionIdInvalid(logger, null);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index c674e21077..a10122b7af 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -66,29 +66,76 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         {
             if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path)
             {
-                var remoteSignOutContext = new RemoteSignOutContext(Context, Options);
-                await Options.Events.RemoteSignOut(remoteSignOutContext);
-
-                if (remoteSignOutContext.HandledResponse)
-                {
-                    Logger.RemoteSignOutHandledResponse();
-                    return true;
-                }
-                if (remoteSignOutContext.Skipped)
-                {
-                    Logger.RemoteSignOutSkipped();
-                    return false;
-                }
-
-                Logger.RemoteSignOut();
-
-                // We've received a remote sign-out request
-                await Context.Authentication.SignOutAsync(Options.SignOutScheme ?? Options.SignInScheme);
-                return true;
+                return await HandleRemoteSignOutAsync();
             }
             return await base.HandleRequestAsync();
         }
 
+        protected virtual async Task<bool> HandleRemoteSignOutAsync()
+        {
+            OpenIdConnectMessage message = null;
+
+            if (string.Equals(Request.Method, "GET", StringComparison.OrdinalIgnoreCase))
+            {
+                message = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
+            }
+            // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
+            else if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
+              && !string.IsNullOrEmpty(Request.ContentType)
+              // May have media/type; charset=utf-8, allow partial match.
+              && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
+              && Request.Body.CanRead) {
+                var form = await Request.ReadFormAsync();
+                message = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
+            }
+
+            var remoteSignOutContext = new RemoteSignOutContext(Context, Options, message);
+            await Options.Events.RemoteSignOut(remoteSignOutContext);
+
+            if (remoteSignOutContext.HandledResponse)
+            {
+                Logger.RemoteSignOutHandledResponse();
+                return true;
+            }
+            if (remoteSignOutContext.Skipped)
+            {
+                Logger.RemoteSignOutSkipped();
+                return false;
+            }
+
+            if (message == null)
+            {
+                return false;
+            }
+
+            // Try to extract the session identifier from the authentication ticket persisted by the sign-in handler.
+            // If the identifier cannot be found, bypass the session identifier checks: this may indicate that the
+            // authentication cookie was already cleared, that the session identifier was lost because of a lossy
+            // external/application cookie conversion or that the identity provider doesn't support sessions.
+            var sid = (await Context.Authentication.AuthenticateAsync(Options.SignOutScheme))?.FindFirst("sid")?.Value;
+            if (!string.IsNullOrEmpty(sid))
+            {
+                // Ensure a 'sid' parameter was sent by the identity provider.
+                if (string.IsNullOrEmpty(message.GetParameter("sid")))
+                {
+                    Logger.RemoteSignOutSessionIdMissing();
+                    return true;
+                }
+                // Ensure the 'sid' parameter corresponds to the 'sid' stored in the authentication ticket.
+                if (!string.Equals(sid, message.GetParameter("sid"), StringComparison.Ordinal))
+                {
+                    Logger.RemoteSignOutSessionIdInvalid();
+                    return true;
+                }
+            }
+
+            Logger.RemoteSignOut();
+
+            // We've received a remote sign-out request
+            await Context.Authentication.SignOutAsync(Options.SignOutScheme);
+            return true;
+        }
+
         /// <summary>
         /// Handles Signout
         /// </summary>
@@ -132,7 +179,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     message.PostLogoutRedirectUri = logoutRedirectUri;
                 }
 
-                message.IdTokenHint = await Context.Authentication.GetTokenAsync(OpenIdConnectParameterNames.IdToken);
+                // Attach the identity token to the logout request when possible.
+                message.IdTokenHint = await Context.Authentication.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken);
+
                 var redirectContext = new RedirectContext(Context, Options, properties)
                 {
                     ProtocolMessage = message
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
index b08f8e944c..8d880d0d90 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
@@ -100,6 +100,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             {
                 throw new ArgumentException("Options.SignInScheme is required.");
             }
+            if (string.IsNullOrEmpty(Options.SignOutScheme))
+            {
+                Options.SignOutScheme = Options.SignInScheme;
+            }
 
             HtmlEncoder = htmlEncoder;
 

From d289e82a852a0d52ecc100088f18d3f79d243fea Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@Outlook.com>
Date: Thu, 2 Jun 2016 15:06:17 -0700
Subject: [PATCH 551/900] Remove old Basic auth samples from ReadMe

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f32798072d..ab822bd682 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ Contains the security and authorization middlewares for ASP.NET Core.
 
 ### Notes
 
-ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration. If you require Basic Authentication middleware for testing purposes, as a shared secret authentication mechanism for server to server communication, or to use a database as a user source then please look at the samples from [leastprivilege](https://github.com/leastprivilege/BasicAuthentication.AspNet5) or [Kukkimonsuta](https://github.com/Kukkimonsuta/Odachi/tree/master/src/Odachi.AspNetCore.Authentication.Basic).
+ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration.
 
 
 This project is part of ASP.NET Core. You can find samples, documentation and getting started instructions for ASP.NET Core at the [Home](https://github.com/aspnet/home) repo.

From 35d0592701c4aa2edb6da919b629f87b8701807a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 3 Jun 2016 13:26:16 -0700
Subject: [PATCH 552/900] Make AuthorizationHandler<TReq> async only

---
 .../AuthorizationHandler.cs                   | 70 +++++++++----------
 .../IAuthorizationHandler.cs                  |  7 ++
 .../ClaimsAuthorizationRequirement.cs         |  4 +-
 .../DenyAnonymousAuthorizationRequirement.cs  |  4 +-
 .../NameAuthorizationRequirement.cs           |  4 +-
 .../RolesAuthorizationRequirement.cs          |  4 +-
 .../DefaultAuthorizationServiceTests.cs       | 17 +++--
 7 files changed, 64 insertions(+), 46 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
index f6877f114e..2eb19c6176 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
@@ -6,65 +6,63 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Base class for authorization handlers that need to be called for a specific requirement type.
+    /// </summary>
+    /// <typeparam name="TRequirement">The type of the requirement to handle.</typeparam>
     public abstract class AuthorizationHandler<TRequirement> : IAuthorizationHandler
-        where TRequirement : IAuthorizationRequirement
+            where TRequirement : IAuthorizationRequirement
     {
-        public void Handle(AuthorizationHandlerContext context)
-        {
-            foreach (var req in context.Requirements.OfType<TRequirement>())
-            {
-                Handle(context, req);
-            }
-        }
-
+        /// <summary>
+        /// Makes a decision if authorization is allowed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
         public virtual async Task HandleAsync(AuthorizationHandlerContext context)
         {
             foreach (var req in context.Requirements.OfType<TRequirement>())
             {
-                await HandleAsync(context, req);
+                await HandleRequirementAsync(context, req);
             }
         }
 
-        protected abstract void Handle(AuthorizationHandlerContext context, TRequirement requirement);
-
-        protected virtual Task HandleAsync(AuthorizationHandlerContext context, TRequirement requirement)
-        {
-            Handle(context, requirement);
-            return Task.FromResult(0);
-        }
+        /// <summary>
+        /// Makes a decision if authorization is allowed based on a specific requirement.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <param name="requirement">The requirement to evaluate.</param>
+        protected abstract Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement);
     }
 
+    /// <summary>
+    /// Base class for authorization handlers that need to be called for specific requirement and
+    /// resource types.
+    /// </summary>
+    /// <typeparam name="TRequirement">The type of the requirement to evaluate.</typeparam>
+    /// <typeparam name="TResource">The type of the resource to evaluate.</typeparam>
     public abstract class AuthorizationHandler<TRequirement, TResource> : IAuthorizationHandler
         where TRequirement : IAuthorizationRequirement
     {
+        /// <summary>
+        /// Makes a decision if authorization is allowed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
         public virtual async Task HandleAsync(AuthorizationHandlerContext context)
         {
             if (context.Resource is TResource)
             {
                 foreach (var req in context.Requirements.OfType<TRequirement>())
                 {
-                    await HandleAsync(context, req, (TResource)context.Resource);
+                    await HandleRequirementAsync(context, req, (TResource)context.Resource);
                 }
             }
         }
 
-        protected virtual Task HandleAsync(AuthorizationHandlerContext context, TRequirement requirement, TResource resource)
-        {
-            Handle(context, requirement, resource);
-            return Task.FromResult(0);
-        }
-
-        public virtual void Handle(AuthorizationHandlerContext context)
-        {
-            if (context.Resource is TResource)
-            {
-                foreach (var req in context.Requirements.OfType<TRequirement>())
-                {
-                    Handle(context, req, (TResource)context.Resource);
-                }
-            }
-        }
-
-        protected abstract void Handle(AuthorizationHandlerContext context, TRequirement requirement, TResource resource);
+        /// <summary>
+        /// Makes a decision if authorization is allowed based on a specific requirement and resource.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <param name="requirement">The requirement to evaluate.</param>
+        /// <param name="resource">The resource to evaluate.</param>
+        protected abstract Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement, TResource resource);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
index cf7896a30e..afe9e43f02 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
@@ -5,8 +5,15 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Classes implementing this interface are able to make a decision if authorization is allowed.
+    /// </summary>
     public interface IAuthorizationHandler
     {
+        /// <summary>
+        /// Makes a decision if authorization is allowed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
         Task HandleAsync(AuthorizationHandlerContext context);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
index 644b33086d..c5a06c2f95 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -25,7 +26,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
         public string ClaimType { get; }
         public IEnumerable<string> AllowedValues { get; }
 
-        protected override void Handle(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement)
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
@@ -44,6 +45,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
+            return Task.FromResult(0);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
index 57ad22dff6..82d40639bc 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
@@ -2,12 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Linq;
+using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement
     {
-        protected override void Handle(AuthorizationHandlerContext context, DenyAnonymousAuthorizationRequirement requirement)
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DenyAnonymousAuthorizationRequirement requirement)
         {
             var user = context.User;
             var userIsAnonymous =
@@ -17,6 +18,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             {
                 context.Succeed(requirement);
             }
+            return Task.FromResult(0);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
index b0c4e6b101..3643b1fb7a 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Linq;
+using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -23,7 +24,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
 
         public string RequiredName { get; }
 
-        protected override void Handle(AuthorizationHandlerContext context, NameAuthorizationRequirement requirement)
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, NameAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
@@ -33,6 +34,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
+            return Task.FromResult(0);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
index a57a0e4c8e..53d6beb167 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -27,7 +28,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
 
         public IEnumerable<string> AllowedRoles { get; }
 
-        protected override void Handle(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
@@ -45,6 +46,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
+            return Task.FromResult(0);
         }
 
     }
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index b6383ffb48..19bd761e05 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -584,9 +584,10 @@ namespace Microsoft.AspNetCore.Authorization.Test
         public class CustomRequirement : IAuthorizationRequirement { }
         public class CustomHandler : AuthorizationHandler<CustomRequirement>
         {
-            protected override void Handle(AuthorizationHandlerContext context, CustomRequirement requirement)
+            protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomRequirement requirement)
             {
                 context.Succeed(requirement);
+                return Task.FromResult(0);
             }
         }
 
@@ -640,11 +641,12 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             public bool Succeed { get; set; }
 
-            protected override void Handle(AuthorizationHandlerContext context, PassThroughRequirement requirement)
+            protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PassThroughRequirement requirement)
             {
                 if (Succeed) {
                     context.Succeed(requirement);
                 }
+                return Task.FromResult(0);
             }
         }
 
@@ -770,23 +772,25 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             private IEnumerable<OperationAuthorizationRequirement> _allowed;
 
-            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
+            protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
             {
                 if (_allowed.Contains(requirement))
                 {
                     context.Succeed(requirement);
                 }
+                return Task.FromResult(0);
             }
         }
 
         public class SuperUserHandler : AuthorizationHandler<OperationAuthorizationRequirement>
         {
-            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement)
+            protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement)
             {
                 if (context.User.HasClaim("SuperUser", "yes"))
                 {
                     context.Succeed(requirement);
                 }
+                return Task.FromResult(0);
             }
         }
 
@@ -816,7 +820,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
         public class NotCalledHandler : AuthorizationHandler<OperationAuthorizationRequirement, string>
         {
-            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, string resource)
+            protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, string resource)
             {
                 throw new NotImplementedException();
             }
@@ -824,12 +828,13 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
         public class EvenHandler : AuthorizationHandler<OperationAuthorizationRequirement, int>
         {
-            protected override void Handle(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, int id)
+            protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, int id)
             {
                 if (id % 2 == 0)
                 {
                     context.Succeed(requirement);
                 }
+                return Task.FromResult(0);
             }
         }
 

From 120021e8a33ddda13411ff3876a78040f75bec2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Thu, 2 Jun 2016 16:45:05 +0200
Subject: [PATCH 553/900] Add a new IncludeErrorDetails option to prevent the
 JWT middleware from returning error/error_description

---
 .../Events/JwtBearerChallengeContext.cs       | 20 ++++
 .../JwtBearerHandler.cs                       | 51 +++++++---
 .../JwtBearerOptions.cs                       |  7 ++
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 96 ++++++++++++++++++-
 4 files changed, 160 insertions(+), 14 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index b4dcf1147b..5846812538 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -22,5 +22,25 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         /// Any failures encountered during the authentication process.
         /// </summary>
         public Exception AuthenticateFailure { get; set; }
+
+        /// <summary>
+        /// Gets or sets the "error" value returned to the caller as part
+        /// of the WWW-Authenticate header. This property may be null when
+        /// <see cref="JwtBearerOptions.IncludeErrorDetails"/> is set to <c>false</c>.
+        /// </summary>
+        public string Error { get; set; }
+
+        /// <summary>
+        /// Gets or sets the "error_description" value returned to the caller as part
+        /// of the WWW-Authenticate header. This property may be null when
+        /// <see cref="JwtBearerOptions.IncludeErrorDetails"/> is set to <c>false</c>.
+        /// </summary>
+        public string ErrorDescription { get; set; }
+
+        /// <summary>
+        /// Gets or sets the "error_uri" value returned to the caller as part of the
+        /// WWW-Authenticate header. This property is always null unless explicitly set.
+        /// </summary>
+        public string ErrorUri { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 077f1debdb..34b13562a5 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -191,6 +191,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             {
                 AuthenticateFailure = authResult?.Failure,
             };
+
+            // Avoid returning error=invalid_token if the error is not caused by an authentication failure (e.g missing token).
+            if (Options.IncludeErrorDetails && eventContext.AuthenticateFailure != null)
+            {
+                eventContext.Error = "invalid_token";
+                eventContext.ErrorDescription = CreateErrorDescription(eventContext.AuthenticateFailure);
+            }
+
             await Options.Events.Challenge(eventContext);
             if (eventContext.HandledResponse)
             {
@@ -203,9 +211,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
             Response.StatusCode = 401;
 
-            var errorDescription = CreateErrorDescription(eventContext.AuthenticateFailure);
-
-            if (errorDescription.Length == 0)
+            if (string.IsNullOrEmpty(eventContext.Error) &&
+                string.IsNullOrEmpty(eventContext.ErrorDescription) &&
+                string.IsNullOrEmpty(eventContext.ErrorUri))
             {
                 Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge);
             }
@@ -219,9 +227,35 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     // Only add a comma after the first param, if any
                     builder.Append(',');
                 }
-                builder.Append(" error=\"invalid_token\", error_description=\"");
-                builder.Append(errorDescription);
-                builder.Append('\"');
+                if (!string.IsNullOrEmpty(eventContext.Error))
+                {
+                    builder.Append(" error=\"");
+                    builder.Append(eventContext.Error);
+                    builder.Append("\"");
+                }
+                if (!string.IsNullOrEmpty(eventContext.ErrorDescription))
+                {
+                    if (!string.IsNullOrEmpty(eventContext.Error))
+                    {
+                        builder.Append(",");
+                    }
+
+                    builder.Append(" error_description=\"");
+                    builder.Append(eventContext.ErrorDescription);
+                    builder.Append('\"');
+                }
+                if (!string.IsNullOrEmpty(eventContext.ErrorUri))
+                {
+                    if (!string.IsNullOrEmpty(eventContext.Error) ||
+                        !string.IsNullOrEmpty(eventContext.ErrorDescription))
+                    {
+                        builder.Append(",");
+                    }
+
+                    builder.Append(" error_uri=\"");
+                    builder.Append(eventContext.ErrorUri);
+                    builder.Append('\"');
+                }
 
                 Response.Headers.Append(HeaderNames.WWWAuthenticate, builder.ToString());
             }
@@ -231,11 +265,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
         private static string CreateErrorDescription(Exception authFailure)
         {
-            if (authFailure == null)
-            {
-                return string.Empty;
-            }
-
             IEnumerable<Exception> exceptions;
             if (authFailure is AggregateException)
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index 837928e777..1d73b843ee 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -118,5 +118,12 @@ namespace Microsoft.AspNetCore.Builder
         /// <see cref="Http.Authentication.AuthenticationProperties"/> after a successful authorization.
         /// </summary>
         public bool SaveToken { get; set; } = true;
+
+        /// <summary>
+        /// Defines whether the token validation errors should be returned to the caller.
+        /// Enabled by default, this option can be disabled to prevent the JWT middleware
+        /// from returning an error and an error_description in the WWW-Authenticate header.
+        /// </summary>
+        public bool IncludeErrorDetails { get; set; } = true;
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index 5a10ef616f..b1f0ce4fed 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -7,6 +7,7 @@ using System.Net;
 using System.Net.Http;
 using System.Reflection;
 using System.Security.Claims;
+using System.Text;
 using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.Builder;
@@ -127,7 +128,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
-            Assert.Equal("Bearer", response.Response.Headers.WwwAuthenticate.First().ToString());
+            Assert.Equal("Bearer error=\"invalid_token\"", response.Response.Headers.WwwAuthenticate.First().ToString());
             Assert.Equal("", response.ResponseText);
         }
 
@@ -164,7 +165,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
-            Assert.Equal("Bearer", response.Response.Headers.WwwAuthenticate.First().ToString());
+            Assert.Equal("Bearer error=\"invalid_token\"", response.Response.Headers.WwwAuthenticate.First().ToString());
             Assert.Equal("", response.ResponseText);
         }
 
@@ -179,11 +180,100 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
-            Assert.Equal($"Bearer error=\"invalid_token\", error_description=\"The audience is invalid; The signature key was not found\"",
+            Assert.Equal("Bearer error=\"invalid_token\", error_description=\"The audience is invalid; The signature key was not found\"",
                 response.Response.Headers.WwwAuthenticate.First().ToString());
             Assert.Equal("", response.ResponseText);
         }
 
+        [Theory]
+        [InlineData("custom_error", "custom_description", "custom_uri")]
+        [InlineData("custom_error", "custom_description", null)]
+        [InlineData("custom_error", null, null)]
+        [InlineData(null, "custom_description", "custom_uri")]
+        [InlineData(null, "custom_description", null)]
+        [InlineData(null, null, "custom_uri")]
+        public async Task ExceptionsReportedInHeaderExposesUserDefinedError(string error, string description, string uri)
+        {
+            var options = new JwtBearerOptions
+            {
+                Events = new JwtBearerEvents
+                {
+                    OnChallenge = context =>
+                    {
+                        context.Error = error;
+                        context.ErrorDescription = description;
+                        context.ErrorUri = uri;
+
+                        return Task.FromResult(0);
+                    }
+                }
+            };
+            var server = CreateServer(options);
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal("", response.ResponseText);
+
+            var builder = new StringBuilder(options.Challenge);
+
+            if (!string.IsNullOrEmpty(error))
+            {
+                builder.Append(" error=\"");
+                builder.Append(error);
+                builder.Append("\"");
+            }
+            if (!string.IsNullOrEmpty(description))
+            {
+                if (!string.IsNullOrEmpty(error))
+                {
+                    builder.Append(",");
+                }
+
+                builder.Append(" error_description=\"");
+                builder.Append(description);
+                builder.Append('\"');
+            }
+            if (!string.IsNullOrEmpty(uri))
+            {
+                if (!string.IsNullOrEmpty(error) ||
+                    !string.IsNullOrEmpty(description))
+                {
+                    builder.Append(",");
+                }
+
+                builder.Append(" error_uri=\"");
+                builder.Append(uri);
+                builder.Append('\"');
+            }
+
+            Assert.Equal(builder.ToString(), response.Response.Headers.WwwAuthenticate.First().ToString());
+        }
+
+        [Fact]
+        public async Task ExceptionNotReportedInHeaderWhenIncludeErrorDetailsIsFalse()
+        {
+            var server = CreateServer(new JwtBearerOptions
+            {
+                IncludeErrorDetails = false
+            });
+
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal("Bearer", response.Response.Headers.WwwAuthenticate.First().ToString());
+            Assert.Equal("", response.ResponseText);
+        }
+
+        [Fact]
+        public async Task ExceptionNotReportedInHeaderWhenTokenWasMissing()
+        {
+            var server = CreateServer(new JwtBearerOptions());
+
+            var response = await SendAsync(server, "http://example.com/oauth");
+            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
+            Assert.Equal("Bearer", response.Response.Headers.WwwAuthenticate.First().ToString());
+            Assert.Equal("", response.ResponseText);
+        }
+
         [Fact]
         public async Task CustomTokenValidated()
         {

From bffbfc7f9e6c40238467d84efd1da82dc5485026 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 3 Jun 2016 20:03:55 -0700
Subject: [PATCH 554/900] React to OpenId renames

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs       |  2 +-
 samples/OpenIdConnectSample/Startup.cs               |  2 +-
 .../OpenIdConnectHandler.cs                          |  4 ++--
 .../OpenIdConnectOptions.cs                          |  8 ++++----
 .../OpenIdConnect/ExpectedQueryValues.cs             | 12 ++++++------
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs    |  4 ++--
 6 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 2fc8ac19b2..40727ff1a3 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -80,7 +80,7 @@ namespace OpenIdConnect.AzureAdSample
                 ClientId = clientId,
                 ClientSecret = clientSecret, // for code flow
                 Authority = authority,
-                ResponseType = OpenIdConnectResponseTypes.CodeIdToken,
+                ResponseType = OpenIdConnectResponseType.CodeIdToken,
                 // GetClaimsFromUserInfoEndpoint = true,
                 Events = new OpenIdConnectEvents()
                 {
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index e9836506a3..3a39919032 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -72,7 +72,7 @@ namespace OpenIdConnectSample
                 ClientId = Configuration["oidc:clientid"],
                 ClientSecret = Configuration["oidc:clientsecret"], // for code flow
                 Authority = Configuration["oidc:authority"],
-                ResponseType = OpenIdConnectResponseTypes.Code,
+                ResponseType = OpenIdConnectResponseType.Code,
                 GetClaimsFromUserInfoEndpoint = true
             });
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index a10122b7af..4189ee262c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -286,8 +286,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // Omitting the response_mode parameter when it already corresponds to the default
             // response_mode used for the specified response_type is recommended by the specifications.
             // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
-            if (!string.Equals(Options.ResponseType, OpenIdConnectResponseTypes.Code, StringComparison.Ordinal) ||
-                !string.Equals(Options.ResponseMode, OpenIdConnectResponseModes.Query, StringComparison.Ordinal))
+            if (!string.Equals(Options.ResponseType, OpenIdConnectResponseType.Code, StringComparison.Ordinal) ||
+                !string.Equals(Options.ResponseMode, OpenIdConnectResponseMode.Query, StringComparison.Ordinal))
             {
                 message.ResponseMode = Options.ResponseMode;
             }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index c9b614acde..b5f6c03daa 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -38,8 +38,8 @@ namespace Microsoft.AspNetCore.Builder
         /// <para>Caption: <see cref="OpenIdConnectDefaults.Caption"/>.</para>
         /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para>
         /// <para>RefreshOnIssuerKeyNotFound: true</para>
-        /// <para>ResponseType: <see cref="OpenIdConnectResponseTypes.CodeIdToken"/></para>
-        /// <para>Scope: <see cref="OpenIdConnectScopes.OpenIdProfile"/>.</para>
+        /// <para>ResponseType: <see cref="OpenIdConnectResponseType.CodeIdToken"/></para>
+        /// <para>Scope: <see cref="OpenIdConnectScope.OpenIdProfile"/>.</para>
         /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationScheme = authenticationScheme.</para>
         /// <para>UseTokenLifetime: false.</para>
         /// </remarks>
@@ -144,12 +144,12 @@ namespace Microsoft.AspNetCore.Builder
         /// <summary>
         /// Gets or sets the 'response_mode'.
         /// </summary>
-        public string ResponseMode { get; set; } = OpenIdConnectResponseModes.FormPost;
+        public string ResponseMode { get; set; } = OpenIdConnectResponseMode.FormPost;
 
         /// <summary>
         /// Gets or sets the 'response_type'.
         /// </summary>
-        public string ResponseType { get; set; } = OpenIdConnectResponseTypes.IdToken;
+        public string ResponseType { get; set; } = OpenIdConnectResponseType.IdToken;
 
         /// <summary>
         /// Gets the list of permissions to request.
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
index 66fc2f4bab..98df02ee61 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
@@ -25,8 +25,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public static ExpectedQueryValues Defaults(string authority)
         {
             var result = new ExpectedQueryValues(authority);
-            result.Scope = OpenIdConnectScopes.OpenIdProfile;
-            result.ResponseType = OpenIdConnectResponseTypes.CodeIdToken;
+            result.Scope = OpenIdConnectScope.OpenIdProfile;
+            result.ResponseType = OpenIdConnectResponseType.CodeIdToken;
             return result;
         }
 
@@ -111,11 +111,11 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
         public string RedirectUri { get; set; } = Guid.NewGuid().ToString();
 
-        public OpenIdConnectRequestType RequestType { get; set; } = OpenIdConnectRequestType.AuthenticationRequest;
+        public OpenIdConnectRequestType RequestType { get; set; } = OpenIdConnectRequestType.Authentication;
 
         public string Resource { get; set; } = Guid.NewGuid().ToString();
 
-        public string ResponseMode { get; set; } = OpenIdConnectResponseModes.FormPost;
+        public string ResponseMode { get; set; } = OpenIdConnectResponseMode.FormPost;
 
         public string ResponseType { get; set; } = Guid.NewGuid().ToString();
 
@@ -127,11 +127,11 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             get
             {
-                if (RequestType == OpenIdConnectRequestType.TokenRequest)
+                if (RequestType == OpenIdConnectRequestType.Token)
                 {
                     return Configuration?.EndSessionEndpoint ?? Authority + @"/oauth2/token";
                 }
-                else if (RequestType == OpenIdConnectRequestType.LogoutRequest)
+                else if (RequestType == OpenIdConnectRequestType.Logout)
                 {
                     return Configuration?.TokenEndpoint ?? Authority + @"/oauth2/logout";
                 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 20de135712..41154820b9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -113,7 +113,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
             {
-                RequestType = OpenIdConnectRequestType.AuthenticationRequest
+                RequestType = OpenIdConnectRequestType.Authentication
             };
             var server = CreateServer(GetProtocolMessageOptions());
             var transaction = await SendAsync(server, DefaultHost + Challenge);
@@ -135,7 +135,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
             {
-                RequestType = OpenIdConnectRequestType.LogoutRequest
+                RequestType = OpenIdConnectRequestType.Logout
             };
             var server = CreateServer(GetProtocolMessageOptions());
             var transaction = await SendAsync(server, DefaultHost + Signout);

From 33b69c14edda3d96bc489e74a8ecf8d98f55ef25 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 6 Jun 2016 15:15:02 -0700
Subject: [PATCH 555/900] React to UriHelper.Encode rename.

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 40727ff1a3..f27a524928 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -87,7 +87,7 @@ namespace OpenIdConnect.AzureAdSample
                     OnAuthorizationCodeReceived = async context =>
                     {
                         var request = context.HttpContext.Request;
-                        var currentUri = UriHelper.Encode(request.Scheme, request.Host, request.PathBase, request.Path);
+                        var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
                         var credential = new ClientCredential(clientId, clientSecret);                                 
                         var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
 

From 933b374f3ecdfc65cea13057b123fbfed015f114 Mon Sep 17 00:00:00 2001
From: jacalvar <jacalvar@microsoft.com>
Date: Fri, 3 Jun 2016 12:38:28 -0700
Subject: [PATCH 556/900] Update Json.NET to 9.0.1-beta1

---
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json   | 2 +-
 src/Microsoft.AspNetCore.Authentication.Twitter/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 613cadae3f..af3f17a99b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -22,7 +22,7 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "8.0.3"
+    "Newtonsoft.Json": "9.0.1-beta1"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 63464eab96..1789475252 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -22,7 +22,7 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "8.0.3"
+    "Newtonsoft.Json": "9.0.1-beta1"
   },
   "frameworks": {
     "net451": {},

From e1495f5f3265dfd55611c514063910e0d73efa3c Mon Sep 17 00:00:00 2001
From: jacalvar <jacalvar@microsoft.com>
Date: Tue, 7 Jun 2016 22:46:08 -0700
Subject: [PATCH 557/900] Remove unncessary usings

---
 samples/CookieSample/project.json                         | 8 +-------
 samples/CookieSessionSample/project.json                  | 8 +-------
 samples/JwtBearerSample/project.json                      | 8 +-------
 samples/OpenIdConnect.AzureAdSample/project.json          | 8 +-------
 samples/OpenIdConnectSample/project.json                  | 8 +-------
 samples/SocialSample/project.json                         | 8 +-------
 .../project.json                                          | 3 ---
 .../project.json                                          | 3 ---
 .../project.json                                          | 3 ---
 .../project.json                                          | 3 ---
 .../project.json                                          | 5 +----
 .../project.json                                          | 3 ---
 .../project.json                                          | 3 ---
 src/Microsoft.AspNetCore.Authentication/project.json      | 5 +----
 14 files changed, 8 insertions(+), 68 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 954c366434..aa38029d98 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -14,9 +14,6 @@
   "frameworks": {
     "net451": {},
     "netcoreapp1.0": {
-      "imports": [
-        "dnxcore50"
-      ],
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
@@ -31,10 +28,7 @@
     ]
   },
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
-      "version": "1.0.0-*",
-      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
-    }
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index a3626218c4..fb8d16c023 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -15,9 +15,6 @@
   "frameworks": {
     "net451": {},
     "netcoreapp1.0": {
-      "imports": [
-        "dnxcore50"
-      ],
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
@@ -32,10 +29,7 @@
     ]
   },
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
-      "version": "1.0.0-*",
-      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
-    }
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index a82778a76e..5bf0a928a9 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -15,9 +15,6 @@
   "frameworks": {
     "net451": {},
     "netcoreapp1.0": {
-      "imports": [
-        "dnxcore50"
-      ],
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
@@ -35,10 +32,7 @@
   },
   "userSecretsId": "aspnet5-JwtBearerSample-20151210102827",
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
-      "version": "1.0.0-*",
-      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
-    }
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 7727c0ba31..ff03a5584b 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -13,9 +13,6 @@
   "frameworks": {
     "net451": { },
     "netcoreapp1.0": {
-      "imports": [
-        "dnxcore50"
-      ],
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
@@ -35,10 +32,7 @@
   },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
-      "version": "1.0.0-*",
-      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
-    }
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index c507160fec..7e0aa0e5f1 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -15,9 +15,6 @@
   "frameworks": {
     "net451": {},
     "netcoreapp1.0": {
-      "imports": [
-        "dnxcore50"
-      ],
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
@@ -37,10 +34,7 @@
   },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
-      "version": "1.0.0-*",
-      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
-    }
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index fb19d3ec2a..98ff9263aa 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -21,9 +21,6 @@
   "frameworks": {
     "net451": { },
     "netcoreapp1.0": {
-      "imports": [
-        "dnxcore50"
-      ],
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
@@ -41,10 +38,7 @@
     ]
   },
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": {
-      "version": "1.0.0-*",
-      "imports": "portable-net45+wp80+win8+wpa81+dnxcore50"
-    }
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 27b5f34eaf..35fedfada5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -26,9 +26,6 @@
   "frameworks": {
     "net451": {},
     "netstandard1.3": {
-      "imports": [
-        "portable-net451+win8"
-      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 3051e5fa7d..37d91ba542 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -26,9 +26,6 @@
   "frameworks": {
     "net451": {},
     "netstandard1.3": {
-      "imports": [
-        "portable-net451+win8"
-      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index f0c04896ec..2863967e29 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -27,9 +27,6 @@
   "frameworks": {
     "net451": {},
     "netstandard1.4": {
-      "imports": [
-        "portable-net451+win8"
-      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index 3a7b5e03e5..81f34b7361 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -26,9 +26,6 @@
   "frameworks": {
     "net451": {},
     "netstandard1.3": {
-      "imports": [
-        "portable-net451+win8"
-      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index af3f17a99b..971a8d6960 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -29,10 +29,7 @@
     "netstandard1.3": {
       "dependencies": {
         "System.Runtime.Serialization.Primitives": "4.1.1-*"
-      },
-      "imports": [
-        "portable-net451+win8"
-      ]
+      }
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 11d887e5c2..b80faf063f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -27,9 +27,6 @@
   "frameworks": {
     "net451": {},
     "netstandard1.4": {
-      "imports": [
-        "portable-net451+win8"
-      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 1789475252..7d830ad8c1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -27,9 +27,6 @@
   "frameworks": {
     "net451": {},
     "netstandard1.3": {
-      "imports": [
-        "portable-net451+win8"
-      ]
     }
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index e5107da8fc..dc56181a71 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -41,10 +41,7 @@
     "netstandard1.3": {
       "dependencies": {
         "System.Net.Http": "4.1.0-*"
-      },
-      "imports": [
-        "portable-net451"
-      ]
+      }
     }
   }
 }
\ No newline at end of file

From 38e89d498da65ceb603b3b19e5c8fb64e2986ca4 Mon Sep 17 00:00:00 2001
From: Barry Dorrans <barryd@idunno.org>
Date: Thu, 9 Jun 2016 16:15:09 -0700
Subject: [PATCH 558/900] Doc Comments

---
 .../AuthorizationHandler.cs                   |   8 +-
 .../AuthorizationHandlerContext.cs            |  35 ++++++
 .../AuthorizationOptions.cs                   |   5 +-
 .../AuthorizationPolicy.cs                    |  50 ++++++++
 .../AuthorizationPolicyBuilder.cs             | 114 +++++++++++++++---
 .../AuthorizationServiceExtensions.cs         |  57 +++++----
 .../AuthorizeAttribute.cs                     |   1 -
 .../DefaultAuthorizationPolicyProvider.cs     |  15 ++-
 .../DefaultAuthorizationService.cs            |  29 +++++
 .../IAllowAnonymous.cs                        |   3 +
 .../IAuthorizationPolicyProvider.cs           |   8 +-
 .../IAuthorizationRequirement.cs              |   3 +
 .../IAuthorizationService.cs                  |  16 ++-
 .../IAuthorizeData.cs                         |   5 +-
 .../Infrastructure/AssertionRequirement.cs    |  34 ++++--
 .../ClaimsAuthorizationRequirement.cs         |  26 +++-
 .../DenyAnonymousAuthorizationRequirement.cs  |   9 ++
 .../NameAuthorizationRequirement.cs           |  16 ++-
 .../OperationAuthorizationRequirement.cs      |   7 ++
 .../PassThroughAuthorizationHandler.cs        |   8 ++
 .../RolesAuthorizationRequirement.cs          |  19 ++-
 21 files changed, 399 insertions(+), 69 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
index 2eb19c6176..a4a923c3c7 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
@@ -16,7 +16,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Makes a decision if authorization is allowed.
         /// </summary>
-        /// <param name="context">The authorization information.</param>
+        /// <param name="context">The authorization context.</param>
         public virtual async Task HandleAsync(AuthorizationHandlerContext context)
         {
             foreach (var req in context.Requirements.OfType<TRequirement>())
@@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Makes a decision if authorization is allowed based on a specific requirement.
         /// </summary>
-        /// <param name="context">The authorization information.</param>
+        /// <param name="context">The authorization context.</param>
         /// <param name="requirement">The requirement to evaluate.</param>
         protected abstract Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement);
     }
@@ -45,7 +45,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Makes a decision if authorization is allowed.
         /// </summary>
-        /// <param name="context">The authorization information.</param>
+        /// <param name="context">The authorization context.</param>
         public virtual async Task HandleAsync(AuthorizationHandlerContext context)
         {
             if (context.Resource is TResource)
@@ -60,7 +60,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Makes a decision if authorization is allowed based on a specific requirement and resource.
         /// </summary>
-        /// <param name="context">The authorization information.</param>
+        /// <param name="context">The authorization context.</param>
         /// <param name="requirement">The requirement to evaluate.</param>
         /// <param name="resource">The resource to evaluate.</param>
         protected abstract Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement, TResource resource);
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
index 2349feb319..65aafa2bb6 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
@@ -17,6 +17,12 @@ namespace Microsoft.AspNetCore.Authorization
         private bool _failCalled;
         private bool _succeedCalled;
 
+        /// <summary>
+        /// Creates a new instance of <see cref="AuthorizationHandlerContext"/>.
+        /// </summary>
+        /// <param name="requirements">A collection of all the <see cref="IAuthorizationRequirement"/> for the current authorization action.</param>
+        /// <param name="user">A <see cref="ClaimsPrincipal"/> representing the current user.</param>
+        /// <param name="resource">An optional resource to evaluate the <paramref name="requirements"/> against.</param>
         public AuthorizationHandlerContext(
             IEnumerable<IAuthorizationRequirement> requirements,
             ClaimsPrincipal user,
@@ -33,14 +39,34 @@ namespace Microsoft.AspNetCore.Authorization
             _pendingRequirements = new HashSet<IAuthorizationRequirement>(requirements);
         }
 
+        /// <summary>
+        /// The collection of all the <see cref="IAuthorizationRequirement"/> for the current authorization action.
+        /// </summary>
         public IEnumerable<IAuthorizationRequirement> Requirements { get; }
+
+        /// <summary>
+        /// The <see cref="ClaimsPrincipal"/> representing the current user.
+        /// </summary>
         public ClaimsPrincipal User { get; }
+
+        /// <summary>
+        /// The optional resource to evaluate the <see cref="AuthorizationHandlerContext.Requirements"/> against.
+        /// </summary>
         public object Resource { get; }
 
+        /// <summary>
+        /// Gets the requirements that have not yet been succeeded.
+        /// </summary>
         public IEnumerable<IAuthorizationRequirement> PendingRequirements { get { return _pendingRequirements; } }
 
+        /// <summary>
+        /// Flag indicating whether the current authorization processing has failed.
+        /// </summary>
         public bool HasFailed { get { return _failCalled; } }
 
+        /// <summary>
+        /// Flag indicating whether the current authorization processing has succeeded.
+        /// </summary>
         public bool HasSucceeded
         {
             get
@@ -49,11 +75,20 @@ namespace Microsoft.AspNetCore.Authorization
             }
         }
 
+        /// <summary>
+        /// Called to indicate <see cref="AuthorizationHandlerContext.HasSucceeded"/> will
+        /// never return true, even if all requirements are met.
+        /// </summary>
         public void Fail()
         {
             _failCalled = true;
         }
 
+        /// <summary>
+        /// Called to mark the specified <paramref name="requirement"/> as being
+        /// successfully evaluated.
+        /// </summary>
+        /// <param name="requirement">The requirement whose evaluation has succeeded.</param>
         public void Succeed(IAuthorizationRequirement requirement)
         {
             _succeedCalled = true;
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
index 94799af29b..5031c68b9e 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
@@ -14,8 +14,11 @@ namespace Microsoft.AspNetCore.Authorization
         private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>(StringComparer.OrdinalIgnoreCase);
 
         /// <summary>
-        /// The initial default policy is to require any authenticated user
+        /// Gets or sets the default authoization policy.
         /// </summary>
+        /// <remarks>
+        /// The default policy is to require any authenticated user.
+        /// </remarks>
         public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
index 171fe014d6..41eb7aadeb 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
@@ -8,8 +8,23 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Represents a collection of authorization requirements and the scheme or 
+    /// schemes they are evaluated against, all of which must succeed
+    /// for authorization to succeed.
+    /// </summary>
     public class AuthorizationPolicy
     {
+        /// <summary>
+        /// Creates a new instance of <see cref="AuthorizationPolicy"/>.
+        /// </summary>
+        /// <param name="requirements">
+        /// The list of <see cref="IAuthorizationRequirement"/>s which must succeed for
+        /// this policy to be successful.
+        /// </param>
+        /// <param name="authenticationSchemes">
+        /// The authentication schemes the <paramref name="requirements"/> are evaluated against.
+        /// </param>
         public AuthorizationPolicy(IEnumerable<IAuthorizationRequirement> requirements, IEnumerable<string> authenticationSchemes)
         {
             if (requirements == null)
@@ -30,9 +45,26 @@ namespace Microsoft.AspNetCore.Authorization
             AuthenticationSchemes = new List<string>(authenticationSchemes).AsReadOnly();
         }
 
+        /// <summary>
+        /// Gets a readonly list of <see cref="IAuthorizationRequirement"/>s which must succeed for
+        /// this policy to be successful.
+        /// </summary>
         public IReadOnlyList<IAuthorizationRequirement> Requirements { get; }
+
+        /// <summary>
+        /// Gets a readonly list of rhe authentication schemes the <see cref="AuthorizationPolicy.Requirements"/> 
+        /// are evaluated against.
+        /// </summary>
         public IReadOnlyList<string> AuthenticationSchemes { get; }
 
+        /// <summary>
+        /// Combines the specified <see cref="AuthorizationPolicy"/> into a single policy.
+        /// </summary>
+        /// <param name="policies">The authorization policies to combine.</param>
+        /// <returns>
+        /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the
+        /// specified <paramref name="policies"/>.
+        /// </returns>
         public static AuthorizationPolicy Combine(params AuthorizationPolicy[] policies)
         {
             if (policies == null)
@@ -43,6 +75,14 @@ namespace Microsoft.AspNetCore.Authorization
             return Combine((IEnumerable<AuthorizationPolicy>)policies);
         }
 
+        /// <summary>
+        /// Combines the specified <see cref="AuthorizationPolicy"/> into a single policy.
+        /// </summary>
+        /// <param name="policies">The authorization policies to combine.</param>
+        /// <returns>
+        /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the
+        /// specified <paramref name="policies"/>.
+        /// </returns>
         public static AuthorizationPolicy Combine(IEnumerable<AuthorizationPolicy> policies)
         {
             if (policies == null)
@@ -58,6 +98,16 @@ namespace Microsoft.AspNetCore.Authorization
             return builder.Build();
         }
 
+        /// <summary>
+        /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified
+        /// <paramref name="policyProvider"/>
+        /// </summary>
+        /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param>
+        /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param>
+        /// <returns>
+        /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the
+        /// authorization policies provided by specified <paramref name="policyProvider"/>.
+        /// </returns>
         public static async Task<AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizeData> authorizeData)
         {
             if (policyProvider == null)
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
index 653727f5ee..37335df8f2 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
@@ -9,21 +9,47 @@ using Microsoft.AspNetCore.Authorization.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Used for building policies during application startup.
+    /// </summary>
     public class AuthorizationPolicyBuilder
     {
+        /// <summary>
+        /// Creates a new instance of <see cref="AuthorizationPolicyBuilder"/>
+        /// </summary>
+        /// <param name="authenticationSchemes">An array of authentication schemes the policy should be evaluated against.</param>
         public AuthorizationPolicyBuilder(params string[] authenticationSchemes)
         {
             AddAuthenticationSchemes(authenticationSchemes);
         }
 
+        /// <summary>
+        /// Creates a new instance of <see cref="AuthorizationPolicyBuilder"/>.
+        /// </summary>
+        /// <param name="policy">The <see cref="AuthorizationPolicy"/> to build.</param>
         public AuthorizationPolicyBuilder(AuthorizationPolicy policy)
         {
             Combine(policy);
         }
 
+        /// <summary>
+        /// Gets or sets a list of <see cref="IAuthorizationRequirement"/>s which must succeed for
+        /// this policy to be successful.
+        /// </summary>
         public IList<IAuthorizationRequirement> Requirements { get; set; } = new List<IAuthorizationRequirement>();
+
+        /// <summary>
+        /// Gets or sets a list authentication schemes the <see cref="AuthorizationPolicyBuilder.Requirements"/> 
+        /// are evaluated against.
+        /// </summary>
         public IList<string> AuthenticationSchemes { get; set; } = new List<string>();
 
+        /// <summary>
+        /// Adds the specified authentication <paramref name="schemes"/> to the
+        /// <see cref="AuthorizationPolicyBuilder.AuthenticationSchemes"/> for this instance.
+        /// </summary>
+        /// <param name="schemes">The schemes to add.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder AddAuthenticationSchemes(params string[] schemes)
         {
             foreach (var authType in schemes)
@@ -33,6 +59,12 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Adds the specified <paramref name="requirements"/> to the
+        /// <see cref="AuthorizationPolicyBuilder.Requirements"/> for this instance.
+        /// </summary>
+        /// <param name="requirements">The authorization requirements to add.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder AddRequirements(params IAuthorizationRequirement[] requirements)
         {
             foreach (var req in requirements)
@@ -42,6 +74,11 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Combines the specified <paramref name="policy"/> into the current instance.
+        /// </summary>
+        /// <param name="policy">The <see cref="AuthorizationPolicy"/> to combine.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder Combine(AuthorizationPolicy policy)
         {
             if (policy == null)
@@ -54,6 +91,13 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Adds a <see cref="ClaimsAuthorizationRequirement"/>
+        /// to the current instance.
+        /// </summary>
+        /// <param name="claimType">The claim type required.</param>
+        /// <param name="requiredValues">Values the claim must process one or more of for evaluation to succeed.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireClaim(string claimType, params string[] requiredValues)
         {
             if (claimType == null)
@@ -64,6 +108,13 @@ namespace Microsoft.AspNetCore.Authorization
             return RequireClaim(claimType, (IEnumerable<string>)requiredValues);
         }
 
+        /// <summary>
+        /// Adds a <see cref="ClaimsAuthorizationRequirement"/>
+        /// to the current instance.
+        /// </summary>
+        /// <param name="claimType">The claim type required.</param>
+        /// <param name="requiredValues">Values the claim must process one or more of for evaluation to succeed.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireClaim(string claimType, IEnumerable<string> requiredValues)
         {
             if (claimType == null)
@@ -75,6 +126,12 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Adds a <see cref="ClaimsAuthorizationRequirement"/>
+        /// to the current instance.
+        /// </summary>
+        /// <param name="claimType">The claim type required, which no restrictions on claim value.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireClaim(string claimType)
         {
             if (claimType == null)
@@ -86,6 +143,12 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Adds a <see cref="RolesAuthorizationRequirement"/>
+        /// to the current instance.
+        /// </summary>
+        /// <param name="roles">The roles required.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireRole(params string[] roles)
         {
             if (roles == null)
@@ -96,6 +159,12 @@ namespace Microsoft.AspNetCore.Authorization
             return RequireRole((IEnumerable<string>)roles);
         }
 
+        /// <summary>
+        /// Adds a <see cref="RolesAuthorizationRequirement"/>
+        /// to the current instance.
+        /// </summary>
+        /// <param name="roles">The roles required.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireRole(IEnumerable<string> roles)
         {
             if (roles == null)
@@ -107,6 +176,12 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Adds a <see cref="NameAuthorizationRequirement"/>
+        /// to the current instance.
+        /// </summary>
+        /// <param name="userName">The user name the current user must possess.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireUserName(string userName)
         {
             if (userName == null)
@@ -118,6 +193,10 @@ namespace Microsoft.AspNetCore.Authorization
             return this;
         }
 
+        /// <summary>
+        /// Adds a <see cref="DenyAnonymousAuthorizationRequirement"/> to the current instance.
+        /// </summary>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
         public AuthorizationPolicyBuilder RequireAuthenticatedUser()
         {
             Requirements.Add(new DenyAnonymousAuthorizationRequirement());
@@ -125,37 +204,44 @@ namespace Microsoft.AspNetCore.Authorization
         }
 
         /// <summary>
-        /// Requires that this Function returns true
+        /// Adds an <see cref="AssertionRequirement"/> to the current instance.
         /// </summary>
-        /// <param name="assert">Function that must return true</param>
-        /// <returns></returns>
-        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationHandlerContext, bool> assert)
+        /// <param name="handler">The handler to evaluate during authorization.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationHandlerContext, bool> handler)
         {
-            if (assert == null)
+            if (handler == null)
             {
-                throw new ArgumentNullException(nameof(assert));
+                throw new ArgumentNullException(nameof(handler));
             }
 
-            Requirements.Add(new AssertionRequirement(assert));
+            Requirements.Add(new AssertionRequirement(handler));
             return this;
         }
 
         /// <summary>
-        /// Requires that this Function returns true
+        /// Adds an <see cref="AssertionRequirement"/> to the current instance.
         /// </summary>
-        /// <param name="assert">Function that must return true</param>
-        /// <returns></returns>
-        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationHandlerContext, Task<bool>> assert)
+        /// <param name="handler">The handler to evaluate during authorization.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public AuthorizationPolicyBuilder RequireAssertion(Func<AuthorizationHandlerContext, Task<bool>> handler)
         {
-            if (assert == null)
+            if (handler == null)
             {
-                throw new ArgumentNullException(nameof(assert));
+                throw new ArgumentNullException(nameof(handler));
             }
 
-            Requirements.Add(new AssertionRequirement(assert));
+            Requirements.Add(new AssertionRequirement(handler));
             return this;
         }
 
+        /// <summary>
+        /// Builds a new <see cref="AuthorizationPolicy"/> from the requirements 
+        /// in this instance.
+        /// </summary>
+        /// <returns>
+        /// A new <see cref="AuthorizationPolicy"/> built from the requirements in this instance.
+        /// </returns>
         public AuthorizationPolicy Build()
         {
             return new AuthorizationPolicy(Requirements, AuthenticationSchemes.Distinct());
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
index 8979c5c632..197e89cf8d 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
@@ -8,16 +8,22 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Extension methods for <see cref="IAuthorizationService"/>.
+    /// </summary>
     public static class AuthorizationServiceExtensions
     {
         /// <summary>
         /// Checks if a user meets a specific requirement for the specified resource
         /// </summary>
-        /// <param name="service">The <see cref="IAuthorizationService"/>.</param>
-        /// <param name="user"></param>
-        /// <param name="resource"></param>
-        /// <param name="requirement"></param>
-        /// <returns></returns>
+        /// <param name="service">The <see cref="IAuthorizationService"/> providing authorization.</param>
+        /// <param name="user">The user to evaluate the policy against.</param>
+        /// <param name="resource">The resource to evaluate the policy against.</param>
+        /// <param name="requirement">The requirement to evaluate the policy against.</param>
+        /// <returns>
+        /// A flag indicating whether requirement evaluation has succeeded or failed.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
         {
             if (service == null)
@@ -34,13 +40,16 @@ namespace Microsoft.AspNetCore.Authorization
         }
 
         /// <summary>
-        /// Checks if a user meets a specific authorization policy
+        /// Checks if a user meets a specific authorization policy against the specified resource.
         /// </summary>
-        /// <param name="service">The authorization service.</param>
-        /// <param name="user">The user to check the policy against.</param>
-        /// <param name="resource">The resource the policy should be checked with.</param>
-        /// <param name="policy">The policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        /// <param name="service">The <see cref="IAuthorizationService"/> providing authorization.</param>
+        /// <param name="user">The user to evaluate the policy against.</param>
+        /// <param name="resource">The resource to evaluate the policy against.</param>
+        /// <param name="policy">The policy to evaluate.</param>
+        /// <returns>
+        /// A flag indicating whether policy evaluation has succeeded or failed.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, AuthorizationPolicy policy)
         {
             if (service == null)
@@ -57,12 +66,15 @@ namespace Microsoft.AspNetCore.Authorization
         }
 
         /// <summary>
-        /// Checks if a user meets a specific authorization policy
+        /// Checks if a user meets a specific authorization policy against the specified resource.
         /// </summary>
-        /// <param name="service">The authorization service.</param>
-        /// <param name="user">The user to check the policy against.</param>
-        /// <param name="policy">The policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        /// <param name="service">The <see cref="IAuthorizationService"/> providing authorization.</param>
+        /// <param name="user">The user to evaluate the policy against.</param>
+        /// <param name="policy">The policy to evaluate.</param>
+        /// <returns>
+        /// A flag indicating whether policy evaluation has succeeded or failed.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, AuthorizationPolicy policy)
         {
             if (service == null)
@@ -79,12 +91,15 @@ namespace Microsoft.AspNetCore.Authorization
         }
 
         /// <summary>
-        /// Checks if a user meets a specific authorization policy
+        /// Checks if a user meets a specific authorization policy against the specified resource.
         /// </summary>
-        /// <param name="service">The authorization service.</param>
-        /// <param name="user">The user to check the policy against.</param>
-        /// <param name="policyName">The name of the policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        /// <param name="service">The <see cref="IAuthorizationService"/> providing authorization.</param>
+        /// <param name="user">The user to evaluate the policy against.</param>
+        /// <param name="policyName">The name of the policy to evaluate.</param>
+        /// <returns>
+        /// A flag indicating whether policy evaluation has succeeded or failed.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, string policyName)
         {
             if (service == null)
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
index cdfab44f17..c911dc56bc 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
@@ -29,7 +29,6 @@ namespace Microsoft.AspNetCore.Authorization
         public string Policy { get; set; }
 
         /// <inheritdoc />
-        // REVIEW: can we get rid of the , deliminated in Roles/AuthTypes
         public string Roles { get; set; }
 
         /// <inheritdoc />
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
index e053e41f95..2c9ea19b5c 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
@@ -8,12 +8,17 @@ using Microsoft.Extensions.Options;
 namespace Microsoft.AspNetCore.Authorization
 {
     /// <summary>
-    /// A type which can provide a <see cref="AuthorizationPolicy"/> for a particular name.
+    /// The default implementation of a policy provider,
+    /// which provides a <see cref="AuthorizationPolicy"/> for a particular name.
     /// </summary>
     public class DefaultAuthorizationPolicyProvider : IAuthorizationPolicyProvider
     {
         private readonly AuthorizationOptions _options;
 
+        /// <summary>
+        /// Creates a new instance of <see cref="DefaultAuthorizationPolicyProvider"/>.
+        /// </summary>
+        /// <param name="options">The options used to configure this instance.</param>
         public DefaultAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options)
         {
             if (options == null)
@@ -24,6 +29,10 @@ namespace Microsoft.AspNetCore.Authorization
             _options = options.Value;
         }
 
+        /// <summary>
+        /// Gets the default authorization policy.
+        /// </summary>
+        /// <returns>The default authorization policy.</returns>
         public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
         {
             return Task.FromResult(_options.DefaultPolicy);
@@ -32,8 +41,8 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
         /// </summary>
-        /// <param name="policyName"></param>
-        /// <returns></returns>
+        /// <param name="policyName">The policy name to retrieve.</param>
+        /// <returns>The named <see cref="AuthorizationPolicy"/>.</returns>
         public virtual Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
         {
             return Task.FromResult(_options.GetPolicy(policyName));
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index d90cf18031..4ac87eff45 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -11,12 +11,21 @@ using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// The default implementation of an <see cref="IAuthorizationService"/>.
+    /// </summary>
     public class DefaultAuthorizationService : IAuthorizationService
     {
         private readonly IAuthorizationPolicyProvider _policyProvider;
         private readonly IList<IAuthorizationHandler> _handlers;
         private readonly ILogger _logger;
 
+        /// <summary>
+        /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
+        /// </summary>
+        /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
+        /// <param name="handlers">The handlers used to fufills <see cref="IAuthorizationRequirement"/>s.</param>
+        /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
         public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
         {
             if (policyProvider == null)
@@ -37,6 +46,16 @@ namespace Microsoft.AspNetCore.Authorization
             _logger = logger;
         }
 
+        /// <summary>
+        /// Checks if a user meets a specific set of requirements for the specified resource
+        /// </summary>
+        /// <param name="user">The user to evaluate the requirements against.</param>
+        /// <param name="resource">The resource to evaluate the requirements against.</param>
+        /// <param name="requirements">The requirements to evaluate.</param>
+        /// <returns>
+        /// A flag indicating whether authorization has succeded.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
         {
             if (requirements == null)
@@ -84,6 +103,16 @@ namespace Microsoft.AspNetCore.Authorization
             return (identity as ClaimsIdentity)?.FindFirst(claimsType)?.Value;
         }
 
+        /// <summary>
+        /// Checks if a user meets a specific authorization policy
+        /// </summary>
+        /// <param name="user">The user to check the policy against.</param>
+        /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <param name="policyName">The name of the policy to check against a specific context.</param>
+        /// <returns>
+        /// A flag indicating whether authorization has succeded.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
         {
             if (policyName == null)
diff --git a/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs b/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
index 7593e0ad3c..8531c3daab 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
@@ -3,6 +3,9 @@
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Marker interface to enable the <see cref="AllowAnonymousAttribute"/>.
+    /// </summary>
     public interface IAllowAnonymous
     {
     }
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
index ac141b327d..9e9d0f468a 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
@@ -13,14 +13,14 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
         /// </summary>
-        /// <param name="policyName"></param>
-        /// <returns></returns>
+        /// <param name="policyName">The policy name to retrieve.</param>
+        /// <returns>The named <see cref="AuthorizationPolicy"/>.</returns>
         Task<AuthorizationPolicy> GetPolicyAsync(string policyName);
 
         /// <summary>
-        /// Returns the default <see cref="AuthorizationPolicy"/>.
+        /// Gets the default authorization policy.
         /// </summary>
-        /// <returns></returns>
+        /// <returns>The default authorization policy.</returns>
         Task<AuthorizationPolicy> GetDefaultPolicyAsync();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
index 800789a8ca..0bdcaff86a 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
@@ -3,6 +3,9 @@
 
 namespace Microsoft.AspNetCore.Authorization
 {
+    /// <summary>
+    /// Represents an authorization requirement.
+    /// </summary>
     public interface IAuthorizationRequirement
     {
     }
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
index e3b9fec91e..369e3b5763 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
@@ -15,10 +15,13 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Checks if a user meets a specific set of requirements for the specified resource
         /// </summary>
-        /// <param name="user"></param>
-        /// <param name="resource"></param>
-        /// <param name="requirements"></param>
-        /// <returns></returns>
+        /// <param name="user">The user to evaluate the requirements against.</param>
+        /// <param name="resource">The resource to evaluate the requirements against.</param>
+        /// <param name="requirements">The requirements to evaluate.</param>
+        /// <returns>
+        /// A flag indicating whether authorization has succeded.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements);
 
         /// <summary>
@@ -27,7 +30,10 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="user">The user to check the policy against.</param>
         /// <param name="resource">The resource the policy should be checked with.</param>
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
-        /// <returns><value>true</value> when the user fulfills the policy, <value>false</value> otherwise.</returns>
+        /// <returns>
+        /// A flag indicating whether authorization has succeded.
+        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// </returns>
         Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
index 3371134b48..b48449b5cb 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
@@ -14,10 +14,13 @@ namespace Microsoft.AspNetCore.Authorization
         string Policy { get; set; }
 
         /// <summary>
-        /// Gets or sets a comma-separated list of roles that are allowed to access the resource.
+        /// Gets or sets a comma delimited list of roles that are allowed to access the resource.
         /// </summary>
         string Roles { get; set; }
 
+        /// <summary>
+        /// Gets or sets a comma delimited list of schemes from which user information is constructed.
+        /// </summary>
         string ActiveAuthenticationSchemes { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
index 2ddf065266..1c38b800e9 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
@@ -6,33 +6,49 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
+    /// <summary>
+    /// Implements an <see cref="IAuthorizationHandler"/> and <see cref="IAuthorizationRequirement"/>
+    /// that takes an user specified assertion.
+    /// </summary>
     public class AssertionRequirement : IAuthorizationHandler, IAuthorizationRequirement
     {
         /// <summary>
-        /// Function that is called to handle this requirement
+        /// Function that is called to handle this requirement.
         /// </summary>
         public Func<AuthorizationHandlerContext, Task<bool>> Handler { get; }
 
-        public AssertionRequirement(Func<AuthorizationHandlerContext, bool> assert)
+        /// <summary>
+        /// Creates a new instance of <see cref="AssertionRequirement"/>.
+        /// </summary>
+        /// <param name="handler">Function that is called to handle this requirement.</param>
+        public AssertionRequirement(Func<AuthorizationHandlerContext, bool> handler)
         {
-            if (assert == null)
+            if (handler == null)
             {
-                throw new ArgumentNullException(nameof(assert));
+                throw new ArgumentNullException(nameof(handler));
             }
 
-            Handler = context => Task.FromResult(assert(context));
+            Handler = context => Task.FromResult(handler(context));
         }
 
-        public AssertionRequirement(Func<AuthorizationHandlerContext, Task<bool>> assert)
+        /// <summary>
+        /// Creates a new instance of <see cref="AssertionRequirement"/>.
+        /// </summary>
+        /// <param name="handler">Function that is called to handle this requirement.</param>
+        public AssertionRequirement(Func<AuthorizationHandlerContext, Task<bool>> handler)
         {
-            if (assert == null)
+            if (handler == null)
             {
-                throw new ArgumentNullException(nameof(assert));
+                throw new ArgumentNullException(nameof(handler));
             }
 
-            Handler = assert;
+            Handler = handler;
         }
 
+        /// <summary>
+        /// Calls <see cref="AssertionRequirement.Handler"/> to see if authorization is allowed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
         public async Task HandleAsync(AuthorizationHandlerContext context)
         {
             if (await Handler(context))
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
index c5a06c2f95..0e28ba0776 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
@@ -8,10 +8,19 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
-    // Must contain a claim with the specified name, and at least one of the required values
-    // If AllowedValues is null or empty, that means any claim is valid
+    /// <summary>
+    /// Implements an <see cref="IAuthorizationHandler"/> and <see cref="IAuthorizationRequirement"/>
+    /// which requires at least one instance of the specified claim type, and, if allowed values are specified, 
+    /// the claim value must be any of the allowed values.
+    /// </summary>
     public class ClaimsAuthorizationRequirement : AuthorizationHandler<ClaimsAuthorizationRequirement>, IAuthorizationRequirement
     {
+        /// <summary>
+        /// Creates a new instance of <see cref="ClaimsAuthorizationRequirement"/>.
+        /// </summary>
+        /// <param name="claimType">The claim type that must be present.</param>
+        /// <param name="allowedValues">The optional list of claim values, which, if present, 
+        /// the claim must match.</param>
         public ClaimsAuthorizationRequirement(string claimType, IEnumerable<string> allowedValues)
         {
             if (claimType == null)
@@ -23,9 +32,22 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             AllowedValues = allowedValues;
         }
 
+        /// <summary>
+        /// Gets the claim type that must be present.
+        /// </summary>
         public string ClaimType { get; }
+
+        /// <summary>
+        /// Gets the optional list of claim values, which, if present, 
+        /// the claim must match.
+        /// </summary>
         public IEnumerable<string> AllowedValues { get; }
 
+        /// <summary>
+        /// Makes a decision if authorization is allowed based on the claims requirements specified.
+        /// </summary>
+        /// <param name="context">The authorization context.</param>
+        /// <param name="requirement">The requirement to evaluate.</param>
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement)
         {
             if (context.User != null)
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
index 82d40639bc..7f2671775f 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
@@ -6,8 +6,17 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
+    /// <summary>
+    /// Implements an <see cref="IAuthorizationHandler"/> and <see cref="IAuthorizationRequirement"/>
+    /// which requires the current user must be authenticated.
+    /// </summary>
     public class DenyAnonymousAuthorizationRequirement : AuthorizationHandler<DenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement
     {
+        /// <summary>
+        /// Makes a decision if authorization is allowed based on a specific requirement.
+        /// </summary>
+        /// <param name="context">The authorization context.</param>
+        /// <param name="requirement">The requirement to evaluate.</param>
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DenyAnonymousAuthorizationRequirement requirement)
         {
             var user = context.User;
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
index 3643b1fb7a..aca1920d7d 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
@@ -8,10 +8,15 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     /// <summary>
-    /// Requirement that ensures a specific Name
+    /// Implements an <see cref="IAuthorizationHandler"/> and <see cref="IAuthorizationRequirement"/>
+    /// which requires the current user name must match the specified value.
     /// </summary>
     public class NameAuthorizationRequirement : AuthorizationHandler<NameAuthorizationRequirement>, IAuthorizationRequirement
     {
+        /// <summary>
+        /// Constructs a new instance of <see cref="NameAuthorizationRequirement"/>.
+        /// </summary>
+        /// <param name="requiredName">The required name that the current user must have.</param>
         public NameAuthorizationRequirement(string requiredName)
         {
             if (requiredName == null)
@@ -22,13 +27,20 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             RequiredName = requiredName;
         }
 
+        /// <summary>
+        /// Gets the required name that the current user must have.
+        /// </summary>
         public string RequiredName { get; }
 
+        /// <summary>
+        /// Makes a decision if authorization is allowed based on a specific requirement.
+        /// </summary>
+        /// <param name="context">The authorization context.</param>
+        /// <param name="requirement">The requirement to evaluate.</param>
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, NameAuthorizationRequirement requirement)
         {
             if (context.User != null)
             {
-                // REVIEW: Do we need to do normalization?  casing/loc?
                 if (context.User.Identities.Any(i => string.Equals(i.Name, requirement.RequiredName)))
                 {
                     context.Succeed(requirement);
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
index 455d66ff24..c3f16356d3 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
@@ -3,8 +3,15 @@
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
+    /// <summary>
+    /// A helper class to provide a useful <see cref="IAuthorizationRequirement"/> which
+    /// contains a name.
+    /// </summary>
     public class OperationAuthorizationRequirement : IAuthorizationRequirement
     {
+        /// <summary>
+        /// The name of this instance of <see cref="IAuthorizationRequirement"/>.
+        /// </summary>
         public string Name { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
index d718591ec1..60fd66b85c 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
@@ -6,8 +6,16 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
+    /// <summary>
+    /// Infrastructre class which allows an <see cref="IAuthorizationRequirement"/> to
+    /// be its own <see cref="IAuthorizationHandler"/>.
+    /// </summary>
     public class PassThroughAuthorizationHandler : IAuthorizationHandler
     {
+        /// <summary>
+        /// Makes a decision if authorization is allowed.
+        /// </summary>
+        /// <param name="context">The authorization context.</param>
         public async Task HandleAsync(AuthorizationHandlerContext context)
         {
             foreach (var handler in context.Requirements.OfType<IAuthorizationHandler>())
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
index 53d6beb167..6e5aa72247 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
@@ -8,10 +8,16 @@ using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
-    // Must belong to with one of specified roles
-    // If AllowedRoles is null or empty, that means any role is valid
+    /// <summary>
+    /// Implements an <see cref="IAuthorizationHandler"/> and <see cref="IAuthorizationRequirement"/>
+    /// which requires at least one role claim whose value must be any of the allowed roles.
+    /// </summary>
     public class RolesAuthorizationRequirement : AuthorizationHandler<RolesAuthorizationRequirement>, IAuthorizationRequirement
     {
+        /// <summary>
+        /// Creates a new instance of <see cref="RolesAuthorizationRequirement"/>.
+        /// </summary>
+        /// <param name="allowedRoles">A collection of allowed roles.</param>
         public RolesAuthorizationRequirement(IEnumerable<string> allowedRoles)
         {
             if (allowedRoles == null)
@@ -26,8 +32,17 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             AllowedRoles = allowedRoles;
         }
 
+        /// <summary>
+        /// Gets the collection of allowed roles.
+        /// </summary>
         public IEnumerable<string> AllowedRoles { get; }
 
+        /// <summary>
+        /// Makes a decision if authorization is allowed based on a specific requirement.
+        /// </summary>
+        /// <param name="context">The authorization context.</param>
+        /// <param name="requirement">The requirement to evaluate.</param>
+
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
         {
             if (context.User != null)

From 34ee0212d0c6de76a40609b70df77545dbdde3bf Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 10 Jun 2016 15:37:08 -0700
Subject: [PATCH 559/900] Fix misc feedback

---
 .../AuthorizationHandlerContext.cs                        | 2 +-
 .../AuthorizationOptions.cs                               | 2 +-
 .../AuthorizationPolicy.cs                                | 6 +++---
 .../AuthorizationServiceExtensions.cs                     | 8 ++++----
 .../DefaultAuthorizationService.cs                        | 6 +++---
 .../Infrastructure/AssertionRequirement.cs                | 2 +-
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
index 65aafa2bb6..5dc57c278a 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
@@ -55,7 +55,7 @@ namespace Microsoft.AspNetCore.Authorization
         public object Resource { get; }
 
         /// <summary>
-        /// Gets the requirements that have not yet been succeeded.
+        /// Gets the requirements that have not yet been marked as succeeded.
         /// </summary>
         public IEnumerable<IAuthorizationRequirement> PendingRequirements { get { return _pendingRequirements; } }
 
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
index 5031c68b9e..fa9e9ef1ee 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
@@ -14,7 +14,7 @@ namespace Microsoft.AspNetCore.Authorization
         private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>(StringComparer.OrdinalIgnoreCase);
 
         /// <summary>
-        /// Gets or sets the default authoization policy.
+        /// Gets or sets the default authorization policy.
         /// </summary>
         /// <remarks>
         /// The default policy is to require any authenticated user.
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
index 41eb7aadeb..3fe0cdd070 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
@@ -52,7 +52,7 @@ namespace Microsoft.AspNetCore.Authorization
         public IReadOnlyList<IAuthorizationRequirement> Requirements { get; }
 
         /// <summary>
-        /// Gets a readonly list of rhe authentication schemes the <see cref="AuthorizationPolicy.Requirements"/> 
+        /// Gets a readonly list of the authentication schemes the <see cref="AuthorizationPolicy.Requirements"/> 
         /// are evaluated against.
         /// </summary>
         public IReadOnlyList<string> AuthenticationSchemes { get; }
@@ -100,13 +100,13 @@ namespace Microsoft.AspNetCore.Authorization
 
         /// <summary>
         /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified
-        /// <paramref name="policyProvider"/>
+        /// <paramref name="policyProvider"/>.
         /// </summary>
         /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param>
         /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param>
         /// <returns>
         /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the
-        /// authorization policies provided by specified <paramref name="policyProvider"/>.
+        /// authorization policies provided by the specified <paramref name="policyProvider"/>.
         /// </returns>
         public static async Task<AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizeData> authorizeData)
         {
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
index 197e89cf8d..3b78c952eb 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="requirement">The requirement to evaluate the policy against.</param>
         /// <returns>
         /// A flag indicating whether requirement evaluation has succeeded or failed.
-        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
         {
@@ -48,7 +48,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policy">The policy to evaluate.</param>
         /// <returns>
         /// A flag indicating whether policy evaluation has succeeded or failed.
-        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, AuthorizationPolicy policy)
         {
@@ -73,7 +73,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policy">The policy to evaluate.</param>
         /// <returns>
         /// A flag indicating whether policy evaluation has succeeded or failed.
-        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, AuthorizationPolicy policy)
         {
@@ -98,7 +98,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policyName">The name of the policy to evaluate.</param>
         /// <returns>
         /// A flag indicating whether policy evaluation has succeeded or failed.
-        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
         public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, string policyName)
         {
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 4ac87eff45..6665204eee 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -24,7 +24,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
         /// </summary>
         /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
-        /// <param name="handlers">The handlers used to fufills <see cref="IAuthorizationRequirement"/>s.</param>
+        /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
         public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
         {
@@ -47,7 +47,7 @@ namespace Microsoft.AspNetCore.Authorization
         }
 
         /// <summary>
-        /// Checks if a user meets a specific set of requirements for the specified resource
+        /// Checks if a user meets a specific set of requirements for the specified resource.
         /// </summary>
         /// <param name="user">The user to evaluate the requirements against.</param>
         /// <param name="resource">The resource to evaluate the requirements against.</param>
@@ -104,7 +104,7 @@ namespace Microsoft.AspNetCore.Authorization
         }
 
         /// <summary>
-        /// Checks if a user meets a specific authorization policy
+        /// Checks if a user meets a specific authorization policy.
         /// </summary>
         /// <param name="user">The user to check the policy against.</param>
         /// <param name="resource">The resource the policy should be checked with.</param>
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
index 1c38b800e9..5fa452b733 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     /// <summary>
     /// Implements an <see cref="IAuthorizationHandler"/> and <see cref="IAuthorizationRequirement"/>
-    /// that takes an user specified assertion.
+    /// that takes a user specified assertion.
     /// </summary>
     public class AssertionRequirement : IAuthorizationHandler, IAuthorizationRequirement
     {

From 666ad0fc3b6027e8efc0df3595abc982d6921478 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 13 Jun 2016 14:10:43 -0700
Subject: [PATCH 560/900] Doc comment update

---
 .../IAuthorizationService.cs                  | 27 ++++++++++++++-----
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
index 369e3b5763..a130c84b0d 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
@@ -16,24 +16,39 @@ namespace Microsoft.AspNetCore.Authorization
         /// Checks if a user meets a specific set of requirements for the specified resource
         /// </summary>
         /// <param name="user">The user to evaluate the requirements against.</param>
-        /// <param name="resource">The resource to evaluate the requirements against.</param>
+        /// <param name="resource">
+        /// An optional resource the policy should be checked with.
+        /// If a resource is not required for policy evaluation you may pass null as the value.
+        /// </param>
         /// <param name="requirements">The requirements to evaluate.</param>
         /// <returns>
-        /// A flag indicating whether authorization has succeded.
-        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// A flag indicating whether authorization has succeeded.
+        /// This value is <value>true</value> when the user fulfills the policy; otherwise <value>false</value>.
         /// </returns>
+        /// <remarks>
+        /// Resource is an optional parameter and may be null. Please ensure that you check it is not 
+        /// null before acting upon it.
+        /// </remarks>
         Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements);
 
         /// <summary>
         /// Checks if a user meets a specific authorization policy
         /// </summary>
         /// <param name="user">The user to check the policy against.</param>
-        /// <param name="resource">The resource the policy should be checked with.</param>
+        /// <param name="resource">
+        /// An optional resource the policy should be checked with.
+        /// If a resource is not required for policy evaluation you may pass null as the value.
+        /// </param>
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns>
-        /// A flag indicating whether authorization has succeded.
-        /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
+        /// A flag indicating whether authorization has succeeded.
+        /// Returns a flag indicating whether the user, and optional resource has fulfilled the policy.    
+        /// <value>true</value> when the the policy has been fulfilled; otherwise <value>false</value>.
         /// </returns>
+        /// <remarks>
+        /// Resource is an optional parameter and may be null. Please ensure that you check it is not 
+        /// null before acting upon it.
+        /// </remarks>
         Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName);
     }
 }
\ No newline at end of file

From b7bdb39b921cfd86e927fdc5ed585a493dc151d1 Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Mon, 13 Jun 2016 15:29:53 -0700
Subject: [PATCH 561/900] Remove direct Microsoft.NETCore.Platforms dependency.

- Microsoft.NETCore.App now pulls this package in.

aspnet/Coherence-Signed#344
---
 samples/CookieSample/project.json                          | 1 -
 samples/CookieSessionSample/project.json                   | 1 -
 samples/JwtBearerSample/project.json                       | 1 -
 samples/OpenIdConnect.AzureAdSample/project.json           | 1 -
 samples/OpenIdConnectSample/project.json                   | 1 -
 samples/SocialSample/project.json                          | 1 -
 test/Microsoft.AspNetCore.Authentication.Test/project.json | 1 -
 test/Microsoft.AspNetCore.Authorization.Test/project.json  | 1 -
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json   | 1 -
 test/Microsoft.Owin.Security.Interop.Test/project.json     | 1 -
 10 files changed, 10 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index aa38029d98..00dafe618d 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,6 +1,5 @@
 {
   "dependencies": {
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index fb8d16c023..20f7899d41 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,6 +1,5 @@
 {
   "dependencies": {
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 5bf0a928a9..5296a40fb0 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -4,7 +4,6 @@
     "emitEntryPoint": true
   },
   "dependencies": {
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index ff03a5584b..33fcb0a43b 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -1,6 +1,5 @@
 {
   "dependencies": {
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 7e0aa0e5f1..0069f3024e 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,6 +1,5 @@
 {
   "dependencies": {
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
     "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 98ff9263aa..5d61d71c42 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,6 +1,5 @@
 {
   "dependencies": {
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 01d03d2b30..57d98ac8e3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -4,7 +4,6 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
     "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 11b3caf4d4..075daedfbc 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -4,7 +4,6 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authorization": "1.0.0-*",
     "Microsoft.AspNetCore.Testing": "1.0.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 26cc946be1..0027c57e6b 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -4,7 +4,6 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index 4dac4d3a28..d728848e59 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -4,7 +4,6 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.NETCore.Platforms": "1.0.1-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
     "Microsoft.AspNetCore.TestHost": "1.0.0-*",
     "Microsoft.Owin.Security.Cookies": "3.0.1",

From 36023d6dd52167c2da3d5f83a27e67bb1927e1c9 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 14 Jun 2016 16:23:04 -0700
Subject: [PATCH 562/900] Updating to release.

---
 NuGet.config | 4 ++--
 build.ps1    | 2 +-
 build.sh     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 5500f6d507..71b9724a09 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
+    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcirelease/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/build.ps1 b/build.ps1
index 8f2f99691a..cf8bff13bb 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/release.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index f4208100eb..f88fe4052e 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/release.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi

From 20316e276c08d358e54a720c3bce3c2637e49f59 Mon Sep 17 00:00:00 2001
From: jacalvar <jacalvar@microsoft.com>
Date: Mon, 13 Jun 2016 14:24:45 -0700
Subject: [PATCH 563/900] Update Json.NET to 9.0.1

---
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json   | 2 +-
 src/Microsoft.AspNetCore.Authentication.Twitter/project.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 971a8d6960..c302892a32 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -22,7 +22,7 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "9.0.1-beta1"
+    "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 7d830ad8c1..a1a7ba5e1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -22,7 +22,7 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Newtonsoft.Json": "9.0.1-beta1"
+    "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
     "net451": {},

From d8d408638e861832df90f1b426646777613481bc Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 16 Jun 2016 10:18:34 -0700
Subject: [PATCH 564/900] Updating to dev versions

# Conflicts:
#	src/Microsoft.AspNetCore.Authentication.OAuth/project.json
#	src/Microsoft.AspNetCore.Authentication.Twitter/project.json
---
 samples/CookieSample/project.json             | 12 ++++----
 samples/CookieSessionSample/project.json      | 14 +++++-----
 samples/JwtBearerSample/project.json          | 14 +++++-----
 .../OpenIdConnect.AzureAdSample/project.json  | 16 +++++------
 samples/OpenIdConnectSample/project.json      | 20 ++++++-------
 samples/SocialSample/project.json             | 28 +++++++++----------
 .../project.json                              |  8 +++---
 .../project.json                              |  7 ++---
 .../project.json                              |  7 ++---
 .../project.json                              |  7 ++---
 .../project.json                              |  7 ++---
 .../project.json                              |  4 +--
 .../project.json                              |  7 ++---
 .../project.json                              |  7 ++---
 .../project.json                              | 16 +++++------
 .../project.json                              |  6 ++--
 .../project.json                              |  6 ++--
 .../project.json                              |  4 +--
 .../project.json                              | 18 ++++++------
 .../project.json                              |  8 +++---
 .../project.json                              |  8 +++---
 .../project.json                              |  6 ++--
 22 files changed, 112 insertions(+), 118 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 00dafe618d..57ceb354aa 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,11 +1,11 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.1.0-*"
   },
   "buildOptions": {
     "emitEntryPoint": true
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 20f7899d41..6530e1cf00 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,12 +1,12 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.Extensions.Caching.Memory": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
+    "Microsoft.Extensions.Caching.Memory": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.1.0-*"
   },
   "buildOptions": {
     "emitEntryPoint": true
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 5296a40fb0..21d2365ece 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -1,15 +1,15 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "buildOptions": {
     "emitEntryPoint": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNetCore.StaticFiles": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
+    "Microsoft.AspNetCore.StaticFiles": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 33fcb0a43b..adb6a845a0 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -1,16 +1,16 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.1.0-*",
     "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.11.305310302-alpha"
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 0069f3024e..6a24f3da60 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,15 +1,15 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.FileProviders.Embedded": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Debug": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
+    "Microsoft.Extensions.FileProviders.Embedded": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Debug": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 5d61d71c42..227354e518 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,24 +1,24 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-*",
-    "Microsoft.Extensions.FileProviders.Embedded": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.0.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Facebook": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Google": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Twitter": "1.1.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
+    "Microsoft.Extensions.FileProviders.Embedded": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*"
   },
   "buildOptions": {
     "emitEntryPoint": true
   },
   "frameworks": {
-    "net451": { },
+    "net451": {},
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index c98a4bba1c..7ddff7ce8c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to use cookie based authentication.",
   "packOptions": {
     "repository": {
@@ -21,9 +21,9 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
-    "Microsoft.Extensions.Options": "1.0.0-*",
-    "Microsoft.Extensions.WebEncoders": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.Extensions.WebEncoders": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 35fedfada5..796b3bf7c5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,11 +21,10 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
-    "netstandard1.3": {
-    }
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 37d91ba542..dde8c3a544 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.",
   "packOptions": {
     "repository": {
@@ -21,11 +21,10 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
-    "netstandard1.3": {
-    }
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 2863967e29..2f8ea6072a 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.",
   "packOptions": {
     "repository": {
@@ -21,12 +21,11 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
     "net451": {},
-    "netstandard1.4": {
-    }
+    "netstandard1.4": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index 81f34b7361..3169adf72d 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,11 +21,10 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.0.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
-    "netstandard1.3": {
-    }
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index c302892a32..192801ced6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,7 +21,7 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index b80faf063f..5243a96a73 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,12 +21,11 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
     "net451": {},
-    "netstandard1.4": {
-    }
+    "netstandard1.4": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index a1a7ba5e1f..8696821dd8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,12 +21,11 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
     "net451": {},
-    "netstandard1.3": {
-    }
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index dc56181a71..460549c7ba 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core common types used by the various authentication middleware components.",
   "packOptions": {
     "repository": {
@@ -21,16 +21,16 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.DataProtection": "1.0.0-*",
-    "Microsoft.AspNetCore.Http": "1.0.0-*",
-    "Microsoft.AspNetCore.Http.Extensions": "1.0.0-*",
-    "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
+    "Microsoft.AspNetCore.Http": "1.1.0-*",
+    "Microsoft.AspNetCore.Http.Extensions": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Abstractions": "1.1.0-*",
     "Microsoft.Extensions.SecurityHelper.Sources": {
       "type": "build",
-      "version": "1.0.0-*"
+      "version": "1.1.0-*"
     },
-    "Microsoft.Extensions.Options": "1.0.0-*",
-    "Microsoft.Extensions.WebEncoders": "1.0.0-*"
+    "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.Extensions.WebEncoders": "1.1.0-*"
   },
   "frameworks": {
     "net451": {
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 0f9becfc82..8e72b62f82 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core authorization classes.\r\nCommonly used types:\r\nMicrosoft.AspNetCore.Authorization.AllowAnonymousAttribute\r\nMicrosoft.AspNetCore.Authorization.AuthorizeAttribute",
   "packOptions": {
     "repository": {
@@ -20,8 +20,8 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.Extensions.Logging.Abstractions": "1.0.0-*",
-    "Microsoft.Extensions.Options": "1.0.0-*"
+    "Microsoft.Extensions.Logging.Abstractions": "1.1.0-*",
+    "Microsoft.Extensions.Options": "1.1.0-*"
   },
   "frameworks": {
     "net451": {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index 3cd40fd20c..4cf5f4881c 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "description": "ASP.NET Core cookie policy classes to control the behavior of cookies.",
   "packOptions": {
     "repository": {
@@ -19,8 +19,8 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Http": "1.0.0-*",
-    "Microsoft.Extensions.Options": "1.0.0-*"
+    "Microsoft.AspNetCore.Http": "1.1.0-*",
+    "Microsoft.Extensions.Options": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index f94978e52a..c7b3326a01 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.0.0-*",
+  "version": "1.1.0-*",
   "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
@@ -18,7 +18,7 @@
     ]
   },
   "dependencies": {
-    "Microsoft.AspNetCore.DataProtection.Extensions": "1.0.0-*",
+    "Microsoft.AspNetCore.DataProtection.Extensions": "1.1.0-*",
     "Microsoft.Owin.Security": "3.0.1"
   },
   "frameworks": {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 57d98ac8e3..2536d14252 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -4,15 +4,15 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Google": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Twitter": "1.0.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.0.0-*",
-    "Microsoft.AspNetCore.Testing": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Facebook": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Google": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Twitter": "1.1.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.1.0-*",
+    "Microsoft.AspNetCore.Testing": "1.1.0-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 075daedfbc..adffd1e587 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -4,10 +4,10 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.AspNetCore.Authorization": "1.0.0-*",
-    "Microsoft.AspNetCore.Testing": "1.0.0-*",
-    "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
-    "Microsoft.Extensions.Logging": "1.0.0-*",
+    "Microsoft.AspNetCore.Authorization": "1.1.0-*",
+    "Microsoft.AspNetCore.Testing": "1.1.0-*",
+    "Microsoft.Extensions.DependencyInjection": "1.1.0-*",
+    "Microsoft.Extensions.Logging": "1.1.0-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 0027c57e6b..2fc65d73d6 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -4,10 +4,10 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.CookiePolicy": "1.0.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.0.0-*",
-    "Microsoft.Extensions.DependencyInjection": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.CookiePolicy": "1.1.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.1.0-*",
+    "Microsoft.Extensions.DependencyInjection": "1.1.0-*",
     "xunit": "2.1.0"
   },
   "frameworks": {
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index d728848e59..3178f9bbe8 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -4,10 +4,10 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "1.0.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.0.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.0.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.1.0-*",
     "Microsoft.Owin.Security.Cookies": "3.0.1",
-    "Microsoft.Owin.Security.Interop": "1.0.0-*",
+    "Microsoft.Owin.Security.Interop": "1.1.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
     "xunit": "2.1.0"
   },

From b4342b1604260591ff0b508a1efb393989bb5fbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Tue, 7 Jun 2016 00:20:35 +0200
Subject: [PATCH 565/900] Replace magic strings by the new constants introduced
 in IdentityModel

---
 .../OpenIdConnectHandler.cs                               | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 4189ee262c..6488d10d72 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -112,17 +112,19 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // If the identifier cannot be found, bypass the session identifier checks: this may indicate that the
             // authentication cookie was already cleared, that the session identifier was lost because of a lossy
             // external/application cookie conversion or that the identity provider doesn't support sessions.
-            var sid = (await Context.Authentication.AuthenticateAsync(Options.SignOutScheme))?.FindFirst("sid")?.Value;
+            var sid = (await Context.Authentication.AuthenticateAsync(Options.SignOutScheme))
+                          ?.FindFirst(JwtRegisteredClaimNames.Sid)
+                          ?.Value;
             if (!string.IsNullOrEmpty(sid))
             {
                 // Ensure a 'sid' parameter was sent by the identity provider.
-                if (string.IsNullOrEmpty(message.GetParameter("sid")))
+                if (string.IsNullOrEmpty(message.Sid))
                 {
                     Logger.RemoteSignOutSessionIdMissing();
                     return true;
                 }
                 // Ensure the 'sid' parameter corresponds to the 'sid' stored in the authentication ticket.
-                if (!string.Equals(sid, message.GetParameter("sid"), StringComparison.Ordinal))
+                if (!string.Equals(sid, message.Sid, StringComparison.Ordinal))
                 {
                     Logger.RemoteSignOutSessionIdInvalid();
                     return true;

From 7323e75d5d0536410e95144b8784a0c80e190aac Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajaybhargavb@gmail.com>
Date: Tue, 5 Jul 2016 21:28:47 -0700
Subject: [PATCH 566/900] Updating to RTM builds of xunit and Moq

---
 .../project.json                              | 23 ++++--------------
 .../project.json                              | 23 ++++--------------
 .../project.json                              | 24 ++++---------------
 .../project.json                              | 11 +++------
 4 files changed, 18 insertions(+), 63 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 2536d14252..0feac5dd91 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -3,7 +3,7 @@
     "warningsAsErrors": true
   },
   "dependencies": {
-    "dotnet-test-xunit": "1.0.0-*",
+    "dotnet-test-xunit": "2.2.0-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
     "Microsoft.AspNetCore.Authentication.Facebook": "1.1.0-*",
     "Microsoft.AspNetCore.Authentication.Google": "1.1.0-*",
@@ -13,7 +13,7 @@
     "Microsoft.AspNetCore.Authentication.Twitter": "1.1.0-*",
     "Microsoft.AspNetCore.TestHost": "1.1.0-*",
     "Microsoft.AspNetCore.Testing": "1.1.0-*",
-    "xunit": "2.1.0"
+    "xunit": "2.2.0-*"
   },
   "frameworks": {
     "netcoreapp1.0": {
@@ -21,23 +21,10 @@
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
           "type": "platform"
-        },
-        "System.Diagnostics.Process": "4.1.0-*"
-      },
-      "imports": [
-        "dnxcore50",
-        "portable-net451+win8"
-      ]
-    },
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Runtime": "",
-        "System.Threading.Tasks": ""
-      },
-      "dependencies": {
-        "xunit.runner.console": "2.1.0"
+        }
       }
-    }
+    },
+    "net451": {}
   },
   "testRunner": "xunit"
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index adffd1e587..f8fda41e34 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -3,12 +3,12 @@
     "warningsAsErrors": true
   },
   "dependencies": {
-    "dotnet-test-xunit": "1.0.0-*",
+    "dotnet-test-xunit": "2.2.0-*",
     "Microsoft.AspNetCore.Authorization": "1.1.0-*",
     "Microsoft.AspNetCore.Testing": "1.1.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.1.0-*",
     "Microsoft.Extensions.Logging": "1.1.0-*",
-    "xunit": "2.1.0"
+    "xunit": "2.2.0-*"
   },
   "frameworks": {
     "netcoreapp1.0": {
@@ -16,23 +16,10 @@
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
           "type": "platform"
-        },
-        "System.Diagnostics.Process": "4.1.0-*"
-      },
-      "imports": [
-        "dnxcore50",
-        "portable-net451+win8"
-      ]
-    },
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Runtime": "",
-        "System.Threading.Tasks": ""
-      },
-      "dependencies": {
-        "xunit.runner.console": "2.1.0"
+        }
       }
-    }
+    },
+    "net451": {}
   },
   "testRunner": "xunit"
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 2fc65d73d6..89673d8488 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -3,12 +3,12 @@
     "warningsAsErrors": true
   },
   "dependencies": {
-    "dotnet-test-xunit": "1.0.0-*",
+    "dotnet-test-xunit": "2.2.0-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
     "Microsoft.AspNetCore.CookiePolicy": "1.1.0-*",
     "Microsoft.AspNetCore.TestHost": "1.1.0-*",
     "Microsoft.Extensions.DependencyInjection": "1.1.0-*",
-    "xunit": "2.1.0"
+    "xunit": "2.2.0-*"
   },
   "frameworks": {
     "netcoreapp1.0": {
@@ -16,24 +16,10 @@
         "Microsoft.NETCore.App": {
           "version": "1.0.0-*",
           "type": "platform"
-        },
-        "System.Diagnostics.Process": "4.1.0-*"
-      },
-      "imports": [
-        "dnxcore50",
-        "portable-net451+win8"
-      ]
-    },
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Runtime": "",
-        "System.Threading.Tasks": "",
-        "System.Xml.Linq": ""
-      },
-      "dependencies": {
-        "xunit.runner.console": "2.1.0"
+        }
       }
-    }
+    },
+    "net451": {}
   },
   "testRunner": "xunit"
 }
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index 3178f9bbe8..e622bd746f 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -3,21 +3,16 @@
     "warningsAsErrors": true
   },
   "dependencies": {
-    "dotnet-test-xunit": "1.0.0-*",
+    "dotnet-test-xunit": "2.2.0-*",
     "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
     "Microsoft.AspNetCore.TestHost": "1.1.0-*",
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.1.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
-    "xunit": "2.1.0"
+    "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Runtime": "",
-        "System.Threading.Tasks": ""
-      }
-    }
+    "net451": {}
   },
   "testRunner": "xunit"
 }
\ No newline at end of file

From 792b316950acee424e67af00540e247e94b07b4c Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Thu, 7 Jul 2016 12:40:05 -0700
Subject: [PATCH 567/900] One build to rule them all - well, at least VS and
 command-line builds will share output - part of aspnet/Coherence-Signed#277

---
 samples/CookieSample/CookieSample.xproj                      | 4 ++--
 samples/CookieSessionSample/CookieSessionSample.xproj        | 4 ++--
 samples/JwtBearerSample/JwtBearerSample.xproj                | 5 +++--
 .../OpenIdConnect.AzureAdSample.xproj                        | 5 +++--
 samples/OpenIdConnectSample/OpenIdConnectSample.xproj        | 4 ++--
 samples/SocialSample/SocialSample.xproj                      | 4 ++--
 .../Microsoft.AspNetCore.Authentication.Cookies.xproj        | 4 ++--
 .../Microsoft.AspNetCore.Authentication.Facebook.xproj       | 4 ++--
 .../Microsoft.AspNetCore.Authentication.Google.xproj         | 4 ++--
 .../Microsoft.AspNetCore.Authentication.JwtBearer.xproj      | 4 ++--
 ...icrosoft.AspNetCore.Authentication.MicrosoftAccount.xproj | 4 ++--
 .../Microsoft.AspNetCore.Authentication.OAuth.xproj          | 4 ++--
 .../Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj  | 4 ++--
 .../Microsoft.AspNetCore.Authentication.Twitter.xproj        | 4 ++--
 .../Microsoft.AspNetCore.Authentication.xproj                | 4 ++--
 .../Microsoft.AspNetCore.Authorization.xproj                 | 4 ++--
 .../Microsoft.AspNetCore.CookiePolicy.xproj                  | 4 ++--
 .../Microsoft.Owin.Security.Interop.xproj                    | 4 ++--
 .../Microsoft.AspNetCore.Authentication.Test.xproj           | 4 ++--
 .../Microsoft.AspNetCore.Authorization.Test.xproj            | 4 ++--
 .../Microsoft.AspNetCore.CookiePolicy.Test.xproj             | 4 ++--
 .../Microsoft.Owin.Security.Interop.Test.xproj               | 4 ++--
 22 files changed, 46 insertions(+), 44 deletions(-)

diff --git a/samples/CookieSample/CookieSample.xproj b/samples/CookieSample/CookieSample.xproj
index bb23e6481a..f6575c3e0a 100644
--- a/samples/CookieSample/CookieSample.xproj
+++ b/samples/CookieSample/CookieSample.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>558c2c2a-aed8-49de-bb60-d5f8ae06c714</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/samples/CookieSessionSample/CookieSessionSample.xproj b/samples/CookieSessionSample/CookieSessionSample.xproj
index c81393af16..1c347c845f 100644
--- a/samples/CookieSessionSample/CookieSessionSample.xproj
+++ b/samples/CookieSessionSample/CookieSessionSample.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>19711880-46da-4a26-9e0f-9b2e41d27651</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/samples/JwtBearerSample/JwtBearerSample.xproj b/samples/JwtBearerSample/JwtBearerSample.xproj
index ed0c9b32bd..97f5837ce5 100644
--- a/samples/JwtBearerSample/JwtBearerSample.xproj
+++ b/samples/JwtBearerSample/JwtBearerSample.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>d399b84f-591b-4e98-92ba-b0f63e7b6957</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
@@ -17,6 +17,7 @@
     <DnxInvisibleContent Include="bower.json" />
     <DnxInvisibleContent Include=".bowerrc" />
     <DnxInvisibleContent Include="package.json" />
+    <DnxInvisibleContent Include=".npmrc" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
index e3495a2118..26e9f9030b 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>3a7ad414-ebde-4f92-b307-4e8f19b6117e</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
@@ -17,6 +17,7 @@
     <DnxInvisibleContent Include="bower.json" />
     <DnxInvisibleContent Include=".bowerrc" />
     <DnxInvisibleContent Include="package.json" />
+    <DnxInvisibleContent Include=".npmrc" />
   </ItemGroup>
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
 </Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
index 905bce8e3b..9029ad0f13 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>bef0f5c3-ef4e-4649-9c49-d5e279a3ca2b</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/samples/SocialSample/SocialSample.xproj b/samples/SocialSample/SocialSample.xproj
index 775eebbc26..b439f74d10 100644
--- a/samples/SocialSample/SocialSample.xproj
+++ b/samples/SocialSample/SocialSample.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8c73d216-332d-41d8-bfd0-45bc4bc36552</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
index 8c4f3cd41f..238c0cec67 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>fc152cc4-054b-457e-8d91-389c5de3c561</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
index 3952592121..caa72075ed 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>eeaaee68-607b-4e33-af3e-45c66b4dba5a</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
index ff412f08ae..ab60488729 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>76579c39-b829-490d-b8be-1bd35fe8412e</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
index 8d87a04b76..738458398d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>2755BFE5-7421-4A31-A644-F817DF5CAA98</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
index 52dd6cb676..a4ccc98630 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>acb45e19-f520-4d0c-8916-b0ceb9c017fe</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
index 34a397bd59..20b825dca0 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>1657c79e-7755-4aee-9d61-571295b69a30</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
index 2f970b5136..6a07e81203 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>35115d55-b69e-46d4-bb33-c9e9e6ec5e7a</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
index 5fba7a9742..b72a631fa9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>0330fff6-b4b5-42dd-8c99-26a789569000</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
index e03db08476..b3345c6cfc 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>2286250a-52c8-4126-9f93-b1e45f0ad078</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
index c6a57567b4..cc6041f8f4 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>6ab3e514-5894-4131-9399-dc7d5284addb</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
index 5ffad968d9..0cd49f3242 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>86183dc3-02a8-4a68-8b60-71ecec066e79</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
index c6b01504ae..052e998161 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>a7922dd8-09f1-43e4-938b-cc523ea08898</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
index aec10ee939..1050a47adb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>8da26cd1-1302-4cfd-9270-9fa1b7c6138b</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
index d596a5bb47..59bcbc9c4a 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>7af5ad96-eb6e-4d0e-8abe-c0b543c0f4c2</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
index cf42659a08..06582d576f 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>1790e052-646f-4529-b90e-6fea95520d69</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
index 96d5b6c5a0..d7f7c9d958 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
@@ -7,8 +7,8 @@
   <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
   <PropertyGroup Label="Globals">
     <ProjectGuid>a2b5dc39-68d5-4145-a8cc-6aeab7d33a24</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\</OutputPath>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
   </PropertyGroup>
   <PropertyGroup>
     <SchemaVersion>2.0</SchemaVersion>

From 61d03b9316bc81d24f9e0f561a26e4eea064bb6a Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 11 Jul 2016 11:46:33 -0700
Subject: [PATCH 568/900] Update OIDC Azure Sample

1. Add set up instructions.
2. Add user secret tools.
3. Clean up codes.
---
 .../OpenIdConnect.AzureAdSample/Program.cs    |  1 -
 samples/OpenIdConnect.AzureAdSample/Readme.md | 20 +++++++++++++++++++
 .../OpenIdConnect.AzureAdSample/Startup.cs    |  3 +--
 .../OpenIdConnect.AzureAdSample/project.json  |  5 +++--
 4 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 samples/OpenIdConnect.AzureAdSample/Readme.md

diff --git a/samples/OpenIdConnect.AzureAdSample/Program.cs b/samples/OpenIdConnect.AzureAdSample/Program.cs
index 254668022d..11d1fbeafb 100644
--- a/samples/OpenIdConnect.AzureAdSample/Program.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Program.cs
@@ -1,6 +1,5 @@
 using System.IO;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Configuration;
 
 namespace OpenIdConnect.AzureAdSample
 {
diff --git a/samples/OpenIdConnect.AzureAdSample/Readme.md b/samples/OpenIdConnect.AzureAdSample/Readme.md
new file mode 100644
index 0000000000..37dda75a72
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/Readme.md
@@ -0,0 +1,20 @@
+# How to set up the sample locally
+
+## Set up [Azure Active Directory](https://azure.microsoft.com/en-us/documentation/services/active-directory/)
+
+1. Create your own Azure Active Directory (AD). Save the "tenent name".
+2. Add a new Application: in the Azure AD portal, select Application, and click Add in the drawer.
+3. Set the sign-on url to `http://localhost:42023`.
+4. Select the newly created Application, navigate to the Configure tab.
+5. Find and save the "Client Id"
+8. In the keys section add a new key. A key value will be generated. Save the value as "Client Secret"
+
+## Configure the local environment
+1. Set environment ASPNETCORE_ENVIRONMENT to DEVELOPMENMT. ([Working with Multiple Environments](https://docs.asp.net/en/latest/fundamentals/environments.html))
+2. Set up user secrets:
+```
+dotnet user-secrets set oidc:clientid <Client Id>
+dotnet user-secrets set oidc:clientsecret <Client Secret>
+dotnet user-secrets set oidc:authority https://login.windows.net/<Tenent Name>.onmicrosoft.com
+```
+
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index f27a524928..8a2b7f4412 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -7,7 +7,6 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Extensions;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -88,7 +87,7 @@ namespace OpenIdConnect.AzureAdSample
                     {
                         var request = context.HttpContext.Request;
                         var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
-                        var credential = new ClientCredential(clientId, clientSecret);                                 
+                        var credential = new ClientCredential(clientId, clientSecret);
                         var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
 
                         var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index adb6a845a0..6aee5073f2 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -31,9 +31,10 @@
   },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*",
+    "Microsoft.Extensions.SecretManager.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
   }
-}
\ No newline at end of file
+}

From 6cee57752f81f2e5989d03c0daa5957f0d127cd6 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 11 Jul 2016 15:35:38 -0700
Subject: [PATCH 569/900] Update OpenIdConnectSample

1. Add instruction for OpenIdConnectSample
2. Clear unused using statements
3. Hardcoded server URL in `Program.cs`
---
 samples/OpenIdConnectSample/Program.cs   |  1 +
 samples/OpenIdConnectSample/Readme.md    | 44 ++++++++++++++++++++++++
 samples/OpenIdConnectSample/Startup.cs   |  3 ++
 samples/OpenIdConnectSample/project.json |  5 +--
 4 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 samples/OpenIdConnectSample/Readme.md

diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
index fe77dd1a7c..b370c85a9e 100644
--- a/samples/OpenIdConnectSample/Program.cs
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -17,6 +17,7 @@ namespace OpenIdConnectSample
                     var serverCertificate = LoadCertificate();
                     options.UseHttps(serverCertificate);
                 })
+                .UseUrls("https://localhost:44318")
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/OpenIdConnectSample/Readme.md b/samples/OpenIdConnectSample/Readme.md
new file mode 100644
index 0000000000..293820759d
--- /dev/null
+++ b/samples/OpenIdConnectSample/Readme.md
@@ -0,0 +1,44 @@
+# How to set up the sample locally
+
+The OpenIdConnect sample supports multilpe authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform
+
+## Determine your development environment and a few key variables
+
+This sample is configured to run on port __44318__ locally. In Visual Studio, the setting is carried out in `.\properties\launchSettings.json`. When the application is run from command line, the URL is coded in `Program.cs`.
+
+If the application is run from command line or terminal, environment variable ASPNETCORE_ENVIRONMENT should be set to DEVELOPMENT to enable user secret.
+
+## Configure the Authorization server
+
+### Configure with Azure Active Directory
+
+1. Set up a new Azure Active Directory (AAD) in your Azure Subscription.
+2. Open the newly created AAD in Azure web portal
+3. Navigate to the Applications tab
+4. Add a new Application to the AAD. Set the "Sign-on URL" to sample application's URL.
+5. Naigate to the Application, and click the Configure tab.
+6. Find and save the "Client Id".
+7. Add a new key in the "Keys" section. Save value of the key, which is the "Client Secret".
+8. Click the "View Endpoints" on the drawer, a dialog will shows six endpoint URLs. Copy the "OAuth 2.0 Authorization Endpoint" to a text editor and remove the "/oauth2/authorize" from the string. The remaining part is the __authority URL__. It looks like __https://login.microsoftonline.com/<guid>__
+
+### Configure with Google Identity Platform 
+
+1. Create a new project through [Google APIs](console.developers.google.com)
+2. In the sidebar choose "Credentials"
+3. Navigate to "OAuth consent screen" tab, fill in the project name and save.
+4. Navigate to "Credentials" tab. Click "Create credentials". Choose "OAuth client ID". 
+5. Select "Web application" as the application type. Fill in the "Authorized redirect URIs" with __https://localhost:44318/signin-oidc__
+6. Save the "Client ID" and "Client Secret" shown in the dialog.
+7. Save the "Authority URL" for Google Authentication is __https://accounts.google.com/
+
+## Configure the sample application
+
+1. Restore the application.
+2. Set user secrets
+
+```
+dotnet user-secrets set oidc:clientid <Client Id>
+dotnet user-secrets set oidc:clientsecret <Client Secret>
+dotnet user-secrets set oidc:authority <Authority URL>
+```
+
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 3a39919032..32d4739d19 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -86,6 +86,7 @@ namespace OpenIdConnectSample
                     await context.Response.WriteAsync($"</body></html>");
                     return;
                 }
+
                 if (context.Request.Path.Equals("/signout"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
@@ -95,6 +96,7 @@ namespace OpenIdConnectSample
                     await context.Response.WriteAsync($"</body></html>");
                     return;
                 }
+
                 if (context.Request.Path.Equals("/signout-remote"))
                 {
                     // Redirects
@@ -105,6 +107,7 @@ namespace OpenIdConnectSample
                     });
                     return;
                 }
+
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 6a24f3da60..a6a16a29fc 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -33,9 +33,10 @@
   },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*",
+    "Microsoft.Extensions.SecretManager.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
   }
-}
\ No newline at end of file
+}

From 5637e0c917d11ed0d2949ac146f641e5e43ebfc5 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 11 Jul 2016 22:51:41 -0700
Subject: [PATCH 570/900] Remove unused using statements

---
 samples/CookieSample/Program.cs                                | 1 -
 .../Events/EventResultState.cs                                 | 2 --
 .../Properties/Resources.Designer.cs                           | 1 -
 .../SharedAuthenticationOptions.cs                             | 3 ---
 src/Microsoft.AspNetCore.Authentication/Win32.cs               | 1 -
 5 files changed, 8 deletions(-)

diff --git a/samples/CookieSample/Program.cs b/samples/CookieSample/Program.cs
index df74352e7c..7deed359e1 100644
--- a/samples/CookieSample/Program.cs
+++ b/samples/CookieSample/Program.cs
@@ -1,6 +1,5 @@
 using System.IO;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Configuration;
 
 namespace CookieSample
 {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
index 80a6f949ab..b11dec93f1 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
@@ -1,8 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-
 namespace Microsoft.AspNetCore.Authentication
 {
     public enum EventResultState
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
index 29dd7c67e2..a6cf910462 100644
--- a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
@@ -1,7 +1,6 @@
 // <auto-generated />
 namespace Microsoft.AspNetCore.Authentication
 {
-    using System.Globalization;
     using System.Reflection;
     using System.Resources;
 
diff --git a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
index bf30cae9e3..8b168c9a0a 100644
--- a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
@@ -1,9 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
-using System;
-
 namespace Microsoft.AspNetCore.Authentication
 {
     public class SharedAuthenticationOptions
diff --git a/src/Microsoft.AspNetCore.Authentication/Win32.cs b/src/Microsoft.AspNetCore.Authentication/Win32.cs
index 0e757e42a6..8752c3b734 100644
--- a/src/Microsoft.AspNetCore.Authentication/Win32.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Win32.cs
@@ -3,7 +3,6 @@
 
 
 using System;
-using System.ComponentModel;
 using System.Runtime.InteropServices;
 
 namespace Microsoft.Win32

From 4927ad6b7413c5ef6d91fb264c00e350e3a15a8b Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 14 Jul 2016 16:24:33 -0700
Subject: [PATCH 571/900] Remove win32.cs

---
 .../Win32.cs                                  | 96 -------------------
 1 file changed, 96 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Win32.cs

diff --git a/src/Microsoft.AspNetCore.Authentication/Win32.cs b/src/Microsoft.AspNetCore.Authentication/Win32.cs
deleted file mode 100644
index 8752c3b734..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Win32.cs
+++ /dev/null
@@ -1,96 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-using System;
-using System.Runtime.InteropServices;
-
-namespace Microsoft.Win32
-{
-    // TODO: ? [Localizable(false)]
-    internal static class NativeMethods
-    {
-        // ReSharper disable InconsistentNaming
-        public const int X509_ASN_ENCODING = 0x00000001;
-        public const int X509_PUBLIC_KEY_INFO = 8;
-        // ReSharper restore InconsistentNaming
-
-        /// <summary>
-        /// Encodes a structure of the type indicated by the value of the lpszStructType parameter.
-        /// </summary>
-        /// <param name="dwCertEncodingType">Type of encoding used.</param>
-        /// <param name="lpszStructType">The high-order word is zero, the low-order word specifies the integer identifier for the type of the specified structure so
-        /// we can use the constants in http://msdn.microsoft.com/en-us/library/windows/desktop/aa378145%28v=vs.85%29.aspx</param>
-        /// <param name="pvStructInfo">A pointer to the structure to be encoded.</param>
-        /// <param name="pbEncoded">A pointer to a buffer to receive the encoded structure. This parameter can be NULL to retrieve the size of this information for memory allocation purposes.</param>
-        /// <param name="pcbEncoded">A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter.</param>
-        /// <returns></returns>
-        [DllImport("crypt32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
-        [return: MarshalAs(UnmanagedType.Bool)]
-        internal static extern bool CryptEncodeObject(
-            UInt32 dwCertEncodingType,
-            IntPtr lpszStructType,
-            ref CERT_PUBLIC_KEY_INFO pvStructInfo,
-            byte[] pbEncoded,
-            ref UInt32 pcbEncoded);
-
-        // ReSharper disable InconsistentNaming
-        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
-        internal struct CRYPT_BLOB
-        {
-            public Int32 cbData;
-            public IntPtr pbData;
-        }
-
-        [StructLayout(LayoutKind.Sequential)]
-        internal struct CERT_CONTEXT
-        {
-            public Int32 dwCertEncodingType;
-            public IntPtr pbCertEncoded;
-            public Int32 cbCertEncoded;
-            public IntPtr pCertInfo;
-            public IntPtr hCertStore;
-        }
-
-        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
-        internal struct CRYPT_ALGORITHM_IDENTIFIER
-        {
-            public string pszObjId;
-            public CRYPT_BLOB Parameters;
-        }
-
-        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
-        internal struct CRYPT_BIT_BLOB
-        {
-            public Int32 cbData;
-            public IntPtr pbData;
-            public Int32 cUnusedBits;
-        }
-
-        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
-        internal struct CERT_PUBLIC_KEY_INFO
-        {
-            public CRYPT_ALGORITHM_IDENTIFIER Algorithm;
-            public CRYPT_BIT_BLOB PublicKey;
-        }
-
-        [StructLayout(LayoutKind.Sequential)]
-        internal class CERT_INFO
-        {
-            public Int32 dwVersion;
-            public CRYPT_BLOB SerialNumber;
-            public CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
-            public CRYPT_BLOB Issuer;
-            public System.Runtime.InteropServices.ComTypes.FILETIME NotBefore;
-            public System.Runtime.InteropServices.ComTypes.FILETIME NotAfter;
-            public CRYPT_BLOB Subject;
-            public CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
-            public CRYPT_BIT_BLOB IssuerUniqueId;
-            public CRYPT_BIT_BLOB SubjectUniqueId;
-            public Int32 cExtension;
-            public IntPtr rgExtension;
-        }
-
-        // ReSharper restore InconsistentNaming
-    }
-}

From 6cd46a5c10094ba9f4379fbccc3b9c05a01bf034 Mon Sep 17 00:00:00 2001
From: Derek <tuespetre@users.noreply.github.com>
Date: Tue, 19 Jul 2016 17:18:42 -0500
Subject: [PATCH 572/900] Remote auth expiration fix (#893)

Remote auth expiration fix, and move ISystemClock to the base AuthenticationProperties
---
 .../CookieAuthenticationOptions.cs                        | 6 ------
 .../JwtBearerOptions.cs                                   | 6 ------
 .../OAuthHandler.cs                                       | 5 +----
 .../OAuthOptions.cs                                       | 6 ------
 .../OpenIdConnectHandler.cs                               | 5 +----
 .../OpenIdConnectOptions.cs                               | 6 ------
 .../TwitterHandler.cs                                     | 8 +++-----
 .../TwitterOptions.cs                                     | 6 ------
 .../AuthenticationOptions.cs                              | 8 ++++++++
 .../RemoteAuthenticationHandler.cs                        | 2 +-
 10 files changed, 14 insertions(+), 44 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index f9455f23a5..b425612508 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -138,12 +138,6 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
 
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; }
-
         /// <summary>
         /// The component used to get cookies from the request or set them on the response.
         ///
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index 1d73b843ee..2aedf30d52 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -95,12 +95,6 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public bool RefreshOnIssuerKeyNotFound { get; set; } = true;
 
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
-
         /// <summary>
         /// Gets the ordered list of <see cref="ISecurityTokenValidator"/> used to validate access tokens.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index ddd26d9f01..12b85ae7e6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -175,10 +175,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties)
-            {
-                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
-            };
+            var properties = new AuthenticationProperties(context.Properties);
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index 57ecba2f48..9591d9c44d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -64,11 +64,5 @@ namespace Microsoft.AspNetCore.Builder
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
         public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
-
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 6488d10d72..df7caf3317 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -259,10 +259,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri if RedirectUri is not set)
-            var properties = new AuthenticationProperties(context.Properties)
-            {
-                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
-            };
+            var properties = new AuthenticationProperties(context.Properties);
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index b5f6c03daa..181444b055 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -202,11 +202,5 @@ namespace Microsoft.AspNetCore.Builder
         /// This is disabled by default.
         /// </summary>
         public bool SkipUnrecognizedRequests { get; set; } = false;
-
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 4fbf35aaa1..20d06beafc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -131,10 +131,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties)
-            {
-                ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout)
-            };
+            var properties = new AuthenticationProperties(context.Properties);
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
@@ -148,7 +145,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                Secure = Request.IsHttps
+                Secure = Request.IsHttps,
+                Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
 
             Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 8ab399a8f9..bf54b7fbb9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -59,11 +59,5 @@ namespace Microsoft.AspNetCore.Builder
             get { return (ITwitterEvents)base.Events; }
             set { base.Events = value; }
         }
-
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
index 04d050b06e..34ec577f18 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
@@ -1,7 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http.Authentication;
+using System.ComponentModel;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -47,5 +49,11 @@ namespace Microsoft.AspNetCore.Builder
         /// Additional information about the authentication type which is made available to the application.
         /// </summary>
         public AuthenticationDescription Description { get; set; } = new AuthenticationDescription();
+
+        /// <summary>
+        /// For testing purposes only.
+        /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public ISystemClock SystemClock { get; set; } = new SystemClock();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index f1ad0d0559..72a4fe5900 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -149,7 +149,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 HttpOnly = true,
                 Secure = Request.IsHttps,
-                Expires = properties.ExpiresUtc
+                Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
 
             properties.Items[CorrelationProperty] = correlationId;

From a1f82783819fe06485c7b31b7f24b83b364a8385 Mon Sep 17 00:00:00 2001
From: Petr Onderka <gsvick@gmail.com>
Date: Wed, 20 Jul 2016 19:35:12 +0200
Subject: [PATCH 573/900] Improve sample README

* fixed broken link
* improved formatting
* added missing full stops
---
 samples/OpenIdConnectSample/Readme.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/samples/OpenIdConnectSample/Readme.md b/samples/OpenIdConnectSample/Readme.md
index 293820759d..846e3f8e6a 100644
--- a/samples/OpenIdConnectSample/Readme.md
+++ b/samples/OpenIdConnectSample/Readme.md
@@ -1,6 +1,6 @@
 # How to set up the sample locally
 
-The OpenIdConnect sample supports multilpe authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform
+The OpenIdConnect sample supports multilpe authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform.
 
 ## Determine your development environment and a few key variables
 
@@ -13,30 +13,30 @@ If the application is run from command line or terminal, environment variable AS
 ### Configure with Azure Active Directory
 
 1. Set up a new Azure Active Directory (AAD) in your Azure Subscription.
-2. Open the newly created AAD in Azure web portal
-3. Navigate to the Applications tab
+2. Open the newly created AAD in Azure web portal.
+3. Navigate to the Applications tab.
 4. Add a new Application to the AAD. Set the "Sign-on URL" to sample application's URL.
 5. Naigate to the Application, and click the Configure tab.
 6. Find and save the "Client Id".
 7. Add a new key in the "Keys" section. Save value of the key, which is the "Client Secret".
-8. Click the "View Endpoints" on the drawer, a dialog will shows six endpoint URLs. Copy the "OAuth 2.0 Authorization Endpoint" to a text editor and remove the "/oauth2/authorize" from the string. The remaining part is the __authority URL__. It looks like __https://login.microsoftonline.com/<guid>__
+8. Click the "View Endpoints" on the drawer, a dialog will shows six endpoint URLs. Copy the "OAuth 2.0 Authorization Endpoint" to a text editor and remove the "/oauth2/authorize" from the string. The remaining part is the __authority URL__. It looks like `https://login.microsoftonline.com/<guid>`.
 
 ### Configure with Google Identity Platform 
 
-1. Create a new project through [Google APIs](console.developers.google.com)
-2. In the sidebar choose "Credentials"
+1. Create a new project through [Google APIs](https://console.developers.google.com).
+2. In the sidebar choose "Credentials".
 3. Navigate to "OAuth consent screen" tab, fill in the project name and save.
 4. Navigate to "Credentials" tab. Click "Create credentials". Choose "OAuth client ID". 
-5. Select "Web application" as the application type. Fill in the "Authorized redirect URIs" with __https://localhost:44318/signin-oidc__
+5. Select "Web application" as the application type. Fill in the "Authorized redirect URIs" with `https://localhost:44318/signin-oidc`.
 6. Save the "Client ID" and "Client Secret" shown in the dialog.
-7. Save the "Authority URL" for Google Authentication is __https://accounts.google.com/
+7. The "Authority URL" for Google Authentication is `https://accounts.google.com/`.
 
 ## Configure the sample application
 
 1. Restore the application.
-2. Set user secrets
+2. Set user secrets:
 
-```
+ ```
 dotnet user-secrets set oidc:clientid <Client Id>
 dotnet user-secrets set oidc:clientsecret <Client Secret>
 dotnet user-secrets set oidc:authority <Authority URL>

From 651815c282bfc594762346f4445afd9e6b48bb1e Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Mon, 25 Jul 2016 16:31:27 -0700
Subject: [PATCH 574/900] Remove OfType allocations (#906)

---
 .../AuthorizationPolicy.cs                           | 12 ++++++------
 .../DefaultAuthorizationPolicyProvider.cs            |  1 +
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
index 3fe0cdd070..5cba0fd9e3 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
@@ -122,28 +122,28 @@ namespace Microsoft.AspNetCore.Authorization
 
             var policyBuilder = new AuthorizationPolicyBuilder();
             var any = false;
-            foreach (var authorizeAttribute in authorizeData.OfType<AuthorizeAttribute>())
+            foreach (var authorizeDatum in authorizeData)
             {
                 any = true;
                 var useDefaultPolicy = true;
-                if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy))
+                if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy))
                 {
-                    var policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy);
+                    var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy);
                     if (policy == null)
                     {
-                        throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy));
+                        throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy));
                     }
                     policyBuilder.Combine(policy);
                     useDefaultPolicy = false;
                 }
-                var rolesSplit = authorizeAttribute.Roles?.Split(',');
+                var rolesSplit = authorizeDatum.Roles?.Split(',');
                 if (rolesSplit != null && rolesSplit.Any())
                 {
                     var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
                     policyBuilder.RequireRole(trimmedRolesSplit);
                     useDefaultPolicy = false;
                 }
-                var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
+                var authTypesSplit = authorizeDatum.ActiveAuthenticationSchemes?.Split(',');
                 if (authTypesSplit != null && authTypesSplit.Any())
                 {
                     foreach (var authType in authTypesSplit)
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
index 2c9ea19b5c..6fb8bd68dc 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
@@ -45,6 +45,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <returns>The named <see cref="AuthorizationPolicy"/>.</returns>
         public virtual Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
         {
+            // MVC relies on DefaultAuthorizationPolicyProvider providing the same policy for the same requests.
             return Task.FromResult(_options.GetPolicy(policyName));
         }
     }

From 7b7da43fd819830151aa70b9e4dc951d835d19de Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 25 Jul 2016 20:33:12 -0700
Subject: [PATCH 575/900] Update comments in RemoteAuthenticationOptions

---
 .../RemoteAuthenticationOptions.cs                          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index a78c14bbec..e990abd05a 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -14,7 +14,7 @@ namespace Microsoft.AspNetCore.Builder
     public class RemoteAuthenticationOptions : AuthenticationOptions
     {
         /// <summary>
-        /// Gets or sets timeout value in milliseconds for back channel communications with the remote provider.
+        /// Gets or sets timeout value in milliseconds for back channel communications with the remote identity provider.
         /// </summary>
         /// <value>
         /// The back channel timeout.
@@ -22,7 +22,7 @@ namespace Microsoft.AspNetCore.Builder
         public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60);
 
         /// <summary>
-        /// The HttpMessageHandler used to communicate with Twitter.
+        /// The HttpMessageHandler used to communicate with remote identity provider.
         /// This cannot be set at the same time as BackchannelCertificateValidator unless the value 
         /// can be downcast to a WebRequestHandler.
         /// </summary>
@@ -66,4 +66,4 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public bool SaveTokens { get; set; }
     }
-}
\ No newline at end of file
+}

From eabdd4581604d4e0f8d668c30bd5aa5e92e78a8f Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 25 Jul 2016 22:28:26 -0700
Subject: [PATCH 576/900] Improve code readability for Authentication.Google

---
 .../GoogleAppBuilderExtensions.cs                 |  7 +++++--
 .../GoogleDefaults.cs                             |  5 ++++-
 .../GoogleHandler.cs                              | 15 +++++++++++----
 .../GoogleHelper.cs                               |  1 -
 .../GoogleMiddleware.cs                           |  5 ++++-
 5 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
index fe693a61b7..85a193d82b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -13,7 +13,8 @@ namespace Microsoft.AspNetCore.Builder
     public static class GoogleAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
+        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>,
+        /// which enables Google authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
@@ -28,7 +29,8 @@ namespace Microsoft.AspNetCore.Builder
         }
 
         /// <summary>
-        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
+        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>,
+        /// which enables Google authentication capabilities.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
         /// <param name="options">A <see cref="GoogleOptions"/> that specifies options for the middleware.</param>
@@ -39,6 +41,7 @@ namespace Microsoft.AspNetCore.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+
             if (options == null)
             {
                 throw new ArgumentNullException(nameof(options));
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
index c17ff6b2ab..ef6fae9bc1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
@@ -3,9 +3,12 @@
 
 namespace Microsoft.AspNetCore.Authentication.Google
 {
+    /// <summary>
+    /// Default values for Google authentication
+    /// </summary>
     public static class GoogleDefaults
     {
-        public const string AuthenticationScheme = "Google";
+        public static readonly string AuthenticationScheme = "Google";
 
         public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index affde917aa..6e3ee36939 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -22,7 +22,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
         {
         }
 
-        protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
+        protected override async Task<AuthenticationTicket> CreateTicketAsync(
+            ClaimsIdentity identity,
+            AuthenticationProperties properties,
+            OAuthTokenResponse tokens)
         {
             // Get the Google user
             var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
@@ -33,7 +36,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
+            var principal = new ClaimsPrincipal(identity);
+            var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
             var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
 
             var identifier = GoogleHelper.GetId(payload);
@@ -100,8 +104,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
             return authorizationEndpoint;
         }
 
-        private static void AddQueryString(IDictionary<string, string> queryStrings, AuthenticationProperties properties,
-            string name, string defaultValue = null)
+        private static void AddQueryString(
+            IDictionary<string, string> queryStrings,
+            AuthenticationProperties properties,
+            string name,
+            string defaultValue = null)
         {
             string value;
             if (!properties.Items.TryGetValue(name, out value))
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
index 0a763d5696..336536c512 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.Extensions.Internal;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Google
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
index eb98e447b3..5f8afaff2f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
@@ -69,7 +69,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
         /// <summary>
         /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="GoogleOptions"/> supplied to the constructor.</returns>
+        /// <returns>
+        /// An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="GoogleOptions"/>
+        /// supplied to the constructor.
+        /// </returns>
         protected override AuthenticationHandler<GoogleOptions> CreateHandler()
         {
             return new GoogleHandler(Backchannel);

From ecb3b909846c1ab14e60e7f8463e6c54c8eb419b Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 09:19:42 -0700
Subject: [PATCH 577/900] Undo change to the GoogleDefaults

---
 .../GoogleDefaults.cs                                           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
index ef6fae9bc1..77d68aed93 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
@@ -8,7 +8,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
     /// </summary>
     public static class GoogleDefaults
     {
-        public static readonly string AuthenticationScheme = "Google";
+        public const string AuthenticationScheme = "Google";
 
         public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
 

From 312edaafb4f7d4a189b376c3c380b620aa063b8d Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 20 Jul 2016 16:15:58 -0700
Subject: [PATCH 578/900] Handle back channel failure gracefully

1. Check the response states code. If it is out of 2XX range, compose a
readable message and throw in an exception.
2. Capture the exception in HandleRemoteAuthenticateAsync and translate
it into AuthenticateResult.
---
 .../FacebookHandler.cs                                 |  9 +++++++--
 .../GoogleHandler.cs                                   |  6 +++++-
 .../MicrosoftAccountHandler.cs                         |  7 ++++++-
 .../OAuthHandler.cs                                    | 10 +++++++++-
 4 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 675ae51494..0df42597dd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
@@ -35,7 +36,11 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             }
 
             var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
-            response.EnsureSuccessStatusCode();
+            if (!response.IsSuccessStatusCode)
+            {
+                var errorMessage = $"Failed to retrived Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Google API is enabled.";
+                throw new InvalidOperationException(errorMessage);
+            }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
@@ -119,7 +124,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             {
                 identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
             }
- 
+
             var timeZone = FacebookHelper.GetTimeZone(payload);
             if (!string.IsNullOrEmpty(timeZone))
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 6e3ee36939..4a81744b05 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -32,7 +32,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
 
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
-            response.EnsureSuccessStatusCode();
+            if (!response.IsSuccessStatusCode)
+            {
+                var errorMessage = $"Failed to retrived Google user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Google API is enabled.";
+                throw new InvalidOperationException(errorMessage);
+            }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 8b9177625c..18f5df9d4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
@@ -25,7 +26,11 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
 
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
-            response.EnsureSuccessStatusCode();
+            if (!response.IsSuccessStatusCode)
+            {
+                var errorMessage = $"Failed to retrived Microsoft user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Google API is enabled.";
+                throw new InvalidOperationException(errorMessage);
+            }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 12b85ae7e6..29d46367db 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -119,7 +119,15 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 properties.StoreTokens(authTokens);
             }
 
-            return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, tokens));
+            try
+            {
+                var ticket = await CreateTicketAsync(identity, properties, tokens);
+                return AuthenticateResult.Success(ticket);
+            }
+            catch (Exception ex)
+            {
+                return AuthenticateResult.Fail(ex);
+            }
         }
 
         protected virtual async Task<OAuthTokenResponse> ExchangeCodeAsync(string code, string redirectUri)

From 988bcc81ee88f4decef967047e58e0c2b842e6be Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 20 Jul 2016 16:36:33 -0700
Subject: [PATCH 579/900] Update comments for HandleRemoteAuthenticateAsync
 method

---
 .../RemoteAuthenticationHandler.cs                          | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 72a4fe5900..5891a005d3 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -87,6 +87,12 @@ namespace Microsoft.AspNetCore.Authentication
             return true;
         }
 
+        /// <summary>
+        /// Authenticate the user identity with the identity provider. 
+        ///
+        /// This could be done through a back channel communication with the identity provider. Exception thrown during
+        /// the authenticating should be saved to the AuthenticateResult.
+        /// </summary>
         protected abstract Task<AuthenticateResult> HandleRemoteAuthenticateAsync();
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()

From 5de4816f59a87d00436bf386b23d9ff10e9f6bf6 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 25 Jul 2016 22:02:42 -0700
Subject: [PATCH 580/900] Update the RemoteAuthenticationHandler error handling

1. Exeption will be still thrown from CreateTicketAsync to avoid breaking
change.
2. OAuthHandler won't try to capture the exception.
3. OAuthHandler will check if the AuthenticateTicket is null.
4. RemoteAuthenticationHandler's error handling flow is improved to cover
the exception thrown from HandleRemoteAuthenticateAsync. The exeption
thrown from it will go throw the user error handling logic, too.
---
 .../FacebookHandler.cs                        |  3 +-
 .../GoogleHandler.cs                          |  3 +-
 .../MicrosoftAccountHandler.cs                |  3 +-
 .../OAuthHandler.cs                           |  9 ++--
 .../RemoteAuthenticationHandler.cs            | 42 +++++++++++++++----
 5 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 0df42597dd..4deec4df7d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -38,8 +38,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                var errorMessage = $"Failed to retrived Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Google API is enabled.";
-                throw new InvalidOperationException(errorMessage);
+                throw new HttpRequestException($"Failed to retrived Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Facebook API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 4a81744b05..b9a24f58c2 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -34,8 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                var errorMessage = $"Failed to retrived Google user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Google API is enabled.";
-                throw new InvalidOperationException(errorMessage);
+                throw new HttpRequestException($"An error occurred when retrieving user information ({response.StatusCode}). Please check if the authentication information is correct and the corresponding Google API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 18f5df9d4a..ad4ceb81f7 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -28,8 +28,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                var errorMessage = $"Failed to retrived Microsoft user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Google API is enabled.";
-                throw new InvalidOperationException(errorMessage);
+                throw new HttpRequestException($"Failed to retrived Microsoft user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Microsoft API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 29d46367db..353b2b5847 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
+using System.Threading;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
@@ -119,14 +120,14 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 properties.StoreTokens(authTokens);
             }
 
-            try
+            var ticket = await CreateTicketAsync(identity, properties, tokens);
+            if (ticket != null)
             {
-                var ticket = await CreateTicketAsync(identity, properties, tokens);
                 return AuthenticateResult.Success(ticket);
             }
-            catch (Exception ex)
+            else
             {
-                return AuthenticateResult.Fail(ex);
+                return AuthenticateResult.Fail("Failed to retrieve user information from remote server.");
             }
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 5891a005d3..f152ff1cfb 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Logging;
+using System.Net.Http;
 
 namespace Microsoft.AspNetCore.Authentication
 {
@@ -31,26 +32,49 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected virtual async Task<bool> HandleRemoteCallbackAsync()
         {
-            var authResult = await HandleRemoteAuthenticateAsync();
-            if (authResult != null && authResult.Skipped)
+            AuthenticateResult authResult = null;
+            Exception exception = null;
+
+            try
             {
-                return false;
+                authResult = await HandleRemoteAuthenticateAsync();
+                if (authResult != null && authResult.Skipped == true)
+                {
+                    return false;
+                }
+                else if (authResult == null)
+                {
+                    exception = new InvalidOperationException("Invalide return state, unable to redirect.");
+                }
+                else if (!authResult.Succeeded)
+                {
+                    exception = authResult?.Failure ??
+                                new InvalidOperationException("Invalide return state, unable to redirect.");
+                }
             }
-            if (authResult == null || !authResult.Succeeded)
+            catch (Exception ex)
             {
-                var errorContext = new FailureContext(Context, authResult?.Failure ?? new Exception("Invalid return state, unable to redirect."));
-                Logger.RemoteAuthenticationError(errorContext.Failure.Message);
+                exception = ex;
+            }
+
+            if (exception != null)
+            {
+                Logger.RemoteAuthenticationError(exception.Message);
+                var errorContext = new FailureContext(Context, exception);
                 await Options.Events.RemoteFailure(errorContext);
+
                 if (errorContext.HandledResponse)
                 {
                     return true;
                 }
-                if (errorContext.Skipped)
+                else if (errorContext.Skipped)
                 {
                     return false;
                 }
-
-                throw new AggregateException("Unhandled remote failure.", errorContext.Failure);
+                else
+                {
+                    throw new AggregateException("Unhandled remote failure.", exception);
+                }
             }
 
             // We have a ticket if we get here

From cd9e9fa498188d110cd548775e6d50fae5e643da Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 25 Jul 2016 22:06:44 -0700
Subject: [PATCH 581/900] Update comment on HandleRemoteAuthenticateAsync

---
 .../RemoteAuthenticationHandler.cs                             | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index f152ff1cfb..b1e2aa1c82 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -114,8 +114,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// <summary>
         /// Authenticate the user identity with the identity provider. 
         ///
-        /// This could be done through a back channel communication with the identity provider. Exception thrown during
-        /// the authenticating should be saved to the AuthenticateResult.
+        /// This could be done through a back channel communication with the identity provider. 
         /// </summary>
         protected abstract Task<AuthenticateResult> HandleRemoteAuthenticateAsync();
 

From 5211f22f44bec19ba76a86294f335d7926309e43 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 09:00:35 -0700
Subject: [PATCH 582/900] Update comment on HandleRemoteAuthenticateAsync

---
 .../RemoteAuthenticationHandler.cs                            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index b1e2aa1c82..895a954dac 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -112,9 +112,9 @@ namespace Microsoft.AspNetCore.Authentication
         }
 
         /// <summary>
-        /// Authenticate the user identity with the identity provider. 
+        /// Authenticate the user identity with the identity provider.
         ///
-        /// This could be done through a back channel communication with the identity provider. 
+        /// The method process the request on the endpoint defined by CallbackPath.
         /// </summary>
         protected abstract Task<AuthenticateResult> HandleRemoteAuthenticateAsync();
 

From 6f46bc94f868f711ba8c499d5007e1df57cacf71 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 09:02:06 -0700
Subject: [PATCH 583/900] Sort using statements

---
 src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs   | 2 +-
 .../RemoteAuthenticationHandler.cs                              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 353b2b5847..b235d9358f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -8,6 +8,7 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text;
+using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http.Authentication;
@@ -15,7 +16,6 @@ using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
-using System.Threading;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 895a954dac..564064e409 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Net.Http;
 using System.Security.Cryptography;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
@@ -9,7 +10,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Logging;
-using System.Net.Http;
 
 namespace Microsoft.AspNetCore.Authentication
 {

From 210c4b2061267ab765fe5b0659f6691031258f04 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 09:02:41 -0700
Subject: [PATCH 584/900] Fix incorrect exception messages

---
 .../RemoteAuthenticationHandler.cs                            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 564064e409..65ad981a9c 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -44,12 +44,12 @@ namespace Microsoft.AspNetCore.Authentication
                 }
                 else if (authResult == null)
                 {
-                    exception = new InvalidOperationException("Invalide return state, unable to redirect.");
+                    exception = new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
                 else if (!authResult.Succeeded)
                 {
                     exception = authResult?.Failure ??
-                                new InvalidOperationException("Invalide return state, unable to redirect.");
+                                new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
             }
             catch (Exception ex)

From 1c17bddc0299251b92a24a9f2cd5a9bf829dde50 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 09:09:58 -0700
Subject: [PATCH 585/900] Update HandleRemoteCallbackAsync readability

---
 .../OAuthHandler.cs                           |  1 -
 .../RemoteAuthenticationHandler.cs            | 20 +++++++++----------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index b235d9358f..dbfa1ef92b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -8,7 +8,6 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text;
-using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http.Authentication;
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 65ad981a9c..452a15a9dc 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Net.Http;
 using System.Security.Cryptography;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
@@ -32,17 +31,18 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected virtual async Task<bool> HandleRemoteCallbackAsync()
         {
-            AuthenticateResult authResult = null;
+            AuthenticationTicket ticket = null;
             Exception exception = null;
 
             try
             {
-                authResult = await HandleRemoteAuthenticateAsync();
+                var authResult = await HandleRemoteAuthenticateAsync();
                 if (authResult != null && authResult.Skipped == true)
                 {
                     return false;
                 }
-                else if (authResult == null)
+
+                if (authResult == null)
                 {
                     exception = new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
@@ -51,6 +51,8 @@ namespace Microsoft.AspNetCore.Authentication
                     exception = authResult?.Failure ??
                                 new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
+
+                ticket = authResult.Ticket;
             }
             catch (Exception ex)
             {
@@ -67,18 +69,16 @@ namespace Microsoft.AspNetCore.Authentication
                 {
                     return true;
                 }
-                else if (errorContext.Skipped)
+
+                if (errorContext.Skipped)
                 {
                     return false;
                 }
-                else
-                {
-                    throw new AggregateException("Unhandled remote failure.", exception);
-                }
+
+                throw new AggregateException("Unhandled remote failure.", exception);
             }
 
             // We have a ticket if we get here
-            var ticket = authResult.Ticket;
             var context = new TicketReceivedContext(Context, Options, ticket)
             {
                 ReturnUri = ticket.Properties.RedirectUri,

From 0d216d726a686cef8d84e0d83eb4a57dcdbb3b26 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 13:58:07 -0700
Subject: [PATCH 586/900] Minor fixes in RemoteAuthenticationHandler and
 FacebookHandler

---
 .../FacebookHandler.cs                                          | 2 +-
 .../RemoteAuthenticationHandler.cs                              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 4deec4df7d..29906e7e3f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                throw new HttpRequestException($"Failed to retrived Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Facebook API is enabled.");
+                throw new HttpRequestException($"Failed to retrived Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Facebook Graph API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 452a15a9dc..9d236decd9 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -37,7 +37,7 @@ namespace Microsoft.AspNetCore.Authentication
             try
             {
                 var authResult = await HandleRemoteAuthenticateAsync();
-                if (authResult != null && authResult.Skipped == true)
+                if (authResult != null && authResult.Skipped)
                 {
                     return false;
                 }

From 0e855b25a8d7af1ef6df836f01e1a7fe92dc46a0 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 14:16:16 -0700
Subject: [PATCH 587/900] Update Google and Microsoft Account Handler exception
 message

---
 .../GoogleHandler.cs                                          | 4 ++--
 .../MicrosoftAccountHandler.cs                                | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index b9a24f58c2..68cc6054f1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -34,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                throw new HttpRequestException($"An error occurred when retrieving user information ({response.StatusCode}). Please check if the authentication information is correct and the corresponding Google API is enabled.");
+                throw new HttpRequestException($"An error occurred when retrieving user information ({response.StatusCode}). Please check if the authentication information is correct and the corresponding Google+ API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
@@ -132,4 +132,4 @@ namespace Microsoft.AspNetCore.Authentication.Google
             queryStrings[name] = value;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index ad4ceb81f7..21f567d15e 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                throw new HttpRequestException($"Failed to retrived Microsoft user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Microsoft API is enabled.");
+                throw new HttpRequestException($"Failed to retrived Microsoft user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Microsoft Account API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());

From 763df65c14081ac2efb5a5997f49217cf6ace501 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 26 Jul 2016 16:27:28 -0700
Subject: [PATCH 588/900] Revise if-else order in RemoteAuthenticateHandler

---
 .../RemoteAuthenticationHandler.cs                    | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 9d236decd9..4dfcc3662c 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -37,18 +37,17 @@ namespace Microsoft.AspNetCore.Authentication
             try
             {
                 var authResult = await HandleRemoteAuthenticateAsync();
-                if (authResult != null && authResult.Skipped)
-                {
-                    return false;
-                }
-
                 if (authResult == null)
                 {
                     exception = new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
+                else if (authResult.Skipped)
+                {
+                    return false;
+                }
                 else if (!authResult.Succeeded)
                 {
-                    exception = authResult?.Failure ??
+                    exception = authResult.Failure ??
                                 new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
 

From c16fc06cb9fd28c21556f83855498985739e41e8 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Thu, 28 Jul 2016 16:55:08 -0700
Subject: [PATCH 589/900] Modify warning about policy behavior (#924)

---
 .../DefaultAuthorizationPolicyProvider.cs                     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
index 6fb8bd68dc..0e4329dcc0 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
@@ -45,7 +45,9 @@ namespace Microsoft.AspNetCore.Authorization
         /// <returns>The named <see cref="AuthorizationPolicy"/>.</returns>
         public virtual Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
         {
-            // MVC relies on DefaultAuthorizationPolicyProvider providing the same policy for the same requests.
+            // MVC caches policies specifically for this class, so this method MUST return the same policy per
+            // policyName for every request or it could allow undesired access. It also must return synchronously.
+            // A change to either of these behaviors would require shipping a patch of MVC as well.
             return Task.FromResult(_options.GetPolicy(policyName));
         }
     }

From 2a6ab2be8c195a67ecd58200c808cbf7f15f383c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 29 Jul 2016 13:26:25 -0700
Subject: [PATCH 590/900] Add UpdateTokenValue API

---
 .../TokenExtensions.cs                        | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs b/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
index 8065139baf..9f5c96cc11 100644
--- a/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
@@ -63,6 +63,26 @@ namespace Microsoft.AspNetCore.Authentication
                 : null;
         }
 
+        public static bool UpdateTokenValue(this AuthenticationProperties properties, string tokenName, string tokenValue)
+        {
+            if (properties == null)
+            {
+                throw new ArgumentNullException(nameof(properties));
+            }
+            if (tokenName == null)
+            {
+                throw new ArgumentNullException(nameof(tokenName));
+            }
+
+            var tokenKey = TokenKeyPrefix + tokenName;
+            if (!properties.Items.ContainsKey(tokenKey))
+            {
+                return false;
+            }
+            properties.Items[tokenKey] = tokenValue;
+            return true;
+        }
+
         public static IEnumerable<AuthenticationToken> GetTokens(this AuthenticationProperties properties)
         {
             if (properties == null)

From 137e18f39d6f9e0932916fa9e3a8c296e8dd8978 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 29 Jul 2016 13:26:36 -0700
Subject: [PATCH 591/900] Add test

---
 .../TokenExtensionTests.cs                    | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
index e8f2c16578..028cf67607 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
@@ -81,6 +81,51 @@ namespace Microsoft.AspNetCore.Authentication
             Assert.Equal(3, props.GetTokens().Count());
         }
 
+        [Fact]
+        public void CanUpdateTokenValues()
+        {
+            var props = new AuthenticationProperties();
+            var tokens = new List<AuthenticationToken>();
+            var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
+            var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
+            var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
+            tokens.Add(tok1);
+            tokens.Add(tok2);
+            tokens.Add(tok3);
+            props.StoreTokens(tokens);
+
+            Assert.True(props.UpdateTokenValue("One", ".11"));
+            Assert.True(props.UpdateTokenValue("Two", ".22"));
+            Assert.True(props.UpdateTokenValue("Three", ".33"));
+
+            Assert.Equal(".11", props.GetTokenValue("One"));
+            Assert.Equal(".22", props.GetTokenValue("Two"));
+            Assert.Equal(".33", props.GetTokenValue("Three"));
+            Assert.Equal(3, props.GetTokens().Count());
+        }
+
+        [Fact]
+        public void UpdateTokenValueReturnsFalseForUnknownToken()
+        {
+            var props = new AuthenticationProperties();
+            var tokens = new List<AuthenticationToken>();
+            var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
+            var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
+            var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
+            tokens.Add(tok1);
+            tokens.Add(tok2);
+            tokens.Add(tok3);
+            props.StoreTokens(tokens);
+
+            Assert.False(props.UpdateTokenValue("ONE", ".11"));
+            Assert.False(props.UpdateTokenValue("Jigglypuff", ".11"));
+
+            Assert.Null(props.GetTokenValue("ONE"));
+            Assert.Null(props.GetTokenValue("Jigglypuff"));
+            Assert.Equal(3, props.GetTokens().Count());
+
+        }
+
         public class TestAuthHandler : IAuthenticationHandler
         {
             private readonly AuthenticationProperties _props;

From 882e790bff1d514dd16a8a5422be5323dc36d9b0 Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Tue, 2 Aug 2016 13:05:55 -0700
Subject: [PATCH 592/900] Update .travis.yml

---
 .travis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index ceb3c7b67b..efc1a57214 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -23,6 +23,6 @@ branches:
     - dev
     - /^(.*\/)?ci-.*$/
 before_install:
-  - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; brew link --force openssl; fi
+  - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
 script:
-  - ./build.sh verify
\ No newline at end of file
+  - ./build.sh verify

From 706566e2531245fdc2a2b8115373b66d5bf16799 Mon Sep 17 00:00:00 2001
From: Christian Weiss <christian@chwe.at>
Date: Thu, 4 Aug 2016 18:02:09 +0200
Subject: [PATCH 593/900] Typo "Failed to retrived" -> "Failed to retrieve"

---
 .../FacebookHandler.cs                                        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 29906e7e3f..be1c8f8f83 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                throw new HttpRequestException($"Failed to retrived Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Facebook Graph API is enabled.");
+                throw new HttpRequestException($"Failed to retrieve Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Facebook Graph API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
@@ -157,4 +157,4 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             return string.Join(",", Options.Scope);
         }
     }
-}
\ No newline at end of file
+}

From 0314632696464efaa9d34d08233e0a292336361d Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 2 Aug 2016 11:56:31 -0700
Subject: [PATCH 594/900] JwtBearer Token: Catch exception during unauthorized
 flow

---
 .../CookieAuthenticationHandler.cs            |  1 -
 .../JwtBearerHandler.cs                       |  4 +-
 .../AuthenticationHandler.cs                  | 32 +++++++++-
 .../JwtBearer/JwtBearerMiddlewareTests.cs     | 59 +++++++++++++++++--
 4 files changed, 87 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index eecd03065a..302010429b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -323,7 +323,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     await Options.Events.RedirectToReturnUrl(redirectContext);
                 }
             }
-
         }
 
         private static bool IsHostRelative(string path)
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 34b13562a5..ee5575251d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -185,11 +185,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
         protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
-            var authResult = await HandleAuthenticateOnceAsync();
+            var authResult = await HandleAuthenticateOnceSafeAsync();
 
             var eventContext = new JwtBearerChallengeContext(Context, Options, new AuthenticationProperties(context.Properties))
             {
-                AuthenticateFailure = authResult?.Failure,
+                AuthenticateFailure = authResult?.Failure
             };
 
             // Avoid returning error=invalid_token if the error is not caused by an authentication failure (e.g missing token).
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 639be0103a..9141e8811d 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -233,15 +233,43 @@ namespace Microsoft.AspNetCore.Authentication
             }
         }
 
+        /// <summary>
+        /// Handle the authentication for once.
+        ///
+        /// If the authentication has been done before returns the last authentication result.
+        /// </summary>
         protected Task<AuthenticateResult> HandleAuthenticateOnceAsync()
         {
             if (_authenticateTask == null)
             {
                 _authenticateTask = HandleAuthenticateAsync();
             }
+
             return _authenticateTask;
         }
 
+        /// <summary>
+        /// Handle the authentication for once.
+        ///
+        /// If the authentication has been done before returns the last authentication result.
+        /// This method won't throw exception. Any exception thrown during the authentication will be convert
+        /// to a AuthenticateResult.
+        /// </summary>
+        protected Task<AuthenticateResult> HandleAuthenticateOnceSafeAsync()
+        {
+            try
+            {
+                return HandleAuthenticateOnceAsync().ContinueWith<AuthenticateResult>(
+                    task => task.IsFaulted ? AuthenticateResult.Fail(task.Exception) : task.Result
+                );
+            }
+            catch (Exception ex)
+            {
+                // capture exception which is thrown before the task is actually started
+                return Task.FromResult(AuthenticateResult.Fail(ex));
+            }
+        }
+
         protected abstract Task<AuthenticateResult> HandleAuthenticateAsync();
 
         public async Task SignInAsync(SignInContext context)
@@ -313,7 +341,7 @@ namespace Microsoft.AspNetCore.Authentication
                 {
                     case ChallengeBehavior.Automatic:
                         // If there is a principal already, invoke the forbidden code path
-                        var result = await HandleAuthenticateOnceAsync();
+                        var result = await HandleAuthenticateOnceSafeAsync();
                         if (result?.Ticket?.Principal != null)
                         {
                             goto case ChallengeBehavior.Forbidden;
@@ -350,4 +378,4 @@ namespace Microsoft.AspNetCore.Authentication
             auth.Handler = PriorHandler;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index b1f0ce4fed..fea01b36fe 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -59,6 +59,46 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
+        [Fact]
+        public async Task ThrowAtAuthenticationFailedEvent()
+        {
+            var options = new JwtBearerOptions
+            {
+                Events = new JwtBearerEvents
+                {
+                    OnAuthenticationFailed = context =>
+                    {
+                        context.Response.StatusCode = 401;
+                        throw new Exception();
+                    },
+                    OnMessageReceived = context =>
+                    {
+                        context.Token = "something";
+                        return Task.FromResult(0);
+                    }
+                }
+            };
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Insert(0, new InvalidTokenValidator());
+
+            var server = CreateServer(options, async (context, next) =>
+            {
+                try
+                {
+                    await next();
+                    Assert.False(true, "Expected exception is not thrown");
+                }
+                catch (Exception)
+                {
+                    context.Response.StatusCode = 401;
+                    await context.Response.WriteAsync("i got this");
+                }
+            });
+
+            var transaction = await server.SendAsync("https://example.com/signIn");
+
+            Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
+        }
 
         [Fact]
         public async Task CustomHeaderReceived()
@@ -104,7 +144,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         public async Task HeaderWithoutBearerReceived()
         {
             var server = CreateServer(new JwtBearerOptions());
-            var response = await SendAsync(server, "http://example.com/oauth","Token");
+            var response = await SendAsync(server, "http://example.com/oauth", "Token");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
@@ -347,7 +387,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
             Assert.Equal(HttpStatusCode.Forbidden, response.Response.StatusCode);
         }
-        
+
         [Fact]
         public async Task BearerDoesNothingTo401IfNotAuthenticated()
         {
@@ -522,7 +562,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             public string AuthenticationScheme { get; }
 
             public bool CanValidateToken => true;
-            
+
             public int MaximumTokenSizeInBytes
             {
                 get
@@ -558,11 +598,21 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
         }
 
-        private static TestServer CreateServer(JwtBearerOptions options, Func<HttpContext, bool> handler = null)
+        private static TestServer CreateServer(JwtBearerOptions options)
+        {
+            return CreateServer(options, handlerBeforeAuth: null);
+        }
+
+        private static TestServer CreateServer(JwtBearerOptions options, Func<HttpContext, Func<Task>, Task> handlerBeforeAuth)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
+                    if (handlerBeforeAuth != null)
+                    {
+                        app.Use(handlerBeforeAuth);
+                    }
+
                     if (options != null)
                     {
                         app.UseJwtBearerAuthentication(options);
@@ -622,6 +672,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     });
                 })
                 .ConfigureServices(services => services.AddAuthentication());
+
             return new TestServer(builder);
         }
 

From 926c7fab4bac4b5b5ec58adc08d069edafc21132 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Fri, 5 Aug 2016 14:34:36 -0700
Subject: [PATCH 595/900] Use async-wait pattern in
 HandleAuthenticateOnceSafeAsync

---
 .../AuthenticationHandler.cs                             | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 9141e8811d..d0528186c0 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -255,18 +255,15 @@ namespace Microsoft.AspNetCore.Authentication
         /// This method won't throw exception. Any exception thrown during the authentication will be convert
         /// to a AuthenticateResult.
         /// </summary>
-        protected Task<AuthenticateResult> HandleAuthenticateOnceSafeAsync()
+        protected async Task<AuthenticateResult> HandleAuthenticateOnceSafeAsync()
         {
             try
             {
-                return HandleAuthenticateOnceAsync().ContinueWith<AuthenticateResult>(
-                    task => task.IsFaulted ? AuthenticateResult.Fail(task.Exception) : task.Result
-                );
+                return await HandleAuthenticateOnceAsync();
             }
             catch (Exception ex)
             {
-                // capture exception which is thrown before the task is actually started
-                return Task.FromResult(AuthenticateResult.Fail(ex));
+                return AuthenticateResult.Fail(ex);
             }
         }
 

From a344684d062ace8691185633a8c233d3e9592cf3 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Fri, 5 Aug 2016 15:27:37 -0700
Subject: [PATCH 596/900] Use HandleAuthenticateOnceSafeAsync in Cookie auth

---
 .../CookieAuthenticationHandler.cs                              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 302010429b..9a26667aca 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -165,7 +165,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
 
             // REVIEW: Should this check if there was an error, and then if that error was already handled??
-            var ticket = (await HandleAuthenticateOnceAsync())?.Ticket;
+            var ticket = (await HandleAuthenticateOnceSafeAsync())?.Ticket;
             if (ticket != null)
             {
                 if (_refreshIssuedUtc.HasValue)

From 74e5777435503e37e7129dbbf49871b5fbd1f997 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Fri, 5 Aug 2016 22:00:37 -0700
Subject: [PATCH 597/900] Update comments

---
 .../CookieAuthenticationHandler.cs                  |  1 -
 .../AuthenticationHandler.cs                        | 13 +++++--------
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 9a26667aca..b147181af4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -164,7 +164,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 return;
             }
 
-            // REVIEW: Should this check if there was an error, and then if that error was already handled??
             var ticket = (await HandleAuthenticateOnceSafeAsync())?.Ticket;
             if (ticket != null)
             {
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index d0528186c0..1e642d82dd 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -234,9 +234,8 @@ namespace Microsoft.AspNetCore.Authentication
         }
 
         /// <summary>
-        /// Handle the authentication for once.
-        ///
-        /// If the authentication has been done before returns the last authentication result.
+        /// Used to ensure HandleAuthenticateAsync is only invoked once. The subsequent calls
+        /// will return the same authenticate result.
         /// </summary>
         protected Task<AuthenticateResult> HandleAuthenticateOnceAsync()
         {
@@ -249,11 +248,9 @@ namespace Microsoft.AspNetCore.Authentication
         }
 
         /// <summary>
-        /// Handle the authentication for once.
-        ///
-        /// If the authentication has been done before returns the last authentication result.
-        /// This method won't throw exception. Any exception thrown during the authentication will be convert
-        /// to a AuthenticateResult.
+        /// Used to ensure HandleAuthenticateAsync is only invoked once safely. The subsequent
+        /// calls will return the same authentication result. Any exceptions will be converted
+        /// into a failed authenticatoin result containing the exception.
         /// </summary>
         protected async Task<AuthenticateResult> HandleAuthenticateOnceSafeAsync()
         {

From 2bc207fa8c15eda49db12cbc4c9d7de9332e5194 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 9 Aug 2016 15:11:18 -0700
Subject: [PATCH 598/900] Switching to dotnet.myget.org feed

---
 NuGet.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.config b/NuGet.config
index 5500f6d507..0fd623ffdd 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetcidev/api/v3/index.json" />
+    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>

From 6a9f1f9887ec5983da5c20b4d8b788929d7b1b32 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 9 Aug 2016 11:15:40 -0700
Subject: [PATCH 599/900] Honor AuthenticationProperties.RedirectUri in
 CookieAuthenticationHandler

---
 .../CookieAuthenticationHandler.cs               | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index b147181af4..528e11c85b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -311,14 +311,24 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
             Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
             Response.Headers[HeaderNames.Expires] = HeaderValueMinusOne;
+
             if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
             {
+                CookieRedirectContext redirectContext = null;
+                
                 var query = Request.Query;
                 var redirectUri = query[Options.ReturnUrlParameter];
-                if (!StringValues.IsNullOrEmpty(redirectUri)
-                    && IsHostRelative(redirectUri))
+                if (!StringValues.IsNullOrEmpty(redirectUri) && IsHostRelative(redirectUri))
+                {
+                    redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
+                }
+                else if (!string.IsNullOrEmpty(properties.RedirectUri) && IsHostRelative(properties.RedirectUri))
+                {
+                    redirectContext = new CookieRedirectContext(Context, Options, properties.RedirectUri, properties);
+                }
+
+                if (redirectContext != null)
                 {
-                    var redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
                     await Options.Events.RedirectToReturnUrl(redirectContext);
                 }
             }

From 1ef62a40b38be955baddb88029b4a69184bc9b25 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 9 Aug 2016 16:15:49 -0700
Subject: [PATCH 600/900] Add test for CookieAuthentication

---
 .../Cookies/CookieMiddlewareTests.cs          | 48 ++++++++++++++++++-
 1 file changed, 47 insertions(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index fa4a4502ff..a5283c80f1 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -90,7 +90,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.True(responded.Single().StartsWith("http://example.com/Account/Login"));
         }
 
-
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
@@ -1052,6 +1051,53 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("?ReturnUrl=%2F", location.Query);
         }
 
+        [Fact]
+        public async Task RedirectUriIsHoneredAfterSignin()
+        {
+            var options = new CookieAuthenticationOptions
+            {
+                LoginPath = "/testpath",
+                CookieName = "TestCookie"
+            };
+
+            var server = CreateServer(options, async context =>
+            {
+                await context.Authentication.SignInAsync(
+                    CookieAuthenticationDefaults.AuthenticationScheme,
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))),
+                    new AuthenticationProperties { RedirectUri = "/redirect_test" });
+            });
+            var transaction = await SendAsync(server, "http://example.com/testpath");
+
+            Assert.NotEmpty(transaction.SetCookie);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/redirect_test", transaction.Response.Headers.Location.ToString());
+        }
+
+        [Fact]
+        public async Task EnsurePrecedenceOfRedirectUriAfterSignin()
+        {
+            var options = new CookieAuthenticationOptions
+            {
+                LoginPath = "/testpath",
+                ReturnUrlParameter = "return",
+                CookieName = "TestCookie"
+            };
+
+            var server = CreateServer(options, async context =>
+            {
+                await context.Authentication.SignInAsync(
+                    CookieAuthenticationDefaults.AuthenticationScheme,
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))),
+                    new AuthenticationProperties { RedirectUri = "/redirect_test" });
+            });
+            var transaction = await SendAsync(server, "http://example.com/testpath?return=%2Fret_path_2");
+
+            Assert.NotEmpty(transaction.SetCookie);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/ret_path_2", transaction.Response.Headers.Location.ToString());
+        }
+
         [Fact]
         public async Task NestedMapWillNotAffectAccessDenied()
         {

From 97afe4acc8a07c8c64da03b69aa3718cd1dbebbb Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 10 Aug 2016 09:42:24 -0700
Subject: [PATCH 601/900] Adjust the redirect URI precedence in cookie auth

---
 .../CookieAuthenticationHandler.cs            | 23 +++++++++--------
 .../Cookies/CookieMiddlewareTests.cs          | 25 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 528e11c85b..e9eff38ac4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -315,20 +315,23 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
             {
                 CookieRedirectContext redirectContext = null;
-                
-                var query = Request.Query;
-                var redirectUri = query[Options.ReturnUrlParameter];
-                if (!StringValues.IsNullOrEmpty(redirectUri) && IsHostRelative(redirectUri))
+
+                // set redirect uri in order:
+                // 1. properties.RedirectUri
+                // 2. query parameter ReturnUrlParameter
+                var redirectUri = properties.RedirectUri;
+                if (string.IsNullOrEmpty(redirectUri) || !IsHostRelative(redirectUri))
                 {
-                    redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
-                }
-                else if (!string.IsNullOrEmpty(properties.RedirectUri) && IsHostRelative(properties.RedirectUri))
-                {
-                    redirectContext = new CookieRedirectContext(Context, Options, properties.RedirectUri, properties);
+                    redirectUri = Request.Query[Options.ReturnUrlParameter];
+                    if (string.IsNullOrEmpty(redirectUri) || !IsHostRelative(redirectUri))
+                    {
+                        redirectUri = null;
+                    }
                 }
 
-                if (redirectContext != null)
+                if (redirectUri != null)
                 {
+                    redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
                     await Options.Events.RedirectToReturnUrl(redirectContext);
                 }
             }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index a5283c80f1..9fc36e6d9c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -1074,6 +1074,29 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("/redirect_test", transaction.Response.Headers.Location.ToString());
         }
 
+        [Fact]
+        public async Task RedirectUriInQueryIsHoneredAfterSignin()
+        {
+            var options = new CookieAuthenticationOptions
+            {
+                LoginPath = "/testpath",
+                ReturnUrlParameter = "return",
+                CookieName = "TestCookie"
+            };
+
+            var server = CreateServer(options, async context =>
+            {
+                await context.Authentication.SignInAsync(
+                    CookieAuthenticationDefaults.AuthenticationScheme,
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))));
+            });
+            var transaction = await SendAsync(server, "http://example.com/testpath?return=%2Fret_path_2");
+
+            Assert.NotEmpty(transaction.SetCookie);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/ret_path_2", transaction.Response.Headers.Location.ToString());
+        }
+
         [Fact]
         public async Task EnsurePrecedenceOfRedirectUriAfterSignin()
         {
@@ -1095,7 +1118,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             Assert.NotEmpty(transaction.SetCookie);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/ret_path_2", transaction.Response.Headers.Location.ToString());
+            Assert.Equal("/redirect_test", transaction.Response.Headers.Location.ToString());
         }
 
         [Fact]

From 4600451dc673574a7705cd5110ed375a83155b1d Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 11 Aug 2016 08:48:47 -0700
Subject: [PATCH 602/900] Allow absolute uri in authentication properties for
 cookie auth redirect

---
 .../CookieAuthenticationHandler.cs            |  2 +-
 .../Cookies/CookieMiddlewareTests.cs          | 32 ++++++++++++++++---
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index e9eff38ac4..ff77815ce4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -320,7 +320,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 // 1. properties.RedirectUri
                 // 2. query parameter ReturnUrlParameter
                 var redirectUri = properties.RedirectUri;
-                if (string.IsNullOrEmpty(redirectUri) || !IsHostRelative(redirectUri))
+                if (string.IsNullOrEmpty(redirectUri))
                 {
                     redirectUri = Request.Query[Options.ReturnUrlParameter];
                     if (string.IsNullOrEmpty(redirectUri) || !IsHostRelative(redirectUri))
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 9fc36e6d9c..4a4d19a021 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -1051,8 +1051,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("?ReturnUrl=%2F", location.Query);
         }
 
-        [Fact]
-        public async Task RedirectUriIsHoneredAfterSignin()
+        [Theory]
+        [InlineData("/redirect_test")]
+        [InlineData("http://example.com/redirect_to")]
+        public async Task RedirectUriIsHoneredAfterSignin(string redirectUrl)
         {
             var options = new CookieAuthenticationOptions
             {
@@ -1065,13 +1067,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 await context.Authentication.SignInAsync(
                     CookieAuthenticationDefaults.AuthenticationScheme,
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))),
-                    new AuthenticationProperties { RedirectUri = "/redirect_test" });
+                    new AuthenticationProperties { RedirectUri = redirectUrl });
             });
             var transaction = await SendAsync(server, "http://example.com/testpath");
 
             Assert.NotEmpty(transaction.SetCookie);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/redirect_test", transaction.Response.Headers.Location.ToString());
+            Assert.Equal(redirectUrl, transaction.Response.Headers.Location.ToString());
         }
 
         [Fact]
@@ -1097,6 +1099,28 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("/ret_path_2", transaction.Response.Headers.Location.ToString());
         }
 
+        [Fact]
+        public async Task AbsoluteRedirectUriIsRejected()
+        {
+            var options = new CookieAuthenticationOptions
+            {
+                LoginPath = "/testpath",
+                ReturnUrlParameter = "return",
+                CookieName = "TestCookie"
+            };
+
+            var server = CreateServer(options, async context =>
+            {
+                await context.Authentication.SignInAsync(
+                    CookieAuthenticationDefaults.AuthenticationScheme,
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))));
+            });
+            var transaction = await SendAsync(server, "http://example.com/testpath?return=http%3A%2F%2Fexample.com%2Fredirect_to");
+
+            Assert.NotEmpty(transaction.SetCookie);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
         [Fact]
         public async Task EnsurePrecedenceOfRedirectUriAfterSignin()
         {

From 26a7c7016db3b83dfcc7aab4ccfa25fc9e21a850 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 11 Aug 2016 10:15:07 -0700
Subject: [PATCH 603/900] Minor updates to CookieAuthenticationHandler and its
 tests

1. Remove unnecessary variable declaration.
2. Update test name to a more accurate description.
---
 .../CookieAuthenticationHandler.cs                         | 7 ++-----
 .../Cookies/CookieMiddlewareTests.cs                       | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index ff77815ce4..9b45738756 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -11,7 +11,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
@@ -314,8 +313,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
             {
-                CookieRedirectContext redirectContext = null;
-
                 // set redirect uri in order:
                 // 1. properties.RedirectUri
                 // 2. query parameter ReturnUrlParameter
@@ -331,8 +328,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
                 if (redirectUri != null)
                 {
-                    redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
-                    await Options.Events.RedirectToReturnUrl(redirectContext);
+                    await Options.Events.RedirectToReturnUrl(
+                        new CookieRedirectContext(Context, Options, redirectUri, properties));
                 }
             }
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 4a4d19a021..942b1c4a5f 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -1100,7 +1100,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         }
 
         [Fact]
-        public async Task AbsoluteRedirectUriIsRejected()
+        public async Task AbsoluteRedirectUriInQueryStringIsRejected()
         {
             var options = new CookieAuthenticationOptions
             {

From fb0a577dd1ef5faf44aee7bb1dabb9376e45c8b9 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 11 Aug 2016 14:03:17 -0700
Subject: [PATCH 604/900] Add comments to CookieAuthenticationHandler

---
 .../CookieAuthenticationHandler.cs                             | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 9b45738756..f11f69e1c9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -316,6 +316,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 // set redirect uri in order:
                 // 1. properties.RedirectUri
                 // 2. query parameter ReturnUrlParameter
+                //
+                // Absolute uri is not allowed if it is from query string as query string is not
+                // a trusted source.
                 var redirectUri = properties.RedirectUri;
                 if (string.IsNullOrEmpty(redirectUri))
                 {

From 936a4f6092810dd43a91aea18b222ed5a3ec303f Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 17 Aug 2016 16:20:56 -0700
Subject: [PATCH 605/900] Update OpenId Connect Configuration tests

1. Move configuration related tests to their own class;
2. Add tests to cover missing options scenarios;
3. Add TestDefaultValues class for default values used in OpenId connect
tests.
---
 .../Infrastructure/TestDefaultValues.cs       |  10 ++
 .../OpenIdConnectConfigurationTests.cs        | 121 ++++++++++++++++++
 .../OpenIdConnectMiddlewareTests.cs           |  94 +++-----------
 3 files changed, 149 insertions(+), 76 deletions(-)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs
new file mode 100644
index 0000000000..de921bb96a
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs
@@ -0,0 +1,10 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect.Infrastructre
+{
+    internal class TestDefaultValues
+    {
+        public static readonly string DefaultAuthority = @"https://example.com/common";
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
new file mode 100644
index 0000000000..4ada6ff859
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -0,0 +1,121 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect.Infrastructre;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+{
+    public class OpenIdConnectConfigurationTests
+    {
+        [Fact]
+        public void MetadataAddressIsGeneratedFromAuthorityWhenMissing()
+        {
+            var options = new OpenIdConnectOptions
+            {
+                Authority = TestDefaultValues.DefaultAuthority,
+                ClientId = Guid.NewGuid().ToString(),
+                SignInScheme = Guid.NewGuid().ToString()
+            };
+
+            BuildTestServer(options);
+
+            Assert.Equal($"{options.Authority}/.well-known/openid-configuration", options.MetadataAddress);
+        }
+
+        public void ThrowsWhenSignInSchemeIsMissing()
+        {
+            TestConfigurationException<ArgumentException>(
+                new OpenIdConnectOptions
+                {
+                    Authority = TestDefaultValues.DefaultAuthority,
+                    ClientId = Guid.NewGuid().ToString()
+                },
+                ex => Assert.Equal("SignInScheme", ex.ParamName));
+        }
+
+        [Fact]
+        public void ThrowsWhenClientIdIsMissing()
+        {
+            TestConfigurationException<ArgumentException>(
+                new OpenIdConnectOptions
+                {
+                    SignInScheme = "TestScheme",
+                    Authority = TestDefaultValues.DefaultAuthority,
+                },
+                ex => Assert.Equal("ClientId", ex.ParamName));
+        }
+
+        [Fact]
+        public void ThrowsWhenAuthorityIsMissing()
+        {
+            TestConfigurationException<InvalidOperationException>(
+                new OpenIdConnectOptions
+                {
+                    SignInScheme = "TestScheme",
+                    ClientId = "Test Id",
+                },
+                ex => Assert.Equal("Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions", ex.Message)
+            );
+        }
+
+        [Fact]
+        public void ThrowsWhenAuthorityIsNotHttps()
+        {
+            TestConfigurationException<InvalidOperationException>(
+                new OpenIdConnectOptions
+                {
+                    SignInScheme = "TestScheme",
+                    ClientId = "Test Id",
+                    Authority = "http://example.com"
+                },
+                ex => Assert.Equal("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.", ex.Message)
+            );
+        }
+
+        [Fact]
+        public void ThrowsWhenMetadataAddressIsNotHttps()
+        {
+            TestConfigurationException<InvalidOperationException>(
+                new OpenIdConnectOptions
+                {
+                    SignInScheme = "TestScheme",
+                    ClientId = "Test Id",
+                    MetadataAddress = "http://example.com"
+                },
+                ex => Assert.Equal("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.", ex.Message)
+            );
+        }
+
+        private TestServer BuildTestServer(OpenIdConnectOptions options)
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services => services.AddAuthentication())
+                .Configure(app => app.UseOpenIdConnectAuthentication(options));
+
+            return new TestServer(builder);
+        }
+
+        private void TestConfigurationException<T>(
+            OpenIdConnectOptions options,
+            Action<T> verifyException)
+            where T : Exception
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services => services.AddAuthentication())
+                .Configure(app => app.UseOpenIdConnectAuthentication(options));
+
+            var exception = Assert.Throws<T>(() =>
+            {
+                new TestServer(builder);
+            });
+
+            verifyException(exception);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 41154820b9..5853e38967 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -13,6 +13,7 @@ using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect.Infrastructre;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
@@ -32,7 +33,6 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         const string ChallengeWithOutContext = "/challengeWithOutContext";
         const string ChallengeWithProperties = "/challengeWithProperties";
         const string DefaultHost = @"https://example.com";
-        const string DefaultAuthority = @"https://example.com/common";
         const string ExpectedAuthorizeRequest = @"https://example.com/common/oauth2/signin";
         const string ExpectedLogoutRequest = @"https://example.com/common/oauth2/logout";
         const string Logout = "/logout";
@@ -44,7 +44,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             var server = CreateServer(new OpenIdConnectOptions
             {
-                Authority = DefaultAuthority,
+                Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = TestUtilities.DefaultOpenIdConnectConfiguration,
                 AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost
@@ -59,7 +59,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public async Task ChallengeWillSetDefaults()
         {
             var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            var queryValues = ExpectedQueryValues.Defaults(DefaultAuthority);
+            var queryValues = ExpectedQueryValues.Defaults(TestDefaultValues.DefaultAuthority);
             queryValues.State = OpenIdConnectDefaults.AuthenticationPropertiesKey + "=" + stateDataFormat.Protect(new AuthenticationProperties());
             var server = CreateServer(GetOptions(DefaultParameters(), queryValues));
 
@@ -73,7 +73,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             var server = CreateServer(new OpenIdConnectOptions
             {
-                Authority = DefaultAuthority,
+                Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = TestUtilities.DefaultOpenIdConnectConfiguration
             });
@@ -91,7 +91,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task ChallengeWillUseOptionsProperties()
         {
-            var queryValues = new ExpectedQueryValues(DefaultAuthority);
+            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
             var server = CreateServer(GetOptions(DefaultParameters(), queryValues));
 
             var transaction = await SendAsync(server, DefaultHost + Challenge);
@@ -111,14 +111,14 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 AuthorizationEndpoint = ExpectedAuthorizeRequest,
             };
 
-            var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
+            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority, configuration)
             {
                 RequestType = OpenIdConnectRequestType.Authentication
             };
             var server = CreateServer(GetProtocolMessageOptions());
             var transaction = await SendAsync(server, DefaultHost + Challenge);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] {});
+            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] { });
         }
 
         /// <summary>
@@ -133,7 +133,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 EndSessionEndpoint = ExpectedLogoutRequest
             };
 
-            var queryValues = new ExpectedQueryValues(DefaultAuthority, configuration)
+            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority, configuration)
             {
                 RequestType = OpenIdConnectRequestType.Logout
             };
@@ -198,7 +198,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Theory, MemberData("StateDataSet")]
         public async Task ChallengeSettingState(string userState, string challenge)
         {
-            var queryValues = new ExpectedQueryValues(DefaultAuthority);
+            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
             var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
             var properties = new AuthenticationProperties();
             if (challenge == ChallengeWithProperties)
@@ -255,8 +255,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task ChallengeWillUseEvents()
         {
-            var queryValues = new ExpectedQueryValues(DefaultAuthority);
-            var queryValuesSetInEvent = new ExpectedQueryValues(DefaultAuthority);
+            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
+            var queryValuesSetInEvent = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
             var options = GetOptions(DefaultParameters(), queryValues);
             options.Events = new OpenIdConnectEvents()
             {
@@ -285,10 +285,12 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                     options.ClientId = queryValues.ClientId;
                 else if (param.Equals(OpenIdConnectParameterNames.Resource))
                     options.Resource = queryValues.Resource;
-                else if (param.Equals(OpenIdConnectParameterNames.Scope)) {
+                else if (param.Equals(OpenIdConnectParameterNames.Scope))
+                {
                     options.Scope.Clear();
 
-                    foreach (var scope in queryValues.Scope.Split(' ')) {
+                    foreach (var scope in queryValues.Scope.Split(' '))
+                    {
                         options.Scope.Add(scope);
                     }
                 }
@@ -333,7 +335,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             var server = CreateServer(new OpenIdConnectOptions
             {
-                Authority = DefaultAuthority,
+                Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration
             });
@@ -349,7 +351,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             var server = CreateServer(new OpenIdConnectOptions
             {
-                Authority = DefaultAuthority,
+                Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration,
                 PostLogoutRedirectUri = "https://example.com/logout"
@@ -366,7 +368,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
             var server = CreateServer(new OpenIdConnectOptions
             {
-                Authority = DefaultAuthority,
+                Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration,
                 PostLogoutRedirectUri = "https://example.com/logout"
@@ -553,65 +555,5 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             return nonceTime;
         }
 
-        [Fact]
-        public void ThrowsWithNoClientId()
-        {
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
-                    {
-                        SignInScheme = "TestScheme",
-                        Authority = DefaultAuthority,
-                        Configuration = TestUtilities.DefaultOpenIdConnectConfiguration,
-                        AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost
-                    });
-                }).ConfigureServices(services =>
-                {
-                    services.AddAuthentication();
-                });
-
-            try
-            {
-                var server = new TestServer(builder);
-            }
-            catch (ArgumentException e)
-            {
-                Assert.Equal("ClientId", e.ParamName);
-                return;
-            }
-
-            Assert.True(false);
-        }
-
-        [Fact]
-        public void ThrowsWithNoConfigurationValues()
-        {
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
-                    {
-                        SignInScheme = "TestScheme",
-                        ClientId = "Test Id",
-                        AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost
-                    });
-                }).ConfigureServices(services =>
-                {
-                    services.AddAuthentication();
-                });
-
-            try
-            {
-                var server = new TestServer(builder);
-            }
-            catch (InvalidOperationException e)
-            {
-                Assert.Equal("Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions", e.Message);
-                return;
-            }
-
-            Assert.True(false);
-        }
     }
 }
\ No newline at end of file

From 6f15d616a8954420bcb277ed938de1b14f6dbd6f Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 1 Aug 2016 16:59:57 -0700
Subject: [PATCH 606/900] Add IAuthorizationEvaluator

---
 ...uthorizationServiceCollectionExtensions.cs |  1 +
 .../DefaultAuthorizationEvaluator.cs          | 31 +++++++++++++++++++
 .../DefaultAuthorizationService.cs            | 19 ++++++++++--
 .../IAuthorizationEvaluator.cs                | 25 +++++++++++++++
 .../DefaultAuthorizationServiceTests.cs       | 25 +++++++++++++++
 5 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
index c92be6232e..f56ea5c19e 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -27,6 +27,7 @@ namespace Microsoft.Extensions.DependencyInjection
             
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationPolicyProvider, DefaultAuthorizationPolicyProvider>());
+            services.TryAdd(ServiceDescriptor.Transient<IAuthorizationEvaluator, DefaultAuthorizationEvaluator>());
             services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             return services;
         }
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
new file mode 100644
index 0000000000..64cc695b88
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
@@ -0,0 +1,31 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// Determines whether an authorization request was successful or not.
+    /// </summary>
+    public class DefaultAuthorizationEvaluator : IAuthorizationEvaluator
+    {
+        /// <summary>
+        /// Returns true, if authorization has failed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has failed.</returns>
+        public virtual bool HasFailed(AuthorizationHandlerContext context)
+        {
+            return context.HasFailed;
+        }
+
+        /// <summary>
+        /// Returns true, if authorization has succeeded.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has succeeded.</returns>
+        public virtual bool HasSucceeded(AuthorizationHandlerContext context)
+        {
+            return context.HasSucceeded;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 6665204eee..45ee4aa4a2 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -16,6 +16,7 @@ namespace Microsoft.AspNetCore.Authorization
     /// </summary>
     public class DefaultAuthorizationService : IAuthorizationService
     {
+        private readonly IAuthorizationEvaluator _evaluator;
         private readonly IAuthorizationPolicyProvider _policyProvider;
         private readonly IList<IAuthorizationHandler> _handlers;
         private readonly ILogger _logger;
@@ -26,7 +27,16 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
         /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) : this(policyProvider, handlers, logger, new DefaultAuthorizationEvaluator()) { }
+
+        /// <summary>
+        /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
+        /// </summary>
+        /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
+        /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
+        /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
+        /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param>  
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationEvaluator evaluator)
         {
             if (policyProvider == null)
             {
@@ -40,10 +50,15 @@ namespace Microsoft.AspNetCore.Authorization
             {
                 throw new ArgumentNullException(nameof(logger));
             }
+            if (evaluator == null)
+            {
+                throw new ArgumentNullException(nameof(evaluator));
+            }
 
             _handlers = handlers.ToArray();
             _policyProvider = policyProvider;
             _logger = logger;
+            _evaluator = evaluator;
         }
 
         /// <summary>
@@ -69,7 +84,7 @@ namespace Microsoft.AspNetCore.Authorization
                 await handler.HandleAsync(authContext);
             }
 
-            if (authContext.HasSucceeded)
+            if (_evaluator.HasSucceeded(authContext))
             {
                 _logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
                 return true;
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
new file mode 100644
index 0000000000..7b2c5d1bc5
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// Determines whether an authorization request was successful or not.
+    /// </summary>
+    public interface IAuthorizationEvaluator
+    {
+        /// <summary>
+        /// Returns true, if authorization has failed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has failed.</returns>
+        bool HasFailed(AuthorizationHandlerContext context);
+
+        /// <summary>
+        /// Returns true, if authorization has succeeded.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has succeeded.</returns>
+        bool HasSucceeded(AuthorizationHandlerContext context);
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 19bd761e05..749a11dc34 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -1019,5 +1019,30 @@ namespace Microsoft.AspNetCore.Authorization.Test
             Assert.True(await authorizationService.AuthorizeAsync(user, "2"));
             Assert.False(await authorizationService.AuthorizeAsync(user, "3"));
         }
+
+        public class SuccessEvaluator : IAuthorizationEvaluator
+        {
+            public bool HasFailed(AuthorizationHandlerContext context)
+            {
+                return false;
+            }
+
+            public bool HasSucceeded(AuthorizationHandlerContext context)
+            {
+                return true;
+            }
+        }
+
+        [Fact]
+        public async Task CanUseCustomEvaluatorThatOverridesRequirement()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                // This will ignore the policy options
+                services.AddSingleton<IAuthorizationEvaluator, SuccessEvaluator>();
+                services.AddAuthorization(options => options.AddPolicy("Fail", p => p.RequireAssertion(c => false)));
+            });
+            Assert.True(await authorizationService.AuthorizeAsync(null, "Fail"));
+        }
     }
 }
\ No newline at end of file

From d291bb7c249ae989ea848c8ff378186ae42606d1 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 2 Aug 2016 17:55:10 -0700
Subject: [PATCH 607/900] Add AuthZHandlerContextFactory

---
 .../AuthorizationHandlerContext.cs            | 16 +++----
 ...uthorizationServiceCollectionExtensions.cs |  1 +
 ...faultAuthorizationHandlerContextFactory.cs | 29 +++++++++++++
 .../DefaultAuthorizationService.cs            | 13 ++++--
 .../IAuthorizationHandlerContextFactory.cs    | 26 +++++++++++
 .../DefaultAuthorizationServiceTests.cs       | 43 ++++++++++++++++++-
 6 files changed, 116 insertions(+), 12 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
index 5dc57c278a..b6378e4073 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
@@ -42,32 +42,32 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// The collection of all the <see cref="IAuthorizationRequirement"/> for the current authorization action.
         /// </summary>
-        public IEnumerable<IAuthorizationRequirement> Requirements { get; }
+        public virtual IEnumerable<IAuthorizationRequirement> Requirements { get; }
 
         /// <summary>
         /// The <see cref="ClaimsPrincipal"/> representing the current user.
         /// </summary>
-        public ClaimsPrincipal User { get; }
+        public virtual ClaimsPrincipal User { get; }
 
         /// <summary>
         /// The optional resource to evaluate the <see cref="AuthorizationHandlerContext.Requirements"/> against.
         /// </summary>
-        public object Resource { get; }
+        public virtual object Resource { get; }
 
         /// <summary>
         /// Gets the requirements that have not yet been marked as succeeded.
         /// </summary>
-        public IEnumerable<IAuthorizationRequirement> PendingRequirements { get { return _pendingRequirements; } }
+        public virtual IEnumerable<IAuthorizationRequirement> PendingRequirements { get { return _pendingRequirements; } }
 
         /// <summary>
         /// Flag indicating whether the current authorization processing has failed.
         /// </summary>
-        public bool HasFailed { get { return _failCalled; } }
+        public virtual bool HasFailed { get { return _failCalled; } }
 
         /// <summary>
         /// Flag indicating whether the current authorization processing has succeeded.
         /// </summary>
-        public bool HasSucceeded
+        public virtual bool HasSucceeded
         {
             get
             {
@@ -79,7 +79,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// Called to indicate <see cref="AuthorizationHandlerContext.HasSucceeded"/> will
         /// never return true, even if all requirements are met.
         /// </summary>
-        public void Fail()
+        public virtual void Fail()
         {
             _failCalled = true;
         }
@@ -89,7 +89,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// successfully evaluated.
         /// </summary>
         /// <param name="requirement">The requirement whose evaluation has succeeded.</param>
-        public void Succeed(IAuthorizationRequirement requirement)
+        public virtual void Succeed(IAuthorizationRequirement requirement)
         {
             _succeedCalled = true;
             _pendingRequirements.Remove(requirement);
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
index f56ea5c19e..a9961b69ef 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -28,6 +28,7 @@ namespace Microsoft.Extensions.DependencyInjection
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationPolicyProvider, DefaultAuthorizationPolicyProvider>());
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationEvaluator, DefaultAuthorizationEvaluator>());
+            services.TryAdd(ServiceDescriptor.Transient<IAuthorizationHandlerContextFactory, DefaultAuthorizationHandlerContextFactory>());
             services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             return services;
         }
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
new file mode 100644
index 0000000000..2dae5e5e73
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
@@ -0,0 +1,29 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// A type used to provide a <see cref="AuthorizationHandlerContext"/> used for authorization.
+    /// </summary>
+    public class DefaultAuthorizationHandlerContextFactory : IAuthorizationHandlerContextFactory
+    {
+        /// <summary>
+        /// Creates a <see cref="AuthorizationHandlerContext"/> used for authorization.
+        /// </summary>
+        /// <param name="requirements">The requirements to evaluate.</param>
+        /// <param name="user">The user to evaluate the requirements against.</param>
+        /// <param name="resource">
+        /// An optional resource the policy should be checked with.
+        /// If a resource is not required for policy evaluation you may pass null as the value.
+        /// </param>
+        /// <returns>The <see cref="AuthorizationHandlerContext"/>.</returns>
+        public virtual AuthorizationHandlerContext CreateContext(IEnumerable<IAuthorizationRequirement> requirements, ClaimsPrincipal user, object resource)
+        {
+            return new AuthorizationHandlerContext(requirements, user, resource);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 45ee4aa4a2..89777eab01 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -16,6 +16,7 @@ namespace Microsoft.AspNetCore.Authorization
     /// </summary>
     public class DefaultAuthorizationService : IAuthorizationService
     {
+        private readonly IAuthorizationHandlerContextFactory _contextFactory;
         private readonly IAuthorizationEvaluator _evaluator;
         private readonly IAuthorizationPolicyProvider _policyProvider;
         private readonly IList<IAuthorizationHandler> _handlers;
@@ -27,7 +28,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
         /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) : this(policyProvider, handlers, logger, new DefaultAuthorizationEvaluator()) { }
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) : this(policyProvider, handlers, logger, new DefaultAuthorizationHandlerContextFactory(), new DefaultAuthorizationEvaluator()) { }
 
         /// <summary>
         /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
@@ -35,8 +36,9 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
         /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
+        /// <param name="contextFactory">The <see cref="IAuthorizationHandlerContextFactory"/> used to create the context to handle the authorization.</param>  
         /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationEvaluator evaluator)
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator)
         {
             if (policyProvider == null)
             {
@@ -50,6 +52,10 @@ namespace Microsoft.AspNetCore.Authorization
             {
                 throw new ArgumentNullException(nameof(logger));
             }
+            if (contextFactory == null)
+            {
+                throw new ArgumentNullException(nameof(contextFactory));
+            }
             if (evaluator == null)
             {
                 throw new ArgumentNullException(nameof(evaluator));
@@ -59,6 +65,7 @@ namespace Microsoft.AspNetCore.Authorization
             _policyProvider = policyProvider;
             _logger = logger;
             _evaluator = evaluator;
+            _contextFactory = contextFactory;
         }
 
         /// <summary>
@@ -78,7 +85,7 @@ namespace Microsoft.AspNetCore.Authorization
                 throw new ArgumentNullException(nameof(requirements));
             }
 
-            var authContext = new AuthorizationHandlerContext(requirements, user, resource);
+            var authContext = _contextFactory.CreateContext(requirements, user, resource);
             foreach (var handler in _handlers)
             {
                 await handler.HandleAsync(authContext);
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
new file mode 100644
index 0000000000..272109eea9
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// A type used to provide a <see cref="AuthorizationHandlerContext"/> used for authorization.
+    /// </summary>
+    public interface IAuthorizationHandlerContextFactory
+    {
+        /// <summary>
+        /// Creates a <see cref="AuthorizationHandlerContext"/> used for authorization.
+        /// </summary>
+        /// <param name="requirements">The requirements to evaluate.</param>
+        /// <param name="user">The user to evaluate the requirements against.</param>
+        /// <param name="resource">
+        /// An optional resource the policy should be checked with.
+        /// If a resource is not required for policy evaluation you may pass null as the value.
+        /// </param>
+        /// <returns>The <see cref="AuthorizationHandlerContext"/>.</returns>
+        AuthorizationHandlerContext CreateContext(IEnumerable<IAuthorizationRequirement> requirements, ClaimsPrincipal user, object resource);
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 749a11dc34..7f9e5642ae 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -1038,11 +1038,52 @@ namespace Microsoft.AspNetCore.Authorization.Test
         {
             var authorizationService = BuildAuthorizationService(services =>
             {
-                // This will ignore the policy options
                 services.AddSingleton<IAuthorizationEvaluator, SuccessEvaluator>();
                 services.AddAuthorization(options => options.AddPolicy("Fail", p => p.RequireAssertion(c => false)));
             });
             Assert.True(await authorizationService.AuthorizeAsync(null, "Fail"));
         }
+
+
+        public class BadContextMaker : IAuthorizationHandlerContextFactory
+        {
+            public AuthorizationHandlerContext CreateContext(IEnumerable<IAuthorizationRequirement> requirements, ClaimsPrincipal user, object resource)
+            {
+                return new BadContext();
+            }
+        }
+
+        public class BadContext : AuthorizationHandlerContext
+        {
+            public BadContext() : base(new List<IAuthorizationRequirement>(), null, null) { }
+
+            public override bool HasFailed
+            {
+                get
+                {
+                    return true;
+                }
+            }
+
+            public override bool HasSucceeded
+            {
+                get
+                {
+                    return false;
+                }
+            }
+        }
+
+        [Fact]
+        public async Task CanUseCustomContextThatAlwaysFails()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddSingleton<IAuthorizationHandlerContextFactory, BadContextMaker>();
+                services.AddAuthorization(options => options.AddPolicy("Success", p => p.RequireAssertion(c => true)));
+            });
+            Assert.False(await authorizationService.AuthorizeAsync(null, "Success"));
+        }
+
     }
 }
\ No newline at end of file

From 6ca981e4dfae5e17dafc4c5b89313b2a9591ef83 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 17 Aug 2016 13:02:28 -0700
Subject: [PATCH 608/900] Refine OIDC sample

1. Add signout remote scenario
2. Use bootstrap to enhance the view
3. Improve readability
---
 .../OpenIdConnect.AzureAdSample/Startup.cs    | 107 +++++++++++++-----
 1 file changed, 76 insertions(+), 31 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 8a2b7f4412..f0c2f7c221 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -1,5 +1,7 @@
 using System;
+using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
@@ -103,47 +105,90 @@ namespace OpenIdConnect.AzureAdSample
                 if (context.Request.Path.Equals("/signout"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    context.Response.ContentType = "text/html";
-                    await context.Response.WriteAsync($"<html><body>Signing out {context.User.Identity.Name}<br>{Environment.NewLine}");
-                    await context.Response.WriteAsync("<a href=\"/\">Sign In</a>");
-                    await context.Response.WriteAsync($"</body></html>");
-                    return;
+                    await WriteHtmlAsync(context.Response,
+                        response => response.WriteAsync($"<h1>Signed out locally: {context.User.Identity.Name}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
                 }
-
-                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
+                else if (context.Request.Path.Equals("/signout-remote"))
                 {
-                    await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
-                    return;
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
+                    {
+                        RedirectUri = "/remote-signedout"
+                    });
                 }
-
-                context.Response.ContentType = "text/html";
-                await context.Response.WriteAsync($"<html><body>Hello Authenticated User {context.User.Identity.Name}<br>{Environment.NewLine}");
-                await context.Response.WriteAsync("Claims:<br>" + Environment.NewLine);
-                foreach (var claim in context.User.Claims)
+                else if (context.Request.Path.Equals("/remote-signedout"))
                 {
-                    await context.Response.WriteAsync($"{claim.Type}: {claim.Value}<br>{Environment.NewLine}");
+                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await WriteHtmlAsync(context.Response,
+                        response => response.WriteAsync($"<h1>Signed out remotely: {context.User.Identity.Name}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
                 }
-
-                await context.Response.WriteAsync("Tokens:<br>" + Environment.NewLine);
-                try
+                else
                 {
-                    // Use ADAL to get the right token
-                    var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForApiCalls(context, CookieAuthenticationDefaults.AuthenticationScheme));
-                    var credential = new ClientCredential(clientId, clientSecret);
-                    string userObjectID = context.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
-                    var result = await authContext.AcquireTokenSilentAsync(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
+                    if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
+                    {
+                        await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+                        return;
+                    }
 
-                    await context.Response.WriteAsync($"access_token: {result.AccessToken}<br>{Environment.NewLine}");
-                }
-                catch (Exception ex)
-                {
-                    await context.Response.WriteAsync($"AquireToken error: {ex.Message}<br>{Environment.NewLine}");
-                }
+                    await WriteHtmlAsync(context.Response, async response =>
+                    {
+                        await response.WriteAsync($"<h1>Hello Authenticated User {context.User.Identity.Name}</h1>");
+                        await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out Locally</a>");
+                        await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remotely</a>");
 
-                await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a>");
-                await context.Response.WriteAsync($"</body></html>");
+                        await response.WriteAsync("<h2>Claims:</h2>");
+                        await WriteTableHeader(response, new string[] { "Claim Type", "Value" }, context.User.Claims.Select(c => new string[] { c.Type, c.Value }));
+
+                        await response.WriteAsync("<h2>Tokens:</h2>");
+                        try
+                        {
+                            // Use ADAL to get the right token
+                            var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForApiCalls(context, CookieAuthenticationDefaults.AuthenticationScheme));
+                            var credential = new ClientCredential(clientId, clientSecret);
+                            string userObjectID = context.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
+                            var result = await authContext.AcquireTokenSilentAsync(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
+
+                            await response.WriteAsync($"<h3>access_token</h3><code>{result.AccessToken}</code><br>");
+                        }
+                        catch (Exception ex)
+                        {
+                            await response.WriteAsync($"AquireToken error: {ex.Message}<br>{Environment.NewLine}");
+                        }
+                    });
+                }
             });
         }
+
+        private static async Task WriteHtmlAsync(HttpResponse response, Func<HttpResponse, Task> writeContent)
+        {
+            var bootstrap = "<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\" integrity=\"sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u\" crossorigin=\"anonymous\">";
+
+            response.ContentType = "text/html";
+            await response.WriteAsync($"<html><head>{bootstrap}</head><body><div class=\"container\">");
+            await writeContent(response);
+            await response.WriteAsync("</div></body></html>");
+        }
+
+        private static async Task WriteTableHeader(HttpResponse response, IEnumerable<string> columns, IEnumerable<IEnumerable<string>> data)
+        {
+            await response.WriteAsync("<table class=\"table table-condensed\">");
+            await response.WriteAsync("<tr>");
+            foreach (var column in columns)
+            {
+                await response.WriteAsync($"<th>{column}</th>");
+            }
+            await response.WriteAsync("</tr>");
+            foreach (var row in data)
+            {
+                await response.WriteAsync("<tr>");
+                foreach (var column in row)
+                {
+                    await response.WriteAsync($"<td>{column}</td>");
+                }
+                await response.WriteAsync("</tr>");
+            }
+            await response.WriteAsync("</table>");
+        }
     }
 }
 

From 91e5de4d690adb2469872776442db6e8c9b9658d Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 18 Aug 2016 16:51:46 -0700
Subject: [PATCH 609/900] Add HTML encoding to OpenIdConnect AzureSample

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index f0c2f7c221..45304e1bd6 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -106,7 +107,7 @@ namespace OpenIdConnect.AzureAdSample
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response,
-                        response => response.WriteAsync($"<h1>Signed out locally: {context.User.Identity.Name}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
+                        response => response.WriteAsync($"<h1>Signed out locally: {HtmlEncode(context.User.Identity.Name)}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
                 }
                 else if (context.Request.Path.Equals("/signout-remote"))
                 {
@@ -120,7 +121,7 @@ namespace OpenIdConnect.AzureAdSample
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response,
-                        response => response.WriteAsync($"<h1>Signed out remotely: {context.User.Identity.Name}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
+                        response => response.WriteAsync($"<h1>Signed out remotely: {HtmlEncode(context.User.Identity.Name)}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
                 }
                 else
                 {
@@ -132,7 +133,7 @@ namespace OpenIdConnect.AzureAdSample
 
                     await WriteHtmlAsync(context.Response, async response =>
                     {
-                        await response.WriteAsync($"<h1>Hello Authenticated User {context.User.Identity.Name}</h1>");
+                        await response.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(context.User.Identity.Name)}</h1>");
                         await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out Locally</a>");
                         await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remotely</a>");
 
@@ -152,7 +153,7 @@ namespace OpenIdConnect.AzureAdSample
                         }
                         catch (Exception ex)
                         {
-                            await response.WriteAsync($"AquireToken error: {ex.Message}<br>{Environment.NewLine}");
+                            await response.WriteAsync($"AquireToken error: {ex.Message}");
                         }
                     });
                 }
@@ -189,6 +190,9 @@ namespace OpenIdConnect.AzureAdSample
             }
             await response.WriteAsync("</table>");
         }
+
+        private static string HtmlEncode(string content) =>
+            string.IsNullOrEmpty(content) ? string.Empty : HtmlEncoder.Default.Encode(content);
     }
 }
 

From 7ea76f5e54a740ce6a4c2b56f2b0eaf685a586e1 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 22 Aug 2016 22:27:37 -0700
Subject: [PATCH 610/900] Update OpenID connect Azure sample

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 45304e1bd6..0645b995ed 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -107,7 +107,11 @@ namespace OpenIdConnect.AzureAdSample
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response,
-                        response => response.WriteAsync($"<h1>Signed out locally: {HtmlEncode(context.User.Identity.Name)}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
+                        async response =>
+                        {
+                            await response.WriteAsync($"<h1>Signed out locally: {HtmlEncode(context.User.Identity.Name)}</h1>");
+                            await response.WriteAsync("<a class=\"btn btn-primary\" href=\"/\">Sign In</a>");
+                        });
                 }
                 else if (context.Request.Path.Equals("/signout-remote"))
                 {
@@ -121,7 +125,11 @@ namespace OpenIdConnect.AzureAdSample
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response,
-                        response => response.WriteAsync($"<h1>Signed out remotely: {HtmlEncode(context.User.Identity.Name)}</h1><a class=\"btn btn-primary\" href=\"/\">Sign In</a>"));
+                        async response =>
+                        {
+                            await response.WriteAsync($"<h1>Signed out remotely: {HtmlEncode(context.User.Identity.Name)}</h1>");
+                            await response.WriteAsync("<a class=\"btn btn-primary\" href=\"/\">Sign In</a>");
+                        });
                 }
                 else
                 {

From 62f0f6e857c5648bc6573af20fe85d45abd4ac16 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 22 Aug 2016 22:30:11 -0700
Subject: [PATCH 611/900] HtmlEncode all user input in Azure OpenID sample

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 0645b995ed..fcfc7b4df0 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -157,7 +157,7 @@ namespace OpenIdConnect.AzureAdSample
                             string userObjectID = context.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
                             var result = await authContext.AcquireTokenSilentAsync(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
 
-                            await response.WriteAsync($"<h3>access_token</h3><code>{result.AccessToken}</code><br>");
+                            await response.WriteAsync($"<h3>access_token</h3><code>{HtmlEncode(result.AccessToken)}</code><br>");
                         }
                         catch (Exception ex)
                         {
@@ -184,7 +184,7 @@ namespace OpenIdConnect.AzureAdSample
             await response.WriteAsync("<tr>");
             foreach (var column in columns)
             {
-                await response.WriteAsync($"<th>{column}</th>");
+                await response.WriteAsync($"<th>{HtmlEncode(column)}</th>");
             }
             await response.WriteAsync("</tr>");
             foreach (var row in data)
@@ -192,7 +192,7 @@ namespace OpenIdConnect.AzureAdSample
                 await response.WriteAsync("<tr>");
                 foreach (var column in row)
                 {
-                    await response.WriteAsync($"<td>{column}</td>");
+                    await response.WriteAsync($"<td>{HtmlEncode(column)}</td>");
                 }
                 await response.WriteAsync("</tr>");
             }

From abc1b37ee1c912bb3b3d478ae94a543564e77255 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 22 Aug 2016 14:47:30 -0700
Subject: [PATCH 612/900] Update OpenId Connect Challenge Tests

1. Expand the test coverage: add tests covers events work flow.
2. Move OpenID connect challenge tests to their own class.
3. Further refactory the test settings and utilities.
---
 ...uthenticationPropertiesFormaterKeyValue.cs |  70 ---
 .../OpenIdConnect/ExpectedQueryValues.cs      | 175 -------
 .../Infrastructure/TestDefaultValues.cs       |  10 -
 .../OpenIdConnect/MockOpenIdConnectMessage.cs |  21 +
 .../OpenIdConnectChallengeTests.cs            | 322 +++++++++++++
 .../OpenIdConnectConfigurationTests.cs        |   1 -
 .../OpenIdConnectMiddlewareTests.cs           | 451 +-----------------
 .../OpenIdConnect/TestDefaultValues.cs        |  48 ++
 .../OpenIdConnect/TestServerBuilder.cs        |  97 ++++
 .../OpenIdConnect/TestSettings.cs             | 230 +++++++++
 .../OpenIdConnect/TestTransaction.cs          |  77 +++
 .../OpenIdConnect/TestUtilities.cs            |  37 --
 12 files changed, 817 insertions(+), 722 deletions(-)
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
deleted file mode 100644
index 1be4b80bca..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/AuthenticationPropertiesFormaterKeyValue.cs
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Http.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
-{
-    /// <summary>
-    /// This formatter creates an easy to read string of the format: "'key1' 'value1' ..."
-    /// </summary>
-    public class AuthenticationPropertiesFormaterKeyValue : ISecureDataFormat<AuthenticationProperties>
-    {
-        string _protectedString = Guid.NewGuid().ToString();
-
-        public string Protect(AuthenticationProperties data)
-        {
-            if (data == null || data.Items.Count == 0)
-            {
-                return "null";
-            }
-
-            var sb = new StringBuilder();
-            foreach(var item in data.Items)
-            {
-                sb.Append(Uri.EscapeDataString(item.Key) + " " + Uri.EscapeDataString(item.Value) + " ");
-            }
-
-            return sb.ToString();
-        }
-        public string Protect(AuthenticationProperties data, string purpose)
-        {
-            return Protect(data);
-        }
-
-        public AuthenticationProperties Unprotect(string protectedText)
-        {
-            if (string.IsNullOrEmpty(protectedText))
-            {
-                return null;
-            }
-
-            if (protectedText == "null")
-            {
-                return new AuthenticationProperties();
-            }
-
-            string[] items = protectedText.Split(' ');
-            if (items.Length % 2 != 0)
-            {
-                return null;
-            }
-
-            var propeties = new AuthenticationProperties();
-            for (int i = 0; i < items.Length - 1; i+=2)
-            {
-                propeties.Items.Add(items[i], items[i + 1]);
-            }
-
-            return propeties;
-        }
-
-        public AuthenticationProperties Unprotect(string protectedText, string purpose)
-        {
-            return Unprotect(protectedText);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
deleted file mode 100644
index 98df02ee61..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/ExpectedQueryValues.cs
+++ /dev/null
@@ -1,175 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Text;
-using System.Text.Encodings.Web;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Xunit;
-
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
-{
-    /// <summary>
-    /// This helper class is used to check that query string parameters are as expected.
-    /// </summary>
-    public class ExpectedQueryValues
-    {
-        public ExpectedQueryValues(string authority, OpenIdConnectConfiguration configuration = null)
-        {
-            Authority = authority;
-            Configuration = configuration ?? TestUtilities.DefaultOpenIdConnectConfiguration;
-        }
-
-        public static ExpectedQueryValues Defaults(string authority)
-        {
-            var result = new ExpectedQueryValues(authority);
-            result.Scope = OpenIdConnectScope.OpenIdProfile;
-            result.ResponseType = OpenIdConnectResponseType.CodeIdToken;
-            return result;
-        }
-
-        public void CheckValues(string query, IEnumerable<string> parameters)
-        {
-            var errors = new List<string>();
-            if (!query.StartsWith(ExpectedAuthority))
-            {
-                errors.Add("ExpectedAuthority: " + ExpectedAuthority);
-            }
-
-            foreach(var str in parameters)
-            {
-                if (str == OpenIdConnectParameterNames.ClientId)
-                {
-                    if (!query.Contains(ExpectedClientId))
-                        errors.Add("ExpectedClientId: " + ExpectedClientId);
-
-                    continue;
-                }
-
-                if (str == OpenIdConnectParameterNames.RedirectUri)
-                {
-                     if(!query.Contains(ExpectedRedirectUri))
-                        errors.Add("ExpectedRedirectUri: " + ExpectedRedirectUri);
-
-                    continue;
-                }
-
-                if (str == OpenIdConnectParameterNames.Resource)
-                {
-                    if(!query.Contains(ExpectedResource))
-                        errors.Add("ExpectedResource: " + ExpectedResource);
-
-                    continue;
-                }
-
-                if (str == OpenIdConnectParameterNames.ResponseMode)
-                {
-                    if(!query.Contains(ExpectedResponseMode))
-                        errors.Add("ExpectedResponseMode: " + ExpectedResponseMode);
-
-                    continue;
-                }
-
-                if (str == OpenIdConnectParameterNames.Scope)
-                {
-                    if (!query.Contains(ExpectedScope))
-                        errors.Add("ExpectedScope: " + ExpectedScope);
-
-                    continue;
-                }
-
-                if (str == OpenIdConnectParameterNames.State)
-                {
-                    if (!query.Contains(ExpectedState))
-                        errors.Add("ExpectedState: " + ExpectedState);
-
-                    continue;
-                }
-            }
-
-            if (errors.Count > 0)
-            {
-                var sb = new StringBuilder();
-                sb.AppendLine("query string not as expected: " + Environment.NewLine + query + Environment.NewLine);
-                foreach (var str in errors)
-                {
-                    sb.AppendLine(str);
-                }
-
-                Debug.WriteLine(sb.ToString());
-                Assert.True(false, sb.ToString());
-            }
-        }
-
-        public UrlEncoder Encoder { get; set; } = UrlEncoder.Default;
-
-        public string Authority { get; set; }
-
-        public string ClientId { get; set; } = Guid.NewGuid().ToString();
-
-        public string RedirectUri { get; set; } = Guid.NewGuid().ToString();
-
-        public OpenIdConnectRequestType RequestType { get; set; } = OpenIdConnectRequestType.Authentication;
-
-        public string Resource { get; set; } = Guid.NewGuid().ToString();
-
-        public string ResponseMode { get; set; } = OpenIdConnectResponseMode.FormPost;
-
-        public string ResponseType { get; set; } = Guid.NewGuid().ToString();
-
-        public string Scope { get; set; } = Guid.NewGuid().ToString();
-
-        public string State { get; set; } = Guid.NewGuid().ToString();
-
-        public string ExpectedAuthority
-        {
-            get
-            {
-                if (RequestType == OpenIdConnectRequestType.Token)
-                {
-                    return Configuration?.EndSessionEndpoint ?? Authority + @"/oauth2/token";
-                }
-                else if (RequestType == OpenIdConnectRequestType.Logout)
-                {
-                    return Configuration?.TokenEndpoint ?? Authority + @"/oauth2/logout";
-                }
-
-                return Configuration?.AuthorizationEndpoint ?? Authority + (@"/oauth2/authorize");
-            }
-        }
-
-        public OpenIdConnectConfiguration Configuration { get; set; }
-
-        public string ExpectedClientId
-        {
-            get { return OpenIdConnectParameterNames.ClientId + "=" + Encoder.Encode(ClientId); }
-        }
-
-        public string ExpectedRedirectUri
-        {
-            get { return OpenIdConnectParameterNames.RedirectUri + "=" + Encoder.Encode(RedirectUri); }
-        }
-
-        public string ExpectedResource
-        {
-            get { return OpenIdConnectParameterNames.Resource + "=" + Encoder.Encode(Resource); }
-        }
-
-        public string ExpectedResponseMode
-        {
-            get { return OpenIdConnectParameterNames.ResponseMode + "=" + Encoder.Encode(ResponseMode); }
-        }
-
-        public string ExpectedScope
-        {
-            get { return OpenIdConnectParameterNames.Scope + "=" + Encoder.Encode(Scope); }
-        }
-
-        public string ExpectedState
-        {
-            get { return Encoder.Encode(State); }
-        }
-    }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs
deleted file mode 100644
index de921bb96a..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/Infrastructure/TestDefaultValues.cs
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect.Infrastructre
-{
-    internal class TestDefaultValues
-    {
-        public static readonly string DefaultAuthority = @"https://example.com/common";
-    }
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
new file mode 100644
index 0000000000..432980f771
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
@@ -0,0 +1,21 @@
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+{
+    internal class MockOpenIdConnectMessage : OpenIdConnectMessage
+    {
+        public string TestAuthorizeEndpoint { get; set; }
+
+        public string TestLogoutRequest { get; set; }
+
+        public override string CreateAuthenticationRequestUrl()
+        {
+            return TestAuthorizeEndpoint ?? base.CreateAuthenticationRequestUrl();
+        }
+
+        public override string CreateLogoutRequestUrl()
+        {
+            return TestLogoutRequest ?? base.CreateLogoutRequestUrl();
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
new file mode 100644
index 0000000000..b2e2514d61
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -0,0 +1,322 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Net;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+{
+    public class OpenIdConnectChallengeTests
+    {
+        [Fact]
+        public async Task ChallengeIsIssuedCorrectly()
+        {
+            var settings = new TestSettings(
+                opt => opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet);
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+
+            settings.ValidateChallengeRedirect(
+                res.Headers.Location,
+                OpenIdConnectParameterNames.ClientId,
+                OpenIdConnectParameterNames.ResponseType,
+                OpenIdConnectParameterNames.ResponseMode,
+                OpenIdConnectParameterNames.Scope,
+                OpenIdConnectParameterNames.RedirectUri);
+        }
+
+        /*
+        Example of a form post
+        <body>
+            <form name=\ "form\" method=\ "post\" action=\ "https://login.microsoftonline.com/common/oauth2/authorize\">
+                <input type=\ "hidden\" name=\ "client_id\" value=\ "51e38103-238f-410f-a5d5-61991b203e50\" />
+                <input type=\ "hidden\" name=\ "redirect_uri\" value=\ "https://example.com/signin-oidc\" />
+                <input type=\ "hidden\" name=\ "response_type\" value=\ "id_token\" />
+                <input type=\ "hidden\" name=\ "scope\" value=\ "openid profile\" />
+                <input type=\ "hidden\" name=\ "response_mode\" value=\ "form_post\" />
+                <input type=\ "hidden\" name=\ "nonce\" value=\ "636072461997914230.NTAwOGE1MjQtM2VhYS00ZDU0LWFkYzYtNmZiYWE2MDRkODg3OTlkMDFmOWUtOTMzNC00ZmI2LTg1Y2YtOWM4OTlhNjY0Yjli\" />
+                <input type=\ "hidden\" name=\ "state\" value=\
+                    "CfDJ8Jh1NKaF0T5AnK4qsqzzIs89srKe4iEaBWd29MNph4Ki887QKgkD24wjhZ0ciH-ar6A_jUmRI2O5haXN2-YXbC0ZRuRAvNsx5LqbPTdh4MJBIwXWkG_rM0T0tI3h5Y2pDttWSaku6a_nzFLUYBrKfsE7sDLVoTDrzzOcHrRQhdztqOOeNUuu2wQXaKwlOtNI21ShtN9EVxvSGFOxUUOwVih4nFdF40fBcbsuPpcpCPkLARQaFRJSYsNKiP7pcFMnRwzZhnISHlyGKkzwJ1DIx7nsmdiQFBGljimw5GnYAs-5ru9L3w8NnPjkl96OyQ8MJOcayMDmOY26avs2sYP_Zw0\" />
+                <noscript>Click here to finish the process: <input type=\"submit\" /></noscript>
+            </form>
+            <script>
+                document.form.submit();
+            </script>
+        </body>
+        */
+        [Fact]
+        public async Task ChallengeIssueedCorrectlyForFormPost()
+        {
+            var settings = new TestSettings(
+                opt => opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost);
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.OK, res.StatusCode);
+            Assert.Equal("text/html", transaction.Response.Content.Headers.ContentType.MediaType);
+
+            var body = await res.Content.ReadAsStringAsync();
+            settings.ValidateChallengeFormPost(
+                body,
+                OpenIdConnectParameterNames.ClientId,
+                OpenIdConnectParameterNames.ResponseType,
+                OpenIdConnectParameterNames.ResponseMode,
+                OpenIdConnectParameterNames.Scope,
+                OpenIdConnectParameterNames.RedirectUri);
+        }
+
+        [Theory]
+        [InlineData("sample_user_state")]
+        [InlineData(null)]
+        public async Task ChallengeCanSetUserStateThroughProperties(string userState)
+        {
+            var settings = new TestSettings();
+
+            var properties = new AuthenticationProperties();
+            properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState);
+
+            var server = TestServerBuilder.CreateServer(settings.Options, handler: null, properties: properties);
+            var transaction = await TestTransaction.SendAsync(server, TestDefaultValues.TestHost + TestServerBuilder.ChallengeWithProperties);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+
+            var values = settings.ValidateChallengeRedirect(res.Headers.Location);
+            var actualState = values[OpenIdConnectParameterNames.State];
+            var actualProperties = settings.Options.StateDataFormat.Unprotect(actualState);
+
+            Assert.Equal(userState ?? string.Empty, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]);
+        }
+
+        [Theory]
+        [InlineData("sample_user_state")]
+        [InlineData(null)]
+        public async Task OnRedirectToIdentityProviderEventCanSetState(string userState)
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.Events = new OpenIdConnectEvents()
+                {
+                    OnRedirectToIdentityProvider = context =>
+                    {
+                        context.ProtocolMessage.State = userState;
+                        return Task.FromResult(0);
+                    }
+                };
+            });
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+
+            var values = settings.ValidateChallengeRedirect(res.Headers.Location);
+            var actualState = values[OpenIdConnectParameterNames.State];
+            var actualProperties = settings.Options.StateDataFormat.Unprotect(actualState);
+
+            if (userState != null)
+            {
+                Assert.Equal(userState, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]);
+            }
+            else
+            {
+                Assert.False(actualProperties.Items.ContainsKey(OpenIdConnectDefaults.UserstatePropertiesKey));
+            }
+        }
+
+        [Fact]
+        public async Task OnRedirectToIdentityProviderEventIsHit()
+        {
+            var eventIsHit = false;
+            var settings = new TestSettings(
+                opts =>
+                {
+                    opts.Events = new OpenIdConnectEvents()
+                    {
+                        OnRedirectToIdentityProvider = context =>
+                        {
+                            eventIsHit = true;
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
+            );
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            Assert.True(eventIsHit);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+
+            settings.ValidateChallengeRedirect(
+                res.Headers.Location,
+                OpenIdConnectParameterNames.ClientId,
+                OpenIdConnectParameterNames.ResponseType,
+                OpenIdConnectParameterNames.ResponseMode,
+                OpenIdConnectParameterNames.Scope,
+                OpenIdConnectParameterNames.RedirectUri);
+        }
+
+
+        [Fact]
+        public async Task OnRedirectToIdentityProviderEventCanReplaceValues()
+        {
+            var newClientId = Guid.NewGuid().ToString();
+
+            var settings = new TestSettings(
+                opts =>
+                {
+                    opts.Events = new OpenIdConnectEvents()
+                    {
+                        OnRedirectToIdentityProvider = context =>
+                        {
+                            context.ProtocolMessage.ClientId = newClientId;
+
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
+            );
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+
+            settings.ValidateChallengeRedirect(
+                res.Headers.Location,
+                OpenIdConnectParameterNames.ResponseType,
+                OpenIdConnectParameterNames.ResponseMode,
+                OpenIdConnectParameterNames.Scope,
+                OpenIdConnectParameterNames.RedirectUri);
+
+            var actual = res.Headers.Location.Query.Trim('?').Split('&').Single(seg => seg.StartsWith($"{OpenIdConnectParameterNames.ClientId}="));
+            Assert.Equal($"{OpenIdConnectParameterNames.ClientId}={newClientId}", actual);
+        }
+
+        [Fact]
+        public async Task OnRedirectToIdentityProviderEventCanReplaceMessage()
+        {
+            var newMessage = new MockOpenIdConnectMessage
+            {
+                TestAuthorizeEndpoint = $"http://example.com/{Guid.NewGuid()}/oauth2/signin"
+            };
+
+            var settings = new TestSettings(
+                opts =>
+                {
+                    opts.Events = new OpenIdConnectEvents()
+                    {
+                        OnRedirectToIdentityProvider = context =>
+                        {
+                            context.ProtocolMessage = newMessage;
+
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
+            );
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+
+            // The CreateAuthenticationRequestUrl method is overridden MockOpenIdConnectMessage where
+            // query string is not generated and the authorization endpoint is replaced.
+            Assert.Equal(newMessage.TestAuthorizeEndpoint, res.Headers.Location.AbsoluteUri);
+        }
+        [Fact]
+        public async Task OnRedirectToIdentityProviderEventHandlesResponse()
+        {
+            var settings = new TestSettings(
+                opts =>
+                {
+                    opts.Events = new OpenIdConnectEvents()
+                    {
+                        OnRedirectToIdentityProvider = context =>
+                        {
+                            context.HandleResponse();
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
+            );
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.OK, res.StatusCode);
+            Assert.Null(res.Headers.Location);
+        }
+
+        // This test can be further refined. When one auth middleware skips, the authentication responsibility
+        // will be flowed to the next one. A dummy auth middleware can be added to ensure the correct logic.
+        [Fact]
+        public async Task OnRedirectToIdentityProviderEventSkipResponse()
+        {
+            var settings = new TestSettings(
+                opts =>
+                {
+                    opts.Events = new OpenIdConnectEvents()
+                    {
+                        OnRedirectToIdentityProvider = context =>
+                        {
+                            context.SkipToNextMiddleware();
+                            return Task.FromResult(0);
+                        }
+                    };
+                }
+            );
+
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.OK, res.StatusCode);
+            Assert.Null(res.Headers.Location);
+        }
+
+        [Fact]
+        public async Task ChallengeSetsNonceAndStateCookies()
+        {
+            var settings = new TestSettings();
+            var server = settings.CreateTestServer();
+            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+
+            var firstCookie = transaction.SetCookie.First();
+            Assert.Contains(OpenIdConnectDefaults.CookieNoncePrefix, firstCookie);
+            Assert.Contains("expires", firstCookie);
+
+            var secondCookie = transaction.SetCookie.Skip(1).First();
+            Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
+            Assert.Contains("expires", secondCookie);
+        }
+
+        private static string ChallengeEndpoint => TestDefaultValues.TestHost + TestServerBuilder.Challenge;
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index 4ada6ff859..3603c2bf40 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect.Infrastructre;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 5853e38967..4a750ea41d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -2,24 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Globalization;
-using System.Linq;
 using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using System.Xml.Linq;
-using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect.Infrastructre;
 using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
@@ -29,318 +16,47 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
     {
         static string noncePrefix = "OpenIdConnect." + "Nonce.";
         static string nonceDelimiter = ".";
-        const string Challenge = "/challenge";
-        const string ChallengeWithOutContext = "/challengeWithOutContext";
-        const string ChallengeWithProperties = "/challengeWithProperties";
         const string DefaultHost = @"https://example.com";
-        const string ExpectedAuthorizeRequest = @"https://example.com/common/oauth2/signin";
-        const string ExpectedLogoutRequest = @"https://example.com/common/oauth2/logout";
         const string Logout = "/logout";
-        const string Signin = "/signin";
-        const string Signout = "/signout";
-
-        [Fact]
-        public async Task ChallengeWillIssueHtmlFormWhenEnabled()
-        {
-            var server = CreateServer(new OpenIdConnectOptions
-            {
-                Authority = TestDefaultValues.DefaultAuthority,
-                ClientId = "Test Id",
-                Configuration = TestUtilities.DefaultOpenIdConnectConfiguration,
-                AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost
-            });
-            var transaction = await SendAsync(server, DefaultHost + Challenge);
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.Equal("text/html", transaction.Response.Content.Headers.ContentType.MediaType);
-            Assert.Contains("form", transaction.ResponseText);
-        }
-
-        [Fact]
-        public async Task ChallengeWillSetDefaults()
-        {
-            var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            var queryValues = ExpectedQueryValues.Defaults(TestDefaultValues.DefaultAuthority);
-            queryValues.State = OpenIdConnectDefaults.AuthenticationPropertiesKey + "=" + stateDataFormat.Protect(new AuthenticationProperties());
-            var server = CreateServer(GetOptions(DefaultParameters(), queryValues));
-
-            var transaction = await SendAsync(server, DefaultHost + Challenge);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
-        }
-
-        [Fact]
-        public async Task ChallengeWillSetNonceAndStateCookies()
-        {
-            var server = CreateServer(new OpenIdConnectOptions
-            {
-                Authority = TestDefaultValues.DefaultAuthority,
-                ClientId = "Test Id",
-                Configuration = TestUtilities.DefaultOpenIdConnectConfiguration
-            });
-            var transaction = await SendAsync(server, DefaultHost + Challenge);
-
-            var firstCookie = transaction.SetCookie.First();
-            Assert.Contains(OpenIdConnectDefaults.CookieNoncePrefix, firstCookie);
-            Assert.Contains("expires", firstCookie);
-
-            var secondCookie = transaction.SetCookie.Skip(1).First();
-            Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
-            Assert.Contains("expires", secondCookie);
-        }
-
-        [Fact]
-        public async Task ChallengeWillUseOptionsProperties()
-        {
-            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
-            var server = CreateServer(GetOptions(DefaultParameters(), queryValues));
-
-            var transaction = await SendAsync(server, DefaultHost + Challenge);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
-        }
-
-        /// <summary>
-        /// Tests RedirectForAuthenticationContext replaces the OpenIdConnectMesssage correctly.
-        /// </summary>
-        /// <returns>Task</returns>
-        [Fact]
-        public async Task ChallengeSettingMessage()
-        {
-            var configuration = new OpenIdConnectConfiguration
-            {
-                AuthorizationEndpoint = ExpectedAuthorizeRequest,
-            };
-
-            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority, configuration)
-            {
-                RequestType = OpenIdConnectRequestType.Authentication
-            };
-            var server = CreateServer(GetProtocolMessageOptions());
-            var transaction = await SendAsync(server, DefaultHost + Challenge);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] { });
-        }
 
         /// <summary>
         /// Tests RedirectForSignOutContext replaces the OpenIdConnectMesssage correctly.
-        /// </summary>
+        /// summary>
         /// <returns>Task</returns>
         [Fact]
         public async Task SignOutSettingMessage()
         {
-            var configuration = new OpenIdConnectConfiguration
+            var setting = new TestSettings(opt =>
             {
-                EndSessionEndpoint = ExpectedLogoutRequest
-            };
-
-            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority, configuration)
-            {
-                RequestType = OpenIdConnectRequestType.Logout
-            };
-            var server = CreateServer(GetProtocolMessageOptions());
-            var transaction = await SendAsync(server, DefaultHost + Signout);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, new string[] { });
-        }
-
-        private static OpenIdConnectOptions GetProtocolMessageOptions()
-        {
-            var options = new OpenIdConnectOptions();
-            var fakeOpenIdRequestMessage = new FakeOpenIdConnectMessage(ExpectedAuthorizeRequest, ExpectedLogoutRequest);
-            options.AutomaticChallenge = true;
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnRedirectToIdentityProvider = (context) =>
+                opt.Configuration = new OpenIdConnectConfiguration
                 {
-                    context.ProtocolMessage = fakeOpenIdRequestMessage;
-                    return Task.FromResult(0);
-                },
-                OnRedirectToIdentityProviderForSignOut = (context) =>
-                {
-                    context.ProtocolMessage = fakeOpenIdRequestMessage;
-                    return Task.FromResult(0);
-                }
-            };
-            options.ClientId = "Test Id";
-            options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-            return options;
-        }
-
-        private class FakeOpenIdConnectMessage : OpenIdConnectMessage
-        {
-            private readonly string _authorizeRequest;
-            private readonly string _logoutRequest;
-
-            public FakeOpenIdConnectMessage(string authorizeRequest, string logoutRequest)
-            {
-                _authorizeRequest = authorizeRequest;
-                _logoutRequest = logoutRequest;
-            }
-
-            public override string CreateAuthenticationRequestUrl()
-            {
-                return _authorizeRequest;
-            }
-
-            public override string CreateLogoutRequestUrl()
-            {
-                return _logoutRequest;
-            }
-        }
-
-        /// <summary>
-        /// Tests for users who want to add 'state'. There are two ways to do it.
-        /// 1. Users set 'state' (OpenIdConnectMessage.State) in the event. The runtime appends to that state.
-        /// 2. Users add to the AuthenticationProperties (context.AuthenticationProperties), values will be serialized.
-        /// </summary>
-        /// <param name="userSetsState"></param>
-        /// <returns></returns>
-        [Theory, MemberData("StateDataSet")]
-        public async Task ChallengeSettingState(string userState, string challenge)
-        {
-            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
-            var stateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
-            var properties = new AuthenticationProperties();
-            if (challenge == ChallengeWithProperties)
-            {
-                properties.Items.Add("item1", Guid.NewGuid().ToString());
-            }
-
-            var options = GetOptions(DefaultParameters(new string[] { OpenIdConnectParameterNames.State }), queryValues, stateDataFormat);
-            options.AutomaticChallenge = challenge.Equals(ChallengeWithOutContext);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnRedirectToIdentityProvider = context =>
-                {
-                    context.ProtocolMessage.State = userState;
-                    context.ProtocolMessage.RedirectUri = queryValues.RedirectUri;
-                    return Task.FromResult<object>(null);
-                }
-
-            };
-            var server = CreateServer(options, null, properties);
-
-            var transaction = await SendAsync(server, DefaultHost + challenge);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-
-            if (challenge != ChallengeWithProperties)
-            {
-                if (userState != null)
-                {
-                    properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState);
-                }
-                properties.Items.Add(OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, queryValues.RedirectUri);
-            }
-
-            queryValues.State = stateDataFormat.Protect(properties);
-            queryValues.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters(new string[] { OpenIdConnectParameterNames.State }));
-        }
-
-        public static TheoryData<string, string> StateDataSet
-        {
-            get
-            {
-                var dataset = new TheoryData<string, string>();
-                dataset.Add(Guid.NewGuid().ToString(), Challenge);
-                dataset.Add(null, Challenge);
-                dataset.Add(Guid.NewGuid().ToString(), ChallengeWithOutContext);
-                dataset.Add(null, ChallengeWithOutContext);
-                dataset.Add(Guid.NewGuid().ToString(), ChallengeWithProperties);
-                dataset.Add(null, ChallengeWithProperties);
-
-                return dataset;
-            }
-        }
-
-        [Fact]
-        public async Task ChallengeWillUseEvents()
-        {
-            var queryValues = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
-            var queryValuesSetInEvent = new ExpectedQueryValues(TestDefaultValues.DefaultAuthority);
-            var options = GetOptions(DefaultParameters(), queryValues);
-            options.Events = new OpenIdConnectEvents()
-            {
-                OnRedirectToIdentityProvider = context =>
-                {
-                    context.ProtocolMessage.ClientId = queryValuesSetInEvent.ClientId;
-                    context.ProtocolMessage.RedirectUri = queryValuesSetInEvent.RedirectUri;
-                    context.ProtocolMessage.Resource = queryValuesSetInEvent.Resource;
-                    context.ProtocolMessage.Scope = queryValuesSetInEvent.Scope;
-                    return Task.FromResult<object>(null);
-                }
-            };
-            var server = CreateServer(options);
-
-            var transaction = await SendAsync(server, DefaultHost + Challenge);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            queryValuesSetInEvent.CheckValues(transaction.Response.Headers.Location.AbsoluteUri, DefaultParameters());
-        }
-
-        private OpenIdConnectOptions GetOptions(List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null)
-        {
-            var options = new OpenIdConnectOptions();
-            foreach (var param in parameters)
-            {
-                if (param.Equals(OpenIdConnectParameterNames.ClientId))
-                    options.ClientId = queryValues.ClientId;
-                else if (param.Equals(OpenIdConnectParameterNames.Resource))
-                    options.Resource = queryValues.Resource;
-                else if (param.Equals(OpenIdConnectParameterNames.Scope))
-                {
-                    options.Scope.Clear();
-
-                    foreach (var scope in queryValues.Scope.Split(' '))
-                    {
-                        options.Scope.Add(scope);
-                    }
-                }
-            }
-
-            options.Authority = queryValues.Authority;
-            options.Configuration = queryValues.Configuration;
-            options.StateDataFormat = secureDataFormat ?? new AuthenticationPropertiesFormaterKeyValue();
-
-            return options;
-        }
-
-        private List<string> DefaultParameters(string[] additionalParams = null)
-        {
-            var parameters =
-                new List<string>
-                {
-                    OpenIdConnectParameterNames.ClientId,
-                    OpenIdConnectParameterNames.Resource,
-                    OpenIdConnectParameterNames.ResponseMode,
-                    OpenIdConnectParameterNames.Scope,
+                    EndSessionEndpoint = "https://example.com/signout_test/signout_request"
                 };
+            });
 
-            if (additionalParams != null)
-                parameters.AddRange(additionalParams);
+            var server = setting.CreateTestServer();
 
-            return parameters;
-        }
+            var transaction = await TestTransaction.SendAsync(server, DefaultHost + TestServerBuilder.Signout);
+            var res = transaction.Response;
 
-        private static void DefaultChallengeOptions(OpenIdConnectOptions options)
-        {
-            options.AuthenticationScheme = "OpenIdConnectHandlerTest";
-            options.AutomaticChallenge = true;
-            options.ClientId = Guid.NewGuid().ToString();
-            options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager;
-            options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+
+            setting.ValidateSignoutRedirect(transaction.Response.Headers.Location);
         }
 
         [Fact]
         public async Task SignOutWithDefaultRedirectUri()
         {
-            var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-            var server = CreateServer(new OpenIdConnectOptions
+            var configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration();
+            var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
             {
                 Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration
             });
 
-            var transaction = await SendAsync(server, DefaultHost + Signout);
+            var transaction = await TestTransaction.SendAsync(server, DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal(configuration.EndSessionEndpoint, transaction.Response.Headers.Location.AbsoluteUri);
         }
@@ -348,8 +64,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWithCustomRedirectUri()
         {
-            var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-            var server = CreateServer(new OpenIdConnectOptions
+            var configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration();
+            var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
             {
                 Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
@@ -357,7 +73,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 PostLogoutRedirectUri = "https://example.com/logout"
             });
 
-            var transaction = await SendAsync(server, DefaultHost + Signout);
+            var transaction = await TestTransaction.SendAsync(server, DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Contains(UrlEncoder.Default.Encode("https://example.com/logout"), transaction.Response.Headers.Location.AbsoluteUri);
         }
@@ -365,8 +81,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
         {
-            var configuration = TestUtilities.DefaultOpenIdConnectConfiguration;
-            var server = CreateServer(new OpenIdConnectOptions
+            var configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration();
+            var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
             {
                 Authority = TestDefaultValues.DefaultAuthority,
                 ClientId = "Test Id",
@@ -374,136 +90,13 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 PostLogoutRedirectUri = "https://example.com/logout"
             });
 
-            var transaction = await SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
+            var transaction = await TestTransaction.SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Contains(UrlEncoder.Default.Encode("http://www.example.com/specific_redirect_uri"), transaction.Response.Headers.Location.AbsoluteUri);
         }
 
-        private static TestServer CreateServer(OpenIdConnectOptions options, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null)
-        {
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme
-                    });
-                    app.UseOpenIdConnectAuthentication(options);
-                    app.Use(async (context, next) =>
-                    {
-                        var req = context.Request;
-                        var res = context.Response;
-
-                        if (req.Path == new PathString(Challenge))
-                        {
-                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
-                        }
-                        else if (req.Path == new PathString(ChallengeWithProperties))
-                        {
-                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
-                        }
-                        else if (req.Path == new PathString(ChallengeWithOutContext))
-                        {
-                            res.StatusCode = 401;
-                        }
-                        else if (req.Path == new PathString(Signin))
-                        {
-                            // REVIEW: this used to just be res.SignIn()
-                            await context.Authentication.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal());
-                        }
-                        else if (req.Path == new PathString(Signout))
-                        {
-                            await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
-                        }
-                        else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
-                        {
-                            await context.Authentication.SignOutAsync(
-                                OpenIdConnectDefaults.AuthenticationScheme,
-                                new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
-                        }
-                        else if (handler != null)
-                        {
-                            await handler(context);
-                        }
-                        else
-                        {
-                            await next();
-                        }
-                    });
-                })
-                .ConfigureServices(services =>
-                {
-                    services.AddAuthentication();
-                    services.Configure<SharedAuthenticationOptions>(authOptions =>
-                    {
-                        authOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                    });
-                });
-            return new TestServer(builder);
-        }
-
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, string cookieHeader = null)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (!string.IsNullOrEmpty(cookieHeader))
-            {
-                request.Headers.Add("Cookie", cookieHeader);
-            }
-
-            var transaction = new Transaction
-            {
-                Request = request,
-                Response = await server.CreateClient().SendAsync(request),
-            };
-
-            if (transaction.Response.Headers.Contains("Set-Cookie"))
-            {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
-            }
-
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
-            if (transaction.Response.Content != null &&
-                transaction.Response.Content.Headers.ContentType != null &&
-                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
-            {
-                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
-            }
-
-            return transaction;
-        }
-
-        private class Transaction
-        {
-            public HttpRequestMessage Request { get; set; }
-
-            public HttpResponseMessage Response { get; set; }
-
-            public IList<string> SetCookie { get; set; }
-
-            public string ResponseText { get; set; }
-
-            public XElement ResponseElement { get; set; }
-
-            public string AuthenticationCookieValue
-            {
-                get
-                {
-                    if (SetCookie != null && SetCookie.Count > 0)
-                    {
-                        var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNetCore.Cookie="));
-                        if (authCookie != null)
-                        {
-                            return authCookie.Substring(0, authCookie.IndexOf(';'));
-                        }
-                    }
-
-                    return null;
-                }
-            }
-        }
-
-        [Fact]
         // Test Cases for calculating the expiration time of cookie from cookie name
+        [Fact]
         public void NonceCookieExpirationTime()
         {
             DateTime utcNow = DateTime.UtcNow;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs
new file mode 100644
index 0000000000..c3e92a9042
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs
@@ -0,0 +1,48 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+{
+    internal class TestDefaultValues
+    {
+        public static readonly string DefaultAuthority = @"https://login.microsoftonline.com/common";
+
+        public static readonly string TestHost = @"https://example.com";
+
+        public static OpenIdConnectOptions CreateOpenIdConnectOptions() =>
+            new OpenIdConnectOptions
+            {
+                Authority = TestDefaultValues.DefaultAuthority,
+                ClientId = Guid.NewGuid().ToString(),
+                Configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration()
+            };
+
+        public static OpenIdConnectOptions CreateOpenIdConnectOptions(Action<OpenIdConnectOptions> update)
+        {
+            var options = CreateOpenIdConnectOptions();
+
+            if (update != null)
+            {
+                update(options);
+            }
+
+            return options;
+        }
+
+        public static OpenIdConnectConfiguration CreateDefaultOpenIdConnectConfiguration() =>
+            new OpenIdConnectConfiguration()
+            {
+                AuthorizationEndpoint = DefaultAuthority + "/oauth2/authorize",
+                EndSessionEndpoint = DefaultAuthority + "/oauth2/endsessionendpoint",
+                TokenEndpoint = DefaultAuthority + "/oauth2/token"
+            };
+
+        public static IConfigurationManager<OpenIdConnectConfiguration> CreateDefaultOpenIdConnectConfigurationManager() =>
+            new StaticConfigurationManager<OpenIdConnectConfiguration>(CreateDefaultOpenIdConnectConfiguration());
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
new file mode 100644
index 0000000000..f8ab6fdb09
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
@@ -0,0 +1,97 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+{
+    internal class TestServerBuilder
+    {
+        public static readonly string Challenge = "/challenge";
+        public static readonly string ChallengeWithOutContext = "/challengeWithOutContext";
+        public static readonly string ChallengeWithProperties = "/challengeWithProperties";
+        public static readonly string Signin = "/signin";
+        public static readonly string Signout = "/signout";
+
+        public static TestServer CreateServer(OpenIdConnectOptions options)
+        {
+            return CreateServer(options, handler: null, properties: null);
+        }
+
+        public static TestServer CreateServer(
+            OpenIdConnectOptions options,
+            Func<HttpContext, Task> handler,
+            AuthenticationProperties properties)
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme
+                    });
+
+                    app.UseOpenIdConnectAuthentication(options);
+
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+
+                        if (req.Path == new PathString(Challenge))
+                        {
+                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                        }
+                        else if (req.Path == new PathString(ChallengeWithProperties))
+                        {
+                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
+                        }
+                        else if (req.Path == new PathString(ChallengeWithOutContext))
+                        {
+                            res.StatusCode = 401;
+                        }
+                        else if (req.Path == new PathString(Signin))
+                        {
+                            // REVIEW: this used to just be res.SignIn()
+                            await context.Authentication.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal());
+                        }
+                        else if (req.Path == new PathString(Signout))
+                        {
+                            await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                        }
+                        else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
+                        {
+                            await context.Authentication.SignOutAsync(
+                                OpenIdConnectDefaults.AuthenticationScheme,
+                                new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
+                        }
+                        else if (handler != null)
+                        {
+                            await handler(context);
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
+                {
+                    services.AddAuthentication();
+                    services.Configure<SharedAuthenticationOptions>(authOptions => authOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
+                });
+
+            return new TestServer(builder);
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
new file mode 100644
index 0000000000..47605dccea
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -0,0 +1,230 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Xml.Linq;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+{
+    /// <summary>
+    /// This helper class is used to check that query string parameters are as expected.
+    /// </summary>
+    internal class TestSettings
+    {
+        private readonly OpenIdConnectOptions _options;
+
+        public TestSettings() : this(configure: null)
+        {
+        }
+
+        public TestSettings(Action<OpenIdConnectOptions> configure)
+        {
+            _options = TestDefaultValues.CreateOpenIdConnectOptions(configure);
+        }
+
+        public TestSettings(OpenIdConnectOptions options)
+        {
+            _options = options;
+        }
+
+        public OpenIdConnectOptions Options => _options;
+
+        public UrlEncoder Encoder => UrlEncoder.Default;
+
+        public string ExpectedState { get; set; }
+
+        public TestServer CreateTestServer() => TestServerBuilder.CreateServer(Options);
+
+        public IDictionary<string, string> ValidateChallengeFormPost(string responseBody, params string[] parametersToValidate)
+        {
+            IDictionary<string, string> formInputs = null;
+            var errors = new List<string>();
+            var xdoc = XDocument.Parse(responseBody.Replace("doctype", "DOCTYPE"));
+            var forms = xdoc.Descendants("form");
+            if (forms.Count() != 1)
+            {
+                errors.Add("Only one form element is expected in response body.");
+            }
+            else
+            {
+                formInputs = forms.Single()
+                                  .Elements("input")
+                                  .ToDictionary(elem => elem.Attribute("name").Value,
+                                                elem => elem.Attribute("value").Value);
+
+                ValidateParameters(formInputs, parametersToValidate, errors, htmlEncoded: false);
+            }
+
+            if (errors.Any())
+            {
+                var buf = new StringBuilder();
+                buf.AppendLine($"The challenge form post is not valid.");
+                // buf.AppendLine();
+
+                foreach (var error in errors)
+                {
+                    buf.AppendLine(error);
+                }
+
+                Debug.WriteLine(buf.ToString());
+                Assert.True(false, buf.ToString());
+            }
+
+            return formInputs;
+        }
+
+        public IDictionary<string, string> ValidateChallengeRedirect(Uri redirectUri, params string[] parametersToValidate) =>
+            ValidateRedirectCore(redirectUri, OpenIdConnectRequestType.Authentication, parametersToValidate);
+
+        public IDictionary<string, string> ValidateSignoutRedirect(Uri redirectUri, params string[] parametersToValidate) =>
+            ValidateRedirectCore(redirectUri, OpenIdConnectRequestType.Logout, parametersToValidate);
+
+        private IDictionary<string, string> ValidateRedirectCore(Uri redirectUri, OpenIdConnectRequestType requestType, string[] parametersToValidate)
+        {
+            var errors = new List<string>();
+
+            // Validate the authority
+            ValidateExpectedAuthority(redirectUri.AbsoluteUri, errors, requestType);
+
+            // Convert query to dictionary
+            var queryDict = string.IsNullOrEmpty(redirectUri.Query) ?
+                new Dictionary<string, string>() :
+                redirectUri.Query.TrimStart('?').Split('&').Select(part => part.Split('=')).ToDictionary(parts => parts[0], parts => parts[1]);
+
+            // Validate the query string parameters
+            ValidateParameters(queryDict, parametersToValidate, errors, htmlEncoded: true);
+
+            if (errors.Any())
+            {
+                var buf = new StringBuilder();
+                buf.AppendLine($"The redirect uri is not valid.");
+                buf.AppendLine(redirectUri.AbsoluteUri);
+
+                foreach (var error in errors)
+                {
+                    buf.AppendLine(error);
+                }
+
+                Debug.WriteLine(buf.ToString());
+                Assert.True(false, buf.ToString());
+            }
+
+            return queryDict;
+        }
+
+        private void ValidateParameters(
+            IDictionary<string, string> actualValues,
+            IEnumerable<string> parametersToValidate,
+            ICollection<string> errors,
+            bool htmlEncoded)
+        {
+            foreach (var paramToValidate in parametersToValidate)
+            {
+                switch (paramToValidate)
+                {
+                    case OpenIdConnectParameterNames.ClientId:
+                        ValidateClientId(actualValues, errors, htmlEncoded);
+                        break;
+                    case OpenIdConnectParameterNames.ResponseType:
+                        ValidateResponseType(actualValues, errors, htmlEncoded);
+                        break;
+                    case OpenIdConnectParameterNames.ResponseMode:
+                        ValidateResponseMode(actualValues, errors, htmlEncoded);
+                        break;
+                    case OpenIdConnectParameterNames.Scope:
+                        ValidateScope(actualValues, errors, htmlEncoded);
+                        break;
+                    case OpenIdConnectParameterNames.RedirectUri:
+                        ValidateRedirectUri(actualValues, errors, htmlEncoded);
+                        break;
+                    case OpenIdConnectParameterNames.Resource:
+                        ValidateResource(actualValues, errors, htmlEncoded);
+                        break;
+                    case OpenIdConnectParameterNames.State:
+                        ValidateState(actualValues, errors, htmlEncoded);
+                        break;
+                    default:
+                        throw new InvalidOperationException($"Unknown parameter \"{paramToValidate}\".");
+                }
+            }
+        }
+
+        private void ValidateExpectedAuthority(string absoluteUri, ICollection<string> errors, OpenIdConnectRequestType requestType)
+        {
+            string expectedAuthority;
+            switch (requestType)
+            {
+                case OpenIdConnectRequestType.Token:
+                    expectedAuthority = _options.Configuration?.TokenEndpoint ?? _options.Authority + @"/oauth2/token";
+                    break;
+                case OpenIdConnectRequestType.Logout:
+                    expectedAuthority = _options.Configuration?.EndSessionEndpoint ?? _options.Authority + @"/oauth2/logout";
+                    break;
+                default:
+                    expectedAuthority = _options.Configuration?.AuthorizationEndpoint ?? _options.Authority + @"/oauth2/authorize";
+                    break;
+            }
+
+            if (!absoluteUri.StartsWith(expectedAuthority))
+            {
+                errors.Add($"ExpectedAuthority: {expectedAuthority}");
+            }
+        }
+
+        private void ValidateClientId(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.ClientId, _options.ClientId, actualQuery, errors, htmlEncoded);
+
+        private void ValidateResponseType(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.ResponseType, _options.ResponseType, actualQuery, errors, htmlEncoded);
+
+        private void ValidateResponseMode(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.ResponseMode, _options.ResponseMode, actualQuery, errors, htmlEncoded);
+
+        private void ValidateScope(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.Scope, string.Join(" ", _options.Scope), actualQuery, errors, htmlEncoded);
+
+        private void ValidateRedirectUri(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.RedirectUri, TestDefaultValues.TestHost + _options.CallbackPath, actualQuery, errors, htmlEncoded);
+
+        private void ValidateResource(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.RedirectUri, _options.Resource, actualQuery, errors, htmlEncoded);
+
+        private void ValidateState(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.State, ExpectedState, actualQuery, errors, htmlEncoded);
+
+        private void ValidateQueryParameter(
+            string parameterName,
+            string expectedValue,
+            IDictionary<string, string> actualQuery,
+            ICollection<string> errors,
+            bool htmlEncoded)
+        {
+            string actualValue;
+            if (actualQuery.TryGetValue(parameterName, out actualValue))
+            {
+                if (htmlEncoded)
+                {
+                    expectedValue = Encoder.Encode(expectedValue);
+                }
+
+                if (actualValue != expectedValue)
+                {
+                    errors.Add($"Query parameter {parameterName}'s expected value is {expectedValue} but its actual value is {actualValue}");
+                }
+            }
+            else
+            {
+                errors.Add($"Query parameter {parameterName} is missing");
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
new file mode 100644
index 0000000000..3bbd3152b3
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
@@ -0,0 +1,77 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Threading.Tasks;
+using System.Xml.Linq;
+using Microsoft.AspNetCore.TestHost;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+{
+    internal class TestTransaction
+    {
+        public static Task<TestTransaction> SendAsync(TestServer server, string url)
+        {
+            return SendAsync(server, url, cookieHeader: null);
+        }
+
+        public static async Task<TestTransaction> SendAsync(TestServer server, string uri, string cookieHeader)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+
+            var transaction = new TestTransaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+
+            return transaction;
+        }
+
+        public HttpRequestMessage Request { get; set; }
+
+        public HttpResponseMessage Response { get; set; }
+
+        public IList<string> SetCookie { get; set; }
+
+        public string ResponseText { get; set; }
+
+        public XElement ResponseElement { get; set; }
+
+        public string AuthenticationCookieValue
+        {
+            get
+            {
+                if (SetCookie != null && SetCookie.Count > 0)
+                {
+                    var authCookie = SetCookie.SingleOrDefault(c => c.Contains(".AspNetCore.Cookie="));
+                    if (authCookie != null)
+                    {
+                        return authCookie.Substring(0, authCookie.IndexOf(';'));
+                    }
+                }
+
+                return null;
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs
deleted file mode 100644
index 6247c85b43..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestUtilities.cs
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
-{
-    /// <summary>
-    /// These utilities are designed to test openidconnect related flows
-    /// </summary>
-    public class TestUtilities
-    {
-        public const string DefaultHost = @"http://localhost";
-
-        public static IConfigurationManager<OpenIdConnectConfiguration> DefaultOpenIdConnectConfigurationManager
-        {
-            get
-            {
-                return new StaticConfigurationManager<OpenIdConnectConfiguration>(DefaultOpenIdConnectConfiguration);
-            }
-        }
-
-        public static OpenIdConnectConfiguration DefaultOpenIdConnectConfiguration
-        {
-            get
-            {
-                return new OpenIdConnectConfiguration()
-                {
-                    AuthorizationEndpoint = @"https://login.microsoftonline.com/common/oauth2/authorize",
-                    EndSessionEndpoint = @"https://login.microsoftonline.com/common/oauth2/endsessionendpoint",
-                    TokenEndpoint = @"https://login.microsoftonline.com/common/oauth2/token",
-                };
-            }
-        }
-    }
-}

From 562eb7054ac4d4b73a7d109484effff1ae6c4481 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 22 Aug 2016 22:12:11 -0700
Subject: [PATCH 613/900] Merge TestDefaultValues with TestServerBuilder

---
 .../OpenIdConnectChallengeTests.cs            |  4 +-
 .../OpenIdConnectConfigurationTests.cs        |  6 +--
 .../OpenIdConnectMiddlewareTests.cs           | 12 ++---
 .../OpenIdConnect/TestDefaultValues.cs        | 48 -------------------
 .../OpenIdConnect/TestServerBuilder.cs        | 37 +++++++++++++-
 .../OpenIdConnect/TestSettings.cs             |  4 +-
 6 files changed, 49 insertions(+), 62 deletions(-)
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index b2e2514d61..bf0d9ff0e3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -89,7 +89,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState);
 
             var server = TestServerBuilder.CreateServer(settings.Options, handler: null, properties: properties);
-            var transaction = await TestTransaction.SendAsync(server, TestDefaultValues.TestHost + TestServerBuilder.ChallengeWithProperties);
+            var transaction = await TestTransaction.SendAsync(server, TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
@@ -317,6 +317,6 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.Contains("expires", secondCookie);
         }
 
-        private static string ChallengeEndpoint => TestDefaultValues.TestHost + TestServerBuilder.Challenge;
+        private static string ChallengeEndpoint => TestServerBuilder.TestHost + TestServerBuilder.Challenge;
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index 3603c2bf40..0f5338c5c4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             var options = new OpenIdConnectOptions
             {
-                Authority = TestDefaultValues.DefaultAuthority,
+                Authority = TestServerBuilder.DefaultAuthority,
                 ClientId = Guid.NewGuid().ToString(),
                 SignInScheme = Guid.NewGuid().ToString()
             };
@@ -32,7 +32,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             TestConfigurationException<ArgumentException>(
                 new OpenIdConnectOptions
                 {
-                    Authority = TestDefaultValues.DefaultAuthority,
+                    Authority = TestServerBuilder.DefaultAuthority,
                     ClientId = Guid.NewGuid().ToString()
                 },
                 ex => Assert.Equal("SignInScheme", ex.ParamName));
@@ -45,7 +45,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 new OpenIdConnectOptions
                 {
                     SignInScheme = "TestScheme",
-                    Authority = TestDefaultValues.DefaultAuthority,
+                    Authority = TestServerBuilder.DefaultAuthority,
                 },
                 ex => Assert.Equal("ClientId", ex.ParamName));
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 4a750ea41d..f2ea922926 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -48,10 +48,10 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWithDefaultRedirectUri()
         {
-            var configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration();
+            var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
             var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
             {
-                Authority = TestDefaultValues.DefaultAuthority,
+                Authority = TestServerBuilder.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration
             });
@@ -64,10 +64,10 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWithCustomRedirectUri()
         {
-            var configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration();
+            var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
             var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
             {
-                Authority = TestDefaultValues.DefaultAuthority,
+                Authority = TestServerBuilder.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration,
                 PostLogoutRedirectUri = "https://example.com/logout"
@@ -81,10 +81,10 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
         {
-            var configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration();
+            var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
             var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
             {
-                Authority = TestDefaultValues.DefaultAuthority,
+                Authority = TestServerBuilder.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration,
                 PostLogoutRedirectUri = "https://example.com/logout"
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs
deleted file mode 100644
index c3e92a9042..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestDefaultValues.cs
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
-{
-    internal class TestDefaultValues
-    {
-        public static readonly string DefaultAuthority = @"https://login.microsoftonline.com/common";
-
-        public static readonly string TestHost = @"https://example.com";
-
-        public static OpenIdConnectOptions CreateOpenIdConnectOptions() =>
-            new OpenIdConnectOptions
-            {
-                Authority = TestDefaultValues.DefaultAuthority,
-                ClientId = Guid.NewGuid().ToString(),
-                Configuration = TestDefaultValues.CreateDefaultOpenIdConnectConfiguration()
-            };
-
-        public static OpenIdConnectOptions CreateOpenIdConnectOptions(Action<OpenIdConnectOptions> update)
-        {
-            var options = CreateOpenIdConnectOptions();
-
-            if (update != null)
-            {
-                update(options);
-            }
-
-            return options;
-        }
-
-        public static OpenIdConnectConfiguration CreateDefaultOpenIdConnectConfiguration() =>
-            new OpenIdConnectConfiguration()
-            {
-                AuthorizationEndpoint = DefaultAuthority + "/oauth2/authorize",
-                EndSessionEndpoint = DefaultAuthority + "/oauth2/endsessionendpoint",
-                TokenEndpoint = DefaultAuthority + "/oauth2/token"
-            };
-
-        public static IConfigurationManager<OpenIdConnectConfiguration> CreateDefaultOpenIdConnectConfigurationManager() =>
-            new StaticConfigurationManager<OpenIdConnectConfiguration>(CreateDefaultOpenIdConnectConfiguration());
-    }
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
index f8ab6fdb09..5a672093ea 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
@@ -12,17 +12,52 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 {
     internal class TestServerBuilder
     {
+        public static readonly string DefaultAuthority = @"https://login.microsoftonline.com/common";
+        public static readonly string TestHost = @"https://example.com";
         public static readonly string Challenge = "/challenge";
         public static readonly string ChallengeWithOutContext = "/challengeWithOutContext";
         public static readonly string ChallengeWithProperties = "/challengeWithProperties";
         public static readonly string Signin = "/signin";
         public static readonly string Signout = "/signout";
 
+        public static OpenIdConnectOptions CreateOpenIdConnectOptions() =>
+            new OpenIdConnectOptions
+            {
+                Authority = DefaultAuthority,
+                ClientId = Guid.NewGuid().ToString(),
+                Configuration = CreateDefaultOpenIdConnectConfiguration()
+            };
+
+        public static OpenIdConnectOptions CreateOpenIdConnectOptions(Action<OpenIdConnectOptions> update)
+        {
+            var options = CreateOpenIdConnectOptions();
+
+            if (update != null)
+            {
+                update(options);
+            }
+
+            return options;
+        }
+
+        public static OpenIdConnectConfiguration CreateDefaultOpenIdConnectConfiguration() =>
+            new OpenIdConnectConfiguration()
+            {
+                AuthorizationEndpoint = DefaultAuthority + "/oauth2/authorize",
+                EndSessionEndpoint = DefaultAuthority + "/oauth2/endsessionendpoint",
+                TokenEndpoint = DefaultAuthority + "/oauth2/token"
+            };
+
+        public static IConfigurationManager<OpenIdConnectConfiguration> CreateDefaultOpenIdConnectConfigurationManager() =>
+            new StaticConfigurationManager<OpenIdConnectConfiguration>(CreateDefaultOpenIdConnectConfiguration());
+
         public static TestServer CreateServer(OpenIdConnectOptions options)
         {
             return CreateServer(options, handler: null, properties: null);
@@ -94,4 +129,4 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             return new TestServer(builder);
         }
     }
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index 47605dccea..3e50a7abee 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
         public TestSettings(Action<OpenIdConnectOptions> configure)
         {
-            _options = TestDefaultValues.CreateOpenIdConnectOptions(configure);
+            _options = TestServerBuilder.CreateOpenIdConnectOptions(configure);
         }
 
         public TestSettings(OpenIdConnectOptions options)
@@ -193,7 +193,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             ValidateQueryParameter(OpenIdConnectParameterNames.Scope, string.Join(" ", _options.Scope), actualQuery, errors, htmlEncoded);
 
         private void ValidateRedirectUri(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.RedirectUri, TestDefaultValues.TestHost + _options.CallbackPath, actualQuery, errors, htmlEncoded);
+            ValidateQueryParameter(OpenIdConnectParameterNames.RedirectUri, TestServerBuilder.TestHost + _options.CallbackPath, actualQuery, errors, htmlEncoded);
 
         private void ValidateResource(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
             ValidateQueryParameter(OpenIdConnectParameterNames.RedirectUri, _options.Resource, actualQuery, errors, htmlEncoded);

From c5c11e81b35d99ecde3b528254215df804adc926 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 22 Aug 2016 22:18:52 -0700
Subject: [PATCH 614/900] Split TestTransaction, add extension to TestServer

---
 .../OpenIdConnectChallengeTests.cs            | 20 ++++----
 .../OpenIdConnectMiddlewareTests.cs           |  8 +--
 .../OpenIdConnect/TestServerExtensions.cs     | 50 +++++++++++++++++++
 .../OpenIdConnect/TestTransaction.cs          | 37 --------------
 4 files changed, 64 insertions(+), 51 deletions(-)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index bf0d9ff0e3..78f84c04f5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -21,7 +21,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 opt => opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet);
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
@@ -62,7 +62,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 opt => opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost);
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.OK, res.StatusCode);
@@ -89,7 +89,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState);
 
             var server = TestServerBuilder.CreateServer(settings.Options, handler: null, properties: properties);
-            var transaction = await TestTransaction.SendAsync(server, TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
+            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
@@ -120,7 +120,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             });
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
@@ -159,7 +159,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             );
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             Assert.True(eventIsHit);
 
@@ -198,7 +198,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             );
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
@@ -239,7 +239,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             );
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
@@ -267,7 +267,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             );
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.OK, res.StatusCode);
@@ -294,7 +294,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             );
 
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
             Assert.Equal(HttpStatusCode.OK, res.StatusCode);
@@ -306,7 +306,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             var settings = new TestSettings();
             var server = settings.CreateTestServer();
-            var transaction = await TestTransaction.SendAsync(server, ChallengeEndpoint);
+            var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var firstCookie = transaction.SetCookie.First();
             Assert.Contains(OpenIdConnectDefaults.CookieNoncePrefix, firstCookie);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index f2ea922926..959d64acea 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -36,7 +36,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             var server = setting.CreateTestServer();
 
-            var transaction = await TestTransaction.SendAsync(server, DefaultHost + TestServerBuilder.Signout);
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             var res = transaction.Response;
 
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
@@ -56,7 +56,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 Configuration = configuration
             });
 
-            var transaction = await TestTransaction.SendAsync(server, DefaultHost + TestServerBuilder.Signout);
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Equal(configuration.EndSessionEndpoint, transaction.Response.Headers.Location.AbsoluteUri);
         }
@@ -73,7 +73,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 PostLogoutRedirectUri = "https://example.com/logout"
             });
 
-            var transaction = await TestTransaction.SendAsync(server, DefaultHost + TestServerBuilder.Signout);
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Contains(UrlEncoder.Default.Encode("https://example.com/logout"), transaction.Response.Headers.Location.AbsoluteUri);
         }
@@ -90,7 +90,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 PostLogoutRedirectUri = "https://example.com/logout"
             });
 
-            var transaction = await TestTransaction.SendAsync(server, "https://example.com/signout_with_specific_redirect_uri");
+            var transaction = await server.SendAsync("https://example.com/signout_with_specific_redirect_uri");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             Assert.Contains(UrlEncoder.Default.Encode("http://www.example.com/specific_redirect_uri"), transaction.Response.Headers.Location.AbsoluteUri);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
new file mode 100644
index 0000000000..a7085966a4
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Linq;
+using System.Net.Http;
+using System.Threading.Tasks;
+using System.Xml.Linq;
+using Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect;
+using Microsoft.AspNetCore.TestHost;
+
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
+{
+    internal static class TestServerExtensions
+    {
+        public static Task<TestTransaction> SendAsync(this TestServer server, string url)
+        {
+            return SendAsync(server, url, cookieHeader: null);
+        }
+
+        public static async Task<TestTransaction> SendAsync(this TestServer server, string uri, string cookieHeader)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (!string.IsNullOrEmpty(cookieHeader))
+            {
+                request.Headers.Add("Cookie", cookieHeader);
+            }
+
+            var transaction = new TestTransaction
+            {
+                Request = request,
+                Response = await server.CreateClient().SendAsync(request),
+            };
+
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+
+            return transaction;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
index 3bbd3152b3..745c41350a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
@@ -4,49 +4,12 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
-using System.Threading.Tasks;
 using System.Xml.Linq;
-using Microsoft.AspNetCore.TestHost;
 
 namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 {
     internal class TestTransaction
     {
-        public static Task<TestTransaction> SendAsync(TestServer server, string url)
-        {
-            return SendAsync(server, url, cookieHeader: null);
-        }
-
-        public static async Task<TestTransaction> SendAsync(TestServer server, string uri, string cookieHeader)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (!string.IsNullOrEmpty(cookieHeader))
-            {
-                request.Headers.Add("Cookie", cookieHeader);
-            }
-
-            var transaction = new TestTransaction
-            {
-                Request = request,
-                Response = await server.CreateClient().SendAsync(request),
-            };
-
-            if (transaction.Response.Headers.Contains("Set-Cookie"))
-            {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
-            }
-
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
-            if (transaction.Response.Content != null &&
-                transaction.Response.Content.Headers.ContentType != null &&
-                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
-            {
-                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
-            }
-
-            return transaction;
-        }
-
         public HttpRequestMessage Request { get; set; }
 
         public HttpResponseMessage Response { get; set; }

From d887d74819a5406b8283e14437a08379f7698ab8 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 23 Aug 2016 21:27:00 -0700
Subject: [PATCH 615/900] Update OpenIdConnectChallengeTests

1. Set header and status code in OnRedirectToIdentityProviderEventHandlesResponse
2. Move field to the top
---
 .../OpenIdConnect/OpenIdConnectChallengeTests.cs       | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index 78f84c04f5..fc9338e2bf 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -14,6 +14,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 {
     public class OpenIdConnectChallengeTests
     {
+        private static readonly string ChallengeEndpoint = TestServerBuilder.TestHost + TestServerBuilder.Challenge;
+
         [Fact]
         public async Task ChallengeIsIssuedCorrectly()
         {
@@ -259,7 +261,10 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                     {
                         OnRedirectToIdentityProvider = context =>
                         {
+                            context.Response.StatusCode = 410;
+                            context.Response.Headers.Add("tea", "Oolong");
                             context.HandleResponse();
+
                             return Task.FromResult(0);
                         }
                     };
@@ -270,7 +275,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
-            Assert.Equal(HttpStatusCode.OK, res.StatusCode);
+            Assert.Equal(HttpStatusCode.Gone, res.StatusCode);
+            Assert.Equal("Oolong", res.Headers.GetValues("tea").Single());
             Assert.Null(res.Headers.Location);
         }
 
@@ -316,7 +322,5 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
             Assert.Contains("expires", secondCookie);
         }
-
-        private static string ChallengeEndpoint => TestServerBuilder.TestHost + TestServerBuilder.Challenge;
     }
 }
\ No newline at end of file

From 59a86c17e2bfbad5ed2fe57f44a3054d17f07f89 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 24 Aug 2016 14:28:31 -0700
Subject: [PATCH 616/900] Update OpenIdConnectSample

1. Use bootstrap to enhance the view.
2. Html encoding
3. Improve readability
---
 samples/OpenIdConnectSample/Program.cs |  2 +-
 samples/OpenIdConnectSample/Startup.cs | 83 +++++++++++++++++++-------
 2 files changed, 63 insertions(+), 22 deletions(-)

diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
index b370c85a9e..49cbf139d6 100644
--- a/samples/OpenIdConnectSample/Program.cs
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -13,7 +13,7 @@ namespace OpenIdConnectSample
             var host = new WebHostBuilder()
                 .UseKestrel(options =>
                 {
-                    //Configure SSL
+                    // Configure SSL
                     var serverCertificate = LoadCertificate();
                     options.UseHttps(serverCertificate);
                 })
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 32d4739d19..37b753102b 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,5 +1,8 @@
 using System;
+using System.Collections.Generic;
 using System.Linq;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
@@ -80,20 +83,22 @@ namespace OpenIdConnectSample
             {
                 if (context.Request.Path.Equals("/signedout"))
                 {
-                    context.Response.ContentType = "text/html";
-                    await context.Response.WriteAsync($"<html><body>You have been signed out.<br>{Environment.NewLine}");
-                    await context.Response.WriteAsync("<a href=\"/\">Sign In</a>");
-                    await context.Response.WriteAsync($"</body></html>");
+                    await WriteHtmlAsync(context.Response, async res =>
+                    {
+                        await res.WriteAsync($"<h1>You have been signed out.</h1>");
+                        await res.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
+                    });
                     return;
                 }
 
                 if (context.Request.Path.Equals("/signout"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    context.Response.ContentType = "text/html";
-                    await context.Response.WriteAsync($"<html><body>Signed out {context.User.Identity.Name}<br>{Environment.NewLine}");
-                    await context.Response.WriteAsync("<a href=\"/\">Sign In</a>");
-                    await context.Response.WriteAsync($"</body></html>");
+                    await WriteHtmlAsync(context.Response, async res =>
+                    {
+                        await context.Response.WriteAsync($"<h1>Signed out {HtmlEncode(context.User.Identity.Name)}</h1>");
+                        await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
+                    });
                     return;
                 }
 
@@ -111,10 +116,11 @@ namespace OpenIdConnectSample
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    context.Response.ContentType = "text/html";
-                    await context.Response.WriteAsync($"<html><body>Access Denied for user {context.User.Identity.Name} to resource '{context.Request.Query["ReturnUrl"]}'<br>{Environment.NewLine}");
-                    await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a>");
-                    await context.Response.WriteAsync($"</body></html>");
+                    await WriteHtmlAsync(context.Response, async res =>
+                    {
+                        await context.Response.WriteAsync($"<h1>Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}'</h1>");
+                        await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/signout\">Sign Out</a>");
+                    });
                     return;
                 }
 
@@ -147,18 +153,53 @@ namespace OpenIdConnectSample
                     return;
                 }
 
-                context.Response.ContentType = "text/html";
-                await context.Response.WriteAsync($"<html><body>Hello Authenticated User {user.Identity.Name}<br>{Environment.NewLine}");
-                foreach (var claim in user.Claims)
+
+                await WriteHtmlAsync(context.Response, async response =>
                 {
-                    await context.Response.WriteAsync($"{claim.Type}: {claim.Value}<br>{Environment.NewLine}");
-                }
-                await context.Response.WriteAsync("<a href=\"/restricted\">Restricted</a><br>");
-                await context.Response.WriteAsync("<a href=\"/signout\">Sign Out</a><br>");
-                await context.Response.WriteAsync("<a href=\"/signout-remote\">Sign Out Remote</a><br>");
-                await context.Response.WriteAsync($"</body></html>");
+                    await response.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
+                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/restricted\">Restricted</a>");
+                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
+                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remote</a>");
+
+                    await response.WriteAsync("<h2>Claims:</h2>");
+                    await WriteTableHeader(response, new string[] { "Claim Type", "Value" }, context.User.Claims.Select(c => new string[] { c.Type, c.Value }));
+                });
             });
         }
+
+        private static async Task WriteHtmlAsync(HttpResponse response, Func<HttpResponse, Task> writeContent)
+        {
+            var bootstrap = "<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\" integrity=\"sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u\" crossorigin=\"anonymous\">";
+
+            response.ContentType = "text/html";
+            await response.WriteAsync($"<html><head>{bootstrap}</head><body><div class=\"container\">");
+            await writeContent(response);
+            await response.WriteAsync("</div></body></html>");
+        }
+
+        private static async Task WriteTableHeader(HttpResponse response, IEnumerable<string> columns, IEnumerable<IEnumerable<string>> data)
+        {
+            await response.WriteAsync("<table class=\"table table-condensed\">");
+            await response.WriteAsync("<tr>");
+            foreach (var column in columns)
+            {
+                await response.WriteAsync($"<th>{HtmlEncode(column)}</th>");
+            }
+            await response.WriteAsync("</tr>");
+            foreach (var row in data)
+            {
+                await response.WriteAsync("<tr>");
+                foreach (var column in row)
+                {
+                    await response.WriteAsync($"<td>{HtmlEncode(column)}</td>");
+                }
+                await response.WriteAsync("</tr>");
+            }
+            await response.WriteAsync("</table>");
+        }
+
+        private static string HtmlEncode(string content) =>
+            string.IsNullOrEmpty(content) ? string.Empty : HtmlEncoder.Default.Encode(content);
     }
 }
 

From 0d5482685b5b7cc585294877689085592d0f79de Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Tue, 12 Jul 2016 14:27:12 -0700
Subject: [PATCH 617/900] Update OpenIdConnect.AzureAdSample

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index fcfc7b4df0..05c073b46a 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -20,8 +20,6 @@ namespace OpenIdConnect.AzureAdSample
 {
     public class Startup
     {
-        private const string GraphResourceID = "https://graph.windows.net";
-
         public Startup(IHostingEnvironment env)
         {
             var builder = new ConfigurationBuilder()
@@ -103,7 +101,20 @@ namespace OpenIdConnect.AzureAdSample
 
             app.Run(async context =>
             {
-                if (context.Request.Path.Equals("/signout"))
+                if (context.Request.Path.Equals("/signin"))
+                {
+                    if (context.User.Identities.Any(identity => identity.IsAuthenticated))
+                    {
+                        // User has already signed in
+                        context.Response.Redirect("/");
+                        return;
+                    }
+
+                    await context.Authentication.ChallengeAsync(
+                        OpenIdConnectDefaults.AuthenticationScheme,
+                        new AuthenticationProperties { RedirectUri = "/" });
+                }
+                else if (context.Request.Path.Equals("/signout"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response,

From 26956c5ce1ddd7c2f1e7ffe044188514eb7a0617 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 28 Jul 2016 00:54:23 -0700
Subject: [PATCH 618/900] Update OIDC signout flow

OIDC signout should return to CallbackPath then locally redirect to AuthProperties.RedirectUri
---
 .../OpenIdConnect.AzureAdSample/Startup.cs    |   1 +
 .../LoggingExtensions.cs                      |  20 ++
 .../OpenIdConnectHandler.cs                   | 250 +++++++++++-------
 .../OpenIdConnectOptions.cs                   |  12 +-
 .../RemoteAuthenticationHandler.cs            |   1 +
 5 files changed, 184 insertions(+), 100 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 05c073b46a..7e32ddf8d9 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -81,6 +81,7 @@ namespace OpenIdConnect.AzureAdSample
                 ClientSecret = clientSecret, // for code flow
                 Authority = authority,
                 ResponseType = OpenIdConnectResponseType.CodeIdToken,
+                PostLogoutRedirectUri = "/usersignout",
                 // GetClaimsFromUserInfoEndpoint = true,
                 Events = new OpenIdConnectEvents()
                 {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
index d0f3e12d90..7f2519f5fd 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -16,6 +16,7 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, Exception> _redeemingCodeForTokens;
         private static Action<ILogger, string, Exception> _enteringOpenIdAuthenticationHandlerHandleRemoteAuthenticateAsync;
         private static Action<ILogger, string, Exception> _enteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync;
+        private static Action<ILogger, string, Exception> _enteringOpenIdAuthenticationHandlerHandleSignOutAsync;
         private static Action<ILogger, string, Exception> _messageReceived;
         private static Action<ILogger, Exception> _messageReceivedContextHandledResponse;
         private static Action<ILogger, Exception> _messageReceivedContextSkipped;
@@ -47,6 +48,7 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, string, Exception> _invalidSecurityTokenType;
         private static Action<ILogger, string, Exception> _unableToValidateIdToken;
         private static Action<ILogger, string, Exception> _postAuthenticationLocalRedirect;
+        private static Action<ILogger, string, Exception> _postSignOutRedirect;
         private static Action<ILogger, Exception> _remoteSignOutHandledResponse;
         private static Action<ILogger, Exception> _remoteSignOutSkipped;
         private static Action<ILogger, Exception> _remoteSignOut;
@@ -72,6 +74,10 @@ namespace Microsoft.Extensions.Logging
                 eventId: 4,
                 logLevel: LogLevel.Trace,
                 formatString: "Entering {OpenIdConnectHandlerType}'s HandleUnauthorizedAsync.");
+            _enteringOpenIdAuthenticationHandlerHandleSignOutAsync = LoggerMessage.Define<string>(
+                eventId: 14,
+                logLevel: LogLevel.Trace,
+                formatString: "Entering {OpenIdConnectHandlerType}'s HandleSignOutAsync.");
             _postAuthenticationLocalRedirect = LoggerMessage.Define<string>(
                 eventId: 5,
                 logLevel: LogLevel.Trace,
@@ -180,6 +186,10 @@ namespace Microsoft.Extensions.Logging
                 eventId: 32,
                 logLevel: LogLevel.Debug,
                 formatString: "TokenResponseReceived.Skipped");
+            _postSignOutRedirect = LoggerMessage.Define<string>(
+                eventId: 33,
+                logLevel: LogLevel.Trace,
+                formatString: "Using properties.RedirectUri for redirect post authentication: '{RedirectUri}'.");
             _userInformationReceived = LoggerMessage.Define<string>(
                eventId: 35,
                logLevel: LogLevel.Trace,
@@ -430,6 +440,11 @@ namespace Microsoft.Extensions.Logging
             _enteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync(logger, openIdConnectHandlerTypeName, null);
         }
 
+        public static void EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(this ILogger logger, string openIdConnectHandlerTypeName)
+        {
+            _enteringOpenIdAuthenticationHandlerHandleSignOutAsync(logger, openIdConnectHandlerTypeName, null);
+        }
+
         public static void UserInformationReceived(this ILogger logger, string user)
         {
             _userInformationReceived(logger, user, null);
@@ -440,6 +455,11 @@ namespace Microsoft.Extensions.Logging
             _postAuthenticationLocalRedirect(logger, redirectUri, null);
         }
 
+        public static void PostSignOutRedirect(this ILogger logger, string redirectUri)
+        {
+            _postSignOutRedirect(logger, redirectUri, null);
+        }
+
         public static void RemoteSignOutHandledResponse(this ILogger logger)
         {
             _remoteSignOutHandledResponse(logger, null);
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index df7caf3317..066803e99c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@@ -68,7 +69,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             {
                 return await HandleRemoteSignOutAsync();
             }
-            return await base.HandleRequestAsync();
+            else if (Options.SignedOutCallbackPath.HasValue && Options.SignedOutCallbackPath == Request.Path)
+            {
+                return await HandleSignOutCallbackAsync();
+            }
+            else
+            {
+                return await base.HandleRequestAsync();
+            }
         }
 
         protected virtual async Task<bool> HandleRemoteSignOutAsync()
@@ -79,12 +87,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             {
                 message = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
             }
+
             // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
             else if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)
               && !string.IsNullOrEmpty(Request.ContentType)
               // May have media/type; charset=utf-8, allow partial match.
               && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
-              && Request.Body.CanRead) {
+              && Request.Body.CanRead)
+            {
                 var form = await Request.ReadFormAsync();
                 message = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
             }
@@ -139,108 +149,134 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// Handles Signout
+        /// Sign out the Relying Party from the OpenID provider 
         /// </summary>
-        /// <returns></returns>
-        protected override async Task HandleSignOutAsync(SignOutContext signout)
+        /// <returns>A task executing the sign out procedure</returns>
+        protected override async Task HandleSignOutAsync(SignOutContext context)
         {
-            if (signout != null)
+            if (context == null)
             {
-                if (_configuration == null && Options.ConfigurationManager != null)
+                return;
+            }
+
+            Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
+
+            if (_configuration == null && Options.ConfigurationManager != null)
+            {
+                _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+            }
+
+            var message = new OpenIdConnectMessage()
+            {
+                IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
+
+                // Redirect back of SigneOutCallbackPath first before user agent is redirected to actual post logout redirect uri
+                PostLogoutRedirectUri = BuildRedirectUriIfRelative(Options.SignedOutCallbackPath)
+            };
+
+            // Get the post redirect URI.
+            var properties = new AuthenticationProperties(context.Properties);
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = BuildRedirectUriIfRelative(Options.PostLogoutRedirectUri);
+                if (string.IsNullOrWhiteSpace(properties.RedirectUri))
                 {
-                    _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
-                }
-
-                var message = new OpenIdConnectMessage()
-                {
-                    IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
-                };
-
-                // Set End_Session_Endpoint in order:
-                // 1. properties.Redirect
-                // 2. Options.PostLogoutRedirectUri
-                var properties = new AuthenticationProperties(signout.Properties);
-                var logoutRedirectUri = properties.RedirectUri;
-                if (!string.IsNullOrEmpty(logoutRedirectUri))
-                {
-                    // Relative to PathBase
-                    if (logoutRedirectUri.StartsWith("/", StringComparison.Ordinal))
-                    {
-                        logoutRedirectUri = BuildRedirectUri(logoutRedirectUri);
-                    }
-                    message.PostLogoutRedirectUri = logoutRedirectUri;
-                }
-                else if (!string.IsNullOrEmpty(Options.PostLogoutRedirectUri))
-                {
-                    logoutRedirectUri = Options.PostLogoutRedirectUri;
-                    // Relative to PathBase
-                    if (logoutRedirectUri.StartsWith("/", StringComparison.Ordinal))
-                    {
-                        logoutRedirectUri = BuildRedirectUri(logoutRedirectUri);
-                    }
-                    message.PostLogoutRedirectUri = logoutRedirectUri;
-                }
-
-                // Attach the identity token to the logout request when possible.
-                message.IdTokenHint = await Context.Authentication.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken);
-
-                var redirectContext = new RedirectContext(Context, Options, properties)
-                {
-                    ProtocolMessage = message
-                };
-
-                await Options.Events.RedirectToIdentityProviderForSignOut(redirectContext);
-                if (redirectContext.HandledResponse)
-                {
-                    Logger.RedirectToIdentityProviderForSignOutHandledResponse();
-                    return;
-                }
-                else if (redirectContext.Skipped)
-                {
-                    Logger.RedirectToIdentityProviderForSignOutSkipped();
-                    return;
-                }
-
-                message = redirectContext.ProtocolMessage;
-
-                if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
-                {
-                    var redirectUri = message.CreateLogoutRequestUrl();
-                    if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
-                    {
-                        Logger.InvalidLogoutQueryStringRedirectUrl(redirectUri);
-                    }
-
-                    Response.Redirect(redirectUri);
-                }
-                else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
-                {
-                    var inputs = new StringBuilder();
-                    foreach (var parameter in message.Parameters)
-                    {
-                        var name = HtmlEncoder.Encode(parameter.Key);
-                        var value = HtmlEncoder.Encode(parameter.Value);
-
-                        var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
-                        inputs.AppendLine(input);
-                    }
-
-                    var issuer = HtmlEncoder.Encode(message.IssuerAddress);
-
-                    var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
-                    var buffer = Encoding.UTF8.GetBytes(content);
-
-                    Response.ContentLength = buffer.Length;
-                    Response.ContentType = "text/html;charset=UTF-8";
-
-                    // Emit Cache-Control=no-cache to prevent client caching.
-                    Response.Headers[HeaderNames.CacheControl] = "no-cache";
-                    Response.Headers[HeaderNames.Pragma] = "no-cache";
-                    Response.Headers[HeaderNames.Expires] = "-1";
-
-                    await Response.Body.WriteAsync(buffer, 0, buffer.Length);
+                    properties.RedirectUri = CurrentUri;
                 }
             }
+            Logger.PostSignOutRedirect(properties.RedirectUri);
+
+            // Attach the identity token to the logout request when possible.
+            message.IdTokenHint = await Context.Authentication.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken);
+
+            var redirectContext = new RedirectContext(Context, Options, properties)
+            {
+                ProtocolMessage = message
+            };
+
+            await Options.Events.RedirectToIdentityProviderForSignOut(redirectContext);
+            if (redirectContext.HandledResponse)
+            {
+                Logger.RedirectToIdentityProviderForSignOutHandledResponse();
+                return;
+            }
+            else if (redirectContext.Skipped)
+            {
+                Logger.RedirectToIdentityProviderForSignOutSkipped();
+                return;
+            }
+
+            message = redirectContext.ProtocolMessage;
+
+            if (!string.IsNullOrEmpty(message.State))
+            {
+                properties.Items[OpenIdConnectDefaults.UserstatePropertiesKey] = message.State;
+            }
+
+            message.State = Options.StateDataFormat.Protect(properties);
+
+            if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
+            {
+                var redirectUri = message.CreateLogoutRequestUrl();
+                if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                {
+                    Logger.InvalidLogoutQueryStringRedirectUrl(redirectUri);
+                }
+
+                Response.Redirect(redirectUri);
+            }
+            else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
+            {
+                var inputs = new StringBuilder();
+                foreach (var parameter in message.Parameters)
+                {
+                    var name = HtmlEncoder.Encode(parameter.Key);
+                    var value = HtmlEncoder.Encode(parameter.Value);
+
+                    var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
+                    inputs.AppendLine(input);
+                }
+
+                var issuer = HtmlEncoder.Encode(message.IssuerAddress);
+
+                var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
+                var buffer = Encoding.UTF8.GetBytes(content);
+
+                Response.ContentLength = buffer.Length;
+                Response.ContentType = "text/html;charset=UTF-8";
+
+                // Emit Cache-Control=no-cache to prevent client caching.
+                Response.Headers[HeaderNames.CacheControl] = "no-cache";
+                Response.Headers[HeaderNames.Pragma] = "no-cache";
+                Response.Headers[HeaderNames.Expires] = "-1";
+
+                await Response.Body.WriteAsync(buffer, 0, buffer.Length);
+            }
+            else
+            {
+                throw new NotImplementedException($"An unsupported authentication method has been configured: {Options.AuthenticationMethod}");
+            }
+        }
+
+        /// <summary>
+        /// Response to the callback from OpenId provider after session ended.
+        /// </summary>
+        /// <returns>A task executing the callback procedure</returns>
+        protected virtual Task<bool> HandleSignOutCallbackAsync()
+        {
+            StringValues protectedState;
+            if (Request.Query.TryGetValue("State", out protectedState))
+            {
+                var properties = Options.StateDataFormat.Unprotect(protectedState);
+                if (!string.IsNullOrEmpty(properties.RedirectUri))
+                {
+                    Response.Redirect(properties.RedirectUri);
+                    return Task.FromResult(true);
+                }
+            }
+
+            Response.Redirect("/");
+            return Task.FromResult(true);
         }
 
         /// <summary>
@@ -1111,5 +1147,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             return ticket;
         }
+
+        /// <summary>
+        /// Build a redirect path if the given path is a relative path.
+        /// </summary>
+        private string BuildRedirectUriIfRelative(string uri)
+        {
+            if (string.IsNullOrEmpty(uri))
+            {
+                return uri;
+            }
+
+            if (!uri.StartsWith("/", StringComparison.Ordinal))
+            {
+                return uri;
+            }
+
+            return BuildRedirectUri(uri);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 181444b055..c3b18b2951 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -50,7 +50,9 @@ namespace Microsoft.AspNetCore.Builder
             AutomaticChallenge = true;
             DisplayName = OpenIdConnectDefaults.Caption;
             CallbackPath = new PathString("/signin-oidc");
+            SignedOutCallbackPath = new PathString("/signout-callback-oidc");
             RemoteSignOutPath = new PathString("/signout-oidc");
+
             Events = new OpenIdConnectEvents();
             Scope.Add("openid");
             Scope.Add("profile");
@@ -120,9 +122,15 @@ namespace Microsoft.AspNetCore.Builder
         };
 
         /// <summary>
-        /// Gets or sets the 'post_logout_redirect_uri'
+        /// The request path within the application's base path where the user agent will be returned after sign out from the identity provider.
         /// </summary>
-        /// <remarks>This is sent to the OP as the redirect for the user-agent.</remarks>
+        public PathString SignedOutCallbackPath { get; set; }
+
+        /// <summary>
+        /// The uri where the user agent will be returned to after application is signed out from the identity provider.
+        /// The redirect will happen after the <paramref name="SignoutCallbackPath"/> is invoked.
+        /// </summary>
+        /// <remarks>This URI is optional and it can be out of the application's domain.</remarks>
         public string PostLogoutRedirectUri { get; set; }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 4dfcc3662c..e34ee5fb55 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -26,6 +26,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 return await HandleRemoteCallbackAsync();
             }
+
             return false;
         }
 

From 8f5c7aef57457d8b0792d8d5fccd35819d64d268 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 14 Jul 2016 15:20:06 -0700
Subject: [PATCH 619/900] Update tests

---
 .../OpenIdConnectOptions.cs                   |  2 +-
 .../OpenIdConnectMiddlewareTests.cs           | 64 +++++++++++++++----
 2 files changed, 53 insertions(+), 13 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index c3b18b2951..9bd5779239 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -128,7 +128,7 @@ namespace Microsoft.AspNetCore.Builder
 
         /// <summary>
         /// The uri where the user agent will be returned to after application is signed out from the identity provider.
-        /// The redirect will happen after the <paramref name="SignoutCallbackPath"/> is invoked.
+        /// The redirect will happen after the SignoutCallbackPath is invoked.
         /// </summary>
         /// <remarks>This URI is optional and it can be out of the application's domain.</remarks>
         public string PostLogoutRedirectUri { get; set; }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 959d64acea..2862e10537 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Linq;
 using System.Globalization;
 using System.Net;
 using System.Text.Encodings.Web;
@@ -18,6 +19,9 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         static string nonceDelimiter = ".";
         const string DefaultHost = @"https://example.com";
         const string Logout = "/logout";
+        const string Signin = "/signin";
+        const string Signout = "/signout";
+
 
         /// <summary>
         /// Tests RedirectForSignOutContext replaces the OpenIdConnectMesssage correctly.
@@ -49,50 +53,86 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public async Task SignOutWithDefaultRedirectUri()
         {
             var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
-            var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
+            var options = new OpenIdConnectOptions
             {
                 Authority = TestServerBuilder.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration
-            });
+            };
+            var server = TestServerBuilder.CreateServer(options);
 
             var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal(configuration.EndSessionEndpoint, transaction.Response.Headers.Location.AbsoluteUri);
+            Assert.True(transaction.Response.Headers.Location.AbsoluteUri.StartsWith(configuration.EndSessionEndpoint));
+
+            var query = transaction.Response.Headers.Location.Query.Substring(1).Split('&')
+                                   .Select(each => each.Split('='))
+                                   .ToDictionary(pair => pair[0], pair => pair[1]);
+
+            string redirectUri;
+            Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
+            Assert.Equal(UrlEncoder.Default.Encode("https://example.com" + options.SignedOutCallbackPath), redirectUri, true);
         }
 
         [Fact]
         public async Task SignOutWithCustomRedirectUri()
         {
             var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
-            var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
+            var options = new OpenIdConnectOptions
             {
                 Authority = TestServerBuilder.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration,
-                PostLogoutRedirectUri = "https://example.com/logout"
-            });
+                SignedOutCallbackPath = "/thelogout",
+                PostLogoutRedirectUri = "https://example.com/postlogout"
+            };
+            var server = TestServerBuilder.CreateServer(options);
 
             var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Contains(UrlEncoder.Default.Encode("https://example.com/logout"), transaction.Response.Headers.Location.AbsoluteUri);
+
+            var query = transaction.Response.Headers.Location.Query.Substring(1).Split('&')
+                                   .Select(each => each.Split('='))
+                                   .ToDictionary(pair => pair[0], pair => pair[1]);
+
+            string redirectUri;
+            Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
+            Assert.Equal(UrlEncoder.Default.Encode("https://example.com" + options.SignedOutCallbackPath), redirectUri, true);
+
+            string state;
+            Assert.True(query.TryGetValue("state", out state));
+            var properties = options.StateDataFormat.Unprotect(state);
+            Assert.Equal("https://example.com/postlogout", properties.RedirectUri, true);
         }
 
         [Fact]
         public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
         {
             var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
-            var server = TestServerBuilder.CreateServer(new OpenIdConnectOptions
+            var options = new OpenIdConnectOptions
             {
                 Authority = TestServerBuilder.DefaultAuthority,
                 ClientId = "Test Id",
                 Configuration = configuration,
-                PostLogoutRedirectUri = "https://example.com/logout"
-            });
+                PostLogoutRedirectUri = "https://example.com/postlogout"
+            };
+            var server = TestServerBuilder.CreateServer(options);
 
             var transaction = await server.SendAsync("https://example.com/signout_with_specific_redirect_uri");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Contains(UrlEncoder.Default.Encode("http://www.example.com/specific_redirect_uri"), transaction.Response.Headers.Location.AbsoluteUri);
+
+            var query = transaction.Response.Headers.Location.Query.Substring(1).Split('&')
+                                   .Select(each => each.Split('='))
+                                   .ToDictionary(pair => pair[0], pair => pair[1]);
+
+            string redirectUri;
+            Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
+            Assert.Equal(UrlEncoder.Default.Encode("https://example.com" + options.SignedOutCallbackPath), redirectUri, true);
+
+            string state;
+            Assert.True(query.TryGetValue("state", out state));
+            var properties = options.StateDataFormat.Unprotect(state);
+            Assert.Equal("http://www.example.com/specific_redirect_uri", properties.RedirectUri, true);
         }
 
         // Test Cases for calculating the expiration time of cookie from cookie name
@@ -149,4 +189,4 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         }
 
     }
-}
\ No newline at end of file
+}

From fa0a68a84718d16db4cf24214623da2f02ca398a Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 28 Jul 2016 01:14:36 -0700
Subject: [PATCH 620/900] Fix xml comments error

---
 .../OpenIdConnectOptions.cs                                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 9bd5779239..5c8bf8c0a2 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -128,7 +128,7 @@ namespace Microsoft.AspNetCore.Builder
 
         /// <summary>
         /// The uri where the user agent will be returned to after application is signed out from the identity provider.
-        /// The redirect will happen after the SignoutCallbackPath is invoked.
+        /// The redirect will happen after the SignedOutCallbackPath is invoked.
         /// </summary>
         /// <remarks>This URI is optional and it can be out of the application's domain.</remarks>
         public string PostLogoutRedirectUri { get; set; }

From ed6984fab5a0bacdaea676276f078d7cdb0407ca Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 28 Jul 2016 10:05:50 -0700
Subject: [PATCH 621/900] Update signed out redirect url in sample

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 7e32ddf8d9..84558affb7 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -81,7 +81,7 @@ namespace OpenIdConnect.AzureAdSample
                 ClientSecret = clientSecret, // for code flow
                 Authority = authority,
                 ResponseType = OpenIdConnectResponseType.CodeIdToken,
-                PostLogoutRedirectUri = "/usersignout",
+                PostLogoutRedirectUri = "/signed-out",
                 // GetClaimsFromUserInfoEndpoint = true,
                 Events = new OpenIdConnectEvents()
                 {
@@ -128,10 +128,16 @@ namespace OpenIdConnect.AzureAdSample
                 else if (context.Request.Path.Equals("/signout-remote"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
-                    {
-                        RedirectUri = "/remote-signedout"
-                    });
+                    await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                }
+                else if (context.Request.Path.Equals("/signed-out"))
+                {
+                    await WriteHtmlAsync(context.Response, 
+                        async response =>
+                        {
+                            await response.WriteAsync($"<h1>You have been signed out.</h1>");
+                            await response.WriteAsync("<a class=\"btn btn-primary\" href=\"/signin\">Sign In</a>");
+                        });
                 }
                 else if (context.Request.Path.Equals("/remote-signedout"))
                 {

From c5509fb594aeeaa72a801c289f9979ad8276f1dd Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 28 Jul 2016 10:44:08 -0700
Subject: [PATCH 622/900] Minor update in OpenIdConnectHandler and Options

1. Default post sign out uri to the root of the applciation;
2. Throw ArgumentNullException for null context in HandleSignOutAsync;
3. Guard null from Unprotected;
4. Clean up code
---
 .../OpenIdConnectHandler.cs                       | 15 ++++++---------
 .../OpenIdConnectOptions.cs                       |  5 ++---
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 066803e99c..80e8c693be 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -73,10 +73,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             {
                 return await HandleSignOutCallbackAsync();
             }
-            else
-            {
-                return await base.HandleRequestAsync();
-            }
+
+            return await base.HandleRequestAsync();
         }
 
         protected virtual async Task<bool> HandleRemoteSignOutAsync()
@@ -156,7 +154,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         {
             if (context == null)
             {
-                return;
+                throw new ArgumentNullException(nameof(context));
             }
 
             Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
@@ -168,9 +166,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             var message = new OpenIdConnectMessage()
             {
-                IssuerAddress = _configuration == null ? string.Empty : (_configuration.EndSessionEndpoint ?? string.Empty),
+                IssuerAddress = _configuration?.EndSessionEndpoint ?? string.Empty,
 
-                // Redirect back of SigneOutCallbackPath first before user agent is redirected to actual post logout redirect uri
+                // Redirect back to SigneOutCallbackPath first before user agent is redirected to actual post logout redirect uri
                 PostLogoutRedirectUri = BuildRedirectUriIfRelative(Options.SignedOutCallbackPath)
             };
 
@@ -268,14 +266,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             if (Request.Query.TryGetValue("State", out protectedState))
             {
                 var properties = Options.StateDataFormat.Unprotect(protectedState);
-                if (!string.IsNullOrEmpty(properties.RedirectUri))
+                if (!string.IsNullOrEmpty(properties?.RedirectUri))
                 {
                     Response.Redirect(properties.RedirectUri);
                     return Task.FromResult(true);
                 }
             }
 
-            Response.Redirect("/");
             return Task.FromResult(true);
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 5c8bf8c0a2..12bc1c03d8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.ComponentModel;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -130,8 +129,8 @@ namespace Microsoft.AspNetCore.Builder
         /// The uri where the user agent will be returned to after application is signed out from the identity provider.
         /// The redirect will happen after the SignedOutCallbackPath is invoked.
         /// </summary>
-        /// <remarks>This URI is optional and it can be out of the application's domain.</remarks>
-        public string PostLogoutRedirectUri { get; set; }
+        /// <remarks>This URI can be out of the application's domain. By default it points to the root.</remarks>
+        public string PostLogoutRedirectUri { get; set; } = "/";
 
         /// <summary>
         /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic

From a79a0360c18df26f34d96521ff72067f9f2666b7 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Fri, 29 Jul 2016 15:06:37 -0700
Subject: [PATCH 623/900] Update OpenIdConnectHandler

---
 .../OpenIdConnectHandler.cs                                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 80e8c693be..7521ef39e8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -147,7 +147,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// Sign out the Relying Party from the OpenID provider 
+        /// Redirect user to the identity provider for sign out
         /// </summary>
         /// <returns>A task executing the sign out procedure</returns>
         protected override async Task HandleSignOutAsync(SignOutContext context)
@@ -263,7 +263,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         protected virtual Task<bool> HandleSignOutCallbackAsync()
         {
             StringValues protectedState;
-            if (Request.Query.TryGetValue("State", out protectedState))
+            if (Request.Query.TryGetValue(OpenIdConnectParameterNames.State, out protectedState))
             {
                 var properties = Options.StateDataFormat.Unprotect(protectedState);
                 if (!string.IsNullOrEmpty(properties?.RedirectUri))

From 3a5df89f1c06868cc6dd67997ea492c227a977fc Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 8 Aug 2016 08:59:22 -0700
Subject: [PATCH 624/900] Move a nullref check to base class

---
 .../OpenIdConnectHandler.cs                                  | 5 -----
 .../AuthenticationHandler.cs                                 | 5 +++++
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 7521ef39e8..e5dcbbdeb7 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -152,11 +152,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <returns>A task executing the sign out procedure</returns>
         protected override async Task HandleSignOutAsync(SignOutContext context)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
             Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
 
             if (_configuration == null && Options.ConfigurationManager != null)
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 1e642d82dd..f992cde009 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -288,6 +288,11 @@ namespace Microsoft.AspNetCore.Authentication
 
         public async Task SignOutAsync(SignOutContext context)
         {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
             if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
             {
                 SignOutAccepted = true;

From cbbec15d37f85187d6d32252ed84887dde5b2798 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Fri, 26 Aug 2016 11:46:29 -0700
Subject: [PATCH 625/900] Ignore null ExpiresUtc property in RequestRefresh

Issue: https://github.com/aspnet/Security/issues/949
---
 .../CookieAuthenticationHandler.cs            | 16 ++++---
 .../Cookies/CookieMiddlewareTests.cs          | 45 +++++++++++++++++++
 2 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index f11f69e1c9..7c583ed7e1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -57,11 +57,17 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         private void RequestRefresh(AuthenticationTicket ticket)
         {
-            _shouldRefresh = true;
-            var currentUtc = Options.SystemClock.UtcNow;
-            _refreshIssuedUtc = currentUtc;
-            var timeSpan = ticket.Properties.ExpiresUtc.Value.Subtract(ticket.Properties.IssuedUtc.Value);
-            _refreshExpiresUtc = currentUtc.Add(timeSpan);
+            var issuedUtc = ticket.Properties.IssuedUtc;
+            var expiresUtc = ticket.Properties.ExpiresUtc;
+
+            if (issuedUtc != null && expiresUtc != null)
+            {
+                _shouldRefresh = true;
+                var currentUtc = Options.SystemClock.UtcNow;
+                _refreshIssuedUtc = currentUtc;
+                var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
+                _refreshExpiresUtc = currentUtc.Add(timeSpan);
+            }
         }
 
         private async Task<AuthenticateResult> ReadCookieTicket()
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 942b1c4a5f..e6f881fefc 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -1214,6 +1214,51 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
         }
 
+        // Issue: https://github.com/aspnet/Security/issues/949
+        [Fact]
+        public async Task NullExpiresUtcPropertyIsGuarded()
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services => services.AddAuthentication())
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                    {
+                        Events = new CookieAuthenticationEvents
+                        {
+                            OnValidatePrincipal = context =>
+                            {
+                                context.Properties.ExpiresUtc = null;
+                                context.ShouldRenew = true;
+                                return Task.FromResult(0);
+                            }
+                        }
+                    });
+
+                    app.Run(async context =>
+                    {
+                        if (context.Request.Path == "/signin")
+                        {
+                            await context.Authentication.SignInAsync(
+                                CookieAuthenticationDefaults.AuthenticationScheme,
+                                new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
+                        }
+                        else
+                        {
+                            await context.Response.WriteAsync("ha+1");
+                        }
+                    });
+                });
+
+            var server = new TestServer(builder);
+
+            var cookie = (await server.SendAsync("http://www.example.com/signin")).SetCookie.FirstOrDefault();
+            Assert.NotNull(cookie);
+
+            var transaction = await server.SendAsync("http://www.example.com/", cookie);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
         private class NoOpDataProtector : IDataProtector
         {
             public IDataProtector CreateProtector(string purpose)

From 5b323e5ba190f29ae4e93469d146fa2de1f45874 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Sun, 4 Sep 2016 18:04:55 -0700
Subject: [PATCH 626/900] Increase .travis.yml consistency between repos -
 aspnet/Universe#349 - minimize `dotnet` setup time; no need for caching -
 build with `--quiet`

---
 .travis.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index efc1a57214..d7636fa329 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -10,6 +10,10 @@ addons:
     - libssl-dev
     - libunwind8
     - zlib1g
+env:
+  global:
+    - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+    - DOTNET_CLI_TELEMETRY_OPTOUT: 1
 mono:
   - 4.0.5
 os:
@@ -25,4 +29,4 @@ branches:
 before_install:
   - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
 script:
-  - ./build.sh verify
+  - ./build.sh --quiet verify

From ce0ed3d237e04dc23fe9618c74b0b2139b2e73a0 Mon Sep 17 00:00:00 2001
From: Pavel Krymets <pavel@krymets.com>
Date: Thu, 8 Sep 2016 10:01:53 -0700
Subject: [PATCH 627/900] Use TaskCache class from
 Microsoft.Extensions.TaskCache.Sources (#968)

Instead of Task.FromResult(0)
---
 .../Events/CookieAuthenticationEvents.cs      | 17 +++++++++--------
 .../project.json                              |  4 ++++
 .../Events/JwtBearerEvents.cs                 |  9 +++++----
 .../project.json                              |  4 ++++
 .../Events/OAuthEvents.cs                     |  5 +++--
 .../project.json                              |  4 ++++
 .../Events/OpenIdConnectEvents.cs             | 19 ++++++++++---------
 .../project.json                              |  4 ++++
 .../Events/TwitterEvents.cs                   |  5 +++--
 .../project.json                              |  4 ++++
 .../AuthenticationHandler.cs                  |  6 +++---
 .../ClaimsTransformationHandler.cs            |  7 ++++---
 .../Events/RemoteAuthenticationEvents.cs      |  5 +++--
 .../project.json                              |  4 ++++
 .../ClaimsAuthorizationRequirement.cs         |  3 ++-
 .../DenyAnonymousAuthorizationRequirement.cs  |  3 ++-
 .../NameAuthorizationRequirement.cs           |  3 ++-
 .../RolesAuthorizationRequirement.cs          |  3 ++-
 .../project.json                              |  6 +++++-
 19 files changed, 77 insertions(+), 38 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index ffe687e5f2..4364a2e546 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
@@ -17,22 +18,22 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; } = context => Task.FromResult(0);
+        public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieSigningInContext, Task> OnSigningIn { get; set; } = context => Task.FromResult(0);
+        public Func<CookieSigningInContext, Task> OnSigningIn { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieSignedInContext, Task> OnSignedIn { get; set; } = context => Task.FromResult(0);
+        public Func<CookieSignedInContext, Task> OnSignedIn { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieSigningOutContext, Task> OnSigningOut { get; set; } = context => Task.FromResult(0);
+        public Func<CookieSigningOutContext, Task> OnSigningOut { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
@@ -48,7 +49,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         };
 
         /// <summary>
@@ -65,7 +66,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         };
 
         /// <summary>
@@ -81,7 +82,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         };
 
         /// <summary>
@@ -97,7 +98,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         };
 
         private static bool IsAjaxRequest(HttpRequest request)
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 7ddff7ce8c..1317797b6a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -23,6 +23,10 @@
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.1.0-*",
     "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.Extensions.TaskCache.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
     "Microsoft.Extensions.WebEncoders": "1.1.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index 38a877f668..8ac1c3631e 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
@@ -14,22 +15,22 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => Task.FromResult(0);
+        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked before a challenge is sent back to the caller.
         /// </summary>
-        public Func<JwtBearerChallengeContext, Task> OnChallenge { get; set; } = context => Task.FromResult(0);
+        public Func<JwtBearerChallengeContext, Task> OnChallenge { get; set; } = context => TaskCache.CompletedTask;
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 2f8ea6072a..7697e9b691 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -22,6 +22,10 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.Extensions.TaskCache.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
index 44c4260516..066b324b75 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
@@ -14,7 +15,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Gets or sets the function that is invoked when the CreatingTicket method is invoked.
         /// </summary>
-        public Func<OAuthCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.FromResult(0);
+        public Func<OAuthCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Gets or sets the delegate that is invoked when the RedirectToAuthorizationEndpoint method is invoked.
@@ -22,7 +23,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public Func<OAuthRedirectToAuthorizationContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         };
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 192801ced6..0365178576 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -22,6 +22,10 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.Extensions.TaskCache.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index 42d35b7982..f39b554ece 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
@@ -14,47 +15,47 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.FromResult(0);
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
-        public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => Task.FromResult(0);
+        public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.FromResult(0);
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        public Func<RedirectContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToIdentityProvider { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked before redirecting to the identity provider to sign out.
         /// </summary>
-        public Func<RedirectContext, Task> OnRedirectToIdentityProviderForSignOut { get; set; } = context => Task.FromResult(0);
+        public Func<RedirectContext, Task> OnRedirectToIdentityProviderForSignOut { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked when a request is received on the RemoteSignOutPath.
         /// </summary>
-        public Func<RemoteSignOutContext, Task> OnRemoteSignOut { get; set; } = context => Task.FromResult(0);
+        public Func<RemoteSignOutContext, Task> OnRemoteSignOut { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
-        public Func<TokenResponseReceivedContext, Task> OnTokenResponseReceived { get; set; } = context => Task.FromResult(0);
+        public Func<TokenResponseReceivedContext, Task> OnTokenResponseReceived { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked when an IdToken has been validated and produced an AuthenticationTicket.
         /// </summary>
-        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => Task.FromResult(0);
+        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked when user information is retrieved from the UserInfoEndpoint.
         /// </summary>
-        public Func<UserInformationReceivedContext, Task> OnUserInformationReceived { get; set; } = context => Task.FromResult(0);
+        public Func<UserInformationReceivedContext, Task> OnUserInformationReceived { get; set; } = context => TaskCache.CompletedTask;
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 5243a96a73..53379f96d5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -22,6 +22,10 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.Extensions.TaskCache.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
index 21c5b57a7f..033227542a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
@@ -14,7 +15,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
         /// </summary>
-        public Func<TwitterCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.FromResult(0);
+        public Func<TwitterCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
@@ -22,7 +23,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         public Func<TwitterRedirectToAuthorizationEndpointContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         };
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 8696821dd8..9d4aa7b4ed 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -22,6 +22,10 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.Extensions.TaskCache.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index f992cde009..55cfa5b01c 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -142,7 +142,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// <returns></returns>
         protected virtual Task FinishResponseAsync()
         {
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
 
         private async Task HandleAutomaticChallengeIfNeeded()
@@ -283,7 +283,7 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected virtual Task HandleSignInAsync(SignInContext context)
         {
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
 
         public async Task SignOutAsync(SignOutContext context)
@@ -308,7 +308,7 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected virtual Task HandleSignOutAsync(SignOutContext context)
         {
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
 
         protected virtual Task<bool> HandleForbiddenAsync(ChallengeContext context)
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
index 7a2c47e401..27965dbf4e 100644
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
@@ -4,6 +4,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication
 {
@@ -48,7 +49,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 return PriorHandler.ChallengeAsync(context);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
 
         public void GetDescriptions(DescribeSchemesContext context)
@@ -65,7 +66,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 return PriorHandler.SignInAsync(context);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
 
         public Task SignOutAsync(SignOutContext context)
@@ -74,7 +75,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 return PriorHandler.SignOutAsync(context);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
 
         public void RegisterAuthenticationHandler(IHttpAuthenticationFeature auth)
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
index ee45b8afd9..6e7d6a35c6 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -3,14 +3,15 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication
 {
     public class RemoteAuthenticationEvents : IRemoteAuthenticationEvents
     {
-        public Func<FailureContext, Task> OnRemoteFailure { get; set; } = context => Task.FromResult(0);
+        public Func<FailureContext, Task> OnRemoteFailure { get; set; } = context => TaskCache.CompletedTask;
 
-        public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => Task.FromResult(0);
+        public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => TaskCache.CompletedTask;
 
         /// <summary>
         /// Invoked when there is a remote failure
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 460549c7ba..958170ab7d 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -29,6 +29,10 @@
       "type": "build",
       "version": "1.1.0-*"
     },
+    "Microsoft.Extensions.TaskCache.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
     "Microsoft.Extensions.Options": "1.1.0-*",
     "Microsoft.Extensions.WebEncoders": "1.1.0-*"
   },
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
index 0e28ba0776..4248e4813d 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
@@ -5,6 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -67,7 +68,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
index 7f2671775f..5bae319b3e 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
@@ -3,6 +3,7 @@
 
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -27,7 +28,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             {
                 context.Succeed(requirement);
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
index aca1920d7d..9fb295082b 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -46,7 +47,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
index 6e5aa72247..44e2b9a220 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
@@ -5,6 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -61,7 +62,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
-            return Task.FromResult(0);
+            return TaskCache.CompletedTask;
         }
 
     }
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 8e72b62f82..303ba904a1 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -21,7 +21,11 @@
   },
   "dependencies": {
     "Microsoft.Extensions.Logging.Abstractions": "1.1.0-*",
-    "Microsoft.Extensions.Options": "1.1.0-*"
+    "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.Extensions.TaskCache.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    }
   },
   "frameworks": {
     "net451": {

From e8f55bdb13a865210eb151f943b69a528fee6242 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 15 Sep 2016 16:12:54 -0700
Subject: [PATCH 628/900] Add Fail fast option for AuthZ

---
 .../AuthorizationOptions.cs                   |  6 ++
 .../DefaultAuthorizationService.cs            | 16 +++-
 .../DefaultAuthorizationServiceTests.cs       | 75 +++++++++++++++++--
 3 files changed, 90 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
index fa9e9ef1ee..6899913afb 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
@@ -13,6 +13,12 @@ namespace Microsoft.AspNetCore.Authorization
     {
         private IDictionary<string, AuthorizationPolicy> PolicyMap { get; } = new Dictionary<string, AuthorizationPolicy>(StringComparer.OrdinalIgnoreCase);
 
+        /// <summary>
+        /// Determines whether authentication handlers should be invoked after a failure.
+        /// Defaults to true.
+        /// </summary>
+        public bool InvokeHandlersAfterFailure { get; set; } = true;
+
         /// <summary>
         /// Gets or sets the default authorization policy.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 89777eab01..8980d51ac6 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -8,6 +8,7 @@ using System.Security.Claims;
 using System.Security.Principal;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authorization
 {
@@ -16,6 +17,7 @@ namespace Microsoft.AspNetCore.Authorization
     /// </summary>
     public class DefaultAuthorizationService : IAuthorizationService
     {
+        private readonly AuthorizationOptions _options;
         private readonly IAuthorizationHandlerContextFactory _contextFactory;
         private readonly IAuthorizationEvaluator _evaluator;
         private readonly IAuthorizationPolicyProvider _policyProvider;
@@ -28,7 +30,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
         /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) : this(policyProvider, handlers, logger, new DefaultAuthorizationHandlerContextFactory(), new DefaultAuthorizationEvaluator()) { }
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) : this(policyProvider, handlers, logger, new DefaultAuthorizationHandlerContextFactory(), new DefaultAuthorizationEvaluator(), Options.Create(new AuthorizationOptions())) { }
 
         /// <summary>
         /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
@@ -38,8 +40,13 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
         /// <param name="contextFactory">The <see cref="IAuthorizationHandlerContextFactory"/> used to create the context to handle the authorization.</param>  
         /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator)
+        /// <param name="options">The <see cref="AuthorizationOptions"/> used.</param>  
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator, IOptions<AuthorizationOptions> options)
         {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
             if (policyProvider == null)
             {
                 throw new ArgumentNullException(nameof(policyProvider));
@@ -61,6 +68,7 @@ namespace Microsoft.AspNetCore.Authorization
                 throw new ArgumentNullException(nameof(evaluator));
             }
 
+            _options = options.Value;
             _handlers = handlers.ToArray();
             _policyProvider = policyProvider;
             _logger = logger;
@@ -89,6 +97,10 @@ namespace Microsoft.AspNetCore.Authorization
             foreach (var handler in _handlers)
             {
                 await handler.HandleAsync(authContext);
+                if (!_options.InvokeHandlersAfterFailure && authContext.HasFailed)
+                {
+                    break;
+                }
             }
 
             if (_evaluator.HasSucceeded(authContext))
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 7f9e5642ae..039740ab2f 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -20,11 +20,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var services = new ServiceCollection();
             services.AddAuthorization();
             services.AddLogging();
-            services.AddOptions();
-            if (setupServices != null)
-            {
-                setupServices(services);
-            }
+            setupServices?.Invoke(services);
             return services.BuildServiceProvider().GetRequiredService<IAuthorizationService>();
         }
 
@@ -109,6 +105,72 @@ namespace Microsoft.AspNetCore.Authorization.Test
             Assert.True(allowed);
         }
 
+        public async Task Authorize_ShouldInvokeAllHandlersByDefault()
+        {
+            // Arrange
+            var handler1 = new FailHandler();
+            var handler2 = new FailHandler();
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddSingleton<IAuthorizationHandler>(handler1);
+                services.AddSingleton<IAuthorizationHandler>(handler2);
+                services.AddAuthorization(options =>
+                {
+                    options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
+                });
+            });
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(new ClaimsPrincipal(), "Custom");
+
+            // Assert
+            Assert.False(allowed);
+            Assert.True(handler1.Invoked);
+            Assert.True(handler2.Invoked);
+        }
+
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task Authorize_ShouldInvokeAllHandlersDependingOnSetting(bool invokeAllHandlers)
+        {
+            // Arrange
+            var handler1 = new FailHandler();
+            var handler2 = new FailHandler();
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddSingleton<IAuthorizationHandler>(handler1);
+                services.AddSingleton<IAuthorizationHandler>(handler2);
+                services.AddAuthorization(options =>
+                {
+                    options.InvokeHandlersAfterFailure = invokeAllHandlers;
+                    options.AddPolicy("Custom", policy => policy.Requirements.Add(new CustomRequirement()));
+                });
+            });
+
+            // Act
+            var allowed = await authorizationService.AuthorizeAsync(new ClaimsPrincipal(), "Custom");
+
+            // Assert
+            Assert.False(allowed);
+            Assert.True(handler1.Invoked);
+            Assert.Equal(invokeAllHandlers, handler2.Invoked);
+        }
+
+        private class FailHandler : IAuthorizationHandler
+        {
+            public bool Invoked { get; set; }
+
+            public Task HandleAsync(AuthorizationHandlerContext context)
+            {
+                Invoked = true;
+                context.Fail();
+                return Task.FromResult(0);
+            }
+        }
+
+
+
         [Fact]
         public async Task Authorize_ShouldFailWhenAllRequirementsNotHandled()
         {
@@ -584,8 +646,11 @@ namespace Microsoft.AspNetCore.Authorization.Test
         public class CustomRequirement : IAuthorizationRequirement { }
         public class CustomHandler : AuthorizationHandler<CustomRequirement>
         {
+            public bool Invoked { get; set; }
+
             protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomRequirement requirement)
             {
+                Invoked = true;
                 context.Succeed(requirement);
                 return Task.FromResult(0);
             }

From 22d2fe99c6fd9806b36025399a217a3a8b4e50f4 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 15 Sep 2016 16:21:11 -0700
Subject: [PATCH 629/900] AddOptions in BuildAuthorizationService test helper

---
 .../DefaultAuthorizationServiceTests.cs                          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 039740ab2f..7b0fc8c8b9 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -20,6 +20,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var services = new ServiceCollection();
             services.AddAuthorization();
             services.AddLogging();
+            services.AddOptions();
             setupServices?.Invoke(services);
             return services.BuildServiceProvider().GetRequiredService<IAuthorizationService>();
         }

From e12838e38f5f8be8371c0a7b02d9ce47e0663ce0 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 21 Sep 2016 11:20:41 -0700
Subject: [PATCH 630/900] Auth: Always call prior handlers during Challenge

---
 .../AuthenticationHandler.cs                  | 14 ++++--
 .../AuthenticationHandlerFacts.cs             | 48 ++++++++++++++++++-
 2 files changed, 55 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 55cfa5b01c..5e9a7c2381 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -311,6 +311,11 @@ namespace Microsoft.AspNetCore.Authentication
             return TaskCache.CompletedTask;
         }
 
+        /// <summary>
+        /// Override this method to deal with a challenge that is forbidden.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <returns>The returned boolean is ignored.</returns>
         protected virtual Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
             Response.StatusCode = 403;
@@ -323,7 +328,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// changing the 401 result to 302 of a login page or external sign-in location.)
         /// </summary>
         /// <param name="context"></param>
-        /// <returns>True if no other handlers should be called</returns>
+        /// <returns>The returned boolean is no longer used.</returns>
         protected virtual Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             Response.StatusCode = 401;
@@ -333,7 +338,6 @@ namespace Microsoft.AspNetCore.Authentication
         public async Task ChallengeAsync(ChallengeContext context)
         {
             ChallengeCalled = true;
-            var handled = false;
             if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
             {
                 switch (context.Behavior)
@@ -347,18 +351,18 @@ namespace Microsoft.AspNetCore.Authentication
                         }
                         goto case ChallengeBehavior.Unauthorized;
                     case ChallengeBehavior.Unauthorized:
-                        handled = await HandleUnauthorizedAsync(context);
+                        await HandleUnauthorizedAsync(context);
                         Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
                         break;
                     case ChallengeBehavior.Forbidden:
-                        handled = await HandleForbiddenAsync(context);
+                        await HandleForbiddenAsync(context);
                         Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
                         break;
                 }
                 context.Accept();
             }
 
-            if (!handled && PriorHandler != null)
+            if (PriorHandler != null)
             {
                 await PriorHandler.ChallengeAsync(context);
             }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
index aa9aef07c2..2cf11669d3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -75,6 +75,49 @@ namespace Microsoft.AspNetCore.Authentication
             Assert.Equal(1, handler.AuthCount);
         }
 
+        // Prior to https://github.com/aspnet/Security/issues/930 we wouldn't call prior if handled
+        [Fact]
+        public async Task AuthHandlerChallengeAlwaysCallsPriorHandler()
+        {
+            var handler = await TestHandler.Create("Alpha");
+            var previous = new PreviousHandler();
+
+            handler.PriorHandler = previous;
+            await handler.ChallengeAsync(new ChallengeContext("Alpha"));
+            Assert.True(previous.ChallengeCalled);
+        }
+
+        private class PreviousHandler : IAuthenticationHandler
+        {
+            public bool ChallengeCalled = false;
+
+            public Task AuthenticateAsync(AuthenticateContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ChallengeAsync(ChallengeContext context)
+            {
+                ChallengeCalled = true;
+                return Task.FromResult(0);
+            }
+
+            public void GetDescriptions(DescribeSchemesContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignInAsync(SignInContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignOutAsync(SignOutContext context)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
         private class CountOptions : AuthenticationOptions { }
 
         private class CountHandler : AuthenticationHandler<CountOptions>
@@ -109,6 +152,8 @@ namespace Microsoft.AspNetCore.Authentication
         {
             private TestHandler() { }
 
+            public AuthenticateResult Result = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever"));
+
             public static async Task<TestHandler> Create(string scheme)
             {
                 var handler = new TestHandler();
@@ -124,7 +169,7 @@ namespace Microsoft.AspNetCore.Authentication
 
             protected override Task<AuthenticateResult> HandleAuthenticateAsync()
             {
-                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
+                return Task.FromResult(Result);
             }
         }
 
@@ -220,7 +265,6 @@ namespace Microsoft.AspNetCore.Authentication
 
                 set
                 {
-                    throw new NotImplementedException();
                 }
             }
 

From aa1fd5d89a81aff26eb623976bf392ba469f4ff8 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Thu, 15 Sep 2016 15:11:47 -0700
Subject: [PATCH 631/900] Move ChunkingCookieManager to a separate Sources
 project

---
 Security.sln                                  |  30 ++++-
 .../Resources.resx                            | 126 ------------------
 .../project.json                              |   7 +-
 .../ChunkingCookieManager.cs                  |  26 +++-
 ...etCore.ChunkingCookieManager.Sources.xproj |  18 +++
 .../project.json                              |  12 ++
 .../CookieChunkingTests.cs                    |   2 +-
 ...e.ChunkingCookieManager.Sources.Test.xproj |  21 +++
 .../project.json                              |  26 ++++
 9 files changed, 135 insertions(+), 133 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/Resources.resx
 rename src/{Microsoft.AspNetCore.Authentication.Cookies => Microsoft.AspNetCore.ChunkingCookieManager.Sources}/ChunkingCookieManager.cs (89%)
 create mode 100644 src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj
 create mode 100644 src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
 rename test/{Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure => Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test}/CookieChunkingTests.cs (98%)
 create mode 100644 test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj
 create mode 100644 test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json

diff --git a/Security.sln b/Security.sln
index 2ed873270c..c84ec1bd96 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.24720.0
+VisualStudioVersion = 14.0.25420.1
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -57,6 +57,10 @@ Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Int
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnect.AzureAdSample", "samples\OpenIdConnect.AzureAdSample\OpenIdConnect.AzureAdSample.xproj", "{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.ChunkingCookieManager.Sources", "src\Microsoft.AspNetCore.ChunkingCookieManager.Sources\Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj", "{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test", "test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj", "{51563775-C659-4907-9BAF-9995BAB87D01}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -325,6 +329,28 @@ Global
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.ActiveCfg = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.Build.0 = Release|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|x86.Build.0 = Debug|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|Any CPU.Build.0 = Release|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|x86.ActiveCfg = Release|Any CPU
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|x86.Build.0 = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x86.Build.0 = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Any CPU.Build.0 = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.ActiveCfg = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -352,5 +378,7 @@ Global
 		{A7922DD8-09F1-43E4-938B-CC523EA08898} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Resources.resx b/src/Microsoft.AspNetCore.Authentication.Cookies/Resources.resx
deleted file mode 100644
index 71debecfa3..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Resources.resx
+++ /dev/null
@@ -1,126 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<root>
-  <!-- 
-    Microsoft ResX Schema 
-    
-    Version 2.0
-    
-    The primary goals of this format is to allow a simple XML format 
-    that is mostly human readable. The generation and parsing of the 
-    various data types are done through the TypeConverter classes 
-    associated with the data types.
-    
-    Example:
-    
-    ... ado.net/XML headers & schema ...
-    <resheader name="resmimetype">text/microsoft-resx</resheader>
-    <resheader name="version">2.0</resheader>
-    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
-    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
-    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
-    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
-    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
-        <value>[base64 mime encoded serialized .NET Framework object]</value>
-    </data>
-    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
-        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
-        <comment>This is a comment</comment>
-    </data>
-                
-    There are any number of "resheader" rows that contain simple 
-    name/value pairs.
-    
-    Each data row contains a name, and value. The row also contains a 
-    type or mimetype. Type corresponds to a .NET class that support 
-    text/value conversion through the TypeConverter architecture. 
-    Classes that don't support this are serialized and stored with the 
-    mimetype set.
-    
-    The mimetype is used for serialized objects, and tells the 
-    ResXResourceReader how to depersist the object. This is currently not 
-    extensible. For a given mimetype the value must be set accordingly:
-    
-    Note - application/x-microsoft.net.object.binary.base64 is the format 
-    that the ResXResourceWriter will generate, however the reader can 
-    read any of the formats listed below.
-    
-    mimetype: application/x-microsoft.net.object.binary.base64
-    value   : The object must be serialized with 
-            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
-            : and then encoded with base64 encoding.
-    
-    mimetype: application/x-microsoft.net.object.soap.base64
-    value   : The object must be serialized with 
-            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
-            : and then encoded with base64 encoding.
-
-    mimetype: application/x-microsoft.net.object.bytearray.base64
-    value   : The object must be serialized into a byte array 
-            : using a System.ComponentModel.TypeConverter
-            : and then encoded with base64 encoding.
-    -->
-  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
-    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
-    <xsd:element name="root" msdata:IsDataSet="true">
-      <xsd:complexType>
-        <xsd:choice maxOccurs="unbounded">
-          <xsd:element name="metadata">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" />
-              </xsd:sequence>
-              <xsd:attribute name="name" use="required" type="xsd:string" />
-              <xsd:attribute name="type" type="xsd:string" />
-              <xsd:attribute name="mimetype" type="xsd:string" />
-              <xsd:attribute ref="xml:space" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="assembly">
-            <xsd:complexType>
-              <xsd:attribute name="alias" type="xsd:string" />
-              <xsd:attribute name="name" type="xsd:string" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="data">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
-              </xsd:sequence>
-              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
-              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
-              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
-              <xsd:attribute ref="xml:space" />
-            </xsd:complexType>
-          </xsd:element>
-          <xsd:element name="resheader">
-            <xsd:complexType>
-              <xsd:sequence>
-                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
-              </xsd:sequence>
-              <xsd:attribute name="name" type="xsd:string" use="required" />
-            </xsd:complexType>
-          </xsd:element>
-        </xsd:choice>
-      </xsd:complexType>
-    </xsd:element>
-  </xsd:schema>
-  <resheader name="resmimetype">
-    <value>text/microsoft-resx</value>
-  </resheader>
-  <resheader name="version">
-    <value>2.0</value>
-  </resheader>
-  <resheader name="reader">
-    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-  </resheader>
-  <resheader name="writer">
-    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-  </resheader>
-  <data name="Exception_CookieLimitTooSmall" xml:space="preserve">
-    <value>The cookie key and options are larger than ChunksSize, leaving no room for data.</value>
-  </data>
-  <data name="Exception_ImcompleteChunkedCookie" xml:space="preserve">
-    <value>The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.</value>
-  </data>
-</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 1317797b6a..331de199ac 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -18,10 +18,15 @@
     "nowarn": [
       "CS1591"
     ],
-    "xmlDoc": true
+    "xmlDoc": true,
+    "define": [ "SECURITY" ]
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.AspNetCore.ChunkingCookieManager.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
     "Microsoft.Extensions.Options": "1.1.0-*",
     "Microsoft.Extensions.TaskCache.Sources": {
       "version": "1.1.0-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
similarity index 89%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
rename to src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
index c7bff38d1f..26fe0809c5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
@@ -9,6 +9,9 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
+// Keep the type public for Security repo as it would be a breaking change to change the accessor now.
+// Make this type internal for other repos as it could be used by multiple projects and having it public causes type conflicts.
+#if SECURITY
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
@@ -17,6 +20,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// </summary>
     public class ChunkingCookieManager : ICookieManager
     {
+#else
+namespace Microsoft.AspNetCore.Internal
+{
+    /// <summary>
+    /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
+    /// from requests.
+    /// </summary>
+    internal class ChunkingCookieManager
+    {
+#endif
         private const string ChunkKeySuffix = "C";
         private const string ChunkCountPrefix = "chunks-";
 
@@ -96,7 +109,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                                 totalSize += chunks[i].Length;
                             }
                             throw new FormatException(
-                                string.Format(CultureInfo.CurrentCulture, Resources.Exception_ImcompleteChunkedCookie, chunkId - 1, chunksCount, totalSize));
+                                string.Format(
+                                    CultureInfo.CurrentCulture,
+                                    "The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.",
+                                    chunkId - 1,
+                                    chunksCount,
+                                    totalSize));
                         }
                         // Missing chunk, abort by returning the original cookie value. It may have been a false positive?
                         return value;
@@ -162,7 +180,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 // 10 is the minimum data we want to put in an individual cookie, including the cookie chunk identifier "CXX".
                 // No room for data, we can't chunk the options and name
-                throw new InvalidOperationException(Resources.Exception_CookieLimitTooSmall);
+                throw new InvalidOperationException("The cookie key and options are larger than ChunksSize, leaving no room for data.");
             }
             else
             {
@@ -247,10 +265,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
 
             var responseHeaders = context.Response.Headers;
-            var existingValues = responseHeaders[Constants.Headers.SetCookie];
+            var existingValues = responseHeaders[HeaderNames.SetCookie];
             if (!StringValues.IsNullOrEmpty(existingValues))
             {
-                responseHeaders[Constants.Headers.SetCookie] = existingValues.Where(value => !rejectPredicate(value)).ToArray();
+                responseHeaders[HeaderNames.SetCookie] = existingValues.Where(value => !rejectPredicate(value)).ToArray();
             }
 
             AppendResponseCookie(
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj
new file mode 100644
index 0000000000..593e5d6816
--- /dev/null
+++ b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0.25420" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0.25420</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>2690fbe6-9d27-4c84-b82c-11188b0bcda3</ProjectGuid>
+    <RootNamespace>Microsoft.AspNetCore.ChunkingCookieManager.Sources</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
new file mode 100644
index 0000000000..a1a4f21841
--- /dev/null
+++ b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
@@ -0,0 +1,12 @@
+{
+  "version": "1.1.0-*",
+  "shared": "*.cs",
+  "dependencies": {
+    "Microsoft.AspNetCore.Http.Abstractions": "1.1.0-*",
+    "Microsoft.Net.Http.Headers": "1.1.0-*"
+  },
+  "frameworks": {
+    "net451": {},
+    "netstandard1.3": {}
+  }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
similarity index 98%
rename from test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
rename to test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
index 670baf5db4..c978d169e4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/Infrastructure/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
@@ -5,7 +5,7 @@ using System;
 using Microsoft.AspNetCore.Http;
 using Xunit;
 
-namespace Microsoft.AspNetCore.Authentication.Cookies.Infrastructure
+namespace Microsoft.AspNetCore.Internal
 {
     public class CookieChunkingTests
     {
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj
new file mode 100644
index 0000000000..d95a6c1287
--- /dev/null
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0.25420" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0.25420</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>51563775-c659-4907-9baf-9995bab87d01</ProjectGuid>
+    <RootNamespace>Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
+  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
new file mode 100644
index 0000000000..f5fab3f1e6
--- /dev/null
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
@@ -0,0 +1,26 @@
+{
+  "buildOptions": {
+    "warningsAsErrors": true
+  },
+  "dependencies": {
+    "dotnet-test-xunit": "2.2.0-*",
+    "Microsoft.AspNetCore.ChunkingCookieManager.Sources": {
+      "version": "1.1.0-*",
+      "type": "build"
+    },
+    "Microsoft.AspNetCore.Http": "1.1.0-*",
+    "xunit": "2.2.0-*"
+  },
+  "frameworks": {
+    "netcoreapp1.0": {
+      "dependencies": {
+        "Microsoft.NETCore.App": {
+          "version": "1.0.0-*",
+          "type": "platform"
+        }
+      }
+    },
+    "net451": {}
+  },
+  "testRunner": "xunit"
+}
\ No newline at end of file

From 25f39dd0f5f9a9199b720c2a53a2002cad26a8c4 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 20 Sep 2016 16:14:40 -0700
Subject: [PATCH 632/900] #859 Discriminate between providers when sharing an
 auth cookie

---
 .../RemoteAuthenticationHandler.cs            |  12 +-
 .../Google/GoogleMiddlewareTests.cs           | 263 +++++++++++++++++-
 2 files changed, 272 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index e34ee5fb55..862193db15 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -17,6 +17,7 @@ namespace Microsoft.AspNetCore.Authentication
         private const string CorrelationPrefix = ".AspNetCore.Correlation.";
         private const string CorrelationProperty = ".xsrf";
         private const string CorrelationMarker = "N";
+        private const string AuthSchemeKey = ".AuthScheme";
 
         private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
@@ -86,6 +87,9 @@ namespace Microsoft.AspNetCore.Authentication
             // REVIEW: is this safe or good?
             ticket.Properties.RedirectUri = null;
 
+            // Mark which provider produced this identity so we can cross-check later in HandleAuthenticateAsync
+            context.Properties.Items[AuthSchemeKey] = Options.AuthenticationScheme;
+
             await Options.Events.TicketReceived(context);
 
             if (context.HandledResponse)
@@ -132,7 +136,11 @@ namespace Microsoft.AspNetCore.Authentication
                         return AuthenticateResult.Fail(authenticateContext.Error);
                     }
 
-                    if (authenticateContext.Principal != null)
+                    // The SignInScheme may be shared with multiple providers, make sure this middleware issued the identity.
+                    string authenticatedScheme;
+                    if (authenticateContext.Principal != null && authenticateContext.Properties != null
+                        && authenticateContext.Properties.TryGetValue(AuthSchemeKey, out authenticatedScheme)
+                        && string.Equals(Options.AuthenticationScheme, authenticatedScheme, StringComparison.Ordinal))
                     {
                         return AuthenticateResult.Success(new AuthenticationTicket(authenticateContext.Principal,
                             new AuthenticationProperties(authenticateContext.Properties), Options.AuthenticationScheme));
@@ -143,7 +151,7 @@ namespace Microsoft.AspNetCore.Authentication
 
             }
 
-            return AuthenticateResult.Fail("Remote authentication does not support authenticate");
+            return AuthenticateResult.Fail("Remote authentication does not directly support authenticate");
         }
 
         protected override Task HandleSignOutAsync(SignOutContext context)
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 42cecf81bd..d0a2cfa195 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -215,7 +215,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         }
 
         [Fact]
-        public async Task AuthenticateWillFail()
+        public async Task AuthenticateWithoutCookieWillFail()
         {
             var server = CreateServer(new GoogleOptions
             {
@@ -755,6 +755,243 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 transaction.Response.Headers.GetValues("Location").First());
         }
 
+        [Fact]
+        public async Task AuthenticateAutomaticWhenAlreadySignedInSucceeds()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(new GoogleOptions
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                SaveTokens = true,
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = CreateBackchannel()
+            });
+
+            // Skip the challenge step, go directly to the callback path
+
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".xsrf";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await server.SendAsync("https://example.com/authenticate", authCookie);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal("Test Name", transaction.FindClaimValue(ClaimTypes.Name));
+            Assert.Equal("Test User ID", transaction.FindClaimValue(ClaimTypes.NameIdentifier));
+            Assert.Equal("Test Given Name", transaction.FindClaimValue(ClaimTypes.GivenName));
+            Assert.Equal("Test Family Name", transaction.FindClaimValue(ClaimTypes.Surname));
+            Assert.Equal("Test email", transaction.FindClaimValue(ClaimTypes.Email));
+
+            // Ensure claims transformation
+            Assert.Equal("yup", transaction.FindClaimValue("xform"));
+        }
+
+        [Fact]
+        public async Task AuthenticateGoogleWhenAlreadySignedInSucceeds()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(new GoogleOptions
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                SaveTokens = true,
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = CreateBackchannel()
+            });
+
+            // Skip the challenge step, go directly to the callback path
+
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".xsrf";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await server.SendAsync("https://example.com/authenticateGoogle", authCookie);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal("Test Name", transaction.FindClaimValue(ClaimTypes.Name));
+            Assert.Equal("Test User ID", transaction.FindClaimValue(ClaimTypes.NameIdentifier));
+            Assert.Equal("Test Given Name", transaction.FindClaimValue(ClaimTypes.GivenName));
+            Assert.Equal("Test Family Name", transaction.FindClaimValue(ClaimTypes.Surname));
+            Assert.Equal("Test email", transaction.FindClaimValue(ClaimTypes.Email));
+
+            // Ensure claims transformation
+            Assert.Equal("yup", transaction.FindClaimValue("xform"));
+        }
+
+        [Fact]
+        public async Task ChallengeGoogleWhenAlreadySignedInReturnsForbidden()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(new GoogleOptions
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                SaveTokens = true,
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = CreateBackchannel()
+            });
+
+            // Skip the challenge step, go directly to the callback path
+
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".xsrf";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await server.SendAsync("https://example.com/challenge", authCookie);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.StartsWith("https://example.com/Account/AccessDenied?", transaction.Response.Headers.Location.OriginalString);
+        }
+
+        [Fact]
+        public async Task AuthenticateFacebookWhenAlreadySignedWithGoogleReturnsNull()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(new GoogleOptions
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                SaveTokens = true,
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = CreateBackchannel()
+            });
+
+            // Skip the challenge step, go directly to the callback path
+
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".xsrf";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await server.SendAsync("https://example.com/authenticateFacebook", authCookie);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal(null, transaction.FindClaimValue(ClaimTypes.Name));
+        }
+
+        [Fact]
+        public async Task ChallengeFacebookWhenAlreadySignedWithGoogleSucceeds()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var server = CreateServer(new GoogleOptions
+            {
+                ClientId = "Test Id",
+                ClientSecret = "Test Secret",
+                SaveTokens = true,
+                StateDataFormat = stateFormat,
+                BackchannelHttpHandler = CreateBackchannel()
+            });
+
+            // Skip the challenge step, go directly to the callback path
+
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".xsrf";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
+                $".AspNetCore.Correlation.Google.{correlationValue}=N");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await server.SendAsync("https://example.com/challengeFacebook", authCookie);
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.StartsWith("https://www.facebook.com/", transaction.Response.Headers.Location.OriginalString);
+        }
+
+        private HttpMessageHandler CreateBackchannel()
+        {
+            return new TestHttpMessageHandler()
+            {
+                Sender = req =>
+                {
+                    if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v4/token")
+                    {
+                        return ReturnJsonResponse(new
+                        {
+                            access_token = "Test Access Token",
+                            expires_in = 3600,
+                            token_type = "Bearer"
+                        });
+                    }
+                    else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://www.googleapis.com/plus/v1/people/me")
+                    {
+                        return ReturnJsonResponse(new
+                        {
+                            id = "Test User ID",
+                            displayName = "Test Name",
+                            name = new
+                            {
+                                familyName = "Test Family Name",
+                                givenName = "Test Given Name"
+                            },
+                            url = "Profile link",
+                            emails = new[]
+                            {
+                                new
+                                {
+                                    value = "Test email",
+                                    type = "account"
+                                }
+                            }
+                        });
+                    }
+
+                    throw new NotImplementedException(req.RequestUri.AbsoluteUri);
+                }
+            };
+        }
+
         private static HttpResponseMessage ReturnJsonResponse(object content, HttpStatusCode code = HttpStatusCode.OK)
         {
             var res = new HttpResponseMessage(code);
@@ -774,6 +1011,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         AutomaticAuthenticate = true
                     });
                     app.UseGoogleAuthentication(options);
+                    app.UseFacebookAuthentication(new FacebookOptions()
+                    {
+                        AppId = "Test AppId",
+                        AppSecret = "Test AppSecrent",
+                    });
                     app.UseClaimsTransformation(context =>
                     {
                         var id = new ClaimsIdentity("xform");
@@ -789,6 +1031,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         {
                             await context.Authentication.ChallengeAsync("Google");
                         }
+                        else if (req.Path == new PathString("/challengeFacebook"))
+                        {
+                            await context.Authentication.ChallengeAsync("Facebook");
+                        }
                         else if (req.Path == new PathString("/tokens"))
                         {
                             var authContext = new AuthenticateContext(TestExtensions.CookieAuthenticationScheme);
@@ -800,6 +1046,21 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         {
                             res.Describe(context.User);
                         }
+                        else if (req.Path == new PathString("/authenticate"))
+                        {
+                            var user = await context.Authentication.AuthenticateAsync(Http.Authentication.AuthenticationManager.AutomaticScheme);
+                            res.Describe(user);
+                        }
+                        else if (req.Path == new PathString("/authenticateGoogle"))
+                        {
+                            var user = await context.Authentication.AuthenticateAsync("Google");
+                            res.Describe(user);
+                        }
+                        else if (req.Path == new PathString("/authenticateFacebook"))
+                        {
+                            var user = await context.Authentication.AuthenticateAsync("Facebook");
+                            res.Describe(user);
+                        }
                         else if (req.Path == new PathString("/unauthorized"))
                         {
                             // Simulate Authorization failure 

From 5aae7ded010dd80dfb24ca17fc719ff4f4658cd6 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 22 Sep 2016 11:28:51 -0700
Subject: [PATCH 633/900] Update Twitter auth package description

---
 src/Microsoft.AspNetCore.Authentication.Twitter/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 9d4aa7b4ed..395f67b3fc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -1,6 +1,6 @@
 {
   "version": "1.1.0-*",
-  "description": "ASP.NET Core middleware that enables an application to support Twitter's OAuth 2.0 authentication workflow.",
+  "description": "ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.",
   "packOptions": {
     "repository": {
       "type": "git",

From ddeef1f9ac09c34c2a2c28e35923ae7288b1049e Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Fri, 23 Sep 2016 10:23:50 -0700
Subject: [PATCH 634/900] Add prompt parameter to Google auth endpoint

---
 .../GoogleHandler.cs                                      | 8 +++++---
 .../Google/GoogleMiddlewareTests.cs                       | 8 +++++++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 68cc6054f1..f28ab4d14a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -87,18 +87,20 @@ namespace Microsoft.AspNetCore.Authentication.Google
         // TODO: Abstract this properties override pattern into the base class?
         protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
         {
-            var scope = FormatScope();
+            // Google Identity Platform Manual:
+            // https://developers.google.com/identity/protocols/OAuth2WebServer
 
             var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
             queryStrings.Add("response_type", "code");
             queryStrings.Add("client_id", Options.ClientId);
             queryStrings.Add("redirect_uri", redirectUri);
 
-            AddQueryString(queryStrings, properties, "scope", scope);
-
+            AddQueryString(queryStrings, properties, "scope", FormatScope());
             AddQueryString(queryStrings, properties, "access_type", Options.AccessType);
             AddQueryString(queryStrings, properties, "approval_prompt");
+            AddQueryString(queryStrings, properties, "prompt");
             AddQueryString(queryStrings, properties, "login_hint");
+            AddQueryString(queryStrings, properties, "include_granted_scopes");
 
             var state = Options.StateDataFormat.Protect(properties);
             queryStrings.Add("state", state);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index d0a2cfa195..944c322ad3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -43,8 +43,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Contains("&state=", location);
 
             Assert.DoesNotContain("access_type=", location);
+            Assert.DoesNotContain("prompt=", location);
             Assert.DoesNotContain("approval_prompt=", location);
             Assert.DoesNotContain("login_hint=", location);
+            Assert.DoesNotContain("include_granted_scopes=", location);
         }
 
         [Fact]
@@ -177,7 +179,9 @@ namespace Microsoft.AspNetCore.Authentication.Google
                                 { "scope", "https://www.googleapis.com/auth/plus.login" },
                                 { "access_type", "offline" },
                                 { "approval_prompt", "force" },
-                                { "login_hint", "test@example.com" }
+                                { "prompt", "consent" },
+                                { "login_hint", "test@example.com" },
+                                { "include_granted_scopes", "false" }
                             }));
                     }
 
@@ -189,6 +193,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Contains("scope=" + UrlEncoder.Default.Encode("https://www.googleapis.com/auth/plus.login"), query);
             Assert.Contains("access_type=offline", query);
             Assert.Contains("approval_prompt=force", query);
+            Assert.Contains("prompt=consent", query);
+            Assert.Contains("include_granted_scopes=false", query);
             Assert.Contains("login_hint=" + UrlEncoder.Default.Encode("test@example.com"), query);
         }
 

From 28932a779523dcfed5ee844bac1c85a7e9a00a6d Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 21 Sep 2016 16:18:59 -0700
Subject: [PATCH 635/900] Log the error inforamtion when redeem auth code

---
 .../LoggingExtensions.cs                      | 18 ++++-
 .../OpenIdConnectHandler.cs                   | 77 +++++++++++++++----
 2 files changed, 77 insertions(+), 18 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
index 7f2519f5fd..aa6d0cbaa7 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -37,7 +37,8 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, string, Exception> _invalidLogoutQueryStringRedirectUrl;
         private static Action<ILogger, Exception> _nullOrEmptyAuthorizationResponseState;
         private static Action<ILogger, Exception> _unableToReadAuthorizationResponseState;
-        private static Action<ILogger, string, string, string, Exception> _authorizationResponseError;
+        private static Action<ILogger, string, string, string, Exception> _responseError;
+        private static Action<ILogger, string, string, string, int, Exception> _responseErrorWithStatusCode;
         private static Action<ILogger, Exception> _exceptionProcessingMessage;
         private static Action<ILogger, Exception> _accessTokenNotAvailable;
         private static Action<ILogger, Exception> _retrievingClaims;
@@ -106,10 +107,14 @@ namespace Microsoft.Extensions.Logging
                 eventId: 11,
                 logLevel: LogLevel.Debug,
                 formatString: "Unable to read the message.State.");
-            _authorizationResponseError = LoggerMessage.Define<string, string, string>(
+            _responseError = LoggerMessage.Define<string, string, string>(
                 eventId: 12,
                 logLevel: LogLevel.Error,
                 formatString: "Message contains error: '{Error}', error_description: '{ErrorDescription}', error_uri: '{ErrorUri}'.");
+            _responseErrorWithStatusCode = LoggerMessage.Define<string, string, string, int>(
+                eventId: 49,
+                logLevel: LogLevel.Error,
+                formatString: "Message contains error: '{Error}', error_description: '{ErrorDescription}', error_uri: '{ErrorUri}', status code '{StatusCode}'.");
             _updatingConfiguration = LoggerMessage.Define(
                 eventId: 13,
                 logLevel: LogLevel.Debug,
@@ -380,9 +385,14 @@ namespace Microsoft.Extensions.Logging
             _unableToReadAuthorizationResponseState(logger, null);
         }
 
-        public static void AuthorizationResponseError(this ILogger logger, string error, string errorDescription, string errorUri)
+        public static void ResponseError(this ILogger logger, string error, string errorDescription, string errorUri)
         {
-            _authorizationResponseError(logger, error, errorDescription, errorUri, null);
+            _responseError(logger, error, errorDescription, errorUri, null);
+        }
+
+        public static void ResponseErrorWithStatusCode(this ILogger logger, string error, string errorDescription, string errorUri, int statusCode)
+        {
+            _responseErrorWithStatusCode(logger, error, errorDescription, errorUri, statusCode, null);
         }
 
         public static void ExceptionProcessingMessage(this ILogger logger, Exception ex)
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index e5dcbbdeb7..2039a76e90 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -507,14 +507,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(authorizationResponse.Error))
                 {
-                    Logger.AuthorizationResponseError(
-                        authorizationResponse.Error,
-                        authorizationResponse.ErrorDescription ?? "ErrorDecription null",
-                        authorizationResponse.ErrorUri ?? "ErrorUri null");
-
-                    return AuthenticateResult.Fail(new OpenIdConnectProtocolException(
-                        string.Format(CultureInfo.InvariantCulture, Resources.MessageContainsError, authorizationResponse.Error,
-                        authorizationResponse.ErrorDescription ?? "ErrorDecription null", authorizationResponse.ErrorUri ?? "ErrorUri null")));
+                    return AuthenticateResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null));
                 }
 
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -590,6 +583,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     {
                         return result;
                     }
+
                     authorizationResponse = tokenResponseReceivedContext.ProtocolMessage;
                     tokenEndpointResponse = tokenResponseReceivedContext.TokenEndpointResponse;
 
@@ -684,20 +678,50 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// Redeems the authorization code for tokens at the token endpoint
+        /// Redeems the authorization code for tokens at the token endpoint.
         /// </summary>
         /// <param name="tokenEndpointRequest">The request that will be sent to the token endpoint and is available for customization.</param>
         /// <returns>OpenIdConnect message that has tokens inside it.</returns>
         protected virtual async Task<OpenIdConnectMessage> RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
         {
             Logger.RedeemingCodeForTokens();
+
             var requestMessage = new HttpRequestMessage(HttpMethod.Post, _configuration.TokenEndpoint);
             requestMessage.Content = new FormUrlEncodedContent(tokenEndpointRequest.Parameters);
+
             var responseMessage = await Backchannel.SendAsync(requestMessage);
-            responseMessage.EnsureSuccessStatusCode();
-            var tokenResonse = await responseMessage.Content.ReadAsStringAsync();
-            var jsonTokenResponse = JObject.Parse(tokenResonse);
-            return new OpenIdConnectMessage(jsonTokenResponse);
+
+            var contentMediaType = responseMessage.Content.Headers.ContentType?.MediaType;
+            if (string.IsNullOrEmpty(contentMediaType))
+            {
+                Logger.LogDebug($"Unexpected token response format. Status Code: {(int)responseMessage.StatusCode}. Content-Type header is missing.");
+            }
+            else if (!string.Equals(contentMediaType, "application/json", StringComparison.OrdinalIgnoreCase))
+            {
+                Logger.LogDebug($"Unexpected token response format. Status Code: {(int)responseMessage.StatusCode}. Content-Type {responseMessage.Content.Headers.ContentType}.");
+            }
+
+            // Error handling:
+            // 1. If the response body can't be parsed as json, throws.
+            // 2. If the response's status code is not in 2XX range, throw OpenIdConnectProtocolException. If the body is correct parsed, 
+            //    pass the error information from body to the exception.
+            OpenIdConnectMessage message;
+            try
+            {
+                var responseContent = await responseMessage.Content.ReadAsStringAsync();
+                message = new OpenIdConnectMessage(responseContent);
+            }
+            catch (Exception ex)
+            {
+                throw new OpenIdConnectProtocolException($"Failed to parse token response body as JSON. Status Code: {(int)responseMessage.StatusCode}. Content-Type: {responseMessage.Content.Headers.ContentType}", ex);
+            }
+
+            if (!responseMessage.IsSuccessStatusCode)
+            {
+                throw CreateOpenIdConnectProtocolException(message, responseMessage);
+            }
+
+            return message;
         }
 
         /// <summary>
@@ -1016,7 +1040,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             return authorizationCodeReceivedContext;
         }
 
-        private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(OpenIdConnectMessage message, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties)
+        private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(
+            OpenIdConnectMessage message,
+            OpenIdConnectMessage tokenEndpointResponse,
+            AuthenticationProperties properties)
         {
             Logger.TokenResponseReceived();
             var eventContext = new TokenResponseReceivedContext(Context, Options, properties)
@@ -1157,5 +1184,27 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             return BuildRedirectUri(uri);
         }
+
+        private OpenIdConnectProtocolException CreateOpenIdConnectProtocolException(OpenIdConnectMessage message, HttpResponseMessage response)
+        {
+            var description = message.ErrorDescription ?? "error_description is null";
+            var errorUri = message.ErrorUri ?? "error_uri is null";
+
+            if (response != null)
+            {
+                Logger.ResponseErrorWithStatusCode(message.Error, description, errorUri, (int)response.StatusCode);
+            }
+            else
+            {
+                Logger.ResponseError(message.Error, description, errorUri);
+            }
+
+            return new OpenIdConnectProtocolException(string.Format(
+                CultureInfo.InvariantCulture,
+                Resources.MessageContainsError,
+                message.Error,
+                description,
+                errorUri));
+        }
     }
 }

From 918d6127457b88bbb45de5e7efd8ccf1e95d9d6a Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 26 Sep 2016 14:31:57 -0700
Subject: [PATCH 636/900] Add ChunkingCookieManager.Sources to
 NuGetPackageVerifier

---
 NuGetPackageVerifier.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NuGetPackageVerifier.json b/NuGetPackageVerifier.json
index 9f3414fbc4..c522f4c1a8 100644
--- a/NuGetPackageVerifier.json
+++ b/NuGetPackageVerifier.json
@@ -18,6 +18,12 @@
             "Microsoft.Owin.Security.Interop": { }
         }
     },
+    "adx-nonshipping": {
+        "rules": [],
+        "packages": {
+            "Microsoft.AspNetCore.ChunkingCookieManager.Sources": { }
+        }
+    },
     "Default": { // Rules to run for packages not listed in any other set.
         "rules": [
             "DefaultCompositeRule"

From 0152691108717bd74cc5f0406e7b745b31c8ca23 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Wed, 28 Sep 2016 14:25:02 -0700
Subject: [PATCH 637/900] Cookie Auto: set properties back to ticket when using
 SessionStore (#995)

---
 .../CookieAuthenticationHandler.cs                 | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 7c583ed7e1..1f2b395b1d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -150,6 +150,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 HttpOnly = Options.CookieHttpOnly,
                 Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"),
             };
+
             if (Options.CookieSecure == CookieSecurePolicy.SameAsRequest)
             {
                 cookieOptions.Secure = Request.IsHttps;
@@ -158,6 +159,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 cookieOptions.Secure = Options.CookieSecure == CookieSecurePolicy.Always;
             }
+
             return cookieOptions;
         }
 
@@ -172,13 +174,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var ticket = (await HandleAuthenticateOnceSafeAsync())?.Ticket;
             if (ticket != null)
             {
+                var properties = ticket.Properties;
+
                 if (_refreshIssuedUtc.HasValue)
                 {
-                    ticket.Properties.IssuedUtc = _refreshIssuedUtc;
+                    properties.IssuedUtc = _refreshIssuedUtc;
                 }
+
                 if (_refreshExpiresUtc.HasValue)
                 {
-                    ticket.Properties.ExpiresUtc = _refreshExpiresUtc;
+                    properties.ExpiresUtc = _refreshExpiresUtc;
                 }
 
                 if (Options.SessionStore != null && _sessionKey != null)
@@ -194,7 +199,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
 
                 var cookieOptions = BuildCookieOptions();
-                if (ticket.Properties.IsPersistent && _refreshExpiresUtc.HasValue)
+                if (properties.IsPersistent && _refreshExpiresUtc.HasValue)
                 {
                     cookieOptions.Expires = _refreshExpiresUtc.Value.ToUniversalTime();
                 }
@@ -205,7 +210,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     cookieValue,
                     cookieOptions);
 
-                await ApplyHeaders(shouldRedirectToReturnUrl: false, properties: ticket.Properties);
+                await ApplyHeaders(shouldRedirectToReturnUrl: false, properties: properties);
             }
         }
 
@@ -261,6 +266,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         Options.ClaimsIssuer));
                 ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
             }
+
             var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
 
             Options.CookieManager.AppendResponseCookie(

From ac773beffcdd348599f4b8cb4cac76473bee0ecf Mon Sep 17 00:00:00 2001
From: Adem Caglin <adem.caglin@gmail.com>
Date: Thu, 29 Sep 2016 23:24:24 +0300
Subject: [PATCH 638/900] Changed BuildChallengeUrl in order to accept
 AuthorizationEndpoint which contains query parameters (#992)

---
 .../OAuthHandler.cs                                         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index dbfa1ef92b..1c5143842f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
+using Microsoft.AspNetCore.WebUtilities;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
@@ -206,8 +207,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             var scope = FormatScope();
 
             var state = Options.StateDataFormat.Protect(properties);
-
-            var queryBuilder = new QueryBuilder()
+            var parameters = new Dictionary<string, string>
             {
                 { "client_id", Options.ClientId },
                 { "scope", scope },
@@ -215,7 +215,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 { "redirect_uri", redirectUri },
                 { "state", state },
             };
-            return Options.AuthorizationEndpoint + queryBuilder.ToString();
+            return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters);
         }
 
         protected virtual string FormatScope()

From e09dd6d0b8fad0a6d0f7c52931549006e794693e Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Thu, 29 Sep 2016 16:21:26 -0700
Subject: [PATCH 639/900] Fix #976: Break claims value in array into multiple
 claims (#996)

* Break claims value in array into multiple claims

* Review feedback 1
---
 .../OpenIdConnectHandler.cs                   |  7 +---
 .../Utility/ClaimsHelper.cs                   | 36 +++++++++++++++++++
 2 files changed, 37 insertions(+), 6 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 2039a76e90..1e5eda4707 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -806,12 +806,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
 
             // adding remaining unique claims from userinfo endpoint to the identity
-            foreach (var pair in user)
-            {
-                JToken value;
-                var claimValue = user.TryGetValue(pair.Key, out value) ? value.ToString() : null;
-                identity.AddClaim(new Claim(pair.Key, claimValue, ClaimValueTypes.String, jwt.Issuer));
-            }
+            ClaimsHelper.AddClaimsToIdentity(user, identity, jwt.Issuer);
 
             return AuthenticateResult.Success(ticket);
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs
new file mode 100644
index 0000000000..dab4d0fd9c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs
@@ -0,0 +1,36 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
+{
+    internal static class ClaimsHelper
+    {
+        public static void AddClaimsToIdentity(
+            JObject userInformationPayload,
+            ClaimsIdentity identity,
+            string issuer)
+        {
+            foreach (var pair in userInformationPayload)
+            {
+                var array = pair.Value as JArray;
+                if (array != null)
+                {
+                    foreach (var item in array)
+                    {
+                        AddClaimsToIdentity(item, identity, pair.Key, issuer);
+                    }
+                }
+                else
+                {
+                    AddClaimsToIdentity(pair.Value, identity, pair.Key, issuer);
+                }
+            }
+        }
+
+        private static void AddClaimsToIdentity(JToken item, ClaimsIdentity identity, string key, string issuer)
+            => identity.AddClaim(new Claim(key, item?.ToString() ?? string.Empty, ClaimValueTypes.String, issuer));
+    }
+}

From f64c864911a2ec84f895f012bd2560b14482eea2 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 28 Sep 2016 11:52:20 -0700
Subject: [PATCH 640/900] Updating partner package versions

---
 samples/CookieSample/project.json                     |  2 +-
 samples/CookieSessionSample/project.json              |  2 +-
 samples/JwtBearerSample/project.json                  |  6 +++---
 samples/OpenIdConnect.AzureAdSample/project.json      |  4 ++--
 samples/OpenIdConnectSample/project.json              |  8 ++++----
 samples/SocialSample/project.json                     |  6 +++---
 .../project.json                                      |  7 +++++--
 .../project.json                                      |  3 ++-
 .../project.json                                      |  3 ++-
 .../project.json                                      |  3 ++-
 .../project.json                                      |  3 ++-
 .../project.json                                      |  3 ++-
 .../project.json                                      |  3 ++-
 .../project.json                                      |  1 +
 src/Microsoft.AspNetCore.Authentication/project.json  | 11 ++++-------
 src/Microsoft.AspNetCore.Authorization/project.json   |  5 +++--
 .../project.json                                      |  3 ++-
 src/Microsoft.AspNetCore.CookiePolicy/project.json    |  3 ++-
 src/Microsoft.Owin.Security.Interop/project.json      |  3 ++-
 .../project.json                                      |  2 +-
 .../project.json                                      |  2 +-
 .../project.json                                      |  2 +-
 .../project.json                                      |  2 +-
 .../Microsoft.Owin.Security.Interop.Test/project.json |  1 +
 24 files changed, 50 insertions(+), 38 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 57ceb354aa..4cf29c1771 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -15,7 +15,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 6530e1cf00..69c44692e6 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -16,7 +16,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 21d2365ece..e6658fa898 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -8,15 +8,15 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
     "Microsoft.AspNetCore.StaticFiles": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*"
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 6aee5073f2..4cbe064a34 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -14,7 +14,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
@@ -37,4 +37,4 @@
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
   }
-}
+}
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index a6a16a29fc..2293569c31 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -5,18 +5,18 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
     "Microsoft.AspNetCore.Server.Kestrel.Https": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
     "Microsoft.Extensions.FileProviders.Embedded": "1.1.0-*",
     "Microsoft.Extensions.Logging.Console": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Debug": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*"
+    "Microsoft.Extensions.Logging.Debug": "1.1.0-*"
   },
   "frameworks": {
     "net451": {},
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
@@ -39,4 +39,4 @@
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
   }
-}
+}
\ No newline at end of file
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 227354e518..791666abc1 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -9,10 +9,10 @@
     "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
     "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
     "Microsoft.AspNetCore.Server.Kestrel.Https": "1.1.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
     "Microsoft.Extensions.FileProviders.Embedded": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*"
+    "Microsoft.Extensions.Logging.Console": "1.1.0-*"
   },
   "buildOptions": {
     "emitEntryPoint": true
@@ -22,7 +22,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 331de199ac..baa2b87c2d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -19,7 +19,9 @@
       "CS1591"
     ],
     "xmlDoc": true,
-    "define": [ "SECURITY" ]
+    "define": [
+      "SECURITY"
+    ]
   },
   "dependencies": {
     "Microsoft.AspNetCore.Authentication": "1.1.0-*",
@@ -32,7 +34,8 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.Extensions.WebEncoders": "1.1.0-*"
+    "Microsoft.Extensions.WebEncoders": "1.1.0-*",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 796b3bf7c5..436b41be5f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -21,7 +21,8 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index dde8c3a544..b4e4a8a461 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -21,7 +21,8 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 7697e9b691..53c72471e1 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -26,7 +26,8 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index 3169adf72d..be590b3ec9 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -21,7 +21,8 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 0365178576..c1d6ac0799 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -26,13 +26,14 @@
       "version": "1.1.0-*",
       "type": "build"
     },
+    "NETStandard.Library": "1.6.1-*",
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
     "net451": {},
     "netstandard1.3": {
       "dependencies": {
-        "System.Runtime.Serialization.Primitives": "4.1.1-*"
+        "System.Runtime.Serialization.Primitives": "4.3.0-*"
       }
     }
   }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 53379f96d5..3c7054a772 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -26,7 +26,8 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0-*"
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 395f67b3fc..28239ec93a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -26,6 +26,7 @@
       "version": "1.1.0-*",
       "type": "build"
     },
+    "NETStandard.Library": "1.6.1-*",
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 958170ab7d..4f0bc2bc99 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -25,6 +25,7 @@
     "Microsoft.AspNetCore.Http": "1.1.0-*",
     "Microsoft.AspNetCore.Http.Extensions": "1.1.0-*",
     "Microsoft.Extensions.Logging.Abstractions": "1.1.0-*",
+    "Microsoft.Extensions.Options": "1.1.0-*",
     "Microsoft.Extensions.SecurityHelper.Sources": {
       "type": "build",
       "version": "1.1.0-*"
@@ -33,8 +34,8 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.Extensions.Options": "1.1.0-*",
-    "Microsoft.Extensions.WebEncoders": "1.1.0-*"
+    "Microsoft.Extensions.WebEncoders": "1.1.0-*",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {
@@ -42,10 +43,6 @@
         "System.Net.Http": ""
       }
     },
-    "netstandard1.3": {
-      "dependencies": {
-        "System.Net.Http": "4.1.0-*"
-      }
-    }
+    "netstandard1.3": {}
   }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 303ba904a1..fc455c84dd 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -25,7 +25,8 @@
     "Microsoft.Extensions.TaskCache.Sources": {
       "version": "1.1.0-*",
       "type": "build"
-    }
+    },
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {
@@ -37,7 +38,7 @@
     },
     "netstandard1.3": {
       "dependencies": {
-        "System.Security.Claims": "4.0.1-*"
+        "System.Security.Claims": "4.3.0-*"
       }
     }
   }
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
index a1a4f21841..96571bb786 100644
--- a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
+++ b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
@@ -3,7 +3,8 @@
   "shared": "*.cs",
   "dependencies": {
     "Microsoft.AspNetCore.Http.Abstractions": "1.1.0-*",
-    "Microsoft.Net.Http.Headers": "1.1.0-*"
+    "Microsoft.Net.Http.Headers": "1.1.0-*",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index 4cf5f4881c..471dfc8a8e 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -20,7 +20,8 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.Http": "1.1.0-*",
-    "Microsoft.Extensions.Options": "1.1.0-*"
+    "Microsoft.Extensions.Options": "1.1.0-*",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index c7b3326a01..be6e48490b 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -19,7 +19,8 @@
   },
   "dependencies": {
     "Microsoft.AspNetCore.DataProtection.Extensions": "1.1.0-*",
-    "Microsoft.Owin.Security": "3.0.1"
+    "Microsoft.Owin.Security": "3.0.1",
+    "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
     "net451": {}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 0feac5dd91..1fd82c9f5a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -19,7 +19,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index f8fda41e34..6d723ec6b2 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -14,7 +14,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
index f5fab3f1e6..c060c077f5 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
@@ -15,7 +15,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 89673d8488..9398f1df85 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -14,7 +14,7 @@
     "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.0.0-*",
+          "version": "1.1.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index e622bd746f..89709865e0 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -9,6 +9,7 @@
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.1.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
+    "NETStandard.Library": "1.6.1-*",
     "xunit": "2.2.0-*"
   },
   "frameworks": {

From 55134b31fe430fb40a5f4cec93b28f24289124f9 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 12 Oct 2016 13:46:35 -0700
Subject: [PATCH 641/900] Updating to netcoreapp1.1

---
 samples/CookieSample/project.json                               | 2 +-
 samples/CookieSessionSample/project.json                        | 2 +-
 samples/JwtBearerSample/project.json                            | 2 +-
 samples/OpenIdConnect.AzureAdSample/project.json                | 2 +-
 samples/OpenIdConnectSample/project.json                        | 2 +-
 samples/SocialSample/project.json                               | 2 +-
 test/Microsoft.AspNetCore.Authentication.Test/project.json      | 2 +-
 test/Microsoft.AspNetCore.Authorization.Test/project.json       | 2 +-
 .../project.json                                                | 2 +-
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json        | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 4cf29c1771..2529f14027 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -12,7 +12,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 69c44692e6..8987d1b6ad 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index e6658fa898..3a61c23ee4 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 4cbe064a34..958f48d162 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -11,7 +11,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 2293569c31..631e339afb 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 791666abc1..e2419deeb3 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -19,7 +19,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 1fd82c9f5a..8bbb453200 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -16,7 +16,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 6d723ec6b2..c483cee312 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -11,7 +11,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
index c060c077f5..0597e0fab8 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
@@ -12,7 +12,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 9398f1df85..df7e38f4ab 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -11,7 +11,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",

From 1268d245b892912a9f2704395d30f2f8537db7be Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 12 Oct 2016 16:09:40 -0700
Subject: [PATCH 642/900] Revert "Updating to netcoreapp1.1"

This reverts commit 55134b31fe430fb40a5f4cec93b28f24289124f9.
---
 samples/CookieSample/project.json                               | 2 +-
 samples/CookieSessionSample/project.json                        | 2 +-
 samples/JwtBearerSample/project.json                            | 2 +-
 samples/OpenIdConnect.AzureAdSample/project.json                | 2 +-
 samples/OpenIdConnectSample/project.json                        | 2 +-
 samples/SocialSample/project.json                               | 2 +-
 test/Microsoft.AspNetCore.Authentication.Test/project.json      | 2 +-
 test/Microsoft.AspNetCore.Authorization.Test/project.json       | 2 +-
 .../project.json                                                | 2 +-
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json        | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 2529f14027..4cf29c1771 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -12,7 +12,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 8987d1b6ad..69c44692e6 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 3a61c23ee4..e6658fa898 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 958f48d162..4cbe064a34 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -11,7 +11,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 631e339afb..2293569c31 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index e2419deeb3..791666abc1 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -19,7 +19,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 8bbb453200..1fd82c9f5a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -16,7 +16,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index c483cee312..6d723ec6b2 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -11,7 +11,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
index 0597e0fab8..c060c077f5 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
@@ -12,7 +12,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index df7e38f4ab..9398f1df85 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -11,7 +11,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.1": {
+    "netcoreapp1.0": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",

From 7e577832ff682d5ccd2ba6d68c11ba4d713c8b3d Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 13 Oct 2016 11:24:28 -0700
Subject: [PATCH 643/900] Updating to netcoreapp1.1

---
 samples/CookieSample/project.json                               | 2 +-
 samples/CookieSessionSample/project.json                        | 2 +-
 samples/JwtBearerSample/project.json                            | 2 +-
 samples/OpenIdConnect.AzureAdSample/project.json                | 2 +-
 samples/OpenIdConnectSample/project.json                        | 2 +-
 samples/SocialSample/project.json                               | 2 +-
 test/Microsoft.AspNetCore.Authentication.Test/project.json      | 2 +-
 test/Microsoft.AspNetCore.Authorization.Test/project.json       | 2 +-
 .../project.json                                                | 2 +-
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json        | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 4cf29c1771..2529f14027 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -12,7 +12,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 69c44692e6..8987d1b6ad 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index e6658fa898..3a61c23ee4 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 4cbe064a34..958f48d162 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -11,7 +11,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 2293569c31..631e339afb 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -13,7 +13,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index 791666abc1..e2419deeb3 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -19,7 +19,7 @@
   },
   "frameworks": {
     "net451": {},
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 1fd82c9f5a..8bbb453200 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -16,7 +16,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 6d723ec6b2..c483cee312 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -11,7 +11,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
index c060c077f5..0597e0fab8 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
@@ -12,7 +12,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index 9398f1df85..df7e38f4ab 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -11,7 +11,7 @@
     "xunit": "2.2.0-*"
   },
   "frameworks": {
-    "netcoreapp1.0": {
+    "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
           "version": "1.1.0-*",

From 734d36b2d171d054c93b5b0b2486e736adc67caf Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 13 Oct 2016 13:59:39 -0700
Subject: [PATCH 644/900] Update to latest CoreFx package

---
 .../project.json                                                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 3c7054a772..234b9fd376 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -26,7 +26,7 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0",
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.1-*",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {

From 3eab3ef013c725e0e9ee34f35af7b7f75d73e616 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 13 Oct 2016 14:00:21 -0700
Subject: [PATCH 645/900] Updating package that was missed

---
 src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 53c72471e1..7103ca2542 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -26,7 +26,7 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.0",
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.1-*",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {

From b1b5a40ebfdae2841cad3ccfea5d7e1db089d9c0 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 13 Oct 2016 20:14:15 -0700
Subject: [PATCH 646/900] #1004 clean up social sample code

---
 samples/SocialSample/Startup.cs       | 35 +++++++++++++++++----------
 samples/SocialSample/appsettings.json | 12 ---------
 samples/SocialSample/project.json     |  1 -
 3 files changed, 22 insertions(+), 26 deletions(-)
 delete mode 100644 samples/SocialSample/appsettings.json

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 4f3a03d50d..5bd848067e 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -29,7 +29,7 @@ namespace SocialSample
         {
             var builder = new ConfigurationBuilder()
                 .SetBasePath(env.ContentRootPath)
-                .AddJsonFile("appsettings.json");
+                .AddJsonFile("appsettings.json", optional: true);
 
             if (env.IsDevelopment())
             {
@@ -77,7 +77,14 @@ namespace SocialSample
                 LoginPath = new PathString("/login")
             });
 
-            // You must first create an app with facebook and add it's ID and Secret to your config.json or user-secrets.
+            if (string.IsNullOrEmpty(Configuration["facebook:appid"]))
+            {
+                // User-Secrets: https://docs.asp.net/en/latest/security/app-secrets.html
+                // See below for registration instructions for each provider.
+                throw new InvalidOperationException("User secrets must be configured for each authentication provider.");
+            }
+
+            // You must first create an app with Facebook and add its ID and Secret to your user-secrets.
             // https://developers.facebook.com/apps/
             app.UseFacebookAuthentication(new FacebookOptions
             {
@@ -88,7 +95,8 @@ namespace SocialSample
                 SaveTokens = true,
             });
 
-            // See config.json
+            // You must first create an app with Google and add its ID and Secret to your user-secrets.
+            // https://console.developers.google.com/project
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "Google-AccessToken",
@@ -102,7 +110,7 @@ namespace SocialSample
                 SaveTokens = true
             });
 
-            // See config.json
+            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
             // https://console.developers.google.com/project
             app.UseGoogleAuthentication(new GoogleOptions
             {
@@ -120,7 +128,7 @@ namespace SocialSample
                 }
             });
 
-            // See config.json
+            // You must first create an app with Twitter and add its key and Secret to your user-secrets.
             // https://apps.twitter.com/
             app.UseTwitterAuthentication(new TwitterOptions
             {
@@ -151,14 +159,14 @@ namespace SocialSample
                Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
                https://localhost:44318/
             */
-            // See config.json
+            // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
             // https://apps.dev.microsoft.com/
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "Microsoft-AccessToken",
                 DisplayName = "MicrosoftAccount-AccessToken",
-                ClientId = Configuration["msa:clientid"],
-                ClientSecret = Configuration["msa:clientsecret"],
+                ClientId = Configuration["microsoftaccount:clientid"],
+                ClientSecret = Configuration["microsoftaccount:clientsecret"],
                 CallbackPath = new PathString("/signin-microsoft-token"),
                 AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
                 TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
@@ -166,17 +174,17 @@ namespace SocialSample
                 SaveTokens = true
             });
 
-            // See config.json
+            // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
             // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
             app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
             {
                 DisplayName = "MicrosoftAccount",
-                ClientId = Configuration["msa:clientid"],
-                ClientSecret = Configuration["msa:clientsecret"],
+                ClientId = Configuration["microsoftaccount:clientid"],
+                ClientSecret = Configuration["microsoftaccount:clientsecret"],
                 SaveTokens = true
             });
 
-            // See config.json
+            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
             // https://github.com/settings/applications/
             app.UseOAuthAuthentication(new OAuthOptions
             {
@@ -190,7 +198,8 @@ namespace SocialSample
                 SaveTokens = true
             });
 
-            // See config.json
+            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
+            // https://github.com/settings/applications/
             app.UseOAuthAuthentication(new OAuthOptions
             {
                 AuthenticationScheme = "GitHub",
diff --git a/samples/SocialSample/appsettings.json b/samples/SocialSample/appsettings.json
deleted file mode 100644
index 11477998c0..0000000000
--- a/samples/SocialSample/appsettings.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "google:clientid": "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
-  "google:clientsecret": "n2Q-GEw9RQjzcRbU3qhfTj8f",
-  "twitter:consumerkey": "VvNJRyGeqYBByN694UHudI2cv",
-  "twitter:consumersecret": "V2xEqWgmphPdlUXX4ARWsozl9lfbvr5wbAYw2LN8m6kZV7pt20",
-  "github:clientid": "49e302895d8b09ea5656",
-  "github:clientsecret": "98f1bf028608901e9df91d64ee61536fe562064b",
-  "github-token:clientid": "8c0c5a572abe8fe89588",
-  "github-token:clientsecret": "e1d95eaf03461d27acd6f49d4fc7bf19d6ac8cda",
-  "msa:clientid": "e2105565-1f56-434a-ae61-9849ebaf606c",
-  "msa:clientsecret": "pjqtt3RXrFwcfSJyQ0BeUez"
-}
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index e2419deeb3..e041bf26ca 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -31,7 +31,6 @@
   "userSecretsId": "aspnet5-SocialSample-20151210111056",
   "publishOptions": {
     "include": [
-      "appsettings.json",
       "project.json",
       "web.config"
     ]

From fa348ca680c94261c39e0d1a3e4db828e1592a72 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 14 Oct 2016 10:11:48 -0700
Subject: [PATCH 647/900] Update to RTM build of ActiveDirectory package

---
 samples/OpenIdConnect.AzureAdSample/project.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 958f48d162..2cfabe8dff 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -7,7 +7,7 @@
     "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
     "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
     "Microsoft.Extensions.Logging.Console": "1.1.0-*",
-    "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.11.305310302-alpha"
+    "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.13.4"
   },
   "frameworks": {
     "net451": {},

From fd56f5ac2ae5f6585e5b123eae2050f2a794ad1f Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 17 Oct 2016 09:49:45 -0700
Subject: [PATCH 648/900] Branching for 1.1.0-preview1

---
 NuGet.config | 4 ++--
 build.ps1    | 2 +-
 build.sh     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 0fd623ffdd..ad973186eb 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
+    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-release/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/build.ps1 b/build.ps1
index 8f2f99691a..787f63ac02 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/1.1.0-preview1.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index f4208100eb..355c682856 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/1.1.0-preview1.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi

From 8fcbddc23be1caff41f59f17b90624171fa8e43e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?=
 <PinpointTownes@users.noreply.github.com>
Date: Mon, 24 Oct 2016 18:28:25 +0200
Subject: [PATCH 649/900] Update ClaimsHelper.AddClaimsToIdentity to infer the
 claim value type from the JSON token type (#1002)

---
 .../Utility/ClaimsHelper.cs                   | 47 ++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs
index dab4d0fd9c..78eea68bfb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using Newtonsoft.Json.Linq;
 
@@ -31,6 +32,50 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         }
 
         private static void AddClaimsToIdentity(JToken item, ClaimsIdentity identity, string key, string issuer)
-            => identity.AddClaim(new Claim(key, item?.ToString() ?? string.Empty, ClaimValueTypes.String, issuer));
+            => identity.AddClaim(new Claim(key, item?.ToString() ?? string.Empty, GetClaimValueType(item), issuer));
+
+        private static string GetClaimValueType(JToken token)
+        {
+            if (token == null)
+            {
+                return JsonClaimValueTypes.JsonNull;
+            }
+
+            switch (token.Type)
+            {
+                case JTokenType.Array:
+                    return JsonClaimValueTypes.JsonArray;
+
+                case JTokenType.Boolean:
+                    return ClaimValueTypes.Boolean;
+
+                case JTokenType.Date:
+                    return ClaimValueTypes.DateTime;
+
+                case JTokenType.Float:
+                    return ClaimValueTypes.Double;
+
+                case JTokenType.Integer:
+                {
+                    var value = (long) token;
+                    if (value >= int.MinValue && value <= int.MaxValue)
+                    {
+                        return ClaimValueTypes.Integer;
+                    }
+
+                    return ClaimValueTypes.Integer64;
+                }
+
+                case JTokenType.Object:
+                    return JsonClaimValueTypes.Json;
+
+                case JTokenType.String:
+                    return ClaimValueTypes.String;
+            }
+
+            // Fall back to ClaimValueTypes.String when no appropriate
+            // claim value type can be inferred from the claim value.
+            return ClaimValueTypes.String;
+        }
     }
 }

From 2d1c56ce5ccfc15c78dd49cee772f6be473f3ee2 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 17 Oct 2016 14:58:08 -0700
Subject: [PATCH 650/900] #884 Honor OIDC's and Jwt's OnAuthenticationFailed
 HandleResponse()

---
 samples/JwtBearerSample/Startup.cs            |   23 +-
 samples/OpenIdConnectSample/Startup.cs        |   24 +-
 .../OpenIdConnectHandler.cs                   |    8 +-
 .../OpenIdConnectOptions.cs                   |    1 +
 .../AuthenticateResult.cs                     |   11 +
 .../AuthenticationHandler.cs                  |   22 +-
 .../Events/BaseControlContext.cs              |    9 +-
 .../RemoteAuthenticationHandler.cs            |    4 +
 .../JwtBearer/JwtBearerMiddlewareTests.cs     |  119 ++
 .../OpenIdConnect/OpenIdConnectEventTests.cs  | 1534 +++++++++++++++++
 10 files changed, 1743 insertions(+), 12 deletions(-)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs

diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 02611de8c4..ac599bc57f 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
@@ -15,6 +16,8 @@ namespace JwtBearerSample
     {
         public Startup(IHostingEnvironment env)
         {
+            Environment = env;
+
             var builder = new ConfigurationBuilder()
                 .SetBasePath(env.ContentRootPath);
 
@@ -30,6 +33,8 @@ namespace JwtBearerSample
 
         public IConfiguration Configuration { get; set; }
 
+        public IHostingEnvironment Environment { get; set; }
+
         // Shared between users in memory
         public IList<Todo> Todos { get; } = new List<Todo>();
 
@@ -68,7 +73,23 @@ namespace JwtBearerSample
             {
                 // You also need to update /wwwroot/app/scripts/app.js
                 Authority = Configuration["jwt:authority"],
-                Audience = Configuration["jwt:audience"]
+                Audience = Configuration["jwt:audience"],
+                Events = new JwtBearerEvents()
+                {
+                    OnAuthenticationFailed = c =>
+                    {
+                        c.HandleResponse();
+
+                        c.Response.StatusCode = 500;
+                        c.Response.ContentType = "text/plain";
+                        if (Environment.IsDevelopment())
+                        {
+                            // Debug only, in production do not share exceptions with the remote host.
+                            return c.Response.WriteAsync(c.Exception.ToString());
+                        }
+                        return c.Response.WriteAsync("An error occurred processing your authentication.");
+                    }
+                }
             });
 
             // [Authorize] would usually handle this
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 37b753102b..90ed3db25d 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -20,6 +20,8 @@ namespace OpenIdConnectSample
     {
         public Startup(IHostingEnvironment env)
         {
+            Environment = env;
+
             var builder = new ConfigurationBuilder()
                 .SetBasePath(env.ContentRootPath);
 
@@ -35,6 +37,8 @@ namespace OpenIdConnectSample
 
         public IConfiguration Configuration { get; set; }
 
+        public IHostingEnvironment Environment { get; set; }
+
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication(sharedOptions =>
@@ -75,8 +79,24 @@ namespace OpenIdConnectSample
                 ClientId = Configuration["oidc:clientid"],
                 ClientSecret = Configuration["oidc:clientsecret"], // for code flow
                 Authority = Configuration["oidc:authority"],
-                ResponseType = OpenIdConnectResponseType.Code,
-                GetClaimsFromUserInfoEndpoint = true
+                ResponseType = OpenIdConnectResponseType.CodeIdToken,
+                GetClaimsFromUserInfoEndpoint = true,
+                Events = new OpenIdConnectEvents()
+                {
+                    OnAuthenticationFailed = c =>
+                    {
+                        c.HandleResponse();
+
+                        c.Response.StatusCode = 500;
+                        c.Response.ContentType = "text/plain";
+                        if (Environment.IsDevelopment())
+                        {
+                            // Debug only, in production do not share exceptions with the remote host.
+                            return c.Response.WriteAsync(c.Exception.ToString());
+                        }
+                        return c.Response.WriteAsync("An error occurred processing your authentication.");
+                    }
+                }
             });
 
             app.Run(async context =>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 1e5eda4707..9cc4fc2cd4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -578,7 +578,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         tokenEndpointResponse = await RedeemAuthorizationCodeAsync(tokenEndpointRequest);
                     }
 
-                    var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties);
+                    var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties, ticket);
                     if (tokenResponseReceivedContext.CheckEventResult(out result))
                     {
                         return result;
@@ -1038,13 +1038,15 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(
             OpenIdConnectMessage message,
             OpenIdConnectMessage tokenEndpointResponse,
-            AuthenticationProperties properties)
+            AuthenticationProperties properties,
+            AuthenticationTicket ticket)
         {
             Logger.TokenResponseReceived();
             var eventContext = new TokenResponseReceivedContext(Context, Options, properties)
             {
                 ProtocolMessage = message,
-                TokenEndpointResponse = tokenEndpointResponse
+                TokenEndpointResponse = tokenEndpointResponse,
+                Ticket = ticket
             };
 
             await Options.Events.TokenResponseReceived(eventContext);
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 12bc1c03d8..f0b26f75b2 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -86,6 +86,7 @@ namespace Microsoft.AspNetCore.Builder
 
         /// <summary>
         /// Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
+        /// The default is 'false'.
         /// </summary>
         public bool GetClaimsFromUserInfoEndpoint { get; set; }
 
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
index fb97931cbb..28f116d3d8 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
@@ -33,6 +33,12 @@ namespace Microsoft.AspNetCore.Authentication
         /// </summary>
         public Exception Failure { get; private set; }
 
+        /// <summary>
+        /// Indicates that stage of authentication was directly handled by user intervention and no
+        /// further processing should be attempted.
+        /// </summary>
+        public bool Handled { get; private set; }
+
         /// <summary>
         /// Indicates that this stage of authentication was skipped by user intervention.
         /// </summary>
@@ -47,6 +53,11 @@ namespace Microsoft.AspNetCore.Authentication
             return new AuthenticateResult() { Ticket = ticket };
         }
 
+        public static AuthenticateResult Handle()
+        {
+            return new AuthenticateResult() { Handled = true };
+        }
+
         public static AuthenticateResult Skip()
         {
             return new AuthenticateResult() { Skipped = true };
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 5e9a7c2381..ae32424ebd 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -58,6 +58,8 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected TOptions Options { get; private set; }
 
+        protected AuthenticateResult InitializeResult { get; private set; }
+
         /// <summary>
         /// Initialize is called once per request to contextualize this instance with appropriate state.
         /// </summary>
@@ -101,12 +103,18 @@ namespace Microsoft.AspNetCore.Authentication
 
             if (ShouldHandleScheme(AuthenticationManager.AutomaticScheme, Options.AutomaticAuthenticate))
             {
-                var result = await HandleAuthenticateOnceAsync();
-                if (result?.Failure != null)
+                InitializeResult = await HandleAuthenticateOnceAsync();
+                if (InitializeResult?.Skipped == true || InitializeResult?.Handled == true)
                 {
-                    Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Options.AuthenticationScheme, result.Failure.Message);
+                    return;
                 }
-                var ticket = result?.Ticket;
+
+                if (InitializeResult?.Failure != null)
+                {
+                    Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Options.AuthenticationScheme, InitializeResult.Failure.Message);
+                }
+
+                var ticket = InitializeResult?.Ticket;
                 if (ticket?.Principal != null)
                 {
                     Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
@@ -179,6 +187,10 @@ namespace Microsoft.AspNetCore.Authentication
         /// pipeline.</returns>
         public virtual Task<bool> HandleRequestAsync()
         {
+            if (InitializeResult?.Handled == true)
+            {
+                return Task.FromResult(true);
+            }
             return Task.FromResult(false);
         }
 
@@ -250,7 +262,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// <summary>
         /// Used to ensure HandleAuthenticateAsync is only invoked once safely. The subsequent
         /// calls will return the same authentication result. Any exceptions will be converted
-        /// into a failed authenticatoin result containing the exception.
+        /// into a failed authentication result containing the exception.
         /// </summary>
         protected async Task<AuthenticateResult> HandleAuthenticateOnceSafeAsync()
         {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
index 24f3ba8e53..4039a05609 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
@@ -51,7 +51,14 @@ namespace Microsoft.AspNetCore.Authentication
         {
             if (HandledResponse)
             {
-                result = AuthenticateResult.Success(Ticket);
+                if (Ticket == null)
+                {
+                    result = AuthenticateResult.Handle();
+                }
+                else
+                {
+                    result = AuthenticateResult.Success(Ticket);
+                }
                 return true;
             }
             else if (Skipped)
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 862193db15..1e41fb0b50 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -43,6 +43,10 @@ namespace Microsoft.AspNetCore.Authentication
                 {
                     exception = new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
+                else if (authResult.Handled)
+                {
+                    return true;
+                }
                 else if (authResult.Skipped)
                 {
                     return false;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
index fea01b36fe..c0d2ddba5b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
@@ -429,6 +429,39 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(string.Empty, response.ResponseText);
         }
 
+        [Fact]
+        public async Task EventOnMessageReceivedHandled_NoMoreEventsExecuted()
+        {
+            var server = CreateServer(new JwtBearerOptions
+            {
+                Events = new JwtBearerEvents()
+                {
+                    OnMessageReceived = context =>
+                    {
+                        context.HandleResponse();
+                        context.Response.StatusCode = StatusCodes.Status202Accepted;
+                        return Task.FromResult(0);
+                    },
+                    OnTokenValidated = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        throw new NotImplementedException(context.Exception.ToString());
+                    },
+                    OnChallenge = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                }
+            });
+
+            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
         [Fact]
         public async Task EventOnTokenValidatedSkipped_NoMoreEventsExecuted()
         {
@@ -460,6 +493,38 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(string.Empty, response.ResponseText);
         }
 
+        [Fact]
+        public async Task EventOnTokenValidatedHandled_NoMoreEventsExecuted()
+        {
+            var options = new JwtBearerOptions
+            {
+                Events = new JwtBearerEvents()
+                {
+                    OnTokenValidated = context =>
+                    {
+                        context.HandleResponse();
+                        context.Response.StatusCode = StatusCodes.Status202Accepted;
+                        return Task.FromResult(0);
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        throw new NotImplementedException(context.Exception.ToString());
+                    },
+                    OnChallenge = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                }
+            };
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            var server = CreateServer(options);
+
+            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
         [Fact]
         public async Task EventOnAuthenticationFailedSkipped_NoMoreEventsExecuted()
         {
@@ -491,6 +556,38 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(string.Empty, response.ResponseText);
         }
 
+        [Fact]
+        public async Task EventOnAuthenticationFailedHandled_NoMoreEventsExecuted()
+        {
+            var options = new JwtBearerOptions
+            {
+                Events = new JwtBearerEvents()
+                {
+                    OnTokenValidated = context =>
+                    {
+                        throw new Exception("Test Exception");
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        context.HandleResponse();
+                        context.Response.StatusCode = StatusCodes.Status202Accepted;
+                        return Task.FromResult(0);
+                    },
+                    OnChallenge = context =>
+                    {
+                        throw new NotImplementedException();
+                    },
+                }
+            };
+            options.SecurityTokenValidators.Clear();
+            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            var server = CreateServer(options);
+
+            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
         [Fact]
         public async Task EventOnChallengeSkipped_ResponseNotModified()
         {
@@ -512,6 +609,28 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(string.Empty, response.ResponseText);
         }
 
+        [Fact]
+        public async Task EventOnChallengeHandled_ResponseNotModified()
+        {
+            var server = CreateServer(new JwtBearerOptions
+            {
+                Events = new JwtBearerEvents()
+                {
+                    OnChallenge = context =>
+                    {
+                        context.HandleResponse();
+                        context.Response.StatusCode = StatusCodes.Status202Accepted;
+                        return Task.FromResult(0);
+                    },
+                }
+            });
+
+            var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
+            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
+            Assert.Empty(response.Response.Headers.WwwAuthenticate);
+            Assert.Equal(string.Empty, response.ResponseText);
+        }
+
         class InvalidTokenValidator : ISecurityTokenValidator
         {
             public InvalidTokenValidator()
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
new file mode 100644
index 0000000000..a212af649d
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -0,0 +1,1534 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
+{
+    public class OpenIdConnectEventTests
+    {
+        private readonly Func<MessageReceivedContext, Task> MessageNotImpl = context => { throw new NotImplementedException("Message"); };
+        private readonly Func<TokenValidatedContext, Task> TokenNotImpl = context => { throw new NotImplementedException("Token"); };
+        private readonly Func<AuthorizationCodeReceivedContext, Task> CodeNotImpl = context => { throw new NotImplementedException("Code"); };
+        private readonly Func<TokenResponseReceivedContext, Task> TokenResponseNotImpl = context => { throw new NotImplementedException("TokenResponse"); };
+        private readonly Func<UserInformationReceivedContext, Task> UserNotImpl = context => { throw new NotImplementedException("User"); };
+        private readonly Func<AuthenticationFailedContext, Task> FailedNotImpl = context => { throw new NotImplementedException("Failed", context.Exception); };
+        private readonly Func<TicketReceivedContext, Task> TicketNotImpl = context => { throw new NotImplementedException("Ticket"); };
+        private readonly Func<FailureContext, Task> FailureNotImpl = context => { throw new NotImplementedException("Failure", context.Failure); };
+        private readonly Func<RedirectContext, Task> RedirectNotImpl = context => { throw new NotImplementedException("Redirect"); };
+        private readonly Func<RemoteSignOutContext, Task> RemoteSignOutNotImpl = context => { throw new NotImplementedException("Remote"); };
+        private readonly RequestDelegate AppNotImpl = context => { throw new NotImplementedException("App"); };
+
+        [Fact]
+        public async Task OnMessageReceived_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = TokenNotImpl,
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+        }
+
+        [Fact]
+        public async Task OnMessageReceived_Handled_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = TokenNotImpl,
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+        }
+
+        [Fact]
+        public async Task OnTokenValidated_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+        }
+
+        [Fact]
+        public async Task OnTokenValidated_HandledWithoutTicket_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    context.HandleResponse();
+                    context.Ticket = null;
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+        }
+
+        // TODO: Do any other events depend on the presence of the ticket? It's strange we have to double handle this event.
+        [Fact]
+        public async Task OnTokenValidated_HandledWithTicket_SkipToTicketReceived()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var ticketReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    context.HandleResponse();
+                    // context.Ticket = null;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticketReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(ticketReceived);
+        }
+
+        [Fact]
+        public async Task OnAuthorizationCodeReceived_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+        }
+
+        [Fact]
+        public async Task OnAuthorizationCodeReceived_HandledWithoutTicket_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    context.HandleResponse();
+                    context.Ticket = null;
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+        }
+
+        [Fact]
+        public async Task OnAuthorizationCodeReceived_HandledWithTicket_SkipToTicketReceived()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var ticketReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    context.HandleResponse();
+                    // context.Ticket = null;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticketReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(ticketReceived);
+        }
+
+        [Fact]
+        public async Task OnTokenResponseReceived_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+        }
+
+        [Fact]
+        public async Task OnTokenResponseReceived_HandledWithoutTicket_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    context.Ticket = null;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+        }
+
+        [Fact]
+        public async Task OnTokenResponseReceived_HandledWithTicket_SkipToTicketReceived()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var ticketReceived = false;
+            var tokenResponseReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    // context.Ticket = null;
+                    context.HandleResponse();
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticketReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(ticketReceived);
+        }
+
+        [Fact]
+        public async Task OnTokenValidatedBackchannel_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var tokenValidated = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(tokenValidated);
+        }
+
+        [Fact]
+        public async Task OnTokenValidatedBackchannel_HandledWithoutTicket_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var tokenValidated = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    context.Ticket = null;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(tokenValidated);
+        }
+
+        [Fact]
+        public async Task OnTokenValidatedBackchannel_HandledWithTicket_SkipToTicketReceived()
+        {
+            var messageReceived = false;
+            var codeReceived = false;
+            var ticketReceived = false;
+            var tokenResponseReceived = false;
+            var tokenValidated = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    // context.Ticket = null;
+                    context.HandleResponse();
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticketReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(tokenValidated);
+            Assert.True(ticketReceived);
+        }
+
+        [Fact]
+        public async Task OnUserInformationReceived_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+        }
+
+        [Fact]
+        public async Task OnUserInformationReceived_HandledWithoutTicket_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    context.Ticket = null;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+        }
+
+        [Fact]
+        public async Task OnUserInformationReceived_HandledWithTicket_SkipToTicketReceived()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var ticketReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    // context.Ticket = null;
+                    context.HandleResponse();
+                    return Task.FromResult(0);
+                },
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticketReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(ticketReceived);
+        }
+
+        [Fact]
+        public async Task OnAuthenticationFailed_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var authFailed = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    throw new NotImplementedException("TestException");
+                },
+                OnAuthenticationFailed = context =>
+                {
+                    authFailed = true;
+                    Assert.Equal("TestException", context.Exception.Message);
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(authFailed);
+        }
+
+        [Fact]
+        public async Task OnAuthenticationFailed_HandledWithoutTicket_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var authFailed = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    throw new NotImplementedException("TestException");
+                },
+                OnAuthenticationFailed = context =>
+                {
+                    authFailed = true;
+                    Assert.Equal("TestException", context.Exception.Message);
+                    Assert.Null(context.Ticket);
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(authFailed);
+        }
+
+        [Fact]
+        public async Task OnAuthenticationFailed_HandledWithTicket_SkipToTicketReceived()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var ticketReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var authFailed = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    throw new NotImplementedException("TestException");
+                },
+                OnAuthenticationFailed = context =>
+                {
+                    authFailed = true;
+                    Assert.Equal("TestException", context.Exception.Message);
+                    Assert.Null(context.Ticket);
+
+                    var claims = new[]
+                    {
+                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
+                    };
+
+                    context.Ticket = new AuthenticationTicket(
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
+                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
+
+                    context.HandleResponse();
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticketReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(authFailed);
+            Assert.True(ticketReceived);
+        }
+
+        [Fact]
+        public async Task OnRemoteFailure_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var authFailed = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    throw new NotImplementedException("TestException");
+                },
+                OnAuthenticationFailed = context =>
+                {
+                    authFailed = true;
+                    Assert.Equal("TestException", context.Exception.Message);
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    Assert.Equal("TestException", context.Failure.Message);
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(authFailed);
+            Assert.True(remoteFailure);
+        }
+
+        [Fact]
+        public async Task OnRemoteFailure_Handled_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var authFailed = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    throw new NotImplementedException("TestException");
+                },
+                OnAuthenticationFailed = context =>
+                {
+                    authFailed = true;
+                    Assert.Equal("TestException", context.Exception.Message);
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    Assert.Equal("TestException", context.Failure.Message);
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(authFailed);
+            Assert.True(remoteFailure);
+        }
+
+        [Fact]
+        public async Task OnTicketReceived_Skipped_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var ticektReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticektReceived = true;
+                    context.SkipToNextMiddleware();
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(ticektReceived);
+        }
+
+        [Fact]
+        public async Task OnTicketReceived_Handled_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var ticektReceived = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthenticationFailed = FailedNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+                OnTicketReceived = context =>
+                {
+                    ticektReceived = true;
+                    context.HandleResponse();
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    return Task.FromResult(0);
+                },
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            AppNotImpl);
+
+            var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(ticektReceived);
+        }
+
+        private TestServer CreateServer(OpenIdConnectEvents events, RequestDelegate appCode)
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services =>
+                {
+                    services.AddAuthentication();
+                })
+                .Configure(app =>
+                {
+                    app.UseCookieAuthentication();
+                    app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions()
+                    {
+                        Events = events,
+                        SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,
+                        ClientId = "ClientId",
+                        GetClaimsFromUserInfoEndpoint = true,
+                        Configuration = new OpenIdConnectConfiguration()
+                        {
+                            TokenEndpoint = "http://testhost/tokens",
+                            UserInfoEndpoint = "http://testhost/user",
+                        },
+                        StateDataFormat = new TestStateDataFormat(),
+                        SecurityTokenValidator = new TestTokenValidator(),
+                        ProtocolValidator = new TestProtocolValidator(),
+                        BackchannelHttpHandler = new TestBackchannel(),
+                    });
+                    app.Run(appCode);
+                });
+
+            return new TestServer(builder);
+        }
+
+        private Task<HttpResponseMessage> PostAsync(TestServer server, string path, string form)
+        {
+            var client = server.CreateClient();
+            var cookie = ".AspNetCore.Correlation." + OpenIdConnectDefaults.AuthenticationScheme + ".corrilationId=N";
+            client.DefaultRequestHeaders.Add("Cookie", cookie);
+            return client.PostAsync("signin-oidc",
+                new StringContent(form, Encoding.ASCII, "application/x-www-form-urlencoded"));
+        }
+
+        private class TestStateDataFormat : ISecureDataFormat<AuthenticationProperties>
+        {
+            private AuthenticationProperties Data { get; set; }
+
+            public string Protect(AuthenticationProperties data)
+            {
+                throw new NotImplementedException();
+            }
+
+            public string Protect(AuthenticationProperties data, string purpose)
+            {
+                throw new NotImplementedException();
+            }
+
+            public AuthenticationProperties Unprotect(string protectedText)
+            {
+                Assert.Equal("protected_state", protectedText);
+                return new AuthenticationProperties(new Dictionary<string, string>()
+                {
+                    { ".xsrf", "corrilationId" },
+                    { OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, "redirect_uri" }
+                });
+            }
+
+            public AuthenticationProperties Unprotect(string protectedText, string purpose)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class TestTokenValidator : ISecurityTokenValidator
+        {
+            public bool CanValidateToken => true;
+
+            public int MaximumTokenSizeInBytes
+            {
+                get { return 1024; }
+                set { throw new NotImplementedException(); }
+            }
+
+            public bool CanReadToken(string securityToken)
+            {
+                Assert.Equal("my_id_token", securityToken);
+                return true;
+            }
+
+            public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
+            {
+                Assert.Equal("my_id_token", securityToken);
+                validatedToken = new JwtSecurityToken();
+                return new ClaimsPrincipal(new ClaimsIdentity("customAuthType"));
+            }
+        }
+
+        private class TestProtocolValidator : OpenIdConnectProtocolValidator
+        {
+            public override void ValidateAuthenticationResponse(OpenIdConnectProtocolValidationContext validationContext)
+            {
+            }
+
+            public override void ValidateTokenResponse(OpenIdConnectProtocolValidationContext validationContext)
+            {
+            }
+
+            public override void ValidateUserInfoResponse(OpenIdConnectProtocolValidationContext validationContext)
+            {
+            }
+        }
+
+        private class TestBackchannel : HttpMessageHandler
+        {
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+            {
+                if (string.Equals("/tokens", request.RequestUri.AbsolutePath, StringComparison.Ordinal))
+                {
+                    return Task.FromResult(new HttpResponseMessage() { Content =
+                       new StringContent("{ \"id_token\": \"my_id_token\", \"access_token\": \"my_access_token\" }", Encoding.ASCII, "application/json") });
+                }
+                if (string.Equals("/user", request.RequestUri.AbsolutePath, StringComparison.Ordinal))
+                {
+                    return Task.FromResult(new HttpResponseMessage() { Content = new StringContent("{ }", Encoding.ASCII, "application/json") });
+                }
+
+                throw new NotImplementedException(request.RequestUri.ToString());
+            }
+        }
+    }
+}

From 500201bdf769e9cba67c5b0801801f6ec4678da5 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Mon, 31 Oct 2016 10:46:18 -0700
Subject: [PATCH 651/900] Made ChunkingCookieManager's default chunk size
 public

---
 .../ChunkingCookieManager.cs                               | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
index 26fe0809c5..16426507ce 100644
--- a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
+++ b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
@@ -30,6 +30,11 @@ namespace Microsoft.AspNetCore.Internal
     internal class ChunkingCookieManager
     {
 #endif
+        /// <summary>
+        /// The default maximum size of characters in a cookie to send back to the client.
+        /// </summary>
+        public const int DefaultChunkSize = 4070;
+
         private const string ChunkKeySuffix = "C";
         private const string ChunkCountPrefix = "chunks-";
 
@@ -38,7 +43,7 @@ namespace Microsoft.AspNetCore.Internal
             // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
             // See http://browsercookielimits.x64.me/.
             // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
-            ChunkSize = 4070;
+            ChunkSize = DefaultChunkSize;
             ThrowForPartialCookies = true;
         }
 

From e55e3b6f5a9f14e2971769d3a619eaec878c2e89 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Tue, 1 Nov 2016 12:22:42 -0700
Subject: [PATCH 652/900] Updated Authentication's Base64UrlTextEncoder to use
 WebUtilities's Base64UrlTextEncoder logic

---
 .../DataHandler/TextEncoder.cs                | 29 +++++++++----------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs b/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
index c07a314b05..c0663295cf 100644
--- a/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
+++ b/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
@@ -1,31 +1,30 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-
 namespace Microsoft.AspNetCore.Authentication
 {
     public static class Base64UrlTextEncoder
     {
+        /// <summary>
+        /// Encodes supplied data into Base64 and replaces any URL encodable characters into non-URL encodable
+        /// characters.
+        /// </summary>
+        /// <param name="data">Data to be encoded.</param>
+        /// <returns>Base64 encoded string modified with non-URL encodable characters</returns>
         public static string Encode(byte[] data)
         {
-            return Convert.ToBase64String(data).TrimEnd('=').Replace('+', '-').Replace('/', '_');
+            return WebUtilities.Base64UrlTextEncoder.Encode(data);
         }
 
+        /// <summary>
+        /// Decodes supplied string by replacing the non-URL encodable characters with URL encodable characters and
+        /// then decodes the Base64 string.
+        /// </summary>
+        /// <param name="text">The string to be decoded.</param>
+        /// <returns>The decoded data.</returns>
         public static byte[] Decode(string text)
         {
-            return Convert.FromBase64String(Pad(text.Replace('-', '+').Replace('_', '/')));
+            return WebUtilities.Base64UrlTextEncoder.Decode(text);
         }
-
-        private static string Pad(string text)
-        {
-            var padding = 3 - ((text.Length + 3) % 4);
-            if (padding == 0)
-            {
-                return text;
-            }
-            return text + new string('=', padding);
-        }
-
     }
 }

From 834718d1f90c1f8fd4ffabc779269149ce285888 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 2 Nov 2016 14:43:57 -0700
Subject: [PATCH 653/900] Updating to RTM builds of IdentityModel packages

---
 src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json  | 2 +-
 .../project.json                                                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 7103ca2542..f2e9b5dd26 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -26,7 +26,7 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.1-*",
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 234b9fd376..33f13c66cf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -26,7 +26,7 @@
       "version": "1.1.0-*",
       "type": "build"
     },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.0.1-*",
+    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {

From 0c815da523fcf8435bb46105c43e21ab1123bfef Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 4 Nov 2016 10:50:40 -0700
Subject: [PATCH 654/900] #903 Ensure redirect uris can be generated

---
 .../OpenIdConnectHandler.cs                          | 12 ++++++++++++
 .../OpenIdConnect/OpenIdConnectChallengeTests.cs     | 12 ++++++++++++
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs    | 11 +++++++++++
 3 files changed, 35 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9cc4fc2cd4..6c3c2e9387 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -208,6 +208,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             message.State = Options.StateDataFormat.Protect(properties);
 
+            if (string.IsNullOrEmpty(message.IssuerAddress))
+            {
+                throw new InvalidOperationException(
+                    "Cannot redirect to the end session endpoint, the configuration may be missing or invalid.");
+            }
+
             if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
             {
                 var redirectUri = message.CreateLogoutRequestUrl();
@@ -356,6 +362,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             message.State = Options.StateDataFormat.Protect(properties);
 
+            if (string.IsNullOrEmpty(message.IssuerAddress))
+            {
+                throw new InvalidOperationException(
+                    "Cannot redirect to the authorization endpoint, the configuration may be missing or invalid.");
+            }
+
             if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
             {
                 var redirectUri = message.CreateAuthenticationRequestUrl();
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index fc9338e2bf..b9c0179aff 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -222,6 +222,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             var newMessage = new MockOpenIdConnectMessage
             {
+                IssuerAddress = "http://example.com/",
                 TestAuthorizeEndpoint = $"http://example.com/{Guid.NewGuid()}/oauth2/signin"
             };
 
@@ -322,5 +323,16 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
             Assert.Contains("expires", secondCookie);
         }
+
+        [Fact]
+        public async Task Challenge_WithEmptyConfig_Fails()
+        {
+            var settings = new TestSettings(
+                opt => opt.Configuration = new OpenIdConnectConfiguration());
+
+            var server = settings.CreateTestServer();
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(ChallengeEndpoint));
+            Assert.Equal("Cannot redirect to the authorization endpoint, the configuration may be missing or invalid.", exception.Message);
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 2862e10537..6c427c600e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -135,6 +135,17 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.Equal("http://www.example.com/specific_redirect_uri", properties.RedirectUri, true);
         }
 
+        [Fact]
+        public async Task SignOut_WithMissingConfig_Throws()
+        {
+            var setting = new TestSettings(opt => opt.Configuration = new OpenIdConnectConfiguration());
+
+            var server = setting.CreateTestServer();
+
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(DefaultHost + TestServerBuilder.Signout));
+            Assert.Equal("Cannot redirect to the end session endpoint, the configuration may be missing or invalid.", exception.Message);
+        }
+
         // Test Cases for calculating the expiration time of cookie from cookie name
         [Fact]
         public void NonceCookieExpirationTime()

From 415055ebabcee656475e1f22e65045851641701c Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 7 Nov 2016 12:33:49 -0800
Subject: [PATCH 655/900] #1007 Additional id_token validation

---
 .../OpenIdConnectHandler.cs                   | 32 +++++++++++++------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 6c3c2e9387..6691c4ed69 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -541,7 +541,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     Logger.ReceivedIdToken();
                     ticket = ValidateToken(authorizationResponse.IdToken, properties, validationParameters, out jwt);
 
-                    nonce = jwt?.Payload.Nonce;
+                    nonce = jwt.Payload.Nonce;
                     if (!string.IsNullOrEmpty(nonce))
                     {
                         nonce = ReadNonceCookie(nonce);
@@ -599,22 +599,25 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     authorizationResponse = tokenResponseReceivedContext.ProtocolMessage;
                     tokenEndpointResponse = tokenResponseReceivedContext.TokenEndpointResponse;
 
-                    // We only have to process the IdToken if we didn't already get one in the AuthorizationResponse
+                    // no need to validate signature when token is received using "code flow" as per spec
+                    // [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
+                    validationParameters.RequireSignedTokens = false;
+
+                    // At least a cursory validation is required on the new IdToken, even if we've already validated the one from the authorization response.
+                    // And we'll want to validate the new JWT in ValidateTokenResponse.
+                    JwtSecurityToken tokenEndpointJwt;
+                    var tokenEndpointTicket = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out tokenEndpointJwt);
+
+                    // Avoid reading & deleting the nonce cookie, running the event, etc, if it was already done as part of the authorization response validation.
                     if (ticket == null)
                     {
-                        // no need to validate signature when token is received using "code flow" as per spec
-                        // [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
-                        validationParameters.RequireSignedTokens = false;
-
-                        ticket = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out jwt);
-
-                        nonce = jwt?.Payload.Nonce;
+                        nonce = tokenEndpointJwt.Payload.Nonce;
                         if (!string.IsNullOrEmpty(nonce))
                         {
                             nonce = ReadNonceCookie(nonce);
                         }
 
-                        var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, tokenEndpointResponse, properties, ticket, jwt, nonce);
+                        var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, tokenEndpointResponse, properties, tokenEndpointTicket, tokenEndpointJwt, nonce);
                         if (tokenValidatedContext.CheckEventResult(out result))
                         {
                             return result;
@@ -626,6 +629,15 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         jwt = tokenValidatedContext.SecurityToken;
                         nonce = tokenValidatedContext.Nonce;
                     }
+                    else
+                    {
+                        if (!string.Equals(jwt.Subject, tokenEndpointJwt.Subject, StringComparison.Ordinal))
+                        {
+                            throw new SecurityTokenException("The sub claim does not match in the id_token's from the authorization and token endpoints.");
+                        }
+
+                        jwt = tokenEndpointJwt;
+                    }
 
                     // Validate the token response if it wasn't provided manually
                     if (!authorizationCodeReceivedContext.HandledCodeRedemption)

From 96c27fa39389190298bf9b65362d2c090b47731c Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Tue, 8 Nov 2016 10:32:46 -0800
Subject: [PATCH 656/900] Revert breaking parameter rename

---
 .../OpenIdConnectHandler.cs                                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 6691c4ed69..c9c513ea72 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -150,7 +150,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Redirect user to the identity provider for sign out
         /// </summary>
         /// <returns>A task executing the sign out procedure</returns>
-        protected override async Task HandleSignOutAsync(SignOutContext context)
+        protected override async Task HandleSignOutAsync(SignOutContext signout)
         {
             Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
 
@@ -168,7 +168,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             };
 
             // Get the post redirect URI.
-            var properties = new AuthenticationProperties(context.Properties);
+            var properties = new AuthenticationProperties(signout.Properties);
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = BuildRedirectUriIfRelative(Options.PostLogoutRedirectUri);

From 82c231efca8a4afdc471929020a42038b90ba78e Mon Sep 17 00:00:00 2001
From: jacalvar <jacalvar@microsoft.com>
Date: Mon, 7 Nov 2016 21:27:52 -0800
Subject: [PATCH 657/900] Created public API baselines

---
 .../baseline.net45.json                       | 1661 ++++++++++
 .../baseline.netcore.json                     | 1661 ++++++++++
 .../baseline.net45.json                       |  453 +++
 .../baseline.netcore.json                     |  453 +++
 .../baseline.net45.json                       |  291 ++
 .../baseline.netcore.json                     |  291 ++
 .../baseline.net45.json                       |  976 ++++++
 .../baseline.netcore.json                     |  976 ++++++
 .../baseline.net45.json                       |  256 ++
 .../baseline.netcore.json                     |  256 ++
 .../baseline.net45.json                       |  955 ++++++
 .../baseline.netcore.json                     |  955 ++++++
 .../baseline.net45.json                       | 2005 ++++++++++++
 .../baseline.netcore.json                     | 2005 ++++++++++++
 .../baseline.net45.json                       |  848 +++++
 .../baseline.netcore.json                     |  848 +++++
 .../baseline.net45.json                       | 2897 +++++++++++++++++
 .../baseline.netcore.json                     | 2897 +++++++++++++++++
 .../baseline.net45.json                       | 1593 +++++++++
 .../baseline.netcore.json                     | 1593 +++++++++
 .../baseline.net45.json                       |  392 +++
 .../baseline.netcore.json                     |  392 +++
 .../baseline.net45.json                       |  373 +++
 23 files changed, 25027 insertions(+)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authorization/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json
 create mode 100644 src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
 create mode 100644 src/Microsoft.Owin.Security.Interop/baseline.net45.json

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json
new file mode 100644
index 0000000000..56e48d3fed
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json
@@ -0,0 +1,1661 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookieAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseCookieAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseCookieAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "ImplementedInterfaces": [
+        "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_CookieName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieDomain",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieDomain",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookiePath",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookiePath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieHttpOnly",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieHttpOnly",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieSecure",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieSecure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_DataProtectionProvider",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_DataProtectionProvider",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ExpireTimeSpan",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ExpireTimeSpan",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SlidingExpiration",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SlidingExpiration",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_LoginPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_LoginPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_LogoutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_LogoutPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessDeniedPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessDeniedPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ReturnUrlParameter",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ReturnUrlParameter",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TicketDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TicketDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieManager",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieManager",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SessionStore",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SessionStore",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ChunkSize",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.Int32>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ChunkSize",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Nullable<System.Int32>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ThrowForPartialCookies",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ThrowForPartialCookies",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetRequestCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AppendResponseCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "CookiePrefix",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "LoginPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "LogoutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AccessDeniedPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "ReturnUrlParameter",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Cookies\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "urlEncoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetRequestCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AppendResponseCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "StoreAsync",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.String>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RenewAsync",
+          "Parameters": [
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RetrieveAsync",
+          "Parameters": [
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoveAsync",
+          "Parameters": [
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnValidatePrincipal",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSigningIn",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSigningIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSignedIn",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSignedIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSigningOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSigningOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToLogin",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAccessDenied",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToLogout",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToReturnUrl",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignedIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RedirectUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieOptions",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "cookieOptions",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieOptions",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "cookieOptions",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ShouldRenew",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ShouldRenew",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReplacePrincipal",
+          "Parameters": [
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RejectPrincipal",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "ValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignedIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
new file mode 100644
index 0000000000..56e48d3fed
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
@@ -0,0 +1,1661 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookieAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseCookieAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseCookieAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "ImplementedInterfaces": [
+        "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_CookieName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieDomain",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieDomain",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookiePath",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookiePath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieHttpOnly",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieHttpOnly",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieSecure",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieSecure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_DataProtectionProvider",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_DataProtectionProvider",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ExpireTimeSpan",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ExpireTimeSpan",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SlidingExpiration",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SlidingExpiration",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_LoginPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_LoginPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_LogoutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_LogoutPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessDeniedPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessDeniedPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ReturnUrlParameter",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ReturnUrlParameter",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TicketDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TicketDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieManager",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieManager",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SessionStore",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SessionStore",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ChunkSize",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.Int32>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ChunkSize",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Nullable<System.Int32>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ThrowForPartialCookies",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ThrowForPartialCookies",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetRequestCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AppendResponseCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "CookiePrefix",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "LoginPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "LogoutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AccessDeniedPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "ReturnUrlParameter",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Cookies\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "urlEncoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetRequestCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AppendResponseCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "StoreAsync",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.String>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RenewAsync",
+          "Parameters": [
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RetrieveAsync",
+          "Parameters": [
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoveAsync",
+          "Parameters": [
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnValidatePrincipal",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSigningIn",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSigningIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSignedIn",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSignedIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSigningOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSigningOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToLogin",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAccessDenied",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToLogout",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToReturnUrl",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignedIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RedirectUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieOptions",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "cookieOptions",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieOptions",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "cookieOptions",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ShouldRenew",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ShouldRenew",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReplacePrincipal",
+          "Parameters": [
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RejectPrincipal",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "ValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignedIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json
new file mode 100644
index 0000000000..1e070fc7ff
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json
@@ -0,0 +1,453 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Facebook\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookHelper",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetId",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetAgeRangeMin",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetAgeRangeMax",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetBirthday",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetEmail",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetFirstName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetGender",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLastName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLink",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLocation",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLocale",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetMiddleName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTimeZone",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.FacebookOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.FacebookOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.FacebookOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.FacebookAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseFacebookAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseFacebookAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.FacebookOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.FacebookOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AppId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AppId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AppSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AppSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SendAppSecretProof",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SendAppSecretProof",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Fields",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
new file mode 100644
index 0000000000..1e070fc7ff
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
@@ -0,0 +1,453 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Facebook\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookHelper",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetId",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetAgeRangeMin",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetAgeRangeMax",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetBirthday",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetEmail",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetFirstName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetGender",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLastName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLink",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLocation",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetLocale",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetMiddleName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTimeZone",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.FacebookOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.FacebookOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.FacebookOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.FacebookAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseFacebookAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseFacebookAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.FacebookOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.FacebookOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AppId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AppId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AppSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AppSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SendAppSecretProof",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SendAppSecretProof",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Fields",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json
new file mode 100644
index 0000000000..647633afa8
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json
@@ -0,0 +1,291 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Google\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetId",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetGivenName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetFamilyName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetProfile",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetEmail",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.GoogleOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.GoogleOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.GoogleOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.GoogleAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseGoogleAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseGoogleAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.GoogleOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.GoogleOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AccessType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
new file mode 100644
index 0000000000..647633afa8
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
@@ -0,0 +1,291 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Google\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetId",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetGivenName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetFamilyName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetProfile",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetEmail",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.GoogleOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.GoogleOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.GoogleOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.GoogleAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseGoogleAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseGoogleAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.GoogleOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.GoogleOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AccessType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json
new file mode 100644
index 0000000000..37e18e53ed
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json
@@ -0,0 +1,976 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Bearer\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.JwtBearerOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Exception",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Exception",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Challenge",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticateFailure",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticateFailure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Error",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Error",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ErrorDescription",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ErrorDescription",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ErrorUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ErrorUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnAuthenticationFailed",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnMessageReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnMessageReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTokenValidated",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTokenValidated",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnChallenge",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnChallenge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Challenge",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Token",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Token",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityToken",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.SecurityToken",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.SecurityToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseJwtBearerAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseJwtBearerAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RequireHttpsMetadata",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RequireHttpsMetadata",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_MetadataAddress",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MetadataAddress",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Authority",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Authority",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Audience",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Audience",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Challenge",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Challenge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelHttpHandler",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpMessageHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelHttpHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Net.Http.HttpMessageHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Configuration",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Configuration",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ConfigurationManager",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConfigurationManager",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshOnIssuerKeyNotFound",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RefreshOnIssuerKeyNotFound",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityTokenValidators",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IList<Microsoft.IdentityModel.Tokens.ISecurityTokenValidator>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenValidationParameters",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.TokenValidationParameters",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenValidationParameters",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.TokenValidationParameters"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SaveToken",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SaveToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_IncludeErrorDetails",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_IncludeErrorDetails",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
new file mode 100644
index 0000000000..37e18e53ed
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
@@ -0,0 +1,976 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Bearer\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.JwtBearerOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Exception",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Exception",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Challenge",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticateFailure",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticateFailure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Error",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Error",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ErrorDescription",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ErrorDescription",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ErrorUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ErrorUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnAuthenticationFailed",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnMessageReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnMessageReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTokenValidated",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTokenValidated",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnChallenge",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnChallenge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Challenge",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Token",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Token",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityToken",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.SecurityToken",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.SecurityToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseJwtBearerAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseJwtBearerAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RequireHttpsMetadata",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RequireHttpsMetadata",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_MetadataAddress",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MetadataAddress",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Authority",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Authority",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Audience",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Audience",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Challenge",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Challenge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelHttpHandler",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpMessageHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelHttpHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Net.Http.HttpMessageHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Configuration",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Configuration",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ConfigurationManager",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConfigurationManager",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshOnIssuerKeyNotFound",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RefreshOnIssuerKeyNotFound",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityTokenValidators",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IList<Microsoft.IdentityModel.Tokens.ISecurityTokenValidator>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenValidationParameters",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.TokenValidationParameters",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenValidationParameters",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.TokenValidationParameters"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SaveToken",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SaveToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_IncludeErrorDetails",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_IncludeErrorDetails",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json
new file mode 100644
index 0000000000..06b3cd0d53
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json
@@ -0,0 +1,256 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Microsoft\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountHelper",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetId",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDisplayName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetGivenName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetSurname",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetEmail",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.MicrosoftAccountAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseMicrosoftAccountAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseMicrosoftAccountAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
new file mode 100644
index 0000000000..06b3cd0d53
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
@@ -0,0 +1,256 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Microsoft\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountHelper",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetId",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDisplayName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetGivenName",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetSurname",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetEmail",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.MicrosoftAccountAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseMicrosoftAccountAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseMicrosoftAccountAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json
new file mode 100644
index 0000000000..d485aedb17
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json
@@ -0,0 +1,955 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ExchangeCodeAsync",
+          "Parameters": [
+            {
+              "Name": "code",
+              "Type": "System.String"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateTicketAsync",
+          "Parameters": [
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleUnauthorizedAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "BuildChallengeUrl",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "FormatScope",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.OAuthOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.OAuthOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [
+            {
+              "Name": "response",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Failed",
+          "Parameters": [
+            {
+              "Name": "error",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Response",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Response",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RefreshToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ExpiresIn",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ExpiresIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Error",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Error",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ExpiresIn",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.TimeSpan>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Ticket",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Ticket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Identity",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsIdentity",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            },
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            },
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            },
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnCreatingTicket",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnCreatingTicket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseOAuthAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseOAuthAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ClientId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UserInformationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Scope",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
new file mode 100644
index 0000000000..d485aedb17
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
@@ -0,0 +1,955 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ExchangeCodeAsync",
+          "Parameters": [
+            {
+              "Name": "code",
+              "Type": "System.String"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateTicketAsync",
+          "Parameters": [
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleUnauthorizedAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "BuildChallengeUrl",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "FormatScope",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.OAuthOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.OAuthOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [
+            {
+              "Name": "response",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Failed",
+          "Parameters": [
+            {
+              "Name": "error",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Response",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Response",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RefreshToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ExpiresIn",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ExpiresIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Error",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Error",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ExpiresIn",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.TimeSpan>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Ticket",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Ticket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Identity",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsIdentity",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            },
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            },
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            },
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnCreatingTicket",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnCreatingTicket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseOAuthAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseOAuthAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ClientId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UserInformationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Scope",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json
new file mode 100644
index 0000000000..64cb79487d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json
@@ -0,0 +1,2005 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationPropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "Caption",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "CookieNoncePrefix",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "RedirectUriForCodePropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserstatePropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"OpenIdConnect\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HtmlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteSignOutAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "signout",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleUnauthorizedAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedeemAuthorizationCodeAsync",
+          "Parameters": [
+            {
+              "Name": "tokenEndpointRequest",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetUserInformationAsync",
+          "Parameters": [
+            {
+              "Name": "message",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            },
+            {
+              "Name": "jwt",
+              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "htmlEncoder",
+              "Type": "System.Text.Encodings.Web.HtmlEncoder"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HtmlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "services",
+              "Type": "System.IServiceProvider"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>"
+            },
+            {
+              "Name": "htmlEncoder",
+              "Type": "System.Text.Encodings.Web.HtmlEncoder"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
+      "Visibility": "Public",
+      "Kind": "Enumeration",
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "RedirectGet",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "0"
+        },
+        {
+          "Kind": "Field",
+          "Name": "FormPost",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "1"
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Exception",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Exception",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_JwtSecurityToken",
+          "Parameters": [],
+          "ReturnType": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_JwtSecurityToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointRequest",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointRequest",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointResponse",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HandledCodeRedemption",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleCodeRedemption",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleCodeRedemption",
+          "Parameters": [
+            {
+              "Name": "accessToken",
+              "Type": "System.String"
+            },
+            {
+              "Name": "idToken",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleCodeRedemption",
+          "Parameters": [
+            {
+              "Name": "tokenEndpointResponse",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizationCodeReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProviderForSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenResponseReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UserInformationReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Token",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Token",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnAuthenticationFailed",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnAuthorizationCodeReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAuthorizationCodeReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnMessageReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnMessageReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToIdentityProvider",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToIdentityProviderForSignOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToIdentityProviderForSignOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRemoteSignOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTokenResponseReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTokenResponseReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTokenValidated",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTokenValidated",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnUserInformationReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnUserInformationReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizationCodeReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProviderForSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenResponseReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UserInformationReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            },
+            {
+              "Name": "message",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointResponse",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityToken",
+          "Parameters": [],
+          "ReturnType": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointResponse",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Nonce",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Nonce",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_User",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseOpenIdConnectAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseOpenIdConnectAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Authority",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Authority",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Configuration",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Configuration",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ConfigurationManager",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConfigurationManager",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_GetClaimsFromUserInfoEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_GetClaimsFromUserInfoEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RequireHttpsMetadata",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RequireHttpsMetadata",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_MetadataAddress",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MetadataAddress",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolValidator",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolValidator",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_PostLogoutRedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_PostLogoutRedirectUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshOnIssuerKeyNotFound",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RefreshOnIssuerKeyNotFound",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationMethod",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationMethod",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Resource",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Resource",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ResponseMode",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ResponseMode",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ResponseType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ResponseType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Scope",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RemoteSignOutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RemoteSignOutPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignOutScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignOutScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StringDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StringDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityTokenValidator",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.ISecurityTokenValidator",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityTokenValidator",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.ISecurityTokenValidator"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenValidationParameters",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.TokenValidationParameters",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenValidationParameters",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.TokenValidationParameters"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UseTokenLifetime",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UseTokenLifetime",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SkipUnrecognizedRequests",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SkipUnrecognizedRequests",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
new file mode 100644
index 0000000000..64cb79487d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
@@ -0,0 +1,2005 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationPropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "Caption",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "CookieNoncePrefix",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "RedirectUriForCodePropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserstatePropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"OpenIdConnect\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HtmlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteSignOutAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "signout",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleUnauthorizedAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedeemAuthorizationCodeAsync",
+          "Parameters": [
+            {
+              "Name": "tokenEndpointRequest",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetUserInformationAsync",
+          "Parameters": [
+            {
+              "Name": "message",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            },
+            {
+              "Name": "jwt",
+              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "htmlEncoder",
+              "Type": "System.Text.Encodings.Web.HtmlEncoder"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HtmlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "services",
+              "Type": "System.IServiceProvider"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>"
+            },
+            {
+              "Name": "htmlEncoder",
+              "Type": "System.Text.Encodings.Web.HtmlEncoder"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
+      "Visibility": "Public",
+      "Kind": "Enumeration",
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "RedirectGet",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "0"
+        },
+        {
+          "Kind": "Field",
+          "Name": "FormPost",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "1"
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Exception",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Exception",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_JwtSecurityToken",
+          "Parameters": [],
+          "ReturnType": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_JwtSecurityToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointRequest",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointRequest",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointResponse",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HandledCodeRedemption",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleCodeRedemption",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleCodeRedemption",
+          "Parameters": [
+            {
+              "Name": "accessToken",
+              "Type": "System.String"
+            },
+            {
+              "Name": "idToken",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleCodeRedemption",
+          "Parameters": [
+            {
+              "Name": "tokenEndpointResponse",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizationCodeReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProviderForSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenResponseReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UserInformationReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Token",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Token",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnAuthenticationFailed",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnAuthorizationCodeReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAuthorizationCodeReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnMessageReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnMessageReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToIdentityProvider",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToIdentityProviderForSignOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToIdentityProviderForSignOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRemoteSignOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTokenResponseReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTokenResponseReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTokenValidated",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTokenValidated",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnUserInformationReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnUserInformationReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizationCodeReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProviderForSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenResponseReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UserInformationReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            },
+            {
+              "Name": "message",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointResponse",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityToken",
+          "Parameters": [],
+          "ReturnType": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpointResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpointResponse",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Nonce",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Nonce",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_User",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseOpenIdConnectAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseOpenIdConnectAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Authority",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Authority",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Configuration",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Configuration",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ConfigurationManager",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConfigurationManager",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_GetClaimsFromUserInfoEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_GetClaimsFromUserInfoEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RequireHttpsMetadata",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RequireHttpsMetadata",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_MetadataAddress",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MetadataAddress",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolValidator",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolValidator",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_PostLogoutRedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_PostLogoutRedirectUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshOnIssuerKeyNotFound",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RefreshOnIssuerKeyNotFound",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationMethod",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationMethod",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Resource",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Resource",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ResponseMode",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ResponseMode",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ResponseType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ResponseType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Scope",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RemoteSignOutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RemoteSignOutPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignOutScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignOutScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StringDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StringDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityTokenValidator",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.ISecurityTokenValidator",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityTokenValidator",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.ISecurityTokenValidator"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenValidationParameters",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.TokenValidationParameters",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenValidationParameters",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.TokenValidationParameters"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UseTokenLifetime",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UseTokenLifetime",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SkipUnrecognizedRequests",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SkipUnrecognizedRequests",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json
new file mode 100644
index 0000000000..c35232a310
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json
@@ -0,0 +1,848 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Twitter\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.TwitterOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.TwitterOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.TwitterOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.TwitterOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UserId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ScreenName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessTokenSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            },
+            {
+              "Name": "userId",
+              "Type": "System.String"
+            },
+            {
+              "Name": "screenName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "accessToken",
+              "Type": "System.String"
+            },
+            {
+              "Name": "accessTokenSecret",
+              "Type": "System.String"
+            },
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnCreatingTicket",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnCreatingTicket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.AccessToken",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UserId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UserId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ScreenName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ScreenName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Token",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Token",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CallbackConfirmed",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CallbackConfirmed",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.RequestTokenSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "model",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "token",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseTwitterAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseTwitterAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.TwitterOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ConsumerKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConsumerKey",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ConsumerSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConsumerSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RetrieveUserDetails",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RetrieveUserDetails",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
new file mode 100644
index 0000000000..c35232a310
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
@@ -0,0 +1,848 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Twitter\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.TwitterOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.TwitterOptions>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "dataProtectionProvider",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "sharedOptions",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.TwitterOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.TwitterOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UserId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ScreenName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessTokenSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            },
+            {
+              "Name": "userId",
+              "Type": "System.String"
+            },
+            {
+              "Name": "screenName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "accessToken",
+              "Type": "System.String"
+            },
+            {
+              "Name": "accessTokenSecret",
+              "Type": "System.String"
+            },
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnCreatingTicket",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnCreatingTicket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.AccessToken",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UserId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UserId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ScreenName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ScreenName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Token",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Token",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CallbackConfirmed",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CallbackConfirmed",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.RequestTokenSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "model",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "token",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseTwitterAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseTwitterAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.TwitterOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ConsumerKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConsumerKey",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ConsumerSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConsumerSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RetrieveUserDetails",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RetrieveUserDetails",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SystemClock",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SystemClock",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication/baseline.net45.json
new file mode 100644
index 0000000000..1f69da5a8f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/baseline.net45.json
@@ -0,0 +1,2897 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AutomaticAuthenticate",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AutomaticAuthenticate",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AutomaticChallenge",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AutomaticChallenge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimsIssuer",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClaimsIssuer",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Description",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Description",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseClaimsTransformation",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseClaimsTransformation",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "transform",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseClaimsTransformation",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Transformer",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Transformer",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelHttpHandler",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpMessageHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelHttpHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Net.Http.HttpMessageHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CallbackPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CallbackPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignInScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignInScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_DisplayName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RemoteAuthenticationTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RemoteAuthenticationTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SaveTokens",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SaveTokens",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Succeeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Ticket",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Failure",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Skipped",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Skip",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failureMessage",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_SignInAccepted",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignInAccepted",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignOutAccepted",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignOutAccepted",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ChallengeCalled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ChallengeCalled",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Request",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpRequest",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Response",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpResponse",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OriginalPathBase",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OriginalPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Logger",
+          "Parameters": [],
+          "ReturnType": "Microsoft.Extensions.Logging.ILogger",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UrlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.UrlEncoder",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_PriorHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_PriorHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CurrentUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "T0",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "InitializeAsync",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "T0"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILogger"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "BuildRedirectUri",
+          "Parameters": [
+            {
+              "Name": "targetPath",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "FinishResponseAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDescriptions",
+          "Parameters": [
+            {
+              "Name": "describeContext",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ShouldHandleScheme",
+          "Parameters": [
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "handleAutomatic",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticateAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateOnceAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleForbiddenAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleUnauthorizedAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "T0",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Logger",
+          "Parameters": [],
+          "ReturnType": "Microsoft.Extensions.Logging.ILogger",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Logger",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.Extensions.Logging.ILogger"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UrlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.UrlEncoder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UrlEncoder",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Invoke",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationToken",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Name",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Name",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Value",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Value",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_PriorHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_PriorHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticateAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDescriptions",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RegisterAuthenticationHandler",
+          "Parameters": [
+            {
+              "Name": "auth",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UnregisterAuthenticationHandler",
+          "Parameters": [
+            {
+              "Name": "auth",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "transform",
+              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
+            },
+            {
+              "Name": "httpContext",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Invoke",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.ClaimsTransformationOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnTransform",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTransform",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TransformAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "TransformAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ISystemClock",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UtcNow",
+          "Parameters": [],
+          "ReturnType": "System.DateTimeOffset",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteCallbackAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleForbiddenAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GenerateCorrelationId",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ValidateCorrelationId",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Boolean",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_SignInScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignInScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SystemClock",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.ISystemClock"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UtcNow",
+          "Parameters": [],
+          "ReturnType": "System.DateTimeOffset",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTokenExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "StoreTokens",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokens",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokenValue",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokenName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokens",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokenAsync",
+          "Parameters": [
+            {
+              "Name": "manager",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
+            },
+            {
+              "Name": "tokenName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.String>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokenAsync",
+          "Parameters": [
+            {
+              "Name": "manager",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
+            },
+            {
+              "Name": "signInScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "tokenName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.String>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.IDataSerializer<T0>",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "model",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "T0",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TModel",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TData",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.PropertiesDataFormat",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.PropertiesSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Default",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.PropertiesSerializer",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "model",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SecureDataFormat<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "serializer",
+              "Type": "Microsoft.AspNetCore.Authentication.IDataSerializer<T0>"
+            },
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TData",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Base64UrlTextEncoder",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Encode",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Decode",
+          "Parameters": [
+            {
+              "Name": "text",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.TicketDataFormat",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.TicketSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Default",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.TicketSerializer",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteIdentity",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteClaim",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "claim",
+              "Type": "System.Security.Claims.Claim"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadIdentity",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.ClaimsIdentity",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadClaim",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.Claim",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_HttpContext",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Request",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpRequest",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Response",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpResponse",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_State",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.EventResultState",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_State",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.EventResultState"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HandledResponse",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Skipped",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleResponse",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SkipToNextMiddleware",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Ticket",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Ticket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CheckEventResult",
+          "Parameters": [
+            {
+              "Name": "result",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+              "Direction": "Out"
+            }
+          ],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.EventResultState",
+      "Visibility": "Public",
+      "Kind": "Enumeration",
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "Continue",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "0"
+        },
+        {
+          "Kind": "Field",
+          "Name": "Skipped",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "1"
+        },
+        {
+          "Kind": "Field",
+          "Name": "HandledResponse",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "2"
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.FailureContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Failure",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Failure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "RemoteFailure",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TicketReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.TicketReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnRemoteFailure",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRemoteFailure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTicketReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.TicketReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTicketReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.TicketReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoteFailure",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TicketReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.TicketReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.TicketReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ReturnUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ReturnUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddAuthentication",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddAuthentication",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
new file mode 100644
index 0000000000..1f69da5a8f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
@@ -0,0 +1,2897 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AutomaticAuthenticate",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AutomaticAuthenticate",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AutomaticChallenge",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AutomaticChallenge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimsIssuer",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClaimsIssuer",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Description",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Description",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseClaimsTransformation",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseClaimsTransformation",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "transform",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseClaimsTransformation",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Transformer",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Transformer",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelHttpHandler",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpMessageHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelHttpHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Net.Http.HttpMessageHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CallbackPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CallbackPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignInScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignInScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_DisplayName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RemoteAuthenticationTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RemoteAuthenticationTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SaveTokens",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SaveTokens",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Succeeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Ticket",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Failure",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Skipped",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Skip",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failureMessage",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_SignInAccepted",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignInAccepted",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignOutAccepted",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignOutAccepted",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ChallengeCalled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ChallengeCalled",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Request",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpRequest",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Response",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpResponse",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OriginalPathBase",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OriginalPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Logger",
+          "Parameters": [],
+          "ReturnType": "Microsoft.Extensions.Logging.ILogger",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UrlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.UrlEncoder",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_PriorHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_PriorHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CurrentUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "T0",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "InitializeAsync",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "T0"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILogger"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "BuildRedirectUri",
+          "Parameters": [
+            {
+              "Name": "targetPath",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "FinishResponseAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDescriptions",
+          "Parameters": [
+            {
+              "Name": "describeContext",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ShouldHandleScheme",
+          "Parameters": [
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "handleAutomatic",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticateAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateOnceAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleForbiddenAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleUnauthorizedAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "T0",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Logger",
+          "Parameters": [],
+          "ReturnType": "Microsoft.Extensions.Logging.ILogger",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Logger",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.Extensions.Logging.ILogger"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UrlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.UrlEncoder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UrlEncoder",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Invoke",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
+            },
+            {
+              "Name": "loggerFactory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationToken",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Name",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Name",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Value",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Value",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_PriorHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_PriorHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticateAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDescriptions",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RegisterAuthenticationHandler",
+          "Parameters": [
+            {
+              "Name": "auth",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UnregisterAuthenticationHandler",
+          "Parameters": [
+            {
+              "Name": "auth",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "transform",
+              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
+            },
+            {
+              "Name": "httpContext",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Invoke",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.ClaimsTransformationOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnTransform",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTransform",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TransformAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "TransformAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ISystemClock",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UtcNow",
+          "Parameters": [],
+          "ReturnType": "System.DateTimeOffset",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteCallbackAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignInAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleForbiddenAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GenerateCorrelationId",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ValidateCorrelationId",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Boolean",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_SignInScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignInScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SystemClock",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.ISystemClock"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UtcNow",
+          "Parameters": [],
+          "ReturnType": "System.DateTimeOffset",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTokenExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "StoreTokens",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokens",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokenValue",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokenName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokens",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokenAsync",
+          "Parameters": [
+            {
+              "Name": "manager",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
+            },
+            {
+              "Name": "tokenName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.String>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetTokenAsync",
+          "Parameters": [
+            {
+              "Name": "manager",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
+            },
+            {
+              "Name": "signInScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "tokenName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.String>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.IDataSerializer<T0>",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "model",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "T0",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TModel",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TData",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.PropertiesDataFormat",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.PropertiesSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Default",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.PropertiesSerializer",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "model",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SecureDataFormat<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "T0"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedText",
+              "Type": "System.String"
+            },
+            {
+              "Name": "purpose",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "T0",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "serializer",
+              "Type": "Microsoft.AspNetCore.Authentication.IDataSerializer<T0>"
+            },
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TData",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Base64UrlTextEncoder",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Encode",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Decode",
+          "Parameters": [
+            {
+              "Name": "text",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.TicketDataFormat",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.TicketSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Default",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.TicketSerializer",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteIdentity",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteClaim",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "claim",
+              "Type": "System.Security.Claims.Claim"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadIdentity",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.ClaimsIdentity",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadClaim",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.Claim",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_HttpContext",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Request",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpRequest",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Response",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpResponse",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_State",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.EventResultState",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_State",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.EventResultState"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HandledResponse",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Skipped",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleResponse",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SkipToNextMiddleware",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Ticket",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Ticket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CheckEventResult",
+          "Parameters": [
+            {
+              "Name": "result",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+              "Direction": "Out"
+            }
+          ],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.EventResultState",
+      "Visibility": "Public",
+      "Kind": "Enumeration",
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "Continue",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "0"
+        },
+        {
+          "Kind": "Field",
+          "Name": "Skipped",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "1"
+        },
+        {
+          "Kind": "Field",
+          "Name": "HandledResponse",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "2"
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.FailureContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Failure",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Failure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "RemoteFailure",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TicketReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.TicketReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnRemoteFailure",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRemoteFailure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnTicketReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.TicketReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnTicketReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.TicketReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoteFailure",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "TicketReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.TicketReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.TicketReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ReturnUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ReturnUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddAuthentication",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddAuthentication",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/baseline.net45.json b/src/Microsoft.AspNetCore.Authorization/baseline.net45.json
new file mode 100644
index 0000000000..8ae585270c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/baseline.net45.json
@@ -0,0 +1,1593 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddAuthorization",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddAuthorization",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "configure",
+              "Type": "System.Action<Microsoft.AspNetCore.Authorization.AuthorizationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "System.Attribute",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAllowAnonymous"
+      ],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TRequirement",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<T0, T1>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "T0"
+            },
+            {
+              "Name": "resource",
+              "Type": "T1"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TRequirement",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+          ]
+        },
+        {
+          "ParameterName": "TResource",
+          "ParameterPosition": 1,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Requirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Resource",
+          "Parameters": [],
+          "ReturnType": "System.Object",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_PendingRequirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HasFailed",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HasSucceeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Succeed",
+          "Parameters": [
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_DefaultPolicy",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_DefaultPolicy",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddPolicy",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddPolicy",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configurePolicy",
+              "Type": "System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetPolicy",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Requirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IReadOnlyList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IReadOnlyList<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Combine",
+          "Parameters": [
+            {
+              "Name": "policies",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Combine",
+          "Parameters": [
+            {
+              "Name": "policies",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CombineAsync",
+          "Parameters": [
+            {
+              "Name": "policyProvider",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
+            },
+            {
+              "Name": "authorizeData",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizeData>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            },
+            {
+              "Name": "authenticationSchemes",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Requirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Requirements",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IList<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Collections.Generic.IList<System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddAuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "schemes",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddRequirements",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Combine",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireClaim",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "requiredValues",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireClaim",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "requiredValues",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireClaim",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireRole",
+          "Parameters": [
+            {
+              "Name": "roles",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireRole",
+          "Parameters": [
+            {
+              "Name": "roles",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireUserName",
+          "Parameters": [
+            {
+              "Name": "userName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireAuthenticatedUser",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireAssertion",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Boolean>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireAssertion",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Build",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "authenticationSchemes",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizeAttribute",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "System.Attribute",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizeData"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Policy",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Policy",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Roles",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Roles",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ActiveAuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ActiveAuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetDefaultPolicyAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetPolicyAsync",
+          "Parameters": [
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationService",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "policyProvider",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
+            },
+            {
+              "Name": "handlers",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILogger<Microsoft.AspNetCore.Authorization.DefaultAuthorizationService>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAllowAnonymous",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetPolicyAsync",
+          "Parameters": [
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDefaultPolicyAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Policy",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Policy",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Roles",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Roles",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ActiveAuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ActiveAuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Handler",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Boolean>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AllowedValues",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "allowedValues",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RequiredName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "requiredName",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Name",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Name",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AllowedRoles",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "allowedRoles",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json b/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
new file mode 100644
index 0000000000..8ae585270c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
@@ -0,0 +1,1593 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddAuthorization",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddAuthorization",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "configure",
+              "Type": "System.Action<Microsoft.AspNetCore.Authorization.AuthorizationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "System.Attribute",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAllowAnonymous"
+      ],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TRequirement",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<T0, T1>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "T0"
+            },
+            {
+              "Name": "resource",
+              "Type": "T1"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TRequirement",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+          ]
+        },
+        {
+          "ParameterName": "TResource",
+          "ParameterPosition": 1,
+          "BaseTypeOrInterfaces": []
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Requirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Resource",
+          "Parameters": [],
+          "ReturnType": "System.Object",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_PendingRequirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HasFailed",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HasSucceeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Succeed",
+          "Parameters": [
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_DefaultPolicy",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_DefaultPolicy",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddPolicy",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddPolicy",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configurePolicy",
+              "Type": "System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetPolicy",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Requirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IReadOnlyList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IReadOnlyList<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Combine",
+          "Parameters": [
+            {
+              "Name": "policies",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Combine",
+          "Parameters": [
+            {
+              "Name": "policies",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CombineAsync",
+          "Parameters": [
+            {
+              "Name": "policyProvider",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
+            },
+            {
+              "Name": "authorizeData",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizeData>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            },
+            {
+              "Name": "authenticationSchemes",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Requirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Requirements",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IList<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Collections.Generic.IList<System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddAuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "schemes",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddRequirements",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Combine",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireClaim",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "requiredValues",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireClaim",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "requiredValues",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireClaim",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireRole",
+          "Parameters": [
+            {
+              "Name": "roles",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireRole",
+          "Parameters": [
+            {
+              "Name": "roles",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireUserName",
+          "Parameters": [
+            {
+              "Name": "userName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireAuthenticatedUser",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireAssertion",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Boolean>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RequireAssertion",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Build",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "authenticationSchemes",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "service",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizeAttribute",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "System.Attribute",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizeData"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Policy",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Policy",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Roles",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Roles",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ActiveAuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ActiveAuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetDefaultPolicyAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetPolicyAsync",
+          "Parameters": [
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationService",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "policyProvider",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
+            },
+            {
+              "Name": "handlers",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILogger<Microsoft.AspNetCore.Authorization.DefaultAuthorizationService>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAllowAnonymous",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetPolicyAsync",
+          "Parameters": [
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetDefaultPolicyAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            },
+            {
+              "Name": "policyName",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Policy",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Policy",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Roles",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Roles",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ActiveAuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ActiveAuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Handler",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Boolean>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "handler",
+              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AllowedValues",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "allowedValues",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RequiredName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "requiredName",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Name",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Name",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AllowedRoles",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequirementAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            },
+            {
+              "Name": "requirement",
+              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "allowedRoles",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json b/src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json
new file mode 100644
index 0000000000..8eef347eb6
--- /dev/null
+++ b/src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json
@@ -0,0 +1,392 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseCookiePolicy",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseCookiePolicy",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookiePolicyOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookiePolicyOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_HttpOnly",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_HttpOnly",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Secure",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Secure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnAppendCookie",
+          "Parameters": [],
+          "ReturnType": "System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAppendCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnDeleteCookie",
+          "Parameters": [],
+          "ReturnType": "System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnDeleteCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.AppendCookieContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieValue",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieValue",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            },
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.CookiePolicyOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Builder.CookiePolicyOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Invoke",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            },
+            {
+              "Name": "name",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy",
+      "Visibility": "Public",
+      "Kind": "Enumeration",
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "None",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "0"
+        },
+        {
+          "Kind": "Field",
+          "Name": "Always",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "1"
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
new file mode 100644
index 0000000000..8eef347eb6
--- /dev/null
+++ b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
@@ -0,0 +1,392 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseCookiePolicy",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseCookiePolicy",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Builder.CookiePolicyOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.CookiePolicyOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_HttpOnly",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_HttpOnly",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Secure",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Secure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnAppendCookie",
+          "Parameters": [],
+          "ReturnType": "System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAppendCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnDeleteCookie",
+          "Parameters": [],
+          "ReturnType": "System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnDeleteCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.AppendCookieContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieValue",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieValue",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            },
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Builder.CookiePolicyOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Options",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Builder.CookiePolicyOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Invoke",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Context",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            },
+            {
+              "Name": "name",
+              "Type": "System.String"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy",
+      "Visibility": "Public",
+      "Kind": "Enumeration",
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "None",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "0"
+        },
+        {
+          "Kind": "Field",
+          "Name": "Always",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "1"
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.net45.json b/src/Microsoft.Owin.Security.Interop/baseline.net45.json
new file mode 100644
index 0000000000..1fc242ec55
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/baseline.net45.json
@@ -0,0 +1,373 @@
+{
+  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.Owin.Security.Interop.AspNetTicketDataFormat",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.Owin.Security.DataHandler.SecureDataFormat<Microsoft.Owin.Security.AuthenticationTicket>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.Owin.Security.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Owin.Security.Interop.AspNetTicketSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Default",
+          "Parameters": [],
+          "ReturnType": "Microsoft.Owin.Security.Interop.AspNetTicketSerializer",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.Owin.Security.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.Owin.Security.AuthenticationTicket",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.Owin.Security.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteIdentity",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteClaim",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "claim",
+              "Type": "System.Security.Claims.Claim"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.Owin.Security.AuthenticationTicket",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadIdentity",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.ClaimsIdentity",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadClaim",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.Claim",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Owin.Security.Interop.ChunkingCookieManager",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Owin.Infrastructure.ICookieManager"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ChunkSize",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.Int32>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ChunkSize",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Nullable<System.Int32>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ThrowForPartialCookies",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ThrowForPartialCookies",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetRequestCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.Owin.IOwinContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AppendResponseCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.Owin.IOwinContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Owin.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.Owin.IOwinContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Owin.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Owin.Security.Interop.DataProtectorShim",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Sealed": true,
+      "ImplementedInterfaces": [
+        "Microsoft.Owin.Security.DataProtection.IDataProtector"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "userData",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataProtection.IDataProtector",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedData",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataProtection.IDataProtector",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file

From f69bd9956bc163b6841bec8f36084e5106c29d88 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 9 Nov 2016 11:33:20 -0800
Subject: [PATCH 658/900] Branching for 1.1.0

---
 NuGet.config | 4 ++--
 build.ps1    | 2 +-
 build.sh     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 0fd623ffdd..ad973186eb 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
+    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-release/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/build.ps1 b/build.ps1
index 8f2f99691a..24ca167cf6 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/1.1.0.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index f4208100eb..fea9ac64ad 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/1.1.0.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi

From 46df38de68b164c2c987bd4bda5594288fec7ccb Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 9 Nov 2016 14:19:34 -0800
Subject: [PATCH 659/900] Updating versions to 1.2.0-*

---
 samples/CookieSample/project.json             | 12 ++++-----
 samples/CookieSessionSample/project.json      | 14 +++++-----
 samples/JwtBearerSample/project.json          | 12 ++++-----
 .../OpenIdConnect.AzureAdSample/project.json  | 14 +++++-----
 samples/OpenIdConnectSample/project.json      | 20 +++++++-------
 samples/SocialSample/project.json             | 26 +++++++++----------
 .../project.json                              | 16 +++++++-----
 .../project.json                              |  6 +++--
 .../project.json                              |  6 +++--
 .../project.json                              |  8 +++---
 .../project.json                              |  6 +++--
 .../project.json                              |  8 +++---
 .../project.json                              |  8 +++---
 .../project.json                              |  8 +++---
 .../project.json                              | 18 ++++++-------
 .../project.json                              |  8 +++---
 .../project.json                              |  6 ++---
 .../project.json                              |  6 ++---
 .../project.json                              |  4 +--
 .../project.json                              | 18 ++++++-------
 .../project.json                              |  8 +++---
 .../project.json                              |  4 +--
 .../project.json                              |  8 +++---
 .../project.json                              |  6 ++---
 24 files changed, 133 insertions(+), 117 deletions(-)

diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index 2529f14027..ae4abcc286 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -1,11 +1,11 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.2.0-*"
   },
   "buildOptions": {
     "emitEntryPoint": true
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 8987d1b6ad..0892ae8fb9 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -1,12 +1,12 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
-    "Microsoft.Extensions.Caching.Memory": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
+    "Microsoft.Extensions.Caching.Memory": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.2.0-*"
   },
   "buildOptions": {
     "emitEntryPoint": true
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index 3a61c23ee4..a70a9bea97 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -4,12 +4,12 @@
     "emitEntryPoint": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
-    "Microsoft.AspNetCore.StaticFiles": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
+    "Microsoft.AspNetCore.StaticFiles": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 2cfabe8dff..26da355f36 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -1,12 +1,12 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.2.0-*",
     "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.13.4"
   },
   "frameworks": {
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 631e339afb..c429cfd2bd 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -1,15 +1,15 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
-    "Microsoft.Extensions.FileProviders.Embedded": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Debug": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*",
+    "Microsoft.Extensions.FileProviders.Embedded": "1.2.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.2.0-*",
+    "Microsoft.Extensions.Logging.Debug": "1.2.0-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index e041bf26ca..c46f461b78 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -1,18 +1,18 @@
 {
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.Facebook": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.Google": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.Twitter": "1.1.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.1.0-*",
-    "Microsoft.Extensions.FileProviders.Embedded": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.1.0-*"
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.Facebook": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.Google": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.Twitter": "1.2.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
+    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
+    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*",
+    "Microsoft.Extensions.FileProviders.Embedded": "1.2.0-*",
+    "Microsoft.Extensions.Logging.Console": "1.2.0-*"
   },
   "buildOptions": {
     "emitEntryPoint": true
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index baa2b87c2d..8cdb4bf1ef 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core middleware that enables an application to use cookie based authentication.",
   "packOptions": {
     "repository": {
@@ -24,17 +24,19 @@
     ]
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication": {
+      "target": "project"
+    },
     "Microsoft.AspNetCore.ChunkingCookieManager.Sources": {
-      "version": "1.1.0-*",
-      "type": "build"
+      "type": "build",
+      "target": "project"
     },
-    "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.Extensions.Options": "1.2.0-*",
     "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
-    "Microsoft.Extensions.WebEncoders": "1.1.0-*",
+    "Microsoft.Extensions.WebEncoders": "1.2.0-*",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 436b41be5f..5f60a7f810 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,7 +21,9 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OAuth": {
+      "target": "project"
+    },
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index b4e4a8a461..1b24f2c996 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.",
   "packOptions": {
     "repository": {
@@ -21,7 +21,9 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OAuth": {
+      "target": "project"
+    },
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index f2e9b5dd26..65a3888243 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.",
   "packOptions": {
     "repository": {
@@ -21,9 +21,11 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication": {
+      "target": "project"
+    },
     "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index be590b3ec9..7a2a8436ba 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,7 +21,9 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.OAuth": {
+      "target": "project"
+    },
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index c1d6ac0799..565b72537b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,9 +21,11 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication": {
+      "target": "project"
+    },
     "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
     "NETStandard.Library": "1.6.1-*",
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index 33f13c66cf..dc137510a4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,9 +21,11 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication": {
+      "target": "project"
+    },
     "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index 28239ec93a..c4fa7ea462 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.",
   "packOptions": {
     "repository": {
@@ -21,9 +21,11 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Authentication": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication": {
+      "target": "project"
+    },
     "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
     "NETStandard.Library": "1.6.1-*",
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 4f0bc2bc99..2006c8497a 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core common types used by the various authentication middleware components.",
   "packOptions": {
     "repository": {
@@ -21,20 +21,20 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.DataProtection": "1.1.0-*",
-    "Microsoft.AspNetCore.Http": "1.1.0-*",
-    "Microsoft.AspNetCore.Http.Extensions": "1.1.0-*",
-    "Microsoft.Extensions.Logging.Abstractions": "1.1.0-*",
-    "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
+    "Microsoft.AspNetCore.Http": "1.2.0-*",
+    "Microsoft.AspNetCore.Http.Extensions": "1.2.0-*",
+    "Microsoft.Extensions.Logging.Abstractions": "1.2.0-*",
+    "Microsoft.Extensions.Options": "1.2.0-*",
     "Microsoft.Extensions.SecurityHelper.Sources": {
       "type": "build",
-      "version": "1.1.0-*"
+      "version": "1.2.0-*"
     },
     "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
-    "Microsoft.Extensions.WebEncoders": "1.1.0-*",
+    "Microsoft.Extensions.WebEncoders": "1.2.0-*",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index fc455c84dd..3875aae17e 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core authorization classes.\r\nCommonly used types:\r\nMicrosoft.AspNetCore.Authorization.AllowAnonymousAttribute\r\nMicrosoft.AspNetCore.Authorization.AuthorizeAttribute",
   "packOptions": {
     "repository": {
@@ -20,10 +20,10 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.Extensions.Logging.Abstractions": "1.1.0-*",
-    "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.Extensions.Logging.Abstractions": "1.2.0-*",
+    "Microsoft.Extensions.Options": "1.2.0-*",
     "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
     "NETStandard.Library": "1.6.1-*"
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
index 96571bb786..693fba630a 100644
--- a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
+++ b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
@@ -1,9 +1,9 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "shared": "*.cs",
   "dependencies": {
-    "Microsoft.AspNetCore.Http.Abstractions": "1.1.0-*",
-    "Microsoft.Net.Http.Headers": "1.1.0-*",
+    "Microsoft.AspNetCore.Http.Abstractions": "1.2.0-*",
+    "Microsoft.Net.Http.Headers": "1.2.0-*",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index 471dfc8a8e..5a0eca5f43 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "description": "ASP.NET Core cookie policy classes to control the behavior of cookies.",
   "packOptions": {
     "repository": {
@@ -19,8 +19,8 @@
     "xmlDoc": true
   },
   "dependencies": {
-    "Microsoft.AspNetCore.Http": "1.1.0-*",
-    "Microsoft.Extensions.Options": "1.1.0-*",
+    "Microsoft.AspNetCore.Http": "1.2.0-*",
+    "Microsoft.Extensions.Options": "1.2.0-*",
     "NETStandard.Library": "1.6.1-*"
   },
   "frameworks": {
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index be6e48490b..82e22660d8 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0-*",
+  "version": "1.2.0-*",
   "buildOptions": {
     "warningsAsErrors": true,
     "keyFile": "../../tools/Key.snk",
@@ -18,7 +18,7 @@
     ]
   },
   "dependencies": {
-    "Microsoft.AspNetCore.DataProtection.Extensions": "1.1.0-*",
+    "Microsoft.AspNetCore.DataProtection.Extensions": "1.2.0-*",
     "Microsoft.Owin.Security": "3.0.1",
     "NETStandard.Library": "1.6.1-*"
   },
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 8bbb453200..719a55c19c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -4,15 +4,15 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.Facebook": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.Google": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0-*",
-    "Microsoft.AspNetCore.Authentication.Twitter": "1.1.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.1.0-*",
-    "Microsoft.AspNetCore.Testing": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.Facebook": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.Google": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.2.0-*",
+    "Microsoft.AspNetCore.Authentication.Twitter": "1.2.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.2.0-*",
+    "Microsoft.AspNetCore.Testing": "1.2.0-*",
     "xunit": "2.2.0-*"
   },
   "frameworks": {
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index c483cee312..15bb60f492 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -4,10 +4,10 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authorization": "1.1.0-*",
-    "Microsoft.AspNetCore.Testing": "1.1.0-*",
-    "Microsoft.Extensions.DependencyInjection": "1.1.0-*",
-    "Microsoft.Extensions.Logging": "1.1.0-*",
+    "Microsoft.AspNetCore.Authorization": "1.2.0-*",
+    "Microsoft.AspNetCore.Testing": "1.2.0-*",
+    "Microsoft.Extensions.DependencyInjection": "1.2.0-*",
+    "Microsoft.Extensions.Logging": "1.2.0-*",
     "xunit": "2.2.0-*"
   },
   "frameworks": {
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
index 0597e0fab8..920882e455 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
@@ -5,10 +5,10 @@
   "dependencies": {
     "dotnet-test-xunit": "2.2.0-*",
     "Microsoft.AspNetCore.ChunkingCookieManager.Sources": {
-      "version": "1.1.0-*",
+      "version": "1.2.0-*",
       "type": "build"
     },
-    "Microsoft.AspNetCore.Http": "1.1.0-*",
+    "Microsoft.AspNetCore.Http": "1.2.0-*",
     "xunit": "2.2.0-*"
   },
   "frameworks": {
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index df7e38f4ab..cce61bd691 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -4,10 +4,10 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.CookiePolicy": "1.1.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.1.0-*",
-    "Microsoft.Extensions.DependencyInjection": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.CookiePolicy": "1.2.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.2.0-*",
+    "Microsoft.Extensions.DependencyInjection": "1.2.0-*",
     "xunit": "2.2.0-*"
   },
   "frameworks": {
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index 89709865e0..bd37d47b91 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -4,10 +4,10 @@
   },
   "dependencies": {
     "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.1.0-*",
+    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
+    "Microsoft.AspNetCore.TestHost": "1.2.0-*",
     "Microsoft.Owin.Security.Cookies": "3.0.1",
-    "Microsoft.Owin.Security.Interop": "1.1.0-*",
+    "Microsoft.Owin.Security.Interop": "1.2.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
     "NETStandard.Library": "1.6.1-*",
     "xunit": "2.2.0-*"

From 6bf2430899c7b545be80865bff2faa1edb8cca2b Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Fri, 18 Nov 2016 10:57:09 -0800
Subject: [PATCH 660/900] Clean tmp folder after unzipping KoreBuild

---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index f4208100eb..4fd7ede788 100755
--- a/build.sh
+++ b/build.sh
@@ -38,7 +38,7 @@ if test ! -d $buildFolder; then
     chmod +x $buildFile
     
     # Cleanup
-    if test ! -d $tempFolder; then
+    if test -d $tempFolder; then
         rm -rf $tempFolder  
     fi
 fi

From db6135bb792e6fbf017035d5e1059dedb38d8f3d Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Wed, 23 Nov 2016 16:00:22 -0800
Subject: [PATCH 661/900] Pin global.json SDK to 1.0.0-preview2-1-003177.

---
 global.json | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/global.json b/global.json
index 983ba0401e..f45e8cc925 100644
--- a/global.json
+++ b/global.json
@@ -1,3 +1,8 @@
 {
-    "projects": ["src"]
-}
+  "projects": [
+    "src"
+  ],
+  "sdk": {
+    "version": "1.0.0-preview2-1-003177"
+  }
+}
\ No newline at end of file

From 219617fa2123b42eab13f81704f9dd967ab2e01f Mon Sep 17 00:00:00 2001
From: "N. Taylor Mullen" <nimullen@microsoft.com>
Date: Thu, 8 Dec 2016 10:04:15 -0800
Subject: [PATCH 662/900] Update .travis.yml osx image to xcode7.3.

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index d7636fa329..a0be886892 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -19,7 +19,7 @@ mono:
 os:
   - linux
   - osx
-osx_image: xcode7.1
+osx_image: xcode7.3
 branches:
   only:
     - master

From f00db3e66dcd2974bbc61e8caf0f4d76c52b27c9 Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Mon, 12 Dec 2016 00:50:48 -0800
Subject: [PATCH 663/900] Removed packages list in NuGetPackageVerifier.json

---
 NuGetPackageVerifier.json | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/NuGetPackageVerifier.json b/NuGetPackageVerifier.json
index c522f4c1a8..348835e2d2 100644
--- a/NuGetPackageVerifier.json
+++ b/NuGetPackageVerifier.json
@@ -1,23 +1,4 @@
 {
-    "adx": { // Packages written by the ADX team and that ship on NuGet.org
-        "rules": [
-            "AdxVerificationCompositeRule"
-        ],
-        "packages": {
-            "Microsoft.AspNetCore.Authentication": { },
-            "Microsoft.AspNetCore.Authentication.Cookies": { },
-            "Microsoft.AspNetCore.Authentication.Facebook": { },
-            "Microsoft.AspNetCore.Authentication.Google": { },
-            "Microsoft.AspNetCore.Authentication.JwtBearer": { },
-            "Microsoft.AspNetCore.Authentication.MicrosoftAccount": { },
-            "Microsoft.AspNetCore.Authentication.OAuth": { },
-            "Microsoft.AspNetCore.Authentication.OpenIdConnect": { },
-            "Microsoft.AspNetCore.Authentication.Twitter": { },
-            "Microsoft.AspNetCore.Authorization": { },
-            "Microsoft.AspNetCore.CookiePolicy": { },
-            "Microsoft.Owin.Security.Interop": { }
-        }
-    },
     "adx-nonshipping": {
         "rules": [],
         "packages": {

From da4730a3922dd885fdda013f5efa72010a7d0170 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Mon, 12 Dec 2016 15:39:18 -0800
Subject: [PATCH 664/900] #1044 Revert "Auth: Always call prior handlers during
 Challenge"

This reverts commit e12838e38f5f8be8371c0a7b02d9ce47e0663ce0.
---
 .../AuthenticationHandler.cs                          | 10 +++++-----
 .../AuthenticationHandlerFacts.cs                     | 11 ++++++-----
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index ae32424ebd..8e7e427659 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -327,7 +327,6 @@ namespace Microsoft.AspNetCore.Authentication
         /// Override this method to deal with a challenge that is forbidden.
         /// </summary>
         /// <param name="context"></param>
-        /// <returns>The returned boolean is ignored.</returns>
         protected virtual Task<bool> HandleForbiddenAsync(ChallengeContext context)
         {
             Response.StatusCode = 403;
@@ -340,7 +339,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// changing the 401 result to 302 of a login page or external sign-in location.)
         /// </summary>
         /// <param name="context"></param>
-        /// <returns>The returned boolean is no longer used.</returns>
+        /// <returns>True if no other handlers should be called</returns>
         protected virtual Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
         {
             Response.StatusCode = 401;
@@ -350,6 +349,7 @@ namespace Microsoft.AspNetCore.Authentication
         public async Task ChallengeAsync(ChallengeContext context)
         {
             ChallengeCalled = true;
+            var handled = false;
             if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
             {
                 switch (context.Behavior)
@@ -363,18 +363,18 @@ namespace Microsoft.AspNetCore.Authentication
                         }
                         goto case ChallengeBehavior.Unauthorized;
                     case ChallengeBehavior.Unauthorized:
-                        await HandleUnauthorizedAsync(context);
+                        handled = await HandleUnauthorizedAsync(context);
                         Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
                         break;
                     case ChallengeBehavior.Forbidden:
-                        await HandleForbiddenAsync(context);
+                        handled = await HandleForbiddenAsync(context);
                         Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
                         break;
                 }
                 context.Accept();
             }
 
-            if (PriorHandler != null)
+            if (!handled && PriorHandler != null)
             {
                 await PriorHandler.ChallengeAsync(context);
             }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
index 2cf11669d3..fade43716e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
@@ -75,16 +75,17 @@ namespace Microsoft.AspNetCore.Authentication
             Assert.Equal(1, handler.AuthCount);
         }
 
-        // Prior to https://github.com/aspnet/Security/issues/930 we wouldn't call prior if handled
-        [Fact]
-        public async Task AuthHandlerChallengeAlwaysCallsPriorHandler()
+        [Theory]
+        [InlineData("Alpha", false)]
+        [InlineData("Bravo", true)]
+        public async Task AuthHandlerChallengeCallsPriorHandlerIfNotHandled(string challenge, bool passedThrough)
         {
             var handler = await TestHandler.Create("Alpha");
             var previous = new PreviousHandler();
 
             handler.PriorHandler = previous;
-            await handler.ChallengeAsync(new ChallengeContext("Alpha"));
-            Assert.True(previous.ChallengeCalled);
+            await handler.ChallengeAsync(new ChallengeContext(challenge));
+            Assert.Equal(passedThrough, previous.ChallengeCalled);
         }
 
         private class PreviousHandler : IAuthenticationHandler

From 7ab28ecdc60a565e467bd911f4cd556d780c92f9 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 5 Dec 2016 09:03:50 -0800
Subject: [PATCH 665/900] Updating to 4.4 CoreFx packages

---
 global.json                                                   | 2 +-
 samples/CookieSample/project.json                             | 2 +-
 samples/CookieSessionSample/project.json                      | 2 +-
 samples/JwtBearerSample/project.json                          | 2 +-
 samples/OpenIdConnect.AzureAdSample/project.json              | 2 +-
 samples/OpenIdConnectSample/project.json                      | 2 +-
 samples/SocialSample/project.json                             | 2 +-
 src/Microsoft.AspNetCore.Authentication.Cookies/project.json  | 2 +-
 src/Microsoft.AspNetCore.Authentication.Facebook/project.json | 2 +-
 src/Microsoft.AspNetCore.Authentication.Google/project.json   | 2 +-
 .../project.json                                              | 2 +-
 .../project.json                                              | 2 +-
 src/Microsoft.AspNetCore.Authentication.OAuth/project.json    | 4 ++--
 .../project.json                                              | 2 +-
 src/Microsoft.AspNetCore.Authentication.Twitter/project.json  | 2 +-
 src/Microsoft.AspNetCore.Authentication/project.json          | 2 +-
 src/Microsoft.AspNetCore.Authorization/project.json           | 4 ++--
 .../project.json                                              | 2 +-
 src/Microsoft.AspNetCore.CookiePolicy/project.json            | 2 +-
 src/Microsoft.Owin.Security.Interop/project.json              | 2 +-
 test/Microsoft.AspNetCore.Authentication.Test/project.json    | 2 +-
 test/Microsoft.AspNetCore.Authorization.Test/project.json     | 2 +-
 .../project.json                                              | 2 +-
 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json      | 2 +-
 test/Microsoft.Owin.Security.Interop.Test/project.json        | 2 +-
 25 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/global.json b/global.json
index f45e8cc925..0ad1995dd2 100644
--- a/global.json
+++ b/global.json
@@ -3,6 +3,6 @@
     "src"
   ],
   "sdk": {
-    "version": "1.0.0-preview2-1-003177"
+    "version": "1.0.0-preview2-1-003180"
   }
 }
\ No newline at end of file
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
index ae4abcc286..9815401c95 100644
--- a/samples/CookieSample/project.json
+++ b/samples/CookieSample/project.json
@@ -15,7 +15,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
index 0892ae8fb9..728956503b 100644
--- a/samples/CookieSessionSample/project.json
+++ b/samples/CookieSessionSample/project.json
@@ -16,7 +16,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
index a70a9bea97..794cc4a6a3 100644
--- a/samples/JwtBearerSample/project.json
+++ b/samples/JwtBearerSample/project.json
@@ -16,7 +16,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
index 26da355f36..9d3c75d288 100644
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ b/samples/OpenIdConnect.AzureAdSample/project.json
@@ -14,7 +14,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index c429cfd2bd..446afd02a9 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -16,7 +16,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
index c46f461b78..c1cf78b49e 100644
--- a/samples/SocialSample/project.json
+++ b/samples/SocialSample/project.json
@@ -22,7 +22,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
index 8cdb4bf1ef..454540392c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
@@ -37,7 +37,7 @@
       "type": "build"
     },
     "Microsoft.Extensions.WebEncoders": "1.2.0-*",
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
index 5f60a7f810..4d581dce1e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
@@ -24,7 +24,7 @@
     "Microsoft.AspNetCore.Authentication.OAuth": {
       "target": "project"
     },
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
index 1b24f2c996..f8d8e34171 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/project.json
@@ -24,7 +24,7 @@
     "Microsoft.AspNetCore.Authentication.OAuth": {
       "target": "project"
     },
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
index 65a3888243..271e353392 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
@@ -29,7 +29,7 @@
       "type": "build"
     },
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
index 7a2a8436ba..634b455af4 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
@@ -24,7 +24,7 @@
     "Microsoft.AspNetCore.Authentication.OAuth": {
       "target": "project"
     },
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
index 565b72537b..525f21fc0c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
@@ -28,14 +28,14 @@
       "version": "1.2.0-*",
       "type": "build"
     },
-    "NETStandard.Library": "1.6.1-*",
+    "NETStandard.Library": "1.6.2-*",
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
     "net451": {},
     "netstandard1.3": {
       "dependencies": {
-        "System.Runtime.Serialization.Primitives": "4.3.0-*"
+        "System.Runtime.Serialization.Primitives": "4.4.0-*"
       }
     }
   }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
index dc137510a4..1b513d926c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
@@ -29,7 +29,7 @@
       "type": "build"
     },
     "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
index c4fa7ea462..2d31ec0b20 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
@@ -28,7 +28,7 @@
       "version": "1.2.0-*",
       "type": "build"
     },
-    "NETStandard.Library": "1.6.1-*",
+    "NETStandard.Library": "1.6.2-*",
     "Newtonsoft.Json": "9.0.1"
   },
   "frameworks": {
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
index 2006c8497a..0dcf5a7896 100644
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ b/src/Microsoft.AspNetCore.Authentication/project.json
@@ -35,7 +35,7 @@
       "type": "build"
     },
     "Microsoft.Extensions.WebEncoders": "1.2.0-*",
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
index 3875aae17e..883e92641b 100644
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ b/src/Microsoft.AspNetCore.Authorization/project.json
@@ -26,7 +26,7 @@
       "version": "1.2.0-*",
       "type": "build"
     },
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {
@@ -38,7 +38,7 @@
     },
     "netstandard1.3": {
       "dependencies": {
-        "System.Security.Claims": "4.3.0-*"
+        "System.Security.Claims": "4.4.0-*"
       }
     }
   }
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
index 693fba630a..7ccf0307dc 100644
--- a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
+++ b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
@@ -4,7 +4,7 @@
   "dependencies": {
     "Microsoft.AspNetCore.Http.Abstractions": "1.2.0-*",
     "Microsoft.Net.Http.Headers": "1.2.0-*",
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
index 5a0eca5f43..95eede5db2 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/project.json
@@ -21,7 +21,7 @@
   "dependencies": {
     "Microsoft.AspNetCore.Http": "1.2.0-*",
     "Microsoft.Extensions.Options": "1.2.0-*",
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {},
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
index 82e22660d8..54b4c97ccc 100644
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ b/src/Microsoft.Owin.Security.Interop/project.json
@@ -20,7 +20,7 @@
   "dependencies": {
     "Microsoft.AspNetCore.DataProtection.Extensions": "1.2.0-*",
     "Microsoft.Owin.Security": "3.0.1",
-    "NETStandard.Library": "1.6.1-*"
+    "NETStandard.Library": "1.6.2-*"
   },
   "frameworks": {
     "net451": {}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
index 719a55c19c..7477e93fae 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authentication.Test/project.json
@@ -19,7 +19,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
index 15bb60f492..dfb4e72881 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ b/test/Microsoft.AspNetCore.Authorization.Test/project.json
@@ -14,7 +14,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
index 920882e455..d8761ffa3d 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
@@ -15,7 +15,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
index cce61bd691..d849b6bc24 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
@@ -14,7 +14,7 @@
     "netcoreapp1.1": {
       "dependencies": {
         "Microsoft.NETCore.App": {
-          "version": "1.1.0-*",
+          "version": "1.2.0-*",
           "type": "platform"
         }
       }
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
index bd37d47b91..43738eba99 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ b/test/Microsoft.Owin.Security.Interop.Test/project.json
@@ -9,7 +9,7 @@
     "Microsoft.Owin.Security.Cookies": "3.0.1",
     "Microsoft.Owin.Security.Interop": "1.2.0-*",
     "Microsoft.Owin.Testing": "3.0.1",
-    "NETStandard.Library": "1.6.1-*",
+    "NETStandard.Library": "1.6.2-*",
     "xunit": "2.2.0-*"
   },
   "frameworks": {

From ba8f85d9726d9810cf9c017a4f51762cd52abd9b Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 4 Jan 2017 16:48:28 -0800
Subject: [PATCH 666/900] Upgrade to VS 2017

---
 Security.sln                                  |  68 +++++++-----------
 build.ps1                                     |   2 +-
 build.sh                                      |   2 +-
 {tools => build}/Key.snk                      | Bin
 build/common.props                            |  20 ++++++
 global.json                                   |   8 ---
 makefile.shade                                |   8 +++
 samples/CookieSample/CookieSample.csproj      |  44 ++++++++++++
 samples/CookieSample/CookieSample.xproj       |  18 -----
 samples/CookieSample/project.json             |  35 ---------
 .../CookieSessionSample.csproj                |  44 ++++++++++++
 .../CookieSessionSample.xproj                 |  18 -----
 samples/CookieSessionSample/project.json      |  36 ----------
 .../JwtBearerSample/JwtBearerSample.csproj    |  45 ++++++++++++
 samples/JwtBearerSample/JwtBearerSample.xproj |  23 ------
 samples/JwtBearerSample/project.json          |  39 ----------
 .../OpenIdConnect.AzureAdSample.csproj        |  50 +++++++++++++
 .../OpenIdConnect.AzureAdSample.xproj         |  23 ------
 .../OpenIdConnect.AzureAdSample/project.json  |  40 -----------
 .../OpenIdConnectSample.csproj                |  51 +++++++++++++
 .../OpenIdConnectSample.xproj                 |  18 -----
 samples/OpenIdConnectSample/project.json      |  42 -----------
 samples/SocialSample/SocialSample.csproj      |  53 ++++++++++++++
 samples/SocialSample/SocialSample.xproj       |  18 -----
 samples/SocialSample/project.json             |  44 ------------
 .../ChunkingCookieManager.cs                  |   0
 shared/build.proj                             |  24 +++++++
 shared/sources.nuspec                         |  19 +++++
 ...t.AspNetCore.Authentication.Cookies.csproj |  42 +++++++++++
 ...ft.AspNetCore.Authentication.Cookies.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../__TemporarySources__/TaskCache.cs         |  23 ++++++
 .../__TemporarySources__/TaskCacheOfT.cs      |  16 +++++
 .../project.json                              |  46 ------------
 ....AspNetCore.Authentication.Facebook.csproj |  37 ++++++++++
 ...t.AspNetCore.Authentication.Facebook.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../project.json                              |  33 ---------
 ...ft.AspNetCore.Authentication.Google.csproj |  37 ++++++++++
 ...oft.AspNetCore.Authentication.Google.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../project.json                              |  33 ---------
 ...AspNetCore.Authentication.JwtBearer.csproj |  39 ++++++++++
 ....AspNetCore.Authentication.JwtBearer.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../__TemporarySources__/TaskCache.cs         |  23 ++++++
 .../__TemporarySources__/TaskCacheOfT.cs      |  16 +++++
 .../project.json                              |  38 ----------
 ...ore.Authentication.MicrosoftAccount.csproj |  37 ++++++++++
 ...Core.Authentication.MicrosoftAccount.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../project.json                              |  33 ---------
 ...oft.AspNetCore.Authentication.OAuth.csproj |  43 +++++++++++
 ...soft.AspNetCore.Authentication.OAuth.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../__TemporarySources__/TaskCache.cs         |  23 ++++++
 .../__TemporarySources__/TaskCacheOfT.cs      |  16 +++++
 .../project.json                              |  42 -----------
 ...etCore.Authentication.OpenIdConnect.csproj |  39 ++++++++++
 ...NetCore.Authentication.OpenIdConnect.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../__TemporarySources__/TaskCache.cs         |  23 ++++++
 .../__TemporarySources__/TaskCacheOfT.cs      |  16 +++++
 .../project.json                              |  38 ----------
 ...t.AspNetCore.Authentication.Twitter.csproj |  39 ++++++++++
 ...ft.AspNetCore.Authentication.Twitter.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../__TemporarySources__/TaskCache.cs         |  23 ++++++
 .../__TemporarySources__/TaskCacheOfT.cs      |  16 +++++
 .../project.json                              |  38 ----------
 ...Microsoft.AspNetCore.Authentication.csproj |  40 +++++++++++
 .../Microsoft.AspNetCore.Authentication.xproj |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../__TemporarySources__/SecurityHelper.cs    |  40 +++++++++++
 .../__TemporarySources__/TaskCache.cs         |  23 ++++++
 .../__TemporarySources__/TaskCacheOfT.cs      |  16 +++++
 .../project.json                              |  48 -------------
 .../Microsoft.AspNetCore.Authorization.csproj |  41 +++++++++++
 .../Microsoft.AspNetCore.Authorization.xproj  |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../__TemporarySources__/TaskCache.cs         |  23 ++++++
 .../__TemporarySources__/TaskCacheOfT.cs      |  16 +++++
 .../project.json                              |  45 ------------
 ...etCore.ChunkingCookieManager.Sources.xproj |  18 -----
 .../project.json                              |  13 ----
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |  29 ++++++++
 .../Microsoft.AspNetCore.CookiePolicy.xproj   |  17 -----
 .../Properties/AssemblyInfo.cs                |  11 ---
 .../project.json                              |  30 --------
 .../Microsoft.Owin.Security.Interop.csproj    |  29 ++++++++
 .../Microsoft.Owin.Security.Interop.xproj     |  17 -----
 .../Properties/AssemblyInfo.cs                |   9 +--
 .../project.json                              |  28 --------
 ...soft.AspNetCore.Authentication.Test.csproj |  50 +++++++++++++
 ...osoft.AspNetCore.Authentication.Test.xproj |  20 ------
 .../project.json                              |  30 --------
 ...osoft.AspNetCore.Authorization.Test.csproj |  39 ++++++++++
 ...rosoft.AspNetCore.Authorization.Test.xproj |  20 ------
 .../project.json                              |  25 -------
 ....ChunkingCookieManager.Sources.Test.csproj |  31 ++++++++
 ...e.ChunkingCookieManager.Sources.Test.xproj |  21 ------
 .../project.json                              |  26 -------
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |  42 +++++++++++
 ...crosoft.AspNetCore.CookiePolicy.Test.xproj |  20 ------
 .../project.json                              |  25 -------
 ...icrosoft.Owin.Security.Interop.Test.csproj |  40 +++++++++++
 ...Microsoft.Owin.Security.Interop.Test.xproj |  20 ------
 .../project.json                              |  19 -----
 version.props                                 |   7 ++
 109 files changed, 1360 insertions(+), 1449 deletions(-)
 rename {tools => build}/Key.snk (100%)
 create mode 100644 build/common.props
 delete mode 100644 global.json
 create mode 100644 makefile.shade
 create mode 100644 samples/CookieSample/CookieSample.csproj
 delete mode 100644 samples/CookieSample/CookieSample.xproj
 delete mode 100644 samples/CookieSample/project.json
 create mode 100644 samples/CookieSessionSample/CookieSessionSample.csproj
 delete mode 100644 samples/CookieSessionSample/CookieSessionSample.xproj
 delete mode 100644 samples/CookieSessionSample/project.json
 create mode 100644 samples/JwtBearerSample/JwtBearerSample.csproj
 delete mode 100644 samples/JwtBearerSample/JwtBearerSample.xproj
 delete mode 100644 samples/JwtBearerSample/project.json
 create mode 100644 samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
 delete mode 100644 samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
 delete mode 100644 samples/OpenIdConnect.AzureAdSample/project.json
 create mode 100644 samples/OpenIdConnectSample/OpenIdConnectSample.csproj
 delete mode 100644 samples/OpenIdConnectSample/OpenIdConnectSample.xproj
 delete mode 100644 samples/OpenIdConnectSample/project.json
 create mode 100644 samples/SocialSample/SocialSample.csproj
 delete mode 100644 samples/SocialSample/SocialSample.xproj
 delete mode 100644 samples/SocialSample/project.json
 rename {src => shared}/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs (100%)
 create mode 100644 shared/build.proj
 create mode 100644 shared/sources.nuspec
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Google/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/project.json
 create mode 100644 src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
 delete mode 100644 src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
 delete mode 100644 src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authorization/project.json
 delete mode 100644 src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj
 delete mode 100644 src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
 create mode 100644 src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
 delete mode 100644 src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
 delete mode 100644 src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
 delete mode 100644 src/Microsoft.AspNetCore.CookiePolicy/project.json
 create mode 100644 src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
 delete mode 100644 src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
 delete mode 100644 src/Microsoft.Owin.Security.Interop/project.json
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/project.json
 create mode 100644 test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
 delete mode 100644 test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
 delete mode 100644 test/Microsoft.AspNetCore.Authorization.Test/project.json
 create mode 100644 test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
 delete mode 100644 test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj
 delete mode 100644 test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
 create mode 100644 test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
 delete mode 100644 test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
 delete mode 100644 test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
 create mode 100644 test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
 delete mode 100644 test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
 delete mode 100644 test/Microsoft.Owin.Security.Interop.Test/project.json
 create mode 100644 version.props

diff --git a/Security.sln b/Security.sln
index c84ec1bd96..50805feb16 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,65 +1,58 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 14
-VisualStudioVersion = 14.0.25420.1
+# Visual Studio 15
+VisualStudioVersion = 15.0.26020.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSample", "samples\CookieSample\CookieSample.xproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CookieSample", "samples\CookieSample\CookieSample.csproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{7BF11F3A-60B6-4796-B504-579C67FFBA34}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{C40A5A3B-ABA3-4819-9C44-D821E6DA1BA1}"
-	ProjectSection(SolutionItems) = preProject
-		global.json = global.json
-	EndProjectSection
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SocialSample", "samples\SocialSample\SocialSample.csproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "SocialSample", "samples\SocialSample\SocialSample.xproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CookieSessionSample", "samples\CookieSessionSample\CookieSessionSample.csproj", "{19711880-46DA-4A26-9E0F-9B2E41D27651}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "CookieSessionSample", "samples\CookieSessionSample\CookieSessionSample.xproj", "{19711880-46DA-4A26-9E0F-9B2E41D27651}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIdConnectSample", "samples\OpenIdConnectSample\OpenIdConnectSample.csproj", "{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnectSample", "samples\OpenIdConnectSample\OpenIdConnectSample.xproj", "{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Cookies", "src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Cookies", "src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.xproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication", "src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication", "src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.xproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Facebook", "src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Facebook", "src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.xproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Google", "src\Microsoft.AspNetCore.Authentication.Google\Microsoft.AspNetCore.Authentication.Google.csproj", "{76579C39-B829-490D-B8BE-1BD35FE8412E}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Google", "src\Microsoft.AspNetCore.Authentication.Google\Microsoft.AspNetCore.Authentication.Google.xproj", "{76579C39-B829-490D-B8BE-1BD35FE8412E}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.OpenIdConnect", "src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj", "{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.OpenIdConnect", "src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj", "{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.MicrosoftAccount", "src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj", "{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.MicrosoftAccount", "src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj", "{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Twitter", "src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj", "{0330FFF6-B4B5-42DD-8C99-26A789569000}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Twitter", "src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.xproj", "{0330FFF6-B4B5-42DD-8C99-26A789569000}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.OAuth", "src\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.OAuth", "src\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.xproj", "{1657C79E-7755-4AEE-9D61-571295B69A30}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Test", "test\Microsoft.AspNetCore.Authentication.Test\Microsoft.AspNetCore.Authentication.Test.csproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.Test", "test\Microsoft.AspNetCore.Authentication.Test\Microsoft.AspNetCore.Authentication.Test.xproj", "{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authorization.Test", "test\Microsoft.AspNetCore.Authorization.Test\Microsoft.AspNetCore.Authorization.Test.csproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authorization.Test", "test\Microsoft.AspNetCore.Authorization.Test\Microsoft.AspNetCore.Authorization.Test.xproj", "{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authorization", "src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authorization", "src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.xproj", "{6AB3E514-5894-4131-9399-DC7D5284ADDB}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.CookiePolicy", "src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.csproj", "{86183DC3-02A8-4A68-8B60-71ECEC066E79}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.CookiePolicy", "src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.xproj", "{86183DC3-02A8-4A68-8B60-71ECEC066E79}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.CookiePolicy.Test", "test\Microsoft.AspNetCore.CookiePolicy.Test\Microsoft.AspNetCore.CookiePolicy.Test.csproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.CookiePolicy.Test", "test\Microsoft.AspNetCore.CookiePolicy.Test\Microsoft.AspNetCore.CookiePolicy.Test.xproj", "{1790E052-646F-4529-B90E-6FEA95520D69}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.JwtBearer", "src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.Authentication.JwtBearer", "src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.xproj", "{2755BFE5-7421-4A31-A644-F817DF5CAA98}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "JwtBearerSample", "samples\JwtBearerSample\JwtBearerSample.csproj", "{D399B84F-591B-4E98-92BA-B0F63E7B6957}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "JwtBearerSample", "samples\JwtBearerSample\JwtBearerSample.xproj", "{D399B84F-591B-4E98-92BA-B0F63E7B6957}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Owin.Security.Interop", "src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj", "{A7922DD8-09F1-43E4-938B-CC523EA08898}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Interop", "src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.xproj", "{A7922DD8-09F1-43E4-938B-CC523EA08898}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Owin.Security.Interop.Test", "test\Microsoft.Owin.Security.Interop.Test\Microsoft.Owin.Security.Interop.Test.csproj", "{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.Owin.Security.Interop.Test", "test\Microsoft.Owin.Security.Interop.Test\Microsoft.Owin.Security.Interop.Test.xproj", "{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIdConnect.AzureAdSample", "samples\OpenIdConnect.AzureAdSample\OpenIdConnect.AzureAdSample.csproj", "{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}"
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "OpenIdConnect.AzureAdSample", "samples\OpenIdConnect.AzureAdSample\OpenIdConnect.AzureAdSample.xproj", "{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}"
-EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.ChunkingCookieManager.Sources", "src\Microsoft.AspNetCore.ChunkingCookieManager.Sources\Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj", "{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}"
-EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test", "test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj", "{51563775-C659-4907-9BAF-9995BAB87D01}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test", "test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj", "{51563775-C659-4907-9BAF-9995BAB87D01}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -329,16 +322,6 @@ Global
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.ActiveCfg = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.Build.0 = Release|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Debug|x86.Build.0 = Debug|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|Any CPU.Build.0 = Release|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|x86.ActiveCfg = Release|Any CPU
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3}.Release|x86.Build.0 = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -378,7 +361,6 @@ Global
 		{A7922DD8-09F1-43E4-938B-CC523EA08898} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
-		{2690FBE6-9D27-4C84-B82C-11188B0BCDA3} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 	EndGlobalSection
 EndGlobal
diff --git a/build.ps1 b/build.ps1
index 8f2f99691a..0605b59c01 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/feature/msbuild.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index 4fd7ede788..07997d6c83 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/feature/msbuild.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi
diff --git a/tools/Key.snk b/build/Key.snk
similarity index 100%
rename from tools/Key.snk
rename to build/Key.snk
diff --git a/build/common.props b/build/common.props
new file mode 100644
index 0000000000..700582a850
--- /dev/null
+++ b/build/common.props
@@ -0,0 +1,20 @@
+<Project>
+  <Import Project="..\version.props" />
+  <Import Project="..\.build\common.props" Condition="Exists('..\.build\common.props')" />
+
+  <PropertyGroup>
+    <RepositoryUrl>https://github.com/aspnet/Security</RepositoryUrl>
+    <RepositoryType>git</RepositoryType>
+    <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)Key.snk</AssemblyOriginatorKeyFile>
+    <SignAssembly>true</SignAssembly>
+    <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
+    <Product>Microsoft ASP.NET Core</Product>
+  </PropertyGroup>
+
+  <Target Name="EnsureInitialized"
+          BeforeTargets="Build"
+          Condition="!Exists('$(MSBuildThisFileDirectory)..\.build\common.props')">
+    <Error File="$(MSBuildProjectFile)"
+           Text="Project has not been initialized. Run 'build initialize' in the solution directory '$(MSBuildThisFileDirectory)'" />
+  </Target>
+</Project>
\ No newline at end of file
diff --git a/global.json b/global.json
deleted file mode 100644
index 0ad1995dd2..0000000000
--- a/global.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  "projects": [
-    "src"
-  ],
-  "sdk": {
-    "version": "1.0.0-preview2-1-003180"
-  }
-}
\ No newline at end of file
diff --git a/makefile.shade b/makefile.shade
new file mode 100644
index 0000000000..f5ea5ac9eb
--- /dev/null
+++ b/makefile.shade
@@ -0,0 +1,8 @@
+
+var VERSION='0.1'
+var FULL_VERSION='0.1'
+use-standard-lifecycle
+k-standard-goals
+
+#pack-sources target='build-pack'
+    dotnet command='msbuild shared/build.proj /t:Pack /v:n'
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
new file mode 100644
index 0000000000..623896b736
--- /dev/null
+++ b/samples/CookieSample/CookieSample.csproj
@@ -0,0 +1,44 @@
+<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+
+  <PropertyGroup>
+    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <OutputType>Exe</OutputType>
+    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
+    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="web.config">
+      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
+    </Content>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/CookieSample/CookieSample.xproj b/samples/CookieSample/CookieSample.xproj
deleted file mode 100644
index f6575c3e0a..0000000000
--- a/samples/CookieSample/CookieSample.xproj
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>558c2c2a-aed8-49de-bb60-d5f8ae06c714</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>22569</DevelopmentServerPort>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/samples/CookieSample/project.json b/samples/CookieSample/project.json
deleted file mode 100644
index 9815401c95..0000000000
--- a/samples/CookieSample/project.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.2.0-*"
-  },
-  "buildOptions": {
-    "emitEntryPoint": true
-  },
-  "frameworks": {
-    "net451": {},
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    }
-  },
-  "publishOptions": {
-    "include": [
-      "web.config"
-    ]
-  },
-  "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
-  },
-  "scripts": {
-    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
-  }
-}
\ No newline at end of file
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
new file mode 100644
index 0000000000..fb189cef4f
--- /dev/null
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -0,0 +1,44 @@
+<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+
+  <PropertyGroup>
+    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <OutputType>Exe</OutputType>
+    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
+    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="web.config">
+      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
+    </Content>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.xproj b/samples/CookieSessionSample/CookieSessionSample.xproj
deleted file mode 100644
index 1c347c845f..0000000000
--- a/samples/CookieSessionSample/CookieSessionSample.xproj
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>19711880-46da-4a26-9e0f-9b2e41d27651</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>36505</DevelopmentServerPort>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/project.json b/samples/CookieSessionSample/project.json
deleted file mode 100644
index 728956503b..0000000000
--- a/samples/CookieSessionSample/project.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
-    "Microsoft.Extensions.Caching.Memory": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.2.0-*"
-  },
-  "buildOptions": {
-    "emitEntryPoint": true
-  },
-  "frameworks": {
-    "net451": {},
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    }
-  },
-  "publishOptions": {
-    "include": [
-      "web.config"
-    ]
-  },
-  "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
-  },
-  "scripts": {
-    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
-  }
-}
\ No newline at end of file
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
new file mode 100644
index 0000000000..2d94cdbdf8
--- /dev/null
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -0,0 +1,45 @@
+<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+
+  <PropertyGroup>
+    <VersionPrefix>1.1.0</VersionPrefix>
+    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
+    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+    <OutputType>Exe</OutputType>
+    <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="wwwroot\**\*;web.config">
+      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
+    </Content>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/JwtBearerSample/JwtBearerSample.xproj b/samples/JwtBearerSample/JwtBearerSample.xproj
deleted file mode 100644
index 97f5837ce5..0000000000
--- a/samples/JwtBearerSample/JwtBearerSample.xproj
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>d399b84f-591b-4e98-92ba-b0f63e7b6957</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <ItemGroup>
-    <DnxInvisibleContent Include="bower.json" />
-    <DnxInvisibleContent Include=".bowerrc" />
-    <DnxInvisibleContent Include="package.json" />
-    <DnxInvisibleContent Include=".npmrc" />
-  </ItemGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/samples/JwtBearerSample/project.json b/samples/JwtBearerSample/project.json
deleted file mode 100644
index 794cc4a6a3..0000000000
--- a/samples/JwtBearerSample/project.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-  "version": "1.1.0-*",
-  "buildOptions": {
-    "emitEntryPoint": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
-    "Microsoft.AspNetCore.StaticFiles": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    }
-  },
-  "publishOptions": {
-    "include": [
-      "project.json",
-      "wwwroot",
-      "web.config"
-    ]
-  },
-  "userSecretsId": "aspnet5-JwtBearerSample-20151210102827",
-  "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
-  },
-  "scripts": {
-    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
-  }
-}
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
new file mode 100644
index 0000000000..7331e7f051
--- /dev/null
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -0,0 +1,50 @@
+<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+
+  <PropertyGroup>
+    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <OutputType>Exe</OutputType>
+    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
+    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+    <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="web.config">
+      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
+    </Content>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.4" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
deleted file mode 100644
index 26e9f9030b..0000000000
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.xproj
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>3a7ad414-ebde-4f92-b307-4e8f19b6117e</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <ItemGroup>
-    <DnxInvisibleContent Include="bower.json" />
-    <DnxInvisibleContent Include=".bowerrc" />
-    <DnxInvisibleContent Include="package.json" />
-    <DnxInvisibleContent Include=".npmrc" />
-  </ItemGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/project.json b/samples/OpenIdConnect.AzureAdSample/project.json
deleted file mode 100644
index 9d3c75d288..0000000000
--- a/samples/OpenIdConnect.AzureAdSample/project.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.2.0-*",
-    "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.13.4"
-  },
-  "frameworks": {
-    "net451": {},
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    }
-  },
-  "buildOptions": {
-    "emitEntryPoint": true
-  },
-  "publishOptions": {
-    "include": [
-      "project.json",
-      "web.config"
-    ]
-  },
-  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
-  "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*",
-    "Microsoft.Extensions.SecretManager.Tools": "1.0.0-*"
-  },
-  "scripts": {
-    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
-  }
-}
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
new file mode 100644
index 0000000000..dfb0231079
--- /dev/null
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -0,0 +1,51 @@
+<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+
+  <PropertyGroup>
+    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <OutputType>Exe</OutputType>
+    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
+    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+    <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="web.config" CopyToPublishDirectory="PreserveNewest" />
+    <EmbeddedResource Include="compiler\resources\**\*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj b/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
deleted file mode 100644
index 9029ad0f13..0000000000
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.xproj
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>bef0f5c3-ef4e-4649-9c49-d5e279a3ca2b</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>42023</DevelopmentServerPort>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
deleted file mode 100644
index 446afd02a9..0000000000
--- a/samples/OpenIdConnectSample/project.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*",
-    "Microsoft.Extensions.FileProviders.Embedded": "1.2.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.2.0-*",
-    "Microsoft.Extensions.Logging.Debug": "1.2.0-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    }
-  },
-  "buildOptions": {
-    "emitEntryPoint": true
-  },
-  "publishOptions": {
-    "include": [
-      "project.json",
-      "web.config"
-    ]
-  },
-  "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
-  "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*",
-    "Microsoft.Extensions.SecretManager.Tools": "1.0.0-*"
-  },
-  "scripts": {
-    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
-  }
-}
\ No newline at end of file
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
new file mode 100644
index 0000000000..71900b9b5d
--- /dev/null
+++ b/samples/SocialSample/SocialSample.csproj
@@ -0,0 +1,53 @@
+<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+
+  <PropertyGroup>
+    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <OutputType>Exe</OutputType>
+    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
+    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+    <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="web.config" CopyToPublishDirectory="PreserveNewest" />
+    <EmbeddedResource Include="compiler\resources\**\*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Google\Microsoft.AspNetCore.Authentication.Google.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/SocialSample/SocialSample.xproj b/samples/SocialSample/SocialSample.xproj
deleted file mode 100644
index b439f74d10..0000000000
--- a/samples/SocialSample/SocialSample.xproj
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>8c73d216-332d-41d8-bfd0-45bc4bc36552</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-    <DevelopmentServerPort>54540</DevelopmentServerPort>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/samples/SocialSample/project.json b/samples/SocialSample/project.json
deleted file mode 100644
index c1cf78b49e..0000000000
--- a/samples/SocialSample/project.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Facebook": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Google": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Twitter": "1.2.0-*",
-    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.IISIntegration": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel": "1.2.0-*",
-    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.2.0-*",
-    "Microsoft.Extensions.Configuration.UserSecrets": "1.2.0-*",
-    "Microsoft.Extensions.FileProviders.Embedded": "1.2.0-*",
-    "Microsoft.Extensions.Logging.Console": "1.2.0-*"
-  },
-  "buildOptions": {
-    "emitEntryPoint": true
-  },
-  "frameworks": {
-    "net451": {},
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    }
-  },
-  "userSecretsId": "aspnet5-SocialSample-20151210111056",
-  "publishOptions": {
-    "include": [
-      "project.json",
-      "web.config"
-    ]
-  },
-  "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
-  },
-  "scripts": {
-    "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
rename to shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
diff --git a/shared/build.proj b/shared/build.proj
new file mode 100644
index 0000000000..d3fc56ba8a
--- /dev/null
+++ b/shared/build.proj
@@ -0,0 +1,24 @@
+<Project ToolsVersion="15.0">
+  <Import Project="..\build\common.props" />
+
+  <PropertyGroup>
+    <OutputPath>$(MSBuildThisFileDirectory)..\artifacts\build</OutputPath>
+    <Version>$(VersionPrefix)</Version>
+    <Version Condition="'$(VersionSuffix)'!=''">$(Version)-$(VersionSuffix)</Version>
+  </PropertyGroup>
+
+  <Target Name="Pack">
+    <MakeDir Directories="$(OutputPath)" />
+    <ItemGroup>
+      <Packages Include="$([System.IO.Directory]::GetDirectories(&quot;$(MSBuildThisFileDirectory)&quot;, '*.Sources'))" />
+    </ItemGroup>
+    <!-- TODO use PackNuspecTask once it is implemented -->
+    <Exec Command="dotnet nuget pack
+&quot;$(MSBuildThisFileDirectory)sources.nuspec&quot;
+--base-path &quot;%(Packages.Identity)&quot;
+--version $(Version)
+--output-directory &quot;$(OutputPath)&quot;
+--properties &quot;id=%(Packages.FileName)%(Packages.Extension)&quot;"
+        />
+  </Target>
+</Project>
\ No newline at end of file
diff --git a/shared/sources.nuspec b/shared/sources.nuspec
new file mode 100644
index 0000000000..0eb708b9b8
--- /dev/null
+++ b/shared/sources.nuspec
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd">
+  <metadata>
+    <id>$id$</id>
+    <version>$version$</version>
+    <authors>Microsoft</authors>
+    <owners>Microsoft</owners>
+    <requireLicenseAcceptance>false</requireLicenseAcceptance>
+    <description>$id$</description>
+    <contentFiles>
+      <files include="contentFiles/cs/**/*.cs" buildAction="Compile" />
+      <files include="**/*.resx" buildAction="EmbeddedResource" />
+    </contentFiles>
+  </metadata>
+  <files>
+    <file src="**\*.resx" target="contentFiles/any/netstandard1.0/" />
+    <file src="**\*.cs" target="contentFiles/cs/netstandard1.0/" />
+  </files>
+</package>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
new file mode 100644
index 0000000000..955afcb397
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -0,0 +1,42 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to use cookie based authentication.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <DefineConstants>$(DefineConstants);SECURITY</DefineConstants>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <Compile Include="..\..\shared\Microsoft.AspNetCore.ChunkingCookieManager.Sources\**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
+    <!-- 
+      TODO remove files in __TemporarySources__ and use this content files package
+      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+     -->
+    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="1.2.0-*" />
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
deleted file mode 100644
index 238c0cec67..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>fc152cc4-054b-457e-8d91-389c5de3c561</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs
new file mode 100644
index 0000000000..67a87fca59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache
+    {
+        /// <summary>
+        /// A <see cref="Task"/> that's already completed successfully.
+        /// </summary>
+        /// <remarks>
+        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
+        /// by <c>Task.CompletedTask</c>.
+        /// </remarks>
+#if NET451
+        public static readonly Task CompletedTask = Task.FromResult(0);
+#else
+        public static readonly Task CompletedTask = Task.CompletedTask;
+#endif
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs
new file mode 100644
index 0000000000..5015e3aba7
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache<T>
+    {
+        /// <summary>
+        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
+        /// </summary>
+        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
+    }
+
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json b/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
deleted file mode 100644
index 454540392c..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/project.json
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core middleware that enables an application to use cookie based authentication.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true,
-    "define": [
-      "SECURITY"
-    ]
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication": {
-      "target": "project"
-    },
-    "Microsoft.AspNetCore.ChunkingCookieManager.Sources": {
-      "type": "build",
-      "target": "project"
-    },
-    "Microsoft.Extensions.Options": "1.2.0-*",
-    "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "Microsoft.Extensions.WebEncoders": "1.2.0-*",
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
new file mode 100644
index 0000000000..a99538405c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -0,0 +1,37 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
deleted file mode 100644
index caa72075ed..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>eeaaee68-607b-4e33-af3e-45c66b4dba5a</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json b/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
deleted file mode 100644
index 4d581dce1e..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/project.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": {
-      "target": "project"
-    },
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
new file mode 100644
index 0000000000..cce86fac68
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -0,0 +1,37 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
deleted file mode 100644
index ab60488729..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>76579c39-b829-490d-b8be-1bd35fe8412e</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/project.json b/src/Microsoft.AspNetCore.Authentication.Google/project.json
deleted file mode 100644
index f8d8e34171..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/project.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": {
-      "target": "project"
-    },
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
new file mode 100644
index 0000000000..41d886031e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -0,0 +1,39 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
+    <TargetFrameworks>net451;netstandard1.4</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <!-- 
+      TODO remove files in __TemporarySources__ and use this content files package
+      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+     -->
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.0" />
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
deleted file mode 100644
index 738458398d..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>2755BFE5-7421-4A31-A644-F817DF5CAA98</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs
new file mode 100644
index 0000000000..67a87fca59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache
+    {
+        /// <summary>
+        /// A <see cref="Task"/> that's already completed successfully.
+        /// </summary>
+        /// <remarks>
+        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
+        /// by <c>Task.CompletedTask</c>.
+        /// </remarks>
+#if NET451
+        public static readonly Task CompletedTask = Task.FromResult(0);
+#else
+        public static readonly Task CompletedTask = Task.CompletedTask;
+#endif
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs
new file mode 100644
index 0000000000..5015e3aba7
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache<T>
+    {
+        /// <summary>
+        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
+        /// </summary>
+        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
+    }
+
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
deleted file mode 100644
index 271e353392..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/project.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication": {
-      "target": "project"
-    },
-    "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.4": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
new file mode 100644
index 0000000000..341096369b
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -0,0 +1,37 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
deleted file mode 100644
index a4ccc98630..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>acb45e19-f520-4d0c-8916-b0ceb9c017fe</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
deleted file mode 100644
index 634b455af4..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/project.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication.OAuth": {
-      "target": "project"
-    },
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
new file mode 100644
index 0000000000..1199750e87
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -0,0 +1,43 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <!-- 
+      TODO remove files in __TemporarySources__ and use this content files package
+      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+     -->
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+    <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
+    <PackageReference Include="System.Runtime.Serialization.Primitives" Version="4.4.0-*" />
+  </ItemGroup>
+
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
deleted file mode 100644
index 20b825dca0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>1657c79e-7755-4aee-9d61-571295b69a30</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs
new file mode 100644
index 0000000000..67a87fca59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache
+    {
+        /// <summary>
+        /// A <see cref="Task"/> that's already completed successfully.
+        /// </summary>
+        /// <remarks>
+        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
+        /// by <c>Task.CompletedTask</c>.
+        /// </remarks>
+#if NET451
+        public static readonly Task CompletedTask = Task.FromResult(0);
+#else
+        public static readonly Task CompletedTask = Task.CompletedTask;
+#endif
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs
new file mode 100644
index 0000000000..5015e3aba7
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache<T>
+    {
+        /// <summary>
+        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
+        /// </summary>
+        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
+    }
+
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json b/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
deleted file mode 100644
index 525f21fc0c..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/project.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication": {
-      "target": "project"
-    },
-    "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "NETStandard.Library": "1.6.2-*",
-    "Newtonsoft.Json": "9.0.1"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {
-      "dependencies": {
-        "System.Runtime.Serialization.Primitives": "4.4.0-*"
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
new file mode 100644
index 0000000000..407dc44ae4
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -0,0 +1,39 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
+    <TargetFrameworks>net451;netstandard1.4</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <!-- 
+      TODO remove files in __TemporarySources__ and use this content files package
+      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+     -->
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.0" />
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
deleted file mode 100644
index 6a07e81203..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>35115d55-b69e-46d4-bb33-c9e9e6ec5e7a</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs
new file mode 100644
index 0000000000..67a87fca59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache
+    {
+        /// <summary>
+        /// A <see cref="Task"/> that's already completed successfully.
+        /// </summary>
+        /// <remarks>
+        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
+        /// by <c>Task.CompletedTask</c>.
+        /// </remarks>
+#if NET451
+        public static readonly Task CompletedTask = Task.FromResult(0);
+#else
+        public static readonly Task CompletedTask = Task.CompletedTask;
+#endif
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs
new file mode 100644
index 0000000000..5015e3aba7
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache<T>
+    {
+        /// <summary>
+        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
+        /// </summary>
+        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
+    }
+
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
deleted file mode 100644
index 1b513d926c..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/project.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication": {
-      "target": "project"
-    },
-    "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "Microsoft.IdentityModel.Protocols.OpenIdConnect": "2.1.0",
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.4": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
new file mode 100644
index 0000000000..a81a883803
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -0,0 +1,39 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <!-- 
+      TODO remove files in __TemporarySources__ and use this content files package
+      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+     -->
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+    <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
deleted file mode 100644
index b72a631fa9..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>0330fff6-b4b5-42dd-8c99-26a789569000</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs
new file mode 100644
index 0000000000..67a87fca59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache
+    {
+        /// <summary>
+        /// A <see cref="Task"/> that's already completed successfully.
+        /// </summary>
+        /// <remarks>
+        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
+        /// by <c>Task.CompletedTask</c>.
+        /// </remarks>
+#if NET451
+        public static readonly Task CompletedTask = Task.FromResult(0);
+#else
+        public static readonly Task CompletedTask = Task.CompletedTask;
+#endif
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs
new file mode 100644
index 0000000000..5015e3aba7
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache<T>
+    {
+        /// <summary>
+        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
+        /// </summary>
+        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
+    }
+
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json b/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
deleted file mode 100644
index 2d31ec0b20..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/project.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Authentication": {
-      "target": "project"
-    },
-    "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "NETStandard.Library": "1.6.2-*",
-    "Newtonsoft.Json": "9.0.1"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
new file mode 100644
index 0000000000..ed11f94ad6
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -0,0 +1,40 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core common types used by the various authentication middleware components.</Description>
+    <VersionPrefix>1.2.0</VersionPrefix>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
+    <!-- 
+      TODO remove files in __TemporarySources__ and use this content files package
+      <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="1.2.0-*" PrivateAssets="All" />
+      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+     -->
+    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="1.2.0-*" />
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
deleted file mode 100644
index b3345c6cfc..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>2286250a-52c8-4126-9f93-b1e45f0ad078</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs
new file mode 100644
index 0000000000..408ef6b224
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs
@@ -0,0 +1,40 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Security.Claims;
+
+namespace Microsoft.Extensions.Internal
+{
+    /// <summary>
+    /// Helper code used when implementing authentication middleware
+    /// </summary>
+    internal static class SecurityHelper
+    {
+        /// <summary>
+        /// Add all ClaimsIdentities from an additional ClaimPrincipal to the ClaimsPrincipal
+        /// Merges a new claims principal, placing all new identities first, and eliminating
+        /// any empty unauthenticated identities from context.User
+        /// </summary>
+        /// <param name="existingPrincipal">The <see cref="ClaimsPrincipal"/> containing existing <see cref="ClaimsIdentity"/>.</param>
+        /// <param name="additionalPrincipal">The <see cref="ClaimsPrincipal"/> containing <see cref="ClaimsIdentity"/> to be added.</param>
+        public static ClaimsPrincipal MergeUserPrincipal(ClaimsPrincipal existingPrincipal, ClaimsPrincipal additionalPrincipal)
+        {
+            var newPrincipal = new ClaimsPrincipal();
+
+            // New principal identities go first
+            if (additionalPrincipal != null)
+            {
+                newPrincipal.AddIdentities(additionalPrincipal.Identities);
+            }
+
+            // Then add any existing non empty or authenticated identities
+            if (existingPrincipal != null)
+            {
+                newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any()));
+            }
+            return newPrincipal;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs
new file mode 100644
index 0000000000..67a87fca59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache
+    {
+        /// <summary>
+        /// A <see cref="Task"/> that's already completed successfully.
+        /// </summary>
+        /// <remarks>
+        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
+        /// by <c>Task.CompletedTask</c>.
+        /// </remarks>
+#if NET451
+        public static readonly Task CompletedTask = Task.FromResult(0);
+#else
+        public static readonly Task CompletedTask = Task.CompletedTask;
+#endif
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs
new file mode 100644
index 0000000000..5015e3aba7
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache<T>
+    {
+        /// <summary>
+        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
+        /// </summary>
+        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
+    }
+
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/project.json b/src/Microsoft.AspNetCore.Authentication/project.json
deleted file mode 100644
index 0dcf5a7896..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/project.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core common types used by the various authentication middleware components.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authentication",
-      "security"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.DataProtection": "1.2.0-*",
-    "Microsoft.AspNetCore.Http": "1.2.0-*",
-    "Microsoft.AspNetCore.Http.Extensions": "1.2.0-*",
-    "Microsoft.Extensions.Logging.Abstractions": "1.2.0-*",
-    "Microsoft.Extensions.Options": "1.2.0-*",
-    "Microsoft.Extensions.SecurityHelper.Sources": {
-      "type": "build",
-      "version": "1.2.0-*"
-    },
-    "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "Microsoft.Extensions.WebEncoders": "1.2.0-*",
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Net.Http": ""
-      }
-    },
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
new file mode 100644
index 0000000000..75a9511f39
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -0,0 +1,41 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core authorization classes.
+Commonly used types:
+Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authorization</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
+    <!-- 
+      TODO remove files in __TemporarySources__ and use this content files package
+      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+     -->
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Runtime" />
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
+    <PackageReference Include="System.Security.Claims" Version="4.4.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
deleted file mode 100644
index cc6041f8f4..0000000000
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>6ab3e514-5894-4131-9399-dc7d5284addb</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.Authorization/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs
new file mode 100644
index 0000000000..67a87fca59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache
+    {
+        /// <summary>
+        /// A <see cref="Task"/> that's already completed successfully.
+        /// </summary>
+        /// <remarks>
+        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
+        /// by <c>Task.CompletedTask</c>.
+        /// </remarks>
+#if NET451
+        public static readonly Task CompletedTask = Task.FromResult(0);
+#else
+        public static readonly Task CompletedTask = Task.CompletedTask;
+#endif
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs
new file mode 100644
index 0000000000..5015e3aba7
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+
+namespace Microsoft.Extensions.Internal
+{
+    internal static class TaskCache<T>
+    {
+        /// <summary>
+        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
+        /// </summary>
+        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
+    }
+
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/project.json b/src/Microsoft.AspNetCore.Authorization/project.json
deleted file mode 100644
index 883e92641b..0000000000
--- a/src/Microsoft.AspNetCore.Authorization/project.json
+++ /dev/null
@@ -1,45 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core authorization classes.\r\nCommonly used types:\r\nMicrosoft.AspNetCore.Authorization.AllowAnonymousAttribute\r\nMicrosoft.AspNetCore.Authorization.AuthorizeAttribute",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore",
-      "authorization"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.Extensions.Logging.Abstractions": "1.2.0-*",
-    "Microsoft.Extensions.Options": "1.2.0-*",
-    "Microsoft.Extensions.TaskCache.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {
-      "frameworkAssemblies": {
-        "System.Runtime": {
-          "type": "build"
-        }
-      }
-    },
-    "netstandard1.3": {
-      "dependencies": {
-        "System.Security.Claims": "4.4.0-*"
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj
deleted file mode 100644
index 593e5d6816..0000000000
--- a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/Microsoft.AspNetCore.ChunkingCookieManager.Sources.xproj
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0.25420" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0.25420</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>2690fbe6-9d27-4c84-b82c-11188b0bcda3</ProjectGuid>
-    <RootNamespace>Microsoft.AspNetCore.ChunkingCookieManager.Sources</RootNamespace>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json b/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
deleted file mode 100644
index 7ccf0307dc..0000000000
--- a/src/Microsoft.AspNetCore.ChunkingCookieManager.Sources/project.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "shared": "*.cs",
-  "dependencies": {
-    "Microsoft.AspNetCore.Http.Abstractions": "1.2.0-*",
-    "Microsoft.Net.Http.Headers": "1.2.0-*",
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
new file mode 100644
index 0000000000..af3b620b47
--- /dev/null
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -0,0 +1,29 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core cookie policy classes to control the behavior of cookies.</Description>
+    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
deleted file mode 100644
index 0cd49f3242..0000000000
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>86183dc3-02a8-4a68-8b60-71ecec066e79</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs b/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
deleted file mode 100644
index 76feceeff0..0000000000
--- a/src/Microsoft.AspNetCore.CookiePolicy/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Reflection;
-using System.Resources;
-
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/project.json b/src/Microsoft.AspNetCore.CookiePolicy/project.json
deleted file mode 100644
index 95eede5db2..0000000000
--- a/src/Microsoft.AspNetCore.CookiePolicy/project.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "description": "ASP.NET Core cookie policy classes to control the behavior of cookies.",
-  "packOptions": {
-    "repository": {
-      "type": "git",
-      "url": "git://github.com/aspnet/security"
-    },
-    "tags": [
-      "aspnetcore"
-    ]
-  },
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.Http": "1.2.0-*",
-    "Microsoft.Extensions.Options": "1.2.0-*",
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {},
-    "netstandard1.3": {}
-  }
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
new file mode 100644
index 0000000000..eae395d84f
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -0,0 +1,29 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.</Description>
+    <TargetFramework>net451</TargetFramework>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;katana;owin;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Owin.Security" Version="3.0.1" />
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
deleted file mode 100644
index 052e998161..0000000000
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.xproj
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>a7922dd8-09f1-43e4-938b-cc523ea08898</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
index 56cb77fdc5..490fa7cb2a 100644
--- a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
+++ b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
@@ -1,15 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System.Reflection;
-using System.Resources;
 using System.Runtime.InteropServices;
 
-[assembly: AssemblyMetadata("Serviceable", "True")]
-[assembly: NeutralResourcesLanguage("en-us")]
-
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 [assembly: Guid("a7922dd8-09f1-43e4-938b-cc523ea08898")]
-[assembly: AssemblyCompany("Microsoft Corporation.")]
-[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
-[assembly: AssemblyProduct("Microsoft ASP.NET Core")]
+
diff --git a/src/Microsoft.Owin.Security.Interop/project.json b/src/Microsoft.Owin.Security.Interop/project.json
deleted file mode 100644
index 54b4c97ccc..0000000000
--- a/src/Microsoft.Owin.Security.Interop/project.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "version": "1.2.0-*",
-  "buildOptions": {
-    "warningsAsErrors": true,
-    "keyFile": "../../tools/Key.snk",
-    "nowarn": [
-      "CS1591"
-    ],
-    "xmlDoc": true
-  },
-  "description": "A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.",
-  "packOptions": {
-    "tags": [
-      "aspnetcore",
-      "katana",
-      "owin",
-      "security"
-    ]
-  },
-  "dependencies": {
-    "Microsoft.AspNetCore.DataProtection.Extensions": "1.2.0-*",
-    "Microsoft.Owin.Security": "3.0.1",
-    "NETStandard.Library": "1.6.2-*"
-  },
-  "frameworks": {
-    "net451": {}
-  }
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
new file mode 100644
index 0000000000..0eb8b1269b
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -0,0 +1,50 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Google\Microsoft.AspNetCore.Authentication.Google.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
+    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
deleted file mode 100644
index 1050a47adb..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.xproj
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>8da26cd1-1302-4cfd-9270-9fa1b7c6138b</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/project.json b/test/Microsoft.AspNetCore.Authentication.Test/project.json
deleted file mode 100644
index 7477e93fae..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/project.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  "buildOptions": {
-    "warningsAsErrors": true
-  },
-  "dependencies": {
-    "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Facebook": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Google": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Twitter": "1.2.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.2.0-*",
-    "Microsoft.AspNetCore.Testing": "1.2.0-*",
-    "xunit": "2.2.0-*"
-  },
-  "frameworks": {
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    },
-    "net451": {}
-  },
-  "testRunner": "xunit"
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
new file mode 100644
index 0000000000..f4d6f8c669
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -0,0 +1,39 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Runtime">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="1.2.0-*" />
+    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
deleted file mode 100644
index 59bcbc9c4a..0000000000
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.xproj
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>7af5ad96-eb6e-4d0e-8abe-c0b543c0f4c2</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/project.json b/test/Microsoft.AspNetCore.Authorization.Test/project.json
deleted file mode 100644
index dfb4e72881..0000000000
--- a/test/Microsoft.AspNetCore.Authorization.Test/project.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  "buildOptions": {
-    "warningsAsErrors": true
-  },
-  "dependencies": {
-    "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authorization": "1.2.0-*",
-    "Microsoft.AspNetCore.Testing": "1.2.0-*",
-    "Microsoft.Extensions.DependencyInjection": "1.2.0-*",
-    "Microsoft.Extensions.Logging": "1.2.0-*",
-    "xunit": "2.2.0-*"
-  },
-  "frameworks": {
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    },
-    "net451": {}
-  },
-  "testRunner": "xunit"
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
new file mode 100644
index 0000000000..21ded78c89
--- /dev/null
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -0,0 +1,31 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <Compile Include="..\..\shared\Microsoft.AspNetCore.ChunkingCookieManager.Sources\**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
+    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+</Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj
deleted file mode 100644
index d95a6c1287..0000000000
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.xproj
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0.25420" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0.25420</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>51563775-c659-4907-9baf-9995bab87d01</ProjectGuid>
-    <RootNamespace>Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test</RootNamespace>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
-  <Import Project="$(VSToolsPath)\DotNet\Microsoft.DotNet.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
deleted file mode 100644
index d8761ffa3d..0000000000
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/project.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  "buildOptions": {
-    "warningsAsErrors": true
-  },
-  "dependencies": {
-    "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.ChunkingCookieManager.Sources": {
-      "version": "1.2.0-*",
-      "type": "build"
-    },
-    "Microsoft.AspNetCore.Http": "1.2.0-*",
-    "xunit": "2.2.0-*"
-  },
-  "frameworks": {
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    },
-    "net451": {}
-  },
-  "testRunner": "xunit"
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
new file mode 100644
index 0000000000..c048cdd251
--- /dev/null
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -0,0 +1,42 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
+    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
+    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
+  </ItemGroup>
+
+</Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
deleted file mode 100644
index 06582d576f..0000000000
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.xproj
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>1790e052-646f-4529-b90e-6fea95520d69</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json b/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
deleted file mode 100644
index d849b6bc24..0000000000
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/project.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  "buildOptions": {
-    "warningsAsErrors": true
-  },
-  "dependencies": {
-    "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.CookiePolicy": "1.2.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.2.0-*",
-    "Microsoft.Extensions.DependencyInjection": "1.2.0-*",
-    "xunit": "2.2.0-*"
-  },
-  "frameworks": {
-    "netcoreapp1.1": {
-      "dependencies": {
-        "Microsoft.NETCore.App": {
-          "version": "1.2.0-*",
-          "type": "platform"
-        }
-      }
-    },
-    "net451": {}
-  },
-  "testRunner": "xunit"
-}
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
new file mode 100644
index 0000000000..23815e0cca
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -0,0 +1,40 @@
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <TargetFramework>net451</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="**\*.cs" />
+    <EmbeddedResource Include="**\*.resx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
+      <FromP2P>true</FromP2P>
+    </ProjectReference>
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
+    <Reference Include="System.Net.Http">
+      <FromP2P>true</FromP2P>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="Microsoft.CSharp" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="3.0.1" />
+    <PackageReference Include="Microsoft.Owin.Testing" Version="3.0.1" />
+    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+  </ItemGroup>
+
+</Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
deleted file mode 100644
index d7f7c9d958..0000000000
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.xproj
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
-    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
-  </PropertyGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.Props" Condition="'$(VSToolsPath)' != ''" />
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>a2b5dc39-68d5-4145-a8cc-6aeab7d33a24</ProjectGuid>
-    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">.\obj</BaseIntermediateOutputPath>
-    <OutputPath Condition="'$(OutputPath)'=='' ">.\bin\</OutputPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <SchemaVersion>2.0</SchemaVersion>
-  </PropertyGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
-  <Import Project="$(VSToolsPath)\DNX\Microsoft.DNX.targets" Condition="'$(VSToolsPath)' != ''" />
-</Project>
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Interop.Test/project.json b/test/Microsoft.Owin.Security.Interop.Test/project.json
deleted file mode 100644
index 43738eba99..0000000000
--- a/test/Microsoft.Owin.Security.Interop.Test/project.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  "buildOptions": {
-    "warningsAsErrors": true
-  },
-  "dependencies": {
-    "dotnet-test-xunit": "2.2.0-*",
-    "Microsoft.AspNetCore.Authentication.Cookies": "1.2.0-*",
-    "Microsoft.AspNetCore.TestHost": "1.2.0-*",
-    "Microsoft.Owin.Security.Cookies": "3.0.1",
-    "Microsoft.Owin.Security.Interop": "1.2.0-*",
-    "Microsoft.Owin.Testing": "3.0.1",
-    "NETStandard.Library": "1.6.2-*",
-    "xunit": "2.2.0-*"
-  },
-  "frameworks": {
-    "net451": {}
-  },
-  "testRunner": "xunit"
-}
\ No newline at end of file
diff --git a/version.props b/version.props
new file mode 100644
index 0000000000..e77c8d9c38
--- /dev/null
+++ b/version.props
@@ -0,0 +1,7 @@
+<!-- This file may be overwritten by automation. Only values allowed here are VersionPrefix and VersionSuffix.  -->
+<Project>
+    <PropertyGroup>
+        <VersionPrefix>1.2.0</VersionPrefix>
+        <VersionSuffix>preview1</VersionSuffix>
+    </PropertyGroup>
+</Project>
\ No newline at end of file

From 861026cd76e7791eb3595709de9fa1a6ccf53ce3 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 5 Jan 2017 18:16:07 -0800
Subject: [PATCH 667/900] Remove redundant references

---
 samples/CookieSample/CookieSample.csproj               |  8 --------
 samples/CookieSessionSample/CookieSessionSample.csproj |  8 --------
 samples/JwtBearerSample/JwtBearerSample.csproj         |  8 --------
 .../OpenIdConnect.AzureAdSample.csproj                 |  8 --------
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj |  8 --------
 samples/SocialSample/SocialSample.csproj               |  8 --------
 .../Microsoft.AspNetCore.Authentication.Cookies.csproj | 10 +---------
 ...Microsoft.AspNetCore.Authentication.Facebook.csproj |  8 --------
 .../Microsoft.AspNetCore.Authentication.Google.csproj  |  8 --------
 ...icrosoft.AspNetCore.Authentication.JwtBearer.csproj | 10 +---------
 ...t.AspNetCore.Authentication.MicrosoftAccount.csproj |  8 --------
 .../Microsoft.AspNetCore.Authentication.OAuth.csproj   | 10 +---------
 ...soft.AspNetCore.Authentication.OpenIdConnect.csproj | 10 +---------
 .../Microsoft.AspNetCore.Authentication.Twitter.csproj | 10 +---------
 .../Microsoft.AspNetCore.Authentication.csproj         |  8 +-------
 .../Microsoft.AspNetCore.Authorization.csproj          |  8 +-------
 .../Microsoft.AspNetCore.CookiePolicy.csproj           |  5 -----
 .../Microsoft.Owin.Security.Interop.csproj             |  5 -----
 .../Microsoft.AspNetCore.Authentication.Test.csproj    |  8 --------
 .../Microsoft.AspNetCore.Authorization.Test.csproj     |  7 -------
 ...spNetCore.ChunkingCookieManager.Sources.Test.csproj |  5 -----
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj      |  8 --------
 .../Microsoft.Owin.Security.Interop.Test.csproj        |  8 --------
 23 files changed, 7 insertions(+), 177 deletions(-)

diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 623896b736..7a3ab47926 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -20,14 +20,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index fb189cef4f..4a77be1272 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -20,14 +20,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 2d94cdbdf8..273cfaf891 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -22,14 +22,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 7331e7f051..ef7bcae736 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -22,14 +22,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index dfb0231079..78d799be14 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -21,14 +21,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 71900b9b5d..1af3fe1c2b 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -27,14 +27,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 955afcb397..bdbcff2764 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -21,17 +21,9 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <!-- 
+    <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index a99538405c..999bb8bd88 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -22,14 +22,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index cce86fac68..e66ceff787 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -22,14 +22,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 41d886031e..e95df79ce3 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -19,16 +19,8 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
-    <!-- 
+    <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 341096369b..0af3a9d0d6 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -22,14 +22,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 1199750e87..1bb635bfc3 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -19,16 +19,8 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
-    <!-- 
+    <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 407dc44ae4..a90a4846cc 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -19,16 +19,8 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
-    <!-- 
+    <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index a81a883803..b7222fd9c6 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -19,16 +19,8 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
-    <!-- 
+    <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index ed11f94ad6..edc85f76ed 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -22,7 +22,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <!-- 
+    <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="1.2.0-*" PrivateAssets="All" />
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
@@ -31,10 +31,4 @@
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http" />
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 75a9511f39..fdc54f10bd 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -21,19 +21,13 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <!-- 
+    <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Runtime" />
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
     <PackageReference Include="System.Security.Claims" Version="4.4.0-*" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index af3b620b47..0d0e37c80f 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -21,9 +21,4 @@
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
 </Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index eae395d84f..7ec8078c58 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -21,9 +21,4 @@
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 0eb8b1269b..23cc33121c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -27,14 +27,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index f4d6f8c669..2d8f9652b5 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -15,13 +15,6 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Runtime">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 21ded78c89..cf2a629d4c 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -23,9 +23,4 @@
     <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index c048cdd251..ac83191062 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -19,14 +19,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 23815e0cca..344294e72b 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -19,14 +19,6 @@
     </ProjectReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net451' ">
-    <Reference Include="System.Net.Http">
-      <FromP2P>true</FromP2P>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="Microsoft.CSharp" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />

From 8c9e27963cb80829b16de8da5d70caab2c55f19e Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Mon, 9 Jan 2017 10:40:04 -0800
Subject: [PATCH 668/900] Upgrade appveyor image

---
 appveyor.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/appveyor.yml b/appveyor.yml
index b9a9bcd1e6..c6b856f49c 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -10,4 +10,6 @@ build_script:
   - build.cmd verify
 clone_depth: 1
 test: off
-deploy: off
\ No newline at end of file
+deploy: off
+# Required for dotnet-test to work
+os: Visual Studio 2015

From 9917e8bb30417e933c31e111d32e69fdf477a4f0 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 5 Jan 2017 14:53:45 -0800
Subject: [PATCH 669/900] Update launchSettings for new VS 2017 rules

---
 samples/CookieSample/Properties/launchSettings.json          | 5 ++---
 samples/CookieSessionSample/Properties/launchSettings.json   | 5 ++---
 samples/JwtBearerSample/Properties/launchSettings.json       | 5 ++---
 .../Properties/launchSettings.json                           | 5 ++---
 samples/OpenIdConnectSample/Properties/launchSettings.json   | 3 +--
 samples/SocialSample/Properties/launchSettings.json          | 5 ++---
 6 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/samples/CookieSample/Properties/launchSettings.json b/samples/CookieSample/Properties/launchSettings.json
index afe862f4f4..38ca6fc37f 100644
--- a/samples/CookieSample/Properties/launchSettings.json
+++ b/samples/CookieSample/Properties/launchSettings.json
@@ -18,10 +18,9 @@
     "CookieSample": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:12345",
+      "applicationUrl": "http://localhost:12345",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "http://localhost:12345"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/samples/CookieSessionSample/Properties/launchSettings.json
index edb6e4dd19..25de3e478e 100644
--- a/samples/CookieSessionSample/Properties/launchSettings.json
+++ b/samples/CookieSessionSample/Properties/launchSettings.json
@@ -18,10 +18,9 @@
     "CookieSessionSample": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:12345",
+      "applicationUrl": "http://localhost:12345",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "http://localhost:12345"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }
diff --git a/samples/JwtBearerSample/Properties/launchSettings.json b/samples/JwtBearerSample/Properties/launchSettings.json
index e89788c48f..6922375c98 100644
--- a/samples/JwtBearerSample/Properties/launchSettings.json
+++ b/samples/JwtBearerSample/Properties/launchSettings.json
@@ -18,10 +18,9 @@
     "JwtBearer": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:42023",
+      "applicationUrl": "http://localhost:42023",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "http://localhost:42023"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }
diff --git a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
index 62dc4ef778..e6436fee2a 100644
--- a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
@@ -18,10 +18,9 @@
     "OpenIdConnect": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:42023",
+      "applicationUrl": "http://localhost:42023",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "http://localhost:42023"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/samples/OpenIdConnectSample/Properties/launchSettings.json
index 48610115fa..058fa4c5dd 100644
--- a/samples/OpenIdConnectSample/Properties/launchSettings.json
+++ b/samples/OpenIdConnectSample/Properties/launchSettings.json
@@ -19,9 +19,8 @@
     "OpenIdConnectSample": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "https://localhost:44318/",
+      "applicationUrl": "https://localhost:44318/",
       "environmentVariables": {
-        "ASPNETCORE_URLS": "https://localhost:44318/",
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
diff --git a/samples/SocialSample/Properties/launchSettings.json b/samples/SocialSample/Properties/launchSettings.json
index 251bfbffd4..30bf2e5f6a 100644
--- a/samples/SocialSample/Properties/launchSettings.json
+++ b/samples/SocialSample/Properties/launchSettings.json
@@ -19,10 +19,9 @@
     "SocialSample": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "https://localhost:44318/",
+      "applicationUrl": "https://localhost:44318/",
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "ASPNETCORE_URLS": "https://localhost:44318/"
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }

From fa64b0c0fb193c584d5d0835293860f92469145a Mon Sep 17 00:00:00 2001
From: Stephen Halter <halter73@gmail.com>
Date: Mon, 9 Jan 2017 19:58:22 -0800
Subject: [PATCH 670/900] React to UseHttps change

---
 samples/OpenIdConnectSample/Program.cs | 18 +++++++++++++-----
 samples/SocialSample/Program.cs        | 17 +++++++++++++----
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
index 49cbf139d6..741dd6ebf5 100644
--- a/samples/OpenIdConnectSample/Program.cs
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -1,4 +1,6 @@
-using System.IO;
+using System;
+using System.IO;
+using System.Net;
 using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Hosting;
@@ -13,11 +15,17 @@ namespace OpenIdConnectSample
             var host = new WebHostBuilder()
                 .UseKestrel(options =>
                 {
-                    // Configure SSL
-                    var serverCertificate = LoadCertificate();
-                    options.UseHttps(serverCertificate);
+                    if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ASPNETCORE_PORT")))
+                    {
+                        // ANCM is not hosting the process
+                        options.Listen(IPAddress.Loopback, 44318, listenOptions =>
+                        {
+                            // Configure SSL
+                            var serverCertificate = LoadCertificate();
+                            listenOptions.UseHttps(serverCertificate);
+                        });
+                    }
                 })
-                .UseUrls("https://localhost:44318")
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/SocialSample/Program.cs b/samples/SocialSample/Program.cs
index f3cad66ad3..483feec169 100644
--- a/samples/SocialSample/Program.cs
+++ b/samples/SocialSample/Program.cs
@@ -1,4 +1,6 @@
-using System.IO;
+using System;
+using System.IO;
+using System.Net;
 using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Hosting;
@@ -14,9 +16,16 @@ namespace SocialSample
             var host = new WebHostBuilder()
                 .UseKestrel(options =>
                 {
-                    //Configure SSL
-                    var serverCertificate = LoadCertificate();
-                    options.UseHttps(serverCertificate);
+                    if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ASPNETCORE_PORT")))
+                    {
+                        // ANCM is not hosting the process
+                        options.Listen(IPAddress.Loopback, 5000, listenOptions =>
+                        {
+                            // Configure SSL
+                            var serverCertificate = LoadCertificate();
+                            listenOptions.UseHttps(serverCertificate);
+                        });
+                    }
                 })
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()

From 46f0d193c874944a080737892283954a85fe1290 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 11 Jan 2017 14:30:11 -0800
Subject: [PATCH 671/900] React to aspnet/KoreBuild#155

This converts to using Internal.AspNetCore.Sdk instead of importing from the KoreBuild folder directly
---
 NuGet.config       |  1 +
 build/common.props | 13 +++++--------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 0fd623ffdd..93f1ac47df 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -2,6 +2,7 @@
 <configuration>
   <packageSources>
     <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
+    <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/build/common.props b/build/common.props
index 700582a850..f2d9508e5a 100644
--- a/build/common.props
+++ b/build/common.props
@@ -1,20 +1,17 @@
 <Project>
   <Import Project="..\version.props" />
-  <Import Project="..\.build\common.props" Condition="Exists('..\.build\common.props')" />
 
   <PropertyGroup>
+    <Product>Microsoft ASP.NET Core</Product>
     <RepositoryUrl>https://github.com/aspnet/Security</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)Key.snk</AssemblyOriginatorKeyFile>
     <SignAssembly>true</SignAssembly>
     <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
-    <Product>Microsoft ASP.NET Core</Product>
   </PropertyGroup>
 
-  <Target Name="EnsureInitialized"
-          BeforeTargets="Build"
-          Condition="!Exists('$(MSBuildThisFileDirectory)..\.build\common.props')">
-    <Error File="$(MSBuildProjectFile)"
-           Text="Project has not been initialized. Run 'build initialize' in the solution directory '$(MSBuildThisFileDirectory)'" />
-  </Target>
+  <ItemGroup>
+    <PackageReference Include="Internal.AspNetCore.Sdk" Version="1.0.0-*" PrivateAssets="All" />
+  </ItemGroup>
+
 </Project>
\ No newline at end of file

From c64c5db02dea6e793d2fad564c094a219618cece Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Tue, 17 Jan 2017 16:48:52 -0800
Subject: [PATCH 672/900] Change Xunit versions

---
 .../Microsoft.AspNetCore.Authentication.Test.csproj           | 4 ++--
 .../Microsoft.AspNetCore.Authorization.Test.csproj            | 4 ++--
 ...osoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj | 4 ++--
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj             | 4 ++--
 .../Microsoft.Owin.Security.Interop.Test.csproj               | 4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 23cc33121c..39c01086e9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -29,10 +29,10 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+    <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 2d8f9652b5..424132eb20 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -18,11 +18,11 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+    <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index cf2a629d4c..4c4da177fd 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -14,9 +14,9 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+    <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index ac83191062..b46df5b990 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -21,10 +21,10 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+    <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 344294e72b..d78da43973 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -21,12 +21,12 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-beta4-build1194" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="3.0.1" />
     <PackageReference Include="Microsoft.Owin.Testing" Version="3.0.1" />
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
-    <PackageReference Include="xunit" Version="2.2.0-beta4-build3444" />
+    <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
 </Project>

From f2fd58d8c42f5ebdc70a7714b1183fbad7ff095d Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 19 Jan 2017 13:37:04 -0800
Subject: [PATCH 673/900] Fix the social sample port.

---
 samples/SocialSample/Program.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/SocialSample/Program.cs b/samples/SocialSample/Program.cs
index 483feec169..76fb5e59a9 100644
--- a/samples/SocialSample/Program.cs
+++ b/samples/SocialSample/Program.cs
@@ -19,7 +19,7 @@ namespace SocialSample
                     if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ASPNETCORE_PORT")))
                     {
                         // ANCM is not hosting the process
-                        options.Listen(IPAddress.Loopback, 5000, listenOptions =>
+                        options.Listen(IPAddress.Loopback, 44318, listenOptions =>
                         {
                             // Configure SSL
                             var serverCertificate = LoadCertificate();

From 3828232d510e5fa4ecb9006f3e4a9f2b08589a73 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 19 Jan 2017 13:45:44 -0800
Subject: [PATCH 674/900] Fix AAD sample

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 84558affb7..5b18a0e13d 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -95,7 +95,7 @@ namespace OpenIdConnect.AzureAdSample
                         var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
                             context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);
 
-                        context.HandleCodeRedemption();
+                        context.HandleCodeRedemption(result.AccessToken, result.IdToken);
                     }
                 }
             });

From fddfad14c9ce757717e4dfd2db5bf4f045b9d52e Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 19 Jan 2017 13:50:46 -0800
Subject: [PATCH 675/900] #1082 Update IdentityModel dependencies to 5.1.2

---
 .../OpenIdConnect.AzureAdSample.csproj              | 13 +++----------
 ...osoft.AspNetCore.Authentication.JwtBearer.csproj | 10 ++--------
 ...t.AspNetCore.Authentication.OpenIdConnect.csproj | 10 ++--------
 3 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index ef7bcae736..9b27985b71 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -1,5 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
-
+<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
     <OutputType>Exe</OutputType>
@@ -7,13 +6,11 @@
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
-
   <ItemGroup>
     <Content Include="web.config">
       <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
     </Content>
   </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
@@ -21,22 +18,18 @@
       <FromP2P>true</FromP2P>
     </ProjectReference>
   </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.4" />
+    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.8" />
   </ItemGroup>
-
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
     <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
   </ItemGroup>
-
   <ItemGroup>
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
   </ItemGroup>
-
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index e95df79ce3..db5d30bd2f 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
-
   <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
     <TargetFrameworks>net451;netstandard1.4</TargetFrameworks>
@@ -9,23 +7,19 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
-
   <ItemGroup>
     <Compile Include="**\*.cs" />
     <EmbeddedResource Include="**\*.resx" />
   </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
-
   <ItemGroup>
     <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.0" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
-
-</Project>
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index a90a4846cc..d6b2006290 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
-
   <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
     <TargetFrameworks>net451;netstandard1.4</TargetFrameworks>
@@ -9,23 +7,19 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
-
   <ItemGroup>
     <Compile Include="**\*.cs" />
     <EmbeddedResource Include="**\*.resx" />
   </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
-
   <ItemGroup>
     <!--
       TODO remove files in __TemporarySources__ and use this content files package
       <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
      -->
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.0" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
     <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
-
-</Project>
+</Project>
\ No newline at end of file

From 7d0841ae1ca88cc8161cdff5daca53215e3b6d0f Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 19 Jan 2017 17:11:42 -0800
Subject: [PATCH 676/900] Pin sdk version using global.json

---
 global.json | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 global.json

diff --git a/global.json b/global.json
new file mode 100644
index 0000000000..1e3e060e88
--- /dev/null
+++ b/global.json
@@ -0,0 +1,5 @@
+{
+  "sdk": {
+    "version": "1.0.0-preview4-004233"
+  }
+}

From 7634c5420a85a28217b0384f34324273aed042c5 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 19 Jan 2017 22:00:32 -0800
Subject: [PATCH 677/900] Upgrade to RC.3

Removes __TemporarySources__ to use contentFiles packages
Remove default globs
Update test platform
---
 build/common.props                            |  9 ++++-
 global.json                                   |  5 ---
 makefile.shade                                |  2 +-
 samples/CookieSample/CookieSample.csproj      | 17 +-------
 .../CookieSessionSample.csproj                | 17 +-------
 .../JwtBearerSample/JwtBearerSample.csproj    | 19 +--------
 .../OpenIdConnect.AzureAdSample.csproj        | 16 +-------
 .../OpenIdConnectSample.csproj                | 19 +--------
 samples/SocialSample/SocialSample.csproj      | 19 +--------
 shared/build.proj                             | 24 -----------
 shared/sources.csproj                         | 29 ++++++++++++++
 shared/sources.nuspec                         | 19 ---------
 ...t.AspNetCore.Authentication.Cookies.csproj | 11 +----
 .../__TemporarySources__/TaskCache.cs         | 23 -----------
 .../__TemporarySources__/TaskCacheOfT.cs      | 16 --------
 ....AspNetCore.Authentication.Facebook.csproj | 12 ------
 ...ft.AspNetCore.Authentication.Google.csproj | 12 ------
 ...AspNetCore.Authentication.JwtBearer.csproj | 12 +-----
 .../__TemporarySources__/TaskCache.cs         | 23 -----------
 .../__TemporarySources__/TaskCacheOfT.cs      | 16 --------
 ...ore.Authentication.MicrosoftAccount.csproj | 12 ------
 ...oft.AspNetCore.Authentication.OAuth.csproj | 14 +------
 .../__TemporarySources__/TaskCache.cs         | 23 -----------
 .../__TemporarySources__/TaskCacheOfT.cs      | 16 --------
 ...etCore.Authentication.OpenIdConnect.csproj | 12 +-----
 .../__TemporarySources__/TaskCache.cs         | 23 -----------
 .../__TemporarySources__/TaskCacheOfT.cs      | 16 --------
 ...t.AspNetCore.Authentication.Twitter.csproj | 14 +------
 .../__TemporarySources__/TaskCache.cs         | 23 -----------
 .../__TemporarySources__/TaskCacheOfT.cs      | 16 --------
 ...Microsoft.AspNetCore.Authentication.csproj | 13 +-----
 .../__TemporarySources__/SecurityHelper.cs    | 40 -------------------
 .../__TemporarySources__/TaskCache.cs         | 23 -----------
 .../__TemporarySources__/TaskCacheOfT.cs      | 16 --------
 .../Microsoft.AspNetCore.Authorization.csproj | 11 +----
 .../__TemporarySources__/TaskCache.cs         | 23 -----------
 .../__TemporarySources__/TaskCacheOfT.cs      | 16 --------
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |  6 ---
 .../Microsoft.Owin.Security.Interop.csproj    |  6 ---
 ...soft.AspNetCore.Authentication.Test.csproj | 20 +---------
 ...osoft.AspNetCore.Authorization.Test.csproj | 15 +------
 ....ChunkingCookieManager.Sources.Test.csproj |  8 +---
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj | 17 +-------
 ...icrosoft.Owin.Security.Interop.Test.csproj | 14 +------
 44 files changed, 58 insertions(+), 659 deletions(-)
 delete mode 100644 global.json
 delete mode 100644 shared/build.proj
 create mode 100644 shared/sources.csproj
 delete mode 100644 shared/sources.nuspec
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs

diff --git a/build/common.props b/build/common.props
index f2d9508e5a..7ce50d277a 100644
--- a/build/common.props
+++ b/build/common.props
@@ -8,10 +8,17 @@
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)Key.snk</AssemblyOriginatorKeyFile>
     <SignAssembly>true</SignAssembly>
     <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
+    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
+    <NetStandardImplicitPackageVersion>1.6.2-*</NetStandardImplicitPackageVersion>
+    <VersionSuffix Condition="'$(VersionSuffix)'!='' AND '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Internal.AspNetCore.Sdk" Version="1.0.0-*" PrivateAssets="All" />
+    <PackageReference Include="Internal.AspNetCore.Sdk" Version="1.0.1-*" PrivateAssets="All" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework' AND '$(OutputType)'=='library'">
+    <PackageReference Include="NETStandard.Library" Version="$(NetStandardImplicitPackageVersion)" />
+  </ItemGroup>
+  
 </Project>
\ No newline at end of file
diff --git a/global.json b/global.json
deleted file mode 100644
index 1e3e060e88..0000000000
--- a/global.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "sdk": {
-    "version": "1.0.0-preview4-004233"
-  }
-}
diff --git a/makefile.shade b/makefile.shade
index f5ea5ac9eb..76d5bf85e4 100644
--- a/makefile.shade
+++ b/makefile.shade
@@ -5,4 +5,4 @@ use-standard-lifecycle
 k-standard-goals
 
 #pack-sources target='build-pack'
-    dotnet command='msbuild shared/build.proj /t:Pack /v:n'
+    dotnet command='msbuild shared/sources.csproj "/t:Restore;PackAll" /v:n'
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 7a3ab47926..e9987f3a86 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -5,22 +5,11 @@
     <OutputType>Exe</OutputType>
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Content Include="web.config">
-      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
-    </Content>
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
@@ -29,8 +18,4 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index 4a77be1272..62bb9f4a9f 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -5,22 +5,11 @@
     <OutputType>Exe</OutputType>
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
+    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Content Include="web.config">
-      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
-    </Content>
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
@@ -29,8 +18,4 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 273cfaf891..83c0c643d7 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -7,22 +7,11 @@
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <OutputType>Exe</OutputType>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <Content Include="wwwroot\**\*;web.config">
-      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
-    </Content>
-  </ItemGroup>
+    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
+ </PropertyGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="1.2.0-*" />
@@ -30,8 +19,4 @@
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 9b27985b71..6cb421a2a0 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -5,31 +5,17 @@
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
+    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
-  <ItemGroup>
-    <Content Include="web.config">
-      <CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
-    </Content>
-  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.8" />
-  </ItemGroup>
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-  <ItemGroup>
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 78d799be14..acbae28b43 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -6,22 +6,12 @@
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
+    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Content Include="web.config" CopyToPublishDirectory="PreserveNewest" />
-    <EmbeddedResource Include="compiler\resources\**\*" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="1.2.0-*" />
@@ -30,13 +20,6 @@
     <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.2.0-*" />
-  </ItemGroup>
-
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
-  <ItemGroup>
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
   </ItemGroup>
 
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 1af3fe1c2b..1c137b6d5c 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -6,28 +6,15 @@
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
+    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Content Include="web.config" CopyToPublishDirectory="PreserveNewest" />
-    <EmbeddedResource Include="compiler\resources\**\*" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Google\Microsoft.AspNetCore.Authentication.Google.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
@@ -38,8 +25,4 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/shared/build.proj b/shared/build.proj
deleted file mode 100644
index d3fc56ba8a..0000000000
--- a/shared/build.proj
+++ /dev/null
@@ -1,24 +0,0 @@
-<Project ToolsVersion="15.0">
-  <Import Project="..\build\common.props" />
-
-  <PropertyGroup>
-    <OutputPath>$(MSBuildThisFileDirectory)..\artifacts\build</OutputPath>
-    <Version>$(VersionPrefix)</Version>
-    <Version Condition="'$(VersionSuffix)'!=''">$(Version)-$(VersionSuffix)</Version>
-  </PropertyGroup>
-
-  <Target Name="Pack">
-    <MakeDir Directories="$(OutputPath)" />
-    <ItemGroup>
-      <Packages Include="$([System.IO.Directory]::GetDirectories(&quot;$(MSBuildThisFileDirectory)&quot;, '*.Sources'))" />
-    </ItemGroup>
-    <!-- TODO use PackNuspecTask once it is implemented -->
-    <Exec Command="dotnet nuget pack
-&quot;$(MSBuildThisFileDirectory)sources.nuspec&quot;
---base-path &quot;%(Packages.Identity)&quot;
---version $(Version)
---output-directory &quot;$(OutputPath)&quot;
---properties &quot;id=%(Packages.FileName)%(Packages.Extension)&quot;"
-        />
-  </Target>
-</Project>
\ No newline at end of file
diff --git a/shared/sources.csproj b/shared/sources.csproj
new file mode 100644
index 0000000000..70c6cdbf2c
--- /dev/null
+++ b/shared/sources.csproj
@@ -0,0 +1,29 @@
+<!-- this is a dummy project to workaround https://github.com/NuGet/Home/issues/4254 -->
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+  <Import Project="..\build\common.props" />
+
+  <PropertyGroup>
+    <PackageOutputPath Condition="'$(PackageOutputPath)'==''">$(MSBuildThisFileDirectory)..\artifacts\build</PackageOutputPath>
+    <NuspecBasePath>$(MSBuildThisFileDirectory)\$(PackageId)</NuspecBasePath>
+    <TargetFramework>netstandard1.0</TargetFramework>
+    <EnableDefaultItems>false</EnableDefaultItems>
+    <Description>$(PackageId)</Description>
+    <IncludeBuildOutput>false</IncludeBuildOutput>
+    <ContentTargetFolders>contentFiles</ContentTargetFolders>
+  </PropertyGroup>
+
+  <ItemGroup Condition="'$(NuspecBasePath)' != ''">
+    <Compile Include="$(NuspecBasePath)\**\*.cs" Pack="true" />
+    <EmbeddedResource Include="$(NuspecBasePath)\**\*.resx" Pack="true" />
+    <PackageReference Update="@(PackageReference)" PrivateAssets="All" />
+  </ItemGroup>
+
+  <Target Name="PackAll">
+    <ItemGroup>
+      <Packages Include="$([System.IO.Directory]::GetDirectories(&quot;$(MSBuildThisFileDirectory)&quot;, '*.Sources'))" />
+    </ItemGroup>
+    <MSBuild Projects="$(MSBuildThisFile)"
+             Targets="Pack"
+             Properties="PackageVersion=$(Version);PackageId=%(Packages.FileName)%(Packages.Extension);NoBuild=true" />
+  </Target>
+</Project>
\ No newline at end of file
diff --git a/shared/sources.nuspec b/shared/sources.nuspec
deleted file mode 100644
index 0eb708b9b8..0000000000
--- a/shared/sources.nuspec
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<package xmlns="http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd">
-  <metadata>
-    <id>$id$</id>
-    <version>$version$</version>
-    <authors>Microsoft</authors>
-    <owners>Microsoft</owners>
-    <requireLicenseAcceptance>false</requireLicenseAcceptance>
-    <description>$id$</description>
-    <contentFiles>
-      <files include="contentFiles/cs/**/*.cs" buildAction="Compile" />
-      <files include="**/*.resx" buildAction="EmbeddedResource" />
-    </contentFiles>
-  </metadata>
-  <files>
-    <file src="**\*.resx" target="contentFiles/any/netstandard1.0/" />
-    <file src="**\*.cs" target="contentFiles/cs/netstandard1.0/" />
-  </files>
-</package>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index bdbcff2764..01f5b635d1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -12,23 +12,14 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <Compile Include="**\*.cs" />
     <Compile Include="..\..\shared\Microsoft.AspNetCore.ChunkingCookieManager.Sources\**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
   </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-  </ItemGroup>
-
-  <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <!--
-      TODO remove files in __TemporarySources__ and use this content files package
-      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-     -->
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="1.2.0-*" />
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs
deleted file mode 100644
index 67a87fca59..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCache.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache
-    {
-        /// <summary>
-        /// A <see cref="Task"/> that's already completed successfully.
-        /// </summary>
-        /// <remarks>
-        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
-        /// by <c>Task.CompletedTask</c>.
-        /// </remarks>
-#if NET451
-        public static readonly Task CompletedTask = Task.FromResult(0);
-#else
-        public static readonly Task CompletedTask = Task.CompletedTask;
-#endif
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs
deleted file mode 100644
index 5015e3aba7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/__TemporarySources__/TaskCacheOfT.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache<T>
-    {
-        /// <summary>
-        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
-        /// </summary>
-        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
-    }
-
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 999bb8bd88..7d7e3ad043 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -10,20 +10,8 @@
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index e66ceff787..30545dd69b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -10,20 +10,8 @@
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index db5d30bd2f..b53e5ee85d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -7,19 +7,9 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-  </ItemGroup>
-  <ItemGroup>
-    <!--
-      TODO remove files in __TemporarySources__ and use this content files package
-      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-     -->
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs
deleted file mode 100644
index 67a87fca59..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCache.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache
-    {
-        /// <summary>
-        /// A <see cref="Task"/> that's already completed successfully.
-        /// </summary>
-        /// <remarks>
-        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
-        /// by <c>Task.CompletedTask</c>.
-        /// </remarks>
-#if NET451
-        public static readonly Task CompletedTask = Task.FromResult(0);
-#else
-        public static readonly Task CompletedTask = Task.CompletedTask;
-#endif
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs
deleted file mode 100644
index 5015e3aba7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/__TemporarySources__/TaskCacheOfT.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache<T>
-    {
-        /// <summary>
-        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
-        /// </summary>
-        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
-    }
-
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 0af3a9d0d6..559b78a3c9 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -10,20 +10,8 @@
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 1bb635bfc3..3a0ad122c5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -10,21 +10,9 @@
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <!--
-      TODO remove files in __TemporarySources__ and use this content files package
-      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-     -->
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs
deleted file mode 100644
index 67a87fca59..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCache.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache
-    {
-        /// <summary>
-        /// A <see cref="Task"/> that's already completed successfully.
-        /// </summary>
-        /// <remarks>
-        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
-        /// by <c>Task.CompletedTask</c>.
-        /// </remarks>
-#if NET451
-        public static readonly Task CompletedTask = Task.FromResult(0);
-#else
-        public static readonly Task CompletedTask = Task.CompletedTask;
-#endif
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs
deleted file mode 100644
index 5015e3aba7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/__TemporarySources__/TaskCacheOfT.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache<T>
-    {
-        /// <summary>
-        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
-        /// </summary>
-        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
-    }
-
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index d6b2006290..72da65f4c5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -7,19 +7,9 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-  </ItemGroup>
-  <ItemGroup>
-    <!--
-      TODO remove files in __TemporarySources__ and use this content files package
-      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-     -->
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs
deleted file mode 100644
index 67a87fca59..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCache.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache
-    {
-        /// <summary>
-        /// A <see cref="Task"/> that's already completed successfully.
-        /// </summary>
-        /// <remarks>
-        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
-        /// by <c>Task.CompletedTask</c>.
-        /// </remarks>
-#if NET451
-        public static readonly Task CompletedTask = Task.FromResult(0);
-#else
-        public static readonly Task CompletedTask = Task.CompletedTask;
-#endif
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs
deleted file mode 100644
index 5015e3aba7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/__TemporarySources__/TaskCacheOfT.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache<T>
-    {
-        /// <summary>
-        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
-        /// </summary>
-        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
-    }
-
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index b7222fd9c6..0368a8be0e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -10,21 +10,9 @@
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <!--
-      TODO remove files in __TemporarySources__ and use this content files package
-      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-     -->
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs
deleted file mode 100644
index 67a87fca59..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCache.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache
-    {
-        /// <summary>
-        /// A <see cref="Task"/> that's already completed successfully.
-        /// </summary>
-        /// <remarks>
-        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
-        /// by <c>Task.CompletedTask</c>.
-        /// </remarks>
-#if NET451
-        public static readonly Task CompletedTask = Task.FromResult(0);
-#else
-        public static readonly Task CompletedTask = Task.CompletedTask;
-#endif
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs
deleted file mode 100644
index 5015e3aba7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/__TemporarySources__/TaskCacheOfT.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache<T>
-    {
-        /// <summary>
-        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
-        /// </summary>
-        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
-    }
-
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index edc85f76ed..e93061de63 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -11,24 +11,15 @@
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <!--
-      TODO remove files in __TemporarySources__ and use this content files package
-      <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="1.2.0-*" PrivateAssets="All" />
-      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-     -->
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="1.2.0-*" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="1.2.0-*" />
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs
deleted file mode 100644
index 408ef6b224..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/SecurityHelper.cs
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Linq;
-using System.Security.Claims;
-
-namespace Microsoft.Extensions.Internal
-{
-    /// <summary>
-    /// Helper code used when implementing authentication middleware
-    /// </summary>
-    internal static class SecurityHelper
-    {
-        /// <summary>
-        /// Add all ClaimsIdentities from an additional ClaimPrincipal to the ClaimsPrincipal
-        /// Merges a new claims principal, placing all new identities first, and eliminating
-        /// any empty unauthenticated identities from context.User
-        /// </summary>
-        /// <param name="existingPrincipal">The <see cref="ClaimsPrincipal"/> containing existing <see cref="ClaimsIdentity"/>.</param>
-        /// <param name="additionalPrincipal">The <see cref="ClaimsPrincipal"/> containing <see cref="ClaimsIdentity"/> to be added.</param>
-        public static ClaimsPrincipal MergeUserPrincipal(ClaimsPrincipal existingPrincipal, ClaimsPrincipal additionalPrincipal)
-        {
-            var newPrincipal = new ClaimsPrincipal();
-
-            // New principal identities go first
-            if (additionalPrincipal != null)
-            {
-                newPrincipal.AddIdentities(additionalPrincipal.Identities);
-            }
-
-            // Then add any existing non empty or authenticated identities
-            if (existingPrincipal != null)
-            {
-                newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Any()));
-            }
-            return newPrincipal;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs
deleted file mode 100644
index 67a87fca59..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCache.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache
-    {
-        /// <summary>
-        /// A <see cref="Task"/> that's already completed successfully.
-        /// </summary>
-        /// <remarks>
-        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
-        /// by <c>Task.CompletedTask</c>.
-        /// </remarks>
-#if NET451
-        public static readonly Task CompletedTask = Task.FromResult(0);
-#else
-        public static readonly Task CompletedTask = Task.CompletedTask;
-#endif
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs
deleted file mode 100644
index 5015e3aba7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/__TemporarySources__/TaskCacheOfT.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache<T>
-    {
-        /// <summary>
-        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
-        /// </summary>
-        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
-    }
-
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index fdc54f10bd..6a1c60f94a 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -13,19 +13,10 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
     <PackageTags>aspnetcore;authorization</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <!--
-      TODO remove files in __TemporarySources__ and use this content files package
-      <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-     -->
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
diff --git a/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs b/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs
deleted file mode 100644
index 67a87fca59..0000000000
--- a/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCache.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache
-    {
-        /// <summary>
-        /// A <see cref="Task"/> that's already completed successfully.
-        /// </summary>
-        /// <remarks>
-        /// We're caching this in a static readonly field to make it more inlinable and avoid the volatile lookup done
-        /// by <c>Task.CompletedTask</c>.
-        /// </remarks>
-#if NET451
-        public static readonly Task CompletedTask = Task.FromResult(0);
-#else
-        public static readonly Task CompletedTask = Task.CompletedTask;
-#endif
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs b/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs
deleted file mode 100644
index 5015e3aba7..0000000000
--- a/src/Microsoft.AspNetCore.Authorization/__TemporarySources__/TaskCacheOfT.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.Extensions.Internal
-{
-    internal static class TaskCache<T>
-    {
-        /// <summary>
-        /// Gets a completed <see cref="Task"/> with the value of <c>default(T)</c>.
-        /// </summary>
-        public static Task<T> DefaultCompletedTask { get; }  = Task.FromResult(default(T));
-    }
-
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 0d0e37c80f..2f5b094c07 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -10,15 +10,9 @@
     <PackageTags>aspnetcore</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index 7ec8078c58..4c6cb7a834 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -10,15 +10,9 @@
     <PackageTags>aspnetcore;katana;owin;security</PackageTags>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Owin.Security" Version="3.0.1" />
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 39c01086e9..0a9adfd437 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -6,11 +6,6 @@
     <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
@@ -19,24 +14,11 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 424132eb20..62b041f372 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -6,18 +6,9 @@
     <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
-  </ItemGroup>
-
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
@@ -25,8 +16,4 @@
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 4c4da177fd..672309b928 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -7,20 +7,14 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <Compile Include="**\*.cs" />
     <Compile Include="..\..\shared\Microsoft.AspNetCore.ChunkingCookieManager.Sources\**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index b46df5b990..91e98ad986 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -6,29 +6,14 @@
     <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1' ">
-    <PackageReference Include="Microsoft.NETCore.App" Version="1.2.0-*" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index d78da43973..408703450c 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -6,26 +6,14 @@
     <TargetFramework>net451</TargetFramework>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Include="**\*.cs" />
-    <EmbeddedResource Include="**\*.resx" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj">
-      <FromP2P>true</FromP2P>
-    </ProjectReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-preview-20161123-03" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="3.0.1" />
     <PackageReference Include="Microsoft.Owin.Testing" Version="3.0.1" />
-    <PackageReference Include="NETStandard.Library" Version="1.6.2-*" />
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 

From a031c4badb0466c9a95a43691e5bf07fce096034 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 25 Jan 2017 16:07:46 -0800
Subject: [PATCH 678/900] Update OpenId package versions

---
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj        | 2 +-
 .../Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index b53e5ee85d..1e8ecac61e 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -10,6 +10,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 72da65f4c5..aa44423133 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -10,6 +10,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
   </ItemGroup>
 </Project>
\ No newline at end of file

From 0113df6075104c4081d3838f9d8bde35c4181e5f Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 30 Jan 2017 11:10:41 -0800
Subject: [PATCH 679/900] Revert "Update OpenId package versions"

This reverts commit a031c4badb0466c9a95a43691e5bf07fce096034.
---
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj        | 2 +-
 .../Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 1e8ecac61e..b53e5ee85d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -10,6 +10,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index aa44423133..72da65f4c5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -10,6 +10,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
   </ItemGroup>
 </Project>
\ No newline at end of file

From c18a3d3a7d9e9771638b74ad5c7777f33e4363a6 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 31 Jan 2017 06:51:51 -0800
Subject: [PATCH 680/900] Revert "Revert "Update OpenId package versions""

This reverts commit 0113df6075104c4081d3838f9d8bde35c4181e5f.
---
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj        | 2 +-
 .../Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index b53e5ee85d..1e8ecac61e 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -10,6 +10,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 72da65f4c5..aa44423133 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -10,6 +10,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.2" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
   </ItemGroup>
 </Project>
\ No newline at end of file

From 7dd6ee791ac24bc3a28f75d67ae8cb5935f557db Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 31 Jan 2017 17:09:55 -0800
Subject: [PATCH 681/900] Simplify packing

---
 shared/sources.csproj | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/shared/sources.csproj b/shared/sources.csproj
index 70c6cdbf2c..d8796f1a45 100644
--- a/shared/sources.csproj
+++ b/shared/sources.csproj
@@ -13,8 +13,7 @@
   </PropertyGroup>
 
   <ItemGroup Condition="'$(NuspecBasePath)' != ''">
-    <Compile Include="$(NuspecBasePath)\**\*.cs" Pack="true" />
-    <EmbeddedResource Include="$(NuspecBasePath)\**\*.resx" Pack="true" />
+    <Compile Include="$(NuspecBasePath)\**\*.cs" Pack="true" PackagePath="$(ContentTargetFolders)\cs\$(TargetFramework)\%(RecursiveDir)%(FileName)%(Extension)" />
     <PackageReference Update="@(PackageReference)" PrivateAssets="All" />
   </ItemGroup>
 

From fea5d5cfdc8fc9413ba7816cc108f4d893ac16e1 Mon Sep 17 00:00:00 2001
From: Ben Adams <thundercat@illyriad.co.uk>
Date: Mon, 6 Feb 2017 22:36:42 +0000
Subject: [PATCH 682/900] Truncate SystemClock to Seconds Precision (#1110)

---
 src/Microsoft.AspNetCore.Authentication/SystemClock.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
index 0f9c2a30a0..e1c79192aa 100644
--- a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
+++ b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
@@ -7,7 +7,7 @@ using System;
 namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
-    /// Provides access to the normal system clock.
+    /// Provides access to the normal system clock with precision in seconds.
     /// </summary>
     public class SystemClock : ISystemClock
     {
@@ -20,8 +20,8 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 // the clock measures whole seconds only, to have integral expires_in results, and
                 // because milliseconds do not round-trip serialization formats
-                DateTimeOffset utcNow = DateTimeOffset.UtcNow;
-                return utcNow.AddMilliseconds(-utcNow.Millisecond);
+                var utcNowPrecisionSeconds = new DateTime((DateTime.UtcNow.Ticks / TimeSpan.TicksPerSecond) * TimeSpan.TicksPerSecond, DateTimeKind.Utc);
+                return new DateTimeOffset(utcNowPrecisionSeconds);
             }
         }
     }

From 61e7ceba45d64e04b90cf18c9c459c32f1fe2da2 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 8 Feb 2017 17:44:52 -0800
Subject: [PATCH 683/900] React to aspnet/Configuration#594

---
 samples/JwtBearerSample/Startup.cs             | 2 +-
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 2 +-
 samples/OpenIdConnectSample/Startup.cs         | 2 +-
 samples/SocialSample/Startup.cs                | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index ac599bc57f..4d1ca74761 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -24,7 +24,7 @@ namespace JwtBearerSample
             if (env.IsDevelopment())
             {
                 // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
-                builder.AddUserSecrets();
+                builder.AddUserSecrets<Startup>();
             }
 
             builder.AddEnvironmentVariables();
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 5b18a0e13d..ec80cd651d 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -28,7 +28,7 @@ namespace OpenIdConnect.AzureAdSample
             if (env.IsDevelopment())
             {
                 // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
-                builder.AddUserSecrets();
+                builder.AddUserSecrets<Startup>();
             }
 
             builder.AddEnvironmentVariables();
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 90ed3db25d..587e1e9c16 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -28,7 +28,7 @@ namespace OpenIdConnectSample
             if (env.IsDevelopment())
             {
                 // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
-                builder.AddUserSecrets();
+                builder.AddUserSecrets<Startup>();
             }
 
             builder.AddEnvironmentVariables();
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 5bd848067e..4c0faaa16f 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -34,7 +34,7 @@ namespace SocialSample
             if (env.IsDevelopment())
             {
                 // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
-                builder.AddUserSecrets();
+                builder.AddUserSecrets<Startup>();
             }
 
             builder.AddEnvironmentVariables();

From cbceba6fa801f344964426e480144a743ab28a2a Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Fri, 10 Feb 2017 12:30:06 -0800
Subject: [PATCH 684/900] Remove makefile.shade and sources.csproj

---
 NuGetPackageVerifier.json | 20 ++++++++++----------
 makefile.shade            |  8 --------
 shared/sources.csproj     | 28 ----------------------------
 3 files changed, 10 insertions(+), 46 deletions(-)
 delete mode 100644 makefile.shade
 delete mode 100644 shared/sources.csproj

diff --git a/NuGetPackageVerifier.json b/NuGetPackageVerifier.json
index 348835e2d2..974eb365c9 100644
--- a/NuGetPackageVerifier.json
+++ b/NuGetPackageVerifier.json
@@ -1,13 +1,13 @@
 {
-    "adx-nonshipping": {
-        "rules": [],
-        "packages": {
-            "Microsoft.AspNetCore.ChunkingCookieManager.Sources": { }
-        }
-    },
-    "Default": { // Rules to run for packages not listed in any other set.
-        "rules": [
-            "DefaultCompositeRule"
-        ]
+  "adx-nonshipping": {
+    "rules": [],
+    "packages": {
+      "Microsoft.AspNetCore.ChunkingCookieManager.Sources": {}
     }
+  },
+  "Default": {
+    "rules": [
+      "DefaultCompositeRule"
+    ]
+  }
 }
\ No newline at end of file
diff --git a/makefile.shade b/makefile.shade
deleted file mode 100644
index 76d5bf85e4..0000000000
--- a/makefile.shade
+++ /dev/null
@@ -1,8 +0,0 @@
-
-var VERSION='0.1'
-var FULL_VERSION='0.1'
-use-standard-lifecycle
-k-standard-goals
-
-#pack-sources target='build-pack'
-    dotnet command='msbuild shared/sources.csproj "/t:Restore;PackAll" /v:n'
diff --git a/shared/sources.csproj b/shared/sources.csproj
deleted file mode 100644
index d8796f1a45..0000000000
--- a/shared/sources.csproj
+++ /dev/null
@@ -1,28 +0,0 @@
-<!-- this is a dummy project to workaround https://github.com/NuGet/Home/issues/4254 -->
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
-  <Import Project="..\build\common.props" />
-
-  <PropertyGroup>
-    <PackageOutputPath Condition="'$(PackageOutputPath)'==''">$(MSBuildThisFileDirectory)..\artifacts\build</PackageOutputPath>
-    <NuspecBasePath>$(MSBuildThisFileDirectory)\$(PackageId)</NuspecBasePath>
-    <TargetFramework>netstandard1.0</TargetFramework>
-    <EnableDefaultItems>false</EnableDefaultItems>
-    <Description>$(PackageId)</Description>
-    <IncludeBuildOutput>false</IncludeBuildOutput>
-    <ContentTargetFolders>contentFiles</ContentTargetFolders>
-  </PropertyGroup>
-
-  <ItemGroup Condition="'$(NuspecBasePath)' != ''">
-    <Compile Include="$(NuspecBasePath)\**\*.cs" Pack="true" PackagePath="$(ContentTargetFolders)\cs\$(TargetFramework)\%(RecursiveDir)%(FileName)%(Extension)" />
-    <PackageReference Update="@(PackageReference)" PrivateAssets="All" />
-  </ItemGroup>
-
-  <Target Name="PackAll">
-    <ItemGroup>
-      <Packages Include="$([System.IO.Directory]::GetDirectories(&quot;$(MSBuildThisFileDirectory)&quot;, '*.Sources'))" />
-    </ItemGroup>
-    <MSBuild Projects="$(MSBuildThisFile)"
-             Targets="Pack"
-             Properties="PackageVersion=$(Version);PackageId=%(Packages.FileName)%(Packages.Extension);NoBuild=true" />
-  </Target>
-</Project>
\ No newline at end of file

From 9847f4065467ca01c051cb0d1e2b49b103b602fb Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 14 Feb 2017 16:03:54 -0800
Subject: [PATCH 685/900] Downgrade to stable packages

---
 build/common.props                                         | 7 +++----
 build/dependencies.props                                   | 6 ++++++
 samples/CookieSample/CookieSample.csproj                   | 3 +--
 samples/CookieSessionSample/CookieSessionSample.csproj     | 3 +--
 samples/JwtBearerSample/JwtBearerSample.csproj             | 3 +--
 .../OpenIdConnect.AzureAdSample.csproj                     | 5 ++---
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj     | 3 +--
 samples/SocialSample/SocialSample.csproj                   | 3 +--
 .../Microsoft.AspNetCore.Authentication.Cookies.csproj     | 2 +-
 .../Microsoft.AspNetCore.Authentication.Facebook.csproj    | 2 +-
 .../Microsoft.AspNetCore.Authentication.Google.csproj      | 2 +-
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj   | 4 ++--
 ...osoft.AspNetCore.Authentication.MicrosoftAccount.csproj | 2 +-
 .../Microsoft.AspNetCore.Authentication.OAuth.csproj       | 6 +++---
 ...icrosoft.AspNetCore.Authentication.OpenIdConnect.csproj | 4 ++--
 .../Microsoft.AspNetCore.Authentication.Twitter.csproj     | 2 +-
 .../Microsoft.AspNetCore.Authentication.csproj             | 2 +-
 .../Microsoft.AspNetCore.Authorization.csproj              | 4 ++--
 .../Microsoft.AspNetCore.CookiePolicy.csproj               | 2 +-
 .../Microsoft.Owin.Security.Interop.csproj                 | 2 +-
 .../Microsoft.AspNetCore.Authentication.Test.csproj        | 2 +-
 .../Microsoft.AspNetCore.Authorization.Test.csproj         | 2 +-
 ...ft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj | 2 +-
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj          | 2 +-
 .../Microsoft.Owin.Security.Interop.Test.csproj            | 2 +-
 25 files changed, 38 insertions(+), 39 deletions(-)
 create mode 100644 build/dependencies.props

diff --git a/build/common.props b/build/common.props
index 7ce50d277a..52413444ee 100644
--- a/build/common.props
+++ b/build/common.props
@@ -1,4 +1,5 @@
 <Project>
+  <Import Project="dependencies.props" />
   <Import Project="..\version.props" />
 
   <PropertyGroup>
@@ -8,8 +9,6 @@
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)Key.snk</AssemblyOriginatorKeyFile>
     <SignAssembly>true</SignAssembly>
     <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
-    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
-    <NetStandardImplicitPackageVersion>1.6.2-*</NetStandardImplicitPackageVersion>
     <VersionSuffix Condition="'$(VersionSuffix)'!='' AND '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
   </PropertyGroup>
 
@@ -20,5 +19,5 @@
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework' AND '$(OutputType)'=='library'">
     <PackageReference Include="NETStandard.Library" Version="$(NetStandardImplicitPackageVersion)" />
   </ItemGroup>
-  
-</Project>
\ No newline at end of file
+
+</Project>
diff --git a/build/dependencies.props b/build/dependencies.props
new file mode 100644
index 0000000000..e704edaec0
--- /dev/null
+++ b/build/dependencies.props
@@ -0,0 +1,6 @@
+<Project>
+  <PropertyGroup>
+    <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
+    <CoreFxVersion>4.3.0</CoreFxVersion>
+  </PropertyGroup>
+</Project>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index e9987f3a86..a2cab9171e 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -1,11 +1,10 @@
-<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
     <OutputType>Exe</OutputType>
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
-    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index 62bb9f4a9f..aa5f0ca272 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -1,11 +1,10 @@
-<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
     <OutputType>Exe</OutputType>
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
-    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 83c0c643d7..790bd0827b 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <VersionPrefix>1.1.0</VersionPrefix>
@@ -7,7 +7,6 @@
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <OutputType>Exe</OutputType>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
-    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
  </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 6cb421a2a0..8c8c3f2b18 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -1,11 +1,10 @@
-<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
     <OutputType>Exe</OutputType>
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
-    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
@@ -18,4 +17,4 @@
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.8" />
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
   </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index acbae28b43..5a9683f6cb 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
@@ -6,7 +6,6 @@
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
-    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 1c137b6d5c..30f0742dea 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
@@ -6,7 +6,6 @@
     <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
     <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
-    <NetCoreAppImplicitPackageVersion>1.2.0-*</NetCoreAppImplicitPackageVersion>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 01f5b635d1..0d7dd04303 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 7d7e3ad043..6be798cc19 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index 30545dd69b..dc6ef94d64 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 1e8ecac61e..518526d419 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
@@ -12,4 +12,4 @@
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
   </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 559b78a3c9..5f9a5bb3e4 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 3a0ad122c5..e40377c09f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
-    <PackageReference Include="System.Runtime.Serialization.Primitives" Version="4.4.0-*" />
+    <PackageReference Include="System.Runtime.Serialization.Primitives" Version="$(CoreFxVersion)" />
   </ItemGroup>
 
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index aa44423133..e5665f579b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
@@ -12,4 +12,4 @@
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
   </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 0368a8be0e..78557532c5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index e93061de63..3b5c7d6314 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 6a1c60f94a..d1360f868c 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
@@ -20,7 +20,7 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
-    <PackageReference Include="System.Security.Claims" Version="4.4.0-*" />
+    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 2f5b094c07..862ab2ac72 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index 4c6cb7a834..153eb6ae9f 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 0a9adfd437..66d9dfed6c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 62b041f372..b57e099048 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 672309b928..f5ca9c2d3e 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index 91e98ad986..f0a8a28d90 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 408703450c..09433d2994 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 

From 591a2b0e6b1093afc046a1e382d2931c4219f5e0 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 16 Feb 2017 11:23:03 -0800
Subject: [PATCH 686/900] React to aspnet/KoreBuild#160

---
 build/repo.props | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 build/repo.props

diff --git a/build/repo.props b/build/repo.props
new file mode 100644
index 0000000000..d4bab3eebd
--- /dev/null
+++ b/build/repo.props
@@ -0,0 +1,5 @@
+<Project>
+  <ItemGroup>
+    <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'"/>
+  </ItemGroup>
+</Project>

From 7637f2ea44c7f296623615ecab0370048155958f Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Wed, 15 Feb 2017 19:29:55 -0800
Subject: [PATCH 687/900] Bump test projects up to .NET 4.5.2 -
 aspnet/Testing#248 - xUnit no longer supports .NET 4.5.1 - target .NET 4.6.1
 in Microsoft.Owin.Security.Interop.Test; avoids .NET 4.5.2 System.Xml casing
 issue - build tests for desktop .NET only on Windows   - except
 Microsoft.Owin.Security.Interop.Test; already skipped using repo.props -
 enable binding redirects for one test project

---
 .../Microsoft.AspNetCore.Authentication.Test.csproj           | 3 ++-
 .../Microsoft.AspNetCore.Authorization.Test.csproj            | 3 ++-
 ...osoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj | 3 ++-
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj             | 3 ++-
 .../Microsoft.Owin.Security.Interop.Test.csproj               | 4 +++-
 5 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 66d9dfed6c..446469ba46 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -3,7 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index b57e099048..5eaa318a3d 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -3,7 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index f5ca9c2d3e..0cf30727b6 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -3,7 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index f0a8a28d90..aa00d90e0a 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -3,7 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net451</TargetFrameworks>
+    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 09433d2994..635fffe331 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -3,7 +3,9 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFramework>net451</TargetFramework>
+    <TargetFramework>net461</TargetFramework>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
 
   <ItemGroup>

From ad425163b29b1e09a41e84423b0dcbac797c9164 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 14 Feb 2017 16:19:55 -0800
Subject: [PATCH 688/900] #969 Make social auth claims mapping more
 configurable #1024 Remove OIDC protocol claims

---
 samples/SocialSample/Startup.cs               |  71 ++----
 .../FacebookHandler.cs                        |  85 +-------
 .../FacebookHelper.cs                         | 206 ------------------
 .../FacebookOptions.cs                        |  17 ++
 .../GoogleHandler.cs                          |  37 +---
 .../GoogleHelper.cs                           |  80 -------
 .../GoogleOptions.cs                          |   9 +
 .../MicrosoftAccountHandler.cs                |  34 +--
 .../MicrosoftAccountHelper.cs                 |  81 -------
 .../MicrosoftAccountOptions.cs                |  10 +-
 .../Claims/ClaimAction.cs                     |  42 ++++
 .../Claims/ClaimActionCollection.cs           |  52 +++++
 .../ClaimActionCollectionMapExtensions.cs     | 100 +++++++++
 .../Claims/CustomJsonClaimAction.cs           |  46 ++++
 .../Claims/DeleteClaimAction.cs               |  33 +++
 .../Claims/JsonKeyClaimAction.cs              |  42 ++++
 .../Claims/JsonSubKeyClaimAction.cs           |  58 +++++
 .../Events/OAuthCreatingTicketContext.cs      |  18 ++
 .../OAuthHandler.cs                           |   3 +-
 .../OAuthOptions.cs                           |   7 +-
 .../ClaimActionCollectionUniqueExtensions.cs  |  39 ++++
 .../Claims/UniqueJsonKeyClaimAction.cs        |  61 ++++++
 ...etCore.Authentication.OpenIdConnect.csproj |   2 +-
 .../OpenIdConnectHandler.cs                   |  34 +--
 .../OpenIdConnectOptions.cs                   |  33 ++-
 .../Utility/ClaimsHelper.cs                   |  81 -------
 .../Events/TwitterCreatingTicketContext.cs    |   1 +
 ...t.AspNetCore.Authentication.Twitter.csproj |   3 +-
 .../TwitterHandler.cs                         |  11 +-
 .../TwitterOptions.cs                         |  10 +-
 .../Google/GoogleMiddlewareTests.cs           |  10 +-
 ...soft.AspNetCore.Authentication.Test.csproj |   4 +
 ...osoft.AspNetCore.Authorization.Test.csproj |   4 +
 ....ChunkingCookieManager.Sources.Test.csproj |   4 +
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |   4 +
 35 files changed, 637 insertions(+), 695 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 4c0faaa16f..42ce6a29db 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -112,7 +112,7 @@ namespace SocialSample
 
             // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
             // https://console.developers.google.com/project
-            app.UseGoogleAuthentication(new GoogleOptions
+            var googleOptions = new GoogleOptions
             {
                 ClientId = Configuration["google:clientid"],
                 ClientSecret = Configuration["google:clientsecret"],
@@ -126,11 +126,14 @@ namespace SocialSample
                         return Task.FromResult(0);
                     }
                 }
-            });
+            };
+            googleOptions.ClaimActions.MapJsonSubKey("urn:google:image", "image", "url");
+            googleOptions.ClaimActions.Remove(ClaimTypes.GivenName);
+            app.UseGoogleAuthentication(googleOptions);
 
             // You must first create an app with Twitter and add its key and Secret to your user-secrets.
             // https://apps.twitter.com/
-            app.UseTwitterAuthentication(new TwitterOptions
+            var twitterOptions = new TwitterOptions
             {
                 ConsumerKey = Configuration["twitter:consumerkey"],
                 ConsumerSecret = Configuration["twitter:consumersecret"],
@@ -140,12 +143,6 @@ namespace SocialSample
                 SaveTokens = true,
                 Events = new TwitterEvents()
                 {
-                    OnCreatingTicket = ctx =>
-                    {
-                        var profilePic = ctx.User.Value<string>("profile_image_url");
-                        ctx.Principal.Identities.First().AddClaim(new Claim("urn:twitter:profilepicture", profilePic, ClaimTypes.Uri, ctx.Options.ClaimsIssuer));
-                        return Task.FromResult(0);
-                    },
                     OnRemoteFailure = ctx =>
                     {
                         ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
@@ -153,7 +150,9 @@ namespace SocialSample
                         return Task.FromResult(0);
                     }
                 }
-            });
+            };
+            twitterOptions.ClaimActions.MapJsonKey("urn:twitter:profilepicture", "profile_image_url", ClaimTypes.Uri);
+            app.UseTwitterAuthentication(twitterOptions);
 
             /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
                Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
@@ -200,7 +199,7 @@ namespace SocialSample
 
             // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
             // https://github.com/settings/applications/
-            app.UseOAuthAuthentication(new OAuthOptions
+            var githubOptions = new OAuthOptions
             {
                 AuthenticationScheme = "GitHub",
                 DisplayName = "Github",
@@ -227,48 +226,16 @@ namespace SocialSample
 
                         var user = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-                        var identifier = user.Value<string>("id");
-                        if (!string.IsNullOrEmpty(identifier))
-                        {
-                            context.Identity.AddClaim(new Claim(
-                                ClaimTypes.NameIdentifier, identifier,
-                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
-                        }
-
-                        var userName = user.Value<string>("login");
-                        if (!string.IsNullOrEmpty(userName))
-                        {
-                            context.Identity.AddClaim(new Claim(
-                                ClaimsIdentity.DefaultNameClaimType, userName,
-                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
-                        }
-
-                        var name = user.Value<string>("name");
-                        if (!string.IsNullOrEmpty(name))
-                        {
-                            context.Identity.AddClaim(new Claim(
-                                "urn:github:name", name,
-                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
-                        }
-
-                        var email = user.Value<string>("email");
-                        if (!string.IsNullOrEmpty(email))
-                        {
-                            context.Identity.AddClaim(new Claim(
-                                ClaimTypes.Email, email,
-                                ClaimValueTypes.Email, context.Options.ClaimsIssuer));
-                        }
-
-                        var link = user.Value<string>("url");
-                        if (!string.IsNullOrEmpty(link))
-                        {
-                            context.Identity.AddClaim(new Claim(
-                                "urn:github:url", link,
-                                ClaimValueTypes.String, context.Options.ClaimsIssuer));
-                        }
+                        context.RunClaimActions(user);
                     }
                 }
-            });
+            };
+            githubOptions.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
+            githubOptions.ClaimActions.MapJsonKey(ClaimTypes.Name, "login");
+            githubOptions.ClaimActions.MapJsonKey("urn:github:name", "name");
+            githubOptions.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
+            githubOptions.ClaimActions.MapJsonKey("urn:github:url", "url");
+            app.UseOAuthAuthentication(githubOptions);
 
             // Choose an authentication type
             app.Map("/login", signoutApp =>
@@ -357,7 +324,7 @@ namespace SocialSample
                 }
 
                 await context.Response.WriteAsync("Tokens:<br>");
-                
+
                 await context.Response.WriteAsync("Access Token: " + await context.Authentication.GetTokenAsync("access_token") + "<br>");
                 await context.Response.WriteAsync("Refresh Token: " + await context.Authentication.GetTokenAsync("refresh_token") + "<br>");
                 await context.Response.WriteAsync("Token Type: " + await context.Authentication.GetTokenAsync("token_type") + "<br>");
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index be1c8f8f83..3c3c14c86f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -45,90 +45,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 
             var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
             var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
-
-            var identifier = FacebookHelper.GetId(payload);
-            if (!string.IsNullOrEmpty(identifier))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var ageRangeMin = FacebookHelper.GetAgeRangeMin(payload);
-            if (!string.IsNullOrEmpty(ageRangeMin))
-            {
-                identity.AddClaim(new Claim("urn:facebook:age_range_min", ageRangeMin, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var ageRangeMax = FacebookHelper.GetAgeRangeMax(payload);
-            if (!string.IsNullOrEmpty(ageRangeMax))
-            {
-                identity.AddClaim(new Claim("urn:facebook:age_range_max", ageRangeMax, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var birthday = FacebookHelper.GetBirthday(payload);
-            if (!string.IsNullOrEmpty(birthday))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.DateOfBirth, birthday, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var email = FacebookHelper.GetEmail(payload);
-            if (!string.IsNullOrEmpty(email))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var firstName = FacebookHelper.GetFirstName(payload);
-            if (!string.IsNullOrEmpty(firstName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.GivenName, firstName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var gender = FacebookHelper.GetGender(payload);
-            if (!string.IsNullOrEmpty(gender))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Gender, gender, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var lastName = FacebookHelper.GetLastName(payload);
-            if (!string.IsNullOrEmpty(lastName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Surname, lastName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var link = FacebookHelper.GetLink(payload);
-            if (!string.IsNullOrEmpty(link))
-            {
-                identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var location = FacebookHelper.GetLocation(payload);
-            if (!string.IsNullOrEmpty(location))
-            {
-                identity.AddClaim(new Claim("urn:facebook:location", location, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var locale = FacebookHelper.GetLocale(payload);
-            if (!string.IsNullOrEmpty(locale))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Locality, locale, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var middleName = FacebookHelper.GetMiddleName(payload);
-            if (!string.IsNullOrEmpty(middleName))
-            {
-                identity.AddClaim(new Claim("urn:facebook:middle_name", middleName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var name = FacebookHelper.GetName(payload);
-            if (!string.IsNullOrEmpty(name))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var timeZone = FacebookHelper.GetTimeZone(payload);
-            if (!string.IsNullOrEmpty(timeZone))
-            {
-                identity.AddClaim(new Claim("urn:facebook:timezone", timeZone, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
+            context.RunClaimActions();
 
             await Options.Events.CreatingTicket(context);
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
deleted file mode 100644
index 48e3590990..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHelper.cs
+++ /dev/null
@@ -1,206 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Newtonsoft.Json.Linq;
-
-namespace Microsoft.AspNetCore.Authentication.Facebook
-{
-    /// <summary>
-    /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
-    /// instance retrieved from Facebook after a successful authentication process.
-    /// </summary>
-    public static class FacebookHelper
-    {
-        /// <summary>
-        /// Gets the Facebook user ID.
-        /// </summary>
-        public static string GetId(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("id");
-        }
-
-        /// <summary>
-        /// Gets the user's min age.
-        /// </summary>
-        public static string GetAgeRangeMin(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-            return TryGetValue(user, "age_range", "min");
-        }
-
-        /// <summary>
-        /// Gets the user's max age.
-        /// </summary>
-        public static string GetAgeRangeMax(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return TryGetValue(user, "age_range", "max");
-        }
-
-        /// <summary>
-        /// Gets the user's birthday.
-        /// </summary>
-        public static string GetBirthday(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-            return user.Value<string>("birthday");
-        }
-
-        /// <summary>
-        /// Gets the Facebook email.
-        /// </summary>
-        public static string GetEmail(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("email");
-        }
-
-        /// <summary>
-        /// Gets the user's first name.
-        /// </summary>
-        public static string GetFirstName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("first_name");
-        }
-
-        /// <summary>
-        /// Gets the user's gender.
-        /// </summary>
-        public static string GetGender(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-            return user.Value<string>("gender");
-        }
-
-        /// <summary>
-        /// Gets the user's family name.
-        /// </summary>
-        public static string GetLastName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("last_name");
-        }
-
-        /// <summary>
-        /// Gets the user's link.
-        /// </summary>
-        public static string GetLink(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-            return user.Value<string>("link");
-        }
-
-        /// <summary>
-        /// Gets the user's location.
-        /// </summary>
-        public static string GetLocation(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-            return TryGetValue(user, "location", "name");
-        }
-
-        /// <summary>
-        /// Gets the user's locale.
-        /// </summary>
-        public static string GetLocale(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-            return user.Value<string>("locale");
-        }
-
-        /// <summary>
-        /// Gets the user's middle name.
-        /// </summary>
-        public static string GetMiddleName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("middle_name");
-        }
-
-        /// <summary>
-        /// Gets the user's name.
-        /// </summary>
-        public static string GetName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("name");
-        }
-
-        /// <summary>
-        /// Gets the user's timezone.
-        /// </summary>
-        public static string GetTimeZone(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-            return user.Value<string>("timezone");
-        }
-
-        // Get the given subProperty from a property.
-        private static string TryGetValue(JObject user, string propertyName, string subProperty)
-        {
-            JToken value;
-            if (user.TryGetValue(propertyName, out value))
-            {
-                var subObject = JObject.Parse(value.ToString());
-                if (subObject != null && subObject.TryGetValue(subProperty, out value))
-                {
-                    return value.ToString();
-                }
-            }
-            return null;
-        }
-
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
index 8e86b37c1f..ae875bfafb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
@@ -2,6 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Facebook;
 using Microsoft.AspNetCore.Http;
 
@@ -30,6 +32,21 @@ namespace Microsoft.AspNetCore.Builder
             Fields.Add("email");
             Fields.Add("first_name");
             Fields.Add("last_name");
+
+            ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
+            ClaimActions.MapJsonSubKey("urn:facebook:age_range_min", "age_range", "min");
+            ClaimActions.MapJsonSubKey("urn:facebook:age_range_max", "age_range", "max");
+            ClaimActions.MapJsonKey(ClaimTypes.DateOfBirth, "birthday");
+            ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
+            ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
+            ClaimActions.MapJsonKey(ClaimTypes.GivenName, "first_name");
+            ClaimActions.MapJsonKey("urn:facebook:middle_name", "middle_name");
+            ClaimActions.MapJsonKey(ClaimTypes.Surname, "last_name");
+            ClaimActions.MapJsonKey(ClaimTypes.Gender, "gender");
+            ClaimActions.MapJsonKey("urn:facebook:link", "link");
+            ClaimActions.MapJsonSubKey("urn:facebook:location", "location", "name");
+            ClaimActions.MapJsonKey(ClaimTypes.Locality, "locale");
+            ClaimActions.MapJsonKey("urn:facebook:timezone", "timezone");
         }
 
         // Facebook uses a non-standard term for this field.
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index f28ab4d14a..87506e080f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -42,42 +42,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var principal = new ClaimsPrincipal(identity);
             var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
             var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
-
-            var identifier = GoogleHelper.GetId(payload);
-            if (!string.IsNullOrEmpty(identifier))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var givenName = GoogleHelper.GetGivenName(payload);
-            if (!string.IsNullOrEmpty(givenName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var familyName = GoogleHelper.GetFamilyName(payload);
-            if (!string.IsNullOrEmpty(familyName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var name = GoogleHelper.GetName(payload);
-            if (!string.IsNullOrEmpty(name))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var email = GoogleHelper.GetEmail(payload);
-            if (!string.IsNullOrEmpty(email))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var profile = GoogleHelper.GetProfile(payload);
-            if (!string.IsNullOrEmpty(profile))
-            {
-                identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
+            context.RunClaimActions();
 
             await Options.Events.CreatingTicket(context);
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
index 336536c512..2cac949a03 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
@@ -12,71 +12,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
     /// </summary>
     public static class GoogleHelper
     {
-        /// <summary>
-        /// Gets the Google user ID.
-        /// </summary>
-        public static string GetId(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("id");
-        }
-
-        /// <summary>
-        /// Gets the user's name.
-        /// </summary>
-        public static string GetName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("displayName");
-        }
-
-        /// <summary>
-        /// Gets the user's given name.
-        /// </summary>
-        public static string GetGivenName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return TryGetValue(user, "name", "givenName");
-        }
-
-        /// <summary>
-        /// Gets the user's family name.
-        /// </summary>
-        public static string GetFamilyName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return TryGetValue(user, "name", "familyName");
-        }
-
-        /// <summary>
-        /// Gets the user's profile link.
-        /// </summary>
-        public static string GetProfile(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("url");
-        }
-
         /// <summary>
         /// Gets the user's email.
         /// </summary>
@@ -90,21 +25,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
             return TryGetFirstValue(user, "emails", "value");
         }
 
-        // Get the given subProperty from a property.
-        private static string TryGetValue(JObject user, string propertyName, string subProperty)
-        {
-            JToken value;
-            if (user.TryGetValue(propertyName, out value))
-            {
-                var subObject = JObject.Parse(value.ToString());
-                if (subObject != null && subObject.TryGetValue(subProperty, out value))
-                {
-                    return value.ToString();
-                }
-            }
-            return null;
-        }
-
         // Get the given subProperty from a list property.
         private static string TryGetFirstValue(JObject user, string propertyName, string subProperty)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
index 3d93b96ea8..d269779703 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Google;
 using Microsoft.AspNetCore.Http;
 
@@ -25,6 +27,13 @@ namespace Microsoft.AspNetCore.Builder
             Scope.Add("openid");
             Scope.Add("profile");
             Scope.Add("email");
+
+            ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
+            ClaimActions.MapJsonKey(ClaimTypes.Name, "displayName");
+            ClaimActions.MapJsonSubKey(ClaimTypes.GivenName, "name", "givenName");
+            ClaimActions.MapJsonSubKey(ClaimTypes.Surname, "name", "familyName");
+            ClaimActions.MapJsonKey("urn:google:profile", "url");
+            ClaimActions.MapCustomJson(ClaimTypes.Email, GoogleHelper.GetEmail);
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 21f567d15e..2426cafe07 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -35,39 +35,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 
             var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
             var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
-            var identifier = MicrosoftAccountHelper.GetId(payload);
-            if (!string.IsNullOrEmpty(identifier))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
-                identity.AddClaim(new Claim("urn:microsoftaccount:id", identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var name = MicrosoftAccountHelper.GetDisplayName(payload);
-            if (!string.IsNullOrEmpty(name))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
-                identity.AddClaim(new Claim("urn:microsoftaccount:name", name, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var givenName = MicrosoftAccountHelper.GetGivenName(payload);
-            if (!string.IsNullOrEmpty(givenName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
-                identity.AddClaim(new Claim("urn:microsoftaccount:givenname", givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var surname = MicrosoftAccountHelper.GetSurname(payload);
-            if (!string.IsNullOrEmpty(surname))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Surname, surname, ClaimValueTypes.String, Options.ClaimsIssuer));
-                identity.AddClaim(new Claim("urn:microsoftaccount:surname", surname, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var email = MicrosoftAccountHelper.GetEmail(payload);
-            if (!string.IsNullOrEmpty(email))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
+            context.RunClaimActions();
 
             await Options.Events.CreatingTicket(context);
             return context.Ticket;
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
deleted file mode 100644
index cce8dcc73b..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHelper.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Newtonsoft.Json.Linq;
-
-namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
-{
-    /// <summary>
-    /// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
-    /// instance retrieved from Microsoft after a successful authentication process.
-    /// http://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/user
-    /// </summary>
-    public static class MicrosoftAccountHelper
-    {
-        /// <summary>
-        /// Gets the Microsoft Account user ID.
-        /// </summary>
-        public static string GetId(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("id");
-        }
-
-        /// <summary>
-        /// Gets the user's name.
-        /// </summary>
-        public static string GetDisplayName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("displayName");
-        }
-
-        /// <summary>
-        /// Gets the user's given name.
-        /// </summary>
-        public static string GetGivenName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("givenName");
-        }
-
-        /// <summary>
-        /// Gets the user's surname.
-        /// </summary>
-        public static string GetSurname(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("surname");
-        }
-
-        /// <summary>
-        /// Gets the user's email address.
-        /// </summary>
-        public static string GetEmail(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("mail") ?? user.Value<string>("userPrincipalName");
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 625d4baf9c..1aa4009a56 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -1,8 +1,10 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Http;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -23,6 +25,12 @@ namespace Microsoft.AspNetCore.Builder
             TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
             UserInformationEndpoint = MicrosoftAccountDefaults.UserInformationEndpoint;
             Scope.Add("https://graph.microsoft.com/user.read");
+
+            ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
+            ClaimActions.MapJsonKey(ClaimTypes.Name, "displayName");
+            ClaimActions.MapJsonKey(ClaimTypes.GivenName, "givenName");
+            ClaimActions.MapJsonKey(ClaimTypes.Surname, "surname");
+            ClaimActions.MapCustomJson(ClaimTypes.Email, user => user.Value<string>("mail") ?? user.Value<string>("userPrincipalName"));
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
new file mode 100644
index 0000000000..965ca5fdb3
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
@@ -0,0 +1,42 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
+{
+    /// <summary>
+    /// Infrastructure for mapping user data from a json structure to claims on the ClaimsIdentity.
+    /// </summary>
+    public abstract class ClaimAction
+    {
+        /// <summary>
+        /// Create a new claim manipulation action.
+        /// </summary>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        public ClaimAction(string claimType, string valueType)
+        {
+            ClaimType = claimType;
+            ValueType = valueType;
+        }
+
+        /// <summary>
+        /// The value to use for Claim.Type when creating a Claim.
+        /// </summary>
+        public string ClaimType { get; }
+
+        // The value to use for Claim.ValueType when creating a Claim.
+        public string ValueType { get; }
+
+        /// <summary>
+        /// Exhamine the given userData json, determine if the requisite data is present, and optionally add it
+        /// as a new Claim on the ClaimsIdentity.
+        /// </summary>
+        /// <param name="userData">The source data to exhamine. This value may be null.</param>
+        /// <param name="identity">The identity to add Claims to.</param>
+        /// <param name="issuer">The value to use for Claim.Issuer when creating a Claim.</param>
+        public abstract void Run(JObject userData, ClaimsIdentity identity, string issuer);
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
new file mode 100644
index 0000000000..63da155d7c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
@@ -0,0 +1,52 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
+{
+    /// <summary>
+    /// A collection of ClaimActions used when mapping user data to Claims.
+    /// </summary>
+    public class ClaimActionCollection : IEnumerable<ClaimAction>
+    {
+        private IList<ClaimAction> Actions { get; } = new List<ClaimAction>();
+
+        /// <summary>
+        /// Remove all claim actions.
+        /// </summary>
+        public void Clear() => Actions.Clear();
+
+        /// <summary>
+        /// Remove all claim actions for the given ClaimType.
+        /// </summary>
+        /// <param name="claimType">The ClaimType of maps to remove.</param>
+        public void Remove(string claimType)
+        {
+            var itemsToRemove = Actions.Where(map => string.Equals(claimType, map.ClaimType, StringComparison.OrdinalIgnoreCase)).ToList();
+            itemsToRemove.ForEach(map => Actions.Remove(map));
+        }
+
+        /// <summary>
+        /// Add a claim action to the collection.
+        /// </summary>
+        /// <param name="action">The claim action to add.</param>
+        public void Add(ClaimAction action)
+        {
+            Actions.Add(action);
+        }
+
+        public IEnumerator<ClaimAction> GetEnumerator()
+        {
+            return Actions.GetEnumerator();
+        }
+
+        IEnumerator IEnumerable.GetEnumerator()
+        {
+            return Actions.GetEnumerator();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
new file mode 100644
index 0000000000..f3fee6a229
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
@@ -0,0 +1,100 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public static class ClaimActionCollectionMapExtensions
+    {
+        /// <summary>
+        /// Select a top level value from the json user data with the given key name and add it as a Claim.
+        /// This no-ops if the key is not found or the value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        public static void MapJsonKey(this ClaimActionCollection collection, string claimType, string jsonKey)
+        {
+            collection.MapJsonKey(claimType, jsonKey, ClaimValueTypes.String);
+        }
+
+        /// <summary>
+        /// Select a top level value from the json user data with the given key name and add it as a Claim.
+        /// This no-ops if the key is not found or the value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        public static void MapJsonKey(this ClaimActionCollection collection, string claimType, string jsonKey, string valueType)
+        {
+            collection.Add(new JsonKeyClaimAction(claimType, valueType, jsonKey));
+        }
+
+        /// <summary>
+        /// Select a second level value from the json user data with the given top level key name and second level sub key name and add it as a Claim.
+        /// This no-ops if the keys are not found or the value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        /// <param name="subKey">The second level key to look for in the json user data.</param>
+        public static void MapJsonSubKey(this ClaimActionCollection collection, string claimType, string jsonKey, string subKey)
+        {
+            collection.MapJsonSubKey(claimType, jsonKey, subKey, ClaimValueTypes.String);
+        }
+
+        /// <summary>
+        /// Select a second level value from the json user data with the given top level key name and second level sub key name and add it as a Claim.
+        /// This no-ops if the keys are not found or the value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        /// <param name="subKey">The second level key to look for in the json user data.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        public static void MapJsonSubKey(this ClaimActionCollection collection, string claimType, string jsonKey, string subKey, string valueType)
+        {
+            collection.Add(new JsonSubKeyClaimAction(claimType, valueType, jsonKey, subKey));
+        }
+
+        /// <summary>
+        /// Run the given resolver to select a value from the json user data to add as a claim.
+        /// This no-ops if the returned value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="resolver">The Func that will be called to select value from the given json user data.</param>
+        public static void MapCustomJson(this ClaimActionCollection collection, string claimType, Func<JObject, string> resolver)
+        {
+            collection.MapCustomJson(claimType, ClaimValueTypes.String, resolver);
+        }
+
+        /// <summary>
+        /// Run the given resolver to select a value from the json user data to add as a claim.
+        /// This no-ops if the returned value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        /// <param name="resolver">The Func that will be called to select value from the given json user data.</param>
+        public static void MapCustomJson(this ClaimActionCollection collection, string claimType, string valueType, Func<JObject, string> resolver)
+        {
+            collection.Add(new CustomJsonClaimAction(claimType, valueType, resolver));
+        }
+
+        /// <summary>
+        /// Delete all claims from the given ClaimsIdentity with the given ClaimType.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType"></param>
+        public static void DeleteClaim(this ClaimActionCollection collection, string claimType)
+        {
+            collection.Add(new DeleteClaimAction(claimType));
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
new file mode 100644
index 0000000000..21a4f70e12
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
@@ -0,0 +1,46 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
+{
+    /// <summary>
+    /// A ClaimAction that selects the value from the json user data by running the given Func resolver.
+    /// </summary>
+    public class CustomJsonClaimAction : ClaimAction
+    {
+        /// <summary>
+        /// Creates a new CustomJsonClaimAction.
+        /// </summary>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        /// <param name="resolver">The Func that will be called to select value from the given json user data.</param>
+        public CustomJsonClaimAction(string claimType, string valueType, Func<JObject, string> resolver)
+            : base(claimType, valueType)
+        {
+            Resolver = resolver;
+        }
+
+        /// <summary>
+        /// The Func that will be called to select value from the given json user data.
+        /// </summary>
+        public Func<JObject, string> Resolver { get; }
+
+        /// <inheritdoc />
+        public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
+        {
+            if (userData == null)
+            {
+                return;
+            }
+            var value = Resolver(userData);
+            if (!string.IsNullOrEmpty(value))
+            {
+                identity.AddClaim(new Claim(ClaimType, value, ValueType, issuer));
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
new file mode 100644
index 0000000000..75167cabcb
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
@@ -0,0 +1,33 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Linq;
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
+{
+    /// <summary>
+    /// A ClaimAction that deletes all claims from the given ClaimsIdentity with the given ClaimType.
+    /// </summary>
+    public class DeleteClaimAction : ClaimAction
+    {
+        /// <summary>
+        /// Creates a new DeleteClaimAction.
+        /// </summary>
+        /// <param name="claimType">The ClaimType of Claims to delete.</param>
+        public DeleteClaimAction(string claimType)
+            : base(claimType, ClaimValueTypes.String)
+        {
+        }
+
+        /// <inheritdoc />
+        public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
+        {
+            foreach (var claim in identity.FindAll(ClaimType).ToList())
+            {
+                identity.TryRemoveClaim(claim);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
new file mode 100644
index 0000000000..e628904de5
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
@@ -0,0 +1,42 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
+{
+    /// <summary>
+    /// A ClaimAction that selects a top level value from the json user data with the given key name and adds it as a Claim.
+    /// This no-ops if the key is not found or the value is empty.
+    /// </summary>
+    public class JsonKeyClaimAction : ClaimAction
+    {
+        /// <summary>
+        /// Creates a new JsonKeyClaimAction.
+        /// </summary>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        public JsonKeyClaimAction(string claimType, string valueType, string jsonKey)
+            : base(claimType, valueType)
+        {
+            JsonKey = jsonKey;
+        }
+
+        /// <summary>
+        /// The top level key to look for in the json user data.
+        /// </summary>
+        public string JsonKey { get; }
+
+        /// <inheritdoc />
+        public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
+        {
+            var value = userData?.Value<string>(JsonKey);
+            if (!string.IsNullOrEmpty(value))
+            {
+                identity.AddClaim(new Claim(ClaimType, value, ValueType, issuer));
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
new file mode 100644
index 0000000000..bc29672d0f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
@@ -0,0 +1,58 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Newtonsoft.Json.Linq;
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
+{
+    /// <summary>
+    /// A ClaimAction that selects a second level value from the json user data with the given top level key
+    /// name and second level sub key name and add it as a Claim.
+    /// This no-ops if the keys are not found or the value is empty.
+    /// </summary>
+    public class JsonSubKeyClaimAction : JsonKeyClaimAction
+    {
+        /// <summary>
+        /// Creates a new JsonSubKeyClaimAction.
+        /// </summary>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        /// <param name="subKey">The second level key to look for in the json user data.</param>
+        public JsonSubKeyClaimAction(string claimType, string valueType, string jsonKey, string subKey)
+            : base(claimType, valueType, jsonKey)
+        {
+            SubKey = subKey;
+        }
+
+        /// <summary>
+        /// The second level key to look for in the json user data.
+        /// </summary>
+        public string SubKey { get; }
+
+        /// <inheritdoc />
+        public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
+        {
+            var value = GetValue(userData, JsonKey, SubKey);
+            if (!string.IsNullOrEmpty(value))
+            {
+                identity.AddClaim(new Claim(ClaimType, value, ValueType, issuer));
+            }
+        }
+
+        // Get the given subProperty from a property.
+        private static string GetValue(JObject userData, string propertyName, string subProperty)
+        {
+            if (userData != null && userData.TryGetValue(propertyName, out var value))
+            {
+                var subObject = JObject.Parse(value.ToString());
+                if (subObject != null && subObject.TryGetValue(subProperty, out value))
+                {
+                    return value.ToString();
+                }
+            }
+            return null;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index 15f9c91c74..b17d23c9bb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -144,5 +144,23 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// This property returns <c>null</c> when <see cref="Ticket"/> is <c>null</c>.
         /// </summary>
         public ClaimsIdentity Identity => Ticket?.Principal.Identity as ClaimsIdentity;
+
+        public void RunClaimActions()
+        {
+            RunClaimActions(User);
+        }
+
+        public void RunClaimActions(JObject userData)
+        {
+            if (userData == null)
+            {
+                throw new ArgumentNullException(nameof(userData));
+            }
+
+            foreach (var action in Options.ClaimActions)
+            {
+                action.Run(userData, Identity, Options.ClaimsIssuer);
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 1c5143842f..a5c36c1c45 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -11,11 +11,10 @@ using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
-using Microsoft.AspNetCore.WebUtilities;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index 9591d9c44d..9bd08dfd84 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -2,9 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Collections.Generic;
-using System.ComponentModel;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Builder
@@ -55,6 +55,11 @@ namespace Microsoft.AspNetCore.Builder
             set { base.Events = value; }
         }
 
+        /// <summary>
+        /// A collection of claim actions used to select values from the json user data and create Claims.
+        /// </summary>
+        public ClaimActionCollection ClaimActions { get; } = new ClaimActionCollection();
+
         /// <summary>
         /// Gets the list of permissions to request.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
new file mode 100644
index 0000000000..4e349579f3
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
@@ -0,0 +1,39 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect.Claims;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public static class ClaimActionCollectionUniqueExtensions
+    {
+        /// <summary>
+        /// Selects a top level value from the json user data with the given key name and adds it as a Claim.
+        /// This no-ops if the ClaimsIdentity already contains a Claim with the given ClaimType.
+        /// This no-ops if the key is not found or the value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        public static void MapUniqueJsonKey(this ClaimActionCollection collection, string claimType, string jsonKey)
+        {
+            collection.MapUniqueJsonKey(claimType, jsonKey, ClaimValueTypes.String);
+        }
+
+        /// <summary>
+        /// Selects a top level value from the json user data with the given key name and adds it as a Claim.
+        /// This no-ops if the ClaimsIdentity already contains a Claim with the given ClaimType.
+        /// This no-ops if the key is not found or the value is empty.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        public static void MapUniqueJsonKey(this ClaimActionCollection collection, string claimType, string jsonKey, string valueType)
+        {
+            collection.Add(new UniqueJsonKeyClaimAction(claimType, valueType, jsonKey));
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
new file mode 100644
index 0000000000..132885b3ca
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
@@ -0,0 +1,61 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect.Claims
+{
+    /// <summary>
+    /// A ClaimAction that selects a top level value from the json user data with the given key name and adds it as a Claim.
+    /// This no-ops if the ClaimsIdentity already contains a Claim with the given ClaimType.
+    /// This no-ops if the key is not found or the value is empty.
+    /// </summary>
+    public class UniqueJsonKeyClaimAction : JsonKeyClaimAction
+    {
+        /// <summary>
+        /// Creates a new UniqueJsonKeyClaimAction.
+        /// </summary>
+        /// <param name="claimType">The value to use for Claim.Type when creating a Claim.</param>
+        /// <param name="valueType">The value to use for Claim.ValueType when creating a Claim.</param>
+        /// <param name="jsonKey">The top level key to look for in the json user data.</param>
+        public UniqueJsonKeyClaimAction(string claimType, string valueType, string jsonKey)
+            : base(claimType, valueType, jsonKey)
+        {
+        }
+
+        /// <inheritdoc />
+        public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
+        {
+            var value = userData?.Value<string>(JsonKey);
+            if (string.IsNullOrEmpty(value))
+            {
+                // Not found
+                return;
+            }
+
+            var claim = identity.FindFirst(c => string.Equals(c.Type, JsonKey, System.StringComparison.OrdinalIgnoreCase));
+            if (claim != null && string.Equals(claim.Value, value, System.StringComparison.Ordinal))
+            {
+                // Duplicate
+                return;
+            }
+
+            claim = identity.FindFirst(c =>
+            {
+                // If this claimType is mapped by the JwtSeurityTokenHandler, then this property will be set
+                return c.Properties.TryGetValue(JwtSecurityTokenHandler.ShortClaimTypeProperty, out var shortType)
+                    && string.Equals(shortType, JsonKey, System.StringComparison.OrdinalIgnoreCase);
+            });
+            if (claim != null && string.Equals(claim.Value, value, System.StringComparison.Ordinal))
+            {
+                // Duplicate with an alternate name.
+                return;
+            }
+
+            identity.AddClaim(new Claim(ClaimType, value, ValueType, issuer));
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index e5665f579b..965a940e40 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -8,7 +8,7 @@
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
   <ItemGroup>
-    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index c9c513ea72..a7c20f62ea 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -661,6 +661,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 {
                     return await GetUserInformationAsync(tokenEndpointResponse ?? authorizationResponse, jwt, ticket);
                 }
+                else
+                {
+                    var identity = (ClaimsIdentity)ticket.Principal.Identity;
+                    foreach (var action in Options.ClaimActions)
+                    {
+                        action.Run(null, identity, Options.ClaimsIssuer);
+                    }
+                }
 
                 return AuthenticateResult.Success(ticket);
             }
@@ -727,7 +735,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             // Error handling:
             // 1. If the response body can't be parsed as json, throws.
-            // 2. If the response's status code is not in 2XX range, throw OpenIdConnectProtocolException. If the body is correct parsed, 
+            // 2. If the response's status code is not in 2XX range, throw OpenIdConnectProtocolException. If the body is correct parsed,
             //    pass the error information from body to the exception.
             OpenIdConnectMessage message;
             try
@@ -809,29 +817,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             var identity = (ClaimsIdentity)ticket.Principal.Identity;
 
-            foreach (var claim in identity.Claims)
+            foreach (var action in Options.ClaimActions)
             {
-                // If this claimType is mapped by the JwtSeurityTokenHandler, then this property will be set
-                var shortClaimTypeName = claim.Properties.ContainsKey(JwtSecurityTokenHandler.ShortClaimTypeProperty) ?
-                    claim.Properties[JwtSecurityTokenHandler.ShortClaimTypeProperty] : string.Empty;
-
-                // checking if claim in the identity (generated from id_token) has the same type as a claim retrieved from userinfo endpoint
-                JToken value;
-                var isClaimIncluded = user.TryGetValue(claim.Type, out value) || user.TryGetValue(shortClaimTypeName, out value);
-
-                // if a same claim exists (matching both type and value) both in id_token identity and userinfo response, remove the json entry from the userinfo response
-                if (isClaimIncluded && claim.Value.Equals(value.ToString(), StringComparison.Ordinal))
-                {
-                    if (!user.Remove(claim.Type))
-                    {
-                        user.Remove(shortClaimTypeName);
-                    }
-                }
+                action.Run(user, identity, Options.ClaimsIssuer);
             }
 
-            // adding remaining unique claims from userinfo endpoint to the identity
-            ClaimsHelper.AddClaimsToIdentity(user, identity, jwt.Issuer);
-
             return AuthenticateResult.Success(ticket);
         }
 
@@ -908,7 +898,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         /// <param name="nonce">the nonce that we are looking for.</param>
         /// <returns>echos 'nonce' if a cookie is found that matches, null otherwise.</returns>
-        /// <remarks>Examine <see cref="IRequestCookieCollection.Keys"/> of <see cref="HttpRequest.Cookies"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'. 
+        /// <remarks>Examine <see cref="IRequestCookieCollection.Keys"/> of <see cref="HttpRequest.Cookies"/> that start with the prefix: 'OpenIdConnectAuthenticationDefaults.Nonce'.
         /// <see cref="M:ISecureDataFormat{TData}.Unprotect"/> of <see cref="OpenIdConnectOptions.StringDataFormat"/> is used to obtain the actual 'nonce'. If the nonce is found, then <see cref="M:IResponseCookies.Delete"/> of <see cref="HttpResponse.Cookies"/> is called.</remarks>
         private string ReadNonceCookie(string nonce)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index f0b26f75b2..a46c2956c6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -4,7 +4,9 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
@@ -55,6 +57,30 @@ namespace Microsoft.AspNetCore.Builder
             Events = new OpenIdConnectEvents();
             Scope.Add("openid");
             Scope.Add("profile");
+
+            ClaimActions.DeleteClaim("nonce");
+            ClaimActions.DeleteClaim("aud");
+            ClaimActions.DeleteClaim("azp");
+            ClaimActions.DeleteClaim("acr");
+            ClaimActions.DeleteClaim("amr");
+            ClaimActions.DeleteClaim("iss");
+            ClaimActions.DeleteClaim("iat");
+            ClaimActions.DeleteClaim("nbf");
+            ClaimActions.DeleteClaim("exp");
+            ClaimActions.DeleteClaim("at_hash");
+            ClaimActions.DeleteClaim("c_hash");
+            ClaimActions.DeleteClaim("auth_time");
+            ClaimActions.DeleteClaim("ipaddr");
+            ClaimActions.DeleteClaim("platf");
+            ClaimActions.DeleteClaim("ver");
+
+            // http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+            ClaimActions.MapUniqueJsonKey("sub", "sub");
+            ClaimActions.MapUniqueJsonKey("name", "name");
+            ClaimActions.MapUniqueJsonKey("given_name", "given_name");
+            ClaimActions.MapUniqueJsonKey("family_name", "family_name");
+            ClaimActions.MapUniqueJsonKey("profile", "profile");
+            ClaimActions.MapUniqueJsonKey("email", "email");
         }
 
         /// <summary>
@@ -90,6 +116,11 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public bool GetClaimsFromUserInfoEndpoint { get; set; }
 
+        /// <summary>
+        /// A collection of claim actions used to select values from the json user data and create Claims.
+        /// </summary>
+        public ClaimActionCollection ClaimActions { get; } = new ClaimActionCollection();
+
         /// <summary>
         /// Gets or sets if HTTPS is required for the metadata address or authority.
         /// The default is true. This should be disabled only in development environments.
@@ -112,7 +143,7 @@ namespace Microsoft.AspNetCore.Builder
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
-        /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 
+        /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
         /// </summary>
         /// <exception cref="ArgumentNullException">if 'value' is null.</exception>
         public OpenIdConnectProtocolValidator ProtocolValidator { get; set; } = new OpenIdConnectProtocolValidator()
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs
deleted file mode 100644
index 78eea68bfb..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Utility/ClaimsHelper.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.IdentityModel.Tokens.Jwt;
-using System.Security.Claims;
-using Newtonsoft.Json.Linq;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
-{
-    internal static class ClaimsHelper
-    {
-        public static void AddClaimsToIdentity(
-            JObject userInformationPayload,
-            ClaimsIdentity identity,
-            string issuer)
-        {
-            foreach (var pair in userInformationPayload)
-            {
-                var array = pair.Value as JArray;
-                if (array != null)
-                {
-                    foreach (var item in array)
-                    {
-                        AddClaimsToIdentity(item, identity, pair.Key, issuer);
-                    }
-                }
-                else
-                {
-                    AddClaimsToIdentity(pair.Value, identity, pair.Key, issuer);
-                }
-            }
-        }
-
-        private static void AddClaimsToIdentity(JToken item, ClaimsIdentity identity, string key, string issuer)
-            => identity.AddClaim(new Claim(key, item?.ToString() ?? string.Empty, GetClaimValueType(item), issuer));
-
-        private static string GetClaimValueType(JToken token)
-        {
-            if (token == null)
-            {
-                return JsonClaimValueTypes.JsonNull;
-            }
-
-            switch (token.Type)
-            {
-                case JTokenType.Array:
-                    return JsonClaimValueTypes.JsonArray;
-
-                case JTokenType.Boolean:
-                    return ClaimValueTypes.Boolean;
-
-                case JTokenType.Date:
-                    return ClaimValueTypes.DateTime;
-
-                case JTokenType.Float:
-                    return ClaimValueTypes.Double;
-
-                case JTokenType.Integer:
-                {
-                    var value = (long) token;
-                    if (value >= int.MinValue && value <= int.MaxValue)
-                    {
-                        return ClaimValueTypes.Integer;
-                    }
-
-                    return ClaimValueTypes.Integer64;
-                }
-
-                case JTokenType.Object:
-                    return JsonClaimValueTypes.Json;
-
-                case JTokenType.String:
-                    return ClaimValueTypes.String;
-            }
-
-            // Fall back to ClaimValueTypes.String when no appropriate
-            // claim value type can be inferred from the claim value.
-            return ClaimValueTypes.String;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index 435196a1e5..21c6189d71 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 78557532c5..3694159f6e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -11,9 +11,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 20d06beafc..8481730a8c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -108,6 +108,11 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(
             ClaimsIdentity identity, AuthenticationProperties properties, AccessToken token, JObject user)
         {
+            foreach (var action in Options.ClaimActions)
+            {
+                action.Run(user, identity, Options.ClaimsIssuer);
+            }
+
             var context = new TwitterCreatingTicketContext(Context, Options, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
             {
                 Principal = new ClaimsPrincipal(identity),
@@ -355,12 +360,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             var result = JObject.Parse(responseText);
 
-            var email = result.Value<string>("email");
-            if (!string.IsNullOrEmpty(email))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.Email, Options.ClaimsIssuer));
-            }
-
             return result;
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index bf54b7fbb9..836dd3c0d5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -2,8 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.ComponentModel;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.AspNetCore.Http;
 
@@ -24,6 +25,8 @@ namespace Microsoft.AspNetCore.Builder
             CallbackPath = new PathString("/signin-twitter");
             BackchannelTimeout = TimeSpan.FromSeconds(60);
             Events = new TwitterEvents();
+
+            ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
         }
 
         /// <summary>
@@ -46,6 +49,11 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public bool RetrieveUserDetails { get; set; }
 
+        /// <summary>
+        /// A collection of claim actions used to select values from the json user data and create Claims.
+        /// </summary>
+        public ClaimActionCollection ClaimActions { get; } = new ClaimActionCollection();
+
         /// <summary>
         /// Gets or sets the type used to secure data handled by the middleware.
         /// </summary>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 944c322ad3..2a47f1e89c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -653,11 +653,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         Assert.Equal(context.AccessToken, "Test Access Token");
                         Assert.Equal(context.RefreshToken, "Test Refresh Token");
                         Assert.Equal(context.ExpiresIn, TimeSpan.FromSeconds(3600));
-                        Assert.Equal(GoogleHelper.GetEmail(context.User), "Test email");
-                        Assert.Equal(GoogleHelper.GetId(context.User), "Test User ID");
-                        Assert.Equal(GoogleHelper.GetName(context.User), "Test Name");
-                        Assert.Equal(GoogleHelper.GetFamilyName(context.User), "Test Family Name");
-                        Assert.Equal(GoogleHelper.GetGivenName(context.User), "Test Given Name");
+                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.Email)?.Value, "Test email");
+                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.NameIdentifier)?.Value, "Test User ID");
+                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.Name)?.Value, "Test Name");
+                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.Surname)?.Value, "Test Family Name");
+                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.GivenName)?.Value, "Test Given Name");
                         return Task.FromResult(0);
                     }
                 },
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 446469ba46..3ae22642f0 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -22,4 +22,8 @@
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
+
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 5eaa318a3d..7b6b30b8cb 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -17,4 +17,8 @@
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
+
 </Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 0cf30727b6..9c49dcd29d 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -18,4 +18,8 @@
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
+
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index aa00d90e0a..ced555fe90 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -17,4 +17,8 @@
     <PackageReference Include="xunit" Version="2.2.0-*" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
+
 </Project>

From 5039f7469374745273b04c8555a343a5df317ba8 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 1 Mar 2017 18:14:13 -0800
Subject: [PATCH 689/900] Change korebuild branch and fix argument forwarding
 in bootstrapper

---
 build.ps1 | 16 ++++++++--------
 build.sh  | 22 +++++++++++-----------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/build.ps1 b/build.ps1
index 0605b59c01..5bf0e2c113 100644
--- a/build.ps1
+++ b/build.ps1
@@ -1,6 +1,6 @@
 $ErrorActionPreference = "Stop"
 
-function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $retries) 
+function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $retries)
 {
     while($true)
     {
@@ -19,7 +19,7 @@ function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $ret
                 Start-Sleep -Seconds 10
 
             }
-            else 
+            else
             {
                 $exception = $_.Exception
                 throw $exception
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/feature/msbuild.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
@@ -43,18 +43,18 @@ $buildFolder = ".build"
 $buildFile="$buildFolder\KoreBuild.ps1"
 
 if (!(Test-Path $buildFolder)) {
-    Write-Host "Downloading KoreBuild from $koreBuildZip"    
-    
+    Write-Host "Downloading KoreBuild from $koreBuildZip"
+
     $tempFolder=$env:TEMP + "\KoreBuild-" + [guid]::NewGuid()
     New-Item -Path "$tempFolder" -Type directory | Out-Null
 
     $localZipFile="$tempFolder\korebuild.zip"
-    
+
     DownloadWithRetry -url $koreBuildZip -downloadLocation $localZipFile -retries 6
 
     Add-Type -AssemblyName System.IO.Compression.FileSystem
     [System.IO.Compression.ZipFile]::ExtractToDirectory($localZipFile, $tempFolder)
-    
+
     New-Item -Path "$buildFolder" -Type directory | Out-Null
     copy-item "$tempFolder\**\build\*" $buildFolder -Recurse
 
@@ -64,4 +64,4 @@ if (!(Test-Path $buildFolder)) {
     }
 }
 
-&"$buildFile" $args
\ No newline at end of file
+&"$buildFile" @args
diff --git a/build.sh b/build.sh
index 07997d6c83..b0bcadb579 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/feature/msbuild.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi
@@ -12,12 +12,12 @@ buildFile="$buildFolder/KoreBuild.sh"
 
 if test ! -d $buildFolder; then
     echo "Downloading KoreBuild from $koreBuildZip"
-    
-    tempFolder="/tmp/KoreBuild-$(uuidgen)"    
+
+    tempFolder="/tmp/KoreBuild-$(uuidgen)"
     mkdir $tempFolder
-    
+
     localZipFile="$tempFolder/korebuild.zip"
-    
+
     retries=6
     until (wget -O $localZipFile $koreBuildZip 2>/dev/null || curl -o $localZipFile --location $koreBuildZip 2>/dev/null)
     do
@@ -29,18 +29,18 @@ if test ! -d $buildFolder; then
         echo "Waiting 10 seconds before retrying. Retries left: $retries"
         sleep 10s
     done
-    
+
     unzip -q -d $tempFolder $localZipFile
-  
+
     mkdir $buildFolder
     cp -r $tempFolder/**/build/** $buildFolder
-    
+
     chmod +x $buildFile
-    
+
     # Cleanup
     if test -d $tempFolder; then
-        rm -rf $tempFolder  
+        rm -rf $tempFolder
     fi
 fi
 
-$buildFile -r $repoFolder "$@"
\ No newline at end of file
+$buildFile -r $repoFolder "$@"

From 4da44021c2098544cbe2d89d81fa63967e7d5ea3 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 1 Mar 2017 18:25:46 -0800
Subject: [PATCH 690/900] Update AppVeyor and Travis settings

---
 .travis.yml  | 2 +-
 appveyor.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index a0be886892..af659e9ae9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -29,4 +29,4 @@ branches:
 before_install:
   - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
 script:
-  - ./build.sh --quiet verify
+  - ./build.sh
diff --git a/appveyor.yml b/appveyor.yml
index c6b856f49c..944c23c8ba 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -7,7 +7,7 @@ branches:
     - dev
     - /^(.*\/)?ci-.*$/
 build_script:
-  - build.cmd verify
+  - ps: .\build.ps1
 clone_depth: 1
 test: off
 deploy: off

From 80ebf99277b3ef15f32b4ec5fa57726856614cd5 Mon Sep 17 00:00:00 2001
From: David Fowler <davidfowl@gmail.com>
Date: Thu, 9 Mar 2017 11:23:04 -0800
Subject: [PATCH 691/900] Update .travis.yml (#1138)

---
 .travis.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index af659e9ae9..b8f60ce2e5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,8 +14,7 @@ env:
   global:
     - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
     - DOTNET_CLI_TELEMETRY_OPTOUT: 1
-mono:
-  - 4.0.5
+mono: none
 os:
   - linux
   - osx

From 0fd6f1554a3d60836741d7d319a5654fd1214ee4 Mon Sep 17 00:00:00 2001
From: Zhang Sen <senorsen.zhang@gmail.com>
Date: Sun, 12 Mar 2017 22:32:47 +0800
Subject: [PATCH 692/900] Fix wrong comment (GitHub -> Google)

---
 samples/SocialSample/Startup.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 42ce6a29db..e99be82f8c 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -110,7 +110,7 @@ namespace SocialSample
                 SaveTokens = true
             });
 
-            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
+            // You must first create an app with Google and add its ID and Secret to your user-secrets.
             // https://console.developers.google.com/project
             var googleOptions = new GoogleOptions
             {

From 9de5519c8b2c5368ee10de5d10ec46ea15fd1e96 Mon Sep 17 00:00:00 2001
From: Jean Collas <JeanCollas@users.noreply.github.com>
Date: Wed, 8 Mar 2017 04:48:02 +0100
Subject: [PATCH 693/900] Update of wrong variable name

To avoid confusion when reading the code
---
 samples/SocialSample/Startup.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index e99be82f8c..31ec187a02 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -238,9 +238,9 @@ namespace SocialSample
             app.UseOAuthAuthentication(githubOptions);
 
             // Choose an authentication type
-            app.Map("/login", signoutApp =>
+            app.Map("/login", signinApp =>
             {
-                signoutApp.Run(async context =>
+                signinApp.Run(async context =>
                 {
                     var authType = context.Request.Query["authscheme"];
                     if (!string.IsNullOrEmpty(authType))

From 32dd435c6e02267afddbfc715c7b92439f21d8cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?=
 <PinpointTownes@users.noreply.github.com>
Date: Mon, 13 Mar 2017 18:02:59 +0100
Subject: [PATCH 694/900] Add an opt-out DisableTelemetry option in the OpenID
 Connect middleware (#1140)

---
 .../OpenIdConnectHandler.cs                   |  3 +++
 .../OpenIdConnectOptions.cs                   |  7 +++++++
 .../OpenIdConnectChallengeTests.cs            | 20 +++++++++++++++++--
 .../OpenIdConnectMiddlewareTests.cs           | 20 ++++++++++++++++++-
 .../OpenIdConnect/TestSettings.cs             | 14 +++++++++++++
 5 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index a7c20f62ea..6b24996e78 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -161,6 +161,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             var message = new OpenIdConnectMessage()
             {
+                EnableTelemetryParameters = !Options.DisableTelemetry,
                 IssuerAddress = _configuration?.EndSessionEndpoint ?? string.Empty,
 
                 // Redirect back to SigneOutCallbackPath first before user agent is redirected to actual post logout redirect uri
@@ -309,6 +310,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             var message = new OpenIdConnectMessage
             {
                 ClientId = Options.ClientId,
+                EnableTelemetryParameters = !Options.DisableTelemetry,
                 IssuerAddress = _configuration?.AuthorizationEndpoint ?? string.Empty,
                 RedirectUri = BuildRedirectUri(Options.CallbackPath),
                 Resource = Options.Resource,
@@ -1023,6 +1025,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 ClientSecret = Options.ClientSecret,
                 Code = authorizationResponse.Code,
                 GrantType = OpenIdConnectGrantTypes.AuthorizationCode,
+                EnableTelemetryParameters = !Options.DisableTelemetry,
                 RedirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]
             };
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index a46c2956c6..8269acbd8f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -241,5 +241,12 @@ namespace Microsoft.AspNetCore.Builder
         /// This is disabled by default.
         /// </summary>
         public bool SkipUnrecognizedRequests { get; set; } = false;
+
+        /// <summary>
+        /// Indicates whether telemetry should be disabled. When this feature is enabled,
+        /// the assembly version of the Microsoft IdentityModel packages is sent to the
+        /// remote OpenID Connect provider as an authorization/logout request parameter.
+        /// </summary>
+        public bool DisableTelemetry { get; set; }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index b9c0179aff..1912561b11 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -35,7 +35,23 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 OpenIdConnectParameterNames.ResponseType,
                 OpenIdConnectParameterNames.ResponseMode,
                 OpenIdConnectParameterNames.Scope,
-                OpenIdConnectParameterNames.RedirectUri);
+                OpenIdConnectParameterNames.RedirectUri,
+                OpenIdConnectParameterNames.SkuTelemetry,
+                OpenIdConnectParameterNames.VersionTelemetry);
+        }
+
+        [Fact]
+        public async Task AuthorizationRequestDoesNotIncludeTelemetryParametersWhenDisabled()
+        {
+            var settings = new TestSettings(opt => opt.DisableTelemetry = true);
+
+            var server = settings.CreateTestServer();
+            var transaction = await server.SendAsync(ChallengeEndpoint);
+
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.DoesNotContain(OpenIdConnectParameterNames.SkuTelemetry, res.Headers.Location.Query);
+            Assert.DoesNotContain(OpenIdConnectParameterNames.VersionTelemetry, res.Headers.Location.Query);
         }
 
         /*
@@ -58,7 +74,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         </body>
         */
         [Fact]
-        public async Task ChallengeIssueedCorrectlyForFormPost()
+        public async Task ChallengeIssuedCorrectlyForFormPost()
         {
             var settings = new TestSettings(
                 opt => opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 6c427c600e..a58d54b650 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -46,7 +46,25 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
             Assert.NotNull(res.Headers.Location);
 
-            setting.ValidateSignoutRedirect(transaction.Response.Headers.Location);
+            setting.ValidateSignoutRedirect(
+                transaction.Response.Headers.Location,
+                OpenIdConnectParameterNames.SkuTelemetry,
+                OpenIdConnectParameterNames.VersionTelemetry);
+        }
+
+        [Fact]
+        public async Task EndSessionRequestDoesNotIncludeTelemetryParametersWhenDisabled()
+        {
+            var setting = new TestSettings(opt => opt.DisableTelemetry = true);
+
+            var server = setting.CreateTestServer();
+
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.DoesNotContain(OpenIdConnectParameterNames.SkuTelemetry, res.Headers.Location.Query);
+            Assert.DoesNotContain(OpenIdConnectParameterNames.VersionTelemetry, res.Headers.Location.Query);
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index 3e50a7abee..a3bea3ebe7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -5,6 +5,7 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
+using System.Reflection;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Xml.Linq;
@@ -152,6 +153,12 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                     case OpenIdConnectParameterNames.State:
                         ValidateState(actualValues, errors, htmlEncoded);
                         break;
+                    case OpenIdConnectParameterNames.SkuTelemetry:
+                        ValidateSkuTelemetry(actualValues, errors, htmlEncoded);
+                        break;
+                    case OpenIdConnectParameterNames.VersionTelemetry:
+                        ValidateVersionTelemetry(actualValues, errors, htmlEncoded);
+                        break;
                     default:
                         throw new InvalidOperationException($"Unknown parameter \"{paramToValidate}\".");
                 }
@@ -201,6 +208,13 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         private void ValidateState(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
             ValidateQueryParameter(OpenIdConnectParameterNames.State, ExpectedState, actualQuery, errors, htmlEncoded);
 
+        private void ValidateSkuTelemetry(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET", actualQuery, errors, htmlEncoded);
+
+        private void ValidateVersionTelemetry(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateQueryParameter(OpenIdConnectParameterNames.VersionTelemetry,
+                typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualQuery, errors, htmlEncoded);
+
         private void ValidateQueryParameter(
             string parameterName,
             string expectedValue,

From 35986c778f618b16e706a2f3d50b5daf2528332e Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Sat, 11 Mar 2017 15:43:03 -0800
Subject: [PATCH 695/900] Back up to .NET 4.5.2 - do not have .NET 4.6.1
 reference assemblies on all CI machines - have corrected System.XML casing
 issue mentioned in 7637f2ea

nit: sort dependencies
---
 .../Microsoft.Owin.Security.Interop.Test.csproj            | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 635fffe331..32c20ae4f5 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFramework>net461</TargetFramework>
+    <TargetFramework>net452</TargetFramework>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
@@ -11,12 +11,13 @@
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
+
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
     <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="3.0.1" />
     <PackageReference Include="Microsoft.Owin.Testing" Version="3.0.1" />
     <PackageReference Include="xunit" Version="2.2.0-*" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
   </ItemGroup>
 
 </Project>

From 7f0b14a8ef32a6e70621399cc6c05cd00aadef6f Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 14 Mar 2017 12:51:09 -0700
Subject: [PATCH 696/900] React to aspnet/DotNetTools#272

---
 .../OpenIdConnect.AzureAdSample.csproj                          | 2 +-
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 8c8c3f2b18..695c6d556e 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -15,6 +15,6 @@
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.8" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.2.0-*" />
   </ItemGroup>
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 5a9683f6cb..6df1141019 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -19,7 +19,7 @@
     <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.2.0-*" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.2.0-*" />
   </ItemGroup>
 
 </Project>

From 8c70684a9d4a584473135bd14ac289f11a8d0d0e Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 14 Mar 2017 13:41:29 -0700
Subject: [PATCH 697/900] Update appveyor and travis settings

---
 .travis.yml  | 1 -
 appveyor.yml | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index b8f60ce2e5..e4c69a2a09 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,6 @@ mono: none
 os:
   - linux
   - osx
-osx_image: xcode7.3
 branches:
   only:
     - master
diff --git a/appveyor.yml b/appveyor.yml
index 944c23c8ba..1041615c68 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -11,5 +11,4 @@ build_script:
 clone_depth: 1
 test: off
 deploy: off
-# Required for dotnet-test to work
-os: Visual Studio 2015
+os: Visual Studio 2017

From fc57e0aabd0306122b2555b57a61770108b30a5c Mon Sep 17 00:00:00 2001
From: Ajay Bhargav Baaskaran <ajbaaska@microsoft.com>
Date: Tue, 14 Mar 2017 21:25:36 -0700
Subject: [PATCH 698/900] React to aspnet/DataProtection#203

---
 .../Facebook/FacebookMiddlewareTests.cs       |  3 ++-
 .../Google/GoogleMiddlewareTests.cs           | 25 ++++++++++---------
 .../MicrosoftAccountMiddlewareTests.cs        |  3 ++-
 3 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
index f38ca8afc8..4d6cabaf1b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
@@ -17,6 +17,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging.Abstractions;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -163,7 +164,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var customUserInfoEndpoint = "https://graph.facebook.com/me?fields=email,timezone,picture";
             var finalUserInfoEndpoint = string.Empty;
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("FacebookTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("FacebookTest"));
             var server = CreateServer(
                 app =>
                 {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
index 2a47f1e89c..090f9f1210 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
@@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging.Abstractions;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -293,7 +294,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [InlineData("CustomIssuer")]
         public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState(string claimsIssuer)
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -383,7 +384,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [InlineData(false)]
         public async Task ReplyPathWillThrowIfCodeIsInvalid(bool redirect)
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -436,7 +437,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [InlineData(false)]
         public async Task ReplyPathWillRejectIfAccessTokenIsMissing(bool redirect)
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -485,7 +486,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -565,7 +566,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task NullRedirectUriWillRedirectToSlash()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -638,7 +639,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task ValidateAuthenticatedContext()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -736,7 +737,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task CanRedirectOnError()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -764,7 +765,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task AuthenticateAutomaticWhenAlreadySignedInSucceeds()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -807,7 +808,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task AuthenticateGoogleWhenAlreadySignedInSucceeds()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -850,7 +851,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task ChallengeGoogleWhenAlreadySignedInReturnsForbidden()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -886,7 +887,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task AuthenticateFacebookWhenAlreadySignedWithGoogleReturnsNull()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
@@ -922,7 +923,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task ChallengeFacebookWhenAlreadySignedWithGoogleSucceeds()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(new GoogleOptions
             {
                 ClientId = "Test Id",
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
index 0ddfb5a3c7..0ed164e496 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
@@ -16,6 +16,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging.Abstractions;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -103,7 +104,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("MsftTest"));
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("MsftTest"));
             var server = CreateServer(new MicrosoftAccountOptions
             {
                     ClientId = "Test Client Id",

From 10ef26d63c98c3966e7315aee172a7c3fd992520 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 15 Mar 2017 18:12:53 -0700
Subject: [PATCH 699/900] Consolidate dependency versions into one file and
 remove workarounds

---
 build/dependencies.props                      |  9 ++++++-
 samples/CookieSample/CookieSample.csproj      | 20 +++++++-------
 samples/CookieSample/web.config               |  9 -------
 .../CookieSessionSample.csproj                | 20 +++++++-------
 samples/CookieSessionSample/web.config        |  9 -------
 .../JwtBearerSample/JwtBearerSample.csproj    | 19 +++++++-------
 samples/JwtBearerSample/web.config            |  9 -------
 .../OpenIdConnect.AzureAdSample.csproj        | 25 +++++++++++-------
 .../OpenIdConnect.AzureAdSample/web.config    |  9 -------
 .../OpenIdConnectSample.csproj                | 26 ++++++++++---------
 samples/OpenIdConnectSample/web.config        |  9 -------
 samples/SocialSample/SocialSample.csproj      | 24 +++++++++--------
 ...t.AspNetCore.Authentication.Cookies.csproj |  6 ++---
 ...AspNetCore.Authentication.JwtBearer.csproj |  4 +--
 ...oft.AspNetCore.Authentication.OAuth.csproj |  4 +--
 ...etCore.Authentication.OpenIdConnect.csproj |  4 +--
 ...t.AspNetCore.Authentication.Twitter.csproj |  2 +-
 ...Microsoft.AspNetCore.Authentication.csproj | 17 ++++++------
 .../Microsoft.AspNetCore.Authorization.csproj |  6 ++---
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |  4 +--
 .../Microsoft.Owin.Security.Interop.csproj    |  4 +--
 ...soft.AspNetCore.Authentication.Test.csproj | 10 +++----
 ...osoft.AspNetCore.Authorization.Test.csproj | 12 ++++-----
 ....ChunkingCookieManager.Sources.Test.csproj |  8 +++---
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj | 10 +++----
 ...icrosoft.Owin.Security.Interop.Test.csproj | 16 +++++++-----
 26 files changed, 137 insertions(+), 158 deletions(-)
 delete mode 100644 samples/CookieSample/web.config
 delete mode 100644 samples/CookieSessionSample/web.config
 delete mode 100644 samples/JwtBearerSample/web.config
 delete mode 100644 samples/OpenIdConnect.AzureAdSample/web.config
 delete mode 100644 samples/OpenIdConnectSample/web.config

diff --git a/build/dependencies.props b/build/dependencies.props
index e704edaec0..8ad6e2f5a1 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,6 +1,13 @@
 <Project>
   <PropertyGroup>
-    <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
+    <AspNetCoreVersion>1.2.0-*</AspNetCoreVersion>
     <CoreFxVersion>4.3.0</CoreFxVersion>
+    <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
+    <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
+    <JsonNetVersion>9.0.1</JsonNetVersion>
+    <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
+    <OwinVersion>3.0.1</OwinVersion>
+    <TestSdkVersion>15.0.0</TestSdkVersion>
+    <XunitVersion>2.2.0</XunitVersion>
   </PropertyGroup>
 </Project>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index a2cab9171e..9b2137343f 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -1,20 +1,22 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
+  <Import Project="..\..\build\dependencies.props" />
+
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
-    <OutputType>Exe</OutputType>
-    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
-    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
   </PropertyGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
-    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/CookieSample/web.config b/samples/CookieSample/web.config
deleted file mode 100644
index f7ac679334..0000000000
--- a/samples/CookieSample/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
-    </handlers>
-    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index aa5f0ca272..96af9da089 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -1,20 +1,22 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
+  <Import Project="..\..\build\dependencies.props" />
+
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
-    <OutputType>Exe</OutputType>
-    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
-    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
   </PropertyGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/CookieSessionSample/web.config b/samples/CookieSessionSample/web.config
deleted file mode 100644
index f7ac679334..0000000000
--- a/samples/CookieSessionSample/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
-    </handlers>
-    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 790bd0827b..890af4eee9 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,21 +1,22 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
+  <Import Project="..\..\build\dependencies.props" />
+
   <PropertyGroup>
-    <VersionPrefix>1.1.0</VersionPrefix>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
-    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
-    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
-    <OutputType>Exe</OutputType>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
  </PropertyGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/JwtBearerSample/web.config b/samples/JwtBearerSample/web.config
deleted file mode 100644
index f7ac679334..0000000000
--- a/samples/JwtBearerSample/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
-    </handlers>
-    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 695c6d556e..62adb16678 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -1,20 +1,25 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <Import Project="..\..\build\dependencies.props" />
+
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
-    <OutputType>Exe</OutputType>
-    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
-    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.8" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.2.0-*" />
   </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(IdentityModelActiveDirectoryVersion)" />
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
+  </ItemGroup>
+
 </Project>
diff --git a/samples/OpenIdConnect.AzureAdSample/web.config b/samples/OpenIdConnect.AzureAdSample/web.config
deleted file mode 100644
index f7ac679334..0000000000
--- a/samples/OpenIdConnect.AzureAdSample/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
-    </handlers>
-    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 6df1141019..ba79d1a8ca 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -1,25 +1,27 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
+  <Import Project="..\..\build\dependencies.props" />
+
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
-    <OutputType>Exe</OutputType>
-    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
-    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.2.0-*" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(AspNetCoreVersion)" />
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnectSample/web.config b/samples/OpenIdConnectSample/web.config
deleted file mode 100644
index f7ac679334..0000000000
--- a/samples/OpenIdConnectSample/web.config
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<configuration>
-  <system.webServer>
-    <handlers>
-      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
-    </handlers>
-    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
-  </system.webServer>
-</configuration>
\ No newline at end of file
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 30f0742dea..33e6e5052b 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -1,10 +1,9 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
+  <Import Project="..\..\build\dependencies.props" />
+
   <PropertyGroup>
     <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
-    <OutputType>Exe</OutputType>
-    <!-- TODO remove rid when https://github.com/dotnet/sdk/issues/396 is resolved -->
-    <RuntimeIdentifier Condition="'$(TargetFramework)'!='netcoreapp1.1'">win7-x64</RuntimeIdentifier>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
   </PropertyGroup>
 
@@ -14,14 +13,17 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Google\Microsoft.AspNetCore.Authentication.Google.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 0d7dd04303..092631fdf6 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -17,9 +17,9 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 518526d419..18e06c92ef 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index e40377c09f..f6f808957b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -12,8 +12,8 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Newtonsoft.Json" Version="$(JsonNetVersion)" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 965a940e40..4eb7fd2a1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -9,7 +9,7 @@
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="2.1.3-*" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 3694159f6e..2b34f1d1b4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -12,7 +12,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 3b5c7d6314..0e9afba518 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -4,7 +4,6 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core common types used by the various authentication middleware components.</Description>
-    <VersionPrefix>1.2.0</VersionPrefix>
     <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
@@ -12,14 +11,14 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index d1360f868c..0cdd0b2678 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -14,9 +14,9 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="1.2.0-*" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 862ab2ac72..344d18f253 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -11,8 +11,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="1.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index 153eb6ae9f..b779073647 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -11,8 +11,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Owin.Security" Version="3.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Owin.Security" Version="$(OwinVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 3ae22642f0..d0505f36a5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -15,11 +15,11 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-*" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 7b6b30b8cb..a50fc3b01a 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -9,12 +9,12 @@
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-*" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 9c49dcd29d..ea08bbc2f7 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -12,10 +12,10 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-*" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index ced555fe90..d2a567d1e9 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -10,11 +10,11 @@
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.csproj" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="1.2.0-*" />
-    <PackageReference Include="xunit" Version="2.2.0-*" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 32c20ae4f5..6a869b23fe 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -12,12 +12,16 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
 
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="1.2.0-*" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0-*" />
-    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Owin.Testing" Version="3.0.1" />
-    <PackageReference Include="xunit" Version="2.2.0-*" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.2.0-*" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
+    <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
   </ItemGroup>
 
 </Project>

From 923804ab676d1d4573e36504883a2940a07fb2ea Mon Sep 17 00:00:00 2001
From: Simon Wendel <mail@simonwendel.se>
Date: Mon, 20 Mar 2017 23:12:02 +0100
Subject: [PATCH 700/900] Fix typo in Azure AD sample README.md (#1155)

Assuming DEVELOPMENMT should be DEVELOPMENT.
---
 samples/OpenIdConnect.AzureAdSample/Readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Readme.md b/samples/OpenIdConnect.AzureAdSample/Readme.md
index 37dda75a72..767e336ac6 100644
--- a/samples/OpenIdConnect.AzureAdSample/Readme.md
+++ b/samples/OpenIdConnect.AzureAdSample/Readme.md
@@ -10,7 +10,7 @@
 8. In the keys section add a new key. A key value will be generated. Save the value as "Client Secret"
 
 ## Configure the local environment
-1. Set environment ASPNETCORE_ENVIRONMENT to DEVELOPMENMT. ([Working with Multiple Environments](https://docs.asp.net/en/latest/fundamentals/environments.html))
+1. Set environment ASPNETCORE_ENVIRONMENT to DEVELOPMENT. ([Working with Multiple Environments](https://docs.asp.net/en/latest/fundamentals/environments.html))
 2. Set up user secrets:
 ```
 dotnet user-secrets set oidc:clientid <Client Id>

From 5e73fbbec8ccb63f0a27f34db7129726065c142a Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 21 Mar 2017 12:17:39 -0700
Subject: [PATCH 701/900] Update Travis to macOS Sierra

[skip appveyor]
---
 .travis.yml | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index e4c69a2a09..2a46104677 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,15 +1,6 @@
 language: csharp
-sudo: required
+sudo: false
 dist: trusty
-addons:
-  apt:
-    packages:
-    - gettext
-    - libcurl4-openssl-dev
-    - libicu-dev
-    - libssl-dev
-    - libunwind8
-    - zlib1g
 env:
   global:
     - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
@@ -18,6 +9,7 @@ mono: none
 os:
   - linux
   - osx
+osx_image: xcode8.2
 branches:
   only:
     - master

From ffa45dbd016ce18ae875166d52d29a80bfd352bd Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 21 Mar 2017 17:12:09 -0700
Subject: [PATCH 702/900] Change compilation targets. * Remove net451 as a
 compilation target * Upgrade to netcoreapp2.0

---
 .gitignore                                                  | 1 +
 build/dependencies.props                                    | 1 +
 samples/CookieSample/CookieSample.csproj                    | 2 +-
 samples/CookieSessionSample/CookieSessionSample.csproj      | 2 +-
 samples/JwtBearerSample/JwtBearerSample.csproj              | 2 +-
 .../OpenIdConnect.AzureAdSample.csproj                      | 2 +-
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj      | 2 +-
 samples/SocialSample/SocialSample.csproj                    | 2 +-
 .../Microsoft.AspNetCore.Authentication.Cookies.csproj      | 2 +-
 .../Microsoft.AspNetCore.Authentication.Facebook.csproj     | 2 +-
 .../Microsoft.AspNetCore.Authentication.Google.csproj       | 2 +-
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj    | 2 +-
 ...rosoft.AspNetCore.Authentication.MicrosoftAccount.csproj | 2 +-
 .../Microsoft.AspNetCore.Authentication.OAuth.csproj        | 2 +-
 ...Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj | 2 +-
 .../Microsoft.AspNetCore.Authentication.Twitter.csproj      | 2 +-
 .../Microsoft.AspNetCore.Authentication.csproj              | 2 +-
 .../Microsoft.AspNetCore.Authorization.csproj               | 2 +-
 .../Microsoft.AspNetCore.CookiePolicy.csproj                | 2 +-
 .../Microsoft.Owin.Security.Interop.csproj                  | 2 +-
 .../Microsoft.AspNetCore.Authentication.Test.csproj         | 6 ++++--
 .../Microsoft.AspNetCore.Authorization.Test.csproj          | 4 ++--
 ...oft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj | 4 ++--
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj           | 6 ++++--
 .../Microsoft.Owin.Security.Interop.Test.csproj             | 2 +-
 25 files changed, 33 insertions(+), 27 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0f91ad1208..bcc811de9a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,4 @@ project.lock.json
 .build/
 .testPublish/
 /.vs/
+global.json
diff --git a/build/dependencies.props b/build/dependencies.props
index 8ad6e2f5a1..b58dd4cd7c 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -7,6 +7,7 @@
     <JsonNetVersion>9.0.1</JsonNetVersion>
     <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
     <OwinVersion>3.0.1</OwinVersion>
+    <RuntimeFrameworkVersion>2.0.0-*</RuntimeFrameworkVersion>
     <TestSdkVersion>15.0.0</TestSdkVersion>
     <XunitVersion>2.2.0</XunitVersion>
   </PropertyGroup>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 9b2137343f..9fd7e9412c 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index 96af9da089..e4a42b8c4d 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 890af4eee9..bfff3d5199 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
  </PropertyGroup>
 
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 62adb16678..a5982549bf 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index ba79d1a8ca..eaf3a2e87e 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 33e6e5052b..09ece106cb 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net451;netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
   </PropertyGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 092631fdf6..4a711c3180 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to use cookie based authentication.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <DefineConstants>$(DefineConstants);SECURITY</DefineConstants>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 6be798cc19..8fddfe5206 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index dc6ef94d64..82a3e474e0 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 18e06c92ef..90566e7793 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -2,7 +2,7 @@
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
-    <TargetFrameworks>net451;netstandard1.4</TargetFrameworks>
+    <TargetFrameworks>net46;netstandard1.4</TargetFrameworks>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 5f9a5bb3e4..ac91578ead 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index f6f808957b..c0e7569acb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 4eb7fd2a1f..2367369a4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -2,7 +2,7 @@
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
-    <TargetFrameworks>net451;netstandard1.4</TargetFrameworks>
+    <TargetFrameworks>net46;netstandard1.4</TargetFrameworks>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 2b34f1d1b4..dc4bbf80ae 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 0e9afba518..316defc436 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core common types used by the various authentication middleware components.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 0cdd0b2678..0382fd2b55 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -7,7 +7,7 @@
 Commonly used types:
 Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute
 Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 344d18f253..146917cabe 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core cookie policy classes to control the behavior of cookies.</Description>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFramework>netstandard1.3</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore</PackageTags>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index b779073647..1a66791194 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.</Description>
-    <TargetFramework>net451</TargetFramework>
+    <TargetFramework>net46</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;katana;owin;security</PackageTags>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index d0505f36a5..bbf54ec5e7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -3,8 +3,10 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index a50fc3b01a..d9065add3a 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -3,8 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index ea08bbc2f7..729c01630b 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -3,8 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index d2a567d1e9..f4507a37b1 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -3,8 +3,10 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp1.1;net452</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp1.1</TargetFrameworks>
+    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 6a869b23fe..003e1a18b5 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFramework>net452</TargetFramework>
+    <TargetFramework>net46</TargetFramework>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>

From b8eae7a697e263651f81401fc2bf9247b096f181 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 21 Mar 2017 17:54:58 -0700
Subject: [PATCH 703/900] Add reference to System.Security.Claims

---
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj         | 1 +
 .../Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj     | 1 +
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj                | 1 +
 .../Microsoft.Owin.Security.Interop.Test.csproj                  | 1 +
 4 files changed, 4 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 90566e7793..7311aa3aef 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -11,5 +11,6 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
+    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 2367369a4a..351cb284c5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -11,5 +11,6 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
+    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
   </ItemGroup>
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index f4507a37b1..b9155b4dfe 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -16,6 +16,7 @@
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 003e1a18b5..02763b93f2 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -16,6 +16,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
     <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
+    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
   </ItemGroup>

From 75a4d006aa7e53c110b3c71c66473adbd45becd6 Mon Sep 17 00:00:00 2001
From: Doug Bunting <dougbu@microsoft.com>
Date: Tue, 21 Mar 2017 15:53:30 -0700
Subject: [PATCH 704/900] Disable API Check in projects with untracked breaking
 changes

---
 .../Microsoft.AspNetCore.Authentication.Facebook.csproj          | 1 +
 .../Microsoft.AspNetCore.Authentication.Google.csproj            | 1 +
 .../Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 8fddfe5206..0cef42b391 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -8,6 +8,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index 82a3e474e0..491571371e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -8,6 +8,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index ac91578ead..eecfeb9261 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -8,6 +8,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>

From 2b8a9378282089feb29100d11d8dfd3e648ef2f5 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Tue, 28 Mar 2017 04:28:47 -0700
Subject: [PATCH 705/900] Upgraded Json.NET version to 10.0.1

---
 build/dependencies.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index b58dd4cd7c..8acb4fe47c 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,7 +4,7 @@
     <CoreFxVersion>4.3.0</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
-    <JsonNetVersion>9.0.1</JsonNetVersion>
+    <JsonNetVersion>10.0.1</JsonNetVersion>
     <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
     <OwinVersion>3.0.1</OwinVersion>
     <RuntimeFrameworkVersion>2.0.0-*</RuntimeFrameworkVersion>

From 305ccf9cc5d2ce777e5fb147013966924c9aca8e Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 29 Mar 2017 11:30:36 -0700
Subject: [PATCH 706/900] Updating to 2.0.0 Internal.AspNetCore.Sdk

---
 build/common.props       | 2 +-
 build/dependencies.props | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/build/common.props b/build/common.props
index 52413444ee..9c5464a54c 100644
--- a/build/common.props
+++ b/build/common.props
@@ -13,7 +13,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Internal.AspNetCore.Sdk" Version="1.0.1-*" PrivateAssets="All" />
+    <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework' AND '$(OutputType)'=='library'">
diff --git a/build/dependencies.props b/build/dependencies.props
index 8acb4fe47c..c5193b750f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,6 +4,7 @@
     <CoreFxVersion>4.3.0</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
+    <InternalAspNetCoreSdkVersion>2.0.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
     <OwinVersion>3.0.1</OwinVersion>
@@ -11,4 +12,4 @@
     <TestSdkVersion>15.0.0</TestSdkVersion>
     <XunitVersion>2.2.0</XunitVersion>
   </PropertyGroup>
-</Project>
+</Project>
\ No newline at end of file

From 2d7cd6038fea34b84084685648ac9d0c97be610b Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 3 Apr 2017 21:41:12 -0700
Subject: [PATCH 707/900] Updating versions to 2.0.0-preview1

---
 build/dependencies.props | 2 +-
 version.props            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index c5193b750f..b9ac0f5f05 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <AspNetCoreVersion>1.2.0-*</AspNetCoreVersion>
+    <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
     <CoreFxVersion>4.3.0</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
diff --git a/version.props b/version.props
index e77c8d9c38..44cb2290b9 100644
--- a/version.props
+++ b/version.props
@@ -1,7 +1,7 @@
 <!-- This file may be overwritten by automation. Only values allowed here are VersionPrefix and VersionSuffix.  -->
 <Project>
     <PropertyGroup>
-        <VersionPrefix>1.2.0</VersionPrefix>
+        <VersionPrefix>2.0.0</VersionPrefix>
         <VersionSuffix>preview1</VersionSuffix>
     </PropertyGroup>
 </Project>
\ No newline at end of file

From 99aa3bd35dd5fbe46a93eef8a2c8ab1f9fe8d05b Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 19 Apr 2017 13:00:03 -0700
Subject: [PATCH 708/900] Auth 2.0

---
 Security.sln                                  | 124 ++-
 samples/CookieSample/Startup.cs               |  10 +-
 samples/CookieSessionSample/Startup.cs        |  11 +-
 .../JwtBearerSample/JwtBearerSample.csproj    |   1 +
 samples/JwtBearerSample/Startup.cs            |  59 +-
 .../AuthPropertiesTokenCache.cs               |  12 +-
 .../OpenIdConnect.AzureAdSample.csproj        |   1 +
 .../OpenIdConnect.AzureAdSample/Startup.cs    | 113 ++-
 .../OpenIdConnectSample.csproj                |   1 +
 samples/OpenIdConnectSample/Startup.cs        |  81 +-
 samples/SocialSample/SocialSample.csproj      |   1 +
 samples/SocialSample/Startup.cs               | 236 +++---
 .../CookieAppBuilderExtensions.cs             |  33 +-
 .../CookieAuthenticationDefaults.cs           |   2 +-
 .../CookieAuthenticationHandler.cs            | 144 +++-
 .../CookieAuthenticationMiddleware.cs         |  66 --
 .../CookieAuthenticationOptions.cs            |  41 +-
 .../CookieExtensions.cs                       |  21 +
 .../Events/BaseCookieContext.cs               |  11 +-
 .../Events/CookieAuthenticationEvents.cs      |   2 +-
 .../Events/CookieRedirectContext.cs           |  12 +-
 .../Events/CookieSignedInContext.cs           |  20 +-
 .../Events/CookieSigningInContext.cs          |  23 +-
 .../Events/CookieSigningOutContext.cs         |  11 +-
 .../Events/CookieValidatePrincipalContext.cs  |  15 +-
 .../Events/ICookieAuthenticationEvents.cs     |  64 --
 ...t.AspNetCore.Authentication.Cookies.csproj |   2 -
 .../FacebookAppBuilderExtensions.cs           |  35 +-
 .../FacebookConfigureOptions.cs               |  16 +
 .../FacebookExtensions.cs                     |  32 +
 .../FacebookHandler.cs                        |  20 +-
 .../FacebookMiddleware.cs                     |  89 --
 .../FacebookOptions.cs                        |  28 +-
 ....AspNetCore.Authentication.Facebook.csproj |   1 +
 .../GoogleAppBuilderExtensions.cs             |  33 +-
 .../GoogleConfigureOptions.cs                 |  16 +
 .../GoogleExtensions.cs                       |  32 +
 .../GoogleHandler.cs                          |  19 +-
 .../GoogleMiddleware.cs                       |  81 --
 .../GoogleOptions.cs                          |   8 +-
 ...ft.AspNetCore.Authentication.Google.csproj |   1 +
 .../Events/AuthenticationFailedContext.cs     |   5 +-
 .../Events/BaseJwtBearerContext.cs            |  11 +-
 .../Events/IJwtBearerEvents.cs                |  33 -
 .../Events/JwtBearerChallengeContext.cs       |   6 +-
 .../Events/JwtBearerEvents.cs                 |   4 +-
 .../Events/MessageReceivedContext.cs          |   5 +-
 .../Events/TokenValidatedContext.cs           |   5 +-
 .../JwtBearerAppBuilderExtensions.cs          |  46 +-
 .../JwtBearerConfigureOptions.cs              |  17 +
 .../JwtBearerExtensions.cs                    |  32 +
 .../JwtBearerHandler.cs                       | 114 ++-
 .../JwtBearerMiddleware.cs                    | 108 ---
 .../JwtBearerOptions.cs                       |  29 +-
 ...AspNetCore.Authentication.JwtBearer.csproj |   3 +-
 ...ore.Authentication.MicrosoftAccount.csproj |   1 +
 .../MicrosoftAccountAppBuilderExtensions.cs   |  35 +-
 .../MicrosoftAccountConfigureOptions.cs       |  17 +
 .../MicrosoftAccountExtensions.cs             |  32 +
 .../MicrosoftAccountHandler.cs                |  20 +-
 .../MicrosoftAccountMiddleware.cs             |  78 --
 .../MicrosoftAccountOptions.cs                |   7 +-
 .../Events/IOAuthEvents.cs                    |  27 -
 .../Events/OAuthCreatingTicketContext.cs      |  19 +-
 .../Events/OAuthEvents.cs                     |   6 +-
 .../OAuthRedirectToAuthorizationContext.cs    |   3 +-
 .../OAuthAppBuilderExtensions.cs              |  35 +-
 .../OAuthExtensions.cs                        |  15 +
 .../OAuthHandler.cs                           |  66 +-
 .../OAuthMiddleware.cs                        | 138 ----
 .../OAuthOptions.cs                           |  45 +-
 .../Events/AuthenticationFailedContext.cs     |   4 +-
 .../AuthorizationCodeReceivedContext.cs       |  22 +-
 .../Events/BaseOpenIdConnectContext.cs        |  13 +-
 .../Events/IOpenIdConnectEvents.cs            |  58 --
 .../Events/MessageReceivedContext.cs          |   6 +-
 .../Events/OpenIdConnectEvents.cs             |   4 +-
 .../Events/RedirectContext.cs                 |   8 +-
 .../Events/RemoteSignoutContext.cs            |   4 +-
 .../Events/TokenResponseReceivedContext.cs    |   6 +-
 .../Events/TokenValidatedContext.cs           |   4 +-
 .../Events/UserInformationReceivedContext.cs  |   5 +-
 ...etCore.Authentication.OpenIdConnect.csproj |   1 +
 .../OpenIdConnectAppBuilderExtensions.cs      |  35 +-
 .../OpenIdConnectConfigureOptions.cs          |  17 +
 .../OpenIdConnectDefaults.cs                  |   2 +-
 .../OpenIdConnectExtensions.cs                |  32 +
 .../OpenIdConnectHandler.cs                   | 204 +++--
 .../OpenIdConnectMiddleware.cs                | 209 -----
 .../OpenIdConnectOptions.cs                   |  60 +-
 .../Events/BaseTwitterContext.cs              |  11 +-
 .../Events/ITwitterEvents.cs                  |  26 -
 .../Events/TwitterCreatingTicketContext.cs    |  13 +-
 .../Events/TwitterEvents.cs                   |   6 +-
 ...rRedirectToAuthorizationEndpointContext.cs |  19 +-
 ...t.AspNetCore.Authentication.Twitter.csproj |   1 +
 .../TwitterAppBuilderExtensions.cs            |  33 +-
 .../TwitterConfigureOptions.cs                |  17 +
 .../TwitterExtensions.cs                      |  32 +
 .../TwitterHandler.cs                         |  75 +-
 .../TwitterMiddleware.cs                      | 123 ---
 .../TwitterOptions.cs                         |  15 +-
 .../AuthAppBuilderExtensions.cs               |  29 +
 .../AuthenticateResult.cs                     |  77 --
 .../AuthenticationHandler.cs                  | 362 +++------
 .../AuthenticationMiddleware.cs               |  97 +--
 .../AuthenticationOptions.cs                  |  59 --
 .../AuthenticationSchemeOptions.cs            |  50 ++
 ...thenticationServiceCollectionExtensions.cs |  49 +-
 .../AuthenticationTicket.cs                   |  47 --
 .../AuthenticationToken.cs                    |  12 -
 ...laimsTransformationAppBuilderExtensions.cs |  75 --
 .../ClaimsTransformationContext.cs            |  15 -
 .../ClaimsTransformationHandler.cs            |  92 ---
 .../ClaimsTransformationMiddleware.cs         |  58 --
 .../ClaimsTransformationOptions.cs            |  18 -
 .../ClaimsTransformer.cs                      |  19 -
 .../{DataHandler => Data}/IDataSerializer.cs  |   0
 .../ISecureDataFormat.cs                      |   0
 .../PropertiesDataFormat.cs                   |   0
 .../PropertiesSerializer.cs                   |   0
 .../{DataHandler => Data}/SecureDataFormat.cs |   0
 .../{DataHandler => Data}/TextEncoder.cs      |   0
 .../{DataHandler => Data}/TicketDataFormat.cs |   0
 .../{DataHandler => Data}/TicketSerializer.cs |   0
 .../Events/BaseContext.cs                     |  27 -
 .../Events/BaseControlContext.cs              |  13 +-
 .../Events/EventResultState.cs                |   2 +-
 .../Events/FailureContext.cs                  |   2 +-
 .../Events/IRemoteAuthenticationEvents.cs     |  20 -
 .../Events/RemoteAuthenticationEvents.cs      |   2 +-
 .../Events/TicketReceivedContext.cs           |   3 +-
 .../HttpContextExtensions.cs                  |  22 -
 .../IClaimsTransformer.cs                     |  21 -
 ...Microsoft.AspNetCore.Authentication.csproj |   1 +
 .../Properties/Resources.Designer.cs          |  17 +
 .../RemoteAuthenticationHandler.cs            | 148 ++--
 .../RemoteAuthenticationOptions.cs            |  50 +-
 .../Resources.resx                            |   3 +
 .../SharedAuthenticationOptions.cs            |  15 -
 .../SystemClock.cs                            |   1 -
 .../TokenExtensions.cs                        | 135 ----
 .../CookiePolicyAppBuilderExtensions.cs       |  10 +-
 .../AuthenticationHandlerFacts.cs             | 282 -------
 .../AuthenticationMiddlewareTests.cs          | 181 +++++
 .../Base64UrlTextEncoderTests.cs              |   0
 ...ookieMiddlewareTests.cs => CookieTests.cs} | 757 ++++++++----------
 .../DynamicSchemeTests.cs                     | 134 ++++
 ...ookMiddlewareTests.cs => FacebookTests.cs} | 243 ++++--
 ...oogleMiddlewareTests.cs => GoogleTests.cs} | 454 ++++++-----
 ...erMiddlewareTests.cs => JwtBearerTests.cs} | 340 ++++----
 ...soft.AspNetCore.Authentication.Test.csproj |   5 +-
 .../MicrosoftAccountMiddlewareTests.cs        | 234 ------
 .../MicrosoftAccountTests.cs                  | 291 +++++++
 .../OAuthTests.cs                             | 173 ++++
 .../OpenIdConnect/MockOpenIdConnectMessage.cs |   2 +-
 .../OpenIdConnectChallengeTests.cs            |  79 +-
 .../OpenIdConnectConfigurationTests.cs        | 125 +--
 .../OpenIdConnect/OpenIdConnectEventTests.cs  |  72 +-
 ...ddlewareTests.cs => OpenIdConnectTests.cs} | 107 ++-
 .../OpenIdConnect/TestServerBuilder.cs        |  42 +-
 .../OpenIdConnect/TestServerExtensions.cs     |   1 -
 .../OpenIdConnect/TestSettings.cs             |  28 +-
 .../OpenIdConnect/TestTransaction.cs          |   2 +-
 .../SecureDataFormatTests.cs                  |   0
 .../TicketSerializerTests.cs                  |   0
 .../TokenExtensionTests.cs                    | 102 ++-
 .../Twitter/TwitterMiddlewareTests.cs         | 196 -----
 .../TwitterTests.cs                           | 249 ++++++
 ...osoft.AspNetCore.Authorization.Test.csproj |   4 -
 ....ChunkingCookieManager.Sources.Test.csproj |   4 -
 .../CookiePolicyTests.cs                      |  33 +-
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |   4 -
 .../CookieInteropTests.cs                     |  58 +-
 .../TicketInteropTests.cs                     |   2 +-
 175 files changed, 4280 insertions(+), 5030 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/IDataSerializer.cs (100%)
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/ISecureDataFormat.cs (100%)
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/PropertiesDataFormat.cs (100%)
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/PropertiesSerializer.cs (100%)
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/SecureDataFormat.cs (100%)
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/TextEncoder.cs (100%)
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/TicketDataFormat.cs (100%)
 rename src/Microsoft.AspNetCore.Authentication/{DataHandler => Data}/TicketSerializer.cs (100%)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
 rename test/Microsoft.AspNetCore.Authentication.Test/{DataHandler => }/Base64UrlTextEncoderTests.cs (100%)
 rename test/Microsoft.AspNetCore.Authentication.Test/{Cookies/CookieMiddlewareTests.cs => CookieTests.cs} (67%)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
 rename test/Microsoft.AspNetCore.Authentication.Test/{Facebook/FacebookMiddlewareTests.cs => FacebookTests.cs} (53%)
 rename test/Microsoft.AspNetCore.Authentication.Test/{Google/GoogleMiddlewareTests.cs => GoogleTests.cs} (79%)
 rename test/Microsoft.AspNetCore.Authentication.Test/{JwtBearer/JwtBearerMiddlewareTests.cs => JwtBearerTests.cs} (75%)
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
 rename test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/{OpenIdConnectMiddlewareTests.cs => OpenIdConnectTests.cs} (69%)
 rename test/Microsoft.AspNetCore.Authentication.Test/{DataHandler => }/SecureDataFormatTests.cs (100%)
 rename test/Microsoft.AspNetCore.Authentication.Test/{DataHandler => }/TicketSerializerTests.cs (100%)
 delete mode 100644 test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs

diff --git a/Security.sln b/Security.sln
index 50805feb16..81d0cc4b9c 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26020.0
+VisualStudioVersion = 15.0.26228.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -18,7 +18,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIdConnectSample", "samp
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Cookies", "src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication", "src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication", "src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj", "{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Facebook", "src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
 EndProject
@@ -58,9 +58,11 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Debug|Mixed Platforms = Debug|Mixed Platforms
+		Debug|x64 = Debug|x64
 		Debug|x86 = Debug|x86
 		Release|Any CPU = Release|Any CPU
 		Release|Mixed Platforms = Release|Mixed Platforms
+		Release|x64 = Release|x64
 		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
@@ -68,272 +70,364 @@ Global
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x64.Build.0 = Debug|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.Build.0 = Release|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x64.ActiveCfg = Release|Any CPU
+		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x64.Build.0 = Release|Any CPU
 		{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.ActiveCfg = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|x64.Build.0 = Debug|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Any CPU.Build.0 = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x64.ActiveCfg = Release|Any CPU
+		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x64.Build.0 = Release|Any CPU
 		{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x86.ActiveCfg = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|x64.Build.0 = Debug|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Any CPU.Build.0 = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x64.ActiveCfg = Release|Any CPU
+		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x64.Build.0 = Release|Any CPU
 		{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x86.ActiveCfg = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x64.Build.0 = Debug|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x86.Build.0 = Debug|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Any CPU.Build.0 = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x64.ActiveCfg = Release|Any CPU
+		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x64.Build.0 = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.ActiveCfg = Release|Any CPU
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.Build.0 = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x64.Build.0 = Debug|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x86.Build.0 = Debug|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Any CPU.Build.0 = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x64.ActiveCfg = Release|Any CPU
+		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x64.Build.0 = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.ActiveCfg = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.Build.0 = Release|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|x86.Build.0 = Debug|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Any CPU.Build.0 = Release|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|x86.ActiveCfg = Release|Any CPU
-		{2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|x86.Build.0 = Release|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x64.Build.0 = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x86.Build.0 = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Any CPU.Build.0 = Release|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x64.ActiveCfg = Release|Any CPU
+		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x64.Build.0 = Release|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x86.ActiveCfg = Release|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x86.Build.0 = Release|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x64.Build.0 = Debug|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x86.Build.0 = Debug|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Any CPU.Build.0 = Release|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x64.ActiveCfg = Release|Any CPU
+		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x64.Build.0 = Release|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x86.ActiveCfg = Release|Any CPU
 		{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x86.Build.0 = Release|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x64.Build.0 = Debug|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x86.Build.0 = Debug|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Any CPU.Build.0 = Release|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x64.ActiveCfg = Release|Any CPU
+		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x64.Build.0 = Release|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x86.ActiveCfg = Release|Any CPU
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x86.Build.0 = Release|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x64.Build.0 = Debug|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x86.Build.0 = Debug|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Any CPU.Build.0 = Release|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x64.ActiveCfg = Release|Any CPU
+		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x64.Build.0 = Release|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x86.ActiveCfg = Release|Any CPU
 		{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x86.Build.0 = Release|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x64.Build.0 = Debug|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x86.Build.0 = Debug|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Any CPU.Build.0 = Release|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x64.ActiveCfg = Release|Any CPU
+		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x64.Build.0 = Release|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x86.ActiveCfg = Release|Any CPU
 		{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x86.Build.0 = Release|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x64.Build.0 = Debug|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x86.Build.0 = Debug|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Any CPU.Build.0 = Release|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x64.ActiveCfg = Release|Any CPU
+		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x64.Build.0 = Release|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x86.ActiveCfg = Release|Any CPU
 		{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x86.Build.0 = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x64.Build.0 = Debug|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.Build.0 = Debug|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.Build.0 = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x64.ActiveCfg = Release|Any CPU
+		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x64.Build.0 = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|Any CPU
 		{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.Build.0 = Release|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x64.Build.0 = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x86.Build.0 = Debug|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Any CPU.Build.0 = Release|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x64.ActiveCfg = Release|Any CPU
+		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x64.Build.0 = Release|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x86.ActiveCfg = Release|Any CPU
 		{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x86.Build.0 = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x64.Build.0 = Debug|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x86.Build.0 = Debug|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Any CPU.Build.0 = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x64.ActiveCfg = Release|Any CPU
+		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x64.Build.0 = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.ActiveCfg = Release|Any CPU
 		{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.Build.0 = Release|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x64.Build.0 = Debug|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x86.Build.0 = Debug|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Any CPU.Build.0 = Release|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x64.ActiveCfg = Release|Any CPU
+		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x64.Build.0 = Release|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x86.ActiveCfg = Release|Any CPU
 		{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x86.Build.0 = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x64.Build.0 = Debug|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x86.Build.0 = Debug|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Any CPU.Build.0 = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x64.ActiveCfg = Release|Any CPU
+		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x64.Build.0 = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.ActiveCfg = Release|Any CPU
 		{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.Build.0 = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x64.Build.0 = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.Build.0 = Debug|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.Build.0 = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x64.ActiveCfg = Release|Any CPU
+		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x64.Build.0 = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x64.Build.0 = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x86.Build.0 = Debug|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Any CPU.Build.0 = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x64.ActiveCfg = Release|Any CPU
+		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x64.Build.0 = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.ActiveCfg = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.Build.0 = Release|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.Build.0 = Debug|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.Build.0 = Debug|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.Build.0 = Release|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.Build.0 = Release|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.ActiveCfg = Release|Any CPU
 		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.Build.0 = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.Build.0 = Debug|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.Build.0 = Debug|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.Build.0 = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.Build.0 = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.ActiveCfg = Release|Any CPU
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.Build.0 = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x64.Build.0 = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x86.Build.0 = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Any CPU.Build.0 = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x64.ActiveCfg = Release|Any CPU
+		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x64.Build.0 = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.ActiveCfg = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.Build.0 = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x64.Build.0 = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x86.Build.0 = Debug|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Any CPU.Build.0 = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x64.ActiveCfg = Release|Any CPU
+		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x64.Build.0 = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.ActiveCfg = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -344,7 +438,6 @@ Global
 		{19711880-46DA-4A26-9E0F-9B2E41D27651} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{FC152CC4-054B-457E-8D91-389C5DE3C561} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{2286250A-52C8-4126-9F93-B1E45F0AD078} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{76579C39-B829-490D-B8BE-1BD35FE8412E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
@@ -362,5 +455,6 @@ Global
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 002d878885..0480556f69 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,5 +1,6 @@
 using System.Linq;
 using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -13,24 +14,21 @@ namespace CookieSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
+            services.AddCookieAuthentication();
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = true
-            });
+            app.UseAuthentication();
 
             app.Run(async context =>
             {
                 if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }, CookieAuthenticationDefaults.AuthenticationScheme));
-                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
+                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index ecb61ab665..ca21070dcd 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -4,6 +4,7 @@ using System.Security.Claims;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -14,18 +15,14 @@ namespace CookieSessionSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
+            services.AddCookieAuthentication(o => o.SessionStore = new MemoryCacheTicketStore());
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = true,
-                SessionStore = new MemoryCacheTicketStore()
-            });
+            app.UseAuthentication();
 
             app.Run(async context =>
             {
@@ -39,7 +36,7 @@ namespace CookieSessionSample
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                     }
 
-                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
                         new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme)));
 
                     context.Response.ContentType = "text/plain";
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index bfff3d5199..1f93103294 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -17,6 +17,7 @@
     <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 4d1ca74761..9df41a9ab7 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -42,39 +43,12 @@ namespace JwtBearerSample
         // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
-        }
-
-        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
-        public void Configure(IApplicationBuilder app)
-        {
-            // Simple error page to avoid a repo dependency.
-            app.Use(async (context, next) =>
-            {
-                try
-                {
-                    await next();
-                }
-                catch (Exception ex)
-                {
-                    if (context.Response.HasStarted)
-                    {
-                        throw;
-                    }
-                    context.Response.StatusCode = 500;
-                    await context.Response.WriteAsync(ex.ToString());
-                }
-            });
-
-            app.UseDefaultFiles();
-            app.UseStaticFiles();
-
-            app.UseJwtBearerAuthentication(new JwtBearerOptions
+            services.AddJwtBearerAuthentication(o =>
             {
                 // You also need to update /wwwroot/app/scripts/app.js
-                Authority = Configuration["jwt:authority"],
-                Audience = Configuration["jwt:audience"],
-                Events = new JwtBearerEvents()
+                o.Authority = Configuration["jwt:authority"];
+                o.Audience = Configuration["jwt:audience"];
+                o.Events = new JwtBearerEvents()
                 {
                     OnAuthenticationFailed = c =>
                     {
@@ -89,24 +63,34 @@ namespace JwtBearerSample
                         }
                         return c.Response.WriteAsync("An error occurred processing your authentication.");
                     }
-                }
+                };
             });
+        }
+
+        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
+        public void Configure(IApplicationBuilder app)
+        {
+            app.UseDeveloperExceptionPage();
+
+            app.UseDefaultFiles();
+            app.UseStaticFiles();
+
+            app.UseAuthentication();
 
             // [Authorize] would usually handle this
             app.Use(async (context, next) =>
             {
-                // Use this if options.AutomaticAuthenticate = false
+                // Use this if there are multiple authentication schemes
                 // var user = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
 
-                var user = context.User; // We can do this because of  options.AutomaticAuthenticate = true;
+                var user = context.User; // We can do this because of there's only a single authentication scheme
                 if (user?.Identity?.IsAuthenticated ?? false)
                 {
                     await next();
                 }
                 else
                 {
-                    // We can do this because of options.AutomaticChallenge = true;
-                    await context.Authentication.ChallengeAsync();
+                    await context.ChallengeAsync();
                 }
             });
 
@@ -135,5 +119,4 @@ namespace JwtBearerSample
             });
         }
     }
-}
-
+}
\ No newline at end of file
diff --git a/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs b/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
index 54989c13a4..7d9b391213 100644
--- a/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
+++ b/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
@@ -1,9 +1,8 @@
 using System;
 using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 
 namespace OpenIdConnect.AzureAdSample
@@ -58,10 +57,9 @@ namespace OpenIdConnect.AzureAdSample
         private void BeforeAccessNotificationWithContext(TokenCacheNotificationArgs args)
         {
             // Retrieve the auth session with the cached tokens
-             var authenticateContext = new AuthenticateContext(_signInScheme);
-            _httpContext.Authentication.AuthenticateAsync(authenticateContext).Wait();
-            _authProperties = new AuthenticationProperties(authenticateContext.Properties);
-            _principal = authenticateContext.Principal;
+            var result = _httpContext.AuthenticateAsync(_signInScheme).Result;
+            _authProperties = result.Ticket.Properties;
+            _principal = result.Ticket.Principal;
 
             BeforeAccessNotificationWithProperties(args);
         }
@@ -87,7 +85,7 @@ namespace OpenIdConnect.AzureAdSample
                 var cachedTokens = Serialize();
                 var cachedTokensText = Convert.ToBase64String(cachedTokens);
                 _authProperties.Items[TokenCacheKey] = cachedTokensText;
-                _httpContext.Authentication.SignInAsync(_signInScheme, _principal, _authProperties).Wait();
+                _httpContext.SignInAsync(_signInScheme, _principal, _authProperties).Wait();
             }
         }
 
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index a5982549bf..a37c3659da 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -17,6 +17,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(IdentityModelActiveDirectoryVersion)" />
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index ec80cd651d..19bb0ac6a3 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -3,12 +3,12 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -37,68 +37,55 @@ namespace OpenIdConnect.AzureAdSample
 
         public IConfiguration Configuration { get; set; }
 
+        private string ClientId => Configuration["oidc:clientid"];
+        private string ClientSecret => Configuration["oidc:clientsecret"];
+        private string Authority => Configuration["oidc:authority"];
+        private string Resource => "https://graph.windows.net";
+
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication(sharedOptions =>
-                sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
+            {
+                sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
+            });
+
+            services.AddCookieAuthentication();
+
+            services.AddOpenIdConnectAuthentication(o =>
+            {
+                o.ClientId = ClientId;
+                o.ClientSecret = ClientSecret; // for code flow
+                o.Authority = Authority;
+                o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
+                o.PostLogoutRedirectUri = "/signed-out";
+                // GetClaimsFromUserInfoEndpoint = true,
+                o.Events = new OpenIdConnectEvents()
+                {
+                    OnAuthorizationCodeReceived = async context =>
+                    {
+                        var request = context.HttpContext.Request;
+                        var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
+                        var credential = new ClientCredential(ClientId, ClientSecret);
+                        var authContext = new AuthenticationContext(Authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
+
+                        var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
+                            context.ProtocolMessage.Code, new Uri(currentUri), credential, Resource);
+
+                        context.HandleCodeRedemption(result.AccessToken, result.IdToken);
+                    }
+                };
+            });
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
             loggerfactory.AddConsole(Microsoft.Extensions.Logging.LogLevel.Information);
 
-            // Simple error page
-            app.Use(async (context, next) =>
-            {
-                try
-                {
-                    await next();
-                }
-                catch (Exception ex)
-                {
-                    if (!context.Response.HasStarted)
-                    {
-                        context.Response.Clear();
-                        context.Response.StatusCode = 500;
-                        await context.Response.WriteAsync(ex.ToString());
-                    }
-                    else
-                    {
-                        throw;
-                    }
-                }
-            });
+            app.UseDeveloperExceptionPage();
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions());
-
-            var clientId = Configuration["oidc:clientid"];
-            var clientSecret = Configuration["oidc:clientsecret"];
-            var authority = Configuration["oidc:authority"];
-            var resource = "https://graph.windows.net";
-            app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
-            {
-                ClientId = clientId,
-                ClientSecret = clientSecret, // for code flow
-                Authority = authority,
-                ResponseType = OpenIdConnectResponseType.CodeIdToken,
-                PostLogoutRedirectUri = "/signed-out",
-                // GetClaimsFromUserInfoEndpoint = true,
-                Events = new OpenIdConnectEvents()
-                {
-                    OnAuthorizationCodeReceived = async context =>
-                    {
-                        var request = context.HttpContext.Request;
-                        var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
-                        var credential = new ClientCredential(clientId, clientSecret);
-                        var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
-
-                        var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
-                            context.ProtocolMessage.Code, new Uri(currentUri), credential, resource);
-
-                        context.HandleCodeRedemption(result.AccessToken, result.IdToken);
-                    }
-                }
-            });
+            app.UseAuthentication();
 
             app.Run(async context =>
             {
@@ -111,13 +98,11 @@ namespace OpenIdConnect.AzureAdSample
                         return;
                     }
 
-                    await context.Authentication.ChallengeAsync(
-                        OpenIdConnectDefaults.AuthenticationScheme,
-                        new AuthenticationProperties { RedirectUri = "/" });
+                    await context.ChallengeAsync(new AuthenticationProperties { RedirectUri = "/" });
                 }
                 else if (context.Request.Path.Equals("/signout"))
                 {
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response,
                         async response =>
                         {
@@ -127,8 +112,8 @@ namespace OpenIdConnect.AzureAdSample
                 }
                 else if (context.Request.Path.Equals("/signout-remote"))
                 {
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
                 }
                 else if (context.Request.Path.Equals("/signed-out"))
                 {
@@ -141,7 +126,7 @@ namespace OpenIdConnect.AzureAdSample
                 }
                 else if (context.Request.Path.Equals("/remote-signedout"))
                 {
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response,
                         async response =>
                         {
@@ -153,7 +138,7 @@ namespace OpenIdConnect.AzureAdSample
                 {
                     if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                     {
-                        await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+                        await context.ChallengeAsync(new AuthenticationProperties { RedirectUri = "/" });
                         return;
                     }
 
@@ -170,10 +155,10 @@ namespace OpenIdConnect.AzureAdSample
                         try
                         {
                             // Use ADAL to get the right token
-                            var authContext = new AuthenticationContext(authority, AuthPropertiesTokenCache.ForApiCalls(context, CookieAuthenticationDefaults.AuthenticationScheme));
-                            var credential = new ClientCredential(clientId, clientSecret);
+                            var authContext = new AuthenticationContext(Authority, AuthPropertiesTokenCache.ForApiCalls(context, CookieAuthenticationDefaults.AuthenticationScheme));
+                            var credential = new ClientCredential(ClientId, ClientSecret);
                             string userObjectID = context.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
-                            var result = await authContext.AcquireTokenSilentAsync(resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
+                            var result = await authContext.AcquireTokenSilentAsync(Resource, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
 
                             await response.WriteAsync($"<h3>access_token</h3><code>{HtmlEncode(result.AccessToken)}</code><br>");
                         }
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index eaf3a2e87e..74661c2f32 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -18,6 +18,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(AspNetCoreVersion)" />
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 587e1e9c16..5faa48b52a 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -3,12 +3,12 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -42,46 +42,22 @@ namespace OpenIdConnectSample
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication(sharedOptions =>
-                sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
-        }
-
-        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
-        {
-            loggerfactory.AddConsole(LogLevel.Information);
-            loggerfactory.AddDebug(LogLevel.Information);
-
-            // Simple error page
-            app.Use(async (context, next) =>
             {
-                try
-                {
-                    await next();
-                }
-                catch (Exception ex)
-                {
-                    if (!context.Response.HasStarted)
-                    {
-                        context.Response.Clear();
-                        context.Response.StatusCode = 500;
-                        await context.Response.WriteAsync(ex.ToString());
-                    }
-                    else
-                    {
-                        throw;
-                    }
-                }
+                sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
             });
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions());
+            services.AddCookieAuthentication();
 
-            app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
+            services.AddOpenIdConnectAuthentication(o =>
             {
-                ClientId = Configuration["oidc:clientid"],
-                ClientSecret = Configuration["oidc:clientsecret"], // for code flow
-                Authority = Configuration["oidc:authority"],
-                ResponseType = OpenIdConnectResponseType.CodeIdToken,
-                GetClaimsFromUserInfoEndpoint = true,
-                Events = new OpenIdConnectEvents()
+                o.ClientId = Configuration["oidc:clientid"];
+                o.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
+                o.Authority = Configuration["oidc:authority"];
+                o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
+                o.GetClaimsFromUserInfoEndpoint = true;
+                o.Events = new OpenIdConnectEvents()
                 {
                     OnAuthenticationFailed = c =>
                     {
@@ -96,8 +72,17 @@ namespace OpenIdConnectSample
                         }
                         return c.Response.WriteAsync("An error occurred processing your authentication.");
                     }
-                }
+                };
             });
+        }
+
+        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        {
+            loggerfactory.AddConsole(LogLevel.Information);
+            loggerfactory.AddDebug(LogLevel.Information);
+
+            app.UseDeveloperExceptionPage();
+            app.UseAuthentication();
 
             app.Run(async context =>
             {
@@ -113,7 +98,7 @@ namespace OpenIdConnectSample
 
                 if (context.Request.Path.Equals("/signout"))
                 {
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response, async res =>
                     {
                         await context.Response.WriteAsync($"<h1>Signed out {HtmlEncode(context.User.Identity.Name)}</h1>");
@@ -125,8 +110,8 @@ namespace OpenIdConnectSample
                 if (context.Request.Path.Equals("/signout-remote"))
                 {
                     // Redirects
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties()
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties()
                     {
                         RedirectUri = "/signedout"
                     });
@@ -135,7 +120,7 @@ namespace OpenIdConnectSample
 
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await WriteHtmlAsync(context.Response, async res =>
                     {
                         await context.Response.WriteAsync($"<h1>Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}'</h1>");
@@ -144,24 +129,23 @@ namespace OpenIdConnectSample
                     return;
                 }
 
-                // CookieAuthenticationOptions.AutomaticAuthenticate = true (default) causes User to be set
+                // DefaultAuthenticateScheme causes User to be set
                 var user = context.User;
 
                 // This is what [Authorize] calls
-                // var user = await context.Authentication.AuthenticateAsync(AuthenticationManager.AutomaticScheme);
+                // var user = await context.AuthenticateAsync();
 
                 // This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
-                // var user = await context.Authentication.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                // var user = await context.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
 
                 // Not authenticated
                 if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     // This is what [Authorize] calls
-                    // The cookie middleware will intercept this 401 and redirect to /login
-                    await context.Authentication.ChallengeAsync();
+                    await context.ChallengeAsync();
 
                     // This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
-                    // await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                    // await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
 
                     return;
                 }
@@ -169,11 +153,10 @@ namespace OpenIdConnectSample
                 // Authenticated, but not authorized
                 if (context.Request.Path.Equals("/restricted") && !user.Identities.Any(identity => identity.HasClaim("special", "true")))
                 {
-                    await context.Authentication.ChallengeAsync();
+                    await context.ChallengeAsync();
                     return;
                 }
 
-
                 await WriteHtmlAsync(context.Response, async response =>
                 {
                     await response.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 09ece106cb..fe63ab5ca0 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -22,6 +22,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 31ec187a02..3f64d813da 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -14,7 +14,6 @@ using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -45,38 +44,6 @@ namespace SocialSample
 
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication(options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
-        }
-
-        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
-        {
-            loggerfactory.AddConsole(LogLevel.Information);
-
-            // Simple error page to avoid a repo dependency.
-            app.Use(async (context, next) =>
-            {
-                try
-                {
-                    await next();
-                }
-                catch (Exception ex)
-                {
-                    if (context.Response.HasStarted)
-                    {
-                        throw;
-                    }
-                    context.Response.StatusCode = 500;
-                    await context.Response.WriteAsync(ex.ToString());
-                }
-            });
-
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = true,
-                AutomaticChallenge = true,
-                LoginPath = new PathString("/login")
-            });
-
             if (string.IsNullOrEmpty(Configuration["facebook:appid"]))
             {
                 // User-Secrets: https://docs.asp.net/en/latest/security/app-secrets.html
@@ -84,40 +51,51 @@ namespace SocialSample
                 throw new InvalidOperationException("User secrets must be configured for each authentication provider.");
             }
 
+            services.AddAuthentication(options =>
+            {
+                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+            });
+
+            services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login"));
+
             // You must first create an app with Facebook and add its ID and Secret to your user-secrets.
             // https://developers.facebook.com/apps/
-            app.UseFacebookAuthentication(new FacebookOptions
+            services.AddFacebookAuthentication(o =>
             {
-                AppId = Configuration["facebook:appid"],
-                AppSecret = Configuration["facebook:appsecret"],
-                Scope = { "email" },
-                Fields = { "name", "email" },
-                SaveTokens = true,
+                o.AppId = Configuration["facebook:appid"];
+                o.AppSecret = Configuration["facebook:appsecret"];
+                o.Scope.Add("email");
+                o.Fields.Add("name");
+                o.Fields.Add("email");
+                o.SaveTokens = true;
             });
 
             // You must first create an app with Google and add its ID and Secret to your user-secrets.
             // https://console.developers.google.com/project
-            app.UseOAuthAuthentication(new OAuthOptions
+            services.AddOAuthAuthentication("Google-AccessToken", o =>
             {
-                AuthenticationScheme = "Google-AccessToken",
-                DisplayName = "Google-AccessToken",
-                ClientId = Configuration["google:clientid"],
-                ClientSecret = Configuration["google:clientsecret"],
-                CallbackPath = new PathString("/signin-google-token"),
-                AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint,
-                TokenEndpoint = GoogleDefaults.TokenEndpoint,
-                Scope = { "openid", "profile", "email" },
-                SaveTokens = true
+                o.DisplayName = "Google-AccessToken";
+                o.ClientId = Configuration["google:clientid"];
+                o.ClientSecret = Configuration["google:clientsecret"];
+                o.CallbackPath = new PathString("/signin-google-token");
+                o.AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
+                o.TokenEndpoint = GoogleDefaults.TokenEndpoint;
+                o.Scope.Add("openid");
+                o.Scope.Add("profile");
+                o.Scope.Add("email");
+                o.SaveTokens = true;
             });
 
             // You must first create an app with Google and add its ID and Secret to your user-secrets.
             // https://console.developers.google.com/project
-            var googleOptions = new GoogleOptions
+            services.AddGoogleAuthentication(o =>
             {
-                ClientId = Configuration["google:clientid"],
-                ClientSecret = Configuration["google:clientsecret"],
-                SaveTokens = true,
-                Events = new OAuthEvents()
+                o.ClientId = Configuration["google:clientid"];
+                o.ClientSecret = Configuration["google:clientsecret"];
+                o.SaveTokens = true;
+                o.Events = new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -125,23 +103,23 @@ namespace SocialSample
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                }
-            };
-            googleOptions.ClaimActions.MapJsonSubKey("urn:google:image", "image", "url");
-            googleOptions.ClaimActions.Remove(ClaimTypes.GivenName);
-            app.UseGoogleAuthentication(googleOptions);
+                };
+                o.ClaimActions.MapJsonSubKey("urn:google:image", "image", "url");
+                o.ClaimActions.Remove(ClaimTypes.GivenName);
+            });
 
             // You must first create an app with Twitter and add its key and Secret to your user-secrets.
             // https://apps.twitter.com/
-            var twitterOptions = new TwitterOptions
+            services.AddTwitterAuthentication(o =>
             {
-                ConsumerKey = Configuration["twitter:consumerkey"],
-                ConsumerSecret = Configuration["twitter:consumersecret"],
+                o.ConsumerKey = Configuration["twitter:consumerkey"];
+                o.ConsumerSecret = Configuration["twitter:consumersecret"];
                 // http://stackoverflow.com/questions/22627083/can-we-get-email-id-from-twitter-oauth-api/32852370#32852370
                 // http://stackoverflow.com/questions/36330675/get-users-email-from-twitter-api-for-external-login-authentication-asp-net-mvc?lq=1
-                RetrieveUserDetails = true,
-                SaveTokens = true,
-                Events = new TwitterEvents()
+                o.RetrieveUserDetails = true;
+                o.SaveTokens = true;
+                o.ClaimActions.MapJsonKey("urn:twitter:profilepicture", "profile_image_url", ClaimTypes.Uri);
+                o.Events = new TwitterEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -149,10 +127,8 @@ namespace SocialSample
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                }
-            };
-            twitterOptions.ClaimActions.MapJsonKey("urn:twitter:profilepicture", "profile_image_url", ClaimTypes.Uri);
-            app.UseTwitterAuthentication(twitterOptions);
+                };
+            });
 
             /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
                Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
@@ -160,59 +136,60 @@ namespace SocialSample
             */
             // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
             // https://apps.dev.microsoft.com/
-            app.UseOAuthAuthentication(new OAuthOptions
+            services.AddOAuthAuthentication("Microsoft-AccessToken", o =>
             {
-                AuthenticationScheme = "Microsoft-AccessToken",
-                DisplayName = "MicrosoftAccount-AccessToken",
-                ClientId = Configuration["microsoftaccount:clientid"],
-                ClientSecret = Configuration["microsoftaccount:clientsecret"],
-                CallbackPath = new PathString("/signin-microsoft-token"),
-                AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint,
-                TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint,
-                Scope = { "https://graph.microsoft.com/user.read" },
-                SaveTokens = true
+                o.DisplayName = "MicrosoftAccount-AccessToken";
+                o.ClientId = Configuration["microsoftaccount:clientid"];
+                o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
+                o.CallbackPath = new PathString("/signin-microsoft-token");
+                o.AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
+                o.TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
+                o.Scope.Add("https://graph.microsoft.com/user.read");
+                o.SaveTokens = true;
             });
 
             // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
             // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
-            app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
+            services.AddMicrosoftAccountAuthentication(o =>
             {
-                DisplayName = "MicrosoftAccount",
-                ClientId = Configuration["microsoftaccount:clientid"],
-                ClientSecret = Configuration["microsoftaccount:clientsecret"],
-                SaveTokens = true
+                o.ClientId = Configuration["microsoftaccount:clientid"];
+                o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
+                o.SaveTokens = true;
             });
 
             // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
             // https://github.com/settings/applications/
-            app.UseOAuthAuthentication(new OAuthOptions
+            services.AddOAuthAuthentication("GitHub-AccessToken", o =>
             {
-                AuthenticationScheme = "GitHub-AccessToken",
-                DisplayName = "Github-AccessToken",
-                ClientId = Configuration["github-token:clientid"],
-                ClientSecret = Configuration["github-token:clientsecret"],
-                CallbackPath = new PathString("/signin-github-token"),
-                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
-                TokenEndpoint = "https://github.com/login/oauth/access_token",
-                SaveTokens = true
+                o.DisplayName = "Github-AccessToken";
+                o.ClientId = Configuration["github-token:clientid"];
+                o.ClientSecret = Configuration["github-token:clientsecret"];
+                o.CallbackPath = new PathString("/signin-github-token");
+                o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
+                o.TokenEndpoint = "https://github.com/login/oauth/access_token";
+                o.SaveTokens = true;
+                o.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
+                o.ClaimActions.MapJsonKey(ClaimTypes.Name, "login");
+                o.ClaimActions.MapJsonKey("urn:github:name", "name");
+                o.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
+                o.ClaimActions.MapJsonKey("urn:github:url", "url");
             });
 
             // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
             // https://github.com/settings/applications/
-            var githubOptions = new OAuthOptions
+            services.AddOAuthAuthentication("GitHub", o =>
             {
-                AuthenticationScheme = "GitHub",
-                DisplayName = "Github",
-                ClientId = Configuration["github:clientid"],
-                ClientSecret = Configuration["github:clientsecret"],
-                CallbackPath = new PathString("/signin-github"),
-                AuthorizationEndpoint = "https://github.com/login/oauth/authorize",
-                TokenEndpoint = "https://github.com/login/oauth/access_token",
-                UserInformationEndpoint = "https://api.github.com/user",
-                ClaimsIssuer = "OAuth2-Github",
-                SaveTokens = true,
+                o.DisplayName = "Github";
+                o.ClientId = Configuration["github:clientid"];
+                o.ClientSecret = Configuration["github:clientsecret"];
+                o.CallbackPath = new PathString("/signin-github");
+                o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
+                o.TokenEndpoint = "https://github.com/login/oauth/access_token";
+                o.UserInformationEndpoint = "https://api.github.com/user";
+                o.ClaimsIssuer = "OAuth2-Github";
+                o.SaveTokens = true;
                 // Retrieving user information is unique to each provider.
-                Events = new OAuthEvents
+                o.Events = new OAuthEvents
                 {
                     OnCreatingTicket = async context =>
                     {
@@ -228,14 +205,17 @@ namespace SocialSample
 
                         context.RunClaimActions(user);
                     }
-                }
-            };
-            githubOptions.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
-            githubOptions.ClaimActions.MapJsonKey(ClaimTypes.Name, "login");
-            githubOptions.ClaimActions.MapJsonKey("urn:github:name", "name");
-            githubOptions.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
-            githubOptions.ClaimActions.MapJsonKey("urn:github:url", "url");
-            app.UseOAuthAuthentication(githubOptions);
+                };
+            });
+        }
+
+        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        {
+            loggerfactory.AddConsole(LogLevel.Information);
+
+            app.UseDeveloperExceptionPage();
+
+            app.UseAuthentication();
 
             // Choose an authentication type
             app.Map("/login", signinApp =>
@@ -247,16 +227,18 @@ namespace SocialSample
                     {
                         // By default the client will be redirect back to the URL that issued the challenge (/login?authtype=foo),
                         // send them to the home page instead (/).
-                        await context.Authentication.ChallengeAsync(authType, new AuthenticationProperties() { RedirectUri = "/" });
+                        await context.ChallengeAsync(authType, new AuthenticationProperties() { RedirectUri = "/" });
                         return;
                     }
 
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("Choose an authentication scheme: <br>");
-                    foreach (var type in context.Authentication.GetAuthenticationSchemes())
+                    var schemeProvider = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
+                    foreach (var provider in await schemeProvider.GetAllSchemesAsync())
                     {
-                        await context.Response.WriteAsync("<a href=\"?authscheme=" + type.AuthenticationScheme + "\">" + (type.DisplayName ?? "(suppressed)") + "</a><br>");
+                        // REVIEW: we lost access to display name (which is buried in the handler options)
+                        await context.Response.WriteAsync("<a href=\"?authscheme=" + provider.Name + "\">" + (provider.Name ?? "(suppressed)") + "</a><br>");
                     }
                     await context.Response.WriteAsync("</body></html>");
                 });
@@ -268,7 +250,7 @@ namespace SocialSample
                 signoutApp.Run(async context =>
                 {
                     context.Response.ContentType = "text/html";
-                    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
                     await context.Response.WriteAsync("<a href=\"/\">Home</a>");
@@ -292,24 +274,24 @@ namespace SocialSample
 
             app.Run(async context =>
             {
-                // CookieAuthenticationOptions.AutomaticAuthenticate = true (default) causes User to be set
+                // Setting DefaultAuthenticateScheme causes User to be set
                 var user = context.User;
 
                 // This is what [Authorize] calls
-                // var user = await context.Authentication.AuthenticateAsync(AuthenticationManager.AutomaticScheme);
+                // var user = await context.AuthenticateAsync();
 
                 // This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
-                // var user = await context.Authentication.AuthenticateAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+                // var user = await context.AuthenticateAsync(MicrosoftAccountDefaults.AuthenticationScheme);
 
                 // Deny anonymous request beyond this point.
                 if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     // This is what [Authorize] calls
                     // The cookie middleware will intercept this 401 and redirect to /login
-                    await context.Authentication.ChallengeAsync();
+                    await context.ChallengeAsync();
 
                     // This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
-                    // await context.Authentication.ChallengeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+                    // await context.ChallengeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
 
                     return;
                 }
@@ -324,11 +306,11 @@ namespace SocialSample
                 }
 
                 await context.Response.WriteAsync("Tokens:<br>");
-
-                await context.Response.WriteAsync("Access Token: " + await context.Authentication.GetTokenAsync("access_token") + "<br>");
-                await context.Response.WriteAsync("Refresh Token: " + await context.Authentication.GetTokenAsync("refresh_token") + "<br>");
-                await context.Response.WriteAsync("Token Type: " + await context.Authentication.GetTokenAsync("token_type") + "<br>");
-                await context.Response.WriteAsync("expires_at: " + await context.Authentication.GetTokenAsync("expires_at") + "<br>");
+                
+                await context.Response.WriteAsync("Access Token: " + await context.GetTokenAsync("access_token") + "<br>");
+                await context.Response.WriteAsync("Refresh Token: " + await context.GetTokenAsync("refresh_token") + "<br>");
+                await context.Response.WriteAsync("Token Type: " + await context.GetTokenAsync("token_type") + "<br>");
+                await context.Response.WriteAsync("expires_at: " + await context.GetTokenAsync("expires_at") + "<br>");
                 await context.Response.WriteAsync("<a href=\"/logout\">Logout</a><br>");
                 await context.Response.WriteAsync("</body></html>");
             });
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
index 765d1f51cd..bb5cdfff0e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
     public static class CookieAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            
-            return app.UseMiddleware<CookieAuthenticationMiddleware>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="CookieAuthenticationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="CookieAuthenticationOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A <see cref="CookieAuthenticationOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<CookieAuthenticationMiddleware>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
index ad0e17a096..700b607976 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -6,7 +6,7 @@ using Microsoft.AspNetCore.Http;
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
-    /// Default values related to cookie-based authentication middleware
+    /// Default values related to cookie-based authentication handler
     /// </summary>
     public static class CookieAuthenticationDefaults
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 1f2b395b1d..017e7911cc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -1,32 +1,97 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 using System.Linq;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Http.Features;
-using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Internal;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    internal class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
+    public class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
     {
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueMinusOne = "-1";
         private const string SessionIdClaim = "Microsoft.AspNetCore.Authentication.Cookies-SessionId";
 
         private bool _shouldRefresh;
+        private bool _signInCalled;
+        private bool _signOutCalled;
+
         private DateTimeOffset? _refreshIssuedUtc;
         private DateTimeOffset? _refreshExpiresUtc;
         private string _sessionKey;
         private Task<AuthenticateResult> _readCookieTask;
 
+        public CookieAuthenticationHandler(IOptionsSnapshot<CookieAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        { }
+
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new CookieAuthenticationEvents Events
+        {
+            get { return (CookieAuthenticationEvents)base.Events; }
+            set { base.Events = value; }
+        }
+
+        protected override Task InitializeHandlerAsync()
+        {
+            // Cookies needs to finish the response
+            Context.Response.OnStarting(FinishResponseAsync);
+            return TaskCache.CompletedTask;
+        }
+
+        /// <summary>
+        /// Creates a new instance of the events instance.
+        /// </summary>
+        /// <returns>A new instance of the events instance.</returns>
+        protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new CookieAuthenticationEvents());
+
+        protected override void InitializeOptions()
+        {
+            base.InitializeOptions();
+
+            if (String.IsNullOrEmpty(Options.CookieName))
+            {
+                Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Scheme.Name;
+            }
+            if (Options.TicketDataFormat == null)
+            {
+                var provider = Options.DataProtectionProvider ?? Context.RequestServices.GetRequiredService<IDataProtectionProvider>();
+                // Note: the purpose for the data protector must remain fixed for interop to work.
+                var dataProtector = provider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", Scheme.Name, "v2");
+                Options.TicketDataFormat = new TicketDataFormat(dataProtector);
+            }
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = new ChunkingCookieManager();
+            }
+            if (!Options.LoginPath.HasValue)
+            {
+                Options.LoginPath = CookieAuthenticationDefaults.LoginPath;
+            }
+            if (!Options.LogoutPath.HasValue)
+            {
+                Options.LogoutPath = CookieAuthenticationDefaults.LogoutPath;
+            }
+            if (!Options.AccessDeniedPath.HasValue)
+            {
+                Options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
+            }
+        }
+
         private Task<AuthenticateResult> EnsureCookieTicket()
         {
             // We only need to read the ticket once
@@ -39,7 +104,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         private void CheckForRefresh(AuthenticationTicket ticket)
         {
-            var currentUtc = Options.SystemClock.UtcNow;
+            var currentUtc = Clock.UtcNow;
             var issuedUtc = ticket.Properties.IssuedUtc;
             var expiresUtc = ticket.Properties.ExpiresUtc;
             var allowRefresh = ticket.Properties.AllowRefresh ?? true;
@@ -63,7 +128,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             if (issuedUtc != null && expiresUtc != null)
             {
                 _shouldRefresh = true;
-                var currentUtc = Options.SystemClock.UtcNow;
+                var currentUtc = Clock.UtcNow;
                 _refreshIssuedUtc = currentUtc;
                 var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
                 _refreshExpiresUtc = currentUtc.Add(timeSpan);
@@ -75,7 +140,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
             if (string.IsNullOrEmpty(cookie))
             {
-                return AuthenticateResult.Skip();
+                return AuthenticateResult.None();
             }
 
             var ticket = Options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding());
@@ -99,7 +164,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 }
             }
 
-            var currentUtc = Options.SystemClock.UtcNow;
+            var currentUtc = Clock.UtcNow;
             var issuedUtc = ticket.Properties.IssuedUtc;
             var expiresUtc = ticket.Properties.ExpiresUtc;
 
@@ -126,8 +191,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 return result;
             }
 
-            var context = new CookieValidatePrincipalContext(Context, result.Ticket, Options);
-            await Options.Events.ValidatePrincipal(context);
+            var context = new CookieValidatePrincipalContext(Context, Scheme, result.Ticket, Options);
+            await Events.ValidatePrincipal(context);
 
             if (context.Principal == null)
             {
@@ -139,7 +204,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 RequestRefresh(result.Ticket);
             }
 
-            return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme));
+            return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name));
         }
 
         private CookieOptions BuildCookieOptions()
@@ -163,10 +228,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             return cookieOptions;
         }
 
-        protected override async Task FinishResponseAsync()
+        protected virtual async Task FinishResponseAsync()
         {
             // Only renew if requested, and neither sign in or sign out was called
-            if (!_shouldRefresh || SignInAccepted || SignOutAccepted)
+            if (!_shouldRefresh || _signInCalled || _signOutCalled)
             {
                 return;
             }
@@ -192,8 +257,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     var principal = new ClaimsPrincipal(
                         new ClaimsIdentity(
                             new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
-                            Options.AuthenticationScheme));
-                    ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+                            Scheme.Name));
+                    ticket = new AuthenticationTicket(principal, null, Scheme.Name);
                 }
 
                 var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
@@ -216,16 +281,18 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         protected override async Task HandleSignInAsync(SignInContext signin)
         {
+            _signInCalled = true;
+
             // Process the request cookie to initialize members like _sessionKey.
             var result = await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
 
             var signInContext = new CookieSigningInContext(
                 Context,
+                Scheme,
                 Options,
-                Options.AuthenticationScheme,
                 signin.Principal,
-                new AuthenticationProperties(signin.Properties),
+                signin.Properties,
                 cookieOptions);
 
             DateTimeOffset issuedUtc;
@@ -235,7 +302,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
             else
             {
-                issuedUtc = Options.SystemClock.UtcNow;
+                issuedUtc = Clock.UtcNow;
                 signInContext.Properties.IssuedUtc = issuedUtc;
             }
 
@@ -244,7 +311,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
             }
 
-            await Options.Events.SigningIn(signInContext);
+            await Events.SigningIn(signInContext);
 
             if (signInContext.Properties.IsPersistent)
             {
@@ -264,7 +331,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     new ClaimsIdentity(
                         new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
                         Options.ClaimsIssuer));
-                ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+                ticket = new AuthenticationTicket(principal, null, Scheme.Name);
             }
 
             var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
@@ -277,12 +344,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             var signedInContext = new CookieSignedInContext(
                 Context,
+                Scheme,
                 Options,
-                Options.AuthenticationScheme,
+                Scheme.Name,
                 signInContext.Principal,
                 signInContext.Properties);
 
-            await Options.Events.SignedIn(signedInContext);
+            await Events.SignedIn(signedInContext);
 
             // Only redirect on the login path
             var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
@@ -291,6 +359,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
         {
+            _signOutCalled = true;
+
             // Process the request cookie to initialize members like _sessionKey.
             var ticket = await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
@@ -301,11 +371,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             var context = new CookieSigningOutContext(
                 Context,
+                Scheme,
                 Options,
-                new AuthenticationProperties(signOutContext.Properties),
+                signOutContext.Properties,
                 cookieOptions);
 
-            await Options.Events.SigningOut(context);
+            await Events.SigningOut(context);
 
             Options.CookieManager.DeleteCookie(
                 Context,
@@ -343,8 +414,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
                 if (redirectUri != null)
                 {
-                    await Options.Events.RedirectToReturnUrl(
-                        new CookieRedirectContext(Context, Options, redirectUri, properties));
+                    await Events.RedirectToReturnUrl(
+                        new CookieRedirectContext(Context, Scheme, Options, redirectUri, properties));
                 }
             }
         }
@@ -362,28 +433,27 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             return path[0] == '/' && path[1] != '/' && path[1] != '\\';
         }
 
-        protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        protected override async Task HandleForbiddenAsync(ChallengeContext context)
         {
-            var properties = new AuthenticationProperties(context.Properties);
+            var properties = context.Properties;
             var returnUrl = properties.RedirectUri;
             if (string.IsNullOrEmpty(returnUrl))
             {
                 returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
             }
             var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
-            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri), properties);
-            await Options.Events.RedirectToAccessDenied(redirectContext);
-            return true;
+            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(accessDeniedUri), properties);
+            await Events.RedirectToAccessDenied(redirectContext);
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
         {
             if (context == null)
             {
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties);
+            var properties = context.Properties;
             var redirectUri = properties.RedirectUri;
             if (string.IsNullOrEmpty(redirectUri))
             {
@@ -391,10 +461,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
 
             var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-            var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri), properties);
-            await Options.Events.RedirectToLogin(redirectContext);
-            return true;
-
+            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(loginUri), properties);
+            await Events.RedirectToLogin(redirectContext);
         }
 
         private string GetTlsTokenBinding()
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
deleted file mode 100644
index 14d152a818..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
-    public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAuthenticationOptions>
-    {
-        public CookieAuthenticationMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder urlEncoder,
-            IOptions<CookieAuthenticationOptions> options)
-            : base(next, options, loggerFactory, urlEncoder)
-        {
-            if (dataProtectionProvider == null)
-            {
-                throw new ArgumentNullException(nameof(dataProtectionProvider));
-            }
-
-            if (Options.Events == null)
-            {
-                Options.Events = new CookieAuthenticationEvents();
-            }
-            if (String.IsNullOrEmpty(Options.CookieName))
-            {
-                Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationScheme;
-            }
-            if (Options.TicketDataFormat == null)
-            {
-                var provider = Options.DataProtectionProvider ?? dataProtectionProvider;
-                var dataProtector = provider.CreateProtector(typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
-                Options.TicketDataFormat = new TicketDataFormat(dataProtector);
-            }
-            if (Options.CookieManager == null)
-            {
-                Options.CookieManager = new ChunkingCookieManager();
-            }
-            if (!Options.LoginPath.HasValue)
-            {
-                Options.LoginPath = CookieAuthenticationDefaults.LoginPath;
-            }
-            if (!Options.LogoutPath.HasValue)
-            {
-                Options.LogoutPath = CookieAuthenticationDefaults.LogoutPath;
-            }
-            if (!Options.AccessDeniedPath.HasValue)
-            {
-                Options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
-            }
-        }
-
-        protected override AuthenticationHandler<CookieAuthenticationOptions> CreateHandler()
-        {
-            return new CookieAuthenticationHandler();
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index b425612508..56d6ca238a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -2,19 +2,15 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.ComponentModel;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
-    /// Configuration options for <see cref="CookieAuthenticationMiddleware"/>.
+    /// Configuration options for <see cref="CookieAuthenticationOptions"/>.
     /// </summary>
-    public class CookieAuthenticationOptions : AuthenticationOptions, IOptions<CookieAuthenticationOptions>
+    public class CookieAuthenticationOptions : AuthenticationSchemeOptions
     {
         private string _cookieName;
 
@@ -23,21 +19,18 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public CookieAuthenticationOptions()
         {
-            AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            AutomaticAuthenticate = true;
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
             CookieHttpOnly = true;
             CookieSecure = CookieSecurePolicy.SameAsRequest;
-            SystemClock = new SystemClock();
             Events = new CookieAuthenticationEvents();
         }
 
         /// <summary>
         /// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies".
         /// This value should be changed if you change the name of the AuthenticationScheme, especially if your
-        /// system uses the cookie authentication middleware multiple times.
+        /// system uses the cookie authentication handler multiple times.
         /// </summary>
         public string CookieName
         {
@@ -90,13 +83,13 @@ namespace Microsoft.AspNetCore.Builder
         public TimeSpan ExpireTimeSpan { get; set; }
 
         /// <summary>
-        /// The SlidingExpiration is set to true to instruct the middleware to re-issue a new cookie with a new
+        /// The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new
         /// expiration time any time it processes a request which is more than halfway through the expiration window.
         /// </summary>
         public bool SlidingExpiration { get; set; }
 
         /// <summary>
-        /// The LoginPath property informs the middleware that it should change an outgoing 401 Unauthorized status
+        /// The LoginPath property informs the handler that it should change an outgoing 401 Unauthorized status
         /// code into a 302 redirection onto the given login path. The current url which generated the 401 is added
         /// to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the
         /// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back  
@@ -105,18 +98,18 @@ namespace Microsoft.AspNetCore.Builder
         public PathString LoginPath { get; set; }
 
         /// <summary>
-        /// If the LogoutPath is provided the middleware then a request to that path will redirect based on the ReturnUrlParameter.
+        /// If the LogoutPath is provided the handler then a request to that path will redirect based on the ReturnUrlParameter.
         /// </summary>
         public PathString LogoutPath { get; set; }
 
         /// <summary>
-        /// The AccessDeniedPath property informs the middleware that it should change an outgoing 403 Forbidden status
+        /// The AccessDeniedPath property informs the handler that it should change an outgoing 403 Forbidden status
         /// code into a 302 redirection onto the given path.
         /// </summary>
         public PathString AccessDeniedPath { get; set; }
 
         /// <summary>
-        /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the middleware
+        /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the handler
         /// when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query 
         /// string parameter looked for when a request arrives on the login path or logout path, in order to return to the 
         /// original url after the action is performed.
@@ -124,11 +117,15 @@ namespace Microsoft.AspNetCore.Builder
         public string ReturnUrlParameter { get; set; }
 
         /// <summary>
-        /// The Provider may be assigned to an instance of an object created by the application at startup time. The middleware
+        /// The Provider may be assigned to an instance of an object created by the application at startup time. The handler
         /// calls methods on the provider which give the application control at certain points where processing is occurring. 
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
-        public ICookieAuthenticationEvents Events { get; set; }
+        public new CookieAuthenticationEvents Events
+        {
+            get { return (CookieAuthenticationEvents)base.Events; }
+            set { base.Events = value; }
+        }
 
         /// <summary>
         /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
@@ -150,13 +147,5 @@ namespace Microsoft.AspNetCore.Builder
         /// to the client. This can be used to mitigate potential problems with very large identities.
         /// </summary>
         public ITicketStore SessionStore { get; set; }
-
-        CookieAuthenticationOptions IOptions<CookieAuthenticationOptions>.Value
-        {
-            get
-            {
-                return this;
-            }
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
new file mode 100644
index 0000000000..e8a21d01b1
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Cookies;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    public static class CookieExtensions
+    {
+        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services) => services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
+
+        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme) => services.AddCookieAuthentication(authenticationScheme, configureOptions: null);
+
+        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, Action<CookieAuthenticationOptions> configureOptions) =>
+            services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
+
+        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions) =>
+            services.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
index e5423fed23..4c949bb089 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
@@ -2,17 +2,18 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    public class BaseCookieContext : BaseContext
+    public class BaseCookieContext : BaseAuthenticationContext
     {
         public BaseCookieContext(
             HttpContext context,
-            CookieAuthenticationOptions options)
-            : base(context)
+            AuthenticationScheme scheme,
+            CookieAuthenticationOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme.Name, properties)
         {
             if (options == null)
             {
@@ -23,5 +24,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         }
 
         public CookieAuthenticationOptions Options { get; }
+
+        public AuthenticationScheme Scheme { get; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 4364a2e546..5cb933ce1d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -13,7 +13,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// application only needs to override a few of the interface methods. This may be used as a base class
     /// or may be instantiated directly.
     /// </summary>
-    public class CookieAuthenticationEvents : ICookieAuthenticationEvents
+    public class CookieAuthenticationEvents
     {
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
index 2cbb5ff095..e4259d181e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Http.Authentication;
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
-    /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware 
+    /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie handler 
     /// </summary>
     public class CookieRedirectContext : BaseCookieContext
     {
@@ -16,21 +16,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// Creates a new context object.
         /// </summary>
         /// <param name="context">The HTTP request context</param>
-        /// <param name="options">The cookie middleware options</param>
+        /// <param name="scheme">The scheme data</param>
+        /// <param name="options">The cookie handler options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
         /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
-        public CookieRedirectContext(HttpContext context, CookieAuthenticationOptions options, string redirectUri, AuthenticationProperties properties)
-            : base(context, options)
+        public CookieRedirectContext(HttpContext context, AuthenticationScheme scheme, CookieAuthenticationOptions options, string redirectUri, AuthenticationProperties properties)
+            : base(context, scheme, options, properties)
         {
             RedirectUri = redirectUri;
-            Properties = properties;
         }
 
         /// <summary>
         /// Gets or Sets the URI used for the redirect operation.
         /// </summary>
         public string RedirectUri { get; set; }
-
-        public AuthenticationProperties Properties { get; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
index cfb7c5f1d8..0e610c8b2d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -2,9 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
@@ -17,36 +15,26 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// Creates a new instance of the context object.
         /// </summary>
         /// <param name="context">The HTTP request context</param>
-        /// <param name="options">The middleware options</param>
+        /// <param name="scheme">The scheme data</param>
+        /// <param name="options">The handler options</param>
         /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param>
         /// <param name="principal">Initializes Principal property</param>
         /// <param name="properties">Initializes Properties property</param>
         public CookieSignedInContext(
             HttpContext context,
+            AuthenticationScheme scheme,
             CookieAuthenticationOptions options,
             string authenticationScheme,
             ClaimsPrincipal principal,
             AuthenticationProperties properties)
-            : base(context, options)
+            : base(context, scheme, options, properties)
         {
-            AuthenticationScheme = authenticationScheme;
             Principal = principal;
-            Properties = properties;
         }
 
-        /// <summary>
-        /// The name of the AuthenticationScheme creating a cookie
-        /// </summary>
-        public string AuthenticationScheme { get; }
-
         /// <summary>
         /// Contains the claims that were converted into the outgoing cookie.
         /// </summary>
         public ClaimsPrincipal Principal { get; }
-
-        /// <summary>
-        /// Contains the extra data that was contained in the outgoing cookie.
-        /// </summary>
-        public AuthenticationProperties Properties { get; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
index d8b2307f32..b91cb7e184 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -2,9 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
@@ -17,43 +15,30 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// Creates a new instance of the context object.
         /// </summary>
         /// <param name="context">The HTTP request context</param>
-        /// <param name="options">The middleware options</param>
-        /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param>
+        /// <param name="scheme">The scheme data</param>
+        /// <param name="options">The handler options</param>
         /// <param name="principal">Initializes Principal property</param>
         /// <param name="properties">Initializes Extra property</param>
         /// <param name="cookieOptions">Initializes options for the authentication cookie.</param>
         public CookieSigningInContext(
             HttpContext context,
+            AuthenticationScheme scheme,
             CookieAuthenticationOptions options,
-            string authenticationScheme,
             ClaimsPrincipal principal,
             AuthenticationProperties properties,
             CookieOptions cookieOptions)
-            : base(context, options)
+            : base(context, scheme, options, properties)
         {
-            AuthenticationScheme = authenticationScheme;
             Principal = principal;
-            Properties = properties;
             CookieOptions = cookieOptions;
         }
 
-        /// <summary>
-        /// The name of the AuthenticationScheme creating a cookie
-        /// </summary>
-        public string AuthenticationScheme { get; }
-
         /// <summary>
         /// Contains the claims about to be converted into the outgoing cookie.
         /// May be replaced or altered during the SigningIn call.
         /// </summary>
         public ClaimsPrincipal Principal { get; set; }
 
-        /// <summary>
-        /// Contains the extra data about to be contained in the outgoing cookie.
-        /// May be replaced or altered during the SigningIn call.
-        /// </summary>
-        public AuthenticationProperties Properties { get; set; }
-
         /// <summary>
         /// The options for creating the outgoing cookie.
         /// May be replace or altered during the SigningIn call.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
index 51c04a56b9..0f4f4c7dcf 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -1,9 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
@@ -16,18 +14,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// 
         /// </summary>
         /// <param name="context"></param>
+        /// <param name="scheme"></param>
         /// <param name="options"></param>
         /// <param name="properties"></param>
         /// <param name="cookieOptions"></param>
         public CookieSigningOutContext(
-            HttpContext context, 
+            HttpContext context,
+            AuthenticationScheme scheme,
             CookieAuthenticationOptions options, 
             AuthenticationProperties properties, 
             CookieOptions cookieOptions)
-            : base(context, options)
+            : base(context, scheme, options, properties)
         {
             CookieOptions = cookieOptions;
-            Properties = properties;
         }
 
         /// <summary>
@@ -35,7 +34,5 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// May be replace or altered during the SigningOut call.
         /// </summary>
         public CookieOptions CookieOptions { get; set; }
-
-        public AuthenticationProperties Properties { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index 57a28191c8..3232ba52ff 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -3,14 +3,12 @@
 
 using System;
 using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationProvider method ValidatePrincipal.
+    /// Context object passed to the CookieAuthenticationEvents ValidatePrincipal method.
     /// </summary>
     public class CookieValidatePrincipalContext : BaseCookieContext
     {
@@ -18,10 +16,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// Creates a new instance of the context object.
         /// </summary>
         /// <param name="context"></param>
+        /// <param name="scheme"></param>
         /// <param name="ticket">Contains the initial values for identity and extra data</param>
         /// <param name="options"></param>
-        public CookieValidatePrincipalContext(HttpContext context, AuthenticationTicket ticket, CookieAuthenticationOptions options)
-            : base(context, options)
+        public CookieValidatePrincipalContext(HttpContext context, AuthenticationScheme scheme, AuthenticationTicket ticket, CookieAuthenticationOptions options)
+            : base(context, scheme, options, ticket?.Properties)
         {
             if (context == null)
             {
@@ -39,7 +38,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
 
             Principal = ticket.Principal;
-            Properties = ticket.Properties;
         }
 
         /// <summary>
@@ -48,11 +46,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         public ClaimsPrincipal Principal { get; private set; }
 
-        /// <summary>
-        /// Contains the extra meta-data arriving with the request ticket. May be altered.
-        /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
-
         /// <summary>
         /// If true, the cookie will be renewed
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
deleted file mode 100644
index 1406d872dc..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
-    /// <summary>
-    /// Specifies callback methods which the <see cref="CookieAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
-    /// </summary>
-    public interface ICookieAuthenticationEvents
-    {
-        /// <summary>
-        /// Called each time a request principal has been validated by the middleware. By implementing this method the
-        /// application may alter or reject the principal which has arrived with the request.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task ValidatePrincipal(CookieValidatePrincipalContext context);
-
-        /// <summary>
-        /// Called when an endpoint has provided sign in information before it is converted into a cookie. By
-        /// implementing this method the claims and extra information that go into the ticket may be altered.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        Task SigningIn(CookieSigningInContext context);
-
-        /// <summary>
-        /// Called when an endpoint has provided sign in information after it is converted into a cookie.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        Task SignedIn(CookieSignedInContext context);
-
-        /// <summary>
-        /// Called when a SignOut causes a redirect in the cookie middleware.
-        /// </summary>
-        /// <param name="context">Contains information about the event</param>
-        Task RedirectToLogout(CookieRedirectContext context);
-
-        /// <summary>
-        /// Called when a SignIn causes a redirect in the cookie middleware.
-        /// </summary>
-        /// <param name="context">Contains information about the event</param>
-        Task RedirectToLogin(CookieRedirectContext context);
-
-        /// <summary>
-        /// Called when redirecting back to the return url in the cookie middleware.
-        /// </summary>
-        /// <param name="context">Contains information about the event</param>
-        Task RedirectToReturnUrl(CookieRedirectContext context);
-
-        /// <summary>
-        /// Called when an access denied causes a redirect in the cookie middleware.
-        /// </summary>
-        /// <param name="context">Contains information about the event</param>
-        Task RedirectToAccessDenied(CookieRedirectContext context);
-
-        /// <summary>
-        /// Called during the sign-out flow to augment the cookie cleanup process.
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as information about the authentication cookie.</param>
-        Task SigningOut(CookieSigningOutContext context);
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 4a711c3180..3f2f0ee8d3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -17,9 +17,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 0435db794f..1a9607eea4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNetCore.Authentication.Facebook;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
     public static class FacebookAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<FacebookMiddleware>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="FacebookMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Facebook authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="FacebookOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A <see cref="FacebookOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, FacebookOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<FacebookMiddleware>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
new file mode 100644
index 0000000000..9305623dad
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Facebook
+{
+    internal class FacebookConfigureOptions : ConfigureNamedOptions<FacebookOptions>
+    {
+        public FacebookConfigureOptions(IConfiguration config) :
+            base(FacebookDefaults.AuthenticationScheme,
+                options => config.GetSection(FacebookDefaults.AuthenticationScheme).Bind(options))
+        { }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
new file mode 100644
index 0000000000..bcfa95c0ad
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Facebook;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    public static class FacebookAuthenticationOptionsExtensions
+    {
+        /// <summary>
+        /// Adds facebook authentication with options bound against the "Facebook" section 
+        /// from the IConfiguration in the service container.
+        /// </summary>
+        /// <param name="services"></param>
+        /// <returns></returns>
+        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services)
+        {
+            services.AddSingleton<IConfigureOptions<FacebookOptions>, FacebookConfigureOptions>();
+            return services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, _ => { });
+        }
+
+        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, Action<FacebookOptions> configureOptions) 
+            => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, configureOptions);
+
+        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, string authenticationScheme, Action<FacebookOptions> configureOptions)
+        {
+            return services.AddScheme<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 3c3c14c86f..521684d14a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -1,27 +1,27 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     internal class FacebookHandler : OAuthHandler<FacebookOptions>
     {
-        public FacebookHandler(HttpClient httpClient)
-            : base(httpClient)
-        {
-        }
+        public FacebookHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<FacebookOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+            : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+        { }
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
@@ -43,11 +43,11 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
             context.RunClaimActions();
 
-            await Options.Events.CreatingTicket(context);
+            await Events.CreatingTicket(context);
 
             return context.Ticket;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
deleted file mode 100644
index ac57e8ddeb..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
+++ /dev/null
@@ -1,89 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Facebook
-{
-    /// <summary>
-    /// An ASP.NET Core middleware for authenticating users using Facebook.
-    /// </summary>
-    public class FacebookMiddleware : OAuthMiddleware<FacebookOptions>
-    {
-        /// <summary>
-        /// Initializes a new <see cref="FacebookMiddleware"/>.
-        /// </summary>
-        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
-        /// <param name="dataProtectionProvider"></param>
-        /// <param name="loggerFactory"></param>
-        /// <param name="encoder"></param>
-        /// <param name="sharedOptions"></param>
-        /// <param name="options">Configuration options for the middleware.</param>
-        public FacebookMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<FacebookOptions> options)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (dataProtectionProvider == null)
-            {
-                throw new ArgumentNullException(nameof(dataProtectionProvider));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            if (sharedOptions == null)
-            {
-                throw new ArgumentNullException(nameof(sharedOptions));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            if (string.IsNullOrEmpty(Options.AppId))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppId)));
-            }
-
-            if (string.IsNullOrEmpty(Options.AppSecret))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppSecret)));
-            }
-        }
-
-        /// <summary>
-        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
-        /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="FacebookOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<FacebookOptions> CreateHandler()
-        {
-            return new FacebookHandler(Backchannel);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
index ae875bfafb..7010bb20aa 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
@@ -1,16 +1,18 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Facebook;
+using System.Globalization;
+using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     /// <summary>
-    /// Configuration options for <see cref="FacebookMiddleware"/>.
+    /// Configuration options for <see cref="FacebookHandler"/>.
     /// </summary>
     public class FacebookOptions : OAuthOptions
     {
@@ -19,8 +21,6 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public FacebookOptions()
         {
-            AuthenticationScheme = FacebookDefaults.AuthenticationScheme;
-            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-facebook");
             SendAppSecretProof = true;
             AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
@@ -49,6 +49,24 @@ namespace Microsoft.AspNetCore.Builder
             ClaimActions.MapJsonKey("urn:facebook:timezone", "timezone");
         }
 
+        /// <summary>
+        /// Check that the options are valid.  Should throw an exception if things are not ok.
+        /// </summary>
+        public override void Validate()
+        {
+            if (string.IsNullOrEmpty(AppId))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(AppId)), nameof(AppId));
+            }
+
+            if (string.IsNullOrEmpty(AppSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(AppSecret)), nameof(AppSecret));
+            }
+
+            base.Validate();
+        }
+
         // Facebook uses a non-standard term for this field.
         /// <summary>
         /// Gets or sets the Facebook-assigned appId.
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 0cef42b391..8f46ff169a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -13,6 +13,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
index 85a193d82b..d2687239bb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -3,6 +3,8 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
@@ -13,41 +15,24 @@ namespace Microsoft.AspNetCore.Builder
     public static class GoogleAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>,
-        /// which enables Google authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<GoogleMiddleware>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>,
-        /// which enables Google authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="GoogleOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A <see cref="GoogleOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, GoogleOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<GoogleMiddleware>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
new file mode 100644
index 0000000000..e19c1fdb1d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Google
+{
+    internal class GoogleConfigureOptions : ConfigureNamedOptions<GoogleOptions>
+    {
+        public GoogleConfigureOptions(IConfiguration config) :
+            base(GoogleDefaults.AuthenticationScheme,
+                options => config.GetSection(GoogleDefaults.AuthenticationScheme).Bind(options))
+        { }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
new file mode 100644
index 0000000000..d85e3a2d6f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    public static class GoogleExtensions
+    {
+        /// <summary>
+        /// Adds google authentication with options bound against the "Google" section 
+        /// from the IConfiguration in the service container.
+        /// </summary>
+        /// <param name="services"></param>
+        /// <returns></returns>
+        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services)
+        {
+            services.AddSingleton<IConfigureOptions<GoogleOptions>, GoogleConfigureOptions>();
+            return services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, _ => { });
+        }
+
+        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, Action<GoogleOptions> configureOptions) 
+            => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, configureOptions);
+
+        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, string authenticationScheme, Action<GoogleOptions> configureOptions)
+        {
+            return services.AddScheme<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 87506e080f..c699f5cc9d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -6,21 +6,22 @@ using System.Collections.Generic;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Google
 {
     internal class GoogleHandler : OAuthHandler<GoogleOptions>
     {
-        public GoogleHandler(HttpClient httpClient)
-            : base(httpClient)
-        {
-        }
+        public GoogleHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<GoogleOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+            : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+        { }
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(
             ClaimsIdentity identity,
@@ -40,11 +41,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
             var principal = new ClaimsPrincipal(identity);
-            var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
+            var ticket = new AuthenticationTicket(principal, properties, Scheme.Name);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
             context.RunClaimActions();
 
-            await Options.Events.CreatingTicket(context);
+            await Events.CreatingTicket(context);
 
             return context.Ticket;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
deleted file mode 100644
index 5f8afaff2f..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Google
-{
-    /// <summary>
-    /// An ASP.NET Core middleware for authenticating users using Google OAuth 2.0.
-    /// </summary>
-    public class GoogleMiddleware : OAuthMiddleware<GoogleOptions>
-    {
-        /// <summary>
-        /// Initializes a new <see cref="GoogleMiddleware"/>.
-        /// </summary>
-        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
-        /// <param name="dataProtectionProvider"></param>
-        /// <param name="loggerFactory"></param>
-        /// <param name="encoder"></param>
-        /// <param name="sharedOptions"></param>
-        /// <param name="options">Configuration options for the middleware.</param>
-        public GoogleMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<GoogleOptions> options)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (dataProtectionProvider == null)
-            {
-                throw new ArgumentNullException(nameof(dataProtectionProvider));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            if (sharedOptions == null)
-            {
-                throw new ArgumentNullException(nameof(sharedOptions));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-        }
-
-        /// <summary>
-        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
-        /// </summary>
-        /// <returns>
-        /// An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="GoogleOptions"/>
-        /// supplied to the constructor.
-        /// </returns>
-        protected override AuthenticationHandler<GoogleOptions> CreateHandler()
-        {
-            return new GoogleHandler(Backchannel);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
index d269779703..34028bc52b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
@@ -3,13 +3,13 @@
 
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Google
 {
     /// <summary>
-    /// Configuration options for <see cref="GoogleMiddleware"/>.
+    /// Configuration options for <see cref="GoogleHandler"/>.
     /// </summary>
     public class GoogleOptions : OAuthOptions
     {
@@ -18,8 +18,6 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public GoogleOptions()
         {
-            AuthenticationScheme = GoogleDefaults.AuthenticationScheme;
-            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-google");
             AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index 491571371e..7b6c9ee5df 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -13,6 +13,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index b3e0f0bdc8..b47a9bab0f 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -2,15 +2,14 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class AuthenticationFailedContext : BaseJwtBearerContext
     {
-        public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
-            : base(context, options)
+        public AuthenticationFailedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
+            : base(context, scheme, options)
         {
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
index 5c28f2976e..313e999d0d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
@@ -2,14 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class BaseJwtBearerContext : BaseControlContext
     {
-        public BaseJwtBearerContext(HttpContext context, JwtBearerOptions options)
+        public BaseJwtBearerContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
             : base(context)
         {
             if (options == null)
@@ -17,9 +16,17 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 throw new ArgumentNullException(nameof(options));
             }
 
+            if (scheme == null)
+            {
+                throw new ArgumentNullException(nameof(scheme));
+            }
+
             Options = options;
+            Scheme = scheme;
         }
 
         public JwtBearerOptions Options { get; }
+
+        public AuthenticationScheme Scheme { get; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
deleted file mode 100644
index a7b8aeb552..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.JwtBearer
-{
-    /// <summary>
-    /// Specifies events which the <see cref="JwtBearerMiddleware"/> invokes to enable developer control over the authentication process.
-    /// </summary>
-    public interface IJwtBearerEvents
-    {
-        /// <summary>
-        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
-        /// </summary>
-        Task AuthenticationFailed(AuthenticationFailedContext context);
-
-        /// <summary>
-        /// Invoked when a protocol message is first received.
-        /// </summary>
-        Task MessageReceived(MessageReceivedContext context);
-
-        /// <summary>
-        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
-        /// </summary>
-        Task TokenValidated(TokenValidatedContext context);
-
-        /// <summary>
-        /// Invoked to apply a challenge sent back to the caller.
-        /// </summary>
-        Task Challenge(JwtBearerChallengeContext context);
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index 5846812538..e6f931f6db 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -2,16 +2,14 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class JwtBearerChallengeContext : BaseJwtBearerContext
     {
-        public JwtBearerChallengeContext(HttpContext context, JwtBearerOptions options, AuthenticationProperties properties)
-            : base(context, options)
+        public JwtBearerChallengeContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options, AuthenticationProperties properties)
+            : base(context, scheme, options)
         {
             Properties = properties;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index 8ac1c3631e..c4e2e7b5a9 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -8,9 +8,9 @@ using Microsoft.Extensions.Internal;
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
-    /// Specifies events which the <see cref="JwtBearerMiddleware"/> invokes to enable developer control over the authentication process.
+    /// Specifies events which the <see cref="JwtBearerHandler"/> invokes to enable developer control over the authentication process.
     /// </summary>
-    public class JwtBearerEvents : IJwtBearerEvents
+    public class JwtBearerEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index a23f8356da..530a945cab 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -1,15 +1,14 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class MessageReceivedContext : BaseJwtBearerContext
     {
-        public MessageReceivedContext(HttpContext context, JwtBearerOptions options)
-            : base(context, options)
+        public MessageReceivedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
+            : base(context, scheme, options)
         {
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index d6de5ca873..3667865da1 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.IdentityModel.Tokens;
 
@@ -9,8 +8,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class TokenValidatedContext : BaseJwtBearerContext
     {
-        public TokenValidatedContext(HttpContext context, JwtBearerOptions options)
-            : base(context, options)
+        public TokenValidatedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
+            : base(context, scheme, options)
         {
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 13c06ca382..6b1b1afd4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
@@ -13,50 +13,26 @@ namespace Microsoft.AspNetCore.Builder
     public static class JwtBearerAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
-        /// This middleware understands appropriately
-        /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
-        /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
-        /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
-        /// any time to obtain the claims from the request's bearer token.
-        /// See also http://tools.ietf.org/html/rfc6749
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<JwtBearerMiddleware>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
-        /// This middleware understands appropriately
-        /// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
-        /// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode 
-        /// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
-        /// any time to obtain the claims from the request's bearer token.
-        /// See also http://tools.ietf.org/html/rfc6749
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A  <see cref="JwtBearerOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A  <see cref="JwtBearerOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<JwtBearerMiddleware>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
new file mode 100644
index 0000000000..f3571a49c4
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
+{
+    internal class JwtBearerConfigureOptions : ConfigureNamedOptions<JwtBearerOptions>
+    {
+        // Bind to "Bearer" section by default
+        public JwtBearerConfigureOptions(IConfiguration config) :
+            base(JwtBearerDefaults.AuthenticationScheme,
+                options => config.GetSection(JwtBearerDefaults.AuthenticationScheme).Bind(options))
+        { }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
new file mode 100644
index 0000000000..77ffd76ff4
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    public static class JwtBearerExtensions
+    {
+        /// <summary>
+        /// Adds JwtBearer authentication with options bound against the "Bearer" section 
+        /// from the IConfiguration in the service container.
+        /// </summary>
+        /// <param name="services"></param>
+        /// <returns></returns>
+        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services)
+        {
+            services.AddSingleton<IConfigureOptions<JwtBearerOptions>, JwtBearerConfigureOptions>();
+            return services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, _ => { });
+        }
+
+        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, Action<JwtBearerOptions> configureOptions) 
+            => services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, configureOptions);
+
+        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
+        {
+            return services.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index ee5575251d..2ea03a51f0 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -4,14 +4,16 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@@ -22,6 +24,65 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
     {
         private OpenIdConnectConfiguration _configuration;
 
+        public JwtBearerHandler(IOptionsSnapshot<JwtBearerOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        { }
+
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new JwtBearerEvents Events
+        {
+            get { return (JwtBearerEvents)base.Events; }
+            set { base.Events = value; }
+        }
+
+        protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new JwtBearerEvents());
+
+        protected override void InitializeOptions()
+        {
+            base.InitializeOptions();
+
+            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
+            {
+                Options.TokenValidationParameters.ValidAudience = Options.Audience;
+            }
+
+            if (Options.ConfigurationManager == null)
+            {
+                if (Options.Configuration != null)
+                {
+                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
+                }
+                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
+                {
+                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
+                    {
+                        Options.MetadataAddress = Options.Authority;
+                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+                        {
+                            Options.MetadataAddress += "/";
+                        }
+
+                        Options.MetadataAddress += ".well-known/openid-configuration";
+                    }
+
+                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+                    {
+                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+                    }
+
+                    var httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+                    httpClient.Timeout = Options.BackchannelTimeout;
+                    httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+                        new HttpDocumentRetriever(httpClient) { RequireHttps = Options.RequireHttpsMetadata });
+                }
+            }
+        }
+
         /// <summary>
         /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
         /// </summary>
@@ -33,11 +94,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             try
             {
                 // Give application opportunity to find from a different location, adjust, or reject token
-                var messageReceivedContext = new MessageReceivedContext(Context, Options);
+                var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options);
 
                 // event can set the token
-                await Options.Events.MessageReceived(messageReceivedContext);
-                if (messageReceivedContext.CheckEventResult(out result))
+                await Events.MessageReceived(messageReceivedContext);
+                if (messageReceivedContext.IsProcessingComplete(out result))
                 {
                     return result;
                 }
@@ -52,7 +113,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     // If no authorization header found, nothing to process further
                     if (string.IsNullOrEmpty(authorization))
                     {
-                        return AuthenticateResult.Skip();
+                        return AuthenticateResult.None();
                     }
 
                     if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
@@ -63,7 +124,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     // If no token found, no further work possible
                     if (string.IsNullOrEmpty(token))
                     {
-                        return AuthenticateResult.Skip();
+                        return AuthenticateResult.None();
                     }
                 }
 
@@ -120,15 +181,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                         Logger.TokenValidationSucceeded();
 
-                        var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
-                        var tokenValidatedContext = new TokenValidatedContext(Context, Options)
+                        var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);
+                        var tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options)
                         {
                             Ticket = ticket,
                             SecurityToken = validatedToken,
                         };
 
-                        await Options.Events.TokenValidated(tokenValidatedContext);
-                        if (tokenValidatedContext.CheckEventResult(out result))
+                        await Events.TokenValidated(tokenValidatedContext);
+                        if (tokenValidatedContext.IsProcessingComplete(out result))
                         {
                             return result;
                         }
@@ -148,13 +209,13 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                 if (validationFailures != null)
                 {
-                    var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+                    var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
                     {
                         Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures)
                     };
 
-                    await Options.Events.AuthenticationFailed(authenticationFailedContext);
-                    if (authenticationFailedContext.CheckEventResult(out result))
+                    await Events.AuthenticationFailed(authenticationFailedContext);
+                    if (authenticationFailedContext.IsProcessingComplete(out result))
                     {
                         return result;
                     }
@@ -168,13 +229,13 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             {
                 Logger.ErrorProcessingMessage(ex);
 
-                var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+                var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
                 {
                     Exception = ex
                 };
 
-                await Options.Events.AuthenticationFailed(authenticationFailedContext);
-                if (authenticationFailedContext.CheckEventResult(out result))
+                await Events.AuthenticationFailed(authenticationFailedContext);
+                if (authenticationFailedContext.IsProcessingComplete(out result))
                 {
                     return result;
                 }
@@ -183,11 +244,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
         {
             var authResult = await HandleAuthenticateOnceSafeAsync();
-
-            var eventContext = new JwtBearerChallengeContext(Context, Options, new AuthenticationProperties(context.Properties))
+            var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, context.Properties)
             {
                 AuthenticateFailure = authResult?.Failure
             };
@@ -199,14 +259,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 eventContext.ErrorDescription = CreateErrorDescription(eventContext.AuthenticateFailure);
             }
 
-            await Options.Events.Challenge(eventContext);
-            if (eventContext.HandledResponse)
+            await Events.Challenge(eventContext);
+            if (eventContext.IsProcessingComplete(out var ignored))
             {
-                return true;
-            }
-            if (eventContext.Skipped)
-            {
-                return false;
+                return;
             }
 
             Response.StatusCode = 401;
@@ -259,8 +315,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                 Response.Headers.Append(HeaderNames.WWWAuthenticate, builder.ToString());
             }
-
-            return false;
         }
 
         private static string CreateErrorDescription(Exception authFailure)
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
deleted file mode 100644
index bfb38793f3..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ /dev/null
@@ -1,108 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Net.Http;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNetCore.Authentication.JwtBearer
-{
-    /// <summary>
-    /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
-    /// created by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication
-    /// extension method.
-    /// </summary>
-    public class JwtBearerMiddleware : AuthenticationMiddleware<JwtBearerOptions>
-    {
-        /// <summary>
-        /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
-        /// called by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication 
-        /// extension method.
-        /// </summary>
-        public JwtBearerMiddleware(
-            RequestDelegate next,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IOptions<JwtBearerOptions> options)
-            : base(next, options, loggerFactory, encoder)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            if (Options.Events == null)
-            {
-                Options.Events = new JwtBearerEvents();
-            }
-
-            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
-            {
-                Options.TokenValidationParameters.ValidAudience = Options.Audience;
-            }
-
-            if (Options.ConfigurationManager == null)
-            {
-                if (Options.Configuration != null)
-                {
-                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
-                }
-                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
-                {
-                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
-                    {
-                        Options.MetadataAddress = Options.Authority;
-                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
-                        {
-                            Options.MetadataAddress += "/";
-                        }
-
-                        Options.MetadataAddress += ".well-known/openid-configuration";
-                    }
-
-                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
-                    {
-                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
-                    }
-
-                    var httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-                    httpClient.Timeout = Options.BackchannelTimeout;
-                    httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
-                        new HttpDocumentRetriever(httpClient) { RequireHttps = Options.RequireHttpsMetadata });
-                }
-            }
-        }
-
-        /// <summary>
-        /// Called by the AuthenticationMiddleware base class to create a per-request handler. 
-        /// </summary>
-        /// <returns>A new instance of the request handler</returns>
-        protected override AuthenticationHandler<JwtBearerOptions> CreateHandler()
-        {
-            return new JwtBearerHandler();
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index 2aedf30d52..9a480763d4 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -3,32 +3,19 @@
 
 using System;
 using System.Collections.Generic;
-using System.ComponentModel;
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     /// <summary>
-    /// Options class provides information needed to control Bearer Authentication middleware behavior
+    /// Options class provides information needed to control Bearer Authentication handler behavior
     /// </summary>
-    public class JwtBearerOptions : AuthenticationOptions
+    public class JwtBearerOptions : AuthenticationSchemeOptions
     {
-        /// <summary>
-        /// Creates an instance of bearer authentication options with default values.
-        /// </summary>
-        public JwtBearerOptions() : base()
-        {
-            AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
-            AutomaticAuthenticate = true;
-            AutomaticChallenge = true;
-        }
-
         /// <summary>
         /// Gets or sets if HTTPS is required for the metadata address or authority.
         /// The default is true. This should be disabled only in development environments.
@@ -59,11 +46,15 @@ namespace Microsoft.AspNetCore.Builder
         public string Challenge { get; set; } = JwtBearerDefaults.AuthenticationScheme;
 
         /// <summary>
-        /// The object provided by the application to process events raised by the bearer authentication middleware.
+        /// The object provided by the application to process events raised by the bearer authentication handler.
         /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
         /// and assign delegates only to the events it wants to process.
         /// </summary>
-        public IJwtBearerEvents Events { get; set; } = new JwtBearerEvents();
+        public new JwtBearerEvents Events
+        {
+            get { return (JwtBearerEvents)base.Events; }
+            set { base.Events = value; }
+        }
 
         /// <summary>
         /// The HttpMessageHandler used to retrieve metadata.
@@ -115,7 +106,7 @@ namespace Microsoft.AspNetCore.Builder
 
         /// <summary>
         /// Defines whether the token validation errors should be returned to the caller.
-        /// Enabled by default, this option can be disabled to prevent the JWT middleware
+        /// Enabled by default, this option can be disabled to prevent the JWT handler
         /// from returning an error and an error_description in the WWW-Authenticate header.
         /// </summary>
         public bool IncludeErrorDetails { get; set; } = true;
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 7311aa3aef..89e7ef9c39 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -9,8 +9,9 @@
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
     <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index eecfeb9261..5b8263c9c1 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -13,6 +13,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 660dd2e818..88306efbed 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
     public static class MicrosoftAccountAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<MicrosoftAccountMiddleware>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="MicrosoftAccountMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Microsoft Account authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="MicrosoftAccountOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A <see cref="MicrosoftAccountOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, MicrosoftAccountOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<MicrosoftAccountMiddleware>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
new file mode 100644
index 0000000000..520c3758d5
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
+{
+    internal class MicrosoftAccountConfigureOptions : ConfigureNamedOptions<MicrosoftAccountOptions>
+    {
+        // Bind to "Microsoft" section by default
+        public MicrosoftAccountConfigureOptions(IConfiguration config) :
+            base(MicrosoftAccountDefaults.AuthenticationScheme,
+                options => config.GetSection(MicrosoftAccountDefaults.AuthenticationScheme).Bind(options))
+        { }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
new file mode 100644
index 0000000000..1f8884ab2e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    public static class MicrosoftAccountExtensions
+    {
+        /// <summary>
+        /// Adds MicrosoftAccount authentication with options bound against the "Microsoft" section 
+        /// from the IConfiguration in the service container.
+        /// </summary>
+        /// <param name="services"></param>
+        /// <returns></returns>
+        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services)
+        {
+            services.AddSingleton<IConfigureOptions<MicrosoftAccountOptions>, MicrosoftAccountConfigureOptions>();
+            return services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, o => { });
+        }
+
+        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, Action<MicrosoftAccountOptions> configureOptions) =>
+            services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
+
+        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
+        {
+            return services.AddScheme<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 2426cafe07..b2b787b97c 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -1,24 +1,24 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     internal class MicrosoftAccountHandler : OAuthHandler<MicrosoftAccountOptions>
     {
-        public MicrosoftAccountHandler(HttpClient httpClient)
-            : base(httpClient)
-        {
-        }
+        public MicrosoftAccountHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<MicrosoftAccountOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+            : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+        { }
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
@@ -33,11 +33,11 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
             context.RunClaimActions();
 
-            await Options.Events.CreatingTicket(context);
+            await Events.CreatingTicket(context);
             return context.Ticket;
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
deleted file mode 100644
index 3ad1bf5571..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ /dev/null
@@ -1,78 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
-{
-    /// <summary>
-    /// An ASP.NET Core middleware for authenticating users using the Microsoft Account service.
-    /// </summary>
-    public class MicrosoftAccountMiddleware : OAuthMiddleware<MicrosoftAccountOptions>
-    {
-        /// <summary>
-        /// Initializes a new <see cref="MicrosoftAccountMiddleware"/>.
-        /// </summary>
-        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
-        /// <param name="dataProtectionProvider"></param>
-        /// <param name="loggerFactory"></param>
-        /// <param name="encoder"></param>
-        /// <param name="sharedOptions"></param>
-        /// <param name="options">Configuration options for the middleware.</param>
-        public MicrosoftAccountMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<MicrosoftAccountOptions> options)
-            : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (dataProtectionProvider == null)
-            {
-                throw new ArgumentNullException(nameof(dataProtectionProvider));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            if (sharedOptions == null)
-            {
-                throw new ArgumentNullException(nameof(sharedOptions));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-        }
-
-        /// <summary>
-        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
-        /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="MicrosoftAccountOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<MicrosoftAccountOptions> CreateHandler()
-        {
-            return new MicrosoftAccountHandler(Backchannel);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 1aa4009a56..dbca3507e9 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -5,11 +5,12 @@ using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authentication.OAuth;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     /// <summary>
-    /// Configuration options for <see cref="MicrosoftAccountMiddleware"/>.
+    /// Configuration options for <see cref="MicrosoftAccountHandler"/>.
     /// </summary>
     public class MicrosoftAccountOptions : OAuthOptions
     {
@@ -18,8 +19,6 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public MicrosoftAccountOptions()
         {
-            AuthenticationScheme = MicrosoftAccountDefaults.AuthenticationScheme;
-            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-microsoft");
             AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
deleted file mode 100644
index 29316732cc..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.OAuth
-{
-    /// <summary>
-    /// Specifies callback methods which the <see cref="OAuthMiddleware{T}"/> invokes to enable developer control over the authentication process.
-    /// </summary>
-    public interface IOAuthEvents : IRemoteAuthenticationEvents
-    {
-        /// <summary>
-        /// Invoked after the provider successfully authenticates a user. This can be used to retrieve user information.
-        /// This event may not be invoked by sub-classes of OAuthAuthenticationHandler if they override CreateTicketAsync.
-        /// </summary>
-        /// <param name="context">Contains information about the login session.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task CreatingTicket(OAuthCreatingTicketContext context);
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to the authorize endpoint.
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge.</param>
-        Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context);
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index b17d23c9bb..f50dff3f55 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -5,7 +5,6 @@ using System;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json.Linq;
 
@@ -14,23 +13,25 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class OAuthCreatingTicketContext : BaseContext
+    public class OAuthCreatingTicketContext : BaseAuthenticationContext
     {
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
         /// <param name="ticket">The <see cref="AuthenticationTicket"/>.</param>
         /// <param name="context">The HTTP environment.</param>
+        /// <param name="scheme">The authentication scheme.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         public OAuthCreatingTicketContext(
             AuthenticationTicket ticket,
             HttpContext context,
+            AuthenticationScheme scheme,
             OAuthOptions options,
             HttpClient backchannel,
             OAuthTokenResponse tokens)
-            : this(ticket, context, options, backchannel, tokens, user: new JObject())
+            : this(ticket, context, scheme, options, backchannel, tokens, user: new JObject())
         {
         }
 
@@ -39,6 +40,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// </summary>
         /// <param name="ticket">The <see cref="AuthenticationTicket"/>.</param>
         /// <param name="context">The HTTP environment.</param>
+        /// <param name="scheme">The authentication scheme.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
@@ -46,11 +48,12 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public OAuthCreatingTicketContext(
             AuthenticationTicket ticket,
             HttpContext context,
+            AuthenticationScheme scheme,
             OAuthOptions options,
             HttpClient backchannel,
             OAuthTokenResponse tokens,
             JObject user)
-            : base(context)
+            : base(context, scheme.Name, ticket.Properties)
         {
             if (context == null)
             {
@@ -77,15 +80,23 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 throw new ArgumentNullException(nameof(user));
             }
 
+            if (scheme == null)
+            {
+                throw new ArgumentNullException(nameof(scheme));
+            }
+
             TokenResponse = tokens;
             Backchannel = backchannel;
             User = user;
             Options = options;
+            Scheme = scheme;
             Ticket = ticket;
         }
 
         public OAuthOptions Options { get; }
 
+        public AuthenticationScheme Scheme { get; }
+
         /// <summary>
         /// Gets the JSON-serialized user or an empty
         /// <see cref="JObject"/> if it is not available.
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
index 066b324b75..4e94a15bc6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
@@ -8,9 +8,9 @@ using Microsoft.Extensions.Internal;
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
-    /// Default <see cref="IOAuthEvents"/> implementation.
+    /// Default implementation.
     /// </summary>
-    public class OAuthEvents : RemoteAuthenticationEvents, IOAuthEvents
+    public class OAuthEvents : RemoteAuthenticationEvents
     {
         /// <summary>
         /// Gets or sets the function that is invoked when the CreatingTicket method is invoked.
@@ -34,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public virtual Task CreatingTicket(OAuthCreatingTicketContext context) => OnCreatingTicket(context);
 
         /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
+        /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth handler.
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge.</param>
         public virtual Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context) => OnRedirectToAuthorizationEndpoint(context);
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
index 63eaa35376..5d5e0e701a 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
@@ -3,12 +3,11 @@
 
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
-    /// Context passed when a Challenge causes a redirect to authorize endpoint in the middleware.
+    /// Context passed when a Challenge causes a redirect to authorize endpoint in the handler.
     /// </summary>
     public class OAuthRedirectToAuthorizationContext : BaseContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index eebeaf7a37..ceec294eca 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
     public static class OAuthAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="OAuthMiddleware{TOptions}"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OAuth 2.0 authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="OAuthMiddleware{TOptions}"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OAuth 2.0 authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="OAuthOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A <see cref="OAuthOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, OAuthOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<OAuthMiddleware<OAuthOptions>>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
new file mode 100644
index 0000000000..aa7c59f03f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -0,0 +1,15 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Microsoft.AspNetCore.Builder
+{
+    public static class OAuthExtensions
+    {
+        public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action<OAuthOptions> configureOptions) =>
+            services.AddScheme<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index a5c36c1c45..cafc4f0bcf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -8,24 +8,60 @@ using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
-    public class OAuthHandler<TOptions> : RemoteAuthenticationHandler<TOptions> where TOptions : OAuthOptions
+    public class OAuthHandler<TOptions> : RemoteAuthenticationHandler<TOptions> where TOptions : OAuthOptions, new()
     {
-        public OAuthHandler(HttpClient backchannel)
+        protected HttpClient Backchannel => Options.Backchannel;
+
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new OAuthEvents Events
         {
-            Backchannel = backchannel;
+            get { return (OAuthEvents)base.Events; }
+            set { base.Events = value; }
         }
 
-        protected HttpClient Backchannel { get; private set; }
+        public OAuthHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+            : base(sharedOptions, options, dataProtection, logger, encoder, clock)
+        { }
+
+        protected override void InitializeOptions()
+        {
+            base.InitializeOptions();
+
+            if (Options.Backchannel == null)
+            {
+                Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+                Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OAuth handler");
+                Options.Backchannel.Timeout = Options.BackchannelTimeout;
+                Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+            }
+
+            if (Options.StateDataFormat == null)
+            {
+                var dataProtector = DataProtection.CreateProtector(
+                    GetType().FullName, Scheme.Name, "v1");
+                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+        }
+
+        /// <summary>
+        /// Creates a new instance of the events instance.
+        /// </summary>
+        /// <returns>A new instance of the events instance.</returns>
+        protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new OAuthEvents());
 
         protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
@@ -107,7 +143,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     {
                         // https://www.w3.org/TR/xmlschema-2/#dateTime
                         // https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
-                        var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
+                        var expiresAt = Clock.UtcNow + TimeSpan.FromSeconds(value);
                         authTokens.Add(new AuthenticationToken
                         {
                             Name = "expires_at",
@@ -170,21 +206,20 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens);
-            await Options.Events.CreatingTicket(context);
+            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
+            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens);
+            await Events.CreatingTicket(context);
             return context.Ticket;
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
         {
             if (context == null)
             {
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties);
-
+            var properties = context.Properties;
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
@@ -197,8 +232,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             var redirectContext = new OAuthRedirectToAuthorizationContext(
                 Context, Options,
                 properties, authorizationEndpoint);
-            await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
-            return true;
+            await Events.RedirectToAuthorizationEndpoint(redirectContext);
         }
 
         protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
deleted file mode 100644
index 75139c1c80..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
+++ /dev/null
@@ -1,138 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Net.Http;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.OAuth
-{
-    /// <summary>
-    /// An ASP.NET Core middleware for authenticating users using OAuth services.
-    /// </summary>
-    public class OAuthMiddleware<TOptions> : AuthenticationMiddleware<TOptions> where TOptions : OAuthOptions, new()
-    {
-        /// <summary>
-        /// Initializes a new <see cref="OAuthMiddleware{T}"/>.
-        /// </summary>
-        /// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
-        /// <param name="dataProtectionProvider"></param>
-        /// <param name="loggerFactory"></param>
-        /// <param name="encoder">The <see cref="UrlEncoder"/>.</param>
-        /// <param name="sharedOptions">The <see cref="SharedAuthenticationOptions"/> configuration options for this middleware.</param>
-        /// <param name="options">Configuration options for the middleware.</param>
-        public OAuthMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<TOptions> options)
-            : base(next, options, loggerFactory, encoder)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (dataProtectionProvider == null)
-            {
-                throw new ArgumentNullException(nameof(dataProtectionProvider));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            if (sharedOptions == null)
-            {
-                throw new ArgumentNullException(nameof(sharedOptions));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            // todo: review error handling
-            if (string.IsNullOrEmpty(Options.AuthenticationScheme))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthenticationScheme)));
-            }
-
-            if (string.IsNullOrEmpty(Options.ClientId))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientId)));
-            }
-
-            if (string.IsNullOrEmpty(Options.ClientSecret))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientSecret)));
-            }
-
-            if (string.IsNullOrEmpty(Options.AuthorizationEndpoint))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthorizationEndpoint)));
-            }
-
-            if (string.IsNullOrEmpty(Options.TokenEndpoint))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint)));
-            }
-
-            if (!Options.CallbackPath.HasValue)
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.CallbackPath)));
-            }
-
-            if (Options.Events == null)
-            {
-                Options.Events = new OAuthEvents();
-            }
-
-            if (Options.StateDataFormat == null)
-            {
-                var dataProtector = dataProtectionProvider.CreateProtector(
-                    GetType().FullName, Options.AuthenticationScheme, "v1");
-                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
-            }
-
-            Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OAuth middleware");
-            Backchannel.Timeout = Options.BackchannelTimeout;
-            Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-
-            if (string.IsNullOrEmpty(Options.SignInScheme))
-            {
-                Options.SignInScheme = sharedOptions.Value.SignInScheme;
-            }
-            if (string.IsNullOrEmpty(Options.SignInScheme))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.SignInScheme)));
-            }
-        }
-
-        protected HttpClient Backchannel { get; private set; }
-
-        /// <summary>
-        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
-        /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="OAuthOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<TOptions> CreateHandler()
-        {
-            return new OAuthHandler<TOptions>(Backchannel);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index 9bd08dfd84..3c71f055f5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -1,16 +1,18 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Http.Authentication;
+using System.Globalization;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     /// <summary>
-    /// Configuration options for <see cref="OAuthMiddleware{T}"/>.
+    /// Configuration options OAuth.
     /// </summary>
     public class OAuthOptions : RemoteAuthenticationOptions
     {
@@ -19,6 +21,39 @@ namespace Microsoft.AspNetCore.Builder
             Events = new OAuthEvents();
         }
 
+        /// <summary>
+        /// Check that the options are valid.  Should throw an exception if things are not ok.
+        /// </summary>
+        public override void Validate()
+        {
+            base.Validate();
+
+            if (string.IsNullOrEmpty(ClientId))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(ClientId)), nameof(ClientId));
+            }
+
+            if (string.IsNullOrEmpty(ClientSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(ClientSecret)), nameof(ClientSecret));
+            }
+
+            if (string.IsNullOrEmpty(AuthorizationEndpoint))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(AuthorizationEndpoint)), nameof(AuthorizationEndpoint));
+            }
+
+            if (string.IsNullOrEmpty(TokenEndpoint))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(TokenEndpoint)), nameof(TokenEndpoint));
+            }
+
+            if (!CallbackPath.HasValue)
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(CallbackPath)), nameof(CallbackPath));
+            }
+        }
+
         /// <summary>
         /// Gets or sets the provider-assigned client id.
         /// </summary>
@@ -47,11 +82,11 @@ namespace Microsoft.AspNetCore.Builder
         public string UserInformationEndpoint { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="IOAuthEvents"/> used to handle authentication events.
+        /// Gets or sets the <see cref="OAuthEvents"/> used to handle authentication events.
         /// </summary>
-        public new IOAuthEvents Events
+        public new OAuthEvents Events
         {
-            get { return (IOAuthEvents)base.Events; }
+            get { return (OAuthEvents)base.Events; }
             set { base.Events = value; }
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
index 776f78d6e7..0c7d968638 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -9,8 +9,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class AuthenticationFailedContext : BaseOpenIdConnectContext
     {
-        public AuthenticationFailedContext(HttpContext context, OpenIdConnectOptions options)
-            : base(context, options)
+        public AuthenticationFailedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+            : base(context, scheme, options)
         {
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 49c863e4b8..0ccfc3ab71 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -18,8 +18,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options)
-            : base(context, options)
+        public AuthorizationCodeReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+            : base(context, scheme, options)
         {
         }
 
@@ -42,23 +42,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         /// <summary>
         /// If the developer chooses to redeem the code themselves then they can provide the resulting tokens here. This is the
-        /// same as calling HandleCodeRedemption. If set then the middleware will not attempt to redeem the code. An IdToken
+        /// same as calling HandleCodeRedemption. If set then the handler will not attempt to redeem the code. An IdToken
         /// is required if one had not been previously received in the authorization response. An access token is optional
-        /// if the middleware is to contact the user-info endpoint.
+        /// if the handler is to contact the user-info endpoint.
         /// </summary>
         public OpenIdConnectMessage TokenEndpointResponse { get; set; }
 
         /// <summary>
-        /// Indicates if the developer choose to handle (or skip) the code redemption. If true then the middleware will not attempt
+        /// Indicates if the developer choose to handle (or skip) the code redemption. If true then the handler will not attempt
         /// to redeem the code. See HandleCodeRedemption and TokenEndpointResponse.
         /// </summary>
         public bool HandledCodeRedemption => TokenEndpointResponse != null;
 
         /// <summary>
-        /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+        /// Tells the handler to skip the code redemption process. The developer may have redeemed the code themselves, or
         /// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
         /// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
-        /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+        /// in the authorization response. An access token can optionally be provided for the handler to contact the
         /// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
         /// </summary>
         public void HandleCodeRedemption()
@@ -67,10 +67,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+        /// Tells the handler to skip the code redemption process. The developer may have redeemed the code themselves, or
         /// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
         /// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
-        /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+        /// in the authorization response. An access token can optionally be provided for the handler to contact the
         /// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
         /// </summary>
         public void HandleCodeRedemption(string accessToken, string idToken)
@@ -79,10 +79,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+        /// Tells the handler to skip the code redemption process. The developer may have redeemed the code themselves, or
         /// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
         /// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
-        /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+        /// in the authorization response. An access token can optionally be provided for the handler to contact the
         /// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
         /// </summary>
         public void HandleCodeRedemption(OpenIdConnectMessage tokenEndpointResponse)
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
index d2f56a4ce2..63f815d9ee 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -10,19 +9,17 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class BaseOpenIdConnectContext : BaseControlContext
     {
-        public BaseOpenIdConnectContext(HttpContext context, OpenIdConnectOptions options)
+        public BaseOpenIdConnectContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
             : base(context)
         {
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            Options = options;
+            Options = options ?? throw new ArgumentNullException(nameof(options));
+            Scheme = scheme ?? throw new ArgumentNullException(nameof(scheme));
         }
 
         public OpenIdConnectOptions Options { get; }
 
+        public AuthenticationScheme Scheme { get; }
+
         public OpenIdConnectMessage ProtocolMessage { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
deleted file mode 100644
index 128fa08a3e..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
-{
-    /// <summary>
-    /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
-    /// </summary>
-    public interface IOpenIdConnectEvents : IRemoteAuthenticationEvents
-    {
-        /// <summary>
-        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
-        /// </summary>
-        Task AuthenticationFailed(AuthenticationFailedContext context);
-
-        /// <summary>
-        /// Invoked after security token validation if an authorization code is present in the protocol message.
-        /// </summary>
-        Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context);
-
-        /// <summary>
-        /// Invoked when a protocol message is first received.
-        /// </summary>
-        Task MessageReceived(MessageReceivedContext context);
-
-        /// <summary>
-        /// Invoked before redirecting to the identity provider to authenticate.
-        /// </summary>
-        Task RedirectToIdentityProvider(RedirectContext context);
-
-        /// <summary>
-        /// Invoked before redirecting to the identity provider to sign out.
-        /// </summary>
-        Task RedirectToIdentityProviderForSignOut(RedirectContext context);
-
-        /// <summary>
-        /// Invoked when a request is received on the RemoteSignOutPath.
-        /// </summary>
-        Task RemoteSignOut(RemoteSignOutContext context);
-
-        /// <summary>
-        /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
-        /// </summary>
-        Task TokenResponseReceived(TokenResponseReceivedContext context);
-
-        /// <summary>
-        /// Invoked when an IdToken has been validated and produced an AuthenticationTicket.
-        /// </summary>
-        Task TokenValidated(TokenValidatedContext context);
-
-        /// <summary>
-        /// Invoked when user information is retrieved from the UserInfoEndpoint.
-        /// </summary>
-        Task UserInformationReceived(UserInformationReceivedContext context);
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index b2554969c1..f0298ed055 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -1,16 +1,14 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class MessageReceivedContext : BaseOpenIdConnectContext
     {
-        public MessageReceivedContext(HttpContext context, OpenIdConnectOptions options)
-            : base(context, options)
+        public MessageReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+            : base(context, scheme, options)
         {
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index f39b554ece..f6386aeec8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -8,9 +8,9 @@ using Microsoft.Extensions.Internal;
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// Specifies events which the <see cref="OpenIdConnectMiddleware" />invokes to enable developer control over the authentication process.
+    /// Specifies events which the <see cref="OpenIdConnectHandler" />invokes to enable developer control over the authentication process.
     /// </summary>
-    public class OpenIdConnectEvents : RemoteAuthenticationEvents, IOpenIdConnectEvents
+    public class OpenIdConnectEvents : RemoteAuthenticationEvents
     {
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
index 59b1c0efd1..59b00827a3 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -1,20 +1,18 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// When a user configures the <see cref="OpenIdConnectMiddleware"/> to be notified prior to redirecting to an IdentityProvider
+    /// When a user configures the <see cref="OpenIdConnectHandler"/> to be notified prior to redirecting to an IdentityProvider
     /// an instance of <see cref="RedirectContext"/> is passed to the 'RedirectToAuthenticationEndpoint' or 'RedirectToEndSessionEndpoint' events.
     /// </summary>
     public class RedirectContext : BaseOpenIdConnectContext
     {
-        public RedirectContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
-            : base(context, options)
+        public RedirectContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, AuthenticationProperties properties)
+            : base(context, scheme, options)
         {
             Properties = properties;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
index a76dc9e592..5c0172673c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -11,9 +10,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     {
         public RemoteSignOutContext(
             HttpContext context,
+            AuthenticationScheme scheme,
             OpenIdConnectOptions options,
             OpenIdConnectMessage message)
-            : base(context, options)
+            : base(context, scheme, options)
         {
             ProtocolMessage = message;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index b4a9ad6d11..7c0d51fbbd 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -1,9 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
@@ -16,8 +14,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="TokenResponseReceivedContext"/>
         /// </summary>
-        public TokenResponseReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
-            : base(context, options)
+        public TokenResponseReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, AuthenticationProperties properties)
+            : base(context, scheme, options)
         {
             Properties = properties;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
index 130a4d9873..fea89298ce 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
@@ -15,8 +15,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Creates a <see cref="TokenValidatedContext"/>
         /// </summary>
-        public TokenValidatedContext(HttpContext context, OpenIdConnectOptions options)
-            : base(context, options)
+        public TokenValidatedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+            : base(context, scheme, options)
         {
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
index c0a53db447..ee80cb71fe 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json.Linq;
 
@@ -9,8 +8,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     public class UserInformationReceivedContext : BaseOpenIdConnectContext
     {
-        public UserInformationReceivedContext(HttpContext context, OpenIdConnectOptions options)
-            : base(context, options)
+        public UserInformationReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+            : base(context, scheme, options)
         {
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 351cb284c5..a5e4c8b0cb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -11,6 +11,7 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index dde12494de..db5cfbbcc9 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
     public static class OpenIdConnectAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<OpenIdConnectMiddleware>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="OpenIdConnectOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A <see cref="OpenIdConnectOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<OpenIdConnectMiddleware>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
new file mode 100644
index 0000000000..9afae436dd
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
+{
+    internal class OpenIdConnectConfigureOptions : ConfigureNamedOptions<OpenIdConnectOptions>
+    {
+        // Bind to "OpenIdConnect" section by default
+        public OpenIdConnectConfigureOptions(IConfiguration config) :
+            base(OpenIdConnectDefaults.AuthenticationScheme,
+                options => config.GetSection(OpenIdConnectDefaults.AuthenticationScheme).Bind(options))
+        { }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
index a099a72769..c5baca4db9 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
@@ -4,7 +4,7 @@
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// Default values related to OpenIdConnect authentication middleware
+    /// Default values related to OpenIdConnect authentication handler
     /// </summary>
     public static class OpenIdConnectDefaults
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
new file mode 100644
index 0000000000..89581b201f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    public static class OpenIdConnectExtensions
+    {
+        /// <summary>
+        /// Adds OpenIdConnect authentication with options bound against the "OpenIdConnect" section 
+        /// from the IConfiguration in the service container.
+        /// </summary>
+        /// <param name="services"></param>
+        /// <returns></returns>
+        public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services)
+        {
+            services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, OpenIdConnectConfigureOptions>();
+            return services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, _ => { });
+        }
+
+        public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, Action<OpenIdConnectOptions> configureOptions) 
+            => services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
+
+        public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
+        {
+            return services.AddScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, configureOptions);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 6b24996e78..69acbf9a06 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -13,12 +13,12 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
+using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@@ -53,28 +53,110 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         private OpenIdConnectConfiguration _configuration;
 
-        protected HttpClient Backchannel { get; private set; }
+        protected HttpClient Backchannel => Options.Backchannel;
 
-        protected HtmlEncoder HtmlEncoder { get; private set; }
+        protected HtmlEncoder HtmlEncoder { get; }
 
-        public OpenIdConnectHandler(HttpClient backchannel, HtmlEncoder htmlEncoder)
+        public OpenIdConnectHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<OpenIdConnectOptions> options, ILoggerFactory logger, HtmlEncoder htmlEncoder, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+            : base(sharedOptions, options, dataProtection, logger, encoder, clock)
         {
-            Backchannel = backchannel;
             HtmlEncoder = htmlEncoder;
         }
 
-        public override async Task<bool> HandleRequestAsync()
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new OpenIdConnectEvents Events
+        {
+            get { return (OpenIdConnectEvents)base.Events; }
+            set { base.Events = value; }
+        }
+
+        protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new OpenIdConnectEvents());
+
+        protected override void InitializeOptions()
+        {
+            base.InitializeOptions();
+
+            if (string.IsNullOrEmpty(Options.SignOutScheme))
+            {
+                Options.SignOutScheme = SignInScheme;
+            }
+
+            if (Options.StateDataFormat == null)
+            {
+                var dataProtector = DataProtection.CreateProtector(
+                    GetType().FullName, Scheme.Name, "v1");
+                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+
+            if (Options.StringDataFormat == null)
+            {
+                var dataProtector = DataProtection.CreateProtector(
+                    GetType().FullName,
+                    typeof(string).FullName,
+                    Scheme.Name,
+                    "v1");
+
+                Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
+            }
+
+            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
+            {
+                Options.TokenValidationParameters.ValidAudience = Options.ClientId;
+            }
+
+            if (Options.Backchannel == null)
+            {
+                Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+                Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect handler");
+                Options.Backchannel.Timeout = Options.BackchannelTimeout;
+                Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+            }
+
+            if (Options.ConfigurationManager == null)
+            {
+                if (Options.Configuration != null)
+                {
+                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
+                }
+                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
+                {
+                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
+                    {
+                        Options.MetadataAddress = Options.Authority;
+                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+                        {
+                            Options.MetadataAddress += "/";
+                        }
+
+                        Options.MetadataAddress += ".well-known/openid-configuration";
+                    }
+
+                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+                    {
+                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+                    }
+
+                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+                        new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata });
+                }
+            }
+        }
+
+        public override Task<bool> HandleRequestAsync()
         {
             if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path)
             {
-                return await HandleRemoteSignOutAsync();
+                return HandleRemoteSignOutAsync();
             }
             else if (Options.SignedOutCallbackPath.HasValue && Options.SignedOutCallbackPath == Request.Path)
             {
-                return await HandleSignOutCallbackAsync();
+                return HandleSignOutCallbackAsync();
             }
 
-            return await base.HandleRequestAsync();
+            return base.HandleRequestAsync();
         }
 
         protected virtual async Task<bool> HandleRemoteSignOutAsync()
@@ -97,8 +179,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 message = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
             }
 
-            var remoteSignOutContext = new RemoteSignOutContext(Context, Options, message);
-            await Options.Events.RemoteSignOut(remoteSignOutContext);
+            var remoteSignOutContext = new RemoteSignOutContext(Context, Scheme, Options, message);
+            await Events.RemoteSignOut(remoteSignOutContext);
 
             if (remoteSignOutContext.HandledResponse)
             {
@@ -120,7 +202,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // If the identifier cannot be found, bypass the session identifier checks: this may indicate that the
             // authentication cookie was already cleared, that the session identifier was lost because of a lossy
             // external/application cookie conversion or that the identity provider doesn't support sessions.
-            var sid = (await Context.Authentication.AuthenticateAsync(Options.SignOutScheme))
+            var sid = (await Context.AuthenticateAsync(Options.SignOutScheme))
+                          ?.Principal
                           ?.FindFirst(JwtRegisteredClaimNames.Sid)
                           ?.Value;
             if (!string.IsNullOrEmpty(sid))
@@ -142,7 +225,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             Logger.RemoteSignOut();
 
             // We've received a remote sign-out request
-            await Context.Authentication.SignOutAsync(Options.SignOutScheme);
+            await Context.SignOutAsync(Options.SignOutScheme);
             return true;
         }
 
@@ -169,7 +252,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             };
 
             // Get the post redirect URI.
-            var properties = new AuthenticationProperties(signout.Properties);
+            var properties = signout.Properties;
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = BuildRedirectUriIfRelative(Options.PostLogoutRedirectUri);
@@ -181,14 +264,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             Logger.PostSignOutRedirect(properties.RedirectUri);
 
             // Attach the identity token to the logout request when possible.
-            message.IdTokenHint = await Context.Authentication.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken);
+            message.IdTokenHint = await Context.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken);
 
-            var redirectContext = new RedirectContext(Context, Options, properties)
+            var redirectContext = new RedirectContext(Context, Scheme, Options, properties)
             {
                 ProtocolMessage = message
             };
 
-            await Options.Events.RedirectToIdentityProviderForSignOut(redirectContext);
+            await Events.RedirectToIdentityProviderForSignOut(redirectContext);
             if (redirectContext.HandledResponse)
             {
                 Logger.RedirectToIdentityProviderForSignOutHandledResponse();
@@ -271,7 +354,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 if (!string.IsNullOrEmpty(properties?.RedirectUri))
                 {
                     Response.Redirect(properties.RedirectUri);
-                    return Task.FromResult(true);
                 }
             }
 
@@ -282,7 +364,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Responds to a 401 Challenge. Sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
         /// </summary>
         /// <returns></returns>
-        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
         {
             if (context == null)
             {
@@ -294,8 +376,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri if RedirectUri is not set)
-            var properties = new AuthenticationProperties(context.Properties);
-
+            var properties = context.Properties;
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
@@ -335,21 +416,21 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             GenerateCorrelationId(properties);
 
-            var redirectContext = new RedirectContext(Context, Options, properties)
+            var redirectContext = new RedirectContext(Context, Scheme, Options, properties)
             {
                 ProtocolMessage = message
             };
 
-            await Options.Events.RedirectToIdentityProvider(redirectContext);
+            await Events.RedirectToIdentityProvider(redirectContext);
             if (redirectContext.HandledResponse)
             {
                 Logger.RedirectToIdentityProviderHandledResponse();
-                return true;
+                return;
             }
             else if (redirectContext.Skipped)
             {
                 Logger.RedirectToIdentityProviderSkipped();
-                return false;
+                return;
             }
 
             message = redirectContext.ProtocolMessage;
@@ -379,7 +460,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 }
 
                 Response.Redirect(redirectUri);
-                return true;
+                return;
             }
             else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
             {
@@ -407,7 +488,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 Response.Headers[HeaderNames.Expires] = "-1";
 
                 await Response.Body.WriteAsync(buffer, 0, buffer.Length);
-                return true;
+                return;
             }
 
             throw new NotImplementedException($"An unsupported authentication method has been configured: {Options.AuthenticationMethod}");
@@ -435,7 +516,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     if (Options.SkipUnrecognizedRequests)
                     {
                         // Not for us?
-                        return AuthenticateResult.Skip();
+                        return AuthenticateResult.None();
                     }
                     return AuthenticateResult.Fail("An OpenID Connect response cannot contain an " +
                             "identity token or an access token when using response_mode=query");
@@ -457,7 +538,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 if (Options.SkipUnrecognizedRequests)
                 {
                     // Not for us?
-                    return AuthenticateResult.Skip();
+                    return AuthenticateResult.None();
                 }
                 return AuthenticateResult.Fail("No message.");
             }
@@ -473,7 +554,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 }
 
                 var messageReceivedContext = await RunMessageReceivedEventAsync(authorizationResponse, properties);
-                if (messageReceivedContext.CheckEventResult(out result))
+                if (messageReceivedContext.IsProcessingComplete(out result))
                 {
                     return result;
                 }
@@ -489,7 +570,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         Logger.NullOrEmptyAuthorizationResponseState();
                         if (Options.SkipUnrecognizedRequests)
                         {
-                            return AuthenticateResult.Skip();
+                            return AuthenticateResult.None();
                         }
                         return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
                     }
@@ -504,7 +585,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     if (Options.SkipUnrecognizedRequests)
                     {
                         // Not for us?
-                        return AuthenticateResult.Skip();
+                        return AuthenticateResult.None();
                     }
                     return AuthenticateResult.Fail(Resources.MessageStateIsInvalid);
                 }
@@ -550,7 +631,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     }
 
                     var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, null, properties, ticket, jwt, nonce);
-                    if (tokenValidatedContext.CheckEventResult(out result))
+                    if (tokenValidatedContext.IsProcessingComplete(out result))
                     {
                         return result;
                     }
@@ -575,7 +656,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 if (!string.IsNullOrEmpty(authorizationResponse.Code))
                 {
                     var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(authorizationResponse, properties, ticket, jwt);
-                    if (authorizationCodeReceivedContext.CheckEventResult(out result))
+                    if (authorizationCodeReceivedContext.IsProcessingComplete(out result))
                     {
                         return result;
                     }
@@ -593,7 +674,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     }
 
                     var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties, ticket);
-                    if (tokenResponseReceivedContext.CheckEventResult(out result))
+                    if (tokenResponseReceivedContext.IsProcessingComplete(out result))
                     {
                         return result;
                     }
@@ -620,7 +701,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         }
 
                         var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, tokenEndpointResponse, properties, tokenEndpointTicket, tokenEndpointJwt, nonce);
-                        if (tokenValidatedContext.CheckEventResult(out result))
+                        if (tokenValidatedContext.IsProcessingComplete(out result))
                         {
                             return result;
                         }
@@ -689,7 +770,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 }
 
                 var authenticationFailedContext = await RunAuthenticationFailedEventAsync(authorizationResponse, exception);
-                if (authenticationFailedContext.CheckEventResult(out result))
+                if (authenticationFailedContext.IsProcessingComplete(out result))
                 {
                     return result;
                 }
@@ -804,7 +885,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
             AuthenticateResult result;
-            if (userInformationReceivedContext.CheckEventResult(out result))
+            if (userInformationReceivedContext.IsProcessingComplete(out result))
             {
                 return result;
             }
@@ -861,7 +942,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 int value;
                 if (int.TryParse(message.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out value))
                 {
-                    var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
+                    var expiresAt = Clock.UtcNow + TimeSpan.FromSeconds(value);
                     // https://www.w3.org/TR/xmlschema-2/#dateTime
                     // https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
                     tokens.Add(new AuthenticationToken { Name = "expires_at", Value = expiresAt.ToString("o", CultureInfo.InvariantCulture) });
@@ -891,7 +972,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 {
                     HttpOnly = true,
                     Secure = Request.IsHttps,
-                    Expires = Options.SystemClock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
+                    Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
                 });
         }
 
@@ -971,13 +1052,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             Logger.MessageReceived(message.BuildRedirectUrl());
-            var messageReceivedContext = new MessageReceivedContext(Context, Options)
+            var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options)
             {
                 ProtocolMessage = message,
                 Properties = properties,
             };
 
-            await Options.Events.MessageReceived(messageReceivedContext);
+            await Events.MessageReceived(messageReceivedContext);
             if (messageReceivedContext.HandledResponse)
             {
                 Logger.MessageReceivedContextHandledResponse();
@@ -992,7 +1073,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         private async Task<TokenValidatedContext> RunTokenValidatedEventAsync(OpenIdConnectMessage authorizationResponse, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt, string nonce)
         {
-            var tokenValidatedContext = new TokenValidatedContext(Context, Options)
+            var tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options)
             {
                 ProtocolMessage = authorizationResponse,
                 TokenEndpointResponse = tokenEndpointResponse,
@@ -1002,7 +1083,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 Nonce = nonce,
             };
 
-            await Options.Events.TokenValidated(tokenValidatedContext);
+            await Events.TokenValidated(tokenValidatedContext);
             if (tokenValidatedContext.HandledResponse)
             {
                 Logger.TokenValidatedHandledResponse();
@@ -1029,7 +1110,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 RedirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]
             };
 
-            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options)
+            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Scheme, Options)
             {
                 ProtocolMessage = authorizationResponse,
                 Properties = properties,
@@ -1039,7 +1120,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 Backchannel = Backchannel,
             };
 
-            await Options.Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
+            await Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
             if (authorizationCodeReceivedContext.HandledResponse)
             {
                 Logger.AuthorizationCodeReceivedContextHandledResponse();
@@ -1059,14 +1140,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             AuthenticationTicket ticket)
         {
             Logger.TokenResponseReceived();
-            var eventContext = new TokenResponseReceivedContext(Context, Options, properties)
+            var eventContext = new TokenResponseReceivedContext(Context, Scheme, Options, properties)
             {
                 ProtocolMessage = message,
                 TokenEndpointResponse = tokenEndpointResponse,
                 Ticket = ticket
             };
 
-            await Options.Events.TokenResponseReceived(eventContext);
+            await Events.TokenResponseReceived(eventContext);
             if (eventContext.HandledResponse)
             {
                 Logger.TokenResponseReceivedHandledResponse();
@@ -1083,14 +1164,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         {
             Logger.UserInformationReceived(user.ToString());
 
-            var userInformationReceivedContext = new UserInformationReceivedContext(Context, Options)
+            var userInformationReceivedContext = new UserInformationReceivedContext(Context, Scheme, Options)
             {
                 Ticket = ticket,
                 ProtocolMessage = message,
                 User = user,
             };
 
-            await Options.Events.UserInformationReceived(userInformationReceivedContext);
+            await Events.UserInformationReceived(userInformationReceivedContext);
             if (userInformationReceivedContext.HandledResponse)
             {
                 Logger.UserInformationReceivedHandledResponse();
@@ -1105,13 +1186,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         private async Task<AuthenticationFailedContext> RunAuthenticationFailedEventAsync(OpenIdConnectMessage message, Exception exception)
         {
-            var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+            var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
             {
                 ProtocolMessage = message,
                 Exception = exception
             };
 
-            await Options.Events.AuthenticationFailed(authenticationFailedContext);
+            await Events.AuthenticationFailed(authenticationFailedContext);
             if (authenticationFailedContext.HandledResponse)
             {
                 Logger.AuthenticationFailedContextHandledResponse();
@@ -1161,7 +1242,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
             }
 
-            var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
+            var ticket = new AuthenticationTicket(principal, properties, Scheme.Name);
 
             if (Options.UseTokenLifetime)
             {
@@ -1220,5 +1301,18 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 description,
                 errorUri));
         }
+
+        private class StringSerializer : IDataSerializer<string>
+        {
+            public string Deserialize(byte[] data)
+            {
+                return Encoding.UTF8.GetString(data);
+            }
+
+            public byte[] Serialize(string model)
+            {
+                return Encoding.UTF8.GetBytes(model);
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
deleted file mode 100644
index 8d880d0d90..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ /dev/null
@@ -1,209 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Net.Http;
-using System.Text;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
-{
-    /// <summary>
-    /// ASP.NET Core middleware for obtaining identities using OpenIdConnect protocol.
-    /// </summary>
-    public class OpenIdConnectMiddleware : AuthenticationMiddleware<OpenIdConnectOptions>
-    {
-        /// <summary>
-        /// Initializes a <see cref="OpenIdConnectMiddleware"/>
-        /// </summary>
-        /// <param name="next">The next middleware in the middleware pipeline to invoke.</param>
-        /// <param name="dataProtectionProvider"> provider for creating a data protector.</param>
-        /// <param name="loggerFactory">factory for creating a <see cref="ILogger"/>.</param>
-        /// <param name="encoder"></param>
-        /// <param name="services"></param>
-        /// <param name="sharedOptions"></param>
-        /// <param name="options"></param>
-        /// <param name="htmlEncoder">The <see cref="HtmlEncoder"/>.</param>
-        public OpenIdConnectMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IServiceProvider services,
-            IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<OpenIdConnectOptions> options,
-            HtmlEncoder htmlEncoder)
-            : base(next, options, loggerFactory, encoder)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (dataProtectionProvider == null)
-            {
-                throw new ArgumentNullException(nameof(dataProtectionProvider));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            if (services == null)
-            {
-                throw new ArgumentNullException(nameof(services));
-            }
-
-            if (sharedOptions == null)
-            {
-                throw new ArgumentNullException(nameof(sharedOptions));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            if (htmlEncoder == null)
-            {
-                throw new ArgumentNullException(nameof(htmlEncoder));
-            }
-
-            if (string.IsNullOrEmpty(Options.ClientId))
-            {
-                throw new ArgumentException("Options.ClientId must be provided", nameof(Options.ClientId));
-            }
-            
-            if (!Options.CallbackPath.HasValue)
-            {
-                throw new ArgumentException("Options.CallbackPath must be provided.");
-            }
-
-            if (string.IsNullOrEmpty(Options.SignInScheme))
-            {
-                Options.SignInScheme = sharedOptions.Value.SignInScheme;
-            }
-            if (string.IsNullOrEmpty(Options.SignInScheme))
-            {
-                throw new ArgumentException("Options.SignInScheme is required.");
-            }
-            if (string.IsNullOrEmpty(Options.SignOutScheme))
-            {
-                Options.SignOutScheme = Options.SignInScheme;
-            }
-
-            HtmlEncoder = htmlEncoder;
-
-            if (Options.StateDataFormat == null)
-            {
-                var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(OpenIdConnectMiddleware).FullName,
-                    typeof(string).FullName,
-                    Options.AuthenticationScheme,
-                    "v1");
-
-                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
-            }
-
-            if (Options.StringDataFormat == null)
-            {
-                var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(OpenIdConnectMiddleware).FullName,
-                    typeof(string).FullName,
-                    Options.AuthenticationScheme,
-                    "v1");
-
-                Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
-            }
-
-            if (Options.Events == null)
-            {
-                Options.Events = new OpenIdConnectEvents();
-            }
-
-            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
-            {
-                Options.TokenValidationParameters.ValidAudience = Options.ClientId;
-            }
-
-            Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-            Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect middleware");
-            Backchannel.Timeout = Options.BackchannelTimeout;
-            Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-
-            if (Options.ConfigurationManager == null)
-            {
-                if (Options.Configuration != null)
-                {
-                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
-                }
-                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
-                {
-                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
-                    {
-                        Options.MetadataAddress = Options.Authority;
-                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
-                        {
-                            Options.MetadataAddress += "/";
-                        }
-
-                        Options.MetadataAddress += ".well-known/openid-configuration";
-                    }
-
-                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
-                    {
-                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
-                    }
-
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
-                        new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata });
-                }
-            }
-            
-            if (Options.ConfigurationManager == null)
-            {
-                throw new InvalidOperationException($"Provide {nameof(Options.Authority)}, {nameof(Options.MetadataAddress)}, "
-                + $"{nameof(Options.Configuration)}, or {nameof(Options.ConfigurationManager)} to {nameof(OpenIdConnectOptions)}");
-            }
-        }
-
-        protected HttpClient Backchannel { get; private set; }
-
-        protected HtmlEncoder HtmlEncoder { get; private set; }
-
-        /// <summary>
-        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
-        /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="OpenIdConnectOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler()
-        {
-            return new OpenIdConnectHandler(Backchannel, HtmlEncoder);
-        }
-
-        private class StringSerializer : IDataSerializer<string>
-        {
-            public string Deserialize(byte[] data)
-            {
-                return Encoding.UTF8.GetString(data);
-            }
-
-            public byte[] Serialize(string model)
-            {
-                return Encoding.UTF8.GetBytes(model);
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 8269acbd8f..5ca270dde8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -8,27 +8,20 @@ using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
     /// <summary>
-    /// Configuration options for <see cref="OpenIdConnectMiddleware"/>
+    /// Configuration options for <see cref="OpenIdConnectHandler"/>
     /// </summary>
     public class OpenIdConnectOptions : RemoteAuthenticationOptions
     {
-        /// <summary>
-        /// Initializes a new <see cref="OpenIdConnectOptions"/>
-        /// </summary>
-        public OpenIdConnectOptions()
-            : this(OpenIdConnectDefaults.AuthenticationScheme)
-        {
-        }
-
         /// <summary>
         /// Initializes a new <see cref="OpenIdConnectOptions"/>
         /// </summary>
@@ -44,11 +37,8 @@ namespace Microsoft.AspNetCore.Builder
         /// <para>TokenValidationParameters: new <see cref="TokenValidationParameters"/> with AuthenticationScheme = authenticationScheme.</para>
         /// <para>UseTokenLifetime: false.</para>
         /// </remarks>
-        /// <param name="authenticationScheme"> will be used to when creating the <see cref="System.Security.Claims.ClaimsIdentity"/> for the AuthenticationScheme property.</param>
-        public OpenIdConnectOptions(string authenticationScheme)
+        public OpenIdConnectOptions()
         {
-            AuthenticationScheme = authenticationScheme;
-            AutomaticChallenge = true;
             DisplayName = OpenIdConnectDefaults.Caption;
             CallbackPath = new PathString("/signin-oidc");
             SignedOutCallbackPath = new PathString("/signout-callback-oidc");
@@ -83,6 +73,30 @@ namespace Microsoft.AspNetCore.Builder
             ClaimActions.MapUniqueJsonKey("email", "email");
         }
 
+        /// <summary>
+        /// Check that the options are valid.  Should throw an exception if things are not ok.
+        /// </summary>
+        public override void Validate()
+        {
+            base.Validate();
+
+            if (string.IsNullOrEmpty(ClientId))
+            {
+                throw new ArgumentException("Options.ClientId must be provided", nameof(ClientId));
+            }
+
+            if (!CallbackPath.HasValue)
+            {
+                throw new ArgumentException("Options.CallbackPath must be provided.", nameof(CallbackPath));
+            }
+
+            if (ConfigurationManager == null)
+            {
+                throw new InvalidOperationException($"Provide {nameof(Authority)}, {nameof(MetadataAddress)}, "
+                + $"{nameof(Configuration)}, or {nameof(ConfigurationManager)} to {nameof(OpenIdConnectOptions)}");
+            }
+        }
+
         /// <summary>
         /// Gets or sets the Authority to use when making OpenIdConnect calls.
         /// </summary>
@@ -111,7 +125,7 @@ namespace Microsoft.AspNetCore.Builder
         public IConfigurationManager<OpenIdConnectConfiguration> ConfigurationManager { get; set; }
 
         /// <summary>
-        /// Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
+        /// Boolean to set whether the handler should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
         /// The default is 'false'.
         /// </summary>
         public bool GetClaimsFromUserInfoEndpoint { get; set; }
@@ -133,11 +147,11 @@ namespace Microsoft.AspNetCore.Builder
         public string MetadataAddress { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="IOpenIdConnectEvents"/> to notify when processing OpenIdConnect messages.
+        /// Gets or sets the <see cref="OpenIdConnectEvents"/> to notify when processing OpenIdConnect messages.
         /// </summary>
-        public new IOpenIdConnectEvents Events
+        public new OpenIdConnectEvents Events
         {
-            get { return (IOpenIdConnectEvents)base.Events; }
+            get { return (OpenIdConnectEvents)base.Events; }
             set { base.Events = value; }
         }
 
@@ -196,7 +210,7 @@ namespace Microsoft.AspNetCore.Builder
         public ICollection<string> Scope { get; } = new HashSet<string>();
 
         /// <summary>
-        /// Requests received on this path will cause the middleware to invoke SignOut using the SignInScheme.
+        /// Requests received on this path will cause the handler to invoke SignOut using the SignInScheme.
         /// </summary>
         public PathString RemoteSignOutPath { get; set; }
 
@@ -207,12 +221,12 @@ namespace Microsoft.AspNetCore.Builder
         public string SignOutScheme { get; set; }
 
         /// <summary>
-        /// Gets or sets the type used to secure data handled by the middleware.
+        /// Gets or sets the type used to secure data handled by the handler.
         /// </summary>
         public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
 
         /// <summary>
-        /// Gets or sets the type used to secure strings used by the middleware.
+        /// Gets or sets the type used to secure strings used by the handler.
         /// </summary>
         public ISecureDataFormat<string> StringDataFormat { get; set; }
 
@@ -235,7 +249,7 @@ namespace Microsoft.AspNetCore.Builder
         public bool UseTokenLifetime { get; set; }
 
         /// <summary>
-        /// Indicates if requests to the CallbackPath may also be for other components. If enabled the middleware will pass
+        /// Indicates if requests to the CallbackPath may also be for other components. If enabled the handler will pass
         /// requests through that do not contain OpenIdConnect authentication responses. Disabling this and setting the
         /// CallbackPath to a dedicated endpoint may provide better error handling.
         /// This is disabled by default.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
index 5f00cb18bc..b71b8655b7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -9,19 +8,23 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
     /// <summary>
     /// Base class for other Twitter contexts.
     /// </summary>
-    public class BaseTwitterContext : BaseContext
+    public class BaseTwitterContext : BaseAuthenticationContext
     {
         /// <summary>
         /// Initializes a <see cref="BaseTwitterContext"/>
         /// </summary>
         /// <param name="context">The HTTP environment</param>
+        /// <param name="scheme">The scheme data</param>
         /// <param name="options">The options for Twitter</param>
-        public BaseTwitterContext(HttpContext context, TwitterOptions options)
-            : base(context)
+        /// <param name="properties">The AuthenticationProperties</param>
+        public BaseTwitterContext(HttpContext context, AuthenticationScheme scheme, TwitterOptions options, AuthenticationProperties properties)
+            : base(context, scheme.Name, properties)
         {
             Options = options;
         }
 
         public TwitterOptions Options { get; }
+
+        public AuthenticationScheme Scheme { get; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
deleted file mode 100644
index 006fafc731..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/ITwitterEvents.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.Twitter
-{
-    /// <summary>
-    /// Specifies callback methods which the <see cref="TwitterMiddleware"></see> invokes to enable developer control over the authentication process. />
-    /// </summary>
-    public interface ITwitterEvents : IRemoteAuthenticationEvents
-    {
-        /// <summary>
-        /// Invoked whenever Twitter succesfully authenticates a user
-        /// </summary>
-        /// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
-        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
-        Task CreatingTicket(TwitterCreatingTicketContext context);
-
-        /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
-        /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge </param>
-        Task RedirectToAuthorizationEndpoint(TwitterRedirectToAuthorizationEndpointContext context);
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index 21c6189d71..eaf704bcb9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -3,9 +3,7 @@
 
 using System;
 using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -19,21 +17,25 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// Initializes a <see cref="TwitterCreatingTicketContext"/>
         /// </summary>
         /// <param name="context">The HTTP environment</param>
+        /// <param name="scheme">The scheme data</param>
         /// <param name="options">The options for Twitter</param>
         /// <param name="userId">Twitter user ID</param>
         /// <param name="screenName">Twitter screen name</param>
         /// <param name="accessToken">Twitter access token</param>
         /// <param name="accessTokenSecret">Twitter access token secret</param>
         /// <param name="user">User details</param>
+        /// <param name="properties">AuthenticationProperties.</param>
         public TwitterCreatingTicketContext(
             HttpContext context,
+            AuthenticationScheme scheme,
             TwitterOptions options,
+            AuthenticationProperties properties,
             string userId,
             string screenName,
             string accessToken,
             string accessTokenSecret,
             JObject user)
-            : base(context, options)
+            : base(context, scheme, options, properties)
         {
             UserId = userId;
             ScreenName = screenName;
@@ -72,10 +74,5 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// Gets the <see cref="ClaimsPrincipal"/> representing the user
         /// </summary>
         public ClaimsPrincipal Principal { get; set; }
-
-        /// <summary>
-        /// Gets or sets a property bag for common authentication properties
-        /// </summary>
-        public AuthenticationProperties Properties { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
index 033227542a..2c8b30e9fc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
@@ -8,9 +8,9 @@ using Microsoft.Extensions.Internal;
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
-    /// Default <see cref="ITwitterEvents"/> implementation.
+    /// Default <see cref="TwitterEvents"/> implementation.
     /// </summary>
-    public class TwitterEvents : RemoteAuthenticationEvents, ITwitterEvents
+    public class TwitterEvents : RemoteAuthenticationEvents
     {
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
@@ -34,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         public virtual Task CreatingTicket(TwitterCreatingTicketContext context) => OnCreatingTicket(context);
 
         /// <summary>
-        /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
+        /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter handler
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge </param>
         public virtual Task RedirectToAuthorizationEndpoint(TwitterRedirectToAuthorizationEndpointContext context) => OnRedirectToAuthorizationEndpoint(context);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
index aa1da43edb..fe181fe7b4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
@@ -1,14 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
-    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
+    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter handler.
     /// </summary>
     public class TwitterRedirectToAuthorizationEndpointContext : BaseTwitterContext
     {
@@ -16,12 +14,14 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// Creates a new context object.
         /// </summary>
         /// <param name="context">The HTTP request context.</param>
-        /// <param name="options">The Twitter middleware options.</param>
+        /// <param name="scheme">The scheme data</param>
+        /// <param name="options">The Twitter handler options.</param>
         /// <param name="properties">The authentication properties of the challenge.</param>
         /// <param name="redirectUri">The initial redirect URI.</param>
-        public TwitterRedirectToAuthorizationEndpointContext(HttpContext context, TwitterOptions options,
-            AuthenticationProperties properties, string redirectUri)
-            : base(context, options)
+        public TwitterRedirectToAuthorizationEndpointContext(HttpContext context, AuthenticationScheme scheme,
+
+            TwitterOptions options, AuthenticationProperties properties, string redirectUri)
+            : base(context, scheme, options, properties)
         {
             RedirectUri = redirectUri;
             Properties = properties;
@@ -31,10 +31,5 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// Gets the URI used for the redirect operation.
         /// </summary>
         public string RedirectUri { get; private set; }
-
-        /// <summary>
-        /// Gets the authentication properties of the challenge.
-        /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index dc4bbf80ae..c0b773345d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -12,6 +12,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index df6ca1d024..2896365d69 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
 using Microsoft.AspNetCore.Authentication.Twitter;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
     public static class TwitterAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="TwitterMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Twitter authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<TwitterMiddleware>();
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Adds the <see cref="TwitterMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Twitter authentication capabilities.
+        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">An action delegate to configure the provided <see cref="TwitterOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
         public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, TwitterOptions options)
         {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<TwitterMiddleware>(Options.Create(options));
+            throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
new file mode 100644
index 0000000000..b10435f189
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Twitter
+{
+    internal class TwitterConfigureOptions : ConfigureNamedOptions<TwitterOptions>
+    {
+        // Bind to "Twitter" section by default
+        public TwitterConfigureOptions(IConfiguration config) :
+            base(TwitterDefaults.AuthenticationScheme,
+                options => config.GetSection(TwitterDefaults.AuthenticationScheme).Bind(options))
+        { }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
new file mode 100644
index 0000000000..2170be9028
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    public static class TwitterExtensions
+    {
+        /// <summary>
+        /// Adds Twitter authentication with options bound against the "Twitter" section 
+        /// from the IConfiguration in the service container.
+        /// </summary>
+        /// <param name="services"></param>
+        /// <returns></returns>
+        public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services)
+        {
+            services.AddSingleton<IConfigureOptions<TwitterOptions>, TwitterConfigureOptions>();
+            return services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, _ => { });
+        }
+
+        public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, Action<TwitterOptions> configureOptions)
+            => services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, configureOptions);
+
+        public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action<TwitterOptions> configureOptions)
+        {
+            return services.AddScheme<TwitterOptions, TwitterHandler>(authenticationScheme, configureOptions);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 8481730a8c..c166b175af 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -8,13 +8,13 @@ using System.Net.Http;
 using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json.Linq;
 
@@ -28,11 +28,46 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         private const string AuthenticationEndpoint = "https://api.twitter.com/oauth/authenticate?oauth_token=";
         private const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
 
-        private readonly HttpClient _httpClient;
+        private HttpClient Backchannel => Options.Backchannel;
 
-        public TwitterHandler(HttpClient httpClient)
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new TwitterEvents Events
         {
-            _httpClient = httpClient;
+            get { return (TwitterEvents)base.Events; }
+            set { base.Events = value; }
+        }
+
+        public TwitterHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<TwitterOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+            : base(sharedOptions, options, dataProtection, logger, encoder, clock)
+        { }
+
+        protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new TwitterEvents());
+
+        protected override void InitializeOptions()
+        {
+            base.InitializeOptions();
+
+            if (Options.StateDataFormat == null)
+            {
+                var dataProtector = DataProtection.CreateProtector(
+                    GetType().FullName, Scheme.Name, "v1");
+                Options.StateDataFormat = new SecureDataFormat<RequestToken>(
+                    new RequestTokenSerializer(),
+                    dataProtector);
+            }
+
+            if (Options.Backchannel == null)
+            {
+                Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+                Options.Backchannel.Timeout = Options.BackchannelTimeout;
+                Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+                Options.Backchannel.DefaultRequestHeaders.Accept.ParseAdd("*/*");
+                Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core Twitter handler");
+                Options.Backchannel.DefaultRequestHeaders.ExpectContinue = false;
+            }
         }
 
         protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
@@ -113,30 +148,29 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 action.Run(user, identity, Options.ClaimsIssuer);
             }
 
-            var context = new TwitterCreatingTicketContext(Context, Options, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
+            var context = new TwitterCreatingTicketContext(Context, Scheme, Options, properties, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
             {
-                Principal = new ClaimsPrincipal(identity),
-                Properties = properties
+                Principal = new ClaimsPrincipal(identity)
             };
 
-            await Options.Events.CreatingTicket(context);
+            await Events.CreatingTicket(context);
 
             if (context.Principal?.Identity == null)
             {
                 return null;
             }
 
-            return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
+            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
         }
 
-        protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
         {
             if (context == null)
             {
                 throw new ArgumentNullException(nameof(context));
             }
 
-            var properties = new AuthenticationProperties(context.Properties);
+            var properties = context.Properties;
 
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
@@ -151,16 +185,13 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             {
                 HttpOnly = true,
                 Secure = Request.IsHttps,
-                Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
+                Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
 
             Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
 
-            var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(
-                Context, Options,
-                properties, twitterAuthenticationEndpoint);
-            await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
-            return true;
+            var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(Context, Scheme, Options, properties, twitterAuthenticationEndpoint);
+            await Events.RedirectToAuthorizationEndpoint(redirectContext);
         }
 
         private async Task<RequestToken> ObtainRequestTokenAsync(string callBackUri, AuthenticationProperties properties)
@@ -209,7 +240,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var request = new HttpRequestMessage(HttpMethod.Post, RequestTokenEndpoint);
             request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
 
-            var response = await _httpClient.SendAsync(request, Context.RequestAborted);
+            var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             response.EnsureSuccessStatusCode();
             var responseText = await response.Content.ReadAsStringAsync();
 
@@ -279,7 +310,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             request.Content = new FormUrlEncodedContent(formPairs);
 
-            var response = await _httpClient.SendAsync(request, Context.RequestAborted);
+            var response = await Backchannel.SendAsync(request, Context.RequestAborted);
 
             if (!response.IsSuccessStatusCode)
             {
@@ -350,7 +381,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var request = new HttpRequestMessage(HttpMethod.Get, resource_url + "?include_email=true");
             request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
 
-            var response = await _httpClient.SendAsync(request, Context.RequestAborted);
+            var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
                 Logger.LogError("Email request failed with a status code of " + response.StatusCode);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
deleted file mode 100644
index 67fb903dd1..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
+++ /dev/null
@@ -1,123 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Net.Http;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Twitter
-{
-    /// <summary>
-    /// ASP.NET Core middleware for authenticating users using Twitter.
-    /// </summary>
-    public class TwitterMiddleware : AuthenticationMiddleware<TwitterOptions>
-    {
-        private readonly HttpClient _httpClient;
-
-        /// <summary>
-        /// Initializes a <see cref="TwitterMiddleware"/>
-        /// </summary>
-        /// <param name="next">The next middleware in the HTTP pipeline to invoke</param>
-        /// <param name="dataProtectionProvider"></param>
-        /// <param name="loggerFactory"></param>
-        /// <param name="encoder"></param>
-        /// <param name="sharedOptions"></param>
-        /// <param name="options">Configuration options for the middleware</param>
-        public TwitterMiddleware(
-            RequestDelegate next,
-            IDataProtectionProvider dataProtectionProvider,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder,
-            IOptions<SharedAuthenticationOptions> sharedOptions,
-            IOptions<TwitterOptions> options)
-            : base(next, options, loggerFactory, encoder)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (dataProtectionProvider == null)
-            {
-                throw new ArgumentNullException(nameof(dataProtectionProvider));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            if (sharedOptions == null)
-            {
-                throw new ArgumentNullException(nameof(sharedOptions));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            if (string.IsNullOrEmpty(Options.ConsumerSecret))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerSecret)));
-            }
-            if (string.IsNullOrEmpty(Options.ConsumerKey))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerKey)));
-            }
-            if (!Options.CallbackPath.HasValue)
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.CallbackPath)));
-            }
-
-            if (Options.Events == null)
-            {
-                Options.Events = new TwitterEvents();
-            }
-            if (Options.StateDataFormat == null)
-            {
-                var dataProtector = dataProtectionProvider.CreateProtector(
-                    typeof(TwitterMiddleware).FullName, Options.AuthenticationScheme, "v1");
-                Options.StateDataFormat = new SecureDataFormat<RequestToken>(
-                    new RequestTokenSerializer(),
-                    dataProtector);
-            }
-
-            if (string.IsNullOrEmpty(Options.SignInScheme))
-            {
-                Options.SignInScheme = sharedOptions.Value.SignInScheme;
-            }
-            if (string.IsNullOrEmpty(Options.SignInScheme))
-            {
-                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInScheme"));
-            }
-
-            _httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-            _httpClient.Timeout = Options.BackchannelTimeout;
-            _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-            _httpClient.DefaultRequestHeaders.Accept.ParseAdd("*/*");
-            _httpClient.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core Twitter middleware");
-            _httpClient.DefaultRequestHeaders.ExpectContinue = false;
-        }
-
-        /// <summary>
-        /// Provides the <see cref="AuthenticationHandler{T}"/> object for processing authentication-related requests.
-        /// </summary>
-        /// <returns>An <see cref="AuthenticationHandler{T}"/> configured with the <see cref="TwitterOptions"/> supplied to the constructor.</returns>
-        protected override AuthenticationHandler<TwitterOptions> CreateHandler()
-        {
-            return new TwitterHandler(_httpClient);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 836dd3c0d5..cf1bf48566 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -6,12 +6,13 @@ using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     /// <summary>
-    /// Options for the Twitter authentication middleware.
+    /// Options for the Twitter authentication handler.
     /// </summary>
     public class TwitterOptions : RemoteAuthenticationOptions
     {
@@ -20,8 +21,6 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public TwitterOptions()
         {
-            AuthenticationScheme = TwitterDefaults.AuthenticationScheme;
-            DisplayName = AuthenticationScheme;
             CallbackPath = new PathString("/signin-twitter");
             BackchannelTimeout = TimeSpan.FromSeconds(60);
             Events = new TwitterEvents();
@@ -55,16 +54,16 @@ namespace Microsoft.AspNetCore.Builder
         public ClaimActionCollection ClaimActions { get; } = new ClaimActionCollection();
 
         /// <summary>
-        /// Gets or sets the type used to secure data handled by the middleware.
+        /// Gets or sets the type used to secure data handled by the handler.
         /// </summary>
         public ISecureDataFormat<RequestToken> StateDataFormat { get; set; }
 
         /// <summary>
-        /// Gets or sets the <see cref="ITwitterEvents"/> used to handle authentication events.
+        /// Gets or sets the <see cref="TwitterEvents"/> used to handle authentication events.
         /// </summary>
-        public new ITwitterEvents Events
+        public new TwitterEvents Events
         {
-            get { return (ITwitterEvents)base.Events; }
+            get { return (TwitterEvents)base.Events; }
             set { base.Events = value; }
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
new file mode 100644
index 0000000000..771601ed1a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
@@ -0,0 +1,29 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.AspNetCore.Builder
+{
+    /// <summary>
+    /// Extension methods to add authentication capabilities to an HTTP application pipeline.
+    /// </summary>
+    public static class AuthAppBuilderExtensions
+    {
+        /// <summary>
+        /// Adds the <see cref="AuthenticationMiddleware"/> to the specified <see cref="IApplicationBuilder"/>, which enables authentication capabilities.
+        /// </summary>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <returns>A reference to this instance after the operation has completed.</returns>
+        public static IApplicationBuilder UseAuthentication(this IApplicationBuilder app)
+        {
+            if (app == null)
+            {
+                throw new ArgumentNullException(nameof(app));
+            }
+            
+            return app.UseMiddleware<AuthenticationMiddleware>();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
deleted file mode 100644
index 28f116d3d8..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    /// <summary>
-    /// Contains the result of an Authenticate call
-    /// </summary>
-    public class AuthenticateResult
-    {
-        private AuthenticateResult() { }
-
-        /// <summary>
-        /// If a ticket was produced, authenticate was successful.
-        /// </summary>
-        public bool Succeeded
-        {
-            get
-            {
-                return Ticket != null;
-            }
-        }
-
-        /// <summary>
-        /// The authentication ticket.
-        /// </summary>
-        public AuthenticationTicket Ticket { get; private set; }
-
-        /// <summary>
-        /// Holds failure information from the authentication.
-        /// </summary>
-        public Exception Failure { get; private set; }
-
-        /// <summary>
-        /// Indicates that stage of authentication was directly handled by user intervention and no
-        /// further processing should be attempted.
-        /// </summary>
-        public bool Handled { get; private set; }
-
-        /// <summary>
-        /// Indicates that this stage of authentication was skipped by user intervention.
-        /// </summary>
-        public bool Skipped { get; private set; }
-
-        public static AuthenticateResult Success(AuthenticationTicket ticket)
-        {
-            if (ticket == null)
-            {
-                throw new ArgumentNullException(nameof(ticket));
-            }
-            return new AuthenticateResult() { Ticket = ticket };
-        }
-
-        public static AuthenticateResult Handle()
-        {
-            return new AuthenticateResult() { Handled = true };
-        }
-
-        public static AuthenticateResult Skip()
-        {
-            return new AuthenticateResult() { Skipped = true };
-        }
-
-        public static AuthenticateResult Fail(Exception failure)
-        {
-            return new AuthenticateResult() { Failure = failure };
-        }
-
-        public static AuthenticateResult Fail(string failureMessage)
-        {
-            return new AuthenticateResult() { Failure = new Exception(failureMessage) };
-        }
-
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 8e7e427659..083884a026 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -4,28 +4,20 @@
 using System;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    /// <summary>
-    /// Base class for the per-request work performed by most authentication middleware.
-    /// </summary>
-    /// <typeparam name="TOptions">Specifies which type for of AuthenticationOptions property</typeparam>
-    public abstract class AuthenticationHandler<TOptions> : IAuthenticationHandler where TOptions : AuthenticationOptions
+    public abstract class AuthenticationHandler<TOptions> : IAuthenticationHandler where TOptions : AuthenticationSchemeOptions, new()
     {
         private Task<AuthenticateResult> _authenticateTask;
-        private bool _finishCalled;
-
-        protected bool SignInAccepted { get; set; }
-        protected bool SignOutAccepted { get; set; }
-        protected bool ChallengeCalled { get; set; }
 
+        public AuthenticationScheme Scheme { get; private set; }
+        public TOptions Options { get; private set; }
         protected HttpContext Context { get; private set; }
 
         protected HttpRequest Request
@@ -38,15 +30,23 @@ namespace Microsoft.AspNetCore.Authentication
             get { return Context.Response; }
         }
 
-        protected PathString OriginalPathBase { get; private set; }
+        protected PathString OriginalPath => Context.Features.Get<IAuthenticationFeature>()?.OriginalPath ?? Request.Path;
 
-        protected PathString OriginalPath { get; private set; }
+        protected PathString OriginalPathBase => Context.Features.Get<IAuthenticationFeature>()?.OriginalPathBase ?? Request.PathBase;
 
-        protected ILogger Logger { get; private set; }
+        protected ILogger Logger { get; }
 
-        protected UrlEncoder UrlEncoder { get; private set; }
+        protected UrlEncoder UrlEncoder { get; }
 
-        public IAuthenticationHandler PriorHandler { get; set; }
+        protected ISystemClock Clock { get; }
+
+        protected IOptionsSnapshot<TOptions> OptionsSnapshot { get; }
+
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected virtual object Events { get; set; }
 
         protected string CurrentUri
         {
@@ -56,71 +56,89 @@ namespace Microsoft.AspNetCore.Authentication
             }
         }
 
-        protected TOptions Options { get; private set; }
-
-        protected AuthenticateResult InitializeResult { get; private set; }
+        protected AuthenticationHandler(IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        {
+            Logger = logger.CreateLogger(this.GetType().FullName);
+            UrlEncoder = encoder;
+            Clock = clock;
+            OptionsSnapshot = options;
+        }
 
         /// <summary>
-        /// Initialize is called once per request to contextualize this instance with appropriate state.
+        /// Initialize the handler, resolve the options and validate them.
         /// </summary>
-        /// <param name="options">The original options passed by the application control behavior</param>
-        /// <param name="context">The utility object to observe the current request and response</param>
-        /// <param name="logger">The logging factory used to create loggers</param>
-        /// <param name="encoder">The <see cref="UrlEncoder"/>.</param>
-        /// <returns>async completion</returns>
-        public async Task InitializeAsync(TOptions options, HttpContext context, ILogger logger, UrlEncoder encoder)
+        /// <param name="scheme"></param>
+        /// <param name="context"></param>
+        /// <returns></returns>
+        public async Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
         {
-            if (options == null)
+            if (scheme == null)
             {
-                throw new ArgumentNullException(nameof(options));
+                throw new ArgumentNullException(nameof(scheme));
             }
-
             if (context == null)
             {
                 throw new ArgumentNullException(nameof(context));
             }
 
-            if (logger == null)
-            {
-                throw new ArgumentNullException(nameof(logger));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            Options = options;
+            Scheme = scheme;
             Context = context;
-            OriginalPathBase = Request.PathBase;
-            OriginalPath = Request.Path;
-            Logger = logger;
-            UrlEncoder = encoder;
 
-            RegisterAuthenticationHandler();
-
-            Response.OnStarting(OnStartingCallback, this);
-
-            if (ShouldHandleScheme(AuthenticationManager.AutomaticScheme, Options.AutomaticAuthenticate))
+            Options = OptionsSnapshot.Get(Scheme.Name) ?? new TOptions();
+            if (!Options.Initialized)
             {
-                InitializeResult = await HandleAuthenticateOnceAsync();
-                if (InitializeResult?.Skipped == true || InitializeResult?.Handled == true)
+                lock (Options.InitializeLock)
                 {
-                    return;
-                }
-
-                if (InitializeResult?.Failure != null)
-                {
-                    Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Options.AuthenticationScheme, InitializeResult.Failure.Message);
-                }
-
-                var ticket = InitializeResult?.Ticket;
-                if (ticket?.Principal != null)
-                {
-                    Context.User = SecurityHelper.MergeUserPrincipal(Context.User, ticket.Principal);
-                    Logger.UserPrinicpalMerged(Options.AuthenticationScheme);
+                    if (!Options.Initialized)
+                    {
+                        InitializeOptions();
+                        Options.Initialized = true;
+                    }
                 }
             }
+
+            Options.Validate();
+
+            await InitializeEventsAsync();
+            await InitializeHandlerAsync();
+        }
+
+        /// <summary>
+        /// Initializes the events object, called once per request by <see cref="InitializeAsync(AuthenticationScheme, HttpContext)"/>.
+        /// </summary>
+        protected virtual async Task InitializeEventsAsync()
+        {
+            Events = Options.Events;
+            if (Options.EventsType != null)
+            {
+                Events = Context.RequestServices.GetRequiredService(Options.EventsType);
+            }
+            Events = Events ?? await CreateEventsAsync();
+        }
+
+        /// <summary>
+        /// Creates a new instance of the events instance.
+        /// </summary>
+        /// <returns>A new instance of the events instance.</returns>
+        protected virtual Task<object> CreateEventsAsync() => Task.FromResult(new object());
+
+        /// <summary>
+        /// Initializes the options, will be called only once by <see cref="InitializeAsync(AuthenticationScheme, HttpContext)"/>.
+        /// </summary>
+        protected virtual void InitializeOptions()
+        {
+            // REVIEW: is there a better place for this default?
+            Options.DisplayName = Options.DisplayName ?? Scheme.Name;
+            Options.ClaimsIssuer = Options.ClaimsIssuer ?? Scheme.Name;
+        }
+
+        /// <summary>
+        /// Called after options/events have been initialized for the handler to finish initializing itself.
+        /// </summary>
+        /// <returns>A task</returns>
+        protected virtual Task InitializeHandlerAsync()
+        {
+            return TaskCache.CompletedTask;
         }
 
         protected string BuildRedirectUri(string targetPath)
@@ -128,121 +146,23 @@ namespace Microsoft.AspNetCore.Authentication
             return Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;
         }
 
-        private static async Task OnStartingCallback(object state)
+        public async Task<AuthenticateResult> AuthenticateAsync()
         {
-            var handler = (AuthenticationHandler<TOptions>)state;
-            await handler.FinishResponseOnce();
-        }
-
-        private async Task FinishResponseOnce()
-        {
-            if (!_finishCalled)
+            // Calling Authenticate more than once should always return the original value.
+            var result = await HandleAuthenticateOnceAsync();
+            if (result?.Failure == null)
             {
-                _finishCalled = true;
-                await FinishResponseAsync();
-                await HandleAutomaticChallengeIfNeeded();
-            }
-        }
-
-        /// <summary>
-        /// Hook that is called when the response about to be sent
-        /// </summary>
-        /// <returns></returns>
-        protected virtual Task FinishResponseAsync()
-        {
-            return TaskCache.CompletedTask;
-        }
-
-        private async Task HandleAutomaticChallengeIfNeeded()
-        {
-            if (!ChallengeCalled && Options.AutomaticChallenge && Response.StatusCode == 401)
-            {
-                await HandleUnauthorizedAsync(new ChallengeContext(Options.AuthenticationScheme));
-            }
-        }
-
-        /// <summary>
-        /// Called once after Invoke by AuthenticationMiddleware.
-        /// </summary>
-        /// <returns>async completion</returns>
-        internal async Task TeardownAsync()
-        {
-            try
-            {
-                await FinishResponseOnce();
-            }
-            finally
-            {
-                UnregisterAuthenticationHandler();
-            }
-        }
-
-        /// <summary>
-        /// Called once by common code after initialization. If an authentication middleware responds directly to
-        /// specifically known paths it must override this virtual, compare the request path to it's known paths,
-        /// provide any response information as appropriate, and true to stop further processing.
-        /// </summary>
-        /// <returns>Returning false will cause the common code to call the next middleware in line. Returning true will
-        /// cause the common code to begin the async completion journey without calling the rest of the middleware
-        /// pipeline.</returns>
-        public virtual Task<bool> HandleRequestAsync()
-        {
-            if (InitializeResult?.Handled == true)
-            {
-                return Task.FromResult(true);
-            }
-            return Task.FromResult(false);
-        }
-
-        public void GetDescriptions(DescribeSchemesContext describeContext)
-        {
-            describeContext.Accept(Options.Description.Items);
-
-            if (PriorHandler != null)
-            {
-                PriorHandler.GetDescriptions(describeContext);
-            }
-        }
-
-        public bool ShouldHandleScheme(string authenticationScheme, bool handleAutomatic)
-        {
-            return string.Equals(Options.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
-                (handleAutomatic && string.Equals(authenticationScheme, AuthenticationManager.AutomaticScheme, StringComparison.Ordinal));
-        }
-
-        public async Task AuthenticateAsync(AuthenticateContext context)
-        {
-            var handled = false;
-            if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticAuthenticate))
-            {
-                // Calling Authenticate more than once should always return the original value.
-                var result = await HandleAuthenticateOnceAsync();
-
-                if (result?.Failure != null)
+                var ticket = result?.Ticket;
+                if (ticket?.Principal != null)
                 {
-                    context.Failed(result.Failure);
+                    Logger.AuthenticationSchemeAuthenticated(Scheme.Name);
                 }
                 else
                 {
-                    var ticket = result?.Ticket;
-                    if (ticket?.Principal != null)
-                    {
-                        context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
-                        Logger.AuthenticationSchemeAuthenticated(Options.AuthenticationScheme);
-                        handled = true;
-                    }
-                    else
-                    {
-                        context.NotAuthenticated();
-                        Logger.AuthenticationSchemeNotAuthenticated(Options.AuthenticationScheme);
-                    }
+                    Logger.AuthenticationSchemeNotAuthenticated(Scheme.Name);
                 }
             }
-
-            if (PriorHandler != null && !handled)
-            {
-                await PriorHandler.AuthenticateAsync(context);
-            }
+            return result;
         }
 
         /// <summary>
@@ -280,17 +200,13 @@ namespace Microsoft.AspNetCore.Authentication
 
         public async Task SignInAsync(SignInContext context)
         {
-            if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
+            if (context == null)
             {
-                SignInAccepted = true;
-                await HandleSignInAsync(context);
-                Logger.AuthenticationSchemeSignedIn(Options.AuthenticationScheme);
-                context.Accept();
-            }
-            else if (PriorHandler != null)
-            {
-                await PriorHandler.SignInAsync(context);
+                throw new ArgumentNullException(nameof(context));
             }
+
+            await HandleSignInAsync(context);
+            Logger.AuthenticationSchemeSignedIn(Scheme.Name);
         }
 
         protected virtual Task HandleSignInAsync(SignInContext context)
@@ -305,17 +221,8 @@ namespace Microsoft.AspNetCore.Authentication
                 throw new ArgumentNullException(nameof(context));
             }
 
-            if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
-            {
-                SignOutAccepted = true;
-                await HandleSignOutAsync(context);
-                Logger.AuthenticationSchemeSignedOut(Options.AuthenticationScheme);
-                context.Accept();
-            }
-            else if (PriorHandler != null)
-            {
-                await PriorHandler.SignOutAsync(context);
-            }
+            await HandleSignOutAsync(context);
+            Logger.AuthenticationSchemeSignedOut(Scheme.Name);
         }
 
         protected virtual Task HandleSignOutAsync(SignOutContext context)
@@ -327,10 +234,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// Override this method to deal with a challenge that is forbidden.
         /// </summary>
         /// <param name="context"></param>
-        protected virtual Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        /// <returns>A Task.</returns>
+        protected virtual Task HandleForbiddenAsync(ChallengeContext context)
         {
             Response.StatusCode = 403;
-            return Task.FromResult(true);
+            return TaskCache.CompletedTask;
         }
 
         /// <summary>
@@ -339,58 +247,34 @@ namespace Microsoft.AspNetCore.Authentication
         /// changing the 401 result to 302 of a login page or external sign-in location.)
         /// </summary>
         /// <param name="context"></param>
-        /// <returns>True if no other handlers should be called</returns>
-        protected virtual Task<bool> HandleUnauthorizedAsync(ChallengeContext context)
+        /// <returns>A Task.</returns>
+        protected virtual Task HandleUnauthorizedAsync(ChallengeContext context)
         {
             Response.StatusCode = 401;
-            return Task.FromResult(false);
+            return TaskCache.CompletedTask;
         }
 
         public async Task ChallengeAsync(ChallengeContext context)
         {
-            ChallengeCalled = true;
-            var handled = false;
-            if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
+            switch (context.Behavior)
             {
-                switch (context.Behavior)
-                {
-                    case ChallengeBehavior.Automatic:
-                        // If there is a principal already, invoke the forbidden code path
-                        var result = await HandleAuthenticateOnceSafeAsync();
-                        if (result?.Ticket?.Principal != null)
-                        {
-                            goto case ChallengeBehavior.Forbidden;
-                        }
-                        goto case ChallengeBehavior.Unauthorized;
-                    case ChallengeBehavior.Unauthorized:
-                        handled = await HandleUnauthorizedAsync(context);
-                        Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
-                        break;
-                    case ChallengeBehavior.Forbidden:
-                        handled = await HandleForbiddenAsync(context);
-                        Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
-                        break;
-                }
-                context.Accept();
+                case ChallengeBehavior.Automatic:
+                    // If there is a principal already, invoke the forbidden code path
+                    var result = await HandleAuthenticateOnceSafeAsync();
+                    if (result?.Principal != null)
+                    {
+                        goto case ChallengeBehavior.Forbidden;
+                    }
+                    goto case ChallengeBehavior.Unauthorized;
+                case ChallengeBehavior.Unauthorized:
+                    await HandleUnauthorizedAsync(context);
+                    Logger.AuthenticationSchemeChallenged(Scheme.Name);
+                    break;
+                case ChallengeBehavior.Forbidden:
+                    await HandleForbiddenAsync(context);
+                    Logger.AuthenticationSchemeForbidden(Scheme.Name);
+                    break;
             }
-
-            if (!handled && PriorHandler != null)
-            {
-                await PriorHandler.ChallengeAsync(context);
-            }
-        }
-
-        private void RegisterAuthenticationHandler()
-        {
-            var auth = Context.GetAuthentication();
-            PriorHandler = auth.Handler;
-            auth.Handler = this;
-        }
-
-        private void UnregisterAuthenticationHandler()
-        {
-            var auth = Context.GetAuthentication();
-            auth.Handler = PriorHandler;
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
index a01490c3e4..eba561d1da 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
@@ -2,90 +2,65 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.DependencyInjection;
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    public abstract class AuthenticationMiddleware<TOptions> where TOptions : AuthenticationOptions, new()
+    public class AuthenticationMiddleware
     {
         private readonly RequestDelegate _next;
 
-        protected AuthenticationMiddleware(
-            RequestDelegate next,
-            IOptions<TOptions> options,
-            ILoggerFactory loggerFactory,
-            UrlEncoder encoder)
+        public AuthenticationMiddleware(RequestDelegate next, IAuthenticationSchemeProvider schemes)
         {
             if (next == null)
             {
                 throw new ArgumentNullException(nameof(next));
             }
-
-            if (options == null)
+            if (schemes == null)
             {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            if (loggerFactory == null)
-            {
-                throw new ArgumentNullException(nameof(loggerFactory));
-            }
-
-            if (encoder == null)
-            {
-                throw new ArgumentNullException(nameof(encoder));
-            }
-
-            Options = options.Value;
-            Logger = loggerFactory.CreateLogger(this.GetType().FullName);
-            UrlEncoder = encoder;
-
-            if (string.IsNullOrEmpty(Options.ClaimsIssuer))
-            {
-                // Default to something reasonable
-                Options.ClaimsIssuer = Options.AuthenticationScheme;
+                throw new ArgumentNullException(nameof(schemes));
             }
 
             _next = next;
+            Schemes = schemes;
         }
 
-        public string AuthenticationScheme { get; set; }
-
-        public TOptions Options { get; set; }
-
-        public ILogger Logger { get; set; }
-
-        public UrlEncoder UrlEncoder { get; set; }
+        public IAuthenticationSchemeProvider Schemes { get; set; }
 
         public async Task Invoke(HttpContext context)
         {
-            var handler = CreateHandler();
-            await handler.InitializeAsync(Options, context, Logger, UrlEncoder);
-            try
+            context.Features.Set<IAuthenticationFeature>(new AuthenticationFeature
             {
-                if (!await handler.HandleRequestAsync())
-                {
-                    await _next(context);
-                }
-            }
-            finally
-            {
-                try
-                {
-                    await handler.TeardownAsync();
-                }
-                catch (Exception)
-                {
-                    // Don't mask the original exception, if any
-                }
-            }
-        }
+                OriginalPath = context.Request.Path,
+                OriginalPathBase = context.Request.PathBase
+            });
 
-        protected abstract AuthenticationHandler<TOptions> CreateHandler();
+            // REVIEW: alternatively could depend on a routing middleware to do this
+
+            // Give any IAuthenticationRequestHandler schemes a chance to handle the request
+            var handlers = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
+            foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync())
+            {
+                var handler = await handlers.GetHandlerAsync(context, scheme.Name) as IAuthenticationRequestHandler;
+                if (handler != null && await handler.HandleRequestAsync())
+                {
+                    return;
+                }
+            }
+
+            var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
+            if (defaultAuthenticate != null)
+            {
+                var result = await context.AuthenticateAsync(defaultAuthenticate.Name);
+                if (result?.Principal != null)
+                {
+                    context.User = result.Principal;
+                }
+            }
+
+            await _next(context);
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
deleted file mode 100644
index 34ec577f18..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Http.Authentication;
-using System.ComponentModel;
-
-namespace Microsoft.AspNetCore.Builder
-{
-    /// <summary>
-    /// Base Options for all authentication middleware.
-    /// </summary>
-    public abstract class AuthenticationOptions
-    {
-        private string _authenticationScheme;
-
-        /// <summary>
-        /// The AuthenticationScheme in the options corresponds to the logical name for a particular authentication scheme. A different
-        /// value may be assigned in order to use the same authentication middleware type more than once in a pipeline.
-        /// </summary>
-        public string AuthenticationScheme
-        {
-            get { return _authenticationScheme; }
-            set
-            {
-                _authenticationScheme = value;
-                Description.AuthenticationScheme = value;
-            }
-        }
-
-        /// <summary>
-        /// If true the authentication middleware alter the request user coming in. If false the authentication middleware will only provide
-        /// identity when explicitly indicated by the AuthenticationScheme.
-        /// </summary>
-        public bool AutomaticAuthenticate { get; set; }
-
-        /// <summary>
-        /// If true the authentication middleware should handle automatic challenge.
-        /// If false the authentication middleware will only alter responses when explicitly indicated by the AuthenticationScheme.
-        /// </summary>
-        public bool AutomaticChallenge { get; set; }
-
-        /// <summary>
-        /// Gets or sets the issuer that should be used for any claims that are created
-        /// </summary>
-        public string ClaimsIssuer { get; set; }
-
-        /// <summary>
-        /// Additional information about the authentication type which is made available to the application.
-        /// </summary>
-        public AuthenticationDescription Description { get; set; } = new AuthenticationDescription();
-
-        /// <summary>
-        /// For testing purposes only.
-        /// </summary>
-        [EditorBrowsable(EditorBrowsableState.Never)]
-        public ISystemClock SystemClock { get; set; } = new SystemClock();
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
new file mode 100644
index 0000000000..09e7abbd4f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Contains the options used by the <see cref="AuthenticationHandler{T}"/>.
+    /// </summary>
+    public class AuthenticationSchemeOptions
+    {
+        /// <summary>
+        /// Check that the options are valid. Should throw an exception if things are not ok.
+        /// </summary>
+        public virtual void Validate()
+        {
+        }
+
+        /// <summary>
+        /// Gets or sets the display name for the authentication provider.
+        /// </summary>
+        public string DisplayName { get; set; }
+
+        /// <summary>
+        /// Gets or sets the issuer that should be used for any claims that are created
+        /// </summary>
+        public string ClaimsIssuer { get; set; }
+
+        /// <summary>
+        /// Instance used for events
+        /// </summary>
+        public object Events { get; set; }
+
+        /// <summary>
+        /// If set, will be used as the service type to get the Events instance instead of the property.
+        /// </summary>
+        public Type EventsType { get; set; }
+
+        /// <summary>
+        /// Used to ensure that the options are only initialized once.
+        /// </summary>
+        public bool Initialized { get; set; }
+
+        /// <summary>
+        /// Used to prevent concurrent access during intialization.
+        /// </summary>
+        public object InitializeLock { get; } = new object();
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 2aa320ae21..074f45b5fb 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -2,7 +2,11 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -11,11 +15,6 @@ namespace Microsoft.Extensions.DependencyInjection
     /// </summary>
     public static class AuthenticationServiceCollectionExtensions
     {
-        /// <summary>
-        /// Adds authentication services to the specified <see cref="IServiceCollection" />. 
-        /// </summary>
-        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
-        /// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
         public static IServiceCollection AddAuthentication(this IServiceCollection services)
         {
             if (services == null)
@@ -23,19 +22,14 @@ namespace Microsoft.Extensions.DependencyInjection
                 throw new ArgumentNullException(nameof(services));
             }
 
-            services.AddWebEncoders();
+            services.AddAuthenticationCore();
             services.AddDataProtection();
+            services.AddWebEncoders();
+            services.TryAddSingleton<ISystemClock, SystemClock>();
             return services;
         }
 
-        /// <summary>
-        /// Adds authentication services to the specified <see cref="IServiceCollection" />. 
-        /// </summary>
-        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
-        /// <param name="configureOptions">An action delegate to configure the provided <see cref="SharedAuthenticationOptions"/>.</param>
-        /// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
-        public static IServiceCollection AddAuthentication(this IServiceCollection services, Action<SharedAuthenticationOptions> configureOptions)
-        {
+        public static IServiceCollection AddAuthentication(this IServiceCollection services, Action<AuthenticationOptions> configureOptions) {
             if (services == null)
             {
                 throw new ArgumentNullException(nameof(services));
@@ -46,8 +40,33 @@ namespace Microsoft.Extensions.DependencyInjection
                 throw new ArgumentNullException(nameof(configureOptions));
             }
 
+            services.AddAuthentication();
             services.Configure(configureOptions);
-            return services.AddAuthentication();
+            return services;
         }
+
+        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<AuthenticationSchemeBuilder> configureScheme, Action<TOptions> configureOptions)
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+        {
+            services.AddAuthentication(o =>
+            {
+                o.AddScheme(authenticationScheme, scheme => {
+                    scheme.HandlerType = typeof(THandler);
+                    configureScheme?.Invoke(scheme);
+                });
+            });
+            if (configureOptions != null)
+            {
+                services.Configure(authenticationScheme, configureOptions);
+            }
+            services.AddTransient<THandler>();
+            return services;
+        }
+
+        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+            => services.AddScheme<TOptions, THandler>(authenticationScheme, configureScheme: null, configureOptions: configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
deleted file mode 100644
index 1d56a8fb34..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Http.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    /// <summary>
-    /// Contains user identity information as well as additional authentication state.
-    /// </summary>
-    public class AuthenticationTicket
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
-        /// </summary>
-        /// <param name="principal">the <see cref="ClaimsPrincipal"/> that represents the authenticated user.</param>
-        /// <param name="properties">additional properties that can be consumed by the user or runtime.</param>
-        /// <param name="authenticationScheme">the authentication middleware that was responsible for this ticket.</param>
-        public AuthenticationTicket(ClaimsPrincipal principal, AuthenticationProperties properties, string authenticationScheme)
-        {
-            if (principal == null)
-            {
-                throw new ArgumentNullException(nameof(principal));
-            }
-            AuthenticationScheme = authenticationScheme;
-            Principal = principal;
-            Properties = properties ?? new AuthenticationProperties();
-        }
-
-        /// <summary>
-        /// Gets the authentication type.
-        /// </summary>
-        public string AuthenticationScheme { get; private set; }
-
-        /// <summary>
-        /// Gets the claims-principal with authenticated user identities.
-        /// </summary>
-        public ClaimsPrincipal Principal{ get; private set; }
-
-        /// <summary>
-        /// Additional state values for the authentication session.
-        /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
deleted file mode 100644
index 6503f0bb85..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public class AuthenticationToken
-    {
-        public string Name { get; set; }
-        public string Value { get; set; }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
deleted file mode 100644
index 1edb4a0f4b..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Builder
-{
-    /// <summary>
-    /// Extension methods to add claims transformation capabilities to an HTTP application pipeline.
-    /// </summary>
-    public static class ClaimsTransformationAppBuilderExtensions
-    {
-        /// <summary>
-        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-
-            return app.UseMiddleware<ClaimsTransformationMiddleware>();
-        }
-
-        /// <summary>
-        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="transform">A function that asynchronously transforms one <see cref="ClaimsPrincipal"/> to another.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Func<ClaimsTransformationContext, Task<ClaimsPrincipal>> transform)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (transform == null)
-            {
-                throw new ArgumentNullException(nameof(transform));
-            }
-
-            return app.UseClaimsTransformation(new ClaimsTransformationOptions
-            {
-                Transformer = new ClaimsTransformer { OnTransform = transform }
-            });
-        }
-
-        /// <summary>
-        /// Adds the <see cref="ClaimsTransformationMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables claims transformation capabilities.
-        /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">The <see cref="ClaimsTransformationOptions"/> to configure the middleware with.</param>
-        /// <returns>A reference to this instance after the operation has completed.</returns>
-        public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, ClaimsTransformationOptions options)
-        {
-            if (app == null)
-            {
-                throw new ArgumentNullException(nameof(app));
-            }
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            return app.UseMiddleware<ClaimsTransformationMiddleware>(Options.Create(options));
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs
deleted file mode 100644
index 3c363ca98f..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-using Microsoft.AspNetCore.Http;
-using System.Security.Claims;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public class ClaimsTransformationContext
-    {
-        public ClaimsTransformationContext(HttpContext context)
-        {
-            Context = context;
-        }
-        public HttpContext Context { get; }
-        public ClaimsPrincipal Principal { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
deleted file mode 100644
index 27965dbf4e..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
+++ /dev/null
@@ -1,92 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.Extensions.Internal;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    /// <summary>
-    /// Handler that applies ClaimsTransformation to authentication
-    /// </summary>
-    public class ClaimsTransformationHandler : IAuthenticationHandler
-    {
-        private readonly IClaimsTransformer _transform;
-        private readonly HttpContext _httpContext;
-
-        public ClaimsTransformationHandler(IClaimsTransformer transform, HttpContext httpContext)
-        {
-            _transform = transform;
-            _httpContext = httpContext;
-        }
-
-        public IAuthenticationHandler PriorHandler { get; set; }
-
-        public async Task AuthenticateAsync(AuthenticateContext context)
-        {
-            if (PriorHandler != null)
-            {
-                await PriorHandler.AuthenticateAsync(context);
-                if (_transform != null && context?.Principal != null)
-                {
-                    var transformationContext = new ClaimsTransformationContext(_httpContext)
-                    {
-                        Principal = context.Principal
-                    };
-                    context.Authenticated(
-                        await _transform.TransformAsync(transformationContext),
-                        context.Properties,
-                        context.Description);
-                }
-            }
-        }
-
-        public Task ChallengeAsync(ChallengeContext context)
-        {
-            if (PriorHandler != null)
-            {
-                return PriorHandler.ChallengeAsync(context);
-            }
-            return TaskCache.CompletedTask;
-        }
-
-        public void GetDescriptions(DescribeSchemesContext context)
-        {
-            if (PriorHandler != null)
-            {
-                PriorHandler.GetDescriptions(context);
-            }
-        }
-
-        public Task SignInAsync(SignInContext context)
-        {
-            if (PriorHandler != null)
-            {
-                return PriorHandler.SignInAsync(context);
-            }
-            return TaskCache.CompletedTask;
-        }
-
-        public Task SignOutAsync(SignOutContext context)
-        {
-            if (PriorHandler != null)
-            {
-                return PriorHandler.SignOutAsync(context);
-            }
-            return TaskCache.CompletedTask;
-        }
-
-        public void RegisterAuthenticationHandler(IHttpAuthenticationFeature auth)
-        {
-            PriorHandler = auth.Handler;
-            auth.Handler = this;
-        }
-
-        public void UnregisterAuthenticationHandler(IHttpAuthenticationFeature auth)
-        {
-            auth.Handler = PriorHandler;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
deleted file mode 100644
index 53f6a07a87..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public class ClaimsTransformationMiddleware
-    {
-        private readonly RequestDelegate _next;
-
-        public ClaimsTransformationMiddleware(
-            RequestDelegate next,
-            IOptions<ClaimsTransformationOptions> options)
-        {
-            if (next == null)
-            {
-                throw new ArgumentNullException(nameof(next));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            Options = options.Value;
-            _next = next;
-        }
-
-        public ClaimsTransformationOptions Options { get; set; }
-
-        public async Task Invoke(HttpContext context)
-        {
-            var handler = new ClaimsTransformationHandler(Options.Transformer, context);
-            handler.RegisterAuthenticationHandler(context.GetAuthentication());
-            try
-            {
-                if (Options.Transformer != null)
-                {
-                    var transformationContext = new ClaimsTransformationContext(context)
-                    {
-                        Principal = context.User
-                    };
-                    context.User = await Options.Transformer.TransformAsync(transformationContext);
-                }
-                await _next(context);
-            }
-            finally
-            {
-                handler.UnregisterAuthenticationHandler(context.GetAuthentication());
-            }
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
deleted file mode 100644
index 70a76f27c6..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Authentication;
-
-namespace Microsoft.AspNetCore.Builder
-{
-    /// <summary>
-    /// Contains the options used by the <see cref="ClaimsTransformationMiddleware"/>.
-    /// </summary>
-    public class ClaimsTransformationOptions
-    {
-        /// <summary>
-        /// Responsible for transforming the claims principal.
-        /// </summary>
-        public IClaimsTransformer Transformer { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
deleted file mode 100644
index db05db0e5b..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Security.Claims;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public class ClaimsTransformer : IClaimsTransformer
-    {
-        public Func<ClaimsTransformationContext, Task<ClaimsPrincipal>> OnTransform { get; set; }
-
-        public virtual Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
-        {
-            return OnTransform?.Invoke(context) ?? Task.FromResult(context.Principal);
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs b/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs b/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs b/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
deleted file mode 100644
index 10b3325d4f..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public abstract class BaseContext
-    {
-        protected BaseContext(HttpContext context)
-        {
-            HttpContext = context;
-        }
-
-        public HttpContext HttpContext { get; private set; }
-
-        public HttpRequest Request
-        {
-            get { return HttpContext.Request; }
-        }
-
-        public HttpResponse Response
-        {
-            get { return HttpContext.Response; }
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
index 4039a05609..fa582a3040 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
@@ -34,10 +34,10 @@ namespace Microsoft.AspNetCore.Authentication
         }
 
         /// <summary>
-        /// Discontinue processing the request in the current middleware and pass control to the next one.
+        /// Discontinue processing the request in the current handler.
         /// SignIn will not be called.
         /// </summary>
-        public void SkipToNextMiddleware()
+        public void Skip()
         {
             State = EventResultState.Skipped;
         }
@@ -47,7 +47,12 @@ namespace Microsoft.AspNetCore.Authentication
         /// </summary>
         public AuthenticationTicket Ticket { get; set; }
 
-        public bool CheckEventResult(out AuthenticateResult result)
+        /// <summary>
+        /// Returns true if the handler should be done processing.
+        /// </summary>
+        /// <param name="result">The result.</param>
+        /// <returns>Whether the handler should be done processing.</returns>
+        public bool IsProcessingComplete(out AuthenticateResult result)
         {
             if (HandledResponse)
             {
@@ -63,7 +68,7 @@ namespace Microsoft.AspNetCore.Authentication
             }
             else if (Skipped)
             {
-                result = AuthenticateResult.Skip();
+                result = AuthenticateResult.None();
                 return true;
             }
             result = null;
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
index b11dec93f1..dad4c40fec 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNetCore.Authentication
         Continue,
 
         /// <summary>
-        /// Discontinue processing the request in the current middleware and pass control to the next one.
+        /// Discontinue processing the request.
         /// </summary>
         Skipped,
 
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
index 35af9cee30..5d2b30f130 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
@@ -7,7 +7,7 @@ using Microsoft.AspNetCore.Http;
 namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
-    /// Provides failure context information to middleware providers.
+    /// Provides failure context information to handler providers.
     /// </summary>
     public class FailureContext : BaseControlContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
deleted file mode 100644
index e2109a0651..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public interface IRemoteAuthenticationEvents
-    {
-        /// <summary>
-        /// Invoked when the remote authentication process has an error.
-        /// </summary>
-        Task RemoteFailure(FailureContext context);
-
-        /// <summary>
-        /// Invoked before sign in.
-        /// </summary>
-        Task TicketReceived(TicketReceivedContext context);
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
index 6e7d6a35c6..a130c1b14c 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -7,7 +7,7 @@ using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    public class RemoteAuthenticationEvents : IRemoteAuthenticationEvents
+    public class RemoteAuthenticationEvents
     {
         public Func<FailureContext, Task> OnRemoteFailure { get; set; } = context => TaskCache.CompletedTask;
 
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
index 5d5fd4883c..c0797ea9cc 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
@@ -2,14 +2,13 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
-    /// Provides context information to middleware providers.
+    /// Provides context information to handler providers.
     /// </summary>
     public class TicketReceivedContext : BaseControlContext
     {
diff --git a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
deleted file mode 100644
index 0d245cf0a7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    internal static class HttpContextExtensions
-    {
-        internal static IHttpAuthenticationFeature GetAuthentication(this HttpContext context)
-        {
-            var auth = context.Features.Get<IHttpAuthenticationFeature>();
-            if (auth == null)
-            {
-                auth = new HttpAuthenticationFeature();
-                context.Features.Set(auth);
-            }
-            return auth;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
deleted file mode 100644
index cd42915c0a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Security.Claims;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    /// <summary>
-    /// Used for claims transformation.
-    /// </summary>
-    public interface IClaimsTransformer
-    {
-        /// <summary>
-        /// Provides a central transformation point to change the specified principal.
-        /// </summary>
-        /// <param name="context"><see cref="ClaimsTransformationContext"/> containing principal to transform and current HttpContext.</param>
-        /// <returns>The transformed principal.</returns>
-        Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context);
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 316defc436..d4335f6d4a 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -11,6 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(AspNetCoreVersion)" />
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
index a6cf910462..11e2e45868 100644
--- a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
@@ -1,6 +1,7 @@
 // <auto-generated />
 namespace Microsoft.AspNetCore.Authentication
 {
+    using System.Globalization;
     using System.Reflection;
     using System.Resources;
 
@@ -57,6 +58,22 @@ namespace Microsoft.AspNetCore.Authentication
             return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods");
         }
 
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get { return GetString("Exception_OptionMustBeProvided"); }
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+        {
+            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+        }
+
         private static string GetString(string name, params string[] formatterNames)
         {
             var value = _resourceManager.GetString(name);
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 1e41fb0b50..fc663317e4 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -3,16 +3,18 @@
 
 using System;
 using System.Security.Cryptography;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions> where TOptions : RemoteAuthenticationOptions
+    public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationRequestHandler 
+        where TOptions : RemoteAuthenticationOptions, new()
     {
         private const string CorrelationPrefix = ".AspNetCore.Correlation.";
         private const string CorrelationProperty = ".xsrf";
@@ -21,21 +23,64 @@ namespace Microsoft.AspNetCore.Authentication
 
         private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
-        public override async Task<bool> HandleRequestAsync()
-        {
-            if (Options.CallbackPath == Request.Path)
-            {
-                return await HandleRemoteCallbackAsync();
-            }
+        protected string SignInScheme => Options.SignInScheme;
 
-            return false;
+        protected IDataProtectionProvider DataProtection { get; set; }
+
+        private readonly AuthenticationOptions _authOptions;
+
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new RemoteAuthenticationEvents Events
+        {
+            get { return (RemoteAuthenticationEvents)base.Events; }
+            set { base.Events = value; }
         }
 
-        protected virtual async Task<bool> HandleRemoteCallbackAsync()
+        protected RemoteAuthenticationHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<TOptions> options, IDataProtectionProvider dataProtection, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
         {
+            _authOptions = sharedOptions.Value;
+            DataProtection = dataProtection;
+        }
+
+        protected override Task InitializeHandlerAsync()
+        {
+            DataProtection = Options.DataProtectionProvider ?? DataProtection;
+            return TaskCache.CompletedTask;
+        }
+
+        protected override Task<object> CreateEventsAsync()
+        {
+            return Task.FromResult<object>(new RemoteAuthenticationEvents());
+        }
+
+        protected override void InitializeOptions()
+        {
+            base.InitializeOptions();
+
+            if (Options.SignInScheme == null)
+            {
+                Options.SignInScheme = _authOptions.DefaultSignInScheme;
+            }
+        }
+
+        public virtual Task<bool> ShouldHandleRequestAsync()
+        {
+            return Task.FromResult(Options.CallbackPath == Request.Path);
+        }
+
+        public virtual async Task<bool> HandleRequestAsync()
+        {
+            if (!await ShouldHandleRequestAsync())
+            {
+                return false;
+            }
+
             AuthenticationTicket ticket = null;
             Exception exception = null;
-
             try
             {
                 var authResult = await HandleRemoteAuthenticateAsync();
@@ -47,7 +92,7 @@ namespace Microsoft.AspNetCore.Authentication
                 {
                     return true;
                 }
-                else if (authResult.Skipped)
+                else if (authResult.Nothing)
                 {
                     return false;
                 }
@@ -68,14 +113,13 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 Logger.RemoteAuthenticationError(exception.Message);
                 var errorContext = new FailureContext(Context, exception);
-                await Options.Events.RemoteFailure(errorContext);
+                await Events.RemoteFailure(errorContext);
 
                 if (errorContext.HandledResponse)
                 {
                     return true;
                 }
-
-                if (errorContext.Skipped)
+                else if (errorContext.Skipped)
                 {
                     return false;
                 }
@@ -84,7 +128,7 @@ namespace Microsoft.AspNetCore.Authentication
             }
 
             // We have a ticket if we get here
-            var context = new TicketReceivedContext(Context, Options, ticket)
+            var ticketContext = new TicketReceivedContext(Context, Options, ticket)
             {
                 ReturnUri = ticket.Properties.RedirectUri,
             };
@@ -92,30 +136,30 @@ namespace Microsoft.AspNetCore.Authentication
             ticket.Properties.RedirectUri = null;
 
             // Mark which provider produced this identity so we can cross-check later in HandleAuthenticateAsync
-            context.Properties.Items[AuthSchemeKey] = Options.AuthenticationScheme;
+            ticketContext.Properties.Items[AuthSchemeKey] = Scheme.Name;
 
-            await Options.Events.TicketReceived(context);
+            await Events.TicketReceived(ticketContext);
 
-            if (context.HandledResponse)
+            if (ticketContext.HandledResponse)
             {
                 Logger.SigninHandled();
                 return true;
             }
-            else if (context.Skipped)
+            else if (ticketContext.Skipped)
             {
                 Logger.SigninSkipped();
                 return false;
             }
 
-            await Context.Authentication.SignInAsync(Options.SignInScheme, context.Principal, context.Properties);
+            await Context.SignInAsync(SignInScheme, ticketContext.Principal, ticketContext.Properties);
 
             // Default redirect path is the base path
-            if (string.IsNullOrEmpty(context.ReturnUri))
+            if (string.IsNullOrEmpty(ticketContext.ReturnUri))
             {
-                context.ReturnUri = "/";
+                ticketContext.ReturnUri = "/";
             }
 
-            Response.Redirect(context.ReturnUri);
+            Response.Redirect(ticketContext.ReturnUri);
             return true;
         }
 
@@ -128,34 +172,29 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
-            // Most RemoteAuthenticationHandlers will have a PriorHandler, but it might not be set up during unit tests.
-            if (PriorHandler != null)
+            var result = await Context.AuthenticateAsync(SignInScheme);
+            if (result != null)
             {
-                var authenticateContext = new AuthenticateContext(Options.SignInScheme);
-                await PriorHandler.AuthenticateAsync(authenticateContext);
-                if (authenticateContext.Accepted)
+                if (result.Failure != null)
                 {
-                    if (authenticateContext.Error != null)
-                    {
-                        return AuthenticateResult.Fail(authenticateContext.Error);
-                    }
-
-                    // The SignInScheme may be shared with multiple providers, make sure this middleware issued the identity.
-                    string authenticatedScheme;
-                    if (authenticateContext.Principal != null && authenticateContext.Properties != null
-                        && authenticateContext.Properties.TryGetValue(AuthSchemeKey, out authenticatedScheme)
-                        && string.Equals(Options.AuthenticationScheme, authenticatedScheme, StringComparison.Ordinal))
-                    {
-                        return AuthenticateResult.Success(new AuthenticationTicket(authenticateContext.Principal,
-                            new AuthenticationProperties(authenticateContext.Properties), Options.AuthenticationScheme));
-                    }
-
-                    return AuthenticateResult.Fail("Not authenticated");
+                    return result;
                 }
 
+                // The SignInScheme may be shared with multiple providers, make sure this provider issued the identity.
+                string authenticatedScheme;
+                var ticket = result.Ticket;
+                if (ticket != null && ticket.Principal != null && ticket.Properties != null
+                    && ticket.Properties.Items.TryGetValue(AuthSchemeKey, out authenticatedScheme)
+                    && string.Equals(Scheme.Name, authenticatedScheme, StringComparison.Ordinal))
+                {
+                    return AuthenticateResult.Success(new AuthenticationTicket(ticket.Principal,
+                        ticket.Properties, Scheme.Name));
+                }
+
+                return AuthenticateResult.Fail("Not authenticated");
             }
 
-            return AuthenticateResult.Fail("Remote authentication does not directly support authenticate");
+            return AuthenticateResult.Fail("Remote authentication does not directly support AuthenticateAsync");
         }
 
         protected override Task HandleSignOutAsync(SignOutContext context)
@@ -168,11 +207,10 @@ namespace Microsoft.AspNetCore.Authentication
             throw new NotSupportedException();
         }
 
-        protected override async Task<bool> HandleForbiddenAsync(ChallengeContext context)
+        // REVIEW: This behaviour needs a test (forwarding of forbidden to sign in scheme)
+        protected override Task HandleForbiddenAsync(ChallengeContext context)
         {
-            var challengeContext = new ChallengeContext(Options.SignInScheme, context.Properties, ChallengeBehavior.Forbidden);
-            await PriorHandler.ChallengeAsync(challengeContext);
-            return challengeContext.Accepted;
+            return Context.ForbidAsync(SignInScheme);
         }
 
         protected virtual void GenerateCorrelationId(AuthenticationProperties properties)
@@ -190,12 +228,12 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 HttpOnly = true,
                 Secure = Request.IsHttps,
-                Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
+                Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
 
             properties.Items[CorrelationProperty] = correlationId;
 
-            var cookieName = CorrelationPrefix + Options.AuthenticationScheme + "." + correlationId;
+            var cookieName = CorrelationPrefix + Scheme.Name + "." + correlationId;
 
             Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions);
         }
@@ -216,7 +254,7 @@ namespace Microsoft.AspNetCore.Authentication
 
             properties.Items.Remove(CorrelationProperty);
 
-            var cookieName = CorrelationPrefix + Options.AuthenticationScheme + "." + correlationId;
+            var cookieName = CorrelationPrefix + Scheme.Name + "." + correlationId;
 
             var correlationCookie = Request.Cookies[cookieName];
             if (string.IsNullOrEmpty(correlationCookie))
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index e990abd05a..65cf6f2ec7 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -3,16 +3,33 @@
 
 using System;
 using System.Net.Http;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Authentication;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Contains the options used by the <see cref="RemoteAuthenticationHandler{T}"/>.
     /// </summary>
-    public class RemoteAuthenticationOptions : AuthenticationOptions
+    public class RemoteAuthenticationOptions : AuthenticationSchemeOptions
     {
+        /// <summary>
+        /// Check that the options are valid.  Should throw an exception if things are not ok.
+        /// </summary>
+        public override void Validate()
+        {
+            base.Validate();
+            if (CallbackPath == null || !CallbackPath.HasValue)
+            {
+                throw new ArgumentException(Resources.FormatException_OptionMustBeProvided(nameof(CallbackPath)), nameof(CallbackPath));
+            }
+
+            if (string.IsNullOrEmpty(SignInScheme))
+            {
+                throw new ArgumentException(Resources.FormatException_OptionMustBeProvided(nameof(SignInScheme)), nameof(SignInScheme));
+            }
+        }
+
         /// <summary>
         /// Gets or sets timeout value in milliseconds for back channel communications with the remote identity provider.
         /// </summary>
@@ -28,6 +45,16 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public HttpMessageHandler BackchannelHttpHandler { get; set; }
 
+        /// <summary>
+        /// Used to communicate with the remote identity provider.
+        /// </summary>
+        public HttpClient Backchannel { get; set; }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data.
+        /// </summary>
+        public IDataProtectionProvider DataProtectionProvider { get; set; }
+
         /// <summary>
         /// The request path within the application's base path where the user-agent will be returned.
         /// The middleware will process this request when it arrives.
@@ -38,25 +65,20 @@ namespace Microsoft.AspNetCore.Builder
         /// Gets or sets the authentication scheme corresponding to the middleware
         /// responsible of persisting user's identity after a successful authentication.
         /// This value typically corresponds to a cookie middleware registered in the Startup class.
-        /// When omitted, <see cref="SharedAuthenticationOptions.SignInScheme"/> is used as a fallback value.
+        /// When omitted, <see cref="AuthenticationOptions.DefaultSignInScheme"/> is used as a fallback value.
         /// </summary>
         public string SignInScheme { get; set; }
 
-        /// <summary>
-        /// Get or sets the text that the user can display on a sign in user interface.
-        /// </summary>
-        public string DisplayName
-        {
-            get { return Description.DisplayName; }
-            set { Description.DisplayName = value; }
-        }
-
         /// <summary>
         /// Gets or sets the time limit for completing the authentication flow (15 minutes by default).
         /// </summary>
         public TimeSpan RemoteAuthenticationTimeout { get; set; } = TimeSpan.FromMinutes(15);
 
-        public IRemoteAuthenticationEvents Events = new RemoteAuthenticationEvents();
+        public new RemoteAuthenticationEvents Events
+        {
+            get { return (RemoteAuthenticationEvents)base.Events; }
+            set { base.Events = value; }
+        }
 
         /// <summary>
         /// Defines whether access and refresh tokens should be stored in the
diff --git a/src/Microsoft.AspNetCore.Authentication/Resources.resx b/src/Microsoft.AspNetCore.Authentication/Resources.resx
index 77060045e0..54d22bcc94 100644
--- a/src/Microsoft.AspNetCore.Authentication/Resources.resx
+++ b/src/Microsoft.AspNetCore.Authentication/Resources.resx
@@ -126,4 +126,7 @@
   <data name="Exception_AuthenticationTokenDoesNotProvideSyncMethods" xml:space="preserve">
     <value>The AuthenticationTokenProvider's required synchronous events have not been registered.</value>
   </data>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
deleted file mode 100644
index 8b168c9a0a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public class SharedAuthenticationOptions
-    {
-        /// <summary>
-        /// Gets or sets the authentication scheme corresponding to the default middleware
-        /// responsible of persisting user's identity after a successful authentication.
-        /// This value typically corresponds to a cookie middleware registered in the Startup class.
-        /// </summary>
-        public string SignInScheme { get; set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
index e1c79192aa..2320982ce3 100644
--- a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
+++ b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 
 namespace Microsoft.AspNetCore.Authentication
diff --git a/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs b/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
deleted file mode 100644
index 9f5c96cc11..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
+++ /dev/null
@@ -1,135 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public static class AuthenticationTokenExtensions
-    {
-        private static string TokenNamesKey = ".TokenNames";
-        private static string TokenKeyPrefix = ".Token.";
-
-        public static void StoreTokens(this AuthenticationProperties properties, IEnumerable<AuthenticationToken> tokens)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-            if (tokens == null)
-            {
-                throw new ArgumentNullException(nameof(tokens));
-            }
-
-            // Clear old tokens first
-            var oldTokens = properties.GetTokens();
-            foreach (var t in oldTokens)
-            {
-                properties.Items.Remove(TokenKeyPrefix + t.Name);
-            }
-            properties.Items.Remove(TokenNamesKey);
-
-            var tokenNames = new List<string>();
-            foreach (var token in tokens)
-            {
-                // REVIEW: should probably check that there are no ; in the token name and throw or encode
-                tokenNames.Add(token.Name);
-                properties.Items[TokenKeyPrefix+token.Name] = token.Value;
-            }
-            if (tokenNames.Count > 0)
-            {
-                properties.Items[TokenNamesKey] = string.Join(";", tokenNames.ToArray());
-            }
-        }
-
-        public static string GetTokenValue(this AuthenticationProperties properties, string tokenName)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-            if (tokenName == null)
-            {
-                throw new ArgumentNullException(nameof(tokenName));
-            }
-
-            var tokenKey = TokenKeyPrefix + tokenName;
-            return properties.Items.ContainsKey(tokenKey)
-                ? properties.Items[tokenKey]
-                : null;
-        }
-
-        public static bool UpdateTokenValue(this AuthenticationProperties properties, string tokenName, string tokenValue)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-            if (tokenName == null)
-            {
-                throw new ArgumentNullException(nameof(tokenName));
-            }
-
-            var tokenKey = TokenKeyPrefix + tokenName;
-            if (!properties.Items.ContainsKey(tokenKey))
-            {
-                return false;
-            }
-            properties.Items[tokenKey] = tokenValue;
-            return true;
-        }
-
-        public static IEnumerable<AuthenticationToken> GetTokens(this AuthenticationProperties properties)
-        {
-            if (properties == null)
-            {
-                throw new ArgumentNullException(nameof(properties));
-            }
-
-            var tokens = new List<AuthenticationToken>();
-            if (properties.Items.ContainsKey(TokenNamesKey))
-            {
-                var tokenNames = properties.Items[TokenNamesKey].Split(';');
-                foreach (var name in tokenNames)
-                {
-                    var token = properties.GetTokenValue(name);
-                    if (token != null)
-                    {
-                        tokens.Add(new AuthenticationToken { Name = name, Value = token });
-                    }
-                }
-            }
-
-            return tokens;
-        }
-
-        public static Task<string> GetTokenAsync(this AuthenticationManager manager, string tokenName)
-        {
-            return manager.GetTokenAsync(AuthenticationManager.AutomaticScheme, tokenName);
-        }
-
-        public static async Task<string> GetTokenAsync(this AuthenticationManager manager, string signInScheme, string tokenName)
-        {
-            if (manager == null)
-            {
-                throw new ArgumentNullException(nameof(manager));
-            }
-            if (signInScheme == null)
-            {
-                throw new ArgumentNullException(nameof(signInScheme));
-            }
-            if (tokenName == null)
-            {
-                throw new ArgumentNullException(nameof(tokenName));
-            }
-
-            var authContext = new AuthenticateContext(signInScheme);
-            await manager.AuthenticateAsync(authContext);
-            return new AuthenticationProperties(authContext.Properties).GetTokenValue(tokenName);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
index bb5700fc62..1564193b9e 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -13,9 +13,9 @@ namespace Microsoft.AspNetCore.Builder
     public static class CookiePolicyAppBuilderExtensions
     {
         /// <summary>
-        /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
+        /// Adds the <see cref="CookiePolicyMiddleware"/> handler to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app)
         {
@@ -28,10 +28,10 @@ namespace Microsoft.AspNetCore.Builder
         }
 
         /// <summary>
-        /// Adds the <see cref="CookiePolicyMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
+        /// Adds the <see cref="CookiePolicyMiddleware"/> handler to the specified <see cref="IApplicationBuilder"/>, which enables cookie policy capabilities.
         /// </summary>
-        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
-        /// <param name="options">A <see cref="CookiePolicyOptions"/> that specifies options for the middleware.</param>
+        /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
+        /// <param name="options">A <see cref="CookiePolicyOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
         public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, CookiePolicyOptions options)
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
deleted file mode 100644
index fade43716e..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
+++ /dev/null
@@ -1,282 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.IO;
-using System.Security.Claims;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.Extensions.Logging;
-using Xunit;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public class AuthenticationHandlerFacts
-    {
-        [Fact]
-        public async Task ShouldHandleSchemeAreDeterminedOnlyByMatchingAuthenticationScheme()
-        {
-            var handler = await TestHandler.Create("Alpha");
-            var passiveNoMatch = handler.ShouldHandleScheme("Beta", handleAutomatic: false);
-
-            handler = await TestHandler.Create("Alpha");
-            var passiveWithMatch = handler.ShouldHandleScheme("Alpha", handleAutomatic: false);
-
-            Assert.False(passiveNoMatch);
-            Assert.True(passiveWithMatch);
-        }
-
-        [Fact]
-        public async Task AutomaticHandlerInAutomaticModeHandlesEmptyChallenges()
-        {
-            var handler = await TestAutoHandler.Create("ignored", true);
-            Assert.True(handler.ShouldHandleScheme(AuthenticationManager.AutomaticScheme, handleAutomatic: true));
-        }
-
-        [Theory]
-        [InlineData(null)]
-        [InlineData("")]
-        [InlineData("        ")]
-        [InlineData("notmatched")]
-        public async Task AutomaticHandlerDoesNotHandleSchemes(string scheme)
-        {
-            var handler = await TestAutoHandler.Create("ignored", true);
-            Assert.False(handler.ShouldHandleScheme(scheme, handleAutomatic: true));
-        }
-
-        [Fact]
-        public async Task AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
-        {
-            var handler = await TestAutoHandler.Create("Alpha", true);
-            Assert.True(handler.ShouldHandleScheme("Alpha", handleAutomatic: true));
-        }
-
-        [Fact]
-        public async Task AutomaticHandlerShouldNotHandleChallengeWhenSchemesNotEmpty()
-        {
-            var handler = await TestAutoHandler.Create(null, true);
-            Assert.False(handler.ShouldHandleScheme("Alpha", handleAutomatic: true));
-        }
-
-        [Theory]
-        [InlineData("Alpha")]
-        [InlineData("Automatic")]
-        public async Task AuthHandlerAuthenticateCachesTicket(string scheme)
-        {
-            var handler = await CountHandler.Create(scheme);
-            var context = new AuthenticateContext(scheme);
-            await handler.AuthenticateAsync(context);
-            await handler.AuthenticateAsync(context);
-            Assert.Equal(1, handler.AuthCount);
-        }
-
-        [Theory]
-        [InlineData("Alpha", false)]
-        [InlineData("Bravo", true)]
-        public async Task AuthHandlerChallengeCallsPriorHandlerIfNotHandled(string challenge, bool passedThrough)
-        {
-            var handler = await TestHandler.Create("Alpha");
-            var previous = new PreviousHandler();
-
-            handler.PriorHandler = previous;
-            await handler.ChallengeAsync(new ChallengeContext(challenge));
-            Assert.Equal(passedThrough, previous.ChallengeCalled);
-        }
-
-        private class PreviousHandler : IAuthenticationHandler
-        {
-            public bool ChallengeCalled = false;
-
-            public Task AuthenticateAsync(AuthenticateContext context)
-            {
-                throw new NotImplementedException();
-            }
-
-            public Task ChallengeAsync(ChallengeContext context)
-            {
-                ChallengeCalled = true;
-                return Task.FromResult(0);
-            }
-
-            public void GetDescriptions(DescribeSchemesContext context)
-            {
-                throw new NotImplementedException();
-            }
-
-            public Task SignInAsync(SignInContext context)
-            {
-                throw new NotImplementedException();
-            }
-
-            public Task SignOutAsync(SignOutContext context)
-            {
-                throw new NotImplementedException();
-            }
-        }
-
-        private class CountOptions : AuthenticationOptions { }
-
-        private class CountHandler : AuthenticationHandler<CountOptions>
-        {
-            public int AuthCount = 0;
-
-            private CountHandler() { }
-
-            public static async Task<CountHandler> Create(string scheme)
-            {
-                var handler = new CountHandler();
-                var context = new DefaultHttpContext();
-                context.Features.Set<IHttpResponseFeature>(new TestResponse());
-                await handler.InitializeAsync(
-                    new CountOptions(), context,
-                    new LoggerFactory().CreateLogger("CountHandler"),
-                    UrlEncoder.Default);
-                handler.Options.AuthenticationScheme = scheme;
-                handler.Options.AutomaticAuthenticate = true;
-                return handler;
-            }
-
-            protected override Task<AuthenticateResult> HandleAuthenticateAsync()
-            {
-                AuthCount++;
-                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
-            }
-
-        }
-
-        private class TestHandler : AuthenticationHandler<TestOptions>
-        {
-            private TestHandler() { }
-
-            public AuthenticateResult Result = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever"));
-
-            public static async Task<TestHandler> Create(string scheme)
-            {
-                var handler = new TestHandler();
-                var context = new DefaultHttpContext();
-                context.Features.Set<IHttpResponseFeature>(new TestResponse());
-                await handler.InitializeAsync(
-                    new TestOptions(), context,
-                    new LoggerFactory().CreateLogger("TestHandler"),
-                    UrlEncoder.Default);
-                handler.Options.AuthenticationScheme = scheme;
-                return handler;
-            }
-
-            protected override Task<AuthenticateResult> HandleAuthenticateAsync()
-            {
-                return Task.FromResult(Result);
-            }
-        }
-
-        private class TestOptions : AuthenticationOptions { }
-
-        private class TestAutoOptions : AuthenticationOptions
-        {
-            public TestAutoOptions()
-            {
-                AutomaticAuthenticate = true;
-            }
-        }
-
-        private class TestAutoHandler : AuthenticationHandler<TestAutoOptions>
-        {
-            private TestAutoHandler() { }
-
-            public static async Task<TestAutoHandler> Create(string scheme, bool auto)
-            {
-                var handler = new TestAutoHandler();
-                var context = new DefaultHttpContext();
-                context.Features.Set<IHttpResponseFeature>(new TestResponse());
-                await handler.InitializeAsync(
-                    new TestAutoOptions(), context,
-                    new LoggerFactory().CreateLogger("TestAutoHandler"),
-                    UrlEncoder.Default);
-                handler.Options.AuthenticationScheme = scheme;
-                handler.Options.AutomaticAuthenticate = auto;
-                return handler;
-            }
-
-            protected override Task<AuthenticateResult> HandleAuthenticateAsync()
-            {
-                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
-            }
-        }
-
-        private class TestResponse : IHttpResponseFeature
-        {
-            public Stream Body
-            {
-                get
-                {
-                    throw new NotImplementedException();
-                }
-
-                set
-                {
-                    throw new NotImplementedException();
-                }
-            }
-
-            public bool HasStarted
-            {
-                get
-                {
-                    throw new NotImplementedException();
-                }
-            }
-
-            public IHeaderDictionary Headers
-            {
-                get
-                {
-                    throw new NotImplementedException();
-                }
-
-                set
-                {
-                    throw new NotImplementedException();
-                }
-            }
-
-            public string ReasonPhrase
-            {
-                get
-                {
-                    throw new NotImplementedException();
-                }
-
-                set
-                {
-                    throw new NotImplementedException();
-                }
-            }
-
-            public int StatusCode
-            {
-                get
-                {
-                    throw new NotImplementedException();
-                }
-
-                set
-                {
-                }
-            }
-
-            public void OnCompleted(Func<object, Task> callback, object state)
-            {
-                throw new NotImplementedException();
-            }
-
-            public void OnStarting(Func<object, Task> callback, object state)
-            {
-            }
-        }
-    }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
new file mode 100644
index 0000000000..c4720eb30c
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
@@ -0,0 +1,181 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Net;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class AuthenticationMiddlewareTests
+    {
+        [Fact]
+        public async Task OnlyInvokesCanHandleRequestHandlers()
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                })
+                .ConfigureServices(services => services.AddAuthentication(o =>
+                {
+                    o.AddScheme("Skip", s =>
+                    {
+                        s.HandlerType = typeof(SkipHandler);
+                    });
+                    // Won't get hit since CanHandleRequests is false
+                    o.AddScheme("throws", s =>
+                    {
+                        s.HandlerType = typeof(ThrowsHandler);
+                    });
+                    o.AddScheme("607", s =>
+                    {
+                        s.HandlerType = typeof(SixOhSevenHandler);
+                    });
+                    // Won't get run since 607 will finish
+                    o.AddScheme("305", s =>
+                    {
+                        s.HandlerType = typeof(ThreeOhFiveHandler);
+                    });
+                }));
+            var server = new TestServer(builder);
+            var response = await server.CreateClient().GetAsync("http://example.com/");
+            Assert.Equal(607, (int)response.StatusCode);
+        }
+
+        private class ThreeOhFiveHandler : StatusCodeHandler {
+            public ThreeOhFiveHandler() : base(305) { }
+        }
+
+        private class SixOhSevenHandler : StatusCodeHandler
+        {
+            public SixOhSevenHandler() : base(607) { }
+        }
+
+        private class SevenOhSevenHandler : StatusCodeHandler
+        {
+            public SevenOhSevenHandler() : base(707) { }
+        }
+
+        private class StatusCodeHandler : IAuthenticationRequestHandler
+        {
+            private HttpContext _context;
+            private int _code;
+
+            public StatusCodeHandler(int code)
+            {
+                _code = code;
+            }
+            
+            public Task<AuthenticateResult> AuthenticateAsync()
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ChallengeAsync(ChallengeContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task<bool> HandleRequestAsync()
+            {
+                _context.Response.StatusCode = _code;
+                return Task.FromResult(true);
+            }
+
+            public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+            {
+                _context = context;
+                return Task.FromResult(0);
+            }
+
+            public Task SignInAsync(SignInContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignOutAsync(SignOutContext context)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class ThrowsHandler : IAuthenticationHandler
+        {
+            private HttpContext _context;
+
+            public Task<AuthenticateResult> AuthenticateAsync()
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ChallengeAsync(ChallengeContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task<bool> HandleRequestAsync()
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+            {
+                _context = context;
+                return Task.FromResult(0);
+            }
+
+            public Task SignInAsync(SignInContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignOutAsync(SignOutContext context)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+        private class SkipHandler : IAuthenticationRequestHandler
+        {
+            private HttpContext _context;
+
+            public Task<AuthenticateResult> AuthenticateAsync()
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ChallengeAsync(ChallengeContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task<bool> HandleRequestAsync()
+            {
+                return Task.FromResult(false);
+            }
+
+            public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+            {
+                _context = context;
+                return Task.FromResult(0);
+            }
+
+            public Task SignInAsync(SignInContext context)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignOutAsync(SignOutContext context)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
similarity index 67%
rename from test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index e6f881fefc..55dd054269 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -14,20 +14,22 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.AspNetCore.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    public class CookieMiddlewareTests
+    public class CookieTests
     {
+        private TestClock _clock = new TestClock();
+
         [Fact]
         public async Task NormalRequestPassesThrough()
         {
-            var server = CreateServer(new CookieAuthenticationOptions());
+            var server = CreateServer(s => { });
             var response = await server.CreateClient().GetAsync("http://example.com/normal");
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
         }
@@ -35,13 +37,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task AjaxLoginRedirectToReturnUrlTurnsInto200WithLocationHeader()
         {
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                AutomaticChallenge = true,
-                LoginPath = "/login"
-            });
-
-            var transaction = await SendAsync(server, "http://example.com/protected?X-Requested-With=XMLHttpRequest");
+            var server = CreateServer(o => o.LoginPath = "/login");
+            var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest");
             Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
             Assert.Equal(1, responded.Count());
@@ -51,11 +48,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task AjaxForbidTurnsInto403WithLocationHeader()
         {
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                AccessDeniedPath = "/denied"
-            });
-
+            var server = CreateServer(o => o.AccessDeniedPath = "/denied");
             var transaction = await SendAsync(server, "http://example.com/forbid?X-Requested-With=XMLHttpRequest");
             Assert.Equal(HttpStatusCode.Forbidden, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
@@ -66,11 +59,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task AjaxLogoutRedirectToReturnUrlTurnsInto200WithLocationHeader()
         {
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                LogoutPath = "/signout"
-            });
-
+            var server = CreateServer(o => o.LogoutPath = "/signout");
             var transaction = await SendAsync(server, "http://example.com/signout?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
@@ -81,8 +70,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task AjaxChallengeRedirectTurnsInto200WithLocationHeader()
         {
-            var server = CreateServer(new CookieAuthenticationOptions());
-
+            var server = CreateServer(s => { });
             var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
             Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
@@ -90,35 +78,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.True(responded.Single().StartsWith("http://example.com/Account/Login"));
         }
 
-        [Theory]
-        [InlineData(true)]
-        [InlineData(false)]
-        public async Task ProtectedRequestShouldRedirectToLoginOnlyWhenAutomatic(bool auto)
-        {
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                LoginPath = new PathString("/login"),
-                AutomaticChallenge = auto
-            });
-
-            var transaction = await SendAsync(server, "http://example.com/protected");
-
-            Assert.Equal(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
-            if (auto)
-            {
-                var location = transaction.Response.Headers.Location;
-                Assert.Equal("/login", location.LocalPath);
-                Assert.Equal("?ReturnUrl=%2Fprotected", location.Query);
-            }
-        }
-
         [Fact]
         public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri()
         {
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                AutomaticChallenge = true
-            });
+            var server = CreateServer(s => { });
 
             var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
 
@@ -129,31 +92,31 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         private Task SignInAsAlice(HttpContext context)
         {
-            return context.Authentication.SignInAsync("Cookies",
+            return context.SignInAsync("Cookies",
                 new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                 new AuthenticationProperties());
         }
 
         private Task SignInAsWrong(HttpContext context)
         {
-            return context.Authentication.SignInAsync("Oops",
+            return context.SignInAsync("Oops",
                 new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                 new AuthenticationProperties());
         }
 
         private Task SignOutAsWrong(HttpContext context)
         {
-            return context.Authentication.SignOutAsync("Oops");
+            return context.SignOutAsync("Oops");
         }
 
         [Fact]
         public async Task SignInCausesDefaultCookieToBeCreated()
         {
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServerWithServices(s => s.AddCookieAuthentication(o =>
             {
-                LoginPath = new PathString("/login"),
-                CookieName = "TestCookie"
-            }, SignInAsAlice);
+                o.LoginPath = new PathString("/login");
+                o.CookieName = "TestCookie";
+            }), SignInAsAlice);
 
             var transaction = await SendAsync(server, "http://example.com/testpath");
 
@@ -169,10 +132,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task SignInWrongAuthTypeThrows()
         {
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                LoginPath = new PathString("/login"),
-                CookieName = "TestCookie"
+                o.LoginPath = new PathString("/login");
+                o.CookieName = "TestCookie";
             }, SignInAsWrong);
 
             await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -181,10 +144,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task SignOutWrongAuthTypeThrows()
         {
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                LoginPath = new PathString("/login"),
-                CookieName = "TestCookie"
+                o.LoginPath = new PathString("/login");
+                o.CookieName = "TestCookie";
             }, SignOutAsWrong);
 
             await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -202,11 +165,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             string requestUri,
             bool shouldBeSecureOnly)
         {
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                LoginPath = new PathString("/login"),
-                CookieName = "TestCookie",
-                CookieSecure = cookieSecurePolicy
+                o.LoginPath = new PathString("/login");
+                o.CookieName = "TestCookie";
+                o.CookieSecure = cookieSecurePolicy;
             }, SignInAsAlice);
 
             var transaction = await SendAsync(server, requestUri);
@@ -225,14 +188,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieOptionsAlterSetCookieHeader()
         {
-            TestServer server1 = CreateServer(new CookieAuthenticationOptions
+            var server1 = CreateServer(o =>
             {
-                CookieName = "TestCookie",
-                CookiePath = "/foo",
-                CookieDomain = "another.com",
-                CookieSecure = CookieSecurePolicy.Always,
-                CookieHttpOnly = true
-            }, SignInAsAlice, new Uri("http://example.com/base"));
+                o.CookieName = "TestCookie";
+                o.CookiePath = "/foo";
+                o.CookieDomain = "another.com";
+                o.CookieSecure = CookieSecurePolicy.Always;
+                o.CookieHttpOnly = true;
+            }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
             var transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
 
@@ -244,12 +207,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Contains(" secure", setCookie1);
             Assert.Contains(" httponly", setCookie1);
 
-            var server2 = CreateServer(new CookieAuthenticationOptions
+            var server2 = CreateServer(o =>
             {
-                CookieName = "SecondCookie",
-                CookieSecure = CookieSecurePolicy.None,
-                CookieHttpOnly = false
-            }, SignInAsAlice, new Uri("http://example.com/base"));
+                o.CookieName = "SecondCookie";
+                o.CookieSecure = CookieSecurePolicy.None;
+                o.CookieHttpOnly = false;
+            }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
             var transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
 
@@ -265,11 +228,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieContainsIdentity()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                SystemClock = clock
-            }, SignInAsAlice);
+            var server = CreateServer(o => { }, SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
@@ -281,30 +240,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieAppliesClaimsTransform()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                SystemClock = clock
-            },
+            var server = CreateServer(o => { },
             SignInAsAlice,
             baseAddress: null,
-            claimsTransform: new ClaimsTransformationOptions
-            {
-                Transformer = new ClaimsTransformer
-                {
-                    OnTransform = context =>
-                    {
-                        if (!context.Principal.Identities.Any(i => i.AuthenticationType == "xform"))
-                        {
-                            // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
-                            var id = new ClaimsIdentity("xform");
-                            id.AddClaim(new Claim("xform", "yup"));
-                            context.Principal.AddIdentity(id);
-                        }
-                        return Task.FromResult(context.Principal);
-                    }
-                }
-            });
+            claimsTransform: true);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
@@ -318,23 +257,21 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieStopsWorkingAfterExpiration()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = false;
             }, SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            clock.Add(TimeSpan.FromMinutes(7));
+            _clock.Add(TimeSpan.FromMinutes(7));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            clock.Add(TimeSpan.FromMinutes(7));
+            _clock.Add(TimeSpan.FromMinutes(7));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
@@ -349,27 +286,25 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieExpirationCanBeOverridenInSignin()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = false;
             },
             context =>
-                context.Authentication.SignInAsync("Cookies",
+                context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
-                    new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) }));
+                    new AuthenticationProperties() { ExpiresUtc = _clock.UtcNow.Add(TimeSpan.FromMinutes(5)) }));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            clock.Add(TimeSpan.FromMinutes(3));
+            _clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
-            clock.Add(TimeSpan.FromMinutes(3));
+            _clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
 
@@ -384,27 +319,25 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task ExpiredCookieWithValidatorStillExpired()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                Events = new CookieAuthenticationEvents
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                }
+                };
             },
             context =>
-                context.Authentication.SignInAsync("Cookies",
+                context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
-            clock.Add(TimeSpan.FromMinutes(11));
+            _clock.Add(TimeSpan.FromMinutes(11));
 
             var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.Null(transaction2.SetCookie);
@@ -414,24 +347,22 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieCanBeRejectedAndSignedOutByValidator()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false,
-                Events = new CookieAuthenticationEvents
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = false;
+                o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.RejectPrincipal();
-                        ctx.HttpContext.Authentication.SignOutAsync("Cookies");
+                        ctx.HttpContext.SignOutAsync("Cookies");
                         return Task.FromResult(0);
                     }
-                }
+                };
             },
             context =>
-                context.Authentication.SignInAsync("Cookies",
+                context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -442,25 +373,59 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         }
 
         [Fact]
-        public async Task CookieCanBeRenewedByValidator()
+        public async Task CookieNotRenewedAfterSignOut()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false,
-                Events = new CookieAuthenticationEvents
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = false;
+                o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                }
+                };
             },
             context =>
-                context.Authentication.SignInAsync("Cookies",
+                context.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            // renews on every request
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.NotNull(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+
+            var transaction3 = await server.SendAsync("http://example.com/normal", transaction1.CookieNameValue);
+            Assert.NotNull(transaction3.SetCookie[0]);
+
+            // signout wins over renew
+            var transaction4 = await server.SendAsync("http://example.com/signout", transaction3.SetCookie[0]);
+            Assert.Equal(1, transaction4.SetCookie.Count());
+            Assert.Contains(".AspNetCore.Cookies=; expires=", transaction4.SetCookie[0]);
+        }
+
+        [Fact]
+        public async Task CookieCanBeRenewedByValidator()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = false;
+                o.Events = new CookieAuthenticationEvents
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.ShouldRenew = true;
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -469,19 +434,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.NotNull(transaction2.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(5));
+            _clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
             Assert.NotNull(transaction3.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(6));
+            _clock.Add(TimeSpan.FromMinutes(6));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.Null(transaction4.SetCookie);
             Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(5));
+            _clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
             Assert.Null(transaction5.SetCookie);
@@ -491,22 +456,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieCanBeRenewedByValidatorWithSlidingExpiry()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                Events = new CookieAuthenticationEvents
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                }
+                };
             },
             context =>
-                context.Authentication.SignInAsync("Cookies",
+                context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -515,19 +478,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.NotNull(transaction2.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(5));
+            _clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
             Assert.NotNull(transaction3.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(6));
+            _clock.Add(TimeSpan.FromMinutes(6));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
             Assert.NotNull(transaction4.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(11));
+            _clock.Add(TimeSpan.FromMinutes(11));
 
             var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
             Assert.Null(transaction5.SetCookie);
@@ -537,23 +500,21 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieValidatorOnlyCalledOnce()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false,
-                Events = new CookieAuthenticationEvents
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = false;
+                o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                }
+                };
             },
             context =>
-                context.Authentication.SignInAsync("Cookies",
+                context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -562,19 +523,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.NotNull(transaction2.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(5));
+            _clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
             Assert.NotNull(transaction3.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(6));
+            _clock.Add(TimeSpan.FromMinutes(6));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.Null(transaction4.SetCookie);
             Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(5));
+            _clock.Add(TimeSpan.FromMinutes(5));
 
             var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
             Assert.Null(transaction5.SetCookie);
@@ -586,15 +547,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [InlineData(false)]
         public async Task ShouldRenewUpdatesIssuedExpiredUtc(bool sliding)
         {
-            var clock = new TestClock();
             DateTimeOffset? lastValidateIssuedDate = null;
             DateTimeOffset? lastExpiresDate = null;
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = sliding,
-                Events = new CookieAuthenticationEvents
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = sliding;
+                o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
                     {
@@ -603,10 +562,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         ctx.ShouldRenew = true;
                         return Task.FromResult(0);
                     }
-                }
+                };
             },
             context =>
-                context.Authentication.SignInAsync("Cookies",
+                context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -621,13 +580,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var firstIssueDate = lastValidateIssuedDate;
             var firstExpiresDate = lastExpiresDate;
 
-            clock.Add(TimeSpan.FromMinutes(1));
+            _clock.Add(TimeSpan.FromMinutes(1));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
             Assert.NotNull(transaction3.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(2));
+            _clock.Add(TimeSpan.FromMinutes(2));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
             Assert.NotNull(transaction4.SetCookie);
@@ -640,21 +599,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieExpirationCanBeOverridenInEvent()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = false,
-                Events = new CookieAuthenticationEvents()
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = false;
+                o.Events = new CookieAuthenticationEvents()
                 {
                     OnSigningIn = context =>
                     {
-                        context.Properties.ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5));
+                        context.Properties.ExpiresUtc = _clock.UtcNow.Add(TimeSpan.FromMinutes(5));
                         return Task.FromResult(0);
                     }
-                }
-            }, SignInAsAlice);
+                };
+            },
+            SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
@@ -662,13 +620,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Null(transaction2.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(3));
+            _clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.Null(transaction3.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(3));
+            _clock.Add(TimeSpan.FromMinutes(3));
 
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.Null(transaction4.SetCookie);
@@ -678,13 +636,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieIsRenewedWithSlidingExpiration()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                ExpireTimeSpan = TimeSpan.FromMinutes(10),
-                SlidingExpiration = true
-            }, SignInAsAlice);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = true;
+            },
+            SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
@@ -692,20 +649,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Null(transaction2.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(4));
+            _clock.Add(TimeSpan.FromMinutes(4));
 
             var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.Null(transaction3.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(4));
+            _clock.Add(TimeSpan.FromMinutes(4));
 
             // transaction4 should arrive with a new SetCookie value
             var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
             Assert.NotNull(transaction4.SetCookie);
             Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
 
-            clock.Add(TimeSpan.FromMinutes(4));
+            _clock.Add(TimeSpan.FromMinutes(4));
 
             var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
             Assert.Null(transaction5.SetCookie);
@@ -715,12 +672,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieUsesPathBaseByDefault()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions(),
+            var server = CreateServer(o => { },
             context =>
             {
                 Assert.Equal(new PathString("/base"), context.Request.PathBase);
-                return context.Authentication.SignInAsync("Cookies",
+                return context.SignInAsync("Cookies",
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
             },
             new Uri("http://example.com/base"));
@@ -729,18 +685,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.True(transaction1.SetCookie.Contains("path=/base"));
         }
 
-        [Theory]
-        [InlineData(true)]
-        [InlineData(false)]
-        public async Task CookieTurnsChallengeIntoForbidWithCookie(bool automatic)
+        [Fact]
+        public async Task CookieTurnsChallengeIntoForbidWithCookie()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = automatic,
-                SystemClock = clock
-            },
-            SignInAsAlice);
+            var server = CreateServer(o => { }, SignInAsAlice);
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
 
@@ -753,18 +701,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("?ReturnUrl=%2Fchallenge", location.Query);
         }
 
-        [Theory]
-        [InlineData(true)]
-        [InlineData(false)]
-        public async Task CookieChallengeRedirectsToLoginWithoutCookie(bool automatic)
+        [Fact]
+        public async Task CookieChallengeRedirectsToLoginWithoutCookie()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = automatic,
-                SystemClock = clock
-            },
-            SignInAsAlice);
+            var server = CreateServer(o => { }, SignInAsAlice);
 
             var url = "http://example.com/challenge";
             var transaction = await SendAsync(server, url);
@@ -774,18 +714,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("/Account/Login", location.LocalPath);
         }
 
-        [Theory]
-        [InlineData(true)]
-        [InlineData(false)]
-        public async Task CookieForbidRedirectsWithoutCookie(bool automatic)
+        [Fact]
+        public async Task CookieForbidRedirectsWithoutCookie()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = automatic,
-                SystemClock = clock
-            },
-            SignInAsAlice);
+            var server = CreateServer(o => { }, SignInAsAlice);
 
             var url = "http://example.com/forbid";
             var transaction = await SendAsync(server, url);
@@ -798,11 +730,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieTurns401ToAccessDeniedWhenSetWithCookie()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                AccessDeniedPath = new PathString("/accessdenied")
+                o.AccessDeniedPath = new PathString("/accessdenied");
             },
             SignInAsAlice);
 
@@ -819,11 +749,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieChallengeRedirectsWithLoginPath()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                LoginPath = new PathString("/page")
+                o.LoginPath = new PathString("/page");
             });
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -836,11 +764,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task CookieChallengeWithUnauthorizedRedirectsToLoginIfNotAuthenticated()
         {
-            var clock = new TestClock();
-            var server = CreateServer(new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                SystemClock = clock,
-                LoginPath = new PathString("/page")
+                o.LoginPath = new PathString("/page");
             });
 
             var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -850,19 +776,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
         }
 
-        [Fact]
-        public async Task MapWillNotAffectChallenge()
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task MapWillAffectChallengeOnlyWithUseAuth(bool useAuth)
         {
             var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
+                .Configure(app => {
+                    if (useAuth)
                     {
-                        LoginPath = new PathString("/page")
-                    });
-                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
+                        app.UseAuthentication();
+                    }
+                    app.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(s => s.AddCookieAuthentication(o => o.LoginPath = new PathString("/page")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login");
@@ -870,23 +797,30 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
 
             var location = transaction.Response.Headers.Location;
-            Assert.Equal("/page", location.LocalPath);
+            if (useAuth)
+            {
+                Assert.Equal("/page", location.LocalPath);
+            }
+            else
+            {
+                Assert.Equal("/login/page", location.LocalPath);
+            }
             Assert.Equal("?ReturnUrl=%2F", location.Query);
         }
 
-        [Fact]
+        [ConditionalFact(Skip = "Revisit, exception no longer thrown")]
         public async Task ChallengeDoesNotSet401OnUnauthorized()
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication();
+                    app.UseAuthentication();
                     app.Run(async context =>
                     {
-                        await Assert.ThrowsAsync<InvalidOperationException>(() => context.Authentication.ChallengeAsync());
+                        await Assert.ThrowsAsync<InvalidOperationException>(() => context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme));
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication());
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com");
@@ -894,25 +828,49 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         }
 
         [Fact]
-        public async Task UseCookieWithInstanceDoesntUseSharedOptions()
+        public async Task CanConfigureDefaultCookieInstance()
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        CookieName = "One"
-                    });
-                    app.UseCookieAuthentication();
-                    app.Run(context => context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
+                    app.UseAuthentication();
+                    app.Run(context => context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services =>
+                {
+                    services.AddCookieAuthentication();
+                    services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme,
+                        o => o.CookieName = "One");
+                });
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com");
 
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.True(transaction.SetCookie[0].StartsWith(".AspNetCore.Cookies="));
+            Assert.True(transaction.SetCookie[0].StartsWith("One="));
+        }
+
+        [Fact]
+        public async Task CanConfigureNamedCookieInstance()
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Run(context => context.SignInAsync("Cookie1", new ClaimsPrincipal(new ClaimsIdentity())));
+                })
+                .ConfigureServices(services =>
+                {
+                    services.AddCookieAuthentication("Cookie1");
+                    services.Configure<CookieAuthenticationOptions>("Cookie1",
+                        o => o.CookieName = "One");
+                });
+            var server = new TestServer(builder);
+
+            var transaction = await server.SendAsync("http://example.com");
+
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.True(transaction.SetCookie[0].StartsWith("One="));
         }
 
         [Fact]
@@ -921,14 +879,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        LoginPath = new PathString("/login")
-                    });
-                    app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
+                    app.UseAuthentication();
+                    app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.SignInAsync("Cookies",
                         new ClaimsPrincipal())));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/notlogin?ReturnUrl=%2Fpage");
@@ -942,14 +897,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        LoginPath = new PathString("/login")
-                    });
-                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
-                        new ClaimsPrincipal())));
+                    app.UseAuthentication();
+                    app.Map("/login", signoutApp => signoutApp.Run(context => context.SignInAsync("Cookies", new ClaimsPrincipal())));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login")));
+
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login?ReturnUrl=%2Fpage");
@@ -967,13 +919,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        LogoutPath = new PathString("/logout")
-                    });
-                    app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+                    app.UseAuthentication();
+                    app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.SignOutAsync("Cookies")));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LogoutPath = new PathString("/logout")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/notlogout?ReturnUrl=%2Fpage");
@@ -987,13 +936,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        LogoutPath = new PathString("/logout")
-                    });
-                    app.Map("/logout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+                    app.UseAuthentication();
+                    app.Map("/logout", signoutApp => signoutApp.Run(context => context.SignOutAsync("Cookies")));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LogoutPath = new PathString("/logout")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/logout?ReturnUrl=%2Fpage");
@@ -1011,13 +957,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AccessDeniedPath = new PathString("/denied")
-                    });
-                    app.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
+                    app.UseAuthentication();
+                    app.Map("/forbid", signoutApp => signoutApp.Run(context => context.ForbidAsync("Cookies")));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.AccessDeniedPath = new PathString("/denied")));
             var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/forbid");
 
@@ -1034,13 +977,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 .Configure(app =>
                     app.Map("/base", map =>
                     {
-                        map.UseCookieAuthentication(new CookieAuthenticationOptions
-                        {
-                            LoginPath = new PathString("/page")
-                        });
-                        map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
+                        map.UseAuthentication();
+                        map.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
                     }))
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/page")));
             var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/base/login");
 
@@ -1056,19 +996,17 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [InlineData("http://example.com/redirect_to")]
         public async Task RedirectUriIsHoneredAfterSignin(string redirectUrl)
         {
-            var options = new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                LoginPath = "/testpath",
-                CookieName = "TestCookie"
-            };
-
-            var server = CreateServer(options, async context =>
-            {
-                await context.Authentication.SignInAsync(
+                o.LoginPath = "/testpath";
+                o.CookieName = "TestCookie";
+            },
+            async context =>
+                await context.SignInAsync(
                     CookieAuthenticationDefaults.AuthenticationScheme,
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))),
-                    new AuthenticationProperties { RedirectUri = redirectUrl });
-            });
+                    new AuthenticationProperties { RedirectUri = redirectUrl })
+            );
             var transaction = await SendAsync(server, "http://example.com/testpath");
 
             Assert.NotEmpty(transaction.SetCookie);
@@ -1079,16 +1017,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task RedirectUriInQueryIsHoneredAfterSignin()
         {
-            var options = new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                LoginPath = "/testpath",
-                ReturnUrlParameter = "return",
-                CookieName = "TestCookie"
-            };
-
-            var server = CreateServer(options, async context =>
+                o.LoginPath = "/testpath";
+                o.ReturnUrlParameter = "return";
+                o.CookieName = "TestCookie";
+            },
+            async context =>
             {
-                await context.Authentication.SignInAsync(
+                await context.SignInAsync(
                     CookieAuthenticationDefaults.AuthenticationScheme,
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))));
             });
@@ -1102,16 +1039,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task AbsoluteRedirectUriInQueryStringIsRejected()
         {
-            var options = new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                LoginPath = "/testpath",
-                ReturnUrlParameter = "return",
-                CookieName = "TestCookie"
-            };
-
-            var server = CreateServer(options, async context =>
+                o.LoginPath = "/testpath";
+                o.ReturnUrlParameter = "return";
+                o.CookieName = "TestCookie";
+            },
+            async context =>
             {
-                await context.Authentication.SignInAsync(
+                await context.SignInAsync(
                     CookieAuthenticationDefaults.AuthenticationScheme,
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))));
             });
@@ -1124,16 +1060,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task EnsurePrecedenceOfRedirectUriAfterSignin()
         {
-            var options = new CookieAuthenticationOptions
+            var server = CreateServer(o =>
             {
-                LoginPath = "/testpath",
-                ReturnUrlParameter = "return",
-                CookieName = "TestCookie"
-            };
-
-            var server = CreateServer(options, async context =>
+                o.LoginPath = "/testpath";
+                o.ReturnUrlParameter = "return";
+                o.CookieName = "TestCookie";
+            },
+            async context =>
             {
-                await context.Authentication.SignInAsync(
+                await context.SignInAsync(
                     CookieAuthenticationDefaults.AuthenticationScheme,
                     new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))),
                     new AuthenticationProperties { RedirectUri = "/redirect_test" });
@@ -1152,13 +1087,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 .Configure(app =>
                     app.Map("/base", map =>
                     {
-                        map.UseCookieAuthentication(new CookieAuthenticationOptions
-                        {
-                            AccessDeniedPath = new PathString("/denied")
-                        });
-                        map.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
+                        map.UseAuthentication();
+                        map.Map("/forbid", signoutApp => signoutApp.Run(context => context.ForbidAsync("Cookies")));
                     }))
-                    .ConfigureServices(services => services.AddAuthentication());
+                    .ConfigureServices(services => services.AddCookieAuthentication(o => o.AccessDeniedPath = new PathString("/denied")));
             var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/base/forbid");
 
@@ -1176,17 +1108,17 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var builder1 = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        TicketDataFormat = new TicketDataFormat(dp),
-                        CookieName = "Cookie"
-                    });
+                    app.UseAuthentication();
                     app.Use((context, next) =>
-                        context.Authentication.SignInAsync("Cookies",
+                        context.SignInAsync("Cookies",
                                         new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                                         new AuthenticationProperties()));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o =>
+                {
+                    o.TicketDataFormat = new TicketDataFormat(dp);
+                    o.CookieName = "Cookie";
+                }));
             var server1 = new TestServer(builder1);
 
             var transaction = await SendAsync(server1, "http://example.com/stuff");
@@ -1195,20 +1127,18 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var builder2 = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = "Cookies",
-                        CookieName = "Cookie",
-                        TicketDataFormat = new TicketDataFormat(dp)
-                    });
+                    app.UseAuthentication();
                     app.Use(async (context, next) =>
                     {
-                        var authContext = new AuthenticateContext("Cookies");
-                        await context.Authentication.AuthenticateAsync(authContext);
-                        Describe(context.Response, authContext);
+                        var result = await context.AuthenticateAsync("Cookies");
+                        Describe(context.Response, result);
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication("Cookies", o =>
+                {
+                    o.CookieName = "Cookie";
+                    o.TicketDataFormat = new TicketDataFormat(dp);
+                }));
             var server2 = new TestServer(builder2);
             var transaction2 = await SendAsync(server2, "http://example.com/stuff", transaction.CookieNameValue);
             Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
@@ -1219,27 +1149,27 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         public async Task NullExpiresUtcPropertyIsGuarded()
         {
             var builder = new WebHostBuilder()
-                .ConfigureServices(services => services.AddAuthentication())
+                .ConfigureServices(services => services.AddCookieAuthentication(o =>
+                {
+                    o.Events = new CookieAuthenticationEvents
+                    {
+                        OnValidatePrincipal = context =>
+                        {
+                            context.Properties.ExpiresUtc = null;
+                            context.ShouldRenew = true;
+                            return Task.FromResult(0);
+                        }
+                    };
+                }))
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        Events = new CookieAuthenticationEvents
-                        {
-                            OnValidatePrincipal = context =>
-                            {
-                                context.Properties.ExpiresUtc = null;
-                                context.ShouldRenew = true;
-                                return Task.FromResult(0);
-                            }
-                        }
-                    });
+                    app.UseAuthentication();
 
                     app.Run(async context =>
                     {
                         if (context.Request.Path == "/signin")
                         {
-                            await context.Authentication.SignInAsync(
+                            await context.SignInAsync(
                                 CookieAuthenticationDefaults.AuthenticationScheme,
                                 new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
                         }
@@ -1298,18 +1228,34 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             return me;
         }
 
-        private static TestServer CreateServer(CookieAuthenticationOptions options, Func<HttpContext, Task> testpath = null, Uri baseAddress = null, ClaimsTransformationOptions claimsTransform = null)
+        private class ClaimsTransformer : IClaimsTransformation
+        {
+            public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal p)
+            {
+                if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                {
+                    var id = new ClaimsIdentity("xform");
+                    id.AddClaim(new Claim("xform", "yup"));
+                    p.AddIdentity(id);
+                }
+                return Task.FromResult(p);
+            }
+        }
+
+        private TestServer CreateServer(Action<CookieAuthenticationOptions> configureOptions, Func<HttpContext, Task> testpath = null, Uri baseAddress = null, bool claimsTransform = false)
+            => CreateServerWithServices(s =>
+            {
+                s.AddSingleton<ISystemClock>(_clock);
+                s.AddCookieAuthentication(configureOptions);
+                s.AddSingleton<IClaimsTransformation, ClaimsTransformer>();
+            }, testpath, baseAddress);
+
+        private static TestServer CreateServerWithServices(Action<IServiceCollection> configureServices, Func<HttpContext, Task> testpath = null, Uri baseAddress = null)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(options);
-                    // app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookie2" });
-
-                    if (claimsTransform != null)
-                    {
-                        app.UseClaimsTransformation(claimsTransform);
-                    }
+                    app.UseAuthentication();
                     app.Use(async (context, next) =>
                     {
                         var req = context.Request;
@@ -1319,41 +1265,34 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         {
                             res.StatusCode = 200;
                         }
-                        else if (req.Path == new PathString("/protected"))
-                        {
-                            res.StatusCode = 401;
-                        }
                         else if (req.Path == new PathString("/forbid")) // Simulate forbidden 
                         {
-                            await context.Authentication.ForbidAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                            await context.ForbidAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                         }
                         else if (req.Path == new PathString("/challenge"))
                         {
-                            await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                            await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                         }
                         else if (req.Path == new PathString("/signout"))
                         {
-                            await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                            await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                         }
                         else if (req.Path == new PathString("/unauthorized"))
                         {
-                            await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
+                            await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
                         }
                         else if (req.Path == new PathString("/protected/CustomRedirect"))
                         {
-                            await context.Authentication.ChallengeAsync(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
+                            await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
                         }
                         else if (req.Path == new PathString("/me"))
                         {
-                            var authContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
-                            authContext.Authenticated(context.User, properties: null, description: null);
-                            Describe(res, authContext);
+                            Describe(res, AuthenticateResult.Success(new AuthenticationTicket(context.User, new AuthenticationProperties(), CookieAuthenticationDefaults.AuthenticationScheme)));
                         }
                         else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
                         {
-                            var authContext = new AuthenticateContext(remainder.Value.Substring(1));
-                            await context.Authentication.AuthenticateAsync(authContext);
-                            Describe(res, authContext);
+                            var ticket = await context.AuthenticateAsync(remainder.Value.Substring(1));
+                            Describe(res, ticket);
                         }
                         else if (req.Path == new PathString("/testpath") && testpath != null)
                         {
@@ -1365,24 +1304,24 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         }
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(configureServices);
             var server = new TestServer(builder);
             server.BaseAddress = baseAddress;
             return server;
         }
 
-        private static void Describe(HttpResponse res, AuthenticateContext result)
+        private static void Describe(HttpResponse res, AuthenticateResult result)
         {
             res.StatusCode = 200;
             res.ContentType = "text/xml";
             var xml = new XElement("xml");
-            if (result != null && result.Principal != null)
+            if (result != null && result?.Ticket?.Principal != null)
             {
-                xml.Add(result.Principal.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+                xml.Add(result.Ticket.Principal.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
             }
-            if (result != null && result.Properties != null)
+            if (result != null && result?.Ticket?.Properties != null)
             {
-                xml.Add(result.Properties.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
+                xml.Add(result.Ticket.Properties.Items.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
             }
             var xmlBytes = Encoding.UTF8.GetBytes(xml.ToString());
             res.Body.Write(xmlBytes, 0, xmlBytes.Length);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
new file mode 100644
index 0000000000..a152c735bb
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
@@ -0,0 +1,134 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Net;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class DynamicSchemeTests
+    {
+        [Fact]
+        public async Task CanAddAndRemoveSchemes()
+        {
+            var server = CreateServer();
+            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/One"));
+
+            // Add One scheme
+            var response = await server.CreateClient().GetAsync("http://example.com/add/One");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var transaction = await server.SendAsync("http://example.com/auth/One");
+            Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+
+            // Add Two scheme
+            response = await server.CreateClient().GetAsync("http://example.com/add/Two");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            transaction = await server.SendAsync("http://example.com/auth/Two");
+            Assert.Equal("Two", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "Two"));
+
+            // Remove Two
+            response = await server.CreateClient().GetAsync("http://example.com/remove/Two");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/Two"));
+            transaction = await server.SendAsync("http://example.com/auth/One");
+            Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+
+            // Remove One
+            response = await server.CreateClient().GetAsync("http://example.com/remove/One");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/Two"));
+            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/One"));
+
+        }
+
+        [Fact]
+        public async Task VerifyDefaultBehavior()
+        {
+            var server = CreateServer();
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth"));
+
+            var response = await server.CreateClient().GetAsync("http://example.com/add/One");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var transaction = await server.SendAsync("http://example.com/auth");
+            Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+            response = await server.CreateClient().GetAsync("http://example.com/add/Two");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+            // Default will blow up since now there's two
+            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth"));
+        }
+
+        private class TestHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+        {
+            public TestHandler(IOptionsSnapshot<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+            {
+            }
+
+            protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+            {
+                var principal = new ClaimsPrincipal();
+                var id = new ClaimsIdentity();
+                id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
+                principal.AddIdentity(id);
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
+            }
+        }
+
+        private static TestServer CreateServer(Action<AuthenticationOptions> configureAuth = null)
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+                        if (req.Path.StartsWithSegments(new PathString("/add"), out var remainder))
+                        {
+                            var name = remainder.Value.Substring(1);
+                            var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
+                            var scheme = new AuthenticationScheme(name, typeof(TestHandler));
+                            auth.AddScheme(scheme);
+                        }
+                        else if (req.Path.StartsWithSegments(new PathString("/auth"), out remainder))
+                        {
+                            var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
+                            var result = await context.AuthenticateAsync(name);
+                            res.Describe(result?.Ticket?.Principal);
+                        }
+                        else if (req.Path.StartsWithSegments(new PathString("/remove"), out remainder))
+                        {
+                            var name = remainder.Value.Substring(1);
+                            var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
+                            auth.RemoveScheme(name);
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
+                {
+                    if (configureAuth == null)
+                    {
+                        configureAuth = o => { };
+                    }
+                    services.AddAuthentication(configureAuth);
+                });
+            return new TestServer(builder);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
similarity index 53%
rename from test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 4d6cabaf1b..79066e48b5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -14,53 +15,145 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
 using Newtonsoft.Json;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Facebook
 {
-    public class FacebookMiddlewareTests
+    public class FacebookTests
     {
+        [Fact]
+        public void AddCanBindAgainstDefaultConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Facebook:AppId", "<id>"},
+                {"Facebook:AppSecret", "<secret>"},
+                {"Facebook:AuthorizationEndpoint", "<authEndpoint>"},
+                {"Facebook:BackchannelTimeout", "0.0:0:30"},
+                //{"Facebook:CallbackPath", "/callbackpath"}, // PathString doesn't convert
+                {"Facebook:ClaimsIssuer", "<issuer>"},
+                {"Facebook:DisplayName", "<display>"},
+                {"Facebook:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Facebook:SaveTokens", "true"},
+                {"Facebook:SendAppSecretProof", "true"},
+                {"Facebook:SignInScheme", "<signIn>"},
+                {"Facebook:TokenEndpoint", "<tokenEndpoint>"},
+                {"Facebook:UserInformationEndpoint", "<userEndpoint>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddFacebookAuthentication().AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<FacebookOptions>>().Get(FacebookDefaults.AuthenticationScheme);
+            Assert.Equal("<id>", options.AppId);
+            Assert.Equal("<secret>", options.AppSecret);
+            Assert.Equal("<authEndpoint>", options.AuthorizationEndpoint);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
+            Assert.Equal("<issuer>", options.ClaimsIssuer);
+            Assert.Equal("<id>", options.ClientId);
+            Assert.Equal("<secret>", options.ClientSecret);
+            Assert.Equal("<display>", options.DisplayName);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
+            Assert.True(options.SaveTokens);
+            Assert.True(options.SendAppSecretProof);
+            Assert.Equal("<signIn>", options.SignInScheme);
+            Assert.Equal("<tokenEndpoint>", options.TokenEndpoint);
+            Assert.Equal("<userEndpoint>", options.UserInformationEndpoint);
+        }
+
+        [Fact]
+        public void AddWithDelegateIgnoresConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Facebook:AppId", "<id>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddFacebookAuthentication(o => o.SaveTokens = false).AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<FacebookOptions>>().Get(FacebookDefaults.AuthenticationScheme);
+            Assert.Null(options.AppId);
+            Assert.False(options.SaveTokens);
+        }
+
+        [Fact]
+        public async Task ThrowsIfAppIdMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddFacebookAuthentication(o => o.SignInScheme = "Whatever"),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("AppId", () => context.ChallengeAsync("Facebook").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task ThrowsIfAppSecretMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddFacebookAuthentication(o => o.AppId = "Whatever"),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("AppSecret", () => context.ChallengeAsync("Facebook").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication(new FacebookOptions
+                    app.UseAuthentication();
+                },
+                services =>
+                {
+                    services.AddAuthentication(options =>
                     {
-                        AppId = "Test App Id",
-                        AppSecret = "Test App Secret",
-                        Events = new OAuthEvents
+                        options.DefaultSignInScheme = "External";
+                        options.DefaultAuthenticateScheme = "External";
+                    });
+                    services.AddCookieAuthentication("External", o => { });
+                    services.AddFacebookAuthentication(o =>
+                    {
+                        o.AppId = "Test App Id";
+                        o.AppSecret = "Test App Secret";
+                        o.Events = new OAuthEvents
                         {
                             OnRedirectToAuthorizationEndpoint = context =>
                             {
                                 context.Response.Redirect(context.RedirectUri + "&custom=test");
                                 return Task.FromResult(0);
                             }
-                        }
-                    });
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = "External",
-                        AutomaticAuthenticate = true
-                    });
-                },
-                services =>
-                {
-                    services.AddAuthentication(options =>
-                    {
-                        options.SignInScheme = "External";
+                        };
                     });
                 },
                 context =>
                 {
                     // REVIEW: Gross.
-                    context.Authentication.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -72,18 +165,23 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         [Fact]
         public async Task NestedMapWillNotAffectRedirect()
         {
-            var server = CreateServer(app =>
-                app.Map("/base", map => {
-                    map.UseFacebookAuthentication(new FacebookOptions
-                    {
-                        AppId = "Test App Id",
-                        AppSecret = "Test App Secret",
-                        SignInScheme = "External"
-                    });
-                    map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
-                }),
-                services => services.AddAuthentication(),
-                handler: null);
+            var server = CreateServer(app => app.Map("/base", map =>
+            {
+                map.UseAuthentication();
+                map.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+            }),
+            services =>
+            {
+                services.AddCookieAuthentication("External", o => { });
+                services.AddFacebookAuthentication(o =>
+                {
+                    o.AppId = "Test App Id";
+                    o.AppSecret = "Test App Secret";
+                    o.SignInScheme = "External";
+                });
+            },
+            handler: null);
+
             var transaction = await server.SendAsync("http://example.com/base/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
@@ -101,15 +199,19 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseFacebookAuthentication(new FacebookOptions
-                    {
-                        AppId = "Test App Id",
-                        AppSecret = "Test App Secret",
-                        SignInScheme = "External"
-                    });
-                    app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+                    app.UseAuthentication();
+                    app.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+                },
+                services =>
+                {
+                    services.AddCookieAuthentication("External", o => { });
+                    services.AddFacebookAuthentication(o =>
+                    {
+                        o.AppId = "Test App Id";
+                        o.AppSecret = "Test App Secret";
+                        o.SignInScheme = "External";
+                    });
                 },
-                services => services.AddAuthentication(),
                 handler: null);
             var transaction = await server.SendAsync("http://example.com/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -126,26 +228,24 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         public async Task ChallengeWillTriggerRedirection()
         {
             var server = CreateServer(
-                app =>
-                {
-                    app.UseFacebookAuthentication(new FacebookOptions
-                    {
-                        AppId = "Test App Id",
-                        AppSecret = "Test App Secret"
-                    });
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = "External"
-                    });
-                },
+                app => app.UseAuthentication(),
                 services =>
                 {
-                    services.AddAuthentication(options => options.SignInScheme = "External");
+                    services.AddAuthentication(options =>
+                    {
+                        options.DefaultSignInScheme = "External";
+                    });
+                    services.AddCookieAuthentication();
+                    services.AddFacebookAuthentication(o =>
+                    {
+                        o.AppId = "Test App Id";
+                        o.AppSecret = "Test App Secret";
+                    });
                 },
                 context =>
                 {
                     // REVIEW: gross
-                    context.Authentication.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -168,14 +268,23 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var server = CreateServer(
                 app =>
                 {
-                    app.UseCookieAuthentication();
-                    app.UseFacebookAuthentication(new FacebookOptions
+                    app.UseAuthentication();
+                },
+                services =>
+                {
+                    services.AddAuthentication(options =>
                     {
-                        AppId = "Test App Id",
-                        AppSecret = "Test App Secret",
-                        StateDataFormat = stateFormat,
-                        UserInformationEndpoint = customUserInfoEndpoint,
-                        BackchannelHttpHandler = new TestHttpMessageHandler
+                        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                    });
+                    services.AddCookieAuthentication();
+                    services.AddFacebookAuthentication(o => 
+                    {
+                        o.AppId = "Test App Id";
+                        o.AppSecret = "Test App Secret";
+                        o.StateDataFormat = stateFormat;
+                        o.UserInformationEndpoint = customUserInfoEndpoint;
+                        o.BackchannelHttpHandler = new TestHttpMessageHandler
                         {
                             Sender = req =>
                             {
@@ -204,13 +313,10 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                                 }
                                 return null;
                             }
-                        }
+                        };
                     });
                 },
-                services =>
-                {
-                    services.AddAuthentication(options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
-                }, handler: null);
+                handler: null);
 
             var properties = new AuthenticationProperties();
             var correlationKey = ".xsrf";
@@ -233,10 +339,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    if (configure != null)
-                    {
-                        configure(app);
-                    }
+                    configure?.Invoke(app);
                     app.Use(async (context, next) =>
                     {
                         if (handler == null || !handler(context))
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
similarity index 79%
rename from test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 090f9f1210..77ddcc7efc 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -14,25 +14,83 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
 using Newtonsoft.Json;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Google
 {
-    public class GoogleMiddlewareTests
+    public class GoogleTests
     {
+        [Fact]
+        public void AddCanBindAgainstDefaultConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Google:ClientId", "<id>"},
+                {"Google:ClientSecret", "<secret>"},
+                {"Google:AuthorizationEndpoint", "<authEndpoint>"},
+                {"Google:BackchannelTimeout", "0.0:0:30"},
+                //{"Google:CallbackPath", "/callbackpath"}, // PathString doesn't convert
+                {"Google:ClaimsIssuer", "<issuer>"},
+                {"Google:DisplayName", "<display>"},
+                {"Google:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Google:SaveTokens", "true"},
+                {"Google:SendAppSecretProof", "true"},
+                {"Google:SignInScheme", "<signIn>"},
+                {"Google:TokenEndpoint", "<tokenEndpoint>"},
+                {"Google:UserInformationEndpoint", "<userEndpoint>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddGoogleAuthentication().AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<GoogleOptions>>().Get(GoogleDefaults.AuthenticationScheme);
+            Assert.Equal("<authEndpoint>", options.AuthorizationEndpoint);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
+            Assert.Equal("<issuer>", options.ClaimsIssuer);
+            Assert.Equal("<id>", options.ClientId);
+            Assert.Equal("<secret>", options.ClientSecret);
+            Assert.Equal("<display>", options.DisplayName);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
+            Assert.True(options.SaveTokens);
+            Assert.Equal("<signIn>", options.SignInScheme);
+            Assert.Equal("<tokenEndpoint>", options.TokenEndpoint);
+            Assert.Equal("<userEndpoint>", options.UserInformationEndpoint);
+        }
+
+        [Fact]
+        public void AddWithDelegateIgnoresConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Google:ClientId", "<id>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddGoogleAuthentication(o => o.SaveTokens = false).AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<GoogleOptions>>().Get(GoogleDefaults.AuthenticationScheme);
+            Assert.Null(options.ClientId);
+            Assert.False(options.SaveTokens);
+        }
+
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -53,10 +111,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task SignInThrows()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -65,10 +123,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task SignOutThrows()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -77,66 +135,46 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task ForbidThrows()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
         [Fact]
-        public async Task Challenge401WillTriggerRedirection()
+        public async Task Challenge401WillNotTriggerRedirection()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                AutomaticChallenge = true
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/401");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            var location = transaction.Response.Headers.Location.ToString();
-            Assert.Contains("https://accounts.google.com/o/oauth2/auth?response_type=code", location);
-            Assert.Contains("&client_id=", location);
-            Assert.Contains("&redirect_uri=", location);
-            Assert.Contains("&scope=", location);
-            Assert.Contains("&state=", location);
+            Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
         }
 
         [Fact]
         public async Task ChallengeWillSetCorrelationCookie()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.Google."));
         }
 
-        [Fact]
-        public async Task Challenge401WillSetCorrelationCookie()
-        {
-            var server = CreateServer(new GoogleOptions
-            {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                AutomaticChallenge = true
-            });
-            var transaction = await server.SendAsync("https://example.com/401");
-            Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.Google."));
-        }
-
         [Fact]
         public async Task ChallengeWillSetDefaultScope()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -144,29 +182,14 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Contains("&scope=" + UrlEncoder.Default.Encode("openid profile email"), query);
         }
 
-        [Fact]
-        public async Task Challenge401WillSetDefaultScope()
-        {
-            var server = CreateServer(new GoogleOptions
-            {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                AutomaticChallenge = true
-            });
-            var transaction = await server.SendAsync("https://example.com/401");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            var query = transaction.Response.Headers.Location.Query;
-            Assert.Contains("&scope=" + UrlEncoder.Default.Encode("openid profile email"), query);
-        }
-
         [Fact]
         public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                AutomaticChallenge = true
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                //AutomaticChallenge = true
             },
             context =>
                 {
@@ -174,7 +197,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                     var res = context.Response;
                     if (req.Path == new PathString("/challenge2"))
                     {
-                        return context.Authentication.ChallengeAsync("Google", new AuthenticationProperties(
+                        return context.ChallengeAsync("Google", new AuthenticationProperties(
                             new Dictionary<string, string>()
                             {
                                 { "scope", "https://www.googleapis.com/auth/plus.login" },
@@ -202,18 +225,18 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                Events = new OAuthEvents
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.Events = new OAuthEvents
                 {
                     OnRedirectToAuthorizationEndpoint = context =>
                     {
                         context.Response.Redirect(context.RedirectUri + "&custom=test");
                         return Task.FromResult(0);
                     }
-                }
+                };
             });
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -224,10 +247,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task AuthenticateWithoutCookieWillFail()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             },
             async context =>
             {
@@ -235,9 +258,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 var res = context.Response;
                 if (req.Path == new PathString("/auth"))
                 {
-                    var auth = new AuthenticateContext("Google");
-                    await context.Authentication.AuthenticateAsync(auth);
-                    Assert.NotNull(auth.Error);
+                    var result = await context.AuthenticateAsync("Google");
+                    Assert.NotNull(result.Failure);
                 }
             });
             var transaction = await server.SendAsync("https://example.com/auth");
@@ -247,10 +269,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
             var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-google?code=TestCode"));
             Assert.Equal("The oauth state was missing or invalid.", error.GetBaseException().Message);
@@ -261,11 +283,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [InlineData(false)]
         public async Task ReplyPathWithErrorFails(bool redirect)
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                Events = redirect ? new OAuthEvents()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.Events = redirect ? new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -273,7 +295,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                } : new OAuthEvents()
+                } : new OAuthEvents();
             });
             var sendTask = server.SendAsync("https://example.com/signin-google?error=OMG&error_description=SoBad&error_uri=foobar");
             if (redirect)
@@ -295,14 +317,17 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState(string claimsIssuer)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                SaveTokens = true,
-                StateDataFormat = stateFormat,
-                ClaimsIssuer = claimsIssuer,
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.SaveTokens = true;
+                o.StateDataFormat = stateFormat;
+                if (claimsIssuer != null)
+                {
+                    o.ClaimsIssuer = claimsIssuer;
+                }
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -340,7 +365,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                }
+                };
             });
 
             var properties = new AuthenticationProperties();
@@ -385,20 +410,20 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task ReplyPathWillThrowIfCodeIsInvalid(bool redirect)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
                         return ReturnJsonResponse(new { Error = "Error" },
                             HttpStatusCode.BadRequest);
                     }
-                },
-                Events = redirect ? new OAuthEvents()
+                };
+                o.Events = redirect ? new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -406,7 +431,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                } : new OAuthEvents()
+                } : new OAuthEvents();
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".xsrf";
@@ -438,19 +463,19 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task ReplyPathWillRejectIfAccessTokenIsMissing(bool redirect)
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
                         return ReturnJsonResponse(new object());
                     }
-                },
-                Events = redirect ? new OAuthEvents()
+                };
+                o.Events = redirect ? new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -458,7 +483,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                } : new OAuthEvents()
+                } : new OAuthEvents();
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".xsrf";
@@ -487,12 +512,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -531,8 +556,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                },
-                Events = new OAuthEvents
+                };
+                o.Events = new OAuthEvents
                 {
                     OnCreatingTicket = context =>
                     {
@@ -540,7 +565,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
                         return Task.FromResult(0);
                     }
-                }
+                };
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".xsrf";
@@ -567,12 +592,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task NullRedirectUriWillRedirectToSlash()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -611,15 +636,15 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                },
-                Events = new OAuthEvents
+                };
+                o.Events = new OAuthEvents
                 {
                     OnTicketReceived = context =>
                     {
                         context.Ticket.Properties.RedirectUri = null;
                         return Task.FromResult(0);
                     }
-                }
+                };
             });
             var properties = new AuthenticationProperties();
             var correlationKey = ".xsrf";
@@ -640,13 +665,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task ValidateAuthenticatedContext()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                StateDataFormat = stateFormat,
-                AccessType = "offline",
-                Events = new OAuthEvents()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.AccessType = "offline";
+                o.Events = new OAuthEvents()
                 {
                     OnCreatingTicket = context =>
                     {
@@ -661,8 +686,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         Assert.Equal(context.Identity.FindFirst(ClaimTypes.GivenName)?.Value, "Test Given Name");
                         return Task.FromResult(0);
                     }
-                },
-                BackchannelHttpHandler = new TestHttpMessageHandler
+                };
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
                     Sender = req =>
                     {
@@ -701,7 +726,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
                         throw new NotImplementedException(req.RequestUri.AbsoluteUri);
                     }
-                }
+                };
             });
 
             var properties = new AuthenticationProperties();
@@ -723,10 +748,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task NoStateCausesException()
         {
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
             });
 
             //Post a message to the Google middleware
@@ -738,11 +763,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task CanRedirectOnError()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                Events = new OAuthEvents()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.Events = new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
                     {
@@ -750,7 +775,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         ctx.HandleResponse();
                         return Task.FromResult(0);
                     }
-                }
+                };
             });
 
             //Post a message to the Google middleware
@@ -766,13 +791,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task AuthenticateAutomaticWhenAlreadySignedInSucceeds()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                SaveTokens = true,
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = CreateBackchannel()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.SaveTokens = true;
+                o.BackchannelHttpHandler = CreateBackchannel();
             });
 
             // Skip the challenge step, go directly to the callback path
@@ -809,13 +834,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task AuthenticateGoogleWhenAlreadySignedInSucceeds()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                SaveTokens = true,
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = CreateBackchannel()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.SaveTokens = true;
+                o.BackchannelHttpHandler = CreateBackchannel();
             });
 
             // Skip the challenge step, go directly to the callback path
@@ -852,13 +877,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task ChallengeGoogleWhenAlreadySignedInReturnsForbidden()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                SaveTokens = true,
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = CreateBackchannel()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.SaveTokens = true;
+                o.BackchannelHttpHandler = CreateBackchannel();
             });
 
             // Skip the challenge step, go directly to the callback path
@@ -888,13 +913,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task AuthenticateFacebookWhenAlreadySignedWithGoogleReturnsNull()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                SaveTokens = true,
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = CreateBackchannel()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.SaveTokens = true;
+                o.BackchannelHttpHandler = CreateBackchannel();
             });
 
             // Skip the challenge step, go directly to the callback path
@@ -924,13 +949,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
         public async Task ChallengeFacebookWhenAlreadySignedWithGoogleSucceeds()
         {
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(new GoogleOptions
+            var server = CreateServer(o =>
             {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret",
-                SaveTokens = true,
-                StateDataFormat = stateFormat,
-                BackchannelHttpHandler = CreateBackchannel()
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+                o.SaveTokens = true;
+                o.BackchannelHttpHandler = CreateBackchannel();
             });
 
             // Skip the challenge step, go directly to the callback path
@@ -1007,46 +1032,42 @@ namespace Microsoft.AspNetCore.Authentication.Google
             return res;
         }
 
-        private static TestServer CreateServer(GoogleOptions options, Func<HttpContext, Task> testpath = null)
+        private class ClaimsTransformer : IClaimsTransformation
+        {
+            public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal p)
+            {
+                if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+                {
+                    var id = new ClaimsIdentity("xform");
+                    id.AddClaim(new Claim("xform", "yup"));
+                    p.AddIdentity(id);
+                }
+                return Task.FromResult(p);
+            }
+        }
+
+        private static TestServer CreateServer(Action<GoogleOptions> configureOptions, Func<HttpContext, Task> testpath = null)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = TestExtensions.CookieAuthenticationScheme,
-                        AutomaticAuthenticate = true
-                    });
-                    app.UseGoogleAuthentication(options);
-                    app.UseFacebookAuthentication(new FacebookOptions()
-                    {
-                        AppId = "Test AppId",
-                        AppSecret = "Test AppSecrent",
-                    });
-                    app.UseClaimsTransformation(context =>
-                    {
-                        var id = new ClaimsIdentity("xform");
-                        id.AddClaim(new Claim("xform", "yup"));
-                        context.Principal.AddIdentity(id);
-                        return Task.FromResult(context.Principal);
-                    });
+                    app.UseAuthentication();
                     app.Use(async (context, next) =>
                     {
                         var req = context.Request;
                         var res = context.Response;
                         if (req.Path == new PathString("/challenge"))
                         {
-                            await context.Authentication.ChallengeAsync("Google");
+                            await context.ChallengeAsync("Google");
                         }
                         else if (req.Path == new PathString("/challengeFacebook"))
                         {
-                            await context.Authentication.ChallengeAsync("Facebook");
+                            await context.ChallengeAsync("Facebook");
                         }
                         else if (req.Path == new PathString("/tokens"))
                         {
-                            var authContext = new AuthenticateContext(TestExtensions.CookieAuthenticationScheme);
-                            await context.Authentication.AuthenticateAsync(authContext);
-                            var tokens = new AuthenticationProperties(authContext.Properties).GetTokens();
+                            var result = await context.AuthenticateAsync(TestExtensions.CookieAuthenticationScheme);
+                            var tokens = result.Ticket.Properties.GetTokens();
                             res.Describe(tokens);
                         }
                         else if (req.Path == new PathString("/me"))
@@ -1055,29 +1076,29 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         }
                         else if (req.Path == new PathString("/authenticate"))
                         {
-                            var user = await context.Authentication.AuthenticateAsync(Http.Authentication.AuthenticationManager.AutomaticScheme);
-                            res.Describe(user);
+                            var result = await context.AuthenticateAsync(TestExtensions.CookieAuthenticationScheme);
+                            res.Describe(result.Ticket.Principal);
                         }
                         else if (req.Path == new PathString("/authenticateGoogle"))
                         {
-                            var user = await context.Authentication.AuthenticateAsync("Google");
-                            res.Describe(user);
+                            var result = await context.AuthenticateAsync("Google");
+                            res.Describe(result?.Ticket?.Principal);
                         }
                         else if (req.Path == new PathString("/authenticateFacebook"))
                         {
-                            var user = await context.Authentication.AuthenticateAsync("Facebook");
-                            res.Describe(user);
+                            var result = await context.AuthenticateAsync("Facebook");
+                            res.Describe(result?.Ticket?.Principal);
                         }
                         else if (req.Path == new PathString("/unauthorized"))
                         {
                             // Simulate Authorization failure 
-                            var result = await context.Authentication.AuthenticateAsync("Google");
-                            await context.Authentication.ChallengeAsync("Google");
+                            var result = await context.AuthenticateAsync("Google");
+                            await context.ChallengeAsync("Google");
                         }
                         else if (req.Path == new PathString("/unauthorizedAuto"))
                         {
-                            var result = await context.Authentication.AuthenticateAsync("Google");
-                            await context.Authentication.ChallengeAsync();
+                            var result = await context.AuthenticateAsync("Google");
+                            await context.ChallengeAsync("Google");
                         }
                         else if (req.Path == new PathString("/401"))
                         {
@@ -1085,15 +1106,15 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         }
                         else if (req.Path == new PathString("/signIn"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Google", new ClaimsPrincipal()));
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync("Google", new ClaimsPrincipal()));
                         }
                         else if (req.Path == new PathString("/signOut"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Google"));
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync("Google"));
                         }
                         else if (req.Path == new PathString("/forbid"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Google"));
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.ForbidAsync("Google"));
                         }
                         else if (testpath != null)
                         {
@@ -1107,7 +1128,20 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication(authOptions => authOptions.SignInScheme = TestExtensions.CookieAuthenticationScheme);
+                    services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
+                    services.AddAuthentication(o =>
+                    {
+                        o.DefaultAuthenticateScheme = TestExtensions.CookieAuthenticationScheme;
+                        o.DefaultSignInScheme = TestExtensions.CookieAuthenticationScheme;
+                        o.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
+                    });
+                    services.AddCookieAuthentication(TestExtensions.CookieAuthenticationScheme);
+                    services.AddGoogleAuthentication(configureOptions);
+                    services.AddFacebookAuthentication(o =>
+                    {
+                        o.AppId = "Test AppId";
+                        o.AppSecret = "Test AppSecrent";
+                    });
                 });
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
similarity index 75%
rename from test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index c0d2ddba5b..08098622ca 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -13,30 +14,84 @@ using System.Xml.Linq;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.AspNetCore.Testing.xunit;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class JwtBearerMiddlewareTests
+    public class JwtBearerTests
     {
+        [Fact]
+        public void AddCanBindAgainstDefaultConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Bearer:Audience", "<audience>"},
+                {"Bearer:Authority", "<authority>"},
+                {"Bearer:BackchannelTimeout", "0.0:0:30"},
+                {"Bearer:Challenge", "<challenge>"},
+                {"Bearer:ClaimsIssuer", "<issuer>"},
+                {"Bearer:DisplayName", "<display>"},
+                {"Bearer:IncludeErrorDetails", "true"},
+                {"Bearer:MetadataAddress", "<metadata>"},
+                {"Bearer:RefreshOnIssuerKeyNotFound", "true"},
+                {"Bearer:RequireHttpsMetadata", "true"},
+                {"Bearer:SaveToken", "true"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddJwtBearerAuthentication().AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<JwtBearerOptions>>().Get(JwtBearerDefaults.AuthenticationScheme);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+            Assert.Equal("<audience>", options.Audience);
+            Assert.Equal("<authority>", options.Authority);
+            Assert.Equal("<challenge>", options.Challenge);
+            Assert.Equal("<issuer>", options.ClaimsIssuer);
+            Assert.Equal("<display>", options.DisplayName);
+            Assert.True(options.IncludeErrorDetails);
+            Assert.Equal("<metadata>", options.MetadataAddress);
+            Assert.True(options.RefreshOnIssuerKeyNotFound);
+            Assert.True(options.RequireHttpsMetadata);
+            Assert.True(options.SaveToken);
+        }
+
+        [Fact]
+        public void AddWithDelegateIgnoresConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Bearer:Audience", "<audience>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddJwtBearerAuthentication(o => o.IncludeErrorDetails = true).AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<JwtBearerOptions>>().Get(JwtBearerDefaults.AuthenticationScheme);
+            Assert.Null(options.Audience);
+            Assert.True(options.IncludeErrorDetails);
+        }
+
         [ConditionalFact(Skip = "Need to remove dependency on AAD since the generated tokens will expire")]
         [FrameworkSkipCondition(RuntimeFrameworks.Mono)]
         // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/179
         public async Task BearerTokenValidation()
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(o =>
             {
-                Authority = "https://login.windows.net/tushartest.onmicrosoft.com",
-                Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt"
-            };
-            options.TokenValidationParameters.ValidateLifetime = false;
-            var server = CreateServer(options);
+                o.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
+                o.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
+                o.TokenValidationParameters.ValidateLifetime = false;
+            });
 
             var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
             var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
@@ -46,7 +101,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task SignInThrows()
         {
-            var server = CreateServer(new JwtBearerOptions());
+            var server = CreateServer();
             var transaction = await server.SendAsync("https://example.com/signIn");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
@@ -54,7 +109,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task SignOutThrows()
         {
-            var server = CreateServer(new JwtBearerOptions());
+            var server = CreateServer();
             var transaction = await server.SendAsync("https://example.com/signOut");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
@@ -62,9 +117,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task ThrowAtAuthenticationFailedEvent()
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(o =>
             {
-                Events = new JwtBearerEvents
+                o.Events = new JwtBearerEvents
                 {
                     OnAuthenticationFailed = context =>
                     {
@@ -76,12 +131,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         context.Token = "something";
                         return Task.FromResult(0);
                     }
-                }
-            };
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Insert(0, new InvalidTokenValidator());
-
-            var server = CreateServer(options, async (context, next) =>
+                };
+                o.SecurityTokenValidators.Clear();
+                o.SecurityTokenValidators.Insert(0, new InvalidTokenValidator());
+            },
+            async (context, next) =>
             {
                 try
                 {
@@ -103,9 +157,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task CustomHeaderReceived()
         {
-            var server = CreateServer(new JwtBearerOptions
+            var server = CreateServer(o =>
             {
-                Events = new JwtBearerEvents()
+                o.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -117,14 +171,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         };
 
                         context.Ticket = new AuthenticationTicket(
-                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                            new AuthenticationProperties(), context.Options.AuthenticationScheme);
+                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name)),
+                            new AuthenticationProperties(), context.Scheme.Name);
 
                         context.HandleResponse();
 
                         return Task.FromResult<object>(null);
                     }
-                }
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "someHeader someblob");
@@ -135,7 +189,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task NoHeaderReceived()
         {
-            var server = CreateServer(new JwtBearerOptions());
+            var server = CreateServer();
             var response = await SendAsync(server, "http://example.com/oauth");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
@@ -143,7 +197,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task HeaderWithoutBearerReceived()
         {
-            var server = CreateServer(new JwtBearerOptions());
+            var server = CreateServer();
             var response = await SendAsync(server, "http://example.com/oauth", "Token");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
@@ -151,8 +205,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task UnrecognizedTokenReceived()
         {
-            var server = CreateServer(new JwtBearerOptions());
-
+            var server = CreateServer();
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
             Assert.Equal("", response.ResponseText);
@@ -161,10 +214,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task InvalidTokenReceived()
         {
-            var options = new JwtBearerOptions();
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new InvalidTokenValidator());
-            var server = CreateServer(options);
+            var server = CreateServer(options =>
+            {
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new InvalidTokenValidator());
+            });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -183,10 +237,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [InlineData(typeof(SecurityTokenSignatureKeyNotFoundException), "The signature key was not found")]
         public async Task ExceptionReportedInHeaderForAuthenticationFailures(Type errorType, string message)
         {
-            var options = new JwtBearerOptions();
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
-            var server = CreateServer(options);
+            var server = CreateServer(options =>
+            {
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
+            });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -198,10 +253,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [InlineData(typeof(ArgumentException))]
         public async Task ExceptionNotReportedInHeaderForOtherFailures(Type errorType)
         {
-            var options = new JwtBearerOptions();
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
-            var server = CreateServer(options);
+            var server = CreateServer(options =>
+            {
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
+            });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -212,11 +268,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task ExceptionsReportedInHeaderForMultipleAuthenticationFailures()
         {
-            var options = new JwtBearerOptions();
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenInvalidAudienceException)));
-            options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenSignatureKeyNotFoundException)));
-            var server = CreateServer(options);
+            var server = CreateServer(options =>
+            {
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenInvalidAudienceException)));
+                options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenSignatureKeyNotFoundException)));
+            });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -234,9 +291,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [InlineData(null, null, "custom_uri")]
         public async Task ExceptionsReportedInHeaderExposesUserDefinedError(string error, string description, string uri)
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents
+                options.Events = new JwtBearerEvents
                 {
                     OnChallenge = context =>
                     {
@@ -246,15 +303,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                         return Task.FromResult(0);
                     }
-                }
-            };
-            var server = CreateServer(options);
+                };
+            });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
             Assert.Equal("", response.ResponseText);
 
-            var builder = new StringBuilder(options.Challenge);
+            var builder = new StringBuilder(JwtBearerDefaults.AuthenticationScheme);
 
             if (!string.IsNullOrEmpty(error))
             {
@@ -292,9 +348,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task ExceptionNotReportedInHeaderWhenIncludeErrorDetailsIsFalse()
         {
-            var server = CreateServer(new JwtBearerOptions
+            var server = CreateServer(o =>
             {
-                IncludeErrorDetails = false
+                o.IncludeErrorDetails = false;
             });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
@@ -306,7 +362,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task ExceptionNotReportedInHeaderWhenTokenWasMissing()
         {
-            var server = CreateServer(new JwtBearerOptions());
+            var server = CreateServer();
 
             var response = await SendAsync(server, "http://example.com/oauth");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -317,9 +373,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task CustomTokenValidated()
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
                     {
@@ -339,11 +395,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                         return Task.FromResult<object>(null);
                     }
-                }
-            };
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme));
-            var server = CreateServer(options);
+                };
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator(JwtBearerDefaults.AuthenticationScheme));
+            });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -353,23 +408,22 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task RetrievingTokenFromAlternateLocation()
         {
-            var options = new JwtBearerOptions()
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
                         context.Token = "CustomToken";
                         return Task.FromResult<object>(null);
                     }
-                }
-            };
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT", token =>
-            {
-                Assert.Equal("CustomToken", token);
-            }));
-            var server = CreateServer(options);
+                };
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT", token =>
+                {
+                    Assert.Equal("CustomToken", token);
+                }));
+            });
 
             var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -379,10 +433,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task BearerTurns401To403IfAuthenticated()
         {
-            var options = new JwtBearerOptions();
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-            var server = CreateServer(options);
+            var server = CreateServer(options =>
+            {
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            });
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
             Assert.Equal(HttpStatusCode.Forbidden, response.Response.StatusCode);
@@ -391,22 +446,21 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task BearerDoesNothingTo401IfNotAuthenticated()
         {
-            var server = CreateServer(new JwtBearerOptions());
-
+            var server = CreateServer();
             var response = await SendAsync(server, "http://example.com/unauthorized");
             Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
         }
 
         [Fact]
-        public async Task EventOnMessageReceivedSkipped_NoMoreEventsExecuted()
+        public async Task EventOnMessageReceivedSkip_NoMoreEventsExecuted()
         {
-            var server = CreateServer(new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
-                        context.SkipToNextMiddleware();
+                        context.Skip();
                         return Task.FromResult(0);
                     },
                     OnTokenValidated = context =>
@@ -421,7 +475,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                }
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
@@ -432,9 +486,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task EventOnMessageReceivedHandled_NoMoreEventsExecuted()
         {
-            var server = CreateServer(new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnMessageReceived = context =>
                     {
@@ -454,7 +508,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                }
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
@@ -463,15 +517,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public async Task EventOnTokenValidatedSkipped_NoMoreEventsExecuted()
+        public async Task EventOnTokenValidatedSkip_NoMoreEventsExecuted()
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
                     {
-                        context.SkipToNextMiddleware();
+                        context.Skip();
                         return Task.FromResult(0);
                     },
                     OnAuthenticationFailed = context =>
@@ -482,11 +536,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                }
-            };
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-            var server = CreateServer(options);
+                };
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -496,9 +549,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task EventOnTokenValidatedHandled_NoMoreEventsExecuted()
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
                     {
@@ -514,11 +567,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                }
-            };
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-            var server = CreateServer(options);
+                };
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
             Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
@@ -526,11 +578,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public async Task EventOnAuthenticationFailedSkipped_NoMoreEventsExecuted()
+        public async Task EventOnAuthenticationFailedSkip_NoMoreEventsExecuted()
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
                     {
@@ -538,18 +590,17 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     },
                     OnAuthenticationFailed = context =>
                     {
-                        context.SkipToNextMiddleware();
+                        context.Skip();
                         return Task.FromResult(0);
                     },
                     OnChallenge = context =>
                     {
                         throw new NotImplementedException();
                     },
-                }
-            };
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-            var server = CreateServer(options);
+                };
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -559,9 +610,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task EventOnAuthenticationFailedHandled_NoMoreEventsExecuted()
         {
-            var options = new JwtBearerOptions
+            var server = CreateServer(options =>
             {
-                Events = new JwtBearerEvents()
+                options.Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = context =>
                     {
@@ -577,11 +628,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     {
                         throw new NotImplementedException();
                     },
-                }
-            };
-            options.SecurityTokenValidators.Clear();
-            options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-            var server = CreateServer(options);
+                };
+                options.SecurityTokenValidators.Clear();
+                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+            });
 
             var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
             Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
@@ -589,18 +639,18 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public async Task EventOnChallengeSkipped_ResponseNotModified()
+        public async Task EventOnChallengeSkip_ResponseNotModified()
         {
-            var server = CreateServer(new JwtBearerOptions
+            var server = CreateServer(o =>
             {
-                Events = new JwtBearerEvents()
+                o.Events = new JwtBearerEvents()
                 {
                     OnChallenge = context =>
                     {
-                        context.SkipToNextMiddleware();
+                        context.Skip();
                         return Task.FromResult(0);
                     },
-                }
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
@@ -609,12 +659,13 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(string.Empty, response.ResponseText);
         }
 
+
         [Fact]
         public async Task EventOnChallengeHandled_ResponseNotModified()
         {
-            var server = CreateServer(new JwtBearerOptions
+            var server = CreateServer(o =>
             {
-                Events = new JwtBearerEvents()
+                o.Events = new JwtBearerEvents()
                 {
                     OnChallenge = context =>
                     {
@@ -622,7 +673,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         context.Response.StatusCode = StatusCodes.Status202Accepted;
                         return Task.FromResult(0);
                     },
-                }
+                };
             });
 
             var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
@@ -699,10 +750,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
             {
                 validatedToken = null;
-                if (_tokenValidator != null)
-                {
-                    _tokenValidator(securityToken);
-                }
+                _tokenValidator?.Invoke(securityToken);
 
                 var claims = new[]
                 {
@@ -717,12 +765,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
         }
 
-        private static TestServer CreateServer(JwtBearerOptions options)
-        {
-            return CreateServer(options, handlerBeforeAuth: null);
-        }
-
-        private static TestServer CreateServer(JwtBearerOptions options, Func<HttpContext, Func<Task>, Task> handlerBeforeAuth)
+        private static TestServer CreateServer(Action<JwtBearerOptions> options = null, Func<HttpContext, Func<Task>, Task> handlerBeforeAuth = null)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
@@ -732,20 +775,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         app.Use(handlerBeforeAuth);
                     }
 
-                    if (options != null)
-                    {
-                        app.UseJwtBearerAuthentication(options);
-                    }
-
+                    app.UseAuthentication();
                     app.Use(async (context, next) =>
                     {
                         if (context.Request.Path == new PathString("/checkforerrors"))
                         {
-                            var authContext = new AuthenticateContext(Http.Authentication.AuthenticationManager.AutomaticScheme);
-                            await context.Authentication.AuthenticateAsync(authContext);
-                            if (authContext.Error != null)
+                            var result = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme); // this used to be "Automatic"
+                            if (result.Failure != null)
                             {
-                                throw new Exception("Failed to authenticate", authContext.Error);
+                                throw new Exception("Failed to authenticate", result.Failure);
                             }
                             return;
                         }
@@ -756,7 +794,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                                 !context.User.Identity.IsAuthenticated)
                             {
                                 context.Response.StatusCode = 401;
-
+                                // REVIEW: no more automatic challenge
+                                await context.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
                                 return;
                             }
 
@@ -764,7 +803,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                             if (identifier == null)
                             {
                                 context.Response.StatusCode = 500;
-
                                 return;
                             }
 
@@ -773,16 +811,16 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         else if (context.Request.Path == new PathString("/unauthorized"))
                         {
                             // Simulate Authorization failure 
-                            var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
-                            await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
+                            var result = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+                            await context.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
                         }
                         else if (context.Request.Path == new PathString("/signIn"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
                         }
                         else if (context.Request.Path == new PathString("/signOut"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
                         }
                         else
                         {
@@ -790,7 +828,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddJwtBearerAuthentication(options));
 
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index bbf54ec5e7..801567d7e9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -1,14 +1,12 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
@@ -16,6 +14,8 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
@@ -23,7 +23,6 @@
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-
   <ItemGroup>
     <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
   </ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
deleted file mode 100644
index 0ed164e496..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
-
-using System;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging.Abstractions;
-using Newtonsoft.Json;
-using Xunit;
-
-namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
-{
-    public class MicrosoftAccountMiddlewareTests
-    {
-        [Fact]
-        public async Task ChallengeWillTriggerApplyRedirectEvent()
-        {
-            var server = CreateServer(new MicrosoftAccountOptions
-                {
-                    ClientId = "Test Client Id",
-                    ClientSecret = "Test Client Secret",
-                    Events = new OAuthEvents
-                    {
-                        OnRedirectToAuthorizationEndpoint = context =>
-                        {
-                            context.Response.Redirect(context.RedirectUri + "&custom=test");
-                            return Task.FromResult(0);
-                        }
-                    }
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            var query = transaction.Response.Headers.Location.Query;
-            Assert.Contains("custom=test", query);
-        }
-
-        [Fact]
-        public async Task SignInThrows()
-        {
-            var server = CreateServer(new MicrosoftAccountOptions
-            {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
-            });
-            var transaction = await server.SendAsync("https://example.com/signIn");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-        }
-
-        [Fact]
-        public async Task SignOutThrows()
-        {
-            var server = CreateServer(new MicrosoftAccountOptions
-            {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
-            });
-            var transaction = await server.SendAsync("https://example.com/signOut");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-        }
-
-        [Fact]
-        public async Task ForbidThrows()
-        {
-            var server = CreateServer(new MicrosoftAccountOptions
-            {
-                ClientId = "Test Id",
-                ClientSecret = "Test Secret"
-            });
-            var transaction = await server.SendAsync("https://example.com/signOut");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-        }
-
-        [Fact]
-        public async Task ChallengeWillTriggerRedirection()
-        {
-            var server = CreateServer(new MicrosoftAccountOptions
-            {
-                    ClientId = "Test Client Id",
-                    ClientSecret = "Test Client Secret"
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", location);
-            Assert.Contains("response_type=code", location);
-            Assert.Contains("client_id=", location);
-            Assert.Contains("redirect_uri=", location);
-            Assert.Contains("scope=", location);
-            Assert.Contains("state=", location);
-        }
-
-        [Fact]
-        public async Task AuthenticatedEventCanGetRefreshToken()
-        {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("MsftTest"));
-            var server = CreateServer(new MicrosoftAccountOptions
-            {
-                    ClientId = "Test Client Id",
-                    ClientSecret = "Test Client Secret",
-                    StateDataFormat = stateFormat,
-                    BackchannelHttpHandler = new TestHttpMessageHandler
-                    {
-                        Sender = req =>
-                        {
-                            if (req.RequestUri.AbsoluteUri == "https://login.microsoftonline.com/common/oauth2/v2.0/token")
-                            {
-                                return ReturnJsonResponse(new
-                                {
-                                    access_token = "Test Access Token",
-                                    expire_in = 3600,
-                                    token_type = "Bearer",
-                                    refresh_token = "Test Refresh Token"
-                                });
-                            }
-                            else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://graph.microsoft.com/v1.0/me")
-                            {
-                                return ReturnJsonResponse(new
-                                {
-                                    id = "Test User ID",
-                                    displayName = "Test Name",
-                                    givenName = "Test Given Name",
-                                    surname = "Test Family Name",
-                                    mail =  "Test email"
-                                });
-                            }
-
-                            return null;
-                        }
-                    },
-                    Events = new OAuthEvents
-                    {
-                        OnCreatingTicket = context =>
-                        {
-                            var refreshToken = context.RefreshToken;
-                            context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
-                            return Task.FromResult<object>(null);
-                        }
-                    }
-                });
-            var properties = new AuthenticationProperties();
-            var correlationKey = ".xsrf";
-            var correlationValue = "TestCorrelationId";
-            properties.Items.Add(correlationKey, correlationValue);
-            properties.RedirectUri = "/me";
-            var state = stateFormat.Protect(properties);
-            var transaction = await server.SendAsync(
-                "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                $".AspNetCore.Correlation.Microsoft.{correlationValue}=N");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
-            Assert.Equal(2, transaction.SetCookie.Count);
-            Assert.Contains($".AspNetCore.Correlation.Microsoft.{correlationValue}", transaction.SetCookie[0]);
-            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
-
-            var authCookie = transaction.AuthenticationCookieValue;
-            transaction = await server.SendAsync("https://example.com/me", authCookie);
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken"));
-        }
-
-        private static TestServer CreateServer(MicrosoftAccountOptions options)
-        {
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = TestExtensions.CookieAuthenticationScheme,
-                        AutomaticAuthenticate = true
-                    });
-                    app.UseMicrosoftAccountAuthentication(options);
-
-                    app.Use(async (context, next) =>
-                    {
-                        var req = context.Request;
-                        var res = context.Response;
-                        if (req.Path == new PathString("/challenge"))
-                        {
-                            await context.Authentication.ChallengeAsync("Microsoft");
-                        }
-                        else if (req.Path == new PathString("/me"))
-                        {
-                            res.Describe(context.User);
-                        }
-                        else if (req.Path == new PathString("/signIn"))
-                        {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Microsoft", new ClaimsPrincipal()));
-                        }
-                        else if (req.Path == new PathString("/signOut"))
-                        {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Microsoft"));
-                        }
-                        else if (req.Path == new PathString("/forbid"))
-                        {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Microsoft"));
-                        }
-                        else
-                        {
-                            await next();
-                        }
-                    });
-                })
-                .ConfigureServices(services =>
-                {
-                    services.AddAuthentication();
-                    services.Configure<SharedAuthenticationOptions>(authOptions =>
-                    {
-                        authOptions.SignInScheme = TestExtensions.CookieAuthenticationScheme;
-                    });
-                });
-            return new TestServer(builder);
-        }
-
-        private static HttpResponseMessage ReturnJsonResponse(object content)
-        {
-            var res = new HttpResponseMessage(HttpStatusCode.OK);
-            var text = JsonConvert.SerializeObject(content);
-            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
-            return res;
-        }
-    }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
new file mode 100644
index 0000000000..26110e9fee
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -0,0 +1,291 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
+{
+    public class MicrosoftAccountTests
+    {
+        [Fact]
+        public void AddCanBindAgainstDefaultConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Microsoft:ClientId", "<id>"},
+                {"Microsoft:ClientSecret", "<secret>"},
+                {"Microsoft:AuthorizationEndpoint", "<authEndpoint>"},
+                {"Microsoft:BackchannelTimeout", "0.0:0:30"},
+                //{"Microsoft:CallbackPath", "/callbackpath"}, // PathString doesn't convert
+                {"Microsoft:ClaimsIssuer", "<issuer>"},
+                {"Microsoft:DisplayName", "<display>"},
+                {"Microsoft:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Microsoft:SaveTokens", "true"},
+                {"Microsoft:SendAppSecretProof", "true"},
+                {"Microsoft:SignInScheme", "<signIn>"},
+                {"Microsoft:TokenEndpoint", "<tokenEndpoint>"},
+                {"Microsoft:UserInformationEndpoint", "<userEndpoint>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddMicrosoftAccountAuthentication().AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<MicrosoftAccountOptions>>().Get(MicrosoftAccountDefaults.AuthenticationScheme);
+            Assert.Equal("<authEndpoint>", options.AuthorizationEndpoint);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
+            Assert.Equal("<issuer>", options.ClaimsIssuer);
+            Assert.Equal("<id>", options.ClientId);
+            Assert.Equal("<secret>", options.ClientSecret);
+            Assert.Equal("<display>", options.DisplayName);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
+            Assert.True(options.SaveTokens);
+            Assert.Equal("<signIn>", options.SignInScheme);
+            Assert.Equal("<tokenEndpoint>", options.TokenEndpoint);
+            Assert.Equal("<userEndpoint>", options.UserInformationEndpoint);
+        }
+
+        [Fact]
+        public void AddWithDelegateIgnoresConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Microsoft:ClientId", "<id>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddMicrosoftAccountAuthentication(o => o.SaveTokens = true).AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<MicrosoftAccountOptions>>().Get(MicrosoftAccountDefaults.AuthenticationScheme);
+            Assert.Null(options.ClientId);
+            Assert.True(options.SaveTokens);
+        }
+
+        [Fact]
+        public async Task ChallengeWillTriggerApplyRedirectEvent()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Client Id";
+                o.ClientSecret = "Test Client Secret";
+                o.Events = new OAuthEvents
+                {
+                    OnRedirectToAuthorizationEndpoint = context =>
+                    {
+                        context.Response.Redirect(context.RedirectUri + "&custom=test");
+                        return Task.FromResult(0);
+                    }
+                };
+            });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            var query = transaction.Response.Headers.Location.Query;
+            Assert.Contains("custom=test", query);
+        }
+
+        [Fact]
+        public async Task SignInThrows()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signIn");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task SignOutThrows()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task ForbidThrows()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task ChallengeWillTriggerRedirection()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+            });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            Assert.Contains("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", location);
+            Assert.Contains("response_type=code", location);
+            Assert.Contains("client_id=", location);
+            Assert.Contains("redirect_uri=", location);
+            Assert.Contains("scope=", location);
+            Assert.Contains("state=", location);
+        }
+
+        [Fact]
+        public async Task AuthenticatedEventCanGetRefreshToken()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("MsftTest"));
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Client Id";
+                o.ClientSecret = "Test Client Secret";
+                o.StateDataFormat = stateFormat;
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://login.microsoftonline.com/common/oauth2/v2.0/token")
+                        {
+                            return ReturnJsonResponse(new
+                            {
+                                access_token = "Test Access Token",
+                                expire_in = 3600,
+                                token_type = "Bearer",
+                                refresh_token = "Test Refresh Token"
+                            });
+                        }
+                        else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://graph.microsoft.com/v1.0/me")
+                        {
+                            return ReturnJsonResponse(new
+                            {
+                                id = "Test User ID",
+                                displayName = "Test Name",
+                                givenName = "Test Given Name",
+                                surname = "Test Family Name",
+                                mail = "Test email"
+                            });
+                        }
+
+                        return null;
+                    }
+                };
+                o.Events = new OAuthEvents
+                {
+                    OnCreatingTicket = context =>
+                    {
+                        var refreshToken = context.RefreshToken;
+                        context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
+                        return Task.FromResult<object>(null);
+                    }
+                };
+            });
+            var properties = new AuthenticationProperties();
+            var correlationKey = ".xsrf";
+            var correlationValue = "TestCorrelationId";
+            properties.Items.Add(correlationKey, correlationValue);
+            properties.RedirectUri = "/me";
+            var state = stateFormat.Protect(properties);
+            var transaction = await server.SendAsync(
+                "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
+                $".AspNetCore.Correlation.Microsoft.{correlationValue}=N");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal(2, transaction.SetCookie.Count);
+            Assert.Contains($".AspNetCore.Correlation.Microsoft.{correlationValue}", transaction.SetCookie[0]);
+            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
+
+            var authCookie = transaction.AuthenticationCookieValue;
+            transaction = await server.SendAsync("https://example.com/me", authCookie);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+            Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken"));
+        }
+
+        private static TestServer CreateServer(Action<MicrosoftAccountOptions> configureOptions)
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+                        if (req.Path == new PathString("/challenge"))
+                        {
+                            await context.ChallengeAsync("Microsoft");
+                        }
+                        else if (req.Path == new PathString("/me"))
+                        {
+                            res.Describe(context.User);
+                        }
+                        else if (req.Path == new PathString("/signIn"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync("Microsoft", new ClaimsPrincipal()));
+                        }
+                        else if (req.Path == new PathString("/signOut"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync("Microsoft"));
+                        }
+                        else if (req.Path == new PathString("/forbid"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.ForbidAsync("Microsoft"));
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
+                {
+                    services.AddAuthentication(o =>
+                    {
+                        o.DefaultAuthenticateScheme = TestExtensions.CookieAuthenticationScheme;
+                        o.DefaultSignInScheme = TestExtensions.CookieAuthenticationScheme;
+                    });
+                    services.AddCookieAuthentication(TestExtensions.CookieAuthenticationScheme, o => { });
+                    services.AddMicrosoftAccountAuthentication(configureOptions);
+                });
+            return new TestServer(builder);
+        }
+
+        private static HttpResponseMessage ReturnJsonResponse(object content)
+        {
+            var res = new HttpResponseMessage(HttpStatusCode.OK);
+            var text = JsonConvert.SerializeObject(content);
+            res.Content = new StringContent(text, Encoding.UTF8, "application/json");
+            return res;
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
new file mode 100644
index 0000000000..95c086c805
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -0,0 +1,173 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth
+{
+    public class OAuthTests
+    {
+        [Fact]
+        public async Task ThrowsIfClientIdMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddOAuthAuthentication("weeblie", o =>
+                {
+                    o.SignInScheme = "whatever";
+                    o.CallbackPath = "/";
+                    o.ClientSecret = "whatever";
+                    o.TokenEndpoint = "/";
+                    o.AuthorizationEndpoint = "/";
+                }),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("ClientId", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task ThrowsIfClientSecretMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddOAuthAuthentication("weeblie", o =>
+                {
+                    o.SignInScheme = "whatever";
+                    o.ClientId = "Whatever;";
+                    o.CallbackPath = "/";
+                    o.TokenEndpoint = "/";
+                    o.AuthorizationEndpoint = "/";
+                }),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("ClientSecret", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        public async Task ThrowsIfCallbackPathMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddOAuthAuthentication("weeblie", o =>
+                {
+                    o.ClientId = "Whatever;";
+                    o.ClientSecret = "Whatever;";
+                    o.TokenEndpoint = "/";
+                    o.AuthorizationEndpoint = "/";
+                    o.SignInScheme = "eh";
+                }),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("CallbackPath", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task ThrowsIfTokenEndpointMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddOAuthAuthentication("weeblie", o =>
+                {
+                    o.ClientId = "Whatever;";
+                    o.ClientSecret = "Whatever;";
+                    o.CallbackPath = "/";
+                    o.AuthorizationEndpoint = "/";
+                    o.SignInScheme = "eh";
+                }),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("TokenEndpoint", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        public async Task ThrowsIfAuthorizationEndpointMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddOAuthAuthentication("weeblie", o =>
+                {
+                    o.ClientId = "Whatever;";
+                    o.ClientSecret = "Whatever;";
+                    o.CallbackPath = "/";
+                    o.TokenEndpoint = "/";
+                    o.SignInScheme = "eh";
+                }),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("AuthorizationEndpoint", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task ThrowsIfSignInSchemeMissing()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddOAuthAuthentication("weeblie", o =>
+                {
+                    o.ClientId = "Whatever;";
+                    o.ClientSecret = "Whatever;";
+                    o.CallbackPath = "/";
+                    o.TokenEndpoint = "/";
+                    o.AuthorizationEndpoint = "/";
+                }),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    Assert.Throws<ArgumentException>("SignInScheme", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+
+        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    configure?.Invoke(app);
+                    app.Use(async (context, next) =>
+                    {
+                        if (handler == null || !handler(context))
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(configureServices);
+            return new TestServer(builder);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
index 432980f771..5614fe8fea 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
@@ -1,6 +1,6 @@
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     internal class MockOpenIdConnectMessage : OpenIdConnectMessage
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index 1912561b11..3c0146b083 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -5,12 +5,14 @@ using System;
 using System.Linq;
 using System.Net;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     public class OpenIdConnectChallengeTests
     {
@@ -20,7 +22,12 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public async Task ChallengeIsIssuedCorrectly()
         {
             var settings = new TestSettings(
-                opt => opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet);
+                opt =>
+                {
+                    opt.Authority = TestServerBuilder.DefaultAuthority;
+                    opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
+                    opt.ClientId = "Test Id";
+                });
 
             var server = settings.CreateTestServer();
             var transaction = await server.SendAsync(ChallengeEndpoint);
@@ -43,9 +50,14 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task AuthorizationRequestDoesNotIncludeTelemetryParametersWhenDisabled()
         {
-            var settings = new TestSettings(opt => opt.DisableTelemetry = true);
+            var setting = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.DisableTelemetry = true;
+            });
 
-            var server = settings.CreateTestServer();
+            var server = setting.CreateTestServer();
             var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
@@ -74,10 +86,15 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         </body>
         */
         [Fact]
-        public async Task ChallengeIssuedCorrectlyForFormPost()
+        public async Task ChallengeIssueedCorrectlyForFormPost()
         {
             var settings = new TestSettings(
-                opt => opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost);
+                opt =>
+                {
+                    opt.Authority = TestServerBuilder.DefaultAuthority;
+                    opt.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost;
+                    opt.ClientId = "Test Id";
+                });
 
             var server = settings.CreateTestServer();
             var transaction = await server.SendAsync(ChallengeEndpoint);
@@ -101,12 +118,18 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [InlineData(null)]
         public async Task ChallengeCanSetUserStateThroughProperties(string userState)
         {
-            var settings = new TestSettings();
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
+            var settings = new TestSettings(o =>
+            {
+                o.ClientId = "Test Id";
+                o.Authority = TestServerBuilder.DefaultAuthority;
+                o.StateDataFormat = stateFormat;
+            });
 
             var properties = new AuthenticationProperties();
             properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState);
 
-            var server = TestServerBuilder.CreateServer(settings.Options, handler: null, properties: properties);
+            var server = settings.CreateTestServer(properties);
             var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
 
             var res = transaction.Response;
@@ -115,7 +138,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             var values = settings.ValidateChallengeRedirect(res.Headers.Location);
             var actualState = values[OpenIdConnectParameterNames.State];
-            var actualProperties = settings.Options.StateDataFormat.Unprotect(actualState);
+            var actualProperties = stateFormat.Unprotect(actualState);
 
             Assert.Equal(userState ?? string.Empty, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]);
         }
@@ -125,8 +148,12 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [InlineData(null)]
         public async Task OnRedirectToIdentityProviderEventCanSetState(string userState)
         {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
             var settings = new TestSettings(opt =>
             {
+                opt.StateDataFormat = stateFormat;
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
                 opt.Events = new OpenIdConnectEvents()
                 {
                     OnRedirectToIdentityProvider = context =>
@@ -146,7 +173,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             var values = settings.ValidateChallengeRedirect(res.Headers.Location);
             var actualState = values[OpenIdConnectParameterNames.State];
-            var actualProperties = settings.Options.StateDataFormat.Unprotect(actualState);
+            var actualProperties = stateFormat.Unprotect(actualState);
 
             if (userState != null)
             {
@@ -165,6 +192,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var settings = new TestSettings(
                 opts =>
                 {
+                    opts.ClientId = "Test Id";
+                    opts.Authority = TestServerBuilder.DefaultAuthority;
                     opts.Events = new OpenIdConnectEvents()
                     {
                         OnRedirectToIdentityProvider = context =>
@@ -203,12 +232,13 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var settings = new TestSettings(
                 opts =>
                 {
+                    opts.ClientId = "Test Id";
+                    opts.Authority = TestServerBuilder.DefaultAuthority;
                     opts.Events = new OpenIdConnectEvents()
                     {
                         OnRedirectToIdentityProvider = context =>
                         {
                             context.ProtocolMessage.ClientId = newClientId;
-
                             return Task.FromResult(0);
                         }
                     };
@@ -245,6 +275,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             var settings = new TestSettings(
                 opts =>
                 {
+                    opts.ClientId = "Test Id";
+                    opts.Authority = TestServerBuilder.DefaultAuthority;
                     opts.Events = new OpenIdConnectEvents()
                     {
                         OnRedirectToIdentityProvider = context =>
@@ -268,12 +300,15 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             // query string is not generated and the authorization endpoint is replaced.
             Assert.Equal(newMessage.TestAuthorizeEndpoint, res.Headers.Location.AbsoluteUri);
         }
+
         [Fact]
         public async Task OnRedirectToIdentityProviderEventHandlesResponse()
         {
             var settings = new TestSettings(
                 opts =>
                 {
+                    opts.ClientId = "Test Id";
+                    opts.Authority = TestServerBuilder.DefaultAuthority;
                     opts.Events = new OpenIdConnectEvents()
                     {
                         OnRedirectToIdentityProvider = context =>
@@ -297,19 +332,21 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.Null(res.Headers.Location);
         }
 
-        // This test can be further refined. When one auth middleware skips, the authentication responsibility
-        // will be flowed to the next one. A dummy auth middleware can be added to ensure the correct logic.
+        // This test can be further refined. When one auth handler skips, the authentication responsibility
+        // will be flowed to the next one. A dummy auth handler can be added to ensure the correct logic.
         [Fact]
         public async Task OnRedirectToIdentityProviderEventSkipResponse()
         {
             var settings = new TestSettings(
                 opts =>
                 {
+                    opts.ClientId = "Test Id";
+                    opts.Authority = TestServerBuilder.DefaultAuthority;
                     opts.Events = new OpenIdConnectEvents()
                     {
                         OnRedirectToIdentityProvider = context =>
                         {
-                            context.SkipToNextMiddleware();
+                            context.Skip();
                             return Task.FromResult(0);
                         }
                     };
@@ -327,7 +364,11 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task ChallengeSetsNonceAndStateCookies()
         {
-            var settings = new TestSettings();
+            var settings = new TestSettings(o =>
+            {
+                o.ClientId = "Test Id";
+                o.Authority = TestServerBuilder.DefaultAuthority;
+            });
             var server = settings.CreateTestServer();
             var transaction = await server.SendAsync(ChallengeEndpoint);
 
@@ -344,7 +385,11 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public async Task Challenge_WithEmptyConfig_Fails()
         {
             var settings = new TestSettings(
-                opt => opt.Configuration = new OpenIdConnectConfiguration());
+                opt =>
+                {
+                    opt.ClientId = "Test Id";
+                    opt.Configuration = new OpenIdConnectConfiguration();
+                });
 
             var server = settings.CreateTestServer();
             var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(ChallengeEndpoint));
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index 0f5338c5c4..3ceb4a5336 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -2,118 +2,137 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Net;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.AspNetCore.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     public class OpenIdConnectConfigurationTests
     {
         [Fact]
-        public void MetadataAddressIsGeneratedFromAuthorityWhenMissing()
+        public async Task MetadataAddressIsGeneratedFromAuthorityWhenMissing()
         {
-            var options = new OpenIdConnectOptions
-            {
-                Authority = TestServerBuilder.DefaultAuthority,
-                ClientId = Guid.NewGuid().ToString(),
-                SignInScheme = Guid.NewGuid().ToString()
-            };
-
-            BuildTestServer(options);
-
-            Assert.Equal($"{options.Authority}/.well-known/openid-configuration", options.MetadataAddress);
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services =>
+                {
+                    services.AddCookieAuthentication();
+                    services.AddOpenIdConnectAuthentication(o =>
+                    {
+                        o.Authority = TestServerBuilder.DefaultAuthority;
+                        o.ClientId = Guid.NewGuid().ToString();
+                        o.SignInScheme = Guid.NewGuid().ToString();
+                    });
+                })
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Run(async context =>
+                    {
+                        var resolver = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
+                        var handler = await resolver.GetHandlerAsync(context, OpenIdConnectDefaults.AuthenticationScheme) as OpenIdConnectHandler;
+                        Assert.Equal($"{TestServerBuilder.DefaultAuthority}/.well-known/openid-configuration", handler.Options.MetadataAddress);
+                    });
+                });
+            var server = new TestServer(builder);
+            var transaction = await server.SendAsync(@"https://example.com");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
-        public void ThrowsWhenSignInSchemeIsMissing()
+        [Fact]
+        public Task ThrowsWhenSignInSchemeIsMissing()
         {
-            TestConfigurationException<ArgumentException>(
-                new OpenIdConnectOptions
+            return TestConfigurationException<ArgumentException>(
+                o =>
                 {
-                    Authority = TestServerBuilder.DefaultAuthority,
-                    ClientId = Guid.NewGuid().ToString()
+                    o.ClientId = "Test Id";
+                    o.Authority = TestServerBuilder.DefaultAuthority;
+                    o.CallbackPath = "/";
                 },
                 ex => Assert.Equal("SignInScheme", ex.ParamName));
         }
 
         [Fact]
-        public void ThrowsWhenClientIdIsMissing()
+        public Task ThrowsWhenClientIdIsMissing()
         {
-            TestConfigurationException<ArgumentException>(
-                new OpenIdConnectOptions
+            return TestConfigurationException<ArgumentException>(
+                o =>
                 {
-                    SignInScheme = "TestScheme",
-                    Authority = TestServerBuilder.DefaultAuthority,
+                    o.SignInScheme = "TestScheme";
+                    o.Authority = TestServerBuilder.DefaultAuthority;
                 },
                 ex => Assert.Equal("ClientId", ex.ParamName));
         }
 
         [Fact]
-        public void ThrowsWhenAuthorityIsMissing()
+        public Task ThrowsWhenAuthorityIsMissing()
         {
-            TestConfigurationException<InvalidOperationException>(
-                new OpenIdConnectOptions
+            return TestConfigurationException<InvalidOperationException>(
+                o =>
                 {
-                    SignInScheme = "TestScheme",
-                    ClientId = "Test Id",
+                    o.SignInScheme = "TestScheme";
+                    o.ClientId = "Test Id";
+                    o.CallbackPath = "/";
                 },
                 ex => Assert.Equal("Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions", ex.Message)
             );
         }
 
         [Fact]
-        public void ThrowsWhenAuthorityIsNotHttps()
+        public Task ThrowsWhenAuthorityIsNotHttps()
         {
-            TestConfigurationException<InvalidOperationException>(
-                new OpenIdConnectOptions
+            return TestConfigurationException<InvalidOperationException>(
+                o =>
                 {
-                    SignInScheme = "TestScheme",
-                    ClientId = "Test Id",
-                    Authority = "http://example.com"
+                    o.SignInScheme = "TestScheme";
+                    o.ClientId = "Test Id";
+                    o.MetadataAddress = "http://example.com";
+                    o.CallbackPath = "/";
                 },
                 ex => Assert.Equal("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.", ex.Message)
             );
         }
 
         [Fact]
-        public void ThrowsWhenMetadataAddressIsNotHttps()
+        public Task ThrowsWhenMetadataAddressIsNotHttps()
         {
-            TestConfigurationException<InvalidOperationException>(
-                new OpenIdConnectOptions
+            return TestConfigurationException<InvalidOperationException>(
+                o =>
                 {
-                    SignInScheme = "TestScheme",
-                    ClientId = "Test Id",
-                    MetadataAddress = "http://example.com"
+                    o.SignInScheme = "TestScheme";
+                    o.ClientId = "Test Id";
+                    o.MetadataAddress = "http://example.com";
+                    o.CallbackPath = "/";
                 },
                 ex => Assert.Equal("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.", ex.Message)
             );
         }
 
-        private TestServer BuildTestServer(OpenIdConnectOptions options)
+        private TestServer BuildTestServer(Action<OpenIdConnectOptions> options)
         {
             var builder = new WebHostBuilder()
-                .ConfigureServices(services => services.AddAuthentication())
-                .Configure(app => app.UseOpenIdConnectAuthentication(options));
+                .ConfigureServices(services =>
+                {
+                    services.AddCookieAuthentication();
+                    services.AddOpenIdConnectAuthentication(options);
+                })
+                .Configure(app => app.UseAuthentication());
 
             return new TestServer(builder);
         }
 
-        private void TestConfigurationException<T>(
-            OpenIdConnectOptions options,
+        private async Task TestConfigurationException<T>(
+            Action<OpenIdConnectOptions> options,
             Action<T> verifyException)
             where T : Exception
         {
-            var builder = new WebHostBuilder()
-                .ConfigureServices(services => services.AddAuthentication())
-                .Configure(app => app.UseOpenIdConnectAuthentication(options));
-
-            var exception = Assert.Throws<T>(() =>
-            {
-                new TestServer(builder);
-            });
-
+            var exception = await Assert.ThrowsAsync<T>(() => BuildTestServer(options).SendAsync(@"https://example.com"));
             verifyException(exception);
         }
     }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index a212af649d..607e9bb623 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -40,7 +40,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         private readonly RequestDelegate AppNotImpl = context => { throw new NotImplementedException("App"); };
 
         [Fact]
-        public async Task OnMessageReceived_Skipped_NoMoreEventsRun()
+        public async Task OnMessageReceived_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var server = CreateServer(new OpenIdConnectEvents()
@@ -48,7 +48,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnMessageReceived = context =>
                 {
                     messageReceived = true;
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnTokenValidated = TokenNotImpl,
@@ -110,7 +110,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenValidated_Skipped_NoMoreEventsRun()
+        public async Task OnTokenValidated_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -124,7 +124,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenValidated = context =>
                 {
                     tokenValidated = true;
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnAuthorizationCodeReceived = CodeNotImpl,
@@ -242,7 +242,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnAuthorizationCodeReceived_Skipped_NoMoreEventsRun()
+        public async Task OnAuthorizationCodeReceived_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -262,7 +262,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnTokenResponseReceived = TokenResponseNotImpl,
@@ -391,7 +391,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenResponseReceived_Skipped_NoMoreEventsRun()
+        public async Task OnTokenResponseReceived_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -417,7 +417,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnUserInformationReceived = UserNotImpl,
@@ -558,7 +558,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenValidatedBackchannel_Skipped_NoMoreEventsRun()
+        public async Task OnTokenValidatedBackchannel_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var codeReceived = false;
@@ -584,7 +584,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenValidated = context =>
                 {
                     tokenValidated = true;
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnUserInformationReceived = UserNotImpl,
@@ -725,7 +725,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnUserInformationReceived_Skipped_NoMoreEventsRun()
+        public async Task OnUserInformationReceived_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -757,7 +757,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnAuthenticationFailed = FailedNotImpl,
@@ -910,7 +910,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnAuthenticationFailed_Skipped_NoMoreEventsRun()
+        public async Task OnAuthenticationFailed_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -949,7 +949,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnRemoteFailure = FailureNotImpl,
@@ -1093,8 +1093,8 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     };
 
                     context.Ticket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
-                        new AuthenticationProperties(), context.Options.AuthenticationScheme);
+                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name)),
+                        new AuthenticationProperties(), context.Scheme.Name);
 
                     context.HandleResponse();
                     return Task.FromResult(0);
@@ -1128,7 +1128,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnRemoteFailure_Skipped_NoMoreEventsRun()
+        public async Task OnRemoteFailure_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -1174,7 +1174,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     remoteFailure = true;
                     Assert.Equal("TestException", context.Failure.Message);
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
                 OnTicketReceived = TicketNotImpl,
@@ -1274,7 +1274,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTicketReceived_Skipped_NoMoreEventsRun()
+        public async Task OnTicketReceived_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -1314,7 +1314,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTicketReceived = context =>
                 {
                     ticektReceived = true;
-                    context.SkipToNextMiddleware();
+                    context.Skip();
                     return Task.FromResult(0);
                 },
 
@@ -1408,27 +1408,27 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication();
-                })
-                .Configure(app =>
-                {
-                    app.UseCookieAuthentication();
-                    app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions()
+                    services.AddCookieAuthentication();
+                    services.AddOpenIdConnectAuthentication(o =>
                     {
-                        Events = events,
-                        SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,
-                        ClientId = "ClientId",
-                        GetClaimsFromUserInfoEndpoint = true,
-                        Configuration = new OpenIdConnectConfiguration()
+                        o.Events = events;
+                        o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        o.ClientId = "ClientId";
+                        o.GetClaimsFromUserInfoEndpoint = true;
+                        o.Configuration = new OpenIdConnectConfiguration()
                         {
                             TokenEndpoint = "http://testhost/tokens",
                             UserInfoEndpoint = "http://testhost/user",
-                        },
-                        StateDataFormat = new TestStateDataFormat(),
-                        SecurityTokenValidator = new TestTokenValidator(),
-                        ProtocolValidator = new TestProtocolValidator(),
-                        BackchannelHttpHandler = new TestBackchannel(),
+                        };
+                        o.StateDataFormat = new TestStateDataFormat();
+                        o.SecurityTokenValidator = new TestTokenValidator();
+                        o.ProtocolValidator = new TestProtocolValidator();
+                        o.BackchannelHttpHandler = new TestBackchannel();
                     });
+                })
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
                     app.Run(appCode);
                 });
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
similarity index 69%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index a58d54b650..a3d7f5130f 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -2,18 +2,25 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Linq;
+using System.Collections.Generic;
 using System.Globalization;
+using System.Linq;
 using System.Net;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
-    public class OpenIdConnectMiddlewareTests
+    public class OpenIdConnectTests
     {
         static string noncePrefix = "OpenIdConnect." + "Nonce.";
         static string nonceDelimiter = ".";
@@ -22,6 +29,27 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         const string Signin = "/signin";
         const string Signout = "/signout";
 
+        [Fact]
+        public void AddCanBindAgainstDefaultConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"OpenIdConnect:ClientId", "<id>"},
+                {"OpenIdConnect:ClientSecret", "<secret>"},
+                {"OpenIdConnect:Authority", "<auth>"}
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddOpenIdConnectAuthentication().AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<OpenIdConnectOptions>>().Get(OpenIdConnectDefaults.AuthenticationScheme);
+            Assert.Equal("<id>", options.ClientId);
+            Assert.Equal("<secret>", options.ClientSecret);
+            Assert.Equal("<auth>", options.Authority);
+        }
+
 
         /// <summary>
         /// Tests RedirectForSignOutContext replaces the OpenIdConnectMesssage correctly.
@@ -32,6 +60,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             var setting = new TestSettings(opt =>
             {
+                opt.ClientId = "Test Id";
+                opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 opt.Configuration = new OpenIdConnectConfiguration
                 {
                     EndSessionEndpoint = "https://example.com/signout_test/signout_request"
@@ -55,7 +85,14 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         [Fact]
         public async Task EndSessionRequestDoesNotIncludeTelemetryParametersWhenDisabled()
         {
-            var setting = new TestSettings(opt => opt.DisableTelemetry = true);
+            var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
+            var setting = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Configuration = configuration;
+                opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                opt.DisableTelemetry = true;
+            });
 
             var server = setting.CreateTestServer();
 
@@ -65,19 +102,19 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
             Assert.DoesNotContain(OpenIdConnectParameterNames.SkuTelemetry, res.Headers.Location.Query);
             Assert.DoesNotContain(OpenIdConnectParameterNames.VersionTelemetry, res.Headers.Location.Query);
+            setting.ValidateSignoutRedirect(transaction.Response.Headers.Location);
         }
 
         [Fact]
         public async Task SignOutWithDefaultRedirectUri()
         {
             var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
-            var options = new OpenIdConnectOptions
+            var server = TestServerBuilder.CreateServer(o =>
             {
-                Authority = TestServerBuilder.DefaultAuthority,
-                ClientId = "Test Id",
-                Configuration = configuration
-            };
-            var server = TestServerBuilder.CreateServer(options);
+                o.Authority = TestServerBuilder.DefaultAuthority;
+                o.ClientId = "Test Id";
+                o.Configuration = configuration;
+            });
 
             var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -89,22 +126,23 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             string redirectUri;
             Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
-            Assert.Equal(UrlEncoder.Default.Encode("https://example.com" + options.SignedOutCallbackPath), redirectUri, true);
+            Assert.Equal(UrlEncoder.Default.Encode("https://example.com/signout-callback-oidc"), redirectUri, true);
         }
 
         [Fact]
         public async Task SignOutWithCustomRedirectUri()
         {
             var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
-            var options = new OpenIdConnectOptions
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
+            var server = TestServerBuilder.CreateServer(o =>
             {
-                Authority = TestServerBuilder.DefaultAuthority,
-                ClientId = "Test Id",
-                Configuration = configuration,
-                SignedOutCallbackPath = "/thelogout",
-                PostLogoutRedirectUri = "https://example.com/postlogout"
-            };
-            var server = TestServerBuilder.CreateServer(options);
+                o.Authority = TestServerBuilder.DefaultAuthority;
+                o.ClientId = "Test Id";
+                o.Configuration = configuration;
+                o.StateDataFormat = stateFormat;
+                o.SignedOutCallbackPath = "/thelogout";
+                o.PostLogoutRedirectUri = "https://example.com/postlogout";
+            });
 
             var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -115,11 +153,11 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             string redirectUri;
             Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
-            Assert.Equal(UrlEncoder.Default.Encode("https://example.com" + options.SignedOutCallbackPath), redirectUri, true);
+            Assert.Equal(UrlEncoder.Default.Encode("https://example.com/thelogout"), redirectUri, true);
 
             string state;
             Assert.True(query.TryGetValue("state", out state));
-            var properties = options.StateDataFormat.Unprotect(state);
+            var properties = stateFormat.Unprotect(state);
             Assert.Equal("https://example.com/postlogout", properties.RedirectUri, true);
         }
 
@@ -127,14 +165,15 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites()
         {
             var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
-            var options = new OpenIdConnectOptions
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest"));
+            var server = TestServerBuilder.CreateServer(o =>
             {
-                Authority = TestServerBuilder.DefaultAuthority,
-                ClientId = "Test Id",
-                Configuration = configuration,
-                PostLogoutRedirectUri = "https://example.com/postlogout"
-            };
-            var server = TestServerBuilder.CreateServer(options);
+                o.Authority = TestServerBuilder.DefaultAuthority;
+                o.StateDataFormat = stateFormat;
+                o.ClientId = "Test Id";
+                o.Configuration = configuration;
+                o.PostLogoutRedirectUri = "https://example.com/postlogout";
+            });
 
             var transaction = await server.SendAsync("https://example.com/signout_with_specific_redirect_uri");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -145,19 +184,21 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
             string redirectUri;
             Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
-            Assert.Equal(UrlEncoder.Default.Encode("https://example.com" + options.SignedOutCallbackPath), redirectUri, true);
+            Assert.Equal(UrlEncoder.Default.Encode("https://example.com/signout-callback-oidc"), redirectUri, true);
 
             string state;
             Assert.True(query.TryGetValue("state", out state));
-            var properties = options.StateDataFormat.Unprotect(state);
+            var properties = stateFormat.Unprotect(state);
             Assert.Equal("http://www.example.com/specific_redirect_uri", properties.RedirectUri, true);
         }
 
         [Fact]
         public async Task SignOut_WithMissingConfig_Throws()
         {
-            var setting = new TestSettings(opt => opt.Configuration = new OpenIdConnectConfiguration());
-
+            var setting = new TestSettings(opt => {
+                opt.ClientId = "Test Id";
+                opt.Configuration = new OpenIdConnectConfiguration();
+            });
             var server = setting.CreateTestServer();
 
             var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(DefaultHost + TestServerBuilder.Signout));
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
index 5a672093ea..aa7f6179be 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
@@ -9,13 +9,12 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     internal class TestServerBuilder
     {
@@ -38,12 +37,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public static OpenIdConnectOptions CreateOpenIdConnectOptions(Action<OpenIdConnectOptions> update)
         {
             var options = CreateOpenIdConnectOptions();
-
-            if (update != null)
-            {
-                update(options);
-            }
-
+            update?.Invoke(options);
             return options;
         }
 
@@ -58,26 +52,20 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         public static IConfigurationManager<OpenIdConnectConfiguration> CreateDefaultOpenIdConnectConfigurationManager() =>
             new StaticConfigurationManager<OpenIdConnectConfiguration>(CreateDefaultOpenIdConnectConfiguration());
 
-        public static TestServer CreateServer(OpenIdConnectOptions options)
+        public static TestServer CreateServer(Action<OpenIdConnectOptions> options)
         {
             return CreateServer(options, handler: null, properties: null);
         }
 
         public static TestServer CreateServer(
-            OpenIdConnectOptions options,
+            Action<OpenIdConnectOptions> options,
             Func<HttpContext, Task> handler,
             AuthenticationProperties properties)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme
-                    });
-
-                    app.UseOpenIdConnectAuthentication(options);
-
+                    app.UseAuthentication();
                     app.Use(async (context, next) =>
                     {
                         var req = context.Request;
@@ -85,11 +73,11 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
                         if (req.Path == new PathString(Challenge))
                         {
-                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                            await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
                         }
                         else if (req.Path == new PathString(ChallengeWithProperties))
                         {
-                            await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
+                            await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
                         }
                         else if (req.Path == new PathString(ChallengeWithOutContext))
                         {
@@ -97,16 +85,15 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                         }
                         else if (req.Path == new PathString(Signin))
                         {
-                            // REVIEW: this used to just be res.SignIn()
-                            await context.Authentication.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal());
+                            await context.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal());
                         }
                         else if (req.Path == new PathString(Signout))
                         {
-                            await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
+                            await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
                         }
                         else if (req.Path == new PathString("/signout_with_specific_redirect_uri"))
                         {
-                            await context.Authentication.SignOutAsync(
+                            await context.SignOutAsync(
                                 OpenIdConnectDefaults.AuthenticationScheme,
                                 new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" });
                         }
@@ -122,8 +109,13 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication();
-                    services.Configure<SharedAuthenticationOptions>(authOptions => authOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
+                    services.AddAuthentication(o =>
+                    {
+                        o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                    });
+                    services.AddCookieAuthentication();
+                    services.AddOpenIdConnectAuthentication(options);
                 });
 
             return new TestServer(builder);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
index a7085966a4..609aed6f6a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
@@ -5,7 +5,6 @@ using System.Linq;
 using System.Net.Http;
 using System.Threading.Tasks;
 using System.Xml.Linq;
-using Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect;
 using Microsoft.AspNetCore.TestHost;
 
 namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index a3bea3ebe7..9d9e5537fe 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -9,19 +9,19 @@ using System.Reflection;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Xml.Linq;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     /// <summary>
     /// This helper class is used to check that query string parameters are as expected.
     /// </summary>
     internal class TestSettings
     {
-        private readonly OpenIdConnectOptions _options;
+        private readonly Action<OpenIdConnectOptions> _configureOptions;
 
         public TestSettings() : this(configure: null)
         {
@@ -29,21 +29,18 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
 
         public TestSettings(Action<OpenIdConnectOptions> configure)
         {
-            _options = TestServerBuilder.CreateOpenIdConnectOptions(configure);
+            _configureOptions = o =>
+            {
+                configure?.Invoke(o);
+                _options = o;
+            };
         }
 
-        public TestSettings(OpenIdConnectOptions options)
-        {
-            _options = options;
-        }
-
-        public OpenIdConnectOptions Options => _options;
-
         public UrlEncoder Encoder => UrlEncoder.Default;
 
         public string ExpectedState { get; set; }
 
-        public TestServer CreateTestServer() => TestServerBuilder.CreateServer(Options);
+        public TestServer CreateTestServer(AuthenticationProperties properties = null) => TestServerBuilder.CreateServer(_configureOptions, handler: null, properties: properties);
 
         public IDictionary<string, string> ValidateChallengeFormPost(string responseBody, params string[] parametersToValidate)
         {
@@ -165,6 +162,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             }
         }
 
+        OpenIdConnectOptions _options = null;
+
         private void ValidateExpectedAuthority(string absoluteUri, ICollection<string> errors, OpenIdConnectRequestType requestType)
         {
             string expectedAuthority;
@@ -212,8 +211,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             ValidateQueryParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET", actualQuery, errors, htmlEncoded);
 
         private void ValidateVersionTelemetry(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.VersionTelemetry,
-                typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualQuery, errors, htmlEncoded);
+            ValidateQueryParameter(OpenIdConnectParameterNames.VersionTelemetry, typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualQuery, errors, htmlEncoded);
 
         private void ValidateQueryParameter(
             string parameterName,
@@ -241,4 +239,4 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             }
         }
     }
-}
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
index 745c41350a..4f924172c6 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
@@ -6,7 +6,7 @@ using System.Linq;
 using System.Net.Http;
 using System.Xml.Linq;
 
-namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     internal class TestTransaction
     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/DataHandler/SecureDataFormatTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/DataHandler/TicketSerializerTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
index 028cf67607..fb7ea34436 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
@@ -1,14 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication
@@ -126,62 +120,62 @@ namespace Microsoft.AspNetCore.Authentication
 
         }
 
-        public class TestAuthHandler : IAuthenticationHandler
-        {
-            private readonly AuthenticationProperties _props;
-            public TestAuthHandler(AuthenticationProperties props)
-            {
-                _props = props;
-            }
+        //public class TestAuthHandler : IAuthenticationHandler
+        //{
+        //    private readonly AuthenticationProperties _props;
+        //    public TestAuthHandler(AuthenticationProperties props)
+        //    {
+        //        _props = props;
+        //    }
 
-            public Task AuthenticateAsync(AuthenticateContext context)
-            {
-                context.Authenticated(new ClaimsPrincipal(), _props.Items, new Dictionary<string, object>());
-                return Task.FromResult(0);
-            }
+        //    public Task AuthenticateAsync(AuthenticateContext context)
+        //    {
+        //        context.Authenticated(new ClaimsPrincipal(), _props.Items, new Dictionary<string, object>());
+        //        return Task.FromResult(0);
+        //    }
 
-            public Task ChallengeAsync(ChallengeContext context)
-            {
-                throw new NotImplementedException();
-            }
+        //    public Task ChallengeAsync(ChallengeContext context)
+        //    {
+        //        throw new NotImplementedException();
+        //    }
 
-            public void GetDescriptions(DescribeSchemesContext context)
-            {
-                throw new NotImplementedException();
-            }
+        //    public void GetDescriptions(DescribeSchemesContext context)
+        //    {
+        //        throw new NotImplementedException();
+        //    }
 
-            public Task SignInAsync(SignInContext context)
-            {
-                throw new NotImplementedException();
-            }
+        //    public Task SignInAsync(SignInContext context)
+        //    {
+        //        throw new NotImplementedException();
+        //    }
 
-            public Task SignOutAsync(SignOutContext context)
-            {
-                throw new NotImplementedException();
-            }
-        }
+        //    public Task SignOutAsync(SignOutContext context)
+        //    {
+        //        throw new NotImplementedException();
+        //    }
+        //}
 
-        [Fact]
-        public async Task CanGetTokenFromContext()
-        {
-            var props = new AuthenticationProperties();
-            var tokens = new List<AuthenticationToken>();
-            var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
-            var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
-            var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
-            tokens.Add(tok1);
-            tokens.Add(tok2);
-            tokens.Add(tok3);
-            props.StoreTokens(tokens);
+        //[Fact]
+        //public async Task CanGetTokenFromContext()
+        //{
+        //    var props = new AuthenticationProperties();
+        //    var tokens = new List<AuthenticationToken>();
+        //    var tok1 = new AuthenticationToken { Name = "One", Value = "1" };
+        //    var tok2 = new AuthenticationToken { Name = "Two", Value = "2" };
+        //    var tok3 = new AuthenticationToken { Name = "Three", Value = "3" };
+        //    tokens.Add(tok1);
+        //    tokens.Add(tok2);
+        //    tokens.Add(tok3);
+        //    props.StoreTokens(tokens);
 
-            var context = new DefaultHttpContext();
-            var handler = new TestAuthHandler(props);
-            context.Features.Set<IHttpAuthenticationFeature>(new HttpAuthenticationFeature() { Handler = handler });
+        //    var context = new DefaultHttpContext();
+        //    var handler = new TestAuthHandler(props);
+        //    context.Features.Set<IHttpAuthenticationFeature>(new HttpAuthenticationFeature() { Handler = handler });
 
-            Assert.Equal("1", await context.Authentication.GetTokenAsync("One"));
-            Assert.Equal("2", await context.Authentication.GetTokenAsync("Two"));
-            Assert.Equal("3", await context.Authentication.GetTokenAsync("Three"));
-        }
+        //    Assert.Equal("1", await context.GetTokenAsync("One"));
+        //    Assert.Equal("2", await context.GetTokenAsync("Two"));
+        //    Assert.Equal("3", await context.GetTokenAsync("Three"));
+        //}
 
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
deleted file mode 100644
index 2ca2223b97..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/Twitter/TwitterMiddlewareTests.cs
+++ /dev/null
@@ -1,196 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
-
-using System;
-using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.DependencyInjection;
-using Xunit;
-
-namespace Microsoft.AspNetCore.Authentication.Twitter
-{
-    public class TwitterMiddlewareTests
-    {
-        [Fact]
-        public async Task ChallengeWillTriggerApplyRedirectEvent()
-        {
-            var server = CreateServer(new TwitterOptions
-                {
-                    ConsumerKey = "Test Consumer Key",
-                    ConsumerSecret = "Test Consumer Secret",
-                    Events = new TwitterEvents
-                    {
-                        OnRedirectToAuthorizationEndpoint = context =>
-                        {
-                            context.Response.Redirect(context.RedirectUri + "&custom=test");
-                            return Task.FromResult(0);
-                        }
-                    },
-                    BackchannelHttpHandler = new TestHttpMessageHandler
-                    {
-                        Sender = req =>
-                        {
-                            if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
-                            {
-                                return new HttpResponseMessage(HttpStatusCode.OK)
-                                {
-                                    Content =
-                                        new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
-                                            Encoding.UTF8,
-                                            "application/x-www-form-urlencoded")
-                                };
-                            }
-                            return null;
-                        }
-                    }
-                },
-                context => 
-                {
-                    // REVIEW: Gross
-                    context.Authentication.ChallengeAsync("Twitter").GetAwaiter().GetResult();
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            var query = transaction.Response.Headers.Location.Query;
-            Assert.Contains("custom=test", query);
-        }
-
-        [Fact]
-        public async Task BadSignInWillThrow()
-        {
-            var server = CreateServer(new TwitterOptions
-            {
-                ConsumerKey = "Test Consumer Key",
-                ConsumerSecret = "Test Consumer Secret"
-            });
-
-            // Send a bogus sign in
-            var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-twitter"));
-            Assert.Equal("Invalid state cookie.", error.GetBaseException().Message);
-        }
-
-        [Fact]
-        public async Task SignInThrows()
-        {
-            var server = CreateServer(new TwitterOptions
-            {
-                ConsumerKey = "Test Consumer Key",
-                ConsumerSecret = "Test Consumer Secret"
-            });
-            var transaction = await server.SendAsync("https://example.com/signIn");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-        }
-
-        [Fact]
-        public async Task SignOutThrows()
-        {
-            var server = CreateServer(new TwitterOptions
-            {
-                ConsumerKey = "Test Consumer Key",
-                ConsumerSecret = "Test Consumer Secret"
-            });
-            var transaction = await server.SendAsync("https://example.com/signOut");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-        }
-
-        [Fact]
-        public async Task ForbidThrows()
-        {
-            var server = CreateServer(new TwitterOptions
-            {
-                ConsumerKey = "Test Consumer Key",
-                ConsumerSecret = "Test Consumer Secret"
-            });
-            var transaction = await server.SendAsync("https://example.com/signOut");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-        }
-
-
-        [Fact]
-        public async Task ChallengeWillTriggerRedirection()
-        {
-            var server = CreateServer(new TwitterOptions
-            {
-                    ConsumerKey = "Test Consumer Key",
-                    ConsumerSecret = "Test Consumer Secret",
-                    BackchannelHttpHandler = new TestHttpMessageHandler
-                    {
-                        Sender = req =>
-                        {
-                            if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
-                            {
-                                return new HttpResponseMessage(HttpStatusCode.OK)
-                                {
-                                    Content =
-                                        new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
-                                            Encoding.UTF8,
-                                            "application/x-www-form-urlencoded")
-                                };
-                            }
-                            return null;
-                        }
-                    }
-                },
-                context =>
-                {
-                    // REVIEW: gross
-                    context.Authentication.ChallengeAsync("Twitter").GetAwaiter().GetResult();
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
-        }
-
-        private static TestServer CreateServer(TwitterOptions options, Func<HttpContext, bool> handler = null)
-        {
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions
-                    {
-                        AuthenticationScheme = "External"
-                    });
-                    app.UseTwitterAuthentication(options);
-                    app.Use(async (context, next) =>
-                    {
-                        var req = context.Request;
-                        var res = context.Response;
-                        if (req.Path == new PathString("/signIn"))
-                        {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignInAsync("Twitter", new ClaimsPrincipal()));
-                        }
-                        else if (req.Path == new PathString("/signOut"))
-                        {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.SignOutAsync("Twitter"));
-                        }
-                        else if (req.Path == new PathString("/forbid"))
-                        {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.Authentication.ForbidAsync("Twitter"));
-                        }
-                        else if (handler == null || !handler(context))
-                        {
-                            await next();
-                        }
-                    });
-                })
-                .ConfigureServices(services =>
-                {
-                    services.AddAuthentication();
-                    services.Configure<SharedAuthenticationOptions>(authOptions =>
-                    {
-                        authOptions.SignInScheme = "External";
-                    });
-                });
-            return new TestServer(builder);
-        }
-    }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
new file mode 100644
index 0000000000..432227aed0
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -0,0 +1,249 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Twitter
+{
+    public class TwitterTests
+    {
+        [Fact]
+        public void AddCanBindAgainstDefaultConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Twitter:ConsumerKey", "<key>"},
+                {"Twitter:ConsumerSecret", "<secret>"},
+                {"Twitter:BackchannelTimeout", "0.0:0:30"},
+                //{"Twitter:CallbackPath", "/callbackpath"}, // PathString doesn't convert
+                {"Twitter:ClaimsIssuer", "<issuer>"},
+                {"Twitter:DisplayName", "<display>"},
+                {"Twitter:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Twitter:SaveTokens", "true"},
+                {"Twitter:SendAppSecretProof", "true"},
+                {"Twitter:SignInScheme", "<signIn>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddTwitterAuthentication().AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<TwitterOptions>>().Get(TwitterDefaults.AuthenticationScheme);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
+            Assert.Equal("<issuer>", options.ClaimsIssuer);
+            Assert.Equal("<key>", options.ConsumerKey);
+            Assert.Equal("<secret>", options.ConsumerSecret);
+            Assert.Equal("<display>", options.DisplayName);
+            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
+            Assert.True(options.SaveTokens);
+            Assert.Equal("<signIn>", options.SignInScheme);
+        }
+
+        [Fact]
+        public void AddWithDelegateIgnoresConfig()
+        {
+            var dic = new Dictionary<string, string>
+            {
+                {"Twitter:ConsumerKey", "<key>"},
+            };
+            var configurationBuilder = new ConfigurationBuilder();
+            configurationBuilder.AddInMemoryCollection(dic);
+            var config = configurationBuilder.Build();
+            var services = new ServiceCollection().AddTwitterAuthentication(o => o.SaveTokens = true).AddSingleton<IConfiguration>(config);
+            var sp = services.BuildServiceProvider();
+
+            var options = sp.GetRequiredService<IOptionsSnapshot<TwitterOptions>>().Get(TwitterDefaults.AuthenticationScheme);
+            Assert.Null(options.ConsumerKey);
+            Assert.True(options.SaveTokens);
+        }
+
+        [Fact]
+        public async Task ChallengeWillTriggerApplyRedirectEvent()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+                o.Events = new TwitterEvents
+                {
+                    OnRedirectToAuthorizationEndpoint = context =>
+                    {
+                        context.Response.Redirect(context.RedirectUri + "&custom=test");
+                        return Task.FromResult(0);
+                    }
+                };
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
+                        {
+                            return new HttpResponseMessage(HttpStatusCode.OK)
+                            {
+                                Content =
+                                    new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
+                                        Encoding.UTF8,
+                                        "application/x-www-form-urlencoded")
+                            };
+                        }
+                        return null;
+                    }
+                };
+            },
+            context => 
+            {
+                // REVIEW: Gross
+                context.ChallengeAsync("Twitter").GetAwaiter().GetResult();
+                return true;
+            });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            var query = transaction.Response.Headers.Location.Query;
+            Assert.Contains("custom=test", query);
+        }
+
+        [Fact]
+        public async Task BadSignInWillThrow()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+            });
+
+            // Send a bogus sign in
+            var error = await Assert.ThrowsAnyAsync<Exception>(() => server.SendAsync("https://example.com/signin-twitter"));
+            Assert.Equal("Invalid state cookie.", error.GetBaseException().Message);
+        }
+
+        [Fact]
+        public async Task SignInThrows()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signIn");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task SignOutThrows()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+        [Fact]
+        public async Task ForbidThrows()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+            });
+            var transaction = await server.SendAsync("https://example.com/signOut");
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+        }
+
+
+        [Fact]
+        public async Task ChallengeWillTriggerRedirection()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = req =>
+                    {
+                        if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
+                        {
+                            return new HttpResponseMessage(HttpStatusCode.OK)
+                            {
+                                Content =
+                                    new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
+                                        Encoding.UTF8,
+                                        "application/x-www-form-urlencoded")
+                            };
+                        }
+                        return null;
+                    }
+                };
+            },
+                context =>
+                {
+                    // REVIEW: gross
+                    context.ChallengeAsync("Twitter").GetAwaiter().GetResult();
+                    return true;
+                });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
+        }
+
+        private static TestServer CreateServer(Action<TwitterOptions> options, Func<HttpContext, bool> handler = null)
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+                        if (req.Path == new PathString("/signIn"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync("Twitter", new ClaimsPrincipal()));
+                        }
+                        else if (req.Path == new PathString("/signOut"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync("Twitter"));
+                        }
+                        else if (req.Path == new PathString("/forbid"))
+                        {
+                            await Assert.ThrowsAsync<NotSupportedException>(() => context.ForbidAsync("Twitter"));
+                        }
+                        else if (handler == null || !handler(context))
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
+                {
+                    services.AddCookieAuthentication("External", _ => { });
+                    Action<TwitterOptions> wrapOptions = o =>
+                    {
+                        o.SignInScheme = "External";
+                        options(o);
+                    };
+                    services.AddTwitterAuthentication(wrapOptions);
+                });
+            return new TestServer(builder);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index d9065add3a..c964221fbb 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -1,12 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
@@ -16,9 +14,7 @@
     <PackageReference Include="Microsoft.Extensions.Logging" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-
   <ItemGroup>
     <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
   </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 729c01630b..d2736ca0d7 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -1,23 +1,19 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
-
   <ItemGroup>
     <Compile Include="..\..\shared\Microsoft.AspNetCore.ChunkingCookieManager.Sources\**\*.cs" />
   </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-
   <ItemGroup>
     <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
   </ItemGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index 34d967617b..e45c7f6909 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -5,6 +5,7 @@ using System;
 using System.Security.Claims;
 using System.Security.Principal;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -239,7 +240,12 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication();
+                    services.AddCookieAuthentication(o =>
+                    {
+                        o.CookieName = "TestCookie";
+                        o.CookieHttpOnly = false;
+                        o.CookieSecure = CookieSecurePolicy.None;
+                    });
                 })
                 .Configure(app =>
                 {
@@ -248,15 +254,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                         HttpOnly = HttpOnlyPolicy.Always,
                         Secure = CookieSecurePolicy.Always,
                     });
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions()
-                    {
-                        CookieName = "TestCookie",
-                        CookieHttpOnly = false,
-                        CookieSecure = CookieSecurePolicy.None,
-                    });
+                    app.UseAuthentication();
                     app.Run(context =>
                     {
-                        return context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                        return context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
                             new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("TestUser", "Cookies"))));
                     });
                 });
@@ -279,7 +280,12 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication();
+                    services.AddCookieAuthentication(o =>
+                    {
+                        o.CookieName = "TestCookie";
+                        o.CookieHttpOnly = false;
+                        o.CookieSecure = CookieSecurePolicy.None;
+                    });
                 })
                 .Configure(app =>
                 {
@@ -288,15 +294,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                         HttpOnly = HttpOnlyPolicy.Always,
                         Secure = CookieSecurePolicy.Always,
                     });
-                    app.UseCookieAuthentication(new CookieAuthenticationOptions()
-                    {
-                        CookieName = "TestCookie",
-                        CookieHttpOnly = false,
-                        CookieSecure = CookieSecurePolicy.None,
-                    });
+                    app.UseAuthentication();
                     app.Run(context =>
                     {
-                        return context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                        return context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
                             new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity(new string('c', 1024 * 5), "Cookies"))));
                     });
                 });
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index b9155b4dfe..a972731ea5 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -1,14 +1,12 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.csproj" />
@@ -19,9 +17,7 @@
     <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-
   <ItemGroup>
     <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
   </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index 79288b026d..a06624facb 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -13,6 +13,8 @@ using System.Xml.Linq;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Net.Http.Headers;
@@ -33,8 +35,8 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                CookieAuthenticationDefaults.AuthenticationType, "v2");
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var interopServer = TestServer.Create(app =>
             {
@@ -59,17 +61,14 @@ namespace Microsoft.Owin.Security.Interop
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
-                    {
-                        DataProtectionProvider = dataProtection
-                    });
+                    app.UseAuthentication();
                     app.Run(async context => 
                     {
-                        var result = await context.Authentication.AuthenticateAsync("Cookies");
-                        await context.Response.WriteAsync(result.Identity.Name);
+                        var result = await context.AuthenticateAsync("Cookies");
+                        await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
@@ -90,8 +89,8 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                CookieAuthenticationDefaults.AuthenticationType, "v2");
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var interopServer = TestServer.Create(app =>
             {
@@ -117,17 +116,14 @@ namespace Microsoft.Owin.Security.Interop
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
-                    {
-                        DataProtectionProvider = dataProtection
-                    });
+                    app.UseAuthentication();
                     app.Run(async context =>
                     {
-                        var result = await context.Authentication.AuthenticateAsync("Cookies");
-                        await context.Response.WriteAsync(result.Identity.Name);
+                        var result = await context.AuthenticateAsync("Cookies");
+                        await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
@@ -150,19 +146,16 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                CookieAuthenticationDefaults.AuthenticationType, "v2");
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
-                    {
-                        DataProtectionProvider = dataProtection
-                    });
-                    app.Run(context => context.Authentication.SignInAsync("Cookies", user));
+                    app.UseAuthentication();
+                    app.Run(context => context.SignInAsync("Cookies", user));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
@@ -200,19 +193,16 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                CookieAuthenticationDefaults.AuthenticationType, "v2");
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    app.UseCookieAuthentication(new AspNetCore.Builder.CookieAuthenticationOptions
-                    {
-                        DataProtectionProvider = dataProtection
-                    });
-                    app.Run(context => context.Authentication.SignInAsync("Cookies", user));
+                    app.UseAuthentication();
+                    app.Run(context => context.SignInAsync("Cookies", user));
                 })
-                .ConfigureServices(services => services.AddAuthentication());
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
index 7b2d261bbf..b14ea0d74e 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
@@ -58,7 +58,7 @@ namespace Microsoft.Owin.Security.Interop.Test
 
             var expires = DateTime.Today;
             var issued = new DateTime(1979, 11, 11);
-            var properties = new AspNetCore.Http.Authentication.AuthenticationProperties();
+            var properties = new AspNetCore.Authentication.AuthenticationProperties();
             properties.IsPersistent = true;
             properties.RedirectUri = "/redirect";
             properties.Items["key"] = "value";

From da30688fa9d3f1f83b3369fde41e750790457231 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 19 Apr 2017 13:58:38 -0700
Subject: [PATCH 709/900] Disable api checks for now

---
 .../Microsoft.AspNetCore.Authentication.Cookies.csproj           | 1 +
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj         | 1 +
 .../Microsoft.AspNetCore.Authentication.OAuth.csproj             | 1 +
 .../Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj     | 1 +
 .../Microsoft.AspNetCore.Authentication.Twitter.csproj           | 1 +
 5 files changed, 5 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 3f2f0ee8d3..a7da8e72ce 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -9,6 +9,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 89e7ef9c39..9d6c494422 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -6,6 +6,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index c0e7569acb..73b5140edf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -8,6 +8,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index a5e4c8b0cb..773bc41d64 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -6,6 +6,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index c0b773345d..3d13a3d07a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -8,6 +8,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>

From bb73898ca23a257a07f23ad56eb57c0f01767603 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 19 Apr 2017 14:14:46 -0700
Subject: [PATCH 710/900] Disable api check

---
 .../Microsoft.AspNetCore.Authentication.csproj                   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index d4335f6d4a..07936ed258 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -8,6 +8,7 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>

From 7fd15a2ae6b664882be44953862cd0e480e06c3b Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 19 Apr 2017 14:32:28 -0700
Subject: [PATCH 711/900] Fix tests

---
 .../CookieInteropTests.cs                                 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index a06624facb..ae5e6f0183 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -35,7 +35,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var interopServer = TestServer.Create(app =>
@@ -89,7 +89,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var interopServer = TestServer.Create(app =>
@@ -146,7 +146,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var builder = new WebHostBuilder()
@@ -193,7 +193,7 @@ namespace Microsoft.Owin.Security.Interop
 
             var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
             var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler", // full name of the ASP.NET Core type
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
                 Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
 
             var builder = new WebHostBuilder()

From 4f206558505b32c5ec0a686764ec30a8f912860e Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 20 Apr 2017 14:19:32 -0700
Subject: [PATCH 712/900] Set DisplayName for auth

---
 samples/SocialSample/Startup.cs                      |  2 +-
 .../FacebookExtensions.cs                            |  2 +-
 .../GoogleExtensions.cs                              |  2 +-
 .../MicrosoftAccountExtensions.cs                    |  2 +-
 .../OAuthExtensions.cs                               |  2 +-
 .../OpenIdConnectExtensions.cs                       |  2 +-
 .../TwitterExtensions.cs                             |  2 +-
 .../AuthenticationServiceCollectionExtensions.cs     | 10 ++++++++--
 .../CookieTests.cs                                   | 12 ++++++++++++
 .../DynamicSchemeTests.cs                            |  2 +-
 .../FacebookTests.cs                                 | 12 ++++++++++++
 .../GoogleTests.cs                                   | 12 ++++++++++++
 .../JwtBearerTests.cs                                | 12 ++++++++++++
 .../MicrosoftAccountTests.cs                         | 12 ++++++++++++
 .../OAuthTests.cs                                    | 12 ++++++++++++
 .../TwitterTests.cs                                  | 12 ++++++++++++
 16 files changed, 100 insertions(+), 10 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 3f64d813da..7c1dd9d8db 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -238,7 +238,7 @@ namespace SocialSample
                     foreach (var provider in await schemeProvider.GetAllSchemesAsync())
                     {
                         // REVIEW: we lost access to display name (which is buried in the handler options)
-                        await context.Response.WriteAsync("<a href=\"?authscheme=" + provider.Name + "\">" + (provider.Name ?? "(suppressed)") + "</a><br>");
+                        await context.Response.WriteAsync("<a href=\"?authscheme=" + provider.Name + "\">" + (provider.DisplayName ?? "(suppressed)") + "</a><br>");
                     }
                     await context.Response.WriteAsync("</body></html>");
                 });
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index bcfa95c0ad..79d9ac66ca 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, string authenticationScheme, Action<FacebookOptions> configureOptions)
         {
-            return services.AddScheme<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
+            return services.AddScheme<FacebookOptions, FacebookHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index d85e3a2d6f..420d14030a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, string authenticationScheme, Action<GoogleOptions> configureOptions)
         {
-            return services.AddScheme<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
+            return services.AddScheme<GoogleOptions, GoogleHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index 1f8884ab2e..509016ff29 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
         {
-            return services.AddScheme<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
+            return services.AddScheme<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
index aa7c59f03f..6fd0f57f4b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -10,6 +10,6 @@ namespace Microsoft.AspNetCore.Builder
     public static class OAuthExtensions
     {
         public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action<OAuthOptions> configureOptions) =>
-            services.AddScheme<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
+            services.AddScheme<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, authenticationScheme, configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index 89581b201f..64737a9ad8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
         {
-            return services.AddScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, configureOptions);
+            return services.AddScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index 2170be9028..1e126d4c4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action<TwitterOptions> configureOptions)
         {
-            return services.AddScheme<TwitterOptions, TwitterHandler>(authenticationScheme, configureOptions);
+            return services.AddScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 074f45b5fb..0315562ffb 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -45,7 +45,7 @@ namespace Microsoft.Extensions.DependencyInjection
             return services;
         }
 
-        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<AuthenticationSchemeBuilder> configureScheme, Action<TOptions> configureOptions)
+        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<AuthenticationSchemeBuilder> configureScheme, Action<TOptions> configureOptions)
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
         {
@@ -53,6 +53,7 @@ namespace Microsoft.Extensions.DependencyInjection
             {
                 o.AddScheme(authenticationScheme, scheme => {
                     scheme.HandlerType = typeof(THandler);
+                    scheme.DisplayName = displayName;
                     configureScheme?.Invoke(scheme);
                 });
             });
@@ -67,6 +68,11 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
-            => services.AddScheme<TOptions, THandler>(authenticationScheme, configureScheme: null, configureOptions: configureOptions);
+            => services.AddScheme<TOptions, THandler>(authenticationScheme, displayName: null, configureScheme: null, configureOptions: configureOptions);
+
+        public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+            => services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 55dd054269..419d82493d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -26,6 +26,18 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     {
         private TestClock _clock = new TestClock();
 
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection().AddCookieAuthentication();
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal("CookieAuthenticationHandler", scheme.HandlerType.Name);
+            Assert.Null(scheme.DisplayName);
+        }
+
         [Fact]
         public async Task NormalRequestPassesThrough()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
index a152c735bb..d239d85f81 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
@@ -99,7 +99,7 @@ namespace Microsoft.AspNetCore.Authentication
                         {
                             var name = remainder.Value.Substring(1);
                             var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
-                            var scheme = new AuthenticationScheme(name, typeof(TestHandler));
+                            var scheme = new AuthenticationScheme(name, name, typeof(TestHandler));
                             auth.AddScheme(scheme);
                         }
                         else if (req.Path.StartsWithSegments(new PathString("/auth"), out remainder))
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 79066e48b5..edd9eb5788 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -27,6 +27,18 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     public class FacebookTests
     {
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection().AddFacebookAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(FacebookDefaults.AuthenticationScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal("FacebookHandler", scheme.HandlerType.Name);
+            Assert.Equal(FacebookDefaults.AuthenticationScheme, scheme.DisplayName);
+        }
+
         [Fact]
         public void AddCanBindAgainstDefaultConfig()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 77ddcc7efc..0ab3e44938 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -26,6 +26,18 @@ namespace Microsoft.AspNetCore.Authentication.Google
 {
     public class GoogleTests
     {
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection().AddGoogleAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(GoogleDefaults.AuthenticationScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal("GoogleHandler", scheme.HandlerType.Name);
+            Assert.Equal(GoogleDefaults.AuthenticationScheme, scheme.DisplayName);
+        }
+
         [Fact]
         public void AddCanBindAgainstDefaultConfig()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index 08098622ca..42efe00dd3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -26,6 +26,18 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class JwtBearerTests
     {
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection().AddJwtBearerAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(JwtBearerDefaults.AuthenticationScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal("JwtBearerHandler", scheme.HandlerType.Name);
+            Assert.Null(scheme.DisplayName);
+        }
+
         [Fact]
         public void AddCanBindAgainstDefaultConfig()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index 26110e9fee..1f0f394f3c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -27,6 +27,18 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
 {
     public class MicrosoftAccountTests
     {
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection().AddMicrosoftAccountAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal("MicrosoftAccountHandler", scheme.HandlerType.Name);
+            Assert.Equal(MicrosoftAccountDefaults.AuthenticationScheme, scheme.DisplayName);
+        }
+
         [Fact]
         public void AddCanBindAgainstDefaultConfig()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 95c086c805..dd48f7c956 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -15,6 +15,18 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     public class OAuthTests
     {
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection().AddOAuthAuthentication("oauth", o => { });
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync("oauth");
+            Assert.NotNull(scheme);
+            Assert.Equal("OAuthHandler`1", scheme.HandlerType.Name);
+            Assert.Equal("oauth", scheme.DisplayName);
+        }
+
         [Fact]
         public async Task ThrowsIfClientIdMissing()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 432227aed0..9993559f69 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -20,6 +20,18 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     public class TwitterTests
     {
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection().AddTwitterAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(TwitterDefaults.AuthenticationScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal("TwitterHandler", scheme.HandlerType.Name);
+            Assert.Equal(TwitterDefaults.AuthenticationScheme, scheme.DisplayName);
+        }
+
         [Fact]
         public void AddCanBindAgainstDefaultConfig()
         {

From 254eb82ee14f24286598af20a782acab2285029a Mon Sep 17 00:00:00 2001
From: Smit Patel <smitpatel@users.noreply.github.com>
Date: Mon, 24 Apr 2017 18:11:57 -0700
Subject: [PATCH 713/900] Update API Check related files React to
 aspnet/BuildTools#238

---
 .../{baseline.net45.json => baseline.netframework.json}           | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/Microsoft.Owin.Security.Interop/{baseline.net45.json => baseline.netframework.json} (100%)

diff --git a/src/Microsoft.Owin.Security.Interop/baseline.net45.json b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/baseline.net45.json
rename to src/Microsoft.Owin.Security.Interop/baseline.netframework.json

From 4b9f57b3b372cc1d921188bf3013069da49616d3 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 25 Apr 2017 11:29:03 -0700
Subject: [PATCH 714/900] Temporarily disable DotNetCliToolReference in samples
 until aspnet/Universe#506 is resolved

---
 .../OpenIdConnect.AzureAdSample.csproj                        | 3 ++-
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj        | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index a37c3659da..65d0ef7400 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -20,7 +20,8 @@
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(IdentityModelActiveDirectoryVersion)" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
+    <!--
+      TODO re-enable. See https://github.com/aspnet/Universe/issues/506<DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" /> -->
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 74661c2f32..41bf8c0efb 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -22,7 +22,9 @@
     <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(AspNetCoreVersion)" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
+    <!--
+      TODO re-enable. See https://github.com/aspnet/Universe/issues/506
+      <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" /> -->
   </ItemGroup>
 
 </Project>

From 0cc0a46b749eb1d74129582ec4d6078e876f3fff Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 25 Apr 2017 11:04:10 -0700
Subject: [PATCH 715/900] Use Bundled NETStandard.Library \ NETCoreApp versions
 instead of explicitly specifying one

---
 build/common.props       | 2 +-
 build/dependencies.props | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/build/common.props b/build/common.props
index 9c5464a54c..3f55ba5b33 100644
--- a/build/common.props
+++ b/build/common.props
@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework' AND '$(OutputType)'=='library'">
-    <PackageReference Include="NETStandard.Library" Version="$(NetStandardImplicitPackageVersion)" />
+    <PackageReference Include="NETStandard.Library" Version="$(BundledNETStandardPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/build/dependencies.props b/build/dependencies.props
index b9ac0f5f05..2c8cbafc5f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -6,10 +6,8 @@
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
     <InternalAspNetCoreSdkVersion>2.0.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
-    <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
     <OwinVersion>3.0.1</OwinVersion>
-    <RuntimeFrameworkVersion>2.0.0-*</RuntimeFrameworkVersion>
     <TestSdkVersion>15.0.0</TestSdkVersion>
     <XunitVersion>2.2.0</XunitVersion>
   </PropertyGroup>
-</Project>
\ No newline at end of file
+</Project>

From 98e517de43a30400a0e89fd74914d5929c764f7f Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 25 Apr 2017 22:05:23 -0700
Subject: [PATCH 716/900] Branching for 2.0.0-preview1

---
 NuGet.config             | 4 ++--
 build.ps1                | 2 +-
 build.sh                 | 2 +-
 build/dependencies.props | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 93f1ac47df..fa4304af9c 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
+    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-release/api/v3/index.json" />
     <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
diff --git a/build.ps1 b/build.ps1
index 5bf0e2c113..225b1fe450 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/2.0.0-preview1.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index b0bcadb579..702b25c636 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/2.0.0-preview1.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi
diff --git a/build/dependencies.props b/build/dependencies.props
index 2c8cbafc5f..5d7f9bb688 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
+    <AspNetCoreVersion>2.0.0-preview1-*</AspNetCoreVersion>
     <CoreFxVersion>4.3.0</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>

From 998767043abf8c94849991031d9013c1b4629159 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 26 Apr 2017 07:13:36 -0700
Subject: [PATCH 717/900] Updating package version to preview2

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index 44cb2290b9..0b2b8e0010 100644
--- a/version.props
+++ b/version.props
@@ -2,6 +2,6 @@
 <Project>
     <PropertyGroup>
         <VersionPrefix>2.0.0</VersionPrefix>
-        <VersionSuffix>preview1</VersionSuffix>
+        <VersionSuffix>preview2</VersionSuffix>
     </PropertyGroup>
 </Project>
\ No newline at end of file

From e17b275d92293c46cabd7db8816c5240f3be8736 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Fri, 28 Apr 2017 11:51:56 -0700
Subject: [PATCH 718/900] Revert "Temporarily disable DotNetCliToolReference in
 samples until aspnet/Universe#506 is resolved"

This reverts commit 4b9f57b3b372cc1d921188bf3013069da49616d3.
---
 .../OpenIdConnect.AzureAdSample.csproj                        | 3 +--
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj        | 4 +---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 65d0ef7400..a37c3659da 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -20,8 +20,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(IdentityModelActiveDirectoryVersion)" />
-    <!--
-      TODO re-enable. See https://github.com/aspnet/Universe/issues/506<DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" /> -->
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 41bf8c0efb..74661c2f32 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -22,9 +22,7 @@
     <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(AspNetCoreVersion)" />
-    <!--
-      TODO re-enable. See https://github.com/aspnet/Universe/issues/506
-      <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" /> -->
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>

From c0f4a211e46a587c0d26c1a742a65b4a1fcb9fea Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 1 May 2017 12:40:12 -0700
Subject: [PATCH 719/900] Use the bundled NETStandard.Library package in
 netstandard targeting libraries

---
 build/dependencies.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build/dependencies.props b/build/dependencies.props
index 5d7f9bb688..77c4b3d710 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -6,6 +6,7 @@
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
     <InternalAspNetCoreSdkVersion>2.0.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
+    <NETStandardImplicitPackageVersion>$(BundledNETStandardPackageVersion)</NETStandardImplicitPackageVersion>
     <OwinVersion>3.0.1</OwinVersion>
     <TestSdkVersion>15.0.0</TestSdkVersion>
     <XunitVersion>2.2.0</XunitVersion>

From d84abf1fe6c39729df4cd485a7ccd4b72c98e10f Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@Outlook.com>
Date: Thu, 4 May 2017 19:26:44 -0700
Subject: [PATCH 720/900] Migrate to netcoreapp2.0 (#1202)

* Migrate to netcoreapp2.0, remove Microsoft.Owin.Security.Interop & tests.

* Remove net45 baselines
---
 Security.sln                                  |   74 +-
 build/dependencies.props                      |    2 +-
 build/repo.props                              |    1 -
 samples/CookieSample/CookieSample.csproj      |    4 +-
 .../CookieSessionSample.csproj                |    4 +-
 .../JwtBearerSample/JwtBearerSample.csproj    |    4 +-
 .../OpenIdConnect.AzureAdSample.csproj        |    2 +-
 .../OpenIdConnectSample.csproj                |    2 +-
 samples/SocialSample/SocialSample.csproj      |    2 +-
 ...t.AspNetCore.Authentication.Cookies.csproj |    2 +-
 .../baseline.net45.json                       | 1661 ----------
 ....AspNetCore.Authentication.Facebook.csproj |    2 +-
 .../baseline.net45.json                       |  453 ---
 ...ft.AspNetCore.Authentication.Google.csproj |    2 +-
 .../baseline.net45.json                       |  291 --
 ...AspNetCore.Authentication.JwtBearer.csproj |    2 +-
 .../baseline.net45.json                       |  976 ------
 ...ore.Authentication.MicrosoftAccount.csproj |    2 +-
 .../baseline.net45.json                       |  256 --
 ...oft.AspNetCore.Authentication.OAuth.csproj |    2 +-
 .../baseline.net45.json                       |  955 ------
 ...etCore.Authentication.OpenIdConnect.csproj |    2 +-
 .../baseline.net45.json                       | 2005 ------------
 ...t.AspNetCore.Authentication.Twitter.csproj |    2 +-
 .../baseline.net45.json                       |  848 -----
 ...Microsoft.AspNetCore.Authentication.csproj |    2 +-
 .../baseline.net45.json                       | 2897 -----------------
 .../Microsoft.AspNetCore.Authorization.csproj |    2 +-
 .../baseline.net45.json                       | 1593 ---------
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |    2 +-
 .../baseline.net45.json                       |  392 ---
 .../AspNetTicketDataFormat.cs                 |   17 -
 .../AspNetTicketSerializer.cs                 |  220 --
 .../ChunkingCookieManager.cs                  |  281 --
 .../Constants.cs                              |   13 -
 .../DataProtectorShim.cs                      |   31 -
 .../Microsoft.Owin.Security.Interop.csproj    |   18 -
 .../Properties/AssemblyInfo.cs                |    8 -
 .../baseline.netframework.json                |  373 ---
 ...soft.AspNetCore.Authentication.Test.csproj |    3 +-
 ...osoft.AspNetCore.Authorization.Test.csproj |    3 +-
 ....ChunkingCookieManager.Sources.Test.csproj |    3 +-
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |    3 +-
 .../CookieInteropTests.cs                     |  332 --
 ...icrosoft.Owin.Security.Interop.Test.csproj |   28 -
 .../TicketInteropTests.cs                     |   91 -
 46 files changed, 43 insertions(+), 13825 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.Authorization/baseline.net45.json
 delete mode 100644 src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json
 delete mode 100644 src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
 delete mode 100644 src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
 delete mode 100644 src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
 delete mode 100644 src/Microsoft.Owin.Security.Interop/Constants.cs
 delete mode 100644 src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
 delete mode 100644 src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
 delete mode 100644 src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
 delete mode 100644 src/Microsoft.Owin.Security.Interop/baseline.netframework.json
 delete mode 100644 test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
 delete mode 100644 test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
 delete mode 100644 test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs

diff --git a/Security.sln b/Security.sln
index 81d0cc4b9c..157849c911 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26228.0
+VisualStudioVersion = 15.0.26403.7
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -46,10 +46,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authen
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "JwtBearerSample", "samples\JwtBearerSample\JwtBearerSample.csproj", "{D399B84F-591B-4E98-92BA-B0F63E7B6957}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Owin.Security.Interop", "src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj", "{A7922DD8-09F1-43E4-938B-CC523EA08898}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Owin.Security.Interop.Test", "test\Microsoft.Owin.Security.Interop.Test\Microsoft.Owin.Security.Interop.Test.csproj", "{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIdConnect.AzureAdSample", "samples\OpenIdConnect.AzureAdSample\OpenIdConnect.AzureAdSample.csproj", "{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test", "test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj", "{51563775-C659-4907-9BAF-9995BAB87D01}"
@@ -140,6 +136,22 @@ Global
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x64.Build.0 = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.ActiveCfg = Release|Any CPU
 		{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.Build.0 = Debug|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.Build.0 = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.ActiveCfg = Release|Any CPU
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.Build.0 = Release|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -348,38 +360,6 @@ Global
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x64.Build.0 = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.ActiveCfg = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.Build.0 = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.Build.0 = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.Build.0 = Debug|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.Build.0 = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.ActiveCfg = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.Build.0 = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.ActiveCfg = Release|Any CPU
-		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.Build.0 = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.Build.0 = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.Build.0 = Debug|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.Build.0 = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.ActiveCfg = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.Build.0 = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.ActiveCfg = Release|Any CPU
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.Build.0 = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -412,22 +392,6 @@ Global
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x64.Build.0 = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.ActiveCfg = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.Build.0 = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.Build.0 = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.Build.0 = Debug|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.Build.0 = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.ActiveCfg = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.Build.0 = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.ActiveCfg = Release|Any CPU
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -438,6 +402,7 @@ Global
 		{19711880-46DA-4A26-9E0F-9B2E41D27651} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{FC152CC4-054B-457E-8D91-389C5DE3C561} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{76579C39-B829-490D-B8BE-1BD35FE8412E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
@@ -451,10 +416,7 @@ Global
 		{1790E052-646F-4529-B90E-6FEA95520D69} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
-		{A7922DD8-09F1-43E4-938B-CC523EA08898} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
-		{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/build/dependencies.props b/build/dependencies.props
index 77c4b3d710..5203ebced3 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,7 +4,7 @@
     <CoreFxVersion>4.3.0</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
-    <InternalAspNetCoreSdkVersion>2.0.0-*</InternalAspNetCoreSdkVersion>
+    <InternalAspNetCoreSdkVersion>2.1.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>$(BundledNETStandardPackageVersion)</NETStandardImplicitPackageVersion>
     <OwinVersion>3.0.1</OwinVersion>
diff --git a/build/repo.props b/build/repo.props
index d4bab3eebd..396aed1f53 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,5 +1,4 @@
 <Project>
   <ItemGroup>
-    <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'"/>
   </ItemGroup>
 </Project>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 9fd7e9412c..27fa4ca17b 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -1,9 +1,9 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index e4a42b8c4d..2a838df7e4 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -1,9 +1,9 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 1f93103294..86b04d587c 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,9 +1,9 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
  </PropertyGroup>
 
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 65d0ef7400..274fe9afad 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 41bf8c0efb..1520728985 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index fe63ab5ca0..e0336cc0e3 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net46;netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
   </PropertyGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index a7da8e72ce..a5728fbabc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to use cookie based authentication.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <DefineConstants>$(DefineConstants);SECURITY</DefineConstants>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json
deleted file mode 100644
index 56e48d3fed..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.net45.json
+++ /dev/null
@@ -1,1661 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Builder.CookieAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseCookieAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseCookieAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "ImplementedInterfaces": [
-        "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_CookieName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieName",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieDomain",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieDomain",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookiePath",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookiePath",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieHttpOnly",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieHttpOnly",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieSecure",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieSecure",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_DataProtectionProvider",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_DataProtectionProvider",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ExpireTimeSpan",
-          "Parameters": [],
-          "ReturnType": "System.TimeSpan",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ExpireTimeSpan",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.TimeSpan"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SlidingExpiration",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SlidingExpiration",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_LoginPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_LoginPath",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.PathString"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_LogoutPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_LogoutPath",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.PathString"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AccessDeniedPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AccessDeniedPath",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.PathString"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ReturnUrlParameter",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ReturnUrlParameter",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Events",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TicketDataFormat",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TicketDataFormat",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieManager",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieManager",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SessionStore",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SessionStore",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_ChunkSize",
-          "Parameters": [],
-          "ReturnType": "System.Nullable<System.Int32>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ChunkSize",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Nullable<System.Int32>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ThrowForPartialCookies",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ThrowForPartialCookies",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetRequestCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AppendResponseCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
-            {
-              "Name": "value",
-              "Type": "System.String"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "DeleteCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "CookiePrefix",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "LoginPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "LogoutPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AccessDeniedPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "ReturnUrlParameter",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Cookies\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "urlEncoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetRequestCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AppendResponseCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
-            {
-              "Name": "value",
-              "Type": "System.String"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "DeleteCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ITicketStore",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "StoreAsync",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.String>",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RenewAsync",
-          "Parameters": [
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RetrieveAsync",
-          "Parameters": [
-            {
-              "Name": "key",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RemoveAsync",
-          "Parameters": [
-            {
-              "Name": "key",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnValidatePrincipal",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnValidatePrincipal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnSigningIn",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnSigningIn",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnSignedIn",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnSignedIn",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnSigningOut",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnSigningOut",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToLogin",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToLogin",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToAccessDenied",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToAccessDenied",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToLogout",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToLogout",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToReturnUrl",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToReturnUrl",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ValidatePrincipal",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SigningIn",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignedIn",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SigningOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToLogout",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToLogin",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToReturnUrl",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAccessDenied",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_RedirectUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RedirectUri",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "redirectUri",
-              "Type": "System.String"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Principal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieOptions",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieOptions",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "cookieOptions",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_CookieOptions",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieOptions",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "cookieOptions",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ShouldRenew",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ShouldRenew",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ReplacePrincipal",
-          "Parameters": [
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RejectPrincipal",
-          "Parameters": [],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "ValidatePrincipal",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SigningIn",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignedIn",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToLogout",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToLogin",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToReturnUrl",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAccessDenied",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SigningOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 8f46ff169a..19ec83413c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json
deleted file mode 100644
index 1e070fc7ff..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.net45.json
+++ /dev/null
@@ -1,453 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookDefaults",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "AuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "TokenEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "UserInformationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Facebook\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookHelper",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetId",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetAgeRangeMin",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetAgeRangeMax",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetBirthday",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetEmail",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetFirstName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetGender",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLastName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLink",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLocation",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLocale",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetMiddleName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetTimeZone",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.FacebookOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.FacebookOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.FacebookOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.FacebookAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseFacebookAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseFacebookAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.FacebookOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.FacebookOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AppId",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AppId",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AppSecret",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AppSecret",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SendAppSecretProof",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SendAppSecretProof",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Fields",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index 7b6c9ee5df..e403fe4a95 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json
deleted file mode 100644
index 647633afa8..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/baseline.net45.json
+++ /dev/null
@@ -1,291 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleDefaults",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "AuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "TokenEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "UserInformationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Google\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetId",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetGivenName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetFamilyName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetProfile",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetEmail",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.GoogleOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.GoogleOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.GoogleOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.GoogleAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseGoogleAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseGoogleAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.GoogleOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.GoogleOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AccessType",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AccessType",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 9d6c494422..05bdd41313 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -2,7 +2,7 @@
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
-    <TargetFrameworks>net46;netstandard1.4</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json
deleted file mode 100644
index 37e18e53ed..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.net45.json
+++ /dev/null
@@ -1,976 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Bearer\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.JwtBearerOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Exception",
-          "Parameters": [],
-          "ReturnType": "System.Exception",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Exception",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "MessageReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenValidated",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Challenge",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticateFailure",
-          "Parameters": [],
-          "ReturnType": "System.Exception",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AuthenticateFailure",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Error",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Error",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ErrorDescription",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ErrorDescription",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ErrorUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ErrorUri",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnAuthenticationFailed",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnAuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnMessageReceived",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnMessageReceived",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnTokenValidated",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnTokenValidated",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnChallenge",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnChallenge",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "MessageReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenValidated",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Challenge",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Token",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Token",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_SecurityToken",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Tokens.SecurityToken",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SecurityToken",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Tokens.SecurityToken"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseJwtBearerAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseJwtBearerAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_RequireHttpsMetadata",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RequireHttpsMetadata",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_MetadataAddress",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_MetadataAddress",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Authority",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Authority",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Audience",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Audience",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Challenge",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Challenge",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Events",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_BackchannelHttpHandler",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpMessageHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_BackchannelHttpHandler",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Net.Http.HttpMessageHandler"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_BackchannelTimeout",
-          "Parameters": [],
-          "ReturnType": "System.TimeSpan",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_BackchannelTimeout",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.TimeSpan"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Configuration",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Configuration",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ConfigurationManager",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ConfigurationManager",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RefreshOnIssuerKeyNotFound",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RefreshOnIssuerKeyNotFound",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SecurityTokenValidators",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IList<Microsoft.IdentityModel.Tokens.ISecurityTokenValidator>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenValidationParameters",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Tokens.TokenValidationParameters",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenValidationParameters",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Tokens.TokenValidationParameters"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SaveToken",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SaveToken",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_IncludeErrorDetails",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_IncludeErrorDetails",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 5b8263c9c1..4d91e0da1e 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json
deleted file mode 100644
index 06b3cd0d53..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.net45.json
+++ /dev/null
@@ -1,256 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountDefaults",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "AuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "TokenEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "UserInformationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Microsoft\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountHelper",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetId",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetDisplayName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetGivenName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetSurname",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetEmail",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.MicrosoftAccountAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseMicrosoftAccountAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseMicrosoftAccountAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 73b5140edf..5fb75ead95 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json
deleted file mode 100644
index d485aedb17..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.net45.json
+++ /dev/null
@@ -1,955 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ExchangeCodeAsync",
-          "Parameters": [
-            {
-              "Name": "code",
-              "Type": "System.String"
-            },
-            {
-              "Name": "redirectUri",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreateTicketAsync",
-          "Parameters": [
-            {
-              "Name": "identity",
-              "Type": "System.Security.Claims.ClaimsIdentity"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "tokens",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleUnauthorizedAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "BuildChallengeUrl",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "redirectUri",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "FormatScope",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.OAuthOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "New": true,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.OAuthOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "Success",
-          "Parameters": [
-            {
-              "Name": "response",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Failed",
-          "Parameters": [
-            {
-              "Name": "error",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Response",
-          "Parameters": [],
-          "ReturnType": "Newtonsoft.Json.Linq.JObject",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Response",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AccessToken",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AccessToken",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenType",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenType",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RefreshToken",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RefreshToken",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ExpiresIn",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ExpiresIn",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Error",
-          "Parameters": [],
-          "ReturnType": "System.Exception",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Error",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreatingTicket",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_User",
-          "Parameters": [],
-          "ReturnType": "Newtonsoft.Json.Linq.JObject",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenResponse",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AccessToken",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenType",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RefreshToken",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ExpiresIn",
-          "Parameters": [],
-          "ReturnType": "System.Nullable<System.TimeSpan>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Ticket",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Ticket",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Identity",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsIdentity",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            },
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
-            },
-            {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            },
-            {
-              "Name": "tokens",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            },
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
-            },
-            {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            },
-            {
-              "Name": "tokens",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
-            },
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnCreatingTicket",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnCreatingTicket",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToAuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToAuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreatingTicket",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RedirectUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "redirectUri",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseOAuthAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseOAuthAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.OAuthOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_ClientId",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ClientId",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ClientSecret",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ClientSecret",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_UserInformationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_UserInformationEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Events",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Scope",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_StateDataFormat",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_StateDataFormat",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 773bc41d64..aab8833d28 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -2,7 +2,7 @@
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
-    <TargetFrameworks>net46;netstandard1.4</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json
deleted file mode 100644
index 64cb79487d..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.net45.json
+++ /dev/null
@@ -1,2005 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationPropertiesKey",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "Caption",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "CookieNoncePrefix",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "RedirectUriForCodePropertiesKey",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "UserstatePropertiesKey",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"OpenIdConnect\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HtmlEncoder",
-          "Parameters": [],
-          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteSignOutAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignOutAsync",
-          "Parameters": [
-            {
-              "Name": "signout",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleUnauthorizedAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedeemAuthorizationCodeAsync",
-          "Parameters": [
-            {
-              "Name": "tokenEndpointRequest",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetUserInformationAsync",
-          "Parameters": [
-            {
-              "Name": "message",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            },
-            {
-              "Name": "jwt",
-              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
-            },
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            },
-            {
-              "Name": "htmlEncoder",
-              "Type": "System.Text.Encodings.Web.HtmlEncoder"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HtmlEncoder",
-          "Parameters": [],
-          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "services",
-              "Type": "System.IServiceProvider"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>"
-            },
-            {
-              "Name": "htmlEncoder",
-              "Type": "System.Text.Encodings.Web.HtmlEncoder"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
-      "Visibility": "Public",
-      "Kind": "Enumeration",
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "RedirectGet",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "0"
-        },
-        {
-          "Kind": "Field",
-          "Name": "FormPost",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "1"
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Exception",
-          "Parameters": [],
-          "ReturnType": "System.Exception",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Exception",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_JwtSecurityToken",
-          "Parameters": [],
-          "ReturnType": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_JwtSecurityToken",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenEndpointRequest",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenEndpointRequest",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenEndpointResponse",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenEndpointResponse",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HandledCodeRedemption",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleCodeRedemption",
-          "Parameters": [],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleCodeRedemption",
-          "Parameters": [
-            {
-              "Name": "accessToken",
-              "Type": "System.String"
-            },
-            {
-              "Name": "idToken",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleCodeRedemption",
-          "Parameters": [
-            {
-              "Name": "tokenEndpointResponse",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ProtocolMessage",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ProtocolMessage",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizationCodeReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "MessageReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToIdentityProvider",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToIdentityProviderForSignOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RemoteSignOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenResponseReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenValidated",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UserInformationReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Token",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Token",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnAuthenticationFailed",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnAuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnAuthorizationCodeReceived",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnAuthorizationCodeReceived",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnMessageReceived",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnMessageReceived",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToIdentityProvider",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToIdentityProvider",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToIdentityProviderForSignOut",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToIdentityProviderForSignOut",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRemoteSignOut",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRemoteSignOut",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnTokenResponseReceived",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnTokenResponseReceived",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnTokenValidated",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnTokenValidated",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnUserInformationReceived",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnUserInformationReceived",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizationCodeReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "MessageReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToIdentityProvider",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToIdentityProviderForSignOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RemoteSignOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenResponseReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenValidated",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UserInformationReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            },
-            {
-              "Name": "message",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenEndpointResponse",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenEndpointResponse",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SecurityToken",
-          "Parameters": [],
-          "ReturnType": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SecurityToken",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenEndpointResponse",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenEndpointResponse",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Nonce",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Nonce",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_User",
-          "Parameters": [],
-          "ReturnType": "Newtonsoft.Json.Linq.JObject",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_User",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseOpenIdConnectAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseOpenIdConnectAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Authority",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Authority",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ClientId",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ClientId",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ClientSecret",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ClientSecret",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Configuration",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Configuration",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ConfigurationManager",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ConfigurationManager",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_GetClaimsFromUserInfoEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_GetClaimsFromUserInfoEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RequireHttpsMetadata",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RequireHttpsMetadata",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_MetadataAddress",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_MetadataAddress",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Events",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ProtocolValidator",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ProtocolValidator",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_PostLogoutRedirectUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_PostLogoutRedirectUri",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RefreshOnIssuerKeyNotFound",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RefreshOnIssuerKeyNotFound",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationMethod",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AuthenticationMethod",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Resource",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Resource",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ResponseMode",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ResponseMode",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ResponseType",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ResponseType",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Scope",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RemoteSignOutPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RemoteSignOutPath",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.PathString"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SignOutScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SignOutScheme",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_StateDataFormat",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_StateDataFormat",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_StringDataFormat",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_StringDataFormat",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<System.String>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SecurityTokenValidator",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Tokens.ISecurityTokenValidator",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SecurityTokenValidator",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Tokens.ISecurityTokenValidator"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenValidationParameters",
-          "Parameters": [],
-          "ReturnType": "Microsoft.IdentityModel.Tokens.TokenValidationParameters",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenValidationParameters",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.IdentityModel.Tokens.TokenValidationParameters"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_UseTokenLifetime",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_UseTokenLifetime",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SkipUnrecognizedRequests",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SkipUnrecognizedRequests",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 3d13a3d07a..5dd58d680c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json
deleted file mode 100644
index c35232a310..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.net45.json
+++ /dev/null
@@ -1,848 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterDefaults",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Twitter\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.TwitterOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.TwitterOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.TwitterOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.TwitterOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreatingTicket",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_UserId",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ScreenName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AccessToken",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AccessTokenSecret",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_User",
-          "Parameters": [],
-          "ReturnType": "Newtonsoft.Json.Linq.JObject",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Principal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
-            },
-            {
-              "Name": "userId",
-              "Type": "System.String"
-            },
-            {
-              "Name": "screenName",
-              "Type": "System.String"
-            },
-            {
-              "Name": "accessToken",
-              "Type": "System.String"
-            },
-            {
-              "Name": "accessTokenSecret",
-              "Type": "System.String"
-            },
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnCreatingTicket",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnCreatingTicket",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToAuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToAuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreatingTicket",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_RedirectUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "redirectUri",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.AccessToken",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_UserId",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_UserId",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ScreenName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ScreenName",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Token",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Token",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenSecret",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenSecret",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CallbackConfirmed",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CallbackConfirmed",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.RequestTokenSerializer",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "Serialize",
-          "Parameters": [
-            {
-              "Name": "model",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Deserialize",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Write",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "token",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Read",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseTwitterAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseTwitterAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.TwitterOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_ConsumerKey",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ConsumerKey",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ConsumerSecret",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ConsumerSecret",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RetrieveUserDetails",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RetrieveUserDetails",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_StateDataFormat",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_StateDataFormat",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.Twitter.RequestToken>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Events",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 07936ed258..54b560702a 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core common types used by the various authentication middleware components.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.net45.json b/src/Microsoft.AspNetCore.Authentication/baseline.net45.json
deleted file mode 100644
index 1f69da5a8f..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/baseline.net45.json
+++ /dev/null
@@ -1,2897 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AuthenticationScheme",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AutomaticAuthenticate",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AutomaticAuthenticate",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AutomaticChallenge",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AutomaticChallenge",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ClaimsIssuer",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ClaimsIssuer",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Description",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Description",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseClaimsTransformation",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseClaimsTransformation",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "transform",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseClaimsTransformation",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Transformer",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Transformer",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_BackchannelTimeout",
-          "Parameters": [],
-          "ReturnType": "System.TimeSpan",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_BackchannelTimeout",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.TimeSpan"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_BackchannelHttpHandler",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpMessageHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_BackchannelHttpHandler",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Net.Http.HttpMessageHandler"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CallbackPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CallbackPath",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.PathString"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SignInScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SignInScheme",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_DisplayName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_DisplayName",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RemoteAuthenticationTimeout",
-          "Parameters": [],
-          "ReturnType": "System.TimeSpan",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RemoteAuthenticationTimeout",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.TimeSpan"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SaveTokens",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SaveTokens",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Succeeded",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Ticket",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Failure",
-          "Parameters": [],
-          "ReturnType": "System.Exception",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Skipped",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Success",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Skip",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Fail",
-          "Parameters": [
-            {
-              "Name": "failure",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Fail",
-          "Parameters": [
-            {
-              "Name": "failureMessage",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_SignInAccepted",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SignInAccepted",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SignOutAccepted",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SignOutAccepted",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ChallengeCalled",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ChallengeCalled",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Context",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Request",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpRequest",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Response",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpResponse",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OriginalPathBase",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OriginalPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Logger",
-          "Parameters": [],
-          "ReturnType": "Microsoft.Extensions.Logging.ILogger",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_UrlEncoder",
-          "Parameters": [],
-          "ReturnType": "System.Text.Encodings.Web.UrlEncoder",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_PriorHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_PriorHandler",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CurrentUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "T0",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "InitializeAsync",
-          "Parameters": [
-            {
-              "Name": "options",
-              "Type": "T0"
-            },
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "logger",
-              "Type": "Microsoft.Extensions.Logging.ILogger"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "BuildRedirectUri",
-          "Parameters": [
-            {
-              "Name": "targetPath",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "FinishResponseAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetDescriptions",
-          "Parameters": [
-            {
-              "Name": "describeContext",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ShouldHandleScheme",
-          "Parameters": [
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "handleAutomatic",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthenticateAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleAuthenticateOnceAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Abstract": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleForbiddenAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleUnauthorizedAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ChallengeAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AuthenticationScheme",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "T0",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Options",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "T0"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Logger",
-          "Parameters": [],
-          "ReturnType": "Microsoft.Extensions.Logging.ILogger",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Logger",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.Extensions.Logging.ILogger"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_UrlEncoder",
-          "Parameters": [],
-          "ReturnType": "System.Text.Encodings.Web.UrlEncoder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_UrlEncoder",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Invoke",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
-          "Virtual": true,
-          "Abstract": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            }
-          ],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "New": true,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationToken",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Name",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Name",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Value",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Value",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Context",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Principal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationHandler",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_PriorHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_PriorHandler",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthenticateAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ChallengeAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetDescriptions",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RegisterAuthenticationHandler",
-          "Parameters": [
-            {
-              "Name": "auth",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UnregisterAuthenticationHandler",
-          "Parameters": [
-            {
-              "Name": "auth",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "transform",
-              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
-            },
-            {
-              "Name": "httpContext",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Options",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Invoke",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.ClaimsTransformationOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformer",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnTransform",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnTransform",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TransformAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "TransformAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ISystemClock",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_UtcNow",
-          "Parameters": [],
-          "ReturnType": "System.DateTimeOffset",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteCallbackAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Abstract": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleForbiddenAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GenerateCorrelationId",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ValidateCorrelationId",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Boolean",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_SignInScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SignInScheme",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.SystemClock",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.ISystemClock"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_UtcNow",
-          "Parameters": [],
-          "ReturnType": "System.DateTimeOffset",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTokenExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "StoreTokens",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "tokens",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetTokenValue",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "tokenName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetTokens",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetTokenAsync",
-          "Parameters": [
-            {
-              "Name": "manager",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
-            },
-            {
-              "Name": "tokenName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.String>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetTokenAsync",
-          "Parameters": [
-            {
-              "Name": "manager",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
-            },
-            {
-              "Name": "signInScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "tokenName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.String>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.IDataSerializer<T0>",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "Serialize",
-          "Parameters": [
-            {
-              "Name": "model",
-              "Type": "T0"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Deserialize",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "T0",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TModel",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": []
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "Protect",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "T0"
-            }
-          ],
-          "ReturnType": "System.String",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Protect",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "T0"
-            },
-            {
-              "Name": "purpose",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Unprotect",
-          "Parameters": [
-            {
-              "Name": "protectedText",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "T0",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Unprotect",
-          "Parameters": [
-            {
-              "Name": "protectedText",
-              "Type": "System.String"
-            },
-            {
-              "Name": "purpose",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "T0",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TData",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": []
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.PropertiesDataFormat",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "protector",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.PropertiesSerializer",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Default",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.PropertiesSerializer",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Serialize",
-          "Parameters": [
-            {
-              "Name": "model",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Deserialize",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Write",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Read",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.SecureDataFormat<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "Protect",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "T0"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Protect",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "T0"
-            },
-            {
-              "Name": "purpose",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Unprotect",
-          "Parameters": [
-            {
-              "Name": "protectedText",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "T0",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Unprotect",
-          "Parameters": [
-            {
-              "Name": "protectedText",
-              "Type": "System.String"
-            },
-            {
-              "Name": "purpose",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "T0",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<T0>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "serializer",
-              "Type": "Microsoft.AspNetCore.Authentication.IDataSerializer<T0>"
-            },
-            {
-              "Name": "protector",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TData",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": []
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Base64UrlTextEncoder",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "Encode",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Decode",
-          "Parameters": [
-            {
-              "Name": "text",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.TicketDataFormat",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "protector",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.TicketSerializer",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Default",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.TicketSerializer",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Serialize",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Deserialize",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Write",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "WriteIdentity",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "identity",
-              "Type": "System.Security.Claims.ClaimsIdentity"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "WriteClaim",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "claim",
-              "Type": "System.Security.Claims.Claim"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Read",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ReadIdentity",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            }
-          ],
-          "ReturnType": "System.Security.Claims.ClaimsIdentity",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ReadClaim",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            },
-            {
-              "Name": "identity",
-              "Type": "System.Security.Claims.ClaimsIdentity"
-            }
-          ],
-          "ReturnType": "System.Security.Claims.Claim",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_HttpContext",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Request",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpRequest",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Response",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpResponse",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_State",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.EventResultState",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_State",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.EventResultState"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HandledResponse",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Skipped",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleResponse",
-          "Parameters": [],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SkipToNextMiddleware",
-          "Parameters": [],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Ticket",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Ticket",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CheckEventResult",
-          "Parameters": [
-            {
-              "Name": "result",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-              "Direction": "Out"
-            }
-          ],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.EventResultState",
-      "Visibility": "Public",
-      "Kind": "Enumeration",
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "Continue",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "0"
-        },
-        {
-          "Kind": "Field",
-          "Name": "Skipped",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "1"
-        },
-        {
-          "Kind": "Field",
-          "Name": "HandledResponse",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "2"
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.FailureContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Failure",
-          "Parameters": [],
-          "ReturnType": "System.Exception",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Failure",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "failure",
-              "Type": "System.Exception"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "RemoteFailure",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TicketReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.TicketReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnRemoteFailure",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRemoteFailure",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnTicketReceived",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.TicketReceivedContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnTicketReceived",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.TicketReceivedContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RemoteFailure",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TicketReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.TicketReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.TicketReceivedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Principal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Options",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ReturnUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ReturnUri",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
-            },
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AddAuthentication",
-          "Parameters": [
-            {
-              "Name": "services",
-              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
-            }
-          ],
-          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AddAuthentication",
-          "Parameters": [
-            {
-              "Name": "services",
-              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
-            },
-            {
-              "Name": "configureOptions",
-              "Type": "System.Action<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            }
-          ],
-          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 0382fd2b55..bc5b7be915 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -7,7 +7,7 @@
 Commonly used types:
 Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute
 Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authorization/baseline.net45.json b/src/Microsoft.AspNetCore.Authorization/baseline.net45.json
deleted file mode 100644
index 8ae585270c..0000000000
--- a/src/Microsoft.AspNetCore.Authorization/baseline.net45.json
+++ /dev/null
@@ -1,1593 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AddAuthorization",
-          "Parameters": [
-            {
-              "Name": "services",
-              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
-            }
-          ],
-          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AddAuthorization",
-          "Parameters": [
-            {
-              "Name": "services",
-              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
-            },
-            {
-              "Name": "configure",
-              "Type": "System.Action<Microsoft.AspNetCore.Authorization.AuthorizationOptions>"
-            }
-          ],
-          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "System.Attribute",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAllowAnonymous"
-      ],
-      "Members": [
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "HandleAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequirementAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            },
-            {
-              "Name": "requirement",
-              "Type": "T0"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Abstract": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TRequirement",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<T0, T1>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "HandleAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequirementAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            },
-            {
-              "Name": "requirement",
-              "Type": "T0"
-            },
-            {
-              "Name": "resource",
-              "Type": "T1"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Abstract": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TRequirement",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-          ]
-        },
-        {
-          "ParameterName": "TResource",
-          "ParameterPosition": 1,
-          "BaseTypeOrInterfaces": []
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Requirements",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_User",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Resource",
-          "Parameters": [],
-          "ReturnType": "System.Object",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_PendingRequirements",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HasFailed",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HasSucceeded",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Fail",
-          "Parameters": [],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Succeed",
-          "Parameters": [
-            {
-              "Name": "requirement",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "requirements",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
-            },
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "resource",
-              "Type": "System.Object"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_DefaultPolicy",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_DefaultPolicy",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AddPolicy",
-          "Parameters": [
-            {
-              "Name": "name",
-              "Type": "System.String"
-            },
-            {
-              "Name": "policy",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AddPolicy",
-          "Parameters": [
-            {
-              "Name": "name",
-              "Type": "System.String"
-            },
-            {
-              "Name": "configurePolicy",
-              "Type": "System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetPolicy",
-          "Parameters": [
-            {
-              "Name": "name",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Requirements",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IReadOnlyList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationSchemes",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IReadOnlyList<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Combine",
-          "Parameters": [
-            {
-              "Name": "policies",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy[]",
-              "IsParams": true
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Combine",
-          "Parameters": [
-            {
-              "Name": "policies",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CombineAsync",
-          "Parameters": [
-            {
-              "Name": "policyProvider",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
-            },
-            {
-              "Name": "authorizeData",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizeData>"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "requirements",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
-            },
-            {
-              "Name": "authenticationSchemes",
-              "Type": "System.Collections.Generic.IEnumerable<System.String>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Requirements",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Requirements",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationSchemes",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IList<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AuthenticationSchemes",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Collections.Generic.IList<System.String>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AddAuthenticationSchemes",
-          "Parameters": [
-            {
-              "Name": "schemes",
-              "Type": "System.String[]",
-              "IsParams": true
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AddRequirements",
-          "Parameters": [
-            {
-              "Name": "requirements",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement[]",
-              "IsParams": true
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Combine",
-          "Parameters": [
-            {
-              "Name": "policy",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireClaim",
-          "Parameters": [
-            {
-              "Name": "claimType",
-              "Type": "System.String"
-            },
-            {
-              "Name": "requiredValues",
-              "Type": "System.String[]",
-              "IsParams": true
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireClaim",
-          "Parameters": [
-            {
-              "Name": "claimType",
-              "Type": "System.String"
-            },
-            {
-              "Name": "requiredValues",
-              "Type": "System.Collections.Generic.IEnumerable<System.String>"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireClaim",
-          "Parameters": [
-            {
-              "Name": "claimType",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireRole",
-          "Parameters": [
-            {
-              "Name": "roles",
-              "Type": "System.String[]",
-              "IsParams": true
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireRole",
-          "Parameters": [
-            {
-              "Name": "roles",
-              "Type": "System.Collections.Generic.IEnumerable<System.String>"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireUserName",
-          "Parameters": [
-            {
-              "Name": "userName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireAuthenticatedUser",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireAssertion",
-          "Parameters": [
-            {
-              "Name": "handler",
-              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Boolean>"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RequireAssertion",
-          "Parameters": [
-            {
-              "Name": "handler",
-              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Build",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "authenticationSchemes",
-              "Type": "System.String[]",
-              "IsParams": true
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "policy",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "service",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
-            },
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "resource",
-              "Type": "System.Object"
-            },
-            {
-              "Name": "requirement",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "service",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
-            },
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "resource",
-              "Type": "System.Object"
-            },
-            {
-              "Name": "policy",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "service",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
-            },
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "policy",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "service",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
-            },
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "policyName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.AuthorizeAttribute",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "System.Attribute",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizeData"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Policy",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Policy",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Roles",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Roles",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ActiveAuthenticationSchemes",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ActiveAuthenticationSchemes",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "policy",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetDefaultPolicyAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetPolicyAsync",
-          "Parameters": [
-            {
-              "Name": "policyName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationService",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationService"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "resource",
-              "Type": "System.Object"
-            },
-            {
-              "Name": "requirements",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "resource",
-              "Type": "System.Object"
-            },
-            {
-              "Name": "policyName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "policyProvider",
-              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider"
-            },
-            {
-              "Name": "handlers",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler>"
-            },
-            {
-              "Name": "logger",
-              "Type": "Microsoft.Extensions.Logging.ILogger<Microsoft.AspNetCore.Authorization.DefaultAuthorizationService>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.IAllowAnonymous",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "HandleAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetPolicyAsync",
-          "Parameters": [
-            {
-              "Name": "policyName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetDefaultPolicyAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy>",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "resource",
-              "Type": "System.Object"
-            },
-            {
-              "Name": "requirements",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizeAsync",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "resource",
-              "Type": "System.Object"
-            },
-            {
-              "Name": "policyName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Policy",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Policy",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Roles",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Roles",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ActiveAuthenticationSchemes",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ActiveAuthenticationSchemes",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
-        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Handler",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "handler",
-              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Boolean>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "handler",
-              "Type": "System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext, System.Threading.Tasks.Task<System.Boolean>>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement>",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_ClaimType",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AllowedValues",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IEnumerable<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequirementAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            },
-            {
-              "Name": "requirement",
-              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "claimType",
-              "Type": "System.String"
-            },
-            {
-              "Name": "allowedValues",
-              "Type": "System.Collections.Generic.IEnumerable<System.String>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement>",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "HandleRequirementAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            },
-            {
-              "Name": "requirement",
-              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement>",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_RequiredName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequirementAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            },
-            {
-              "Name": "requirement",
-              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "requiredName",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Name",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Name",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationHandler"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "HandleAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement>",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AllowedRoles",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.IEnumerable<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequirementAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
-            },
-            {
-              "Name": "requirement",
-              "Type": "Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "allowedRoles",
-              "Type": "System.Collections.Generic.IEnumerable<System.String>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 146917cabe..31ce5b761a 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core cookie policy classes to control the behavior of cookies.</Description>
-    <TargetFramework>netstandard1.3</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore</PackageTags>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json b/src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json
deleted file mode 100644
index 8eef347eb6..0000000000
--- a/src/Microsoft.AspNetCore.CookiePolicy/baseline.net45.json
+++ /dev/null
@@ -1,392 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseCookiePolicy",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseCookiePolicy",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookiePolicyOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.CookiePolicyOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_HttpOnly",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_HttpOnly",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Secure",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Secure",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnAppendCookie",
-          "Parameters": [],
-          "ReturnType": "System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnAppendCookie",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Action<Microsoft.AspNetCore.CookiePolicy.AppendCookieContext>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnDeleteCookie",
-          "Parameters": [],
-          "ReturnType": "System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnDeleteCookie",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Action<Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.CookiePolicy.AppendCookieContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Context",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieOptions",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieName",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieValue",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieValue",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            },
-            {
-              "Name": "name",
-              "Type": "System.String"
-            },
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.CookiePolicyOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Options",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Builder.CookiePolicyOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Invoke",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.CookiePolicy.DeleteCookieContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Context",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieOptions",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieName",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            },
-            {
-              "Name": "name",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy",
-      "Visibility": "Public",
-      "Kind": "Enumeration",
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "None",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "0"
-        },
-        {
-          "Kind": "Field",
-          "Name": "Always",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "1"
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs b/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
deleted file mode 100644
index f1a07c5bf7..0000000000
--- a/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.Owin.Security.DataHandler;
-using Microsoft.Owin.Security.DataHandler.Encoder;
-using Microsoft.Owin.Security.DataProtection;
-
-namespace Microsoft.Owin.Security.Interop
-{
-    public class AspNetTicketDataFormat : SecureDataFormat<AuthenticationTicket>
-    {
-        public AspNetTicketDataFormat(IDataProtector protector)
-            : base(AspNetTicketSerializer.Default, protector, TextEncodings.Base64Url)
-        {
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs b/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
deleted file mode 100644
index 6a1019fbc8..0000000000
--- a/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
+++ /dev/null
@@ -1,220 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.IO;
-using System.Linq;
-using System.Security.Claims;
-using Microsoft.Owin.Security.DataHandler.Serializer;
-
-namespace Microsoft.Owin.Security.Interop
-{
-    // This MUST be kept in sync with Microsoft.AspNetCore.Authentication.DataHandler.TicketSerializer
-    public class AspNetTicketSerializer : IDataSerializer<AuthenticationTicket>
-    {
-        private const string DefaultStringPlaceholder = "\0";
-        private const int FormatVersion = 5;
-
-        public static AspNetTicketSerializer Default { get; } = new AspNetTicketSerializer();
-
-        public virtual byte[] Serialize(AuthenticationTicket ticket)
-        {
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new BinaryWriter(memory))
-                {
-                    Write(writer, ticket);
-                }
-                return memory.ToArray();
-            }
-        }
-
-        public virtual AuthenticationTicket Deserialize(byte[] data)
-        {
-            using (var memory = new MemoryStream(data))
-            {
-                using (var reader = new BinaryReader(memory))
-                {
-                    return Read(reader);
-                }
-            }
-        }
-
-        public virtual void Write(BinaryWriter writer, AuthenticationTicket ticket)
-        {
-            writer.Write(FormatVersion);
-            writer.Write(ticket.Identity.AuthenticationType);
-
-            var identity = ticket.Identity;
-            if (identity == null)
-            {
-                throw new ArgumentNullException("ticket.Identity");
-            }
-
-            // There is always a single identity
-            writer.Write(1);
-            WriteIdentity(writer, identity);
-            PropertiesSerializer.Write(writer, ticket.Properties);
-        }
-
-        protected virtual void WriteIdentity(BinaryWriter writer, ClaimsIdentity identity)
-        {
-            var authenticationType = identity.AuthenticationType ?? string.Empty;
-
-            writer.Write(authenticationType);
-            WriteWithDefault(writer, identity.NameClaimType, ClaimsIdentity.DefaultNameClaimType);
-            WriteWithDefault(writer, identity.RoleClaimType, ClaimsIdentity.DefaultRoleClaimType);
-
-            // Write the number of claims contained in the identity.
-            writer.Write(identity.Claims.Count());
-
-            foreach (var claim in identity.Claims)
-            {
-                WriteClaim(writer, claim);
-            }
-
-            var bootstrap = identity.BootstrapContext as string;
-            if (!string.IsNullOrEmpty(bootstrap))
-            {
-                writer.Write(true);
-                writer.Write(bootstrap);
-            }
-            else
-            {
-                writer.Write(false);
-            }
-
-            if (identity.Actor != null)
-            {
-                writer.Write(true);
-                WriteIdentity(writer, identity.Actor);
-            }
-            else
-            {
-                writer.Write(false);
-            }
-        }
-
-        protected virtual void WriteClaim(BinaryWriter writer, Claim claim)
-        {
-            WriteWithDefault(writer, claim.Type, claim.Subject?.NameClaimType ?? ClaimsIdentity.DefaultNameClaimType);
-            writer.Write(claim.Value);
-            WriteWithDefault(writer, claim.ValueType, ClaimValueTypes.String);
-            WriteWithDefault(writer, claim.Issuer, ClaimsIdentity.DefaultIssuer);
-            WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
-
-            // Write the number of properties contained in the claim.
-            writer.Write(claim.Properties.Count);
-
-            foreach (var property in claim.Properties)
-            {
-                writer.Write(property.Key ?? string.Empty);
-                writer.Write(property.Value ?? string.Empty);
-            }
-        }
-
-        public virtual AuthenticationTicket Read(BinaryReader reader)
-        {
-            if (reader.ReadInt32() != FormatVersion)
-            {
-                return null;
-            }
-
-            var scheme = reader.ReadString();
-
-            // Any identities after the first will be ignored.
-            var count = reader.ReadInt32();
-            if (count < 0)
-            {
-                return null;
-            }
-
-            var identity = ReadIdentity(reader);
-            var properties = PropertiesSerializer.Read(reader);
-
-            return new AuthenticationTicket(identity, properties);
-        }
-
-        protected virtual ClaimsIdentity ReadIdentity(BinaryReader reader)
-        {
-            var authenticationType = reader.ReadString();
-            var nameClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultNameClaimType);
-            var roleClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultRoleClaimType);
-
-            // Read the number of claims contained
-            // in the serialized identity.
-            var count = reader.ReadInt32();
-
-            var identity = new ClaimsIdentity(authenticationType, nameClaimType, roleClaimType);
-
-            for (int index = 0; index != count; ++index)
-            {
-                var claim = ReadClaim(reader, identity);
-
-                identity.AddClaim(claim);
-            }
-
-            // Determine whether the identity
-            // has a bootstrap context attached.
-            if (reader.ReadBoolean())
-            {
-                identity.BootstrapContext = reader.ReadString();
-            }
-
-            // Determine whether the identity
-            // has an actor identity attached.
-            if (reader.ReadBoolean())
-            {
-                identity.Actor = ReadIdentity(reader);
-            }
-
-            return identity;
-        }
-
-        protected virtual Claim ReadClaim(BinaryReader reader, ClaimsIdentity identity)
-        {
-            var type = ReadWithDefault(reader, identity.NameClaimType);
-            var value = reader.ReadString();
-            var valueType = ReadWithDefault(reader, ClaimValueTypes.String);
-            var issuer = ReadWithDefault(reader, ClaimsIdentity.DefaultIssuer);
-            var originalIssuer = ReadWithDefault(reader, issuer);
-
-            var claim = new Claim(type, value, valueType, issuer, originalIssuer, identity);
-
-            // Read the number of properties stored in the claim.
-            var count = reader.ReadInt32();
-
-            for (var index = 0; index != count; ++index)
-            {
-                var key = reader.ReadString();
-                var propertyValue = reader.ReadString();
-
-                claim.Properties.Add(key, propertyValue);
-            }
-
-            return claim;
-        }
-
-        private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
-        {
-            if (string.Equals(value, defaultValue, StringComparison.Ordinal))
-            {
-                writer.Write(DefaultStringPlaceholder);
-            }
-            else
-            {
-                writer.Write(value);
-            }
-        }
-
-        private static string ReadWithDefault(BinaryReader reader, string defaultValue)
-        {
-            var value = reader.ReadString();
-            if (string.Equals(value, DefaultStringPlaceholder, StringComparison.Ordinal))
-            {
-                return defaultValue;
-            }
-            return value;
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs b/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
deleted file mode 100644
index b323258d9b..0000000000
--- a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
+++ /dev/null
@@ -1,281 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.Linq;
-using Microsoft.Owin.Infrastructure;
-
-namespace Microsoft.Owin.Security.Interop
-{
-    // This MUST be kept in sync with Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager
-    /// <summary>
-    /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
-    /// from requests.
-    /// </summary>
-    public class ChunkingCookieManager : ICookieManager
-    {
-        private const string ChunkKeySuffix = "C";
-        private const string ChunkCountPrefix = "chunks-";
-
-        public ChunkingCookieManager()
-        {
-            // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
-            // See http://browsercookielimits.x64.me/.
-            // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
-            ChunkSize = 4070;
-            ThrowForPartialCookies = true;
-        }
-
-        /// <summary>
-        /// The maximum size of cookie to send back to the client. If a cookie exceeds this size it will be broken down into multiple
-        /// cookies. Set this value to null to disable this behavior. The default is 4090 characters, which is supported by all
-        /// common browsers.
-        ///
-        /// Note that browsers may also have limits on the total size of all cookies per domain, and on the number of cookies per domain.
-        /// </summary>
-        public int? ChunkSize { get; set; }
-
-        /// <summary>
-        /// Throw if not all chunks of a cookie are available on a request for re-assembly.
-        /// </summary>
-        public bool ThrowForPartialCookies { get; set; }
-
-        // Parse the "chunks-XX" to determine how many chunks there should be.
-        private static int ParseChunksCount(string value)
-        {
-            if (value != null && value.StartsWith(ChunkCountPrefix, StringComparison.Ordinal))
-            {
-                var chunksCountString = value.Substring(ChunkCountPrefix.Length);
-                int chunksCount;
-                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out chunksCount))
-                {
-                    return chunksCount;
-                }
-            }
-            return 0;
-        }
-
-        /// <summary>
-        /// Get the reassembled cookie. Non chunked cookies are returned normally.
-        /// Cookies with missing chunks just have their "chunks-XX" header returned.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <param name="key"></param>
-        /// <returns>The reassembled cookie, if any, or null.</returns>
-        public string GetRequestCookie(IOwinContext context, string key)
-        {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            if (key == null)
-            {
-                throw new ArgumentNullException(nameof(key));
-            }
-
-            var requestCookies = context.Request.Cookies;
-            var value = requestCookies[key];
-            var chunksCount = ParseChunksCount(value);
-            if (chunksCount > 0)
-            {
-                var chunks = new string[chunksCount];
-                for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
-                {
-                    var chunk = requestCookies[key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture)];
-                    if (string.IsNullOrEmpty(chunk))
-                    {
-                        if (ThrowForPartialCookies)
-                        {
-                            var totalSize = 0;
-                            for (int i = 0; i < chunkId - 1; i++)
-                            {
-                                totalSize += chunks[i].Length;
-                            }
-                            throw new FormatException(
-                                string.Format(CultureInfo.CurrentCulture, 
-                                "The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.",
-                                chunkId - 1, chunksCount, totalSize));
-                        }
-                        // Missing chunk, abort by returning the original cookie value. It may have been a false positive?
-                        return value;
-                    }
-
-                    chunks[chunkId - 1] = chunk;
-                }
-
-                return string.Join(string.Empty, chunks);
-            }
-            return value;
-        }
-
-        /// <summary>
-        /// Appends a new response cookie to the Set-Cookie header. If the cookie is larger than the given size limit
-        /// then it will be broken down into multiple cookies as follows:
-        /// Set-Cookie: CookieName=chunks-3; path=/
-        /// Set-Cookie: CookieNameC1=Segment1; path=/
-        /// Set-Cookie: CookieNameC2=Segment2; path=/
-        /// Set-Cookie: CookieNameC3=Segment3; path=/
-        /// </summary>
-        /// <param name="context"></param>
-        /// <param name="key"></param>
-        /// <param name="value"></param>
-        /// <param name="options"></param>
-        public void AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options)
-        {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            if (key == null)
-            {
-                throw new ArgumentNullException(nameof(key));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
-            var pathHasValue = !string.IsNullOrEmpty(options.Path);
-            var expiresHasValue = options.Expires.HasValue;
-
-            var templateLength = key.Length + "=".Length
-                + (domainHasValue ? "; domain=".Length + options.Domain.Length : 0)
-                + (pathHasValue ? "; path=".Length + options.Path.Length : 0)
-                + (expiresHasValue ? "; expires=ddd, dd-MMM-yyyy HH:mm:ss GMT".Length : 0)
-                + (options.Secure ? "; secure".Length : 0)
-                + (options.HttpOnly ? "; HttpOnly".Length : 0);
-
-            // Normal cookie
-            var responseCookies = context.Response.Cookies;
-            if (!ChunkSize.HasValue || ChunkSize.Value > templateLength + value.Length)
-            {
-                responseCookies.Append(key, value, options);
-            }
-            else if (ChunkSize.Value < templateLength + 10)
-            {
-                // 10 is the minimum data we want to put in an individual cookie, including the cookie chunk identifier "CXX".
-                // No room for data, we can't chunk the options and name
-                throw new InvalidOperationException("The cookie key and options are larger than ChunksSize, leaving no room for data.");
-            }
-            else
-            {
-                // Break the cookie down into multiple cookies.
-                // Key = CookieName, value = "Segment1Segment2Segment2"
-                // Set-Cookie: CookieName=chunks-3; path=/
-                // Set-Cookie: CookieNameC1="Segment1"; path=/
-                // Set-Cookie: CookieNameC2="Segment2"; path=/
-                // Set-Cookie: CookieNameC3="Segment3"; path=/
-                var dataSizePerCookie = ChunkSize.Value - templateLength - 3; // Budget 3 chars for the chunkid.
-                var cookieChunkCount = (int)Math.Ceiling(value.Length * 1.0 / dataSizePerCookie);
-
-                responseCookies.Append(key, ChunkCountPrefix + cookieChunkCount.ToString(CultureInfo.InvariantCulture), options);
-
-                var offset = 0;
-                for (var chunkId = 1; chunkId <= cookieChunkCount; chunkId++)
-                {
-                    var remainingLength = value.Length - offset;
-                    var length = Math.Min(dataSizePerCookie, remainingLength);
-                    var segment = value.Substring(offset, length);
-                    offset += length;
-
-                    responseCookies.Append(key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture), segment, options);
-                }
-            }
-        }
-
-        /// <summary>
-        /// Deletes the cookie with the given key by setting an expired state. If a matching chunked cookie exists on
-        /// the request, delete each chunk.
-        /// </summary>
-        /// <param name="context"></param>
-        /// <param name="key"></param>
-        /// <param name="options"></param>
-        public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
-        {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            if (key == null)
-            {
-                throw new ArgumentNullException(nameof(key));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            var keys = new List<string>();
-            keys.Add(key + "=");
-
-            var requestCookie = context.Request.Cookies[key];
-            var chunks = ParseChunksCount(requestCookie);
-            if (chunks > 0)
-            {
-                for (int i = 1; i <= chunks + 1; i++)
-                {
-                    var subkey = key + ChunkKeySuffix + i.ToString(CultureInfo.InvariantCulture);
-                    keys.Add(subkey + "=");
-                }
-            }
-
-            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
-            var pathHasValue = !string.IsNullOrEmpty(options.Path);
-
-            Func<string, bool> rejectPredicate;
-            Func<string, bool> predicate = value => keys.Any(k => value.StartsWith(k, StringComparison.OrdinalIgnoreCase));
-            if (domainHasValue)
-            {
-                rejectPredicate = value => predicate(value) && value.IndexOf("domain=" + options.Domain, StringComparison.OrdinalIgnoreCase) != -1;
-            }
-            else if (pathHasValue)
-            {
-                rejectPredicate = value => predicate(value) && value.IndexOf("path=" + options.Path, StringComparison.OrdinalIgnoreCase) != -1;
-            }
-            else
-            {
-                rejectPredicate = value => predicate(value);
-            }
-
-            var responseHeaders = context.Response.Headers;
-            string[] existingValues;
-            if (responseHeaders.TryGetValue(Constants.Headers.SetCookie, out existingValues) && existingValues != null)
-            {
-                responseHeaders.SetValues(Constants.Headers.SetCookie, existingValues.Where(value => !rejectPredicate(value)).ToArray());
-            }
-
-            AppendResponseCookie(
-                context,
-                key,
-                string.Empty,
-                new CookieOptions()
-                {
-                    Path = options.Path,
-                    Domain = options.Domain,
-                    Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
-                });
-
-            for (int i = 1; i <= chunks; i++)
-            {
-                AppendResponseCookie(
-                    context,
-                    key + "C" + i.ToString(CultureInfo.InvariantCulture),
-                    string.Empty,
-                    new CookieOptions()
-                    {
-                        Path = options.Path,
-                        Domain = options.Domain,
-                        Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
-                    });
-            }
-        }
-    }
-}
diff --git a/src/Microsoft.Owin.Security.Interop/Constants.cs b/src/Microsoft.Owin.Security.Interop/Constants.cs
deleted file mode 100644
index 1e75761b70..0000000000
--- a/src/Microsoft.Owin.Security.Interop/Constants.cs
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.Owin.Security.Interop
-{
-    internal static class Constants
-    {
-        internal static class Headers
-        {
-            internal const string SetCookie = "Set-Cookie";
-        }
-    }
-}
diff --git a/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs b/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
deleted file mode 100644
index 7313588948..0000000000
--- a/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.DataProtection;
-
-namespace Microsoft.Owin.Security.Interop
-{
-    /// <summary>
-    /// Converts an <see cref="IDataProtector"/> to an
-    /// <see cref="Microsoft.Owin.Security.DataProtection.IDataProtector"/>.
-    /// </summary>
-    public sealed class DataProtectorShim : Microsoft.Owin.Security.DataProtection.IDataProtector
-    {
-        private readonly IDataProtector _protector;
-
-        public DataProtectorShim(IDataProtector protector)
-        {
-            _protector = protector;
-        }
-
-        public byte[] Protect(byte[] userData)
-        {
-            return _protector.Protect(userData);
-        }
-
-        public byte[] Unprotect(byte[] protectedData)
-        {
-            return _protector.Unprotect(protectedData);
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
deleted file mode 100644
index 1a66791194..0000000000
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ /dev/null
@@ -1,18 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <Import Project="..\..\build\common.props" />
-
-  <PropertyGroup>
-    <Description>A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.</Description>
-    <TargetFramework>net46</TargetFramework>
-    <NoWarn>$(NoWarn);CS1591</NoWarn>
-    <GenerateDocumentationFile>true</GenerateDocumentationFile>
-    <PackageTags>aspnetcore;katana;owin;security</PackageTags>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Owin.Security" Version="$(OwinVersion)" />
-  </ItemGroup>
-
-</Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
deleted file mode 100644
index 490fa7cb2a..0000000000
--- a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Runtime.InteropServices;
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("a7922dd8-09f1-43e4-938b-cc523ea08898")]
-
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
deleted file mode 100644
index 1fc242ec55..0000000000
--- a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
+++ /dev/null
@@ -1,373 +0,0 @@
-{
-  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
-  "Types": [
-    {
-      "Name": "Microsoft.Owin.Security.Interop.AspNetTicketDataFormat",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.Owin.Security.DataHandler.SecureDataFormat<Microsoft.Owin.Security.AuthenticationTicket>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "protector",
-              "Type": "Microsoft.Owin.Security.DataProtection.IDataProtector"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.Owin.Security.Interop.AspNetTicketSerializer",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Default",
-          "Parameters": [],
-          "ReturnType": "Microsoft.Owin.Security.Interop.AspNetTicketSerializer",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Serialize",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.Owin.Security.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Deserialize",
-          "Parameters": [
-            {
-              "Name": "data",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "Microsoft.Owin.Security.AuthenticationTicket",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Write",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.Owin.Security.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "WriteIdentity",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "identity",
-              "Type": "System.Security.Claims.ClaimsIdentity"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "WriteClaim",
-          "Parameters": [
-            {
-              "Name": "writer",
-              "Type": "System.IO.BinaryWriter"
-            },
-            {
-              "Name": "claim",
-              "Type": "System.Security.Claims.Claim"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Read",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            }
-          ],
-          "ReturnType": "Microsoft.Owin.Security.AuthenticationTicket",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ReadIdentity",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            }
-          ],
-          "ReturnType": "System.Security.Claims.ClaimsIdentity",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ReadClaim",
-          "Parameters": [
-            {
-              "Name": "reader",
-              "Type": "System.IO.BinaryReader"
-            },
-            {
-              "Name": "identity",
-              "Type": "System.Security.Claims.ClaimsIdentity"
-            }
-          ],
-          "ReturnType": "System.Security.Claims.Claim",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.Owin.Security.Interop.ChunkingCookieManager",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.Owin.Infrastructure.ICookieManager"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_ChunkSize",
-          "Parameters": [],
-          "ReturnType": "System.Nullable<System.Int32>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ChunkSize",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Nullable<System.Int32>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ThrowForPartialCookies",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ThrowForPartialCookies",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetRequestCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.Owin.IOwinContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AppendResponseCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.Owin.IOwinContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
-            {
-              "Name": "value",
-              "Type": "System.String"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Owin.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "DeleteCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.Owin.IOwinContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Owin.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.Owin.Security.Interop.DataProtectorShim",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Sealed": true,
-      "ImplementedInterfaces": [
-        "Microsoft.Owin.Security.DataProtection.IDataProtector"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "Protect",
-          "Parameters": [
-            {
-              "Name": "userData",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.Owin.Security.DataProtection.IDataProtector",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Unprotect",
-          "Parameters": [
-            {
-              "Name": "protectedData",
-              "Type": "System.Byte[]"
-            }
-          ],
-          "ReturnType": "System.Byte[]",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.Owin.Security.DataProtection.IDataProtector",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "protector",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    }
-  ],
-  "SourceFilters": []
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 801567d7e9..df51faf882 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -2,8 +2,7 @@
 
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index c964221fbb..a2d4a61dea 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -2,8 +2,7 @@
 
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index d2736ca0d7..6ca53f519c 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -2,8 +2,7 @@
 
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
   <ItemGroup>
     <Compile Include="..\..\shared\Microsoft.AspNetCore.ChunkingCookieManager.Sources\**\*.cs" />
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index a972731ea5..ca850d7549 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -2,8 +2,7 @@
 
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net46</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
deleted file mode 100644
index ae5e6f0183..0000000000
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ /dev/null
@@ -1,332 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text;
-using System.Threading.Tasks;
-using System.Xml;
-using System.Xml.Linq;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Net.Http.Headers;
-using Microsoft.Owin.Security.Cookies;
-using Microsoft.Owin.Testing;
-using Owin;
-using Xunit;
-
-namespace Microsoft.Owin.Security.Interop
-{
-    public class CookiesInteropTests
-    {
-        [Fact]
-        public async Task AspNetCoreWithInteropCookieContainsIdentity()
-        {
-            var identity = new ClaimsIdentity("Cookies");
-            identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
-
-            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
-            var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
-
-            var interopServer = TestServer.Create(app =>
-            {
-                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
-
-                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
-                {
-                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
-                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
-                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
-                });
-
-                app.Run(context =>
-                {
-                    context.Authentication.SignIn(identity);
-                    return Task.FromResult(0);
-                });
-            });
-
-            var transaction = await SendAsync(interopServer, "http://example.com");
-
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseAuthentication();
-                    app.Run(async context => 
-                    {
-                        var result = await context.AuthenticateAsync("Cookies");
-                        await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
-                    });
-                })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
-            var newServer = new AspNetCore.TestHost.TestServer(builder);
-
-            var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
-            foreach (var cookie in SetCookieHeaderValue.ParseList(transaction.SetCookie))
-            {
-                request.Headers.Add("Cookie", cookie.Name + "=" + cookie.Value);
-            }
-            var response = await newServer.CreateClient().SendAsync(request);
-
-            Assert.Equal("Alice", await response.Content.ReadAsStringAsync());
-        }
-
-        [Fact]
-        public async Task AspNetCoreWithLargeInteropCookieContainsIdentity()
-        {
-            var identity = new ClaimsIdentity("Cookies");
-            identity.AddClaim(new Claim(ClaimTypes.Name, new string('a', 1024 * 5)));
-
-            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
-            var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
-
-            var interopServer = TestServer.Create(app =>
-            {
-                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
-
-                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
-                {
-                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
-                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
-                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
-                    CookieManager = new ChunkingCookieManager(),
-                });
-
-                app.Run(context =>
-                {
-                    context.Authentication.SignIn(identity);
-                    return Task.FromResult(0);
-                });
-            });
-
-            var transaction = await SendAsync(interopServer, "http://example.com");
-
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseAuthentication();
-                    app.Run(async context =>
-                    {
-                        var result = await context.AuthenticateAsync("Cookies");
-                        await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
-                    });
-                })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
-            var newServer = new AspNetCore.TestHost.TestServer(builder);
-
-            var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
-            foreach (var cookie in SetCookieHeaderValue.ParseList(transaction.SetCookie))
-            {
-                request.Headers.Add("Cookie", cookie.Name + "=" + cookie.Value);
-            }
-            var response = await newServer.CreateClient().SendAsync(request);
-
-            Assert.Equal(1024 * 5, (await response.Content.ReadAsStringAsync()).Length);
-        }
-
-        [Fact]
-        public async Task InteropWithNewCookieContainsIdentity()
-        {
-            var user = new ClaimsPrincipal();
-            var identity = new ClaimsIdentity("scheme");
-            identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
-            user.AddIdentity(identity);
-
-            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
-            var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
-
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseAuthentication();
-                    app.Run(context => context.SignInAsync("Cookies", user));
-                })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
-            var newServer = new AspNetCore.TestHost.TestServer(builder);
-
-            var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
-
-            var server = TestServer.Create(app =>
-            {
-                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
-
-                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
-                {
-                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
-                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
-                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
-                });
-
-                app.Run(async context =>
-                {
-                    var result = await context.Authentication.AuthenticateAsync("Cookies");
-                    Describe(context.Response, result);
-                });
-            });
-
-            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookies);
-
-            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
-        }
-
-        [Fact]
-        public async Task InteropWithLargeNewCookieContainsIdentity()
-        {
-            var user = new ClaimsPrincipal();
-            var identity = new ClaimsIdentity("scheme");
-            identity.AddClaim(new Claim(ClaimTypes.Name, new string('a', 1024 * 5)));
-            user.AddIdentity(identity);
-
-            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
-            var dataProtector = dataProtection.CreateProtector(
-                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
-                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
-
-            var builder = new WebHostBuilder()
-                .Configure(app =>
-                {
-                    app.UseAuthentication();
-                    app.Run(context => context.SignInAsync("Cookies", user));
-                })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
-            var newServer = new AspNetCore.TestHost.TestServer(builder);
-
-            var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
-
-            var server = TestServer.Create(app =>
-            {
-                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
-
-                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
-                {
-                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
-                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
-                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
-                    CookieManager = new ChunkingCookieManager(),
-                });
-
-                app.Run(async context =>
-                {
-                    var result = await context.Authentication.AuthenticateAsync("Cookies");
-                    Describe(context.Response, result);
-                });
-            });
-
-            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookies);
-
-            Assert.Equal(1024 * 5, FindClaimValue(transaction2, ClaimTypes.Name).Length);
-        }
-
-        private static async Task<IList<string>> SendAndGetCookies(AspNetCore.TestHost.TestServer server, string uri)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            var response = await server.CreateClient().SendAsync(request);
-            if (response.Headers.Contains("Set-Cookie"))
-            {
-                IList<string> cookieHeaders = new List<string>();
-                foreach (var cookie in SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()))
-                {
-                    cookieHeaders.Add(cookie.Name + "=" + cookie.Value);
-                }
-                return cookieHeaders;
-            }
-            return null;
-        }
-
-        private static string FindClaimValue(Transaction transaction, string claimType)
-        {
-            XElement claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
-            if (claim == null)
-            {
-                return null;
-            }
-            return claim.Attribute("value").Value;
-        }
-
-        private static void Describe(IOwinResponse res, AuthenticateResult result)
-        {
-            res.StatusCode = 200;
-            res.ContentType = "text/xml";
-            var xml = new XElement("xml");
-            if (result != null && result.Identity != null)
-            {
-                xml.Add(result.Identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
-            }
-            if (result != null && result.Properties != null)
-            {
-                xml.Add(result.Properties.Dictionary.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
-            }
-            using (var memory = new MemoryStream())
-            {
-                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
-                {
-                    xml.WriteTo(writer);
-                }
-                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
-            }
-        }
-
-        private static async Task<Transaction> SendAsync(TestServer server, string uri, IList<string> cookieHeaders = null, bool ajaxRequest = false)
-        {
-            var request = new HttpRequestMessage(HttpMethod.Get, uri);
-            if (cookieHeaders != null)
-            {
-                request.Headers.Add("Cookie", cookieHeaders);
-            }
-            if (ajaxRequest)
-            {
-                request.Headers.Add("X-Requested-With", "XMLHttpRequest");
-            }
-            var transaction = new Transaction
-            {
-                Request = request,
-                Response = await server.HttpClient.SendAsync(request),
-            };
-            if (transaction.Response.Headers.Contains("Set-Cookie"))
-            {
-                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
-            }
-            if (transaction.SetCookie != null && transaction.SetCookie.Any())
-            {
-                transaction.CookieNameValue = transaction.SetCookie.First().Split(new[] { ';' }, 2).First();
-            }
-            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
-
-            if (transaction.Response.Content != null &&
-                transaction.Response.Content.Headers.ContentType != null &&
-                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
-            {
-                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
-            }
-            return transaction;
-        }
-
-        private class Transaction
-        {
-            public HttpRequestMessage Request { get; set; }
-            public HttpResponseMessage Response { get; set; }
-
-            public IList<string> SetCookie { get; set; }
-            public string CookieNameValue { get; set; }
-
-            public string ResponseText { get; set; }
-            public XElement ResponseElement { get; set; }
-        }
-
-    }
-}
-
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
deleted file mode 100644
index 02763b93f2..0000000000
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ /dev/null
@@ -1,28 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <Import Project="..\..\build\common.props" />
-
-  <PropertyGroup>
-    <TargetFramework>net46</TargetFramework>
-    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
-    <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
-
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
-    <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
-    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
-    <PackageReference Include="xunit" Version="$(XunitVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
-
-</Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
deleted file mode 100644
index b14ea0d74e..0000000000
--- a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
+++ /dev/null
@@ -1,91 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Linq;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Authentication;
-using Xunit;
-
-namespace Microsoft.Owin.Security.Interop.Test
-{
-    public class TicketInteropTests
-    {
-        [Fact]
-        public void NewSerializerCanReadInteropTicket()
-        {
-            var identity = new ClaimsIdentity("scheme");
-            identity.AddClaim(new Claim("Test", "Value"));
-
-            var expires = DateTime.Today;
-            var issued = new DateTime(1979, 11, 11);
-            var properties = new Owin.Security.AuthenticationProperties();
-            properties.IsPersistent = true;
-            properties.RedirectUri = "/redirect";
-            properties.Dictionary["key"] = "value";
-            properties.ExpiresUtc = expires;
-            properties.IssuedUtc = issued;
-
-            var interopTicket = new Owin.Security.AuthenticationTicket(identity, properties);
-            var interopSerializer = new AspNetTicketSerializer();
-
-            var bytes = interopSerializer.Serialize(interopTicket);
-
-            var newSerializer = new TicketSerializer();
-            var newTicket = newSerializer.Deserialize(bytes);
-
-            Assert.NotNull(newTicket);
-            Assert.Equal(1, newTicket.Principal.Identities.Count());
-            var newIdentity = newTicket.Principal.Identity as ClaimsIdentity;
-            Assert.NotNull(newIdentity);
-            Assert.Equal("scheme", newIdentity.AuthenticationType);
-            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
-            Assert.NotNull(newTicket.Properties);
-            Assert.True(newTicket.Properties.IsPersistent);
-            Assert.Equal("/redirect", newTicket.Properties.RedirectUri);
-            Assert.Equal("value", newTicket.Properties.Items["key"]);
-            Assert.Equal(expires, newTicket.Properties.ExpiresUtc);
-            Assert.Equal(issued, newTicket.Properties.IssuedUtc);
-        }
-
-        [Fact]
-        public void InteropSerializerCanReadNewTicket()
-        {
-            var user = new ClaimsPrincipal();
-            var identity = new ClaimsIdentity("scheme");
-            identity.AddClaim(new Claim("Test", "Value"));
-            user.AddIdentity(identity);
-
-            var expires = DateTime.Today;
-            var issued = new DateTime(1979, 11, 11);
-            var properties = new AspNetCore.Authentication.AuthenticationProperties();
-            properties.IsPersistent = true;
-            properties.RedirectUri = "/redirect";
-            properties.Items["key"] = "value";
-            properties.ExpiresUtc = expires;
-            properties.IssuedUtc = issued;
-
-            var newTicket = new AspNetCore.Authentication.AuthenticationTicket(user, properties, "scheme");
-            var newSerializer = new TicketSerializer();
-
-            var bytes = newSerializer.Serialize(newTicket);
-
-            var interopSerializer = new AspNetTicketSerializer();
-            var interopTicket = interopSerializer.Deserialize(bytes);
-
-            Assert.NotNull(interopTicket);
-            var newIdentity = interopTicket.Identity;
-            Assert.NotNull(newIdentity);
-            Assert.Equal("scheme", newIdentity.AuthenticationType);
-            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
-            Assert.NotNull(interopTicket.Properties);
-            Assert.True(interopTicket.Properties.IsPersistent);
-            Assert.Equal("/redirect", interopTicket.Properties.RedirectUri);
-            Assert.Equal("value", interopTicket.Properties.Dictionary["key"]);
-            Assert.Equal(expires, interopTicket.Properties.ExpiresUtc);
-            Assert.Equal(issued, interopTicket.Properties.IssuedUtc);
-        }
-    }
-}
-
-

From b7a5a6044d61ee2fa0625446b52ef4f181c08505 Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Tue, 9 May 2017 08:57:39 -0700
Subject: [PATCH 721/900] Fix samples logging (#1205)

---
 samples/CookieSample/Program.cs                | 6 ++++++
 samples/CookieSample/Startup.cs                | 5 +----
 samples/CookieSessionSample/Program.cs         | 7 ++++++-
 samples/CookieSessionSample/Startup.cs         | 5 +----
 samples/OpenIdConnect.AzureAdSample/Program.cs | 6 ++++++
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 5 +----
 samples/OpenIdConnectSample/Program.cs         | 8 ++++++++
 samples/OpenIdConnectSample/Startup.cs         | 6 +-----
 samples/SocialSample/Program.cs                | 7 ++++++-
 samples/SocialSample/Startup.cs                | 5 +----
 10 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/samples/CookieSample/Program.cs b/samples/CookieSample/Program.cs
index 7deed359e1..3f40d3194b 100644
--- a/samples/CookieSample/Program.cs
+++ b/samples/CookieSample/Program.cs
@@ -1,5 +1,6 @@
 using System.IO;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Logging;
 
 namespace CookieSample
 {
@@ -8,6 +9,11 @@ namespace CookieSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
+                .ConfigureLogging(factory =>
+                {
+                    factory.AddConsole();
+                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                })
                 .UseKestrel()
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 0480556f69..3aebb419f8 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -6,7 +6,6 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
 
 namespace CookieSample
 {
@@ -17,10 +16,8 @@ namespace CookieSample
             services.AddCookieAuthentication();
         }
 
-        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        public void Configure(IApplicationBuilder app)
         {
-            loggerfactory.AddConsole(LogLevel.Information);
-
             app.UseAuthentication();
 
             app.Run(async context =>
diff --git a/samples/CookieSessionSample/Program.cs b/samples/CookieSessionSample/Program.cs
index adf8f1f1a4..1a19850e64 100644
--- a/samples/CookieSessionSample/Program.cs
+++ b/samples/CookieSessionSample/Program.cs
@@ -1,6 +1,6 @@
 using System.IO;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
 
 namespace CookieSessionSample
 {
@@ -9,6 +9,11 @@ namespace CookieSessionSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
+                .ConfigureLogging(factory =>
+                {
+                    factory.AddConsole();
+                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                })
                 .UseKestrel()
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index ca21070dcd..9ad9e6841e 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -7,7 +7,6 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
 
 namespace CookieSessionSample
 {
@@ -18,10 +17,8 @@ namespace CookieSessionSample
             services.AddCookieAuthentication(o => o.SessionStore = new MemoryCacheTicketStore());
         }
 
-        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        public void Configure(IApplicationBuilder app)
         {
-            loggerfactory.AddConsole(LogLevel.Information);
-
             app.UseAuthentication();
 
             app.Run(async context =>
diff --git a/samples/OpenIdConnect.AzureAdSample/Program.cs b/samples/OpenIdConnect.AzureAdSample/Program.cs
index 11d1fbeafb..9de0185a40 100644
--- a/samples/OpenIdConnect.AzureAdSample/Program.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Program.cs
@@ -1,5 +1,6 @@
 using System.IO;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Logging;
 
 namespace OpenIdConnect.AzureAdSample
 {
@@ -8,6 +9,11 @@ namespace OpenIdConnect.AzureAdSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
+                .ConfigureLogging(factory =>
+                {
+                    factory.AddConsole();
+                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                })
                 .UseKestrel()
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 19bb0ac6a3..ebb59c0604 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -12,7 +12,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -79,10 +78,8 @@ namespace OpenIdConnect.AzureAdSample
             });
         }
 
-        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        public void Configure(IApplicationBuilder app)
         {
-            loggerfactory.AddConsole(Microsoft.Extensions.Logging.LogLevel.Information);
-
             app.UseDeveloperExceptionPage();
 
             app.UseAuthentication();
diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
index 741dd6ebf5..b4d24505d5 100644
--- a/samples/OpenIdConnectSample/Program.cs
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -5,6 +5,7 @@ using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.FileProviders;
+using Microsoft.Extensions.Logging;
 
 namespace OpenIdConnectSample
 {
@@ -13,6 +14,13 @@ namespace OpenIdConnectSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
+                .ConfigureLogging(factory =>
+                {
+                    factory.AddConsole();
+                    factory.AddDebug();
+                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                    factory.AddFilter("Debug", level => level >= LogLevel.Information);
+                })
                 .UseKestrel(options =>
                 {
                     if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ASPNETCORE_PORT")))
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 5faa48b52a..af1406289d 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -11,7 +11,6 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace OpenIdConnectSample
@@ -76,11 +75,8 @@ namespace OpenIdConnectSample
             });
         }
 
-        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        public void Configure(IApplicationBuilder app)
         {
-            loggerfactory.AddConsole(LogLevel.Information);
-            loggerfactory.AddDebug(LogLevel.Information);
-
             app.UseDeveloperExceptionPage();
             app.UseAuthentication();
 
diff --git a/samples/SocialSample/Program.cs b/samples/SocialSample/Program.cs
index 76fb5e59a9..96bce512d5 100644
--- a/samples/SocialSample/Program.cs
+++ b/samples/SocialSample/Program.cs
@@ -4,8 +4,8 @@ using System.Net;
 using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.FileProviders;
+using Microsoft.Extensions.Logging;
 
 namespace SocialSample
 {
@@ -14,6 +14,11 @@ namespace SocialSample
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
+                .ConfigureLogging(factory =>
+                {
+                    factory.AddConsole();
+                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                })
                 .UseKestrel(options =>
                 {
                     if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ASPNETCORE_PORT")))
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 7c1dd9d8db..22c44b3ea7 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -16,7 +16,6 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
 
 namespace SocialSample
@@ -209,10 +208,8 @@ namespace SocialSample
             });
         }
 
-        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
+        public void Configure(IApplicationBuilder app)
         {
-            loggerfactory.AddConsole(LogLevel.Information);
-
             app.UseDeveloperExceptionPage();
 
             app.UseAuthentication();

From 36605636dfbb84fbcbe96058c75154e08254767f Mon Sep 17 00:00:00 2001
From: Pavel Krymets <pavel@krymets.com>
Date: Wed, 10 May 2017 11:47:56 -0700
Subject: [PATCH 722/900] Remove unnecessary package references (#1210)

---
 build/dependencies.props                                    | 2 --
 .../Microsoft.AspNetCore.Authentication.JwtBearer.csproj    | 3 +--
 .../Microsoft.AspNetCore.Authentication.OAuth.csproj        | 6 +-----
 ...Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj | 3 +--
 .../Microsoft.AspNetCore.Authorization.csproj               | 6 +-----
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj           | 3 +--
 6 files changed, 5 insertions(+), 18 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 8dbb18b6c5..955457fe8d 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,13 +1,11 @@
 <Project>
   <PropertyGroup>
     <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
-    <CoreFxVersion>4.3.0</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
     <InternalAspNetCoreSdkVersion>2.1.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>$(BundledNETStandardPackageVersion)</NETStandardImplicitPackageVersion>
-    <OwinVersion>3.0.1</OwinVersion>
     <TestSdkVersion>15.0.0</TestSdkVersion>
     <XunitVersion>2.2.0</XunitVersion>
   </PropertyGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 05bdd41313..c2b99e47db 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
@@ -11,7 +11,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
-    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 5fb75ead95..8e33372c1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
@@ -17,8 +17,4 @@
     <PackageReference Include="Newtonsoft.Json" Version="$(JsonNetVersion)" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
-    <PackageReference Include="System.Runtime.Serialization.Primitives" Version="$(CoreFxVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index aab8833d28..b3829b59dc 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
@@ -13,6 +13,5 @@
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index bc5b7be915..b39a7bf3dd 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
 
@@ -19,8 +19,4 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
-    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index ca850d7549..34224e21f1 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
@@ -13,7 +13,6 @@
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
   <ItemGroup>

From 785c1251dd511dfa4dd0218a65a31bb806494190 Mon Sep 17 00:00:00 2001
From: Eilon Lipton <Eilon@users.noreply.github.com>
Date: Thu, 11 May 2017 16:32:19 -0700
Subject: [PATCH 723/900] Add auth link

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index ab822bd682..e8e64c2936 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,8 @@ Travis:   [![Travis](https://travis-ci.org/aspnet/Security.svg?branch=dev)](http
 
 Contains the security and authorization middlewares for ASP.NET Core.
 
+A list of community projects related to authentication and security for ASP.NET Core are listed in the [documentation](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/community).
+
 ### Notes
 
 ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration.

From bdd4d219962201907393734d9fab2903921fec9d Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Fri, 12 May 2017 14:25:44 -0700
Subject: [PATCH 724/900] Update test framework versions and fix issues with
 tests

---
 build/dependencies.props                      |  4 ++--
 .../GoogleTests.cs                            | 22 +++++++++----------
 ...soft.AspNetCore.Authentication.Test.csproj | 12 +++++-----
 .../OAuthTests.cs                             |  2 ++
 .../TicketSerializerTests.cs                  | 16 +++++++-------
 .../TokenExtensionTests.cs                    |  6 ++---
 .../DefaultAuthorizationServiceTests.cs       |  3 ++-
 ...osoft.AspNetCore.Authorization.Test.csproj | 13 ++++++-----
 ....ChunkingCookieManager.Sources.Test.csproj |  8 +++----
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj | 12 +++++-----
 10 files changed, 54 insertions(+), 44 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 955457fe8d..74d501f7cd 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -6,7 +6,7 @@
     <InternalAspNetCoreSdkVersion>2.1.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>$(BundledNETStandardPackageVersion)</NETStandardImplicitPackageVersion>
-    <TestSdkVersion>15.0.0</TestSdkVersion>
-    <XunitVersion>2.2.0</XunitVersion>
+    <TestSdkVersion>15.3.0-*</TestSdkVersion>
+    <XunitVersion>2.3.0-beta2-*</XunitVersion>
   </PropertyGroup>
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 0ab3e44938..68ea33462b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -405,7 +405,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal("Test Family Name", transaction.FindClaimValue(ClaimTypes.Surname, expectedIssuer));
             Assert.Equal("Test email", transaction.FindClaimValue(ClaimTypes.Email, expectedIssuer));
 
-            // Ensure claims transformation 
+            // Ensure claims transformation
             Assert.Equal("yup", transaction.FindClaimValue("xform"));
 
             transaction = await server.SendAsync("https://example.com/tokens", authCookie);
@@ -688,14 +688,14 @@ namespace Microsoft.AspNetCore.Authentication.Google
                     OnCreatingTicket = context =>
                     {
                         Assert.NotNull(context.User);
-                        Assert.Equal(context.AccessToken, "Test Access Token");
-                        Assert.Equal(context.RefreshToken, "Test Refresh Token");
-                        Assert.Equal(context.ExpiresIn, TimeSpan.FromSeconds(3600));
-                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.Email)?.Value, "Test email");
-                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.NameIdentifier)?.Value, "Test User ID");
-                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.Name)?.Value, "Test Name");
-                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.Surname)?.Value, "Test Family Name");
-                        Assert.Equal(context.Identity.FindFirst(ClaimTypes.GivenName)?.Value, "Test Given Name");
+                        Assert.Equal("Test Access Token", context.AccessToken);
+                        Assert.Equal("Test Refresh Token", context.RefreshToken);
+                        Assert.Equal(TimeSpan.FromSeconds(3600), context.ExpiresIn);
+                        Assert.Equal("Test email", context.Identity.FindFirst(ClaimTypes.Email)?.Value);
+                        Assert.Equal("Test User ID", context.Identity.FindFirst(ClaimTypes.NameIdentifier)?.Value);
+                        Assert.Equal("Test Name", context.Identity.FindFirst(ClaimTypes.Name)?.Value);
+                        Assert.Equal("Test Family Name", context.Identity.FindFirst(ClaimTypes.Surname)?.Value);
+                        Assert.Equal("Test Given Name", context.Identity.FindFirst(ClaimTypes.GivenName)?.Value);
                         return Task.FromResult(0);
                     }
                 };
@@ -954,7 +954,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var authCookie = transaction.AuthenticationCookieValue;
             transaction = await server.SendAsync("https://example.com/authenticateFacebook", authCookie);
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.Equal(null, transaction.FindClaimValue(ClaimTypes.Name));
+            Assert.Null(transaction.FindClaimValue(ClaimTypes.Name));
         }
 
         [Fact]
@@ -1103,7 +1103,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         }
                         else if (req.Path == new PathString("/unauthorized"))
                         {
-                            // Simulate Authorization failure 
+                            // Simulate Authorization failure
                             var result = await context.AuthenticateAsync("Google");
                             await context.ChallengeAsync("Google");
                         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index df51faf882..98d727fde5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -1,11 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
+
   <PropertyGroup>
     <TargetFramework>netcoreapp2.0</TargetFramework>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
@@ -16,14 +18,14 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+  </ItemGroup>
+
+  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index dd48f7c956..2381fd6cd7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -73,6 +73,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
+        [Fact]
         public async Task ThrowsIfCallbackPathMissing()
         {
             var server = CreateServer(
@@ -118,6 +119,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
+        [Fact]
         public async Task ThrowsIfAuthorizationEndpointMissing()
         {
             var server = CreateServer(
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
index 8eeedde0da..41429cd377 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
@@ -78,7 +78,7 @@ namespace Microsoft.AspNetCore.Authentication
 
                 var identity = (ClaimsIdentity) readTicket.Principal.Identity;
                 Assert.NotNull(identity.Actor);
-                Assert.Equal(identity.Actor.AuthenticationType, "actor");
+                Assert.Equal("actor", identity.Actor.AuthenticationType);
             }
         }
 
@@ -113,17 +113,17 @@ namespace Microsoft.AspNetCore.Authentication
 
                 var readClaim = readTicket.Principal.FindFirst("type");
                 Assert.NotNull(claim);
-                Assert.Equal(claim.Type, "type");
-                Assert.Equal(claim.Value, "value");
-                Assert.Equal(claim.ValueType, "valueType");
-                Assert.Equal(claim.Issuer, "issuer");
-                Assert.Equal(claim.OriginalIssuer, "original-issuer");
+                Assert.Equal("type", claim.Type);
+                Assert.Equal("value", claim.Value);
+                Assert.Equal("valueType", claim.ValueType);
+                Assert.Equal("issuer", claim.Issuer);
+                Assert.Equal("original-issuer", claim.OriginalIssuer);
 
                 var property1 = readClaim.Properties["property-1"];
-                Assert.Equal(property1, "property-value");
+                Assert.Equal("property-value", property1);
 
                 var property2 = readClaim.Properties["property-2"];
-                Assert.Equal(property2, string.Empty);
+                Assert.Equal(string.Empty, property2);
             }
         }
     }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
index fb7ea34436..afdef0a408 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
@@ -45,9 +45,9 @@ namespace Microsoft.AspNetCore.Authentication
             props.StoreTokens(new[] { new AuthenticationToken { Name = "Zero", Value = "0" } });
 
             Assert.Equal("0", props.GetTokenValue("Zero"));
-            Assert.Equal(null, props.GetTokenValue("One"));
-            Assert.Equal(null, props.GetTokenValue("Two"));
-            Assert.Equal(null, props.GetTokenValue("Three"));
+            Assert.Null(props.GetTokenValue("One"));
+            Assert.Null(props.GetTokenValue("Two"));
+            Assert.Null(props.GetTokenValue("Three"));
             Assert.Equal(1, props.GetTokens().Count());
         }
 
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 7b0fc8c8b9..246eed9a50 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -106,6 +106,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             Assert.True(allowed);
         }
 
+        [Fact]
         public async Task Authorize_ShouldInvokeAllHandlersByDefault()
         {
             // Arrange
@@ -1152,4 +1153,4 @@ namespace Microsoft.AspNetCore.Authorization.Test
         }
 
     }
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index a2d4a61dea..a9ba71a797 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -1,19 +1,22 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
+
   <PropertyGroup>
     <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+  </ItemGroup>
+
+  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
+
 </Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 6ca53f519c..7908e98fcb 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -1,20 +1,20 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <Import Project="..\..\build\common.props" />
+
   <PropertyGroup>
     <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
+
   <ItemGroup>
     <Compile Include="..\..\shared\Microsoft.AspNetCore.ChunkingCookieManager.Sources\**\*.cs" />
   </ItemGroup>
+
   <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index 34224e21f1..b7b2c6afe0 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -6,16 +6,18 @@
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
   </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.csproj" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+  </ItemGroup>
+
+  <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
-  <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
-  </ItemGroup>
+
 </Project>

From 1f5a27e20adf5438adcd9caf8587230307b685ce Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Wed, 17 May 2017 14:05:27 -0700
Subject: [PATCH 725/900] Switch to Options Initializer

---
 samples/SocialSample/Startup.cs               |   4 -
 .../CookieAuthenticationHandler.cs            |  33 -----
 .../CookieAuthenticationInitializer.cs        |  60 +++++++++
 .../CookieAuthenticationOptions.cs            |   7 +-
 .../CookieExtensions.cs                       |  11 +-
 .../FacebookExtensions.cs                     |   2 +-
 .../FacebookHandler.cs                        |   5 +-
 .../GoogleExtensions.cs                       |   2 +-
 .../GoogleHandler.cs                          |   5 +-
 .../JwtBearerExtensions.cs                    |   2 +
 .../JwtBearerHandler.cs                       |  43 -------
 .../JwtBearerInitializer.cs                   |  63 ++++++++++
 .../MicrosoftAccountExtensions.cs             |   2 +-
 .../MicrosoftAccountHandler.cs                |   5 +-
 .../Events/OAuthCreatingTicketContext.cs      |   2 +-
 .../OAuthExtensions.cs                        |  19 ++-
 .../OAuthHandler.cs                           |  27 +----
 .../OAuthInitializer.cs                       |  45 +++++++
 .../OpenIdConnectExtensions.cs                |   4 +-
 .../OpenIdConnectHandler.cs                   |  93 +-------------
 .../OpenIdConnectInitializer.cs               | 114 ++++++++++++++++++
 .../OpenIdConnectOptions.cs                   |   1 -
 .../TwitterExtensions.cs                      |   4 +-
 .../TwitterHandler.cs                         |  40 ++----
 .../TwitterInitializer.cs                     |  51 ++++++++
 .../AuthenticationHandler.cs                  |  24 +---
 .../AuthenticationSchemeOptions.cs            |  24 ++--
 ...thenticationServiceCollectionExtensions.cs |  25 ++++
 .../RemoteAuthenticationHandler.cs            |  26 +---
 .../FacebookTests.cs                          |   2 -
 .../GoogleTests.cs                            |   2 -
 .../JwtBearerTests.cs                         |   6 +-
 .../MicrosoftAccountTests.cs                  |   2 -
 .../OpenIdConnect/OpenIdConnectTests.cs       |   2 +
 .../TwitterTests.cs                           |   2 -
 35 files changed, 434 insertions(+), 325 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationInitializer.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerInitializer.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/OAuthInitializer.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectInitializer.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/TwitterInitializer.cs

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 22c44b3ea7..ffffa46460 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -75,7 +75,6 @@ namespace SocialSample
             // https://console.developers.google.com/project
             services.AddOAuthAuthentication("Google-AccessToken", o =>
             {
-                o.DisplayName = "Google-AccessToken";
                 o.ClientId = Configuration["google:clientid"];
                 o.ClientSecret = Configuration["google:clientsecret"];
                 o.CallbackPath = new PathString("/signin-google-token");
@@ -137,7 +136,6 @@ namespace SocialSample
             // https://apps.dev.microsoft.com/
             services.AddOAuthAuthentication("Microsoft-AccessToken", o =>
             {
-                o.DisplayName = "MicrosoftAccount-AccessToken";
                 o.ClientId = Configuration["microsoftaccount:clientid"];
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
                 o.CallbackPath = new PathString("/signin-microsoft-token");
@@ -160,7 +158,6 @@ namespace SocialSample
             // https://github.com/settings/applications/
             services.AddOAuthAuthentication("GitHub-AccessToken", o =>
             {
-                o.DisplayName = "Github-AccessToken";
                 o.ClientId = Configuration["github-token:clientid"];
                 o.ClientSecret = Configuration["github-token:clientsecret"];
                 o.CallbackPath = new PathString("/signin-github-token");
@@ -178,7 +175,6 @@ namespace SocialSample
             // https://github.com/settings/applications/
             services.AddOAuthAuthentication("GitHub", o =>
             {
-                o.DisplayName = "Github";
                 o.ClientId = Configuration["github:clientid"];
                 o.ClientSecret = Configuration["github:clientsecret"];
                 o.CallbackPath = new PathString("/signin-github");
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 017e7911cc..5a4ffc547c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -59,39 +59,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <returns>A new instance of the events instance.</returns>
         protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new CookieAuthenticationEvents());
 
-        protected override void InitializeOptions()
-        {
-            base.InitializeOptions();
-
-            if (String.IsNullOrEmpty(Options.CookieName))
-            {
-                Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Scheme.Name;
-            }
-            if (Options.TicketDataFormat == null)
-            {
-                var provider = Options.DataProtectionProvider ?? Context.RequestServices.GetRequiredService<IDataProtectionProvider>();
-                // Note: the purpose for the data protector must remain fixed for interop to work.
-                var dataProtector = provider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", Scheme.Name, "v2");
-                Options.TicketDataFormat = new TicketDataFormat(dataProtector);
-            }
-            if (Options.CookieManager == null)
-            {
-                Options.CookieManager = new ChunkingCookieManager();
-            }
-            if (!Options.LoginPath.HasValue)
-            {
-                Options.LoginPath = CookieAuthenticationDefaults.LoginPath;
-            }
-            if (!Options.LogoutPath.HasValue)
-            {
-                Options.LogoutPath = CookieAuthenticationDefaults.LogoutPath;
-            }
-            if (!Options.AccessDeniedPath.HasValue)
-            {
-                Options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
-            }
-        }
-
         private Task<AuthenticateResult> EnsureCookieTicket()
         {
             // We only need to read the ticket once
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationInitializer.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationInitializer.cs
new file mode 100644
index 0000000000..af4a85b191
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationInitializer.cs
@@ -0,0 +1,60 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Cookies
+{
+    /// <summary>
+    /// Used to setup defaults for all <see cref="CookieAuthenticationOptions"/>.
+    /// </summary>
+    public class CookieAuthenticationInitializer : IInitializeOptions<CookieAuthenticationOptions>
+    {
+        private readonly IDataProtectionProvider _dp;
+
+        public CookieAuthenticationInitializer(IDataProtectionProvider dataProtection)
+        {
+            _dp = dataProtection;
+        }
+
+        /// <summary>
+        /// Invoked to initialize a TOptions instance.
+        /// </summary>
+        /// <param name="name">The name of the options instance being initialized.</param>
+        /// <param name="options">The options instance to initialize.</param>
+        public void Initialize(string name, CookieAuthenticationOptions options)
+        {
+            options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
+
+            if (String.IsNullOrEmpty(options.CookieName))
+            {
+                options.CookieName = CookieAuthenticationDefaults.CookiePrefix + name;
+            }
+            if (options.TicketDataFormat == null)
+            {
+                // Note: the purpose for the data protector must remain fixed for interop to work.
+                var dataProtector = options.DataProtectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", name, "v2");
+                options.TicketDataFormat = new TicketDataFormat(dataProtector);
+            }
+            if (options.CookieManager == null)
+            {
+                options.CookieManager = new ChunkingCookieManager();
+            }
+            if (!options.LoginPath.HasValue)
+            {
+                options.LoginPath = CookieAuthenticationDefaults.LoginPath;
+            }
+            if (!options.LogoutPath.HasValue)
+            {
+                options.LogoutPath = CookieAuthenticationDefaults.LogoutPath;
+            }
+            if (!options.AccessDeniedPath.HasValue)
+            {
+                options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
+            }
+        }
+
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 56d6ca238a..9b6b51d8eb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
@@ -71,7 +72,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         public CookieSecurePolicy CookieSecure { get; set; }
 
         /// <summary>
-        /// If set this will be used by the CookieAuthenticationMiddleware for data protection.
+        /// If set this will be used by the CookieAuthenticationHandler for data protection.
         /// </summary>
         public IDataProtectionProvider DataProtectionProvider { get; set; }
 
@@ -129,9 +130,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         /// <summary>
         /// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
-        /// cookie value. If it is not provided a default data handler is created using the data protection service contained
-        /// in the IApplicationBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET, 
-        /// and on DPAPI when running in a different process.
+        /// cookie value. If not provided one will be created using <see cref="DataProtectionProvider"/>.
         /// </summary>
         public ISecureDataFormat<AuthenticationTicket> TicketDataFormat { get; set; }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
index e8a21d01b1..b528dec9cb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
@@ -3,6 +3,10 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Options;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.AspNetCore.Authentication;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -15,7 +19,10 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, Action<CookieAuthenticationOptions> configureOptions) =>
             services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
 
-        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions) =>
-            services.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
+        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
+        {
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<CookieAuthenticationOptions>, CookieAuthenticationInitializer>());
+            return services.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index 79d9ac66ca..032be82356 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, string authenticationScheme, Action<FacebookOptions> configureOptions)
         {
-            return services.AddScheme<FacebookOptions, FacebookHandler>(authenticationScheme, authenticationScheme, configureOptions);
+            return services.AddOAuthAuthentication<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 521684d14a..c94048f9b9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -9,7 +9,6 @@ using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -19,8 +18,8 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     internal class FacebookHandler : OAuthHandler<FacebookOptions>
     {
-        public FacebookHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<FacebookOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
-            : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+        public FacebookHandler(IOptionsSnapshot<FacebookOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
         { }
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index 420d14030a..d71e8b461c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, string authenticationScheme, Action<GoogleOptions> configureOptions)
         {
-            return services.AddScheme<GoogleOptions, GoogleHandler>(authenticationScheme, authenticationScheme, configureOptions);
+            return services.AddOAuthAuthentication<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index c699f5cc9d..3a93c5cbf7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -9,7 +9,6 @@ using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -19,8 +18,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
 {
     internal class GoogleHandler : OAuthHandler<GoogleOptions>
     {
-        public GoogleHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<GoogleOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
-            : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+        public GoogleHandler(IOptionsSnapshot<GoogleOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
         { }
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
index 77ffd76ff4..4f6453bd96 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection
@@ -26,6 +27,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
         {
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<JwtBearerOptions>, JwtBearerInitializer>());
             return services.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 2ea03a51f0..ec48e3e20b 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -40,49 +40,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
         protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new JwtBearerEvents());
 
-        protected override void InitializeOptions()
-        {
-            base.InitializeOptions();
-
-            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
-            {
-                Options.TokenValidationParameters.ValidAudience = Options.Audience;
-            }
-
-            if (Options.ConfigurationManager == null)
-            {
-                if (Options.Configuration != null)
-                {
-                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
-                }
-                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
-                {
-                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
-                    {
-                        Options.MetadataAddress = Options.Authority;
-                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
-                        {
-                            Options.MetadataAddress += "/";
-                        }
-
-                        Options.MetadataAddress += ".well-known/openid-configuration";
-                    }
-
-                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
-                    {
-                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
-                    }
-
-                    var httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-                    httpClient.Timeout = Options.BackchannelTimeout;
-                    httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
-                        new HttpDocumentRetriever(httpClient) { RequireHttps = Options.RequireHttpsMetadata });
-                }
-            }
-        }
-
         /// <summary>
         /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerInitializer.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerInitializer.cs
new file mode 100644
index 0000000000..0aeed11832
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerInitializer.cs
@@ -0,0 +1,63 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Http;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
+{
+    /// <summary>
+    /// Used to setup defaults for all <see cref="JwtBearerOptions"/>.
+    /// </summary>
+    public class JwtBearerInitializer : IInitializeOptions<JwtBearerOptions>
+    {
+        /// <summary>
+        /// Invoked to initialize a JwtBearerOptions instance.
+        /// </summary>
+        /// <param name="name">The name of the options instance being initialized.</param>
+        /// <param name="options">The options instance to initialize.</param>
+        public void Initialize(string name, JwtBearerOptions options)
+        {
+            if (string.IsNullOrEmpty(options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(options.Audience))
+            {
+                options.TokenValidationParameters.ValidAudience = options.Audience;
+            }
+
+            if (options.ConfigurationManager == null)
+            {
+                if (options.Configuration != null)
+                {
+                    options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(options.Configuration);
+                }
+                else if (!(string.IsNullOrEmpty(options.MetadataAddress) && string.IsNullOrEmpty(options.Authority)))
+                {
+                    if (string.IsNullOrEmpty(options.MetadataAddress) && !string.IsNullOrEmpty(options.Authority))
+                    {
+                        options.MetadataAddress = options.Authority;
+                        if (!options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+                        {
+                            options.MetadataAddress += "/";
+                        }
+
+                        options.MetadataAddress += ".well-known/openid-configuration";
+                    }
+
+                    if (options.RequireHttpsMetadata && !options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+                    {
+                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+                    }
+
+                    var httpClient = new HttpClient(options.BackchannelHttpHandler ?? new HttpClientHandler());
+                    httpClient.Timeout = options.BackchannelTimeout;
+                    httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+
+                    options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+                        new HttpDocumentRetriever(httpClient) { RequireHttps = options.RequireHttpsMetadata });
+                }
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index 509016ff29..6ccb392344 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -26,7 +26,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
         {
-            return services.AddScheme<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, authenticationScheme, configureOptions);
+            return services.AddOAuthAuthentication<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index b2b787b97c..815b94bf40 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -7,7 +7,6 @@ using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Newtonsoft.Json.Linq;
@@ -16,8 +15,8 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     internal class MicrosoftAccountHandler : OAuthHandler<MicrosoftAccountOptions>
     {
-        public MicrosoftAccountHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<MicrosoftAccountOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
-            : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+        public MicrosoftAccountHandler(IOptionsSnapshot<MicrosoftAccountOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
         { }
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index f50dff3f55..6e31056392 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -170,7 +170,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
             foreach (var action in Options.ClaimActions)
             {
-                action.Run(userData, Identity, Options.ClaimsIssuer);
+                action.Run(userData, Identity, Options.ClaimsIssuer ?? Scheme.Name);
             }
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
index 6fd0f57f4b..408789b037 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -3,13 +3,24 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
 
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.Extensions.DependencyInjection
 {
     public static class OAuthExtensions
     {
-        public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action<OAuthOptions> configureOptions) =>
-            services.AddScheme<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, authenticationScheme, configureOptions);
+        public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action<OAuthOptions> configureOptions)
+        {
+            return services.AddScheme<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, authenticationScheme, configureOptions);
+        }
+
+        public static IServiceCollection AddOAuthAuthentication<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
+            where TOptions : OAuthOptions, new()
+            where THandler : OAuthHandler<TOptions>
+        {
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<TOptions>, OAuthInitializer<TOptions, THandler>>());
+            return services.AddRemoteScheme<TOptions, THandler>(authenticationScheme, authenticationScheme, configureOptions);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index cafc4f0bcf..63bcdbdf2b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -10,7 +10,6 @@ using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -33,30 +32,10 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             set { base.Events = value; }
         }
 
-        public OAuthHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
-            : base(sharedOptions, options, dataProtection, logger, encoder, clock)
+        public OAuthHandler(IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
         { }
 
-        protected override void InitializeOptions()
-        {
-            base.InitializeOptions();
-
-            if (Options.Backchannel == null)
-            {
-                Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-                Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OAuth handler");
-                Options.Backchannel.Timeout = Options.BackchannelTimeout;
-                Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-            }
-
-            if (Options.StateDataFormat == null)
-            {
-                var dataProtector = DataProtection.CreateProtector(
-                    GetType().FullName, Scheme.Name, "v1");
-                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
-            }
-        }
-
         /// <summary>
         /// Creates a new instance of the events instance.
         /// </summary>
@@ -119,7 +98,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 return AuthenticateResult.Fail("Failed to retrieve access token.");
             }
 
-            var identity = new ClaimsIdentity(Options.ClaimsIssuer);
+            var identity = new ClaimsIdentity(ClaimsIssuer);
 
             if (Options.SaveTokens)
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthInitializer.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthInitializer.cs
new file mode 100644
index 0000000000..99f65253a8
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthInitializer.cs
@@ -0,0 +1,45 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Net.Http;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Used to setup defaults for the OAuthOptions.
+    /// </summary>
+    public class OAuthInitializer<TOptions, THandler> : IInitializeOptions<TOptions>
+        where TOptions : OAuthOptions, new()
+        where THandler : OAuthHandler<TOptions>
+    {
+        private readonly IDataProtectionProvider _dp;
+
+        public OAuthInitializer(IDataProtectionProvider dataProtection)
+        {
+            _dp = dataProtection;
+        }
+
+        public void Initialize(string name, TOptions options)
+        {
+            options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
+            if (options.Backchannel == null)
+            {
+                options.Backchannel = new HttpClient(options.BackchannelHttpHandler ?? new HttpClientHandler());
+                options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OAuth handler");
+                options.Backchannel.Timeout = options.BackchannelTimeout;
+                options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+            }
+
+            if (options.StateDataFormat == null)
+            {
+                var dataProtector = options.DataProtectionProvider.CreateProtector(
+                    typeof(THandler).FullName, name, "v1");
+                options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index 64737a9ad8..c79dc7212d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection
@@ -26,7 +27,8 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
         {
-            return services.AddScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<OpenIdConnectOptions>, OpenIdConnectInitializer>());
+            return services.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 69acbf9a06..d51c324dc4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -13,12 +13,10 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
-using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@@ -57,8 +55,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         protected HtmlEncoder HtmlEncoder { get; }
 
-        public OpenIdConnectHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<OpenIdConnectOptions> options, ILoggerFactory logger, HtmlEncoder htmlEncoder, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
-            : base(sharedOptions, options, dataProtection, logger, encoder, clock)
+        public OpenIdConnectHandler(IOptionsSnapshot<OpenIdConnectOptions> options, ILoggerFactory logger, HtmlEncoder htmlEncoder, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
         {
             HtmlEncoder = htmlEncoder;
         }
@@ -75,76 +73,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new OpenIdConnectEvents());
 
-        protected override void InitializeOptions()
-        {
-            base.InitializeOptions();
-
-            if (string.IsNullOrEmpty(Options.SignOutScheme))
-            {
-                Options.SignOutScheme = SignInScheme;
-            }
-
-            if (Options.StateDataFormat == null)
-            {
-                var dataProtector = DataProtection.CreateProtector(
-                    GetType().FullName, Scheme.Name, "v1");
-                Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
-            }
-
-            if (Options.StringDataFormat == null)
-            {
-                var dataProtector = DataProtection.CreateProtector(
-                    GetType().FullName,
-                    typeof(string).FullName,
-                    Scheme.Name,
-                    "v1");
-
-                Options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
-            }
-
-            if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
-            {
-                Options.TokenValidationParameters.ValidAudience = Options.ClientId;
-            }
-
-            if (Options.Backchannel == null)
-            {
-                Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-                Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect handler");
-                Options.Backchannel.Timeout = Options.BackchannelTimeout;
-                Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-            }
-
-            if (Options.ConfigurationManager == null)
-            {
-                if (Options.Configuration != null)
-                {
-                    Options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(Options.Configuration);
-                }
-                else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
-                {
-                    if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
-                    {
-                        Options.MetadataAddress = Options.Authority;
-                        if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
-                        {
-                            Options.MetadataAddress += "/";
-                        }
-
-                        Options.MetadataAddress += ".well-known/openid-configuration";
-                    }
-
-                    if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
-                    {
-                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
-                    }
-
-                    Options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
-                        new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata });
-                }
-            }
-        }
-
         public override Task<bool> HandleRequestAsync()
         {
             if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path)
@@ -749,7 +677,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     var identity = (ClaimsIdentity)ticket.Principal.Identity;
                     foreach (var action in Options.ClaimActions)
                     {
-                        action.Run(null, identity, Options.ClaimsIssuer);
+                        action.Run(null, identity, ClaimsIssuer);
                     }
                 }
 
@@ -902,7 +830,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             foreach (var action in Options.ClaimActions)
             {
-                action.Run(user, identity, Options.ClaimsIssuer);
+                action.Run(user, identity, ClaimsIssuer);
             }
 
             return AuthenticateResult.Success(ticket);
@@ -1301,18 +1229,5 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 description,
                 errorUri));
         }
-
-        private class StringSerializer : IDataSerializer<string>
-        {
-            public string Deserialize(byte[] data)
-            {
-                return Encoding.UTF8.GetString(data);
-            }
-
-            public byte[] Serialize(string model)
-            {
-                return Encoding.UTF8.GetBytes(model);
-            }
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectInitializer.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectInitializer.cs
new file mode 100644
index 0000000000..7421af9c0a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectInitializer.cs
@@ -0,0 +1,114 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Http;
+using System.Text;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
+{
+    /// <summary>
+    /// Used to setup defaults for all <see cref="OpenIdConnectOptions"/>.
+    /// </summary>
+    public class OpenIdConnectInitializer : IInitializeOptions<OpenIdConnectOptions>
+    {
+        private readonly IDataProtectionProvider _dp;
+
+        public OpenIdConnectInitializer(IDataProtectionProvider dataProtection)
+        {
+            _dp = dataProtection;
+        }
+
+        /// <summary>
+        /// Invoked to initialize a TOptions instance.
+        /// </summary>
+        /// <param name="name">The name of the options instance being initialized.</param>
+        /// <param name="options">The options instance to initialize.</param>
+        public void Initialize(string name, OpenIdConnectOptions options)
+        {
+            options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
+
+            if (string.IsNullOrEmpty(options.SignOutScheme))
+            {
+                options.SignOutScheme = options.SignInScheme;
+            }
+
+            if (options.StateDataFormat == null)
+            {
+                var dataProtector = options.DataProtectionProvider.CreateProtector(
+                    typeof(OpenIdConnectHandler).FullName, name, "v1");
+                options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+
+            if (options.StringDataFormat == null)
+            {
+                var dataProtector = options.DataProtectionProvider.CreateProtector(
+                    typeof(OpenIdConnectHandler).FullName,
+                    typeof(string).FullName,
+                    name,
+                    "v1");
+
+                options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);
+            }
+
+            if (string.IsNullOrEmpty(options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(options.ClientId))
+            {
+                options.TokenValidationParameters.ValidAudience = options.ClientId;
+            }
+
+            if (options.Backchannel == null)
+            {
+                options.Backchannel = new HttpClient(options.BackchannelHttpHandler ?? new HttpClientHandler());
+                options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect handler");
+                options.Backchannel.Timeout = options.BackchannelTimeout;
+                options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+            }
+
+            if (options.ConfigurationManager == null)
+            {
+                if (options.Configuration != null)
+                {
+                    options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(options.Configuration);
+                }
+                else if (!(string.IsNullOrEmpty(options.MetadataAddress) && string.IsNullOrEmpty(options.Authority)))
+                {
+                    if (string.IsNullOrEmpty(options.MetadataAddress) && !string.IsNullOrEmpty(options.Authority))
+                    {
+                        options.MetadataAddress = options.Authority;
+                        if (!options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+                        {
+                            options.MetadataAddress += "/";
+                        }
+
+                        options.MetadataAddress += ".well-known/openid-configuration";
+                    }
+
+                    if (options.RequireHttpsMetadata && !options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+                    {
+                        throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+                    }
+
+                    options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+                        new HttpDocumentRetriever(options.Backchannel) { RequireHttps = options.RequireHttpsMetadata });
+                }
+            }
+        }
+
+        private class StringSerializer : IDataSerializer<string>
+        {
+            public string Deserialize(byte[] data)
+            {
+                return Encoding.UTF8.GetString(data);
+            }
+
+            public byte[] Serialize(string model)
+            {
+                return Encoding.UTF8.GetBytes(model);
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 5ca270dde8..b2d69d5249 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -39,7 +39,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </remarks>
         public OpenIdConnectOptions()
         {
-            DisplayName = OpenIdConnectDefaults.Caption;
             CallbackPath = new PathString("/signin-oidc");
             SignedOutCallbackPath = new PathString("/signout-callback-oidc");
             RemoteSignOutPath = new PathString("/signout-oidc");
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index 1e126d4c4a..3bcc80c3d7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection
@@ -26,7 +27,8 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action<TwitterOptions> configureOptions)
         {
-            return services.AddScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<TwitterOptions>, TwitterInitializer>());
+            return services.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index c166b175af..7ae9f973c1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -40,36 +40,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             set { base.Events = value; }
         }
 
-        public TwitterHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<TwitterOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
-            : base(sharedOptions, options, dataProtection, logger, encoder, clock)
+        public TwitterHandler(IOptionsSnapshot<TwitterOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
         { }
 
         protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new TwitterEvents());
 
-        protected override void InitializeOptions()
-        {
-            base.InitializeOptions();
-
-            if (Options.StateDataFormat == null)
-            {
-                var dataProtector = DataProtection.CreateProtector(
-                    GetType().FullName, Scheme.Name, "v1");
-                Options.StateDataFormat = new SecureDataFormat<RequestToken>(
-                    new RequestTokenSerializer(),
-                    dataProtector);
-            }
-
-            if (Options.Backchannel == null)
-            {
-                Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
-                Options.Backchannel.Timeout = Options.BackchannelTimeout;
-                Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-                Options.Backchannel.DefaultRequestHeaders.Accept.ParseAdd("*/*");
-                Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core Twitter handler");
-                Options.Backchannel.DefaultRequestHeaders.ExpectContinue = false;
-            }
-        }
-
         protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
         {
             AuthenticationProperties properties = null;
@@ -116,12 +92,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             var identity = new ClaimsIdentity(new[]
             {
-                new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
-                new Claim(ClaimTypes.Name, accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer),
-                new Claim("urn:twitter:userid", accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer),
-                new Claim("urn:twitter:screenname", accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer)
+                new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, ClaimValueTypes.String, ClaimsIssuer),
+                new Claim(ClaimTypes.Name, accessToken.ScreenName, ClaimValueTypes.String, ClaimsIssuer),
+                new Claim("urn:twitter:userid", accessToken.UserId, ClaimValueTypes.String, ClaimsIssuer),
+                new Claim("urn:twitter:screenname", accessToken.ScreenName, ClaimValueTypes.String, ClaimsIssuer)
             },
-            Options.ClaimsIssuer);
+            ClaimsIssuer);
 
             JObject user = null;
             if (Options.RetrieveUserDetails)
@@ -145,7 +121,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         {
             foreach (var action in Options.ClaimActions)
             {
-                action.Run(user, identity, Options.ClaimsIssuer);
+                action.Run(user, identity, ClaimsIssuer);
             }
 
             var context = new TwitterCreatingTicketContext(Context, Scheme, Options, properties, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterInitializer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterInitializer.cs
new file mode 100644
index 0000000000..08e9c5b832
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterInitializer.cs
@@ -0,0 +1,51 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Net.Http;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Twitter
+{
+    /// <summary>
+    /// Used to setup defaults for all <see cref="TwitterOptions"/>.
+    /// </summary>
+    public class TwitterInitializer : IInitializeOptions<TwitterOptions>
+    {
+        private readonly IDataProtectionProvider _dp;
+
+        public TwitterInitializer(IDataProtectionProvider dataProtection)
+        {
+            _dp = dataProtection;
+        }
+
+        /// <summary>
+        /// Invoked to initialize a TOptions instance.
+        /// </summary>
+        /// <param name="name">The name of the options instance being initialized.</param>
+        /// <param name="options">The options instance to initialize.</param>
+        public void Initialize(string name, TwitterOptions options)
+        {
+            options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
+
+            if (options.StateDataFormat == null)
+            {
+                var dataProtector = options.DataProtectionProvider.CreateProtector(
+                    typeof(TwitterHandler).FullName, name, "v1");
+                options.StateDataFormat = new SecureDataFormat<RequestToken>(
+                    new RequestTokenSerializer(),
+                    dataProtector);
+            }
+
+            if (options.Backchannel == null)
+            {
+                options.Backchannel = new HttpClient(options.BackchannelHttpHandler ?? new HttpClientHandler());
+                options.Backchannel.Timeout = options.BackchannelTimeout;
+                options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+                options.Backchannel.DefaultRequestHeaders.Accept.ParseAdd("*/*");
+                options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core Twitter handler");
+                options.Backchannel.DefaultRequestHeaders.ExpectContinue = false;
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 083884a026..ba1c919fe5 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -48,6 +48,8 @@ namespace Microsoft.AspNetCore.Authentication
         /// </summary>
         protected virtual object Events { get; set; }
 
+        protected virtual string ClaimsIssuer => Options.ClaimsIssuer ?? Scheme.Name;
+
         protected string CurrentUri
         {
             get
@@ -85,18 +87,6 @@ namespace Microsoft.AspNetCore.Authentication
             Context = context;
 
             Options = OptionsSnapshot.Get(Scheme.Name) ?? new TOptions();
-            if (!Options.Initialized)
-            {
-                lock (Options.InitializeLock)
-                {
-                    if (!Options.Initialized)
-                    {
-                        InitializeOptions();
-                        Options.Initialized = true;
-                    }
-                }
-            }
-
             Options.Validate();
 
             await InitializeEventsAsync();
@@ -122,16 +112,6 @@ namespace Microsoft.AspNetCore.Authentication
         /// <returns>A new instance of the events instance.</returns>
         protected virtual Task<object> CreateEventsAsync() => Task.FromResult(new object());
 
-        /// <summary>
-        /// Initializes the options, will be called only once by <see cref="InitializeAsync(AuthenticationScheme, HttpContext)"/>.
-        /// </summary>
-        protected virtual void InitializeOptions()
-        {
-            // REVIEW: is there a better place for this default?
-            Options.DisplayName = Options.DisplayName ?? Scheme.Name;
-            Options.ClaimsIssuer = Options.ClaimsIssuer ?? Scheme.Name;
-        }
-
         /// <summary>
         /// Called after options/events have been initialized for the handler to finish initializing itself.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
index 09e7abbd4f..55bc09d8ae 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
@@ -2,9 +2,18 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authentication
 {
+    public class InitializeAuthenticationSchemeOptions<TOptions> : InitializeOptions<TOptions>
+        where TOptions : AuthenticationSchemeOptions
+    {
+        public InitializeAuthenticationSchemeOptions(string name) 
+            : base(name, options => options.ClaimsIssuer = options.ClaimsIssuer ?? name)
+        { }
+    }
+
     /// <summary>
     /// Contains the options used by the <see cref="AuthenticationHandler{T}"/>.
     /// </summary>
@@ -17,11 +26,6 @@ namespace Microsoft.AspNetCore.Authentication
         {
         }
 
-        /// <summary>
-        /// Gets or sets the display name for the authentication provider.
-        /// </summary>
-        public string DisplayName { get; set; }
-
         /// <summary>
         /// Gets or sets the issuer that should be used for any claims that are created
         /// </summary>
@@ -36,15 +40,5 @@ namespace Microsoft.AspNetCore.Authentication
         /// If set, will be used as the service type to get the Events instance instead of the property.
         /// </summary>
         public Type EventsType { get; set; }
-
-        /// <summary>
-        /// Used to ensure that the options are only initialized once.
-        /// </summary>
-        public bool Initialized { get; set; }
-
-        /// <summary>
-        /// Used to prevent concurrent access during intialization.
-        /// </summary>
-        public object InitializeLock { get; } = new object();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 0315562ffb..ff367f5557 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -74,5 +74,30 @@ namespace Microsoft.Extensions.DependencyInjection
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
             => services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
+
+        public static IServiceCollection AddRemoteScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+            where TOptions : RemoteAuthenticationOptions, new()
+            where THandler : RemoteAuthenticationHandler<TOptions>
+        {
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<TOptions>, EnsureSignInScheme<TOptions>>());
+            return services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
+        }
+
+        // Used to ensure that there's always a default data protection provider
+        private class EnsureSignInScheme<TOptions> : IInitializeOptions<TOptions> where TOptions : RemoteAuthenticationOptions
+        {
+            private readonly AuthenticationOptions _authOptions;
+
+            public EnsureSignInScheme(IOptions<AuthenticationOptions> authOptions)
+            {
+                _authOptions = authOptions.Value;
+            }
+
+            public void Initialize(string name, TOptions options)
+            {
+                options.SignInScheme = options.SignInScheme ?? _authOptions.DefaultSignInScheme;
+            }
+        }
+
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index fc663317e4..bf875a7a04 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -5,9 +5,7 @@ using System;
 using System.Security.Cryptography;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -25,10 +23,6 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected string SignInScheme => Options.SignInScheme;
 
-        protected IDataProtectionProvider DataProtection { get; set; }
-
-        private readonly AuthenticationOptions _authOptions;
-
         /// <summary>
         /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
@@ -39,17 +33,9 @@ namespace Microsoft.AspNetCore.Authentication
             set { base.Events = value; }
         }
 
-        protected RemoteAuthenticationHandler(IOptions<AuthenticationOptions> sharedOptions, IOptionsSnapshot<TOptions> options, IDataProtectionProvider dataProtection, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        protected RemoteAuthenticationHandler(IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         {
-            _authOptions = sharedOptions.Value;
-            DataProtection = dataProtection;
-        }
-
-        protected override Task InitializeHandlerAsync()
-        {
-            DataProtection = Options.DataProtectionProvider ?? DataProtection;
-            return TaskCache.CompletedTask;
         }
 
         protected override Task<object> CreateEventsAsync()
@@ -57,16 +43,6 @@ namespace Microsoft.AspNetCore.Authentication
             return Task.FromResult<object>(new RemoteAuthenticationEvents());
         }
 
-        protected override void InitializeOptions()
-        {
-            base.InitializeOptions();
-
-            if (Options.SignInScheme == null)
-            {
-                Options.SignInScheme = _authOptions.DefaultSignInScheme;
-            }
-        }
-
         public virtual Task<bool> ShouldHandleRequestAsync()
         {
             return Task.FromResult(Options.CallbackPath == Request.Path);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index edd9eb5788..060eb649fc 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -50,7 +50,6 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 {"Facebook:BackchannelTimeout", "0.0:0:30"},
                 //{"Facebook:CallbackPath", "/callbackpath"}, // PathString doesn't convert
                 {"Facebook:ClaimsIssuer", "<issuer>"},
-                {"Facebook:DisplayName", "<display>"},
                 {"Facebook:RemoteAuthenticationTimeout", "0.0:0:30"},
                 {"Facebook:SaveTokens", "true"},
                 {"Facebook:SendAppSecretProof", "true"},
@@ -73,7 +72,6 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             Assert.Equal("<issuer>", options.ClaimsIssuer);
             Assert.Equal("<id>", options.ClientId);
             Assert.Equal("<secret>", options.ClientSecret);
-            Assert.Equal("<display>", options.DisplayName);
             Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
             Assert.True(options.SaveTokens);
             Assert.True(options.SendAppSecretProof);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 68ea33462b..2c86bc7781 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -49,7 +49,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 {"Google:BackchannelTimeout", "0.0:0:30"},
                 //{"Google:CallbackPath", "/callbackpath"}, // PathString doesn't convert
                 {"Google:ClaimsIssuer", "<issuer>"},
-                {"Google:DisplayName", "<display>"},
                 {"Google:RemoteAuthenticationTimeout", "0.0:0:30"},
                 {"Google:SaveTokens", "true"},
                 {"Google:SendAppSecretProof", "true"},
@@ -70,7 +69,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal("<issuer>", options.ClaimsIssuer);
             Assert.Equal("<id>", options.ClientId);
             Assert.Equal("<secret>", options.ClientSecret);
-            Assert.Equal("<display>", options.DisplayName);
             Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
             Assert.True(options.SaveTokens);
             Assert.Equal("<signIn>", options.SignInScheme);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index 42efe00dd3..59f1e880c7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -48,11 +48,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 {"Bearer:BackchannelTimeout", "0.0:0:30"},
                 {"Bearer:Challenge", "<challenge>"},
                 {"Bearer:ClaimsIssuer", "<issuer>"},
-                {"Bearer:DisplayName", "<display>"},
                 {"Bearer:IncludeErrorDetails", "true"},
                 {"Bearer:MetadataAddress", "<metadata>"},
                 {"Bearer:RefreshOnIssuerKeyNotFound", "true"},
-                {"Bearer:RequireHttpsMetadata", "true"},
+                {"Bearer:RequireHttpsMetadata", "false"},
                 {"Bearer:SaveToken", "true"},
             };
             var configurationBuilder = new ConfigurationBuilder();
@@ -67,11 +66,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal("<authority>", options.Authority);
             Assert.Equal("<challenge>", options.Challenge);
             Assert.Equal("<issuer>", options.ClaimsIssuer);
-            Assert.Equal("<display>", options.DisplayName);
             Assert.True(options.IncludeErrorDetails);
             Assert.Equal("<metadata>", options.MetadataAddress);
             Assert.True(options.RefreshOnIssuerKeyNotFound);
-            Assert.True(options.RequireHttpsMetadata);
+            Assert.False(options.RequireHttpsMetadata);
             Assert.True(options.SaveToken);
         }
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index 1f0f394f3c..062215ff46 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -50,7 +50,6 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                 {"Microsoft:BackchannelTimeout", "0.0:0:30"},
                 //{"Microsoft:CallbackPath", "/callbackpath"}, // PathString doesn't convert
                 {"Microsoft:ClaimsIssuer", "<issuer>"},
-                {"Microsoft:DisplayName", "<display>"},
                 {"Microsoft:RemoteAuthenticationTimeout", "0.0:0:30"},
                 {"Microsoft:SaveTokens", "true"},
                 {"Microsoft:SendAppSecretProof", "true"},
@@ -71,7 +70,6 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
             Assert.Equal("<issuer>", options.ClaimsIssuer);
             Assert.Equal("<id>", options.ClientId);
             Assert.Equal("<secret>", options.ClientSecret);
-            Assert.Equal("<display>", options.DisplayName);
             Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
             Assert.True(options.SaveTokens);
             Assert.Equal("<signIn>", options.SignInScheme);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index a3d7f5130f..b2459cf819 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -36,6 +36,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             {
                 {"OpenIdConnect:ClientId", "<id>"},
                 {"OpenIdConnect:ClientSecret", "<secret>"},
+                {"OpenIdConnect:RequireHttpsMetadata", "false"},
                 {"OpenIdConnect:Authority", "<auth>"}
             };
             var configurationBuilder = new ConfigurationBuilder();
@@ -48,6 +49,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.Equal("<id>", options.ClientId);
             Assert.Equal("<secret>", options.ClientSecret);
             Assert.Equal("<auth>", options.Authority);
+            Assert.False(options.RequireHttpsMetadata);
         }
 
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 9993559f69..1acddc5afd 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -42,7 +42,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 {"Twitter:BackchannelTimeout", "0.0:0:30"},
                 //{"Twitter:CallbackPath", "/callbackpath"}, // PathString doesn't convert
                 {"Twitter:ClaimsIssuer", "<issuer>"},
-                {"Twitter:DisplayName", "<display>"},
                 {"Twitter:RemoteAuthenticationTimeout", "0.0:0:30"},
                 {"Twitter:SaveTokens", "true"},
                 {"Twitter:SendAppSecretProof", "true"},
@@ -60,7 +59,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             Assert.Equal("<issuer>", options.ClaimsIssuer);
             Assert.Equal("<key>", options.ConsumerKey);
             Assert.Equal("<secret>", options.ConsumerSecret);
-            Assert.Equal("<display>", options.DisplayName);
             Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
             Assert.True(options.SaveTokens);
             Assert.Equal("<signIn>", options.SignInScheme);

From 2a4a7dd26af2f55a3d8be67fd5d12840d229b0b6 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@Outlook.com>
Date: Mon, 22 May 2017 10:01:44 -0700
Subject: [PATCH 726/900] Make samples work. Fix AddOAuthAuthentication
 extension. (#1226)

---
 samples/CookieSample/Startup.cs                    |  7 +++++++
 samples/CookieSessionSample/Startup.cs             |  7 +++++++
 samples/JwtBearerSample/Startup.cs                 |  7 +++++++
 .../OpenIdConnectSample/OpenIdConnectSample.csproj | 10 +++++++++-
 samples/OpenIdConnectSample/Program.cs             | 14 +++++---------
 samples/SocialSample/Program.cs                    | 14 +++++---------
 samples/SocialSample/SocialSample.csproj           | 10 +++++++++-
 samples/SocialSample/Startup.cs                    | 10 +++++-----
 .../OAuthExtensions.cs                             |  2 +-
 9 files changed, 55 insertions(+), 26 deletions(-)

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 3aebb419f8..79d1b3c3fe 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -13,6 +13,13 @@ namespace CookieSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
+            // This can be removed after https://github.com/aspnet/IISIntegration/issues/371
+            services.AddAuthentication(options =>
+            {
+                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+            });
+
             services.AddCookieAuthentication();
         }
 
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index 9ad9e6841e..c35dfd9998 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -14,6 +14,13 @@ namespace CookieSessionSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
+            // This can be removed after https://github.com/aspnet/IISIntegration/issues/371
+            services.AddAuthentication(options =>
+            {
+                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+            });
+
             services.AddCookieAuthentication(o => o.SessionStore = new MemoryCacheTicketStore());
         }
 
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 9df41a9ab7..030e640c99 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -43,6 +43,13 @@ namespace JwtBearerSample
         // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
         public void ConfigureServices(IServiceCollection services)
         {
+            // This can be removed after https://github.com/aspnet/IISIntegration/issues/371
+            services.AddAuthentication(options =>
+            {
+                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+            });
+
             services.AddJwtBearerAuthentication(o =>
             {
                 // You also need to update /wwwroot/app/scripts/app.js
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index e69563ced1..875762d126 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
@@ -7,6 +7,10 @@
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
+  <ItemGroup>
+    <None Remove="compiler\resources\cert.pfx" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
@@ -25,4 +29,8 @@
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
+  <ItemGroup>
+    <EmbeddedResource Include="compiler\resources\cert.pfx" />
+  </ItemGroup>
+
 </Project>
diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
index b4d24505d5..87e7755084 100644
--- a/samples/OpenIdConnectSample/Program.cs
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -23,16 +23,12 @@ namespace OpenIdConnectSample
                 })
                 .UseKestrel(options =>
                 {
-                    if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ASPNETCORE_PORT")))
+                    options.Listen(IPAddress.Loopback, 44318, listenOptions =>
                     {
-                        // ANCM is not hosting the process
-                        options.Listen(IPAddress.Loopback, 44318, listenOptions =>
-                        {
-                            // Configure SSL
-                            var serverCertificate = LoadCertificate();
-                            listenOptions.UseHttps(serverCertificate);
-                        });
-                    }
+                        // Configure SSL
+                        var serverCertificate = LoadCertificate();
+                        listenOptions.UseHttps(serverCertificate);
+                    });
                 })
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
diff --git a/samples/SocialSample/Program.cs b/samples/SocialSample/Program.cs
index 96bce512d5..a712b6c03f 100644
--- a/samples/SocialSample/Program.cs
+++ b/samples/SocialSample/Program.cs
@@ -21,16 +21,12 @@ namespace SocialSample
                 })
                 .UseKestrel(options =>
                 {
-                    if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("ASPNETCORE_PORT")))
+                    options.Listen(IPAddress.Loopback, 44318, listenOptions =>
                     {
-                        // ANCM is not hosting the process
-                        options.Listen(IPAddress.Loopback, 44318, listenOptions =>
-                        {
-                            // Configure SSL
-                            var serverCertificate = LoadCertificate();
-                            listenOptions.UseHttps(serverCertificate);
-                        });
-                    }
+                        // Configure SSL
+                        var serverCertificate = LoadCertificate();
+                        listenOptions.UseHttps(serverCertificate);
+                    });
                 })
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index e0336cc0e3..723d74de32 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
@@ -7,6 +7,14 @@
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
   </PropertyGroup>
 
+  <ItemGroup>
+    <None Remove="compiler\resources\cert.pfx" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <EmbeddedResource Include="compiler\resources\cert.pfx" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index ffffa46460..0039720096 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -164,11 +164,6 @@ namespace SocialSample
                 o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
                 o.TokenEndpoint = "https://github.com/login/oauth/access_token";
                 o.SaveTokens = true;
-                o.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
-                o.ClaimActions.MapJsonKey(ClaimTypes.Name, "login");
-                o.ClaimActions.MapJsonKey("urn:github:name", "name");
-                o.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
-                o.ClaimActions.MapJsonKey("urn:github:url", "url");
             });
 
             // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
@@ -184,6 +179,11 @@ namespace SocialSample
                 o.ClaimsIssuer = "OAuth2-Github";
                 o.SaveTokens = true;
                 // Retrieving user information is unique to each provider.
+                o.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
+                o.ClaimActions.MapJsonKey(ClaimTypes.Name, "login");
+                o.ClaimActions.MapJsonKey("urn:github:name", "name");
+                o.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
+                o.ClaimActions.MapJsonKey("urn:github:url", "url");
                 o.Events = new OAuthEvents
                 {
                     OnCreatingTicket = async context =>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
index 408789b037..257aed9cb1 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -12,7 +12,7 @@ namespace Microsoft.Extensions.DependencyInjection
     {
         public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action<OAuthOptions> configureOptions)
         {
-            return services.AddScheme<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, authenticationScheme, configureOptions);
+            return services.AddOAuthAuthentication<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
         }
 
         public static IServiceCollection AddOAuthAuthentication<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)

From 769da5fd8768ae1ceab0c77b5af2ca394aa1d812 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Thu, 18 May 2017 20:12:41 -0700
Subject: [PATCH 727/900] Add SameSitePolicy to CookiePolicyMiddleware

---
 .../ChunkingCookieManager.cs                  |   7 +-
 .../CookieAuthenticationHandler.cs            |   1 +
 .../CookieAuthenticationOptions.cs            |   8 +-
 .../OpenIdConnectHandler.cs                   |   2 +
 .../TwitterHandler.cs                         |   2 +
 .../RemoteAuthenticationHandler.cs            |   2 +
 .../CookiePolicyMiddleware.cs                 |  20 ++-
 .../CookiePolicyOptions.cs                    |   5 +
 .../CookieTests.cs                            |   5 +
 .../CookieChunkingTests.cs                    |  38 +++---
 .../CookiePolicyTests.cs                      | 126 ++++++++++++++----
 11 files changed, 165 insertions(+), 51 deletions(-)

diff --git a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
index 16426507ce..9b602383cf 100644
--- a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
+++ b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
@@ -33,7 +33,7 @@ namespace Microsoft.AspNetCore.Internal
         /// <summary>
         /// The default maximum size of characters in a cookie to send back to the client.
         /// </summary>
-        public const int DefaultChunkSize = 4070;
+        public const int DefaultChunkSize = 4050;
 
         private const string ChunkKeySuffix = "C";
         private const string ChunkCountPrefix = "chunks-";
@@ -42,7 +42,7 @@ namespace Microsoft.AspNetCore.Internal
         {
             // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
             // See http://browsercookielimits.x64.me/.
-            // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
+            // Leave at least 40 in case CookiePolicy tries to add 'secure', 'samesite=strict' and/or 'httponly'.
             ChunkSize = DefaultChunkSize;
             ThrowForPartialCookies = true;
         }
@@ -166,6 +166,7 @@ namespace Microsoft.AspNetCore.Internal
             {
                 Domain = options.Domain,
                 Expires = options.Expires,
+                SameSite = (Net.Http.Headers.SameSiteMode)options.SameSite,
                 HttpOnly = options.HttpOnly,
                 Path = options.Path,
                 Secure = options.Secure,
@@ -284,6 +285,7 @@ namespace Microsoft.AspNetCore.Internal
                 {
                     Path = options.Path,
                     Domain = options.Domain,
+                    SameSite = options.SameSite,
                     Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
                 });
 
@@ -297,6 +299,7 @@ namespace Microsoft.AspNetCore.Internal
                     {
                         Path = options.Path,
                         Domain = options.Domain,
+                        SameSite = options.SameSite,
                         Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
                     });
             }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 5a4ffc547c..13a20e55b9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -179,6 +179,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var cookieOptions = new CookieOptions
             {
                 Domain = Options.CookieDomain,
+                SameSite = Options.CookieSameSite,
                 HttpOnly = Options.CookieHttpOnly,
                 Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"),
             };
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 9b6b51d8eb..02d0361b72 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -4,7 +4,6 @@
 using System;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
@@ -23,6 +22,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
+            CookieSameSite = SameSiteMode.Strict;
             CookieHttpOnly = true;
             CookieSecure = CookieSecurePolicy.SameAsRequest;
             Events = new CookieAuthenticationEvents();
@@ -57,6 +57,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         public string CookiePath { get; set; }
 
+        /// <summary>
+        /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
+        /// default is Strict, which means the cookie is only allowed to be attached to same-site requests.
+        /// </summary>
+        public SameSiteMode CookieSameSite { get; set; }
+
         /// <summary>
         /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
         /// default is true, which means the cookie will only be passed to http requests and is not made available
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index d51c324dc4..04359142a6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -899,6 +899,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 new CookieOptions
                 {
                     HttpOnly = true,
+                    SameSite = Http.SameSiteMode.Lax,
                     Secure = Request.IsHttps,
                     Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
                 });
@@ -930,6 +931,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                             var cookieOptions = new CookieOptions
                             {
                                 HttpOnly = true,
+                                SameSite = Http.SameSiteMode.Lax,
                                 Secure = Request.IsHttps
                             };
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 7ae9f973c1..ff054d3c6f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -83,6 +83,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps
             };
 
@@ -160,6 +161,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index bf875a7a04..a7de95dfed 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -203,6 +203,7 @@ namespace Microsoft.AspNetCore.Authentication
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
@@ -242,6 +243,7 @@ namespace Microsoft.AspNetCore.Authentication
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps
             };
             Response.Cookies.Delete(cookieName, cookieOptions);
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index 46daaad810..92adac9677 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -74,7 +74,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
 
             private bool PolicyRequiresCookieOptions()
             {
-                return Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != CookieSecurePolicy.None;
+                return Policy.MinimumSameSitePolicy != SameSiteMode.None || Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != CookieSecurePolicy.None;
             }
 
             public void Append(string key, string value)
@@ -151,6 +151,22 @@ namespace Microsoft.AspNetCore.CookiePolicy
                     default:
                         throw new InvalidOperationException();
                 }
+                switch (Policy.MinimumSameSitePolicy)
+                {
+                    case SameSiteMode.None:
+                        break;
+                    case SameSiteMode.Lax:
+                        if (options.SameSite == SameSiteMode.None)
+                        {
+                            options.SameSite = SameSiteMode.Lax;
+                        }
+                        break;
+                    case SameSiteMode.Strict:
+                        options.SameSite = SameSiteMode.Strict;
+                        break;
+                    default:
+                        throw new InvalidOperationException($"Unrecognized {nameof(SameSiteMode)} value {Policy.MinimumSameSitePolicy.ToString()}");
+                }
                 switch (Policy.HttpOnly)
                 {
                     case HttpOnlyPolicy.Always:
@@ -159,7 +175,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
                     case HttpOnlyPolicy.None:
                         break;
                     default:
-                        throw new InvalidOperationException();
+                        throw new InvalidOperationException($"Unrecognized {nameof(HttpOnlyPolicy)} value {Policy.HttpOnly.ToString()}");
                 }
             }
         }
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index 6aed18bfb0..7203e73e69 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -12,6 +12,11 @@ namespace Microsoft.AspNetCore.Builder
     /// </summary>
     public class CookiePolicyOptions
     {
+        /// <summary>
+        /// Affects the cookie's same site attribute.
+        /// </summary>
+        public SameSiteMode MinimumSameSitePolicy { get; set; } = SameSiteMode.Strict;
+
         /// <summary>
         /// Affects whether cookies must be HttpOnly.
         /// </summary>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 419d82493d..e38dc15870 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -136,6 +136,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.StartsWith("TestCookie=", setCookie);
             Assert.Contains("; path=/", setCookie);
             Assert.Contains("; httponly", setCookie);
+            Assert.Contains("; samesite=", setCookie);
             Assert.DoesNotContain("; expires=", setCookie);
             Assert.DoesNotContain("; domain=", setCookie);
             Assert.DoesNotContain("; secure", setCookie);
@@ -206,6 +207,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 o.CookiePath = "/foo";
                 o.CookieDomain = "another.com";
                 o.CookieSecure = CookieSecurePolicy.Always;
+                o.CookieSameSite = SameSiteMode.None;
                 o.CookieHttpOnly = true;
             }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
@@ -217,12 +219,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Contains(" path=/foo", setCookie1);
             Assert.Contains(" domain=another.com", setCookie1);
             Assert.Contains(" secure", setCookie1);
+            Assert.DoesNotContain(" samesite", setCookie1);
             Assert.Contains(" httponly", setCookie1);
 
             var server2 = CreateServer(o =>
             {
                 o.CookieName = "SecondCookie";
                 o.CookieSecure = CookieSecurePolicy.None;
+                o.CookieSameSite = SameSiteMode.Strict;
                 o.CookieHttpOnly = false;
             }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
@@ -232,6 +236,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             Assert.Contains("SecondCookie=", setCookie2);
             Assert.Contains(" path=/base", setCookie2);
+            Assert.Contains(" samesite=strict", setCookie2);
             Assert.DoesNotContain(" domain=", setCookie2);
             Assert.DoesNotContain(" secure", setCookie2);
             Assert.DoesNotContain(" httponly", setCookie2);
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
index c978d169e4..143e1d254c 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNetCore.Internal
             new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(1, values.Count);
-            Assert.Equal("TestCookie=" + testString + "; path=/", values[0]);
+            Assert.Equal("TestCookie=" + testString + "; path=/; samesite=lax", values[0]);
         }
 
         [Fact]
@@ -27,20 +27,20 @@ namespace Microsoft.AspNetCore.Internal
             HttpContext context = new DefaultHttpContext();
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-            new ChunkingCookieManager() { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            new ChunkingCookieManager() { ChunkSize = 44 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(9, values.Count);
             Assert.Equal<string[]>(new[]
             {
-                "TestCookie=chunks-8; path=/",
-                "TestCookieC1=abcdefgh; path=/",
-                "TestCookieC2=ijklmnop; path=/",
-                "TestCookieC3=qrstuvwx; path=/",
-                "TestCookieC4=yz012345; path=/",
-                "TestCookieC5=6789ABCD; path=/",
-                "TestCookieC6=EFGHIJKL; path=/",
-                "TestCookieC7=MNOPQRST; path=/",
-                "TestCookieC8=UVWXYZ; path=/",
+                "TestCookie=chunks-8; path=/; samesite=lax",
+                "TestCookieC1=abcdefgh; path=/; samesite=lax",
+                "TestCookieC2=ijklmnop; path=/; samesite=lax",
+                "TestCookieC3=qrstuvwx; path=/; samesite=lax",
+                "TestCookieC4=yz012345; path=/; samesite=lax",
+                "TestCookieC5=6789ABCD; path=/; samesite=lax",
+                "TestCookieC6=EFGHIJKL; path=/; samesite=lax",
+                "TestCookieC7=MNOPQRST; path=/; samesite=lax",
+                "TestCookieC8=UVWXYZ; path=/; samesite=lax",
             }, values);
         }
 
@@ -116,14 +116,14 @@ namespace Microsoft.AspNetCore.Internal
             Assert.Equal(8, cookies.Count);
             Assert.Equal(new[]
             {
-                "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
+                "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
+                "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
+                "TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
+                "TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
+                "TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
+                "TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
+                "TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; samesite=lax",
             }, cookies);
         }
     }
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index e45c7f6909..737c12dc39 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -36,6 +36,15 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             context.Response.Cookies.Append("D", "D", new CookieOptions { HttpOnly = true });
             return Task.FromResult(0);
         };
+        private RequestDelegate SameSiteCookieAppends = context =>
+        {
+            context.Response.Cookies.Append("A", "A");
+            context.Response.Cookies.Append("B", "B", new CookieOptions { SameSite = Http.SameSiteMode.None });
+            context.Response.Cookies.Append("C", "C", new CookieOptions());
+            context.Response.Cookies.Append("D", "D", new CookieOptions { SameSite = Http.SameSiteMode.Lax });
+            context.Response.Cookies.Append("E", "E", new CookieOptions { SameSite = Http.SameSiteMode.Strict });
+            return Task.FromResult(0);
+        };
 
         [Fact]
         public async Task SecureAlwaysSetsSecure()
@@ -50,10 +59,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; secure; samesite=strict", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; secure; samesite=strict", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; secure; samesite=strict", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure; samesite=strict", transaction.SetCookie[3]);
                     }));
         }
 
@@ -70,10 +79,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; samesite=strict", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; samesite=strict", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; samesite=strict", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure; samesite=strict", transaction.SetCookie[3]);
                     }));
         }
 
@@ -90,19 +99,19 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; samesite=strict", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; samesite=strict", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; samesite=strict", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; samesite=strict", transaction.SetCookie[3]);
                     }),
                 new RequestTest("https://example.com/secureSame",
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; secure; samesite=strict", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; secure; samesite=strict", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; secure; samesite=strict", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure; samesite=strict", transaction.SetCookie[3]);
                     }));
         }
 
@@ -119,10 +128,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                 transaction =>
                 {
                     Assert.NotNull(transaction.SetCookie);
-                    Assert.Equal("A=A; path=/; httponly", transaction.SetCookie[0]);
-                    Assert.Equal("B=B; path=/; httponly", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/; httponly", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/; httponly", transaction.SetCookie[3]);
+                    Assert.Equal("A=A; path=/; samesite=strict; httponly", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; samesite=strict; httponly", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; samesite=strict; httponly", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; samesite=strict; httponly", transaction.SetCookie[3]);
                 }));
         }
 
@@ -137,12 +146,75 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                 HttpCookieAppends,
                 new RequestTest("http://example.com/httpOnlyNone",
                 transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/; samesite=strict", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; samesite=strict", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; samesite=strict", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; samesite=strict; httponly", transaction.SetCookie[3]);
+                }));
+        }
+
+        [Fact]
+        public async Task SameSiteStrictSetsItAlways()
+        {
+            await RunTest("/sameSiteStrict",
+                new CookiePolicyOptions
+                {
+                    MinimumSameSitePolicy = Http.SameSiteMode.Strict
+                },
+                SameSiteCookieAppends,
+                new RequestTest("http://example.com/sameSiteStrict",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/; samesite=strict", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; samesite=strict", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; samesite=strict", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; samesite=strict", transaction.SetCookie[3]);
+                    Assert.Equal("E=E; path=/; samesite=strict", transaction.SetCookie[4]);
+                }));
+        }
+
+        [Fact]
+        public async Task SameSiteLaxSetsItAlways()
+        {
+            await RunTest("/sameSiteLax",
+                new CookiePolicyOptions
+                {
+                    MinimumSameSitePolicy = Http.SameSiteMode.Lax
+                },
+                SameSiteCookieAppends,
+                new RequestTest("http://example.com/sameSiteLax",
+                transaction =>
+                {
+                    Assert.NotNull(transaction.SetCookie);
+                    Assert.Equal("A=A; path=/; samesite=lax", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; samesite=lax", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; samesite=lax", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; samesite=lax", transaction.SetCookie[3]);
+                    Assert.Equal("E=E; path=/; samesite=strict", transaction.SetCookie[4]);
+                }));
+        }
+
+        [Fact]
+        public async Task SameSiteNoneLeavesItAlone()
+        {
+            await RunTest("/sameSiteNone",
+                new CookiePolicyOptions
+                {
+                    MinimumSameSitePolicy = Http.SameSiteMode.None
+                },
+                SameSiteCookieAppends,
+                new RequestTest("http://example.com/sameSiteNone",
+                transaction =>
                 {
                     Assert.NotNull(transaction.SetCookie);
                     Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
                     Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/; httponly", transaction.SetCookie[3]);
+                    Assert.Equal("C=C; path=/; samesite=lax", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; samesite=lax", transaction.SetCookie[3]);
+                    Assert.Equal("E=E; path=/; samesite=strict", transaction.SetCookie[4]);
                 }));
         }
 
@@ -170,10 +242,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             var transaction = await server.SendAsync("http://example.com/login");
 
             Assert.NotNull(transaction.SetCookie);
-            Assert.Equal("Hao=Hao; path=/", transaction.SetCookie[0]);
-            Assert.Equal("Hao=Hao; path=/", transaction.SetCookie[1]);
-            Assert.Equal("Hao=Hao; path=/", transaction.SetCookie[2]);
-            Assert.Equal("Hao=Hao; path=/; secure", transaction.SetCookie[3]);
+            Assert.Equal("Hao=Hao; path=/; samesite=strict", transaction.SetCookie[0]);
+            Assert.Equal("Hao=Hao; path=/; samesite=strict", transaction.SetCookie[1]);
+            Assert.Equal("Hao=Hao; path=/; samesite=strict", transaction.SetCookie[2]);
+            Assert.Equal("Hao=Hao; path=/; secure; samesite=strict", transaction.SetCookie[3]);
         }
 
         [Fact]
@@ -201,7 +273,7 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
 
             Assert.NotNull(transaction.SetCookie);
             Assert.Equal(1, transaction.SetCookie.Count);
-            Assert.Equal("A=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/", transaction.SetCookie[0]);
+            Assert.Equal("A=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax", transaction.SetCookie[0]);
         }
 
         [Fact]

From 30392a1811d45b41ffb12c0c57e4df6cac51e1fb Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 24 May 2017 09:24:08 -0700
Subject: [PATCH 728/900] Retarget to netstandard2.0 and net461

---
 Security.sln                                  |  48 ++-
 build/common.props                            |   4 +-
 build/dependencies.props                      |   4 +-
 build/repo.props                              |   1 +
 samples/CookieSample/CookieSample.csproj      |   8 +-
 .../CookieSessionSample.csproj                |   8 +-
 .../JwtBearerSample/JwtBearerSample.csproj    |   8 +-
 .../OpenIdConnect.AzureAdSample.csproj        |   6 +-
 .../OpenIdConnectSample.csproj                |   6 +-
 samples/SocialSample/SocialSample.csproj      |   6 +-
 ...t.AspNetCore.Authentication.Cookies.csproj |   2 +-
 ....AspNetCore.Authentication.Facebook.csproj |   2 +-
 ...ft.AspNetCore.Authentication.Google.csproj |   2 +-
 ...AspNetCore.Authentication.JwtBearer.csproj |   2 +-
 ...ore.Authentication.MicrosoftAccount.csproj |   2 +-
 ...oft.AspNetCore.Authentication.OAuth.csproj |   2 +-
 ...etCore.Authentication.OpenIdConnect.csproj |   2 +-
 ...t.AspNetCore.Authentication.Twitter.csproj |   2 +-
 ...Microsoft.AspNetCore.Authentication.csproj |   4 +-
 .../Microsoft.AspNetCore.Authorization.csproj |   2 +-
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |   2 +-
 .../AspNetTicketDataFormat.cs                 |  17 +
 .../AspNetTicketSerializer.cs                 | 220 +++++++++++
 .../ChunkingCookieManager.cs                  | 281 +++++++++++++
 .../Constants.cs                              |  13 +
 .../DataProtectorShim.cs                      |  31 ++
 .../Microsoft.Owin.Security.Interop.csproj    |  18 +
 .../Properties/AssemblyInfo.cs                |   8 +
 .../baseline.netframework.json                | 373 ++++++++++++++++++
 ...soft.AspNetCore.Authentication.Test.csproj |   6 +-
 ...osoft.AspNetCore.Authorization.Test.csproj |   3 +-
 ....ChunkingCookieManager.Sources.Test.csproj |   3 +-
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |   5 +-
 .../CookieInteropTests.cs                     | 332 ++++++++++++++++
 ...icrosoft.Owin.Security.Interop.Test.csproj |  26 ++
 .../TicketInteropTests.cs                     |  91 +++++
 36 files changed, 1517 insertions(+), 33 deletions(-)
 create mode 100644 src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/Constants.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
 create mode 100644 src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
 create mode 100644 src/Microsoft.Owin.Security.Interop/baseline.netframework.json
 create mode 100644 test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
 create mode 100644 test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
 create mode 100644 test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs

diff --git a/Security.sln b/Security.sln
index 157849c911..b9e6ac5672 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26403.7
+VisualStudioVersion = 15.0.26510.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -46,10 +46,22 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authen
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "JwtBearerSample", "samples\JwtBearerSample\JwtBearerSample.csproj", "{D399B84F-591B-4E98-92BA-B0F63E7B6957}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Owin.Security.Interop", "src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj", "{A7922DD8-09F1-43E4-938B-CC523EA08898}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Owin.Security.Interop.Test", "test\Microsoft.Owin.Security.Interop.Test\Microsoft.Owin.Security.Interop.Test.csproj", "{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}"
+EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIdConnect.AzureAdSample", "samples\OpenIdConnect.AzureAdSample\OpenIdConnect.AzureAdSample.csproj", "{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test", "test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test\Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj", "{51563775-C659-4907-9BAF-9995BAB87D01}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{86BD08B1-F978-4F58-9982-2A017807F01C}"
+	ProjectSection(SolutionItems) = preProject
+		build\common.props = build\common.props
+		build\dependencies.props = build\dependencies.props
+		build\Key.snk = build\Key.snk
+		build\repo.props = build\repo.props
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -360,6 +372,38 @@ Global
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x64.Build.0 = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.ActiveCfg = Release|Any CPU
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.Build.0 = Debug|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.Build.0 = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.ActiveCfg = Release|Any CPU
+		{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.Build.0 = Debug|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.Build.0 = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.ActiveCfg = Release|Any CPU
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.Build.0 = Release|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
@@ -416,6 +460,8 @@ Global
 		{1790E052-646F-4529-B90E-6FEA95520D69} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{2755BFE5-7421-4A31-A644-F817DF5CAA98} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{D399B84F-591B-4E98-92BA-B0F63E7B6957} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{A7922DD8-09F1-43E4-938B-CC523EA08898} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 	EndGlobalSection
diff --git a/build/common.props b/build/common.props
index 3f55ba5b33..dc4ad9a786 100644
--- a/build/common.props
+++ b/build/common.props
@@ -16,8 +16,8 @@
     <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework' AND '$(OutputType)'=='library'">
-    <PackageReference Include="NETStandard.Library" Version="$(BundledNETStandardPackageVersion)" />
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework'">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>
diff --git a/build/dependencies.props b/build/dependencies.props
index 74d501f7cd..f7e538a504 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,11 +1,13 @@
 <Project>
   <PropertyGroup>
     <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
+    <CoreFxVersion>4.4.0-*</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
     <InternalAspNetCoreSdkVersion>2.1.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
-    <NETStandardImplicitPackageVersion>$(BundledNETStandardPackageVersion)</NETStandardImplicitPackageVersion>
+    <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>
+    <OwinVersion>3.0.1</OwinVersion>
     <TestSdkVersion>15.3.0-*</TestSdkVersion>
     <XunitVersion>2.3.0-beta2-*</XunitVersion>
   </PropertyGroup>
diff --git a/build/repo.props b/build/repo.props
index 396aed1f53..d4bab3eebd 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,4 +1,5 @@
 <Project>
   <ItemGroup>
+    <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'"/>
   </ItemGroup>
 </Project>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 27fa4ca17b..d251b844e1 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -1,9 +1,9 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
@@ -19,4 +19,8 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
+  </ItemGroup>
+
 </Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index 2a838df7e4..a2d0490f1a 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -1,9 +1,9 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
@@ -19,4 +19,8 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
+  </ItemGroup>
+
 </Project>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 86b04d587c..c2f73fd961 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,9 +1,9 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
  </PropertyGroup>
 
@@ -20,4 +20,8 @@
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
+  </ItemGroup>
+
 </Project>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 78ba03c2af..7857249087 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
@@ -23,4 +23,8 @@
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
+  </ItemGroup>
+
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 875762d126..03384f567e 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
@@ -33,4 +33,8 @@
     <EmbeddedResource Include="compiler\resources\cert.pfx" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
+  </ItemGroup>
+
 </Project>
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 723d74de32..999dc91a6f 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -3,7 +3,7 @@
   <Import Project="..\..\build\dependencies.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
   </PropertyGroup>
 
@@ -35,4 +35,8 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
+    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
+  </ItemGroup>
+
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index a5728fbabc..41c4ff7905 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to use cookie based authentication.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <DefineConstants>$(DefineConstants);SECURITY</DefineConstants>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 19ec83413c..e39b31e904 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index e403fe4a95..c4f1e7ad8f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index c2b99e47db..5b25e00e86 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -2,7 +2,7 @@
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 4d91e0da1e..1a954c850a 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 8e33372c1f..508c815fe8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index b3829b59dc..0ce2fe34e0 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -2,7 +2,7 @@
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 5dd58d680c..b78de6597f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 54b560702a..cbdb05b58a 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core common types used by the various authentication middleware components.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
@@ -18,7 +18,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index b39a7bf3dd..93673ef007 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -7,7 +7,7 @@
 Commonly used types:
 Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute
 Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 31ce5b761a..5dc2cd9281 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -4,7 +4,7 @@
 
   <PropertyGroup>
     <Description>ASP.NET Core cookie policy classes to control the behavior of cookies.</Description>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netstandard2.0</TargetFramework>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore</PackageTags>
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs b/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
new file mode 100644
index 0000000000..f1a07c5bf7
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Owin.Security.DataHandler;
+using Microsoft.Owin.Security.DataHandler.Encoder;
+using Microsoft.Owin.Security.DataProtection;
+
+namespace Microsoft.Owin.Security.Interop
+{
+    public class AspNetTicketDataFormat : SecureDataFormat<AuthenticationTicket>
+    {
+        public AspNetTicketDataFormat(IDataProtector protector)
+            : base(AspNetTicketSerializer.Default, protector, TextEncodings.Base64Url)
+        {
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs b/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
new file mode 100644
index 0000000000..6a1019fbc8
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
@@ -0,0 +1,220 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.Owin.Security.DataHandler.Serializer;
+
+namespace Microsoft.Owin.Security.Interop
+{
+    // This MUST be kept in sync with Microsoft.AspNetCore.Authentication.DataHandler.TicketSerializer
+    public class AspNetTicketSerializer : IDataSerializer<AuthenticationTicket>
+    {
+        private const string DefaultStringPlaceholder = "\0";
+        private const int FormatVersion = 5;
+
+        public static AspNetTicketSerializer Default { get; } = new AspNetTicketSerializer();
+
+        public virtual byte[] Serialize(AuthenticationTicket ticket)
+        {
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new BinaryWriter(memory))
+                {
+                    Write(writer, ticket);
+                }
+                return memory.ToArray();
+            }
+        }
+
+        public virtual AuthenticationTicket Deserialize(byte[] data)
+        {
+            using (var memory = new MemoryStream(data))
+            {
+                using (var reader = new BinaryReader(memory))
+                {
+                    return Read(reader);
+                }
+            }
+        }
+
+        public virtual void Write(BinaryWriter writer, AuthenticationTicket ticket)
+        {
+            writer.Write(FormatVersion);
+            writer.Write(ticket.Identity.AuthenticationType);
+
+            var identity = ticket.Identity;
+            if (identity == null)
+            {
+                throw new ArgumentNullException("ticket.Identity");
+            }
+
+            // There is always a single identity
+            writer.Write(1);
+            WriteIdentity(writer, identity);
+            PropertiesSerializer.Write(writer, ticket.Properties);
+        }
+
+        protected virtual void WriteIdentity(BinaryWriter writer, ClaimsIdentity identity)
+        {
+            var authenticationType = identity.AuthenticationType ?? string.Empty;
+
+            writer.Write(authenticationType);
+            WriteWithDefault(writer, identity.NameClaimType, ClaimsIdentity.DefaultNameClaimType);
+            WriteWithDefault(writer, identity.RoleClaimType, ClaimsIdentity.DefaultRoleClaimType);
+
+            // Write the number of claims contained in the identity.
+            writer.Write(identity.Claims.Count());
+
+            foreach (var claim in identity.Claims)
+            {
+                WriteClaim(writer, claim);
+            }
+
+            var bootstrap = identity.BootstrapContext as string;
+            if (!string.IsNullOrEmpty(bootstrap))
+            {
+                writer.Write(true);
+                writer.Write(bootstrap);
+            }
+            else
+            {
+                writer.Write(false);
+            }
+
+            if (identity.Actor != null)
+            {
+                writer.Write(true);
+                WriteIdentity(writer, identity.Actor);
+            }
+            else
+            {
+                writer.Write(false);
+            }
+        }
+
+        protected virtual void WriteClaim(BinaryWriter writer, Claim claim)
+        {
+            WriteWithDefault(writer, claim.Type, claim.Subject?.NameClaimType ?? ClaimsIdentity.DefaultNameClaimType);
+            writer.Write(claim.Value);
+            WriteWithDefault(writer, claim.ValueType, ClaimValueTypes.String);
+            WriteWithDefault(writer, claim.Issuer, ClaimsIdentity.DefaultIssuer);
+            WriteWithDefault(writer, claim.OriginalIssuer, claim.Issuer);
+
+            // Write the number of properties contained in the claim.
+            writer.Write(claim.Properties.Count);
+
+            foreach (var property in claim.Properties)
+            {
+                writer.Write(property.Key ?? string.Empty);
+                writer.Write(property.Value ?? string.Empty);
+            }
+        }
+
+        public virtual AuthenticationTicket Read(BinaryReader reader)
+        {
+            if (reader.ReadInt32() != FormatVersion)
+            {
+                return null;
+            }
+
+            var scheme = reader.ReadString();
+
+            // Any identities after the first will be ignored.
+            var count = reader.ReadInt32();
+            if (count < 0)
+            {
+                return null;
+            }
+
+            var identity = ReadIdentity(reader);
+            var properties = PropertiesSerializer.Read(reader);
+
+            return new AuthenticationTicket(identity, properties);
+        }
+
+        protected virtual ClaimsIdentity ReadIdentity(BinaryReader reader)
+        {
+            var authenticationType = reader.ReadString();
+            var nameClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultNameClaimType);
+            var roleClaimType = ReadWithDefault(reader, ClaimsIdentity.DefaultRoleClaimType);
+
+            // Read the number of claims contained
+            // in the serialized identity.
+            var count = reader.ReadInt32();
+
+            var identity = new ClaimsIdentity(authenticationType, nameClaimType, roleClaimType);
+
+            for (int index = 0; index != count; ++index)
+            {
+                var claim = ReadClaim(reader, identity);
+
+                identity.AddClaim(claim);
+            }
+
+            // Determine whether the identity
+            // has a bootstrap context attached.
+            if (reader.ReadBoolean())
+            {
+                identity.BootstrapContext = reader.ReadString();
+            }
+
+            // Determine whether the identity
+            // has an actor identity attached.
+            if (reader.ReadBoolean())
+            {
+                identity.Actor = ReadIdentity(reader);
+            }
+
+            return identity;
+        }
+
+        protected virtual Claim ReadClaim(BinaryReader reader, ClaimsIdentity identity)
+        {
+            var type = ReadWithDefault(reader, identity.NameClaimType);
+            var value = reader.ReadString();
+            var valueType = ReadWithDefault(reader, ClaimValueTypes.String);
+            var issuer = ReadWithDefault(reader, ClaimsIdentity.DefaultIssuer);
+            var originalIssuer = ReadWithDefault(reader, issuer);
+
+            var claim = new Claim(type, value, valueType, issuer, originalIssuer, identity);
+
+            // Read the number of properties stored in the claim.
+            var count = reader.ReadInt32();
+
+            for (var index = 0; index != count; ++index)
+            {
+                var key = reader.ReadString();
+                var propertyValue = reader.ReadString();
+
+                claim.Properties.Add(key, propertyValue);
+            }
+
+            return claim;
+        }
+
+        private static void WriteWithDefault(BinaryWriter writer, string value, string defaultValue)
+        {
+            if (string.Equals(value, defaultValue, StringComparison.Ordinal))
+            {
+                writer.Write(DefaultStringPlaceholder);
+            }
+            else
+            {
+                writer.Write(value);
+            }
+        }
+
+        private static string ReadWithDefault(BinaryReader reader, string defaultValue)
+        {
+            var value = reader.ReadString();
+            if (string.Equals(value, DefaultStringPlaceholder, StringComparison.Ordinal))
+            {
+                return defaultValue;
+            }
+            return value;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs b/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
new file mode 100644
index 0000000000..b323258d9b
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
@@ -0,0 +1,281 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
+using Microsoft.Owin.Infrastructure;
+
+namespace Microsoft.Owin.Security.Interop
+{
+    // This MUST be kept in sync with Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager
+    /// <summary>
+    /// This handles cookies that are limited by per cookie length. It breaks down long cookies for responses, and reassembles them
+    /// from requests.
+    /// </summary>
+    public class ChunkingCookieManager : ICookieManager
+    {
+        private const string ChunkKeySuffix = "C";
+        private const string ChunkCountPrefix = "chunks-";
+
+        public ChunkingCookieManager()
+        {
+            // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
+            // See http://browsercookielimits.x64.me/.
+            // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
+            ChunkSize = 4070;
+            ThrowForPartialCookies = true;
+        }
+
+        /// <summary>
+        /// The maximum size of cookie to send back to the client. If a cookie exceeds this size it will be broken down into multiple
+        /// cookies. Set this value to null to disable this behavior. The default is 4090 characters, which is supported by all
+        /// common browsers.
+        ///
+        /// Note that browsers may also have limits on the total size of all cookies per domain, and on the number of cookies per domain.
+        /// </summary>
+        public int? ChunkSize { get; set; }
+
+        /// <summary>
+        /// Throw if not all chunks of a cookie are available on a request for re-assembly.
+        /// </summary>
+        public bool ThrowForPartialCookies { get; set; }
+
+        // Parse the "chunks-XX" to determine how many chunks there should be.
+        private static int ParseChunksCount(string value)
+        {
+            if (value != null && value.StartsWith(ChunkCountPrefix, StringComparison.Ordinal))
+            {
+                var chunksCountString = value.Substring(ChunkCountPrefix.Length);
+                int chunksCount;
+                if (int.TryParse(chunksCountString, NumberStyles.None, CultureInfo.InvariantCulture, out chunksCount))
+                {
+                    return chunksCount;
+                }
+            }
+            return 0;
+        }
+
+        /// <summary>
+        /// Get the reassembled cookie. Non chunked cookies are returned normally.
+        /// Cookies with missing chunks just have their "chunks-XX" header returned.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <returns>The reassembled cookie, if any, or null.</returns>
+        public string GetRequestCookie(IOwinContext context, string key)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            var requestCookies = context.Request.Cookies;
+            var value = requestCookies[key];
+            var chunksCount = ParseChunksCount(value);
+            if (chunksCount > 0)
+            {
+                var chunks = new string[chunksCount];
+                for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
+                {
+                    var chunk = requestCookies[key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture)];
+                    if (string.IsNullOrEmpty(chunk))
+                    {
+                        if (ThrowForPartialCookies)
+                        {
+                            var totalSize = 0;
+                            for (int i = 0; i < chunkId - 1; i++)
+                            {
+                                totalSize += chunks[i].Length;
+                            }
+                            throw new FormatException(
+                                string.Format(CultureInfo.CurrentCulture, 
+                                "The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.",
+                                chunkId - 1, chunksCount, totalSize));
+                        }
+                        // Missing chunk, abort by returning the original cookie value. It may have been a false positive?
+                        return value;
+                    }
+
+                    chunks[chunkId - 1] = chunk;
+                }
+
+                return string.Join(string.Empty, chunks);
+            }
+            return value;
+        }
+
+        /// <summary>
+        /// Appends a new response cookie to the Set-Cookie header. If the cookie is larger than the given size limit
+        /// then it will be broken down into multiple cookies as follows:
+        /// Set-Cookie: CookieName=chunks-3; path=/
+        /// Set-Cookie: CookieNameC1=Segment1; path=/
+        /// Set-Cookie: CookieNameC2=Segment2; path=/
+        /// Set-Cookie: CookieNameC3=Segment3; path=/
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="value"></param>
+        /// <param name="options"></param>
+        public void AppendResponseCookie(IOwinContext context, string key, string value, CookieOptions options)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            var pathHasValue = !string.IsNullOrEmpty(options.Path);
+            var expiresHasValue = options.Expires.HasValue;
+
+            var templateLength = key.Length + "=".Length
+                + (domainHasValue ? "; domain=".Length + options.Domain.Length : 0)
+                + (pathHasValue ? "; path=".Length + options.Path.Length : 0)
+                + (expiresHasValue ? "; expires=ddd, dd-MMM-yyyy HH:mm:ss GMT".Length : 0)
+                + (options.Secure ? "; secure".Length : 0)
+                + (options.HttpOnly ? "; HttpOnly".Length : 0);
+
+            // Normal cookie
+            var responseCookies = context.Response.Cookies;
+            if (!ChunkSize.HasValue || ChunkSize.Value > templateLength + value.Length)
+            {
+                responseCookies.Append(key, value, options);
+            }
+            else if (ChunkSize.Value < templateLength + 10)
+            {
+                // 10 is the minimum data we want to put in an individual cookie, including the cookie chunk identifier "CXX".
+                // No room for data, we can't chunk the options and name
+                throw new InvalidOperationException("The cookie key and options are larger than ChunksSize, leaving no room for data.");
+            }
+            else
+            {
+                // Break the cookie down into multiple cookies.
+                // Key = CookieName, value = "Segment1Segment2Segment2"
+                // Set-Cookie: CookieName=chunks-3; path=/
+                // Set-Cookie: CookieNameC1="Segment1"; path=/
+                // Set-Cookie: CookieNameC2="Segment2"; path=/
+                // Set-Cookie: CookieNameC3="Segment3"; path=/
+                var dataSizePerCookie = ChunkSize.Value - templateLength - 3; // Budget 3 chars for the chunkid.
+                var cookieChunkCount = (int)Math.Ceiling(value.Length * 1.0 / dataSizePerCookie);
+
+                responseCookies.Append(key, ChunkCountPrefix + cookieChunkCount.ToString(CultureInfo.InvariantCulture), options);
+
+                var offset = 0;
+                for (var chunkId = 1; chunkId <= cookieChunkCount; chunkId++)
+                {
+                    var remainingLength = value.Length - offset;
+                    var length = Math.Min(dataSizePerCookie, remainingLength);
+                    var segment = value.Substring(offset, length);
+                    offset += length;
+
+                    responseCookies.Append(key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture), segment, options);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Deletes the cookie with the given key by setting an expired state. If a matching chunked cookie exists on
+        /// the request, delete each chunk.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <param name="options"></param>
+        public void DeleteCookie(IOwinContext context, string key, CookieOptions options)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            if (key == null)
+            {
+                throw new ArgumentNullException(nameof(key));
+            }
+
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            var keys = new List<string>();
+            keys.Add(key + "=");
+
+            var requestCookie = context.Request.Cookies[key];
+            var chunks = ParseChunksCount(requestCookie);
+            if (chunks > 0)
+            {
+                for (int i = 1; i <= chunks + 1; i++)
+                {
+                    var subkey = key + ChunkKeySuffix + i.ToString(CultureInfo.InvariantCulture);
+                    keys.Add(subkey + "=");
+                }
+            }
+
+            var domainHasValue = !string.IsNullOrEmpty(options.Domain);
+            var pathHasValue = !string.IsNullOrEmpty(options.Path);
+
+            Func<string, bool> rejectPredicate;
+            Func<string, bool> predicate = value => keys.Any(k => value.StartsWith(k, StringComparison.OrdinalIgnoreCase));
+            if (domainHasValue)
+            {
+                rejectPredicate = value => predicate(value) && value.IndexOf("domain=" + options.Domain, StringComparison.OrdinalIgnoreCase) != -1;
+            }
+            else if (pathHasValue)
+            {
+                rejectPredicate = value => predicate(value) && value.IndexOf("path=" + options.Path, StringComparison.OrdinalIgnoreCase) != -1;
+            }
+            else
+            {
+                rejectPredicate = value => predicate(value);
+            }
+
+            var responseHeaders = context.Response.Headers;
+            string[] existingValues;
+            if (responseHeaders.TryGetValue(Constants.Headers.SetCookie, out existingValues) && existingValues != null)
+            {
+                responseHeaders.SetValues(Constants.Headers.SetCookie, existingValues.Where(value => !rejectPredicate(value)).ToArray());
+            }
+
+            AppendResponseCookie(
+                context,
+                key,
+                string.Empty,
+                new CookieOptions()
+                {
+                    Path = options.Path,
+                    Domain = options.Domain,
+                    Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
+                });
+
+            for (int i = 1; i <= chunks; i++)
+            {
+                AppendResponseCookie(
+                    context,
+                    key + "C" + i.ToString(CultureInfo.InvariantCulture),
+                    string.Empty,
+                    new CookieOptions()
+                    {
+                        Path = options.Path,
+                        Domain = options.Domain,
+                        Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
+                    });
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.Owin.Security.Interop/Constants.cs b/src/Microsoft.Owin.Security.Interop/Constants.cs
new file mode 100644
index 0000000000..1e75761b70
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/Constants.cs
@@ -0,0 +1,13 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.Owin.Security.Interop
+{
+    internal static class Constants
+    {
+        internal static class Headers
+        {
+            internal const string SetCookie = "Set-Cookie";
+        }
+    }
+}
diff --git a/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs b/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
new file mode 100644
index 0000000000..7313588948
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
@@ -0,0 +1,31 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.DataProtection;
+
+namespace Microsoft.Owin.Security.Interop
+{
+    /// <summary>
+    /// Converts an <see cref="IDataProtector"/> to an
+    /// <see cref="Microsoft.Owin.Security.DataProtection.IDataProtector"/>.
+    /// </summary>
+    public sealed class DataProtectorShim : Microsoft.Owin.Security.DataProtection.IDataProtector
+    {
+        private readonly IDataProtector _protector;
+
+        public DataProtectorShim(IDataProtector protector)
+        {
+            _protector = protector;
+        }
+
+        public byte[] Protect(byte[] userData)
+        {
+            return _protector.Protect(userData);
+        }
+
+        public byte[] Unprotect(byte[] protectedData)
+        {
+            return _protector.Unprotect(protectedData);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
new file mode 100644
index 0000000000..10a8be30f5
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.</Description>
+    <TargetFramework>net461</TargetFramework>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;katana;owin;security</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Owin.Security" Version="$(OwinVersion)" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000000..490fa7cb2a
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
@@ -0,0 +1,8 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Runtime.InteropServices;
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("a7922dd8-09f1-43e4-938b-cc523ea08898")]
+
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
new file mode 100644
index 0000000000..1fc242ec55
--- /dev/null
+++ b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
@@ -0,0 +1,373 @@
+{
+  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.Owin.Security.Interop.AspNetTicketDataFormat",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.Owin.Security.DataHandler.SecureDataFormat<Microsoft.Owin.Security.AuthenticationTicket>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.Owin.Security.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Owin.Security.Interop.AspNetTicketSerializer",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Default",
+          "Parameters": [],
+          "ReturnType": "Microsoft.Owin.Security.Interop.AspNetTicketSerializer",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Serialize",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.Owin.Security.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Deserialize",
+          "Parameters": [
+            {
+              "Name": "data",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "Microsoft.Owin.Security.AuthenticationTicket",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataHandler.Serializer.IDataSerializer<Microsoft.Owin.Security.AuthenticationTicket>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Write",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.Owin.Security.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteIdentity",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "WriteClaim",
+          "Parameters": [
+            {
+              "Name": "writer",
+              "Type": "System.IO.BinaryWriter"
+            },
+            {
+              "Name": "claim",
+              "Type": "System.Security.Claims.Claim"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Read",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "Microsoft.Owin.Security.AuthenticationTicket",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadIdentity",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.ClaimsIdentity",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReadClaim",
+          "Parameters": [
+            {
+              "Name": "reader",
+              "Type": "System.IO.BinaryReader"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            }
+          ],
+          "ReturnType": "System.Security.Claims.Claim",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Owin.Security.Interop.ChunkingCookieManager",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Owin.Infrastructure.ICookieManager"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ChunkSize",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.Int32>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ChunkSize",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Nullable<System.Int32>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ThrowForPartialCookies",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ThrowForPartialCookies",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetRequestCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.Owin.IOwinContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AppendResponseCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.Owin.IOwinContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Owin.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.Owin.IOwinContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Owin.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Infrastructure.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Owin.Security.Interop.DataProtectorShim",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Sealed": true,
+      "ImplementedInterfaces": [
+        "Microsoft.Owin.Security.DataProtection.IDataProtector"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Protect",
+          "Parameters": [
+            {
+              "Name": "userData",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataProtection.IDataProtector",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Unprotect",
+          "Parameters": [
+            {
+              "Name": "protectedData",
+              "Type": "System.Byte[]"
+            }
+          ],
+          "ReturnType": "System.Byte[]",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Owin.Security.DataProtection.IDataProtector",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "protector",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtector"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ],
+  "SourceFilters": []
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 98d727fde5..c44069f437 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -3,9 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
-    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
-    <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
+    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
@@ -24,6 +23,7 @@
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="System.Net.Http" Version="$(CoreFxVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index a9ba71a797..48b134740a 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -3,7 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 7908e98fcb..b578f5dcfa 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -3,7 +3,8 @@
   <Import Project="..\..\build\common.props" />
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index b7b2c6afe0..f513de4b35 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -2,9 +2,8 @@
 
   <Import Project="..\..\build\common.props" />
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
-    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
-    <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType>
+    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
+    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
new file mode 100644
index 0000000000..ae5e6f0183
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -0,0 +1,332 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Xml;
+using System.Xml.Linq;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
+using Microsoft.Owin.Security.Cookies;
+using Microsoft.Owin.Testing;
+using Owin;
+using Xunit;
+
+namespace Microsoft.Owin.Security.Interop
+{
+    public class CookiesInteropTests
+    {
+        [Fact]
+        public async Task AspNetCoreWithInteropCookieContainsIdentity()
+        {
+            var identity = new ClaimsIdentity("Cookies");
+            identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
+
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
+
+            var interopServer = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
+                });
+
+                app.Run(context =>
+                {
+                    context.Authentication.SignIn(identity);
+                    return Task.FromResult(0);
+                });
+            });
+
+            var transaction = await SendAsync(interopServer, "http://example.com");
+
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Run(async context => 
+                    {
+                        var result = await context.AuthenticateAsync("Cookies");
+                        await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
+                    });
+                })
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
+
+            var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
+            foreach (var cookie in SetCookieHeaderValue.ParseList(transaction.SetCookie))
+            {
+                request.Headers.Add("Cookie", cookie.Name + "=" + cookie.Value);
+            }
+            var response = await newServer.CreateClient().SendAsync(request);
+
+            Assert.Equal("Alice", await response.Content.ReadAsStringAsync());
+        }
+
+        [Fact]
+        public async Task AspNetCoreWithLargeInteropCookieContainsIdentity()
+        {
+            var identity = new ClaimsIdentity("Cookies");
+            identity.AddClaim(new Claim(ClaimTypes.Name, new string('a', 1024 * 5)));
+
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
+
+            var interopServer = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
+                    CookieManager = new ChunkingCookieManager(),
+                });
+
+                app.Run(context =>
+                {
+                    context.Authentication.SignIn(identity);
+                    return Task.FromResult(0);
+                });
+            });
+
+            var transaction = await SendAsync(interopServer, "http://example.com");
+
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Run(async context =>
+                    {
+                        var result = await context.AuthenticateAsync("Cookies");
+                        await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
+                    });
+                })
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
+
+            var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
+            foreach (var cookie in SetCookieHeaderValue.ParseList(transaction.SetCookie))
+            {
+                request.Headers.Add("Cookie", cookie.Name + "=" + cookie.Value);
+            }
+            var response = await newServer.CreateClient().SendAsync(request);
+
+            Assert.Equal(1024 * 5, (await response.Content.ReadAsStringAsync()).Length);
+        }
+
+        [Fact]
+        public async Task InteropWithNewCookieContainsIdentity()
+        {
+            var user = new ClaimsPrincipal();
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim(ClaimTypes.Name, "Alice"));
+            user.AddIdentity(identity);
+
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
+
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Run(context => context.SignInAsync("Cookies", user));
+                })
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
+
+            var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
+
+            var server = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
+                });
+
+                app.Run(async context =>
+                {
+                    var result = await context.Authentication.AuthenticateAsync("Cookies");
+                    Describe(context.Response, result);
+                });
+            });
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookies);
+
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+        }
+
+        [Fact]
+        public async Task InteropWithLargeNewCookieContainsIdentity()
+        {
+            var user = new ClaimsPrincipal();
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim(ClaimTypes.Name, new string('a', 1024 * 5)));
+            user.AddIdentity(identity);
+
+            var dataProtection = DataProtectionProvider.Create(new DirectoryInfo("..\\..\\artifacts"));
+            var dataProtector = dataProtection.CreateProtector(
+                "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET Core type
+                Cookies.CookieAuthenticationDefaults.AuthenticationType, "v2");
+
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Run(context => context.SignInAsync("Cookies", user));
+                })
+                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+            var newServer = new AspNetCore.TestHost.TestServer(builder);
+
+            var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
+
+            var server = TestServer.Create(app =>
+            {
+                app.Properties["host.AppName"] = "Microsoft.Owin.Security.Tests";
+
+                app.UseCookieAuthentication(new Cookies.CookieAuthenticationOptions
+                {
+                    TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)),
+                    CookieName = AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.CookiePrefix
+                        + AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme,
+                    CookieManager = new ChunkingCookieManager(),
+                });
+
+                app.Run(async context =>
+                {
+                    var result = await context.Authentication.AuthenticateAsync("Cookies");
+                    Describe(context.Response, result);
+                });
+            });
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", cookies);
+
+            Assert.Equal(1024 * 5, FindClaimValue(transaction2, ClaimTypes.Name).Length);
+        }
+
+        private static async Task<IList<string>> SendAndGetCookies(AspNetCore.TestHost.TestServer server, string uri)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            var response = await server.CreateClient().SendAsync(request);
+            if (response.Headers.Contains("Set-Cookie"))
+            {
+                IList<string> cookieHeaders = new List<string>();
+                foreach (var cookie in SetCookieHeaderValue.ParseList(response.Headers.GetValues("Set-Cookie").ToList()))
+                {
+                    cookieHeaders.Add(cookie.Name + "=" + cookie.Value);
+                }
+                return cookieHeaders;
+            }
+            return null;
+        }
+
+        private static string FindClaimValue(Transaction transaction, string claimType)
+        {
+            XElement claim = transaction.ResponseElement.Elements("claim").SingleOrDefault(elt => elt.Attribute("type").Value == claimType);
+            if (claim == null)
+            {
+                return null;
+            }
+            return claim.Attribute("value").Value;
+        }
+
+        private static void Describe(IOwinResponse res, AuthenticateResult result)
+        {
+            res.StatusCode = 200;
+            res.ContentType = "text/xml";
+            var xml = new XElement("xml");
+            if (result != null && result.Identity != null)
+            {
+                xml.Add(result.Identity.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+            }
+            if (result != null && result.Properties != null)
+            {
+                xml.Add(result.Properties.Dictionary.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
+            }
+            using (var memory = new MemoryStream())
+            {
+                using (var writer = new XmlTextWriter(memory, Encoding.UTF8))
+                {
+                    xml.WriteTo(writer);
+                }
+                res.Body.Write(memory.ToArray(), 0, memory.ToArray().Length);
+            }
+        }
+
+        private static async Task<Transaction> SendAsync(TestServer server, string uri, IList<string> cookieHeaders = null, bool ajaxRequest = false)
+        {
+            var request = new HttpRequestMessage(HttpMethod.Get, uri);
+            if (cookieHeaders != null)
+            {
+                request.Headers.Add("Cookie", cookieHeaders);
+            }
+            if (ajaxRequest)
+            {
+                request.Headers.Add("X-Requested-With", "XMLHttpRequest");
+            }
+            var transaction = new Transaction
+            {
+                Request = request,
+                Response = await server.HttpClient.SendAsync(request),
+            };
+            if (transaction.Response.Headers.Contains("Set-Cookie"))
+            {
+                transaction.SetCookie = transaction.Response.Headers.GetValues("Set-Cookie").ToList();
+            }
+            if (transaction.SetCookie != null && transaction.SetCookie.Any())
+            {
+                transaction.CookieNameValue = transaction.SetCookie.First().Split(new[] { ';' }, 2).First();
+            }
+            transaction.ResponseText = await transaction.Response.Content.ReadAsStringAsync();
+
+            if (transaction.Response.Content != null &&
+                transaction.Response.Content.Headers.ContentType != null &&
+                transaction.Response.Content.Headers.ContentType.MediaType == "text/xml")
+            {
+                transaction.ResponseElement = XElement.Parse(transaction.ResponseText);
+            }
+            return transaction;
+        }
+
+        private class Transaction
+        {
+            public HttpRequestMessage Request { get; set; }
+            public HttpResponseMessage Response { get; set; }
+
+            public IList<string> SetCookie { get; set; }
+            public string CookieNameValue { get; set; }
+
+            public string ResponseText { get; set; }
+            public XElement ResponseElement { get; set; }
+        }
+
+    }
+}
+
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
new file mode 100644
index 0000000000..d6e9d16e5f
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <TargetFramework>net461</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
+
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
+    <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
+    <PackageReference Include="System.Net.Http" Version="$(CoreFxVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+  </ItemGroup>
+
+</Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
new file mode 100644
index 0000000000..b14ea0d74e
--- /dev/null
+++ b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
@@ -0,0 +1,91 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
+using Xunit;
+
+namespace Microsoft.Owin.Security.Interop.Test
+{
+    public class TicketInteropTests
+    {
+        [Fact]
+        public void NewSerializerCanReadInteropTicket()
+        {
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim("Test", "Value"));
+
+            var expires = DateTime.Today;
+            var issued = new DateTime(1979, 11, 11);
+            var properties = new Owin.Security.AuthenticationProperties();
+            properties.IsPersistent = true;
+            properties.RedirectUri = "/redirect";
+            properties.Dictionary["key"] = "value";
+            properties.ExpiresUtc = expires;
+            properties.IssuedUtc = issued;
+
+            var interopTicket = new Owin.Security.AuthenticationTicket(identity, properties);
+            var interopSerializer = new AspNetTicketSerializer();
+
+            var bytes = interopSerializer.Serialize(interopTicket);
+
+            var newSerializer = new TicketSerializer();
+            var newTicket = newSerializer.Deserialize(bytes);
+
+            Assert.NotNull(newTicket);
+            Assert.Equal(1, newTicket.Principal.Identities.Count());
+            var newIdentity = newTicket.Principal.Identity as ClaimsIdentity;
+            Assert.NotNull(newIdentity);
+            Assert.Equal("scheme", newIdentity.AuthenticationType);
+            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
+            Assert.NotNull(newTicket.Properties);
+            Assert.True(newTicket.Properties.IsPersistent);
+            Assert.Equal("/redirect", newTicket.Properties.RedirectUri);
+            Assert.Equal("value", newTicket.Properties.Items["key"]);
+            Assert.Equal(expires, newTicket.Properties.ExpiresUtc);
+            Assert.Equal(issued, newTicket.Properties.IssuedUtc);
+        }
+
+        [Fact]
+        public void InteropSerializerCanReadNewTicket()
+        {
+            var user = new ClaimsPrincipal();
+            var identity = new ClaimsIdentity("scheme");
+            identity.AddClaim(new Claim("Test", "Value"));
+            user.AddIdentity(identity);
+
+            var expires = DateTime.Today;
+            var issued = new DateTime(1979, 11, 11);
+            var properties = new AspNetCore.Authentication.AuthenticationProperties();
+            properties.IsPersistent = true;
+            properties.RedirectUri = "/redirect";
+            properties.Items["key"] = "value";
+            properties.ExpiresUtc = expires;
+            properties.IssuedUtc = issued;
+
+            var newTicket = new AspNetCore.Authentication.AuthenticationTicket(user, properties, "scheme");
+            var newSerializer = new TicketSerializer();
+
+            var bytes = newSerializer.Serialize(newTicket);
+
+            var interopSerializer = new AspNetTicketSerializer();
+            var interopTicket = interopSerializer.Deserialize(bytes);
+
+            Assert.NotNull(interopTicket);
+            var newIdentity = interopTicket.Identity;
+            Assert.NotNull(newIdentity);
+            Assert.Equal("scheme", newIdentity.AuthenticationType);
+            Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value"));
+            Assert.NotNull(interopTicket.Properties);
+            Assert.True(interopTicket.Properties.IsPersistent);
+            Assert.Equal("/redirect", interopTicket.Properties.RedirectUri);
+            Assert.Equal("value", interopTicket.Properties.Dictionary["key"]);
+            Assert.Equal(expires, interopTicket.Properties.ExpiresUtc);
+            Assert.Equal(issued, interopTicket.Properties.IssuedUtc);
+        }
+    }
+}
+
+

From e940cdb36bc7617af3d762ff9cc853a8fef55b0a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 25 May 2017 18:29:19 -0700
Subject: [PATCH 729/900] AuthZ 2.0 changes + react to Http

---
 Security.sln                                  |  57 ++++++
 .../CookieAuthenticationHandler.cs            |  21 +-
 .../FacebookConfigureOptions.cs               |   6 +-
 .../FacebookExtensions.cs                     |  16 +-
 .../GoogleConfigureOptions.cs                 |   6 +-
 .../GoogleExtensions.cs                       |  16 +-
 .../JwtBearerConfigureOptions.cs              |   6 +-
 .../JwtBearerExtensions.cs                    |  15 +-
 .../JwtBearerHandler.cs                       |   8 +-
 .../MicrosoftAccountConfigureOptions.cs       |   6 +-
 .../MicrosoftAccountExtensions.cs             |  20 +-
 .../OAuthHandler.cs                           |   8 +-
 .../OpenIdConnectConfigureOptions.cs          |   6 +-
 .../OpenIdConnectExtensions.cs                |  13 +-
 .../OpenIdConnectHandler.cs                   |  11 +-
 .../TwitterConfigureOptions.cs                |   6 +-
 .../TwitterExtensions.cs                      |  13 +-
 .../TwitterHandler.cs                         |   9 +-
 .../AuthenticationHandler.cs                  |  65 +++----
 .../Events/BaseAuthenticationContext.cs       |  41 ++++
 .../Events/BaseContext.cs                     |  49 +++++
 .../RemoteAuthenticationHandler.cs            |   8 +-
 .../IPolicyEvaluator.cs                       |  36 ++++
 ...oft.AspNetCore.Authorization.Policy.csproj |  27 +++
 .../PolicyAuthorizationResult.cs              |  35 ++++
 .../PolicyEvaluator.cs                        |  92 +++++++++
 .../PolicyServiceCollectionExtensions.cs      |  31 +++
 .../AuthorizationFailure.cs                   |  46 +++++
 .../AuthorizationPolicy.cs                    |   2 +-
 .../AuthorizationResult.cs                    |  37 ++++
 ...uthorizationServiceCollectionExtensions.cs |   1 +
 .../AuthorizationServiceExtensions.cs         |   8 +-
 .../AuthorizeAttribute.cs                     |  24 ++-
 .../DefaultAuthorizationEvaluator.cs          |  24 +--
 .../DefaultAuthorizationHandlerProvider.cs    |  35 ++++
 .../DefaultAuthorizationService.cs            |  28 +--
 .../IAuthorizationEvaluator.cs                |  13 +-
 .../IAuthorizationHandlerProvider.cs          |  21 ++
 .../IAuthorizationService.cs                  |   4 +-
 .../IAuthorizeData.cs                         |   2 +-
 .../AuthenticationMiddlewareTests.cs          |  35 +++-
 .../CookieTests.cs                            |  40 +---
 .../FacebookTests.cs                          |  28 +--
 .../GoogleTests.cs                            |  64 ++-----
 .../JwtBearerTests.cs                         |  62 +++---
 .../MicrosoftAccountTests.cs                  |  28 +--
 .../OpenIdConnect/OpenIdConnectTests.cs       |  14 +-
 .../TicketSerializerTests.cs                  |   2 +-
 .../TwitterTests.cs                           |  22 ++-
 .../AuthorizationPolicyFacts.cs               |  12 +-
 .../DefaultAuthorizationServiceTests.cs       | 134 +++++++------
 ...osoft.AspNetCore.Authorization.Test.csproj |   2 +
 .../PolicyEvaluatorTests.cs                   | 179 ++++++++++++++++++
 53 files changed, 1029 insertions(+), 465 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
 create mode 100644 src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
 create mode 100644 test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs

diff --git a/Security.sln b/Security.sln
index b9e6ac5672..61ea7b0c31 100644
--- a/Security.sln
+++ b/Security.sln
@@ -62,6 +62,12 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		build\repo.props = build\repo.props
 	EndProjectSection
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authorization.Policy", "src\Microsoft.AspNetCore.Authorization.Policy\Microsoft.AspNetCore.Authorization.Policy.csproj", "{58194599-F07D-47A3-9DF2-E21A22C5EF9E}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Abstractions", "..\HttpAbstractions\src\Microsoft.AspNetCore.Authentication.Abstractions\Microsoft.AspNetCore.Authentication.Abstractions.csproj", "{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Core", "..\HttpAbstractions\src\Microsoft.AspNetCore.Authentication.Core\Microsoft.AspNetCore.Authentication.Core.csproj", "{85545633-7E70-47EA-8CD2-30654C80112C}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -436,6 +442,54 @@ Global
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x64.Build.0 = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.ActiveCfg = Release|Any CPU
 		{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.Build.0 = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|x64.Build.0 = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Debug|x86.Build.0 = Debug|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x64.ActiveCfg = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x64.Build.0 = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x86.ActiveCfg = Release|Any CPU
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x86.Build.0 = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x64.Build.0 = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x86.Build.0 = Debug|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x64.ActiveCfg = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x64.Build.0 = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x86.ActiveCfg = Release|Any CPU
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x86.Build.0 = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x64.Build.0 = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x86.Build.0 = Debug|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x64.ActiveCfg = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x64.Build.0 = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x86.ActiveCfg = Release|Any CPU
+		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -464,5 +518,8 @@ Global
 		{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+		{58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{85545633-7E70-47EA-8CD2-30654C80112C} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 13a20e55b9..bb2c10fee5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -247,7 +247,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
         }
 
-        protected override async Task HandleSignInAsync(SignInContext signin)
+        protected override async Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
             _signInCalled = true;
 
@@ -259,8 +259,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 Context,
                 Scheme,
                 Options,
-                signin.Principal,
-                signin.Properties,
+                user,
+                properties,
                 cookieOptions);
 
             DateTimeOffset issuedUtc;
@@ -325,7 +325,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             await ApplyHeaders(shouldRedirect, signedInContext.Properties);
         }
 
-        protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
+        protected override async Task HandleSignOutAsync(AuthenticationProperties properties)
         {
             _signOutCalled = true;
 
@@ -341,7 +341,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 Context,
                 Scheme,
                 Options,
-                signOutContext.Properties,
+                properties,
                 cookieOptions);
 
             await Events.SigningOut(context);
@@ -401,9 +401,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             return path[0] == '/' && path[1] != '/' && path[1] != '\\';
         }
 
-        protected override async Task HandleForbiddenAsync(ChallengeContext context)
+        protected override async Task HandleForbiddenAsync(AuthenticationProperties properties)
         {
-            var properties = context.Properties;
             var returnUrl = properties.RedirectUri;
             if (string.IsNullOrEmpty(returnUrl))
             {
@@ -414,14 +413,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             await Events.RedirectToAccessDenied(redirectContext);
         }
 
-        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            var properties = context.Properties;
             var redirectUri = properties.RedirectUri;
             if (string.IsNullOrEmpty(redirectUri))
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
index 9305623dad..887789ebf1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
@@ -2,15 +2,15 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authentication.Facebook
 {
-    internal class FacebookConfigureOptions : ConfigureNamedOptions<FacebookOptions>
+    internal class FacebookConfigureOptions : ConfigureDefaultOptions<FacebookOptions>
     {
         public FacebookConfigureOptions(IConfiguration config) :
             base(FacebookDefaults.AuthenticationScheme,
-                options => config.GetSection(FacebookDefaults.AuthenticationScheme).Bind(options))
+                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+FacebookDefaults.AuthenticationScheme).Bind(options))
         { }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index 032be82356..1bb065414d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -3,29 +3,21 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Facebook;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class FacebookAuthenticationOptionsExtensions
     {
-        /// <summary>
-        /// Adds facebook authentication with options bound against the "Facebook" section 
-        /// from the IConfiguration in the service container.
-        /// </summary>
-        /// <param name="services"></param>
-        /// <returns></returns>
-        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services)
-        {
-            services.AddSingleton<IConfigureOptions<FacebookOptions>, FacebookConfigureOptions>();
-            return services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, _ => { });
-        }
+        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services) 
+            => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, _ => { });
 
         public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, Action<FacebookOptions> configureOptions) 
             => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, configureOptions);
 
         public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, string authenticationScheme, Action<FacebookOptions> configureOptions)
         {
+            services.AddSingleton<ConfigureDefaultOptions<FacebookOptions>, FacebookConfigureOptions>();
             return services.AddOAuthAuthentication<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
index e19c1fdb1d..1041f1eec5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
@@ -2,15 +2,15 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authentication.Google
 {
-    internal class GoogleConfigureOptions : ConfigureNamedOptions<GoogleOptions>
+    internal class GoogleConfigureOptions : ConfigureDefaultOptions<GoogleOptions>
     {
         public GoogleConfigureOptions(IConfiguration config) :
             base(GoogleDefaults.AuthenticationScheme,
-                options => config.GetSection(GoogleDefaults.AuthenticationScheme).Bind(options))
+                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+GoogleDefaults.AuthenticationScheme).Bind(options))
         { }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index d71e8b461c..c11b155d9c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -3,29 +3,21 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Google;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class GoogleExtensions
     {
-        /// <summary>
-        /// Adds google authentication with options bound against the "Google" section 
-        /// from the IConfiguration in the service container.
-        /// </summary>
-        /// <param name="services"></param>
-        /// <returns></returns>
-        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services)
-        {
-            services.AddSingleton<IConfigureOptions<GoogleOptions>, GoogleConfigureOptions>();
-            return services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, _ => { });
-        }
+        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services) 
+            => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, _ => { });
 
         public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, Action<GoogleOptions> configureOptions) 
             => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, configureOptions);
 
         public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, string authenticationScheme, Action<GoogleOptions> configureOptions)
         {
+            services.AddSingleton<ConfigureDefaultOptions<GoogleOptions>, GoogleConfigureOptions>();
             return services.AddOAuthAuthentication<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
index f3571a49c4..d26bf66711 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
@@ -2,16 +2,16 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    internal class JwtBearerConfigureOptions : ConfigureNamedOptions<JwtBearerOptions>
+    internal class JwtBearerConfigureOptions : ConfigureDefaultOptions<JwtBearerOptions>
     {
         // Bind to "Bearer" section by default
         public JwtBearerConfigureOptions(IConfiguration config) :
             base(JwtBearerDefaults.AuthenticationScheme,
-                options => config.GetSection(JwtBearerDefaults.AuthenticationScheme).Bind(options))
+                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+JwtBearerDefaults.AuthenticationScheme).Bind(options))
         { }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
index 4f6453bd96..0bd3a9400c 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -5,22 +5,14 @@ using System;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class JwtBearerExtensions
     {
-        /// <summary>
-        /// Adds JwtBearer authentication with options bound against the "Bearer" section 
-        /// from the IConfiguration in the service container.
-        /// </summary>
-        /// <param name="services"></param>
-        /// <returns></returns>
-        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services)
-        {
-            services.AddSingleton<IConfigureOptions<JwtBearerOptions>, JwtBearerConfigureOptions>();
-            return services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, _ => { });
-        }
+        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services) 
+            => services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, _ => { });
 
         public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, Action<JwtBearerOptions> configureOptions) 
             => services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, configureOptions);
@@ -28,6 +20,7 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
         {
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<JwtBearerOptions>, JwtBearerInitializer>());
+            services.AddSingleton<ConfigureDefaultOptions<JwtBearerOptions>, JwtBearerConfigureOptions>();
             return services.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index ec48e3e20b..0087d38d0f 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -201,10 +201,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
         }
 
-        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
         {
             var authResult = await HandleAuthenticateOnceSafeAsync();
-            var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, context.Properties)
+            var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, properties)
             {
                 AuthenticateFailure = authResult?.Failure
             };
@@ -330,12 +330,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             return string.Join("; ", messages);
         }
 
-        protected override Task HandleSignOutAsync(SignOutContext context)
+        protected override Task HandleSignOutAsync(AuthenticationProperties properties)
         {
             throw new NotSupportedException();
         }
 
-        protected override Task HandleSignInAsync(SignInContext context)
+        protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
             throw new NotSupportedException();
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
index 520c3758d5..b0be3de977 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
@@ -2,16 +2,16 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
-    internal class MicrosoftAccountConfigureOptions : ConfigureNamedOptions<MicrosoftAccountOptions>
+    internal class MicrosoftAccountConfigureOptions : ConfigureDefaultOptions<MicrosoftAccountOptions>
     {
         // Bind to "Microsoft" section by default
         public MicrosoftAccountConfigureOptions(IConfiguration config) :
             base(MicrosoftAccountDefaults.AuthenticationScheme,
-                options => config.GetSection(MicrosoftAccountDefaults.AuthenticationScheme).Bind(options))
+                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+MicrosoftAccountDefaults.AuthenticationScheme).Bind(options))
         { }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index 6ccb392344..1a7fee370f 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -3,29 +3,21 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class MicrosoftAccountExtensions
     {
-        /// <summary>
-        /// Adds MicrosoftAccount authentication with options bound against the "Microsoft" section 
-        /// from the IConfiguration in the service container.
-        /// </summary>
-        /// <param name="services"></param>
-        /// <returns></returns>
-        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services)
-        {
-            services.AddSingleton<IConfigureOptions<MicrosoftAccountOptions>, MicrosoftAccountConfigureOptions>();
-            return services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, o => { });
-        }
+        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services) 
+            => services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, _ => { });
 
-        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, Action<MicrosoftAccountOptions> configureOptions) =>
-            services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
+        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, Action<MicrosoftAccountOptions> configureOptions) 
+            => services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
 
         public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
         {
+            services.AddSingleton<ConfigureDefaultOptions<MicrosoftAccountOptions>, MicrosoftAccountConfigureOptions>();
             return services.AddOAuthAuthentication<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 63bcdbdf2b..bbe4f4038b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -191,14 +191,8 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             return context.Ticket;
         }
 
-        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            var properties = context.Properties;
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
index 9afae436dd..1a6450b7b2 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
@@ -2,16 +2,16 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
-    internal class OpenIdConnectConfigureOptions : ConfigureNamedOptions<OpenIdConnectOptions>
+    internal class OpenIdConnectConfigureOptions : ConfigureDefaultOptions<OpenIdConnectOptions>
     {
         // Bind to "OpenIdConnect" section by default
         public OpenIdConnectConfigureOptions(IConfiguration config) :
             base(OpenIdConnectDefaults.AuthenticationScheme,
-                options => config.GetSection(OpenIdConnectDefaults.AuthenticationScheme).Bind(options))
+                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+OpenIdConnectDefaults.AuthenticationScheme).Bind(options))
         { }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index c79dc7212d..b4ac4b9fb7 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -5,22 +5,14 @@ using System;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class OpenIdConnectExtensions
     {
-        /// <summary>
-        /// Adds OpenIdConnect authentication with options bound against the "OpenIdConnect" section 
-        /// from the IConfiguration in the service container.
-        /// </summary>
-        /// <param name="services"></param>
-        /// <returns></returns>
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services)
-        {
-            services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, OpenIdConnectConfigureOptions>();
-            return services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, _ => { });
-        }
+            => services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, _ => { });
 
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, Action<OpenIdConnectOptions> configureOptions) 
             => services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
@@ -28,6 +20,7 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
         {
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<OpenIdConnectOptions>, OpenIdConnectInitializer>());
+            services.AddSingleton<ConfigureDefaultOptions<OpenIdConnectOptions>, OpenIdConnectConfigureOptions>();
             return services.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 04359142a6..9c8f4ecc6f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -161,7 +161,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Redirect user to the identity provider for sign out
         /// </summary>
         /// <returns>A task executing the sign out procedure</returns>
-        protected override async Task HandleSignOutAsync(SignOutContext signout)
+        protected override async Task HandleSignOutAsync(AuthenticationProperties properties)
         {
             Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
 
@@ -180,7 +180,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             };
 
             // Get the post redirect URI.
-            var properties = signout.Properties;
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = BuildRedirectUriIfRelative(Options.PostLogoutRedirectUri);
@@ -292,19 +291,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Responds to a 401 Challenge. Sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
         /// </summary>
         /// <returns></returns>
-        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
             Logger.EnteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync(GetType().FullName);
 
             // order for local RedirectUri
             // 1. challenge.Properties.RedirectUri
             // 2. CurrentUri if RedirectUri is not set)
-            var properties = context.Properties;
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
index b10435f189..03d7ae8092 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
@@ -2,16 +2,16 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
-    internal class TwitterConfigureOptions : ConfigureNamedOptions<TwitterOptions>
+    internal class TwitterConfigureOptions : ConfigureDefaultOptions<TwitterOptions>
     {
         // Bind to "Twitter" section by default
         public TwitterConfigureOptions(IConfiguration config) :
             base(TwitterDefaults.AuthenticationScheme,
-                options => config.GetSection(TwitterDefaults.AuthenticationScheme).Bind(options))
+                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+TwitterDefaults.AuthenticationScheme).Bind(options))
         { }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index 3bcc80c3d7..11586f9844 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -5,22 +5,14 @@ using System;
 using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class TwitterExtensions
     {
-        /// <summary>
-        /// Adds Twitter authentication with options bound against the "Twitter" section 
-        /// from the IConfiguration in the service container.
-        /// </summary>
-        /// <param name="services"></param>
-        /// <returns></returns>
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services)
-        {
-            services.AddSingleton<IConfigureOptions<TwitterOptions>, TwitterConfigureOptions>();
-            return services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, _ => { });
-        }
+            => services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, _ => { });
 
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, Action<TwitterOptions> configureOptions)
             => services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, configureOptions);
@@ -28,6 +20,7 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action<TwitterOptions> configureOptions)
         {
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<TwitterOptions>, TwitterInitializer>());
+            services.AddSingleton<ConfigureDefaultOptions<TwitterOptions>, TwitterConfigureOptions>();
             return services.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index ff054d3c6f..63a18e83bc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -140,15 +140,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
         }
 
-        protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            var properties = context.Properties;
-
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
                 properties.RedirectUri = CurrentUri;
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index ba1c919fe5..b094709196 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
@@ -178,44 +179,41 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected abstract Task<AuthenticateResult> HandleAuthenticateAsync();
 
-        public async Task SignInAsync(SignInContext context)
+        public async Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
-            if (context == null)
+            if (user == null)
             {
-                throw new ArgumentNullException(nameof(context));
+                throw new ArgumentNullException(nameof(user));
             }
 
-            await HandleSignInAsync(context);
+            properties = properties ?? new AuthenticationProperties();
+            await HandleSignInAsync(user, properties);
             Logger.AuthenticationSchemeSignedIn(Scheme.Name);
         }
 
-        protected virtual Task HandleSignInAsync(SignInContext context)
+        protected virtual Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
             return TaskCache.CompletedTask;
         }
 
-        public async Task SignOutAsync(SignOutContext context)
+        public async Task SignOutAsync(AuthenticationProperties properties)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            await HandleSignOutAsync(context);
+            properties = properties ?? new AuthenticationProperties();
+            await HandleSignOutAsync(properties);
             Logger.AuthenticationSchemeSignedOut(Scheme.Name);
         }
 
-        protected virtual Task HandleSignOutAsync(SignOutContext context)
+        protected virtual Task HandleSignOutAsync(AuthenticationProperties properties)
         {
             return TaskCache.CompletedTask;
         }
 
         /// <summary>
-        /// Override this method to deal with a challenge that is forbidden.
+        /// Override this method to handle Forbid.
         /// </summary>
-        /// <param name="context"></param>
+        /// <param name="properties"></param>
         /// <returns>A Task.</returns>
-        protected virtual Task HandleForbiddenAsync(ChallengeContext context)
+        protected virtual Task HandleForbiddenAsync(AuthenticationProperties properties)
         {
             Response.StatusCode = 403;
             return TaskCache.CompletedTask;
@@ -226,35 +224,26 @@ namespace Microsoft.AspNetCore.Authentication
         /// deals an authentication interaction as part of it's request flow. (like adding a response header, or
         /// changing the 401 result to 302 of a login page or external sign-in location.)
         /// </summary>
-        /// <param name="context"></param>
+        /// <param name="properties"></param>
         /// <returns>A Task.</returns>
-        protected virtual Task HandleUnauthorizedAsync(ChallengeContext context)
+        protected virtual Task HandleChallengeAsync(AuthenticationProperties properties)
         {
             Response.StatusCode = 401;
             return TaskCache.CompletedTask;
         }
 
-        public async Task ChallengeAsync(ChallengeContext context)
+        public async Task ChallengeAsync(AuthenticationProperties properties)
         {
-            switch (context.Behavior)
-            {
-                case ChallengeBehavior.Automatic:
-                    // If there is a principal already, invoke the forbidden code path
-                    var result = await HandleAuthenticateOnceSafeAsync();
-                    if (result?.Principal != null)
-                    {
-                        goto case ChallengeBehavior.Forbidden;
-                    }
-                    goto case ChallengeBehavior.Unauthorized;
-                case ChallengeBehavior.Unauthorized:
-                    await HandleUnauthorizedAsync(context);
-                    Logger.AuthenticationSchemeChallenged(Scheme.Name);
-                    break;
-                case ChallengeBehavior.Forbidden:
-                    await HandleForbiddenAsync(context);
-                    Logger.AuthenticationSchemeForbidden(Scheme.Name);
-                    break;
-            }
+            properties = properties ?? new AuthenticationProperties();
+            await HandleChallengeAsync(properties);
+            Logger.AuthenticationSchemeChallenged(Scheme.Name);
+        }
+
+        public async Task ForbidAsync(AuthenticationProperties properties)
+        {
+            properties = properties ?? new AuthenticationProperties();
+            await HandleForbiddenAsync(properties);
+            Logger.AuthenticationSchemeForbidden(Scheme.Name);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs
new file mode 100644
index 0000000000..cfe5809c5a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs
@@ -0,0 +1,41 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Base context for authentication.
+    /// </summary>
+    public abstract class BaseAuthenticationContext : BaseContext
+    {
+        /// <summary>
+        /// Constructor.
+        /// </summary>
+        /// <param name="context">The context.</param>
+        /// <param name="authenticationScheme">The name of the scheme.</param>
+        /// <param name="properties">The properties.</param>
+        protected BaseAuthenticationContext(HttpContext context, string authenticationScheme, AuthenticationProperties properties) : base(context)
+        {
+            if (string.IsNullOrEmpty(authenticationScheme))
+            {
+                throw new ArgumentException(nameof(authenticationScheme));
+            }
+
+            AuthenticationScheme = authenticationScheme;
+            Properties = properties ?? new AuthenticationProperties();
+        }
+
+        /// <summary>
+        /// The name of the scheme.
+        /// </summary>
+        public string AuthenticationScheme { get; }
+
+        /// <summary>
+        /// Contains the extra meta-data arriving with the authentication. May be altered.
+        /// </summary>
+        public AuthenticationProperties Properties { get; protected set; }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
new file mode 100644
index 0000000000..3d65f0dd75
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
@@ -0,0 +1,49 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Base class used by other context classes.
+    /// </summary>
+    public abstract class BaseContext
+    {
+        /// <summary>
+        /// Constructor.
+        /// </summary>
+        /// <param name="context">The request context.</param>
+        protected BaseContext(HttpContext context)
+        {
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            HttpContext = context;
+        }
+
+        /// <summary>
+        /// The context.
+        /// </summary>
+        public HttpContext HttpContext { get; }
+
+        /// <summary>
+        /// The request.
+        /// </summary>
+        public HttpRequest Request
+        {
+            get { return HttpContext.Request; }
+        }
+
+        /// <summary>
+        /// The response.
+        /// </summary>
+        public HttpResponse Response
+        {
+            get { return HttpContext.Response; }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index a7de95dfed..9394b75532 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
@@ -173,18 +174,17 @@ namespace Microsoft.AspNetCore.Authentication
             return AuthenticateResult.Fail("Remote authentication does not directly support AuthenticateAsync");
         }
 
-        protected override Task HandleSignOutAsync(SignOutContext context)
+        protected override Task HandleSignOutAsync(AuthenticationProperties properties)
         {
             throw new NotSupportedException();
         }
 
-        protected override Task HandleSignInAsync(SignInContext context)
+        protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
             throw new NotSupportedException();
         }
 
-        // REVIEW: This behaviour needs a test (forwarding of forbidden to sign in scheme)
-        protected override Task HandleForbiddenAsync(ChallengeContext context)
+        protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
         {
             return Context.ForbidAsync(SignInScheme);
         }
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs b/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
new file mode 100644
index 0000000000..1717a0ae0a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
@@ -0,0 +1,36 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authorization.Policy
+{
+    /// <summary>
+    /// Base class for authorization handlers that need to be called for a specific requirement type.
+    /// </summary>
+    public interface IPolicyEvaluator
+    {
+        /// <summary>
+        /// Does authentication for <see cref="AuthorizationPolicy.AuthenticationSchemes"/> and sets the resulting
+        /// <see cref="ClaimsPrincipal"/> to <see cref="HttpContext.User"/>.  If no schemes are set, this is a no-op.
+        /// </summary>
+        /// <param name="policy">The <see cref="AuthorizationPolicy"/>.</param>
+        /// <param name="context">The <see cref="HttpContext"/>.</param>
+        /// <returns><see cref="AuthenticateResult.Success"/> unless all schemes specified by <see cref="AuthorizationPolicy.AuthenticationSchemes"/> fail to authenticate.  </returns>
+        Task<AuthenticateResult> AuthenticateAsync(AuthorizationPolicy policy, HttpContext context);
+
+        /// <summary>
+        /// Attempts authorization for a policy using <see cref="IAuthorizationService"/>.
+        /// </summary>
+        /// <param name="policy">The <see cref="AuthorizationPolicy"/>.</param>
+        /// <param name="authenticationResult">The result of a call to <see cref="AuthenticateAsync(AuthorizationPolicy, HttpContext)"/>.</param>
+        /// <param name="context">The <see cref="HttpContext"/>.</param>
+        /// <returns>Returns <see cref="PolicyAuthorizationResult.Success"/> if authorization succeeds.
+        /// Otherwise returns <see cref="PolicyAuthorizationResult.Forbid"/> if <see cref="AuthenticateResult.Succeeded"/>, otherwise
+        /// returns  <see cref="PolicyAuthorizationResult.Challenge"/></returns>
+        Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
new file mode 100644
index 0000000000..5123b70699
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -0,0 +1,27 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <Import Project="..\..\build\common.props" />
+
+  <PropertyGroup>
+    <Description>ASP.NET Core authorization policy helper classes.</Description>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authorization</PackageTags>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
+    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
new file mode 100644
index 0000000000..d7d481dcd6
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
@@ -0,0 +1,35 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authorization.Policy
+{
+    public class PolicyAuthorizationResult
+    {
+        private PolicyAuthorizationResult() { }
+
+        /// <summary>
+        /// If true, means the callee should challenge and try again.
+        /// </summary>
+        public bool Challenged { get; private set; }
+
+        /// <summary>
+        /// Authorization was forbidden.
+        /// </summary>
+        public bool Forbidden { get; private set; }
+
+        /// <summary>
+        /// Authorization was successful.
+        /// </summary>
+        public bool Succeeded { get; private set; }
+
+        public static PolicyAuthorizationResult Challenge()
+            => new PolicyAuthorizationResult { Challenged = true };
+
+        public static PolicyAuthorizationResult Forbid()
+            => new PolicyAuthorizationResult { Forbidden = true };
+
+        public static PolicyAuthorizationResult Success()
+            => new PolicyAuthorizationResult { Succeeded = true };
+
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
new file mode 100644
index 0000000000..60f291f671
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
@@ -0,0 +1,92 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Internal;
+
+namespace Microsoft.AspNetCore.Authorization.Policy
+{
+    public class PolicyEvaluator : IPolicyEvaluator
+    {
+        private readonly IAuthorizationService _authorization;
+
+        /// <summary>
+        /// Constructor
+        /// </summary>
+        /// <param name="authorization">The authorization service.</param>
+        public PolicyEvaluator(IAuthorizationService authorization)
+        {
+            _authorization = authorization;
+        }
+
+        /// <summary>
+        /// Does authentication for <see cref="AuthorizationPolicy.AuthenticationSchemes"/> and sets the resulting
+        /// <see cref="ClaimsPrincipal"/> to <see cref="HttpContext.User"/>.  If no schemes are set, this is a no-op.
+        /// </summary>
+        /// <param name="policy">The <see cref="AuthorizationPolicy"/>.</param>
+        /// <param name="context">The <see cref="HttpContext"/>.</param>
+        /// <returns><see cref="AuthenticateResult.Success"/> unless all schemes specified by <see cref="AuthorizationPolicy.AuthenticationSchemes"/> failed to authenticate.  </returns>
+        public virtual async Task<AuthenticateResult> AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
+        {
+            if (policy.AuthenticationSchemes != null && policy.AuthenticationSchemes.Count > 0)
+            {
+                ClaimsPrincipal newPrincipal = null;
+                foreach (var scheme in policy.AuthenticationSchemes)
+                {
+                    var result = await context.AuthenticateAsync(scheme);
+                    if (result != null && result.Succeeded)
+                    {
+                        newPrincipal = SecurityHelper.MergeUserPrincipal(newPrincipal, result.Principal);
+                    }
+                }
+
+                if (newPrincipal != null)
+                {
+                    context.User = newPrincipal;
+                    return AuthenticateResult.Success(new AuthenticationTicket(newPrincipal, string.Join(";", policy.AuthenticationSchemes)));
+                }
+                else
+                {
+                    context.User = new ClaimsPrincipal(new ClaimsIdentity());
+                    return AuthenticateResult.None();
+                }
+            }
+
+            return (context.User?.Identity?.IsAuthenticated ?? false) 
+                ? AuthenticateResult.Success(new AuthenticationTicket(context.User, "context.User"))
+                : AuthenticateResult.None();
+        }
+
+        /// <summary>
+        /// Attempts authorization for a policy using <see cref="IAuthorizationService"/>.
+        /// </summary>
+        /// <param name="policy">The <see cref="AuthorizationPolicy"/>.</param>
+        /// <param name="authenticationResult">The result of a call to <see cref="AuthenticateAsync(AuthorizationPolicy, HttpContext)"/>.</param>
+        /// <param name="context">The <see cref="HttpContext"/>.</param>
+        /// <returns>Returns <see cref="PolicyAuthorizationResult.Success"/> if authorization succeeds.
+        /// Otherwise returns <see cref="PolicyAuthorizationResult.Forbid"/> if <see cref="AuthenticateResult.Succeeded"/>, otherwise
+        /// returns  <see cref="PolicyAuthorizationResult.Challenge"/></returns>
+        public virtual async Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context)
+        {
+            if (policy == null)
+            {
+                throw new ArgumentNullException(nameof(policy));
+            }
+
+            var result = await _authorization.AuthorizeAsync(context.User, context, policy);
+            if (result.Succeeded)
+            {
+                return PolicyAuthorizationResult.Success();
+            }
+
+            // If authentication was successful, return forbidden, otherwise challenge
+            return (authenticationResult.Succeeded) 
+                ? PolicyAuthorizationResult.Forbid() 
+                : PolicyAuthorizationResult.Challenge();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
new file mode 100644
index 0000000000..9b72a5cab4
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
@@ -0,0 +1,31 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authorization.Policy;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extension methods for setting up authorization services in an <see cref="IServiceCollection" />.
+    /// </summary>
+    public static class PolicyServiceCollectionExtensions
+    {
+        /// <summary>
+        /// Adds authorization policy services to the specified <see cref="IServiceCollection" />. 
+        /// </summary>
+        /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
+        /// <returns>The <see cref="IServiceCollection"/> so that additional calls can be chained.</returns>
+        public static IServiceCollection AddAuthorizationPolicyEvaluator(this IServiceCollection services)
+        {
+            if (services == null)
+            {
+                throw new ArgumentNullException(nameof(services));
+            }
+            
+            services.TryAdd(ServiceDescriptor.Transient<IPolicyEvaluator, PolicyEvaluator>());
+            return services;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
new file mode 100644
index 0000000000..89956c9aa0
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
@@ -0,0 +1,46 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// Encapsulates a failure result of <see cref="IAuthorizationService.AuthorizeAsync(ClaimsPrincipal, object, IEnumerable{IAuthorizationRequirement})"/>.
+    /// </summary>
+    public class AuthorizationFailure
+    {
+        private AuthorizationFailure() { }
+
+        /// <summary>
+        /// Failure was due to <see cref="AuthorizationHandlerContext.Fail"/> being called.
+        /// </summary>
+        public bool FailCalled { get; private set; }
+
+        /// <summary>
+        /// Failure was due to these requirements not being met via <see cref="AuthorizationHandlerContext.Succeed(IAuthorizationRequirement)"/>.
+        /// </summary>
+        public IEnumerable<IAuthorizationRequirement> FailedRequirements { get; private set; }
+
+        /// <summary>
+        /// Return a failure due to <see cref="AuthorizationHandlerContext.Fail"/> being called.
+        /// </summary>
+        /// <returns>The failure.</returns>
+        public static AuthorizationFailure ExplicitFail()
+            => new AuthorizationFailure
+            {
+                FailCalled = true,
+                FailedRequirements = new IAuthorizationRequirement[0]
+            };
+
+        /// <summary>
+        /// Return a failure due to some requirements not being met via <see cref="AuthorizationHandlerContext.Succeed(IAuthorizationRequirement)"/>.
+        /// </summary>
+        /// <param name="failed">The requirements that were not met.</param>
+        /// <returns>The failure.</returns>
+        public static AuthorizationFailure Failed(IEnumerable<IAuthorizationRequirement> failed)
+            => new AuthorizationFailure { FailedRequirements = failed };
+
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
index 5cba0fd9e3..36e0ca7c38 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
@@ -143,7 +143,7 @@ namespace Microsoft.AspNetCore.Authorization
                     policyBuilder.RequireRole(trimmedRolesSplit);
                     useDefaultPolicy = false;
                 }
-                var authTypesSplit = authorizeDatum.ActiveAuthenticationSchemes?.Split(',');
+                var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(',');
                 if (authTypesSplit != null && authTypesSplit.Any())
                 {
                     foreach (var authType in authTypesSplit)
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
new file mode 100644
index 0000000000..46dca35fb5
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
@@ -0,0 +1,37 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// Encapsulates the result of <see cref="IAuthorizationService.AuthorizeAsync(ClaimsPrincipal, object, IEnumerable{IAuthorizationRequirement})"/>.
+    /// </summary>
+    public class AuthorizationResult
+    {
+        private AuthorizationResult() { }
+
+        /// <summary>
+        /// True if authorization was successful.
+        /// </summary>
+        public bool Succeeded { get; private set; }
+
+        /// <summary>
+        /// Contains information about why authorization failed.
+        /// </summary>
+        public AuthorizationFailure Failure { get; private set; }
+
+        /// <summary>
+        /// Returns a successful result.
+        /// </summary>
+        /// <returns>A successful result.</returns>
+        public static AuthorizationResult Success() => new AuthorizationResult { Succeeded = true };
+
+        public static AuthorizationResult Failed(AuthorizationFailure failure) => new AuthorizationResult { Failure = failure };
+
+        public static AuthorizationResult Failed() => new AuthorizationResult { Failure = AuthorizationFailure.ExplicitFail() };
+
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
index a9961b69ef..c089fba285 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
@@ -27,6 +27,7 @@ namespace Microsoft.Extensions.DependencyInjection
             
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationPolicyProvider, DefaultAuthorizationPolicyProvider>());
+            services.TryAdd(ServiceDescriptor.Transient<IAuthorizationHandlerProvider, DefaultAuthorizationHandlerProvider>());
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationEvaluator, DefaultAuthorizationEvaluator>());
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationHandlerContextFactory, DefaultAuthorizationHandlerContextFactory>());
             services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
index 3b78c952eb..c128152326 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
@@ -24,7 +24,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// A flag indicating whether requirement evaluation has succeeded or failed.
         /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
-        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, IAuthorizationRequirement requirement)
         {
             if (service == null)
             {
@@ -50,7 +50,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// A flag indicating whether policy evaluation has succeeded or failed.
         /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
-        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, AuthorizationPolicy policy)
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, object resource, AuthorizationPolicy policy)
         {
             if (service == null)
             {
@@ -75,7 +75,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// A flag indicating whether policy evaluation has succeeded or failed.
         /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
-        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, AuthorizationPolicy policy)
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, AuthorizationPolicy policy)
         {
             if (service == null)
             {
@@ -100,7 +100,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// A flag indicating whether policy evaluation has succeeded or failed.
         /// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
         /// </returns>
-        public static Task<bool> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, string policyName)
+        public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, string policyName)
         {
             if (service == null)
             {
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
index c911dc56bc..63bfa30d45 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
@@ -25,13 +25,29 @@ namespace Microsoft.AspNetCore.Authorization
             Policy = policy;
         }
 
-        /// <inheritdoc />
+        /// <summary>
+        /// Gets or sets the policy name that determines access to the resource.
+        /// </summary>
         public string Policy { get; set; }
 
-        /// <inheritdoc />
+        /// <summary>
+        /// Gets or sets a comma delimited list of roles that are allowed to access the resource.
+        /// </summary>
         public string Roles { get; set; }
 
-        /// <inheritdoc />
-        public string ActiveAuthenticationSchemes { get; set; }
+        /// <summary>
+        /// Gets or sets a comma delimited list of schemes from which user information is constructed.
+        /// </summary>
+        public string AuthenticationSchemes { get; set; }
+
+        /// <summary>
+        /// Gets or sets a comma delimited list of schemes from which user information is constructed.
+        /// </summary>
+        [Obsolete("Use AuthenticationSchemes instead.", error: false)]
+        public string ActiveAuthenticationSchemes
+        {
+            get => AuthenticationSchemes;
+            set => AuthenticationSchemes = value;
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
index 64cc695b88..4bbc283be0 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
@@ -9,23 +9,15 @@ namespace Microsoft.AspNetCore.Authorization
     public class DefaultAuthorizationEvaluator : IAuthorizationEvaluator
     {
         /// <summary>
-        /// Returns true, if authorization has failed.
+        /// Determines whether the authorization result was successful or not.
         /// </summary>
         /// <param name="context">The authorization information.</param>
-        /// <returns>True if authorization has failed.</returns>
-        public virtual bool HasFailed(AuthorizationHandlerContext context)
-        {
-            return context.HasFailed;
-        }
-
-        /// <summary>
-        /// Returns true, if authorization has succeeded.
-        /// </summary>
-        /// <param name="context">The authorization information.</param>
-        /// <returns>True if authorization has succeeded.</returns>
-        public virtual bool HasSucceeded(AuthorizationHandlerContext context)
-        {
-            return context.HasSucceeded;
-        }
+        /// <returns>The <see cref="AuthorizationResult"/>.</returns>
+        public AuthorizationResult Evaluate(AuthorizationHandlerContext context)
+            => context.HasSucceeded
+                ? AuthorizationResult.Success()
+                : AuthorizationResult.Failed(context.HasFailed
+                    ? AuthorizationFailure.ExplicitFail()
+                    : AuthorizationFailure.Failed(context.PendingRequirements));
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
new file mode 100644
index 0000000000..d297d4cdc6
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
@@ -0,0 +1,35 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// The default implementation of a handler provider,
+    /// which provides the <see cref="IAuthorizationHandler"/>s for an authorization request.
+    /// </summary>
+    public class DefaultAuthorizationHandlerProvider : IAuthorizationHandlerProvider
+    {
+        private readonly IEnumerable<IAuthorizationHandler> _handlers;
+
+        /// <summary>
+        /// Creates a new instance of <see cref="DefaultAuthorizationHandlerProvider"/>.
+        /// </summary>
+        /// <param name="handlers">The <see cref="IAuthorizationHandler"/>s.</param>
+        public DefaultAuthorizationHandlerProvider(IEnumerable<IAuthorizationHandler> handlers)
+        {
+            if (handlers == null)
+            {
+                throw new ArgumentNullException(nameof(handlers));
+            }
+
+            _handlers = handlers;
+        }
+
+        public Task<IEnumerable<IAuthorizationHandler>> GetHandlersAsync(AuthorizationHandlerContext context)
+            => Task.FromResult(_handlers);
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 8980d51ac6..3380f64b14 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
 using System.Threading.Tasks;
@@ -19,19 +18,11 @@ namespace Microsoft.AspNetCore.Authorization
     {
         private readonly AuthorizationOptions _options;
         private readonly IAuthorizationHandlerContextFactory _contextFactory;
+        private readonly IAuthorizationHandlerProvider _handlers;
         private readonly IAuthorizationEvaluator _evaluator;
         private readonly IAuthorizationPolicyProvider _policyProvider;
-        private readonly IList<IAuthorizationHandler> _handlers;
         private readonly ILogger _logger;
 
-        /// <summary>
-        /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
-        /// </summary>
-        /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
-        /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
-        /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) : this(policyProvider, handlers, logger, new DefaultAuthorizationHandlerContextFactory(), new DefaultAuthorizationEvaluator(), Options.Create(new AuthorizationOptions())) { }
-
         /// <summary>
         /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
         /// </summary>
@@ -41,7 +32,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="contextFactory">The <see cref="IAuthorizationHandlerContextFactory"/> used to create the context to handle the authorization.</param>  
         /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param>  
         /// <param name="options">The <see cref="AuthorizationOptions"/> used.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator, IOptions<AuthorizationOptions> options)
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IAuthorizationHandlerProvider handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator, IOptions<AuthorizationOptions> options)
         {
             if (options == null)
             {
@@ -69,7 +60,7 @@ namespace Microsoft.AspNetCore.Authorization
             }
 
             _options = options.Value;
-            _handlers = handlers.ToArray();
+            _handlers = handlers;
             _policyProvider = policyProvider;
             _logger = logger;
             _evaluator = evaluator;
@@ -86,7 +77,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// A flag indicating whether authorization has succeded.
         /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
         /// </returns>
-        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
+        public async Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
         {
             if (requirements == null)
             {
@@ -94,7 +85,8 @@ namespace Microsoft.AspNetCore.Authorization
             }
 
             var authContext = _contextFactory.CreateContext(requirements, user, resource);
-            foreach (var handler in _handlers)
+            var handlers = await _handlers.GetHandlersAsync(authContext);
+            foreach (var handler in handlers)
             {
                 await handler.HandleAsync(authContext);
                 if (!_options.InvokeHandlersAfterFailure && authContext.HasFailed)
@@ -103,16 +95,16 @@ namespace Microsoft.AspNetCore.Authorization
                 }
             }
 
-            if (_evaluator.HasSucceeded(authContext))
+            var result = _evaluator.Evaluate(authContext);
+            if (result.Succeeded)
             {
                 _logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
-                return true;
             }
             else
             {
                 _logger.UserAuthorizationFailed(GetUserNameForLogging(user));
-                return false;
             }
+            return result;
         }
 
         private string GetUserNameForLogging(ClaimsPrincipal user)
@@ -147,7 +139,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// A flag indicating whether authorization has succeded.
         /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
         /// </returns>
-        public async Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
+        public async Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
         {
             if (policyName == null)
             {
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
index 7b2c5d1bc5..baa6f828cd 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
@@ -9,17 +9,10 @@ namespace Microsoft.AspNetCore.Authorization
     public interface IAuthorizationEvaluator
     {
         /// <summary>
-        /// Returns true, if authorization has failed.
+        /// Determines whether the authorization result was successful or not.
         /// </summary>
         /// <param name="context">The authorization information.</param>
-        /// <returns>True if authorization has failed.</returns>
-        bool HasFailed(AuthorizationHandlerContext context);
-
-        /// <summary>
-        /// Returns true, if authorization has succeeded.
-        /// </summary>
-        /// <param name="context">The authorization information.</param>
-        /// <returns>True if authorization has succeeded.</returns>
-        bool HasSucceeded(AuthorizationHandlerContext context);
+        /// <returns>The <see cref="AuthorizationResult"/>.</returns>
+        AuthorizationResult Evaluate(AuthorizationHandlerContext context);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
new file mode 100644
index 0000000000..7f0d9f5d31
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// A type which can provide the <see cref="IAuthorizationHandler"/>s for an authorization request.
+    /// </summary>
+    public interface IAuthorizationHandlerProvider
+    {
+        /// <summary>
+        /// Return the handlers that will be called for the authorization request.
+        /// </summary>
+        /// <param name="context">The <see cref="AuthorizationHandlerContext"/>.</param>
+        /// <returns>The list of handlers.</returns>
+        Task<IEnumerable<IAuthorizationHandler>> GetHandlersAsync(AuthorizationHandlerContext context);
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
index a130c84b0d..32af746072 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
@@ -29,7 +29,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// Resource is an optional parameter and may be null. Please ensure that you check it is not 
         /// null before acting upon it.
         /// </remarks>
-        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements);
+        Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements);
 
         /// <summary>
         /// Checks if a user meets a specific authorization policy
@@ -49,6 +49,6 @@ namespace Microsoft.AspNetCore.Authorization
         /// Resource is an optional parameter and may be null. Please ensure that you check it is not 
         /// null before acting upon it.
         /// </remarks>
-        Task<bool> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName);
+        Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
index b48449b5cb..1196db82d4 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
@@ -21,6 +21,6 @@ namespace Microsoft.AspNetCore.Authorization
         /// <summary>
         /// Gets or sets a comma delimited list of schemes from which user information is constructed.
         /// </summary>
-        string ActiveAuthenticationSchemes { get; set; }
+        string AuthenticationSchemes { get; set; }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
index c4720eb30c..b09f13cab9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
@@ -1,7 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using System.Net;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -77,7 +77,12 @@ namespace Microsoft.AspNetCore.Authentication
                 throw new NotImplementedException();
             }
 
-            public Task ChallengeAsync(ChallengeContext context)
+            public Task ChallengeAsync(AuthenticationProperties properties)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ForbidAsync(AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
@@ -94,12 +99,12 @@ namespace Microsoft.AspNetCore.Authentication
                 return Task.FromResult(0);
             }
 
-            public Task SignInAsync(SignInContext context)
+            public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
 
-            public Task SignOutAsync(SignOutContext context)
+            public Task SignOutAsync(AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
@@ -114,7 +119,12 @@ namespace Microsoft.AspNetCore.Authentication
                 throw new NotImplementedException();
             }
 
-            public Task ChallengeAsync(ChallengeContext context)
+            public Task ChallengeAsync(AuthenticationProperties properties)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ForbidAsync(AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
@@ -130,12 +140,12 @@ namespace Microsoft.AspNetCore.Authentication
                 return Task.FromResult(0);
             }
 
-            public Task SignInAsync(SignInContext context)
+            public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
 
-            public Task SignOutAsync(SignOutContext context)
+            public Task SignOutAsync(AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
@@ -150,7 +160,12 @@ namespace Microsoft.AspNetCore.Authentication
                 throw new NotImplementedException();
             }
 
-            public Task ChallengeAsync(ChallengeContext context)
+            public Task ChallengeAsync(AuthenticationProperties properties)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ForbidAsync(AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
@@ -166,12 +181,12 @@ namespace Microsoft.AspNetCore.Authentication
                 return Task.FromResult(0);
             }
 
-            public Task SignInAsync(SignInContext context)
+            public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
 
-            public Task SignOutAsync(SignOutContext context)
+            public Task SignOutAsync(AuthenticationProperties properties)
             {
                 throw new NotImplementedException();
             }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index e38dc15870..677120e4be 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -702,22 +702,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.True(transaction1.SetCookie.Contains("path=/base"));
         }
 
-        [Fact]
-        public async Task CookieTurnsChallengeIntoForbidWithCookie()
-        {
-            var server = CreateServer(o => { }, SignInAsAlice);
-
-            var transaction1 = await SendAsync(server, "http://example.com/testpath");
-
-            var url = "http://example.com/challenge";
-            var transaction2 = await SendAsync(server, url, transaction1.CookieNameValue);
-
-            Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
-            var location = transaction2.Response.Headers.Location;
-            Assert.Equal("/Account/AccessDenied", location.LocalPath);
-            Assert.Equal("?ReturnUrl=%2Fchallenge", location.Query);
-        }
-
         [Fact]
         public async Task CookieChallengeRedirectsToLoginWithoutCookie()
         {
@@ -744,25 +728,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("/Account/AccessDenied", location.LocalPath);
         }
 
-        [Fact]
-        public async Task CookieTurns401ToAccessDeniedWhenSetWithCookie()
-        {
-            var server = CreateServer(o =>
-            {
-                o.AccessDeniedPath = new PathString("/accessdenied");
-            },
-            SignInAsAlice);
-
-            var transaction1 = await SendAsync(server, "http://example.com/testpath");
-
-            var transaction2 = await SendAsync(server, "http://example.com/challenge", transaction1.CookieNameValue);
-
-            Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
-
-            var location = transaction2.Response.Headers.Location;
-            Assert.Equal("/accessdenied", location.LocalPath);
-        }
-
         [Fact]
         public async Task CookieChallengeRedirectsWithLoginPath()
         {
@@ -799,7 +764,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         public async Task MapWillAffectChallengeOnlyWithUseAuth(bool useAuth)
         {
             var builder = new WebHostBuilder()
-                .Configure(app => {
+                .Configure(app =>
+                {
                     if (useAuth)
                     {
                         app.UseAuthentication();
@@ -1296,7 +1262,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         }
                         else if (req.Path == new PathString("/unauthorized"))
                         {
-                            await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
+                            await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties());
                         }
                         else if (req.Path == new PathString("/protected/CustomRedirect"))
                         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 060eb649fc..657c957bfb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -20,6 +20,7 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -44,23 +45,26 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var dic = new Dictionary<string, string>
             {
-                {"Facebook:AppId", "<id>"},
-                {"Facebook:AppSecret", "<secret>"},
-                {"Facebook:AuthorizationEndpoint", "<authEndpoint>"},
-                {"Facebook:BackchannelTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:AppId", "<id>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:AppSecret", "<secret>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:AuthorizationEndpoint", "<authEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:BackchannelTimeout", "0.0:0:30"},
                 //{"Facebook:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Facebook:ClaimsIssuer", "<issuer>"},
-                {"Facebook:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Facebook:SaveTokens", "true"},
-                {"Facebook:SendAppSecretProof", "true"},
-                {"Facebook:SignInScheme", "<signIn>"},
-                {"Facebook:TokenEndpoint", "<tokenEndpoint>"},
-                {"Facebook:UserInformationEndpoint", "<userEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:ClaimsIssuer", "<issuer>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:SaveTokens", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:SendAppSecretProof", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:SignInScheme", "<signIn>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:TokenEndpoint", "<tokenEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:UserInformationEndpoint", "<userEndpoint>"},
             };
             var configurationBuilder = new ConfigurationBuilder();
             configurationBuilder.AddInMemoryCollection(dic);
             var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddFacebookAuthentication().AddSingleton<IConfiguration>(config);
+            var services = new ServiceCollection()
+                .AddSingleton<IConfigureOptions<FacebookOptions>, ConfigureDefaults<FacebookOptions>>()
+                .AddFacebookAuthentication()
+                .AddSingleton<IConfiguration>(config);
             var sp = services.BuildServiceProvider();
 
             var options = sp.GetRequiredService<IOptionsSnapshot<FacebookOptions>>().Get(FacebookDefaults.AuthenticationScheme);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 2c86bc7781..b316e62751 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -19,6 +19,7 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -43,23 +44,26 @@ namespace Microsoft.AspNetCore.Authentication.Google
         {
             var dic = new Dictionary<string, string>
             {
-                {"Google:ClientId", "<id>"},
-                {"Google:ClientSecret", "<secret>"},
-                {"Google:AuthorizationEndpoint", "<authEndpoint>"},
-                {"Google:BackchannelTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:ClientId", "<id>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:ClientSecret", "<secret>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:AuthorizationEndpoint", "<authEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:BackchannelTimeout", "0.0:0:30"},
                 //{"Google:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Google:ClaimsIssuer", "<issuer>"},
-                {"Google:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Google:SaveTokens", "true"},
-                {"Google:SendAppSecretProof", "true"},
-                {"Google:SignInScheme", "<signIn>"},
-                {"Google:TokenEndpoint", "<tokenEndpoint>"},
-                {"Google:UserInformationEndpoint", "<userEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:ClaimsIssuer", "<issuer>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:SaveTokens", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:SendAppSecretProof", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:SignInScheme", "<signIn>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:TokenEndpoint", "<tokenEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Google:UserInformationEndpoint", "<userEndpoint>"},
             };
             var configurationBuilder = new ConfigurationBuilder();
             configurationBuilder.AddInMemoryCollection(dic);
             var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddGoogleAuthentication().AddSingleton<IConfiguration>(config);
+            var services = new ServiceCollection()
+                .AddSingleton<IConfigureOptions<GoogleOptions>, ConfigureDefaults<GoogleOptions>>()
+                .AddGoogleAuthentication()
+                .AddSingleton<IConfiguration>(config);
             var sp = services.BuildServiceProvider();
 
             var options = sp.GetRequiredService<IOptionsSnapshot<GoogleOptions>>().Get(GoogleDefaults.AuthenticationScheme);
@@ -883,42 +887,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal("yup", transaction.FindClaimValue("xform"));
         }
 
-        [Fact]
-        public async Task ChallengeGoogleWhenAlreadySignedInReturnsForbidden()
-        {
-            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
-            var server = CreateServer(o =>
-            {
-                o.ClientId = "Test Id";
-                o.ClientSecret = "Test Secret";
-                o.StateDataFormat = stateFormat;
-                o.SaveTokens = true;
-                o.BackchannelHttpHandler = CreateBackchannel();
-            });
-
-            // Skip the challenge step, go directly to the callback path
-
-            var properties = new AuthenticationProperties();
-            var correlationKey = ".xsrf";
-            var correlationValue = "TestCorrelationId";
-            properties.Items.Add(correlationKey, correlationValue);
-            properties.RedirectUri = "/me";
-            var state = stateFormat.Protect(properties);
-            var transaction = await server.SendAsync(
-                "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
-                $".AspNetCore.Correlation.Google.{correlationValue}=N");
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
-            Assert.Equal(2, transaction.SetCookie.Count);
-            Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete
-            Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
-
-            var authCookie = transaction.AuthenticationCookieValue;
-            transaction = await server.SendAsync("https://example.com/challenge", authCookie);
-            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.StartsWith("https://example.com/Account/AccessDenied?", transaction.Response.Headers.Location.OriginalString);
-        }
-
         [Fact]
         public async Task AuthenticateFacebookWhenAlreadySignedWithGoogleReturnsNull()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index 59f1e880c7..6746f5c3f1 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -19,6 +19,7 @@ using Microsoft.AspNetCore.Testing.xunit;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
@@ -43,21 +44,24 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         {
             var dic = new Dictionary<string, string>
             {
-                {"Bearer:Audience", "<audience>"},
-                {"Bearer:Authority", "<authority>"},
-                {"Bearer:BackchannelTimeout", "0.0:0:30"},
-                {"Bearer:Challenge", "<challenge>"},
-                {"Bearer:ClaimsIssuer", "<issuer>"},
-                {"Bearer:IncludeErrorDetails", "true"},
-                {"Bearer:MetadataAddress", "<metadata>"},
-                {"Bearer:RefreshOnIssuerKeyNotFound", "true"},
-                {"Bearer:RequireHttpsMetadata", "false"},
-                {"Bearer:SaveToken", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Audience", "<audience>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Authority", "<authority>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:BackchannelTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Challenge", "<challenge>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:ClaimsIssuer", "<issuer>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:IncludeErrorDetails", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:MetadataAddress", "<metadata>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:RefreshOnIssuerKeyNotFound", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:RequireHttpsMetadata", "false"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:SaveToken", "true"},
             };
             var configurationBuilder = new ConfigurationBuilder();
             configurationBuilder.AddInMemoryCollection(dic);
             var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddJwtBearerAuthentication().AddSingleton<IConfiguration>(config);
+            var services = new ServiceCollection()
+                .AddSingleton<IConfigureOptions<JwtBearerOptions>, ConfigureDefaults<JwtBearerOptions>>()
+                .AddJwtBearerAuthentication()
+                .AddSingleton<IConfiguration>(config);
             var sp = services.BuildServiceProvider();
 
             var options = sp.GetRequiredService<IOptionsSnapshot<JwtBearerOptions>>().Get(JwtBearerDefaults.AuthenticationScheme);
@@ -74,21 +78,26 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public void AddWithDelegateIgnoresConfig()
+        public void AddWithDelegateOverridesConfig()
         {
             var dic = new Dictionary<string, string>
             {
-                {"Bearer:Audience", "<audience>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Audience", "<audience>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Authority", "<authority>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:RequireHttpsMetadata", "false"}
             };
             var configurationBuilder = new ConfigurationBuilder();
             configurationBuilder.AddInMemoryCollection(dic);
             var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddJwtBearerAuthentication(o => o.IncludeErrorDetails = true).AddSingleton<IConfiguration>(config);
+            var services = new ServiceCollection()
+                .AddSingleton<IConfigureOptions<JwtBearerOptions>, ConfigureDefaults<JwtBearerOptions>>()
+                .AddJwtBearerAuthentication(o => o.Authority = "authority")
+                .AddSingleton<IConfiguration>(config);
             var sp = services.BuildServiceProvider();
 
             var options = sp.GetRequiredService<IOptionsSnapshot<JwtBearerOptions>>().Get(JwtBearerDefaults.AuthenticationScheme);
-            Assert.Null(options.Audience);
-            Assert.True(options.IncludeErrorDetails);
+            Assert.Equal("<audience>", options.Audience);
+            Assert.Equal("authority", options.Authority);
         }
 
         [ConditionalFact(Skip = "Need to remove dependency on AAD since the generated tokens will expire")]
@@ -440,27 +449,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal("Bob le Tout Puissant", response.ResponseText);
         }
 
-        [Fact]
-        public async Task BearerTurns401To403IfAuthenticated()
-        {
-            var server = CreateServer(options =>
-            {
-                options.SecurityTokenValidators.Clear();
-                options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
-            });
-
-            var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
-            Assert.Equal(HttpStatusCode.Forbidden, response.Response.StatusCode);
-        }
-
-        [Fact]
-        public async Task BearerDoesNothingTo401IfNotAuthenticated()
-        {
-            var server = CreateServer();
-            var response = await SendAsync(server, "http://example.com/unauthorized");
-            Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
-        }
-
         [Fact]
         public async Task EventOnMessageReceivedSkip_NoMoreEventsExecuted()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index 062215ff46..0d49052f5b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -20,6 +20,7 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -44,23 +45,26 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
         {
             var dic = new Dictionary<string, string>
             {
-                {"Microsoft:ClientId", "<id>"},
-                {"Microsoft:ClientSecret", "<secret>"},
-                {"Microsoft:AuthorizationEndpoint", "<authEndpoint>"},
-                {"Microsoft:BackchannelTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:ClientId", "<id>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:ClientSecret", "<secret>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:AuthorizationEndpoint", "<authEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:BackchannelTimeout", "0.0:0:30"},
                 //{"Microsoft:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Microsoft:ClaimsIssuer", "<issuer>"},
-                {"Microsoft:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Microsoft:SaveTokens", "true"},
-                {"Microsoft:SendAppSecretProof", "true"},
-                {"Microsoft:SignInScheme", "<signIn>"},
-                {"Microsoft:TokenEndpoint", "<tokenEndpoint>"},
-                {"Microsoft:UserInformationEndpoint", "<userEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:ClaimsIssuer", "<issuer>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:SaveTokens", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:SendAppSecretProof", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:SignInScheme", "<signIn>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:TokenEndpoint", "<tokenEndpoint>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:UserInformationEndpoint", "<userEndpoint>"},
             };
             var configurationBuilder = new ConfigurationBuilder();
             configurationBuilder.AddInMemoryCollection(dic);
             var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddMicrosoftAccountAuthentication().AddSingleton<IConfiguration>(config);
+            var services = new ServiceCollection()
+                .AddSingleton<IConfigureOptions<MicrosoftAccountOptions>, ConfigureDefaults<MicrosoftAccountOptions>>()
+                .AddMicrosoftAccountAuthentication()
+                .AddSingleton<IConfiguration>(config);
             var sp = services.BuildServiceProvider();
 
             var options = sp.GetRequiredService<IOptionsSnapshot<MicrosoftAccountOptions>>().Get(MicrosoftAccountDefaults.AuthenticationScheme);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index b2459cf819..9dc597b856 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -15,6 +15,7 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
@@ -34,15 +35,18 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         {
             var dic = new Dictionary<string, string>
             {
-                {"OpenIdConnect:ClientId", "<id>"},
-                {"OpenIdConnect:ClientSecret", "<secret>"},
-                {"OpenIdConnect:RequireHttpsMetadata", "false"},
-                {"OpenIdConnect:Authority", "<auth>"}
+                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:ClientId", "<id>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:ClientSecret", "<secret>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:RequireHttpsMetadata", "false"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:Authority", "<auth>"}
             };
             var configurationBuilder = new ConfigurationBuilder();
             configurationBuilder.AddInMemoryCollection(dic);
             var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddOpenIdConnectAuthentication().AddSingleton<IConfiguration>(config);
+            var services = new ServiceCollection()
+                .AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureDefaults<OpenIdConnectOptions>>()
+                .AddOpenIdConnectAuthentication()
+                .AddSingleton<IConfiguration>(config);
             var sp = services.BuildServiceProvider();
 
             var options = sp.GetRequiredService<IOptionsSnapshot<OpenIdConnectOptions>>().Get(OpenIdConnectDefaults.AuthenticationScheme);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
index 41429cd377..b37ae53d5b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
@@ -5,7 +5,7 @@ using System;
 using System.IO;
 using System.Linq;
 using System.Security.Claims;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Testing.xunit;
 using Xunit;
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 1acddc5afd..b8af66cdfb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -14,6 +14,7 @@ using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Options.Infrastructure;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -37,20 +38,23 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         {
             var dic = new Dictionary<string, string>
             {
-                {"Twitter:ConsumerKey", "<key>"},
-                {"Twitter:ConsumerSecret", "<secret>"},
-                {"Twitter:BackchannelTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:ConsumerKey", "<key>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:ConsumerSecret", "<secret>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:BackchannelTimeout", "0.0:0:30"},
                 //{"Twitter:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Twitter:ClaimsIssuer", "<issuer>"},
-                {"Twitter:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Twitter:SaveTokens", "true"},
-                {"Twitter:SendAppSecretProof", "true"},
-                {"Twitter:SignInScheme", "<signIn>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:ClaimsIssuer", "<issuer>"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:RemoteAuthenticationTimeout", "0.0:0:30"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:SaveTokens", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:SendAppSecretProof", "true"},
+                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:SignInScheme", "<signIn>"},
             };
             var configurationBuilder = new ConfigurationBuilder();
             configurationBuilder.AddInMemoryCollection(dic);
             var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddTwitterAuthentication().AddSingleton<IConfiguration>(config);
+            var services = new ServiceCollection()
+                .AddSingleton<IConfigureOptions<TwitterOptions>, ConfigureDefaults<TwitterOptions>>()
+                .AddTwitterAuthentication()
+                .AddSingleton<IConfiguration>(config);
             var sp = services.BuildServiceProvider();
 
             var options = sp.GetRequiredService<IOptionsSnapshot<TwitterOptions>>().Get(TwitterDefaults.AuthenticationScheme);
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
index 6825dd868b..714b26c7e1 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -25,9 +25,9 @@ namespace Microsoft.AspNetCore.Authroization.Test
             // Arrange
             var attributes = new AuthorizeAttribute[] {
                 new AuthorizeAttribute(),
-                new AuthorizeAttribute("1") { ActiveAuthenticationSchemes = "dupe" },
-                new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" },
-                new AuthorizeAttribute { Roles = "r1,r2", ActiveAuthenticationSchemes = "roles" },
+                new AuthorizeAttribute("1") { AuthenticationSchemes = "dupe" },
+                new AuthorizeAttribute("2") { AuthenticationSchemes = "dupe" },
+                new AuthorizeAttribute { Roles = "r1,r2", AuthenticationSchemes = "roles" },
             };
             var options = new AuthorizationOptions();
             options.AddPolicy("1", policy => policy.RequireClaim("1"));
@@ -54,7 +54,7 @@ namespace Microsoft.AspNetCore.Authroization.Test
             // Arrange
             var attributes = new AuthorizeAttribute[] {
                 new AuthorizeAttribute(),
-                new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" }
+                new AuthorizeAttribute("2") { AuthenticationSchemes = "dupe" }
             };
             var options = new AuthorizationOptions();
             options.DefaultPolicy = new AuthorizationPolicyBuilder("default").RequireClaim("default").Build();
@@ -100,7 +100,7 @@ namespace Microsoft.AspNetCore.Authroization.Test
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
-                new AuthorizeAttribute() { ActiveAuthenticationSchemes = "a1 , a2" }
+                new AuthorizeAttribute() { AuthenticationSchemes = "a1 , a2" }
             };
             var options = new AuthorizationOptions();
 
@@ -120,7 +120,7 @@ namespace Microsoft.AspNetCore.Authroization.Test
         {
             // Arrange
             var attributes = new AuthorizeAttribute[] {
-                new AuthorizeAttribute() { ActiveAuthenticationSchemes = "a1 , , ,,, a2" }
+                new AuthorizeAttribute() { AuthenticationSchemes = "a1 , , ,,, a2" }
             };
             var options = new AuthorizationOptions();
 
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
index 246eed9a50..ef17b94620 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
@@ -53,7 +53,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -76,7 +76,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -103,7 +103,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -126,7 +126,8 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(new ClaimsPrincipal(), "Custom");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
+            Assert.True(allowed.Failure.FailCalled);
             Assert.True(handler1.Invoked);
             Assert.True(handler2.Invoked);
         }
@@ -154,7 +155,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(new ClaimsPrincipal(), "Custom");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
             Assert.True(handler1.Invoked);
             Assert.Equal(invokeAllHandlers, handler2.Invoked);
         }
@@ -171,8 +172,6 @@ namespace Microsoft.AspNetCore.Authorization.Test
             }
         }
 
-
-
         [Fact]
         public async Task Authorize_ShouldFailWhenAllRequirementsNotHandled()
         {
@@ -196,7 +195,8 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
+            Assert.IsType<ClaimsAuthorizationRequirement>(allowed.Failure.FailedRequirements.First());
         }
 
         [Fact]
@@ -222,7 +222,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -248,7 +248,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -272,7 +272,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -291,7 +291,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(null, null, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -311,7 +311,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -337,7 +337,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -372,7 +372,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -393,7 +393,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -410,7 +410,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -427,7 +427,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, policy.Build());
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -443,7 +443,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -464,7 +464,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, policy.Build());
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -489,7 +489,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -527,7 +527,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -553,7 +553,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -575,7 +575,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -597,7 +597,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Hao");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -622,7 +622,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Any");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -642,7 +642,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Any");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         public class CustomRequirement : IAuthorizationRequirement { }
@@ -675,7 +675,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Custom");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -696,7 +696,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Custom");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         public class PassThroughRequirement : AuthorizationHandler<PassThroughRequirement>, IAuthorizationRequirement
@@ -736,7 +736,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Passthrough");
 
             // Assert
-            Assert.Equal(shouldSucceed, allowed);
+            Assert.Equal(shouldSucceed, allowed.Succeeded);
         }
 
         [Fact]
@@ -764,7 +764,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Combined");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -791,7 +791,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Combined");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         [Fact]
@@ -818,7 +818,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, null, "Combined");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         public class ExpenseReport { }
@@ -880,9 +880,9 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             // Act
             // Assert
-            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Edit));
-            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Delete));
-            Assert.True(await authorizationService.AuthorizeAsync(user, null, Operations.Create));
+            Assert.True((await authorizationService.AuthorizeAsync(user, null, Operations.Edit)).Succeeded);
+            Assert.True((await authorizationService.AuthorizeAsync(user, null, Operations.Delete)).Succeeded);
+            Assert.True((await authorizationService.AuthorizeAsync(user, null, Operations.Create)).Succeeded);
         }
 
         public class NotCalledHandler : AuthorizationHandler<OperationAuthorizationRequirement, string>
@@ -922,8 +922,8 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             // Act
             // Assert
-            Assert.False(await authorizationService.AuthorizeAsync(user, 1, Operations.Edit));
-            Assert.True(await authorizationService.AuthorizeAsync(user, 2, Operations.Edit));
+            Assert.False((await authorizationService.AuthorizeAsync(user, 1, Operations.Edit)).Succeeded);
+            Assert.True((await authorizationService.AuthorizeAsync(user, 2, Operations.Edit)).Succeeded);
         }
 
 
@@ -945,7 +945,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             // Act
             // Assert
-            Assert.False(await authorizationService.AuthorizeAsync(user, 1, Operations.Edit));
+            Assert.False((await authorizationService.AuthorizeAsync(user, 1, Operations.Edit)).Succeeded);
         }
 
         [Fact]
@@ -960,9 +960,9 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             // Act
             // Assert
-            Assert.True(await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Edit));
-            Assert.False(await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Delete));
-            Assert.False(await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Create));
+            Assert.True((await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Edit)).Succeeded);
+            Assert.False((await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Delete)).Succeeded);
+            Assert.False((await authorizationService.AuthorizeAsync(user, new ExpenseReport(), Operations.Create)).Succeeded);
         }
 
         [Fact]
@@ -977,7 +977,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             // Act
             // Assert
-            Assert.False(await authorizationService.AuthorizeAsync(user, null, Operations.Edit));
+            Assert.False((await authorizationService.AuthorizeAsync(user, null, Operations.Edit)).Succeeded);
         }
 
         [Fact]
@@ -996,7 +996,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         [Fact]
@@ -1015,7 +1015,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.True(allowed);
+            Assert.True(allowed.Succeeded);
         }
 
         public class StaticPolicyProvider : IAuthorizationPolicyProvider
@@ -1049,7 +1049,7 @@ namespace Microsoft.AspNetCore.Authorization.Test
             var allowed = await authorizationService.AuthorizeAsync(user, "Basic");
 
             // Assert
-            Assert.False(allowed);
+            Assert.False(allowed.Succeeded);
         }
 
         public class DynamicPolicyProvider : IAuthorizationPolicyProvider
@@ -1081,23 +1081,15 @@ namespace Microsoft.AspNetCore.Authorization.Test
 
             // Act
             // Assert
-            Assert.False(await authorizationService.AuthorizeAsync(user, "0"));
-            Assert.True(await authorizationService.AuthorizeAsync(user, "1"));
-            Assert.True(await authorizationService.AuthorizeAsync(user, "2"));
-            Assert.False(await authorizationService.AuthorizeAsync(user, "3"));
+            Assert.False((await authorizationService.AuthorizeAsync(user, "0")).Succeeded);
+            Assert.True((await authorizationService.AuthorizeAsync(user, "1")).Succeeded);
+            Assert.True((await authorizationService.AuthorizeAsync(user, "2")).Succeeded);
+            Assert.False((await authorizationService.AuthorizeAsync(user, "3")).Succeeded);
         }
 
         public class SuccessEvaluator : IAuthorizationEvaluator
         {
-            public bool HasFailed(AuthorizationHandlerContext context)
-            {
-                return false;
-            }
-
-            public bool HasSucceeded(AuthorizationHandlerContext context)
-            {
-                return true;
-            }
+            public AuthorizationResult Evaluate(AuthorizationHandlerContext context) => AuthorizationResult.Success();
         }
 
         [Fact]
@@ -1108,7 +1100,8 @@ namespace Microsoft.AspNetCore.Authorization.Test
                 services.AddSingleton<IAuthorizationEvaluator, SuccessEvaluator>();
                 services.AddAuthorization(options => options.AddPolicy("Fail", p => p.RequireAssertion(c => false)));
             });
-            Assert.True(await authorizationService.AuthorizeAsync(null, "Fail"));
+            var result = await authorizationService.AuthorizeAsync(null, "Fail");
+            Assert.True(result.Succeeded);
         }
 
 
@@ -1149,7 +1142,26 @@ namespace Microsoft.AspNetCore.Authorization.Test
                 services.AddSingleton<IAuthorizationHandlerContextFactory, BadContextMaker>();
                 services.AddAuthorization(options => options.AddPolicy("Success", p => p.RequireAssertion(c => true)));
             });
-            Assert.False(await authorizationService.AuthorizeAsync(null, "Success"));
+            Assert.False((await authorizationService.AuthorizeAsync(null, "Success")).Succeeded);
+        }
+
+        public class SadHandlerProvider : IAuthorizationHandlerProvider
+        {
+            public Task<IEnumerable<IAuthorizationHandler>> GetHandlersAsync(AuthorizationHandlerContext context)
+            {
+                return Task.FromResult<IEnumerable<IAuthorizationHandler>>(new IAuthorizationHandler[1] { new FailHandler() });
+            }
+        }
+
+        [Fact]
+        public async Task CanUseCustomHandlerProvider()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                services.AddSingleton<IAuthorizationHandlerProvider, SadHandlerProvider>();
+                services.AddAuthorization(options => options.AddPolicy("Success", p => p.RequireAssertion(c => true)));
+            });
+            Assert.False((await authorizationService.AuthorizeAsync(null, "Success")).Succeeded);
         }
 
     }
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 48b134740a..6eb74aeebf 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -9,9 +9,11 @@
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization\Microsoft.AspNetCore.Authorization.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authorization.Policy\Microsoft.AspNetCore.Authorization.Policy.csproj" />
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="$(AspNetCoreVersion)" />
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
new file mode 100644
index 0000000000..216fc1440e
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
@@ -0,0 +1,179 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authorization.Policy.Test
+{
+    public class PolicyEvaluatorTests
+    {
+        [Fact]
+        public async Task AuthenticateFailsIfNoPrincipalReturned()
+        {
+            // Arrange
+            var evaluator = new PolicyEvaluator(new HappyAuthorization());
+            var context = new DefaultHttpContext();
+            var services = new ServiceCollection().AddSingleton<IAuthenticationService, SadAuthentication>();
+            context.RequestServices = services.BuildServiceProvider();
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+
+            // Act
+            var result = await evaluator.AuthenticateAsync(policy, context);
+
+            // Assert
+            Assert.False(result.Succeeded);
+        }
+
+        [Fact]
+        public async Task AuthenticateMergeSchemes()
+        {
+            // Arrange
+            var evaluator = new PolicyEvaluator(new HappyAuthorization());
+            var context = new DefaultHttpContext();
+            var services = new ServiceCollection().AddSingleton<IAuthenticationService, EchoAuthentication>();
+            context.RequestServices = services.BuildServiceProvider();
+            var policy = new AuthorizationPolicyBuilder().AddAuthenticationSchemes("A","B","C").RequireAssertion(_ => true).Build();
+
+            // Act
+            var result = await evaluator.AuthenticateAsync(policy, context);
+
+            // Assert
+            Assert.True(result.Succeeded);
+            Assert.Equal(3, result.Principal.Identities.Count());
+        }
+
+
+        [Fact]
+        public async Task AuthorizeSucceedsEvenIfAuthenticationFails()
+        {
+            // Arrange
+            var evaluator = new PolicyEvaluator(new HappyAuthorization());
+            var context = new DefaultHttpContext();
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+
+            // Act
+            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Fail("Nooo"), context);
+
+            // Assert
+            Assert.True(result.Succeeded);
+            Assert.False(result.Challenged);
+            Assert.False(result.Forbidden);
+        }
+
+        [Fact]
+        public async Task AuthorizeChallengesIfAuthenticationFails()
+        {
+            // Arrange
+            var evaluator = new PolicyEvaluator(new SadAuthorization());
+            var context = new DefaultHttpContext();
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+
+            // Act
+            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Fail("Nooo"), context);
+
+            // Assert
+            Assert.False(result.Succeeded);
+            Assert.True(result.Challenged);
+            Assert.False(result.Forbidden);
+        }
+
+        [Fact]
+        public async Task AuthorizeForbidsIfAuthenticationSuceeds()
+        {
+            // Arrange
+            var evaluator = new PolicyEvaluator(new SadAuthorization());
+            var context = new DefaultHttpContext();
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+
+            // Act
+            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), "scheme")), context);
+
+            // Assert
+            Assert.False(result.Succeeded);
+            Assert.False(result.Challenged);
+            Assert.True(result.Forbidden);
+        }
+
+        public class HappyAuthorization : IAuthorizationService
+        {
+            public Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
+                => Task.FromResult(AuthorizationResult.Success());
+
+            public Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
+                => Task.FromResult(AuthorizationResult.Success());
+        }
+
+        public class SadAuthorization : IAuthorizationService
+        {
+            public Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
+                => Task.FromResult(AuthorizationResult.Failed());
+
+            public Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
+                => Task.FromResult(AuthorizationResult.Failed());
+        }
+
+        public class SadAuthentication : IAuthenticationService
+        {
+            public Task<AuthenticateResult> AuthenticateAsync(HttpContext context, string scheme)
+            {
+                return Task.FromResult(AuthenticateResult.Fail("Sad."));
+            }
+
+            public Task ChallengeAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+
+            public Task ForbidAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+
+            public Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+
+            public Task SignOutAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+        }
+
+        public class EchoAuthentication : IAuthenticationService
+        {
+            public Task<AuthenticateResult> AuthenticateAsync(HttpContext context, string scheme)
+            {
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(scheme)), scheme)));
+            }
+
+            public Task ChallengeAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+
+            public Task ForbidAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+
+            public Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+
+            public Task SignOutAsync(HttpContext context, string scheme, AuthenticationProperties properties)
+            {
+                throw new System.NotImplementedException();
+            }
+        }
+
+    }
+}
\ No newline at end of file

From 0b41dd12896c386802c2d72d234bf7eb91966815 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 25 May 2017 20:25:04 -0700
Subject: [PATCH 730/900] Disable api check to unblock build

---
 .../Microsoft.AspNetCore.Authorization.csproj                    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 93673ef007..0022d27437 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -11,6 +11,7 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
+    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>

From 348cdf9da9810b768f79dcce6bc39b3918b0863e Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 25 May 2017 23:31:09 -0700
Subject: [PATCH 731/900] Fix sln

---
 Security.sln | 40 +---------------------------------------
 1 file changed, 1 insertion(+), 39 deletions(-)

diff --git a/Security.sln b/Security.sln
index 61ea7b0c31..7c34ff0701 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26510.0
+VisualStudioVersion = 15.0.26507.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -64,10 +64,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authorization.Policy", "src\Microsoft.AspNetCore.Authorization.Policy\Microsoft.AspNetCore.Authorization.Policy.csproj", "{58194599-F07D-47A3-9DF2-E21A22C5EF9E}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Abstractions", "..\HttpAbstractions\src\Microsoft.AspNetCore.Authentication.Abstractions\Microsoft.AspNetCore.Authentication.Abstractions.csproj", "{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Core", "..\HttpAbstractions\src\Microsoft.AspNetCore.Authentication.Core\Microsoft.AspNetCore.Authentication.Core.csproj", "{85545633-7E70-47EA-8CD2-30654C80112C}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -458,38 +454,6 @@ Global
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x64.Build.0 = Release|Any CPU
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x86.ActiveCfg = Release|Any CPU
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x86.Build.0 = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x64.Build.0 = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Debug|x86.Build.0 = Debug|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Any CPU.Build.0 = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x64.ActiveCfg = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x64.Build.0 = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x86.ActiveCfg = Release|Any CPU
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D}.Release|x86.Build.0 = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x64.Build.0 = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x86.ActiveCfg = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Debug|x86.Build.0 = Debug|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|Mixed Platforms.Build.0 = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x64.ActiveCfg = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x64.Build.0 = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x86.ActiveCfg = Release|Any CPU
-		{85545633-7E70-47EA-8CD2-30654C80112C}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -519,7 +483,5 @@ Global
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{97D7B36D-1C0D-4F6D-A6A2-808BB7A4574D} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
-		{85545633-7E70-47EA-8CD2-30654C80112C} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
 EndGlobal

From c5238390787afb31cc9be15f557ffd9dcc42b049 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Wed, 24 May 2017 17:04:14 -0700
Subject: [PATCH 732/900] Update default settings for SameSite

- Need Lax policy for social authentication
- Need None policy for OIDC
---
 .gitignore                                    |  1 +
 .../OpenIdConnect.AzureAdSample/Program.cs    |  1 +
 .../CookieAuthenticationOptions.cs            | 18 +++---
 .../OpenIdConnectHandler.cs                   |  6 +-
 .../TwitterHandler.cs                         |  2 +-
 .../RemoteAuthenticationHandler.cs            |  8 +--
 .../CookiePolicyOptions.cs                    |  2 +-
 .../CookiePolicyTests.cs                      | 56 +++++++++----------
 8 files changed, 49 insertions(+), 45 deletions(-)

diff --git a/.gitignore b/.gitignore
index bcc811de9a..d5717b3f3f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,4 +28,5 @@ project.lock.json
 .build/
 .testPublish/
 /.vs/
+.vscode/
 global.json
diff --git a/samples/OpenIdConnect.AzureAdSample/Program.cs b/samples/OpenIdConnect.AzureAdSample/Program.cs
index 9de0185a40..0e1285a9c6 100644
--- a/samples/OpenIdConnect.AzureAdSample/Program.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Program.cs
@@ -15,6 +15,7 @@ namespace OpenIdConnect.AzureAdSample
                     factory.AddFilter("Console", level => level >= LogLevel.Information);
                 })
                 .UseKestrel()
+                .UseUrls("http://localhost:42023")
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 02d0361b72..01a5ae9c9d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -22,7 +22,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
-            CookieSameSite = SameSiteMode.Strict;
+            // To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231.
+            CookieSameSite = SameSiteMode.Lax;
             CookieHttpOnly = true;
             CookieSecure = CookieSecurePolicy.SameAsRequest;
             Events = new CookieAuthenticationEvents();
@@ -59,7 +60,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         /// <summary>
         /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
-        /// default is Strict, which means the cookie is only allowed to be attached to same-site requests.
+        /// default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe
+        /// HTTP methods and same-site requests.
         /// </summary>
         public SameSiteMode CookieSameSite { get; set; }
 
@@ -84,8 +86,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         /// <summary>
         /// Controls how much time the cookie will remain valid from the point it is created. The expiration
-        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored 
-        /// even if it is passed to the server after the browser should have purged it 
+        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
+        /// even if it is passed to the server after the browser should have purged it
         /// </summary>
         public TimeSpan ExpireTimeSpan { get; set; }
 
@@ -99,7 +101,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// The LoginPath property informs the handler that it should change an outgoing 401 Unauthorized status
         /// code into a 302 redirection onto the given login path. The current url which generated the 401 is added
         /// to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the
-        /// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back  
+        /// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back
         /// to the url which caused the original unauthorized status code.
         /// </summary>
         public PathString LoginPath { get; set; }
@@ -117,15 +119,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         /// <summary>
         /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the handler
-        /// when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query 
-        /// string parameter looked for when a request arrives on the login path or logout path, in order to return to the 
+        /// when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query
+        /// string parameter looked for when a request arrives on the login path or logout path, in order to return to the
         /// original url after the action is performed.
         /// </summary>
         public string ReturnUrlParameter { get; set; }
 
         /// <summary>
         /// The Provider may be assigned to an instance of an object created by the application at startup time. The handler
-        /// calls methods on the provider which give the application control at certain points where processing is occurring. 
+        /// calls methods on the provider which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         public new CookieAuthenticationEvents Events
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9c8f4ecc6f..89d949a001 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         }
 
         /// <summary>
-        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         protected new OpenIdConnectEvents Events
@@ -892,7 +892,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 new CookieOptions
                 {
                     HttpOnly = true,
-                    SameSite = Http.SameSiteMode.Lax,
+                    SameSite = Http.SameSiteMode.None,
                     Secure = Request.IsHttps,
                     Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
                 });
@@ -924,7 +924,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                             var cookieOptions = new CookieOptions
                             {
                                 HttpOnly = true,
-                                SameSite = Http.SameSiteMode.Lax,
+                                SameSite = Http.SameSiteMode.None,
                                 Secure = Request.IsHttps
                             };
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 63a18e83bc..0eab83e41a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -31,7 +31,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         private HttpClient Backchannel => Options.Backchannel;
 
         /// <summary>
-        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         protected new TwitterEvents Events
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 9394b75532..2ff06062de 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -12,7 +12,7 @@ using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationRequestHandler 
+    public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationRequestHandler
         where TOptions : RemoteAuthenticationOptions, new()
     {
         private const string CorrelationPrefix = ".AspNetCore.Correlation.";
@@ -25,7 +25,7 @@ namespace Microsoft.AspNetCore.Authentication
         protected string SignInScheme => Options.SignInScheme;
 
         /// <summary>
-        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         protected new RemoteAuthenticationEvents Events
@@ -203,7 +203,7 @@ namespace Microsoft.AspNetCore.Authentication
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteMode.Lax,
+                SameSite = SameSiteMode.None,
                 Secure = Request.IsHttps,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
@@ -243,7 +243,7 @@ namespace Microsoft.AspNetCore.Authentication
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteMode.Lax,
+                SameSite = SameSiteMode.None,
                 Secure = Request.IsHttps
             };
             Response.Cookies.Delete(cookieName, cookieOptions);
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index 7203e73e69..1e474bfe22 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNetCore.Builder
         /// <summary>
         /// Affects the cookie's same site attribute.
         /// </summary>
-        public SameSiteMode MinimumSameSitePolicy { get; set; } = SameSiteMode.Strict;
+        public SameSiteMode MinimumSameSitePolicy { get; set; } = SameSiteMode.Lax;
 
         /// <summary>
         /// Affects whether cookies must be HttpOnly.
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index 737c12dc39..b6b2776a8a 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -59,10 +59,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/; secure; samesite=strict", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/; secure; samesite=strict", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/; secure; samesite=strict", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; secure; samesite=strict", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; secure; samesite=lax", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; secure; samesite=lax", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; secure; samesite=lax", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure; samesite=lax", transaction.SetCookie[3]);
                     }));
         }
 
@@ -79,10 +79,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/; samesite=strict", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/; samesite=strict", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/; samesite=strict", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; secure; samesite=strict", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; samesite=lax", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; samesite=lax", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; samesite=lax", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure; samesite=lax", transaction.SetCookie[3]);
                     }));
         }
 
@@ -99,19 +99,19 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/; samesite=strict", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/; samesite=strict", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/; samesite=strict", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; samesite=strict", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; samesite=lax", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; samesite=lax", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; samesite=lax", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; samesite=lax", transaction.SetCookie[3]);
                     }),
                 new RequestTest("https://example.com/secureSame",
                     transaction =>
                     {
                         Assert.NotNull(transaction.SetCookie);
-                        Assert.Equal("A=A; path=/; secure; samesite=strict", transaction.SetCookie[0]);
-                        Assert.Equal("B=B; path=/; secure; samesite=strict", transaction.SetCookie[1]);
-                        Assert.Equal("C=C; path=/; secure; samesite=strict", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; secure; samesite=strict", transaction.SetCookie[3]);
+                        Assert.Equal("A=A; path=/; secure; samesite=lax", transaction.SetCookie[0]);
+                        Assert.Equal("B=B; path=/; secure; samesite=lax", transaction.SetCookie[1]);
+                        Assert.Equal("C=C; path=/; secure; samesite=lax", transaction.SetCookie[2]);
+                        Assert.Equal("D=D; path=/; secure; samesite=lax", transaction.SetCookie[3]);
                     }));
         }
 
@@ -128,10 +128,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                 transaction =>
                 {
                     Assert.NotNull(transaction.SetCookie);
-                    Assert.Equal("A=A; path=/; samesite=strict; httponly", transaction.SetCookie[0]);
-                    Assert.Equal("B=B; path=/; samesite=strict; httponly", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/; samesite=strict; httponly", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/; samesite=strict; httponly", transaction.SetCookie[3]);
+                    Assert.Equal("A=A; path=/; samesite=lax; httponly", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; samesite=lax; httponly", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; samesite=lax; httponly", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; samesite=lax; httponly", transaction.SetCookie[3]);
                 }));
         }
 
@@ -148,10 +148,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                 transaction =>
                 {
                     Assert.NotNull(transaction.SetCookie);
-                    Assert.Equal("A=A; path=/; samesite=strict", transaction.SetCookie[0]);
-                    Assert.Equal("B=B; path=/; samesite=strict", transaction.SetCookie[1]);
-                    Assert.Equal("C=C; path=/; samesite=strict", transaction.SetCookie[2]);
-                    Assert.Equal("D=D; path=/; samesite=strict; httponly", transaction.SetCookie[3]);
+                    Assert.Equal("A=A; path=/; samesite=lax", transaction.SetCookie[0]);
+                    Assert.Equal("B=B; path=/; samesite=lax", transaction.SetCookie[1]);
+                    Assert.Equal("C=C; path=/; samesite=lax", transaction.SetCookie[2]);
+                    Assert.Equal("D=D; path=/; samesite=lax; httponly", transaction.SetCookie[3]);
                 }));
         }
 
@@ -242,10 +242,10 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             var transaction = await server.SendAsync("http://example.com/login");
 
             Assert.NotNull(transaction.SetCookie);
-            Assert.Equal("Hao=Hao; path=/; samesite=strict", transaction.SetCookie[0]);
-            Assert.Equal("Hao=Hao; path=/; samesite=strict", transaction.SetCookie[1]);
-            Assert.Equal("Hao=Hao; path=/; samesite=strict", transaction.SetCookie[2]);
-            Assert.Equal("Hao=Hao; path=/; secure; samesite=strict", transaction.SetCookie[3]);
+            Assert.Equal("Hao=Hao; path=/; samesite=lax", transaction.SetCookie[0]);
+            Assert.Equal("Hao=Hao; path=/; samesite=lax", transaction.SetCookie[1]);
+            Assert.Equal("Hao=Hao; path=/; samesite=lax", transaction.SetCookie[2]);
+            Assert.Equal("Hao=Hao; path=/; secure; samesite=lax", transaction.SetCookie[3]);
         }
 
         [Fact]

From e65a67bb5c374512e9840f47ed1de2b2e1cc25e1 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Fri, 26 May 2017 12:44:31 -0700
Subject: [PATCH 733/900] Updated to use the latest shared runtime

---
 build/dependencies.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build/dependencies.props b/build/dependencies.props
index f7e538a504..e804e1b397 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -8,6 +8,7 @@
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>
     <OwinVersion>3.0.1</OwinVersion>
+    <RuntimeFrameworkVersion Condition="'$(TargetFramework)'=='netcoreapp2.0'">2.0.0-*</RuntimeFrameworkVersion>
     <TestSdkVersion>15.3.0-*</TestSdkVersion>
     <XunitVersion>2.3.0-beta2-*</XunitVersion>
   </PropertyGroup>

From e573b8431016541f9ce3992020089af2593239b1 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 31 May 2017 19:37:21 -0700
Subject: [PATCH 734/900] Branching for rel/2.0.0-preview2

---
 NuGet.config             | 5 +++--
 build/dependencies.props | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/NuGet.config b/NuGet.config
index 93f1ac47df..c4bc056c4d 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,8 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
-    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
+    <clear />
+    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-release/api/v3/index.json" />
     <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
-</configuration>
+</configuration>
\ No newline at end of file
diff --git a/build/dependencies.props b/build/dependencies.props
index e804e1b397..02a36ec835 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
+    <AspNetCoreVersion>2.0.0-preview2-*</AspNetCoreVersion>
     <CoreFxVersion>4.4.0-*</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>

From f8feee3783fc0220012e1db9d6af458674289611 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 31 May 2017 19:53:33 -0700
Subject: [PATCH 735/900] Updating build scripts to point to 2.0.0-preview2
 KoreBuild

---
 build.ps1 | 2 +-
 build.sh  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.ps1 b/build.ps1
index 5bf0e2c113..3a2476b2b4 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/2.0.0-preview2.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index b0bcadb579..a40bdb87b1 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/2.0.0-preview2.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi

From 4034158c614ec1dfe2366afcc7763871a37cfda7 Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Wed, 31 May 2017 22:11:21 -0700
Subject: [PATCH 736/900] Removed reference to System.Net.Http

---
 .../Microsoft.AspNetCore.Authentication.Test.csproj              | 1 -
 .../Microsoft.Owin.Security.Interop.Test.csproj                  | 1 -
 2 files changed, 2 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index c44069f437..1529dc8036 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -23,7 +23,6 @@
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="System.Net.Http" Version="$(CoreFxVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index d6e9d16e5f..14c0aa2f1f 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -14,7 +14,6 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
     <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
-    <PackageReference Include="System.Net.Http" Version="$(CoreFxVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
   </ItemGroup>

From 8bfab2b3785a3f84e9733dd4ea7c5139ab3a5794 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 1 Jun 2017 10:47:46 -0700
Subject: [PATCH 737/900] Updating versions to preview3

---
 NuGet.config  | 1 +
 version.props | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NuGet.config b/NuGet.config
index 93f1ac47df..4e8a1f6de1 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <packageSources>
+    <clear />
     <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
     <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
diff --git a/version.props b/version.props
index 0b2b8e0010..90a2f5b5cc 100644
--- a/version.props
+++ b/version.props
@@ -2,6 +2,6 @@
 <Project>
     <PropertyGroup>
         <VersionPrefix>2.0.0</VersionPrefix>
-        <VersionSuffix>preview2</VersionSuffix>
+        <VersionSuffix>preview3</VersionSuffix>
     </PropertyGroup>
 </Project>
\ No newline at end of file

From db9ae6263233e1d95245cb911614d0e20a12edfa Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 2 Jun 2017 14:28:03 -0700
Subject: [PATCH 738/900] IInitializeOptions => IPostConfigureOptions

---
 ...s => CookieAuthenticationPostConfigureOptions.cs} | 12 ++++++------
 .../CookieExtensions.cs                              |  2 +-
 .../FacebookExtensions.cs                            |  1 +
 .../{ => Internal}/FacebookConfigureOptions.cs       |  4 ++--
 .../GoogleExtensions.cs                              |  1 +
 .../{ => Internal}/GoogleConfigureOptions.cs         |  4 ++--
 .../{ => Internal}/JwtBearerConfigureOptions.cs      |  4 ++--
 .../JwtBearerExtensions.cs                           |  3 ++-
 ...itializer.cs => JwtBearerPostConfigureOptions.cs} | 10 +++++-----
 .../MicrosoftAccountConfigureOptions.cs              |  4 ++--
 .../MicrosoftAccountExtensions.cs                    |  1 +
 .../OAuthExtensions.cs                               |  2 +-
 ...thInitializer.cs => OAuthPostConfigureOptions.cs} |  6 +++---
 .../{ => Internal}/OpenIdConnectConfigureOptions.cs  |  2 +-
 .../OpenIdConnectExtensions.cs                       |  3 ++-
 ...lizer.cs => OpenIdConnectPostConfigureOptions.cs} | 12 ++++++------
 .../{ => Internal}/TwitterConfigureOptions.cs        |  4 ++--
 .../TwitterExtensions.cs                             |  3 ++-
 ...Initializer.cs => TwitterPostConfigureOptions.cs} | 12 ++++++------
 .../AuthenticationSchemeOptions.cs                   |  9 ---------
 .../AuthenticationServiceCollectionExtensions.cs     |  8 +++-----
 21 files changed, 51 insertions(+), 56 deletions(-)
 rename src/Microsoft.AspNetCore.Authentication.Cookies/{CookieAuthenticationInitializer.cs => CookieAuthenticationPostConfigureOptions.cs} (81%)
 rename src/Microsoft.AspNetCore.Authentication.Facebook/{ => Internal}/FacebookConfigureOptions.cs (78%)
 rename src/Microsoft.AspNetCore.Authentication.Google/{ => Internal}/GoogleConfigureOptions.cs (79%)
 rename src/Microsoft.AspNetCore.Authentication.JwtBearer/{ => Internal}/JwtBearerConfigureOptions.cs (79%)
 rename src/Microsoft.AspNetCore.Authentication.JwtBearer/{JwtBearerInitializer.cs => JwtBearerPostConfigureOptions.cs} (89%)
 rename src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/{ => Internal}/MicrosoftAccountConfigureOptions.cs (78%)
 rename src/Microsoft.AspNetCore.Authentication.OAuth/{OAuthInitializer.cs => OAuthPostConfigureOptions.cs} (86%)
 rename src/Microsoft.AspNetCore.Authentication.OpenIdConnect/{ => Internal}/OpenIdConnectConfigureOptions.cs (91%)
 rename src/Microsoft.AspNetCore.Authentication.OpenIdConnect/{OpenIdConnectInitializer.cs => OpenIdConnectPostConfigureOptions.cs} (91%)
 rename src/Microsoft.AspNetCore.Authentication.Twitter/{ => Internal}/TwitterConfigureOptions.cs (80%)
 rename src/Microsoft.AspNetCore.Authentication.Twitter/{TwitterInitializer.cs => TwitterPostConfigureOptions.cs} (81%)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationInitializer.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationPostConfigureOptions.cs
similarity index 81%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationInitializer.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationPostConfigureOptions.cs
index af4a85b191..38211e0f19 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationInitializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationPostConfigureOptions.cs
@@ -10,21 +10,21 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Used to setup defaults for all <see cref="CookieAuthenticationOptions"/>.
     /// </summary>
-    public class CookieAuthenticationInitializer : IInitializeOptions<CookieAuthenticationOptions>
+    public class PostConfigureCookieAuthenticationOptions : IPostConfigureOptions<CookieAuthenticationOptions>
     {
         private readonly IDataProtectionProvider _dp;
 
-        public CookieAuthenticationInitializer(IDataProtectionProvider dataProtection)
+        public PostConfigureCookieAuthenticationOptions(IDataProtectionProvider dataProtection)
         {
             _dp = dataProtection;
         }
 
         /// <summary>
-        /// Invoked to initialize a TOptions instance.
+        /// Invoked to post configure a TOptions instance.
         /// </summary>
-        /// <param name="name">The name of the options instance being initialized.</param>
-        /// <param name="options">The options instance to initialize.</param>
-        public void Initialize(string name, CookieAuthenticationOptions options)
+        /// <param name="name">The name of the options instance being configured.</param>
+        /// <param name="options">The options instance to configure.</param>
+        public void PostConfigure(string name, CookieAuthenticationOptions options)
         {
             options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
index b528dec9cb..6f23abcc4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
@@ -21,7 +21,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
         {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<CookieAuthenticationOptions>, CookieAuthenticationInitializer>());
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
             return services.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index 1bb065414d..7d6fb84421 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Facebook;
+using Microsoft.AspNetCore.Authentication.Facebook.Internal;
 using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Internal/FacebookConfigureOptions.cs
similarity index 78%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Facebook/Internal/FacebookConfigureOptions.cs
index 887789ebf1..df1ab710bd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Internal/FacebookConfigureOptions.cs
@@ -4,9 +4,9 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Options.Infrastructure;
 
-namespace Microsoft.AspNetCore.Authentication.Facebook
+namespace Microsoft.AspNetCore.Authentication.Facebook.Internal
 {
-    internal class FacebookConfigureOptions : ConfigureDefaultOptions<FacebookOptions>
+    public class FacebookConfigureOptions : ConfigureDefaultOptions<FacebookOptions>
     {
         public FacebookConfigureOptions(IConfiguration config) :
             base(FacebookDefaults.AuthenticationScheme,
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index c11b155d9c..07d3e16d61 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Authentication.Google.Internal;
 using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/Internal/GoogleConfigureOptions.cs
similarity index 79%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Google/Internal/GoogleConfigureOptions.cs
index 1041f1eec5..bbc5e208a7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Internal/GoogleConfigureOptions.cs
@@ -4,9 +4,9 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Options.Infrastructure;
 
-namespace Microsoft.AspNetCore.Authentication.Google
+namespace Microsoft.AspNetCore.Authentication.Google.Internal
 {
-    internal class GoogleConfigureOptions : ConfigureDefaultOptions<GoogleOptions>
+    public class GoogleConfigureOptions : ConfigureDefaultOptions<GoogleOptions>
     {
         public GoogleConfigureOptions(IConfiguration config) :
             base(GoogleDefaults.AuthenticationScheme,
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Internal/JwtBearerConfigureOptions.cs
similarity index 79%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/Internal/JwtBearerConfigureOptions.cs
index d26bf66711..5c1e931f40 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Internal/JwtBearerConfigureOptions.cs
@@ -4,9 +4,9 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Options.Infrastructure;
 
-namespace Microsoft.AspNetCore.Authentication.JwtBearer
+namespace Microsoft.AspNetCore.Authentication.JwtBearer.Internal
 {
-    internal class JwtBearerConfigureOptions : ConfigureDefaultOptions<JwtBearerOptions>
+    public class JwtBearerConfigureOptions : ConfigureDefaultOptions<JwtBearerOptions>
     {
         // Bind to "Bearer" section by default
         public JwtBearerConfigureOptions(IConfiguration config) :
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
index 0bd3a9400c..134e99920b 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authentication.JwtBearer.Internal;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Options.Infrastructure;
@@ -19,7 +20,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
         {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<JwtBearerOptions>, JwtBearerInitializer>());
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<JwtBearerOptions>, JwtBearerPostConfigureOptions>());
             services.AddSingleton<ConfigureDefaultOptions<JwtBearerOptions>, JwtBearerConfigureOptions>();
             return services.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerInitializer.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
similarity index 89%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerInitializer.cs
rename to src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
index 0aeed11832..8829bfac0f 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerInitializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
@@ -12,14 +12,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
     /// <summary>
     /// Used to setup defaults for all <see cref="JwtBearerOptions"/>.
     /// </summary>
-    public class JwtBearerInitializer : IInitializeOptions<JwtBearerOptions>
+    public class JwtBearerPostConfigureOptions : IPostConfigureOptions<JwtBearerOptions>
     {
         /// <summary>
-        /// Invoked to initialize a JwtBearerOptions instance.
+        /// Invoked to post configure a JwtBearerOptions instance.
         /// </summary>
-        /// <param name="name">The name of the options instance being initialized.</param>
-        /// <param name="options">The options instance to initialize.</param>
-        public void Initialize(string name, JwtBearerOptions options)
+        /// <param name="name">The name of the options instance being configured.</param>
+        /// <param name="options">The options instance to configure.</param>
+        public void PostConfigure(string name, JwtBearerOptions options)
         {
             if (string.IsNullOrEmpty(options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(options.Audience))
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Internal/MicrosoftAccountConfigureOptions.cs
similarity index 78%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Internal/MicrosoftAccountConfigureOptions.cs
index b0be3de977..60591e1e4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Internal/MicrosoftAccountConfigureOptions.cs
@@ -4,9 +4,9 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Options.Infrastructure;
 
-namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount.Internal
 {
-    internal class MicrosoftAccountConfigureOptions : ConfigureDefaultOptions<MicrosoftAccountOptions>
+    public class MicrosoftAccountConfigureOptions : ConfigureDefaultOptions<MicrosoftAccountOptions>
     {
         // Bind to "Microsoft" section by default
         public MicrosoftAccountConfigureOptions(IConfiguration config) :
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index 1a7fee370f..ff743c9728 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount.Internal;
 using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
index 257aed9cb1..4ad0a83362 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -19,7 +19,7 @@ namespace Microsoft.Extensions.DependencyInjection
             where TOptions : OAuthOptions, new()
             where THandler : OAuthHandler<TOptions>
         {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<TOptions>, OAuthInitializer<TOptions, THandler>>());
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, OAuthPostConfigureOptions<TOptions, THandler>>());
             return services.AddRemoteScheme<TOptions, THandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthInitializer.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
similarity index 86%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthInitializer.cs
rename to src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
index 99f65253a8..e97346413c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthInitializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
@@ -12,18 +12,18 @@ namespace Microsoft.Extensions.DependencyInjection
     /// <summary>
     /// Used to setup defaults for the OAuthOptions.
     /// </summary>
-    public class OAuthInitializer<TOptions, THandler> : IInitializeOptions<TOptions>
+    public class OAuthPostConfigureOptions<TOptions, THandler> : IPostConfigureOptions<TOptions>
         where TOptions : OAuthOptions, new()
         where THandler : OAuthHandler<TOptions>
     {
         private readonly IDataProtectionProvider _dp;
 
-        public OAuthInitializer(IDataProtectionProvider dataProtection)
+        public OAuthPostConfigureOptions(IDataProtectionProvider dataProtection)
         {
             _dp = dataProtection;
         }
 
-        public void Initialize(string name, TOptions options)
+        public void PostConfigure(string name, TOptions options)
         {
             options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
             if (options.Backchannel == null)
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Internal/OpenIdConnectConfigureOptions.cs
similarity index 91%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Internal/OpenIdConnectConfigureOptions.cs
index 1a6450b7b2..c395185151 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Internal/OpenIdConnectConfigureOptions.cs
@@ -4,7 +4,7 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Options.Infrastructure;
 
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect.Internal
 {
     internal class OpenIdConnectConfigureOptions : ConfigureDefaultOptions<OpenIdConnectOptions>
     {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index b4ac4b9fb7..6c965f047c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect.Internal;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Options.Infrastructure;
@@ -19,7 +20,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
         {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<OpenIdConnectOptions>, OpenIdConnectInitializer>());
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());
             services.AddSingleton<ConfigureDefaultOptions<OpenIdConnectOptions>, OpenIdConnectConfigureOptions>();
             return services.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectInitializer.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
similarity index 91%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectInitializer.cs
rename to src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
index 7421af9c0a..b79f1d1edf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectInitializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
@@ -14,21 +14,21 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     /// <summary>
     /// Used to setup defaults for all <see cref="OpenIdConnectOptions"/>.
     /// </summary>
-    public class OpenIdConnectInitializer : IInitializeOptions<OpenIdConnectOptions>
+    public class OpenIdConnectPostConfigureOptions : IPostConfigureOptions<OpenIdConnectOptions>
     {
         private readonly IDataProtectionProvider _dp;
 
-        public OpenIdConnectInitializer(IDataProtectionProvider dataProtection)
+        public OpenIdConnectPostConfigureOptions(IDataProtectionProvider dataProtection)
         {
             _dp = dataProtection;
         }
 
         /// <summary>
-        /// Invoked to initialize a TOptions instance.
+        /// Invoked to post configure a TOptions instance.
         /// </summary>
-        /// <param name="name">The name of the options instance being initialized.</param>
-        /// <param name="options">The options instance to initialize.</param>
-        public void Initialize(string name, OpenIdConnectOptions options)
+        /// <param name="name">The name of the options instance being configured.</param>
+        /// <param name="options">The options instance to configure.</param>
+        public void PostConfigure(string name, OpenIdConnectOptions options)
         {
             options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Internal/TwitterConfigureOptions.cs
similarity index 80%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/Internal/TwitterConfigureOptions.cs
index 03d7ae8092..62982fa19a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Internal/TwitterConfigureOptions.cs
@@ -4,9 +4,9 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Options.Infrastructure;
 
-namespace Microsoft.AspNetCore.Authentication.Twitter
+namespace Microsoft.AspNetCore.Authentication.Twitter.Internal
 {
-    internal class TwitterConfigureOptions : ConfigureDefaultOptions<TwitterOptions>
+    public class TwitterConfigureOptions : ConfigureDefaultOptions<TwitterOptions>
     {
         // Bind to "Twitter" section by default
         public TwitterConfigureOptions(IConfiguration config) :
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index 11586f9844..dac9ee3512 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.AspNetCore.Authentication.Twitter.Internal;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Options.Infrastructure;
@@ -19,7 +20,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action<TwitterOptions> configureOptions)
         {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<TwitterOptions>, TwitterInitializer>());
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TwitterOptions>, TwitterPostConfigureOptions>());
             services.AddSingleton<ConfigureDefaultOptions<TwitterOptions>, TwitterConfigureOptions>();
             return services.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterInitializer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
similarity index 81%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterInitializer.cs
rename to src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
index 08e9c5b832..09db5699f9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterInitializer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
@@ -10,21 +10,21 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
     /// <summary>
     /// Used to setup defaults for all <see cref="TwitterOptions"/>.
     /// </summary>
-    public class TwitterInitializer : IInitializeOptions<TwitterOptions>
+    public class TwitterPostConfigureOptions : IPostConfigureOptions<TwitterOptions>
     {
         private readonly IDataProtectionProvider _dp;
 
-        public TwitterInitializer(IDataProtectionProvider dataProtection)
+        public TwitterPostConfigureOptions(IDataProtectionProvider dataProtection)
         {
             _dp = dataProtection;
         }
 
         /// <summary>
-        /// Invoked to initialize a TOptions instance.
+        /// Invoked to post configure a TOptions instance.
         /// </summary>
-        /// <param name="name">The name of the options instance being initialized.</param>
-        /// <param name="options">The options instance to initialize.</param>
-        public void Initialize(string name, TwitterOptions options)
+        /// <param name="name">The name of the options instance being configured.</param>
+        /// <param name="options">The options instance to configure.</param>
+        public void PostConfigure(string name, TwitterOptions options)
         {
             options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
 
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
index 55bc09d8ae..0e86b3a9ff 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
@@ -2,18 +2,9 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    public class InitializeAuthenticationSchemeOptions<TOptions> : InitializeOptions<TOptions>
-        where TOptions : AuthenticationSchemeOptions
-    {
-        public InitializeAuthenticationSchemeOptions(string name) 
-            : base(name, options => options.ClaimsIssuer = options.ClaimsIssuer ?? name)
-        { }
-    }
-
     /// <summary>
     /// Contains the options used by the <see cref="AuthenticationHandler{T}"/>.
     /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index ff367f5557..7ebc979f1b 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -2,9 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 
@@ -79,12 +77,12 @@ namespace Microsoft.Extensions.DependencyInjection
             where TOptions : RemoteAuthenticationOptions, new()
             where THandler : RemoteAuthenticationHandler<TOptions>
         {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IInitializeOptions<TOptions>, EnsureSignInScheme<TOptions>>());
+            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, EnsureSignInScheme<TOptions>>());
             return services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
         }
 
         // Used to ensure that there's always a default data protection provider
-        private class EnsureSignInScheme<TOptions> : IInitializeOptions<TOptions> where TOptions : RemoteAuthenticationOptions
+        private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
         {
             private readonly AuthenticationOptions _authOptions;
 
@@ -93,7 +91,7 @@ namespace Microsoft.Extensions.DependencyInjection
                 _authOptions = authOptions.Value;
             }
 
-            public void Initialize(string name, TOptions options)
+            public void PostConfigure(string name, TOptions options)
             {
                 options.SignInScheme = options.SignInScheme ?? _authOptions.DefaultSignInScheme;
             }

From ae3dfcdb32647473e24f7c03aa6cb13e83bb7577 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 5 Jun 2017 11:34:35 -0700
Subject: [PATCH 739/900] Remote ConfigureDefaultOptions

---
 .../FacebookExtensions.cs                     |  7 +--
 .../Internal/FacebookConfigureOptions.cs      | 16 -----
 ....AspNetCore.Authentication.Facebook.csproj |  1 -
 .../GoogleExtensions.cs                       |  7 +--
 .../Internal/GoogleConfigureOptions.cs        | 16 -----
 ...ft.AspNetCore.Authentication.Google.csproj |  1 -
 .../Internal/JwtBearerConfigureOptions.cs     | 17 -----
 .../JwtBearerExtensions.cs                    |  3 -
 ...AspNetCore.Authentication.JwtBearer.csproj |  1 -
 .../MicrosoftAccountConfigureOptions.cs       | 17 -----
 ...ore.Authentication.MicrosoftAccount.csproj |  1 -
 .../MicrosoftAccountExtensions.cs             |  7 +--
 .../Internal/OpenIdConnectConfigureOptions.cs | 17 -----
 ...etCore.Authentication.OpenIdConnect.csproj |  1 -
 .../OpenIdConnectExtensions.cs                |  3 -
 .../Internal/TwitterConfigureOptions.cs       | 17 -----
 ...t.AspNetCore.Authentication.Twitter.csproj |  1 -
 .../TwitterExtensions.cs                      |  3 -
 .../FacebookTests.cs                          | 63 -------------------
 .../GoogleTests.cs                            | 60 ------------------
 .../JwtBearerTests.cs                         | 62 ------------------
 .../MicrosoftAccountTests.cs                  | 60 ------------------
 .../OpenIdConnect/OpenIdConnectTests.cs       | 28 ---------
 .../TwitterTests.cs                           | 54 ----------------
 24 files changed, 3 insertions(+), 460 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/Internal/FacebookConfigureOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Google/Internal/GoogleConfigureOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/Internal/JwtBearerConfigureOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Internal/MicrosoftAccountConfigureOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Internal/OpenIdConnectConfigureOptions.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/Internal/TwitterConfigureOptions.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index 7d6fb84421..4f30b9ba9c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -3,8 +3,6 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Facebook;
-using Microsoft.AspNetCore.Authentication.Facebook.Internal;
-using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -17,9 +15,6 @@ namespace Microsoft.Extensions.DependencyInjection
             => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, configureOptions);
 
         public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, string authenticationScheme, Action<FacebookOptions> configureOptions)
-        {
-            services.AddSingleton<ConfigureDefaultOptions<FacebookOptions>, FacebookConfigureOptions>();
-            return services.AddOAuthAuthentication<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
-        }
+            => services.AddOAuthAuthentication<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Internal/FacebookConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Internal/FacebookConfigureOptions.cs
deleted file mode 100644
index df1ab710bd..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Internal/FacebookConfigureOptions.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options.Infrastructure;
-
-namespace Microsoft.AspNetCore.Authentication.Facebook.Internal
-{
-    public class FacebookConfigureOptions : ConfigureDefaultOptions<FacebookOptions>
-    {
-        public FacebookConfigureOptions(IConfiguration config) :
-            base(FacebookDefaults.AuthenticationScheme,
-                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+FacebookDefaults.AuthenticationScheme).Bind(options))
-        { }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index e39b31e904..a939958e27 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -13,7 +13,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index 07d3e16d61..be40822c57 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -3,8 +3,6 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Google;
-using Microsoft.AspNetCore.Authentication.Google.Internal;
-using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -17,9 +15,6 @@ namespace Microsoft.Extensions.DependencyInjection
             => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, configureOptions);
 
         public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, string authenticationScheme, Action<GoogleOptions> configureOptions)
-        {
-            services.AddSingleton<ConfigureDefaultOptions<GoogleOptions>, GoogleConfigureOptions>();
-            return services.AddOAuthAuthentication<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
-        }
+            => services.AddOAuthAuthentication<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Internal/GoogleConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/Internal/GoogleConfigureOptions.cs
deleted file mode 100644
index bbc5e208a7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/Internal/GoogleConfigureOptions.cs
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options.Infrastructure;
-
-namespace Microsoft.AspNetCore.Authentication.Google.Internal
-{
-    public class GoogleConfigureOptions : ConfigureDefaultOptions<GoogleOptions>
-    {
-        public GoogleConfigureOptions(IConfiguration config) :
-            base(GoogleDefaults.AuthenticationScheme,
-                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+GoogleDefaults.AuthenticationScheme).Bind(options))
-        { }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index c4f1e7ad8f..9f4cee9d59 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -13,7 +13,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Internal/JwtBearerConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Internal/JwtBearerConfigureOptions.cs
deleted file mode 100644
index 5c1e931f40..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Internal/JwtBearerConfigureOptions.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options.Infrastructure;
-
-namespace Microsoft.AspNetCore.Authentication.JwtBearer.Internal
-{
-    public class JwtBearerConfigureOptions : ConfigureDefaultOptions<JwtBearerOptions>
-    {
-        // Bind to "Bearer" section by default
-        public JwtBearerConfigureOptions(IConfiguration config) :
-            base(JwtBearerDefaults.AuthenticationScheme,
-                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+JwtBearerDefaults.AuthenticationScheme).Bind(options))
-        { }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
index 134e99920b..582eb6314d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -3,10 +3,8 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.AspNetCore.Authentication.JwtBearer.Internal;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -21,7 +19,6 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
         {
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<JwtBearerOptions>, JwtBearerPostConfigureOptions>());
-            services.AddSingleton<ConfigureDefaultOptions<JwtBearerOptions>, JwtBearerConfigureOptions>();
             return services.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 5b25e00e86..73d8fdd008 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -11,7 +11,6 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Internal/MicrosoftAccountConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Internal/MicrosoftAccountConfigureOptions.cs
deleted file mode 100644
index 60591e1e4a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Internal/MicrosoftAccountConfigureOptions.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options.Infrastructure;
-
-namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount.Internal
-{
-    public class MicrosoftAccountConfigureOptions : ConfigureDefaultOptions<MicrosoftAccountOptions>
-    {
-        // Bind to "Microsoft" section by default
-        public MicrosoftAccountConfigureOptions(IConfiguration config) :
-            base(MicrosoftAccountDefaults.AuthenticationScheme,
-                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+MicrosoftAccountDefaults.AuthenticationScheme).Bind(options))
-        { }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 1a954c850a..1accdf8f14 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -13,7 +13,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index ff743c9728..a4ad5692cd 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -3,8 +3,6 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
-using Microsoft.AspNetCore.Authentication.MicrosoftAccount.Internal;
-using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -17,9 +15,6 @@ namespace Microsoft.Extensions.DependencyInjection
             => services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
 
         public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
-        {
-            services.AddSingleton<ConfigureDefaultOptions<MicrosoftAccountOptions>, MicrosoftAccountConfigureOptions>();
-            return services.AddOAuthAuthentication<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
-        }
+            => services.AddOAuthAuthentication<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Internal/OpenIdConnectConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Internal/OpenIdConnectConfigureOptions.cs
deleted file mode 100644
index c395185151..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Internal/OpenIdConnectConfigureOptions.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options.Infrastructure;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect.Internal
-{
-    internal class OpenIdConnectConfigureOptions : ConfigureDefaultOptions<OpenIdConnectOptions>
-    {
-        // Bind to "OpenIdConnect" section by default
-        public OpenIdConnectConfigureOptions(IConfiguration config) :
-            base(OpenIdConnectDefaults.AuthenticationScheme,
-                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+OpenIdConnectDefaults.AuthenticationScheme).Bind(options))
-        { }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 0ce2fe34e0..8e4fb774db 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -12,6 +12,5 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index 6c965f047c..d576409047 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -3,10 +3,8 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.AspNetCore.Authentication.OpenIdConnect.Internal;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -21,7 +19,6 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
         {
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());
-            services.AddSingleton<ConfigureDefaultOptions<OpenIdConnectOptions>, OpenIdConnectConfigureOptions>();
             return services.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Internal/TwitterConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Internal/TwitterConfigureOptions.cs
deleted file mode 100644
index 62982fa19a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Internal/TwitterConfigureOptions.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.Options.Infrastructure;
-
-namespace Microsoft.AspNetCore.Authentication.Twitter.Internal
-{
-    public class TwitterConfigureOptions : ConfigureDefaultOptions<TwitterOptions>
-    {
-        // Bind to "Twitter" section by default
-        public TwitterConfigureOptions(IConfiguration config) :
-            base(TwitterDefaults.AuthenticationScheme,
-                options => config.GetSection("Microsoft:AspNetCore:Authentication:Schemes:"+TwitterDefaults.AuthenticationScheme).Bind(options))
-        { }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index b78de6597f..6bf4a66d3f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -13,7 +13,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index dac9ee3512..d8b78398fc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -3,10 +3,8 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Twitter;
-using Microsoft.AspNetCore.Authentication.Twitter.Internal;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -21,7 +19,6 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action<TwitterOptions> configureOptions)
         {
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TwitterOptions>, TwitterPostConfigureOptions>());
-            services.AddSingleton<ConfigureDefaultOptions<TwitterOptions>, TwitterConfigureOptions>();
             return services.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
     }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 657c957bfb..b463ef8911 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -20,7 +20,6 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -40,68 +39,6 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             Assert.Equal(FacebookDefaults.AuthenticationScheme, scheme.DisplayName);
         }
 
-        [Fact]
-        public void AddCanBindAgainstDefaultConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:AppId", "<id>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:AppSecret", "<secret>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:AuthorizationEndpoint", "<authEndpoint>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:BackchannelTimeout", "0.0:0:30"},
-                //{"Facebook:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:ClaimsIssuer", "<issuer>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:SaveTokens", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:SendAppSecretProof", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:SignInScheme", "<signIn>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:TokenEndpoint", "<tokenEndpoint>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Facebook:UserInformationEndpoint", "<userEndpoint>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection()
-                .AddSingleton<IConfigureOptions<FacebookOptions>, ConfigureDefaults<FacebookOptions>>()
-                .AddFacebookAuthentication()
-                .AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<FacebookOptions>>().Get(FacebookDefaults.AuthenticationScheme);
-            Assert.Equal("<id>", options.AppId);
-            Assert.Equal("<secret>", options.AppSecret);
-            Assert.Equal("<authEndpoint>", options.AuthorizationEndpoint);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
-            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
-            Assert.Equal("<issuer>", options.ClaimsIssuer);
-            Assert.Equal("<id>", options.ClientId);
-            Assert.Equal("<secret>", options.ClientSecret);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
-            Assert.True(options.SaveTokens);
-            Assert.True(options.SendAppSecretProof);
-            Assert.Equal("<signIn>", options.SignInScheme);
-            Assert.Equal("<tokenEndpoint>", options.TokenEndpoint);
-            Assert.Equal("<userEndpoint>", options.UserInformationEndpoint);
-        }
-
-        [Fact]
-        public void AddWithDelegateIgnoresConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Facebook:AppId", "<id>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddFacebookAuthentication(o => o.SaveTokens = false).AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<FacebookOptions>>().Get(FacebookDefaults.AuthenticationScheme);
-            Assert.Null(options.AppId);
-            Assert.False(options.SaveTokens);
-        }
-
         [Fact]
         public async Task ThrowsIfAppIdMissing()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index b316e62751..501fdf6035 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -19,7 +19,6 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -39,65 +38,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
             Assert.Equal(GoogleDefaults.AuthenticationScheme, scheme.DisplayName);
         }
 
-        [Fact]
-        public void AddCanBindAgainstDefaultConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:ClientId", "<id>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:ClientSecret", "<secret>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:AuthorizationEndpoint", "<authEndpoint>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:BackchannelTimeout", "0.0:0:30"},
-                //{"Google:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:ClaimsIssuer", "<issuer>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:SaveTokens", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:SendAppSecretProof", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:SignInScheme", "<signIn>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:TokenEndpoint", "<tokenEndpoint>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Google:UserInformationEndpoint", "<userEndpoint>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection()
-                .AddSingleton<IConfigureOptions<GoogleOptions>, ConfigureDefaults<GoogleOptions>>()
-                .AddGoogleAuthentication()
-                .AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<GoogleOptions>>().Get(GoogleDefaults.AuthenticationScheme);
-            Assert.Equal("<authEndpoint>", options.AuthorizationEndpoint);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
-            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
-            Assert.Equal("<issuer>", options.ClaimsIssuer);
-            Assert.Equal("<id>", options.ClientId);
-            Assert.Equal("<secret>", options.ClientSecret);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
-            Assert.True(options.SaveTokens);
-            Assert.Equal("<signIn>", options.SignInScheme);
-            Assert.Equal("<tokenEndpoint>", options.TokenEndpoint);
-            Assert.Equal("<userEndpoint>", options.UserInformationEndpoint);
-        }
-
-        [Fact]
-        public void AddWithDelegateIgnoresConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Google:ClientId", "<id>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddGoogleAuthentication(o => o.SaveTokens = false).AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<GoogleOptions>>().Get(GoogleDefaults.AuthenticationScheme);
-            Assert.Null(options.ClientId);
-            Assert.False(options.SaveTokens);
-        }
-
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index 6746f5c3f1..3149e9875b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -19,7 +19,6 @@ using Microsoft.AspNetCore.Testing.xunit;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
@@ -39,67 +38,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Null(scheme.DisplayName);
         }
 
-        [Fact]
-        public void AddCanBindAgainstDefaultConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Audience", "<audience>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Authority", "<authority>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:BackchannelTimeout", "0.0:0:30"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Challenge", "<challenge>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:ClaimsIssuer", "<issuer>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:IncludeErrorDetails", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:MetadataAddress", "<metadata>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:RefreshOnIssuerKeyNotFound", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:RequireHttpsMetadata", "false"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:SaveToken", "true"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection()
-                .AddSingleton<IConfigureOptions<JwtBearerOptions>, ConfigureDefaults<JwtBearerOptions>>()
-                .AddJwtBearerAuthentication()
-                .AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<JwtBearerOptions>>().Get(JwtBearerDefaults.AuthenticationScheme);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
-            Assert.Equal("<audience>", options.Audience);
-            Assert.Equal("<authority>", options.Authority);
-            Assert.Equal("<challenge>", options.Challenge);
-            Assert.Equal("<issuer>", options.ClaimsIssuer);
-            Assert.True(options.IncludeErrorDetails);
-            Assert.Equal("<metadata>", options.MetadataAddress);
-            Assert.True(options.RefreshOnIssuerKeyNotFound);
-            Assert.False(options.RequireHttpsMetadata);
-            Assert.True(options.SaveToken);
-        }
-
-        [Fact]
-        public void AddWithDelegateOverridesConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Audience", "<audience>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:Authority", "<authority>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Bearer:RequireHttpsMetadata", "false"}
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection()
-                .AddSingleton<IConfigureOptions<JwtBearerOptions>, ConfigureDefaults<JwtBearerOptions>>()
-                .AddJwtBearerAuthentication(o => o.Authority = "authority")
-                .AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<JwtBearerOptions>>().Get(JwtBearerDefaults.AuthenticationScheme);
-            Assert.Equal("<audience>", options.Audience);
-            Assert.Equal("authority", options.Authority);
-        }
-
         [ConditionalFact(Skip = "Need to remove dependency on AAD since the generated tokens will expire")]
         [FrameworkSkipCondition(RuntimeFrameworks.Mono)]
         // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/179
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index 0d49052f5b..bf15c91b00 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -20,7 +20,6 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -40,65 +39,6 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
             Assert.Equal(MicrosoftAccountDefaults.AuthenticationScheme, scheme.DisplayName);
         }
 
-        [Fact]
-        public void AddCanBindAgainstDefaultConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:ClientId", "<id>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:ClientSecret", "<secret>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:AuthorizationEndpoint", "<authEndpoint>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:BackchannelTimeout", "0.0:0:30"},
-                //{"Microsoft:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:ClaimsIssuer", "<issuer>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:SaveTokens", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:SendAppSecretProof", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:SignInScheme", "<signIn>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:TokenEndpoint", "<tokenEndpoint>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Microsoft:UserInformationEndpoint", "<userEndpoint>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection()
-                .AddSingleton<IConfigureOptions<MicrosoftAccountOptions>, ConfigureDefaults<MicrosoftAccountOptions>>()
-                .AddMicrosoftAccountAuthentication()
-                .AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<MicrosoftAccountOptions>>().Get(MicrosoftAccountDefaults.AuthenticationScheme);
-            Assert.Equal("<authEndpoint>", options.AuthorizationEndpoint);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
-            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
-            Assert.Equal("<issuer>", options.ClaimsIssuer);
-            Assert.Equal("<id>", options.ClientId);
-            Assert.Equal("<secret>", options.ClientSecret);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
-            Assert.True(options.SaveTokens);
-            Assert.Equal("<signIn>", options.SignInScheme);
-            Assert.Equal("<tokenEndpoint>", options.TokenEndpoint);
-            Assert.Equal("<userEndpoint>", options.UserInformationEndpoint);
-        }
-
-        [Fact]
-        public void AddWithDelegateIgnoresConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:ClientId", "<id>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddMicrosoftAccountAuthentication(o => o.SaveTokens = true).AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<MicrosoftAccountOptions>>().Get(MicrosoftAccountDefaults.AuthenticationScheme);
-            Assert.Null(options.ClientId);
-            Assert.True(options.SaveTokens);
-        }
-
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index 9dc597b856..1708e604ef 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -15,7 +15,6 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
@@ -30,33 +29,6 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         const string Signin = "/signin";
         const string Signout = "/signout";
 
-        [Fact]
-        public void AddCanBindAgainstDefaultConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:ClientId", "<id>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:ClientSecret", "<secret>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:RequireHttpsMetadata", "false"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:OpenIdConnect:Authority", "<auth>"}
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection()
-                .AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureDefaults<OpenIdConnectOptions>>()
-                .AddOpenIdConnectAuthentication()
-                .AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<OpenIdConnectOptions>>().Get(OpenIdConnectDefaults.AuthenticationScheme);
-            Assert.Equal("<id>", options.ClientId);
-            Assert.Equal("<secret>", options.ClientSecret);
-            Assert.Equal("<auth>", options.Authority);
-            Assert.False(options.RequireHttpsMetadata);
-        }
-
-
         /// <summary>
         /// Tests RedirectForSignOutContext replaces the OpenIdConnectMesssage correctly.
         /// summary>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index b8af66cdfb..8fcc0780d2 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -14,7 +14,6 @@ using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Options.Infrastructure;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -33,59 +32,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             Assert.Equal(TwitterDefaults.AuthenticationScheme, scheme.DisplayName);
         }
 
-        [Fact]
-        public void AddCanBindAgainstDefaultConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:ConsumerKey", "<key>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:ConsumerSecret", "<secret>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:BackchannelTimeout", "0.0:0:30"},
-                //{"Twitter:CallbackPath", "/callbackpath"}, // PathString doesn't convert
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:ClaimsIssuer", "<issuer>"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:RemoteAuthenticationTimeout", "0.0:0:30"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:SaveTokens", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:SendAppSecretProof", "true"},
-                {"Microsoft:AspNetCore:Authentication:Schemes:Twitter:SignInScheme", "<signIn>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection()
-                .AddSingleton<IConfigureOptions<TwitterOptions>, ConfigureDefaults<TwitterOptions>>()
-                .AddTwitterAuthentication()
-                .AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<TwitterOptions>>().Get(TwitterDefaults.AuthenticationScheme);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
-            //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
-            Assert.Equal("<issuer>", options.ClaimsIssuer);
-            Assert.Equal("<key>", options.ConsumerKey);
-            Assert.Equal("<secret>", options.ConsumerSecret);
-            Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
-            Assert.True(options.SaveTokens);
-            Assert.Equal("<signIn>", options.SignInScheme);
-        }
-
-        [Fact]
-        public void AddWithDelegateIgnoresConfig()
-        {
-            var dic = new Dictionary<string, string>
-            {
-                {"Twitter:ConsumerKey", "<key>"},
-            };
-            var configurationBuilder = new ConfigurationBuilder();
-            configurationBuilder.AddInMemoryCollection(dic);
-            var config = configurationBuilder.Build();
-            var services = new ServiceCollection().AddTwitterAuthentication(o => o.SaveTokens = true).AddSingleton<IConfiguration>(config);
-            var sp = services.BuildServiceProvider();
-
-            var options = sp.GetRequiredService<IOptionsSnapshot<TwitterOptions>>().Get(TwitterDefaults.AuthenticationScheme);
-            Assert.Null(options.ConsumerKey);
-            Assert.True(options.SaveTokens);
-        }
-
         [Fact]
         public async Task ChallengeWillTriggerApplyRedirectEvent()
         {

From b7958935429487f04e28b729d3214ddebc36a0eb Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 5 Jun 2017 14:04:33 -0700
Subject: [PATCH 740/900] Remove rogue using

---
 .../GoogleAppBuilderExtensions.cs                                | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
index d2687239bb..ec7e8a7aab 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Google;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 

From a561da0b3f86b8b242768f47d3283319311ddc2c Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 6 Jun 2017 15:41:17 -0700
Subject: [PATCH 741/900] Remove itemgroup from csproj with unreachable code

---
 .../Microsoft.AspNetCore.Authorization.Policy.csproj          | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
index 5123b70699..b8447e4154 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -20,8 +20,4 @@
     <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
-    <PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
-  </ItemGroup>
-
 </Project>

From 4a258b4565aedd084df05243f679e7dc81e3919b Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 8 Jun 2017 08:43:38 -0700
Subject: [PATCH 742/900] Remove usage of TaskCache

---
 .../CookieAuthenticationHandler.cs            |  5 +----
 .../Events/CookieAuthenticationEvents.cs      | 17 ++++++++---------
 ...t.AspNetCore.Authentication.Cookies.csproj |  1 -
 .../Events/JwtBearerEvents.cs                 |  9 ++++-----
 .../JwtBearerAppBuilderExtensions.cs          |  1 -
 ...AspNetCore.Authentication.JwtBearer.csproj |  1 -
 .../Events/OAuthEvents.cs                     |  5 ++---
 ...oft.AspNetCore.Authentication.OAuth.csproj |  1 -
 .../Events/OpenIdConnectEvents.cs             | 19 +++++++++----------
 ...etCore.Authentication.OpenIdConnect.csproj |  1 -
 .../Events/TwitterEvents.cs                   |  5 ++---
 ...t.AspNetCore.Authentication.Twitter.csproj |  1 -
 .../AuthenticationHandler.cs                  | 11 +++++------
 .../Events/RemoteAuthenticationEvents.cs      |  5 ++---
 ...Microsoft.AspNetCore.Authentication.csproj |  1 -
 ...oft.AspNetCore.Authorization.Policy.csproj |  1 -
 .../ClaimsAuthorizationRequirement.cs         |  3 +--
 .../DenyAnonymousAuthorizationRequirement.cs  |  3 +--
 .../NameAuthorizationRequirement.cs           |  3 +--
 .../RolesAuthorizationRequirement.cs          |  3 +--
 .../Microsoft.AspNetCore.Authorization.csproj |  1 -
 21 files changed, 37 insertions(+), 60 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index bb2c10fee5..9b04026cd1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -6,11 +6,8 @@ using System.Linq;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.Net.Http.Headers;
@@ -50,7 +47,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             // Cookies needs to finish the response
             Context.Response.OnStarting(FinishResponseAsync);
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 5cb933ce1d..c7c375de23 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
@@ -18,22 +17,22 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; } = context => TaskCache.CompletedTask;
+        public Func<CookieValidatePrincipalContext, Task> OnValidatePrincipal { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieSigningInContext, Task> OnSigningIn { get; set; } = context => TaskCache.CompletedTask;
+        public Func<CookieSigningInContext, Task> OnSigningIn { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieSignedInContext, Task> OnSignedIn { get; set; } = context => TaskCache.CompletedTask;
+        public Func<CookieSignedInContext, Task> OnSignedIn { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieSigningOutContext, Task> OnSigningOut { get; set; } = context => TaskCache.CompletedTask;
+        public Func<CookieSigningOutContext, Task> OnSigningOut { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
@@ -49,7 +48,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         };
 
         /// <summary>
@@ -66,7 +65,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         };
 
         /// <summary>
@@ -82,7 +81,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         };
 
         /// <summary>
@@ -98,7 +97,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 context.Response.Redirect(context.RedirectUri);
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         };
 
         private static bool IsAjaxRequest(HttpRequest request)
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 41c4ff7905..95aebf38bc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -18,7 +18,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index c4e2e7b5a9..a9b35c310f 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
@@ -15,22 +14,22 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => TaskCache.CompletedTask;
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => TaskCache.CompletedTask;
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
         /// </summary>
-        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => TaskCache.CompletedTask;
+        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked before a challenge is sent back to the caller.
         /// </summary>
-        public Func<JwtBearerChallengeContext, Task> OnChallenge { get; set; } = context => TaskCache.CompletedTask;
+        public Func<JwtBearerChallengeContext, Task> OnChallenge { get; set; } = context => Task.CompletedTask;
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 6b1b1afd4a..9755c5cb7d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -3,7 +3,6 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 73d8fdd008..3c55004a47 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -11,6 +11,5 @@
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
index 4e94a15bc6..b3572cab4c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
@@ -15,7 +14,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Gets or sets the function that is invoked when the CreatingTicket method is invoked.
         /// </summary>
-        public Func<OAuthCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => TaskCache.CompletedTask;
+        public Func<OAuthCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Gets or sets the delegate that is invoked when the RedirectToAuthorizationEndpoint method is invoked.
@@ -23,7 +22,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public Func<OAuthRedirectToAuthorizationContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         };
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 508c815fe8..88d6794e9d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -13,7 +13,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Newtonsoft.Json" Version="$(JsonNetVersion)" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index f6386aeec8..660eba0b33 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
@@ -15,47 +14,47 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
         /// </summary>
-        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => TaskCache.CompletedTask;
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked after security token validation if an authorization code is present in the protocol message.
         /// </summary>
-        public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => TaskCache.CompletedTask;
+        public Func<AuthorizationCodeReceivedContext, Task> OnAuthorizationCodeReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked when a protocol message is first received.
         /// </summary>
-        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => TaskCache.CompletedTask;
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked before redirecting to the identity provider to authenticate.
         /// </summary>
-        public Func<RedirectContext, Task> OnRedirectToIdentityProvider { get; set; } = context => TaskCache.CompletedTask;
+        public Func<RedirectContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked before redirecting to the identity provider to sign out.
         /// </summary>
-        public Func<RedirectContext, Task> OnRedirectToIdentityProviderForSignOut { get; set; } = context => TaskCache.CompletedTask;
+        public Func<RedirectContext, Task> OnRedirectToIdentityProviderForSignOut { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked when a request is received on the RemoteSignOutPath.
         /// </summary>
-        public Func<RemoteSignOutContext, Task> OnRemoteSignOut { get; set; } = context => TaskCache.CompletedTask;
+        public Func<RemoteSignOutContext, Task> OnRemoteSignOut { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
         /// </summary>
-        public Func<TokenResponseReceivedContext, Task> OnTokenResponseReceived { get; set; } = context => TaskCache.CompletedTask;
+        public Func<TokenResponseReceivedContext, Task> OnTokenResponseReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked when an IdToken has been validated and produced an AuthenticationTicket.
         /// </summary>
-        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => TaskCache.CompletedTask;
+        public Func<TokenValidatedContext, Task> OnTokenValidated { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked when user information is retrieved from the UserInfoEndpoint.
         /// </summary>
-        public Func<UserInformationReceivedContext, Task> OnUserInformationReceived { get; set; } = context => TaskCache.CompletedTask;
+        public Func<UserInformationReceivedContext, Task> OnUserInformationReceived { get; set; } = context => Task.CompletedTask;
 
         public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 8e4fb774db..d3789cd507 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -10,7 +10,6 @@
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
index 2c8b30e9fc..c079ebb14f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
@@ -15,7 +14,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <summary>
         /// Gets or sets the function that is invoked when the Authenticated method is invoked.
         /// </summary>
-        public Func<TwitterCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => TaskCache.CompletedTask;
+        public Func<TwitterCreatingTicketContext, Task> OnCreatingTicket { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
@@ -23,7 +22,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         public Func<TwitterRedirectToAuthorizationEndpointContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         };
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 6bf4a66d3f..8d834ee8d1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -13,7 +13,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index b094709196..788df7e19c 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -7,7 +7,6 @@ using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -119,7 +118,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// <returns>A task</returns>
         protected virtual Task InitializeHandlerAsync()
         {
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
 
         protected string BuildRedirectUri(string targetPath)
@@ -193,7 +192,7 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected virtual Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
 
         public async Task SignOutAsync(AuthenticationProperties properties)
@@ -205,7 +204,7 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected virtual Task HandleSignOutAsync(AuthenticationProperties properties)
         {
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
 
         /// <summary>
@@ -216,7 +215,7 @@ namespace Microsoft.AspNetCore.Authentication
         protected virtual Task HandleForbiddenAsync(AuthenticationProperties properties)
         {
             Response.StatusCode = 403;
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
 
         /// <summary>
@@ -229,7 +228,7 @@ namespace Microsoft.AspNetCore.Authentication
         protected virtual Task HandleChallengeAsync(AuthenticationProperties properties)
         {
             Response.StatusCode = 401;
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
 
         public async Task ChallengeAsync(AuthenticationProperties properties)
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
index a130c1b14c..83a6507d42 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -3,15 +3,14 @@
 
 using System;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authentication
 {
     public class RemoteAuthenticationEvents
     {
-        public Func<FailureContext, Task> OnRemoteFailure { get; set; } = context => TaskCache.CompletedTask;
+        public Func<FailureContext, Task> OnRemoteFailure { get; set; } = context => Task.CompletedTask;
 
-        public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => TaskCache.CompletedTask;
+        public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked when there is a remote failure
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index cbdb05b58a..adbd5b3f16 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -19,7 +19,6 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
     <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
index b8447e4154..83530a2bed 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -17,7 +17,6 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="$(AspNetCoreVersion)" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
index 4248e4813d..93b1deea6d 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
@@ -5,7 +5,6 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -68,7 +67,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
index 5bae319b3e..e88cce7aac 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
@@ -3,7 +3,6 @@
 
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -28,7 +27,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
             {
                 context.Succeed(requirement);
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
index 9fb295082b..02ab946fad 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -47,7 +46,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
index 44e2b9a220..811e17aacd 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
@@ -5,7 +5,6 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Internal;
 
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
@@ -62,7 +61,7 @@ namespace Microsoft.AspNetCore.Authorization.Infrastructure
                     context.Succeed(requirement);
                 }
             }
-            return TaskCache.CompletedTask;
+            return Task.CompletedTask;
         }
 
     }
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 0022d27437..15100fbbcc 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -17,7 +17,6 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>

From d6f2767d1aefde024279a3bcb6774f8f2b46e7c1 Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Fri, 9 Jun 2017 15:45:35 -0700
Subject: [PATCH 743/900] Update
 Microsoft.IdentityModel.Clients.ActiveDirectory version to 3.13.9

---
 build/dependencies.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 02a36ec835..1fd0f3155f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -2,7 +2,7 @@
   <PropertyGroup>
     <AspNetCoreVersion>2.0.0-preview2-*</AspNetCoreVersion>
     <CoreFxVersion>4.4.0-*</CoreFxVersion>
-    <IdentityModelActiveDirectoryVersion>3.13.8</IdentityModelActiveDirectoryVersion>
+    <IdentityModelActiveDirectoryVersion>3.13.9</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
     <InternalAspNetCoreSdkVersion>2.1.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>

From bc3c4e9f12f432f69abc5a9d6ee42573cef5818e Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 9 Jun 2017 16:23:47 -0700
Subject: [PATCH 744/900] #1200 Doc comments for OnRedirectToIdentityProvider

---
 .../Events/OpenIdConnectEvents.cs                             | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index 660eba0b33..d8467be8d7 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -27,7 +27,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
-        /// Invoked before redirecting to the identity provider to authenticate.
+        /// Invoked before redirecting to the identity provider to authenticate. This can be used to set ProtocolMessage.State
+        /// that will be persisted through the authentication process. The ProtocolMessage can also be used to add or customize
+        /// parameters sent to the identity provider.
         /// </summary>
         public Func<RedirectContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.CompletedTask;
 

From 9797d4bc5f3e54ffca3487c038044990585e278c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 12 Jun 2017 14:58:11 -0700
Subject: [PATCH 745/900] Reenable API check

---
 ...t.AspNetCore.Authentication.Cookies.csproj |   1 -
 .../breakingchanges.netcore.json              |  87 ++++++++++++
 ....AspNetCore.Authentication.Facebook.csproj |   1 -
 .../breakingchanges.netcore.json              |  19 +++
 ...ft.AspNetCore.Authentication.Google.csproj |   1 -
 .../breakingchanges.netcore.json              |  40 ++++++
 ...AspNetCore.Authentication.JwtBearer.csproj |   1 -
 .../breakingchanges.netcore.json              |  58 ++++++++
 ...ore.Authentication.MicrosoftAccount.csproj |   1 -
 .../breakingchanges.netcore.json              |  19 +++
 ...oft.AspNetCore.Authentication.OAuth.csproj |   1 -
 .../breakingchanges.netcore.json              |  46 +++++++
 ...etCore.Authentication.OpenIdConnect.csproj |   1 -
 .../breakingchanges.netcore.json              | 117 ++++++++++++++++
 ...t.AspNetCore.Authentication.Twitter.csproj |   1 -
 .../breakingchanges.netcore.json              |  62 +++++++++
 ...Microsoft.AspNetCore.Authentication.csproj |   1 -
 .../breakingchanges.netcore.json              | 126 ++++++++++++++++++
 18 files changed, 574 insertions(+), 9 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 95aebf38bc..712aa81772 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -9,7 +9,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
new file mode 100644
index 0000000000..c223c035c4
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
@@ -0,0 +1,87 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents : Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.CookieAuthenticationOptions : Microsoft.AspNetCore.Builder.AuthenticationOptions, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public interface Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authentication.AuthenticationTicket ticket, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, Microsoft.AspNetCore.Http.CookieOptions cookieOptions)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, System.String authenticationScheme, System.Security.Claims.ClaimsPrincipal principal, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, System.String authenticationScheme, System.Security.Claims.ClaimsPrincipal principal, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, Microsoft.AspNetCore.Http.CookieOptions cookieOptions)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, System.String redirectUri, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.CookieAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseCookieAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index a939958e27..a9ec571996 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -8,7 +8,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json
new file mode 100644
index 0000000000..f64e6b8342
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json
@@ -0,0 +1,19 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Facebook.FacebookMiddleware : Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.FacebookOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.FacebookOptions : Microsoft.AspNetCore.Builder.OAuthOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Facebook.FacebookHelper",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.FacebookAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseFacebookAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.FacebookOptions options)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index 9f4cee9d59..805de682fd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -8,7 +8,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json
new file mode 100644
index 0000000000..db3d1fcf0c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json
@@ -0,0 +1,40 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Google.GoogleMiddleware : Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.GoogleOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.GoogleOptions : Microsoft.AspNetCore.Builder.OAuthOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.GoogleAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseGoogleAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.GoogleOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
+      "MemberId": "public static System.String GetFamilyName(Newtonsoft.Json.Linq.JObject user)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
+      "MemberId": "public static System.String GetGivenName(Newtonsoft.Json.Linq.JObject user)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
+      "MemberId": "public static System.String GetId(Newtonsoft.Json.Linq.JObject user)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
+      "MemberId": "public static System.String GetName(Newtonsoft.Json.Linq.JObject user)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
+      "MemberId": "public static System.String GetProfile(Newtonsoft.Json.Linq.JObject user)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 3c55004a47..fe0bda1647 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -6,7 +6,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
new file mode 100644
index 0000000000..d810a2bb90
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
@@ -0,0 +1,58 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents : Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.JwtBearerOptions : Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public interface Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public Microsoft.AspNetCore.Builder.JwtBearerOptions get_Options()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseJwtBearerAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 1accdf8f14..9437b57276 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -8,7 +8,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json
new file mode 100644
index 0000000000..66f2a77b4e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json
@@ -0,0 +1,19 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountMiddleware : Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.MicrosoftAccountOptions : Microsoft.AspNetCore.Builder.OAuthOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountHelper",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.MicrosoftAccountAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseMicrosoftAccountAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.MicrosoftAccountOptions options)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 88d6794e9d..a15a75ee6f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -8,7 +8,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
new file mode 100644
index 0000000000..96fd03e985
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
@@ -0,0 +1,46 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents : Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents, Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0> : Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0> where T0 : Microsoft.AspNetCore.Builder.OAuthOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<T0> : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0> where T0 : Microsoft.AspNetCore.Builder.OAuthOptions, new()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.OAuthOptions : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public interface Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OAuthOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, System.String redirectUri)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "MemberId": "public Microsoft.AspNetCore.Builder.OAuthOptions get_Options()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseOAuthAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.OAuthOptions options)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index d3789cd507..ae8ffd8d59 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -6,7 +6,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
new file mode 100644
index 0000000000..4ba3fb756a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
@@ -0,0 +1,117 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents : Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents, Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler : Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.OpenIdConnectOptions : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public interface Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public Microsoft.AspNetCore.Builder.OpenIdConnectOptions get_Options()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options, Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage message)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseOpenIdConnectAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index 8d834ee8d1..d9c5cd0b37 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -8,7 +8,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
new file mode 100644
index 0000000000..2023eb0b7a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
@@ -0,0 +1,62 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents : Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents, Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.TwitterOptions>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.TwitterOptions : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public interface Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.TwitterOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, System.String redirectUri)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.TwitterOptions options, System.String userId, System.String screenName, System.String accessToken, System.String accessTokenSecret, Newtonsoft.Json.Linq.JObject user)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseTwitterAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.TwitterOptions options)",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index adbd5b3f16..8a1f970423 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -8,7 +8,6 @@
     <NoWarn>$(NoWarn);CS1591</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <EnableApiCheck>false</EnableApiCheck>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
new file mode 100644
index 0000000000..0eb0bfaf5f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
@@ -0,0 +1,126 @@
+  [
+    {
+      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0> : Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler where T0 : Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0> where T0 : Microsoft.AspNetCore.Builder.AuthenticationOptions, new()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0> : Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0> where T0 : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public abstract class Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.AuthenticateResult",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.AuthenticationToken",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformationContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformationHandler : Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformationMiddleware",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformer : Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.PropertiesDataFormat : Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.PropertiesSerializer : Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions : Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public interface Microsoft.AspNetCore.Authentication.IClaimsTransformer",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public interface Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Authentication.AuthenticationTokenExtensions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.ClaimsTransformationAppBuilderExtensions",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions options, Microsoft.AspNetCore.Authentication.AuthenticationTicket ticket)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions get_Options()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public System.Void set_Options(Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions> configureOptions)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.BaseControlContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "MemberId": "public System.Boolean CheckEventResult(out Microsoft.AspNetCore.Authentication.AuthenticateResult result)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.BaseControlContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "MemberId": "public System.Void SkipToNextMiddleware()",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file

From 200ce723120a9e5672aa9d2ee07ce5422bcb0a5e Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Tue, 13 Jun 2017 11:51:00 -0700
Subject: [PATCH 746/900] Rename PostLogoutRedirectUri to avoid spec confusion

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs               | 2 +-
 .../OpenIdConnectHandler.cs                                  | 2 +-
 .../OpenIdConnectOptions.cs                                  | 5 +++--
 .../OpenIdConnect/OpenIdConnectTests.cs                      | 4 ++--
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index ebb59c0604..e6ad7804d3 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -58,7 +58,7 @@ namespace OpenIdConnect.AzureAdSample
                 o.ClientSecret = ClientSecret; // for code flow
                 o.Authority = Authority;
                 o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
-                o.PostLogoutRedirectUri = "/signed-out";
+                o.SignedOutRedirectUri = "/signed-out";
                 // GetClaimsFromUserInfoEndpoint = true,
                 o.Events = new OpenIdConnectEvents()
                 {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 89d949a001..f4dcea4c84 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -182,7 +182,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             // Get the post redirect URI.
             if (string.IsNullOrEmpty(properties.RedirectUri))
             {
-                properties.RedirectUri = BuildRedirectUriIfRelative(Options.PostLogoutRedirectUri);
+                properties.RedirectUri = BuildRedirectUriIfRelative(Options.SignedOutRedirectUri);
                 if (string.IsNullOrWhiteSpace(properties.RedirectUri))
                 {
                     properties.RedirectUri = CurrentUri;
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index b2d69d5249..a199016ddf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -167,15 +167,16 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         /// <summary>
         /// The request path within the application's base path where the user agent will be returned after sign out from the identity provider.
+        /// See post_logout_redirect_uri from http://openid.net/specs/openid-connect-session-1_0.html#RedirectionAfterLogout.
         /// </summary>
         public PathString SignedOutCallbackPath { get; set; }
 
         /// <summary>
-        /// The uri where the user agent will be returned to after application is signed out from the identity provider.
+        /// The uri where the user agent will be redirected to after application is signed out from the identity provider.
         /// The redirect will happen after the SignedOutCallbackPath is invoked.
         /// </summary>
         /// <remarks>This URI can be out of the application's domain. By default it points to the root.</remarks>
-        public string PostLogoutRedirectUri { get; set; } = "/";
+        public string SignedOutRedirectUri { get; set; } = "/";
 
         /// <summary>
         /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index 1708e604ef..99bc1ec8c8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -119,7 +119,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 o.Configuration = configuration;
                 o.StateDataFormat = stateFormat;
                 o.SignedOutCallbackPath = "/thelogout";
-                o.PostLogoutRedirectUri = "https://example.com/postlogout";
+                o.SignedOutRedirectUri = "https://example.com/postlogout";
             });
 
             var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
@@ -150,7 +150,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 o.StateDataFormat = stateFormat;
                 o.ClientId = "Test Id";
                 o.Configuration = configuration;
-                o.PostLogoutRedirectUri = "https://example.com/postlogout";
+                o.SignedOutRedirectUri = "https://example.com/postlogout";
             });
 
             var transaction = await server.SendAsync("https://example.com/signout_with_specific_redirect_uri");

From 879f0b7f4053a34b44e34bd22c788c6129115175 Mon Sep 17 00:00:00 2001
From: Javier Calvarro Nelson <jacalvar@microsoft.com>
Date: Tue, 13 Jun 2017 09:10:14 -0700
Subject: [PATCH 747/900] [Fixes #1133] Limit the path on the nonce and
 correlation id cookies

---
 .../OpenIdConnectHandler.cs                   |  22 ++--
 .../OpenIdConnectOptions.cs                   |   6 +
 .../TwitterHandler.cs                         |   4 +
 .../TwitterOptions.cs                         |   6 +
 .../RemoteAuthenticationHandler.cs            |   7 ++
 .../RemoteAuthenticationOptions.cs            |   6 +
 .../OAuthTests.cs                             |  65 +++++++++++
 .../OpenIdConnect/OpenIdConnectTests.cs       | 105 +++++++++++++++++-
 8 files changed, 213 insertions(+), 8 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index f4dcea4c84..1dec541970 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -886,16 +886,21 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(nonce));
             }
 
+            var options = new CookieOptions
+            {
+                HttpOnly = true,
+                SameSite = Http.SameSiteMode.None,
+                Path = OriginalPathBase + Options.CallbackPath,
+                Secure = Request.IsHttps,
+                Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
+            };
+
+            Options.ConfigureNonceCookie?.Invoke(Context, options);
+
             Response.Cookies.Append(
                 OpenIdConnectDefaults.CookieNoncePrefix + Options.StringDataFormat.Protect(nonce),
                 NonceProperty,
-                new CookieOptions
-                {
-                    HttpOnly = true,
-                    SameSite = Http.SameSiteMode.None,
-                    Secure = Request.IsHttps,
-                    Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
-                });
+                options);
         }
 
         /// <summary>
@@ -924,10 +929,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                             var cookieOptions = new CookieOptions
                             {
                                 HttpOnly = true,
+                                Path = OriginalPathBase + Options.CallbackPath,
                                 SameSite = Http.SameSiteMode.None,
                                 Secure = Request.IsHttps
                             };
 
+                            Options.ConfigureNonceCookie?.Invoke(Context, cookieOptions);
+
                             Response.Cookies.Delete(nonceKey, cookieOptions);
                             return nonce;
                         }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index a199016ddf..a42f0eba33 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -262,5 +262,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// remote OpenID Connect provider as an authorization/logout request parameter.
         /// </summary>
         public bool DisableTelemetry { get; set; }
+
+        /// <summary>
+        /// Gets or sets an action that can override the nonce cookie options before the
+        /// cookie gets added to the response.
+        /// </summary>
+        public Action<HttpContext, CookieOptions> ConfigureNonceCookie { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 0eab83e41a..baa4320d1b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -87,6 +87,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 Secure = Request.IsHttps
             };
 
+            Options.ConfigureStateCookie?.Invoke(Context, cookieOptions);
+
             Response.Cookies.Delete(StateCookie, cookieOptions);
 
             var accessToken = await ObtainAccessTokenAsync(requestToken, oauthVerifier);
@@ -159,6 +161,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
 
+            Options.ConfigureStateCookie?.Invoke(Context, cookieOptions);
+
             Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
 
             var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(Context, Scheme, Options, properties, twitterAuthenticationEndpoint);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index cf1bf48566..8b57f2502f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -58,6 +58,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// </summary>
         public ISecureDataFormat<RequestToken> StateDataFormat { get; set; }
 
+        /// <summary>
+        /// Gets or sets an action that can override the state cookie options before the
+        /// cookie gets added to the response.
+        /// </summary>
+        public Action<HttpContext, CookieOptions> ConfigureStateCookie { get; set; }
+
         /// <summary>
         /// Gets or sets the <see cref="TwitterEvents"/> used to handle authentication events.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 2ff06062de..69c926cc0f 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -205,9 +205,12 @@ namespace Microsoft.AspNetCore.Authentication
                 HttpOnly = true,
                 SameSite = SameSiteMode.None,
                 Secure = Request.IsHttps,
+                Path = OriginalPathBase + Options.CallbackPath,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
 
+            Options.ConfigureCorrelationIdCookie?.Invoke(Context, cookieOptions);
+
             properties.Items[CorrelationProperty] = correlationId;
 
             var cookieName = CorrelationPrefix + Scheme.Name + "." + correlationId;
@@ -243,9 +246,13 @@ namespace Microsoft.AspNetCore.Authentication
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
+                Path = OriginalPathBase + Options.CallbackPath,
                 SameSite = SameSiteMode.None,
                 Secure = Request.IsHttps
             };
+
+            Options.ConfigureCorrelationIdCookie?.Invoke(Context, cookieOptions);
+
             Response.Cookies.Delete(cookieName, cookieOptions);
 
             if (!string.Equals(correlationCookie, CorrelationMarker, StringComparison.Ordinal))
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 65cf6f2ec7..066ca963a3 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -87,5 +87,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// the size of the final authentication cookie.
         /// </summary>
         public bool SaveTokens { get; set; }
+
+        /// <summary>
+        /// Gets or sets an action that can override the correlation id cookie options before the
+        /// cookie gets added to the response.
+        /// </summary>
+        public Action<HttpContext, CookieOptions> ConfigureCorrelationIdCookie { get; set; }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 2381fd6cd7..dcc96c0942 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Net;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
@@ -165,6 +166,70 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
+        [Fact]
+        public async Task RedirectToIdentityProvider_SetsCorrelationIdCookiePath_ToCallBackPath()
+        {
+            var server = CreateServer(
+                app => { },
+                s => s.AddOAuthAuthentication(
+                    "Weblie",
+                    opt =>
+                    {
+                        opt.ClientId = "Test Id";
+                        opt.ClientSecret = "secret";
+                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
+                        opt.TokenEndpoint = "https://example.com/provider/token";
+                        opt.CallbackPath = "/oauth-callback";
+                    }),
+                ctx =>
+                {
+                    ctx.ChallengeAsync("Weblie").ConfigureAwait(false).GetAwaiter().GetResult();
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("https://www.example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+            var setCookie = Assert.Single(res.Headers, h => h.Key == "Set-Cookie");
+            var correlation = Assert.Single(setCookie.Value, v => v.StartsWith(".AspNetCore.Correlation."));
+            Assert.Contains("path=/oauth-callback", correlation);
+        }
+
+        [Fact]
+        public async Task RedirectToAuthorizeEndpoint_CorrelationIdCookieOptions_CanBeOverriden()
+        {
+            var server = CreateServer(
+                app => { },
+                s => s.AddOAuthAuthentication(
+                    "Weblie",
+                    opt =>
+                    {
+                        opt.ClientId = "Test Id";
+                        opt.ClientSecret = "secret";
+                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
+                        opt.TokenEndpoint = "https://example.com/provider/token";
+                        opt.CallbackPath = "/oauth-callback";
+                        opt.ConfigureCorrelationIdCookie = (ctx, options) => options.Path = "/";
+                    }),
+                ctx =>
+                {
+                    ctx.ChallengeAsync("Weblie").ConfigureAwait(false).GetAwaiter().GetResult();
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("https://www.example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+            var setCookie = Assert.Single(res.Headers, h => h.Key == "Set-Cookie");
+            var correlation = Assert.Single(setCookie.Value, v => v.StartsWith(".AspNetCore.Correlation."));
+            Assert.Contains("path=/", correlation);
+        }
 
         private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index 99bc1ec8c8..6cfda3b85a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -60,6 +60,108 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OpenIdConnectParameterNames.VersionTelemetry);
         }
 
+        [Fact]
+        public async Task RedirectToIdentityProvider_SetsNonceCookiePath_ToCallBackPath()
+        {
+            var setting = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                opt.Configuration = new OpenIdConnectConfiguration
+                {
+                    AuthorizationEndpoint = "https://example.com/provider/login"
+                };
+            });
+
+            var server = setting.CreateTestServer();
+
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Challenge);
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+            var setCookie = Assert.Single(res.Headers, h => h.Key == "Set-Cookie");
+            var nonce = Assert.Single(setCookie.Value, v => v.StartsWith(OpenIdConnectDefaults.CookieNoncePrefix));
+            Assert.Contains("path=/signin-oidc", nonce);
+        }
+
+        [Fact]
+        public async Task RedirectToIdentityProvider_NonceCookieOptions_CanBeOverriden()
+        {
+            var setting = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                opt.Configuration = new OpenIdConnectConfiguration
+                {
+                    AuthorizationEndpoint = "https://example.com/provider/login"
+                };
+                opt.ConfigureNonceCookie = (ctx, options) => options.Path = "/";
+            });
+
+            var server = setting.CreateTestServer();
+
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Challenge);
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+            var setCookie = Assert.Single(res.Headers, h => h.Key == "Set-Cookie");
+            var nonce = Assert.Single(setCookie.Value, v => v.StartsWith(OpenIdConnectDefaults.CookieNoncePrefix));
+            Assert.Contains("path=/", nonce);
+        }
+
+        [Fact]
+        public async Task RedirectToIdentityProvider_SetsCorrelationIdCookiePath_ToCallBackPath()
+        {
+            var setting = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                opt.Configuration = new OpenIdConnectConfiguration
+                {
+                    AuthorizationEndpoint = "https://example.com/provider/login"
+                };
+            });
+
+            var server = setting.CreateTestServer();
+
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Challenge);
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+            var setCookie = Assert.Single(res.Headers, h => h.Key == "Set-Cookie");
+            var correlation = Assert.Single(setCookie.Value, v => v.StartsWith(".AspNetCore.Correlation."));
+            Assert.Contains("path=/signin-oidc", correlation);
+        }
+
+        [Fact]
+        public async Task RedirectToIdentityProvider_CorrelationIdCookieOptions_CanBeOverriden()
+        {
+            var setting = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                opt.Configuration = new OpenIdConnectConfiguration
+                {
+                    AuthorizationEndpoint = "https://example.com/provider/login"
+                };
+                opt.ConfigureCorrelationIdCookie = (ctx, options) => options.Path = "/";
+            });
+
+            var server = setting.CreateTestServer();
+
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Challenge);
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.NotNull(res.Headers.Location);
+            var setCookie = Assert.Single(res.Headers, h => h.Key == "Set-Cookie");
+            var correlation = Assert.Single(setCookie.Value, v => v.StartsWith(".AspNetCore.Correlation."));
+            Assert.Contains("path=/", correlation);
+        }
+
         [Fact]
         public async Task EndSessionRequestDoesNotIncludeTelemetryParametersWhenDisabled()
         {
@@ -173,7 +275,8 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         [Fact]
         public async Task SignOut_WithMissingConfig_Throws()
         {
-            var setting = new TestSettings(opt => {
+            var setting = new TestSettings(opt =>
+            {
                 opt.ClientId = "Test Id";
                 opt.Configuration = new OpenIdConnectConfiguration();
             });

From 05c6cbe46697ff298aa7e416f7c2873791a03063 Mon Sep 17 00:00:00 2001
From: Gerardo Saca <gsacavdm@microsoft.com>
Date: Fri, 23 Jun 2017 09:00:31 -0700
Subject: [PATCH 748/900] Fix documentation for JwtBearerOptions.Events (#1249)

---
 .../JwtBearerOptions.cs                                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index 9a480763d4..0d0a88e247 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -47,7 +47,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
         /// <summary>
         /// The object provided by the application to process events raised by the bearer authentication handler.
-        /// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
+        /// The application may implement the interface fully, or it may create an instance of JwtBearerEvents
         /// and assign delegates only to the events it wants to process.
         /// </summary>
         public new JwtBearerEvents Events

From 717625c948a7b333b1a4aeda8d5a092d7ba5eca0 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Mon, 26 Jun 2017 09:42:10 -0700
Subject: [PATCH 749/900] Adding libunwind8 to .travis.yml

[skip appveyor]
---
 .travis.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 2a46104677..b10be14215 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -10,6 +10,10 @@ os:
   - linux
   - osx
 osx_image: xcode8.2
+addons:
+  apt:
+    packages:
+      - libunwind8
 branches:
   only:
     - master

From 80383606d3988095abb74ff726439261f168ce43 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 27 Jun 2017 10:31:08 -0700
Subject: [PATCH 750/900] AuthZ: Eliminate extra ToArray()

---
 .../AuthorizationServiceExtensions.cs                           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
index c128152326..866b5dbc51 100644
--- a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
@@ -62,7 +62,7 @@ namespace Microsoft.AspNetCore.Authorization
                 throw new ArgumentNullException(nameof(policy));
             }
 
-            return service.AuthorizeAsync(user, resource, policy.Requirements.ToArray());
+            return service.AuthorizeAsync(user, resource, policy.Requirements);
         }
 
         /// <summary>

From e1cd8c9bc4ae33704bc8fd44bfdacd12618e172a Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 29 Jun 2017 08:50:23 -0700
Subject: [PATCH 751/900] Add NETStandardImplicitPackageVersion

---
 build/dependencies.props | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 8f40044d1d..f00799700a 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,4 +1,4 @@
-<Project>
+<Project>
   <PropertyGroup>
     <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
     <CoreFxVersion>4.4.0-*</CoreFxVersion>
@@ -6,6 +6,7 @@
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
     <InternalAspNetCoreSdkVersion>2.1.0-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
+    <NETStandardImplicitPackageVersion>2.0.0-*</NETStandardImplicitPackageVersion>
     <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>
     <OwinVersion>3.0.1</OwinVersion>
     <RuntimeFrameworkVersion Condition="'$(TargetFramework)'=='netcoreapp2.0'">2.0.0-*</RuntimeFrameworkVersion>

From ff9f145a8e89c9756ea12ff10c6d47f2f7eb345f Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 29 Jun 2017 16:27:03 -0700
Subject: [PATCH 752/900] Refactor Events + Add IAuthenticationBuilder

---
 samples/CookieSample/Startup.cs               |   4 +-
 samples/CookieSessionSample/Startup.cs        |   4 +-
 samples/JwtBearerSample/Startup.cs            |   6 +-
 .../OpenIdConnect.AzureAdSample/Startup.cs    |   8 +-
 samples/OpenIdConnectSample/Startup.cs        |   8 +-
 samples/SocialSample/Startup.cs               |  83 ++-
 .../CookieAuthenticationHandler.cs            |  40 +-
 .../CookieExtensions.cs                       |  24 +-
 .../Events/BaseCookieContext.cs               |  30 --
 .../Events/CookieAuthenticationEvents.cs      |  16 +-
 .../Events/CookieSignedInContext.cs           |  15 +-
 .../Events/CookieSigningInContext.cs          |  14 +-
 .../Events/CookieSigningOutContext.cs         |   8 +-
 .../Events/CookieValidatePrincipalContext.cs  |  30 +-
 .../LoggingExtensions.cs                      |  35 ++
 ...stConfigureCookieAuthenticationOptions.cs} |   1 -
 .../breakingchanges.netcore.json              |  80 +--
 .../FacebookExtensions.cs                     |  12 +
 .../FacebookHandler.cs                        |   6 +-
 .../GoogleExtensions.cs                       |  13 +
 .../GoogleHandler.cs                          |   7 +-
 .../Events/AuthenticationFailedContext.cs     |  11 +-
 .../Events/BaseJwtBearerContext.cs            |  32 --
 .../Events/JwtBearerChallengeContext.cs       |  25 +-
 .../Events/MessageReceivedContext.cs          |  11 +-
 .../Events/TokenValidatedContext.cs           |  11 +-
 .../JwtBearerExtensions.cs                    |  15 +
 .../JwtBearerHandler.cs                       |  46 +-
 .../breakingchanges.netcore.json              |  27 +-
 .../MicrosoftAccountExtensions.cs             |  13 +
 .../MicrosoftAccountHandler.cs                |   5 +-
 .../Events/OAuthCreatingTicketContext.cs      |  61 +--
 .../Events/OAuthEvents.cs                     |   6 +-
 .../OAuthRedirectToAuthorizationContext.cs    |  41 --
 .../OAuthExtensions.cs                        |  13 +
 .../OAuthHandler.cs                           |  27 +-
 .../breakingchanges.netcore.json              |  19 +-
 .../Events/AuthenticationFailedContext.cs     |  11 +-
 .../AuthorizationCodeReceivedContext.cs       |  16 +-
 .../Events/BaseOpenIdConnectContext.cs        |  25 -
 .../Events/MessageReceivedContext.cs          |  17 +-
 .../Events/RedirectContext.cs                 |  26 +-
 .../Events/RemoteSignoutContext.cs            |  16 +-
 .../Events/TokenResponseReceivedContext.cs    |  13 +-
 .../Events/TokenValidatedContext.cs           |  17 +-
 .../Events/UserInformationReceivedContext.cs  |  13 +-
 .../LoggingExtensions.cs                      |  30 +-
 .../OpenIdConnectExtensions.cs                |  14 +
 .../OpenIdConnectHandler.cs                   | 314 ++++++------
 .../OpenIdConnectOptions.cs                   |   5 -
 .../breakingchanges.netcore.json              | 128 ++---
 .../Events/BaseTwitterContext.cs              |  30 --
 .../Events/TwitterCreatingTicketContext.cs    |  15 +-
 .../Events/TwitterEvents.cs                   |   4 +-
 ...rRedirectToAuthorizationEndpointContext.cs |  35 --
 .../TwitterExtensions.cs                      |  14 +
 .../TwitterHandler.cs                         |  25 +-
 .../breakingchanges.netcore.json              |  33 +-
 .../AuthenticationBuilder.cs                  | 103 ++++
 .../AuthenticationHandler.cs                  |  29 --
 ...thenticationServiceCollectionExtensions.cs |  11 +-
 .../Events/BaseAuthenticationContext.cs       |  41 --
 .../Events/BaseContext.cs                     |  38 +-
 .../Events/BaseControlContext.cs              |  78 ---
 .../Events/EventResultState.cs                |  23 -
 .../Events/HandleRequestContext.cs            |  32 ++
 .../Events/PrincipalContext.cs                |  30 ++
 .../Events/PropertiesContext.cs               |  31 ++
 .../Events/RedirectContext.cs}                |  18 +-
 .../Events/RemoteAuthenticationContext.cs     |  49 ++
 .../Events/RemoteAuthenticationEvents.cs      |   4 +-
 ...lureContext.cs => RemoteFailureContext.cs} |  10 +-
 .../Events/ResultContext.cs                   |  65 +++
 .../Events/TicketReceivedContext.cs           |  25 +-
 .../LoggingExtensions.cs                      |  60 ---
 .../RemoteAuthenticationHandler.cs            |  73 ++-
 .../RemoteAuthenticationOptions.cs            |   5 -
 .../RemoteAuthenticationResult.cs             |  78 +++
 .../breakingchanges.netcore.json              |  46 +-
 .../PolicyEvaluator.cs                        |   4 +-
 .../CookieTests.cs                            |  45 +-
 .../FacebookTests.cs                          |  35 +-
 .../GoogleTests.cs                            |  26 +-
 .../JwtBearerTests.cs                         |  83 ++-
 .../MicrosoftAccountTests.cs                  |  14 +-
 .../OAuthTests.cs                             |  23 -
 .../OpenIdConnectChallengeTests.cs            |   4 +-
 .../OpenIdConnectConfigurationTests.cs        |  23 +-
 .../OpenIdConnect/OpenIdConnectEventTests.cs  | 484 ++++++++++++++++--
 .../OpenIdConnect/OpenIdConnectTests.cs       |   4 -
 .../OpenIdConnect/TestServerBuilder.cs        |   6 +-
 .../TokenExtensionTests.cs                    |   6 +-
 .../TwitterTests.cs                           |  13 +-
 .../CookiePolicyTests.cs                      |   4 +-
 .../CookieInteropTests.cs                     |   8 +-
 95 files changed, 1746 insertions(+), 1493 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
 rename src/Microsoft.AspNetCore.Authentication.Cookies/{CookieAuthenticationPostConfigureOptions.cs => PostConfigureCookieAuthenticationOptions.cs} (99%)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
 rename src/{Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs => Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs} (62%)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
 rename src/Microsoft.AspNetCore.Authentication/Events/{FailureContext.cs => RemoteFailureContext.cs} (64%)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationResult.cs

diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 79d1b3c3fe..a91791070a 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -18,9 +18,7 @@ namespace CookieSample
             {
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication();
+            }).AddCookie();
         }
 
         public void Configure(IApplicationBuilder app)
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index c35dfd9998..f7b8f2bb88 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -19,9 +19,7 @@ namespace CookieSessionSample
             {
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication(o => o.SessionStore = new MemoryCacheTicketStore());
+            }).AddCookie(o => o.SessionStore = new MemoryCacheTicketStore());
         }
 
         public void Configure(IApplicationBuilder app)
diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 030e640c99..6f2c5e2ecd 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -48,9 +48,7 @@ namespace JwtBearerSample
             {
                 options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-            });
-
-            services.AddJwtBearerAuthentication(o =>
+            }).AddJwtBearer(o =>
             {
                 // You also need to update /wwwroot/app/scripts/app.js
                 o.Authority = Configuration["jwt:authority"];
@@ -59,7 +57,7 @@ namespace JwtBearerSample
                 {
                     OnAuthenticationFailed = c =>
                     {
-                        c.HandleResponse();
+                        c.NoResult();
 
                         c.Response.StatusCode = 500;
                         c.Response.ContentType = "text/plain";
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index e6ad7804d3..aab6e60df8 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -48,11 +48,9 @@ namespace OpenIdConnect.AzureAdSample
                 sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication();
-
-            services.AddOpenIdConnectAuthentication(o =>
+            })
+                .AddCookie()
+                .AddOpenIdConnect(o =>
             {
                 o.ClientId = ClientId;
                 o.ClientSecret = ClientSecret; // for code flow
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index af1406289d..bc5af750d3 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -45,11 +45,9 @@ namespace OpenIdConnectSample
                 sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication();
-
-            services.AddOpenIdConnectAuthentication(o =>
+            })
+                .AddCookie()
+                .AddOpenIdConnect(o =>
             {
                 o.ClientId = Configuration["oidc:clientid"];
                 o.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 0039720096..dcf76263d5 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -55,13 +55,11 @@ namespace SocialSample
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login"));
-
-            // You must first create an app with Facebook and add its ID and Secret to your user-secrets.
-            // https://developers.facebook.com/apps/
-            services.AddFacebookAuthentication(o =>
+            })
+                .AddCookie(o => o.LoginPath = new PathString("/login"))
+                // You must first create an app with Facebook and add its ID and Secret to your user-secrets.
+                // https://developers.facebook.com/apps/
+                .AddFacebook(o =>
             {
                 o.AppId = Configuration["facebook:appid"];
                 o.AppSecret = Configuration["facebook:appsecret"];
@@ -69,11 +67,10 @@ namespace SocialSample
                 o.Fields.Add("name");
                 o.Fields.Add("email");
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with Google and add its ID and Secret to your user-secrets.
-            // https://console.developers.google.com/project
-            services.AddOAuthAuthentication("Google-AccessToken", o =>
+            })
+                // You must first create an app with Google and add its ID and Secret to your user-secrets.
+                // https://console.developers.google.com/project
+                .AddOAuth("Google-AccessToken", o =>
             {
                 o.ClientId = Configuration["google:clientid"];
                 o.ClientSecret = Configuration["google:clientsecret"];
@@ -84,11 +81,10 @@ namespace SocialSample
                 o.Scope.Add("profile");
                 o.Scope.Add("email");
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with Google and add its ID and Secret to your user-secrets.
-            // https://console.developers.google.com/project
-            services.AddGoogleAuthentication(o =>
+            })
+                // You must first create an app with Google and add its ID and Secret to your user-secrets.
+                // https://console.developers.google.com/project
+                .AddGoogle(o =>
             {
                 o.ClientId = Configuration["google:clientid"];
                 o.ClientSecret = Configuration["google:clientsecret"];
@@ -104,11 +100,10 @@ namespace SocialSample
                 };
                 o.ClaimActions.MapJsonSubKey("urn:google:image", "image", "url");
                 o.ClaimActions.Remove(ClaimTypes.GivenName);
-            });
-
-            // You must first create an app with Twitter and add its key and Secret to your user-secrets.
-            // https://apps.twitter.com/
-            services.AddTwitterAuthentication(o =>
+            })
+                // You must first create an app with Twitter and add its key and Secret to your user-secrets.
+                // https://apps.twitter.com/
+                .AddTwitter(o =>
             {
                 o.ConsumerKey = Configuration["twitter:consumerkey"];
                 o.ConsumerSecret = Configuration["twitter:consumersecret"];
@@ -126,15 +121,14 @@ namespace SocialSample
                         return Task.FromResult(0);
                     }
                 };
-            });
-
-            /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
-               Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
-               https://localhost:44318/
-            */
-            // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
-            // https://apps.dev.microsoft.com/
-            services.AddOAuthAuthentication("Microsoft-AccessToken", o =>
+            })
+                /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
+                   Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
+                   https://localhost:44318/
+                */
+                // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
+                // https://apps.dev.microsoft.com/
+                .AddOAuth("Microsoft-AccessToken", o =>
             {
                 o.ClientId = Configuration["microsoftaccount:clientid"];
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
@@ -143,20 +137,18 @@ namespace SocialSample
                 o.TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
                 o.Scope.Add("https://graph.microsoft.com/user.read");
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
-            // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
-            services.AddMicrosoftAccountAuthentication(o =>
+            })
+                // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
+                // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
+                .AddMicrosoftAccount(o =>
             {
                 o.ClientId = Configuration["microsoftaccount:clientid"];
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
-            // https://github.com/settings/applications/
-            services.AddOAuthAuthentication("GitHub-AccessToken", o =>
+            })
+                // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
+                // https://github.com/settings/applications/
+                .AddOAuth("GitHub-AccessToken", o =>
             {
                 o.ClientId = Configuration["github-token:clientid"];
                 o.ClientSecret = Configuration["github-token:clientsecret"];
@@ -164,11 +156,10 @@ namespace SocialSample
                 o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
                 o.TokenEndpoint = "https://github.com/login/oauth/access_token";
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
-            // https://github.com/settings/applications/
-            services.AddOAuthAuthentication("GitHub", o =>
+            })
+                // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
+                // https://github.com/settings/applications/
+                .AddOAuth("GitHub", o =>
             {
                 o.ClientId = Configuration["github:clientid"];
                 o.ClientSecret = Configuration["github:clientsecret"];
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 9b04026cd1..4751c6f857 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -14,7 +14,10 @@ using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    public class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
+    public class CookieAuthenticationHandler : 
+        AuthenticationHandler<CookieAuthenticationOptions>, 
+        IAuthenticationSignInHandler, 
+        IAuthenticationSignOutHandler
     {
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueMinusOne = "-1";
@@ -104,7 +107,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
             if (string.IsNullOrEmpty(cookie))
             {
-                return AuthenticateResult.None();
+                return AuthenticateResult.NoResult();
             }
 
             var ticket = Options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding());
@@ -155,7 +158,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 return result;
             }
 
-            var context = new CookieValidatePrincipalContext(Context, Scheme, result.Ticket, Options);
+            var context = new CookieValidatePrincipalContext(Context, Scheme, Options, result.Ticket);
             await Events.ValidatePrincipal(context);
 
             if (context.Principal == null)
@@ -244,8 +247,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
         }
 
-        protected override async Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+        public async virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            properties = properties ?? new AuthenticationProperties();
+
             _signInCalled = true;
 
             // Process the request cookie to initialize members like _sessionKey.
@@ -284,7 +294,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
             }
 
-            var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
+            var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.Scheme.Name);
+
             if (Options.SessionStore != null)
             {
                 if (_sessionKey != null)
@@ -310,20 +321,23 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var signedInContext = new CookieSignedInContext(
                 Context,
                 Scheme,
-                Options,
-                Scheme.Name,
                 signInContext.Principal,
-                signInContext.Properties);
+                signInContext.Properties,
+                Options);
 
             await Events.SignedIn(signedInContext);
 
             // Only redirect on the login path
             var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
             await ApplyHeaders(shouldRedirect, signedInContext.Properties);
+
+            Logger.SignedIn(Scheme.Name);
         }
 
-        protected override async Task HandleSignOutAsync(AuthenticationProperties properties)
+        public async virtual Task SignOutAsync(AuthenticationProperties properties)
         {
+            properties = properties ?? new AuthenticationProperties();
+
             _signOutCalled = true;
 
             // Process the request cookie to initialize members like _sessionKey.
@@ -351,6 +365,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             // Only redirect on the logout path
             var shouldRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
             await ApplyHeaders(shouldRedirect, context.Properties);
+
+            Logger.SignedOut(Scheme.Name);
         }
 
         private async Task ApplyHeaders(bool shouldRedirectToReturnUrl, AuthenticationProperties properties)
@@ -380,7 +396,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 if (redirectUri != null)
                 {
                     await Events.RedirectToReturnUrl(
-                        new CookieRedirectContext(Context, Scheme, Options, redirectUri, properties));
+                        new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, redirectUri));
                 }
             }
         }
@@ -406,7 +422,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
             }
             var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
-            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(accessDeniedUri), properties);
+            var redirectContext = new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, BuildRedirectUri(accessDeniedUri));
             await Events.RedirectToAccessDenied(redirectContext);
         }
 
@@ -419,7 +435,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
 
             var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(loginUri), properties);
+            var redirectContext = new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, BuildRedirectUri(loginUri));
             await Events.RedirectToLogin(redirectContext);
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
index 6f23abcc4a..67c4416ebb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
@@ -2,16 +2,32 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.Extensions.Options;
-using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class CookieExtensions
     {
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder)
+            => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);
+
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme)
+            => builder.AddCookie(authenticationScheme, configureOptions: null);
+
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, Action<CookieAuthenticationOptions> configureOptions) 
+            => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
+        {
+            builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
+            return builder.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
+        }
+
+
+        // REMOVE below once callers have been updated
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services) => services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
 
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme) => services.AddCookieAuthentication(authenticationScheme, configureOptions: null);
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
deleted file mode 100644
index 4c949bb089..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
-    public class BaseCookieContext : BaseAuthenticationContext
-    {
-        public BaseCookieContext(
-            HttpContext context,
-            AuthenticationScheme scheme,
-            CookieAuthenticationOptions options,
-            AuthenticationProperties properties)
-            : base(context, scheme.Name, properties)
-        {
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            Options = options;
-        }
-
-        public CookieAuthenticationOptions Options { get; }
-
-        public AuthenticationScheme Scheme { get; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index c7c375de23..2b8b0416b3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -37,7 +37,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToLogin { get; set; } = context =>
+        public Func<RedirectContext<CookieAuthenticationOptions>, Task> OnRedirectToLogin { get; set; } = context =>
         {
             if (IsAjaxRequest(context.Request))
             {
@@ -54,7 +54,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToAccessDenied { get; set; } = context =>
+        public Func<RedirectContext<CookieAuthenticationOptions>, Task> OnRedirectToAccessDenied { get; set; } = context =>
         {
             if (IsAjaxRequest(context.Request))
             {
@@ -71,7 +71,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToLogout { get; set; } = context =>
+        public Func<RedirectContext<CookieAuthenticationOptions>, Task> OnRedirectToLogout { get; set; } = context =>
         {
             if (IsAjaxRequest(context.Request))
             {
@@ -87,7 +87,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <summary>
         /// A delegate assigned to this property will be invoked when the related method is called.
         /// </summary>
-        public Func<CookieRedirectContext, Task> OnRedirectToReturnUrl { get; set; } = context =>
+        public Func<RedirectContext<CookieAuthenticationOptions>, Task> OnRedirectToReturnUrl { get; set; } = context =>
         {
             if (IsAjaxRequest(context.Request))
             {
@@ -135,24 +135,24 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToLogout(CookieRedirectContext context) => OnRedirectToLogout(context);
+        public virtual Task RedirectToLogout(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToLogout(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToLogin(CookieRedirectContext context) => OnRedirectToLogin(context);
+        public virtual Task RedirectToLogin(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToLogin(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToReturnUrl(CookieRedirectContext context) => OnRedirectToReturnUrl(context);
+        public virtual Task RedirectToReturnUrl(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToReturnUrl(context);
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
         /// </summary>
         /// <param name="context">Contains information about the event</param>
-        public virtual Task RedirectToAccessDenied(CookieRedirectContext context) => OnRedirectToAccessDenied(context);
+        public virtual Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToAccessDenied(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
index 0e610c8b2d..98c31dd190 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -9,32 +9,25 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SignedIn.
     /// </summary>    
-    public class CookieSignedInContext : BaseCookieContext
+    public class CookieSignedInContext : PrincipalContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
         /// </summary>
         /// <param name="context">The HTTP request context</param>
         /// <param name="scheme">The scheme data</param>
-        /// <param name="options">The handler options</param>
-        /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param>
         /// <param name="principal">Initializes Principal property</param>
         /// <param name="properties">Initializes Properties property</param>
+        /// <param name="options">The handler options</param>
         public CookieSignedInContext(
             HttpContext context,
             AuthenticationScheme scheme,
-            CookieAuthenticationOptions options,
-            string authenticationScheme,
             ClaimsPrincipal principal,
-            AuthenticationProperties properties)
+            AuthenticationProperties properties,
+            CookieAuthenticationOptions options)
             : base(context, scheme, options, properties)
         {
             Principal = principal;
         }
-
-        /// <summary>
-        /// Contains the claims that were converted into the outgoing cookie.
-        /// </summary>
-        public ClaimsPrincipal Principal { get; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
index b91cb7e184..41d7b4f6ae 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -7,9 +7,9 @@ using Microsoft.AspNetCore.Http;
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationEvents method SigningIn.
+    /// Context object passed to the <see cref="CookieAuthenticationEvents.SigningIn(CookieSigningInContext)"/>.
     /// </summary>    
-    public class CookieSigningInContext : BaseCookieContext
+    public class CookieSigningInContext : PrincipalContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
@@ -18,7 +18,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <param name="scheme">The scheme data</param>
         /// <param name="options">The handler options</param>
         /// <param name="principal">Initializes Principal property</param>
-        /// <param name="properties">Initializes Extra property</param>
+        /// <param name="properties">The authentication properties.</param>
         /// <param name="cookieOptions">Initializes options for the authentication cookie.</param>
         public CookieSigningInContext(
             HttpContext context,
@@ -29,16 +29,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             CookieOptions cookieOptions)
             : base(context, scheme, options, properties)
         {
-            Principal = principal;
             CookieOptions = cookieOptions;
+            Principal = principal;
         }
 
-        /// <summary>
-        /// Contains the claims about to be converted into the outgoing cookie.
-        /// May be replaced or altered during the SigningIn call.
-        /// </summary>
-        public ClaimsPrincipal Principal { get; set; }
-
         /// <summary>
         /// The options for creating the outgoing cookie.
         /// May be replace or altered during the SigningIn call.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
index 0f4f4c7dcf..34f6e49ab6 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -6,9 +6,9 @@ using Microsoft.AspNetCore.Http;
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
-    /// Context object passed to the ICookieAuthenticationEvents method SigningOut    
+    /// Context object passed to the <see cref="CookieAuthenticationEvents.SigningOut(CookieSigningOutContext)"/>
     /// </summary>
-    public class CookieSigningOutContext : BaseCookieContext
+    public class CookieSigningOutContext : PropertiesContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// 
@@ -25,9 +25,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             AuthenticationProperties properties, 
             CookieOptions cookieOptions)
             : base(context, scheme, options, properties)
-        {
-            CookieOptions = cookieOptions;
-        }
+            => CookieOptions = cookieOptions;
 
         /// <summary>
         /// The options for creating the outgoing cookie.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index 3232ba52ff..d2161e42a1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Context object passed to the CookieAuthenticationEvents ValidatePrincipal method.
     /// </summary>
-    public class CookieValidatePrincipalContext : BaseCookieContext
+    public class CookieValidatePrincipalContext : PrincipalContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
@@ -19,33 +19,17 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <param name="scheme"></param>
         /// <param name="ticket">Contains the initial values for identity and extra data</param>
         /// <param name="options"></param>
-        public CookieValidatePrincipalContext(HttpContext context, AuthenticationScheme scheme, AuthenticationTicket ticket, CookieAuthenticationOptions options)
+        public CookieValidatePrincipalContext(HttpContext context, AuthenticationScheme scheme, CookieAuthenticationOptions options, AuthenticationTicket ticket)
             : base(context, scheme, options, ticket?.Properties)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
             if (ticket == null)
             {
                 throw new ArgumentNullException(nameof(ticket));
             }
 
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
             Principal = ticket.Principal;
         }
 
-        /// <summary>
-        /// Contains the claims principal arriving with the request. May be altered to change the 
-        /// details of the authenticated user.
-        /// </summary>
-        public ClaimsPrincipal Principal { get; private set; }
-
         /// <summary>
         /// If true, the cookie will be renewed
         /// </summary>
@@ -56,18 +40,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// Principal property, which determines the identity of the authenticated request.
         /// </summary>
         /// <param name="principal">The <see cref="ClaimsPrincipal"/> used as the replacement</param>
-        public void ReplacePrincipal(ClaimsPrincipal principal)
-        {
-            Principal = principal;
-        }
+        public void ReplacePrincipal(ClaimsPrincipal principal) => Principal = principal;
 
         /// <summary>
         /// Called to reject the incoming principal. This may be done if the application has determined the
         /// account is no longer active, and the request should be treated as if it was anonymous.
         /// </summary>
-        public void RejectPrincipal()
-        {
-            Principal = null;
-        }
+        public void RejectPrincipal() => Principal = null;
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
new file mode 100644
index 0000000000..d12735443f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
@@ -0,0 +1,35 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, string, Exception> _authSchemeSignedIn;
+        private static Action<ILogger, string, Exception> _authSchemeSignedOut;
+
+        static LoggingExtensions()
+        {
+            _authSchemeSignedIn = LoggerMessage.Define<string>(
+                eventId: 10,
+                logLevel: LogLevel.Information,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} signed in.");
+            _authSchemeSignedOut = LoggerMessage.Define<string>(
+                eventId: 11,
+                logLevel: LogLevel.Information,
+                formatString: "AuthenticationScheme: {AuthenticationScheme} signed out.");
+        }
+
+        public static void SignedIn(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeSignedIn(logger, authenticationScheme, null);
+        }
+
+        public static void SignedOut(this ILogger logger, string authenticationScheme)
+        {
+            _authSchemeSignedOut(logger, authenticationScheme, null);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationPostConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
similarity index 99%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationPostConfigureOptions.cs
rename to src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
index 38211e0f19..e6a62d1b68 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationPostConfigureOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
@@ -55,6 +55,5 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
             }
         }
-
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
index c223c035c4..91781d2dd2 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
@@ -19,69 +19,29 @@
       "TypeId": "public interface Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
       "Kind": "Removal"
     },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Authentication.AuthenticationTicket ticket, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, Microsoft.AspNetCore.Http.CookieOptions cookieOptions)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, System.String authenticationScheme, System.Security.Claims.ClaimsPrincipal principal, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, System.String authenticationScheme, System.Security.Claims.ClaimsPrincipal principal, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, Microsoft.AspNetCore.Http.CookieOptions cookieOptions)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options, System.String redirectUri, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
     {
       "TypeId": "public static class Microsoft.AspNetCore.Builder.CookieAppBuilderExtensions",
       "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseCookieAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options)",
       "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
+      "Kind": "Removal"
     }
   ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index 4f30b9ba9c..e4dcbfee8b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -2,12 +2,24 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Facebook;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class FacebookAuthenticationOptionsExtensions
     {
+        public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder)
+            => builder.AddFacebook(FacebookDefaults.AuthenticationScheme, _ => { });
+
+        public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, Action<FacebookOptions> configureOptions)
+            => builder.AddFacebook(FacebookDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, Action<FacebookOptions> configureOptions)
+            => builder.AddOAuth<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
+
+
+        // REMOVE below once callers have been updated
         public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services) 
             => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, _ => { });
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index c94048f9b9..8a1f29bbe5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -42,13 +42,13 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, payload);
             context.RunClaimActions();
 
             await Events.CreatingTicket(context);
 
-            return context.Ticket;
+            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
+
         }
 
         private string GenerateAppSecretProof(string accessToken)
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index be40822c57..ee42c5564c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -2,12 +2,25 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Google;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class GoogleExtensions
     {
+        public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder)
+            => builder.AddGoogle(GoogleDefaults.AuthenticationScheme, _ => { });
+
+        public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, Action<GoogleOptions> configureOptions)
+            => builder.AddGoogle(GoogleDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, Action<GoogleOptions> configureOptions)
+            => builder.AddOAuth<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
+
+
+        // REMOVE below once callers have been updated
+
         public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services) 
             => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, _ => { });
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 3a93c5cbf7..aa5e596494 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -39,14 +39,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var principal = new ClaimsPrincipal(identity);
-            var ticket = new AuthenticationTicket(principal, properties, Scheme.Name);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, payload);
             context.RunClaimActions();
 
             await Events.CreatingTicket(context);
-
-            return context.Ticket;
+            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
         }
 
         // TODO: Abstract this properties override pattern into the base class?
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index b47a9bab0f..1c2efd6c73 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -6,12 +6,13 @@ using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class AuthenticationFailedContext : BaseJwtBearerContext
+    public class AuthenticationFailedContext : ResultContext<JwtBearerOptions>
     {
-        public AuthenticationFailedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
-            : base(context, scheme, options)
-        {
-        }
+        public AuthenticationFailedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            JwtBearerOptions options)
+            : base(context, scheme, options) { }
 
         public Exception Exception { get; set; }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
deleted file mode 100644
index 313e999d0d..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication.JwtBearer
-{
-    public class BaseJwtBearerContext : BaseControlContext
-    {
-        public BaseJwtBearerContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
-            : base(context)
-        {
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            if (scheme == null)
-            {
-                throw new ArgumentNullException(nameof(scheme));
-            }
-
-            Options = options;
-            Scheme = scheme;
-        }
-
-        public JwtBearerOptions Options { get; }
-
-        public AuthenticationScheme Scheme { get; }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index e6f931f6db..6500e1e3f7 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -6,15 +6,14 @@ using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class JwtBearerChallengeContext : BaseJwtBearerContext
+    public class JwtBearerChallengeContext : PropertiesContext<JwtBearerOptions>
     {
-        public JwtBearerChallengeContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options, AuthenticationProperties properties)
-            : base(context, scheme, options)
-        {
-            Properties = properties;
-        }
-
-        public AuthenticationProperties Properties { get; }
+        public JwtBearerChallengeContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            JwtBearerOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme, options, properties) { }
 
         /// <summary>
         /// Any failures encountered during the authentication process.
@@ -40,5 +39,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         /// WWW-Authenticate header. This property is always null unless explicitly set.
         /// </summary>
         public string ErrorUri { get; set; }
+
+        /// <summary>
+        /// If true, will skip any default logic for this challenge.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Skips any default logic for this challenge.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index 530a945cab..3c263f6b24 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -5,12 +5,13 @@ using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class MessageReceivedContext : BaseJwtBearerContext
+    public class MessageReceivedContext : ResultContext<JwtBearerOptions>
     {
-        public MessageReceivedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
-            : base(context, scheme, options)
-        {
-        }
+        public MessageReceivedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            JwtBearerOptions options)
+            : base(context, scheme, options) { }
 
         /// <summary>
         /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index 3667865da1..39b677b96d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -6,12 +6,13 @@ using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    public class TokenValidatedContext : BaseJwtBearerContext
+    public class TokenValidatedContext : ResultContext<JwtBearerOptions>
     {
-        public TokenValidatedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
-            : base(context, scheme, options)
-        {
-        }
+        public TokenValidatedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            JwtBearerOptions options)
+            : base(context, scheme, options) { }
 
         public SecurityToken SecurityToken { get; set; }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
index 582eb6314d..4f051bd39a 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
@@ -10,6 +11,20 @@ namespace Microsoft.Extensions.DependencyInjection
 {
     public static class JwtBearerExtensions
     {
+        public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder)
+            => builder.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, _ => { });
+
+        public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder, Action<JwtBearerOptions> configureOptions)
+            => builder.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
+        {
+            builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<JwtBearerOptions>, JwtBearerPostConfigureOptions>());
+            return builder.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
+        }
+
+
+        // REMOVE once callers updated
         public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services) 
             => services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, _ => { });
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 0087d38d0f..999d323e11 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
@@ -13,7 +12,6 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@@ -47,7 +45,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
             string token = null;
-            AuthenticateResult result = null;
             try
             {
                 // Give application opportunity to find from a different location, adjust, or reject token
@@ -55,9 +52,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                 // event can set the token
                 await Events.MessageReceived(messageReceivedContext);
-                if (messageReceivedContext.IsProcessingComplete(out result))
+                if (messageReceivedContext.Result != null)
                 {
-                    return result;
+                    return messageReceivedContext.Result;
                 }
 
                 // If application retrieved token from somewhere else, use that.
@@ -70,7 +67,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     // If no authorization header found, nothing to process further
                     if (string.IsNullOrEmpty(authorization))
                     {
-                        return AuthenticateResult.None();
+                        return AuthenticateResult.NoResult();
                     }
 
                     if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
@@ -81,7 +78,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     // If no token found, no further work possible
                     if (string.IsNullOrEmpty(token))
                     {
-                        return AuthenticateResult.None();
+                        return AuthenticateResult.NoResult();
                     }
                 }
 
@@ -138,29 +135,28 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                         Logger.TokenValidationSucceeded();
 
-                        var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);
                         var tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options)
                         {
-                            Ticket = ticket,
-                            SecurityToken = validatedToken,
+                            Principal = principal,
+                            SecurityToken = validatedToken
                         };
 
                         await Events.TokenValidated(tokenValidatedContext);
-                        if (tokenValidatedContext.IsProcessingComplete(out result))
+                        if (tokenValidatedContext.Result != null)
                         {
-                            return result;
+                            return tokenValidatedContext.Result;
                         }
-                        ticket = tokenValidatedContext.Ticket;
 
                         if (Options.SaveToken)
                         {
-                            ticket.Properties.StoreTokens(new[]
+                            tokenValidatedContext.Properties.StoreTokens(new[]
                             {
                                 new AuthenticationToken { Name = "access_token", Value = token }
                             });
                         }
 
-                        return AuthenticateResult.Success(ticket);
+                        tokenValidatedContext.Success();
+                        return tokenValidatedContext.Result;
                     }
                 }
 
@@ -172,9 +168,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     };
 
                     await Events.AuthenticationFailed(authenticationFailedContext);
-                    if (authenticationFailedContext.IsProcessingComplete(out result))
+                    if (authenticationFailedContext.Result != null)
                     {
-                        return result;
+                        return authenticationFailedContext.Result;
                     }
 
                     return AuthenticateResult.Fail(authenticationFailedContext.Exception);
@@ -192,9 +188,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 };
 
                 await Events.AuthenticationFailed(authenticationFailedContext);
-                if (authenticationFailedContext.IsProcessingComplete(out result))
+                if (authenticationFailedContext.Result != null)
                 {
-                    return result;
+                    return authenticationFailedContext.Result;
                 }
 
                 throw;
@@ -217,7 +213,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             }
 
             await Events.Challenge(eventContext);
-            if (eventContext.IsProcessingComplete(out var ignored))
+            if (eventContext.Handled)
             {
                 return;
             }
@@ -329,15 +325,5 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
             return string.Join("; ", messages);
         }
-
-        protected override Task HandleSignOutAsync(AuthenticationProperties properties)
-        {
-            throw new NotSupportedException();
-        }
-
-        protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
-        {
-            throw new NotSupportedException();
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
index d810a2bb90..223ff401b4 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
@@ -15,44 +15,29 @@
       "TypeId": "public interface Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
       "Kind": "Removal"
     },
+    {
+      "TypeId": "public static class Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
+      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseJwtBearerAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
+      "Kind": "Removal"
+    },
     {
       "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
       "Kind": "Removal"
     },
     {
       "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
       "Kind": "Removal"
     },
     {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public Microsoft.AspNetCore.Builder.JwtBearerOptions get_Options()",
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
       "Kind": "Removal"
     },
     {
       "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
       "Kind": "Removal"
     },
     {
       "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.JwtBearerOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseJwtBearerAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
       "Kind": "Removal"
     }
   ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index a4ad5692cd..9a53fd7700 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -2,12 +2,25 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class MicrosoftAccountExtensions
     {
+        public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder)
+            => builder.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, _ => { });
+
+        public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, Action<MicrosoftAccountOptions> configureOptions)
+            => builder.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
+            => builder.AddOAuth<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
+
+
+        // REMOVE below once callers have been updated
+
         public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services) 
             => services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, _ => { });
 
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 815b94bf40..45fae3d0ea 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -32,12 +32,11 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, payload);
             context.RunClaimActions();
 
             await Events.CreatingTicket(context);
-            return context.Ticket;
+            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
index 6e31056392..f660dd2247 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
@@ -13,32 +13,34 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class OAuthCreatingTicketContext : BaseAuthenticationContext
+    public class OAuthCreatingTicketContext : ResultContext<OAuthOptions>
     {
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
-        /// <param name="ticket">The <see cref="AuthenticationTicket"/>.</param>
+        /// <param name="principal">The <see cref="ClaimsPrincipal"/>.</param>
+        /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="scheme">The authentication scheme.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
         /// <param name="backchannel">The HTTP client used by the authentication middleware</param>
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         public OAuthCreatingTicketContext(
-            AuthenticationTicket ticket,
+            ClaimsPrincipal principal,
+            AuthenticationProperties properties,
             HttpContext context,
             AuthenticationScheme scheme,
             OAuthOptions options,
             HttpClient backchannel,
             OAuthTokenResponse tokens)
-            : this(ticket, context, scheme, options, backchannel, tokens, user: new JObject())
-        {
-        }
+            : this(principal, properties, context, scheme, options, backchannel, tokens, user: new JObject())
+        { }
 
         /// <summary>
         /// Initializes a new <see cref="OAuthCreatingTicketContext"/>.
         /// </summary>
-        /// <param name="ticket">The <see cref="AuthenticationTicket"/>.</param>
+        /// <param name="principal">The <see cref="ClaimsPrincipal"/>.</param>
+        /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
         /// <param name="context">The HTTP environment.</param>
         /// <param name="scheme">The authentication scheme.</param>
         /// <param name="options">The options used by the authentication middleware.</param>
@@ -46,25 +48,16 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <param name="tokens">The tokens returned from the token endpoint.</param>
         /// <param name="user">The JSON-serialized user.</param>
         public OAuthCreatingTicketContext(
-            AuthenticationTicket ticket,
+            ClaimsPrincipal principal,
+            AuthenticationProperties properties,
             HttpContext context,
             AuthenticationScheme scheme,
             OAuthOptions options,
             HttpClient backchannel,
             OAuthTokenResponse tokens,
             JObject user)
-            : base(context, scheme.Name, ticket.Properties)
+            : base(context, scheme, options)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
             if (backchannel == null)
             {
                 throw new ArgumentNullException(nameof(backchannel));
@@ -80,23 +73,13 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 throw new ArgumentNullException(nameof(user));
             }
 
-            if (scheme == null)
-            {
-                throw new ArgumentNullException(nameof(scheme));
-            }
-
             TokenResponse = tokens;
             Backchannel = backchannel;
             User = user;
-            Options = options;
-            Scheme = scheme;
-            Ticket = ticket;
+            Principal = principal;
+            Properties = properties;
         }
 
-        public OAuthOptions Options { get; }
-
-        public AuthenticationScheme Scheme { get; }
-
         /// <summary>
         /// Gets the JSON-serialized user or an empty
         /// <see cref="JObject"/> if it is not available.
@@ -146,20 +129,12 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public HttpClient Backchannel { get; }
 
         /// <summary>
-        /// The <see cref="AuthenticationTicket"/> that will be created.
+        /// Gets the main identity exposed by the authentication ticket.
+        /// This property returns <c>null</c> when the ticket is <c>null</c>.
         /// </summary>
-        public AuthenticationTicket Ticket { get; set; }
+        public ClaimsIdentity Identity => Principal?.Identity as ClaimsIdentity;
 
-        /// <summary>
-        /// Gets the main identity exposed by <see cref="Ticket"/>.
-        /// This property returns <c>null</c> when <see cref="Ticket"/> is <c>null</c>.
-        /// </summary>
-        public ClaimsIdentity Identity => Ticket?.Principal.Identity as ClaimsIdentity;
-
-        public void RunClaimActions()
-        {
-            RunClaimActions(User);
-        }
+        public void RunClaimActions() => RunClaimActions(User);
 
         public void RunClaimActions(JObject userData)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
index b3572cab4c..9e194491b9 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
@@ -19,7 +19,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Gets or sets the delegate that is invoked when the RedirectToAuthorizationEndpoint method is invoked.
         /// </summary>
-        public Func<OAuthRedirectToAuthorizationContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
+        public Func<RedirectContext<OAuthOptions>, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
             return Task.CompletedTask;
@@ -35,7 +35,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <summary>
         /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth handler.
         /// </summary>
-        /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge.</param>
-        public virtual Task RedirectToAuthorizationEndpoint(OAuthRedirectToAuthorizationContext context) => OnRedirectToAuthorizationEndpoint(context);
+        /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
+        public virtual Task RedirectToAuthorizationEndpoint(RedirectContext<OAuthOptions> context) => OnRedirectToAuthorizationEndpoint(context);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
deleted file mode 100644
index 5d5e0e701a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthRedirectToAuthorizationContext.cs
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication.OAuth
-{
-    /// <summary>
-    /// Context passed when a Challenge causes a redirect to authorize endpoint in the handler.
-    /// </summary>
-    public class OAuthRedirectToAuthorizationContext : BaseContext
-    {
-        /// <summary>
-        /// Creates a new context object.
-        /// </summary>
-        /// <param name="context">The HTTP request context.</param>
-        /// <param name="options">The <see cref="OAuthOptions"/>.</param>
-        /// <param name="properties">The authentication properties of the challenge.</param>
-        /// <param name="redirectUri">The initial redirect URI.</param>
-        public OAuthRedirectToAuthorizationContext(HttpContext context, OAuthOptions options, AuthenticationProperties properties, string redirectUri)
-            : base(context)
-        {
-            RedirectUri = redirectUri;
-            Properties = properties;
-            Options = options;
-        }
-
-        public OAuthOptions Options { get; }
-
-        /// <summary>
-        /// Gets the URI used for the redirect operation.
-        /// </summary>
-        public string RedirectUri { get; private set; }
-
-        /// <summary>
-        /// Gets the authentication properties of the challenge.
-        /// </summary>
-        public AuthenticationProperties Properties { get; private set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
index 4ad0a83362..5720d8e4f4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
@@ -10,6 +11,18 @@ namespace Microsoft.Extensions.DependencyInjection
 {
     public static class OAuthExtensions
     {
+        public static AuthenticationBuilder AddOAuth(this AuthenticationBuilder builder, string authenticationScheme, Action<OAuthOptions> configureOptions)
+            => builder.AddOAuth<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddOAuth<TOptions, THandler>(this AuthenticationBuilder builder, string authenticationScheme, Action<TOptions> configureOptions)
+            where TOptions : OAuthOptions, new()
+            where THandler : OAuthHandler<TOptions>
+        {
+            builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, OAuthPostConfigureOptions<TOptions, THandler>>());
+            return builder.AddRemoteScheme<TOptions, THandler>(authenticationScheme, authenticationScheme, configureOptions);
+        }
+
+        // REMOVE below once callers have been updated
         public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action<OAuthOptions> configureOptions)
         {
             return services.AddOAuthAuthentication<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index bbe4f4038b..b61d575375 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -42,7 +42,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// <returns>A new instance of the events instance.</returns>
         protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new OAuthEvents());
 
-        protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
+        protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             var query = Request.Query;
@@ -63,7 +63,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     failureMessage.Append(";Uri=").Append(errorUri);
                 }
 
-                return AuthenticateResult.Fail(failureMessage.ToString());
+                return HandleRequestResult.Fail(failureMessage.ToString());
             }
 
             var code = query["code"];
@@ -72,30 +72,30 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             properties = Options.StateDataFormat.Unprotect(state);
             if (properties == null)
             {
-                return AuthenticateResult.Fail("The oauth state was missing or invalid.");
+                return HandleRequestResult.Fail("The oauth state was missing or invalid.");
             }
 
             // OAuth2 10.12 CSRF
             if (!ValidateCorrelationId(properties))
             {
-                return AuthenticateResult.Fail("Correlation failed.");
+                return HandleRequestResult.Fail("Correlation failed.");
             }
 
             if (StringValues.IsNullOrEmpty(code))
             {
-                return AuthenticateResult.Fail("Code was not found.");
+                return HandleRequestResult.Fail("Code was not found.");
             }
 
             var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
 
             if (tokens.Error != null)
             {
-                return AuthenticateResult.Fail(tokens.Error);
+                return HandleRequestResult.Fail(tokens.Error);
             }
 
             if (string.IsNullOrEmpty(tokens.AccessToken))
             {
-                return AuthenticateResult.Fail("Failed to retrieve access token.");
+                return HandleRequestResult.Fail("Failed to retrieve access token.");
             }
 
             var identity = new ClaimsIdentity(ClaimsIssuer);
@@ -137,11 +137,11 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             var ticket = await CreateTicketAsync(identity, properties, tokens);
             if (ticket != null)
             {
-                return AuthenticateResult.Success(ticket);
+                return HandleRequestResult.Success(ticket);
             }
             else
             {
-                return AuthenticateResult.Fail("Failed to retrieve user information from remote server.");
+                return HandleRequestResult.Fail("Failed to retrieve user information from remote server.");
             }
         }
 
@@ -185,10 +185,9 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
         {
-            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
-            var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens);
+            var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens);
             await Events.CreatingTicket(context);
-            return context.Ticket;
+            return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
         }
 
         protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
@@ -202,8 +201,8 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             GenerateCorrelationId(properties);
 
             var authorizationEndpoint = BuildChallengeUrl(properties, BuildRedirectUri(Options.CallbackPath));
-            var redirectContext = new OAuthRedirectToAuthorizationContext(
-                Context, Options,
+            var redirectContext = new RedirectContext<OAuthOptions>(
+                Context, Scheme, Options,
                 properties, authorizationEndpoint);
             await Events.RedirectToAuthorizationEndpoint(redirectContext);
         }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
index 96fd03e985..3124d7fe70 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
@@ -23,24 +23,13 @@
       "TypeId": "public interface Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
       "Kind": "Removal"
     },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OAuthOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, System.String redirectUri)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "MemberId": "public Microsoft.AspNetCore.Builder.OAuthOptions get_Options()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
     {
       "TypeId": "public static class Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
       "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseOAuthAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.OAuthOptions options)",
       "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
+      "Kind": "Removal"
     }
   ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
index 0c7d968638..203da93c53 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -2,17 +2,18 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
-    public class AuthenticationFailedContext : BaseOpenIdConnectContext
+    public class AuthenticationFailedContext : RemoteAuthenticationContext<OpenIdConnectOptions>
     {
         public AuthenticationFailedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
-            : base(context, scheme, options)
-        {
-        }
+            : base(context, scheme, options, new AuthenticationProperties())
+        { }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
 
         public Exception Exception { get; set; }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 0ccfc3ab71..bdf6e4a7ff 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -3,9 +3,7 @@
 
 using System.IdentityModel.Tokens.Jwt;
 using System.Net.Http;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
@@ -13,17 +11,19 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is received over the OpenIdConnect protocol.
     /// </summary>
-    public class AuthorizationCodeReceivedContext : BaseOpenIdConnectContext
+    public class AuthorizationCodeReceivedContext : RemoteAuthenticationContext<OpenIdConnectOptions>
     {
         /// <summary>
         /// Creates a <see cref="AuthorizationCodeReceivedContext"/>
         /// </summary>
-        public AuthorizationCodeReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
-            : base(context, scheme, options)
-        {
-        }
+        public AuthorizationCodeReceivedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            OpenIdConnectOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme, options, properties) { }
 
-        public AuthenticationProperties Properties { get; set; }
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
 
         /// <summary>
         /// Gets or sets the <see cref="JwtSecurityToken"/> that was received in the authentication response, if any.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
deleted file mode 100644
index 63f815d9ee..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNetCore.Http;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
-{
-    public class BaseOpenIdConnectContext : BaseControlContext
-    {
-        public BaseOpenIdConnectContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
-            : base(context)
-        {
-            Options = options ?? throw new ArgumentNullException(nameof(options));
-            Scheme = scheme ?? throw new ArgumentNullException(nameof(scheme));
-        }
-
-        public OpenIdConnectOptions Options { get; }
-
-        public AuthenticationScheme Scheme { get; }
-
-        public OpenIdConnectMessage ProtocolMessage { get; set; }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index f0298ed055..106ecb8c03 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -2,21 +2,24 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
-    public class MessageReceivedContext : BaseOpenIdConnectContext
+    public class MessageReceivedContext : RemoteAuthenticationContext<OpenIdConnectOptions>
     {
-        public MessageReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
-            : base(context, scheme, options)
-        {
-        }
+        public MessageReceivedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            OpenIdConnectOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme, options, properties) { }
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
 
         /// <summary>
         /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
         /// </summary>
         public string Token { get; set; }
-
-        public AuthenticationProperties Properties { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
index 59b00827a3..9961c237d4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
@@ -9,14 +10,25 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     /// When a user configures the <see cref="OpenIdConnectHandler"/> to be notified prior to redirecting to an IdentityProvider
     /// an instance of <see cref="RedirectContext"/> is passed to the 'RedirectToAuthenticationEndpoint' or 'RedirectToEndSessionEndpoint' events.
     /// </summary>
-    public class RedirectContext : BaseOpenIdConnectContext
+    public class RedirectContext : PropertiesContext<OpenIdConnectOptions>
     {
-        public RedirectContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, AuthenticationProperties properties)
-            : base(context, scheme, options)
-        {
-            Properties = properties;
-        }
+        public RedirectContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            OpenIdConnectOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme, options, properties) { }
 
-        public AuthenticationProperties Properties { get; }
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// If true, will skip any default logic for this redirect.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Skips any default logic for this redirect.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
index 5c0172673c..26720a58f8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
@@ -6,16 +6,12 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
-    public class RemoteSignOutContext : BaseOpenIdConnectContext
+    public class RemoteSignOutContext : RemoteAuthenticationContext<OpenIdConnectOptions>
     {
-        public RemoteSignOutContext(
-            HttpContext context,
-            AuthenticationScheme scheme,
-            OpenIdConnectOptions options,
-            OpenIdConnectMessage message)
-            : base(context, scheme, options)
-        {
-            ProtocolMessage = message;
-        }
+        public RemoteSignOutContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, OpenIdConnectMessage message)
+            : base(context, scheme, options, new AuthenticationProperties())
+            => ProtocolMessage = message;
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index 7c0d51fbbd..2bebdb8dc5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
@@ -9,18 +10,16 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     /// <summary>
     /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
     /// </summary>
-    public class TokenResponseReceivedContext : BaseOpenIdConnectContext
+    public class TokenResponseReceivedContext : RemoteAuthenticationContext<OpenIdConnectOptions>
     {
         /// <summary>
         /// Creates a <see cref="TokenResponseReceivedContext"/>
         /// </summary>
-        public TokenResponseReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, AuthenticationProperties properties)
-            : base(context, scheme, options)
-        {
-            Properties = properties;
-        }
+        public TokenResponseReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, ClaimsPrincipal user, AuthenticationProperties properties)
+            : base(context, scheme, options, properties)
+            => Principal = user;
 
-        public AuthenticationProperties Properties { get; }
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectMessage"/> that contains the tokens received after redeeming the code at the token endpoint.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
index fea89298ce..853857dc7b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
@@ -2,26 +2,23 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.IdentityModel.Tokens.Jwt;
-using System.Net.Http;
-using Microsoft.AspNetCore.Builder;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
-    public class TokenValidatedContext : BaseOpenIdConnectContext
+    public class TokenValidatedContext : RemoteAuthenticationContext<OpenIdConnectOptions>
     {
         /// <summary>
         /// Creates a <see cref="TokenValidatedContext"/>
         /// </summary>
-        public TokenValidatedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
-            : base(context, scheme, options)
-        {
-        }
+        public TokenValidatedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, ClaimsPrincipal principal, AuthenticationProperties properties)
+            : base(context, scheme, options, properties)
+            => Principal = principal;
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
 
-        public AuthenticationProperties Properties { get; set; }
-        
         public JwtSecurityToken SecurityToken { get; set; }
 
         public OpenIdConnectMessage TokenEndpointResponse { get; set; }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
index ee80cb71fe..0b855eaf39 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
@@ -1,17 +1,20 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 {
-    public class UserInformationReceivedContext : BaseOpenIdConnectContext
+    public class UserInformationReceivedContext : RemoteAuthenticationContext<OpenIdConnectOptions>
     {
-        public UserInformationReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
-            : base(context, scheme, options)
-        {
-        }
+        public UserInformationReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, ClaimsPrincipal principal, AuthenticationProperties properties)
+            : base(context, scheme, options, properties)
+            => Principal = principal;
+
+        public OpenIdConnectMessage ProtocolMessage { get; set; }
 
         public JObject User { get; set; }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
index aa6d0cbaa7..458cfd73ee 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -8,9 +8,7 @@ namespace Microsoft.Extensions.Logging
     internal static class LoggingExtensions
     {
         private static Action<ILogger, Exception> _redirectToIdentityProviderForSignOutHandledResponse;
-        private static Action<ILogger, Exception> _redirectToIdentityProviderForSignOutSkipped;
         private static Action<ILogger, Exception> _redirectToIdentityProviderHandledResponse;
-        private static Action<ILogger, Exception> _redirectToIdentityProviderSkipped;
         private static Action<ILogger, Exception> _updatingConfiguration;
         private static Action<ILogger, Exception> _receivedIdToken;
         private static Action<ILogger, Exception> _redeemingCodeForTokens;
@@ -55,6 +53,7 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, Exception> _remoteSignOut;
         private static Action<ILogger, Exception> _remoteSignOutSessionIdMissing;
         private static Action<ILogger, Exception> _remoteSignOutSessionIdInvalid;
+        private static Action<ILogger, string, Exception> _signOut;
 
         static LoggingExtensions()
         {
@@ -63,10 +62,6 @@ namespace Microsoft.Extensions.Logging
                 eventId: 1,
                 logLevel: LogLevel.Debug,
                 formatString: "RedirectToIdentityProviderForSignOut.HandledResponse");
-            _redirectToIdentityProviderForSignOutSkipped = LoggerMessage.Define(
-                eventId: 2,
-                logLevel: LogLevel.Debug,
-                formatString: "RedirectToIdentityProviderForSignOut.Skipped");
             _invalidLogoutQueryStringRedirectUrl = LoggerMessage.Define<string>(
                 eventId: 3,
                 logLevel: LogLevel.Warning,
@@ -87,10 +82,6 @@ namespace Microsoft.Extensions.Logging
                 eventId: 6,
                 logLevel: LogLevel.Debug,
                 formatString: "RedirectToIdentityProvider.HandledResponse");
-            _redirectToIdentityProviderSkipped = LoggerMessage.Define(
-                eventId: 7,
-                logLevel: LogLevel.Debug,
-                formatString: "RedirectToIdentityProvider.Skipped");
             _invalidAuthenticationRequestUrl = LoggerMessage.Define<string>(
                 eventId: 8,
                 logLevel: LogLevel.Warning,
@@ -253,6 +244,10 @@ namespace Microsoft.Extensions.Logging
                logLevel: LogLevel.Error,
                formatString: "The remote signout request was ignored because the 'sid' parameter didn't match " +
                              "the expected value, which may indicate an unsolicited logout.");
+            _signOut = LoggerMessage.Define<string>(
+                 eventId: 49,
+                 logLevel: LogLevel.Information,
+                 formatString: "AuthenticationScheme: {AuthenticationScheme} signed out.");
         }
 
         public static void UpdatingConfiguration(this ILogger logger)
@@ -345,21 +340,11 @@ namespace Microsoft.Extensions.Logging
             _redirectToIdentityProviderForSignOutHandledResponse(logger, null);
         }
 
-        public static void RedirectToIdentityProviderForSignOutSkipped(this ILogger logger)
-        {
-            _redirectToIdentityProviderForSignOutSkipped(logger, null);
-        }
-
         public static void RedirectToIdentityProviderHandledResponse(this ILogger logger)
         {
             _redirectToIdentityProviderHandledResponse(logger, null);
         }
 
-        public static void RedirectToIdentityProviderSkipped(this ILogger logger)
-        {
-            _redirectToIdentityProviderSkipped(logger, null);
-        }
-
         public static void UserInformationReceivedHandledResponse(this ILogger logger)
         {
             _userInformationReceivedHandledResponse(logger, null);
@@ -494,5 +479,10 @@ namespace Microsoft.Extensions.Logging
         {
             _remoteSignOutSessionIdInvalid(logger, null);
         }
+
+        public static void SignedOut(this ILogger logger, string authenticationScheme)
+        {
+            _signOut(logger, authenticationScheme, null);
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index d576409047..7ba262bf39 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
@@ -10,6 +11,19 @@ namespace Microsoft.Extensions.DependencyInjection
 {
     public static class OpenIdConnectExtensions
     {
+        public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder)
+            => builder.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, _ => { });
+
+        public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, Action<OpenIdConnectOptions> configureOptions)
+            => builder.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
+        {
+            builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());
+            return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
+        }
+
+        // REMOVE once callers have been updated
         public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services)
             => services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, _ => { });
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 1dec541970..341abbf5a2 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     /// <summary>
     /// A per-request authentication handler for the OpenIdConnectAuthenticationMiddleware.
     /// </summary>
-    public class OpenIdConnectHandler : RemoteAuthenticationHandler<OpenIdConnectOptions>
+    public class OpenIdConnectHandler : RemoteAuthenticationHandler<OpenIdConnectOptions>, IAuthenticationSignOutHandler
     {
         private const string NonceProperty = "N";
         private const string UriSchemeDelimiter = "://";
@@ -110,15 +110,18 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             var remoteSignOutContext = new RemoteSignOutContext(Context, Scheme, Options, message);
             await Events.RemoteSignOut(remoteSignOutContext);
 
-            if (remoteSignOutContext.HandledResponse)
+            if (remoteSignOutContext.Result != null)
             {
-                Logger.RemoteSignOutHandledResponse();
-                return true;
-            }
-            if (remoteSignOutContext.Skipped)
-            {
-                Logger.RemoteSignOutSkipped();
-                return false;
+                if (remoteSignOutContext.Result.Handled)
+                {
+                    Logger.RemoteSignOutHandledResponse();
+                    return true;
+                }
+                if (remoteSignOutContext.Result.Skipped)
+                {
+                    Logger.RemoteSignOutSkipped();
+                    return false;
+                }
             }
 
             if (message == null)
@@ -161,8 +164,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Redirect user to the identity provider for sign out
         /// </summary>
         /// <returns>A task executing the sign out procedure</returns>
-        protected override async Task HandleSignOutAsync(AuthenticationProperties properties)
+        public async virtual Task SignOutAsync(AuthenticationProperties properties)
         {
+            properties = properties ?? new AuthenticationProperties();
+
             Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
 
             if (_configuration == null && Options.ConfigurationManager != null)
@@ -199,16 +204,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             };
 
             await Events.RedirectToIdentityProviderForSignOut(redirectContext);
-            if (redirectContext.HandledResponse)
+            if (redirectContext.Handled)
             {
                 Logger.RedirectToIdentityProviderForSignOutHandledResponse();
                 return;
             }
-            else if (redirectContext.Skipped)
-            {
-                Logger.RedirectToIdentityProviderForSignOutSkipped();
-                return;
-            }
 
             message = redirectContext.ProtocolMessage;
 
@@ -221,8 +221,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             if (string.IsNullOrEmpty(message.IssuerAddress))
             {
-                throw new InvalidOperationException(
-                    "Cannot redirect to the end session endpoint, the configuration may be missing or invalid.");
+                throw new InvalidOperationException("Cannot redirect to the end session endpoint, the configuration may be missing or invalid.");
             }
 
             if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
@@ -266,6 +265,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             {
                 throw new NotImplementedException($"An unsupported authentication method has been configured: {Options.AuthenticationMethod}");
             }
+
+            Logger.SignedOut(Scheme.Name);
         }
 
         /// <summary>
@@ -343,16 +344,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             };
 
             await Events.RedirectToIdentityProvider(redirectContext);
-            if (redirectContext.HandledResponse)
+            if (redirectContext.Handled)
             {
                 Logger.RedirectToIdentityProviderHandledResponse();
                 return;
             }
-            else if (redirectContext.Skipped)
-            {
-                Logger.RedirectToIdentityProviderSkipped();
-                return;
-            }
 
             message = redirectContext.ProtocolMessage;
 
@@ -418,8 +414,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <summary>
         /// Invoked to process incoming OpenIdConnect messages.
         /// </summary>
-        /// <returns>An <see cref="AuthenticationTicket"/> if successful.</returns>
-        protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
+        /// <returns>An <see cref="HandleRequestResult"/>.</returns>
+        protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
         {
             Logger.EnteringOpenIdAuthenticationHandlerHandleRemoteAuthenticateAsync(GetType().FullName);
 
@@ -437,9 +433,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     if (Options.SkipUnrecognizedRequests)
                     {
                         // Not for us?
-                        return AuthenticateResult.None();
+                        return HandleRequestResult.SkipHandler();
                     }
-                    return AuthenticateResult.Fail("An OpenID Connect response cannot contain an " +
+                    return HandleRequestResult.Fail("An OpenID Connect response cannot contain an " +
                             "identity token or an access token when using response_mode=query");
                 }
             }
@@ -459,13 +455,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 if (Options.SkipUnrecognizedRequests)
                 {
                     // Not for us?
-                    return AuthenticateResult.None();
+                    return HandleRequestResult.SkipHandler();
                 }
-                return AuthenticateResult.Fail("No message.");
+                return HandleRequestResult.Fail("No message.");
             }
 
-            AuthenticateResult result;
-
             try
             {
                 AuthenticationProperties properties = null;
@@ -475,9 +469,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 }
 
                 var messageReceivedContext = await RunMessageReceivedEventAsync(authorizationResponse, properties);
-                if (messageReceivedContext.IsProcessingComplete(out result))
+                if (messageReceivedContext.Result != null)
                 {
-                    return result;
+                    return messageReceivedContext.Result;
                 }
                 authorizationResponse = messageReceivedContext.ProtocolMessage;
                 properties = messageReceivedContext.Properties;
@@ -491,9 +485,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         Logger.NullOrEmptyAuthorizationResponseState();
                         if (Options.SkipUnrecognizedRequests)
                         {
-                            return AuthenticateResult.None();
+                            return HandleRequestResult.SkipHandler();
                         }
-                        return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
+                        return HandleRequestResult.Fail(Resources.MessageStateIsNullOrEmpty);
                     }
 
                     // if state exists and we failed to 'unprotect' this is not a message we should process.
@@ -506,9 +500,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     if (Options.SkipUnrecognizedRequests)
                     {
                         // Not for us?
-                        return AuthenticateResult.None();
+                        return HandleRequestResult.SkipHandler();
                     }
-                    return AuthenticateResult.Fail(Resources.MessageStateIsInvalid);
+                    return HandleRequestResult.Fail(Resources.MessageStateIsInvalid);
                 }
 
                 string userstate = null;
@@ -517,13 +511,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
                 if (!ValidateCorrelationId(properties))
                 {
-                    return AuthenticateResult.Fail("Correlation failed.");
+                    return HandleRequestResult.Fail("Correlation failed.");
                 }
 
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(authorizationResponse.Error))
                 {
-                    return AuthenticateResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null));
+                    return HandleRequestResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null));
                 }
 
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -534,7 +528,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
                 PopulateSessionProperties(authorizationResponse, properties);
 
-                AuthenticationTicket ticket = null;
+                ClaimsPrincipal user = null;
                 JwtSecurityToken jwt = null;
                 string nonce = null;
                 var validationParameters = Options.TokenValidationParameters.Clone();
@@ -543,7 +537,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 if (!string.IsNullOrEmpty(authorizationResponse.IdToken))
                 {
                     Logger.ReceivedIdToken();
-                    ticket = ValidateToken(authorizationResponse.IdToken, properties, validationParameters, out jwt);
+                    user = ValidateToken(authorizationResponse.IdToken, properties, validationParameters, out jwt);
 
                     nonce = jwt.Payload.Nonce;
                     if (!string.IsNullOrEmpty(nonce))
@@ -551,14 +545,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         nonce = ReadNonceCookie(nonce);
                     }
 
-                    var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, null, properties, ticket, jwt, nonce);
-                    if (tokenValidatedContext.IsProcessingComplete(out result))
+                    var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, null, user, properties, jwt, nonce);
+                    if (tokenValidatedContext.Result != null)
                     {
-                        return result;
+                        return tokenValidatedContext.Result;
                     }
                     authorizationResponse = tokenValidatedContext.ProtocolMessage;
+                    user = tokenValidatedContext.Principal;
                     properties = tokenValidatedContext.Properties;
-                    ticket = tokenValidatedContext.Ticket;
                     jwt = tokenValidatedContext.SecurityToken;
                     nonce = tokenValidatedContext.Nonce;
                 }
@@ -576,17 +570,17 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // Authorization Code or Hybrid flow
                 if (!string.IsNullOrEmpty(authorizationResponse.Code))
                 {
-                    var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(authorizationResponse, properties, ticket, jwt);
-                    if (authorizationCodeReceivedContext.IsProcessingComplete(out result))
+                    var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(authorizationResponse, user, properties, jwt);
+                    if (authorizationCodeReceivedContext.Result != null)
                     {
-                        return result;
+                        return authorizationCodeReceivedContext.Result;
                     }
                     authorizationResponse = authorizationCodeReceivedContext.ProtocolMessage;
+                    user = authorizationCodeReceivedContext.Principal;
                     properties = authorizationCodeReceivedContext.Properties;
                     var tokenEndpointRequest = authorizationCodeReceivedContext.TokenEndpointRequest;
                     // If the developer redeemed the code themselves...
                     tokenEndpointResponse = authorizationCodeReceivedContext.TokenEndpointResponse;
-                    ticket = authorizationCodeReceivedContext.Ticket;
                     jwt = authorizationCodeReceivedContext.JwtSecurityToken;
 
                     if (!authorizationCodeReceivedContext.HandledCodeRedemption)
@@ -594,14 +588,16 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         tokenEndpointResponse = await RedeemAuthorizationCodeAsync(tokenEndpointRequest);
                     }
 
-                    var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties, ticket);
-                    if (tokenResponseReceivedContext.IsProcessingComplete(out result))
+                    var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, user, properties);
+                    if (tokenResponseReceivedContext.Result != null)
                     {
-                        return result;
+                        return tokenResponseReceivedContext.Result;
                     }
 
                     authorizationResponse = tokenResponseReceivedContext.ProtocolMessage;
                     tokenEndpointResponse = tokenResponseReceivedContext.TokenEndpointResponse;
+                    user = tokenResponseReceivedContext.Principal;
+                    properties = tokenResponseReceivedContext.Properties;
 
                     // no need to validate signature when token is received using "code flow" as per spec
                     // [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation].
@@ -610,10 +606,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     // At least a cursory validation is required on the new IdToken, even if we've already validated the one from the authorization response.
                     // And we'll want to validate the new JWT in ValidateTokenResponse.
                     JwtSecurityToken tokenEndpointJwt;
-                    var tokenEndpointTicket = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out tokenEndpointJwt);
+                    var tokenEndpointUser = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out tokenEndpointJwt);
 
                     // Avoid reading & deleting the nonce cookie, running the event, etc, if it was already done as part of the authorization response validation.
-                    if (ticket == null)
+                    if (user == null)
                     {
                         nonce = tokenEndpointJwt.Payload.Nonce;
                         if (!string.IsNullOrEmpty(nonce))
@@ -621,15 +617,15 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                             nonce = ReadNonceCookie(nonce);
                         }
 
-                        var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, tokenEndpointResponse, properties, tokenEndpointTicket, tokenEndpointJwt, nonce);
-                        if (tokenValidatedContext.IsProcessingComplete(out result))
+                        var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, tokenEndpointResponse, tokenEndpointUser, properties, tokenEndpointJwt, nonce);
+                        if (tokenValidatedContext.Result != null)
                         {
-                            return result;
+                            return tokenValidatedContext.Result;
                         }
                         authorizationResponse = tokenValidatedContext.ProtocolMessage;
                         tokenEndpointResponse = tokenValidatedContext.TokenEndpointResponse;
+                        user = tokenValidatedContext.Principal;
                         properties = tokenValidatedContext.Properties;
-                        ticket = tokenValidatedContext.Ticket;
                         jwt = tokenValidatedContext.SecurityToken;
                         nonce = tokenValidatedContext.Nonce;
                     }
@@ -658,23 +654,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
                 if (Options.SaveTokens)
                 {
-                    SaveTokens(ticket.Properties, tokenEndpointResponse ?? authorizationResponse);
+                    SaveTokens(properties, tokenEndpointResponse ?? authorizationResponse);
                 }
 
                 if (Options.GetClaimsFromUserInfoEndpoint)
                 {
-                    return await GetUserInformationAsync(tokenEndpointResponse ?? authorizationResponse, jwt, ticket);
+                    return await GetUserInformationAsync(tokenEndpointResponse ?? authorizationResponse, jwt, user, properties);
                 }
                 else
                 {
-                    var identity = (ClaimsIdentity)ticket.Principal.Identity;
+                    var identity = (ClaimsIdentity)user.Identity;
                     foreach (var action in Options.ClaimActions)
                     {
                         action.Run(null, identity, ClaimsIssuer);
                     }
                 }
 
-                return AuthenticateResult.Success(ticket);
+                return HandleRequestResult.Success(new AuthenticationTicket(user, properties, Scheme.Name));
             }
             catch (Exception exception)
             {
@@ -691,12 +687,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 }
 
                 var authenticationFailedContext = await RunAuthenticationFailedEventAsync(authorizationResponse, exception);
-                if (authenticationFailedContext.IsProcessingComplete(out result))
+                if (authenticationFailedContext.Result != null)
                 {
-                    return result;
+                    return authenticationFailedContext.Result;
                 }
 
-                return AuthenticateResult.Fail(exception);
+                return HandleRequestResult.Fail(exception);
             }
         }
 
@@ -765,21 +761,24 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         /// <param name="message">message that is being processed</param>
         /// <param name="jwt">The <see cref="JwtSecurityToken"/>.</param>
-        /// <param name="ticket">authentication ticket with claims principal and identities</param>
-        /// <returns>Authentication ticket with identity with additional claims, if any.</returns>
-        protected virtual async Task<AuthenticateResult> GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, AuthenticationTicket ticket)
+        /// <param name="principal">The claims principal and identities.</param>
+        /// <param name="properties">The authentication properties.</param>
+        /// <returns><see cref="HandleRequestResult"/> which is used to determine if the remote authentication was successful.</returns>
+        protected virtual async Task<HandleRequestResult> GetUserInformationAsync(
+            OpenIdConnectMessage message, JwtSecurityToken jwt, 
+            ClaimsPrincipal principal, AuthenticationProperties properties)
         {
             var userInfoEndpoint = _configuration?.UserInfoEndpoint;
 
             if (string.IsNullOrEmpty(userInfoEndpoint))
             {
                 Logger.UserInfoEndpointNotSet();
-                return AuthenticateResult.Success(ticket);
+                return HandleRequestResult.Success(new AuthenticationTicket(principal, properties, Scheme.Name));
             }
             if (string.IsNullOrEmpty(message.AccessToken))
             {
                 Logger.AccessTokenNotAvailable();
-                return AuthenticateResult.Success(ticket);
+                return HandleRequestResult.Success(new AuthenticationTicket(principal, properties, Scheme.Name));
             }
             Logger.RetrievingClaims();
             var requestMessage = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
@@ -801,16 +800,16 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
             else
             {
-                return AuthenticateResult.Fail("Unknown response type: " + contentType.MediaType);
+                return HandleRequestResult.Fail("Unknown response type: " + contentType.MediaType);
             }
 
-            var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
-            AuthenticateResult result;
-            if (userInformationReceivedContext.IsProcessingComplete(out result))
+            var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(principal, properties, message, user);
+            if (userInformationReceivedContext.Result != null)
             {
-                return result;
+                return userInformationReceivedContext.Result;
             }
-            ticket = userInformationReceivedContext.Ticket;
+            principal = userInformationReceivedContext.Principal;
+            properties = userInformationReceivedContext.Properties;
             user = userInformationReceivedContext.User;
 
             Options.ProtocolValidator.ValidateUserInfoResponse(new OpenIdConnectProtocolValidationContext()
@@ -819,14 +818,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 ValidatedIdToken = jwt,
             });
 
-            var identity = (ClaimsIdentity)ticket.Principal.Identity;
+            var identity = (ClaimsIdentity)principal.Identity;
 
             foreach (var action in Options.ClaimActions)
             {
                 action.Run(user, identity, ClaimsIssuer);
             }
 
-            return AuthenticateResult.Success(ticket);
+            return HandleRequestResult.Success(new AuthenticationTicket(principal, properties, Scheme.Name));
         }
 
         /// <summary>
@@ -983,51 +982,54 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         private async Task<MessageReceivedContext> RunMessageReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             Logger.MessageReceived(message.BuildRedirectUrl());
-            var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options)
+            var context = new MessageReceivedContext(Context, Scheme, Options, properties)
             {
                 ProtocolMessage = message,
-                Properties = properties,
             };
 
-            await Events.MessageReceived(messageReceivedContext);
-            if (messageReceivedContext.HandledResponse)
+            await Events.MessageReceived(context);
+            if (context.Result != null)
             {
-                Logger.MessageReceivedContextHandledResponse();
-            }
-            else if (messageReceivedContext.Skipped)
-            {
-                Logger.MessageReceivedContextSkipped();
+                if (context.Result.Handled)
+                {
+                    Logger.MessageReceivedContextHandledResponse();
+                }
+                else if (context.Result.Skipped)
+                {
+                    Logger.MessageReceivedContextSkipped();
+                }
             }
 
-            return messageReceivedContext;
+            return context;
         }
 
-        private async Task<TokenValidatedContext> RunTokenValidatedEventAsync(OpenIdConnectMessage authorizationResponse, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt, string nonce)
+        private async Task<TokenValidatedContext> RunTokenValidatedEventAsync(OpenIdConnectMessage authorizationResponse, OpenIdConnectMessage tokenEndpointResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt, string nonce)
         {
-            var tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options)
+            var context = new TokenValidatedContext(Context, Scheme, Options, user, properties)
             {
                 ProtocolMessage = authorizationResponse,
                 TokenEndpointResponse = tokenEndpointResponse,
-                Properties = properties,
-                Ticket = ticket,
                 SecurityToken = jwt,
                 Nonce = nonce,
             };
 
-            await Events.TokenValidated(tokenValidatedContext);
-            if (tokenValidatedContext.HandledResponse)
+            await Events.TokenValidated(context);
+            if (context.Result != null)
             {
-                Logger.TokenValidatedHandledResponse();
-            }
-            else if (tokenValidatedContext.Skipped)
-            {
-                Logger.TokenValidatedSkipped();
+                if (context.Result.Handled)
+                {
+                    Logger.TokenValidatedHandledResponse();
+                }
+                else if (context.Result.Skipped)
+                {
+                    Logger.TokenValidatedSkipped();
+                }
             }
 
-            return tokenValidatedContext;
+            return context;
         }
 
-        private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt)
+        private async Task<AuthorizationCodeReceivedContext> RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt)
         {
             Logger.AuthorizationCodeReceived();
 
@@ -1041,102 +1043,112 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 RedirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]
             };
 
-            var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Scheme, Options)
+            var context = new AuthorizationCodeReceivedContext(Context, Scheme, Options, properties)
             {
                 ProtocolMessage = authorizationResponse,
-                Properties = properties,
                 TokenEndpointRequest = tokenEndpointRequest,
-                Ticket = ticket,
+                Principal = user,
                 JwtSecurityToken = jwt,
-                Backchannel = Backchannel,
+                Backchannel = Backchannel
             };
 
-            await Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
-            if (authorizationCodeReceivedContext.HandledResponse)
+            await Events.AuthorizationCodeReceived(context);
+            if (context.Result != null)
             {
-                Logger.AuthorizationCodeReceivedContextHandledResponse();
-            }
-            else if (authorizationCodeReceivedContext.Skipped)
-            {
-                Logger.AuthorizationCodeReceivedContextSkipped();
+                if (context.Result.Handled)
+                {
+                    Logger.AuthorizationCodeReceivedContextHandledResponse();
+                }
+                else if (context.Result.Skipped)
+                {
+                    Logger.AuthorizationCodeReceivedContextSkipped();
+                }
             }
 
-            return authorizationCodeReceivedContext;
+            return context;
         }
 
         private async Task<TokenResponseReceivedContext> RunTokenResponseReceivedEventAsync(
             OpenIdConnectMessage message,
             OpenIdConnectMessage tokenEndpointResponse,
-            AuthenticationProperties properties,
-            AuthenticationTicket ticket)
+            ClaimsPrincipal user,
+            AuthenticationProperties properties)
         {
             Logger.TokenResponseReceived();
-            var eventContext = new TokenResponseReceivedContext(Context, Scheme, Options, properties)
+            var context = new TokenResponseReceivedContext(Context, Scheme, Options, user, properties)
             {
                 ProtocolMessage = message,
                 TokenEndpointResponse = tokenEndpointResponse,
-                Ticket = ticket
             };
 
-            await Events.TokenResponseReceived(eventContext);
-            if (eventContext.HandledResponse)
+            await Events.TokenResponseReceived(context);
+            if (context.Result != null)
             {
-                Logger.TokenResponseReceivedHandledResponse();
-            }
-            else if (eventContext.Skipped)
-            {
-                Logger.TokenResponseReceivedSkipped();
+                if (context.Result.Handled)
+                {
+                    Logger.TokenResponseReceivedHandledResponse();
+                }
+                else if (context.Result.Skipped)
+                {
+                    Logger.TokenResponseReceivedSkipped();
+                }
             }
 
-            return eventContext;
+            return context;
         }
 
-        private async Task<UserInformationReceivedContext> RunUserInformationReceivedEventAsync(AuthenticationTicket ticket, OpenIdConnectMessage message, JObject user)
+        private async Task<UserInformationReceivedContext> RunUserInformationReceivedEventAsync(ClaimsPrincipal principal, AuthenticationProperties properties, OpenIdConnectMessage message, JObject user)
         {
             Logger.UserInformationReceived(user.ToString());
 
-            var userInformationReceivedContext = new UserInformationReceivedContext(Context, Scheme, Options)
+            var context = new UserInformationReceivedContext(Context, Scheme, Options, principal, properties)
             {
-                Ticket = ticket,
                 ProtocolMessage = message,
                 User = user,
             };
 
-            await Events.UserInformationReceived(userInformationReceivedContext);
-            if (userInformationReceivedContext.HandledResponse)
+            await Events.UserInformationReceived(context);
+            if (context.Result != null)
             {
-                Logger.UserInformationReceivedHandledResponse();
-            }
-            else if (userInformationReceivedContext.Skipped)
-            {
-                Logger.UserInformationReceivedSkipped();
+                if (context.Result.Handled)
+                {
+                    Logger.UserInformationReceivedHandledResponse();
+                }
+                else if (context.Result.Skipped)
+                {
+                    Logger.UserInformationReceivedSkipped();
+                }
             }
 
-            return userInformationReceivedContext;
+            return context;
         }
 
         private async Task<AuthenticationFailedContext> RunAuthenticationFailedEventAsync(OpenIdConnectMessage message, Exception exception)
         {
-            var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
+            var context = new AuthenticationFailedContext(Context, Scheme, Options)
             {
                 ProtocolMessage = message,
                 Exception = exception
             };
 
-            await Events.AuthenticationFailed(authenticationFailedContext);
-            if (authenticationFailedContext.HandledResponse)
+            await Events.AuthenticationFailed(context);
+            if (context.Result != null)
             {
-                Logger.AuthenticationFailedContextHandledResponse();
-            }
-            else if (authenticationFailedContext.Skipped)
-            {
-                Logger.AuthenticationFailedContextSkipped();
+                if (context.Result.Handled)
+                {
+                    Logger.AuthenticationFailedContextHandledResponse();
+                }
+                else if (context.Result.Skipped)
+                {
+                    Logger.AuthenticationFailedContextSkipped();
+                }
             }
 
-            return authenticationFailedContext;
+            return context;
         }
 
-        private AuthenticationTicket ValidateToken(string idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, out JwtSecurityToken jwt)
+        // Note this modifies properties if Options.UseTokenLifetime
+        private ClaimsPrincipal ValidateToken(string idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters, out JwtSecurityToken jwt)
         {
             if (!Options.SecurityTokenValidator.CanReadToken(idToken))
             {
@@ -1173,24 +1185,22 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
             }
 
-            var ticket = new AuthenticationTicket(principal, properties, Scheme.Name);
-
             if (Options.UseTokenLifetime)
             {
                 var issued = validatedToken.ValidFrom;
                 if (issued != DateTime.MinValue)
                 {
-                    ticket.Properties.IssuedUtc = issued;
+                    properties.IssuedUtc = issued;
                 }
 
                 var expires = validatedToken.ValidTo;
                 if (expires != DateTime.MinValue)
                 {
-                    ticket.Properties.ExpiresUtc = expires;
+                    properties.ExpiresUtc = expires;
                 }
             }
 
-            return ticket;
+            return principal;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index a42f0eba33..8bcedaec27 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -4,13 +4,8 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
-using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
index 4ba3fb756a..0f50b12103 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
@@ -19,99 +19,45 @@
       "TypeId": "public interface Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
       "Kind": "Removal"
     },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public Microsoft.AspNetCore.Builder.OpenIdConnectOptions get_Options()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options, Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage message)",
-      "Kind": "Removal"
-    },
     {
       "TypeId": "public static class Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
       "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseOpenIdConnectAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
       "Kind": "Removal"
-    }
+    },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      },
+      {
+        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+        "Kind": "Removal"
+      }
   ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
deleted file mode 100644
index b71b8655b7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication.Twitter
-{
-    /// <summary>
-    /// Base class for other Twitter contexts.
-    /// </summary>
-    public class BaseTwitterContext : BaseAuthenticationContext
-    {
-        /// <summary>
-        /// Initializes a <see cref="BaseTwitterContext"/>
-        /// </summary>
-        /// <param name="context">The HTTP environment</param>
-        /// <param name="scheme">The scheme data</param>
-        /// <param name="options">The options for Twitter</param>
-        /// <param name="properties">The AuthenticationProperties</param>
-        public BaseTwitterContext(HttpContext context, AuthenticationScheme scheme, TwitterOptions options, AuthenticationProperties properties)
-            : base(context, scheme.Name, properties)
-        {
-            Options = options;
-        }
-
-        public TwitterOptions Options { get; }
-
-        public AuthenticationScheme Scheme { get; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
index eaf704bcb9..67f28d5297 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
     /// <summary>
     /// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
     /// </summary>
-    public class TwitterCreatingTicketContext : BaseTwitterContext
+    public class TwitterCreatingTicketContext : ResultContext<TwitterOptions>
     {
         /// <summary>
         /// Initializes a <see cref="TwitterCreatingTicketContext"/>
@@ -19,29 +19,33 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <param name="context">The HTTP environment</param>
         /// <param name="scheme">The scheme data</param>
         /// <param name="options">The options for Twitter</param>
+        /// <param name="principal">The <see cref="ClaimsPrincipal"/>.</param>
+        /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
         /// <param name="userId">Twitter user ID</param>
         /// <param name="screenName">Twitter screen name</param>
         /// <param name="accessToken">Twitter access token</param>
         /// <param name="accessTokenSecret">Twitter access token secret</param>
         /// <param name="user">User details</param>
-        /// <param name="properties">AuthenticationProperties.</param>
         public TwitterCreatingTicketContext(
             HttpContext context,
             AuthenticationScheme scheme,
             TwitterOptions options,
+            ClaimsPrincipal principal,
             AuthenticationProperties properties,
             string userId,
             string screenName,
             string accessToken,
             string accessTokenSecret,
             JObject user)
-            : base(context, scheme, options, properties)
+            : base(context, scheme, options)
         {
             UserId = userId;
             ScreenName = screenName;
             AccessToken = accessToken;
             AccessTokenSecret = accessTokenSecret;
             User = user ?? new JObject();
+            Principal = principal;
+            Properties = properties;
         }
 
         /// <summary>
@@ -69,10 +73,5 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <see cref="JObject"/> if it is not available.
         /// </summary>
         public JObject User { get; }
-
-        /// <summary>
-        /// Gets the <see cref="ClaimsPrincipal"/> representing the user
-        /// </summary>
-        public ClaimsPrincipal Principal { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
index c079ebb14f..744c48c5fc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
@@ -19,7 +19,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// <summary>
         /// Gets or sets the delegate that is invoked when the ApplyRedirect method is invoked.
         /// </summary>
-        public Func<TwitterRedirectToAuthorizationEndpointContext, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
+        public Func<RedirectContext<TwitterOptions>, Task> OnRedirectToAuthorizationEndpoint { get; set; } = context =>
         {
             context.Response.Redirect(context.RedirectUri);
             return Task.CompletedTask;
@@ -36,6 +36,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter handler
         /// </summary>
         /// <param name="context">Contains redirect URI and <see cref="Http.Authentication.AuthenticationProperties"/> of the challenge </param>
-        public virtual Task RedirectToAuthorizationEndpoint(TwitterRedirectToAuthorizationEndpointContext context) => OnRedirectToAuthorizationEndpoint(context);
+        public virtual Task RedirectToAuthorizationEndpoint(RedirectContext<TwitterOptions> context) => OnRedirectToAuthorizationEndpoint(context);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
deleted file mode 100644
index fe181fe7b4..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterRedirectToAuthorizationEndpointContext.cs
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication.Twitter
-{
-    /// <summary>
-    /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter handler.
-    /// </summary>
-    public class TwitterRedirectToAuthorizationEndpointContext : BaseTwitterContext
-    {
-        /// <summary>
-        /// Creates a new context object.
-        /// </summary>
-        /// <param name="context">The HTTP request context.</param>
-        /// <param name="scheme">The scheme data</param>
-        /// <param name="options">The Twitter handler options.</param>
-        /// <param name="properties">The authentication properties of the challenge.</param>
-        /// <param name="redirectUri">The initial redirect URI.</param>
-        public TwitterRedirectToAuthorizationEndpointContext(HttpContext context, AuthenticationScheme scheme,
-
-            TwitterOptions options, AuthenticationProperties properties, string redirectUri)
-            : base(context, scheme, options, properties)
-        {
-            RedirectUri = redirectUri;
-            Properties = properties;
-        }
-
-        /// <summary>
-        /// Gets the URI used for the redirect operation.
-        /// </summary>
-        public string RedirectUri { get; private set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index d8b78398fc..e49244920e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
@@ -10,6 +11,19 @@ namespace Microsoft.Extensions.DependencyInjection
 {
     public static class TwitterExtensions
     {
+        public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder)
+            => builder.AddTwitter(TwitterDefaults.AuthenticationScheme, _ => { });
+
+        public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder, Action<TwitterOptions> configureOptions)
+            => builder.AddTwitter(TwitterDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder, string authenticationScheme, Action<TwitterOptions> configureOptions)
+        {
+            builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TwitterOptions>, TwitterPostConfigureOptions>());
+            return builder.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
+        }
+
+        // REMOVE below once callers have been updated.
         public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services)
             => services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, _ => { });
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index baa4320d1b..7fcc01eee1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -46,7 +46,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
         protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new TwitterEvents());
 
-        protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync()
+        protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
         {
             AuthenticationProperties properties = null;
             var query = Request.Query;
@@ -56,7 +56,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             if (requestToken == null)
             {
-                return AuthenticateResult.Fail("Invalid state cookie.");
+                return HandleRequestResult.Fail("Invalid state cookie.");
             }
 
             properties = requestToken.Properties;
@@ -66,18 +66,18 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var returnedToken = query["oauth_token"];
             if (StringValues.IsNullOrEmpty(returnedToken))
             {
-                return AuthenticateResult.Fail("Missing oauth_token");
+                return HandleRequestResult.Fail("Missing oauth_token");
             }
 
             if (!string.Equals(returnedToken, requestToken.Token, StringComparison.Ordinal))
             {
-                return AuthenticateResult.Fail("Unmatched token");
+                return HandleRequestResult.Fail("Unmatched token");
             }
 
             var oauthVerifier = query["oauth_verifier"];
             if (StringValues.IsNullOrEmpty(oauthVerifier))
             {
-                return AuthenticateResult.Fail("Missing or blank oauth_verifier");
+                return HandleRequestResult.Fail("Missing or blank oauth_verifier");
             }
 
             var cookieOptions = new CookieOptions
@@ -116,7 +116,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 });
             }
 
-            return AuthenticateResult.Success(await CreateTicketAsync(identity, properties, accessToken, user));
+            return HandleRequestResult.Success(await CreateTicketAsync(identity, properties, accessToken, user));
         }
 
         protected virtual async Task<AuthenticationTicket> CreateTicketAsync(
@@ -127,18 +127,9 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 action.Run(user, identity, ClaimsIssuer);
             }
 
-            var context = new TwitterCreatingTicketContext(Context, Scheme, Options, properties, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
-            {
-                Principal = new ClaimsPrincipal(identity)
-            };
-
+            var context = new TwitterCreatingTicketContext(Context, Scheme, Options, new ClaimsPrincipal(identity), properties, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user);
             await Events.CreatingTicket(context);
 
-            if (context.Principal?.Identity == null)
-            {
-                return null;
-            }
-
             return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
         }
 
@@ -165,7 +156,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
 
-            var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(Context, Scheme, Options, properties, twitterAuthenticationEndpoint);
+            var redirectContext = new RedirectContext<TwitterOptions>(Context, Scheme, Options, properties, twitterAuthenticationEndpoint);
             await Events.RedirectToAuthorizationEndpoint(redirectContext);
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
index 2023eb0b7a..6b84409111 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
@@ -19,31 +19,6 @@
       "TypeId": "public interface Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
       "Kind": "Removal"
     },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.TwitterOptions options, Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties properties, System.String redirectUri)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.TwitterOptions options, System.String userId, System.String screenName, System.String accessToken, System.String accessTokenSecret, Newtonsoft.Json.Linq.JObject user)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
     {
       "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
       "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
@@ -58,5 +33,13 @@
       "TypeId": "public static class Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
       "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseTwitterAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.TwitterOptions options)",
       "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "Kind": "Removal"
     }
   ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
new file mode 100644
index 0000000000..c29bdeae29
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
@@ -0,0 +1,103 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Used to configure authentication
+    /// </summary>
+    public class AuthenticationBuilder
+    {
+        /// <summary>
+        /// Constructor.
+        /// </summary>
+        /// <param name="services">The services being configured.</param>
+        public AuthenticationBuilder(IServiceCollection services)
+            => Services = services;
+
+        /// <summary>
+        /// The services being configured.
+        /// </summary>
+        public virtual IServiceCollection Services { get; }
+
+        /// <summary>
+        /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
+        /// </summary>
+        /// <typeparam name="TOptions">The <see cref="AuthenticationSchemeOptions"/> type to configure the handler."/>.</typeparam>
+        /// <typeparam name="THandler">The <see cref="AuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="displayName">The display name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+        {
+            Services.Configure<AuthenticationOptions>(o =>
+            {
+                o.AddScheme(authenticationScheme, scheme => {
+                    scheme.HandlerType = typeof(THandler);
+                    scheme.DisplayName = displayName;
+                });
+            });
+            if (configureOptions != null)
+            {
+                Services.Configure(authenticationScheme, configureOptions);
+            }
+            Services.AddTransient<THandler>();
+            return this;
+        }
+
+        /// <summary>
+        /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
+        /// </summary>
+        /// <typeparam name="TOptions">The <see cref="AuthenticationSchemeOptions"/> type to configure the handler."/>.</typeparam>
+        /// <typeparam name="THandler">The <see cref="AuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, Action<TOptions> configureOptions)
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+            => AddScheme<TOptions, THandler>(authenticationScheme, displayName: null, configureOptions: configureOptions);
+
+        /// <summary>
+        /// Adds a <see cref="RemoteAuthenticationHandler{TOptions}"/> based <see cref="AuthenticationScheme"/> that supports remote authentication
+        /// which can be used by <see cref="IAuthenticationService"/>.
+        /// </summary>
+        /// <typeparam name="TOptions">The <see cref="RemoteAuthenticationOptions"/> type to configure the handler."/>.</typeparam>
+        /// <typeparam name="THandler">The <see cref="RemoteAuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="displayName">The display name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddRemoteScheme<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+            where TOptions : RemoteAuthenticationOptions, new()
+            where THandler : RemoteAuthenticationHandler<TOptions>
+        {
+            Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, EnsureSignInScheme<TOptions>>());
+            return AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureOptions: configureOptions);
+        }
+
+        // Used to ensure that there's always a default data protection provider
+        private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
+        {
+            private readonly AuthenticationOptions _authOptions;
+
+            public EnsureSignInScheme(IOptions<AuthenticationOptions> authOptions)
+            {
+                _authOptions = authOptions.Value;
+            }
+
+            public void PostConfigure(string name, TOptions options)
+            {
+                options.SignInScheme = options.SignInScheme ?? _authOptions.DefaultSignInScheme;
+            }
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 788df7e19c..aeb70cb0de 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -178,35 +178,6 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected abstract Task<AuthenticateResult> HandleAuthenticateAsync();
 
-        public async Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            properties = properties ?? new AuthenticationProperties();
-            await HandleSignInAsync(user, properties);
-            Logger.AuthenticationSchemeSignedIn(Scheme.Name);
-        }
-
-        protected virtual Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
-        {
-            return Task.CompletedTask;
-        }
-
-        public async Task SignOutAsync(AuthenticationProperties properties)
-        {
-            properties = properties ?? new AuthenticationProperties();
-            await HandleSignOutAsync(properties);
-            Logger.AuthenticationSchemeSignedOut(Scheme.Name);
-        }
-
-        protected virtual Task HandleSignOutAsync(AuthenticationProperties properties)
-        {
-            return Task.CompletedTask;
-        }
-
         /// <summary>
         /// Override this method to handle Forbid.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 7ebc979f1b..28291f4196 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -13,7 +13,7 @@ namespace Microsoft.Extensions.DependencyInjection
     /// </summary>
     public static class AuthenticationServiceCollectionExtensions
     {
-        public static IServiceCollection AddAuthentication(this IServiceCollection services)
+        public static AuthenticationBuilder AddAuthentication(this IServiceCollection services)
         {
             if (services == null)
             {
@@ -24,10 +24,10 @@ namespace Microsoft.Extensions.DependencyInjection
             services.AddDataProtection();
             services.AddWebEncoders();
             services.TryAddSingleton<ISystemClock, SystemClock>();
-            return services;
+            return new AuthenticationBuilder(services);
         }
 
-        public static IServiceCollection AddAuthentication(this IServiceCollection services, Action<AuthenticationOptions> configureOptions) {
+        public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, Action<AuthenticationOptions> configureOptions) {
             if (services == null)
             {
                 throw new ArgumentNullException(nameof(services));
@@ -38,11 +38,12 @@ namespace Microsoft.Extensions.DependencyInjection
                 throw new ArgumentNullException(nameof(configureOptions));
             }
 
-            services.AddAuthentication();
+            var builder = services.AddAuthentication();
             services.Configure(configureOptions);
-            return services;
+            return builder;
         }
 
+        // REMOVE below once callers have been updated
         public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<AuthenticationSchemeBuilder> configureScheme, Action<TOptions> configureOptions)
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs
deleted file mode 100644
index cfe5809c5a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseAuthenticationContext.cs
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    /// <summary>
-    /// Base context for authentication.
-    /// </summary>
-    public abstract class BaseAuthenticationContext : BaseContext
-    {
-        /// <summary>
-        /// Constructor.
-        /// </summary>
-        /// <param name="context">The context.</param>
-        /// <param name="authenticationScheme">The name of the scheme.</param>
-        /// <param name="properties">The properties.</param>
-        protected BaseAuthenticationContext(HttpContext context, string authenticationScheme, AuthenticationProperties properties) : base(context)
-        {
-            if (string.IsNullOrEmpty(authenticationScheme))
-            {
-                throw new ArgumentException(nameof(authenticationScheme));
-            }
-
-            AuthenticationScheme = authenticationScheme;
-            Properties = properties ?? new AuthenticationProperties();
-        }
-
-        /// <summary>
-        /// The name of the scheme.
-        /// </summary>
-        public string AuthenticationScheme { get; }
-
-        /// <summary>
-        /// Contains the extra meta-data arriving with the authentication. May be altered.
-        /// </summary>
-        public AuthenticationProperties Properties { get; protected set; }
-    }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
index 3d65f0dd75..915fc2377f 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
@@ -9,22 +9,44 @@ namespace Microsoft.AspNetCore.Authentication
     /// <summary>
     /// Base class used by other context classes.
     /// </summary>
-    public abstract class BaseContext
+    public abstract class BaseContext<TOptions> where TOptions : AuthenticationSchemeOptions
     {
         /// <summary>
         /// Constructor.
         /// </summary>
-        /// <param name="context">The request context.</param>
-        protected BaseContext(HttpContext context)
+        /// <param name="context">The context.</param>
+        /// <param name="scheme">The authentication scheme.</param>
+        /// <param name="options">The authentication options associated with the scheme.</param>
+        protected BaseContext(HttpContext context, AuthenticationScheme scheme, TOptions options)
         {
             if (context == null)
             {
                 throw new ArgumentNullException(nameof(context));
             }
+            if (scheme == null)
+            {
+                throw new ArgumentNullException(nameof(scheme));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
 
             HttpContext = context;
+            Scheme = scheme;
+            Options = options;
         }
 
+        /// <summary>
+        /// The authentication scheme.
+        /// </summary>
+        public AuthenticationScheme Scheme { get; }
+
+        /// <summary>
+        /// Gets the authentication options associated with the scheme.
+        /// </summary>
+        public TOptions Options { get; }
+
         /// <summary>
         /// The context.
         /// </summary>
@@ -33,17 +55,11 @@ namespace Microsoft.AspNetCore.Authentication
         /// <summary>
         /// The request.
         /// </summary>
-        public HttpRequest Request
-        {
-            get { return HttpContext.Request; }
-        }
+        public HttpRequest Request => HttpContext.Request;
 
         /// <summary>
         /// The response.
         /// </summary>
-        public HttpResponse Response
-        {
-            get { return HttpContext.Response; }
-        }
+        public HttpResponse Response => HttpContext.Response;
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
deleted file mode 100644
index fa582a3040..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
+++ /dev/null
@@ -1,78 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public class BaseControlContext : BaseContext
-    {
-        protected BaseControlContext(HttpContext context) : base(context)
-        {
-        }
-
-        public EventResultState State { get; set; }
-
-        public bool HandledResponse
-        {
-            get { return State == EventResultState.HandledResponse; }
-        }
-
-        public bool Skipped
-        {
-            get { return State == EventResultState.Skipped; }
-        }
-
-        /// <summary>
-        /// Discontinue all processing for this request and return to the client.
-        /// The caller is responsible for generating the full response.
-        /// Set the <see cref="Ticket"/> to trigger SignIn.
-        /// </summary>
-        public void HandleResponse()
-        {
-            State = EventResultState.HandledResponse;
-        }
-
-        /// <summary>
-        /// Discontinue processing the request in the current handler.
-        /// SignIn will not be called.
-        /// </summary>
-        public void Skip()
-        {
-            State = EventResultState.Skipped;
-        }
-
-        /// <summary>
-        /// Gets or set the <see cref="Ticket"/> to return if this event signals it handled the event.
-        /// </summary>
-        public AuthenticationTicket Ticket { get; set; }
-
-        /// <summary>
-        /// Returns true if the handler should be done processing.
-        /// </summary>
-        /// <param name="result">The result.</param>
-        /// <returns>Whether the handler should be done processing.</returns>
-        public bool IsProcessingComplete(out AuthenticateResult result)
-        {
-            if (HandledResponse)
-            {
-                if (Ticket == null)
-                {
-                    result = AuthenticateResult.Handle();
-                }
-                else
-                {
-                    result = AuthenticateResult.Success(Ticket);
-                }
-                return true;
-            }
-            else if (Skipped)
-            {
-                result = AuthenticateResult.None();
-                return true;
-            }
-            result = null;
-            return false;
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
deleted file mode 100644
index dad4c40fec..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    public enum EventResultState
-    {
-        /// <summary>
-        /// Continue with normal processing.
-        /// </summary>
-        Continue,
-
-        /// <summary>
-        /// Discontinue processing the request.
-        /// </summary>
-        Skipped,
-
-        /// <summary>
-        /// Discontinue all processing for this request.
-        /// </summary>
-        HandledResponse
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
new file mode 100644
index 0000000000..52dd9ce12f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class HandleRequestContext<TOptions> : BaseContext<TOptions> where TOptions : AuthenticationSchemeOptions
+    {
+        protected HandleRequestContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            TOptions options)
+            : base(context, scheme, options) { }
+
+        /// <summary>
+        /// The <see cref="HandleRequestResult"/> which is used by the handler.
+        /// </summary>
+        public HandleRequestResult Result { get; protected set; }
+
+        /// <summary>
+        /// Discontinue all processing for this request and return to the client.
+        /// The caller is responsible for generating the full response.
+        /// </summary>
+        public void HandleResponse() => Result = HandleRequestResult.Handle();
+
+        /// <summary>
+        /// Discontinue processing the request in the current handler.
+        /// </summary>
+        public void SkipHandler() => Result = HandleRequestResult.SkipHandler();
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
new file mode 100644
index 0000000000..8bf40760a1
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
@@ -0,0 +1,30 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Base context for authentication events which deal with a ClaimsPrincipal.
+    /// </summary>
+    public abstract class PrincipalContext<TOptions> : PropertiesContext<TOptions> where TOptions : AuthenticationSchemeOptions
+    {
+        /// <summary>
+        /// Constructor.
+        /// </summary>
+        /// <param name="context">The context.</param>
+        /// <param name="scheme">The authentication scheme.</param>
+        /// <param name="options">The authentication options associated with the scheme.</param>
+        /// <param name="properties">The authentication properties.</param>
+        protected PrincipalContext(HttpContext context, AuthenticationScheme scheme, TOptions options, AuthenticationProperties properties)
+            : base(context, scheme, options, properties) { }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsPrincipal"/> containing the user claims.
+        /// </summary>
+        public virtual ClaimsPrincipal Principal { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
new file mode 100644
index 0000000000..f1730d0d7f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
@@ -0,0 +1,31 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Base context for authentication events which contain <see cref="AuthenticationProperties"/>.
+    /// </summary>
+    public abstract class PropertiesContext<TOptions> : BaseContext<TOptions> where TOptions : AuthenticationSchemeOptions
+    {
+        /// <summary>
+        /// Constructor.
+        /// </summary>
+        /// <param name="context">The context.</param>
+        /// <param name="scheme">The authentication scheme.</param>
+        /// <param name="options">The authentication options associated with the scheme.</param>
+        /// <param name="properties">The authentication properties.</param>
+        protected PropertiesContext(HttpContext context, AuthenticationScheme scheme, TOptions options, AuthenticationProperties properties)
+            : base(context, scheme, options)
+        {
+            Properties = properties ?? new AuthenticationProperties();
+        }
+
+        /// <summary>
+        /// Gets or sets the <see cref="AuthenticationProperties"/>.
+        /// </summary>
+        public virtual AuthenticationProperties Properties { get; protected set; }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
similarity index 62%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
index e4259d181e..dac24cafa6 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
@@ -1,28 +1,32 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
-namespace Microsoft.AspNetCore.Authentication.Cookies
+namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
-    /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie handler 
+    /// Context passed for redirect events.
     /// </summary>
-    public class CookieRedirectContext : BaseCookieContext
+    public class RedirectContext<TOptions> : PropertiesContext<TOptions> where TOptions : AuthenticationSchemeOptions
     {
         /// <summary>
         /// Creates a new context object.
         /// </summary>
         /// <param name="context">The HTTP request context</param>
         /// <param name="scheme">The scheme data</param>
-        /// <param name="options">The cookie handler options</param>
+        /// <param name="options">The handler options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
         /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
-        public CookieRedirectContext(HttpContext context, AuthenticationScheme scheme, CookieAuthenticationOptions options, string redirectUri, AuthenticationProperties properties)
+        public RedirectContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            TOptions options,
+            AuthenticationProperties properties,
+            string redirectUri)
             : base(context, scheme, options, properties)
         {
+            Properties = properties;
             RedirectUri = redirectUri;
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
new file mode 100644
index 0000000000..b7a0168798
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
@@ -0,0 +1,49 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Base context for remote authentication.
+    /// </summary>
+    public abstract class RemoteAuthenticationContext<TOptions> : HandleRequestContext<TOptions> where TOptions : AuthenticationSchemeOptions
+    {
+        /// <summary>
+        /// Constructor.
+        /// </summary>
+        /// <param name="context">The context.</param>
+        /// <param name="scheme">The authentication scheme.</param>
+        /// <param name="options">The authentication options associated with the scheme.</param>
+        /// <param name="properties">The authentication properties.</param>
+        protected RemoteAuthenticationContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            TOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme, options)
+            => Properties = properties ?? new AuthenticationProperties();
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsPrincipal"/> containing the user claims.
+        /// </summary>
+        public ClaimsPrincipal Principal { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="AuthenticationProperties"/>.
+        /// </summary>
+        public virtual AuthenticationProperties Properties { get; set; }
+
+        /// <summary>
+        /// Calls success creating a ticket with the <see cref="Principal"/> and <see cref="Properties"/>.
+        /// </summary>
+        public void Success() => Result = HandleRequestResult.Success(new AuthenticationTicket(Principal, Properties, Scheme.Name));
+
+        public void Fail(Exception failure) => Result = HandleRequestResult.Fail(failure);
+
+        public void Fail(string failureMessage) => Result = HandleRequestResult.Fail(failureMessage);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
index 83a6507d42..ca0f4a5c01 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -8,14 +8,14 @@ namespace Microsoft.AspNetCore.Authentication
 {
     public class RemoteAuthenticationEvents
     {
-        public Func<FailureContext, Task> OnRemoteFailure { get; set; } = context => Task.CompletedTask;
+        public Func<RemoteFailureContext, Task> OnRemoteFailure { get; set; } = context => Task.CompletedTask;
 
         public Func<TicketReceivedContext, Task> OnTicketReceived { get; set; } = context => Task.CompletedTask;
 
         /// <summary>
         /// Invoked when there is a remote failure
         /// </summary>
-        public virtual Task RemoteFailure(FailureContext context) => OnRemoteFailure(context);
+        public virtual Task RemoteFailure(RemoteFailureContext context) => OnRemoteFailure(context);
 
         /// <summary>
         /// Invoked after the remote ticket has been received.
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
similarity index 64%
rename from src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
rename to src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
index 5d2b30f130..becdfb5439 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
@@ -9,10 +9,14 @@ namespace Microsoft.AspNetCore.Authentication
     /// <summary>
     /// Provides failure context information to handler providers.
     /// </summary>
-    public class FailureContext : BaseControlContext
+    public class RemoteFailureContext : HandleRequestContext<RemoteAuthenticationOptions>
     {
-        public FailureContext(HttpContext context, Exception failure)
-            : base(context)
+        public RemoteFailureContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            RemoteAuthenticationOptions options,
+            Exception failure)
+            : base(context, scheme, options)
         {
             Failure = failure;
         }
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
new file mode 100644
index 0000000000..12b21f4bf6
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
@@ -0,0 +1,65 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Base context for events that produce AuthenticateResults.
+    /// </summary>
+    public abstract class ResultContext<TOptions> : BaseContext<TOptions> where TOptions : AuthenticationSchemeOptions
+    {
+        /// <summary>
+        /// Constructor.
+        /// </summary>
+        /// <param name="context">The context.</param>
+        /// <param name="scheme">The authentication scheme.</param>
+        /// <param name="options">The authentication options associated with the scheme.</param>
+        protected ResultContext(HttpContext context, AuthenticationScheme scheme, TOptions options)
+            : base(context, scheme, options) { }
+
+        /// <summary>
+        /// Gets or sets the <see cref="ClaimsPrincipal"/> containing the user claims.
+        /// </summary>
+        public ClaimsPrincipal Principal { get; set; }
+
+        private AuthenticationProperties _properties;
+        /// <summary>
+        /// Gets or sets the <see cref="AuthenticationProperties"/>.
+        /// </summary>
+        public AuthenticationProperties Properties {
+            get => _properties ?? (_properties = new AuthenticationProperties());
+            set => _properties = value;
+        }
+
+        /// <summary>
+        /// Gets the <see cref="AuthenticateResult"/> result.
+        /// </summary>
+        public AuthenticateResult Result { get; private set; }
+
+        /// <summary>
+        /// Calls success creating a ticket with the <see cref="Principal"/> and <see cref="Properties"/>.
+        /// </summary>
+        public void Success() => Result = HandleRequestResult.Success(new AuthenticationTicket(Principal, Properties, Scheme.Name));
+
+        /// <summary>
+        /// Indicates that there was no information returned for this authentication scheme.
+        /// </summary>
+        public void NoResult() => Result = AuthenticateResult.NoResult();
+
+        /// <summary>
+        /// Indicates that there was a failure during authentication.
+        /// </summary>
+        /// <param name="failure"></param>
+        public void Fail(Exception failure) => Result = AuthenticateResult.Fail(failure);
+
+        /// <summary>
+        /// Indicates that there was a failure during authentication.
+        /// </summary>
+        /// <param name="failureMessage"></param>
+        public void Fail(string failureMessage) => Result = AuthenticateResult.Fail(failureMessage);
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
index c0797ea9cc..51b77a37fa 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
@@ -3,30 +3,21 @@
 
 using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 
 namespace Microsoft.AspNetCore.Authentication
 {
     /// <summary>
     /// Provides context information to handler providers.
     /// </summary>
-    public class TicketReceivedContext : BaseControlContext
+    public class TicketReceivedContext : RemoteAuthenticationContext<RemoteAuthenticationOptions>
     {
-        public TicketReceivedContext(HttpContext context, RemoteAuthenticationOptions options, AuthenticationTicket ticket)
-            : base(context)
-        {
-            Options = options;
-            Ticket = ticket;
-            if (ticket != null)
-            {
-                Principal = ticket.Principal;
-                Properties = ticket.Properties;
-            }
-        }
-
-        public ClaimsPrincipal Principal { get; set; }
-        public AuthenticationProperties Properties { get; set; }
-        public RemoteAuthenticationOptions Options { get; set; }
+        public TicketReceivedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            RemoteAuthenticationOptions options,
+            AuthenticationTicket ticket)
+            : base(context, scheme, options, ticket?.Properties)
+            => Principal = ticket?.Principal;
 
         public string ReturnUri { get; set; }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
index 49fc8db050..ed15e61904 100644
--- a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
@@ -9,14 +9,8 @@ namespace Microsoft.Extensions.Logging
     {
         private static Action<ILogger, string, Exception> _authSchemeAuthenticated;
         private static Action<ILogger, string, Exception> _authSchemeNotAuthenticated;
-        private static Action<ILogger, string, string, Exception> _authSchemeNotAuthenticatedWithFailure;
-        private static Action<ILogger, string, Exception> _authSchemeSignedIn;
-        private static Action<ILogger, string, Exception> _authSchemeSignedOut;
         private static Action<ILogger, string, Exception> _authSchemeChallenged;
         private static Action<ILogger, string, Exception> _authSchemeForbidden;
-        private static Action<ILogger, string, Exception> _userAuthorizationFailed;
-        private static Action<ILogger, string, Exception> _userAuthorizationSucceeded;
-        private static Action<ILogger, string, Exception> _userPrincipalMerged;
         private static Action<ILogger, string, Exception> _remoteAuthenticationError;
         private static Action<ILogger, Exception> _signInHandled;
         private static Action<ILogger, Exception> _signInSkipped;
@@ -26,18 +20,6 @@ namespace Microsoft.Extensions.Logging
 
         static LoggingExtensions()
         {
-            _userAuthorizationSucceeded = LoggerMessage.Define<string>(
-                eventId: 1,
-                logLevel: LogLevel.Information,
-                formatString: "Authorization was successful for user: {UserName}.");
-            _userAuthorizationFailed = LoggerMessage.Define<string>(
-                eventId: 2,
-                logLevel: LogLevel.Information,
-                formatString: "Authorization failed for user: {UserName}.");
-            _userPrincipalMerged = LoggerMessage.Define<string>(
-                eventId: 3,
-                logLevel: LogLevel.Information,
-                formatString: "HttpContext.User merged via AutomaticAuthentication from authenticationScheme: {AuthenticationScheme}.");
             _remoteAuthenticationError = LoggerMessage.Define<string>(
                 eventId: 4,
                 logLevel: LogLevel.Information,
@@ -50,10 +32,6 @@ namespace Microsoft.Extensions.Logging
                 eventId: 6,
                 logLevel: LogLevel.Debug,
                 formatString: "The SigningIn event returned Skipped.");
-            _authSchemeNotAuthenticatedWithFailure = LoggerMessage.Define<string, string>(
-                eventId: 7,
-                logLevel: LogLevel.Information,
-                formatString: "{AuthenticationScheme} was not authenticated. Failure message: {FailureMessage}");
             _authSchemeAuthenticated = LoggerMessage.Define<string>(
                 eventId: 8,
                 logLevel: LogLevel.Information,
@@ -62,14 +40,6 @@ namespace Microsoft.Extensions.Logging
                 eventId: 9,
                 logLevel: LogLevel.Debug,
                 formatString: "AuthenticationScheme: {AuthenticationScheme} was not authenticated.");
-            _authSchemeSignedIn = LoggerMessage.Define<string>(
-                eventId: 10,
-                logLevel: LogLevel.Information,
-                formatString: "AuthenticationScheme: {AuthenticationScheme} signed in.");
-            _authSchemeSignedOut = LoggerMessage.Define<string>(
-                eventId: 11,
-                logLevel: LogLevel.Information,
-                formatString: "AuthenticationScheme: {AuthenticationScheme} signed out.");
             _authSchemeChallenged = LoggerMessage.Define<string>(
                 eventId: 12,
                 logLevel: LogLevel.Information,
@@ -102,21 +72,6 @@ namespace Microsoft.Extensions.Logging
             _authSchemeNotAuthenticated(logger, authenticationScheme, null);
         }
 
-        public static void AuthenticationSchemeNotAuthenticatedWithFailure(this ILogger logger, string authenticationScheme, string failureMessage)
-        {
-            _authSchemeNotAuthenticatedWithFailure(logger, authenticationScheme, failureMessage, null);
-        }
-
-        public static void AuthenticationSchemeSignedIn(this ILogger logger, string authenticationScheme)
-        {
-            _authSchemeSignedIn(logger, authenticationScheme, null);
-        }
-
-        public static void AuthenticationSchemeSignedOut(this ILogger logger, string authenticationScheme)
-        {
-            _authSchemeSignedOut(logger, authenticationScheme, null);
-        }
-
         public static void AuthenticationSchemeChallenged(this ILogger logger, string authenticationScheme)
         {
             _authSchemeChallenged(logger, authenticationScheme, null);
@@ -127,21 +82,6 @@ namespace Microsoft.Extensions.Logging
             _authSchemeForbidden(logger, authenticationScheme, null);
         }
 
-        public static void UserAuthorizationSucceeded(this ILogger logger, string userName)
-        {
-            _userAuthorizationSucceeded(logger, userName, null);
-        }
-
-        public static void UserAuthorizationFailed(this ILogger logger, string userName)
-        {
-            _userAuthorizationFailed(logger, userName, null);
-        }
-
-        public static void UserPrinicpalMerged(this ILogger logger, string authenticationScheme)
-        {
-            _userPrincipalMerged(logger, authenticationScheme, null);
-        }
-
         public static void RemoteAuthenticationError(this ILogger logger, string errorMessage)
         {
             _remoteAuthenticationError(logger, errorMessage, null);
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 69c926cc0f..62213a171b 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
@@ -35,19 +34,13 @@ namespace Microsoft.AspNetCore.Authentication
         }
 
         protected RemoteAuthenticationHandler(IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
-            : base(options, logger, encoder, clock)
-        {
-        }
+            : base(options, logger, encoder, clock) { }
 
         protected override Task<object> CreateEventsAsync()
-        {
-            return Task.FromResult<object>(new RemoteAuthenticationEvents());
-        }
+            => Task.FromResult<object>(new RemoteAuthenticationEvents());
 
         public virtual Task<bool> ShouldHandleRequestAsync()
-        {
-            return Task.FromResult(Options.CallbackPath == Request.Path);
-        }
+            => Task.FromResult(Options.CallbackPath == Request.Path);
 
         public virtual async Task<bool> HandleRequestAsync()
         {
@@ -69,7 +62,7 @@ namespace Microsoft.AspNetCore.Authentication
                 {
                     return true;
                 }
-                else if (authResult.Nothing)
+                else if (authResult.Skipped || authResult.None)
                 {
                     return false;
                 }
@@ -89,25 +82,28 @@ namespace Microsoft.AspNetCore.Authentication
             if (exception != null)
             {
                 Logger.RemoteAuthenticationError(exception.Message);
-                var errorContext = new FailureContext(Context, exception);
+                var errorContext = new RemoteFailureContext(Context, Scheme, Options, exception);
                 await Events.RemoteFailure(errorContext);
 
-                if (errorContext.HandledResponse)
+                if (errorContext.Result != null)
                 {
-                    return true;
-                }
-                else if (errorContext.Skipped)
-                {
-                    return false;
+                    if (errorContext.Result.Handled)
+                    {
+                        return true;
+                    }
+                    else if (errorContext.Result.Skipped)
+                    {
+                        return false;
+                    }
                 }
 
-                throw new AggregateException("Unhandled remote failure.", exception);
+                throw exception;
             }
 
             // We have a ticket if we get here
-            var ticketContext = new TicketReceivedContext(Context, Options, ticket)
+            var ticketContext = new TicketReceivedContext(Context, Scheme, Options, ticket)
             {
-                ReturnUri = ticket.Properties.RedirectUri,
+                ReturnUri = ticket.Properties.RedirectUri
             };
             // REVIEW: is this safe or good?
             ticket.Properties.RedirectUri = null;
@@ -117,15 +113,18 @@ namespace Microsoft.AspNetCore.Authentication
 
             await Events.TicketReceived(ticketContext);
 
-            if (ticketContext.HandledResponse)
+            if (ticketContext.Result != null)
             {
-                Logger.SigninHandled();
-                return true;
-            }
-            else if (ticketContext.Skipped)
-            {
-                Logger.SigninSkipped();
-                return false;
+                if (ticketContext.Result.Handled)
+                {
+                    Logger.SigninHandled();
+                    return true;
+                }
+                else if (ticketContext.Result.Skipped)
+                {
+                    Logger.SigninSkipped();
+                    return false;
+                }
             }
 
             await Context.SignInAsync(SignInScheme, ticketContext.Principal, ticketContext.Properties);
@@ -145,7 +144,7 @@ namespace Microsoft.AspNetCore.Authentication
         ///
         /// The method process the request on the endpoint defined by CallbackPath.
         /// </summary>
-        protected abstract Task<AuthenticateResult> HandleRemoteAuthenticateAsync();
+        protected abstract Task<HandleRequestResult> HandleRemoteAuthenticateAsync();
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
@@ -174,20 +173,8 @@ namespace Microsoft.AspNetCore.Authentication
             return AuthenticateResult.Fail("Remote authentication does not directly support AuthenticateAsync");
         }
 
-        protected override Task HandleSignOutAsync(AuthenticationProperties properties)
-        {
-            throw new NotSupportedException();
-        }
-
-        protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
-        {
-            throw new NotSupportedException();
-        }
-
         protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
-        {
-            return Context.ForbidAsync(SignInScheme);
-        }
+            => Context.ForbidAsync(SignInScheme);
 
         protected virtual void GenerateCorrelationId(AuthenticationProperties properties)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 066ca963a3..a5f0bb44b4 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -23,11 +23,6 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 throw new ArgumentException(Resources.FormatException_OptionMustBeProvided(nameof(CallbackPath)), nameof(CallbackPath));
             }
-
-            if (string.IsNullOrEmpty(SignInScheme))
-            {
-                throw new ArgumentException(Resources.FormatException_OptionMustBeProvided(nameof(SignInScheme)), nameof(SignInScheme));
-            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationResult.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationResult.cs
new file mode 100644
index 0000000000..8bcd2be01d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationResult.cs
@@ -0,0 +1,78 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Contains the result of an Authenticate call
+    /// </summary>
+    public class HandleRequestResult : AuthenticateResult
+    {
+        /// <summary>
+        /// Indicates that stage of authentication was directly handled by
+        /// user intervention and no further processing should be attempted.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Indicates that the default authentication logic should be
+        /// skipped and that the rest of the pipeline should be invoked.
+        /// </summary>
+        public bool Skipped { get; private set; }
+
+        /// <summary>
+        /// Indicates that authentication was successful.
+        /// </summary>
+        /// <param name="ticket">The ticket representing the authentication result.</param>
+        /// <returns>The result.</returns>
+        public static new HandleRequestResult Success(AuthenticationTicket ticket)
+        {
+            if (ticket == null)
+            {
+                throw new ArgumentNullException(nameof(ticket));
+            }
+            return new HandleRequestResult() { Ticket = ticket };
+        }
+
+        /// <summary>
+        /// Indicates that there was a failure during authentication.
+        /// </summary>
+        /// <param name="failure">The failure exception.</param>
+        /// <returns>The result.</returns>
+        public static new HandleRequestResult Fail(Exception failure)
+        {
+            return new HandleRequestResult() { Failure = failure };
+        }
+
+        /// <summary>
+        /// Indicates that there was a failure during authentication.
+        /// </summary>
+        /// <param name="failureMessage">The failure message.</param>
+        /// <returns>The result.</returns>
+        public static new HandleRequestResult Fail(string failureMessage)
+        {
+            return new HandleRequestResult() { Failure = new Exception(failureMessage) };
+        }
+
+        /// <summary>
+        /// Discontinue all processing for this request and return to the client.
+        /// The caller is responsible for generating the full response.
+        /// </summary>
+        /// <returns>The result.</returns>
+        public static HandleRequestResult Handle()
+        {
+            return new HandleRequestResult() { Handled = true };
+        }
+
+        /// <summary>
+        /// Discontinue processing the request in the current handler.
+        /// </summary>
+        /// <returns>The result.</returns>
+        public static HandleRequestResult SkipHandler()
+        {
+            return new HandleRequestResult() { Skipped = true };
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
index 0eb0bfaf5f..81dc1133e2 100644
--- a/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
@@ -83,44 +83,34 @@
       "TypeId": "public static class Microsoft.AspNetCore.Builder.ClaimsTransformationAppBuilderExtensions",
       "Kind": "Removal"
     },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public .ctor(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions options, Microsoft.AspNetCore.Authentication.AuthenticationTicket ticket)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions get_Options()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public System.Void set_Options(Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions value)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
     {
       "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
       "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions> configureOptions)",
       "Kind": "Removal"
     },
     {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.BaseControlContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "MemberId": "public System.Boolean CheckEventResult(out Microsoft.AspNetCore.Authentication.AuthenticateResult result)",
+      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.BaseContext",
       "Kind": "Removal"
     },
     {
       "TypeId": "public class Microsoft.AspNetCore.Authentication.BaseControlContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "MemberId": "public System.Void SkipToNextMiddleware()",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.FailureContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
+      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection services)",
+      "Kind": "Removal"
+    },
+    {
+      "TypeId": "public enum Microsoft.AspNetCore.Authentication.EventResultState",
       "Kind": "Removal"
     }
   ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
index 60f291f671..f93c2d92a3 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
@@ -52,13 +52,13 @@ namespace Microsoft.AspNetCore.Authorization.Policy
                 else
                 {
                     context.User = new ClaimsPrincipal(new ClaimsIdentity());
-                    return AuthenticateResult.None();
+                    return AuthenticateResult.NoResult();
                 }
             }
 
             return (context.User?.Identity?.IsAuthenticated ?? false) 
                 ? AuthenticateResult.Success(new AuthenticationTicket(context.User, "context.User"))
-                : AuthenticateResult.None();
+                : AuthenticateResult.NoResult();
         }
 
         /// <summary>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 677120e4be..7dade96eec 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -29,7 +30,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task VerifySchemeDefaults()
         {
-            var services = new ServiceCollection().AddCookieAuthentication();
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddCookie();
             var sp = services.BuildServiceProvider();
             var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
             var scheme = await schemeProvider.GetSchemeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
@@ -124,7 +126,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         [Fact]
         public async Task SignInCausesDefaultCookieToBeCreated()
         {
-            var server = CreateServerWithServices(s => s.AddCookieAuthentication(o =>
+            var server = CreateServerWithServices(s => s.AddAuthentication().AddCookie(o =>
             {
                 o.LoginPath = new PathString("/login");
                 o.CookieName = "TestCookie";
@@ -772,7 +774,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     }
                     app.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
                 })
-                .ConfigureServices(s => s.AddCookieAuthentication(o => o.LoginPath = new PathString("/page")));
+                .ConfigureServices(s => s.AddAuthentication().AddCookie(o => o.LoginPath = new PathString("/page")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/login");
@@ -803,7 +805,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         await Assert.ThrowsAsync<InvalidOperationException>(() => context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme));
                     });
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication());
+                .ConfigureServices(services => services.AddAuthentication().AddCookie());
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com");
@@ -821,7 +823,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication();
+                    services.AddAuthentication().AddCookie();
                     services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme,
                         o => o.CookieName = "One");
                 });
@@ -844,7 +846,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication("Cookie1");
+                    services.AddAuthentication().AddCookie("Cookie1");
                     services.Configure<CookieAuthenticationOptions>("Cookie1",
                         o => o.CookieName = "One");
                 });
@@ -866,7 +868,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.SignInAsync("Cookies",
                         new ClaimsPrincipal())));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login")));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.LoginPath = new PathString("/login")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/notlogin?ReturnUrl=%2Fpage");
@@ -883,7 +885,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     app.UseAuthentication();
                     app.Map("/login", signoutApp => signoutApp.Run(context => context.SignInAsync("Cookies", new ClaimsPrincipal())));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login")));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.LoginPath = new PathString("/login")));
 
             var server = new TestServer(builder);
 
@@ -905,7 +907,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     app.UseAuthentication();
                     app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.SignOutAsync("Cookies")));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LogoutPath = new PathString("/logout")));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.LogoutPath = new PathString("/logout")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/notlogout?ReturnUrl=%2Fpage");
@@ -922,7 +924,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     app.UseAuthentication();
                     app.Map("/logout", signoutApp => signoutApp.Run(context => context.SignOutAsync("Cookies")));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LogoutPath = new PathString("/logout")));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.LogoutPath = new PathString("/logout")));
             var server = new TestServer(builder);
 
             var transaction = await server.SendAsync("http://example.com/logout?ReturnUrl=%2Fpage");
@@ -943,7 +945,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                     app.UseAuthentication();
                     app.Map("/forbid", signoutApp => signoutApp.Run(context => context.ForbidAsync("Cookies")));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.AccessDeniedPath = new PathString("/denied")));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.AccessDeniedPath = new PathString("/denied")));
             var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/forbid");
 
@@ -963,7 +965,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         map.UseAuthentication();
                         map.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
                     }))
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/page")));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.LoginPath = new PathString("/page")));
             var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/base/login");
 
@@ -1073,7 +1075,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         map.UseAuthentication();
                         map.Map("/forbid", signoutApp => signoutApp.Run(context => context.ForbidAsync("Cookies")));
                     }))
-                    .ConfigureServices(services => services.AddCookieAuthentication(o => o.AccessDeniedPath = new PathString("/denied")));
+                    .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.AccessDeniedPath = new PathString("/denied")));
             var server = new TestServer(builder);
             var transaction = await server.SendAsync("http://example.com/base/forbid");
 
@@ -1097,7 +1099,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                                         new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
                                         new AuthenticationProperties()));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o =>
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o =>
                 {
                     o.TicketDataFormat = new TicketDataFormat(dp);
                     o.CookieName = "Cookie";
@@ -1117,7 +1119,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         Describe(context.Response, result);
                     });
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication("Cookies", o =>
+                .ConfigureServices(services => services.AddAuthentication().AddCookie("Cookies", o =>
                 {
                     o.CookieName = "Cookie";
                     o.TicketDataFormat = new TicketDataFormat(dp);
@@ -1132,7 +1134,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         public async Task NullExpiresUtcPropertyIsGuarded()
         {
             var builder = new WebHostBuilder()
-                .ConfigureServices(services => services.AddCookieAuthentication(o =>
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o =>
                 {
                     o.Events = new CookieAuthenticationEvents
                     {
@@ -1229,7 +1231,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             => CreateServerWithServices(s =>
             {
                 s.AddSingleton<ISystemClock>(_clock);
-                s.AddCookieAuthentication(configureOptions);
+                s.AddAuthentication().AddCookie(configureOptions);
                 s.AddSingleton<IClaimsTransformation, ClaimsTransformer>();
             }, testpath, baseAddress);
 
@@ -1281,6 +1283,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                         {
                             await testpath(context);
                         }
+                        else if (req.Path == new PathString("/checkforerrors"))
+                        {
+                            var result = await context.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme); // this used to be "Automatic"
+                            if (result.Failure != null)
+                            {
+                                throw new Exception("Failed to authenticate", result.Failure);
+                            }
+                            return;
+                        }
                         else
                         {
                             await next();
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index b463ef8911..e6b5574df1 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -85,9 +85,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                     {
                         options.DefaultSignInScheme = "External";
                         options.DefaultAuthenticateScheme = "External";
-                    });
-                    services.AddCookieAuthentication("External", o => { });
-                    services.AddFacebookAuthentication(o =>
+                    })
+                        .AddCookie("External", o => { })
+                        .AddFacebook(o =>
                     {
                         o.AppId = "Test App Id";
                         o.AppSecret = "Test App Secret";
@@ -123,12 +123,12 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             }),
             services =>
             {
-                services.AddCookieAuthentication("External", o => { });
-                services.AddFacebookAuthentication(o =>
+                services.AddAuthentication()
+                    .AddCookie("External", o => { })
+                    .AddFacebook(o =>
                 {
                     o.AppId = "Test App Id";
                     o.AppSecret = "Test App Secret";
-                    o.SignInScheme = "External";
                 });
             },
             handler: null);
@@ -155,8 +155,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 },
                 services =>
                 {
-                    services.AddCookieAuthentication("External", o => { });
-                    services.AddFacebookAuthentication(o =>
+                    services.AddAuthentication()
+                        .AddCookie("External", o => { })
+                        .AddFacebook(o =>
                     {
                         o.AppId = "Test App Id";
                         o.AppSecret = "Test App Secret";
@@ -185,9 +186,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                     services.AddAuthentication(options =>
                     {
                         options.DefaultSignInScheme = "External";
-                    });
-                    services.AddCookieAuthentication();
-                    services.AddFacebookAuthentication(o =>
+                    })
+                        .AddCookie()
+                        .AddFacebook(o =>
                     {
                         o.AppId = "Test App Id";
                         o.AppSecret = "Test App Secret";
@@ -217,19 +218,15 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var finalUserInfoEndpoint = string.Empty;
             var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("FacebookTest"));
             var server = CreateServer(
-                app =>
-                {
-                    app.UseAuthentication();
-                },
+                app => app.UseAuthentication(),
                 services =>
                 {
                     services.AddAuthentication(options =>
                     {
-                        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                         options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                    });
-                    services.AddCookieAuthentication();
-                    services.AddFacebookAuthentication(o => 
+                    })
+                        .AddCookie()
+                        .AddFacebook(o => 
                     {
                         o.AppId = "Test App Id";
                         o.AppSecret = "Test App Secret";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 501fdf6035..2eae266702 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -516,7 +516,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                     OnCreatingTicket = context =>
                     {
                         var refreshToken = context.RefreshToken;
-                        context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
+                        context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
                         return Task.FromResult(0);
                     }
                 };
@@ -595,7 +595,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 {
                     OnTicketReceived = context =>
                     {
-                        context.Ticket.Properties.RedirectUri = null;
+                        context.Properties.RedirectUri = null;
                         return Task.FromResult(0);
                     }
                 };
@@ -985,7 +985,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         else if (req.Path == new PathString("/tokens"))
                         {
                             var result = await context.AuthenticateAsync(TestExtensions.CookieAuthenticationScheme);
-                            var tokens = result.Ticket.Properties.GetTokens();
+                            var tokens = result.Properties.GetTokens();
                             res.Describe(tokens);
                         }
                         else if (req.Path == new PathString("/me"))
@@ -995,17 +995,17 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         else if (req.Path == new PathString("/authenticate"))
                         {
                             var result = await context.AuthenticateAsync(TestExtensions.CookieAuthenticationScheme);
-                            res.Describe(result.Ticket.Principal);
+                            res.Describe(result.Principal);
                         }
                         else if (req.Path == new PathString("/authenticateGoogle"))
                         {
                             var result = await context.AuthenticateAsync("Google");
-                            res.Describe(result?.Ticket?.Principal);
+                            res.Describe(result?.Principal);
                         }
                         else if (req.Path == new PathString("/authenticateFacebook"))
                         {
                             var result = await context.AuthenticateAsync("Facebook");
-                            res.Describe(result?.Ticket?.Principal);
+                            res.Describe(result?.Principal);
                         }
                         else if (req.Path == new PathString("/unauthorized"))
                         {
@@ -1024,15 +1024,15 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         }
                         else if (req.Path == new PathString("/signIn"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync("Google", new ClaimsPrincipal()));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync("Google", new ClaimsPrincipal()));
                         }
                         else if (req.Path == new PathString("/signOut"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync("Google"));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync("Google"));
                         }
                         else if (req.Path == new PathString("/forbid"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.ForbidAsync("Google"));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.ForbidAsync("Google"));
                         }
                         else if (testpath != null)
                         {
@@ -1050,12 +1050,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
                     services.AddAuthentication(o =>
                     {
                         o.DefaultAuthenticateScheme = TestExtensions.CookieAuthenticationScheme;
-                        o.DefaultSignInScheme = TestExtensions.CookieAuthenticationScheme;
                         o.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
                     });
-                    services.AddCookieAuthentication(TestExtensions.CookieAuthenticationScheme);
-                    services.AddGoogleAuthentication(configureOptions);
-                    services.AddFacebookAuthentication(o =>
+                    services.AddAuthentication()
+                        .AddCookie(TestExtensions.CookieAuthenticationScheme)
+                        .AddGoogle(configureOptions)
+                        .AddFacebook(o =>
                     {
                         o.AppId = "Test AppId";
                         o.AppSecret = "Test AppSecrent";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index 3149e9875b..a9b158d2b0 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -127,11 +127,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                             new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                         };
 
-                        context.Ticket = new AuthenticationTicket(
-                            new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name)),
-                            new AuthenticationProperties(), context.Scheme.Name);
-
-                        context.HandleResponse();
+                        context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
+                        context.Success();
 
                         return Task.FromResult<object>(null);
                     }
@@ -338,7 +335,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     {
                         // Retrieve the NameIdentifier claim from the identity
                         // returned by the custom security token validator.
-                        var identity = (ClaimsIdentity)context.Ticket.Principal.Identity;
+                        var identity = (ClaimsIdentity)context.Principal.Identity;
                         var identifier = identity.FindFirst(ClaimTypes.NameIdentifier);
 
                         Assert.Equal("Bob le Tout Puissant", identifier.Value);
@@ -396,7 +393,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 {
                     OnMessageReceived = context =>
                     {
-                        context.Skip();
+                        context.NoResult();
                         return Task.FromResult(0);
                     },
                     OnTokenValidated = context =>
@@ -420,7 +417,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public async Task EventOnMessageReceivedHandled_NoMoreEventsExecuted()
+        public async Task EventOnMessageReceivedReject_NoMoreEventsExecuted()
         {
             var server = CreateServer(options =>
             {
@@ -428,7 +425,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 {
                     OnMessageReceived = context =>
                     {
-                        context.HandleResponse();
+                        context.Fail("Authentication was aborted from user code.");
                         context.Response.StatusCode = StatusCodes.Status202Accepted;
                         return Task.FromResult(0);
                     },
@@ -447,9 +444,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 };
             });
 
-            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
-            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
-            Assert.Equal(string.Empty, response.ResponseText);
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
         }
 
         [Fact]
@@ -461,7 +461,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 {
                     OnTokenValidated = context =>
                     {
-                        context.Skip();
+                        context.NoResult();
                         return Task.FromResult(0);
                     },
                     OnAuthenticationFailed = context =>
@@ -483,7 +483,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public async Task EventOnTokenValidatedHandled_NoMoreEventsExecuted()
+        public async Task EventOnTokenValidatedReject_NoMoreEventsExecuted()
         {
             var server = CreateServer(options =>
             {
@@ -491,7 +491,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 {
                     OnTokenValidated = context =>
                     {
-                        context.HandleResponse();
+                        context.Fail("Authentication was aborted from user code.");
                         context.Response.StatusCode = StatusCodes.Status202Accepted;
                         return Task.FromResult(0);
                     },
@@ -508,9 +508,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
             });
 
-            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
-            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
-            Assert.Equal(string.Empty, response.ResponseText);
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
         }
 
         [Fact]
@@ -526,7 +529,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     },
                     OnAuthenticationFailed = context =>
                     {
-                        context.Skip();
+                        context.NoResult();
                         return Task.FromResult(0);
                     },
                     OnChallenge = context =>
@@ -544,7 +547,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         }
 
         [Fact]
-        public async Task EventOnAuthenticationFailedHandled_NoMoreEventsExecuted()
+        public async Task EventOnAuthenticationFailedReject_NoMoreEventsExecuted()
         {
             var server = CreateServer(options =>
             {
@@ -556,7 +559,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                     },
                     OnAuthenticationFailed = context =>
                     {
-                        context.HandleResponse();
+                        context.Fail("Authentication was aborted from user code.");
                         context.Response.StatusCode = StatusCodes.Status202Accepted;
                         return Task.FromResult(0);
                     },
@@ -569,9 +572,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
             });
 
-            var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
-            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
-            Assert.Equal(string.Empty, response.ResponseText);
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
         }
 
         [Fact]
@@ -583,7 +589,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 {
                     OnChallenge = context =>
                     {
-                        context.Skip();
+                        context.HandleResponse();
                         return Task.FromResult(0);
                     },
                 };
@@ -595,29 +601,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(string.Empty, response.ResponseText);
         }
 
-
-        [Fact]
-        public async Task EventOnChallengeHandled_ResponseNotModified()
-        {
-            var server = CreateServer(o =>
-            {
-                o.Events = new JwtBearerEvents()
-                {
-                    OnChallenge = context =>
-                    {
-                        context.HandleResponse();
-                        context.Response.StatusCode = StatusCodes.Status202Accepted;
-                        return Task.FromResult(0);
-                    },
-                };
-            });
-
-            var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
-            Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
-            Assert.Empty(response.Response.Headers.WwwAuthenticate);
-            Assert.Equal(string.Empty, response.ResponseText);
-        }
-
         class InvalidTokenValidator : ISecurityTokenValidator
         {
             public InvalidTokenValidator()
@@ -752,11 +735,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                         else if (context.Request.Path == new PathString("/signIn"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
                         }
                         else if (context.Request.Path == new PathString("/signOut"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
                         }
                         else
                         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index bf15c91b00..f516940432 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -159,7 +159,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                     OnCreatingTicket = context =>
                     {
                         var refreshToken = context.RefreshToken;
-                        context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
+                        context.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
                         return Task.FromResult<object>(null);
                     }
                 };
@@ -205,15 +205,15 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                         }
                         else if (req.Path == new PathString("/signIn"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync("Microsoft", new ClaimsPrincipal()));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync("Microsoft", new ClaimsPrincipal()));
                         }
                         else if (req.Path == new PathString("/signOut"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync("Microsoft"));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync("Microsoft"));
                         }
                         else if (req.Path == new PathString("/forbid"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.ForbidAsync("Microsoft"));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.ForbidAsync("Microsoft"));
                         }
                         else
                         {
@@ -226,10 +226,10 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                     services.AddAuthentication(o =>
                     {
                         o.DefaultAuthenticateScheme = TestExtensions.CookieAuthenticationScheme;
-                        o.DefaultSignInScheme = TestExtensions.CookieAuthenticationScheme;
                     });
-                    services.AddCookieAuthentication(TestExtensions.CookieAuthenticationScheme, o => { });
-                    services.AddMicrosoftAccountAuthentication(configureOptions);
+                    services.AddAuthentication()
+                        .AddCookie(TestExtensions.CookieAuthenticationScheme, o => { })
+                        .AddMicrosoftAccount(configureOptions);
                 });
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index dcc96c0942..bdd79533b1 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -143,29 +143,6 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
-        [Fact]
-        public async Task ThrowsIfSignInSchemeMissing()
-        {
-            var server = CreateServer(
-                app => { },
-                services => services.AddOAuthAuthentication("weeblie", o =>
-                {
-                    o.ClientId = "Whatever;";
-                    o.ClientSecret = "Whatever;";
-                    o.CallbackPath = "/";
-                    o.TokenEndpoint = "/";
-                    o.AuthorizationEndpoint = "/";
-                }),
-                context =>
-                {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("SignInScheme", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-        }
-
         [Fact]
         public async Task RedirectToIdentityProvider_SetsCorrelationIdCookiePath_ToCallBackPath()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index 3c0146b083..d21a1f4246 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -335,7 +335,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         // This test can be further refined. When one auth handler skips, the authentication responsibility
         // will be flowed to the next one. A dummy auth handler can be added to ensure the correct logic.
         [Fact]
-        public async Task OnRedirectToIdentityProviderEventSkipResponse()
+        public async Task OnRedirectToIdentityProviderEventHandleResponse()
         {
             var settings = new TestSettings(
                 opts =>
@@ -346,7 +346,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     {
                         OnRedirectToIdentityProvider = context =>
                         {
-                            context.Skip();
+                            context.HandleResponse();
                             return Task.FromResult(0);
                         }
                     };
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index 3ceb4a5336..74f00c8f95 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -22,8 +22,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication();
-                    services.AddOpenIdConnectAuthentication(o =>
+                    services.AddAuthentication()
+                        .AddCookie()
+                        .AddOpenIdConnect(o =>
                     {
                         o.Authority = TestServerBuilder.DefaultAuthority;
                         o.ClientId = Guid.NewGuid().ToString();
@@ -45,19 +46,6 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
-        [Fact]
-        public Task ThrowsWhenSignInSchemeIsMissing()
-        {
-            return TestConfigurationException<ArgumentException>(
-                o =>
-                {
-                    o.ClientId = "Test Id";
-                    o.Authority = TestServerBuilder.DefaultAuthority;
-                    o.CallbackPath = "/";
-                },
-                ex => Assert.Equal("SignInScheme", ex.ParamName));
-        }
-
         [Fact]
         public Task ThrowsWhenClientIdIsMissing()
         {
@@ -119,8 +107,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication();
-                    services.AddOpenIdConnectAuthentication(options);
+                    services.AddAuthentication()
+                        .AddCookie()
+                        .AddOpenIdConnect(options);
                 })
                 .Configure(app => app.UseAuthentication());
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index 607e9bb623..4ea69369e8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -34,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         private readonly Func<UserInformationReceivedContext, Task> UserNotImpl = context => { throw new NotImplementedException("User"); };
         private readonly Func<AuthenticationFailedContext, Task> FailedNotImpl = context => { throw new NotImplementedException("Failed", context.Exception); };
         private readonly Func<TicketReceivedContext, Task> TicketNotImpl = context => { throw new NotImplementedException("Ticket"); };
-        private readonly Func<FailureContext, Task> FailureNotImpl = context => { throw new NotImplementedException("Failure", context.Failure); };
+        private readonly Func<RemoteFailureContext, Task> FailureNotImpl = context => { throw new NotImplementedException("Failure", context.Failure); };
         private readonly Func<RedirectContext, Task> RedirectNotImpl = context => { throw new NotImplementedException("Redirect"); };
         private readonly Func<RemoteSignOutContext, Task> RemoteSignOutNotImpl = context => { throw new NotImplementedException("Remote"); };
         private readonly RequestDelegate AppNotImpl = context => { throw new NotImplementedException("App"); };
@@ -48,7 +48,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnMessageReceived = context =>
                 {
                     messageReceived = true;
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnTokenValidated = TokenNotImpl,
@@ -75,6 +75,51 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(messageReceived);
         }
 
+        [Fact]
+        public async Task OnMessageReceived_Reject_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    context.Fail("Authentication was aborted from user code.");
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = TokenNotImpl,
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return PostAsync(server, "signin-oidc", "");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+
+            Assert.True(messageReceived);
+            Assert.True(remoteFailure);
+        }
+
         [Fact]
         public async Task OnMessageReceived_Handled_NoMoreEventsRun()
         {
@@ -124,7 +169,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenValidated = context =>
                 {
                     tokenValidated = true;
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnAuthorizationCodeReceived = CodeNotImpl,
@@ -151,6 +196,57 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(tokenValidated);
         }
 
+        [Fact]
+        public async Task OnTokenValidated_Reject_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    context.Fail("Authentication was aborted from user code.");
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(remoteFailure);
+        }
+
         [Fact]
         public async Task OnTokenValidated_HandledWithoutTicket_NoMoreEventsRun()
         {
@@ -167,7 +263,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     tokenValidated = true;
                     context.HandleResponse();
-                    context.Ticket = null;
+                    context.Principal = null;
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
                 },
@@ -209,8 +305,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenValidated = context =>
                 {
                     tokenValidated = true;
-                    context.HandleResponse();
-                    // context.Ticket = null;
+                    context.Success();
                     return Task.FromResult(0);
                 },
                 OnAuthorizationCodeReceived = CodeNotImpl,
@@ -262,7 +357,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnTokenResponseReceived = TokenResponseNotImpl,
@@ -289,6 +384,63 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(codeReceived);
         }
 
+        [Fact]
+        public async Task OnAuthorizationCodeReceived_Reject_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    context.Fail("Authentication was aborted from user code.");
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(remoteFailure);
+        }
+
         [Fact]
         public async Task OnAuthorizationCodeReceived_HandledWithoutTicket_NoMoreEventsRun()
         {
@@ -311,7 +463,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     codeReceived = true;
                     context.HandleResponse();
-                    context.Ticket = null;
+                    context.Principal = null;
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
                 },
@@ -358,8 +510,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
-                    context.HandleResponse();
-                    // context.Ticket = null;
+                    context.Success();
                     return Task.FromResult(0);
                 },
                 OnTokenResponseReceived = TokenResponseNotImpl,
@@ -417,7 +568,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnUserInformationReceived = UserNotImpl,
@@ -444,6 +595,69 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(tokenResponseReceived);
         }
 
+        [Fact]
+        public async Task OnTokenResponseReceived_Reject_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    context.Fail("Authentication was aborted from user code.");
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(remoteFailure);
+        }
+
         [Fact]
         public async Task OnTokenResponseReceived_HandledWithoutTicket_NoMoreEventsRun()
         {
@@ -471,7 +685,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
-                    context.Ticket = null;
+                    context.Principal = null;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
@@ -525,8 +739,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
-                    // context.Ticket = null;
-                    context.HandleResponse();
+                    context.Success();
                     return Task.FromResult(0);
                 },
                 OnUserInformationReceived = UserNotImpl,
@@ -584,7 +797,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenValidated = context =>
                 {
                     tokenValidated = true;
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnUserInformationReceived = UserNotImpl,
@@ -611,6 +824,69 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(tokenValidated);
         }
 
+        [Fact]
+        public async Task OnTokenValidatedBackchannel_Reject_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var tokenValidated = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    context.Fail("Authentication was aborted from user code.");
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+
+            Assert.True(messageReceived);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(tokenValidated);
+            Assert.True(remoteFailure);
+        }
+
         [Fact]
         public async Task OnTokenValidatedBackchannel_HandledWithoutTicket_NoMoreEventsRun()
         {
@@ -638,7 +914,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenValidated = context =>
                 {
                     tokenValidated = true;
-                    context.Ticket = null;
+                    context.Principal = null;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
@@ -692,8 +968,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTokenValidated = context =>
                 {
                     tokenValidated = true;
-                    // context.Ticket = null;
-                    context.HandleResponse();
+                    context.Success();
                     return Task.FromResult(0);
                 },
                 OnUserInformationReceived = UserNotImpl,
@@ -757,7 +1032,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnAuthenticationFailed = FailedNotImpl,
@@ -784,6 +1059,75 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(userInfoReceived);
         }
 
+        [Fact]
+        public async Task OnUserInformationReceived_Reject_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    context.Fail("Authentication was aborted from user code.");
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(remoteFailure);
+        }
+
         [Fact]
         public async Task OnUserInformationReceived_HandledWithoutTicket_NoMoreEventsRun()
         {
@@ -817,7 +1161,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
-                    context.Ticket = null;
+                    context.Principal = null;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
@@ -878,7 +1222,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     userInfoReceived = true;
                     // context.Ticket = null;
-                    context.HandleResponse();
+                    context.Success();
                     return Task.FromResult(0);
                 },
                 OnAuthenticationFailed = FailedNotImpl,
@@ -949,7 +1293,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnRemoteFailure = FailureNotImpl,
@@ -976,6 +1320,82 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(authFailed);
         }
 
+        [Fact]
+        public async Task OnAuthenticationFailed_Reject_NoMoreEventsRun()
+        {
+            var messageReceived = false;
+            var tokenValidated = false;
+            var codeReceived = false;
+            var tokenResponseReceived = false;
+            var userInfoReceived = false;
+            var authFailed = false;
+            var remoteFailure = false;
+            var server = CreateServer(new OpenIdConnectEvents()
+            {
+                OnMessageReceived = context =>
+                {
+                    messageReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenValidated = context =>
+                {
+                    tokenValidated = true;
+                    return Task.FromResult(0);
+                },
+                OnAuthorizationCodeReceived = context =>
+                {
+                    codeReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnTokenResponseReceived = context =>
+                {
+                    tokenResponseReceived = true;
+                    return Task.FromResult(0);
+                },
+                OnUserInformationReceived = context =>
+                {
+                    userInfoReceived = true;
+                    throw new NotImplementedException("TestException");
+                },
+                OnAuthenticationFailed = context =>
+                {
+                    authFailed = true;
+                    Assert.Equal("TestException", context.Exception.Message);
+                    context.Fail("Authentication was aborted from user code.");
+                    return Task.FromResult(0);
+                },
+                OnRemoteFailure = context =>
+                {
+                    remoteFailure = true;
+                    return Task.FromResult(0);
+                },
+                OnTicketReceived = TicketNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+            },
+            context =>
+            {
+                return context.Response.WriteAsync(context.Request.Path);
+            });
+
+            var exception = await Assert.ThrowsAsync<Exception>(delegate
+            {
+                return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
+            });
+
+            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+
+            Assert.True(messageReceived);
+            Assert.True(tokenValidated);
+            Assert.True(codeReceived);
+            Assert.True(tokenResponseReceived);
+            Assert.True(userInfoReceived);
+            Assert.True(authFailed);
+            Assert.True(remoteFailure);
+        }
+
         [Fact]
         public async Task OnAuthenticationFailed_HandledWithoutTicket_NoMoreEventsRun()
         {
@@ -1016,7 +1436,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
-                    Assert.Null(context.Ticket);
+                    Assert.Null(context.Principal);
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
@@ -1083,7 +1503,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
-                    Assert.Null(context.Ticket);
+                    Assert.Null(context.Principal);
 
                     var claims = new[]
                     {
@@ -1092,11 +1512,8 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                         new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                     };
 
-                    context.Ticket = new AuthenticationTicket(
-                        new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name)),
-                        new AuthenticationProperties(), context.Scheme.Name);
-
-                    context.HandleResponse();
+                    context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
+                    context.Success();
                     return Task.FromResult(0);
                 },
                 OnRemoteFailure = FailureNotImpl,
@@ -1174,7 +1591,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     remoteFailure = true;
                     Assert.Equal("TestException", context.Failure.Message);
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
                 OnTicketReceived = TicketNotImpl,
@@ -1314,7 +1731,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 OnTicketReceived = context =>
                 {
                     ticektReceived = true;
-                    context.Skip();
+                    context.SkipHandler();
                     return Task.FromResult(0);
                 },
 
@@ -1408,8 +1825,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication();
-                    services.AddOpenIdConnectAuthentication(o =>
+                    services.AddAuthentication()
+                        .AddCookie()
+                        .AddOpenIdConnect(o =>
                     {
                         o.Events = events;
                         o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index 6cfda3b85a..7f9d42b1c9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using System.Net;
@@ -11,10 +10,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.DataProtection;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
-using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
index aa7f6179be..1ffb9ff686 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
@@ -112,10 +112,10 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     services.AddAuthentication(o =>
                     {
                         o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                        o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     });
-                    services.AddCookieAuthentication();
-                    services.AddOpenIdConnectAuthentication(options);
+                    services.AddAuthentication()
+                        .AddCookie()
+                        .AddOpenIdConnect(options);
                 });
 
             return new TestServer(builder);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
index afdef0a408..05e5708de0 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
@@ -134,7 +134,7 @@ namespace Microsoft.AspNetCore.Authentication
         //        return Task.FromResult(0);
         //    }
 
-        //    public Task ChallengeAsync(ChallengeContext context)
+        //    public Task ChallengeAsync(AuthenticationProperties properties)
         //    {
         //        throw new NotImplementedException();
         //    }
@@ -144,12 +144,12 @@ namespace Microsoft.AspNetCore.Authentication
         //        throw new NotImplementedException();
         //    }
 
-        //    public Task SignInAsync(SignInContext context)
+        //    public Task SignInAsync(ClaimsPrincipal principal, AuthenticationProperties properties)
         //    {
         //        throw new NotImplementedException();
         //    }
 
-        //    public Task SignOutAsync(SignOutContext context)
+        //    public Task SignOutAsync(AuthenticationProperties properties)
         //    {
         //        throw new NotImplementedException();
         //    }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 8fcc0780d2..76f6b1aad9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
@@ -13,7 +12,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -177,15 +175,15 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                         var res = context.Response;
                         if (req.Path == new PathString("/signIn"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignInAsync("Twitter", new ClaimsPrincipal()));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync("Twitter", new ClaimsPrincipal()));
                         }
                         else if (req.Path == new PathString("/signOut"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.SignOutAsync("Twitter"));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync("Twitter"));
                         }
                         else if (req.Path == new PathString("/forbid"))
                         {
-                            await Assert.ThrowsAsync<NotSupportedException>(() => context.ForbidAsync("Twitter"));
+                            await Assert.ThrowsAsync<InvalidOperationException>(() => context.ForbidAsync("Twitter"));
                         }
                         else if (handler == null || !handler(context))
                         {
@@ -195,13 +193,14 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication("External", _ => { });
                     Action<TwitterOptions> wrapOptions = o =>
                     {
                         o.SignInScheme = "External";
                         options(o);
                     };
-                    services.AddTwitterAuthentication(wrapOptions);
+                    services.AddAuthentication()
+                        .AddCookie("External", _ => { })
+                        .AddTwitter(wrapOptions);
                 });
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index b6b2776a8a..5c2458c529 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -312,7 +312,7 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication(o =>
+                    services.AddAuthentication().AddCookie(o =>
                     {
                         o.CookieName = "TestCookie";
                         o.CookieHttpOnly = false;
@@ -352,7 +352,7 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddCookieAuthentication(o =>
+                    services.AddAuthentication().AddCookie(o =>
                     {
                         o.CookieName = "TestCookie";
                         o.CookieHttpOnly = false;
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
index ae5e6f0183..e2e4fd7d07 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
@@ -68,7 +68,7 @@ namespace Microsoft.Owin.Security.Interop
                         await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
                     });
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
@@ -123,7 +123,7 @@ namespace Microsoft.Owin.Security.Interop
                         await context.Response.WriteAsync(result.Ticket.Principal.Identity.Name);
                     });
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var request = new HttpRequestMessage(HttpMethod.Get, "http://example.com/login");
@@ -155,7 +155,7 @@ namespace Microsoft.Owin.Security.Interop
                     app.UseAuthentication();
                     app.Run(context => context.SignInAsync("Cookies", user));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var cookies = await SendAndGetCookies(newServer, "http://example.com/login");
@@ -202,7 +202,7 @@ namespace Microsoft.Owin.Security.Interop
                     app.UseAuthentication();
                     app.Run(context => context.SignInAsync("Cookies", user));
                 })
-                .ConfigureServices(services => services.AddCookieAuthentication(o => o.DataProtectionProvider = dataProtection));
+                .ConfigureServices(services => services.AddAuthentication().AddCookie(o => o.DataProtectionProvider = dataProtection));
             var newServer = new AspNetCore.TestHost.TestServer(builder);
 
             var cookies = await SendAndGetCookies(newServer, "http://example.com/login");

From 96f6436a677aba66f4b5a39da4bc9153921eeab6 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 3 Jul 2017 14:07:57 -0700
Subject: [PATCH 753/900] Update LICENSE.txt text

---
 LICENSE.txt | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/LICENSE.txt b/LICENSE.txt
index 0bdc1962b6..7b2956ecee 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,10 +1,12 @@
-Copyright (c) .NET Foundation. All rights reserved.
+Copyright (c) .NET Foundation and Contributors
+
+All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use
-these files except in compliance with the License. You may obtain a copy of the
+this file except in compliance with the License. You may obtain a copy of the
 License at
 
-http://www.apache.org/licenses/LICENSE-2.0
+    http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software distributed
 under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR

From 66b939725ed6d1b4eb8ce5d4823b635990c086b4 Mon Sep 17 00:00:00 2001
From: Murat Girgin <murat@girg.in>
Date: Mon, 3 Jul 2017 15:42:40 -0700
Subject: [PATCH 754/900] https://github.com/aspnet/Security/issues/1265. Check
 Auth failures and log them.

---
 .../AuthenticationHandler.cs                           |  4 ++++
 .../LoggingExtensions.cs                               | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index aeb70cb0de..a258d0acaf 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -142,6 +142,10 @@ namespace Microsoft.AspNetCore.Authentication
                     Logger.AuthenticationSchemeNotAuthenticated(Scheme.Name);
                 }
             }
+            else if (result?.Failure != null)
+            {
+                Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Scheme.Name, result.Failure.Message);
+            }
             return result;
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
index ed15e61904..46223d6471 100644
--- a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
@@ -9,6 +9,7 @@ namespace Microsoft.Extensions.Logging
     {
         private static Action<ILogger, string, Exception> _authSchemeAuthenticated;
         private static Action<ILogger, string, Exception> _authSchemeNotAuthenticated;
+        private static Action<ILogger, string, string, Exception> _authSchemeNotAuthenticatedWithFailure;
         private static Action<ILogger, string, Exception> _authSchemeChallenged;
         private static Action<ILogger, string, Exception> _authSchemeForbidden;
         private static Action<ILogger, string, Exception> _remoteAuthenticationError;
@@ -32,6 +33,10 @@ namespace Microsoft.Extensions.Logging
                 eventId: 6,
                 logLevel: LogLevel.Debug,
                 formatString: "The SigningIn event returned Skipped.");
+            _authSchemeNotAuthenticatedWithFailure = LoggerMessage.Define<string, string>(
+                eventId: 7,
+                logLevel: LogLevel.Information,
+                formatString: "{AuthenticationScheme} was not authenticated. Failure message: {FailureMessage}");
             _authSchemeAuthenticated = LoggerMessage.Define<string>(
                 eventId: 8,
                 logLevel: LogLevel.Information,
@@ -72,6 +77,11 @@ namespace Microsoft.Extensions.Logging
             _authSchemeNotAuthenticated(logger, authenticationScheme, null);
         }
 
+        public static void AuthenticationSchemeNotAuthenticatedWithFailure(this ILogger logger, string authenticationScheme, string failureMessage)
+        {
+            _authSchemeNotAuthenticatedWithFailure(logger, authenticationScheme, failureMessage, null);
+        }
+
         public static void AuthenticationSchemeChallenged(this ILogger logger, string authenticationScheme)
         {
             _authSchemeChallenged(logger, authenticationScheme, null);

From 968237d75126b7b5d8a5383677431d06452c1dc8 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 29 Jun 2017 16:23:31 -0700
Subject: [PATCH 755/900] Replace configure method on Twitter,
 RemoteAuthentication, and OpenIdConnect options with CookieBuilder

---
 .../OpenIdConnectHandler.cs                   | 42 ++++----------
 .../OpenIdConnectOptions.cs                   | 50 +++++++++++++++--
 .../TwitterHandler.cs                         | 27 ++-------
 .../TwitterOptions.cs                         | 55 +++++++++++++++----
 .../Internal/RequestPathBaseCookieBuilder.cs  | 38 +++++++++++++
 .../RemoteAuthenticationHandler.cs            | 32 ++---------
 .../RemoteAuthenticationOptions.cs            | 55 +++++++++++++++++--
 .../OAuthTests.cs                             |  2 +-
 .../OpenIdConnect/OpenIdConnectTests.cs       |  4 +-
 9 files changed, 203 insertions(+), 102 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 341abbf5a2..9e6d34bc98 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -275,8 +275,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <returns>A task executing the callback procedure</returns>
         protected virtual Task<bool> HandleSignOutCallbackAsync()
         {
-            StringValues protectedState;
-            if (Request.Query.TryGetValue(OpenIdConnectParameterNames.State, out protectedState))
+            if (Request.Query.TryGetValue(OpenIdConnectParameterNames.State, out StringValues protectedState))
             {
                 var properties = Options.StateDataFormat.Unprotect(protectedState);
                 if (!string.IsNullOrEmpty(properties?.RedirectUri))
@@ -505,8 +504,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     return HandleRequestResult.Fail(Resources.MessageStateIsInvalid);
                 }
 
-                string userstate = null;
-                properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out userstate);
+                properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out string userstate);
                 authorizationResponse.State = userstate;
 
                 if (!ValidateCorrelationId(properties))
@@ -859,8 +857,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             if (!string.IsNullOrEmpty(message.ExpiresIn))
             {
-                int value;
-                if (int.TryParse(message.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out value))
+                if (int.TryParse(message.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out int value))
                 {
                     var expiresAt = Clock.UtcNow + TimeSpan.FromSeconds(value);
                     // https://www.w3.org/TR/xmlschema-2/#dateTime
@@ -885,21 +882,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 throw new ArgumentNullException(nameof(nonce));
             }
 
-            var options = new CookieOptions
-            {
-                HttpOnly = true,
-                SameSite = Http.SameSiteMode.None,
-                Path = OriginalPathBase + Options.CallbackPath,
-                Secure = Request.IsHttps,
-                Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
-            };
-
-            Options.ConfigureNonceCookie?.Invoke(Context, options);
+            var cookieOptions = Options.NonceCookie.Build(Context, Clock.UtcNow);
 
             Response.Cookies.Append(
-                OpenIdConnectDefaults.CookieNoncePrefix + Options.StringDataFormat.Protect(nonce),
+                Options.NonceCookie.Name + Options.StringDataFormat.Protect(nonce),
                 NonceProperty,
-                options);
+                cookieOptions);
         }
 
         /// <summary>
@@ -918,23 +906,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             foreach (var nonceKey in Request.Cookies.Keys)
             {
-                if (nonceKey.StartsWith(OpenIdConnectDefaults.CookieNoncePrefix))
+                if (nonceKey.StartsWith(Options.NonceCookie.Name))
                 {
                     try
                     {
-                        var nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(OpenIdConnectDefaults.CookieNoncePrefix.Length, nonceKey.Length - OpenIdConnectDefaults.CookieNoncePrefix.Length));
+                        var nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(Options.NonceCookie.Name.Length, nonceKey.Length - Options.NonceCookie.Name.Length));
                         if (nonceDecodedValue == nonce)
                         {
-                            var cookieOptions = new CookieOptions
-                            {
-                                HttpOnly = true,
-                                Path = OriginalPathBase + Options.CallbackPath,
-                                SameSite = Http.SameSiteMode.None,
-                                Secure = Request.IsHttps
-                            };
-
-                            Options.ConfigureNonceCookie?.Invoke(Context, cookieOptions);
-
+                            var cookieOptions = Options.NonceCookie.Build(Context, Clock.UtcNow);
                             Response.Cookies.Delete(nonceKey, cookieOptions);
                             return nonce;
                         }
@@ -1170,8 +1149,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys;
             }
 
-            SecurityToken validatedToken = null;
-            var principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out validatedToken);
+            var principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out SecurityToken validatedToken);
             jwt = validatedToken as JwtSecurityToken;
             if (jwt == null)
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 8bcedaec27..23169b5bcd 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
+using Microsoft.AspNetCore.Authentication.Internal;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Http;
 using Microsoft.IdentityModel.Protocols;
@@ -17,6 +18,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     /// </summary>
     public class OpenIdConnectOptions : RemoteAuthenticationOptions
     {
+        private CookieBuilder _nonceCookieBuilder;
+
         /// <summary>
         /// Initializes a new <see cref="OpenIdConnectOptions"/>
         /// </summary>
@@ -65,6 +68,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             ClaimActions.MapUniqueJsonKey("family_name", "family_name");
             ClaimActions.MapUniqueJsonKey("profile", "profile");
             ClaimActions.MapUniqueJsonKey("email", "email");
+
+            _nonceCookieBuilder = new OpenIdConnectNonceCookieBuilder(this)
+            {
+                Name = OpenIdConnectDefaults.CookieNoncePrefix,
+                HttpOnly = true,
+                SameSite = SameSiteMode.None,
+                SecurePolicy = CookieSecurePolicy.SameAsRequest,
+            };
         }
 
         /// <summary>
@@ -145,8 +156,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         public new OpenIdConnectEvents Events
         {
-            get { return (OpenIdConnectEvents)base.Events; }
-            set { base.Events = value; }
+            get => (OpenIdConnectEvents)base.Events;
+            set => base.Events = value;
         }
 
         /// <summary>
@@ -259,9 +270,40 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         public bool DisableTelemetry { get; set; }
 
         /// <summary>
-        /// Gets or sets an action that can override the nonce cookie options before the
+        /// Determines the settings used to create the nonce cookie before the
         /// cookie gets added to the response.
         /// </summary>
-        public Action<HttpContext, CookieOptions> ConfigureNonceCookie { get; set; }
+        /// <remarks>
+        /// The value of <see cref="CookieBuilder.Name"/> is treated as the prefix to the cookie name, and defaults to <seealso cref="OpenIdConnectDefaults.CookieNoncePrefix"/>.
+        /// </remarks>
+        public CookieBuilder NonceCookie
+        {
+            get => _nonceCookieBuilder;
+            set => _nonceCookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
+        }
+
+        private class OpenIdConnectNonceCookieBuilder : RequestPathBaseCookieBuilder
+        {
+            private readonly OpenIdConnectOptions _options;
+
+            public OpenIdConnectNonceCookieBuilder(OpenIdConnectOptions oidcOptions)
+            {
+                _options = oidcOptions;
+            }
+
+            protected override string AdditionalPath => _options.CallbackPath;
+
+            public override CookieOptions Build(HttpContext context, DateTimeOffset expiresFrom)
+            {
+                var cookieOptions = base.Build(context, expiresFrom);
+
+                if (!Expiration.HasValue || !cookieOptions.Expires.HasValue)
+                {
+                    cookieOptions.Expires = expiresFrom.Add(_options.ProtocolValidator.NonceLifetime);
+                }
+
+                return cookieOptions;
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 7fcc01eee1..ddcd095d5b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -10,7 +10,6 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
@@ -23,7 +22,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
     internal class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
     {
         private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
-        private const string StateCookie = "__TwitterState";
         private const string RequestTokenEndpoint = "https://api.twitter.com/oauth/request_token";
         private const string AuthenticationEndpoint = "https://api.twitter.com/oauth/authenticate?oauth_token=";
         private const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
@@ -50,7 +48,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         {
             AuthenticationProperties properties = null;
             var query = Request.Query;
-            var protectedRequestToken = Request.Cookies[StateCookie];
+            var protectedRequestToken = Request.Cookies[Options.StateCookie.Name];
 
             var requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
 
@@ -80,16 +78,9 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 return HandleRequestResult.Fail("Missing or blank oauth_verifier");
             }
 
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                SameSite = SameSiteMode.Lax,
-                Secure = Request.IsHttps
-            };
+            var cookieOptions = Options.StateCookie.Build(Context, Clock.UtcNow);
 
-            Options.ConfigureStateCookie?.Invoke(Context, cookieOptions);
-
-            Response.Cookies.Delete(StateCookie, cookieOptions);
+            Response.Cookies.Delete(Options.StateCookie.Name, cookieOptions);
 
             var accessToken = await ObtainAccessTokenAsync(requestToken, oauthVerifier);
 
@@ -144,17 +135,9 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var requestToken = await ObtainRequestTokenAsync(BuildRedirectUri(Options.CallbackPath), properties);
             var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
 
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                SameSite = SameSiteMode.Lax,
-                Secure = Request.IsHttps,
-                Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
-            };
+            var cookieOptions = Options.StateCookie.Build(Context, Clock.UtcNow);
 
-            Options.ConfigureStateCookie?.Invoke(Context, cookieOptions);
-
-            Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
+            Response.Cookies.Append(Options.StateCookie.Name, Options.StateDataFormat.Protect(requestToken), cookieOptions);
 
             var redirectContext = new RedirectContext<TwitterOptions>(Context, Scheme, Options, properties, twitterAuthenticationEndpoint);
             await Events.RedirectToAuthorizationEndpoint(redirectContext);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 8b57f2502f..0190f21a6b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -3,10 +3,7 @@
 
 using System;
 using System.Security.Claims;
-using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
-using Microsoft.AspNetCore.Authentication.Twitter;
-using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -16,6 +13,10 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
     /// </summary>
     public class TwitterOptions : RemoteAuthenticationOptions
     {
+        private const string DefaultStateCookieName = "__TwitterState";
+
+        private CookieBuilder _stateCookieBuilder;
+
         /// <summary>
         /// Initializes a new instance of the <see cref="TwitterOptions"/> class.
         /// </summary>
@@ -26,6 +27,14 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             Events = new TwitterEvents();
 
             ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
+
+            _stateCookieBuilder = new TwitterCookieBuilder(this)
+            {
+                Name = DefaultStateCookieName,
+                SecurePolicy = CookieSecurePolicy.SameAsRequest,
+                HttpOnly = true,
+                SameSite = SameSiteMode.Lax,
+            };
         }
 
         /// <summary>
@@ -58,19 +67,43 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// </summary>
         public ISecureDataFormat<RequestToken> StateDataFormat { get; set; }
 
-        /// <summary>
-        /// Gets or sets an action that can override the state cookie options before the
-        /// cookie gets added to the response.
-        /// </summary>
-        public Action<HttpContext, CookieOptions> ConfigureStateCookie { get; set; }
-
         /// <summary>
         /// Gets or sets the <see cref="TwitterEvents"/> used to handle authentication events.
         /// </summary>
         public new TwitterEvents Events
         {
-            get { return (TwitterEvents)base.Events; }
-            set { base.Events = value; }
+            get => (TwitterEvents)base.Events;
+            set => base.Events = value;
+        }
+
+        /// <summary>
+        /// Determines the settings used to create the state cookie before the
+        /// cookie gets added to the response.
+        /// </summary>
+        public CookieBuilder StateCookie
+        {
+            get => _stateCookieBuilder;
+            set => _stateCookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
+        }
+
+        private class TwitterCookieBuilder : CookieBuilder
+        {
+            private readonly TwitterOptions _twitterOptions;
+
+            public TwitterCookieBuilder(TwitterOptions twitterOptions)
+            {
+                _twitterOptions = twitterOptions;
+            }
+
+            public override CookieOptions Build(HttpContext context, DateTimeOffset expiresFrom)
+            {
+                var options = base.Build(context, expiresFrom);
+                if (!Expiration.HasValue)
+                {
+                    options.Expires = expiresFrom.Add(_twitterOptions.RemoteAuthenticationTimeout);
+                }
+                return options;
+            }
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs b/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
new file mode 100644
index 0000000000..f42617cb23
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
@@ -0,0 +1,38 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication.Internal
+{
+    /// <summary>
+    /// A cookie builder that sets <see cref="CookieOptions.Path"/> to the request path base.
+    /// </summary>
+    public class RequestPathBaseCookieBuilder : CookieBuilder
+    {
+        /// <summary>
+        /// Gets an optional value that is appended to the request path base.
+        /// </summary>
+        protected virtual string AdditionalPath { get; }
+
+        public override CookieOptions Build(HttpContext context, DateTimeOffset expiresFrom)
+        {
+            // check if the user has overridden the default value of path. If so, use that instead of our default value.
+            var path = Path;
+            if (path == null)
+            {
+                var originalPathBase = context.Features.Get<IAuthenticationFeature>()?.OriginalPathBase ?? context.Request.PathBase;
+                path = originalPathBase + AdditionalPath;
+            }
+
+            var options = base.Build(context, expiresFrom);
+
+            options.Path = !string.IsNullOrEmpty(path)
+                ? path
+                : "/";
+
+            return options;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 62213a171b..7bd3b07731 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -5,7 +5,6 @@ using System;
 using System.Security.Cryptography;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -14,7 +13,6 @@ namespace Microsoft.AspNetCore.Authentication
     public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationRequestHandler
         where TOptions : RemoteAuthenticationOptions, new()
     {
-        private const string CorrelationPrefix = ".AspNetCore.Correlation.";
         private const string CorrelationProperty = ".xsrf";
         private const string CorrelationMarker = "N";
         private const string AuthSchemeKey = ".AuthScheme";
@@ -187,20 +185,11 @@ namespace Microsoft.AspNetCore.Authentication
             CryptoRandom.GetBytes(bytes);
             var correlationId = Base64UrlTextEncoder.Encode(bytes);
 
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                SameSite = SameSiteMode.None,
-                Secure = Request.IsHttps,
-                Path = OriginalPathBase + Options.CallbackPath,
-                Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
-            };
-
-            Options.ConfigureCorrelationIdCookie?.Invoke(Context, cookieOptions);
+            var cookieOptions = Options.CorrelationCookie.Build(Context, Clock.UtcNow);
 
             properties.Items[CorrelationProperty] = correlationId;
 
-            var cookieName = CorrelationPrefix + Scheme.Name + "." + correlationId;
+            var cookieName = Options.CorrelationCookie.Name + Scheme.Name + "." + correlationId;
 
             Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions);
         }
@@ -212,16 +201,15 @@ namespace Microsoft.AspNetCore.Authentication
                 throw new ArgumentNullException(nameof(properties));
             }
 
-            string correlationId;
-            if (!properties.Items.TryGetValue(CorrelationProperty, out correlationId))
+            if (!properties.Items.TryGetValue(CorrelationProperty, out string correlationId))
             {
-                Logger.CorrelationPropertyNotFound(CorrelationPrefix);
+                Logger.CorrelationPropertyNotFound(Options.CorrelationCookie.Name);
                 return false;
             }
 
             properties.Items.Remove(CorrelationProperty);
 
-            var cookieName = CorrelationPrefix + Scheme.Name + "." + correlationId;
+            var cookieName = Options.CorrelationCookie.Name + Scheme.Name + "." + correlationId;
 
             var correlationCookie = Request.Cookies[cookieName];
             if (string.IsNullOrEmpty(correlationCookie))
@@ -230,15 +218,7 @@ namespace Microsoft.AspNetCore.Authentication
                 return false;
             }
 
-            var cookieOptions = new CookieOptions
-            {
-                HttpOnly = true,
-                Path = OriginalPathBase + Options.CallbackPath,
-                SameSite = SameSiteMode.None,
-                Secure = Request.IsHttps
-            };
-
-            Options.ConfigureCorrelationIdCookie?.Invoke(Context, cookieOptions);
+            var cookieOptions = Options.CorrelationCookie.Build(Context, Clock.UtcNow);
 
             Response.Cookies.Delete(cookieName, cookieOptions);
 
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index a5f0bb44b4..3b34cf43e9 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Net.Http;
+using Microsoft.AspNetCore.Authentication.Internal;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 
@@ -13,6 +14,24 @@ namespace Microsoft.AspNetCore.Authentication
     /// </summary>
     public class RemoteAuthenticationOptions : AuthenticationSchemeOptions
     {
+        private const string CorrelationPrefix = ".AspNetCore.Correlation.";
+
+        private CookieBuilder _correlationCookieBuilder;
+
+        /// <summary>
+        /// Initializes a new <see cref="RemoteAuthenticationOptions"/>.
+        /// </summary>
+        public RemoteAuthenticationOptions()
+        {
+            _correlationCookieBuilder = new CorrelationCookieBuilder(this)
+            {
+                Name = CorrelationPrefix,
+                HttpOnly = true,
+                SameSite = SameSiteMode.None,
+                SecurePolicy = CookieSecurePolicy.SameAsRequest,
+            };
+        }
+
         /// <summary>
         /// Check that the options are valid.  Should throw an exception if things are not ok.
         /// </summary>
@@ -71,8 +90,8 @@ namespace Microsoft.AspNetCore.Authentication
 
         public new RemoteAuthenticationEvents Events
         {
-            get { return (RemoteAuthenticationEvents)base.Events; }
-            set { base.Events = value; }
+            get => (RemoteAuthenticationEvents)base.Events;
+            set => base.Events = value;
         }
 
         /// <summary>
@@ -84,9 +103,37 @@ namespace Microsoft.AspNetCore.Authentication
         public bool SaveTokens { get; set; }
 
         /// <summary>
-        /// Gets or sets an action that can override the correlation id cookie options before the
+        /// Determines the settings used to create the correlation cookie before the
         /// cookie gets added to the response.
         /// </summary>
-        public Action<HttpContext, CookieOptions> ConfigureCorrelationIdCookie { get; set; }
+        public CookieBuilder CorrelationCookie
+        {
+            get => _correlationCookieBuilder;
+            set => _correlationCookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
+        }
+
+        private class CorrelationCookieBuilder : RequestPathBaseCookieBuilder
+        {
+            private readonly RemoteAuthenticationOptions _options;
+
+            public CorrelationCookieBuilder(RemoteAuthenticationOptions remoteAuthenticationOptions)
+            {
+                _options = remoteAuthenticationOptions;
+            }
+
+            protected override string AdditionalPath => _options.CallbackPath;
+
+            public override CookieOptions Build(HttpContext context, DateTimeOffset expiresFrom)
+            {
+                var cookieOptions = base.Build(context, expiresFrom);
+
+                if (!Expiration.HasValue || !cookieOptions.Expires.HasValue)
+                {
+                    cookieOptions.Expires = expiresFrom.Add(_options.RemoteAuthenticationTimeout);
+                }
+
+                return cookieOptions;
+            }
+        }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index bdd79533b1..62d11e52aa 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -190,7 +190,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                         opt.AuthorizationEndpoint = "https://example.com/provider/login";
                         opt.TokenEndpoint = "https://example.com/provider/token";
                         opt.CallbackPath = "/oauth-callback";
-                        opt.ConfigureCorrelationIdCookie = (ctx, options) => options.Path = "/";
+                        opt.CorrelationCookie.Path = "/";
                     }),
                 ctx =>
                 {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index 7f9d42b1c9..b7ac1f82d5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -92,7 +92,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     AuthorizationEndpoint = "https://example.com/provider/login"
                 };
-                opt.ConfigureNonceCookie = (ctx, options) => options.Path = "/";
+                opt.NonceCookie.Path = "/";
             });
 
             var server = setting.CreateTestServer();
@@ -143,7 +143,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     AuthorizationEndpoint = "https://example.com/provider/login"
                 };
-                opt.ConfigureCorrelationIdCookie = (ctx, options) => options.Path = "/";
+                opt.CorrelationCookie.Path = "/";
             });
 
             var server = setting.CreateTestServer();

From a7bf561b1c76aaee3d68c7448d780bc925ee283e Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 29 Jun 2017 17:24:23 -0700
Subject: [PATCH 756/900] Add CookieBuilder to CookieAuthenticationOptions and
 obsolete the duplicated properties

---
 Security.sln                                  |   6 +-
 .../CookieAuthenticationHandler.cs            |  39 ++--
 .../CookieAuthenticationOptions.cs            | 183 ++++++++++++------
 ...t.AspNetCore.Authentication.Cookies.csproj |   4 +
 ...ostConfigureCookieAuthenticationOptions.cs |   4 +-
 .../Properties/Resources.Designer.cs          |  62 ------
 .../CookieTests.cs                            |  69 ++++---
 .../CookiePolicyTests.cs                      |  12 +-
 8 files changed, 188 insertions(+), 191 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs

diff --git a/Security.sln b/Security.sln
index 7c34ff0701..2e5ee56d00 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26507.0
+VisualStudioVersion = 15.0.26621.2
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 EndProject
@@ -59,6 +59,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		build\common.props = build\common.props
 		build\dependencies.props = build\dependencies.props
 		build\Key.snk = build\Key.snk
+		NuGet.config = NuGet.config
 		build\repo.props = build\repo.props
 	EndProjectSection
 EndProject
@@ -484,4 +485,7 @@ Global
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {ABF8089E-43D0-4010-84A7-7A9DCFE49357}
+	EndGlobalSection
 EndGlobal
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 4751c6f857..e093e87b78 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -14,9 +14,9 @@ using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    public class CookieAuthenticationHandler : 
-        AuthenticationHandler<CookieAuthenticationOptions>, 
-        IAuthenticationSignInHandler, 
+    public class CookieAuthenticationHandler :
+        AuthenticationHandler<CookieAuthenticationOptions>,
+        IAuthenticationSignInHandler,
         IAuthenticationSignOutHandler
     {
         private const string HeaderValueNoCache = "no-cache";
@@ -37,7 +37,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         { }
 
         /// <summary>
-        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         protected new CookieAuthenticationEvents Events
@@ -104,7 +104,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         private async Task<AuthenticateResult> ReadCookieTicket()
         {
-            var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
+            var cookie = Options.CookieManager.GetRequestCookie(Context, Options.Cookie.Name);
             if (string.IsNullOrEmpty(cookie))
             {
                 return AuthenticateResult.NoResult();
@@ -176,22 +176,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         private CookieOptions BuildCookieOptions()
         {
-            var cookieOptions = new CookieOptions
-            {
-                Domain = Options.CookieDomain,
-                SameSite = Options.CookieSameSite,
-                HttpOnly = Options.CookieHttpOnly,
-                Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"),
-            };
-
-            if (Options.CookieSecure == CookieSecurePolicy.SameAsRequest)
-            {
-                cookieOptions.Secure = Request.IsHttps;
-            }
-            else
-            {
-                cookieOptions.Secure = Options.CookieSecure == CookieSecurePolicy.Always;
-            }
+            var cookieOptions = Options.Cookie.Build(Context);
+            // ignore the 'Expires' value as this will be computed elsewhere
+            cookieOptions.Expires = null;
 
             return cookieOptions;
         }
@@ -239,7 +226,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
                 Options.CookieManager.AppendResponseCookie(
                     Context,
-                    Options.CookieName,
+                    Options.Cookie.Name,
                     cookieValue,
                     cookieOptions);
 
@@ -283,14 +270,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             if (!signInContext.Properties.ExpiresUtc.HasValue)
             {
-                signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
+                signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
             }
 
             await Events.SigningIn(signInContext);
 
             if (signInContext.Properties.IsPersistent)
             {
-                var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
+                var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
                 signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
             }
 
@@ -314,7 +301,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             Options.CookieManager.AppendResponseCookie(
                 Context,
-                Options.CookieName,
+                Options.Cookie.Name,
                 cookieValue,
                 signInContext.CookieOptions);
 
@@ -359,7 +346,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             Options.CookieManager.DeleteCookie(
                 Context,
-                Options.CookieName,
+                Options.Cookie.Name,
                 context.CookieOptions);
 
             // Only redirect on the logout path
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 01a5ae9c9d..4f8b201ad3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication.Internal;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 
@@ -12,7 +13,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// </summary>
     public class CookieAuthenticationOptions : AuthenticationSchemeOptions
     {
-        private string _cookieName;
+        private CookieBuilder _cookieBuilder = new RequestPathBaseCookieBuilder
+        {
+            // the default name is configured in PostConfigureCookieAuthenticationOptions
+
+            // To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231.
+            SameSite = SameSiteMode.Lax,
+            HttpOnly = true,
+            SecurePolicy = CookieSecurePolicy.SameAsRequest,
+            Expiration = TimeSpan.FromDays(14),
+        };
 
         /// <summary>
         /// Create an instance of the options initialized with the default values
@@ -20,77 +30,52 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         public CookieAuthenticationOptions()
         {
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
-            ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
-            // To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231.
-            CookieSameSite = SameSiteMode.Lax;
-            CookieHttpOnly = true;
-            CookieSecure = CookieSecurePolicy.SameAsRequest;
             Events = new CookieAuthenticationEvents();
         }
 
         /// <summary>
-        /// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies".
+        /// <para>
+        /// Determines the settings used to create the cookie.
+        /// </para>
+        /// <para>
+        /// <seealso cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Lax"/>.
+        /// <seealso cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.
+        /// <seealso cref="CookieBuilder.SecurePolicy"/> defaults to <see cref="CookieSecurePolicy.SameAsRequest"/>.
+        /// <seealso cref="CookieBuilder.Expiration"/> defaults to 14 days.
+        /// </para>
+        /// </summary>
+        /// <remarks>
+        /// <para>
+        /// The default value for cookie name is ".AspNetCore.Cookies".
         /// This value should be changed if you change the name of the AuthenticationScheme, especially if your
         /// system uses the cookie authentication handler multiple times.
-        /// </summary>
-        public string CookieName
+        /// </para>
+        /// <para>
+        /// <seealso cref="CookieBuilder.SameSite"/> determines if the browser should allow the cookie to be attached to same-site or cross-site requests.
+        /// The default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe HTTP methods and same-site requests.
+        /// </para>
+        /// <para>
+        /// <seealso cref="CookieBuilder.HttpOnly"/> determines if the browser should allow the cookie to be accessed by client-side javascript.
+        /// The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.
+        /// </para>
+        /// <para>
+        /// <seealso cref="CookieBuilder.Expiration"/> controls how much time the cookie will remain valid from the point it is created. The expiration
+        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
+        /// even if it is passed to the server after the browser should have purged it
+        /// </para>
+        /// </remarks>
+        public CookieBuilder Cookie
         {
-            get { return _cookieName; }
-            set
-            {
-                if (value == null)
-                {
-                    throw new ArgumentNullException(nameof(value));
-                }
-
-                _cookieName = value;
-            }
+            get => _cookieBuilder;
+            set => _cookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
         }
 
-        /// <summary>
-        /// Determines the domain used to create the cookie. Is not provided by default.
-        /// </summary>
-        public string CookieDomain { get; set; }
-
-        /// <summary>
-        /// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility.
-        /// </summary>
-        public string CookiePath { get; set; }
-
-        /// <summary>
-        /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
-        /// default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe
-        /// HTTP methods and same-site requests.
-        /// </summary>
-        public SameSiteMode CookieSameSite { get; set; }
-
-        /// <summary>
-        /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
-        /// default is true, which means the cookie will only be passed to http requests and is not made available
-        /// to script on the page.
-        /// </summary>
-        public bool CookieHttpOnly { get; set; }
-
-        /// <summary>
-        /// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie
-        /// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
-        /// and portions of your site are HTTP you may need to change this value.
-        /// </summary>
-        public CookieSecurePolicy CookieSecure { get; set; }
-
         /// <summary>
         /// If set this will be used by the CookieAuthenticationHandler for data protection.
         /// </summary>
         public IDataProtectionProvider DataProtectionProvider { get; set; }
 
-        /// <summary>
-        /// Controls how much time the cookie will remain valid from the point it is created. The expiration
-        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
-        /// even if it is passed to the server after the browser should have purged it
-        /// </summary>
-        public TimeSpan ExpireTimeSpan { get; set; }
-
         /// <summary>
         /// The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new
         /// expiration time any time it processes a request which is more than halfway through the expiration window.
@@ -132,8 +117,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         public new CookieAuthenticationEvents Events
         {
-            get { return (CookieAuthenticationEvents)base.Events; }
-            set { base.Events = value; }
+            get => (CookieAuthenticationEvents)base.Events;
+            set => base.Events = value;
         }
 
         /// <summary>
@@ -154,5 +139,85 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// to the client. This can be used to mitigate potential problems with very large identities.
         /// </summary>
         public ITicketStore SessionStore { get; set; }
+
+        #region Obsolete API
+        /// <summary>
+        /// <para>
+        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Name"/> on <see cref="Cookie"/>.
+        /// </para>
+        /// <para>
+        /// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies".
+        /// This value should be changed if you change the name of the AuthenticationScheme, especially if your
+        /// system uses the cookie authentication handler multiple times.
+        /// </para>
+        /// </summary>
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
+        public string CookieName { get => Cookie.Name; set => Cookie.Name = value; }
+
+        /// <summary>
+        /// <para>
+        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Domain"/> on <see cref="Cookie"/>.
+        /// </para>
+        /// <para>
+        /// Determines the domain used to create the cookie. Is not provided by default.
+        /// </para>
+        /// </summary>
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
+        public string CookieDomain { get => Cookie.Domain; set => Cookie.Domain = value; }
+
+        /// <summary>
+        /// <para>
+        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Path"/> on <see cref="Cookie"/>.
+        /// </para>
+        /// <para>
+        /// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility.
+        /// </para>
+        /// </summary>
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Path) + ".")]
+        public string CookiePath { get => Cookie.Path; set => Cookie.Path = value; }
+
+        /// <summary>
+        /// <para>
+        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.HttpOnly"/> on <see cref="Cookie"/>.
+        /// </para>
+        /// <para>
+        /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
+        /// default is true, which means the cookie will only be passed to http requests and is not made available
+        /// to script on the page.
+        /// </para>
+        /// </summary>
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SameSite) + ".")]
+        public bool CookieHttpOnly { get => Cookie.HttpOnly; set => Cookie.HttpOnly = value; }
+
+        /// <summary>
+        /// <para>
+        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.SecurePolicy"/> on <see cref="Cookie"/>.
+        /// </para>
+        /// <para>
+        /// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie
+        /// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
+        /// and portions of your site are HTTP you may need to change this value.
+        /// </para>
+        /// </summary>
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
+        public CookieSecurePolicy CookieSecure { get => Cookie.SecurePolicy; set => Cookie.SecurePolicy = value; }
+
+        /// <summary>
+        /// <para>
+        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Expiration"/> on <see cref="Cookie"/>.
+        /// </para>
+        /// <para>
+        /// Controls how much time the cookie will remain valid from the point it is created. The expiration
+        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
+        /// even if it is passed to the server after the browser should have purged it
+        /// </para>
+        /// </summary>
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Expiration) + ".")]
+        public TimeSpan ExpireTimeSpan
+        {
+            get => Cookie.Expiration ?? default(TimeSpan);
+            set => Cookie.Expiration = value;
+        }
+        #endregion
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 712aa81772..fb20a55b9f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -19,4 +19,8 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
index e6a62d1b68..48895072e9 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
@@ -28,9 +28,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
 
-            if (String.IsNullOrEmpty(options.CookieName))
+            if (string.IsNullOrEmpty(options.Cookie.Name))
             {
-                options.CookieName = CookieAuthenticationDefaults.CookiePrefix + name;
+                options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + name;
             }
             if (options.TicketDataFormat == null)
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs
deleted file mode 100644
index e2719f39d2..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs
+++ /dev/null
@@ -1,62 +0,0 @@
-// <auto-generated />
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
-    using System.Globalization;
-    using System.Reflection;
-    using System.Resources;
-
-    internal static class Resources
-    {
-        private static readonly ResourceManager _resourceManager
-            = new ResourceManager("Microsoft.AspNetCore.Authentication.Cookies.Resources", typeof(Resources).GetTypeInfo().Assembly);
-
-        /// <summary>
-        /// The cookie key and options are larger than ChunksSize, leaving no room for data.
-        /// </summary>
-        internal static string Exception_CookieLimitTooSmall
-        {
-            get { return GetString("Exception_CookieLimitTooSmall"); }
-        }
-
-        /// <summary>
-        /// The cookie key and options are larger than ChunksSize, leaving no room for data.
-        /// </summary>
-        internal static string FormatException_CookieLimitTooSmall()
-        {
-            return GetString("Exception_CookieLimitTooSmall");
-        }
-
-        /// <summary>
-        /// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.
-        /// </summary>
-        internal static string Exception_ImcompleteChunkedCookie
-        {
-            get { return GetString("Exception_ImcompleteChunkedCookie"); }
-        }
-
-        /// <summary>
-        /// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.
-        /// </summary>
-        internal static string FormatException_ImcompleteChunkedCookie(object p0, object p1, object p2)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_ImcompleteChunkedCookie"), p0, p1, p2);
-        }
-
-        private static string GetString(string name, params string[] formatterNames)
-        {
-            var value = _resourceManager.GetString(name);
-
-            System.Diagnostics.Debug.Assert(value != null);
-
-            if (formatterNames != null)
-            {
-                for (var i = 0; i < formatterNames.Length; i++)
-                {
-                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
-                }
-            }
-
-            return value;
-        }
-    }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 7dade96eec..1471caf440 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -18,7 +18,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.AspNetCore.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
@@ -129,7 +128,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var server = CreateServerWithServices(s => s.AddAuthentication().AddCookie(o =>
             {
                 o.LoginPath = new PathString("/login");
-                o.CookieName = "TestCookie";
+                o.Cookie.Name = "TestCookie";
             }), SignInAsAlice);
 
             var transaction = await SendAsync(server, "http://example.com/testpath");
@@ -150,7 +149,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var server = CreateServer(o =>
             {
                 o.LoginPath = new PathString("/login");
-                o.CookieName = "TestCookie";
+                o.Cookie.Name = "TestCookie";
             }, SignInAsWrong);
 
             await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -162,7 +161,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var server = CreateServer(o =>
             {
                 o.LoginPath = new PathString("/login");
-                o.CookieName = "TestCookie";
+                o.Cookie.Name = "TestCookie";
             }, SignOutAsWrong);
 
             await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -183,8 +182,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var server = CreateServer(o =>
             {
                 o.LoginPath = new PathString("/login");
-                o.CookieName = "TestCookie";
-                o.CookieSecure = cookieSecurePolicy;
+                o.Cookie.Name = "TestCookie";
+                o.Cookie.SecurePolicy = cookieSecurePolicy;
             }, SignInAsAlice);
 
             var transaction = await SendAsync(server, requestUri);
@@ -205,12 +204,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server1 = CreateServer(o =>
             {
-                o.CookieName = "TestCookie";
-                o.CookiePath = "/foo";
-                o.CookieDomain = "another.com";
-                o.CookieSecure = CookieSecurePolicy.Always;
-                o.CookieSameSite = SameSiteMode.None;
-                o.CookieHttpOnly = true;
+                o.Cookie.Name = "TestCookie";
+                o.Cookie.Path = "/foo";
+                o.Cookie.Domain = "another.com";
+                o.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+                o.Cookie.SameSite = SameSiteMode.None;
+                o.Cookie.HttpOnly = true;
             }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
             var transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
@@ -226,10 +225,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             var server2 = CreateServer(o =>
             {
-                o.CookieName = "SecondCookie";
-                o.CookieSecure = CookieSecurePolicy.None;
-                o.CookieSameSite = SameSiteMode.Strict;
-                o.CookieHttpOnly = false;
+                o.Cookie.Name = "SecondCookie";
+                o.Cookie.SecurePolicy = CookieSecurePolicy.None;
+                o.Cookie.SameSite = SameSiteMode.Strict;
+                o.Cookie.HttpOnly = false;
             }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
             var transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
@@ -278,7 +277,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
             }, SignInAsAlice);
 
@@ -307,7 +306,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
             },
             context =>
@@ -340,7 +339,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
@@ -368,7 +367,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -396,7 +395,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -432,7 +431,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -477,7 +476,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
@@ -521,7 +520,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -570,7 +569,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             DateTimeOffset? lastExpiresDate = null;
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = sliding;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -620,7 +619,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents()
                 {
@@ -657,7 +656,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = true;
             },
             SignInAsAlice);
@@ -825,7 +824,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 {
                     services.AddAuthentication().AddCookie();
                     services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme,
-                        o => o.CookieName = "One");
+                        o => o.Cookie.Name = "One");
                 });
             var server = new TestServer(builder);
 
@@ -848,7 +847,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 {
                     services.AddAuthentication().AddCookie("Cookie1");
                     services.Configure<CookieAuthenticationOptions>("Cookie1",
-                        o => o.CookieName = "One");
+                        o => o.Cookie.Name = "One");
                 });
             var server = new TestServer(builder);
 
@@ -984,7 +983,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var server = CreateServer(o =>
             {
                 o.LoginPath = "/testpath";
-                o.CookieName = "TestCookie";
+                o.Cookie.Name = "TestCookie";
             },
             async context =>
                 await context.SignInAsync(
@@ -1006,7 +1005,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 o.LoginPath = "/testpath";
                 o.ReturnUrlParameter = "return";
-                o.CookieName = "TestCookie";
+                o.Cookie.Name = "TestCookie";
             },
             async context =>
             {
@@ -1028,7 +1027,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 o.LoginPath = "/testpath";
                 o.ReturnUrlParameter = "return";
-                o.CookieName = "TestCookie";
+                o.Cookie.Name = "TestCookie";
             },
             async context =>
             {
@@ -1049,7 +1048,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 o.LoginPath = "/testpath";
                 o.ReturnUrlParameter = "return";
-                o.CookieName = "TestCookie";
+                o.Cookie.Name = "TestCookie";
             },
             async context =>
             {
@@ -1102,7 +1101,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 .ConfigureServices(services => services.AddAuthentication().AddCookie(o =>
                 {
                     o.TicketDataFormat = new TicketDataFormat(dp);
-                    o.CookieName = "Cookie";
+                    o.Cookie.Name = "Cookie";
                 }));
             var server1 = new TestServer(builder1);
 
@@ -1121,7 +1120,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 })
                 .ConfigureServices(services => services.AddAuthentication().AddCookie("Cookies", o =>
                 {
-                    o.CookieName = "Cookie";
+                    o.Cookie.Name = "Cookie";
                     o.TicketDataFormat = new TicketDataFormat(dp);
                 }));
             var server2 = new TestServer(builder2);
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index 5c2458c529..49089234ee 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -314,9 +314,9 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                 {
                     services.AddAuthentication().AddCookie(o =>
                     {
-                        o.CookieName = "TestCookie";
-                        o.CookieHttpOnly = false;
-                        o.CookieSecure = CookieSecurePolicy.None;
+                        o.Cookie.Name = "TestCookie";
+                        o.Cookie.HttpOnly = false;
+                        o.Cookie.SecurePolicy = CookieSecurePolicy.None;
                     });
                 })
                 .Configure(app =>
@@ -354,9 +354,9 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                 {
                     services.AddAuthentication().AddCookie(o =>
                     {
-                        o.CookieName = "TestCookie";
-                        o.CookieHttpOnly = false;
-                        o.CookieSecure = CookieSecurePolicy.None;
+                        o.Cookie.Name = "TestCookie";
+                        o.Cookie.HttpOnly = false;
+                        o.Cookie.SecurePolicy = CookieSecurePolicy.None;
                     });
                 })
                 .Configure(app =>

From 1c30f33c925a97b105b3f9d34497218b0c9342b6 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 3 Jul 2017 12:56:39 -0700
Subject: [PATCH 757/900] Remove AddXyzAuth extension methods

---
 .../CookieExtensions.cs                         | 15 ---------------
 .../FacebookExtensions.cs                       | 11 -----------
 .../GoogleExtensions.cs                         | 12 ------------
 .../JwtBearerExtensions.cs                      | 14 --------------
 .../MicrosoftAccountExtensions.cs               | 12 ------------
 .../OAuthExtensions.cs                          | 14 --------------
 .../OpenIdConnectExtensions.cs                  | 13 -------------
 .../TwitterExtensions.cs                        | 13 -------------
 .../AuthenticationMiddleware.cs                 |  2 --
 .../FacebookTests.cs                            | 10 ++++------
 .../GoogleTests.cs                              |  3 ++-
 .../JwtBearerTests.cs                           |  5 +++--
 .../MicrosoftAccountTests.cs                    |  3 ++-
 .../OAuthTests.cs                               | 17 +++++++++--------
 .../TwitterTests.cs                             |  4 ++--
 15 files changed, 22 insertions(+), 126 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
index 67c4416ebb..61f72e361f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
@@ -25,20 +25,5 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
             return builder.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
         }
-
-
-        // REMOVE below once callers have been updated
-        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services) => services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
-
-        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme) => services.AddCookieAuthentication(authenticationScheme, configureOptions: null);
-
-        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, Action<CookieAuthenticationOptions> configureOptions) =>
-            services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
-
-        public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
-        {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
-            return services.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index e4dcbfee8b..1cb1ef03eb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -17,16 +17,5 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, Action<FacebookOptions> configureOptions)
             => builder.AddOAuth<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
-
-
-        // REMOVE below once callers have been updated
-        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services) 
-            => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, _ => { });
-
-        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, Action<FacebookOptions> configureOptions) 
-            => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, configureOptions);
-
-        public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, string authenticationScheme, Action<FacebookOptions> configureOptions)
-            => services.AddOAuthAuthentication<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index ee42c5564c..7bb9b7bebd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -17,17 +17,5 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, Action<GoogleOptions> configureOptions)
             => builder.AddOAuth<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
-
-
-        // REMOVE below once callers have been updated
-
-        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services) 
-            => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, _ => { });
-
-        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, Action<GoogleOptions> configureOptions) 
-            => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, configureOptions);
-
-        public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, string authenticationScheme, Action<GoogleOptions> configureOptions)
-            => services.AddOAuthAuthentication<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
index 4f051bd39a..698c0118e0 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -22,19 +22,5 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<JwtBearerOptions>, JwtBearerPostConfigureOptions>());
             return builder.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
         }
-
-
-        // REMOVE once callers updated
-        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services) 
-            => services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, _ => { });
-
-        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, Action<JwtBearerOptions> configureOptions) 
-            => services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, configureOptions);
-
-        public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
-        {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<JwtBearerOptions>, JwtBearerPostConfigureOptions>());
-            return services.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index 9a53fd7700..8da6daaac8 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -17,17 +17,5 @@ namespace Microsoft.Extensions.DependencyInjection
 
         public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
             => builder.AddOAuth<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
-
-
-        // REMOVE below once callers have been updated
-
-        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services) 
-            => services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, _ => { });
-
-        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, Action<MicrosoftAccountOptions> configureOptions) 
-            => services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
-
-        public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
-            => services.AddOAuthAuthentication<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
index 5720d8e4f4..8c9d34c5f9 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -21,19 +21,5 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, OAuthPostConfigureOptions<TOptions, THandler>>());
             return builder.AddRemoteScheme<TOptions, THandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
-
-        // REMOVE below once callers have been updated
-        public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action<OAuthOptions> configureOptions)
-        {
-            return services.AddOAuthAuthentication<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
-        }
-
-        public static IServiceCollection AddOAuthAuthentication<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
-            where TOptions : OAuthOptions, new()
-            where THandler : OAuthHandler<TOptions>
-        {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, OAuthPostConfigureOptions<TOptions, THandler>>());
-            return services.AddRemoteScheme<TOptions, THandler>(authenticationScheme, authenticationScheme, configureOptions);
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index 7ba262bf39..43059b3ffe 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -22,18 +22,5 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());
             return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
-
-        // REMOVE once callers have been updated
-        public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services)
-            => services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, _ => { });
-
-        public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, Action<OpenIdConnectOptions> configureOptions) 
-            => services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
-
-        public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
-        {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());
-            return services.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index e49244920e..bd0a3b1e20 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -22,18 +22,5 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TwitterOptions>, TwitterPostConfigureOptions>());
             return builder.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
         }
-
-        // REMOVE below once callers have been updated.
-        public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services)
-            => services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, _ => { });
-
-        public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, Action<TwitterOptions> configureOptions)
-            => services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, configureOptions);
-
-        public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action<TwitterOptions> configureOptions)
-        {
-            services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TwitterOptions>, TwitterPostConfigureOptions>());
-            return services.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
-        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
index eba561d1da..0c62cc3c39 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
@@ -37,8 +37,6 @@ namespace Microsoft.AspNetCore.Authentication
                 OriginalPathBase = context.Request.PathBase
             });
 
-            // REVIEW: alternatively could depend on a routing middleware to do this
-
             // Give any IAuthenticationRequestHandler schemes a chance to handle the request
             var handlers = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
             foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync())
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index e6b5574df1..43c52b0fd9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -16,10 +15,8 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
-using Microsoft.Extensions.Options;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -30,7 +27,8 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         [Fact]
         public async Task VerifySchemeDefaults()
         {
-            var services = new ServiceCollection().AddFacebookAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddFacebook();
             var sp = services.BuildServiceProvider();
             var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
             var scheme = await schemeProvider.GetSchemeAsync(FacebookDefaults.AuthenticationScheme);
@@ -44,7 +42,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddFacebookAuthentication(o => o.SignInScheme = "Whatever"),
+                services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = "Whatever"),
                 context =>
                 {
                     // REVIEW: Gross.
@@ -60,7 +58,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddFacebookAuthentication(o => o.AppId = "Whatever"),
+                services => services.AddAuthentication().AddFacebook(o => o.AppId = "Whatever"),
                 context =>
                 {
                     // REVIEW: Gross.
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 2eae266702..3bfea45df8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -29,7 +29,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
         [Fact]
         public async Task VerifySchemeDefaults()
         {
-            var services = new ServiceCollection().AddGoogleAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddGoogle();
             var sp = services.BuildServiceProvider();
             var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
             var scheme = await schemeProvider.GetSchemeAsync(GoogleDefaults.AuthenticationScheme);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index a9b158d2b0..c7153ded30 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -29,7 +29,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         [Fact]
         public async Task VerifySchemeDefaults()
         {
-            var services = new ServiceCollection().AddJwtBearerAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddJwtBearer();
             var sp = services.BuildServiceProvider();
             var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
             var scheme = await schemeProvider.GetSchemeAsync(JwtBearerDefaults.AuthenticationScheme);
@@ -747,7 +748,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                     });
                 })
-                .ConfigureServices(services => services.AddJwtBearerAuthentication(options));
+                .ConfigureServices(services => services.AddAuthentication().AddJwtBearer(options));
 
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index f516940432..941dd13481 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -30,7 +30,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
         [Fact]
         public async Task VerifySchemeDefaults()
         {
-            var services = new ServiceCollection().AddMicrosoftAccountAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddMicrosoftAccount();
             var sp = services.BuildServiceProvider();
             var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
             var scheme = await schemeProvider.GetSchemeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 62d11e52aa..ea0c941c91 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -19,7 +19,8 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         [Fact]
         public async Task VerifySchemeDefaults()
         {
-            var services = new ServiceCollection().AddOAuthAuthentication("oauth", o => { });
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddOAuth("oauth", o => { });
             var sp = services.BuildServiceProvider();
             var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
             var scheme = await schemeProvider.GetSchemeAsync("oauth");
@@ -33,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddOAuthAuthentication("weeblie", o =>
+                services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.SignInScheme = "whatever";
                     o.CallbackPath = "/";
@@ -56,7 +57,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddOAuthAuthentication("weeblie", o =>
+                services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.SignInScheme = "whatever";
                     o.ClientId = "Whatever;";
@@ -79,7 +80,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddOAuthAuthentication("weeblie", o =>
+                services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.ClientId = "Whatever;";
                     o.ClientSecret = "Whatever;";
@@ -102,7 +103,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddOAuthAuthentication("weeblie", o =>
+                services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.ClientId = "Whatever;";
                     o.ClientSecret = "Whatever;";
@@ -125,7 +126,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddOAuthAuthentication("weeblie", o =>
+                services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.ClientId = "Whatever;";
                     o.ClientSecret = "Whatever;";
@@ -148,7 +149,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             var server = CreateServer(
                 app => { },
-                s => s.AddOAuthAuthentication(
+                s => s.AddAuthentication().AddOAuth(
                     "Weblie",
                     opt =>
                     {
@@ -180,7 +181,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         {
             var server = CreateServer(
                 app => { },
-                s => s.AddOAuthAuthentication(
+                s => s.AddAuthentication().AddOAuth(
                     "Weblie",
                     opt =>
                     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 76f6b1aad9..1c387d889a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -10,7 +10,6 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
@@ -21,7 +20,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         [Fact]
         public async Task VerifySchemeDefaults()
         {
-            var services = new ServiceCollection().AddTwitterAuthentication().AddSingleton<IConfiguration>(new ConfigurationBuilder().Build());
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddTwitter();
             var sp = services.BuildServiceProvider();
             var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
             var scheme = await schemeProvider.GetSchemeAsync(TwitterDefaults.AuthenticationScheme);

From 658f4621b17e14e5eba007c83426764d1fd8a5a6 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 28 Jun 2017 10:50:52 -0700
Subject: [PATCH 758/900] #1208 Clean up JWT and OIDC issuer handling

---
 .../JwtBearerHandler.cs                            | 14 ++++----------
 .../OpenIdConnectHandler.cs                        | 13 ++++---------
 2 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 999d323e11..1cb1ea4496 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -90,17 +90,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                 var validationParameters = Options.TokenValidationParameters.Clone();
                 if (_configuration != null)
                 {
-                    if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer))
-                    {
-                        validationParameters.ValidIssuer = _configuration.Issuer;
-                    }
-                    else
-                    {
-                        var issuers = new[] { _configuration.Issuer };
-                        validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers));
-                    }
+                    var issuers = new[] { _configuration.Issuer };
+                    validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(issuers) ?? issuers;
 
-                    validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
+                    validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys)
+                        ?? _configuration.SigningKeys;
                 }
 
                 List<Exception> validationFailures = null;
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9e6d34bc98..068593837b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -1137,16 +1137,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             if (_configuration != null)
             {
-                if (string.IsNullOrEmpty(validationParameters.ValidIssuer))
-                {
-                    validationParameters.ValidIssuer = _configuration.Issuer;
-                }
-                else if (!string.IsNullOrEmpty(_configuration.Issuer))
-                {
-                    validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(new[] { _configuration.Issuer }) ?? new[] { _configuration.Issuer };
-                }
+                var issuer = new[] { _configuration.Issuer };
+                validationParameters.ValidIssuers = validationParameters.ValidIssuers?.Concat(issuer) ?? issuer;
 
-                validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys) ?? _configuration.SigningKeys;
+                validationParameters.IssuerSigningKeys = validationParameters.IssuerSigningKeys?.Concat(_configuration.SigningKeys)
+                    ?? _configuration.SigningKeys;
             }
 
             var principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out SecurityToken validatedToken);

From bd19ba9533cfd3ffd81e4ef2c874109e8b3dbccd Mon Sep 17 00:00:00 2001
From: Nate McMaster <natemcmaster@users.noreply.github.com>
Date: Wed, 5 Jul 2017 15:43:43 -0700
Subject: [PATCH 759/900] Revert obsoleting
 CookieAuthenticationOptions.ExpireTimeSpan (#1296)

- Revert the obsoleting of CookieAuthenticationOptions.ExpireTimeSpan in aspnet/Security#1285
- Add test to ensure Cookie.Expiration is ignored
---
 .../CookieAuthenticationHandler.cs            |  4 +-
 .../CookieAuthenticationOptions.cs            | 37 +++++++-----------
 ...t.AspNetCore.Authentication.Cookies.csproj |  4 --
 .../CookieTests.cs                            | 39 +++++++++++++------
 4 files changed, 45 insertions(+), 39 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index e093e87b78..f411997520 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -270,14 +270,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             if (!signInContext.Properties.ExpiresUtc.HasValue)
             {
-                signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
+                signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
             }
 
             await Events.SigningIn(signInContext);
 
             if (signInContext.Properties.IsPersistent)
             {
-                var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
+                var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
                 signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
             }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 4f8b201ad3..ec67ecc181 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -21,7 +21,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             SameSite = SameSiteMode.Lax,
             HttpOnly = true,
             SecurePolicy = CookieSecurePolicy.SameAsRequest,
-            Expiration = TimeSpan.FromDays(14),
         };
 
         /// <summary>
@@ -29,6 +28,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         public CookieAuthenticationOptions()
         {
+            ExpireTimeSpan = TimeSpan.FromDays(14);
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             SlidingExpiration = true;
             Events = new CookieAuthenticationEvents();
@@ -42,7 +42,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// <seealso cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Lax"/>.
         /// <seealso cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.
         /// <seealso cref="CookieBuilder.SecurePolicy"/> defaults to <see cref="CookieSecurePolicy.SameAsRequest"/>.
-        /// <seealso cref="CookieBuilder.Expiration"/> defaults to 14 days.
         /// </para>
         /// </summary>
         /// <remarks>
@@ -60,9 +59,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.
         /// </para>
         /// <para>
-        /// <seealso cref="CookieBuilder.Expiration"/> controls how much time the cookie will remain valid from the point it is created. The expiration
-        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
-        /// even if it is passed to the server after the browser should have purged it
+        /// <seealso cref="CookieBuilder.Expiration"/> is currently ignored. Use <see cref="ExpireTimeSpan"/> to control lifetime of cookie authentication.
         /// </para>
         /// </remarks>
         public CookieBuilder Cookie
@@ -140,6 +137,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         public ITicketStore SessionStore { get; set; }
 
+        /// <summary>
+        /// <para>
+        /// Controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created
+        /// The expiration information is stored in the protected cookie ticket. Because of that an expired cookie will be ignored
+        /// even if it is passed to the server after the browser should have purged it.
+        /// </para>
+        /// <para>
+        /// This is separate from the value of <seealso cref="CookieOptions.Expires"/>, which specifies
+        /// how long the browser will keep the cookie.
+        /// </para>
+        /// </summary>
+        public TimeSpan ExpireTimeSpan { get; set; }
+
         #region Obsolete API
         /// <summary>
         /// <para>
@@ -201,23 +211,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// </summary>
         [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
         public CookieSecurePolicy CookieSecure { get => Cookie.SecurePolicy; set => Cookie.SecurePolicy = value; }
-
-        /// <summary>
-        /// <para>
-        /// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Expiration"/> on <see cref="Cookie"/>.
-        /// </para>
-        /// <para>
-        /// Controls how much time the cookie will remain valid from the point it is created. The expiration
-        /// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
-        /// even if it is passed to the server after the browser should have purged it
-        /// </para>
-        /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Expiration) + ".")]
-        public TimeSpan ExpireTimeSpan
-        {
-            get => Cookie.Expiration ?? default(TimeSpan);
-            set => Cookie.Expiration = value;
-        }
         #endregion
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index fb20a55b9f..712aa81772 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -19,8 +19,4 @@
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
   </ItemGroup>
 
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
-
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 1471caf440..c2d843bf10 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -143,6 +143,23 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.DoesNotContain("; secure", setCookie);
         }
 
+        [Fact]
+        public async Task CookieExpirationOptionIsIgnored()
+        {
+            var server = CreateServerWithServices(s => s.AddAuthentication().AddCookie(o =>
+            {
+                o.Cookie.Name = "TestCookie";
+                // this is currently ignored. Users should set o.ExpireTimeSpan instead
+                o.Cookie.Expiration = TimeSpan.FromDays(10);
+            }), SignInAsAlice);
+
+            var transaction = await SendAsync(server, "http://example.com/testpath");
+
+            var setCookie = transaction.SetCookie;
+            Assert.StartsWith("TestCookie=", setCookie);
+            Assert.DoesNotContain("; expires=", setCookie);
+        }
+
         [Fact]
         public async Task SignInWrongAuthTypeThrows()
         {
@@ -277,7 +294,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
             }, SignInAsAlice);
 
@@ -306,7 +323,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
             },
             context =>
@@ -339,7 +356,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
@@ -367,7 +384,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -395,7 +412,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -431,7 +448,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -476,7 +493,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.Events = new CookieAuthenticationEvents
                 {
                     OnValidatePrincipal = ctx =>
@@ -520,7 +537,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -569,7 +586,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             DateTimeOffset? lastExpiresDate = null;
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = sliding;
                 o.Events = new CookieAuthenticationEvents
                 {
@@ -619,7 +636,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = false;
                 o.Events = new CookieAuthenticationEvents()
                 {
@@ -656,7 +673,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             var server = CreateServer(o =>
             {
-                o.Cookie.Expiration = TimeSpan.FromMinutes(10);
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
                 o.SlidingExpiration = true;
             },
             SignInAsAlice);

From fd502195a4320150a1d328e9b6d055dd3a9b419f Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 6 Jul 2017 10:39:16 -0700
Subject: [PATCH 760/900] React to aspnet/BuildTools#293

[ci skip]
---
 build/dependencies.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index f00799700a..44605092cc 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,7 +4,7 @@
     <CoreFxVersion>4.4.0-*</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.13.9</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
-    <InternalAspNetCoreSdkVersion>2.1.0-*</InternalAspNetCoreSdkVersion>
+    <InternalAspNetCoreSdkVersion>2.0.1-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>2.0.0-*</NETStandardImplicitPackageVersion>
     <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>

From 23da47617624cfed065cd1cdd552d34e5ea5b821 Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Thu, 6 Jul 2017 13:41:47 -0700
Subject: [PATCH 761/900] Switch to IOptionsMonitor (#1295)

---
 .../CookieAuthenticationHandler.cs            |  2 +-
 .../FacebookHandler.cs                        |  2 +-
 .../GoogleHandler.cs                          |  2 +-
 .../JwtBearerHandler.cs                       |  2 +-
 .../MicrosoftAccountHandler.cs                |  2 +-
 .../OAuthHandler.cs                           |  2 +-
 .../OpenIdConnectHandler.cs                   |  2 +-
 .../TwitterHandler.cs                         |  2 +-
 .../AuthenticationHandler.cs                  |  8 +--
 .../RemoteAuthenticationHandler.cs            |  2 +-
 .../DynamicSchemeTests.cs                     | 72 ++++++++++++++++---
 11 files changed, 76 insertions(+), 22 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index f411997520..996c334a73 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -32,7 +32,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         private string _sessionKey;
         private Task<AuthenticateResult> _readCookieTask;
 
-        public CookieAuthenticationHandler(IOptionsSnapshot<CookieAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        public CookieAuthenticationHandler(IOptionsMonitor<CookieAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 8a1f29bbe5..9004fc09cd 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     internal class FacebookHandler : OAuthHandler<FacebookOptions>
     {
-        public FacebookHandler(IOptionsSnapshot<FacebookOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        public FacebookHandler(IOptionsMonitor<FacebookOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index aa5e596494..7a2e1a2d14 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
 {
     internal class GoogleHandler : OAuthHandler<GoogleOptions>
     {
-        public GoogleHandler(IOptionsSnapshot<GoogleOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        public GoogleHandler(IOptionsMonitor<GoogleOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 1cb1ea4496..9cf73182ba 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -22,7 +22,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
     {
         private OpenIdConnectConfiguration _configuration;
 
-        public JwtBearerHandler(IOptionsSnapshot<JwtBearerOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+        public JwtBearerHandler(IOptionsMonitor<JwtBearerOptions> options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 45fae3d0ea..8204bf07b9 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -15,7 +15,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
     internal class MicrosoftAccountHandler : OAuthHandler<MicrosoftAccountOptions>
     {
-        public MicrosoftAccountHandler(IOptionsSnapshot<MicrosoftAccountOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        public MicrosoftAccountHandler(IOptionsMonitor<MicrosoftAccountOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index b61d575375..007d7dbefd 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -32,7 +32,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             set { base.Events = value; }
         }
 
-        public OAuthHandler(IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        public OAuthHandler(IOptionsMonitor<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 068593837b..65e1e1951e 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -55,7 +55,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         protected HtmlEncoder HtmlEncoder { get; }
 
-        public OpenIdConnectHandler(IOptionsSnapshot<OpenIdConnectOptions> options, ILoggerFactory logger, HtmlEncoder htmlEncoder, UrlEncoder encoder, ISystemClock clock)
+        public OpenIdConnectHandler(IOptionsMonitor<OpenIdConnectOptions> options, ILoggerFactory logger, HtmlEncoder htmlEncoder, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         {
             HtmlEncoder = htmlEncoder;
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index ddcd095d5b..1e1dd08d87 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -38,7 +38,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             set { base.Events = value; }
         }
 
-        public TwitterHandler(IOptionsSnapshot<TwitterOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        public TwitterHandler(IOptionsMonitor<TwitterOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
         { }
 
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index a258d0acaf..d1d09f0746 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -40,7 +40,7 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected ISystemClock Clock { get; }
 
-        protected IOptionsSnapshot<TOptions> OptionsSnapshot { get; }
+        protected IOptionsMonitor<TOptions> OptionsMonitor { get; }
 
         /// <summary>
         /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
@@ -58,12 +58,12 @@ namespace Microsoft.AspNetCore.Authentication
             }
         }
 
-        protected AuthenticationHandler(IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        protected AuthenticationHandler(IOptionsMonitor<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
         {
             Logger = logger.CreateLogger(this.GetType().FullName);
             UrlEncoder = encoder;
             Clock = clock;
-            OptionsSnapshot = options;
+            OptionsMonitor = options;
         }
 
         /// <summary>
@@ -86,7 +86,7 @@ namespace Microsoft.AspNetCore.Authentication
             Scheme = scheme;
             Context = context;
 
-            Options = OptionsSnapshot.Get(Scheme.Name) ?? new TOptions();
+            Options = OptionsMonitor.Get(Scheme.Name) ?? new TOptions();
             Options.Validate();
 
             await InitializeEventsAsync();
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 7bd3b07731..bcd5983642 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -31,7 +31,7 @@ namespace Microsoft.AspNetCore.Authentication
             set { base.Events = value; }
         }
 
-        protected RemoteAuthenticationHandler(IOptionsSnapshot<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+        protected RemoteAuthenticationHandler(IOptionsMonitor<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock) { }
 
         protected override Task<object> CreateEventsAsync()
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
index d239d85f81..fe7443679c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
@@ -18,6 +18,42 @@ namespace Microsoft.AspNetCore.Authentication
 {
     public class DynamicSchemeTests
     {
+        [Fact]
+        public async Task OptionsAreConfiguredOnce()
+        {
+            var server = CreateServer(s =>
+            {
+                s.Configure<TestOptions>("One", o => o.Instance = new Singleton());
+                s.Configure<TestOptions>("Two", o => o.Instance = new Singleton());
+            });
+            // Add One scheme
+            var response = await server.CreateClient().GetAsync("http://example.com/add/One");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var transaction = await server.SendAsync("http://example.com/auth/One");
+            Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+            Assert.Equal("1", transaction.FindClaimValue("Count"));
+
+            // Verify option is not recreated
+            transaction = await server.SendAsync("http://example.com/auth/One");
+            Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+            Assert.Equal("1", transaction.FindClaimValue("Count"));
+
+            // Add Two scheme
+            response = await server.CreateClient().GetAsync("http://example.com/add/Two");
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            transaction = await server.SendAsync("http://example.com/auth/Two");
+            Assert.Equal("Two", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "Two"));
+            Assert.Equal("2", transaction.FindClaimValue("Count"));
+
+            // Verify options are not recreated
+            transaction = await server.SendAsync("http://example.com/auth/One");
+            Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+            Assert.Equal("1", transaction.FindClaimValue("Count"));
+            transaction = await server.SendAsync("http://example.com/auth/Two");
+            Assert.Equal("Two", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "Two"));
+            Assert.Equal("2", transaction.FindClaimValue("Count"));
+        }
+
         [Fact]
         public async Task CanAddAndRemoveSchemes()
         {
@@ -48,7 +84,6 @@ namespace Microsoft.AspNetCore.Authentication
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/Two"));
             await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/One"));
-
         }
 
         [Fact]
@@ -69,9 +104,27 @@ namespace Microsoft.AspNetCore.Authentication
             await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth"));
         }
 
-        private class TestHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+        public class TestOptions : AuthenticationSchemeOptions
         {
-            public TestHandler(IOptionsSnapshot<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+            public Singleton Instance { get; set; }
+        }
+
+        public class Singleton
+        {
+            public static int _count;
+
+            public Singleton()
+            {
+                _count++;
+                Count = _count;
+            }
+
+            public int Count { get; }
+        }
+
+        private class TestHandler : AuthenticationHandler<TestOptions>
+        {
+            public TestHandler(IOptionsMonitor<TestOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
             {
             }
 
@@ -80,12 +133,16 @@ namespace Microsoft.AspNetCore.Authentication
                 var principal = new ClaimsPrincipal();
                 var id = new ClaimsIdentity();
                 id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
+                if (Options.Instance != null)
+                {
+                    id.AddClaim(new Claim("Count", Options.Instance.Count.ToString()));
+                }
                 principal.AddIdentity(id);
                 return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
             }
         }
 
-        private static TestServer CreateServer(Action<AuthenticationOptions> configureAuth = null)
+        private static TestServer CreateServer(Action<IServiceCollection> configureServices = null)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
@@ -122,11 +179,8 @@ namespace Microsoft.AspNetCore.Authentication
                 })
                 .ConfigureServices(services =>
                 {
-                    if (configureAuth == null)
-                    {
-                        configureAuth = o => { };
-                    }
-                    services.AddAuthentication(configureAuth);
+                    configureServices?.Invoke(services);
+                    services.AddAuthentication();
                 });
             return new TestServer(builder);
         }

From 184ccb8f4a83b21eab0812ccc84714f14aaf0092 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Thu, 6 Jul 2017 12:26:50 -0700
Subject: [PATCH 762/900] Set "TreatWarningsAsErrors" before NuGet restore

* Ensures our build stays clean of NuGet warnings
---
 build/common.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build/common.props b/build/common.props
index dc4ad9a786..1555ad6383 100644
--- a/build/common.props
+++ b/build/common.props
@@ -10,6 +10,7 @@
     <SignAssembly>true</SignAssembly>
     <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
     <VersionSuffix Condition="'$(VersionSuffix)'!='' AND '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
 
   <ItemGroup>

From bfe067432567f25f148149b78f90a0a5c1d9a5fb Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 6 Jul 2017 15:08:51 -0700
Subject: [PATCH 763/900] Update version suffix for 2.0.0 RTM release

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index 90a2f5b5cc..b94223e008 100644
--- a/version.props
+++ b/version.props
@@ -2,6 +2,6 @@
 <Project>
     <PropertyGroup>
         <VersionPrefix>2.0.0</VersionPrefix>
-        <VersionSuffix>preview3</VersionSuffix>
+        <VersionSuffix>rtm</VersionSuffix>
     </PropertyGroup>
 </Project>
\ No newline at end of file

From d433f034fab3daea2cfd5e2661bd1512cd0d2efc Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Thu, 6 Jul 2017 15:44:03 -0700
Subject: [PATCH 764/900] Remove NETStandard.Library.NETFramework

---
 build/common.props                                            | 4 ----
 samples/CookieSample/CookieSample.csproj                      | 4 ----
 samples/CookieSessionSample/CookieSessionSample.csproj        | 4 ----
 samples/JwtBearerSample/JwtBearerSample.csproj                | 4 ----
 .../OpenIdConnect.AzureAdSample.csproj                        | 4 ----
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj        | 4 ----
 samples/SocialSample/SocialSample.csproj                      | 4 ----
 7 files changed, 28 deletions(-)

diff --git a/build/common.props b/build/common.props
index 1555ad6383..f7497c8f43 100644
--- a/build/common.props
+++ b/build/common.props
@@ -17,8 +17,4 @@
     <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFrameworkIdentifier)'=='.NETFramework'">
-    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" PrivateAssets="All" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index d251b844e1..64438de77d 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -19,8 +19,4 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
-    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index a2d0490f1a..cb07f4385b 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -19,8 +19,4 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
-    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index c2f73fd961..fe2a5fa9d9 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -20,8 +20,4 @@
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
-    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 7857249087..ece748d0dd 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -23,8 +23,4 @@
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
-    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 03384f567e..9f62a06b50 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -33,8 +33,4 @@
     <EmbeddedResource Include="compiler\resources\cert.pfx" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
-    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
-  </ItemGroup>
-
 </Project>
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 999dc91a6f..d35796f759 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -35,8 +35,4 @@
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)'=='net461'">
-    <PackageReference Include="NETStandard.Library.NETFramework" Version="$(NETStandardLibraryNETFrameworkVersion)" />
-  </ItemGroup>
-
 </Project>

From 38d33cfbf2d639e22ea0316a50a72a642cc7196d Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 7 Jul 2017 11:28:41 -0700
Subject: [PATCH 765/900] Fix tests to work with new default

---
 .../CookieTests.cs                             |  2 +-
 .../DynamicSchemeTests.cs                      | 18 ------------------
 .../FacebookTests.cs                           |  5 ++---
 .../GoogleTests.cs                             |  2 +-
 .../JwtBearerTests.cs                          |  2 +-
 .../MicrosoftAccountTests.cs                   |  2 +-
 .../OpenIdConnect/TestServerBuilder.cs         |  2 +-
 7 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index c2d843bf10..83083cbf0a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -1247,7 +1247,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             => CreateServerWithServices(s =>
             {
                 s.AddSingleton<ISystemClock>(_clock);
-                s.AddAuthentication().AddCookie(configureOptions);
+                s.AddAuthentication(o => o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(configureOptions);
                 s.AddSingleton<IClaimsTransformation, ClaimsTransformer>();
             }, testpath, baseAddress);
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
index fe7443679c..d658609b04 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
@@ -86,24 +86,6 @@ namespace Microsoft.AspNetCore.Authentication
             await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/One"));
         }
 
-        [Fact]
-        public async Task VerifyDefaultBehavior()
-        {
-            var server = CreateServer();
-
-            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth"));
-
-            var response = await server.CreateClient().GetAsync("http://example.com/add/One");
-            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-            var transaction = await server.SendAsync("http://example.com/auth");
-            Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
-            response = await server.CreateClient().GetAsync("http://example.com/add/Two");
-            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-
-            // Default will blow up since now there's two
-            await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth"));
-        }
-
         public class TestOptions : AuthenticationSchemeOptions
         {
             public Singleton Instance { get; set; }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 43c52b0fd9..35752ec6b0 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -81,8 +81,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 {
                     services.AddAuthentication(options =>
                     {
-                        options.DefaultSignInScheme = "External";
-                        options.DefaultAuthenticateScheme = "External";
+                        options.DefaultScheme = "External";
                     })
                         .AddCookie("External", o => { })
                         .AddFacebook(o =>
@@ -221,7 +220,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 {
                     services.AddAuthentication(options =>
                     {
-                        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     })
                         .AddCookie()
                         .AddFacebook(o => 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 3bfea45df8..f1038bb51d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -1050,7 +1050,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                     services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
                     services.AddAuthentication(o =>
                     {
-                        o.DefaultAuthenticateScheme = TestExtensions.CookieAuthenticationScheme;
+                        o.DefaultScheme = TestExtensions.CookieAuthenticationScheme;
                         o.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
                     });
                     services.AddAuthentication()
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index c7153ded30..e001bd9950 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -748,7 +748,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication().AddJwtBearer(options));
+                .ConfigureServices(services => services.AddAuthentication(o => o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options));
 
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index 941dd13481..b63ad1f7d6 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -226,7 +226,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                 {
                     services.AddAuthentication(o =>
                     {
-                        o.DefaultAuthenticateScheme = TestExtensions.CookieAuthenticationScheme;
+                        o.DefaultScheme = TestExtensions.CookieAuthenticationScheme;
                     });
                     services.AddAuthentication()
                         .AddCookie(TestExtensions.CookieAuthenticationScheme, o => { })
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
index 1ffb9ff686..4d6a268217 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
@@ -111,7 +111,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     services.AddAuthentication(o =>
                     {
-                        o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     });
                     services.AddAuthentication()
                         .AddCookie()

From df325deaf355f99239c1319932bc28eb3a837372 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 7 Jul 2017 12:04:32 -0700
Subject: [PATCH 766/900] Add AddAuthentication(defaultScheme) overload

---
 .../AuthenticationServiceCollectionExtensions.cs       |  3 +++
 .../CookieTests.cs                                     |  2 +-
 .../FacebookTests.cs                                   | 10 ++--------
 .../JwtBearerTests.cs                                  |  2 +-
 .../MicrosoftAccountTests.cs                           |  6 +-----
 .../OpenIdConnect/TestServerBuilder.cs                 |  6 +-----
 6 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 28291f4196..e1beea7b6e 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -27,6 +27,9 @@ namespace Microsoft.Extensions.DependencyInjection
             return new AuthenticationBuilder(services);
         }
 
+        public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, string defaultScheme)
+            => services.AddAuthentication(o => o.DefaultScheme = defaultScheme);
+
         public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, Action<AuthenticationOptions> configureOptions) {
             if (services == null)
             {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 83083cbf0a..c711fde493 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -1247,7 +1247,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             => CreateServerWithServices(s =>
             {
                 s.AddSingleton<ISystemClock>(_clock);
-                s.AddAuthentication(o => o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(configureOptions);
+                s.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(configureOptions);
                 s.AddSingleton<IClaimsTransformation, ClaimsTransformer>();
             }, testpath, baseAddress);
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 35752ec6b0..75de0652e4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -79,10 +79,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 },
                 services =>
                 {
-                    services.AddAuthentication(options =>
-                    {
-                        options.DefaultScheme = "External";
-                    })
+                    services.AddAuthentication("External")
                         .AddCookie("External", o => { })
                         .AddFacebook(o =>
                     {
@@ -218,10 +215,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 app => app.UseAuthentication(),
                 services =>
                 {
-                    services.AddAuthentication(options =>
-                    {
-                        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                    })
+                    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                         .AddCookie()
                         .AddFacebook(o => 
                     {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index e001bd9950..97adb21054 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -748,7 +748,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                     });
                 })
-                .ConfigureServices(services => services.AddAuthentication(o => o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options));
+                .ConfigureServices(services => services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options));
 
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index b63ad1f7d6..2e249a833a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -224,11 +224,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication(o =>
-                    {
-                        o.DefaultScheme = TestExtensions.CookieAuthenticationScheme;
-                    });
-                    services.AddAuthentication()
+                    services.AddAuthentication(TestExtensions.CookieAuthenticationScheme)
                         .AddCookie(TestExtensions.CookieAuthenticationScheme, o => { })
                         .AddMicrosoftAccount(configureOptions);
                 });
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
index 4d6a268217..c37da8c043 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
@@ -109,11 +109,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 })
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication(o =>
-                    {
-                        o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                    });
-                    services.AddAuthentication()
+                    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                         .AddCookie()
                         .AddOpenIdConnect(options);
                 });

From 979475fbf3461cd64607d9f5fa7987bd3279e04a Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 10 Jul 2017 11:46:06 -0700
Subject: [PATCH 767/900] Branching for 2.0.0 rtm

---
 NuGet.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NuGet.config b/NuGet.config
index 4e8a1f6de1..37f0d27ea0 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -2,7 +2,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
+    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-release/api/v3/index.json" />
     <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>

From 72bf2507d8829cdddf43ade87493497e8c1464e8 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 10 Jul 2017 11:58:01 -0700
Subject: [PATCH 768/900] Updating KoreBuild branch

---
 build.ps1 | 2 +-
 build.sh  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.ps1 b/build.ps1
index 5bf0e2c113..1785334385 100644
--- a/build.ps1
+++ b/build.ps1
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/2.0.0.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
diff --git a/build.sh b/build.sh
index b0bcadb579..5e27ed8efb 100755
--- a/build.sh
+++ b/build.sh
@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/rel/2.0.0.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi

From a894c38f7a8ec58d70fd24d2c54f5279eacf5684 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Fri, 7 Jul 2017 14:57:59 -0700
Subject: [PATCH 769/900] Skip first time experience on Appveyor

---
 appveyor.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/appveyor.yml b/appveyor.yml
index 1041615c68..31efd8196f 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,4 +1,4 @@
-init:
+init:
   - git config --global core.autocrlf true
 branches:
   only:
@@ -9,6 +9,10 @@ branches:
 build_script:
   - ps: .\build.ps1
 clone_depth: 1
+environment:
+  global:
+    DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+    DOTNET_CLI_TELEMETRY_OPTOUT: 1
 test: off
 deploy: off
 os: Visual Studio 2017

From 5485846b5c119a365ac3d004effc8aa97d987fce Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 12 Jul 2017 09:56:25 -0700
Subject: [PATCH 770/900] Update IdentityModel versions to latest, fix samples.

---
 build/dependencies.props                       | 4 ++--
 samples/OpenIdConnect.AzureAdSample/Startup.cs | 3 +--
 samples/OpenIdConnectSample/Startup.cs         | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 44605092cc..3ceeb8708b 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -2,8 +2,8 @@
   <PropertyGroup>
     <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
     <CoreFxVersion>4.4.0-*</CoreFxVersion>
-    <IdentityModelActiveDirectoryVersion>3.13.9</IdentityModelActiveDirectoryVersion>
-    <IdentityModelOpenIdVersion>2.1.3</IdentityModelOpenIdVersion>
+    <IdentityModelActiveDirectoryVersion>3.14.1</IdentityModelActiveDirectoryVersion>
+    <IdentityModelOpenIdVersion>2.1.4</IdentityModelOpenIdVersion>
     <InternalAspNetCoreSdkVersion>2.0.1-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>2.0.0-*</NETStandardImplicitPackageVersion>
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index aab6e60df8..6a6abd7c34 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -45,8 +45,7 @@ namespace OpenIdConnect.AzureAdSample
         {
             services.AddAuthentication(sharedOptions =>
             {
-                sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
             })
                 .AddCookie()
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index bc5af750d3..3325ea3c3b 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -147,7 +147,7 @@ namespace OpenIdConnectSample
                 // Authenticated, but not authorized
                 if (context.Request.Path.Equals("/restricted") && !user.Identities.Any(identity => identity.HasClaim("special", "true")))
                 {
-                    await context.ChallengeAsync();
+                    await context.ForbidAsync();
                     return;
                 }
 

From 36d3d97b9935b2cefb22731084adc4754d1e61e9 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 13 Jul 2017 12:25:36 -0700
Subject: [PATCH 771/900] #1319 Add DisplayName overloads

---
 samples/OpenIdConnect.AzureAdSample/Startup.cs         |  2 +-
 samples/SocialSample/Startup.cs                        |  6 +++---
 .../CookieExtensions.cs                                |  5 ++++-
 .../FacebookDefaults.cs                                |  2 ++
 .../FacebookExtensions.cs                              |  5 ++++-
 .../GoogleDefaults.cs                                  |  2 ++
 .../GoogleExtensions.cs                                |  5 ++++-
 .../JwtBearerExtensions.cs                             |  5 ++++-
 .../MicrosoftAccountDefaults.cs                        |  2 ++
 .../MicrosoftAccountExtensions.cs                      |  5 ++++-
 .../OAuthDefaults.cs                                   | 10 ++++++++++
 .../OAuthExtensions.cs                                 | 10 +++++++++-
 .../OpenIdConnectDefaults.cs                           |  4 ++--
 .../OpenIdConnectExtensions.cs                         |  5 ++++-
 .../OpenIdConnectOptions.cs                            |  1 -
 .../breakingchanges.netcore.json                       |  5 +++++
 .../TwitterDefaults.cs                                 |  2 ++
 .../TwitterExtensions.cs                               |  5 ++++-
 .../OAuthTests.cs                                      |  2 +-
 19 files changed, 67 insertions(+), 16 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs

diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/samples/OpenIdConnect.AzureAdSample/Startup.cs
index 6a6abd7c34..c3fa3c719b 100644
--- a/samples/OpenIdConnect.AzureAdSample/Startup.cs
+++ b/samples/OpenIdConnect.AzureAdSample/Startup.cs
@@ -49,7 +49,7 @@ namespace OpenIdConnect.AzureAdSample
                 sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
             })
                 .AddCookie()
-                .AddOpenIdConnect(o =>
+                .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, "AAD", o =>
             {
                 o.ClientId = ClientId;
                 o.ClientSecret = ClientSecret; // for code flow
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index dcf76263d5..8a59928c41 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -70,7 +70,7 @@ namespace SocialSample
             })
                 // You must first create an app with Google and add its ID and Secret to your user-secrets.
                 // https://console.developers.google.com/project
-                .AddOAuth("Google-AccessToken", o =>
+                .AddOAuth("Google-AccessToken", "Google AccessToken only", o =>
             {
                 o.ClientId = Configuration["google:clientid"];
                 o.ClientSecret = Configuration["google:clientsecret"];
@@ -128,7 +128,7 @@ namespace SocialSample
                 */
                 // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
                 // https://apps.dev.microsoft.com/
-                .AddOAuth("Microsoft-AccessToken", o =>
+                .AddOAuth("Microsoft-AccessToken", "Microsoft AccessToken only", o =>
             {
                 o.ClientId = Configuration["microsoftaccount:clientid"];
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
@@ -148,7 +148,7 @@ namespace SocialSample
             })
                 // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
                 // https://github.com/settings/applications/
-                .AddOAuth("GitHub-AccessToken", o =>
+                .AddOAuth("GitHub-AccessToken", "GitHub AccessToken only", o =>
             {
                 o.ClientId = Configuration["github-token:clientid"];
                 o.ClientSecret = Configuration["github-token:clientsecret"];
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
index 61f72e361f..4c41f54a9c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
@@ -21,9 +21,12 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
+            => builder.AddCookie(authenticationScheme, displayName: null, configureOptions: configureOptions);
+
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<CookieAuthenticationOptions> configureOptions)
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
-            return builder.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
+            return builder.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
index 012f95dcce..6143a4f235 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
@@ -7,6 +7,8 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
     {
         public const string AuthenticationScheme = "Facebook";
 
+        public static readonly string DisplayName = "Facebook";
+
         public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.6/dialog/oauth";
 
         public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.6/oauth/access_token";
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
index 1cb1ef03eb..2273724a42 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -16,6 +16,9 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddFacebook(FacebookDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, Action<FacebookOptions> configureOptions)
-            => builder.AddOAuth<FacebookOptions, FacebookHandler>(authenticationScheme, configureOptions);
+            => builder.AddFacebook(authenticationScheme, FacebookDefaults.DisplayName, configureOptions);
+
+        public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<FacebookOptions> configureOptions)
+            => builder.AddOAuth<FacebookOptions, FacebookHandler>(authenticationScheme, displayName, configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
index 77d68aed93..e4bd666157 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
@@ -10,6 +10,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
     {
         public const string AuthenticationScheme = "Google";
 
+        public static readonly string DisplayName = "Google";
+
         public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
 
         public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v4/token";
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
index 7bb9b7bebd..95547014ca 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -16,6 +16,9 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddGoogle(GoogleDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, Action<GoogleOptions> configureOptions)
-            => builder.AddOAuth<GoogleOptions, GoogleHandler>(authenticationScheme, configureOptions);
+            => builder.AddGoogle(authenticationScheme, GoogleDefaults.DisplayName, configureOptions);
+
+        public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<GoogleOptions> configureOptions)
+            => builder.AddOAuth<GoogleOptions, GoogleHandler>(authenticationScheme, displayName, configureOptions);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
index 698c0118e0..334407c0da 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -18,9 +18,12 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
+            => builder.AddJwtBearer(authenticationScheme, displayName: null, configureOptions: configureOptions);
+
+        public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<JwtBearerOptions> configureOptions)
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<JwtBearerOptions>, JwtBearerPostConfigureOptions>());
-            return builder.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, configureOptions);
+            return builder.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
index 0d272f9792..1b0859c5b7 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
@@ -7,6 +7,8 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
     {
         public const string AuthenticationScheme = "Microsoft";
 
+        public static readonly string DisplayName = "Microsoft";
+
         public static readonly string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
 
         public static readonly string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
index 8da6daaac8..7f24e5af77 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -16,6 +16,9 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
-            => builder.AddOAuth<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, configureOptions);
+            => builder.AddMicrosoftAccount(authenticationScheme, MicrosoftAccountDefaults.DisplayName, configureOptions);
+
+        public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<MicrosoftAccountOptions> configureOptions)
+            => builder.AddOAuth<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, displayName, configureOptions);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
new file mode 100644
index 0000000000..376f8ab01a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
@@ -0,0 +1,10 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authentication.OAuth
+{
+    public static class OAuthDefaults
+    {
+        public static readonly string DisplayName = "OAuth";
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
index 8c9d34c5f9..22c541a0ac 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -14,12 +14,20 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddOAuth(this AuthenticationBuilder builder, string authenticationScheme, Action<OAuthOptions> configureOptions)
             => builder.AddOAuth<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddOAuth(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<OAuthOptions> configureOptions)
+            => builder.AddOAuth<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, displayName, configureOptions);
+
         public static AuthenticationBuilder AddOAuth<TOptions, THandler>(this AuthenticationBuilder builder, string authenticationScheme, Action<TOptions> configureOptions)
             where TOptions : OAuthOptions, new()
             where THandler : OAuthHandler<TOptions>
+            => builder.AddOAuth<TOptions, THandler>(authenticationScheme, OAuthDefaults.DisplayName, configureOptions);
+
+        public static AuthenticationBuilder AddOAuth<TOptions, THandler>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+            where TOptions : OAuthOptions, new()
+            where THandler : OAuthHandler<TOptions>
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, OAuthPostConfigureOptions<TOptions, THandler>>());
-            return builder.AddRemoteScheme<TOptions, THandler>(authenticationScheme, authenticationScheme, configureOptions);
+            return builder.AddRemoteScheme<TOptions, THandler>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
index c5baca4db9..f98ba87e02 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
@@ -19,9 +19,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         public const string AuthenticationScheme = "OpenIdConnect";
 
         /// <summary>
-        /// The default value for OpenIdConnectOptions.Caption.
+        /// The default value for the display name.
         /// </summary>
-        public static readonly string Caption = "OpenIdConnect";
+        public static readonly string DisplayName = "OpenIdConnect";
 
         /// <summary>
         /// The prefix used to for the nonce in the cookie.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
index 43059b3ffe..f427bebaff 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -18,9 +18,12 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
+            => builder.AddOpenIdConnect(authenticationScheme, OpenIdConnectDefaults.DisplayName, configureOptions);
+
+        public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<OpenIdConnectOptions> configureOptions)
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());
-            return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, authenticationScheme, configureOptions);
+            return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 23169b5bcd..a8545e35a6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -27,7 +27,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Defaults:
         /// <para>AddNonceToRequest: true.</para>
         /// <para>BackchannelTimeout: 1 minute.</para>
-        /// <para>Caption: <see cref="OpenIdConnectDefaults.Caption"/>.</para>
         /// <para>ProtocolValidator: new <see cref="OpenIdConnectProtocolValidator"/>.</para>
         /// <para>RefreshOnIssuerKeyNotFound: true</para>
         /// <para>ResponseType: <see cref="OpenIdConnectResponseType.CodeIdToken"/></para>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
index 0f50b12103..931a7b079d 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
@@ -59,5 +59,10 @@
       {
         "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
         "Kind": "Removal"
+      },
+      {
+        "TypeId": "public static class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
+        "MemberId": "public static readonly System.String Caption",
+        "Kind": "Removal"
       }
   ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
index 0610ccfc9d..a39a3f0367 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
@@ -6,5 +6,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
     public static class TwitterDefaults
     {
         public const string AuthenticationScheme = "Twitter";
+
+        public static readonly string DisplayName = "Twitter";
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
index bd0a3b1e20..7243805692 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -18,9 +18,12 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddTwitter(TwitterDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder, string authenticationScheme, Action<TwitterOptions> configureOptions)
+            => builder.AddTwitter(authenticationScheme, TwitterDefaults.DisplayName, configureOptions);
+
+        public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<TwitterOptions> configureOptions)
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TwitterOptions>, TwitterPostConfigureOptions>());
-            return builder.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, authenticationScheme, configureOptions);
+            return builder.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index ea0c941c91..aeb313daa3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -26,7 +26,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             var scheme = await schemeProvider.GetSchemeAsync("oauth");
             Assert.NotNull(scheme);
             Assert.Equal("OAuthHandler`1", scheme.HandlerType.Name);
-            Assert.Equal("oauth", scheme.DisplayName);
+            Assert.Equal(OAuthDefaults.DisplayName, scheme.DisplayName);
         }
 
         [Fact]

From 04a40b54543b9260c11c822b680bfa86d5f54f1d Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Thu, 13 Jul 2017 15:10:12 -0700
Subject: [PATCH 772/900] Removed DotNetCliToolReference from the samples to
 fix build break

---
 .../OpenIdConnect.AzureAdSample.csproj                           | 1 -
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj           | 1 -
 2 files changed, 2 deletions(-)

diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index ece748d0dd..cd8b6976f2 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -20,7 +20,6 @@
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(IdentityModelActiveDirectoryVersion)" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 9f62a06b50..b3d875d474 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -26,7 +26,6 @@
     <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(AspNetCoreVersion)" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="$(AspNetCoreVersion)" />
   </ItemGroup>
 
   <ItemGroup>

From b61f1ee7817b2b6f3c55237f03af3854927b3b44 Mon Sep 17 00:00:00 2001
From: Mike Harder <mharder@microsoft.com>
Date: Fri, 14 Jul 2017 16:34:20 -0700
Subject: [PATCH 773/900] Enable Travis and AppVeyor for rel branches (#1324)

---
 .travis.yml  | 1 +
 appveyor.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index b10be14215..6c59666f3a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,6 +20,7 @@ branches:
     - release
     - dev
     - /^(.*\/)?ci-.*$/
+    - /^rel\/.*/
 before_install:
   - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
 script:
diff --git a/appveyor.yml b/appveyor.yml
index 1041615c68..04dfabcb0b 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -6,6 +6,7 @@ branches:
     - release
     - dev
     - /^(.*\/)?ci-.*$/
+    - /^rel\/.*/
 build_script:
   - ps: .\build.ps1
 clone_depth: 1

From fcd9f0c3ff5693f453fde62c9e16c1991085ce93 Mon Sep 17 00:00:00 2001
From: Mike Harder <mharder@microsoft.com>
Date: Fri, 14 Jul 2017 16:55:07 -0700
Subject: [PATCH 774/900] Update Owin to latest (#1323)

---
 build/dependencies.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 3ceeb8708b..85abdc8943 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -8,7 +8,7 @@
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>2.0.0-*</NETStandardImplicitPackageVersion>
     <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>
-    <OwinVersion>3.0.1</OwinVersion>
+    <OwinVersion>3.1.0</OwinVersion>
     <RuntimeFrameworkVersion Condition="'$(TargetFramework)'=='netcoreapp2.0'">2.0.0-*</RuntimeFrameworkVersion>
     <TestSdkVersion>15.3.0-*</TestSdkVersion>
     <XunitVersion>2.3.0-beta2-*</XunitVersion>

From ba7739f14de51662134f4a101e2475d3984a222c Mon Sep 17 00:00:00 2001
From: Mike Harder <mharder@microsoft.com>
Date: Fri, 14 Jul 2017 18:14:22 -0700
Subject: [PATCH 775/900] Revert "Update Owin to latest (#1323)"

This reverts commit fcd9f0c3ff5693f453fde62c9e16c1991085ce93.
---
 build/dependencies.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 85abdc8943..3ceeb8708b 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -8,7 +8,7 @@
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>2.0.0-*</NETStandardImplicitPackageVersion>
     <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>
-    <OwinVersion>3.1.0</OwinVersion>
+    <OwinVersion>3.0.1</OwinVersion>
     <RuntimeFrameworkVersion Condition="'$(TargetFramework)'=='netcoreapp2.0'">2.0.0-*</RuntimeFrameworkVersion>
     <TestSdkVersion>15.3.0-*</TestSdkVersion>
     <XunitVersion>2.3.0-beta2-*</XunitVersion>

From 644f34e90d35b369efdce9c11ab1db42e0a7f4a7 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 20 Jul 2017 11:07:01 -0700
Subject: [PATCH 776/900] AuthZ PolicyEvalutor should take resource

---
 .../IPolicyEvaluator.cs                       |  6 ++-
 .../PolicyEvaluator.cs                        |  8 ++-
 .../PolicyEvaluatorTests.cs                   | 50 +++++++++++++++----
 3 files changed, 51 insertions(+), 13 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs b/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
index 1717a0ae0a..dd5e6fc038 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
@@ -28,9 +28,13 @@ namespace Microsoft.AspNetCore.Authorization.Policy
         /// <param name="policy">The <see cref="AuthorizationPolicy"/>.</param>
         /// <param name="authenticationResult">The result of a call to <see cref="AuthenticateAsync(AuthorizationPolicy, HttpContext)"/>.</param>
         /// <param name="context">The <see cref="HttpContext"/>.</param>
+        /// <param name="resource">
+        /// An optional resource the policy should be checked with.
+        /// If a resource is not required for policy evaluation you may pass null as the value.
+        /// </param>
         /// <returns>Returns <see cref="PolicyAuthorizationResult.Success"/> if authorization succeeds.
         /// Otherwise returns <see cref="PolicyAuthorizationResult.Forbid"/> if <see cref="AuthenticateResult.Succeeded"/>, otherwise
         /// returns  <see cref="PolicyAuthorizationResult.Challenge"/></returns>
-        Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context);
+        Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, object resource);
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
index f93c2d92a3..3100ff4d3e 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
@@ -67,17 +67,21 @@ namespace Microsoft.AspNetCore.Authorization.Policy
         /// <param name="policy">The <see cref="AuthorizationPolicy"/>.</param>
         /// <param name="authenticationResult">The result of a call to <see cref="AuthenticateAsync(AuthorizationPolicy, HttpContext)"/>.</param>
         /// <param name="context">The <see cref="HttpContext"/>.</param>
+        /// <param name="resource">
+        /// An optional resource the policy should be checked with.
+        /// If a resource is not required for policy evaluation you may pass null as the value.
+        /// </param>
         /// <returns>Returns <see cref="PolicyAuthorizationResult.Success"/> if authorization succeeds.
         /// Otherwise returns <see cref="PolicyAuthorizationResult.Forbid"/> if <see cref="AuthenticateResult.Succeeded"/>, otherwise
         /// returns  <see cref="PolicyAuthorizationResult.Challenge"/></returns>
-        public virtual async Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context)
+        public virtual async Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, object resource)
         {
             if (policy == null)
             {
                 throw new ArgumentNullException(nameof(policy));
             }
 
-            var result = await _authorization.AuthorizeAsync(context.User, context, policy);
+            var result = await _authorization.AuthorizeAsync(context.User, resource, policy);
             if (result.Succeeded)
             {
                 return PolicyAuthorizationResult.Success();
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs b/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
index 216fc1440e..2384e6db5f 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
@@ -18,7 +19,7 @@ namespace Microsoft.AspNetCore.Authorization.Policy.Test
         public async Task AuthenticateFailsIfNoPrincipalReturned()
         {
             // Arrange
-            var evaluator = new PolicyEvaluator(new HappyAuthorization());
+            var evaluator = BuildEvaluator();
             var context = new DefaultHttpContext();
             var services = new ServiceCollection().AddSingleton<IAuthenticationService, SadAuthentication>();
             context.RequestServices = services.BuildServiceProvider();
@@ -35,7 +36,7 @@ namespace Microsoft.AspNetCore.Authorization.Policy.Test
         public async Task AuthenticateMergeSchemes()
         {
             // Arrange
-            var evaluator = new PolicyEvaluator(new HappyAuthorization());
+            var evaluator = BuildEvaluator();
             var context = new DefaultHttpContext();
             var services = new ServiceCollection().AddSingleton<IAuthenticationService, EchoAuthentication>();
             context.RequestServices = services.BuildServiceProvider();
@@ -54,12 +55,12 @@ namespace Microsoft.AspNetCore.Authorization.Policy.Test
         public async Task AuthorizeSucceedsEvenIfAuthenticationFails()
         {
             // Arrange
-            var evaluator = new PolicyEvaluator(new HappyAuthorization());
+            var evaluator = BuildEvaluator();
             var context = new DefaultHttpContext();
             var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
 
             // Act
-            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Fail("Nooo"), context);
+            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Fail("Nooo"), context, resource: null);
 
             // Assert
             Assert.True(result.Succeeded);
@@ -67,16 +68,34 @@ namespace Microsoft.AspNetCore.Authorization.Policy.Test
             Assert.False(result.Forbidden);
         }
 
+        [Fact]
+        public async Task AuthorizeSucceedsOnlyIfResourceSpecified()
+        {
+            // Arrange
+            var evaluator = BuildEvaluator();
+            var context = new DefaultHttpContext();
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(c => c.Resource != null).Build();
+            var success = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), "whatever"));
+
+            // Act
+            var result = await evaluator.AuthorizeAsync(policy, success, context, resource: null);
+            var result2 = await evaluator.AuthorizeAsync(policy, success, context, resource: new object());
+
+            // Assert
+            Assert.False(result.Succeeded);
+            Assert.True(result2.Succeeded);
+        }
+
         [Fact]
         public async Task AuthorizeChallengesIfAuthenticationFails()
         {
             // Arrange
-            var evaluator = new PolicyEvaluator(new SadAuthorization());
+            var evaluator = BuildEvaluator();
             var context = new DefaultHttpContext();
-            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => false).Build();
 
             // Act
-            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Fail("Nooo"), context);
+            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Fail("Nooo"), context, resource: null);
 
             // Assert
             Assert.False(result.Succeeded);
@@ -88,12 +107,12 @@ namespace Microsoft.AspNetCore.Authorization.Policy.Test
         public async Task AuthorizeForbidsIfAuthenticationSuceeds()
         {
             // Arrange
-            var evaluator = new PolicyEvaluator(new SadAuthorization());
+            var evaluator = BuildEvaluator();
             var context = new DefaultHttpContext();
-            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+            var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => false).Build();
 
             // Act
-            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), "scheme")), context);
+            var result = await evaluator.AuthorizeAsync(policy, AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), "scheme")), context, resource: null);
 
             // Assert
             Assert.False(result.Succeeded);
@@ -101,6 +120,17 @@ namespace Microsoft.AspNetCore.Authorization.Policy.Test
             Assert.True(result.Forbidden);
         }
 
+        private IPolicyEvaluator BuildEvaluator(Action<IServiceCollection> setupServices = null)
+        {
+            var services = new ServiceCollection()
+                .AddAuthorization()
+                .AddAuthorizationPolicyEvaluator()
+                .AddLogging()
+                .AddOptions();
+            setupServices?.Invoke(services);
+            return services.BuildServiceProvider().GetRequiredService<IPolicyEvaluator>();
+        }
+
         public class HappyAuthorization : IAuthorizationService
         {
             public Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)

From 827852efdb4e61f255770ac1b9d6e2bf7c77fa23 Mon Sep 17 00:00:00 2001
From: richstokoe <github@richstokoe.com>
Date: Mon, 24 Jul 2017 16:49:49 +0100
Subject: [PATCH 777/900] Corrected typos in XML Docs in MessageReceivedContext
 for events in JwtBearer and OpenIdConnect middlesware. (#1336)

---
 .../Events/MessageReceivedContext.cs                            | 2 +-
 .../Events/MessageReceivedContext.cs                            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index 3c263f6b24..1850ad0492 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -14,7 +14,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             : base(context, scheme, options) { }
 
         /// <summary>
-        /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
+        /// Bearer Token. This will give the application an opportunity to retrieve a token from an alternative location.
         /// </summary>
         public string Token { get; set; }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index 106ecb8c03..7d06e44799 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -18,7 +18,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         public OpenIdConnectMessage ProtocolMessage { get; set; }
 
         /// <summary>
-        /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
+        /// Bearer Token. This will give the application an opportunity to retrieve a token from an alternative location.
         /// </summary>
         public string Token { get; set; }
     }

From b787344b905d90981ad50b51a00fc6b12e8f1c19 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Fri, 21 Jul 2017 13:02:43 -0700
Subject: [PATCH 778/900] 2.0.0-rtm to 2.1.0-preview1

---
 version.props | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/version.props b/version.props
index b94223e008..cb77b43933 100644
--- a/version.props
+++ b/version.props
@@ -1,7 +1,7 @@
 <!-- This file may be overwritten by automation. Only values allowed here are VersionPrefix and VersionSuffix.  -->
 <Project>
     <PropertyGroup>
-        <VersionPrefix>2.0.0</VersionPrefix>
-        <VersionSuffix>rtm</VersionSuffix>
+        <VersionPrefix>2.1.0</VersionPrefix>
+        <VersionSuffix>preview1</VersionSuffix>
     </PropertyGroup>
 </Project>
\ No newline at end of file

From b7d29e4f7b968722127948052c24d423ee19026d Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Mon, 24 Jul 2017 17:58:45 -0700
Subject: [PATCH 779/900] Set AspNetCoreVersion

---
 build/dependencies.props | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 3ceeb8708b..4a2338b8b5 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,6 +1,6 @@
-<Project>
+<Project>
   <PropertyGroup>
-    <AspNetCoreVersion>2.0.0-*</AspNetCoreVersion>
+    <AspNetCoreVersion>2.1.0-*</AspNetCoreVersion>
     <CoreFxVersion>4.4.0-*</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.14.1</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.4</IdentityModelOpenIdVersion>

From 10b2e70f4c36293aa2ff341b0453a2fe8125ab7d Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 25 Jul 2017 15:14:51 -0700
Subject: [PATCH 780/900] Updating to InternalAspNetCoreSdkVersion 2.1.1-*

---
 build/dependencies.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 4a2338b8b5..a97cae9f61 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,7 +4,7 @@
     <CoreFxVersion>4.4.0-*</CoreFxVersion>
     <IdentityModelActiveDirectoryVersion>3.14.1</IdentityModelActiveDirectoryVersion>
     <IdentityModelOpenIdVersion>2.1.4</IdentityModelOpenIdVersion>
-    <InternalAspNetCoreSdkVersion>2.0.1-*</InternalAspNetCoreSdkVersion>
+    <InternalAspNetCoreSdkVersion>2.1.1-*</InternalAspNetCoreSdkVersion>
     <JsonNetVersion>10.0.1</JsonNetVersion>
     <NETStandardImplicitPackageVersion>2.0.0-*</NETStandardImplicitPackageVersion>
     <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>

From b9153be7453b871acd9043b5c373f86368fa8154 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 25 Jul 2017 16:34:44 -0700
Subject: [PATCH 781/900] Update bootstrappers to use the compiled version of
 KoreBuild

[ci skip]
---
 .gitignore         |   1 +
 build.cmd          |   2 +-
 build.ps1          | 218 ++++++++++++++++++++++++++++++++-----------
 build.sh           | 224 +++++++++++++++++++++++++++++++++++++--------
 build/common.props |   2 +-
 version.props      |   7 --
 version.xml        |   8 ++
 7 files changed, 362 insertions(+), 100 deletions(-)
 delete mode 100644 version.props
 create mode 100644 version.xml

diff --git a/.gitignore b/.gitignore
index d5717b3f3f..bac5b75057 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@ project.lock.json
 /.vs/
 .vscode/
 global.json
+korebuild-lock.txt
diff --git a/build.cmd b/build.cmd
index 7d4894cb4a..b6c8d24864 100644
--- a/build.cmd
+++ b/build.cmd
@@ -1,2 +1,2 @@
 @ECHO OFF
-PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0build.ps1' %*; exit $LASTEXITCODE"
\ No newline at end of file
+PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0build.ps1' %*; exit $LASTEXITCODE"
diff --git a/build.ps1 b/build.ps1
index 5bf0e2c113..d5eb4d5cf2 100644
--- a/build.ps1
+++ b/build.ps1
@@ -1,67 +1,177 @@
-$ErrorActionPreference = "Stop"
+#!/usr/bin/env powershell
+#requires -version 4
 
-function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $retries)
-{
-    while($true)
-    {
-        try
-        {
-            Invoke-WebRequest $url -OutFile $downloadLocation
-            break
-        }
-        catch
-        {
-            $exceptionMessage = $_.Exception.Message
-            Write-Host "Failed to download '$url': $exceptionMessage"
-            if ($retries -gt 0) {
-                $retries--
-                Write-Host "Waiting 10 seconds before retrying. Retries left: $retries"
-                Start-Sleep -Seconds 10
+<#
+.SYNOPSIS
+Build this repository
 
+.DESCRIPTION
+Downloads korebuild if required. Then builds the repository.
+
+.PARAMETER Path
+The folder to build. Defaults to the folder containing this script.
+
+.PARAMETER Channel
+The channel of KoreBuild to download. Overrides the value from the config file.
+
+.PARAMETER DotNetHome
+The directory where .NET Core tools will be stored.
+
+.PARAMETER ToolsSource
+The base url where build tools can be downloaded. Overrides the value from the config file.
+
+.PARAMETER Update
+Updates KoreBuild to the latest version even if a lock file is present.
+
+.PARAMETER ConfigFile
+The path to the configuration file that stores values. Defaults to version.xml.
+
+.PARAMETER MSBuildArgs
+Arguments to be passed to MSBuild
+
+.NOTES
+This function will create a file $PSScriptRoot/korebuild-lock.txt. This lock file can be committed to source, but does not have to be.
+When the lockfile is not present, KoreBuild will create one using latest available version from $Channel.
+
+The $ConfigFile is expected to be an XML file. It is optional, and the configuration values in it are optional as well.
+
+.EXAMPLE
+Example config file:
+```xml
+<!-- version.xml -->
+<Project>
+  <PropertyGroup>
+    <KoreBuildChannel>dev</KoreBuildChannel>
+    <KoreBuildToolsSource>https://aspnetcore.blob.core.windows.net/buildtools</KoreBuildToolsSource>
+  </PropertyGroup>
+</Project>
+```
+#>
+[CmdletBinding(PositionalBinding = $false)]
+param(
+    [string]$Path = $PSScriptRoot,
+    [Alias('c')]
+    [string]$Channel,
+    [Alias('d')]
+    [string]$DotNetHome,
+    [Alias('s')]
+    [string]$ToolsSource,
+    [Alias('u')]
+    [switch]$Update,
+    [string]$ConfigFile = (Join-Path $PSScriptRoot 'version.xml'),
+    [Parameter(ValueFromRemainingArguments = $true)]
+    [string[]]$MSBuildArgs
+)
+
+Set-StrictMode -Version 2
+$ErrorActionPreference = 'Stop'
+
+#
+# Functions
+#
+
+function Get-KoreBuild {
+
+    $lockFile = Join-Path $Path 'korebuild-lock.txt'
+
+    if (!(Test-Path $lockFile) -or $Update) {
+        Get-RemoteFile "$ToolsSource/korebuild/channels/$Channel/latest.txt" $lockFile
+    }
+
+    $version = Get-Content $lockFile | Where-Object { $_ -like 'version:*' } | Select-Object -first 1
+    if (!$version) {
+        Write-Error "Failed to parse version from $lockFile. Expected a line that begins with 'version:'"
+    }
+    $version = $version.TrimStart('version:').Trim()
+    $korebuildPath = Join-Paths $DotNetHome ('buildtools', 'korebuild', $version)
+
+    if (!(Test-Path $korebuildPath)) {
+        Write-Host -ForegroundColor Magenta "Downloading KoreBuild $version"
+        New-Item -ItemType Directory -Path $korebuildPath | Out-Null
+        $remotePath = "$ToolsSource/korebuild/artifacts/$version/korebuild.$version.zip"
+
+        try {
+            $tmpfile = Join-Path ([IO.Path]::GetTempPath()) "KoreBuild-$([guid]::NewGuid()).zip"
+            Get-RemoteFile $remotePath $tmpfile
+            if (Get-Command -Name 'Expand-Archive' -ErrorAction Ignore) {
+                # Use built-in commands where possible as they are cross-plat compatible
+                Expand-Archive -Path $tmpfile -DestinationPath $korebuildPath
             }
-            else
-            {
-                $exception = $_.Exception
-                throw $exception
+            else {
+                # Fallback to old approach for old installations of PowerShell
+                Add-Type -AssemblyName System.IO.Compression.FileSystem
+                [System.IO.Compression.ZipFile]::ExtractToDirectory($tmpfile, $korebuildPath)
             }
         }
+        catch {
+            Remove-Item -Recurse -Force $korebuildPath -ErrorAction Ignore
+            throw
+        }
+        finally {
+            Remove-Item $tmpfile -ErrorAction Ignore
+        }
     }
+
+    return $korebuildPath
 }
 
-cd $PSScriptRoot
-
-$repoFolder = $PSScriptRoot
-$env:REPO_FOLDER = $repoFolder
-
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
-if ($env:KOREBUILD_ZIP)
-{
-    $koreBuildZip=$env:KOREBUILD_ZIP
+function Join-Paths([string]$path, [string[]]$childPaths) {
+    $childPaths | ForEach-Object { $path = Join-Path $path $_ }
+    return $path
 }
 
-$buildFolder = ".build"
-$buildFile="$buildFolder\KoreBuild.ps1"
-
-if (!(Test-Path $buildFolder)) {
-    Write-Host "Downloading KoreBuild from $koreBuildZip"
-
-    $tempFolder=$env:TEMP + "\KoreBuild-" + [guid]::NewGuid()
-    New-Item -Path "$tempFolder" -Type directory | Out-Null
-
-    $localZipFile="$tempFolder\korebuild.zip"
-
-    DownloadWithRetry -url $koreBuildZip -downloadLocation $localZipFile -retries 6
-
-    Add-Type -AssemblyName System.IO.Compression.FileSystem
-    [System.IO.Compression.ZipFile]::ExtractToDirectory($localZipFile, $tempFolder)
-
-    New-Item -Path "$buildFolder" -Type directory | Out-Null
-    copy-item "$tempFolder\**\build\*" $buildFolder -Recurse
-
-    # Cleanup
-    if (Test-Path $tempFolder) {
-        Remove-Item -Recurse -Force $tempFolder
+function Get-RemoteFile([string]$RemotePath, [string]$LocalPath) {
+    if ($RemotePath -notlike 'http*') {
+        Copy-Item $RemotePath $LocalPath
+        return
     }
+
+    $retries = 10
+    while ($retries -gt 0) {
+        $retries -= 1
+        try {
+            Invoke-WebRequest -UseBasicParsing -Uri $RemotePath -OutFile $LocalPath
+            return
+        }
+        catch {
+            Write-Verbose "Request failed. $retries retries remaining"
+        }
+    }
+
+    Write-Error "Download failed: '$RemotePath'."
 }
 
-&"$buildFile" @args
+#
+# Main
+#
+
+# Load configuration or set defaults
+
+if (Test-Path $ConfigFile) {
+    [xml] $config = Get-Content $ConfigFile
+    if (!($Channel)) { [string] $Channel = Select-Xml -Xml $config -XPath '/Project/PropertyGroup/KoreBuildChannel' }
+    if (!($ToolsSource)) { [string] $ToolsSource = Select-Xml -Xml $config -XPath '/Project/PropertyGroup/KoreBuildToolsSource' }
+}
+
+if (!$DotNetHome) {
+    $DotNetHome = if ($env:DOTNET_HOME) { $env:DOTNET_HOME } `
+        elseif ($env:USERPROFILE) { Join-Path $env:USERPROFILE '.dotnet'} `
+        elseif ($env:HOME) {Join-Path $env:HOME '.dotnet'}`
+        else { Join-Path $PSScriptRoot '.dotnet'}
+}
+
+if (!$Channel) { $Channel = 'dev' }
+if (!$ToolsSource) { $ToolsSource = 'https://aspnetcore.blob.core.windows.net/buildtools' }
+
+# Execute
+
+$korebuildPath = Get-KoreBuild
+Import-Module -Force -Scope Local (Join-Path $korebuildPath 'KoreBuild.psd1')
+
+try {
+    Install-Tools $ToolsSource $DotNetHome
+    Invoke-RepositoryBuild $Path @MSBuildArgs
+}
+finally {
+    Remove-Module 'KoreBuild' -ErrorAction Ignore
+}
diff --git a/build.sh b/build.sh
index b0bcadb579..ab590e62f1 100755
--- a/build.sh
+++ b/build.sh
@@ -1,46 +1,196 @@
 #!/usr/bin/env bash
-repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
-if [ ! -z $KOREBUILD_ZIP ]; then
-    koreBuildZip=$KOREBUILD_ZIP
-fi
+set -euo pipefail
 
-buildFolder=".build"
-buildFile="$buildFolder/KoreBuild.sh"
+#
+# variables
+#
 
-if test ! -d $buildFolder; then
-    echo "Downloading KoreBuild from $koreBuildZip"
+RESET="\033[0m"
+RED="\033[0;31m"
+MAGENTA="\033[0;95m"
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+[ -z "${DOTNET_HOME:-}"] && DOTNET_HOME="$HOME/.dotnet"
+config_file="$DIR/version.xml"
+verbose=false
+update=false
+repo_path="$DIR"
+channel=''
+tools_source=''
 
-    tempFolder="/tmp/KoreBuild-$(uuidgen)"
-    mkdir $tempFolder
+#
+# Functions
+#
+__usage() {
+    echo "Usage: $(basename ${BASH_SOURCE[0]}) [options] [[--] <MSBUILD_ARG>...]"
+    echo ""
+    echo "Arguments:"
+    echo "    <MSBUILD_ARG>...         Arguments passed to MSBuild. Variable number of arguments allowed."
+    echo ""
+    echo "Options:"
+    echo "    --verbose                Show verbose output."
+    echo "    -c|--channel <CHANNEL>   The channel of KoreBuild to download. Overrides the value from the config file.."
+    echo "    --config-file <FILE>     TThe path to the configuration file that stores values. Defaults to version.xml."
+    echo "    -d|--dotnet-home <DIR>   The directory where .NET Core tools will be stored. Defaults to '\$DOTNET_HOME' or '\$HOME/.dotnet."
+    echo "    --path <PATH>            The directory to build. Defaults to the directory containing the script."
+    echo "    -s|--tools-source <URL>  The base url where build tools can be downloaded. Overrides the value from the config file."
+    echo "    -u|--update              Update to the latest KoreBuild even if the lock file is present."
+    echo ""
+    echo "Description:"
+    echo "    This function will create a file \$DIR/korebuild-lock.txt. This lock file can be committed to source, but does not have to be."
+    echo "    When the lockfile is not present, KoreBuild will create one using latest available version from \$channel."
 
-    localZipFile="$tempFolder/korebuild.zip"
-
-    retries=6
-    until (wget -O $localZipFile $koreBuildZip 2>/dev/null || curl -o $localZipFile --location $koreBuildZip 2>/dev/null)
-    do
-        echo "Failed to download '$koreBuildZip'"
-        if [ "$retries" -le 0 ]; then
-            exit 1
-        fi
-        retries=$((retries - 1))
-        echo "Waiting 10 seconds before retrying. Retries left: $retries"
-        sleep 10s
-    done
-
-    unzip -q -d $tempFolder $localZipFile
-
-    mkdir $buildFolder
-    cp -r $tempFolder/**/build/** $buildFolder
-
-    chmod +x $buildFile
-
-    # Cleanup
-    if test -d $tempFolder; then
-        rm -rf $tempFolder
+    if [[ "${1:-}" != '--no-exit' ]]; then
+        exit 2
     fi
+}
+
+get_korebuild() {
+    local lock_file="$repo_path/korebuild-lock.txt"
+    if [ ! -f $lock_file ] || [ "$update" = true ]; then
+        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" $lock_file
+    fi
+    local version="$(grep 'version:*' -m 1 $lock_file)"
+    if [[ "$version" == '' ]]; then
+        __error "Failed to parse version from $lock_file. Expected a line that begins with 'version:'"
+        return 1
+    fi
+    version="$(echo ${version#version:} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+    local korebuild_path="$DOTNET_HOME/buildtools/korebuild/$version"
+
+    {
+        if [ ! -d "$korebuild_path" ]; then
+            mkdir -p "$korebuild_path"
+            local remote_path="$tools_source/korebuild/artifacts/$version/korebuild.$version.zip"
+            tmpfile="$(mktemp)"
+            echo -e "${MAGENTA}Downloading KoreBuild ${version}${RESET}"
+            if __get_remote_file $remote_path $tmpfile; then
+                unzip -q -d "$korebuild_path" $tmpfile
+            fi
+            rm $tmpfile || true
+        fi
+
+        source "$korebuild_path/KoreBuild.sh"
+    } || {
+        if [ -d "$korebuild_path" ]; then
+            echo "Cleaning up after failed installation"
+            rm -rf "$korebuild_path" || true
+        fi
+        return 1
+    }
+}
+
+__error() {
+    echo -e "${RED}$@${RESET}" 1>&2
+}
+
+__machine_has() {
+    hash "$1" > /dev/null 2>&1
+    return $?
+}
+
+__get_remote_file() {
+    local remote_path=$1
+    local local_path=$2
+
+    if [[ "$remote_path" != 'http'* ]]; then
+        cp $remote_path $local_path
+        return 0
+    fi
+
+    failed=false
+    if __machine_has wget; then
+        wget --tries 10 --quiet -O $local_path $remote_path || failed=true
+    fi
+
+    if [ "$failed" = true ] && __machine_has curl; then
+        failed=false
+        curl --retry 10 -sSL -f --create-dirs -o $local_path $remote_path || failed=true
+    fi
+
+    if [ "$failed" = true ]; then
+        __error "Download failed: $remote_path" 1>&2
+        return 1
+    fi
+}
+
+__read_dom () { local IFS=\> ; read -d \< ENTITY CONTENT ;}
+
+#
+# main
+#
+
+while [[ $# > 0 ]]; do
+    case $1 in
+        -\?|-h|--help)
+            __usage --no-exit
+            exit 0
+            ;;
+        -c|--channel|-Channel)
+            shift
+            channel=${1:-}
+            [ -z "$channel" ] && __usage
+            ;;
+        --config-file|-ConfigFile)
+            shift
+            config_file="${1:-}"
+            [ -z "$config_file" ] && __usage
+            ;;
+        -d|--dotnet-home|-DotNetHome)
+            shift
+            DOTNET_HOME=${1:-}
+            [ -z "$DOTNET_HOME" ] && __usage
+            ;;
+        --path|-Path)
+            shift
+            repo_path="${1:-}"
+            [ -z "$repo_path" ] && __usage
+            ;;
+        -s|--tools-source|-ToolsSource)
+            shift
+            tools_source="${1:-}"
+            [ -z "$tools_source" ] && __usage
+            ;;
+        -u|--update|-Update)
+            update=true
+            ;;
+        --verbose|-Verbose)
+            verbose=true
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *)
+            break
+            ;;
+    esac
+    shift
+done
+
+if ! __machine_has unzip; then
+    __error 'Missing required command: unzip'
+    exit 1
 fi
 
-$buildFile -r $repoFolder "$@"
+if ! __machine_has curl && ! __machine_has wget; then
+    __error 'Missing required command. Either wget or curl is required.'
+    exit 1
+fi
+
+if [ -f $config_file ]; then
+    comment=false
+    while __read_dom; do
+        if [ "$comment" = true ]; then [[ $CONTENT == *'-->'* ]] && comment=false ; continue; fi
+        if [[ $ENTITY == '!--'* ]]; then comment=true; continue; fi
+        if [ -z "$channel" ] && [[ $ENTITY == "KoreBuildChannel" ]]; then channel=$CONTENT; fi
+        if [ -z "$tools_source" ] && [[ $ENTITY == "KoreBuildToolsSource" ]]; then tools_source=$CONTENT; fi
+    done < $config_file
+fi
+
+[ -z "$channel" ] && channel='dev'
+[ -z "$tools_source" ] && tools_source='https://aspnetcore.blob.core.windows.net/buildtools'
+
+get_korebuild
+install_tools "$tools_source" "$DOTNET_HOME"
+invoke_repository_build "$repo_path" $@
diff --git a/build/common.props b/build/common.props
index f7497c8f43..ea940214e6 100644
--- a/build/common.props
+++ b/build/common.props
@@ -1,6 +1,6 @@
 <Project>
   <Import Project="dependencies.props" />
-  <Import Project="..\version.props" />
+  <Import Project="..\version.xml" />
 
   <PropertyGroup>
     <Product>Microsoft ASP.NET Core</Product>
diff --git a/version.props b/version.props
deleted file mode 100644
index cb77b43933..0000000000
--- a/version.props
+++ /dev/null
@@ -1,7 +0,0 @@
-<!-- This file may be overwritten by automation. Only values allowed here are VersionPrefix and VersionSuffix.  -->
-<Project>
-    <PropertyGroup>
-        <VersionPrefix>2.1.0</VersionPrefix>
-        <VersionSuffix>preview1</VersionSuffix>
-    </PropertyGroup>
-</Project>
\ No newline at end of file
diff --git a/version.xml b/version.xml
new file mode 100644
index 0000000000..3c05022b7d
--- /dev/null
+++ b/version.xml
@@ -0,0 +1,8 @@
+<!-- This file may be overwritten by automation. -->
+<Project>
+  <PropertyGroup>
+    <KoreBuildChannel>dev</KoreBuildChannel>
+    <VersionPrefix>2.1.0</VersionPrefix>
+    <VersionSuffix>preview1</VersionSuffix>
+  </PropertyGroup>
+</Project>

From a4458191c700437a00603116ad92633d1590319d Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 26 Jul 2017 10:29:04 -0700
Subject: [PATCH 782/900] Fix syntax warning when running build.sh on older
 versions of bash

[ci skip]
---
 build.sh | 41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/build.sh b/build.sh
index ab590e62f1..5568c6182a 100755
--- a/build.sh
+++ b/build.sh
@@ -10,7 +10,7 @@ RESET="\033[0m"
 RED="\033[0;31m"
 MAGENTA="\033[0;95m"
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-[ -z "${DOTNET_HOME:-}"] && DOTNET_HOME="$HOME/.dotnet"
+[ -z "${DOTNET_HOME:-}" ] && DOTNET_HOME="$HOME/.dotnet"
 config_file="$DIR/version.xml"
 verbose=false
 update=false
@@ -22,7 +22,7 @@ tools_source=''
 # Functions
 #
 __usage() {
-    echo "Usage: $(basename ${BASH_SOURCE[0]}) [options] [[--] <MSBUILD_ARG>...]"
+    echo "Usage: $(basename "${BASH_SOURCE[0]}") [options] [[--] <MSBUILD_ARG>...]"
     echo ""
     echo "Arguments:"
     echo "    <MSBUILD_ARG>...         Arguments passed to MSBuild. Variable number of arguments allowed."
@@ -46,16 +46,17 @@ __usage() {
 }
 
 get_korebuild() {
+    local version
     local lock_file="$repo_path/korebuild-lock.txt"
-    if [ ! -f $lock_file ] || [ "$update" = true ]; then
-        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" $lock_file
+    if [ ! -f "$lock_file" ] || [ "$update" = true ]; then
+        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" "$lock_file"
     fi
-    local version="$(grep 'version:*' -m 1 $lock_file)"
+    version="$(grep 'version:*' -m 1 "$lock_file")"
     if [[ "$version" == '' ]]; then
         __error "Failed to parse version from $lock_file. Expected a line that begins with 'version:'"
         return 1
     fi
-    version="$(echo ${version#version:} | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+    version="$(echo "${version#version:}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
     local korebuild_path="$DOTNET_HOME/buildtools/korebuild/$version"
 
     {
@@ -64,10 +65,10 @@ get_korebuild() {
             local remote_path="$tools_source/korebuild/artifacts/$version/korebuild.$version.zip"
             tmpfile="$(mktemp)"
             echo -e "${MAGENTA}Downloading KoreBuild ${version}${RESET}"
-            if __get_remote_file $remote_path $tmpfile; then
-                unzip -q -d "$korebuild_path" $tmpfile
+            if __get_remote_file "$remote_path" "$tmpfile"; then
+                unzip -q -d "$korebuild_path" "$tmpfile"
             fi
-            rm $tmpfile || true
+            rm "$tmpfile" || true
         fi
 
         source "$korebuild_path/KoreBuild.sh"
@@ -81,7 +82,7 @@ get_korebuild() {
 }
 
 __error() {
-    echo -e "${RED}$@${RESET}" 1>&2
+    echo -e "${RED}$*${RESET}" 1>&2
 }
 
 __machine_has() {
@@ -94,18 +95,18 @@ __get_remote_file() {
     local local_path=$2
 
     if [[ "$remote_path" != 'http'* ]]; then
-        cp $remote_path $local_path
+        cp "$remote_path" "$local_path"
         return 0
     fi
 
     failed=false
     if __machine_has wget; then
-        wget --tries 10 --quiet -O $local_path $remote_path || failed=true
+        wget --tries 10 --quiet -O "$local_path" "$remote_path" || failed=true
     fi
 
     if [ "$failed" = true ] && __machine_has curl; then
         failed=false
-        curl --retry 10 -sSL -f --create-dirs -o $local_path $remote_path || failed=true
+        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" || failed=true
     fi
 
     if [ "$failed" = true ]; then
@@ -114,13 +115,13 @@ __get_remote_file() {
     fi
 }
 
-__read_dom () { local IFS=\> ; read -d \< ENTITY CONTENT ;}
+__read_dom () { local IFS=\> ; read -r -d \< ENTITY CONTENT ;}
 
 #
 # main
 #
 
-while [[ $# > 0 ]]; do
+while [[ $# -gt 0 ]]; do
     case $1 in
         -\?|-h|--help)
             __usage --no-exit
@@ -128,7 +129,7 @@ while [[ $# > 0 ]]; do
             ;;
         -c|--channel|-Channel)
             shift
-            channel=${1:-}
+            channel="${1:-}"
             [ -z "$channel" ] && __usage
             ;;
         --config-file|-ConfigFile)
@@ -138,7 +139,7 @@ while [[ $# > 0 ]]; do
             ;;
         -d|--dotnet-home|-DotNetHome)
             shift
-            DOTNET_HOME=${1:-}
+            DOTNET_HOME="${1:-}"
             [ -z "$DOTNET_HOME" ] && __usage
             ;;
         --path|-Path)
@@ -178,14 +179,14 @@ if ! __machine_has curl && ! __machine_has wget; then
     exit 1
 fi
 
-if [ -f $config_file ]; then
+if [ -f "$config_file" ]; then
     comment=false
     while __read_dom; do
         if [ "$comment" = true ]; then [[ $CONTENT == *'-->'* ]] && comment=false ; continue; fi
         if [[ $ENTITY == '!--'* ]]; then comment=true; continue; fi
         if [ -z "$channel" ] && [[ $ENTITY == "KoreBuildChannel" ]]; then channel=$CONTENT; fi
         if [ -z "$tools_source" ] && [[ $ENTITY == "KoreBuildToolsSource" ]]; then tools_source=$CONTENT; fi
-    done < $config_file
+    done < "$config_file"
 fi
 
 [ -z "$channel" ] && channel='dev'
@@ -193,4 +194,4 @@ fi
 
 get_korebuild
 install_tools "$tools_source" "$DOTNET_HOME"
-invoke_repository_build "$repo_path" $@
+invoke_repository_build "$repo_path" "$@"

From 98496d7d6b55e079e78ef71cc9b4e4af5d8a63fe Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Wed, 2 Aug 2017 12:44:48 -0700
Subject: [PATCH 783/900] Update __get_remote_file logic

---
 build.sh | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/build.sh b/build.sh
index 5568c6182a..8eace4c20d 100755
--- a/build.sh
+++ b/build.sh
@@ -99,17 +99,16 @@ __get_remote_file() {
         return 0
     fi
 
-    failed=false
+    local succeeded=false
     if __machine_has wget; then
-        wget --tries 10 --quiet -O "$local_path" "$remote_path" || failed=true
+        wget --tries 10 --quiet -O "$local_path" "$remote_path" && succeeded=true
     fi
 
-    if [ "$failed" = true ] && __machine_has curl; then
-        failed=false
-        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" || failed=true
+    if [ "$succeeded" = false ] && __machine_has curl; then
+        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" && succeeded=true
     fi
 
-    if [ "$failed" = true ]; then
+    if [ "$succeeded" = false ]; then
         __error "Download failed: $remote_path" 1>&2
         return 1
     fi

From 4fec8c11c280dbb08a1bd3c76408c438d3c50c7b Mon Sep 17 00:00:00 2001
From: John Luo <jt.luo@mail.utoronto.ca>
Date: Wed, 2 Aug 2017 14:33:52 -0700
Subject: [PATCH 784/900] Ensure fallback to curl after failed wget

---
 build.sh | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/build.sh b/build.sh
index 8eace4c20d..11cdbe5504 100755
--- a/build.sh
+++ b/build.sh
@@ -99,16 +99,19 @@ __get_remote_file() {
         return 0
     fi
 
-    local succeeded=false
+    local failed=false
     if __machine_has wget; then
-        wget --tries 10 --quiet -O "$local_path" "$remote_path" && succeeded=true
+        wget --tries 10 --quiet -O "$local_path" "$remote_path" || failed=true
+    else
+        failed=true
     fi
 
-    if [ "$succeeded" = false ] && __machine_has curl; then
-        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" && succeeded=true
+    if [ "$failed" = true ] && __machine_has curl; then
+        failed=false
+        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" || failed=true
     fi
 
-    if [ "$succeeded" = false ]; then
+    if [ "$failed" = true ]; then
         __error "Download failed: $remote_path" 1>&2
         return 1
     fi

From d797543cfc587fbe812e66ddf910acbe5f86d009 Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Thu, 3 Aug 2017 12:59:45 -0700
Subject: [PATCH 785/900] Update obsolete error (#1346)

---
 .../CookieAppBuilderExtensions.cs                         | 8 ++++----
 .../FacebookAppBuilderExtensions.cs                       | 8 ++++----
 .../GoogleAppBuilderExtensions.cs                         | 8 ++++----
 .../JwtBearerAppBuilderExtensions.cs                      | 8 ++++----
 .../MicrosoftAccountAppBuilderExtensions.cs               | 8 ++++----
 .../OAuthAppBuilderExtensions.cs                          | 8 ++++----
 .../OpenIdConnectAppBuilderExtensions.cs                  | 8 ++++----
 .../TwitterAppBuilderExtensions.cs                        | 8 ++++----
 8 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
index bb5cdfff0e..bdfd43c796 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
@@ -12,23 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class CookieAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseCookieAuthentication is obsolete. Configure Cookie authentication with AddAuthentication().AddCookie in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseCookieAuthentication is obsolete. Configure Cookie authentication with AddAuthentication().AddCookie in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseCookieAuthentication is obsolete. Configure Cookie authentication with AddAuthentication().AddCookie in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">A <see cref="CookieAuthenticationOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseCookieAuthentication is obsolete. Configure Cookie authentication with AddAuthentication().AddCookie in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 1a9607eea4..a94dc7bc45 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -12,23 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class FacebookAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseFacebookAuthentication is obsolete. Configure Facebook authentication with AddAuthentication().AddFacebook in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseFacebookAuthentication is obsolete. Configure Facebook authentication with AddAuthentication().AddFacebook in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseFacebookAuthentication is obsolete. Configure Facebook authentication with AddAuthentication().AddFacebook in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">A <see cref="FacebookOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseFacebookAuthentication is obsolete. Configure Facebook authentication with AddAuthentication().AddFacebook in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, FacebookOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
index ec7e8a7aab..4302d20db1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -3,8 +3,6 @@
 
 using System;
 using Microsoft.AspNetCore.Authentication.Google;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -14,21 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class GoogleAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseGoogleAuthentication is obsolete. Configure Google authentication with AddAuthentication().AddGoogle in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("UseGoogleAuthentication is obsolete. Configure Google authentication with AddAuthentication().AddGoogle in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseGoogleAuthentication is obsolete. Configure Google authentication with AddAuthentication().AddGoogle in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">A <see cref="GoogleOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
+        [Obsolete("UseGoogleAuthentication is obsolete. Configure Google authentication with AddAuthentication().AddGoogle in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, GoogleOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 9755c5cb7d..0cfc97573c 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -12,23 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class JwtBearerAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseJwtBearerAuthentication is obsolete. Configure JwtBearer authentication with AddAuthentication().AddJwtBearer in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseJwtBearerAuthentication is obsolete. Configure JwtBearer authentication with AddAuthentication().AddJwtBearer in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseJwtBearerAuthentication is obsolete. Configure JwtBearer authentication with AddAuthentication().AddJwtBearer in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">A  <see cref="JwtBearerOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseJwtBearerAuthentication is obsolete. Configure JwtBearer authentication with AddAuthentication().AddJwtBearer in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 88306efbed..7fd71d7a9b 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -12,23 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class MicrosoftAccountAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseMicrosoftAccountAuthentication is obsolete. Configure MicrosoftAccount authentication with AddAuthentication().AddMicrosoftAccount in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseMicrosoftAccountAuthentication is obsolete. Configure MicrosoftAccount authentication with AddAuthentication().AddMicrosoftAccount in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseMicrosoftAccountAuthentication is obsolete. Configure MicrosoftAccount authentication with AddAuthentication().AddMicrosoftAccount in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">A <see cref="MicrosoftAccountOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseMicrosoftAccountAuthentication is obsolete. Configure MicrosoftAccount authentication with AddAuthentication().AddMicrosoftAccount in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, MicrosoftAccountOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index ceec294eca..d55f311f7b 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -12,23 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class OAuthAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseOAuthAuthentication is obsolete. Configure OAuth authentication with AddAuthentication().AddOAuth in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseOAuthAuthentication is obsolete. Configure OAuth authentication with AddAuthentication().AddOAuth in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseOAuthAuthentication is obsolete. Configure OAuth authentication with AddAuthentication().AddOAuth in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">A <see cref="OAuthOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseOAuthAuthentication is obsolete. Configure OAuth authentication with AddAuthentication().AddOAuth in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, OAuthOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
index db5cfbbcc9..0746ae3fdb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
@@ -12,23 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class OpenIdConnectAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseOpenIdConnectAuthentication is obsolete. Configure OpenIdConnect authentication with AddAuthentication().AddOpenIdConnect in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseOpenIdConnectAuthentication is obsolete. Configure OpenIdConnect authentication with AddAuthentication().AddOpenIdConnect in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseOpenIdConnectAuthentication is obsolete. Configure OpenIdConnect authentication with AddAuthentication().AddOpenIdConnect in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">A <see cref="OpenIdConnectOptions"/> that specifies options for the handler.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseOpenIdConnectAuthentication is obsolete. Configure OpenIdConnect authentication with AddAuthentication().AddOpenIdConnect in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index 2896365d69..36e1111da6 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -12,23 +12,23 @@ namespace Microsoft.AspNetCore.Builder
     public static class TwitterAppBuilderExtensions
     {
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseTwitterAuthentication is obsolete. Configure Twitter authentication with AddAuthentication().AddTwitter in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseTwitterAuthentication is obsolete. Configure Twitter authentication with AddAuthentication().AddTwitter in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
         }
 
         /// <summary>
-        /// Obsolete, see https://go.microsoft.com/fwlink/?linkid=845470
+        /// UseTwitterAuthentication is obsolete. Configure Twitter authentication with AddAuthentication().AddTwitter in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.
         /// </summary>
         /// <param name="app">The <see cref="IApplicationBuilder"/> to add the handler to.</param>
         /// <param name="options">An action delegate to configure the provided <see cref="TwitterOptions"/>.</param>
         /// <returns>A reference to this instance after the operation has completed.</returns>
-        [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
+        [Obsolete("UseTwitterAuthentication is obsolete. Configure Twitter authentication with AddAuthentication().AddTwitter in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details.", error: true)]
         public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, TwitterOptions options)
         {
             throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");

From 5d802a798847f61c8c32368f5690a48caefbca97 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 12 Jul 2017 08:54:58 -0700
Subject: [PATCH 786/900] Add sample for refresh tokens

---
 samples/OpenIdConnectSample/Startup.cs | 107 ++++++++++--
 samples/SocialSample/Startup.cs        | 231 +++++++++++++++++++++----
 2 files changed, 286 insertions(+), 52 deletions(-)

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 3325ea3c3b..c05bc8b522 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,6 +1,8 @@
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
+using System.Net.Http;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
@@ -11,7 +13,9 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Newtonsoft.Json.Linq;
 
 namespace OpenIdConnectSample
 {
@@ -53,6 +57,7 @@ namespace OpenIdConnectSample
                 o.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
                 o.Authority = Configuration["oidc:authority"];
                 o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
+                o.SaveTokens = true;
                 o.GetClaimsFromUserInfoEndpoint = true;
                 o.Events = new OpenIdConnectEvents()
                 {
@@ -73,19 +78,21 @@ namespace OpenIdConnectSample
             });
         }
 
-        public void Configure(IApplicationBuilder app)
+        public void Configure(IApplicationBuilder app, IOptionsMonitor<OpenIdConnectOptions> optionsMonitor)
         {
             app.UseDeveloperExceptionPage();
             app.UseAuthentication();
 
             app.Run(async context =>
             {
+                var response = context.Response;
+
                 if (context.Request.Path.Equals("/signedout"))
                 {
-                    await WriteHtmlAsync(context.Response, async res =>
+                    await WriteHtmlAsync(response, async res =>
                     {
                         await res.WriteAsync($"<h1>You have been signed out.</h1>");
-                        await res.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
+                        await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
                     });
                     return;
                 }
@@ -93,10 +100,10 @@ namespace OpenIdConnectSample
                 if (context.Request.Path.Equals("/signout"))
                 {
                     await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    await WriteHtmlAsync(context.Response, async res =>
+                    await WriteHtmlAsync(response, async res =>
                     {
-                        await context.Response.WriteAsync($"<h1>Signed out {HtmlEncode(context.User.Identity.Name)}</h1>");
-                        await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
+                        await res.WriteAsync($"<h1>Signed out {HtmlEncode(context.User.Identity.Name)}</h1>");
+                        await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
                     });
                     return;
                 }
@@ -115,19 +122,22 @@ namespace OpenIdConnectSample
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
                     await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    await WriteHtmlAsync(context.Response, async res =>
+                    await WriteHtmlAsync(response, async res =>
                     {
-                        await context.Response.WriteAsync($"<h1>Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}'</h1>");
-                        await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/signout\">Sign Out</a>");
+                        await res.WriteAsync($"<h1>Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}'</h1>");
+                        await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
+                        await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
                     });
                     return;
                 }
 
                 // DefaultAuthenticateScheme causes User to be set
-                var user = context.User;
+                // var user = context.User;
 
                 // This is what [Authorize] calls
-                // var user = await context.AuthenticateAsync();
+                var userResult = await context.AuthenticateAsync();
+                var user = userResult.Principal;
+                var props = userResult.Properties;
 
                 // This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
                 // var user = await context.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
@@ -151,15 +161,76 @@ namespace OpenIdConnectSample
                     return;
                 }
 
-                await WriteHtmlAsync(context.Response, async response =>
+                if (context.Request.Path.Equals("/refresh"))
                 {
-                    await response.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
-                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/restricted\">Restricted</a>");
-                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
-                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remote</a>");
+                    var refreshToken = props.GetTokenValue("refresh_token");
 
-                    await response.WriteAsync("<h2>Claims:</h2>");
-                    await WriteTableHeader(response, new string[] { "Claim Type", "Value" }, context.User.Claims.Select(c => new string[] { c.Type, c.Value }));
+                    if (string.IsNullOrEmpty(refreshToken))
+                    {
+                        await WriteHtmlAsync(response, async res =>
+                        {
+                            await res.WriteAsync($"No refresh_token is available.<br>");
+                            await res.WriteAsync("<a class=\"btn btn-link\" href=\"/signout\">Sign Out</a>");
+                        });
+
+                        return;
+                    }
+
+                    var options = optionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme);
+                    var metadata = await options.ConfigurationManager.GetConfigurationAsync(context.RequestAborted);
+
+                    var pairs = new Dictionary<string, string>()
+                    {
+                        { "client_id", options.ClientId },
+                        { "client_secret", options.ClientSecret },
+                        { "grant_type", "refresh_token" },
+                        { "refresh_token", refreshToken }
+                    };
+                    var content = new FormUrlEncodedContent(pairs);
+                    var tokenResponse = await options.Backchannel.PostAsync(metadata.TokenEndpoint, content, context.RequestAborted);
+                    tokenResponse.EnsureSuccessStatusCode();
+
+                    var payload = JObject.Parse(await tokenResponse.Content.ReadAsStringAsync());
+
+                    // Persist the new acess token
+                    props.UpdateTokenValue("access_token", payload.Value<string>("access_token"));
+                    props.UpdateTokenValue("refresh_token", payload.Value<string>("refresh_token"));
+                    if (int.TryParse(payload.Value<string>("expires_in"), NumberStyles.Integer, CultureInfo.InvariantCulture, out var seconds))
+                    {
+                        var expiresAt = DateTimeOffset.UtcNow + TimeSpan.FromSeconds(seconds);
+                        props.UpdateTokenValue("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture));
+                    }
+                    await context.SignInAsync(user, props);
+
+                    await WriteHtmlAsync(response, async res =>
+                    {
+                        await res.WriteAsync($"<h1>Refreshed.</h1>");
+                        await res.WriteAsync("<a class=\"btn btn-default\" href=\"/refresh\">Refresh tokens</a>");
+                        await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
+
+                        await res.WriteAsync("<h2>Tokens:</h2>");
+                        await WriteTableHeader(res, new string[] { "Token Type", "Value" }, props.GetTokens().Select(token => new string[] { token.Name, token.Value }));
+
+                        await res.WriteAsync("<h2>Payload:</h2>");
+                        await res.WriteAsync(HtmlEncoder.Default.Encode(payload.ToString()).Replace(",", ",<br>") + "<br>");
+                    });
+
+                    return;
+                }
+
+                await WriteHtmlAsync(response, async res =>
+                {
+                    await res.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
+                    await res.WriteAsync("<a class=\"btn btn-default\" href=\"/refresh\">Refresh tokens</a>");
+                    await res.WriteAsync("<a class=\"btn btn-default\" href=\"/restricted\">Restricted</a>");
+                    await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
+                    await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remote</a>");
+
+                    await res.WriteAsync("<h2>Claims:</h2>");
+                    await WriteTableHeader(res, new string[] { "Claim Type", "Value" }, context.User.Claims.Select(c => new string[] { c.Type, c.Value }));
+
+                    await res.WriteAsync("<h2>Tokens:</h2>");
+                    await WriteTableHeader(res, new string[] { "Token Type", "Value" }, props.GetTokens().Select(token => new string[] { token.Name, token.Value }));
                 });
             });
         }
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 8a59928c41..d69b25ee31 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -1,4 +1,6 @@
 using System;
+using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
@@ -7,6 +9,7 @@ using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.Facebook;
 using Microsoft.AspNetCore.Authentication.Google;
 using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
 using Microsoft.AspNetCore.Authentication.OAuth;
@@ -14,8 +17,10 @@ using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
 using Newtonsoft.Json.Linq;
 
 namespace SocialSample
@@ -50,12 +55,7 @@ namespace SocialSample
                 throw new InvalidOperationException("User secrets must be configured for each authentication provider.");
             }
 
-            services.AddAuthentication(options =>
-            {
-                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            })
+            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                 .AddCookie(o => o.LoginPath = new PathString("/login"))
                 // You must first create an app with Facebook and add its ID and Secret to your user-secrets.
                 // https://developers.facebook.com/apps/
@@ -88,6 +88,8 @@ namespace SocialSample
             {
                 o.ClientId = Configuration["google:clientid"];
                 o.ClientSecret = Configuration["google:clientsecret"];
+                o.AuthorizationEndpoint += "?prompt=consent"; // Hack so we always get a refresh token, it only comes on the first authorization response
+                o.AccessType = "offline";
                 o.SaveTokens = true;
                 o.Events = new OAuthEvents()
                 {
@@ -145,6 +147,7 @@ namespace SocialSample
                 o.ClientId = Configuration["microsoftaccount:clientid"];
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
                 o.SaveTokens = true;
+                o.Scope.Add("offline_access");
             })
                 // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
                 // https://github.com/settings/applications/
@@ -215,16 +218,135 @@ namespace SocialSample
                         return;
                     }
 
-                    context.Response.ContentType = "text/html";
-                    await context.Response.WriteAsync("<html><body>");
-                    await context.Response.WriteAsync("Choose an authentication scheme: <br>");
+                    var response = context.Response;
+                    response.ContentType = "text/html";
+                    await response.WriteAsync("<html><body>");
+                    await response.WriteAsync("Choose an authentication scheme: <br>");
                     var schemeProvider = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
                     foreach (var provider in await schemeProvider.GetAllSchemesAsync())
                     {
-                        // REVIEW: we lost access to display name (which is buried in the handler options)
-                        await context.Response.WriteAsync("<a href=\"?authscheme=" + provider.Name + "\">" + (provider.DisplayName ?? "(suppressed)") + "</a><br>");
+                        await response.WriteAsync("<a href=\"?authscheme=" + provider.Name + "\">" + (provider.DisplayName ?? "(suppressed)") + "</a><br>");
                     }
-                    await context.Response.WriteAsync("</body></html>");
+                    await response.WriteAsync("</body></html>");
+                });
+            });
+
+            // Refresh the access token
+            app.Map("/refresh_token", signinApp =>
+            {
+                signinApp.Run(async context =>
+                {
+                    var response = context.Response;
+
+                    // Setting DefaultAuthenticateScheme causes User to be set
+                    // var user = context.User;
+
+                    // This is what [Authorize] calls
+                    var userResult = await context.AuthenticateAsync();
+                    var user = userResult.Principal;
+                    var authProperties = userResult.Properties;
+
+                    // This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
+                    // var user = await context.AuthenticateAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+
+                    // Deny anonymous request beyond this point.
+                    if (!userResult.Succeeded || user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
+                    {
+                        // This is what [Authorize] calls
+                        // The cookie middleware will handle this and redirect to /login
+                        await context.ChallengeAsync();
+
+                        // This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
+                        // await context.ChallengeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+
+                        return;
+                    }
+
+                    var currentAuthType = user.Identities.First().AuthenticationType;
+                    if (string.Equals(GoogleDefaults.AuthenticationScheme, currentAuthType)
+                        || string.Equals(MicrosoftAccountDefaults.AuthenticationScheme, currentAuthType))
+                    {
+                        var refreshToken = authProperties.GetTokenValue("refresh_token");
+
+                        if (string.IsNullOrEmpty(refreshToken))
+                        {
+                            response.ContentType = "text/html";
+                            await response.WriteAsync("<html><body>");
+                            await response.WriteAsync("No refresh_token is available.<br>");
+                            await response.WriteAsync("<a href=\"/\">Home</a>");
+                            await response.WriteAsync("</body></html>");
+                            return;
+                        }
+
+                        var options = await GetOAuthOptionsAsync(context, currentAuthType);
+
+                        var pairs = new Dictionary<string, string>()
+                        {
+                            { "client_id", options.ClientId },
+                            { "client_secret", options.ClientSecret },
+                            { "grant_type", "refresh_token" },
+                            { "refresh_token", refreshToken }
+                        };
+                        var content = new FormUrlEncodedContent(pairs);
+                        var refreshResponse = await options.Backchannel.PostAsync(options.TokenEndpoint, content, context.RequestAborted);
+                        refreshResponse.EnsureSuccessStatusCode();
+
+                        var payload = JObject.Parse(await refreshResponse.Content.ReadAsStringAsync());
+
+                        // Persist the new acess token
+                        authProperties.UpdateTokenValue("access_token", payload.Value<string>("access_token"));
+                        refreshToken = payload.Value<string>("refresh_token");
+                        if (!string.IsNullOrEmpty(refreshToken))
+                        {
+                            authProperties.UpdateTokenValue("refresh_token", refreshToken);
+                        }
+                        if (int.TryParse(payload.Value<string>("expires_in"), NumberStyles.Integer, CultureInfo.InvariantCulture, out var seconds))
+                        {
+                            var expiresAt = DateTimeOffset.UtcNow + TimeSpan.FromSeconds(seconds);
+                            authProperties.UpdateTokenValue("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture));
+                        }
+                        await context.SignInAsync(user, authProperties);
+
+                        await PrintRefreshedTokensAsync(response, payload, authProperties);
+
+                        return;
+                    }
+                    // https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
+                    else if (string.Equals(FacebookDefaults.AuthenticationScheme, currentAuthType))
+                    {
+                        var options = await GetOAuthOptionsAsync(context, currentAuthType);
+
+                        var accessToken = authProperties.GetTokenValue("access_token");
+
+                        var query = new QueryBuilder()
+                        {
+                            { "grant_type", "fb_exchange_token" },
+                            { "client_id", options.ClientId },
+                            { "client_secret", options.ClientSecret },
+                            { "fb_exchange_token", accessToken },
+                        }.ToQueryString();
+
+                        var refreshResponse = await options.Backchannel.GetStringAsync(options.TokenEndpoint + query);
+                        var payload = JObject.Parse(refreshResponse);
+
+                        authProperties.UpdateTokenValue("access_token", payload.Value<string>("access_token"));
+                        if (int.TryParse(payload.Value<string>("expires_in"), NumberStyles.Integer, CultureInfo.InvariantCulture, out var seconds))
+                        {
+                            var expiresAt = DateTimeOffset.UtcNow + TimeSpan.FromSeconds(seconds);
+                            authProperties.UpdateTokenValue("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture));
+                        }
+                        await context.SignInAsync(user, authProperties);
+
+                        await PrintRefreshedTokensAsync(response, payload, authProperties);
+
+                        return;
+                    }
+
+                    response.ContentType = "text/html";
+                    await response.WriteAsync("<html><body>");
+                    await response.WriteAsync("Refresh has not been implemented for this provider.<br>");
+                    await response.WriteAsync("<a href=\"/\">Home</a>");
+                    await response.WriteAsync("</body></html>");
                 });
             });
 
@@ -233,12 +355,13 @@ namespace SocialSample
             {
                 signoutApp.Run(async context =>
                 {
-                    context.Response.ContentType = "text/html";
+                    var response = context.Response;
+                    response.ContentType = "text/html";
                     await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
-                    await context.Response.WriteAsync("<html><body>");
-                    await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
-                    await context.Response.WriteAsync("<a href=\"/\">Home</a>");
-                    await context.Response.WriteAsync("</body></html>");
+                    await response.WriteAsync("<html><body>");
+                    await response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
+                    await response.WriteAsync("<a href=\"/\">Home</a>");
+                    await response.WriteAsync("</body></html>");
                 });
             });
 
@@ -247,11 +370,12 @@ namespace SocialSample
             {
                 errorApp.Run(async context =>
                 {
-                    context.Response.ContentType = "text/html";
-                    await context.Response.WriteAsync("<html><body>");
-                    await context.Response.WriteAsync("An remote failure has occurred: " + context.Request.Query["FailureMessage"] + "<br>");
-                    await context.Response.WriteAsync("<a href=\"/\">Home</a>");
-                    await context.Response.WriteAsync("</body></html>");
+                    var response = context.Response;
+                    response.ContentType = "text/html";
+                    await response.WriteAsync("<html><body>");
+                    await response.WriteAsync("An remote failure has occurred: " + context.Request.Query["FailureMessage"] + "<br>");
+                    await response.WriteAsync("<a href=\"/\">Home</a>");
+                    await response.WriteAsync("</body></html>");
                 });
             });
 
@@ -271,7 +395,7 @@ namespace SocialSample
                 if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     // This is what [Authorize] calls
-                    // The cookie middleware will intercept this 401 and redirect to /login
+                    // The cookie middleware will handle this and redirect to /login
                     await context.ChallengeAsync();
 
                     // This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
@@ -281,24 +405,63 @@ namespace SocialSample
                 }
 
                 // Display user information
-                context.Response.ContentType = "text/html";
-                await context.Response.WriteAsync("<html><body>");
-                await context.Response.WriteAsync("Hello " + (context.User.Identity.Name ?? "anonymous") + "<br>");
+                var response = context.Response;
+                response.ContentType = "text/html";
+                await response.WriteAsync("<html><body>");
+                await response.WriteAsync("Hello " + (context.User.Identity.Name ?? "anonymous") + "<br>");
                 foreach (var claim in context.User.Claims)
                 {
-                    await context.Response.WriteAsync(claim.Type + ": " + claim.Value + "<br>");
+                    await response.WriteAsync(claim.Type + ": " + claim.Value + "<br>");
                 }
 
-                await context.Response.WriteAsync("Tokens:<br>");
+                await response.WriteAsync("Tokens:<br>");
                 
-                await context.Response.WriteAsync("Access Token: " + await context.GetTokenAsync("access_token") + "<br>");
-                await context.Response.WriteAsync("Refresh Token: " + await context.GetTokenAsync("refresh_token") + "<br>");
-                await context.Response.WriteAsync("Token Type: " + await context.GetTokenAsync("token_type") + "<br>");
-                await context.Response.WriteAsync("expires_at: " + await context.GetTokenAsync("expires_at") + "<br>");
-                await context.Response.WriteAsync("<a href=\"/logout\">Logout</a><br>");
-                await context.Response.WriteAsync("</body></html>");
+                await response.WriteAsync("Access Token: " + await context.GetTokenAsync("access_token") + "<br>");
+                await response.WriteAsync("Refresh Token: " + await context.GetTokenAsync("refresh_token") + "<br>");
+                await response.WriteAsync("Token Type: " + await context.GetTokenAsync("token_type") + "<br>");
+                await response.WriteAsync("expires_at: " + await context.GetTokenAsync("expires_at") + "<br>");
+                await response.WriteAsync("<a href=\"/logout\">Logout</a><br>");
+                await response.WriteAsync("<a href=\"/refresh_token\">Refresh Token</a><br>");
+                await response.WriteAsync("</body></html>");
             });
         }
+
+        private async Task<OAuthOptions> GetOAuthOptionsAsync(HttpContext context, string currentAuthType)
+        {
+            if (string.Equals(GoogleDefaults.AuthenticationScheme, currentAuthType))
+            {
+                return context.RequestServices.GetRequiredService<IOptionsMonitor<GoogleOptions>>().Get(currentAuthType);
+            }
+            else if (string.Equals(MicrosoftAccountDefaults.AuthenticationScheme, currentAuthType))
+            {
+                return context.RequestServices.GetRequiredService<IOptionsMonitor<MicrosoftAccountOptions>>().Get(currentAuthType);
+            }
+            else if (string.Equals(FacebookDefaults.AuthenticationScheme, currentAuthType))
+            {
+                return context.RequestServices.GetRequiredService<IOptionsMonitor<FacebookOptions>>().Get(currentAuthType);
+            }
+
+            throw new NotImplementedException(currentAuthType);
+        }
+
+        private async Task PrintRefreshedTokensAsync(HttpResponse response, JObject payload, AuthenticationProperties authProperties)
+        {
+            response.ContentType = "text/html";
+            await response.WriteAsync("<html><body>");
+            await response.WriteAsync("Refreshed.<br>");
+            await response.WriteAsync(HtmlEncoder.Default.Encode(payload.ToString()).Replace(",", ",<br>") + "<br>");
+
+            await response.WriteAsync("<br>Tokens:<br>");
+
+            await response.WriteAsync("Access Token: " + authProperties.GetTokenValue("access_token") + "<br>");
+            await response.WriteAsync("Refresh Token: " + authProperties.GetTokenValue("refresh_token") + "<br>");
+            await response.WriteAsync("Token Type: " + authProperties.GetTokenValue("token_type") + "<br>");
+            await response.WriteAsync("expires_at: " + authProperties.GetTokenValue("expires_at") + "<br>");
+
+            await response.WriteAsync("<a href=\"/\">Home</a><br>");
+            await response.WriteAsync("<a href=\"/refresh_token\">Refresh Token</a><br>");
+            await response.WriteAsync("</body></html>");
+        }
     }
 }
 

From c1250220508996a494d51627a8bd02b7792c012f Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 9 Aug 2017 15:29:34 -0700
Subject: [PATCH 787/900] #772 Fill in OIDC test gaps

---
 samples/SocialSample/Startup.cs               |  2 +-
 .../OpenIdConnectChallengeTests.cs            | 36 +++++++++++++------
 .../OpenIdConnect/OpenIdConnectEventTests.cs  | 14 ++++----
 3 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index d69b25ee31..36a53b38ae 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -162,7 +162,7 @@ namespace SocialSample
             })
                 // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
                 // https://github.com/settings/applications/
-                .AddOAuth("GitHub", o =>
+                .AddOAuth("GitHub", "Github", o =>
             {
                 o.ClientId = Configuration["github:clientid"];
                 o.ClientSecret = Configuration["github:clientsecret"];
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index d21a1f4246..fb08ae2786 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -5,11 +5,12 @@ using System;
 using System.Linq;
 using System.Net;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
@@ -19,7 +20,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         private static readonly string ChallengeEndpoint = TestServerBuilder.TestHost + TestServerBuilder.Challenge;
 
         [Fact]
-        public async Task ChallengeIsIssuedCorrectly()
+        public async Task ChallengeRedirectIsIssuedCorrectly()
         {
             var settings = new TestSettings(
                 opt =>
@@ -86,7 +87,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         </body>
         */
         [Fact]
-        public async Task ChallengeIssueedCorrectlyForFormPost()
+        public async Task ChallengeFormPostIssuedCorrectly()
         {
             var settings = new TestSettings(
                 opt =>
@@ -361,24 +362,37 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.Null(res.Headers.Location);
         }
 
-        [Fact]
-        public async Task ChallengeSetsNonceAndStateCookies()
+        [Theory]
+        [InlineData(OpenIdConnectRedirectBehavior.RedirectGet)]
+        [InlineData(OpenIdConnectRedirectBehavior.FormPost)]
+        public async Task ChallengeSetsNonceAndStateCookies(OpenIdConnectRedirectBehavior method)
         {
             var settings = new TestSettings(o =>
             {
+                o.AuthenticationMethod = method;
                 o.ClientId = "Test Id";
                 o.Authority = TestServerBuilder.DefaultAuthority;
             });
             var server = settings.CreateTestServer();
             var transaction = await server.SendAsync(ChallengeEndpoint);
 
-            var firstCookie = transaction.SetCookie.First();
-            Assert.Contains(OpenIdConnectDefaults.CookieNoncePrefix, firstCookie);
-            Assert.Contains("expires", firstCookie);
+            var challengeCookies = SetCookieHeaderValue.ParseList(transaction.SetCookie);
+            var nonceCookie = challengeCookies.Where(cookie => cookie.Name.StartsWith(OpenIdConnectDefaults.CookieNoncePrefix, StringComparison.Ordinal)).Single();
+            Assert.True(nonceCookie.Expires.HasValue);
+            Assert.True(nonceCookie.Expires > DateTime.UtcNow);
+            Assert.True(nonceCookie.HttpOnly);
+            Assert.Equal("/signin-oidc", nonceCookie.Path);
+            Assert.Equal("N", nonceCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.None, nonceCookie.SameSite);
 
-            var secondCookie = transaction.SetCookie.Skip(1).First();
-            Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
-            Assert.Contains("expires", secondCookie);
+            var correlationCookie = challengeCookies.Where(cookie => cookie.Name.StartsWith(".AspNetCore.Correlation.", StringComparison.Ordinal)).Single();
+            Assert.True(correlationCookie.Expires.HasValue);
+            Assert.True(nonceCookie.Expires > DateTime.UtcNow);
+            Assert.True(correlationCookie.HttpOnly);
+            Assert.Equal("/signin-oidc", correlationCookie.Path);
+            Assert.False(StringSegment.IsNullOrEmpty(correlationCookie.Value));
+
+            Assert.Equal(2, challengeCookies.Count);
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index 4ea69369e8..ed20d2f5ac 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -76,7 +76,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnMessageReceived_Reject_NoMoreEventsRun()
+        public async Task OnMessageReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var remoteFailure = false;
@@ -197,7 +197,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenValidated_Reject_NoMoreEventsRun()
+        public async Task OnTokenValidated_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -385,7 +385,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnAuthorizationCodeReceived_Reject_NoMoreEventsRun()
+        public async Task OnAuthorizationCodeReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -596,7 +596,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenResponseReceived_Reject_NoMoreEventsRun()
+        public async Task OnTokenResponseReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -825,7 +825,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnTokenValidatedBackchannel_Reject_NoMoreEventsRun()
+        public async Task OnTokenValidatedBackchannel_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var codeReceived = false;
@@ -1060,7 +1060,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnUserInformationReceived_Reject_NoMoreEventsRun()
+        public async Task OnUserInformationReceived_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;
@@ -1321,7 +1321,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task OnAuthenticationFailed_Reject_NoMoreEventsRun()
+        public async Task OnAuthenticationFailed_Fail_NoMoreEventsRun()
         {
             var messageReceived = false;
             var tokenValidated = false;

From 4eb1306692a7592210250e47a585fc47e40b7c2c Mon Sep 17 00:00:00 2001
From: Justin Kotalik <jkotalik12@gmail.com>
Date: Fri, 11 Aug 2017 10:24:18 -0700
Subject: [PATCH 788/900] Reacting to ResponseCookie Delete changes (#1362)

https://github.com/aspnet/HttpAbstractions/commit/594f55947f4c1d0a9d3122e3f39bcfa81199b12a
---
 .../Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index 49089234ee..7c34f950a5 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -273,7 +273,7 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
 
             Assert.NotNull(transaction.SetCookie);
             Assert.Equal(1, transaction.SetCookie.Count);
-            Assert.Equal("A=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax", transaction.SetCookie[0]);
+            Assert.Equal("A=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; secure; samesite=lax", transaction.SetCookie[0]);
         }
 
         [Fact]

From 0c82d94a544caa7f39f1692c46d8d16a833daaa8 Mon Sep 17 00:00:00 2001
From: Chris Ross <Tratcher@Outlook.com>
Date: Fri, 11 Aug 2017 11:50:25 -0700
Subject: [PATCH 789/900] #772 Signout FormPost test (#1358)

---
 .../OpenIdConnect/OpenIdConnectTests.cs       | 36 +++++---
 .../OpenIdConnect/TestSettings.cs             | 90 ++++++++++++++-----
 2 files changed, 91 insertions(+), 35 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index b7ac1f82d5..32be26d33e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -182,27 +182,39 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         }
 
         [Fact]
-        public async Task SignOutWithDefaultRedirectUri()
+        public async Task SignOutFormPostWithDefaultRedirectUri()
         {
-            var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration();
-            var server = TestServerBuilder.CreateServer(o =>
+            var settings = new TestSettings(o =>
             {
+                o.AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost;
                 o.Authority = TestServerBuilder.DefaultAuthority;
                 o.ClientId = "Test Id";
-                o.Configuration = configuration;
             });
+            var server = settings.CreateTestServer();
+
+            var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
+            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+
+            settings.ValidateSignoutFormPost(transaction,
+                OpenIdConnectParameterNames.PostLogoutRedirectUri);
+        }
+
+        [Fact]
+        public async Task SignOutRedirectWithDefaultRedirectUri()
+        {
+            var settings = new TestSettings(o =>
+            {
+                o.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
+                o.Authority = TestServerBuilder.DefaultAuthority;
+                o.ClientId = "Test Id";
+            });
+            var server = settings.CreateTestServer();
 
             var transaction = await server.SendAsync(DefaultHost + TestServerBuilder.Signout);
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.True(transaction.Response.Headers.Location.AbsoluteUri.StartsWith(configuration.EndSessionEndpoint));
 
-            var query = transaction.Response.Headers.Location.Query.Substring(1).Split('&')
-                                   .Select(each => each.Split('='))
-                                   .ToDictionary(pair => pair[0], pair => pair[1]);
-
-            string redirectUri;
-            Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri));
-            Assert.Equal(UrlEncoder.Default.Encode("https://example.com/signout-callback-oidc"), redirectUri, true);
+            settings.ValidateSignoutRedirect(transaction.Response.Headers.Location,
+                OpenIdConnectParameterNames.PostLogoutRedirectUri);
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index 9d9e5537fe..bf9df40384 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -80,6 +80,44 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             return formInputs;
         }
 
+        public IDictionary<string, string> ValidateSignoutFormPost(TestTransaction transaction, params string[] parametersToValidate)
+        {
+            IDictionary<string, string> formInputs = null;
+            var errors = new List<string>();
+            var xdoc = XDocument.Parse(transaction.ResponseText.Replace("doctype", "DOCTYPE"));
+            var forms = xdoc.Descendants("form");
+            if (forms.Count() != 1)
+            {
+                errors.Add("Only one form element is expected in response body.");
+            }
+            else
+            {
+                formInputs = forms.Single()
+                                  .Elements("input")
+                                  .ToDictionary(elem => elem.Attribute("name").Value,
+                                                elem => elem.Attribute("value").Value);
+
+                ValidateParameters(formInputs, parametersToValidate, errors, htmlEncoded: false);
+            }
+
+            if (errors.Any())
+            {
+                var buf = new StringBuilder();
+                buf.AppendLine($"The signout form post is not valid.");
+                // buf.AppendLine();
+
+                foreach (var error in errors)
+                {
+                    buf.AppendLine(error);
+                }
+
+                Debug.WriteLine(buf.ToString());
+                Assert.True(false, buf.ToString());
+            }
+
+            return formInputs;
+        }
+
         public IDictionary<string, string> ValidateChallengeRedirect(Uri redirectUri, params string[] parametersToValidate) =>
             ValidateRedirectCore(redirectUri, OpenIdConnectRequestType.Authentication, parametersToValidate);
 
@@ -156,6 +194,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     case OpenIdConnectParameterNames.VersionTelemetry:
                         ValidateVersionTelemetry(actualValues, errors, htmlEncoded);
                         break;
+                    case OpenIdConnectParameterNames.PostLogoutRedirectUri:
+                        ValidatePostLogoutRedirectUri(actualValues, errors, htmlEncoded);
+                        break;
                     default:
                         throw new InvalidOperationException($"Unknown parameter \"{paramToValidate}\".");
                 }
@@ -186,42 +227,45 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             }
         }
 
-        private void ValidateClientId(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.ClientId, _options.ClientId, actualQuery, errors, htmlEncoded);
+        private void ValidateClientId(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.ClientId, _options.ClientId, actualParams, errors, htmlEncoded);
 
-        private void ValidateResponseType(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.ResponseType, _options.ResponseType, actualQuery, errors, htmlEncoded);
+        private void ValidateResponseType(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.ResponseType, _options.ResponseType, actualParams, errors, htmlEncoded);
 
-        private void ValidateResponseMode(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.ResponseMode, _options.ResponseMode, actualQuery, errors, htmlEncoded);
+        private void ValidateResponseMode(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.ResponseMode, _options.ResponseMode, actualParams, errors, htmlEncoded);
 
-        private void ValidateScope(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.Scope, string.Join(" ", _options.Scope), actualQuery, errors, htmlEncoded);
+        private void ValidateScope(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.Scope, string.Join(" ", _options.Scope), actualParams, errors, htmlEncoded);
 
-        private void ValidateRedirectUri(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.RedirectUri, TestServerBuilder.TestHost + _options.CallbackPath, actualQuery, errors, htmlEncoded);
+        private void ValidateRedirectUri(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.RedirectUri, TestServerBuilder.TestHost + _options.CallbackPath, actualParams, errors, htmlEncoded);
 
-        private void ValidateResource(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.RedirectUri, _options.Resource, actualQuery, errors, htmlEncoded);
+        private void ValidateResource(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.RedirectUri, _options.Resource, actualParams, errors, htmlEncoded);
 
-        private void ValidateState(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.State, ExpectedState, actualQuery, errors, htmlEncoded);
+        private void ValidateState(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.State, ExpectedState, actualParams, errors, htmlEncoded);
 
-        private void ValidateSkuTelemetry(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET", actualQuery, errors, htmlEncoded);
+        private void ValidateSkuTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET", actualParams, errors, htmlEncoded);
 
-        private void ValidateVersionTelemetry(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateQueryParameter(OpenIdConnectParameterNames.VersionTelemetry, typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualQuery, errors, htmlEncoded);
+        private void ValidateVersionTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.VersionTelemetry, typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualParams, errors, htmlEncoded);
 
-        private void ValidateQueryParameter(
+        private void ValidatePostLogoutRedirectUri(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.PostLogoutRedirectUri, "https://example.com/signout-callback-oidc", actualParams, errors, htmlEncoded);
+
+        private void ValidateParameter(
             string parameterName,
             string expectedValue,
-            IDictionary<string, string> actualQuery,
+            IDictionary<string, string> actualParams,
             ICollection<string> errors,
             bool htmlEncoded)
         {
             string actualValue;
-            if (actualQuery.TryGetValue(parameterName, out actualValue))
+            if (actualParams.TryGetValue(parameterName, out actualValue))
             {
                 if (htmlEncoded)
                 {
@@ -230,12 +274,12 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
                 if (actualValue != expectedValue)
                 {
-                    errors.Add($"Query parameter {parameterName}'s expected value is {expectedValue} but its actual value is {actualValue}");
+                    errors.Add($"Parameter {parameterName}'s expected value is '{expectedValue}' but its actual value is '{actualValue}'");
                 }
             }
             else
             {
-                errors.Add($"Query parameter {parameterName} is missing");
+                errors.Add($"Parameter {parameterName} is missing");
             }
         }
     }

From 43db99a5686471641eed7913d71dab2dcf0d2464 Mon Sep 17 00:00:00 2001
From: Saravanan <s.dorai2009@gmail.com>
Date: Mon, 14 Aug 2017 22:59:02 +0530
Subject: [PATCH 790/900] =?UTF-8?q?Updated=20for=20the=20TwitterOptions=20?=
 =?UTF-8?q?Validation=20for=20the=20ConsumerKey=20and=20Con=E2=80=A6=20(#1?=
 =?UTF-8?q?337)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../TwitterOptions.cs                         | 18 +++++++++++
 .../TwitterTests.cs                           | 32 ++++++++++++++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 0190f21a6b..86919d0925 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Security.Claims;
+using System.Globalization;
 using Microsoft.AspNetCore.Authentication.OAuth.Claims;
 using Microsoft.AspNetCore.Http;
 
@@ -86,6 +87,23 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             set => _stateCookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
         }
 
+        /// <summary>
+        /// Added the validate method to ensure that the customer key and customer secret values are not not empty for the twitter authentication middleware
+        /// </summary>
+        public override void Validate()
+        {
+            base.Validate();
+            if (string.IsNullOrEmpty(ConsumerKey))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(ConsumerKey)), nameof(ConsumerKey));
+            }
+
+            if (string.IsNullOrEmpty(ConsumerSecret))
+            {
+                throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(ConsumerSecret)), nameof(ConsumerSecret));
+            }
+        }
+
         private class TwitterCookieBuilder : CookieBuilder
         {
             private readonly TwitterOptions _twitterOptions;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 1c387d889a..746dfee6ab 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -63,7 +63,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                     }
                 };
             },
-            context => 
+            context =>
             {
                 // REVIEW: Gross
                 context.ChallengeAsync("Twitter").GetAwaiter().GetResult();
@@ -75,6 +75,36 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             Assert.Contains("custom=test", query);
         }
 
+        /// <summary>
+        /// Validates the Twitter Options to check if the Consumer Key is missing in the TwitterOptions and if so throws the ArgumentException
+        /// </summary>
+        /// <returns></returns>
+        [Fact]
+        public async Task ThrowsIfClientIdMissing()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerSecret = "Test Consumer Secret";
+            });
+
+            await Assert.ThrowsAsync<ArgumentException>("ConsumerKey", async () => await server.SendAsync("http://example.com/challenge"));
+        }
+
+        /// <summary>
+        /// Validates the Twitter Options to check if the Consumer Secret is missing in the TwitterOptions and if so throws the ArgumentException
+        /// </summary>
+        /// <returns></returns>
+        [Fact]
+        public async Task ThrowsIfClientSecretMissing()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+            });
+
+            await Assert.ThrowsAsync<ArgumentException>("ConsumerSecret", async () => await server.SendAsync("http://example.com/challenge"));
+        }
+
         [Fact]
         public async Task BadSignInWillThrow()
         {

From b43ffc4acc6c38bc421678e9fe46da5585147c80 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Mon, 14 Aug 2017 13:06:32 -0500
Subject: [PATCH 791/900] Recommend CookieBuilder.HttpOnly instead of
 CookieBuilder.SameSite (#1366)

---
 .../CookieAuthenticationOptions.cs                              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index ec67ecc181..420435dafc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -196,7 +196,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// to script on the page.
         /// </para>
         /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SameSite) + ".")]
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.HttpOnly) + ".")]
         public bool CookieHttpOnly { get => Cookie.HttpOnly; set => Cookie.HttpOnly = value; }
 
         /// <summary>

From 488eb44467eb677eab62bdc49aa6255cc1be3119 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Poul=20Kjeldager=20S=C3=B8rensen?= <pks@s-innovations.net>
Date: Mon, 14 Aug 2017 20:07:19 +0200
Subject: [PATCH 792/900] Fix obsolete warning message (#1363)

Fixes the messaged shown to developers when they are updating their applications to 2.0. Bad idea to set the domain with some random naming text.
---
 .../CookieAuthenticationOptions.cs                              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 420435dafc..0f2dbd3124 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -161,7 +161,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         /// system uses the cookie authentication handler multiple times.
         /// </para>
         /// </summary>
-        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
+        [Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Name) + ".")]
         public string CookieName { get => Cookie.Name; set => Cookie.Name = value; }
 
         /// <summary>

From 5b29bced0d2f1cfc78843bcd9ec9a828c6fb5fef Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 22 Aug 2017 18:12:32 -0700
Subject: [PATCH 793/900] Upgrade to xunit 2.3.0-beta4

Includes changes to assertions as required by xunit.analyzers 0.6
---
 build/dependencies.props                      |  5 +--
 .../CookieTests.cs                            | 24 ++++++-------
 ...soft.AspNetCore.Authentication.Test.csproj |  1 +
 .../TicketSerializerTests.cs                  |  8 ++---
 .../TokenExtensionTests.cs                    |  2 +-
 .../AuthorizationPolicyFacts.cs               | 34 +++++++++----------
 .../TicketInteropTests.cs                     |  2 +-
 7 files changed, 39 insertions(+), 37 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index a97cae9f61..0f73dd1b42 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -10,7 +10,8 @@
     <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>
     <OwinVersion>3.0.1</OwinVersion>
     <RuntimeFrameworkVersion Condition="'$(TargetFramework)'=='netcoreapp2.0'">2.0.0-*</RuntimeFrameworkVersion>
-    <TestSdkVersion>15.3.0-*</TestSdkVersion>
-    <XunitVersion>2.3.0-beta2-*</XunitVersion>
+    <TestSdkVersion>15.3.0</TestSdkVersion>
+    <XunitAnalyzersVersion>0.6.1</XunitAnalyzersVersion>
+    <XunitVersion>2.3.0-beta4-build3742</XunitVersion>
   </PropertyGroup>
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index c711fde493..d346c68d7f 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -54,8 +54,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest");
             Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
-            Assert.Equal(1, responded.Count());
-            Assert.True(responded.Single().StartsWith("http://example.com/login"));
+            Assert.Single(responded);
+            Assert.StartsWith("http://example.com/login", responded.Single());
         }
 
         [Fact]
@@ -65,8 +65,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await SendAsync(server, "http://example.com/forbid?X-Requested-With=XMLHttpRequest");
             Assert.Equal(HttpStatusCode.Forbidden, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
-            Assert.Equal(1, responded.Count());
-            Assert.True(responded.Single().StartsWith("http://example.com/denied"));
+            Assert.Single(responded);
+            Assert.StartsWith("http://example.com/denied", responded.Single());
         }
 
         [Fact]
@@ -76,8 +76,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await SendAsync(server, "http://example.com/signout?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
-            Assert.Equal(1, responded.Count());
-            Assert.True(responded.Single().StartsWith("/"));
+            Assert.Single(responded);
+            Assert.StartsWith("/", responded.Single());
         }
 
         [Fact]
@@ -87,8 +87,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
             Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
             var responded = transaction.Response.Headers.GetValues("Location");
-            Assert.Equal(1, responded.Count());
-            Assert.True(responded.Single().StartsWith("http://example.com/Account/Login"));
+            Assert.Single(responded);
+            Assert.StartsWith("http://example.com/Account/Login", responded.Single());
         }
 
         [Fact]
@@ -439,7 +439,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             // signout wins over renew
             var transaction4 = await server.SendAsync("http://example.com/signout", transaction3.SetCookie[0]);
-            Assert.Equal(1, transaction4.SetCookie.Count());
+            Assert.Single(transaction4.SetCookie);
             Assert.Contains(".AspNetCore.Cookies=; expires=", transaction4.SetCookie[0]);
         }
 
@@ -717,7 +717,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             new Uri("http://example.com/base"));
 
             var transaction1 = await SendAsync(server, "http://example.com/base/testpath");
-            Assert.True(transaction1.SetCookie.Contains("path=/base"));
+            Assert.Contains("path=/base", transaction1.SetCookie);
         }
 
         [Fact]
@@ -848,7 +848,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await server.SendAsync("http://example.com");
 
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.True(transaction.SetCookie[0].StartsWith("One="));
+            Assert.StartsWith("One=", transaction.SetCookie[0]);
         }
 
         [Fact]
@@ -871,7 +871,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             var transaction = await server.SendAsync("http://example.com");
 
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
-            Assert.True(transaction.SetCookie[0].StartsWith("One="));
+            Assert.StartsWith("One=", transaction.SetCookie[0]);
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 1529dc8036..fc73325e0b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -23,6 +23,7 @@
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit.analyzers" Version="$(XunitAnalyzersVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
index b37ae53d5b..a1e58743b6 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
@@ -28,7 +28,7 @@ namespace Microsoft.AspNetCore.Authentication
                 serializer.Write(writer, ticket);
                 stream.Position = 0;
                 var readTicket = serializer.Read(reader);
-                Assert.Equal(0, readTicket.Principal.Identities.Count());
+                Assert.Empty(readTicket.Principal.Identities);
                 Assert.Equal("bye", readTicket.Properties.RedirectUri);
                 Assert.Equal("Hello", readTicket.AuthenticationScheme);
             }
@@ -50,7 +50,7 @@ namespace Microsoft.AspNetCore.Authentication
                 serializer.Write(writer, ticket);
                 stream.Position = 0;
                 var readTicket = serializer.Read(reader);
-                Assert.Equal(1, readTicket.Principal.Identities.Count());
+                Assert.Single(readTicket.Principal.Identities);
                 Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
                 Assert.Equal("bootstrap", readTicket.Principal.Identities.First().BootstrapContext);
             }
@@ -73,7 +73,7 @@ namespace Microsoft.AspNetCore.Authentication
                 serializer.Write(writer, ticket);
                 stream.Position = 0;
                 var readTicket = serializer.Read(reader);
-                Assert.Equal(1, readTicket.Principal.Identities.Count());
+                Assert.Single(readTicket.Principal.Identities);
                 Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
 
                 var identity = (ClaimsIdentity) readTicket.Principal.Identity;
@@ -108,7 +108,7 @@ namespace Microsoft.AspNetCore.Authentication
                 serializer.Write(writer, ticket);
                 stream.Position = 0;
                 var readTicket = serializer.Read(reader);
-                Assert.Equal(1, readTicket.Principal.Identities.Count());
+                Assert.Single(readTicket.Principal.Identities);
                 Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType);
 
                 var readClaim = readTicket.Principal.FindFirst("type");
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
index 05e5708de0..4d4023bee5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
@@ -48,7 +48,7 @@ namespace Microsoft.AspNetCore.Authentication
             Assert.Null(props.GetTokenValue("One"));
             Assert.Null(props.GetTokenValue("Two"));
             Assert.Null(props.GetTokenValue("Three"));
-            Assert.Equal(1, props.GetTokens().Count());
+            Assert.Single(props.GetTokens());
         }
 
         [Fact]
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
index 714b26c7e1..3eefb7af7b 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -40,12 +40,12 @@ namespace Microsoft.AspNetCore.Authroization.Test
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
-            Assert.True(combined.AuthenticationSchemes.Contains("dupe"));
-            Assert.True(combined.AuthenticationSchemes.Contains("roles"));
+            Assert.Contains("dupe", combined.AuthenticationSchemes);
+            Assert.Contains("roles", combined.AuthenticationSchemes);
             Assert.Equal(4, combined.Requirements.Count());
-            Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
+            Assert.Contains(combined.Requirements, r => r is DenyAnonymousAuthorizationRequirement);
             Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
-            Assert.Equal(1, combined.Requirements.OfType<RolesAuthorizationRequirement>().Count());
+            Assert.Single(combined.Requirements.OfType<RolesAuthorizationRequirement>());
         }
 
         [Fact]
@@ -67,10 +67,10 @@ namespace Microsoft.AspNetCore.Authroization.Test
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
-            Assert.True(combined.AuthenticationSchemes.Contains("dupe"));
-            Assert.True(combined.AuthenticationSchemes.Contains("default"));
+            Assert.Contains("dupe", combined.AuthenticationSchemes);
+            Assert.Contains("default", combined.AuthenticationSchemes);
             Assert.Equal(2, combined.Requirements.Count());
-            Assert.False(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
+            Assert.DoesNotContain(combined.Requirements, r => r is DenyAnonymousAuthorizationRequirement);
             Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
         }
 
@@ -88,11 +88,11 @@ namespace Microsoft.AspNetCore.Authroization.Test
             var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
-            Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement));
+            Assert.Contains(combined.Requirements, r => r is RolesAuthorizationRequirement);
             var rolesAuthorizationRequirement = combined.Requirements.OfType<RolesAuthorizationRequirement>().First();
             Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count());
-            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r1")));
-            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r2")));
+            Assert.Contains(rolesAuthorizationRequirement.AllowedRoles, r => r.Equals("r1"));
+            Assert.Contains(rolesAuthorizationRequirement.AllowedRoles, r => r.Equals("r2"));
         }
 
         [Fact]
@@ -111,8 +111,8 @@ namespace Microsoft.AspNetCore.Authroization.Test
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
-            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a1")));
-            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a2")));
+            Assert.Contains(combined.AuthenticationSchemes, a => a.Equals("a1"));
+            Assert.Contains(combined.AuthenticationSchemes, a => a.Equals("a2"));
         }
         
         [Fact]
@@ -131,8 +131,8 @@ namespace Microsoft.AspNetCore.Authroization.Test
 
             // Assert
             Assert.Equal(2, combined.AuthenticationSchemes.Count());
-            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a1")));
-            Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a2")));
+            Assert.Contains(combined.AuthenticationSchemes, a => a.Equals("a1"));
+            Assert.Contains(combined.AuthenticationSchemes, a => a.Equals("a2"));
         }
         
         [Fact]
@@ -149,11 +149,11 @@ namespace Microsoft.AspNetCore.Authroization.Test
             var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
 
             // Assert
-            Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement));
+            Assert.Contains(combined.Requirements, r => r is RolesAuthorizationRequirement);
             var rolesAuthorizationRequirement = combined.Requirements.OfType<RolesAuthorizationRequirement>().First();
             Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count());
-            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r1")));
-            Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r2")));
+            Assert.Contains(rolesAuthorizationRequirement.AllowedRoles, r => r.Equals("r1"));
+            Assert.Contains(rolesAuthorizationRequirement.AllowedRoles, r => r.Equals("r2"));
         }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
index b14ea0d74e..769adc015b 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
+++ b/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
@@ -35,7 +35,7 @@ namespace Microsoft.Owin.Security.Interop.Test
             var newTicket = newSerializer.Deserialize(bytes);
 
             Assert.NotNull(newTicket);
-            Assert.Equal(1, newTicket.Principal.Identities.Count());
+            Assert.Single(newTicket.Principal.Identities);
             var newIdentity = newTicket.Principal.Identity as ClaimsIdentity;
             Assert.NotNull(newIdentity);
             Assert.Equal("scheme", newIdentity.AuthenticationType);

From 414d596639d56633a789e039406eacecbe464f82 Mon Sep 17 00:00:00 2001
From: Brian Chavez <bchavez@bitarmory.com>
Date: Sun, 27 Aug 2017 21:03:29 -0700
Subject: [PATCH 794/900] Spelling and grammar cleanup (#1391)

---
 .../Claims/ClaimAction.cs                                   | 4 ++--
 .../DefaultAuthorizationService.cs                          | 6 +++---
 .../IAuthorizationService.cs                                | 2 +-
 .../Infrastructure/PassThroughAuthorizationHandler.cs       | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
index 965ca5fdb3..78b63bb38e 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
@@ -31,10 +31,10 @@ namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
         public string ValueType { get; }
 
         /// <summary>
-        /// Exhamine the given userData json, determine if the requisite data is present, and optionally add it
+        /// Examine the given userData json, determine if the requisite data is present, and optionally add it
         /// as a new Claim on the ClaimsIdentity.
         /// </summary>
-        /// <param name="userData">The source data to exhamine. This value may be null.</param>
+        /// <param name="userData">The source data to examine. This value may be null.</param>
         /// <param name="identity">The identity to add Claims to.</param>
         /// <param name="issuer">The value to use for Claim.Issuer when creating a Claim.</param>
         public abstract void Run(JObject userData, ClaimsIdentity identity, string issuer);
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 3380f64b14..9773ebbcc2 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -30,7 +30,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
         /// <param name="contextFactory">The <see cref="IAuthorizationHandlerContextFactory"/> used to create the context to handle the authorization.</param>  
-        /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param>  
+        /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorization was successful.</param>  
         /// <param name="options">The <see cref="AuthorizationOptions"/> used.</param>  
         public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IAuthorizationHandlerProvider handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator, IOptions<AuthorizationOptions> options)
         {
@@ -74,7 +74,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="resource">The resource to evaluate the requirements against.</param>
         /// <param name="requirements">The requirements to evaluate.</param>
         /// <returns>
-        /// A flag indicating whether authorization has succeded.
+        /// A flag indicating whether authorization has succeeded.
         /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
         /// </returns>
         public async Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements)
@@ -136,7 +136,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="resource">The resource the policy should be checked with.</param>
         /// <param name="policyName">The name of the policy to check against a specific context.</param>
         /// <returns>
-        /// A flag indicating whether authorization has succeded.
+        /// A flag indicating whether authorization has succeeded.
         /// This value is <value>true</value> when the user fulfills the policy otherwise <value>false</value>.
         /// </returns>
         public async Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, string policyName)
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
index 32af746072..8976425ba6 100644
--- a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
@@ -43,7 +43,7 @@ namespace Microsoft.AspNetCore.Authorization
         /// <returns>
         /// A flag indicating whether authorization has succeeded.
         /// Returns a flag indicating whether the user, and optional resource has fulfilled the policy.    
-        /// <value>true</value> when the the policy has been fulfilled; otherwise <value>false</value>.
+        /// <value>true</value> when the policy has been fulfilled; otherwise <value>false</value>.
         /// </returns>
         /// <remarks>
         /// Resource is an optional parameter and may be null. Please ensure that you check it is not 
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
index 60fd66b85c..6f0b8293f8 100644
--- a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
@@ -7,7 +7,7 @@ using System.Threading.Tasks;
 namespace Microsoft.AspNetCore.Authorization.Infrastructure
 {
     /// <summary>
-    /// Infrastructre class which allows an <see cref="IAuthorizationRequirement"/> to
+    /// Infrastructure class which allows an <see cref="IAuthorizationRequirement"/> to
     /// be its own <see cref="IAuthorizationHandler"/>.
     /// </summary>
     public class PassThroughAuthorizationHandler : IAuthorizationHandler

From c8a99e580683b6d9d999d066d56cceeac301c091 Mon Sep 17 00:00:00 2001
From: Damir Ainullin <damirainullin@outlook.com>
Date: Mon, 28 Aug 2017 20:12:27 +0300
Subject: [PATCH 795/900] Removed redundant if checks (#1390)

---
 .../AuthenticationHandler.cs                                  | 2 +-
 test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index d1d09f0746..812ba2f1a8 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -142,7 +142,7 @@ namespace Microsoft.AspNetCore.Authentication
                     Logger.AuthenticationSchemeNotAuthenticated(Scheme.Name);
                 }
             }
-            else if (result?.Failure != null)
+            else
             {
                 Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Scheme.Name, result.Failure.Message);
             }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index d346c68d7f..789f5ede9c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -1325,11 +1325,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             res.StatusCode = 200;
             res.ContentType = "text/xml";
             var xml = new XElement("xml");
-            if (result != null && result?.Ticket?.Principal != null)
+            if (result?.Ticket?.Principal != null)
             {
                 xml.Add(result.Ticket.Principal.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
             }
-            if (result != null && result?.Ticket?.Properties != null)
+            if (result?.Ticket?.Properties != null)
             {
                 xml.Add(result.Ticket.Properties.Items.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
             }

From bf685de16be9949d67e93cc058ef4393f005756b Mon Sep 17 00:00:00 2001
From: Kiran Challa <kichalla@microsoft.com>
Date: Thu, 24 Aug 2017 11:52:57 -0700
Subject: [PATCH 796/900] Using WebEncoders' Base64Url encode/decode
 functionality

---
 src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs b/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
index c0663295cf..1f7ecc7184 100644
--- a/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
@@ -13,7 +13,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// <returns>Base64 encoded string modified with non-URL encodable characters</returns>
         public static string Encode(byte[] data)
         {
-            return WebUtilities.Base64UrlTextEncoder.Encode(data);
+            return WebUtilities.WebEncoders.Base64UrlEncode(data);
         }
 
         /// <summary>
@@ -24,7 +24,7 @@ namespace Microsoft.AspNetCore.Authentication
         /// <returns>The decoded data.</returns>
         public static byte[] Decode(string text)
         {
-            return WebUtilities.Base64UrlTextEncoder.Decode(text);
+            return WebUtilities.WebEncoders.Base64UrlDecode(text);
         }
     }
 }

From 724be48ee90e0ed895f09a27b7219365b097197f Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 29 Aug 2017 15:24:01 -0700
Subject: [PATCH 797/900] Use Directory.Build.props/targets

---
 appveyor.yml => .appveyor.yml                       |  0
 build/common.props => Directory.Build.props         | 13 ++++---------
 Directory.Build.targets                             |  2 ++
 Security.sln                                        | 11 +++++++++--
 samples/CookieSample/CookieSample.csproj            |  4 +---
 .../CookieSessionSample/CookieSessionSample.csproj  |  4 +---
 samples/JwtBearerSample/JwtBearerSample.csproj      |  4 +---
 .../OpenIdConnect.AzureAdSample.csproj              |  2 --
 .../OpenIdConnectSample/OpenIdConnectSample.csproj  |  2 --
 samples/SocialSample/SocialSample.csproj            |  2 --
 samples/SocialSample/Startup.cs                     | 10 +++++-----
 src/Directory.Build.props                           |  7 +++++++
 ...crosoft.AspNetCore.Authentication.Cookies.csproj |  2 --
 ...rosoft.AspNetCore.Authentication.Facebook.csproj |  2 --
 ...icrosoft.AspNetCore.Authentication.Google.csproj |  2 --
 ...osoft.AspNetCore.Authentication.JwtBearer.csproj |  3 +--
 ...spNetCore.Authentication.MicrosoftAccount.csproj |  2 --
 ...Microsoft.AspNetCore.Authentication.OAuth.csproj |  4 +---
 ...t.AspNetCore.Authentication.OpenIdConnect.csproj |  3 +--
 ...crosoft.AspNetCore.Authentication.Twitter.csproj |  2 --
 .../Microsoft.AspNetCore.Authentication.csproj      |  2 --
 ...Microsoft.AspNetCore.Authorization.Policy.csproj |  4 +---
 .../Microsoft.AspNetCore.Authorization.csproj       |  4 +---
 .../Microsoft.AspNetCore.CookiePolicy.csproj        |  2 --
 .../Microsoft.Owin.Security.Interop.csproj          |  2 --
 test/Directory.Build.props                          | 12 ++++++++++++
 .../Microsoft.AspNetCore.Authentication.Test.csproj |  7 -------
 .../Microsoft.AspNetCore.Authorization.Test.csproj  |  6 ------
 ...etCore.ChunkingCookieManager.Sources.Test.csproj |  5 -----
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj   |  6 +-----
 .../Microsoft.Owin.Security.Interop.Test.csproj     | 13 +++----------
 31 files changed, 51 insertions(+), 93 deletions(-)
 rename appveyor.yml => .appveyor.yml (100%)
 rename build/common.props => Directory.Build.props (59%)
 create mode 100644 Directory.Build.targets
 create mode 100644 src/Directory.Build.props
 create mode 100644 test/Directory.Build.props

diff --git a/appveyor.yml b/.appveyor.yml
similarity index 100%
rename from appveyor.yml
rename to .appveyor.yml
diff --git a/build/common.props b/Directory.Build.props
similarity index 59%
rename from build/common.props
rename to Directory.Build.props
index ea940214e6..e28500d6bd 100644
--- a/build/common.props
+++ b/Directory.Build.props
@@ -1,20 +1,15 @@
-<Project>
-  <Import Project="dependencies.props" />
-  <Import Project="..\version.xml" />
+<Project>
+  <Import Project="build\dependencies.props" />
+  <Import Project="version.xml" />
 
   <PropertyGroup>
     <Product>Microsoft ASP.NET Core</Product>
     <RepositoryUrl>https://github.com/aspnet/Security</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
-    <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)Key.snk</AssemblyOriginatorKeyFile>
+    <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)build\Key.snk</AssemblyOriginatorKeyFile>
     <SignAssembly>true</SignAssembly>
     <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
     <VersionSuffix Condition="'$(VersionSuffix)'!='' AND '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
-  </ItemGroup>
-
 </Project>
diff --git a/Directory.Build.targets b/Directory.Build.targets
new file mode 100644
index 0000000000..f75adf7e4d
--- /dev/null
+++ b/Directory.Build.targets
@@ -0,0 +1,2 @@
+<Project>
+</Project>
diff --git a/Security.sln b/Security.sln
index 2e5ee56d00..811893c33a 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,14 +1,20 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26621.2
+VisualStudioVersion = 15.0.26730.10
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
+	ProjectSection(SolutionItems) = preProject
+		src\Directory.Build.props = src\Directory.Build.props
+	EndProjectSection
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CookieSample", "samples\CookieSample\CookieSample.csproj", "{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{7BF11F3A-60B6-4796-B504-579C67FFBA34}"
+	ProjectSection(SolutionItems) = preProject
+		test\Directory.Build.props = test\Directory.Build.props
+	EndProjectSection
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SocialSample", "samples\SocialSample\SocialSample.csproj", "{8C73D216-332D-41D8-BFD0-45BC4BC36552}"
 EndProject
@@ -56,8 +62,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Chunki
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{86BD08B1-F978-4F58-9982-2A017807F01C}"
 	ProjectSection(SolutionItems) = preProject
-		build\common.props = build\common.props
 		build\dependencies.props = build\dependencies.props
+		Directory.Build.props = Directory.Build.props
+		Directory.Build.targets = Directory.Build.targets
 		build\Key.snk = build\Key.snk
 		NuGet.config = NuGet.config
 		build\repo.props = build\repo.props
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 64438de77d..52e6efb492 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -1,6 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
-
-  <Import Project="..\..\build\dependencies.props" />
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index cb07f4385b..5cb7e9c09d 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -1,6 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
-
-  <Import Project="..\..\build\dependencies.props" />
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index fe2a5fa9d9..6c9bd99dc9 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,6 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
-
-  <Import Project="..\..\build\dependencies.props" />
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index cd8b6976f2..9ad1abc425 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
-  <Import Project="..\..\build\dependencies.props" />
-
   <PropertyGroup>
     <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index b3d875d474..301828b01e 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
-  <Import Project="..\..\build\dependencies.props" />
-
   <PropertyGroup>
     <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index d35796f759..02f214557e 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
-  <Import Project="..\..\build\dependencies.props" />
-
   <PropertyGroup>
     <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index 36a53b38ae..a0b193b8e2 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -415,7 +415,7 @@ namespace SocialSample
                 }
 
                 await response.WriteAsync("Tokens:<br>");
-                
+
                 await response.WriteAsync("Access Token: " + await context.GetTokenAsync("access_token") + "<br>");
                 await response.WriteAsync("Refresh Token: " + await context.GetTokenAsync("refresh_token") + "<br>");
                 await response.WriteAsync("Token Type: " + await context.GetTokenAsync("token_type") + "<br>");
@@ -426,19 +426,19 @@ namespace SocialSample
             });
         }
 
-        private async Task<OAuthOptions> GetOAuthOptionsAsync(HttpContext context, string currentAuthType)
+        private Task<OAuthOptions> GetOAuthOptionsAsync(HttpContext context, string currentAuthType)
         {
             if (string.Equals(GoogleDefaults.AuthenticationScheme, currentAuthType))
             {
-                return context.RequestServices.GetRequiredService<IOptionsMonitor<GoogleOptions>>().Get(currentAuthType);
+                return Task.FromResult<OAuthOptions>(context.RequestServices.GetRequiredService<IOptionsMonitor<GoogleOptions>>().Get(currentAuthType));
             }
             else if (string.Equals(MicrosoftAccountDefaults.AuthenticationScheme, currentAuthType))
             {
-                return context.RequestServices.GetRequiredService<IOptionsMonitor<MicrosoftAccountOptions>>().Get(currentAuthType);
+                return Task.FromResult<OAuthOptions>(context.RequestServices.GetRequiredService<IOptionsMonitor<MicrosoftAccountOptions>>().Get(currentAuthType));
             }
             else if (string.Equals(FacebookDefaults.AuthenticationScheme, currentAuthType))
             {
-                return context.RequestServices.GetRequiredService<IOptionsMonitor<FacebookOptions>>().Get(currentAuthType);
+                return Task.FromResult<OAuthOptions>(context.RequestServices.GetRequiredService<IOptionsMonitor<FacebookOptions>>().Get(currentAuthType));
             }
 
             throw new NotImplementedException(currentAuthType);
diff --git a/src/Directory.Build.props b/src/Directory.Build.props
new file mode 100644
index 0000000000..d704a37df9
--- /dev/null
+++ b/src/Directory.Build.props
@@ -0,0 +1,7 @@
+<Project>
+  <Import Project="..\Directory.Build.props" />
+
+  <ItemGroup>
+    <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
+  </ItemGroup>
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
index 712aa81772..b188a58e08 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to use cookie based authentication.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index a9ec571996..62aee1367f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Facebook's OAuth 2.0 authentication workflow.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index 805de682fd..de8867f91a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core contains middleware to support Google's OpenId and OAuth 2.0 authentication workflows.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index fe0bda1647..5de668e1a3 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -1,5 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
-  <Import Project="..\..\build\common.props" />
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index 9437b57276..0eddc6f764 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index a15a75ee6f..318c18e743 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -1,6 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <Import Project="..\..\build\common.props" />
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support any standard OAuth 2.0 authentication workflow.</Description>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index ae8ffd8d59..413d5d0257 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -1,5 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
-  <Import Project="..\..\build\common.props" />
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index d9c5cd0b37..f720d08f04 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support Twitter's OAuth 1.0 authentication workflow.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 8a1f970423..8f48bf6854 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core common types used by the various authentication middleware components.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
index 83530a2bed..17a027690d 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core authorization policy helper classes.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
@@ -16,7 +14,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources"  Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 15100fbbcc..01e1dd3149 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -1,6 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <Import Project="..\..\build\common.props" />
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>ASP.NET Core authorization classes.
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 5dc2cd9281..80fd59eb4a 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>ASP.NET Core cookie policy classes to control the behavior of cookies.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index 10a8be30f5..71c07fa140 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <Description>A compatibility layer for sharing authentication tickets between Microsoft.Owin.Security and Microsoft.AspNetCore.Authentication.</Description>
     <TargetFramework>net461</TargetFramework>
diff --git a/test/Directory.Build.props b/test/Directory.Build.props
new file mode 100644
index 0000000000..b9ef98116d
--- /dev/null
+++ b/test/Directory.Build.props
@@ -0,0 +1,12 @@
+<Project>
+  <Import Project="..\Directory.Build.props" />
+
+  <ItemGroup>
+    <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitVersion)" />
+    <PackageReference Include="xunit.analyzers" Version="$(XunitAnalyzersVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+  </ItemGroup>
+</Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index fc73325e0b..7f3e739f33 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
@@ -21,11 +19,6 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit.analyzers" Version="$(XunitAnalyzersVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
-    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 6eb74aeebf..5192ee4fe5 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
@@ -14,12 +12,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
-    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index b578f5dcfa..d75c0a47d2 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
@@ -13,9 +11,6 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
-    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index f513de4b35..96db2b38f3 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -1,6 +1,5 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
   <PropertyGroup>
     <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
     <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
@@ -14,9 +13,6 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
-    <PackageReference Include="xunit" Version="$(XunitVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 14c0aa2f1f..5e1e2eb92c 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -1,7 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <Import Project="..\..\build\common.props" />
-
   <PropertyGroup>
     <TargetFramework>net461</TargetFramework>
   </PropertyGroup>
@@ -9,17 +7,12 @@
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.Owin.Security.Interop\Microsoft.Owin.Security.Interop.csproj" />
-
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
-    <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
-    <PackageReference Include="xunit" Version="$(XunitVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
   </ItemGroup>
 
   <ItemGroup>
-    <Service Include="{82a7f48d-3b50-4b1e-b82e-3ada8210c358}" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
+    <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
   </ItemGroup>
 
 </Project>

From a53bf093a7d86b35e019c80515c92d7626982325 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 29 Aug 2017 15:26:04 -0700
Subject: [PATCH 798/900] Use PackageLineup to manage PackageReference versions

---
 Directory.Build.props                          |  1 -
 Directory.Build.targets                        | 14 +++++++++++++-
 NuGet.config                                   |  1 -
 build/dependencies.props                       | 17 -----------------
 build/repo.props                               |  6 ++++--
 samples/CookieSample/CookieSample.csproj       | 12 ++++++------
 .../CookieSessionSample.csproj                 | 12 ++++++------
 samples/JwtBearerSample/JwtBearerSample.csproj | 12 ++++++------
 .../OpenIdConnect.AzureAdSample.csproj         | 14 +++++++-------
 .../OpenIdConnectSample.csproj                 | 18 +++++++++---------
 samples/SocialSample/SocialSample.csproj       | 18 +++++++++---------
 src/Directory.Build.props                      |  2 +-
 ....AspNetCore.Authentication.JwtBearer.csproj |  8 +++++++-
 ...soft.AspNetCore.Authentication.OAuth.csproj |  5 ++++-
 ...NetCore.Authentication.OpenIdConnect.csproj |  8 +++++++-
 .../Microsoft.AspNetCore.Authentication.csproj | 16 ++++++++--------
 ...soft.AspNetCore.Authorization.Policy.csproj |  4 ++--
 .../Microsoft.AspNetCore.Authorization.csproj  |  4 ++--
 .../Microsoft.AspNetCore.CookiePolicy.csproj   |  4 ++--
 .../Microsoft.Owin.Security.Interop.csproj     |  4 ++--
 test/Directory.Build.props                     | 12 ++++++------
 ...osoft.AspNetCore.Authentication.Test.csproj |  2 +-
 ...rosoft.AspNetCore.Authorization.Test.csproj |  6 +++---
 ...e.ChunkingCookieManager.Sources.Test.csproj |  2 +-
 ...crosoft.AspNetCore.CookiePolicy.Test.csproj |  4 ++--
 ...Microsoft.Owin.Security.Interop.Test.csproj |  6 +++---
 26 files changed, 111 insertions(+), 101 deletions(-)
 delete mode 100644 build/dependencies.props

diff --git a/Directory.Build.props b/Directory.Build.props
index e28500d6bd..2490e42443 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,5 +1,4 @@
 <Project>
-  <Import Project="build\dependencies.props" />
   <Import Project="version.xml" />
 
   <PropertyGroup>
diff --git a/Directory.Build.targets b/Directory.Build.targets
index f75adf7e4d..bc118fd907 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -1,2 +1,14 @@
-<Project>
+<Project InitialTargets="EnsureKoreBuildRestored">
+  <Target Name="EnsureKoreBuildRestored" Condition=" '$(KoreBuildRestoreTargetsImported)' != 'true' AND '$(MSBuildProjectName)' != 'BenchmarkDotNet.Autogenerated'">
+    <PropertyGroup>
+      <_BootstrapperFile Condition=" $([MSBuild]::IsOSUnixLike()) ">build.sh</_BootstrapperFile>
+      <_BootstrapperFile Condition="! $([MSBuild]::IsOSUnixLike()) ">build.cmd</_BootstrapperFile>
+      <_BootstrapperError>
+        Package references have not been pinned. Run './$(_BootstrapperFile) /t:Pin'.
+        Also, you can run './$(_BootstrapperFile) /t:Restore' which will pin *and* restore packages. '$(_BootstrapperFile)' can be found in '$(MSBuildThisFileDirectory)'.
+      </_BootstrapperError>
+    </PropertyGroup>
+
+    <Error Code="KRB1001" Text="$(_BootstrapperError.Trim())" />
+  </Target>
 </Project>
diff --git a/NuGet.config b/NuGet.config
index 4e8a1f6de1..20060c934e 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -3,7 +3,6 @@
   <packageSources>
     <clear />
     <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
-    <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/build/dependencies.props b/build/dependencies.props
deleted file mode 100644
index 0f73dd1b42..0000000000
--- a/build/dependencies.props
+++ /dev/null
@@ -1,17 +0,0 @@
-<Project>
-  <PropertyGroup>
-    <AspNetCoreVersion>2.1.0-*</AspNetCoreVersion>
-    <CoreFxVersion>4.4.0-*</CoreFxVersion>
-    <IdentityModelActiveDirectoryVersion>3.14.1</IdentityModelActiveDirectoryVersion>
-    <IdentityModelOpenIdVersion>2.1.4</IdentityModelOpenIdVersion>
-    <InternalAspNetCoreSdkVersion>2.1.1-*</InternalAspNetCoreSdkVersion>
-    <JsonNetVersion>10.0.1</JsonNetVersion>
-    <NETStandardImplicitPackageVersion>2.0.0-*</NETStandardImplicitPackageVersion>
-    <NETStandardLibraryNETFrameworkVersion>2.0.0-*</NETStandardLibraryNETFrameworkVersion>
-    <OwinVersion>3.0.1</OwinVersion>
-    <RuntimeFrameworkVersion Condition="'$(TargetFramework)'=='netcoreapp2.0'">2.0.0-*</RuntimeFrameworkVersion>
-    <TestSdkVersion>15.3.0</TestSdkVersion>
-    <XunitAnalyzersVersion>0.6.1</XunitAnalyzersVersion>
-    <XunitVersion>2.3.0-beta4-build3742</XunitVersion>
-  </PropertyGroup>
-</Project>
diff --git a/build/repo.props b/build/repo.props
index d4bab3eebd..7866974bc2 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,5 +1,7 @@
-<Project>
+<Project>
   <ItemGroup>
-    <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'"/>
+    <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'" />
+    <PackageLineup Include="Internal.AspNetCore.Universe.Lineup" Version="2.1.0-*" />
+    <PackageLineup Include="Internal.AspNetCore.Partners.Lineup" Version="2.1.0-*" />
   </ItemGroup>
 </Project>
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 52e6efb492..34af273c47 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -9,12 +9,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Hosting" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index 5cb7e9c09d..6e6bd0e796 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -9,12 +9,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
+    <PackageReference Include="Microsoft.Extensions.Caching.Memory" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 6c9bd99dc9..2b3f9c3c98 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -10,12 +10,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
+    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 9ad1abc425..64d90423ba 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -11,13 +11,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(IdentityModelActiveDirectoryVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
+    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 301828b01e..bc54cbf3df 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -15,15 +15,15 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 02f214557e..a1706f4d1f 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -22,15 +22,15 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Directory.Build.props b/src/Directory.Build.props
index d704a37df9..9d9a3de33a 100644
--- a/src/Directory.Build.props
+++ b/src/Directory.Build.props
@@ -2,6 +2,6 @@
   <Import Project="..\Directory.Build.props" />
 
   <ItemGroup>
-    <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
+    <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 5de668e1a3..8526fcd397 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -1,4 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
+
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
@@ -6,8 +7,13 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
   </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />
+  </ItemGroup>
+
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index 318c18e743..a7af0b7f3f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -10,7 +10,10 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
-    <PackageReference Include="Newtonsoft.Json" Version="$(JsonNetVersion)" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Newtonsoft.Json" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 413d5d0257..a8f0077488 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -1,4 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
+
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the OpenID Connect authentication workflow.</Description>
     <TargetFramework>netstandard2.0</TargetFramework>
@@ -6,8 +7,13 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Authentication.OAuth\Microsoft.AspNetCore.Authentication.OAuth.csproj" />
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelOpenIdVersion)" />
   </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />
+  </ItemGroup>
+
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 8f48bf6854..a156fa549f 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -9,14 +9,14 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Core" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" />
+    <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
+    <PackageReference Include="Microsoft.Extensions.Options" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.Extensions.WebEncoders" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
index 17a027690d..087645ee02 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -13,8 +13,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" PrivateAssets="All" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 01e1dd3149..3b2ada85f9 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -13,8 +13,8 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
+    <PackageReference Include="Microsoft.Extensions.Options" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 80fd59eb4a..c6021e012a 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Options" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" />
+    <PackageReference Include="Microsoft.Extensions.Options" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index 71c07fa140..67f8c94209 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Owin.Security" Version="$(OwinVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" />
+    <PackageReference Include="Microsoft.Owin.Security" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Directory.Build.props b/test/Directory.Build.props
index b9ef98116d..724f34b0bb 100644
--- a/test/Directory.Build.props
+++ b/test/Directory.Build.props
@@ -2,11 +2,11 @@
   <Import Project="..\Directory.Build.props" />
 
   <ItemGroup>
-    <PackageReference Include="Internal.AspNetCore.Sdk" Version="$(InternalAspNetCoreSdkVersion)" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
-    <PackageReference Include="xunit" Version="$(XunitVersion)" />
-    <PackageReference Include="xunit.analyzers" Version="$(XunitAnalyzersVersion)" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitVersion)" />
+    <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.AspNetCore.Testing" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" />
+    <PackageReference Include="xunit" />
+    <PackageReference Include="xunit.analyzers" />
+    <PackageReference Include="xunit.runner.visualstudio" />
   </ItemGroup>
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 7f3e739f33..ae8789e11b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -18,7 +18,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 5192ee4fe5..b133522f09 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -11,9 +11,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.Logging" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
+    <PackageReference Include="Microsoft.Extensions.Logging" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index d75c0a47d2..49bbbd91fe 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -10,7 +10,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index 96db2b38f3..7d50d86a31 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -11,8 +11,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 5e1e2eb92c..779d8c141f 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -10,9 +10,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(OwinVersion)" />
-    <PackageReference Include="Microsoft.Owin.Testing" Version="$(OwinVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" />
+    <PackageReference Include="Microsoft.Owin.Security.Cookies" />
+    <PackageReference Include="Microsoft.Owin.Testing" />
   </ItemGroup>
 
 </Project>

From 863846bb2a0bfd77a47ccb7726d57ab376020766 Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Thu, 14 Sep 2017 10:59:59 -0700
Subject: [PATCH 799/900] Cleanup resx (#1424)

---
 .../Properties/Resources.Designer.cs          |  6 ++--
 .../Properties/Resources.Designer.cs          | 12 +++----
 .../Properties/Resources.Designer.cs          | 12 +++----
 .../Properties/Resources.Designer.cs          | 18 ++++------
 .../Properties/Resources.Designer.cs          | 12 +++----
 .../Properties/Resources.Designer.cs          | 36 +++++++------------
 .../Properties/Resources.Designer.cs          | 12 +++----
 .../Properties/Resources.Designer.cs          | 24 +++++--------
 .../Properties/Resources.Designer.cs          | 18 ++++------
 9 files changed, 50 insertions(+), 100 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
index a3a2f28745..655da24a30 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
@@ -15,16 +15,14 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         /// </summary>
         internal static string Exception_OptionMustBeProvided
         {
-            get { return GetString("Exception_OptionMustBeProvided"); }
+            get => GetString("Exception_OptionMustBeProvided");
         }
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string FormatException_OptionMustBeProvided(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
index 690c5a2803..03448b408c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
@@ -15,32 +15,28 @@ namespace Microsoft.AspNetCore.Authentication.Google
         /// </summary>
         internal static string Exception_OptionMustBeProvided
         {
-            get { return GetString("Exception_OptionMustBeProvided"); }
+            get => GetString("Exception_OptionMustBeProvided");
         }
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string FormatException_OptionMustBeProvided(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string Exception_ValidatorHandlerMismatch
         {
-            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+            get => GetString("Exception_ValidatorHandlerMismatch");
         }
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string FormatException_ValidatorHandlerMismatch()
-        {
-            return GetString("Exception_ValidatorHandlerMismatch");
-        }
+            => GetString("Exception_ValidatorHandlerMismatch");
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
index ef1d784f22..e95b8e061b 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
@@ -15,32 +15,28 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
         /// </summary>
         internal static string Exception_OptionMustBeProvided
         {
-            get { return GetString("Exception_OptionMustBeProvided"); }
+            get => GetString("Exception_OptionMustBeProvided");
         }
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string FormatException_OptionMustBeProvided(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string Exception_ValidatorHandlerMismatch
         {
-            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+            get => GetString("Exception_ValidatorHandlerMismatch");
         }
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string FormatException_ValidatorHandlerMismatch()
-        {
-            return GetString("Exception_ValidatorHandlerMismatch");
-        }
+            => GetString("Exception_ValidatorHandlerMismatch");
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
index 618d143eed..7ef5acecb2 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
@@ -15,48 +15,42 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
         /// </summary>
         internal static string Exception_MissingId
         {
-            get { return GetString("Exception_MissingId"); }
+            get => GetString("Exception_MissingId");
         }
 
         /// <summary>
         /// The user does not have an id.
         /// </summary>
         internal static string FormatException_MissingId()
-        {
-            return GetString("Exception_MissingId");
-        }
+            => GetString("Exception_MissingId");
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string Exception_OptionMustBeProvided
         {
-            get { return GetString("Exception_OptionMustBeProvided"); }
+            get => GetString("Exception_OptionMustBeProvided");
         }
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string FormatException_OptionMustBeProvided(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string Exception_ValidatorHandlerMismatch
         {
-            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+            get => GetString("Exception_ValidatorHandlerMismatch");
         }
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string FormatException_ValidatorHandlerMismatch()
-        {
-            return GetString("Exception_ValidatorHandlerMismatch");
-        }
+            => GetString("Exception_ValidatorHandlerMismatch");
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
index 00c7b848b5..5a38ade0b9 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
@@ -15,32 +15,28 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         /// </summary>
         internal static string Exception_OptionMustBeProvided
         {
-            get { return GetString("Exception_OptionMustBeProvided"); }
+            get => GetString("Exception_OptionMustBeProvided");
         }
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string FormatException_OptionMustBeProvided(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string Exception_ValidatorHandlerMismatch
         {
-            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+            get => GetString("Exception_ValidatorHandlerMismatch");
         }
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string FormatException_ValidatorHandlerMismatch()
-        {
-            return GetString("Exception_ValidatorHandlerMismatch");
-        }
+            => GetString("Exception_ValidatorHandlerMismatch");
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
index 65a9273a0d..753373ece4 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
@@ -15,96 +15,84 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         internal static string MessageStateIsNullOrEmpty
         {
-            get { return GetString("MessageStateIsNullOrEmpty"); }
+            get => GetString("MessageStateIsNullOrEmpty");
         }
 
         /// <summary>
         /// OpenIdConnectAuthenticationHandler: message.State is null or empty.
         /// </summary>
         internal static string FormatMessageStateIsNullOrEmpty()
-        {
-            return GetString("MessageStateIsNullOrEmpty");
-        }
+            => GetString("MessageStateIsNullOrEmpty");
 
         /// <summary>
         /// Unable to unprotect the message.State.
         /// </summary>
         internal static string MessageStateIsInvalid
         {
-            get { return GetString("MessageStateIsInvalid"); }
+            get => GetString("MessageStateIsInvalid");
         }
 
         /// <summary>
         /// Unable to unprotect the message.State.
         /// </summary>
         internal static string FormatMessageStateIsInvalid()
-        {
-            return GetString("MessageStateIsInvalid");
-        }
+            => GetString("MessageStateIsInvalid");
 
         /// <summary>
         /// Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
         /// </summary>
         internal static string MessageContainsError
         {
-            get { return GetString("MessageContainsError"); }
+            get => GetString("MessageContainsError");
         }
 
         /// <summary>
         /// Message contains error: '{0}', error_description: '{1}', error_uri: '{2}'.
         /// </summary>
         internal static string FormatMessageContainsError(object p0, object p1, object p2)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("MessageContainsError"), p0, p1, p2);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("MessageContainsError"), p0, p1, p2);
 
         /// <summary>
         /// The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'.
         /// </summary>
         internal static string ValidatedSecurityTokenNotJwt
         {
-            get { return GetString("ValidatedSecurityTokenNotJwt"); }
+            get => GetString("ValidatedSecurityTokenNotJwt");
         }
 
         /// <summary>
         /// The Validated Security Token must be of type JwtSecurityToken, but instead its type is: '{0}'.
         /// </summary>
         internal static string FormatValidatedSecurityTokenNotJwt(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("ValidatedSecurityTokenNotJwt"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("ValidatedSecurityTokenNotJwt"), p0);
 
         /// <summary>
         /// Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
         /// </summary>
         internal static string UnableToValidateToken
         {
-            get { return GetString("UnableToValidateToken"); }
+            get => GetString("UnableToValidateToken");
         }
 
         /// <summary>
         /// Unable to validate the 'id_token', no suitable ISecurityTokenValidator was found for: '{0}'."
         /// </summary>
         internal static string FormatUnableToValidateToken(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("UnableToValidateToken"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("UnableToValidateToken"), p0);
 
         /// <summary>
         /// Cannot process the message. Both id_token and code are missing.
         /// </summary>
         internal static string IdTokenCodeMissing
         {
-            get { return GetString("IdTokenCodeMissing"); }
+            get => GetString("IdTokenCodeMissing");
         }
 
         /// <summary>
         /// Cannot process the message. Both id_token and code are missing.
         /// </summary>
         internal static string FormatIdTokenCodeMissing()
-        {
-            return GetString("IdTokenCodeMissing");
-        }
+            => GetString("IdTokenCodeMissing");
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
index d60c2fc734..2eabfff298 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
@@ -15,32 +15,28 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
         /// </summary>
         internal static string Exception_OptionMustBeProvided
         {
-            get { return GetString("Exception_OptionMustBeProvided"); }
+            get => GetString("Exception_OptionMustBeProvided");
         }
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string FormatException_OptionMustBeProvided(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string Exception_ValidatorHandlerMismatch
         {
-            get { return GetString("Exception_ValidatorHandlerMismatch"); }
+            get => GetString("Exception_ValidatorHandlerMismatch");
         }
 
         /// <summary>
         /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
         /// </summary>
         internal static string FormatException_ValidatorHandlerMismatch()
-        {
-            return GetString("Exception_ValidatorHandlerMismatch");
-        }
+            => GetString("Exception_ValidatorHandlerMismatch");
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
index 11e2e45868..4f3f147e00 100644
--- a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
@@ -15,64 +15,56 @@ namespace Microsoft.AspNetCore.Authentication
         /// </summary>
         internal static string Exception_DefaultDpapiRequiresAppNameKey
         {
-            get { return GetString("Exception_DefaultDpapiRequiresAppNameKey"); }
+            get => GetString("Exception_DefaultDpapiRequiresAppNameKey");
         }
 
         /// <summary>
         /// The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.
         /// </summary>
         internal static string FormatException_DefaultDpapiRequiresAppNameKey()
-        {
-            return GetString("Exception_DefaultDpapiRequiresAppNameKey");
-        }
+            => GetString("Exception_DefaultDpapiRequiresAppNameKey");
 
         /// <summary>
         /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
         /// </summary>
         internal static string Exception_UnhookAuthenticationStateType
         {
-            get { return GetString("Exception_UnhookAuthenticationStateType"); }
+            get => GetString("Exception_UnhookAuthenticationStateType");
         }
 
         /// <summary>
         /// The state passed to UnhookAuthentication may only be the return value from HookAuthentication.
         /// </summary>
         internal static string FormatException_UnhookAuthenticationStateType()
-        {
-            return GetString("Exception_UnhookAuthenticationStateType");
-        }
+            => GetString("Exception_UnhookAuthenticationStateType");
 
         /// <summary>
         /// The AuthenticationTokenProvider's required synchronous events have not been registered.
         /// </summary>
         internal static string Exception_AuthenticationTokenDoesNotProvideSyncMethods
         {
-            get { return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods"); }
+            get => GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods");
         }
 
         /// <summary>
         /// The AuthenticationTokenProvider's required synchronous events have not been registered.
         /// </summary>
         internal static string FormatException_AuthenticationTokenDoesNotProvideSyncMethods()
-        {
-            return GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods");
-        }
+            => GetString("Exception_AuthenticationTokenDoesNotProvideSyncMethods");
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string Exception_OptionMustBeProvided
         {
-            get { return GetString("Exception_OptionMustBeProvided"); }
+            get => GetString("Exception_OptionMustBeProvided");
         }
 
         /// <summary>
         /// The '{0}' option must be provided.
         /// </summary>
         internal static string FormatException_OptionMustBeProvided(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
         private static string GetString(string name, params string[] formatterNames)
         {
diff --git a/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
index 116001e659..c83fa9ea5e 100644
--- a/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
@@ -15,48 +15,42 @@ namespace Microsoft.AspNetCore.Authorization
         /// </summary>
         internal static string Exception_AuthorizationPolicyEmpty
         {
-            get { return GetString("Exception_AuthorizationPolicyEmpty"); }
+            get => GetString("Exception_AuthorizationPolicyEmpty");
         }
 
         /// <summary>
         /// AuthorizationPolicy must have at least one requirement.
         /// </summary>
         internal static string FormatException_AuthorizationPolicyEmpty()
-        {
-            return GetString("Exception_AuthorizationPolicyEmpty");
-        }
+            => GetString("Exception_AuthorizationPolicyEmpty");
 
         /// <summary>
         /// The AuthorizationPolicy named: '{0}' was not found.
         /// </summary>
         internal static string Exception_AuthorizationPolicyNotFound
         {
-            get { return GetString("Exception_AuthorizationPolicyNotFound"); }
+            get => GetString("Exception_AuthorizationPolicyNotFound");
         }
 
         /// <summary>
         /// The AuthorizationPolicy named: '{0}' was not found.
         /// </summary>
         internal static string FormatException_AuthorizationPolicyNotFound(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyNotFound"), p0);
-        }
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_AuthorizationPolicyNotFound"), p0);
 
         /// <summary>
         /// At least one role must be specified.
         /// </summary>
         internal static string Exception_RoleRequirementEmpty
         {
-            get { return GetString("Exception_RoleRequirementEmpty"); }
+            get => GetString("Exception_RoleRequirementEmpty");
         }
 
         /// <summary>
         /// At least one role must be specified.
         /// </summary>
         internal static string FormatException_RoleRequirementEmpty()
-        {
-            return GetString("Exception_RoleRequirementEmpty");
-        }
+            => GetString("Exception_RoleRequirementEmpty");
 
         private static string GetString(string name, params string[] formatterNames)
         {

From b9d9418f6d4fecd8e3b0c60538bb985c15e31fcc Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Fri, 15 Sep 2017 14:22:03 -0700
Subject: [PATCH 800/900] Block SignInScheme = self

---
 .../AuthenticationBuilder.cs                  |  8 +++-
 .../Properties/Resources.Designer.cs          | 14 ++++++
 .../Resources.resx                            |  3 ++
 .../FacebookTests.cs                          | 48 +++++++++++++++++++
 .../GoogleTests.cs                            | 15 +++++-
 .../MicrosoftAccountTests.cs                  | 13 +++++
 .../OAuthTests.cs                             | 21 ++++++++
 .../OpenIdConnectConfigurationTests.cs        | 15 +++++-
 .../TwitterTests.cs                           | 13 +++++
 9 files changed, 145 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
index c29bdeae29..54b4818851 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
@@ -84,7 +84,7 @@ namespace Microsoft.AspNetCore.Authentication
             return AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureOptions: configureOptions);
         }
 
-        // Used to ensure that there's always a default data protection provider
+        // Used to ensure that there's always a default sign in scheme that's not itself
         private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
         {
             private readonly AuthenticationOptions _authOptions;
@@ -96,7 +96,11 @@ namespace Microsoft.AspNetCore.Authentication
 
             public void PostConfigure(string name, TOptions options)
             {
-                options.SignInScheme = options.SignInScheme ?? _authOptions.DefaultSignInScheme;
+                options.SignInScheme = options.SignInScheme ?? _authOptions.DefaultSignInScheme ?? _authOptions.DefaultScheme;
+                if (string.Equals(options.SignInScheme, name, StringComparison.Ordinal))
+                {
+                    throw new InvalidOperationException(Resources.Exception_RemoteSignInSchemeCannotBeSelf);
+                }
             }
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
index 4f3f147e00..b1941a7dca 100644
--- a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
@@ -66,6 +66,20 @@ namespace Microsoft.AspNetCore.Authentication
         internal static string FormatException_OptionMustBeProvided(object p0)
             => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
 
+        /// <summary>
+        /// The SignInScheme for a remote authentication handler cannot be set to itself.  If it was not explicitly set, the AuthenticationOptions.DefaultSignInScheme or DefaultScheme is used.
+        /// </summary>
+        internal static string Exception_RemoteSignInSchemeCannotBeSelf
+        {
+            get => GetString("Exception_RemoteSignInSchemeCannotBeSelf");
+        }
+
+        /// <summary>
+        /// The SignInScheme for a remote authentication handler cannot be set to itself.  If it was not explicitly set, the AuthenticationOptions.DefaultSignInScheme or DefaultScheme is used.
+        /// </summary>
+        internal static string FormatException_RemoteSignInSchemeCannotBeSelf()
+            => GetString("Exception_RemoteSignInSchemeCannotBeSelf");
+
         private static string GetString(string name, params string[] formatterNames)
         {
             var value = _resourceManager.GetString(name);
diff --git a/src/Microsoft.AspNetCore.Authentication/Resources.resx b/src/Microsoft.AspNetCore.Authentication/Resources.resx
index 54d22bcc94..9e831dc74f 100644
--- a/src/Microsoft.AspNetCore.Authentication/Resources.resx
+++ b/src/Microsoft.AspNetCore.Authentication/Resources.resx
@@ -129,4 +129,7 @@
   <data name="Exception_OptionMustBeProvided" xml:space="preserve">
     <value>The '{0}' option must be provided.</value>
   </data>
+  <data name="Exception_RemoteSignInSchemeCannotBeSelf" xml:space="preserve">
+    <value>The SignInScheme for a remote authentication handler cannot be set to itself.  If it was not explicitly set, the AuthenticationOptions.DefaultSignInScheme or DefaultScheme is used.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 75de0652e4..81373403bd 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -24,6 +24,54 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     public class FacebookTests
     {
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelf()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = FacebookDefaults.AuthenticationScheme),
+                context => 
+                {
+                    // Gross
+                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    return true;
+                });
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelfUsingDefaultScheme()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddAuthentication(o => o.DefaultScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(),
+                context =>
+                {
+                    // Gross
+                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    return true;
+                });
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelfUsingDefaultSignInScheme()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddAuthentication(o => o.DefaultSignInScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(),
+                context =>
+                {
+                    // Gross
+                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    return true;
+                });
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
         [Fact]
         public async Task VerifySchemeDefaults()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index f1038bb51d..8f2cc52f91 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -15,10 +15,8 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
-using Microsoft.Extensions.Options;
 using Newtonsoft.Json;
 using Xunit;
 
@@ -26,6 +24,19 @@ namespace Microsoft.AspNetCore.Authentication.Google
 {
     public class GoogleTests
     {
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelf()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.SignInScheme = GoogleDefaults.AuthenticationScheme;
+            });
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
         [Fact]
         public async Task VerifySchemeDefaults()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index 2e249a833a..b2854e344e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -27,6 +27,19 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
 {
     public class MicrosoftAccountTests
     {
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelf()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.SignInScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+            });
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
         [Fact]
         public async Task VerifySchemeDefaults()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index aeb313daa3..30c33eb1d7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -16,6 +16,27 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     public class OAuthTests
     {
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelf()
+        {
+            var server = CreateServer(
+                app => { },
+                services => services.AddAuthentication().AddOAuth("weeblie", o =>
+                {
+                    o.SignInScheme = "weeblie";
+                    o.ClientId = "whatever";
+                    o.ClientSecret = "whatever";
+                }),
+                context =>
+                {
+                    // REVIEW: Gross.
+                    context.ChallengeAsync("weeblie").GetAwaiter().GetResult();
+                    return true;
+                });
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
         [Fact]
         public async Task VerifySchemeDefaults()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index 74f00c8f95..d0d1c26096 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -8,7 +8,6 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
-using Microsoft.AspNetCore.Testing.xunit;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
 
@@ -46,6 +45,20 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
+        [Fact]
+        public Task ThrowsWhenSignInSchemeIsSetToSelf()
+        {
+            return TestConfigurationException<InvalidOperationException>(
+                o =>
+                {
+                    o.SignInScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                    o.Authority = TestServerBuilder.DefaultAuthority;
+                    o.ClientId = "Test Id";
+                    o.ClientSecret = "Test Secret";
+                },
+                ex => Assert.Contains("cannot be set to itself", ex.Message));
+        }
+
         [Fact]
         public Task ThrowsWhenClientIdIsMissing()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 746dfee6ab..6c661af45c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -17,6 +17,19 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     public class TwitterTests
     {
+        [Fact]
+        public async Task VerifySignInSchemeCannotBeSetToSelf()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+                o.SignInScheme = TwitterDefaults.AuthenticationScheme;
+            });
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+            Assert.Contains("cannot be set to itself", error.Message);
+        }
+
         [Fact]
         public async Task VerifySchemeDefaults()
         {

From eff1b42d6e4c90f6173ce5643a3f12b000206158 Mon Sep 17 00:00:00 2001
From: Anders Abel <anders@abel.nu>
Date: Sat, 16 Sep 2017 19:41:52 +0200
Subject: [PATCH 801/900] Fix comment (#1436)

Fix comment, it's setting sign in scheme (old left-over from copy-paste?)
---
 .../AuthenticationServiceCollectionExtensions.cs                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index e1beea7b6e..38fa47857a 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -85,7 +85,7 @@ namespace Microsoft.Extensions.DependencyInjection
             return services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
         }
 
-        // Used to ensure that there's always a default data protection provider
+        // Used to ensure that there's always a sign in scheme
         private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
         {
             private readonly AuthenticationOptions _authOptions;

From 241880eadc0216918b1f879b403567ff6cb4d03c Mon Sep 17 00:00:00 2001
From: agoretsky <agoretsky15@gmail.com>
Date: Tue, 19 Sep 2017 19:14:49 +0300
Subject: [PATCH 802/900] Minor improvements (#1403)

* Fixed exception overwriting due to possible NullReferenceException

* Removed unused local variables
---
 .../CookieAuthenticationHandler.cs                           | 5 ++---
 .../RemoteAuthenticationHandler.cs                           | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 996c334a73..754c91f1e8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -132,7 +132,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
 
             var currentUtc = Clock.UtcNow;
-            var issuedUtc = ticket.Properties.IssuedUtc;
             var expiresUtc = ticket.Properties.ExpiresUtc;
 
             if (expiresUtc != null && expiresUtc.Value < currentUtc)
@@ -246,7 +245,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             _signInCalled = true;
 
             // Process the request cookie to initialize members like _sessionKey.
-            var result = await EnsureCookieTicket();
+            await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
 
             var signInContext = new CookieSigningInContext(
@@ -328,7 +327,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             _signOutCalled = true;
 
             // Process the request cookie to initialize members like _sessionKey.
-            var ticket = await EnsureCookieTicket();
+            await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
             if (Options.SessionStore != null && _sessionKey != null)
             {
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index bcd5983642..1134566d88 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -70,7 +70,7 @@ namespace Microsoft.AspNetCore.Authentication
                                 new InvalidOperationException("Invalid return state, unable to redirect.");
                 }
 
-                ticket = authResult.Ticket;
+                ticket = authResult?.Ticket;
             }
             catch (Exception ex)
             {

From 1367a5d3858d4446c126940fe5c26267d0ac2512 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 14 Sep 2017 14:57:40 -0700
Subject: [PATCH 803/900] Make all handlers public

---
 .../FacebookHandler.cs                                          | 2 +-
 src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs | 2 +-
 .../JwtBearerHandler.cs                                         | 2 +-
 .../MicrosoftAccountHandler.cs                                  | 2 +-
 .../TwitterHandler.cs                                           | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 9004fc09cd..db664e2ee1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -16,7 +16,7 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Facebook
 {
-    internal class FacebookHandler : OAuthHandler<FacebookOptions>
+    public class FacebookHandler : OAuthHandler<FacebookOptions>
     {
         public FacebookHandler(IOptionsMonitor<FacebookOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 7a2e1a2d14..155691a4ba 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -16,7 +16,7 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Google
 {
-    internal class GoogleHandler : OAuthHandler<GoogleOptions>
+    public class GoogleHandler : OAuthHandler<GoogleOptions>
     {
         public GoogleHandler(IOptionsMonitor<GoogleOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index 9cf73182ba..f894a97d0c 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -18,7 +18,7 @@ using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
-    internal class JwtBearerHandler : AuthenticationHandler<JwtBearerOptions>
+    public class JwtBearerHandler : AuthenticationHandler<JwtBearerOptions>
     {
         private OpenIdConnectConfiguration _configuration;
 
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 8204bf07b9..f4c06300c2 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -13,7 +13,7 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
 {
-    internal class MicrosoftAccountHandler : OAuthHandler<MicrosoftAccountOptions>
+    public class MicrosoftAccountHandler : OAuthHandler<MicrosoftAccountOptions>
     {
         public MicrosoftAccountHandler(IOptionsMonitor<MicrosoftAccountOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 1e1dd08d87..e8a961df39 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -19,7 +19,7 @@ using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
 {
-    internal class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
+    public class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
     {
         private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
         private const string RequestTokenEndpoint = "https://api.twitter.com/oauth/request_token";

From 648bb1e8101beb6d0f2d8069a0b57e165318a52a Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 19 Sep 2017 16:46:39 -0700
Subject: [PATCH 804/900] Obsolete old AddSchemes

---
 .../AuthenticationServiceCollectionExtensions.cs             | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 38fa47857a..b274eaace4 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -46,7 +46,7 @@ namespace Microsoft.Extensions.DependencyInjection
             return builder;
         }
 
-        // REMOVE below once callers have been updated
+        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
         public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<AuthenticationSchemeBuilder> configureScheme, Action<TOptions> configureOptions)
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
@@ -67,16 +67,19 @@ namespace Microsoft.Extensions.DependencyInjection
             return services;
         }
 
+        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
         public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
             => services.AddScheme<TOptions, THandler>(authenticationScheme, displayName: null, configureScheme: null, configureOptions: configureOptions);
 
+        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
         public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
             => services.AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureScheme: null, configureOptions: configureOptions);
 
+        [Obsolete("AddScheme is obsolete. Use AddAuthentication().AddScheme instead.")]
         public static IServiceCollection AddRemoteScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
             where TOptions : RemoteAuthenticationOptions, new()
             where THandler : RemoteAuthenticationHandler<TOptions>

From 31dd4ebd9c0c26fc9592aa08d7fb3804bf34011b Mon Sep 17 00:00:00 2001
From: Justin Kotalik <jukotali@microsoft.com>
Date: Thu, 21 Sep 2017 17:58:29 -0700
Subject: [PATCH 805/900] Increase Minimum Version of Visual Studio to 15.3.0

---
 Security.sln | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Security.sln b/Security.sln
index 811893c33a..f88d8576b3 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,7 +1,7 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
 VisualStudioVersion = 15.0.26730.10
-MinimumVisualStudioVersion = 10.0.40219.1
+MinimumVisualStudioVersion = 15.0.26730.03
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 	ProjectSection(SolutionItems) = preProject
 		src\Directory.Build.props = src\Directory.Build.props

From 13fdbac48fabd723aed7819669d7f9c5bb8e3da2 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Thu, 21 Sep 2017 12:28:24 -0700
Subject: [PATCH 806/900]  #942 Add the SignedOutCallbackRedirect event for
 OIDC

---
 .../Events/OpenIdConnectEvents.cs             |    7 +
 .../LoggingExtensions.cs                      |   20 +
 .../OpenIdConnectHandler.cs                   |   44 +-
 .../RemoteAuthenticationHandler.cs            |    4 +
 .../OpenIdConnect/OpenIdConnectEventTests.cs  | 1151 ++++++++---------
 5 files changed, 643 insertions(+), 583 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index d8467be8d7..2a48d250bb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -38,6 +38,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         public Func<RedirectContext, Task> OnRedirectToIdentityProviderForSignOut { get; set; } = context => Task.CompletedTask;
 
+        /// <summary>
+        /// Invoked before redirecting to the <see cref="OpenIdConnectOptions.SignedOutRedirectUri"/> at the end of a remote sign-out flow.
+        /// </summary>
+        public Func<RemoteSignOutContext, Task> OnSignedOutCallbackRedirect { get; set; } = context => Task.CompletedTask;
+
         /// <summary>
         /// Invoked when a request is received on the RemoteSignOutPath.
         /// </summary>
@@ -68,6 +73,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
         public virtual Task RedirectToIdentityProviderForSignOut(RedirectContext context) => OnRedirectToIdentityProviderForSignOut(context);
 
+        public virtual Task SignedOutCallbackRedirect(RemoteSignOutContext context) => OnSignedOutCallbackRedirect(context);
+
         public virtual Task RemoteSignOut(RemoteSignOutContext context) => OnRemoteSignOut(context);
 
         public virtual Task TokenResponseReceived(TokenResponseReceivedContext context) => OnTokenResponseReceived(context);
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
index 458cfd73ee..224af87b6f 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
@@ -9,6 +9,8 @@ namespace Microsoft.Extensions.Logging
     {
         private static Action<ILogger, Exception> _redirectToIdentityProviderForSignOutHandledResponse;
         private static Action<ILogger, Exception> _redirectToIdentityProviderHandledResponse;
+        private static Action<ILogger, Exception> _signoutCallbackRedirectHandledResponse;
+        private static Action<ILogger, Exception> _signoutCallbackRedirectSkipped;
         private static Action<ILogger, Exception> _updatingConfiguration;
         private static Action<ILogger, Exception> _receivedIdToken;
         private static Action<ILogger, Exception> _redeemingCodeForTokens;
@@ -248,6 +250,14 @@ namespace Microsoft.Extensions.Logging
                  eventId: 49,
                  logLevel: LogLevel.Information,
                  formatString: "AuthenticationScheme: {AuthenticationScheme} signed out.");
+            _signoutCallbackRedirectHandledResponse = LoggerMessage.Define(
+                eventId: 50,
+                logLevel: LogLevel.Debug,
+                formatString: "RedirectToSignedOutRedirectUri.HandledResponse");
+            _signoutCallbackRedirectSkipped = LoggerMessage.Define(
+                eventId: 51,
+                logLevel: LogLevel.Debug,
+                formatString: "RedirectToSignedOutRedirectUri.Skipped");
         }
 
         public static void UpdatingConfiguration(this ILogger logger)
@@ -345,6 +355,16 @@ namespace Microsoft.Extensions.Logging
             _redirectToIdentityProviderHandledResponse(logger, null);
         }
 
+        public static void SignoutCallbackRedirectHandledResponse(this ILogger logger)
+        {
+            _signoutCallbackRedirectHandledResponse(logger, null);
+        }
+
+        public static void SignoutCallbackRedirectSkipped(this ILogger logger)
+        {
+            _signoutCallbackRedirectSkipped(logger, null);
+        }
+
         public static void UserInformationReceivedHandledResponse(this ILogger logger)
         {
             _userInformationReceivedHandledResponse(logger, null);
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 65e1e1951e..bf365ceca0 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -122,6 +122,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     Logger.RemoteSignOutSkipped();
                     return false;
                 }
+                if (remoteSignOutContext.Result.Failure != null)
+                {
+                    throw new InvalidOperationException("An error was returned from the RemoteSignOut event.", remoteSignOutContext.Result.Failure);
+                }
             }
 
             if (message == null)
@@ -273,18 +277,46 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// Response to the callback from OpenId provider after session ended.
         /// </summary>
         /// <returns>A task executing the callback procedure</returns>
-        protected virtual Task<bool> HandleSignOutCallbackAsync()
+        protected async virtual Task<bool> HandleSignOutCallbackAsync()
         {
-            if (Request.Query.TryGetValue(OpenIdConnectParameterNames.State, out StringValues protectedState))
+            var message = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
+            AuthenticationProperties properties = null;
+            if (!string.IsNullOrEmpty(message.State))
             {
-                var properties = Options.StateDataFormat.Unprotect(protectedState);
-                if (!string.IsNullOrEmpty(properties?.RedirectUri))
+                properties = Options.StateDataFormat.Unprotect(message.State);
+            }
+
+            var signOut = new RemoteSignOutContext(Context, Scheme, Options, message)
+            {
+                Properties = properties,
+            };
+
+            await Events.SignedOutCallbackRedirect(signOut);
+            if (signOut.Result != null)
+            {
+                if (signOut.Result.Handled)
                 {
-                    Response.Redirect(properties.RedirectUri);
+                    Logger.SignoutCallbackRedirectHandledResponse();
+                    return true;
+                }
+                if (signOut.Result.Skipped)
+                {
+                    Logger.SignoutCallbackRedirectSkipped();
+                    return false;
+                }
+                if (signOut.Result.Failure != null)
+                {
+                    throw new InvalidOperationException("An error was returned from the SignedOutCallbackRedirect event.", signOut.Result.Failure);
                 }
             }
 
-            return Task.FromResult(true);
+            properties = signOut.Properties;
+            if (!string.IsNullOrEmpty(properties?.RedirectUri))
+            {
+                Response.Redirect(properties.RedirectUri);
+            }
+
+            return true;
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 1134566d88..4051ee6664 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -93,6 +93,10 @@ namespace Microsoft.AspNetCore.Authentication
                     {
                         return false;
                     }
+                    else if (errorContext.Result.Failure != null)
+                    {
+                        throw new InvalidOperationException("An error was returned from the RemoteFailure event.", errorContext.Result.Failure);
+                    }
                 }
 
                 throw exception;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index ed20d2f5ac..f3fc261879 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -16,11 +16,12 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
@@ -37,32 +38,22 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         private readonly Func<RemoteFailureContext, Task> FailureNotImpl = context => { throw new NotImplementedException("Failure", context.Failure); };
         private readonly Func<RedirectContext, Task> RedirectNotImpl = context => { throw new NotImplementedException("Redirect"); };
         private readonly Func<RemoteSignOutContext, Task> RemoteSignOutNotImpl = context => { throw new NotImplementedException("Remote"); };
+        private readonly Func<RemoteSignOutContext, Task> SignedOutCallbackNotImpl = context => { throw new NotImplementedException("SingedOut"); };
         private readonly RequestDelegate AppNotImpl = context => { throw new NotImplementedException("App"); };
 
         [Fact]
         public async Task OnMessageReceived_Skip_NoMoreEventsRun()
         {
             var messageReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = TokenNotImpl,
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -80,30 +71,20 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         {
             var messageReceived = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     context.Fail("Authentication was aborted from user code.");
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = TokenNotImpl,
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -124,27 +105,16 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         public async Task OnMessageReceived_Handled_NoMoreEventsRun()
         {
             var messageReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = TokenNotImpl,
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "");
@@ -159,30 +129,20 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         {
             var messageReceived = false;
             var tokenValidated = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -202,34 +162,25 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var messageReceived = false;
             var tokenValidated = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.Fail("Authentication was aborted from user code.");
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -252,32 +203,22 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         {
             var messageReceived = false;
             var tokenValidated = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.HandleResponse();
                     context.Principal = null;
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
@@ -295,36 +236,27 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var messageReceived = false;
             var tokenValidated = false;
             var ticketReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.Success();
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticketReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
@@ -342,34 +274,25 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var messageReceived = false;
             var tokenValidated = false;
             var codeReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -391,38 +314,30 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenValidated = false;
             var codeReceived = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     context.Fail("Authentication was aborted from user code.");
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -447,36 +362,27 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var messageReceived = false;
             var tokenValidated = false;
             var codeReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     context.HandleResponse();
                     context.Principal = null;
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -495,40 +401,32 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenValidated = false;
             var codeReceived = false;
             var ticketReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     context.Success();
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticketReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -548,38 +446,30 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenValidated = false;
             var codeReceived = false;
             var tokenResponseReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -603,42 +493,35 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var codeReceived = false;
             var tokenResponseReceived = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     context.Fail("Authentication was aborted from user code.");
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -665,40 +548,32 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenValidated = false;
             var codeReceived = false;
             var tokenResponseReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     context.Principal = null;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -719,44 +594,37 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var codeReceived = false;
             var ticketReceived = false;
             var tokenResponseReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     context.Success();
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticketReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -777,38 +645,30 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var codeReceived = false;
             var tokenResponseReceived = false;
             var tokenValidated = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -832,42 +692,35 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenResponseReceived = false;
             var tokenValidated = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.Fail("Authentication was aborted from user code.");
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -894,40 +747,32 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var codeReceived = false;
             var tokenResponseReceived = false;
             var tokenValidated = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.Principal = null;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
@@ -948,44 +793,37 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var ticketReceived = false;
             var tokenResponseReceived = false;
             var tokenValidated = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     context.Success();
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticketReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
@@ -1007,42 +845,35 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var codeReceived = false;
             var tokenResponseReceived = false;
             var userInfoReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -1068,46 +899,40 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenResponseReceived = false;
             var userInfoReceived = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     context.Fail("Authentication was aborted from user code.");
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     return Task.FromResult(0);
-                },
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -1136,44 +961,37 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var codeReceived = false;
             var tokenResponseReceived = false;
             var userInfoReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     context.Principal = null;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -1196,49 +1014,43 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var ticketReceived = false;
             var tokenResponseReceived = false;
             var userInfoReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     // context.Ticket = null;
                     context.Success();
                     return Task.FromResult(0);
-                },
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticketReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -1262,47 +1074,41 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenResponseReceived = false;
             var userInfoReceived = false;
             var authFailed = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     throw new NotImplementedException("TestException");
-                },
-                OnAuthenticationFailed = context =>
+                };
+                events.OnAuthenticationFailed = context =>
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -1330,51 +1136,46 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var userInfoReceived = false;
             var authFailed = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     throw new NotImplementedException("TestException");
-                },
-                OnAuthenticationFailed = context =>
+                };
+                events.OnAuthenticationFailed = context =>
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
                     context.Fail("Authentication was aborted from user code.");
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     return Task.FromResult(0);
-                },
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -1405,34 +1206,34 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenResponseReceived = false;
             var userInfoReceived = false;
             var authFailed = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     throw new NotImplementedException("TestException");
-                },
-                OnAuthenticationFailed = context =>
+                };
+                events.OnAuthenticationFailed = context =>
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
@@ -1440,14 +1241,8 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -1472,34 +1267,34 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenResponseReceived = false;
             var userInfoReceived = false;
             var authFailed = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     throw new NotImplementedException("TestException");
-                },
-                OnAuthenticationFailed = context =>
+                };
+                events.OnAuthenticationFailed = context =>
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
@@ -1515,20 +1310,15 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
                     context.Success();
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticketReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -1554,52 +1344,47 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var userInfoReceived = false;
             var authFailed = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     throw new NotImplementedException("TestException");
-                },
-                OnAuthenticationFailed = context =>
+                };
+                events.OnAuthenticationFailed = context =>
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     Assert.Equal("TestException", context.Failure.Message);
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -1628,53 +1413,48 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var userInfoReceived = false;
             var authFailed = false;
             var remoteFailure = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     throw new NotImplementedException("TestException");
-                },
-                OnAuthenticationFailed = context =>
+                };
+                events.OnAuthenticationFailed = context =>
                 {
                     authFailed = true;
                     Assert.Equal("TestException", context.Exception.Message);
                     return Task.FromResult(0);
-                },
-                OnRemoteFailure = context =>
+                };
+                events.OnRemoteFailure = context =>
                 {
                     remoteFailure = true;
                     Assert.Equal("TestException", context.Failure.Message);
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-                OnTicketReceived = TicketNotImpl,
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -1699,46 +1479,40 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenResponseReceived = false;
             var userInfoReceived = false;
             var ticektReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     return Task.FromResult(0);
-                },
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticektReceived = true;
                     context.SkipHandler();
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             context =>
             {
                 return context.Response.WriteAsync(context.Request.Path);
@@ -1765,47 +1539,41 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var tokenResponseReceived = false;
             var userInfoReceived = false;
             var ticektReceived = false;
-            var server = CreateServer(new OpenIdConnectEvents()
+            var server = CreateServer(CreateNotImpEvents(events =>
             {
-                OnMessageReceived = context =>
+                events.OnMessageReceived = context =>
                 {
                     messageReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenValidated = context =>
+                };
+                events.OnTokenValidated = context =>
                 {
                     tokenValidated = true;
                     return Task.FromResult(0);
-                },
-                OnAuthorizationCodeReceived = context =>
+                };
+                events.OnAuthorizationCodeReceived = context =>
                 {
                     codeReceived = true;
                     return Task.FromResult(0);
-                },
-                OnTokenResponseReceived = context =>
+                };
+                events.OnTokenResponseReceived = context =>
                 {
                     tokenResponseReceived = true;
                     return Task.FromResult(0);
-                },
-                OnUserInformationReceived = context =>
+                };
+                events.OnUserInformationReceived = context =>
                 {
                     userInfoReceived = true;
                     return Task.FromResult(0);
-                },
-                OnAuthenticationFailed = FailedNotImpl,
-                OnRemoteFailure = FailureNotImpl,
-                OnTicketReceived = context =>
+                };
+                events.OnTicketReceived = context =>
                 {
                     ticektReceived = true;
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
-                },
-
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-            },
+                };
+            }),
             AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
@@ -1820,23 +1588,250 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             Assert.True(ticektReceived);
         }
 
+        [Fact]
+        public async Task OnRedirectToIdentityProviderForSignOut_Invoked()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnRedirectToIdentityProviderForSignOut = context =>
+                {
+                    forSignOut = true;
+                    return Task.CompletedTask;
+                };
+            }),
+            context =>
+            {
+                return context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
+            });
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/");
+
+            Assert.Equal(HttpStatusCode.Found, response.StatusCode);
+            Assert.Equal("http://testhost/end", response.Headers.Location.GetLeftPart(UriPartial.Path));
+            Assert.True(forSignOut);
+        }
+
+        [Fact]
+        public async Task OnRedirectToIdentityProviderForSignOut_Handled_RedirectNotInvoked()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnRedirectToIdentityProviderForSignOut = context =>
+                {
+                    forSignOut = true;
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    context.HandleResponse();
+                    return Task.CompletedTask;
+                };
+            }),
+            context =>
+            {
+                return context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
+            });
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Null(response.Headers.Location);
+            Assert.True(forSignOut);
+        }
+
+        [Fact]
+        public async Task OnRemoteSignOut_Invoked()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnRemoteSignOut = context =>
+                {
+                    forSignOut = true;
+                    return Task.CompletedTask;
+                };
+            }),
+            AppNotImpl);
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/signout-oidc");
+
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            Assert.True(forSignOut);
+            Assert.True(response.Headers.TryGetValues(HeaderNames.SetCookie, out var values));
+            Assert.True(SetCookieHeaderValue.TryParseStrictList(values.ToList(), out var parsedValues));
+            Assert.Equal(1, parsedValues.Count);
+            Assert.True(StringSegment.IsNullOrEmpty(parsedValues.Single().Value));
+        }
+
+        [Fact]
+        public async Task OnRemoteSignOut_Handled_NoSignout()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnRemoteSignOut = context =>
+                {
+                    forSignOut = true;
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    context.HandleResponse();
+                    return Task.CompletedTask;
+                };
+            }),
+            AppNotImpl);
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/signout-oidc");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.True(forSignOut);
+            Assert.False(response.Headers.TryGetValues(HeaderNames.SetCookie, out var values));
+        }
+
+        [Fact]
+        public async Task OnRemoteSignOut_Skip_NoSignout()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnRemoteSignOut = context =>
+                {
+                    forSignOut = true;
+                    context.SkipHandler();
+                    return Task.CompletedTask;
+                };
+            }),
+            context =>
+            {
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.CompletedTask;
+            });
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/signout-oidc");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.True(forSignOut);
+            Assert.False(response.Headers.TryGetValues(HeaderNames.SetCookie, out var values));
+        }
+
+        [Fact]
+        public async Task OnRedirectToSignedOutRedirectUri_Invoked()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnSignedOutCallbackRedirect = context =>
+                {
+                    forSignOut = true;
+                    return Task.CompletedTask;
+                };
+            }),
+            AppNotImpl);
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/signout-callback-oidc?state=protected_state");
+
+            Assert.Equal(HttpStatusCode.Found, response.StatusCode);
+            Assert.Equal("http://testhost/redirect", response.Headers.Location.AbsoluteUri);
+            Assert.True(forSignOut);
+        }
+
+        [Fact]
+        public async Task OnRedirectToSignedOutRedirectUri_Handled_NoRedirect()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnSignedOutCallbackRedirect = context =>
+                {
+                    forSignOut = true;
+                    context.Response.StatusCode = StatusCodes.Status202Accepted;
+                    context.HandleResponse();
+                    return Task.CompletedTask;
+                };
+            }),
+            AppNotImpl);
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/signout-callback-oidc?state=protected_state");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Null(response.Headers.Location);
+            Assert.True(forSignOut);
+        }
+
+        [Fact]
+        public async Task OnRedirectToSignedOutRedirectUri_Skipped_NoRedirect()
+        {
+            var forSignOut = false;
+            var server = CreateServer(CreateNotImpEvents(events =>
+            {
+                events.OnSignedOutCallbackRedirect = context =>
+                {
+                    forSignOut = true;
+                    context.SkipHandler();
+                    return Task.CompletedTask;
+                };
+            }),
+            context =>
+            {
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.CompletedTask;
+            });
+
+            var client = server.CreateClient();
+            var response = await client.GetAsync("/signout-callback-oidc?state=protected_state");
+
+            Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+            Assert.Null(response.Headers.Location);
+            Assert.True(forSignOut);
+        }
+
+        private OpenIdConnectEvents CreateNotImpEvents(Action<OpenIdConnectEvents> configureEvents)
+        {
+            var events = new OpenIdConnectEvents()
+            {
+                OnMessageReceived = MessageNotImpl,
+                OnTokenValidated = TokenNotImpl,
+                OnAuthorizationCodeReceived = CodeNotImpl,
+                OnTokenResponseReceived = TokenResponseNotImpl,
+                OnUserInformationReceived = UserNotImpl,
+                OnAuthenticationFailed = FailedNotImpl,
+                OnTicketReceived = TicketNotImpl,
+                OnRemoteFailure = FailureNotImpl,
+
+                OnRedirectToIdentityProvider = RedirectNotImpl,
+                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
+                OnRemoteSignOut = RemoteSignOutNotImpl,
+                OnSignedOutCallbackRedirect = SignedOutCallbackNotImpl,
+            };
+            configureEvents(events);
+            return events;
+        }
+
         private TestServer CreateServer(OpenIdConnectEvents events, RequestDelegate appCode)
         {
             var builder = new WebHostBuilder()
                 .ConfigureServices(services =>
                 {
-                    services.AddAuthentication()
+                    services.AddAuthentication(auth =>
+                    {
+                        auth.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        auth.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                    })
                         .AddCookie()
                         .AddOpenIdConnect(o =>
                     {
                         o.Events = events;
-                        o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                         o.ClientId = "ClientId";
                         o.GetClaimsFromUserInfoEndpoint = true;
                         o.Configuration = new OpenIdConnectConfiguration()
                         {
                             TokenEndpoint = "http://testhost/tokens",
                             UserInfoEndpoint = "http://testhost/user",
+                            EndSessionEndpoint = "http://testhost/end"
                         };
                         o.StateDataFormat = new TestStateDataFormat();
                         o.SecurityTokenValidator = new TestTokenValidator();
@@ -1868,7 +1863,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
             public string Protect(AuthenticationProperties data)
             {
-                throw new NotImplementedException();
+                return "protected_state";
             }
 
             public string Protect(AuthenticationProperties data, string purpose)
@@ -1879,11 +1874,13 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             public AuthenticationProperties Unprotect(string protectedText)
             {
                 Assert.Equal("protected_state", protectedText);
-                return new AuthenticationProperties(new Dictionary<string, string>()
+                var properties = new AuthenticationProperties(new Dictionary<string, string>()
                 {
                     { ".xsrf", "corrilationId" },
                     { OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, "redirect_uri" }
                 });
+                properties.RedirectUri = "http://testhost/redirect";
+                return properties;
             }
 
             public AuthenticationProperties Unprotect(string protectedText, string purpose)

From 5abcfe7e3d78f777d45503b50de5cea17cf9aa5e Mon Sep 17 00:00:00 2001
From: Javier Calvarro Nelson <jacalvar@microsoft.com>
Date: Fri, 22 Sep 2017 17:10:59 -0700
Subject: [PATCH 807/900] Update API check baselines to 2.0

---
 .../baseline.netcore.json                     | 1962 +++++------
 .../breakingchanges.netcore.json              |   47 -
 .../baseline.netcore.json                     |  461 +--
 .../breakingchanges.netcore.json              |   19 -
 .../baseline.netcore.json                     |  273 +-
 .../breakingchanges.netcore.json              |   40 -
 .../baseline.netcore.json                     |  398 ++-
 .../breakingchanges.netcore.json              |   43 -
 .../baseline.netcore.json                     |  253 +-
 .../breakingchanges.netcore.json              |   19 -
 .../baseline.netcore.json                     | 1661 ++++++---
 .../breakingchanges.netcore.json              |   35 -
 .../baseline.netcore.json                     | 1297 ++++---
 .../breakingchanges.netcore.json              |   68 -
 .../baseline.netcore.json                     |  424 +--
 .../breakingchanges.netcore.json              |   45 -
 .../baseline.netcore.json                     | 3102 ++++++++---------
 .../breakingchanges.netcore.json              |  116 -
 .../baseline.netcore.json                     |  211 ++
 .../baseline.netcore.json                     |  390 ++-
 .../baseline.netcore.json                     |   26 +-
 .../baseline.netframework.json                |    5 +-
 22 files changed, 5802 insertions(+), 5093 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
index 56e48d3fed..1f1115460b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
@@ -1,6 +1,121 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.CookieExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddCookie",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddCookie",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddCookie",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddCookie",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddCookie",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Builder.CookieAppBuilderExtensions",
       "Visibility": "Public",
@@ -35,7 +150,7 @@
             },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions"
             }
           ],
           "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
@@ -48,113 +163,260 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "CookiePrefix",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "LoginPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "LogoutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AccessDeniedPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "ReturnUrlParameter",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Cookies\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
       "ImplementedInterfaces": [
-        "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
+        "Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler"
       ],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_CookieName",
+          "Name": "get_Events",
           "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents",
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_CookieName",
+          "Name": "set_Events",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "System.String"
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents"
             }
           ],
           "ReturnType": "System.Void",
-          "Visibility": "Public",
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "get_CookieDomain",
+          "Name": "InitializeHandlerAsync",
           "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_CookieDomain",
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "FinishResponseAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignInAsync",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.String"
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "System.Void",
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "get_CookiePath",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookiePath",
+          "Name": "SignOutAsync",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.String"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "System.Void",
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "get_CookieHttpOnly",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieHttpOnly",
+          "Name": "HandleForbiddenAsync",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.Boolean"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "get_CookieSecure",
+          "Name": "HandleChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Cookie",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieBuilder",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_CookieSecure",
+          "Name": "set_Cookie",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
+              "Type": "Microsoft.AspNetCore.Http.CookieBuilder"
             }
           ],
           "ReturnType": "System.Void",
@@ -182,27 +444,6 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "get_ExpireTimeSpan",
-          "Parameters": [],
-          "ReturnType": "System.TimeSpan",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ExpireTimeSpan",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.TimeSpan"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "get_SlidingExpiration",
@@ -312,7 +553,7 @@
           "Kind": "Method",
           "Name": "get_Events",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -322,7 +563,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents"
             }
           ],
           "ReturnType": "System.Void",
@@ -350,27 +591,6 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "get_CookieManager",
@@ -413,39 +633,21 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
-      ],
-      "Members": [
         {
           "Kind": "Method",
-          "Name": "get_ChunkSize",
+          "Name": "get_ExpireTimeSpan",
           "Parameters": [],
-          "ReturnType": "System.Nullable<System.Int32>",
+          "ReturnType": "System.TimeSpan",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_ChunkSize",
+          "Name": "set_ExpireTimeSpan",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "System.Nullable<System.Int32>"
+              "Type": "System.TimeSpan"
             }
           ],
           "ReturnType": "System.Void",
@@ -454,7 +656,70 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_ThrowForPartialCookies",
+          "Name": "get_CookieName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieName",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieDomain",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieDomain",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookiePath",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookiePath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CookieHttpOnly",
           "Parameters": [],
           "ReturnType": "System.Boolean",
           "Visibility": "Public",
@@ -462,7 +727,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "set_ThrowForPartialCookies",
+          "Name": "set_CookieHttpOnly",
           "Parameters": [
             {
               "Name": "value",
@@ -475,80 +740,363 @@
         },
         {
           "Kind": "Method",
-          "Name": "GetRequestCookie",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Name": "get_CookieSecure",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieSecurePolicy",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "AppendResponseCookie",
+          "Name": "set_CookieSecure",
           "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "key",
-              "Type": "System.String"
-            },
             {
               "Name": "value",
-              "Type": "System.String"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+              "Type": "Microsoft.AspNetCore.Http.CookieSecurePolicy"
             }
           ],
           "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnValidatePrincipal",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "DeleteCookie",
+          "Name": "set_OnValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSigningIn",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSigningIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSignedIn",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSignedIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSigningOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSigningOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToLogin",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAccessDenied",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToLogout",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToReturnUrl",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ValidatePrincipal",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignedIn",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SigningOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogout",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToLogin",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToReturnUrl",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAccessDenied",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PrincipalContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
           "Parameters": [
             {
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
             {
-              "Name": "key",
-              "Type": "System.String"
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions"
             }
           ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -556,93 +1104,31 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults",
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Field",
-          "Name": "CookiePrefix",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "LoginPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "LogoutPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AccessDeniedPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "ReturnUrlParameter",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Cookies\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PrincipalContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "CreateHandler",
+          "Name": "get_CookieOptions",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieOptions",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
@@ -650,24 +1136,163 @@
           "Name": ".ctor",
           "Parameters": [
             {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
             {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "urlEncoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
             },
             {
               "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>"
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "cookieOptions",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PropertiesContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_CookieOptions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CookieOptions",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "cookieOptions",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PrincipalContext<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ShouldRenew",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ShouldRenew",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ReplacePrincipal",
+          "Parameters": [
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RejectPrincipal",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions"
+            },
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
             }
           ],
           "Visibility": "Public",
@@ -809,436 +1434,30 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents",
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.PostConfigureCookieAuthenticationOptions",
       "Visibility": "Public",
       "Kind": "Class",
       "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents"
+        "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>"
       ],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_OnValidatePrincipal",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnValidatePrincipal",
+          "Name": "PostConfigure",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnSigningIn",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnSigningIn",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnSignedIn",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnSignedIn",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnSigningOut",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnSigningOut",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToLogin",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToLogin",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToAccessDenied",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToAccessDenied",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToLogout",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToLogout",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_OnRedirectToReturnUrl",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToReturnUrl",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext, System.Threading.Tasks.Task>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ValidatePrincipal",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SigningIn",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignedIn",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SigningOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToLogout",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToLogin",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToReturnUrl",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAccessDenied",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_RedirectUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RedirectUri",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "redirectUri",
+              "Name": "name",
               "Type": "System.String"
             },
             {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions"
             }
           ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1247,24 +1466,8 @@
           "Name": ".ctor",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Name": "dataProtection",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
             }
           ],
           "Visibility": "Public",
@@ -1274,140 +1477,28 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext",
+      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Principal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CookieOptions",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CookieOptions",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "cookieOptions",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager"
       ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_CookieOptions",
+          "Name": "get_ChunkSize",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "ReturnType": "System.Nullable<System.Int32>",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_CookieOptions",
+          "Name": "set_ChunkSize",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
+              "Type": "System.Nullable<System.Int32>"
             }
           ],
           "ReturnType": "System.Void",
@@ -1416,78 +1507,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "cookieOptions",
-              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ShouldRenew",
+          "Name": "get_ThrowForPartialCookies",
           "Parameters": [],
           "ReturnType": "System.Boolean",
           "Visibility": "Public",
@@ -1495,7 +1515,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "set_ShouldRenew",
+          "Name": "set_ThrowForPartialCookies",
           "Parameters": [
             {
               "Name": "value",
@@ -1508,154 +1528,96 @@
         },
         {
           "Kind": "Method",
-          "Name": "ReplacePrincipal",
-          "Parameters": [
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RejectPrincipal",
-          "Parameters": [],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
+          "Name": "GetRequestCookie",
           "Parameters": [
             {
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
             {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+              "Name": "key",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AppendResponseCookie",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "value",
+              "Type": "System.String"
             },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.CookieAuthenticationOptions"
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
             }
           ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
           "Visibility": "Public",
           "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "ValidatePrincipal",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "SigningIn",
+          "Name": "DeleteCookie",
           "Parameters": [
             {
               "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext"
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "key",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Http.CookieOptions"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Cookies.ICookieManager",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Method",
-          "Name": "SignedIn",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Method",
-          "Name": "RedirectToLogout",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToLogin",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToReturnUrl",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAccessDenied",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SigningOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
+          "Kind": "Field",
+          "Name": "DefaultChunkSize",
+          "Parameters": [],
+          "ReturnType": "System.Int32",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "4050"
         }
       ],
       "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
deleted file mode 100644
index 91781d2dd2..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
+++ /dev/null
@@ -1,47 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationEvents : Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.CookieAuthenticationOptions : Microsoft.AspNetCore.Builder.AuthenticationOptions, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookieAuthenticationOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public interface Microsoft.AspNetCore.Authentication.Cookies.ICookieAuthenticationEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.CookieAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseCookieAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.CookieAuthenticationOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieRedirectContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSignedInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningInContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieSigningOutContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieValidatePrincipalContext : Microsoft.AspNetCore.Authentication.Cookies.BaseCookieContext",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
index 1e070fc7ff..82a48a6bf4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
@@ -1,6 +1,102 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.FacebookAuthenticationOptionsExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddFacebook",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddFacebook",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddFacebook",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddFacebook",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookDefaults",
       "Visibility": "Public",
@@ -10,6 +106,16 @@
       "Sealed": true,
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Field",
+          "Name": "DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Field",
           "Name": "AuthorizationEndpoint",
@@ -55,318 +161,22 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookHelper",
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions",
       "Visibility": "Public",
       "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "GetId",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetAgeRangeMin",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetAgeRangeMax",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetBirthday",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetEmail",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetFirstName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetGender",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLastName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLink",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLocation",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetLocale",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetMiddleName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetTimeZone",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.FacebookOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
+          "Name": "Validate",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.FacebookOptions>",
+          "ReturnType": "System.Void",
           "Virtual": true,
           "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.FacebookOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.FacebookAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseFacebookAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "UseFacebookAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.FacebookOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.FacebookOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
         {
           "Kind": "Method",
           "Name": "get_AppId",
@@ -447,7 +257,52 @@
         }
       ],
       "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.FacebookAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseFacebookAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseFacebookAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json
deleted file mode 100644
index f64e6b8342..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/breakingchanges.netcore.json
+++ /dev/null
@@ -1,19 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Facebook.FacebookMiddleware : Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.FacebookOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.FacebookOptions : Microsoft.AspNetCore.Builder.OAuthOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Facebook.FacebookHelper",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.FacebookAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseFacebookAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.FacebookOptions options)",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
index 647633afa8..61aae649d3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
@@ -1,6 +1,102 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.GoogleExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddGoogle",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddGoogle",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Google.GoogleOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddGoogle",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Google.GoogleOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddGoogle",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Google.GoogleOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleDefaults",
       "Visibility": "Public",
@@ -10,6 +106,16 @@
       "Sealed": true,
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Field",
+          "Name": "DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Field",
           "Name": "AuthorizationEndpoint",
@@ -63,76 +169,6 @@
       "Sealed": true,
       "ImplementedInterfaces": [],
       "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetId",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetGivenName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetFamilyName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetProfile",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "GetEmail",
@@ -151,51 +187,37 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleMiddleware",
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleOptions",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.GoogleOptions>",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "CreateHandler",
+          "Name": "get_AccessType",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.GoogleOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.GoogleOptions>"
-            }
-          ],
+          "Parameters": [],
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -236,7 +258,7 @@
             },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.GoogleOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.Google.GoogleOptions"
             }
           ],
           "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
@@ -247,45 +269,6 @@
         }
       ],
       "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.GoogleOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AccessType",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AccessType",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json
deleted file mode 100644
index db3d1fcf0c..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/breakingchanges.netcore.json
+++ /dev/null
@@ -1,40 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Google.GoogleMiddleware : Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.GoogleOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.GoogleOptions : Microsoft.AspNetCore.Builder.OAuthOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.GoogleAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseGoogleAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.GoogleOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
-      "MemberId": "public static System.String GetFamilyName(Newtonsoft.Json.Linq.JObject user)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
-      "MemberId": "public static System.String GetGivenName(Newtonsoft.Json.Linq.JObject user)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
-      "MemberId": "public static System.String GetId(Newtonsoft.Json.Linq.JObject user)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
-      "MemberId": "public static System.String GetName(Newtonsoft.Json.Linq.JObject user)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
-      "MemberId": "public static System.String GetProfile(Newtonsoft.Json.Linq.JObject user)",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
index 37e18e53ed..997cf7bdf1 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
@@ -1,8 +1,8 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults",
+      "Name": "Microsoft.Extensions.DependencyInjection.JwtBearerExtensions",
       "Visibility": "Public",
       "Kind": "Class",
       "Abstract": true,
@@ -11,57 +11,132 @@
       "ImplementedInterfaces": [],
       "Members": [
         {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
+          "Kind": "Method",
+          "Name": "AddJwtBearer",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
           "Static": true,
+          "Extension": true,
           "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Bearer\""
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddJwtBearer",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddJwtBearer",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddJwtBearer",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
         }
       ],
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware",
+      "Name": "Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
+          "Name": "UseJwtBearerAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Constructor",
-          "Name": ".ctor",
+          "Kind": "Method",
+          "Name": "UseJwtBearerAuthentication",
           "Parameters": [
             {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
             },
             {
               "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.JwtBearerOptions>"
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions"
             }
           ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -72,7 +147,7 @@
       "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.ResultContext<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -105,42 +180,12 @@
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
             {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
             },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions"
             }
           ],
           "Visibility": "Public",
@@ -149,79 +194,13 @@
       ],
       "GenericParameters": []
     },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "MessageReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenValidated",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Challenge",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PropertiesContext<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>",
       "ImplementedInterfaces": [],
       "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "get_AuthenticateFailure",
@@ -306,6 +285,22 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_Handled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleResponse",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -314,13 +309,17 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions"
             },
             {
               "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "Visibility": "Public",
@@ -333,9 +332,7 @@
       "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents",
       "Visibility": "Public",
       "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
-      ],
+      "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
@@ -432,7 +429,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -447,7 +443,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -462,7 +457,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -477,7 +471,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -495,7 +488,7 @@
       "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.ResultContext<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -527,9 +520,13 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions"
             }
           ],
           "Visibility": "Public",
@@ -542,7 +539,7 @@
       "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.ResultContext<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -574,9 +571,13 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions"
             }
           ],
           "Visibility": "Public",
@@ -586,7 +587,7 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults",
       "Visibility": "Public",
       "Kind": "Class",
       "Abstract": true,
@@ -595,47 +596,24 @@
       "ImplementedInterfaces": [],
       "Members": [
         {
-          "Kind": "Method",
-          "Name": "UseJwtBearerAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
           "Static": true,
-          "Extension": true,
           "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseJwtBearerAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.JwtBearerOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Bearer\""
         }
       ],
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.JwtBearerOptions",
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -747,7 +725,7 @@
           "Kind": "Method",
           "Name": "get_Events",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -757,7 +735,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents"
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents"
             }
           ],
           "ReturnType": "System.Void",
@@ -869,27 +847,6 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "get_SecurityTokenValidators",
@@ -970,7 +927,44 @@
         }
       ],
       "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerPostConfigureOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "PostConfigure",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
deleted file mode 100644
index 223ff401b4..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/breakingchanges.netcore.json
+++ /dev/null
@@ -1,43 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents : Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.JwtBearerOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.JwtBearerOptions : Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public interface Microsoft.AspNetCore.Authentication.JwtBearer.IJwtBearerEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.JwtBearerAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseJwtBearerAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.JwtBearerOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerChallengeContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.MessageReceivedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext : Microsoft.AspNetCore.Authentication.JwtBearer.BaseJwtBearerContext",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
index 06b3cd0d53..5791297b27 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
@@ -1,6 +1,102 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.MicrosoftAccountExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddMicrosoftAccount",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddMicrosoftAccount",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddMicrosoftAccount",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddMicrosoftAccount",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountDefaults",
       "Visibility": "Public",
@@ -10,6 +106,16 @@
       "Sealed": true,
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Field",
+          "Name": "DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Field",
           "Name": "AuthorizationEndpoint",
@@ -55,133 +161,16 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountHelper",
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions",
       "Visibility": "Public",
       "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions",
       "ImplementedInterfaces": [],
       "Members": [
-        {
-          "Kind": "Method",
-          "Name": "GetId",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetDisplayName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetGivenName",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetSurname",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetEmail",
-          "Parameters": [
-            {
-              "Name": "user",
-              "Type": "Newtonsoft.Json.Linq.JObject"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>"
-            }
-          ],
+          "Parameters": [],
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -222,7 +211,7 @@
             },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions"
             }
           ],
           "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
@@ -233,24 +222,6 @@
         }
       ],
       "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.MicrosoftAccountOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json
deleted file mode 100644
index 66f2a77b4e..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/breakingchanges.netcore.json
+++ /dev/null
@@ -1,19 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountMiddleware : Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<Microsoft.AspNetCore.Builder.MicrosoftAccountOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.MicrosoftAccountOptions : Microsoft.AspNetCore.Builder.OAuthOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountHelper",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.MicrosoftAccountAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseMicrosoftAccountAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.MicrosoftAccountOptions options)",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
index d485aedb17..ffda3cbafe 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
@@ -1,6 +1,724 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.OAuthExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddOAuth",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddOAuth",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddOAuth<T0, T1>",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0>"
+              ]
+            }
+          ]
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddOAuth<T0, T1>",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0>"
+              ]
+            }
+          ]
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.OAuthPostConfigureOptions<T0, T1>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Extensions.Options.IPostConfigureOptions<T0>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "PostConfigure",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Extensions.Options.IPostConfigureOptions<T0>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "dataProtection",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions"
+          ]
+        },
+        {
+          "ParameterName": "THandler",
+          "ParameterPosition": 1,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0>"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseOAuthAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "UseOAuthAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimActionCollectionMapExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "MapJsonKey",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MapJsonKey",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MapJsonSubKey",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
+            },
+            {
+              "Name": "subKey",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MapJsonSubKey",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
+            },
+            {
+              "Name": "subKey",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MapCustomJson",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "resolver",
+              "Type": "System.Func<Newtonsoft.Json.Linq.JObject, System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MapCustomJson",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "resolver",
+              "Type": "System.Func<Newtonsoft.Json.Linq.JObject, System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteClaim",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.ResultContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_User",
+          "Parameters": [],
+          "ReturnType": "Newtonsoft.Json.Linq.JObject",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenResponse",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AccessToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshToken",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ExpiresIn",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.TimeSpan>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Identity",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsIdentity",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RunClaimActions",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RunClaimActions",
+          "Parameters": [
+            {
+              "Name": "userData",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions"
+            },
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions"
+            },
+            {
+              "Name": "backchannel",
+              "Type": "System.Net.Http.HttpClient"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            },
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnCreatingTicket",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnCreatingTicket",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions>, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions>, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreatingTicket",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToAuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions>"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0>",
       "Visibility": "Public",
@@ -16,11 +734,42 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "HandleRemoteAuthenticateAsync",
           "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult>",
           "Virtual": true,
           "Override": true,
           "Visibility": "Protected",
@@ -54,7 +803,7 @@
             },
             {
               "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             },
             {
               "Name": "tokens",
@@ -68,14 +817,14 @@
         },
         {
           "Kind": "Method",
-          "Name": "HandleUnauthorizedAsync",
+          "Name": "HandleChallengeAsync",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
           "Override": true,
           "Visibility": "Protected",
@@ -87,7 +836,7 @@
           "Parameters": [
             {
               "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             },
             {
               "Name": "redirectUri",
@@ -113,63 +862,11 @@
           "Name": ".ctor",
           "Parameters": [
             {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.OAuthOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<T0>"
             },
             {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
+              "Name": "logger",
               "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
             },
             {
@@ -177,12 +874,8 @@
               "Type": "System.Text.Encodings.Web.UrlEncoder"
             },
             {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
             }
           ],
           "Visibility": "Public",
@@ -195,11 +888,201 @@
           "ParameterPosition": 0,
           "New": true,
           "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.OAuthOptions"
+            "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions"
           ]
         }
       ]
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Validate",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientId",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientId",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClientSecret",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ClientSecret",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AuthorizationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthorizationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UserInformationEndpoint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UserInformationEndpoint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimActions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Scope",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
       "Visibility": "Public",
@@ -364,75 +1247,15 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreatingTicket",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToAuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext",
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "Abstract": true,
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_User",
-          "Parameters": [],
-          "ReturnType": "Newtonsoft.Json.Linq.JObject",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenResponse",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AccessToken",
+          "Name": "get_ClaimType",
           "Parameters": [],
           "ReturnType": "System.String",
           "Visibility": "Public",
@@ -440,7 +1263,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_TokenType",
+          "Name": "get_ValueType",
           "Parameters": [],
           "ReturnType": "System.String",
           "Visibility": "Public",
@@ -448,112 +1271,38 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_RefreshToken",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ExpiresIn",
-          "Parameters": [],
-          "ReturnType": "System.Nullable<System.TimeSpan>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Ticket",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Ticket",
+          "Name": "Run",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Identity",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsIdentity",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            },
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
-            },
-            {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            },
-            {
-              "Name": "tokens",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            },
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
-            },
-            {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            },
-            {
-              "Name": "tokens",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
-            },
-            {
-              "Name": "user",
+              "Name": "userData",
               "Type": "Newtonsoft.Json.Linq.JObject"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "issuer",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
             }
           ],
           "Visibility": "Public",
@@ -563,29 +1312,28 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents",
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
       "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
+        "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction>"
       ],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_OnCreatingTicket",
+          "Name": "Clear",
           "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>",
+          "ReturnType": "System.Void",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_OnCreatingTicket",
+          "Name": "Remove",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext, System.Threading.Tasks.Task>"
+              "Name": "claimType",
+              "Type": "System.String"
             }
           ],
           "ReturnType": "System.Void",
@@ -594,19 +1342,11 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_OnRedirectToAuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnRedirectToAuthorizationEndpoint",
+          "Name": "Add",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext, System.Threading.Tasks.Task>"
+              "Name": "action",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction"
             }
           ],
           "ReturnType": "System.Void",
@@ -615,72 +1355,60 @@
         },
         {
           "Kind": "Method",
-          "Name": "CreatingTicket",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "Name": "GetEnumerator",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerator<Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction>",
+          "Sealed": true,
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
+          "ImplementedInterface": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.Claims.CustomJsonClaimAction",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Resolver",
+          "Parameters": [],
+          "ReturnType": "System.Func<Newtonsoft.Json.Linq.JObject, System.String>",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "RedirectToAuthorizationEndpoint",
+          "Name": "Run",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext"
+              "Name": "userData",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "issuer",
+              "Type": "System.String"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "ReturnType": "System.Void",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.OAuthOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RedirectUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "Override": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -689,19 +1417,60 @@
           "Name": ".ctor",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+              "Name": "claimType",
+              "Type": "System.String"
             },
             {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+              "Name": "valueType",
+              "Type": "System.String"
             },
             {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Name": "resolver",
+              "Type": "System.Func<Newtonsoft.Json.Linq.JObject, System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.Claims.DeleteClaimAction",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Run",
+          "Parameters": [
+            {
+              "Name": "userData",
+              "Type": "Newtonsoft.Json.Linq.JObject"
             },
             {
-              "Name": "redirectUri",
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "issuer",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "claimType",
               "Type": "System.String"
             }
           ],
@@ -712,45 +1481,60 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction",
       "Visibility": "Public",
       "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "UseOAuthAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
+          "Name": "get_JsonKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "UseOAuthAuthentication",
+          "Name": "Run",
           "Parameters": [
             {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+              "Name": "userData",
+              "Type": "Newtonsoft.Json.Linq.JObject"
             },
             {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OAuthOptions"
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "issuer",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -758,15 +1542,15 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.OAuthOptions",
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonSubKeyClaimAction",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_ClientId",
+          "Name": "get_SubKey",
           "Parameters": [],
           "ReturnType": "System.String",
           "Visibility": "Public",
@@ -774,182 +1558,53 @@
         },
         {
           "Kind": "Method",
-          "Name": "set_ClientId",
+          "Name": "Run",
           "Parameters": [
             {
-              "Name": "value",
+              "Name": "userData",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "issuer",
               "Type": "System.String"
             }
           ],
           "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ClientSecret",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ClientSecret",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AuthorizationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AuthorizationEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_TokenEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_TokenEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_UserInformationEndpoint",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_UserInformationEndpoint",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Events",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Scope",
-          "Parameters": [],
-          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_StateDataFormat",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_StateDataFormat",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SystemClock",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SystemClock",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
-            }
-          ],
-          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
-          "Parameters": [],
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
+            },
+            {
+              "Name": "subKey",
+              "Type": "System.String"
+            }
+          ],
           "Visibility": "Public",
           "GenericParameter": []
         }
       ],
       "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
deleted file mode 100644
index 3124d7fe70..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/breakingchanges.netcore.json
+++ /dev/null
@@ -1,35 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthCreatingTicketContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents : Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents, Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<T0> : Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0> where T0 : Microsoft.AspNetCore.Builder.OAuthOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthMiddleware<T0> : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0> where T0 : Microsoft.AspNetCore.Builder.OAuthOptions, new()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.OAuthOptions : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public interface Microsoft.AspNetCore.Authentication.OAuth.IOAuthEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.OAuthAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseOAuthAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.OAuthOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OAuth.OAuthRedirectToAuthorizationContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
index 64cb79487d..9623b214e8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
@@ -1,8 +1,8 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
+      "Name": "Microsoft.Extensions.DependencyInjection.OpenIdConnectExtensions",
       "Visibility": "Public",
       "Kind": "Class",
       "Abstract": true,
@@ -11,302 +11,196 @@
       "ImplementedInterfaces": [],
       "Members": [
         {
-          "Kind": "Field",
-          "Name": "AuthenticationPropertiesKey",
-          "Parameters": [],
-          "ReturnType": "System.String",
+          "Kind": "Method",
+          "Name": "AddOpenIdConnect",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
           "Static": true,
-          "ReadOnly": true,
+          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Field",
-          "Name": "Caption",
-          "Parameters": [],
-          "ReturnType": "System.String",
+          "Kind": "Method",
+          "Name": "AddOpenIdConnect",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
           "Static": true,
-          "ReadOnly": true,
+          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Field",
-          "Name": "CookieNoncePrefix",
-          "Parameters": [],
-          "ReturnType": "System.String",
+          "Kind": "Method",
+          "Name": "AddOpenIdConnect",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
           "Static": true,
-          "ReadOnly": true,
+          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Field",
-          "Name": "RedirectUriForCodePropertiesKey",
-          "Parameters": [],
-          "ReturnType": "System.String",
+          "Kind": "Method",
+          "Name": "AddOpenIdConnect",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
           "Static": true,
-          "ReadOnly": true,
+          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "UserstatePropertiesKey",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "ReadOnly": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"OpenIdConnect\""
         }
       ],
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler",
+      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HtmlEncoder",
-          "Parameters": [],
-          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteSignOutAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignOutAsync",
-          "Parameters": [
-            {
-              "Name": "signout",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleUnauthorizedAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedeemAuthorizationCodeAsync",
-          "Parameters": [
-            {
-              "Name": "tokenEndpointRequest",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetUserInformationAsync",
-          "Parameters": [
-            {
-              "Name": "message",
-              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
-            },
-            {
-              "Name": "jwt",
-              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
-            },
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "backchannel",
-              "Type": "System.Net.Http.HttpClient"
-            },
-            {
-              "Name": "htmlEncoder",
-              "Type": "System.Text.Encodings.Web.HtmlEncoder"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Backchannel",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpClient",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HtmlEncoder",
-          "Parameters": [],
-          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "services",
-              "Type": "System.IServiceProvider"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>"
-            },
-            {
-              "Name": "htmlEncoder",
-              "Type": "System.Text.Encodings.Web.HtmlEncoder"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
-      "Visibility": "Public",
-      "Kind": "Enumeration",
+      "Abstract": true,
+      "Static": true,
       "Sealed": true,
       "ImplementedInterfaces": [],
       "Members": [
         {
-          "Kind": "Field",
-          "Name": "RedirectGet",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "0"
+          "Kind": "Method",
+          "Name": "UseOpenIdConnectAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
         },
         {
-          "Kind": "Field",
-          "Name": "FormPost",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "1"
+          "Kind": "Method",
+          "Name": "UseOpenIdConnectAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ClaimActionCollectionUniqueExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "MapUniqueJsonKey",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MapUniqueJsonKey",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
         }
       ],
       "GenericParameters": []
@@ -315,9 +209,30 @@
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_Exception",
@@ -347,9 +262,13 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
             }
           ],
           "Visibility": "Public",
@@ -362,24 +281,24 @@
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_Properties",
+          "Name": "get_ProtocolMessage",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_Properties",
+          "Name": "set_ProtocolMessage",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
             }
           ],
           "ReturnType": "System.Void",
@@ -511,9 +430,17 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "Visibility": "Public",
@@ -523,20 +450,12 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "get_ProtocolMessage",
@@ -558,152 +477,6 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "AuthenticationFailed",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthorizationCodeReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "MessageReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToIdentityProvider",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RedirectToIdentityProviderForSignOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RemoteSignOut",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenResponseReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TokenValidated",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UserInformationReceived",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-      "ImplementedInterfaces": [],
-      "Members": [
         {
           "Kind": "Method",
           "Name": "get_Token",
@@ -725,27 +498,6 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -754,9 +506,17 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "Visibility": "Public",
@@ -770,9 +530,7 @@
       "Visibility": "Public",
       "Kind": "Class",
       "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
-      ],
+      "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
@@ -974,7 +732,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -989,7 +746,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1004,7 +760,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1019,7 +774,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1034,7 +788,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1049,7 +802,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1064,7 +816,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1079,7 +830,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1094,7 +844,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1112,14 +861,43 @@
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PropertiesContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_Properties",
+          "Name": "get_ProtocolMessage",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Handled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleResponse",
+          "Parameters": [],
+          "ReturnType": "System.Void",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1131,13 +909,17 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
             },
             {
               "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "Visibility": "Public",
@@ -1150,9 +932,30 @@
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -1161,9 +964,13 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
             },
             {
               "Name": "message",
@@ -1180,14 +987,27 @@
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_Properties",
+          "Name": "get_ProtocolMessage",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1220,13 +1040,21 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
             },
             {
               "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "Visibility": "Public",
@@ -1239,24 +1067,24 @@
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_Properties",
+          "Name": "get_ProtocolMessage",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_Properties",
+          "Name": "set_ProtocolMessage",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
             }
           ],
           "ReturnType": "System.Void",
@@ -1334,9 +1162,21 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "Visibility": "Public",
@@ -1349,9 +1189,30 @@
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_User",
@@ -1381,9 +1242,21 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "Visibility": "Public",
@@ -1393,45 +1266,268 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
       "Visibility": "Public",
       "Kind": "Class",
       "Abstract": true,
       "Static": true,
       "Sealed": true,
       "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationPropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "CookieNoncePrefix",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "RedirectUriForCodePropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "UserstatePropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"OpenIdConnect\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler"
+      ],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "UseOpenIdConnectAuthentication",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HtmlEncoder",
+          "Parameters": [],
+          "ReturnType": "System.Text.Encodings.Web.HtmlEncoder",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
           "Parameters": [
             {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "UseOpenIdConnectAuthentication",
+          "Name": "HandleRemoteSignOutAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignOutAsync",
           "Parameters": [
             {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutCallbackAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedeemAuthorizationCodeAsync",
+          "Parameters": [
+            {
+              "Name": "tokenEndpointRequest",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GetUserInformationAsync",
+          "Parameters": [
+            {
+              "Name": "message",
+              "Type": "Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage"
+            },
+            {
+              "Name": "jwt",
+              "Type": "System.IdentityModel.Tokens.Jwt.JwtSecurityToken"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "htmlEncoder",
+              "Type": "System.Text.Encodings.Web.HtmlEncoder"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -1439,12 +1535,22 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.OpenIdConnectOptions",
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions",
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Validate",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_Authority",
@@ -1571,6 +1677,14 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimActions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_RequireHttpsMetadata",
@@ -1617,7 +1731,7 @@
           "Kind": "Method",
           "Name": "get_Events",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1627,7 +1741,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents"
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents"
             }
           ],
           "ReturnType": "System.Void",
@@ -1657,7 +1771,28 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_PostLogoutRedirectUri",
+          "Name": "get_SignedOutCallbackPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignedOutCallbackPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignedOutRedirectUri",
           "Parameters": [],
           "ReturnType": "System.String",
           "Visibility": "Public",
@@ -1665,7 +1800,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "set_PostLogoutRedirectUri",
+          "Name": "set_SignedOutRedirectUri",
           "Parameters": [
             {
               "Name": "value",
@@ -1835,7 +1970,7 @@
           "Kind": "Method",
           "Name": "get_StateDataFormat",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -1845,7 +1980,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>"
             }
           ],
           "ReturnType": "System.Void",
@@ -1959,19 +2094,40 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_SystemClock",
+          "Name": "get_DisableTelemetry",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "ReturnType": "System.Boolean",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_SystemClock",
+          "Name": "set_DisableTelemetry",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_NonceCookie",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_NonceCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieBuilder"
             }
           ],
           "ReturnType": "System.Void",
@@ -1984,13 +2140,121 @@
           "Parameters": [],
           "Visibility": "Public",
           "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectPostConfigureOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "PostConfigure",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>",
+          "Visibility": "Public",
+          "GenericParameter": []
         },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
           "Parameters": [
             {
-              "Name": "authenticationScheme",
+              "Name": "dataProtection",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectRedirectBehavior",
+      "Visibility": "Public",
+      "Kind": "Enumeration",
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "RedirectGet",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "0"
+        },
+        {
+          "Kind": "Field",
+          "Name": "FormPost",
+          "Parameters": [],
+          "GenericParameter": [],
+          "Literal": "1"
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.Claims.UniqueJsonKeyClaimAction",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.JsonKeyClaimAction",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Run",
+          "Parameters": [
+            {
+              "Name": "userData",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "issuer",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "claimType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "valueType",
+              "Type": "System.String"
+            },
+            {
+              "Name": "jsonKey",
               "Type": "System.String"
             }
           ],
@@ -2000,6 +2264,5 @@
       ],
       "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
deleted file mode 100644
index 931a7b079d..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/breakingchanges.netcore.json
+++ /dev/null
@@ -1,68 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents : Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents, Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler : Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.OpenIdConnectOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.OpenIdConnectOptions : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public interface Microsoft.AspNetCore.Authentication.OpenIdConnect.IOpenIdConnectEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.OpenIdConnectAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseOpenIdConnectAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.OpenIdConnectOptions options)",
-      "Kind": "Removal"
-    },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthenticationFailedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.AuthorizationCodeReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.MessageReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RedirectContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenResponseReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.TokenValidatedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public class Microsoft.AspNetCore.Authentication.OpenIdConnect.UserInformationReceivedContext : Microsoft.AspNetCore.Authentication.OpenIdConnect.BaseOpenIdConnectContext",
-        "Kind": "Removal"
-      },
-      {
-        "TypeId": "public static class Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
-        "MemberId": "public static readonly System.String Caption",
-        "Kind": "Removal"
-      }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
index c35232a310..b577f07eb1 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
@@ -1,8 +1,8 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterDefaults",
+      "Name": "Microsoft.Extensions.DependencyInjection.TwitterExtensions",
       "Visibility": "Public",
       "Kind": "Class",
       "Abstract": true,
@@ -11,99 +11,86 @@
       "ImplementedInterfaces": [],
       "Members": [
         {
-          "Kind": "Field",
-          "Name": "AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
+          "Kind": "Method",
+          "Name": "AddTwitter",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
           "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": [],
-          "Constant": true,
-          "Literal": "\"Twitter\""
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.TwitterOptions>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Builder.TwitterOptions>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
-            {
-              "Name": "dataProtectionProvider",
-              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
-            },
-            {
-              "Name": "loggerFactory",
-              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            },
-            {
-              "Name": "sharedOptions",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.TwitterOptions>"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.TwitterOptions",
+          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Constructor",
-          "Name": ".ctor",
+          "Kind": "Method",
+          "Name": "AddTwitter",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
             },
             {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>"
             }
           ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddTwitter",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddTwitter",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -111,36 +98,46 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+      "Name": "Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
       "Visibility": "Public",
-      "Kind": "Interface",
+      "Kind": "Class",
       "Abstract": true,
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "CreatingTicket",
+          "Name": "UseTwitterAuthentication",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext"
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "RedirectToAuthorizationEndpoint",
+          "Name": "UseTwitterAuthentication",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
           "GenericParameter": []
         }
       ],
@@ -150,7 +147,7 @@
       "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.ResultContext<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -193,48 +190,6 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Principal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Properties",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -243,9 +198,21 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             },
             {
               "Name": "userId",
@@ -279,9 +246,7 @@
       "Visibility": "Public",
       "Kind": "Class",
       "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
-      ],
+      "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
@@ -308,7 +273,7 @@
           "Kind": "Method",
           "Name": "get_OnRedirectToAuthorizationEndpoint",
           "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>",
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>, System.Threading.Tasks.Task>",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -318,7 +283,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext, System.Threading.Tasks.Task>"
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>, System.Threading.Tasks.Task>"
             }
           ],
           "ReturnType": "System.Void",
@@ -336,7 +301,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -346,12 +310,11 @@
           "Parameters": [
             {
               "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext"
+              "Type": "Microsoft.AspNetCore.Authentication.RedirectContext<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>"
             }
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -365,56 +328,6 @@
       ],
       "GenericParameters": []
     },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_RedirectUri",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "redirectUri",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.Twitter.AccessToken",
       "Visibility": "Public",
@@ -547,7 +460,7 @@
           "Kind": "Method",
           "Name": "get_Properties",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -557,7 +470,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "ReturnType": "System.Void",
@@ -655,7 +568,7 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterDefaults",
       "Visibility": "Public",
       "Kind": "Class",
       "Abstract": true,
@@ -664,47 +577,34 @@
       "ImplementedInterfaces": [],
       "Members": [
         {
-          "Kind": "Method",
-          "Name": "UseTwitterAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Kind": "Field",
+          "Name": "DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
           "Static": true,
-          "Extension": true,
+          "ReadOnly": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Method",
-          "Name": "UseTwitterAuthentication",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            },
-            {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.TwitterOptions"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
           "Static": true,
-          "Extension": true,
           "Visibility": "Public",
-          "GenericParameter": []
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"Twitter\""
         }
       ],
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Builder.TwitterOptions",
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -770,6 +670,14 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimActions",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_StateDataFormat",
@@ -795,7 +703,7 @@
           "Kind": "Method",
           "Name": "get_Events",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -805,7 +713,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents"
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents"
             }
           ],
           "ReturnType": "System.Void",
@@ -814,19 +722,19 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_SystemClock",
+          "Name": "get_StateCookie",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieBuilder",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_SystemClock",
+          "Name": "set_StateCookie",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+              "Type": "Microsoft.AspNetCore.Http.CookieBuilder"
             }
           ],
           "ReturnType": "System.Void",
@@ -842,7 +750,49 @@
         }
       ],
       "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterPostConfigureOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "PostConfigure",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "dataProtection",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
deleted file mode 100644
index 6b84409111..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/breakingchanges.netcore.json
+++ /dev/null
@@ -1,45 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents : Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents, Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterMiddleware : Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<Microsoft.AspNetCore.Builder.TwitterOptions>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.TwitterOptions : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public interface Microsoft.AspNetCore.Authentication.Twitter.ITwitterEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
-      "MemberId": "public Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties get_Properties()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.RequestToken",
-      "MemberId": "public System.Void set_Properties(Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties value)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.TwitterAppBuilderExtensions",
-      "MemberId": "public static Microsoft.AspNetCore.Builder.IApplicationBuilder UseTwitterAuthentication(this Microsoft.AspNetCore.Builder.IApplicationBuilder app, Microsoft.AspNetCore.Builder.TwitterOptions options)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterCreatingTicketContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Twitter.TwitterRedirectToAuthorizationEndpointContext : Microsoft.AspNetCore.Authentication.Twitter.BaseTwitterContext",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
index 1f69da5a8f..6db7d2c81d 100644
--- a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
@@ -1,488 +1,140 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
-      "Name": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
       "Visibility": "Public",
       "Kind": "Class",
-      "Abstract": true,
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
+          "Name": "get_Services",
           "Parameters": [],
-          "ReturnType": "System.String",
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_AuthenticationScheme",
+          "Name": "AddScheme<T0, T1>",
           "Parameters": [
             {
-              "Name": "value",
+              "Name": "authenticationScheme",
               "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AutomaticAuthenticate",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AutomaticAuthenticate",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_AutomaticChallenge",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_AutomaticChallenge",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ClaimsIssuer",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ClaimsIssuer",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Description",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Description",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationDescription"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationAppBuilderExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "UseClaimsTransformation",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseClaimsTransformation",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
             },
             {
-              "Name": "transform",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UseClaimsTransformation",
-          "Parameters": [
-            {
-              "Name": "app",
-              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+              "Name": "displayName",
+              "Type": "System.String"
             },
             {
-              "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
-          "Static": true,
-          "Extension": true,
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Virtual": true,
           "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Transformer",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-          "Visibility": "Public",
-          "GenericParameter": []
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>"
+              ]
+            }
+          ]
         },
         {
           "Kind": "Method",
-          "Name": "set_Transformer",
+          "Name": "AddScheme<T0, T1>",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
             }
           ],
-          "ReturnType": "System.Void",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Virtual": true,
           "Visibility": "Public",
-          "GenericParameter": []
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>"
+              ]
+            }
+          ]
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddRemoteScheme<T0, T1>",
+          "Parameters": [
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>"
+              ]
+            }
+          ]
         },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_BackchannelTimeout",
-          "Parameters": [],
-          "ReturnType": "System.TimeSpan",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_BackchannelTimeout",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.TimeSpan"
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
             }
           ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_BackchannelHttpHandler",
-          "Parameters": [],
-          "ReturnType": "System.Net.Http.HttpMessageHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_BackchannelHttpHandler",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Net.Http.HttpMessageHandler"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_CallbackPath",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_CallbackPath",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.PathString"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SignInScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SignInScheme",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_DisplayName",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_DisplayName",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_RemoteAuthenticationTimeout",
-          "Parameters": [],
-          "ReturnType": "System.TimeSpan",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_RemoteAuthenticationTimeout",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.TimeSpan"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SaveTokens",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SaveTokens",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Field",
-          "Name": "Events",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Succeeded",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Ticket",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Failure",
-          "Parameters": [],
-          "ReturnType": "System.Exception",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Skipped",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Success",
-          "Parameters": [
-            {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Skip",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Fail",
-          "Parameters": [
-            {
-              "Name": "failure",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Fail",
-          "Parameters": [
-            {
-              "Name": "failureMessage",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-          "Static": true,
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -495,70 +147,23 @@
       "Kind": "Class",
       "Abstract": true,
       "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+        "Microsoft.AspNetCore.Authentication.IAuthenticationHandler"
       ],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_SignInAccepted",
+          "Name": "get_Scheme",
           "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Protected",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationScheme",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_SignInAccepted",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_SignOutAccepted",
+          "Name": "get_Options",
           "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_SignOutAccepted",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_ChallengeCalled",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_ChallengeCalled",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Protected",
+          "ReturnType": "T0",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
@@ -587,7 +192,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_OriginalPathBase",
+          "Name": "get_OriginalPath",
           "Parameters": [],
           "ReturnType": "Microsoft.AspNetCore.Http.PathString",
           "Visibility": "Protected",
@@ -595,7 +200,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_OriginalPath",
+          "Name": "get_OriginalPathBase",
           "Parameters": [],
           "ReturnType": "Microsoft.AspNetCore.Http.PathString",
           "Visibility": "Protected",
@@ -619,23 +224,50 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_PriorHandler",
+          "Name": "get_Clock",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_PriorHandler",
+          "Name": "get_OptionsMonitor",
+          "Parameters": [],
+          "ReturnType": "Microsoft.Extensions.Options.IOptionsMonitor<T0>",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "System.Object",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
+              "Type": "System.Object"
             }
           ],
           "ReturnType": "System.Void",
-          "Visibility": "Public",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ClaimsIssuer",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
@@ -648,35 +280,49 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_Options",
+          "Name": "InitializeAsync",
+          "Parameters": [
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "InitializeEventsAsync",
           "Parameters": [],
-          "ReturnType": "T0",
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
           "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "InitializeAsync",
-          "Parameters": [
-            {
-              "Name": "options",
-              "Type": "T0"
-            },
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "logger",
-              "Type": "Microsoft.Extensions.Logging.ILogger"
-            },
-            {
-              "Name": "encoder",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            }
-          ],
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "InitializeHandlerAsync",
+          "Parameters": [],
           "ReturnType": "System.Threading.Tasks.Task",
-          "Visibility": "Public",
+          "Virtual": true,
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
@@ -692,70 +338,14 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "FinishResponseAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetDescriptions",
-          "Parameters": [
-            {
-              "Name": "describeContext",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ShouldHandleScheme",
-          "Parameters": [
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "handleAutomatic",
-              "Type": "System.Boolean"
-            }
-          ],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "AuthenticateAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
           "Sealed": true,
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationHandler",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -767,6 +357,14 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateOnceSafeAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "HandleAuthenticateAsync",
@@ -777,90 +375,30 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "SignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "HandleForbiddenAsync",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
           "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "HandleUnauthorizedAsync",
+          "Name": "HandleChallengeAsync",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
           "Visibility": "Protected",
           "GenericParameter": []
@@ -870,168 +408,52 @@
           "Name": "ChallengeAsync",
           "Parameters": [
             {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Sealed": true,
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
-          "Parameters": [],
-          "ReturnType": "System.String",
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationHandler",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_AuthenticationScheme",
+          "Name": "ForbidAsync",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "T0",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Options",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "T0"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Logger",
-          "Parameters": [],
-          "ReturnType": "Microsoft.Extensions.Logging.ILogger",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Logger",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.Extensions.Logging.ILogger"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_UrlEncoder",
-          "Parameters": [],
-          "ReturnType": "System.Text.Encodings.Web.UrlEncoder",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_UrlEncoder",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Text.Encodings.Web.UrlEncoder"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Invoke",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "ReturnType": "System.Threading.Tasks.Task",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CreateHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+          "Sealed": true,
           "Virtual": true,
-          "Abstract": true,
-          "Visibility": "Protected",
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationHandler",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
           "Parameters": [
-            {
-              "Name": "next",
-              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
-            },
             {
               "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<T0>"
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<T0>"
             },
             {
-              "Name": "loggerFactory",
+              "Name": "logger",
               "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
             },
             {
               "Name": "encoder",
               "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
             }
           ],
           "Visibility": "Protected",
@@ -1044,347 +466,32 @@
           "ParameterPosition": 0,
           "New": true,
           "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.AuthenticationOptions"
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
           ]
         }
       ]
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationMiddleware",
       "Visibility": "Public",
       "Kind": "Class",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_AuthenticationScheme",
+          "Name": "get_Schemes",
           "Parameters": [],
-          "ReturnType": "System.String",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.IAuthenticationSchemeProvider",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Properties",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "principal",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            },
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "authenticationScheme",
-              "Type": "System.String"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationToken",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Name",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Name",
+          "Name": "set_Schemes",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Value",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Value",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Context",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.HttpContext",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Principal",
-          "Parameters": [],
-          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Principal",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Security.Claims.ClaimsPrincipal"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationHandler",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_PriorHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_PriorHandler",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "AuthenticateAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.AuthenticateContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "ChallengeAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetDescriptions",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.DescribeSchemesContext"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "RegisterAuthenticationHandler",
-          "Parameters": [
-            {
-              "Name": "auth",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "UnregisterAuthenticationHandler",
-          "Parameters": [
-            {
-              "Name": "auth",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.IHttpAuthenticationFeature"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [
-            {
-              "Name": "transform",
-              "Type": "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
-            },
-            {
-              "Name": "httpContext",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            }
-          ],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformationMiddleware",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_Options",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Options",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Builder.ClaimsTransformationOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.IAuthenticationSchemeProvider"
             }
           ],
           "ReturnType": "System.Void",
@@ -1413,8 +520,8 @@
               "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
             },
             {
-              "Name": "options",
-              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.ClaimsTransformationOptions>"
+              "Name": "schemes",
+              "Type": "Microsoft.AspNetCore.Authentication.IAuthenticationSchemeProvider"
             }
           ],
           "Visibility": "Public",
@@ -1424,245 +531,23 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.ClaimsTransformer",
+      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
       "Visibility": "Public",
       "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IClaimsTransformer"
-      ],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_OnTransform",
-          "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_OnTransform",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.ClaimsTransformationContext, System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>>"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "TransformAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "TransformAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.ClaimsTransformationContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Security.Claims.ClaimsPrincipal>",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.ISystemClock",
-      "Visibility": "Public",
-      "Kind": "Interface",
-      "Abstract": true,
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_UtcNow",
+          "Name": "Validate",
           "Parameters": [],
-          "ReturnType": "System.DateTimeOffset",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteCallbackAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleRemoteAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Abstract": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleAuthenticateAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignOutAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignOutContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleSignInAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.SignInContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "HandleForbiddenAsync",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.Features.Authentication.ChallengeContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GenerateCorrelationId",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
           "ReturnType": "System.Void",
           "Virtual": true,
-          "Visibility": "Protected",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "ValidateCorrelationId",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            }
-          ],
-          "ReturnType": "System.Boolean",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Protected",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": [
-        {
-          "ParameterName": "TOptions",
-          "ParameterPosition": 0,
-          "BaseTypeOrInterfaces": [
-            "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
-          ]
-        }
-      ]
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_SignInScheme",
+          "Name": "get_ClaimsIssuer",
           "Parameters": [],
           "ReturnType": "System.String",
           "Visibility": "Public",
@@ -1670,7 +555,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "set_SignInScheme",
+          "Name": "set_ClaimsIssuer",
           "Parameters": [
             {
               "Name": "value",
@@ -1681,146 +566,52 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.SystemClock",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.ISystemClock"
-      ],
-      "Members": [
         {
           "Kind": "Method",
-          "Name": "get_UtcNow",
+          "Name": "get_Events",
           "Parameters": [],
-          "ReturnType": "System.DateTimeOffset",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "ReturnType": "System.Object",
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.AuthenticationTokenExtensions",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "Abstract": true,
-      "Static": true,
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
         {
           "Kind": "Method",
-          "Name": "StoreTokens",
+          "Name": "set_Events",
           "Parameters": [
             {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "tokens",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>"
+              "Name": "value",
+              "Type": "System.Object"
             }
           ],
           "ReturnType": "System.Void",
-          "Static": true,
-          "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "GetTokenValue",
-          "Parameters": [
-            {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
-            },
-            {
-              "Name": "tokenName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.String",
-          "Static": true,
-          "Extension": true,
+          "Name": "get_EventsType",
+          "Parameters": [],
+          "ReturnType": "System.Type",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "GetTokens",
+          "Name": "set_EventsType",
           "Parameters": [
             {
-              "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Name": "value",
+              "Type": "System.Type"
             }
           ],
-          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authentication.AuthenticationToken>",
-          "Static": true,
-          "Extension": true,
+          "ReturnType": "System.Void",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
-          "Kind": "Method",
-          "Name": "GetTokenAsync",
-          "Parameters": [
-            {
-              "Name": "manager",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
-            },
-            {
-              "Name": "tokenName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.String>",
-          "Static": true,
-          "Extension": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "GetTokenAsync",
-          "Parameters": [
-            {
-              "Name": "manager",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationManager"
-            },
-            {
-              "Name": "signInScheme",
-              "Type": "System.String"
-            },
-            {
-              "Name": "tokenName",
-              "Type": "System.String"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task<System.String>",
-          "Static": true,
-          "Extension": true,
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
           "Visibility": "Public",
           "GenericParameter": []
         }
@@ -1943,7 +734,7 @@
       "Name": "Microsoft.AspNetCore.Authentication.PropertiesDataFormat",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+      "BaseType": "Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -1966,7 +757,7 @@
       "Visibility": "Public",
       "Kind": "Class",
       "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>"
+        "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationProperties>"
       ],
       "Members": [
         {
@@ -1984,12 +775,12 @@
           "Parameters": [
             {
               "Name": "model",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "ReturnType": "System.Byte[]",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationProperties>",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -2002,9 +793,9 @@
               "Type": "System.Byte[]"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Authentication.AuthenticationProperties>",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -2018,7 +809,7 @@
             },
             {
               "Name": "properties",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "ReturnType": "System.Void",
@@ -2035,7 +826,7 @@
               "Type": "System.IO.BinaryReader"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
           "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
@@ -2375,12 +1166,28 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "Name": "Microsoft.AspNetCore.Authentication.BaseContext<T0>",
       "Visibility": "Public",
       "Kind": "Class",
       "Abstract": true,
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Scheme",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationScheme",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Options",
+          "Parameters": [],
+          "ReturnType": "T0",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_HttpContext",
@@ -2412,56 +1219,56 @@
             {
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
             }
           ],
           "Visibility": "Protected",
           "GenericParameter": []
         }
       ],
-      "GenericParameters": []
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "Name": "Microsoft.AspNetCore.Authentication.HandleRequestContext<T0>",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext<T0>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_State",
+          "Name": "get_Result",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.EventResultState",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_State",
+          "Name": "set_Result",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.EventResultState"
+              "Type": "Microsoft.AspNetCore.Authentication.HandleRequestResult"
             }
           ],
           "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_HandledResponse",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Skipped",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
@@ -2474,47 +1281,12 @@
         },
         {
           "Kind": "Method",
-          "Name": "SkipToNextMiddleware",
+          "Name": "SkipHandler",
           "Parameters": [],
           "ReturnType": "System.Void",
           "Visibility": "Public",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "get_Ticket",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "set_Ticket",
-          "Parameters": [
-            {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
-            }
-          ],
-          "ReturnType": "System.Void",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "CheckEventResult",
-          "Parameters": [
-            {
-              "Name": "result",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-              "Direction": "Out"
-            }
-          ],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -2522,67 +1294,184 @@
             {
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
             }
           ],
           "Visibility": "Protected",
           "GenericParameter": []
         }
       ],
-      "GenericParameters": []
-    },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.EventResultState",
-      "Visibility": "Public",
-      "Kind": "Enumeration",
-      "Sealed": true,
-      "ImplementedInterfaces": [],
-      "Members": [
+      "GenericParameters": [
         {
-          "Kind": "Field",
-          "Name": "Continue",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "0"
-        },
-        {
-          "Kind": "Field",
-          "Name": "Skipped",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "1"
-        },
-        {
-          "Kind": "Field",
-          "Name": "HandledResponse",
-          "Parameters": [],
-          "GenericParameter": [],
-          "Literal": "2"
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
         }
-      ],
-      "GenericParameters": []
+      ]
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.FailureContext",
+      "Name": "Microsoft.AspNetCore.Authentication.PrincipalContext<T0>",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.PropertiesContext<T0>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_Failure",
+          "Name": "get_Principal",
           "Parameters": [],
-          "ReturnType": "System.Exception",
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_Failure",
+          "Name": "set_Principal",
           "Parameters": [
             {
               "Name": "value",
-              "Type": "System.Exception"
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.PropertiesContext<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.RedirectContext<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PropertiesContext<T0>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_RedirectUri",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RedirectUri",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
             }
           ],
           "ReturnType": "System.Void",
@@ -2598,63 +1487,168 @@
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
             {
-              "Name": "failure",
-              "Type": "System.Exception"
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
             }
           ],
           "Visibility": "Public",
           "GenericParameter": []
         }
       ],
-      "GenericParameters": []
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<T0>",
       "Visibility": "Public",
-      "Kind": "Interface",
+      "Kind": "Class",
       "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.HandleRequestContext<T0>",
       "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "RemoteFailure",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
-            }
-          ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "Name": "get_Principal",
+          "Parameters": [],
+          "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "TicketReceived",
+          "Name": "set_Principal",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failureMessage",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
           "Parameters": [
             {
               "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.TicketReceivedContext"
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task",
+          "Visibility": "Protected",
           "GenericParameter": []
         }
       ],
-      "GenericParameters": []
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
     },
     {
       "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
       "Visibility": "Public",
       "Kind": "Class",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents"
-      ],
+      "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
           "Name": "get_OnRemoteFailure",
           "Parameters": [],
-          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>",
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.RemoteFailureContext, System.Threading.Tasks.Task>",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -2664,7 +1658,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "System.Func<Microsoft.AspNetCore.Authentication.FailureContext, System.Threading.Tasks.Task>"
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.RemoteFailureContext, System.Threading.Tasks.Task>"
             }
           ],
           "ReturnType": "System.Void",
@@ -2698,12 +1692,11 @@
           "Parameters": [
             {
               "Name": "context",
-              "Type": "Microsoft.AspNetCore.Authentication.FailureContext"
+              "Type": "Microsoft.AspNetCore.Authentication.RemoteFailureContext"
             }
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -2718,7 +1711,6 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -2733,10 +1725,66 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.TicketReceivedContext",
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteFailureContext",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.BaseControlContext",
+      "BaseType": "Microsoft.AspNetCore.Authentication.HandleRequestContext<Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Failure",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Failure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions"
+            },
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ResultContext<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.BaseContext<T0>",
       "ImplementedInterfaces": [],
       "Members": [
         {
@@ -2764,7 +1812,7 @@
           "Kind": "Method",
           "Name": "get_Properties",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -2774,7 +1822,7 @@
           "Parameters": [
             {
               "Name": "value",
-              "Type": "Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties"
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
           "ReturnType": "System.Void",
@@ -2783,25 +1831,92 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_Options",
+          "Name": "get_Result",
           "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_Options",
+          "Name": "Success",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "NoResult",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
           "Parameters": [
             {
-              "Name": "value",
-              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+              "Name": "failure",
+              "Type": "System.Exception"
             }
           ],
           "ReturnType": "System.Void",
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failureMessage",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "T0"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.TicketReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
         {
           "Kind": "Method",
           "Name": "get_ReturnUri",
@@ -2831,9 +1946,13 @@
               "Name": "context",
               "Type": "Microsoft.AspNetCore.Http.HttpContext"
             },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
             {
               "Name": "options",
-              "Type": "Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions"
+              "Type": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions"
             },
             {
               "Name": "ticket",
@@ -2846,6 +1965,621 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.ISystemClock",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UtcNow",
+          "Parameters": [],
+          "ReturnType": "System.DateTimeOffset",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_SignInScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ShouldHandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult>",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleForbiddenAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "GenerateCorrelationId",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ValidateCorrelationId",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Boolean",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<T0>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Protected",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Validate",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_BackchannelHttpHandler",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpMessageHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_BackchannelHttpHandler",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Net.Http.HttpMessageHandler"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Backchannel",
+          "Parameters": [],
+          "ReturnType": "System.Net.Http.HttpClient",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Backchannel",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Net.Http.HttpClient"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_DataProtectionProvider",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_DataProtectionProvider",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CallbackPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CallbackPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignInScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignInScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RemoteAuthenticationTimeout",
+          "Parameters": [],
+          "ReturnType": "System.TimeSpan",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RemoteAuthenticationTimeout",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.TimeSpan"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SaveTokens",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SaveTokens",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CorrelationCookie",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CorrelationCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieBuilder"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Handled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Skipped",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failureMessage",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Handle",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SkipHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SystemClock",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.ISystemClock"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_UtcNow",
+          "Parameters": [],
+          "ReturnType": "System.DateTimeOffset",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.ISystemClock",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Internal.RequestPathBaseCookieBuilder",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Http.CookieBuilder",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AdditionalPath",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Build",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "expiresFrom",
+              "Type": "System.DateTimeOffset"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "UseAuthentication",
+          "Parameters": [
+            {
+              "Name": "app",
+              "Type": "Microsoft.AspNetCore.Builder.IApplicationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Builder.IApplicationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
       "Visibility": "Public",
@@ -2864,7 +2598,26 @@
               "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
             }
           ],
-          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddAuthentication",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "defaultScheme",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
           "Static": true,
           "Extension": true,
           "Visibility": "Public",
@@ -2880,18 +2633,189 @@
             },
             {
               "Name": "configureOptions",
-              "Type": "System.Action<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions>"
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.AuthenticationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddScheme<T0, T1>",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureScheme",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.AuthenticationSchemeBuilder>"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
             }
           ],
           "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
           "Static": true,
           "Extension": true,
           "Visibility": "Public",
-          "GenericParameter": []
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>"
+              ]
+            }
+          ]
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddScheme<T0, T1>",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>"
+              ]
+            }
+          ]
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddScheme<T0, T1>",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>"
+              ]
+            }
+          ]
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddRemoteScheme<T0, T1>",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<T0>"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": [
+            {
+              "ParameterName": "TOptions",
+              "ParameterPosition": 0,
+              "New": true,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions"
+              ]
+            },
+            {
+              "ParameterName": "THandler",
+              "ParameterPosition": 1,
+              "BaseTypeOrInterfaces": [
+                "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>"
+              ]
+            }
+          ]
         }
       ],
       "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
deleted file mode 100644
index 81dc1133e2..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/breakingchanges.netcore.json
+++ /dev/null
@@ -1,116 +0,0 @@
-  [
-    {
-      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0> : Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler where T0 : Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<T0> where T0 : Microsoft.AspNetCore.Builder.AuthenticationOptions, new()",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0> : Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0> where T0 : Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public abstract class Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.AuthenticateResult",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.AuthenticationTicket",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.AuthenticationToken",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformationContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformationHandler : Microsoft.AspNetCore.Http.Features.Authentication.IAuthenticationHandler",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformationMiddleware",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.ClaimsTransformer : Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.PropertiesDataFormat : Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.PropertiesSerializer : Microsoft.AspNetCore.Authentication.IDataSerializer<Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties>",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents : Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.ClaimsTransformationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Builder.RemoteAuthenticationOptions : Microsoft.AspNetCore.Builder.AuthenticationOptions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public interface Microsoft.AspNetCore.Authentication.IClaimsTransformer",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public interface Microsoft.AspNetCore.Authentication.IRemoteAuthenticationEvents",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Authentication.AuthenticationTokenExtensions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.AspNetCore.Builder.ClaimsTransformationAppBuilderExtensions",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
-      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Authentication.SharedAuthenticationOptions> configureOptions)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public abstract class Microsoft.AspNetCore.Authentication.BaseContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.BaseControlContext : Microsoft.AspNetCore.Authentication.BaseContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.FailureContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.TicketReceivedContext : Microsoft.AspNetCore.Authentication.BaseControlContext",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public static class Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions",
-      "MemberId": "public static Microsoft.Extensions.DependencyInjection.IServiceCollection AddAuthentication(this Microsoft.Extensions.DependencyInjection.IServiceCollection services)",
-      "Kind": "Removal"
-    },
-    {
-      "TypeId": "public enum Microsoft.AspNetCore.Authentication.EventResultState",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json b/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
new file mode 100644
index 0000000000..0bad3ed62c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
@@ -0,0 +1,211 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization.Policy, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Policy.IPolicyEvaluator",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthenticateAsync",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            },
+            {
+              "Name": "authenticationResult",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticateResult"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Challenged",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Forbidden",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Succeeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Challenge",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Forbid",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.Policy.IPolicyEvaluator"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AuthenticateAsync",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.Policy.IPolicyEvaluator",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthorizeAsync",
+          "Parameters": [
+            {
+              "Name": "policy",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
+            },
+            {
+              "Name": "authenticationResult",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticateResult"
+            },
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.Policy.PolicyAuthorizationResult>",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.Policy.IPolicyEvaluator",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "authorization",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationService"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddAuthorizationPolicyEvaluator",
+          "Parameters": [
+            {
+              "Name": "services",
+              "Type": "Microsoft.Extensions.DependencyInjection.IServiceCollection"
+            }
+          ],
+          "ReturnType": "Microsoft.Extensions.DependencyInjection.IServiceCollection",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ]
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json b/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
index 8ae585270c..6108db6d29 100644
--- a/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions",
@@ -66,6 +66,54 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationFailure",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_FailCalled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_FailedRequirements",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "ExplicitFail",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationFailure",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Failed",
+          "Parameters": [
+            {
+              "Name": "failed",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationFailure",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authorization.AuthorizationHandler<T0>",
       "Visibility": "Public",
@@ -208,6 +256,7 @@
           "Name": "get_Requirements",
           "Parameters": [],
           "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -216,6 +265,7 @@
           "Name": "get_User",
           "Parameters": [],
           "ReturnType": "System.Security.Claims.ClaimsPrincipal",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -224,6 +274,7 @@
           "Name": "get_Resource",
           "Parameters": [],
           "ReturnType": "System.Object",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -232,6 +283,7 @@
           "Name": "get_PendingRequirements",
           "Parameters": [],
           "ReturnType": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -240,6 +292,7 @@
           "Name": "get_HasFailed",
           "Parameters": [],
           "ReturnType": "System.Boolean",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -248,6 +301,7 @@
           "Name": "get_HasSucceeded",
           "Parameters": [],
           "ReturnType": "System.Boolean",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -256,6 +310,7 @@
           "Name": "Fail",
           "Parameters": [],
           "ReturnType": "System.Void",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -269,6 +324,7 @@
             }
           ],
           "ReturnType": "System.Void",
+          "Virtual": true,
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -301,6 +357,27 @@
       "Kind": "Class",
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_InvokeHandlersAfterFailure",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_InvokeHandlersAfterFailure",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_DefaultPolicy",
@@ -714,6 +791,63 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.AuthorizationResult",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Succeeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Failure",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationFailure",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Failed",
+          "Parameters": [
+            {
+              "Name": "failure",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationFailure"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Failed",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions",
       "Visibility": "Public",
@@ -744,7 +878,7 @@
               "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationRequirement"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "Static": true,
           "Extension": true,
           "Visibility": "Public",
@@ -771,7 +905,7 @@
               "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "Static": true,
           "Extension": true,
           "Visibility": "Public",
@@ -794,7 +928,7 @@
               "Type": "Microsoft.AspNetCore.Authorization.AuthorizationPolicy"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "Static": true,
           "Extension": true,
           "Visibility": "Public",
@@ -817,7 +951,7 @@
               "Type": "System.String"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "Static": true,
           "Extension": true,
           "Visibility": "Public",
@@ -891,7 +1025,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_ActiveAuthenticationSchemes",
+          "Name": "get_AuthenticationSchemes",
           "Parameters": [],
           "ReturnType": "System.String",
           "Sealed": true,
@@ -900,6 +1034,30 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "set_AuthenticationSchemes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ActiveAuthenticationSchemes",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "set_ActiveAuthenticationSchemes",
@@ -910,9 +1068,6 @@
             }
           ],
           "ReturnType": "System.Void",
-          "Sealed": true,
-          "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizeData",
           "Visibility": "Public",
           "GenericParameter": []
         },
@@ -938,6 +1093,120 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationEvaluator",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Evaluate",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationResult",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerContextFactory",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateContext",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetHandlersAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler>>",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "handlers",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider",
       "Visibility": "Public",
@@ -1012,7 +1281,7 @@
               "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "Sealed": true,
           "Virtual": true,
           "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
@@ -1036,7 +1305,7 @@
               "Type": "System.String"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "Sealed": true,
           "Virtual": true,
           "ImplementedInterface": "Microsoft.AspNetCore.Authorization.IAuthorizationService",
@@ -1053,11 +1322,23 @@
             },
             {
               "Name": "handlers",
-              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler>"
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider"
             },
             {
               "Name": "logger",
               "Type": "Microsoft.Extensions.Logging.ILogger<Microsoft.AspNetCore.Authorization.DefaultAuthorizationService>"
+            },
+            {
+              "Name": "contextFactory",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory"
+            },
+            {
+              "Name": "evaluator",
+              "Type": "Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions>"
             }
           ],
           "Visibility": "Public",
@@ -1075,6 +1356,28 @@
       "Members": [],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Evaluate",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationResult",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationHandler",
       "Visibility": "Public",
@@ -1097,6 +1400,58 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateContext",
+          "Parameters": [
+            {
+              "Name": "requirements",
+              "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
+            },
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "resource",
+              "Type": "System.Object"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider",
+      "Visibility": "Public",
+      "Kind": "Interface",
+      "Abstract": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "GetHandlersAsync",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler>>",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider",
       "Visibility": "Public",
@@ -1159,7 +1514,7 @@
               "Type": "System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement>"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "GenericParameter": []
         },
         {
@@ -1179,7 +1534,7 @@
               "Type": "System.String"
             }
           ],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult>",
           "GenericParameter": []
         }
       ],
@@ -1232,14 +1587,14 @@
         },
         {
           "Kind": "Method",
-          "Name": "get_ActiveAuthenticationSchemes",
+          "Name": "get_AuthenticationSchemes",
           "Parameters": [],
           "ReturnType": "System.String",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "set_ActiveAuthenticationSchemes",
+          "Name": "set_AuthenticationSchemes",
           "Parameters": [
             {
               "Name": "value",
@@ -1588,6 +1943,5 @@
       ],
       "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
index 8eef347eb6..97da7ea5c6 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions",
@@ -53,6 +53,27 @@
       "Kind": "Class",
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_MinimumSameSitePolicy",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.SameSiteMode",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MinimumSameSitePolicy",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.SameSiteMode"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_HttpOnly",
@@ -387,6 +408,5 @@
       ],
       "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
index 1fc242ec55..a55bf8f339 100644
--- a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
+++ b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=1.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Owin.Security.Interop.AspNetTicketDataFormat",
@@ -368,6 +368,5 @@
       ],
       "GenericParameters": []
     }
-  ],
-  "SourceFilters": []
+  ]
 }
\ No newline at end of file

From 144ee21696e838c1f96676573ffe30e8f2ba8bd6 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 6 Jul 2017 12:36:34 -0700
Subject: [PATCH 808/900] #1188 Add AuthenticationProperties to
 HandleRequestResult and RemoteFailureContext

---
 samples/SocialSample/Startup.cs               |  59 +++++--
 .../OAuthHandler.cs                           |  38 ++---
 .../OpenIdConnectHandler.cs                   |  43 +++--
 .../TwitterHandler.cs                         |   9 +-
 .../Events/RemoteFailureContext.cs            |   5 +
 ...cationResult.cs => HandleRequestResult.cs} |  24 ++-
 .../RemoteAuthenticationHandler.cs            |  19 ++-
 .../GoogleTests.cs                            |  36 +++-
 .../OAuthTests.cs                             | 156 ++++++++++--------
 .../OpenIdConnect/OpenIdConnectEventTests.cs  |  18 +-
 .../TwitterTests.cs                           | 117 ++++++++-----
 11 files changed, 346 insertions(+), 178 deletions(-)
 rename src/Microsoft.AspNetCore.Authentication/{RemoteAuthenticationResult.cs => HandleRequestResult.cs} (72%)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index a0b193b8e2..35896e84b1 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -67,6 +67,10 @@ namespace SocialSample
                 o.Fields.Add("name");
                 o.Fields.Add("email");
                 o.SaveTokens = true;
+                o.Events = new OAuthEvents()
+                {
+                    OnRemoteFailure = HandleOnRemoteFailure
+                };
             })
                 // You must first create an app with Google and add its ID and Secret to your user-secrets.
                 // https://console.developers.google.com/project
@@ -81,6 +85,10 @@ namespace SocialSample
                 o.Scope.Add("profile");
                 o.Scope.Add("email");
                 o.SaveTokens = true;
+                o.Events = new OAuthEvents()
+                {
+                    OnRemoteFailure = HandleOnRemoteFailure
+                };
             })
                 // You must first create an app with Google and add its ID and Secret to your user-secrets.
                 // https://console.developers.google.com/project
@@ -93,12 +101,7 @@ namespace SocialSample
                 o.SaveTokens = true;
                 o.Events = new OAuthEvents()
                 {
-                    OnRemoteFailure = ctx =>
-                    {
-                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
-                        ctx.HandleResponse();
-                        return Task.FromResult(0);
-                    }
+                    OnRemoteFailure = HandleOnRemoteFailure
                 };
                 o.ClaimActions.MapJsonSubKey("urn:google:image", "image", "url");
                 o.ClaimActions.Remove(ClaimTypes.GivenName);
@@ -116,12 +119,7 @@ namespace SocialSample
                 o.ClaimActions.MapJsonKey("urn:twitter:profilepicture", "profile_image_url", ClaimTypes.Uri);
                 o.Events = new TwitterEvents()
                 {
-                    OnRemoteFailure = ctx =>
-                    {
-                        ctx.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(ctx.Failure.Message));
-                        ctx.HandleResponse();
-                        return Task.FromResult(0);
-                    }
+                    OnRemoteFailure = HandleOnRemoteFailure
                 };
             })
                 /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
@@ -139,6 +137,10 @@ namespace SocialSample
                 o.TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
                 o.Scope.Add("https://graph.microsoft.com/user.read");
                 o.SaveTokens = true;
+                o.Events = new OAuthEvents()
+                {
+                    OnRemoteFailure = HandleOnRemoteFailure
+                };
             })
                 // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
                 // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
@@ -148,6 +150,10 @@ namespace SocialSample
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
                 o.SaveTokens = true;
                 o.Scope.Add("offline_access");
+                o.Events = new OAuthEvents()
+                {
+                    OnRemoteFailure = HandleOnRemoteFailure
+                };
             })
                 // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
                 // https://github.com/settings/applications/
@@ -159,6 +165,10 @@ namespace SocialSample
                 o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
                 o.TokenEndpoint = "https://github.com/login/oauth/access_token";
                 o.SaveTokens = true;
+                o.Events = new OAuthEvents()
+                {
+                    OnRemoteFailure = HandleOnRemoteFailure
+                };
             })
                 // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
                 // https://github.com/settings/applications/
@@ -180,6 +190,7 @@ namespace SocialSample
                 o.ClaimActions.MapJsonKey("urn:github:url", "url");
                 o.Events = new OAuthEvents
                 {
+                    OnRemoteFailure = HandleOnRemoteFailure,
                     OnCreatingTicket = async context =>
                     {
                         // Get the GitHub user
@@ -198,6 +209,30 @@ namespace SocialSample
             });
         }
 
+        private async Task HandleOnRemoteFailure(RemoteFailureContext context)
+        {
+            context.Response.StatusCode = 500;
+            context.Response.ContentType = "text/html";
+            await context.Response.WriteAsync("<html><body>");
+            await context.Response.WriteAsync("A remote failure has occurred: " + UrlEncoder.Default.Encode(context.Failure.Message) + "<br>");
+
+            if (context.Properties != null)
+            {
+                await context.Response.WriteAsync("Properties:<br>");
+                foreach (var pair in context.Properties.Items)
+                {
+                    await context.Response.WriteAsync($"-{ UrlEncoder.Default.Encode(pair.Key)}={ UrlEncoder.Default.Encode(pair.Value)}<br>");
+                }
+            }
+
+            await context.Response.WriteAsync("<a href=\"/\">Home</a>");
+            await context.Response.WriteAsync("</body></html>");
+
+            // context.Response.Redirect("/error?FailureMessage=" + UrlEncoder.Default.Encode(context.Failure.Message));
+
+            context.HandleResponse();
+        }
+
         public void Configure(IApplicationBuilder app)
         {
             app.UseDeveloperExceptionPage();
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 007d7dbefd..80680a7cf8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -44,9 +44,22 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
         protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
         {
-            AuthenticationProperties properties = null;
             var query = Request.Query;
 
+            var state = query["state"];
+            var properties = Options.StateDataFormat.Unprotect(state);
+
+            if (properties == null)
+            {
+                return HandleRequestResult.Fail("The oauth state was missing or invalid.");
+            }
+
+            // OAuth2 10.12 CSRF
+            if (!ValidateCorrelationId(properties))
+            {
+                return HandleRequestResult.Fail("Correlation failed.", properties);
+            }
+
             var error = query["error"];
             if (!StringValues.IsNullOrEmpty(error))
             {
@@ -63,39 +76,26 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     failureMessage.Append(";Uri=").Append(errorUri);
                 }
 
-                return HandleRequestResult.Fail(failureMessage.ToString());
+                return HandleRequestResult.Fail(failureMessage.ToString(), properties);
             }
 
             var code = query["code"];
-            var state = query["state"];
-
-            properties = Options.StateDataFormat.Unprotect(state);
-            if (properties == null)
-            {
-                return HandleRequestResult.Fail("The oauth state was missing or invalid.");
-            }
-
-            // OAuth2 10.12 CSRF
-            if (!ValidateCorrelationId(properties))
-            {
-                return HandleRequestResult.Fail("Correlation failed.");
-            }
 
             if (StringValues.IsNullOrEmpty(code))
             {
-                return HandleRequestResult.Fail("Code was not found.");
+                return HandleRequestResult.Fail("Code was not found.", properties);
             }
 
             var tokens = await ExchangeCodeAsync(code, BuildRedirectUri(Options.CallbackPath));
 
             if (tokens.Error != null)
             {
-                return HandleRequestResult.Fail(tokens.Error);
+                return HandleRequestResult.Fail(tokens.Error, properties);
             }
 
             if (string.IsNullOrEmpty(tokens.AccessToken))
             {
-                return HandleRequestResult.Fail("Failed to retrieve access token.");
+                return HandleRequestResult.Fail("Failed to retrieve access token.", properties);
             }
 
             var identity = new ClaimsIdentity(ClaimsIssuer);
@@ -141,7 +141,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             }
             else
             {
-                return HandleRequestResult.Fail("Failed to retrieve user information from remote server.");
+                return HandleRequestResult.Fail("Failed to retrieve user information from remote server.", properties);
             }
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index bf365ceca0..7f65afdcec 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -491,13 +491,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 return HandleRequestResult.Fail("No message.");
             }
 
+            AuthenticationProperties properties = null;
             try
             {
-                AuthenticationProperties properties = null;
-                if (!string.IsNullOrEmpty(authorizationResponse.State))
-                {
-                    properties = Options.StateDataFormat.Unprotect(authorizationResponse.State);
-                }
+                properties = ReadPropertiesAndClearState(authorizationResponse);
 
                 var messageReceivedContext = await RunMessageReceivedEventAsync(authorizationResponse, properties);
                 if (messageReceivedContext.Result != null)
@@ -521,8 +518,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         return HandleRequestResult.Fail(Resources.MessageStateIsNullOrEmpty);
                     }
 
-                    // if state exists and we failed to 'unprotect' this is not a message we should process.
-                    properties = Options.StateDataFormat.Unprotect(authorizationResponse.State);
+                    properties = ReadPropertiesAndClearState(authorizationResponse);
                 }
 
                 if (properties == null)
@@ -533,21 +529,20 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                         // Not for us?
                         return HandleRequestResult.SkipHandler();
                     }
+
+                    // if state exists and we failed to 'unprotect' this is not a message we should process.
                     return HandleRequestResult.Fail(Resources.MessageStateIsInvalid);
                 }
 
-                properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out string userstate);
-                authorizationResponse.State = userstate;
-
                 if (!ValidateCorrelationId(properties))
                 {
-                    return HandleRequestResult.Fail("Correlation failed.");
+                    return HandleRequestResult.Fail("Correlation failed.", properties);
                 }
 
                 // if any of the error fields are set, throw error null
                 if (!string.IsNullOrEmpty(authorizationResponse.Error))
                 {
-                    return HandleRequestResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null));
+                    return HandleRequestResult.Fail(CreateOpenIdConnectProtocolException(authorizationResponse, response: null), properties);
                 }
 
                 if (_configuration == null && Options.ConfigurationManager != null)
@@ -635,8 +630,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
                     // At least a cursory validation is required on the new IdToken, even if we've already validated the one from the authorization response.
                     // And we'll want to validate the new JWT in ValidateTokenResponse.
-                    JwtSecurityToken tokenEndpointJwt;
-                    var tokenEndpointUser = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out tokenEndpointJwt);
+                    var tokenEndpointUser = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out var tokenEndpointJwt);
 
                     // Avoid reading & deleting the nonce cookie, running the event, etc, if it was already done as part of the authorization response validation.
                     if (user == null)
@@ -722,10 +716,27 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                     return authenticationFailedContext.Result;
                 }
 
-                return HandleRequestResult.Fail(exception);
+                return HandleRequestResult.Fail(exception, properties);
             }
         }
 
+        private AuthenticationProperties ReadPropertiesAndClearState(OpenIdConnectMessage message)
+        {
+            AuthenticationProperties properties = null;
+            if (!string.IsNullOrEmpty(message.State))
+            {
+                properties = Options.StateDataFormat.Unprotect(message.State);
+
+                if (properties != null)
+                {
+                    // If properties can be decoded from state, clear the message state.
+                    properties.Items.TryGetValue(OpenIdConnectDefaults.UserstatePropertiesKey, out var userstate);
+                    message.State = userstate;
+                }
+            }
+            return properties;
+        }
+
         private void PopulateSessionProperties(OpenIdConnectMessage message, AuthenticationProperties properties)
         {
             if (!string.IsNullOrEmpty(message.SessionState))
@@ -830,7 +841,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
             else
             {
-                return HandleRequestResult.Fail("Unknown response type: " + contentType.MediaType);
+                return HandleRequestResult.Fail("Unknown response type: " + contentType.MediaType, properties);
             }
 
             var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(principal, properties, message, user);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index e8a961df39..acfd765d9c 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -46,7 +46,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
         protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
         {
-            AuthenticationProperties properties = null;
             var query = Request.Query;
             var protectedRequestToken = Request.Cookies[Options.StateCookie.Name];
 
@@ -57,25 +56,25 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 return HandleRequestResult.Fail("Invalid state cookie.");
             }
 
-            properties = requestToken.Properties;
+            var properties = requestToken.Properties;
 
             // REVIEW: see which of these are really errors
 
             var returnedToken = query["oauth_token"];
             if (StringValues.IsNullOrEmpty(returnedToken))
             {
-                return HandleRequestResult.Fail("Missing oauth_token");
+                return HandleRequestResult.Fail("Missing oauth_token", properties);
             }
 
             if (!string.Equals(returnedToken, requestToken.Token, StringComparison.Ordinal))
             {
-                return HandleRequestResult.Fail("Unmatched token");
+                return HandleRequestResult.Fail("Unmatched token", properties);
             }
 
             var oauthVerifier = query["oauth_verifier"];
             if (StringValues.IsNullOrEmpty(oauthVerifier))
             {
-                return HandleRequestResult.Fail("Missing or blank oauth_verifier");
+                return HandleRequestResult.Fail("Missing or blank oauth_verifier", properties);
             }
 
             var cookieOptions = Options.StateCookie.Build(Context, Clock.UtcNow);
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
index becdfb5439..6b3598f40a 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
@@ -25,5 +25,10 @@ namespace Microsoft.AspNetCore.Authentication
         /// User friendly error message for the error.
         /// </summary>
         public Exception Failure { get; set; }
+
+        /// <summary>
+        /// Additional state values for the authentication session.
+        /// </summary>
+        public AuthenticationProperties Properties { get; set; }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationResult.cs b/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
similarity index 72%
rename from src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationResult.cs
rename to src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
index 8bcd2be01d..3f6c2d9177 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationResult.cs
+++ b/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
@@ -46,15 +46,33 @@ namespace Microsoft.AspNetCore.Authentication
             return new HandleRequestResult() { Failure = failure };
         }
 
+        /// <summary>
+        /// Indicates that there was a failure during authentication.
+        /// </summary>
+        /// <param name="failure">The failure exception.</param>
+        /// <param name="properties">Additional state values for the authentication session.</param>
+        /// <returns>The result.</returns>
+        public static new HandleRequestResult Fail(Exception failure, AuthenticationProperties properties)
+        {
+            return new HandleRequestResult() { Failure = failure, Properties = properties };
+        }
+
         /// <summary>
         /// Indicates that there was a failure during authentication.
         /// </summary>
         /// <param name="failureMessage">The failure message.</param>
         /// <returns>The result.</returns>
         public static new HandleRequestResult Fail(string failureMessage)
-        {
-            return new HandleRequestResult() { Failure = new Exception(failureMessage) };
-        }
+            => Fail(new Exception(failureMessage));
+
+        /// <summary>
+        /// Indicates that there was a failure during authentication.
+        /// </summary>
+        /// <param name="failureMessage">The failure message.</param>
+        /// <param name="properties">Additional state values for the authentication session.</param>
+        /// <returns>The result.</returns>
+        public static new HandleRequestResult Fail(string failureMessage, AuthenticationProperties properties)
+            => Fail(new Exception(failureMessage), properties);
 
         /// <summary>
         /// Discontinue all processing for this request and return to the client.
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 4051ee6664..bea4895d62 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -49,6 +49,7 @@ namespace Microsoft.AspNetCore.Authentication
 
             AuthenticationTicket ticket = null;
             Exception exception = null;
+            AuthenticationProperties properties = null;
             try
             {
                 var authResult = await HandleRemoteAuthenticateAsync();
@@ -66,8 +67,8 @@ namespace Microsoft.AspNetCore.Authentication
                 }
                 else if (!authResult.Succeeded)
                 {
-                    exception = authResult.Failure ??
-                                new InvalidOperationException("Invalid return state, unable to redirect.");
+                    exception = authResult.Failure ?? new InvalidOperationException("Invalid return state, unable to redirect.");
+                    properties = authResult.Properties;
                 }
 
                 ticket = authResult?.Ticket;
@@ -80,7 +81,10 @@ namespace Microsoft.AspNetCore.Authentication
             if (exception != null)
             {
                 Logger.RemoteAuthenticationError(exception.Message);
-                var errorContext = new RemoteFailureContext(Context, Scheme, Options, exception);
+                var errorContext = new RemoteFailureContext(Context, Scheme, Options, exception)
+                {
+                    Properties = properties
+                };
                 await Events.RemoteFailure(errorContext);
 
                 if (errorContext.Result != null)
@@ -95,11 +99,14 @@ namespace Microsoft.AspNetCore.Authentication
                     }
                     else if (errorContext.Result.Failure != null)
                     {
-                        throw new InvalidOperationException("An error was returned from the RemoteFailure event.", errorContext.Result.Failure);
+                        throw new Exception("An error was returned from the RemoteFailure event.", errorContext.Result.Failure);
                     }
                 }
 
-                throw exception;
+                if (errorContext.Failure != null)
+                {
+                    throw new Exception("An error was encountered while handling the remote login.", errorContext.Failure);
+                }
             }
 
             // We have a ticket if we get here
@@ -107,7 +114,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 ReturnUri = ticket.Properties.RedirectUri
             };
-            // REVIEW: is this safe or good?
+
             ticket.Properties.RedirectUri = null;
 
             // Mark which provider produced this identity so we can cross-check later in HandleAuthenticateAsync
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 8f2cc52f91..51bc67cc38 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -253,6 +253,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             {
                 o.ClientId = "Test Id";
                 o.ClientSecret = "Test Secret";
+                o.StateDataFormat = new TestStateDataFormat();
                 o.Events = redirect ? new OAuthEvents()
                 {
                     OnRemoteFailure = ctx =>
@@ -263,7 +264,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
                     }
                 } : new OAuthEvents();
             });
-            var sendTask = server.SendAsync("https://example.com/signin-google?error=OMG&error_description=SoBad&error_uri=foobar");
+            var sendTask = server.SendAsync("https://example.com/signin-google?error=OMG&error_description=SoBad&error_uri=foobar&state=protected_state",
+                ".AspNetCore.Correlation.Google.corrilationId=N");
             if (redirect)
             {
                 var transaction = await sendTask;
@@ -1075,5 +1077,37 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 });
             return new TestServer(builder);
         }
+
+        private class TestStateDataFormat : ISecureDataFormat<AuthenticationProperties>
+        {
+            private AuthenticationProperties Data { get; set; }
+
+            public string Protect(AuthenticationProperties data)
+            {
+                return "protected_state";
+            }
+
+            public string Protect(AuthenticationProperties data, string purpose)
+            {
+                throw new NotImplementedException();
+            }
+
+            public AuthenticationProperties Unprotect(string protectedText)
+            {
+                Assert.Equal("protected_state", protectedText);
+                var properties = new AuthenticationProperties(new Dictionary<string, string>()
+                {
+                    { ".xsrf", "corrilationId" },
+                    { "testkey", "testvalue" }
+                });
+                properties.RedirectUri = "http://testhost/redirect";
+                return properties;
+            }
+
+            public AuthenticationProperties Unprotect(string protectedText, string purpose)
+            {
+                throw new NotImplementedException();
+            }
+        }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 30c33eb1d7..81d2360ec7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Net;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
@@ -10,6 +11,7 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
@@ -20,20 +22,13 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public async Task VerifySignInSchemeCannotBeSetToSelf()
         {
             var server = CreateServer(
-                app => { },
                 services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.SignInScheme = "weeblie";
                     o.ClientId = "whatever";
                     o.ClientSecret = "whatever";
-                }),
-                context =>
-                {
-                    // REVIEW: Gross.
-                    context.ChallengeAsync("weeblie").GetAwaiter().GetResult();
-                    return true;
-                });
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
+                }));
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/"));
             Assert.Contains("cannot be set to itself", error.Message);
         }
 
@@ -54,7 +49,6 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public async Task ThrowsIfClientIdMissing()
         {
             var server = CreateServer(
-                app => { },
                 services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.SignInScheme = "whatever";
@@ -62,22 +56,14 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     o.ClientSecret = "whatever";
                     o.TokenEndpoint = "/";
                     o.AuthorizationEndpoint = "/";
-                }),
-                context =>
-                {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("ClientId", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+                }));
+            await Assert.ThrowsAsync<ArgumentException>("ClientId", () => server.SendAsync("http://example.com/"));
         }
 
         [Fact]
         public async Task ThrowsIfClientSecretMissing()
         {
             var server = CreateServer(
-                app => { },
                 services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.SignInScheme = "whatever";
@@ -85,22 +71,14 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     o.CallbackPath = "/";
                     o.TokenEndpoint = "/";
                     o.AuthorizationEndpoint = "/";
-                }),
-                context =>
-                {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("ClientSecret", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+                }));
+            await Assert.ThrowsAsync<ArgumentException>("ClientSecret", () => server.SendAsync("http://example.com/"));
         }
 
         [Fact]
         public async Task ThrowsIfCallbackPathMissing()
         {
             var server = CreateServer(
-                app => { },
                 services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.ClientId = "Whatever;";
@@ -108,22 +86,14 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     o.TokenEndpoint = "/";
                     o.AuthorizationEndpoint = "/";
                     o.SignInScheme = "eh";
-                }),
-                context =>
-                {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("CallbackPath", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+                }));
+            await Assert.ThrowsAsync<ArgumentException>("CallbackPath", () => server.SendAsync("http://example.com/"));
         }
 
         [Fact]
         public async Task ThrowsIfTokenEndpointMissing()
         {
             var server = CreateServer(
-                app => { },
                 services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.ClientId = "Whatever;";
@@ -131,22 +101,14 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     o.CallbackPath = "/";
                     o.AuthorizationEndpoint = "/";
                     o.SignInScheme = "eh";
-                }),
-                context =>
-                {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("TokenEndpoint", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+                }));
+            await Assert.ThrowsAsync<ArgumentException>("TokenEndpoint", () => server.SendAsync("http://example.com/"));
         }
 
         [Fact]
         public async Task ThrowsIfAuthorizationEndpointMissing()
         {
             var server = CreateServer(
-                app => { },
                 services => services.AddAuthentication().AddOAuth("weeblie", o =>
                 {
                     o.ClientId = "Whatever;";
@@ -154,22 +116,14 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     o.CallbackPath = "/";
                     o.TokenEndpoint = "/";
                     o.SignInScheme = "eh";
-                }),
-                context =>
-                {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("AuthorizationEndpoint", () => context.ChallengeAsync("weeblie").GetAwaiter().GetResult());
-                    return true;
-                });
-            var transaction = await server.SendAsync("http://example.com/challenge");
-            Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+                }));
+            await Assert.ThrowsAsync<ArgumentException>("AuthorizationEndpoint", () => server.SendAsync("http://example.com/"));
         }
 
         [Fact]
         public async Task RedirectToIdentityProvider_SetsCorrelationIdCookiePath_ToCallBackPath()
         {
             var server = CreateServer(
-                app => { },
                 s => s.AddAuthentication().AddOAuth(
                     "Weblie",
                     opt =>
@@ -181,9 +135,9 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                         opt.TokenEndpoint = "https://example.com/provider/token";
                         opt.CallbackPath = "/oauth-callback";
                     }),
-                ctx =>
+                async ctx =>
                 {
-                    ctx.ChallengeAsync("Weblie").ConfigureAwait(false).GetAwaiter().GetResult();
+                    await ctx.ChallengeAsync("Weblie");
                     return true;
                 });
 
@@ -201,7 +155,6 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
         public async Task RedirectToAuthorizeEndpoint_CorrelationIdCookieOptions_CanBeOverriden()
         {
             var server = CreateServer(
-                app => { },
                 s => s.AddAuthentication().AddOAuth(
                     "Weblie",
                     opt =>
@@ -214,9 +167,9 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                         opt.CallbackPath = "/oauth-callback";
                         opt.CorrelationCookie.Path = "/";
                     }),
-                ctx =>
+                async ctx =>
                 {
-                    ctx.ChallengeAsync("Weblie").ConfigureAwait(false).GetAwaiter().GetResult();
+                    await ctx.ChallengeAsync("Weblie");
                     return true;
                 });
 
@@ -230,15 +183,50 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Contains("path=/", correlation);
         }
 
-        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
+        [Fact]
+        public async Task RemoteAuthenticationFailed_OAuthError_IncludesProperties()
+        {
+            var server = CreateServer(
+                s => s.AddAuthentication().AddOAuth(
+                    "Weblie",
+                    opt =>
+                    {
+                        opt.ClientId = "Test Id";
+                        opt.ClientSecret = "secret";
+                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
+                        opt.TokenEndpoint = "https://example.com/provider/token";
+                        opt.CallbackPath = "/oauth-callback";
+                        opt.StateDataFormat = new TestStateDataFormat();
+                        opt.Events = new OAuthEvents()
+                        {
+                            OnRemoteFailure = context =>
+                            {
+                                Assert.Contains("declined", context.Failure.Message);
+                                Assert.Equal("testvalue", context.Properties.Items["testkey"]);
+                                context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
+                                context.HandleResponse();
+                                return Task.CompletedTask;
+                            }
+                        };
+                    }));
+
+            var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=declined&state=protected_state",
+                ".AspNetCore.Correlation.Weblie.corrilationId=N");
+
+            Assert.Equal(HttpStatusCode.NotAcceptable, transaction.Response.StatusCode);
+            Assert.Null(transaction.Response.Headers.Location);
+        }
+
+        private static TestServer CreateServer(Action<IServiceCollection> configureServices, Func<HttpContext, Task<bool>> handler = null)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
                 {
-                    configure?.Invoke(app);
+                    app.UseAuthentication();
                     app.Use(async (context, next) =>
                     {
-                        if (handler == null || !handler(context))
+                        if (handler == null || ! await handler(context))
                         {
                             await next();
                         }
@@ -247,5 +235,37 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 .ConfigureServices(configureServices);
             return new TestServer(builder);
         }
+
+        private class TestStateDataFormat : ISecureDataFormat<AuthenticationProperties>
+        {
+            private AuthenticationProperties Data { get; set; }
+
+            public string Protect(AuthenticationProperties data)
+            {
+                return "protected_state";
+            }
+
+            public string Protect(AuthenticationProperties data, string purpose)
+            {
+                throw new NotImplementedException();
+            }
+
+            public AuthenticationProperties Unprotect(string protectedText)
+            {
+                Assert.Equal("protected_state", protectedText);
+                var properties = new AuthenticationProperties(new Dictionary<string, string>()
+                {
+                    { ".xsrf", "corrilationId" },
+                    { "testkey", "testvalue" }
+                });
+                properties.RedirectUri = "http://testhost/redirect";
+                return properties;
+            }
+
+            public AuthenticationProperties Unprotect(string protectedText, string purpose)
+            {
+                throw new NotImplementedException();
+            }
+        }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index f3fc261879..87bdc3f3ca 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -95,7 +95,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return PostAsync(server, "signin-oidc", "");
             });
 
-            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
 
             Assert.True(messageReceived);
             Assert.True(remoteFailure);
@@ -191,7 +191,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
             });
 
-            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
 
             Assert.True(messageReceived);
             Assert.True(tokenValidated);
@@ -348,7 +348,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
             });
 
-            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
 
             Assert.True(messageReceived);
             Assert.True(tokenValidated);
@@ -532,7 +532,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
             });
 
-            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
 
             Assert.True(messageReceived);
             Assert.True(tokenValidated);
@@ -731,7 +731,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
             });
 
-            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
 
             Assert.True(messageReceived);
             Assert.True(codeReceived);
@@ -943,7 +943,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
             });
 
-            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
 
             Assert.True(messageReceived);
             Assert.True(tokenValidated);
@@ -1186,7 +1186,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 return PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
             });
 
-            Assert.Equal("Authentication was aborted from user code.", exception.Message);
+            Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
 
             Assert.True(messageReceived);
             Assert.True(tokenValidated);
@@ -1450,6 +1450,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 {
                     remoteFailure = true;
                     Assert.Equal("TestException", context.Failure.Message);
+                    Assert.Equal("testvalue", context.Properties.Items["testkey"]);
                     context.HandleResponse();
                     context.Response.StatusCode = StatusCodes.Status202Accepted;
                     return Task.FromResult(0);
@@ -1877,7 +1878,8 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 var properties = new AuthenticationProperties(new Dictionary<string, string>()
                 {
                     { ".xsrf", "corrilationId" },
-                    { OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, "redirect_uri" }
+                    { OpenIdConnectDefaults.RedirectUriForCodePropertiesKey, "redirect_uri" },
+                    { "testkey", "testvalue" }
                 });
                 properties.RedirectUri = "http://testhost/redirect";
                 return properties;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 6c661af45c..735cb33146 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
 
 using System;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Security.Claims;
@@ -11,6 +12,7 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -60,26 +62,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 };
                 o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
-                    Sender = req =>
-                    {
-                        if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
-                        {
-                            return new HttpResponseMessage(HttpStatusCode.OK)
-                            {
-                                Content =
-                                    new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
-                                        Encoding.UTF8,
-                                        "application/x-www-form-urlencoded")
-                            };
-                        }
-                        return null;
-                    }
+                    Sender = BackchannelRequestToken
                 };
             },
-            context =>
+            async context =>
             {
-                // REVIEW: Gross
-                context.ChallengeAsync("Twitter").GetAwaiter().GetResult();
+                await context.ChallengeAsync("Twitter");
                 return true;
             });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -168,7 +156,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
         }
 
-
         [Fact]
         public async Task ChallengeWillTriggerRedirection()
         {
@@ -178,35 +165,70 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 o.ConsumerSecret = "Test Consumer Secret";
                 o.BackchannelHttpHandler = new TestHttpMessageHandler
                 {
-                    Sender = req =>
-                    {
-                        if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
-                        {
-                            return new HttpResponseMessage(HttpStatusCode.OK)
-                            {
-                                Content =
-                                    new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
-                                        Encoding.UTF8,
-                                        "application/x-www-form-urlencoded")
-                            };
-                        }
-                        return null;
-                    }
+                    Sender = BackchannelRequestToken
                 };
             },
-                context =>
-                {
-                    // REVIEW: gross
-                    context.ChallengeAsync("Twitter").GetAwaiter().GetResult();
-                    return true;
-                });
+            async context =>
+            {
+                await context.ChallengeAsync("Twitter");
+                return true;
+            });
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
             Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
         }
 
-        private static TestServer CreateServer(Action<TwitterOptions> options, Func<HttpContext, bool> handler = null)
+        [Fact]
+        public async Task BadCallbackCallsRemoteAuthFailedWithState()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ConsumerKey = "Test Consumer Key";
+                o.ConsumerSecret = "Test Consumer Secret";
+                o.BackchannelHttpHandler = new TestHttpMessageHandler
+                {
+                    Sender = BackchannelRequestToken
+                };
+                o.Events = new TwitterEvents()
+                {
+                    OnRemoteFailure = context =>
+                    {
+                        Assert.NotNull(context.Failure);
+                        Assert.NotNull(context.Properties);
+                        Assert.Equal("testvalue", context.Properties.Items["testkey"]);
+                        context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
+                        context.HandleResponse();
+                        return Task.CompletedTask;
+                    }
+                };
+            },
+            async context =>
+            {
+                var properties = new AuthenticationProperties();
+                properties.Items["testkey"] = "testvalue";
+                await context.ChallengeAsync("Twitter", properties);
+                return true;
+            });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+            var location = transaction.Response.Headers.Location.AbsoluteUri;
+            Assert.Contains("https://api.twitter.com/oauth/authenticate?oauth_token=", location);
+            Assert.True(transaction.Response.Headers.TryGetValues(HeaderNames.SetCookie, out var setCookie));
+            Assert.True(SetCookieHeaderValue.TryParseList(setCookie.ToList(), out var setCookieValues));
+            Assert.Single(setCookieValues);
+            var setCookieValue = setCookieValues.Single();
+            var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
+
+            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter");
+            request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
+            var client = server.CreateClient();
+            var response = await client.SendAsync(request);
+
+            Assert.Equal(HttpStatusCode.NotAcceptable, response.StatusCode);
+        }
+
+        private static TestServer CreateServer(Action<TwitterOptions> options, Func<HttpContext, Task<bool>> handler = null)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
@@ -228,7 +250,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                         {
                             await Assert.ThrowsAsync<InvalidOperationException>(() => context.ForbidAsync("Twitter"));
                         }
-                        else if (handler == null || !handler(context))
+                        else if (handler == null || ! await handler(context))
                         {
                             await next();
                         }
@@ -247,5 +269,20 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 });
             return new TestServer(builder);
         }
+
+        private HttpResponseMessage BackchannelRequestToken(HttpRequestMessage req)
+        {
+            if (req.RequestUri.AbsoluteUri == "https://api.twitter.com/oauth/request_token")
+            {
+                return new HttpResponseMessage(HttpStatusCode.OK)
+                {
+                    Content =
+                        new StringContent("oauth_callback_confirmed=true&oauth_token=test_oauth_token&oauth_token_secret=test_oauth_token_secret",
+                            Encoding.UTF8,
+                            "application/x-www-form-urlencoded")
+                };
+            }
+            throw new NotImplementedException(req.RequestUri.AbsoluteUri);
+        }
     }
 }

From 4a6c74f4f9e4bfa8bbfeacf6342230aec3e562c4 Mon Sep 17 00:00:00 2001
From: Gareth Brading <gareth.brading@gmail.com>
Date: Thu, 28 Sep 2017 22:03:52 +0100
Subject: [PATCH 809/900] Added ability to set prompt parameter in
 OpenIdConnectOptions (#1401)

---
 .../OpenIdConnectHandler.cs                                  | 1 +
 .../OpenIdConnectOptions.cs                                  | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 7f65afdcec..0b2419e2ab 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -349,6 +349,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 RedirectUri = BuildRedirectUri(Options.CallbackPath),
                 Resource = Options.Resource,
                 ResponseType = Options.ResponseType,
+                Prompt = Options.Prompt,
                 Scope = string.Join(" ", Options.Scope)
             };
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index a8545e35a6..e589a2bc87 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -209,6 +209,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         public string ResponseType { get; set; } = OpenIdConnectResponseType.IdToken;
 
+        /// <summary>
+        /// Gets or sets the 'prompt'.
+        /// </summary>
+        public string Prompt { get; set; }
+
         /// <summary>
         /// Gets the list of permissions to request.
         /// </summary>

From 0959c941b40086b131b1e01d304fc23bb887fdc8 Mon Sep 17 00:00:00 2001
From: Josh Coulter <joshuac@core-apps.com>
Date: Mon, 2 Oct 2017 13:25:46 -0500
Subject: [PATCH 810/900] Cleaned up OAuth handler's exception messages (#1462)

---
 .../FacebookHandler.cs                                          | 2 +-
 src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs | 2 +-
 .../MicrosoftAccountHandler.cs                                  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index db664e2ee1..0f83c17196 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -37,7 +37,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                throw new HttpRequestException($"Failed to retrieve Facebook user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Facebook Graph API is enabled.");
+                throw new HttpRequestException($"An error occurred when retrieving Facebook user information ({response.StatusCode}). Please check if the authentication information is correct and the corresponding Facebook Graph API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 155691a4ba..091896f7cf 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -34,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                throw new HttpRequestException($"An error occurred when retrieving user information ({response.StatusCode}). Please check if the authentication information is correct and the corresponding Google+ API is enabled.");
+                throw new HttpRequestException($"An error occurred when retrieving Google user information ({response.StatusCode}). Please check if the authentication information is correct and the corresponding Google+ API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index f4c06300c2..bba5472774 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
             var response = await Backchannel.SendAsync(request, Context.RequestAborted);
             if (!response.IsSuccessStatusCode)
             {
-                throw new HttpRequestException($"Failed to retrived Microsoft user information ({response.StatusCode}) Please check if the authentication information is correct and the corresponding Microsoft Account API is enabled.");
+                throw new HttpRequestException($"An error occurred when retrieving Microsoft user information ({response.StatusCode}). Please check if the authentication information is correct and the corresponding Microsoft Account API is enabled.");
             }
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());

From 54e4f6834e6fa0f1cf2cc8c2599674ffe017c890 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 5 Oct 2017 15:35:51 -0700
Subject: [PATCH 811/900] Minor test code changes to resolve xUnit2013 build
 error

---
 .../CookieChunkingTests.cs                                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
index 143e1d254c..69ead8fa64 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
@@ -17,7 +17,7 @@ namespace Microsoft.AspNetCore.Internal
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
             new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             var values = context.Response.Headers["Set-Cookie"];
-            Assert.Equal(1, values.Count);
+            Assert.Single(values);
             Assert.Equal("TestCookie=" + testString + "; path=/; samesite=lax", values[0]);
         }
 

From 3e7d1a7fd466623a90e6130b765f63501f6f8762 Mon Sep 17 00:00:00 2001
From: Javier Calvarro Nelson <jacalvar@microsoft.com>
Date: Fri, 6 Oct 2017 16:09:26 -0700
Subject: [PATCH 812/900] React to updated IdentityModel version

---
 .../OpenIdConnect/TestSettings.cs                         | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index bf9df40384..458f746c44 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -249,7 +249,13 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             ValidateParameter(OpenIdConnectParameterNames.State, ExpectedState, actualParams, errors, htmlEncoded);
 
         private void ValidateSkuTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
-            ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET", actualParams, errors, htmlEncoded);
+#if NETCOREAPP2_0
+            ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NETSTANDARD1_4", actualParams, errors, htmlEncoded);
+#elif NET461
+            ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET451", actualParams, errors, htmlEncoded);
+#else
+#error Invalid target framework.
+#endif
 
         private void ValidateVersionTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
             ValidateParameter(OpenIdConnectParameterNames.VersionTelemetry, typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualParams, errors, htmlEncoded);

From e34a5f8fb8e97b32077e8587261590c3910ad181 Mon Sep 17 00:00:00 2001
From: OpenIDAuthority <ryan@openidauthority.com>
Date: Wed, 16 Aug 2017 21:13:23 -0700
Subject: [PATCH 813/900] Add MaxAge to OpenIdConnectOptions  - max_age
 parameter added to the authentication request if MaxAge is not null  - throws
 exception if MaxAge is set to a negative value  - Fractions of seconds are
 ignored  - See
 http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest for expected
 behavior

Addresses #1233
---
 .../OpenIdConnectHandler.cs                   |  8 ++++
 .../OpenIdConnectOptions.cs                   | 12 ++++++
 .../OpenIdConnectChallengeTests.cs            | 41 +++++++++++++++++++
 .../OpenIdConnectConfigurationTests.cs        | 15 +++++++
 .../OpenIdConnect/TestSettings.cs             | 19 +++++++++
 5 files changed, 95 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 0b2419e2ab..0f60a558ad 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -353,6 +353,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 Scope = string.Join(" ", Options.Scope)
             };
 
+            // Add the 'max_age' parameter to the authentication request if MaxAge is not null.
+            // See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+            if (Options.MaxAge != null)
+            {
+                message.MaxAge = Convert.ToInt64(Math.Floor(((TimeSpan)Options.MaxAge).TotalSeconds))
+                    .ToString(CultureInfo.InvariantCulture);
+            }
+
             // Omitting the response_mode parameter when it already corresponds to the default
             // response_mode used for the specified response_type is recommended by the specifications.
             // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index e589a2bc87..f6d914731a 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -84,6 +84,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         {
             base.Validate();
 
+            if (MaxAge != null && MaxAge.Value < TimeSpan.Zero)
+            {
+                throw new InvalidOperationException("MaxAge must not be a negative TimeSpan.");
+            }
+
             if (string.IsNullOrEmpty(ClientId))
             {
                 throw new ArgumentException("Options.ClientId must be provided", nameof(ClientId));
@@ -159,6 +164,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             set => base.Events = value;
         }
 
+        /// <summary>
+        /// Gets or sets the 'max_age'. If set the 'max_age' parameter will be sent with the authentication request. If the identity
+        /// provider has not actively authenticated the user within the length of time specified, the user will be prompted to
+        /// re-authenticate. By default no max_age is specified.
+        /// </summary>
+        public TimeSpan? MaxAge { get; set; } = null;
+
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
         /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index fb08ae2786..4ff5aa9adb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -409,5 +409,46 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(ChallengeEndpoint));
             Assert.Equal("Cannot redirect to the authorization endpoint, the configuration may be missing or invalid.", exception.Message);
         }
+
+        [Fact]
+        public async Task Challenge_WithDefaultMaxAge_HasExpectedMaxAgeParam()
+        {
+            var settings = new TestSettings(
+                opt => 
+                { 
+                    opt.ClientId = "Test Id";
+                    opt.Authority = TestServerBuilder.DefaultAuthority;
+                });
+
+            var server = settings.CreateTestServer();
+            var transaction = await server.SendAsync(ChallengeEndpoint);
+
+            var res = transaction.Response;
+
+            settings.ValidateChallengeRedirect(
+                res.Headers.Location,
+                OpenIdConnectParameterNames.MaxAge);
+        }
+
+        [Fact]
+        public async Task Challenge_WithSpecificMaxAge_HasExpectedMaxAgeParam()
+        {
+            var settings = new TestSettings(
+                opt => 
+                { 
+                    opt.ClientId = "Test Id";
+                    opt.Authority = TestServerBuilder.DefaultAuthority;
+                    opt.MaxAge = TimeSpan.FromMinutes(20);
+                });
+
+            var server = settings.CreateTestServer();
+            var transaction = await server.SendAsync(ChallengeEndpoint);
+
+            var res = transaction.Response;
+
+            settings.ValidateChallengeRedirect(
+                res.Headers.Location,
+                OpenIdConnectParameterNames.MaxAge);
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index d0d1c26096..871ef9d08b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -115,6 +115,21 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             );
         }
 
+        [Fact]
+        public Task ThrowsWhenMaxAgeIsNegative()
+        {
+            return TestConfigurationException<InvalidOperationException>(
+                o =>
+                {
+                    o.SignInScheme = "TestScheme";
+                    o.ClientId = "Test Id";
+                    o.Authority = TestServerBuilder.DefaultAuthority;
+                    o.MaxAge = TimeSpan.FromSeconds(-1);
+                },
+                ex => Assert.Equal("MaxAge must not be a negative TimeSpan.", ex.Message)
+            );
+        }
+
         private TestServer BuildTestServer(Action<OpenIdConnectOptions> options)
         {
             var builder = new WebHostBuilder()
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index 458f746c44..5b4ea23482 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -4,12 +4,14 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
+using System.Globalization;
 using System.Linq;
 using System.Reflection;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
@@ -197,6 +199,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     case OpenIdConnectParameterNames.PostLogoutRedirectUri:
                         ValidatePostLogoutRedirectUri(actualValues, errors, htmlEncoded);
                         break;
+                    case OpenIdConnectParameterNames.MaxAge:
+                        ValidateMaxAge(actualValues, errors, htmlEncoded);
+                        break;
                     default:
                         throw new InvalidOperationException($"Unknown parameter \"{paramToValidate}\".");
                 }
@@ -263,6 +268,20 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         private void ValidatePostLogoutRedirectUri(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
             ValidateParameter(OpenIdConnectParameterNames.PostLogoutRedirectUri, "https://example.com/signout-callback-oidc", actualParams, errors, htmlEncoded);
 
+        private void ValidateMaxAge(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded)
+        {
+            if(_options.MaxAge != null) 
+            {
+                string expectedMaxAge = Convert.ToInt64(Math.Floor(((TimeSpan)_options.MaxAge).TotalSeconds))
+                    .ToString(CultureInfo.InvariantCulture);
+                ValidateParameter(OpenIdConnectParameterNames.MaxAge, expectedMaxAge, actualQuery, errors, htmlEncoded);
+            }
+            else if(actualQuery.ContainsKey(OpenIdConnectParameterNames.MaxAge))
+            {
+                errors.Add($"Parameter {OpenIdConnectParameterNames.MaxAge} is present but it should be absent");
+            }
+        }
+
         private void ValidateParameter(
             string parameterName,
             string expectedValue,

From 0904af8ff3c4f76f0d65bbec5a17ac40ac6a1f5b Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Mon, 9 Oct 2017 09:53:21 -0700
Subject: [PATCH 814/900] PR style cleanup

---
 .../OpenIdConnectHandler.cs                               | 4 ++--
 .../OpenIdConnectOptions.cs                               | 6 +++---
 .../OpenIdConnect/OpenIdConnectChallengeTests.cs          | 8 ++++----
 .../OpenIdConnect/OpenIdConnectConfigurationTests.cs      | 4 ++--
 .../OpenIdConnect/TestSettings.cs                         | 8 +++-----
 5 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 0f60a558ad..330d064c03 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -355,9 +355,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             // Add the 'max_age' parameter to the authentication request if MaxAge is not null.
             // See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-            if (Options.MaxAge != null)
+            if (Options.MaxAge.HasValue)
             {
-                message.MaxAge = Convert.ToInt64(Math.Floor(((TimeSpan)Options.MaxAge).TotalSeconds))
+                message.MaxAge = Convert.ToInt64(Math.Floor((Options.MaxAge.Value).TotalSeconds))
                     .ToString(CultureInfo.InvariantCulture);
             }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index f6d914731a..a40d374356 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -84,9 +84,9 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         {
             base.Validate();
 
-            if (MaxAge != null && MaxAge.Value < TimeSpan.Zero)
+            if (MaxAge.HasValue && MaxAge.Value < TimeSpan.Zero)
             {
-                throw new InvalidOperationException("MaxAge must not be a negative TimeSpan.");
+                throw new ArgumentOutOfRangeException(nameof(MaxAge), MaxAge.Value, "The value must not be a negative TimeSpan.");
             }
 
             if (string.IsNullOrEmpty(ClientId))
@@ -169,7 +169,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// provider has not actively authenticated the user within the length of time specified, the user will be prompted to
         /// re-authenticate. By default no max_age is specified.
         /// </summary>
-        public TimeSpan? MaxAge { get; set; } = null;
+        public TimeSpan? MaxAge { get; set; }
 
         /// <summary>
         /// Gets or sets the <see cref="OpenIdConnectProtocolValidator"/> that is used to ensure that the 'id_token' received
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index 4ff5aa9adb..7ab81c9dd4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -414,8 +414,8 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         public async Task Challenge_WithDefaultMaxAge_HasExpectedMaxAgeParam()
         {
             var settings = new TestSettings(
-                opt => 
-                { 
+                opt =>
+                {
                     opt.ClientId = "Test Id";
                     opt.Authority = TestServerBuilder.DefaultAuthority;
                 });
@@ -434,8 +434,8 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         public async Task Challenge_WithSpecificMaxAge_HasExpectedMaxAgeParam()
         {
             var settings = new TestSettings(
-                opt => 
-                { 
+                opt =>
+                {
                     opt.ClientId = "Test Id";
                     opt.Authority = TestServerBuilder.DefaultAuthority;
                     opt.MaxAge = TimeSpan.FromMinutes(20);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index 871ef9d08b..69ba758292 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -118,7 +118,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         [Fact]
         public Task ThrowsWhenMaxAgeIsNegative()
         {
-            return TestConfigurationException<InvalidOperationException>(
+            return TestConfigurationException<ArgumentOutOfRangeException>(
                 o =>
                 {
                     o.SignInScheme = "TestScheme";
@@ -126,7 +126,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     o.Authority = TestServerBuilder.DefaultAuthority;
                     o.MaxAge = TimeSpan.FromSeconds(-1);
                 },
-                ex => Assert.Equal("MaxAge must not be a negative TimeSpan.", ex.Message)
+                ex => Assert.StartsWith("The value must not be a negative TimeSpan.", ex.Message)
             );
         }
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index 5b4ea23482..f174342aed 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -4,14 +4,12 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
-using System.Globalization;
 using System.Linq;
 using System.Reflection;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit;
@@ -270,10 +268,10 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
         private void ValidateMaxAge(IDictionary<string, string> actualQuery, ICollection<string> errors, bool htmlEncoded)
         {
-            if(_options.MaxAge != null) 
+            if(_options.MaxAge.HasValue)
             {
-                string expectedMaxAge = Convert.ToInt64(Math.Floor(((TimeSpan)_options.MaxAge).TotalSeconds))
-                    .ToString(CultureInfo.InvariantCulture);
+                Assert.Equal(TimeSpan.FromMinutes(20), _options.MaxAge.Value);
+                string expectedMaxAge = "1200";
                 ValidateParameter(OpenIdConnectParameterNames.MaxAge, expectedMaxAge, actualQuery, errors, htmlEncoded);
             }
             else if(actualQuery.ContainsKey(OpenIdConnectParameterNames.MaxAge))

From e0ad6ed6b9abbb73e3ca68c6abdf2a0126defec1 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Wed, 20 Sep 2017 13:23:33 -0700
Subject: [PATCH 815/900] Update bootstrappers

---
 .appveyor.yml        |   4 +-
 build.cmd            |   2 +-
 build.sh             | 197 +-------------------------------------
 run.cmd              |   2 +
 build.ps1 => run.ps1 |  56 +++++++----
 run.sh               | 223 +++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 266 insertions(+), 218 deletions(-)
 create mode 100644 run.cmd
 rename build.ps1 => run.ps1 (73%)
 create mode 100755 run.sh

diff --git a/.appveyor.yml b/.appveyor.yml
index 4f85bae466..c7b6e34316 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -1,4 +1,4 @@
-init:
+init:
   - git config --global core.autocrlf true
 branches:
   only:
@@ -8,7 +8,7 @@ branches:
     - /^(.*\/)?ci-.*$/
     - /^rel\/.*/
 build_script:
-  - ps: .\build.ps1
+  - ps: .\run.ps1 default-build
 clone_depth: 1
 environment:
   global:
diff --git a/build.cmd b/build.cmd
index b6c8d24864..c0050bda12 100644
--- a/build.cmd
+++ b/build.cmd
@@ -1,2 +1,2 @@
 @ECHO OFF
-PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0build.ps1' %*; exit $LASTEXITCODE"
+PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0run.ps1' default-build %*; exit $LASTEXITCODE"
diff --git a/build.sh b/build.sh
index 11cdbe5504..98a4b22765 100755
--- a/build.sh
+++ b/build.sh
@@ -1,199 +1,8 @@
 #!/usr/bin/env bash
 
 set -euo pipefail
-
-#
-# variables
-#
-
-RESET="\033[0m"
-RED="\033[0;31m"
-MAGENTA="\033[0;95m"
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-[ -z "${DOTNET_HOME:-}" ] && DOTNET_HOME="$HOME/.dotnet"
-config_file="$DIR/version.xml"
-verbose=false
-update=false
-repo_path="$DIR"
-channel=''
-tools_source=''
 
-#
-# Functions
-#
-__usage() {
-    echo "Usage: $(basename "${BASH_SOURCE[0]}") [options] [[--] <MSBUILD_ARG>...]"
-    echo ""
-    echo "Arguments:"
-    echo "    <MSBUILD_ARG>...         Arguments passed to MSBuild. Variable number of arguments allowed."
-    echo ""
-    echo "Options:"
-    echo "    --verbose                Show verbose output."
-    echo "    -c|--channel <CHANNEL>   The channel of KoreBuild to download. Overrides the value from the config file.."
-    echo "    --config-file <FILE>     TThe path to the configuration file that stores values. Defaults to version.xml."
-    echo "    -d|--dotnet-home <DIR>   The directory where .NET Core tools will be stored. Defaults to '\$DOTNET_HOME' or '\$HOME/.dotnet."
-    echo "    --path <PATH>            The directory to build. Defaults to the directory containing the script."
-    echo "    -s|--tools-source <URL>  The base url where build tools can be downloaded. Overrides the value from the config file."
-    echo "    -u|--update              Update to the latest KoreBuild even if the lock file is present."
-    echo ""
-    echo "Description:"
-    echo "    This function will create a file \$DIR/korebuild-lock.txt. This lock file can be committed to source, but does not have to be."
-    echo "    When the lockfile is not present, KoreBuild will create one using latest available version from \$channel."
-
-    if [[ "${1:-}" != '--no-exit' ]]; then
-        exit 2
-    fi
-}
-
-get_korebuild() {
-    local version
-    local lock_file="$repo_path/korebuild-lock.txt"
-    if [ ! -f "$lock_file" ] || [ "$update" = true ]; then
-        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" "$lock_file"
-    fi
-    version="$(grep 'version:*' -m 1 "$lock_file")"
-    if [[ "$version" == '' ]]; then
-        __error "Failed to parse version from $lock_file. Expected a line that begins with 'version:'"
-        return 1
-    fi
-    version="$(echo "${version#version:}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-    local korebuild_path="$DOTNET_HOME/buildtools/korebuild/$version"
-
-    {
-        if [ ! -d "$korebuild_path" ]; then
-            mkdir -p "$korebuild_path"
-            local remote_path="$tools_source/korebuild/artifacts/$version/korebuild.$version.zip"
-            tmpfile="$(mktemp)"
-            echo -e "${MAGENTA}Downloading KoreBuild ${version}${RESET}"
-            if __get_remote_file "$remote_path" "$tmpfile"; then
-                unzip -q -d "$korebuild_path" "$tmpfile"
-            fi
-            rm "$tmpfile" || true
-        fi
-
-        source "$korebuild_path/KoreBuild.sh"
-    } || {
-        if [ -d "$korebuild_path" ]; then
-            echo "Cleaning up after failed installation"
-            rm -rf "$korebuild_path" || true
-        fi
-        return 1
-    }
-}
-
-__error() {
-    echo -e "${RED}$*${RESET}" 1>&2
-}
-
-__machine_has() {
-    hash "$1" > /dev/null 2>&1
-    return $?
-}
-
-__get_remote_file() {
-    local remote_path=$1
-    local local_path=$2
-
-    if [[ "$remote_path" != 'http'* ]]; then
-        cp "$remote_path" "$local_path"
-        return 0
-    fi
-
-    local failed=false
-    if __machine_has wget; then
-        wget --tries 10 --quiet -O "$local_path" "$remote_path" || failed=true
-    else
-        failed=true
-    fi
-
-    if [ "$failed" = true ] && __machine_has curl; then
-        failed=false
-        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" || failed=true
-    fi
-
-    if [ "$failed" = true ]; then
-        __error "Download failed: $remote_path" 1>&2
-        return 1
-    fi
-}
-
-__read_dom () { local IFS=\> ; read -r -d \< ENTITY CONTENT ;}
-
-#
-# main
-#
-
-while [[ $# -gt 0 ]]; do
-    case $1 in
-        -\?|-h|--help)
-            __usage --no-exit
-            exit 0
-            ;;
-        -c|--channel|-Channel)
-            shift
-            channel="${1:-}"
-            [ -z "$channel" ] && __usage
-            ;;
-        --config-file|-ConfigFile)
-            shift
-            config_file="${1:-}"
-            [ -z "$config_file" ] && __usage
-            ;;
-        -d|--dotnet-home|-DotNetHome)
-            shift
-            DOTNET_HOME="${1:-}"
-            [ -z "$DOTNET_HOME" ] && __usage
-            ;;
-        --path|-Path)
-            shift
-            repo_path="${1:-}"
-            [ -z "$repo_path" ] && __usage
-            ;;
-        -s|--tools-source|-ToolsSource)
-            shift
-            tools_source="${1:-}"
-            [ -z "$tools_source" ] && __usage
-            ;;
-        -u|--update|-Update)
-            update=true
-            ;;
-        --verbose|-Verbose)
-            verbose=true
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *)
-            break
-            ;;
-    esac
-    shift
-done
-
-if ! __machine_has unzip; then
-    __error 'Missing required command: unzip'
-    exit 1
-fi
-
-if ! __machine_has curl && ! __machine_has wget; then
-    __error 'Missing required command. Either wget or curl is required.'
-    exit 1
-fi
-
-if [ -f "$config_file" ]; then
-    comment=false
-    while __read_dom; do
-        if [ "$comment" = true ]; then [[ $CONTENT == *'-->'* ]] && comment=false ; continue; fi
-        if [[ $ENTITY == '!--'* ]]; then comment=true; continue; fi
-        if [ -z "$channel" ] && [[ $ENTITY == "KoreBuildChannel" ]]; then channel=$CONTENT; fi
-        if [ -z "$tools_source" ] && [[ $ENTITY == "KoreBuildToolsSource" ]]; then tools_source=$CONTENT; fi
-    done < "$config_file"
-fi
-
-[ -z "$channel" ] && channel='dev'
-[ -z "$tools_source" ] && tools_source='https://aspnetcore.blob.core.windows.net/buildtools'
-
-get_korebuild
-install_tools "$tools_source" "$DOTNET_HOME"
-invoke_repository_build "$repo_path" "$@"
+# Call "sync" between "chmod" and execution to prevent "text file busy" error in Docker (aufs)
+chmod +x "$DIR/run.sh"; sync
+"$DIR/run.sh" default-build "$@"
diff --git a/run.cmd b/run.cmd
new file mode 100644
index 0000000000..d52d5c7e68
--- /dev/null
+++ b/run.cmd
@@ -0,0 +1,2 @@
+@ECHO OFF
+PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0run.ps1' %*; exit $LASTEXITCODE"
diff --git a/build.ps1 b/run.ps1
similarity index 73%
rename from build.ps1
rename to run.ps1
index d5eb4d5cf2..49c2899856 100644
--- a/build.ps1
+++ b/run.ps1
@@ -3,10 +3,13 @@
 
 <#
 .SYNOPSIS
-Build this repository
+Executes KoreBuild commands.
 
 .DESCRIPTION
-Downloads korebuild if required. Then builds the repository.
+Downloads korebuild if required. Then executes the KoreBuild command. To see available commands, execute with `-Command help`.
+
+.PARAMETER Command
+The KoreBuild command to run.
 
 .PARAMETER Path
 The folder to build. Defaults to the folder containing this script.
@@ -24,31 +27,32 @@ The base url where build tools can be downloaded. Overrides the value from the c
 Updates KoreBuild to the latest version even if a lock file is present.
 
 .PARAMETER ConfigFile
-The path to the configuration file that stores values. Defaults to version.xml.
+The path to the configuration file that stores values. Defaults to korebuild.json.
 
-.PARAMETER MSBuildArgs
-Arguments to be passed to MSBuild
+.PARAMETER Arguments
+Arguments to be passed to the command
 
 .NOTES
 This function will create a file $PSScriptRoot/korebuild-lock.txt. This lock file can be committed to source, but does not have to be.
 When the lockfile is not present, KoreBuild will create one using latest available version from $Channel.
 
-The $ConfigFile is expected to be an XML file. It is optional, and the configuration values in it are optional as well.
+The $ConfigFile is expected to be an JSON file. It is optional, and the configuration values in it are optional as well. Any options set
+in the file are overridden by command line parameters.
 
 .EXAMPLE
 Example config file:
-```xml
-<!-- version.xml -->
-<Project>
-  <PropertyGroup>
-    <KoreBuildChannel>dev</KoreBuildChannel>
-    <KoreBuildToolsSource>https://aspnetcore.blob.core.windows.net/buildtools</KoreBuildToolsSource>
-  </PropertyGroup>
-</Project>
+```json
+{
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
+  "channel": "dev",
+  "toolsSource": "https://aspnetcore.blob.core.windows.net/buildtools"
+}
 ```
 #>
 [CmdletBinding(PositionalBinding = $false)]
 param(
+    [Parameter(Mandatory=$true, Position = 0)]
+    [string]$Command,
     [string]$Path = $PSScriptRoot,
     [Alias('c')]
     [string]$Channel,
@@ -58,9 +62,9 @@ param(
     [string]$ToolsSource,
     [Alias('u')]
     [switch]$Update,
-    [string]$ConfigFile = (Join-Path $PSScriptRoot 'version.xml'),
+    [string]$ConfigFile,
     [Parameter(ValueFromRemainingArguments = $true)]
-    [string[]]$MSBuildArgs
+    [string[]]$Arguments
 )
 
 Set-StrictMode -Version 2
@@ -147,10 +151,20 @@ function Get-RemoteFile([string]$RemotePath, [string]$LocalPath) {
 
 # Load configuration or set defaults
 
+$Path = Resolve-Path $Path
+if (!$ConfigFile) { $ConfigFile = Join-Path $Path 'korebuild.json' }
+
 if (Test-Path $ConfigFile) {
-    [xml] $config = Get-Content $ConfigFile
-    if (!($Channel)) { [string] $Channel = Select-Xml -Xml $config -XPath '/Project/PropertyGroup/KoreBuildChannel' }
-    if (!($ToolsSource)) { [string] $ToolsSource = Select-Xml -Xml $config -XPath '/Project/PropertyGroup/KoreBuildToolsSource' }
+    try {
+        $config = Get-Content -Raw -Encoding UTF8 -Path $ConfigFile | ConvertFrom-Json
+        if ($config) {
+            if (!($Channel) -and (Get-Member -Name 'channel' -InputObject $config)) { [string] $Channel = $config.channel }
+            if (!($ToolsSource) -and (Get-Member -Name 'toolsSource' -InputObject $config)) { [string] $ToolsSource = $config.toolsSource}
+        }
+    } catch {
+        Write-Warning "$ConfigFile could not be read. Its settings will be ignored."
+        Write-Warning $Error[0]
+    }
 }
 
 if (!$DotNetHome) {
@@ -169,8 +183,8 @@ $korebuildPath = Get-KoreBuild
 Import-Module -Force -Scope Local (Join-Path $korebuildPath 'KoreBuild.psd1')
 
 try {
-    Install-Tools $ToolsSource $DotNetHome
-    Invoke-RepositoryBuild $Path @MSBuildArgs
+    Set-KoreBuildSettings -ToolsSource $ToolsSource -DotNetHome $DotNetHome -RepoPath $Path -ConfigFile $ConfigFile
+    Invoke-KoreBuildCommand $Command @Arguments
 }
 finally {
     Remove-Module 'KoreBuild' -ErrorAction Ignore
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000000..c278423acc
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,223 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+#
+# variables
+#
+
+RESET="\033[0m"
+RED="\033[0;31m"
+YELLOW="\033[0;33m"
+MAGENTA="\033[0;95m"
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+[ -z "${DOTNET_HOME:-}" ] && DOTNET_HOME="$HOME/.dotnet"
+verbose=false
+update=false
+repo_path="$DIR"
+channel=''
+tools_source=''
+
+#
+# Functions
+#
+__usage() {
+    echo "Usage: $(basename "${BASH_SOURCE[0]}") command [options] [[--] <Arguments>...]"
+    echo ""
+    echo "Arguments:"
+    echo "    command                The command to be run."
+    echo "    <Arguments>...         Arguments passed to the command. Variable number of arguments allowed."
+    echo ""
+    echo "Options:"
+    echo "    --verbose                                 Show verbose output."
+    echo "    -c|--channel <CHANNEL>                    The channel of KoreBuild to download. Overrides the value from the config file.."
+    echo "    --config-file <FILE>                      The path to the configuration file that stores values. Defaults to korebuild.json."
+    echo "    -d|--dotnet-home <DIR>                    The directory where .NET Core tools will be stored. Defaults to '\$DOTNET_HOME' or '\$HOME/.dotnet."
+    echo "    --path <PATH>                             The directory to build. Defaults to the directory containing the script."
+    echo "    -s|--tools-source|-ToolsSource <URL>      The base url where build tools can be downloaded. Overrides the value from the config file."
+    echo "    -u|--update                               Update to the latest KoreBuild even if the lock file is present."
+    echo ""
+    echo "Description:"
+    echo "    This function will create a file \$DIR/korebuild-lock.txt. This lock file can be committed to source, but does not have to be."
+    echo "    When the lockfile is not present, KoreBuild will create one using latest available version from \$channel."
+
+    if [[ "${1:-}" != '--no-exit' ]]; then
+        exit 2
+    fi
+}
+
+get_korebuild() {
+    local version
+    local lock_file="$repo_path/korebuild-lock.txt"
+    if [ ! -f "$lock_file" ] || [ "$update" = true ]; then
+        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" "$lock_file"
+    fi
+    version="$(grep 'version:*' -m 1 "$lock_file")"
+    if [[ "$version" == '' ]]; then
+        __error "Failed to parse version from $lock_file. Expected a line that begins with 'version:'"
+        return 1
+    fi
+    version="$(echo "${version#version:}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+    local korebuild_path="$DOTNET_HOME/buildtools/korebuild/$version"
+
+    {
+        if [ ! -d "$korebuild_path" ]; then
+            mkdir -p "$korebuild_path"
+            local remote_path="$tools_source/korebuild/artifacts/$version/korebuild.$version.zip"
+            tmpfile="$(mktemp)"
+            echo -e "${MAGENTA}Downloading KoreBuild ${version}${RESET}"
+            if __get_remote_file "$remote_path" "$tmpfile"; then
+                unzip -q -d "$korebuild_path" "$tmpfile"
+            fi
+            rm "$tmpfile" || true
+        fi
+
+        source "$korebuild_path/KoreBuild.sh"
+    } || {
+        if [ -d "$korebuild_path" ]; then
+            echo "Cleaning up after failed installation"
+            rm -rf "$korebuild_path" || true
+        fi
+        return 1
+    }
+}
+
+__error() {
+    echo -e "${RED}error: $*${RESET}" 1>&2
+}
+
+__warn() {
+    echo -e "${YELLOW}warning: $*${RESET}"
+}
+
+__machine_has() {
+    hash "$1" > /dev/null 2>&1
+    return $?
+}
+
+__get_remote_file() {
+    local remote_path=$1
+    local local_path=$2
+
+    if [[ "$remote_path" != 'http'* ]]; then
+        cp "$remote_path" "$local_path"
+        return 0
+    fi
+
+    local failed=false
+    if __machine_has wget; then
+        wget --tries 10 --quiet -O "$local_path" "$remote_path" || failed=true
+    else
+        failed=true
+    fi
+
+    if [ "$failed" = true ] && __machine_has curl; then
+        failed=false
+        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" || failed=true
+    fi
+
+    if [ "$failed" = true ]; then
+        __error "Download failed: $remote_path" 1>&2
+        return 1
+    fi
+}
+
+#
+# main
+#
+
+command="${1:-}"
+shift
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -\?|-h|--help)
+            __usage --no-exit
+            exit 0
+            ;;
+        -c|--channel|-Channel)
+            shift
+            channel="${1:-}"
+            [ -z "$channel" ] && __usage
+            ;;
+        --config-file|-ConfigFile)
+            shift
+            config_file="${1:-}"
+            [ -z "$config_file" ] && __usage
+            if [ ! -f "$config_file" ]; then
+                __error "Invalid value for --config-file. $config_file does not exist."
+                exit 1
+            fi
+            ;;
+        -d|--dotnet-home|-DotNetHome)
+            shift
+            DOTNET_HOME="${1:-}"
+            [ -z "$DOTNET_HOME" ] && __usage
+            ;;
+        --path|-Path)
+            shift
+            repo_path="${1:-}"
+            [ -z "$repo_path" ] && __usage
+            ;;
+        -s|--tools-source|-ToolsSource)
+            shift
+            tools_source="${1:-}"
+            [ -z "$tools_source" ] && __usage
+            ;;
+        -u|--update|-Update)
+            update=true
+            ;;
+        --verbose|-Verbose)
+            verbose=true
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *)
+            break
+            ;;
+    esac
+    shift
+done
+
+if ! __machine_has unzip; then
+    __error 'Missing required command: unzip'
+    exit 1
+fi
+
+if ! __machine_has curl && ! __machine_has wget; then
+    __error 'Missing required command. Either wget or curl is required.'
+    exit 1
+fi
+
+[ -z "${config_file:-}" ] && config_file="$repo_path/korebuild.json"
+if [ -f "$config_file" ]; then
+    if __machine_has jq ; then
+        if jq '.' "$config_file" >/dev/null ; then
+            config_channel="$(jq -r 'select(.channel!=null) | .channel' "$config_file")"
+            config_tools_source="$(jq -r 'select(.toolsSource!=null) | .toolsSource' "$config_file")"
+        else
+            __warn "$config_file is invalid JSON. Its settings will be ignored."
+        fi
+    elif __machine_has python ; then
+        if python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'))" >/dev/null ; then
+            config_channel="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['channel'] if 'channel' in obj else '')")"
+            config_tools_source="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['toolsSource'] if 'toolsSource' in obj else '')")"
+        else
+            __warn "$config_file is invalid JSON. Its settings will be ignored."
+        fi
+    else
+        __warn 'Missing required command: jq or pyton. Could not parse the JSON file. Its settings will be ignored.'
+    fi
+
+    [ ! -z "${config_channel:-}" ] && channel="$config_channel"
+    [ ! -z "${config_tools_source:-}" ] && tools_source="$config_tools_source"
+fi
+
+[ -z "$channel" ] && channel='dev'
+[ -z "$tools_source" ] && tools_source='https://aspnetcore.blob.core.windows.net/buildtools'
+
+get_korebuild
+set_korebuildsettings "$tools_source" "$DOTNET_HOME" "$repo_path" "$config_file"
+invoke_korebuild_command "$command" "$@"

From 02cd997e3258a4e928a2cf1cf28f7ccae66ec635 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 10 Oct 2017 13:51:07 -0700
Subject: [PATCH 816/900] Add Validate(scheme) and use for RemoteSignInScheme
 not self validation

---
 .../AuthenticationBuilder.cs                     |  4 ----
 .../AuthenticationHandler.cs                     |  2 +-
 .../AuthenticationSchemeOptions.cs               | 11 ++++++++---
 .../RemoteAuthenticationOptions.cs               | 13 +++++++++++++
 .../FacebookTests.cs                             | 16 +++++++++++++---
 .../OAuthTests.cs                                |  3 +++
 6 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
index 54b4818851..3bce55ea10 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
@@ -97,10 +97,6 @@ namespace Microsoft.AspNetCore.Authentication
             public void PostConfigure(string name, TOptions options)
             {
                 options.SignInScheme = options.SignInScheme ?? _authOptions.DefaultSignInScheme ?? _authOptions.DefaultScheme;
-                if (string.Equals(options.SignInScheme, name, StringComparison.Ordinal))
-                {
-                    throw new InvalidOperationException(Resources.Exception_RemoteSignInSchemeCannotBeSelf);
-                }
             }
         }
     }
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 812ba2f1a8..9728e5ff05 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -87,7 +87,7 @@ namespace Microsoft.AspNetCore.Authentication
             Context = context;
 
             Options = OptionsMonitor.Get(Scheme.Name) ?? new TOptions();
-            Options.Validate();
+            Options.Validate(Scheme.Name);
 
             await InitializeEventsAsync();
             await InitializeHandlerAsync();
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
index 0e86b3a9ff..18d4c97881 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
@@ -13,9 +13,14 @@ namespace Microsoft.AspNetCore.Authentication
         /// <summary>
         /// Check that the options are valid. Should throw an exception if things are not ok.
         /// </summary>
-        public virtual void Validate()
-        {
-        }
+        public virtual void Validate() { }
+
+        /// <summary>
+        /// Checks that the options are valid for a specific scheme
+        /// </summary>
+        /// <param name="scheme">The scheme being validated.</param>
+        public virtual void Validate(string scheme)
+            => Validate();
 
         /// <summary>
         /// Gets or sets the issuer that should be used for any claims that are created
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index 3b34cf43e9..daba1890fb 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -32,6 +32,19 @@ namespace Microsoft.AspNetCore.Authentication
             };
         }
 
+        /// <summary>
+        /// Checks that the options are valid for a specific scheme
+        /// </summary>
+        /// <param name="scheme">The scheme being validated.</param>
+        public override void Validate(string scheme)
+        {
+            base.Validate(scheme);
+            if (string.Equals(scheme, SignInScheme, StringComparison.Ordinal))
+            {
+                throw new InvalidOperationException(Resources.Exception_RemoteSignInSchemeCannotBeSelf);
+            }
+        }
+
         /// <summary>
         /// Check that the options are valid.  Should throw an exception if things are not ok.
         /// </summary>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 81373403bd..2314b6b3c9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -29,7 +29,11 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = FacebookDefaults.AuthenticationScheme),
+                services => services.AddAuthentication().AddFacebook(o => {
+                    o.AppId = "whatever";
+                    o.AppSecret = "whatever";
+                    o.SignInScheme = FacebookDefaults.AuthenticationScheme;
+                }),
                 context => 
                 {
                     // Gross
@@ -45,7 +49,10 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddAuthentication(o => o.DefaultScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(),
+                services => services.AddAuthentication(o => o.DefaultScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o => {
+                    o.AppId = "whatever";
+                    o.AppSecret = "whatever";
+                }),
                 context =>
                 {
                     // Gross
@@ -61,7 +68,10 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddAuthentication(o => o.DefaultSignInScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(),
+                services => services.AddAuthentication(o => o.DefaultSignInScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o => {
+                    o.AppId = "whatever";
+                    o.AppSecret = "whatever";
+                }),
                 context =>
                 {
                     // Gross
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 81d2360ec7..65d865b941 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -27,6 +27,9 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     o.SignInScheme = "weeblie";
                     o.ClientId = "whatever";
                     o.ClientSecret = "whatever";
+                    o.CallbackPath = "/whatever";
+                    o.AuthorizationEndpoint = "/whatever";
+                    o.TokenEndpoint = "/whatever";
                 }));
             var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/"));
             Assert.Contains("cannot be set to itself", error.Message);

From bd07f8b683ce793490d108b2310fa6112953d172 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Wed, 11 Oct 2017 12:40:15 -0700
Subject: [PATCH 817/900] #1353 use a compliant Expires header value for
 expiration.

---
 .../CookieAuthenticationHandler.cs                           | 4 ++--
 .../OpenIdConnectHandler.cs                                  | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 754c91f1e8..5d0afba46b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -20,7 +20,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         IAuthenticationSignOutHandler
     {
         private const string HeaderValueNoCache = "no-cache";
-        private const string HeaderValueMinusOne = "-1";
+        private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT";
         private const string SessionIdClaim = "Microsoft.AspNetCore.Authentication.Cookies-SessionId";
 
         private bool _shouldRefresh;
@@ -359,7 +359,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache;
             Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache;
-            Response.Headers[HeaderNames.Expires] = HeaderValueMinusOne;
+            Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;
 
             if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 330d064c03..7981cafd18 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -32,6 +32,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         private const string NonceProperty = "N";
         private const string UriSchemeDelimiter = "://";
 
+        private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT";
         private const string InputTagFormat = @"<input type=""hidden"" name=""{0}"" value=""{1}"" />";
         private const string HtmlFormFormat = @"<!doctype html>
 <html>
@@ -261,7 +262,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // Emit Cache-Control=no-cache to prevent client caching.
                 Response.Headers[HeaderNames.CacheControl] = "no-cache";
                 Response.Headers[HeaderNames.Pragma] = "no-cache";
-                Response.Headers[HeaderNames.Expires] = "-1";
+                Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;
 
                 await Response.Body.WriteAsync(buffer, 0, buffer.Length);
             }
@@ -442,7 +443,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 // Emit Cache-Control=no-cache to prevent client caching.
                 Response.Headers[HeaderNames.CacheControl] = "no-cache";
                 Response.Headers[HeaderNames.Pragma] = "no-cache";
-                Response.Headers[HeaderNames.Expires] = "-1";
+                Response.Headers[HeaderNames.Expires] = HeaderValueEpocDate;
 
                 await Response.Body.WriteAsync(buffer, 0, buffer.Length);
                 return;

From 824539f47ac7f57a824092b04795e25198e1438f Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Wed, 11 Oct 2017 16:10:24 -0700
Subject: [PATCH 818/900] #1349 Don't throw for partial cookies

---
 .../ChunkingCookieManager.cs                                   | 1 -
 src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs   | 1 -
 .../CookieChunkingTests.cs                                     | 3 ++-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
index 9b602383cf..7217e70d4f 100644
--- a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
+++ b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
@@ -44,7 +44,6 @@ namespace Microsoft.AspNetCore.Internal
             // See http://browsercookielimits.x64.me/.
             // Leave at least 40 in case CookiePolicy tries to add 'secure', 'samesite=strict' and/or 'httponly'.
             ChunkSize = DefaultChunkSize;
-            ThrowForPartialCookies = true;
         }
 
         /// <summary>
diff --git a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs b/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
index b323258d9b..1ae4f00cdb 100644
--- a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
+++ b/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
@@ -25,7 +25,6 @@ namespace Microsoft.Owin.Security.Interop
             // See http://browsercookielimits.x64.me/.
             // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
             ChunkSize = 4070;
-            ThrowForPartialCookies = true;
         }
 
         /// <summary>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
index 69ead8fa64..e645745b35 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
@@ -81,7 +81,8 @@ namespace Microsoft.AspNetCore.Internal
                 "TestCookieC7=STUVWXYZ"
             };
 
-            Assert.Throws<FormatException>(() => new ChunkingCookieManager().GetRequestCookie(context, "TestCookie"));
+            Assert.Throws<FormatException>(() => new ChunkingCookieManager() { ThrowForPartialCookies = true }
+                .GetRequestCookie(context, "TestCookie"));
         }
 
         [Fact]

From a2a86ffc782d94ac3e54b66d3889b2d4259b3989 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Mon, 16 Oct 2017 12:52:41 -0700
Subject: [PATCH 819/900] Add RepositoryRoot

---
 Directory.Build.props | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 2490e42443..61b629ccce 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,10 +1,11 @@
-<Project>
+<Project>
   <Import Project="version.xml" />
 
   <PropertyGroup>
     <Product>Microsoft ASP.NET Core</Product>
     <RepositoryUrl>https://github.com/aspnet/Security</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
+    <RepositoryRoot>$(MSBuildThisFileDirectory)</RepositoryRoot>
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)build\Key.snk</AssemblyOriginatorKeyFile>
     <SignAssembly>true</SignAssembly>
     <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>

From 794e9c79fd15ccd550737c6ee41dc96722a303f2 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Thu, 19 Oct 2017 12:38:15 -0700
Subject: [PATCH 820/900] Update cookie doc comments

---
 .../CookieAuthenticationOptions.cs              | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 0f2dbd3124..04c71ed1ef 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -80,11 +80,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         public bool SlidingExpiration { get; set; }
 
         /// <summary>
-        /// The LoginPath property informs the handler that it should change an outgoing 401 Unauthorized status
-        /// code into a 302 redirection onto the given login path. The current url which generated the 401 is added
-        /// to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the
-        /// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back
-        /// to the url which caused the original unauthorized status code.
+        /// The LoginPath property is used by the handler for the redirection target when handling ChallengeAsync.
+        /// The current url which is added to the LoginPath as a query string parameter named by the ReturnUrlParameter. 
+        /// Once a request to the LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect 
+        /// the browser back to the original url.
         /// </summary>
         public PathString LoginPath { get; set; }
 
@@ -94,16 +93,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         public PathString LogoutPath { get; set; }
 
         /// <summary>
-        /// The AccessDeniedPath property informs the handler that it should change an outgoing 403 Forbidden status
-        /// code into a 302 redirection onto the given path.
+        /// The AccessDeniedPath property is used by the handler for the redirection target when handling ForbidAsync.
         /// </summary>
         public PathString AccessDeniedPath { get; set; }
 
         /// <summary>
         /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the handler
-        /// when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query
-        /// string parameter looked for when a request arrives on the login path or logout path, in order to return to the
-        /// original url after the action is performed.
+        /// when during a Challenge. This is also the query string parameter looked for when a request arrives on the 
+        /// login path or logout path, in order to return to the original url after the action is performed.
         /// </summary>
         public string ReturnUrlParameter { get; set; }
 

From 88cb3df0ebdd524a8c56e74b740296941947fdff Mon Sep 17 00:00:00 2001
From: tstojecki <tstojecki@gmail.com>
Date: Tue, 31 Oct 2017 17:27:07 +0100
Subject: [PATCH 821/900] Added support for multiple values (arrays) in default
 claim action (#1501)

* Added support for multiple values (arrays) in default claim action

* Added tests to claim action update to support array values
---
 .../Claims/JsonKeyClaimAction.cs              | 17 +++++-
 .../ClaimActionTests.cs                       | 55 +++++++++++++++++++
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
index e628904de5..ccd1a965dc 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
@@ -32,7 +32,22 @@ namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
         /// <inheritdoc />
         public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
         {
-            var value = userData?.Value<string>(JsonKey);
+            var value = userData?[JsonKey];
+            if (value is JValue)
+            {
+                AddClaim(value?.ToString(), identity, issuer);
+            }
+            else if (value is JArray)
+            {
+                foreach (var v in value)
+                {
+                    AddClaim(v?.ToString(), identity, issuer);
+                }
+            }
+        }
+
+        private void AddClaim(string value, ClaimsIdentity identity, string issuer)
+        {
             if (!string.IsNullOrEmpty(value))
             {
                 identity.AddClaim(new Claim(ClaimType, value, ValueType, issuer));
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
new file mode 100644
index 0000000000..541e1edf28
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
@@ -0,0 +1,55 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Testing.xunit;
+using Xunit;
+using Microsoft.AspNetCore.Authentication.OAuth.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class ClaimActionTests
+    {
+        [Fact]
+        public void CanMapSingleValueUserDataToClaim()
+        {
+            var userData = new JObject
+            {
+                ["name"] = "test"
+            };
+
+            var identity = new ClaimsIdentity();
+
+            var action = new JsonKeyClaimAction("name", "name", "name");
+            action.Run(userData, identity, "iss");
+
+            Assert.Equal("name", identity.FindFirst("name").Type);
+            Assert.Equal("test", identity.FindFirst("name").Value);
+        }
+
+        [Fact]
+        public void CanMapArrayValueUserDataToClaims()
+        {
+            var userData = new JObject
+            {
+                ["role"] = new JArray { "role1", "role2" }
+            };
+
+            var identity = new ClaimsIdentity();
+
+            var action = new JsonKeyClaimAction("role", "role", "role");
+            action.Run(userData, identity, "iss");
+
+            var roleClaims = identity.FindAll("role").ToList();
+            Assert.Equal(2, roleClaims.Count);
+            Assert.Equal("role", roleClaims[0].Type);
+            Assert.Equal("role1", roleClaims[0].Value);
+            Assert.Equal("role", roleClaims[1].Type);
+            Assert.Equal("role2", roleClaims[1].Value);
+        }
+    }
+}

From 00c92101575c7c035efe4a23a4d9eeda43afd41d Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Thu, 26 Oct 2017 11:56:16 -0700
Subject: [PATCH 822/900] Refactor OIDC event tests

---
 .../OpenIdConnect/OpenIdConnectEventTests.cs  | 1972 ++++++-----------
 1 file changed, 684 insertions(+), 1288 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
index 87bdc3f3ca..7530b00c31 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
@@ -28,67 +28,44 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     public class OpenIdConnectEventTests
     {
-        private readonly Func<MessageReceivedContext, Task> MessageNotImpl = context => { throw new NotImplementedException("Message"); };
-        private readonly Func<TokenValidatedContext, Task> TokenNotImpl = context => { throw new NotImplementedException("Token"); };
-        private readonly Func<AuthorizationCodeReceivedContext, Task> CodeNotImpl = context => { throw new NotImplementedException("Code"); };
-        private readonly Func<TokenResponseReceivedContext, Task> TokenResponseNotImpl = context => { throw new NotImplementedException("TokenResponse"); };
-        private readonly Func<UserInformationReceivedContext, Task> UserNotImpl = context => { throw new NotImplementedException("User"); };
-        private readonly Func<AuthenticationFailedContext, Task> FailedNotImpl = context => { throw new NotImplementedException("Failed", context.Exception); };
-        private readonly Func<TicketReceivedContext, Task> TicketNotImpl = context => { throw new NotImplementedException("Ticket"); };
-        private readonly Func<RemoteFailureContext, Task> FailureNotImpl = context => { throw new NotImplementedException("Failure", context.Failure); };
-        private readonly Func<RedirectContext, Task> RedirectNotImpl = context => { throw new NotImplementedException("Redirect"); };
-        private readonly Func<RemoteSignOutContext, Task> RemoteSignOutNotImpl = context => { throw new NotImplementedException("Remote"); };
-        private readonly Func<RemoteSignOutContext, Task> SignedOutCallbackNotImpl = context => { throw new NotImplementedException("SingedOut"); };
+        private readonly RequestDelegate AppWritePath = context => context.Response.WriteAsync(context.Request.Path);
         private readonly RequestDelegate AppNotImpl = context => { throw new NotImplementedException("App"); };
 
         [Fact]
         public async Task OnMessageReceived_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+            };
+            events.OnMessageReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnMessageReceived_Fail_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    context.Fail("Authentication was aborted from user code.");
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnMessageReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.Fail("Authentication was aborted from user code.");
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var exception = await Assert.ThrowsAsync<Exception>(delegate
             {
@@ -96,95 +73,68 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             });
 
             Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
-
-            Assert.True(messageReceived);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnMessageReceived_Handled_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+            };
+            events.OnMessageReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenValidated_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+            };
+            events.OnTokenValidated = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenValidated_Fail_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.Fail("Authentication was aborted from user code.");
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnTokenValidated = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.Fail("Authentication was aborted from user code.");
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var exception = await Assert.ThrowsAsync<Exception>(delegate
             {
@@ -192,156 +142,108 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             });
 
             Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
-
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenValidated_HandledWithoutTicket_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.HandleResponse();
-                    context.Principal = null;
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+            };
+            events.OnTokenValidated = context =>
+            {
+                context.HandleResponse();
+                context.Principal = null;
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
+            events.ValidateExpectations();
         }
 
-        // TODO: Do any other events depend on the presence of the ticket? It's strange we have to double handle this event.
         [Fact]
         public async Task OnTokenValidated_HandledWithTicket_SkipToTicketReceived()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var ticketReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.Success();
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
-                {
-                    ticketReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnTokenValidated = context =>
+            {
+                context.HandleResponse();
+                context.Principal = null;
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            events.OnTokenValidated = context =>
+            {
+                context.Success();
+                return Task.FromResult(0);
+            };
+            events.OnTicketReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(ticketReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthorizationCodeReceived_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+            };
+            events.OnAuthorizationCodeReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthorizationCodeReceived_Fail_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    context.Fail("Authentication was aborted from user code.");
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnAuthorizationCodeReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.Fail("Authentication was aborted from user code.");
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var exception = await Assert.ThrowsAsync<Exception>(delegate
             {
@@ -349,183 +251,105 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             });
 
             Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
-
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthorizationCodeReceived_HandledWithoutTicket_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    context.HandleResponse();
-                    context.Principal = null;
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+            };
+            events.OnAuthorizationCodeReceived = context =>
+            {
+                context.HandleResponse();
+                context.Principal = null;
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthorizationCodeReceived_HandledWithTicket_SkipToTicketReceived()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var ticketReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    context.Success();
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
-                {
-                    ticketReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnAuthorizationCodeReceived = context =>
+            {
+                context.Success();
+                return Task.FromResult(0);
+            };
+            events.OnTicketReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(ticketReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenResponseReceived_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+            };
+            events.OnTokenResponseReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenResponseReceived_Fail_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    context.Fail("Authentication was aborted from user code.");
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnTokenResponseReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.Fail("Authentication was aborted from user code.");
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var exception = await Assert.ThrowsAsync<Exception>(delegate
             {
@@ -533,198 +357,107 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             });
 
             Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
-
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenResponseReceived_HandledWithoutTicket_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    context.Principal = null;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+            };
+            events.OnTokenResponseReceived = context =>
+            {
+                context.Principal = null;
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenResponseReceived_HandledWithTicket_SkipToTicketReceived()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var ticketReceived = false;
-            var tokenResponseReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    context.Success();
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
-                {
-                    ticketReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnTokenResponseReceived = context =>
+            {
+                context.Success();
+                return Task.FromResult(0);
+            };
+            events.OnTicketReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(ticketReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenValidatedBackchannel_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var tokenValidated = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+            };
+            events.OnTokenValidated = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(tokenValidated);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenValidatedBackchannel_Fail_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var tokenValidated = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.Fail("Authentication was aborted from user code.");
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnTokenValidated = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.Fail("Authentication was aborted from user code.");
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var exception = await Assert.ThrowsAsync<Exception>(delegate
             {
@@ -732,211 +465,109 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             });
 
             Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
-
-            Assert.True(messageReceived);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(tokenValidated);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenValidatedBackchannel_HandledWithoutTicket_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var tokenValidated = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.Principal = null;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+            };
+            events.OnTokenValidated = context =>
+            {
+                context.Principal = null;
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(tokenValidated);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTokenValidatedBackchannel_HandledWithTicket_SkipToTicketReceived()
         {
-            var messageReceived = false;
-            var codeReceived = false;
-            var ticketReceived = false;
-            var tokenResponseReceived = false;
-            var tokenValidated = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    context.Success();
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
-                {
-                    ticketReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnTokenValidated = context =>
+            {
+                context.Success();
+                return Task.FromResult(0);
+            };
+            events.OnTicketReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(tokenValidated);
-            Assert.True(ticketReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnUserInformationReceived_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+            };
+            events.OnUserInformationReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnUserInformationReceived_Fail_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    context.Fail("Authentication was aborted from user code.");
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnUserInformationReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.Fail("Authentication was aborted from user code.");
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var exception = await Assert.ThrowsAsync<Exception>(delegate
             {
@@ -944,242 +575,123 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             });
 
             Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
-
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnUserInformationReceived_HandledWithoutTicket_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    context.Principal = null;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+            };
+            events.OnUserInformationReceived = context =>
+            {
+                context.Principal = null;
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnUserInformationReceived_HandledWithTicket_SkipToTicketReceived()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var ticketReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    // context.Ticket = null;
-                    context.Success();
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
-                {
-                    ticketReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnUserInformationReceived = context =>
+            {
+                context.Success();
+                return Task.FromResult(0);
+            };
+            events.OnTicketReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(ticketReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthenticationFailed_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var authFailed = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    throw new NotImplementedException("TestException");
-                };
-                events.OnAuthenticationFailed = context =>
-                {
-                    authFailed = true;
-                    Assert.Equal("TestException", context.Exception.Message);
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectAuthenticationFailed = true,
+            };
+            events.OnUserInformationReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                throw new NotImplementedException("TestException");
+            };
+            events.OnAuthenticationFailed = context =>
+            {
+                Assert.Equal("TestException", context.Exception.Message);
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(authFailed);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthenticationFailed_Fail_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var authFailed = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    throw new NotImplementedException("TestException");
-                };
-                events.OnAuthenticationFailed = context =>
-                {
-                    authFailed = true;
-                    Assert.Equal("TestException", context.Exception.Message);
-                    context.Fail("Authentication was aborted from user code.");
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectAuthenticationFailed = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnUserInformationReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                throw new NotImplementedException("TestException");
+            };
+            events.OnAuthenticationFailed = context =>
+            {
+                Assert.Equal("TestException", context.Exception.Message);
+                context.Fail("Authentication was aborted from user code.");
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var exception = await Assert.ThrowsAsync<Exception>(delegate
             {
@@ -1187,420 +699,222 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             });
 
             Assert.Equal("Authentication was aborted from user code.", exception.InnerException.Message);
-
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(authFailed);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthenticationFailed_HandledWithoutTicket_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var authFailed = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    throw new NotImplementedException("TestException");
-                };
-                events.OnAuthenticationFailed = context =>
-                {
-                    authFailed = true;
-                    Assert.Equal("TestException", context.Exception.Message);
-                    Assert.Null(context.Principal);
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectAuthenticationFailed = true,
+            };
+            events.OnUserInformationReceived = context =>
+            {
+                throw new NotImplementedException("TestException");
+            };
+            events.OnAuthenticationFailed = context =>
+            {
+                Assert.Equal("TestException", context.Exception.Message);
+                Assert.Null(context.Principal);
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(authFailed);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnAuthenticationFailed_HandledWithTicket_SkipToTicketReceived()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var ticketReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var authFailed = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    throw new NotImplementedException("TestException");
-                };
-                events.OnAuthenticationFailed = context =>
-                {
-                    authFailed = true;
-                    Assert.Equal("TestException", context.Exception.Message);
-                    Assert.Null(context.Principal);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectAuthenticationFailed = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnUserInformationReceived = context =>
+            {
+                throw new NotImplementedException("TestException");
+            };
+            events.OnAuthenticationFailed = context =>
+            {
+                Assert.Equal("TestException", context.Exception.Message);
+                Assert.Null(context.Principal);
 
-                    var claims = new[]
-                    {
-                        new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
-                        new Claim(ClaimTypes.Email, "bob@contoso.com"),
-                        new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
-                    };
-
-                    context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
-                    context.Success();
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
+                var claims = new[]
                 {
-                    ticketReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
+                    new Claim(ClaimTypes.NameIdentifier, "Bob le Magnifique"),
+                    new Claim(ClaimTypes.Email, "bob@contoso.com"),
+                    new Claim(ClaimsIdentity.DefaultNameClaimType, "bob")
                 };
-            }),
-            AppNotImpl);
+
+                context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
+                context.Success();
+                return Task.FromResult(0);
+            };
+            events.OnTicketReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(authFailed);
-            Assert.True(ticketReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnRemoteFailure_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var authFailed = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    throw new NotImplementedException("TestException");
-                };
-                events.OnAuthenticationFailed = context =>
-                {
-                    authFailed = true;
-                    Assert.Equal("TestException", context.Exception.Message);
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    Assert.Equal("TestException", context.Failure.Message);
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectAuthenticationFailed = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnUserInformationReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                throw new NotImplementedException("TestException");
+            };
+            events.OnAuthenticationFailed = context =>
+            {
+                Assert.Equal("TestException", context.Exception.Message);
+                return Task.FromResult(0);
+            };
+            events.OnRemoteFailure = context =>
+            {
+                Assert.Equal("TestException", context.Failure.Message);
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(authFailed);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnRemoteFailure_Handled_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var authFailed = false;
-            var remoteFailure = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    throw new NotImplementedException("TestException");
-                };
-                events.OnAuthenticationFailed = context =>
-                {
-                    authFailed = true;
-                    Assert.Equal("TestException", context.Exception.Message);
-                    return Task.FromResult(0);
-                };
-                events.OnRemoteFailure = context =>
-                {
-                    remoteFailure = true;
-                    Assert.Equal("TestException", context.Failure.Message);
-                    Assert.Equal("testvalue", context.Properties.Items["testkey"]);
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectAuthenticationFailed = true,
+                ExpectRemoteFailure = true,
+            };
+            events.OnUserInformationReceived = context =>
+            {
+                throw new NotImplementedException("TestException");
+            };
+            events.OnRemoteFailure = context =>
+            {
+                Assert.Equal("TestException", context.Failure.Message);
+                Assert.Equal("testvalue", context.Properties.Items["testkey"]);
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(authFailed);
-            Assert.True(remoteFailure);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTicketReceived_Skip_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var ticektReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
-                {
-                    ticektReceived = true;
-                    context.SkipHandler();
-                    return Task.FromResult(0);
-                };
-            }),
-            context =>
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnTicketReceived = context =>
             {
-                return context.Response.WriteAsync(context.Request.Path);
-            });
+                context.SkipHandler();
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppWritePath);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
             Assert.Equal("/signin-oidc", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(ticektReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnTicketReceived_Handled_NoMoreEventsRun()
         {
-            var messageReceived = false;
-            var tokenValidated = false;
-            var codeReceived = false;
-            var tokenResponseReceived = false;
-            var userInfoReceived = false;
-            var ticektReceived = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnMessageReceived = context =>
-                {
-                    messageReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenValidated = context =>
-                {
-                    tokenValidated = true;
-                    return Task.FromResult(0);
-                };
-                events.OnAuthorizationCodeReceived = context =>
-                {
-                    codeReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTokenResponseReceived = context =>
-                {
-                    tokenResponseReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnUserInformationReceived = context =>
-                {
-                    userInfoReceived = true;
-                    return Task.FromResult(0);
-                };
-                events.OnTicketReceived = context =>
-                {
-                    ticektReceived = true;
-                    context.HandleResponse();
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    return Task.FromResult(0);
-                };
-            }),
-            AppNotImpl);
+                ExpectMessageReceived = true,
+                ExpectTokenValidated = true,
+                ExpectAuthorizationCodeReceived = true,
+                ExpectTokenResponseReceived = true,
+                ExpectUserInfoReceived = true,
+                ExpectTicketReceived = true,
+            };
+            events.OnTicketReceived = context =>
+            {
+                context.HandleResponse();
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                return Task.FromResult(0);
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var response = await PostAsync(server, "signin-oidc", "id_token=my_id_token&state=protected_state&code=my_code");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Equal("", await response.Content.ReadAsStringAsync());
-            Assert.True(messageReceived);
-            Assert.True(tokenValidated);
-            Assert.True(codeReceived);
-            Assert.True(tokenResponseReceived);
-            Assert.True(userInfoReceived);
-            Assert.True(ticektReceived);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnRedirectToIdentityProviderForSignOut_Invoked()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnRedirectToIdentityProviderForSignOut = context =>
-                {
-                    forSignOut = true;
-                    return Task.CompletedTask;
-                };
-            }),
+                ExpectRedirectForSignOut = true,
+            };
+            var server = CreateServer(events,
             context =>
             {
                 return context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
@@ -1611,23 +925,23 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
             Assert.Equal(HttpStatusCode.Found, response.StatusCode);
             Assert.Equal("http://testhost/end", response.Headers.Location.GetLeftPart(UriPartial.Path));
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnRedirectToIdentityProviderForSignOut_Handled_RedirectNotInvoked()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnRedirectToIdentityProviderForSignOut = context =>
-                {
-                    forSignOut = true;
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    context.HandleResponse();
-                    return Task.CompletedTask;
-                };
-            }),
+                ExpectRedirectForSignOut = true,
+            };
+            events.OnRedirectToIdentityProviderForSignOut = context =>
+            {
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                context.HandleResponse();
+                return Task.CompletedTask;
+            };
+            var server = CreateServer(events,
             context =>
             {
                 return context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
@@ -1638,28 +952,23 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Null(response.Headers.Location);
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnRemoteSignOut_Invoked()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnRemoteSignOut = context =>
-                {
-                    forSignOut = true;
-                    return Task.CompletedTask;
-                };
-            }),
-            AppNotImpl);
+                ExpectRemoteSignOut = true,
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var client = server.CreateClient();
             var response = await client.GetAsync("/signout-oidc");
 
             Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
             Assert.True(response.Headers.TryGetValues(HeaderNames.SetCookie, out var values));
             Assert.True(SetCookieHeaderValue.TryParseStrictList(values.ToList(), out var parsedValues));
             Assert.Equal(1, parsedValues.Count);
@@ -1669,41 +978,39 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         [Fact]
         public async Task OnRemoteSignOut_Handled_NoSignout()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnRemoteSignOut = context =>
-                {
-                    forSignOut = true;
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    context.HandleResponse();
-                    return Task.CompletedTask;
-                };
-            }),
-            AppNotImpl);
+                ExpectRemoteSignOut = true,
+            };
+            events.OnRemoteSignOut = context =>
+            {
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                context.HandleResponse();
+                return Task.CompletedTask;
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var client = server.CreateClient();
             var response = await client.GetAsync("/signout-oidc");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
             Assert.False(response.Headers.TryGetValues(HeaderNames.SetCookie, out var values));
         }
 
         [Fact]
         public async Task OnRemoteSignOut_Skip_NoSignout()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnRemoteSignOut = context =>
-                {
-                    forSignOut = true;
-                    context.SkipHandler();
-                    return Task.CompletedTask;
-                };
-            }),
-            context =>
+                ExpectRemoteSignOut = true,
+            };
+            events.OnRemoteSignOut = context =>
+            {
+                context.SkipHandler();
+                return Task.CompletedTask;
+            };
+            var server = CreateServer(events, context =>
             {
                 context.Response.StatusCode = StatusCodes.Status202Accepted;
                 return Task.CompletedTask;
@@ -1713,69 +1020,63 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             var response = await client.GetAsync("/signout-oidc");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
             Assert.False(response.Headers.TryGetValues(HeaderNames.SetCookie, out var values));
         }
 
         [Fact]
         public async Task OnRedirectToSignedOutRedirectUri_Invoked()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnSignedOutCallbackRedirect = context =>
-                {
-                    forSignOut = true;
-                    return Task.CompletedTask;
-                };
-            }),
-            AppNotImpl);
+                ExpectRedirectToSignedOut = true,
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var client = server.CreateClient();
             var response = await client.GetAsync("/signout-callback-oidc?state=protected_state");
 
             Assert.Equal(HttpStatusCode.Found, response.StatusCode);
             Assert.Equal("http://testhost/redirect", response.Headers.Location.AbsoluteUri);
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnRedirectToSignedOutRedirectUri_Handled_NoRedirect()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnSignedOutCallbackRedirect = context =>
-                {
-                    forSignOut = true;
-                    context.Response.StatusCode = StatusCodes.Status202Accepted;
-                    context.HandleResponse();
-                    return Task.CompletedTask;
-                };
-            }),
-            AppNotImpl);
+                ExpectRedirectToSignedOut = true,
+            };
+            events.OnSignedOutCallbackRedirect = context =>
+            {
+                context.Response.StatusCode = StatusCodes.Status202Accepted;
+                context.HandleResponse();
+                return Task.CompletedTask;
+            };
+            var server = CreateServer(events, AppNotImpl);
 
             var client = server.CreateClient();
             var response = await client.GetAsync("/signout-callback-oidc?state=protected_state");
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Null(response.Headers.Location);
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
         }
 
         [Fact]
         public async Task OnRedirectToSignedOutRedirectUri_Skipped_NoRedirect()
         {
-            var forSignOut = false;
-            var server = CreateServer(CreateNotImpEvents(events =>
+            var events = new ExpectedOidcEvents()
             {
-                events.OnSignedOutCallbackRedirect = context =>
-                {
-                    forSignOut = true;
-                    context.SkipHandler();
-                    return Task.CompletedTask;
-                };
-            }),
+                ExpectRedirectToSignedOut = true,
+            };
+            events.OnSignedOutCallbackRedirect = context =>
+            {
+                context.SkipHandler();
+                return Task.CompletedTask;
+            };
+            var server = CreateServer(events,
             context =>
             {
                 context.Response.StatusCode = StatusCodes.Status202Accepted;
@@ -1787,29 +1088,124 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
             Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
             Assert.Null(response.Headers.Location);
-            Assert.True(forSignOut);
+            events.ValidateExpectations();
         }
 
-        private OpenIdConnectEvents CreateNotImpEvents(Action<OpenIdConnectEvents> configureEvents)
+        private class ExpectedOidcEvents : OpenIdConnectEvents
         {
-            var events = new OpenIdConnectEvents()
-            {
-                OnMessageReceived = MessageNotImpl,
-                OnTokenValidated = TokenNotImpl,
-                OnAuthorizationCodeReceived = CodeNotImpl,
-                OnTokenResponseReceived = TokenResponseNotImpl,
-                OnUserInformationReceived = UserNotImpl,
-                OnAuthenticationFailed = FailedNotImpl,
-                OnTicketReceived = TicketNotImpl,
-                OnRemoteFailure = FailureNotImpl,
+            public bool ExpectMessageReceived { get; set; }
+            public bool InvokedMessageReceived { get; set; }
 
-                OnRedirectToIdentityProvider = RedirectNotImpl,
-                OnRedirectToIdentityProviderForSignOut = RedirectNotImpl,
-                OnRemoteSignOut = RemoteSignOutNotImpl,
-                OnSignedOutCallbackRedirect = SignedOutCallbackNotImpl,
-            };
-            configureEvents(events);
-            return events;
+            public bool ExpectTokenValidated { get; set; }
+            public bool InvokedTokenValidated { get; set; }
+
+            public bool ExpectRemoteFailure { get; set; }
+            public bool InvokedRemoteFailure { get; set; }
+
+            public bool ExpectTicketReceived { get; set; }
+            public bool InvokedTicketReceived { get; set; }
+
+            public bool ExpectAuthorizationCodeReceived { get; set; }
+            public bool InvokedAuthorizationCodeReceived { get; set; }
+
+            public bool ExpectTokenResponseReceived { get; set; }
+            public bool InvokedTokenResponseReceived { get; set; }
+
+            public bool ExpectUserInfoReceived { get; set; }
+            public bool InvokedUserInfoReceived { get; set; }
+
+            public bool ExpectAuthenticationFailed { get; set; }
+            public bool InvokeAuthenticationFailed { get; set; }
+
+            public bool ExpectRedirectForSignOut { get; set; }
+            public bool InvokedRedirectForSignOut { get; set; }
+
+            public bool ExpectRemoteSignOut { get; set; }
+            public bool InvokedRemoteSignOut { get; set; }
+
+            public bool ExpectRedirectToSignedOut { get; set; }
+            public bool InvokedRedirectToSignedOut { get; set; }
+
+            public override Task MessageReceived(MessageReceivedContext context)
+            {
+                InvokedMessageReceived = true;
+                return base.MessageReceived(context);
+            }
+
+            public override Task TokenValidated(TokenValidatedContext context)
+            {
+                InvokedTokenValidated = true;
+                return base.TokenValidated(context);
+            }
+
+            public override Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
+            {
+                InvokedAuthorizationCodeReceived = true;
+                return base.AuthorizationCodeReceived(context);
+            }
+
+            public override Task TokenResponseReceived(TokenResponseReceivedContext context)
+            {
+                InvokedTokenResponseReceived = true;
+                return base.TokenResponseReceived(context);
+            }
+
+            public override Task UserInformationReceived(UserInformationReceivedContext context)
+            {
+                InvokedUserInfoReceived = true;
+                return base.UserInformationReceived(context);
+            }
+
+            public override Task AuthenticationFailed(AuthenticationFailedContext context)
+            {
+                InvokeAuthenticationFailed = true;
+                return base.AuthenticationFailed(context);
+            }
+
+            public override Task TicketReceived(TicketReceivedContext context)
+            {
+                InvokedTicketReceived = true;
+                return base.TicketReceived(context);
+            }
+
+            public override Task RemoteFailure(RemoteFailureContext context)
+            {
+                InvokedRemoteFailure = true;
+                return base.RemoteFailure(context);
+            }
+
+            public override Task RedirectToIdentityProviderForSignOut(RedirectContext context)
+            {
+                InvokedRedirectForSignOut = true;
+                return base.RedirectToIdentityProviderForSignOut(context);
+            }
+
+            public override Task RemoteSignOut(RemoteSignOutContext context)
+            {
+                InvokedRemoteSignOut = true;
+                return base.RemoteSignOut(context);
+            }
+
+            public override Task SignedOutCallbackRedirect(RemoteSignOutContext context)
+            {
+                InvokedRedirectToSignedOut = true;
+                return base.SignedOutCallbackRedirect(context);
+            }
+
+            public void ValidateExpectations()
+            {
+                Assert.Equal(ExpectMessageReceived, InvokedMessageReceived);
+                Assert.Equal(ExpectTokenValidated, InvokedTokenValidated);
+                Assert.Equal(ExpectAuthorizationCodeReceived, InvokedAuthorizationCodeReceived);
+                Assert.Equal(ExpectTokenResponseReceived, InvokedTokenResponseReceived);
+                Assert.Equal(ExpectUserInfoReceived, InvokedUserInfoReceived);
+                Assert.Equal(ExpectAuthenticationFailed, InvokeAuthenticationFailed);
+                Assert.Equal(ExpectTicketReceived, InvokedTicketReceived);
+                Assert.Equal(ExpectRemoteFailure, InvokedRemoteFailure);
+                Assert.Equal(ExpectRedirectForSignOut, InvokedRedirectForSignOut);
+                Assert.Equal(ExpectRemoteSignOut, InvokedRemoteSignOut);
+                Assert.Equal(ExpectRedirectToSignedOut, InvokedRedirectToSignedOut);
+            }
         }
 
         private TestServer CreateServer(OpenIdConnectEvents events, RequestDelegate appCode)

From bd8ecd02684d490ece96c484e1092386f3515dec Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 1 Nov 2017 16:37:42 -0700
Subject: [PATCH 823/900] Pin tool and package versions to make builds more
 repeatable

Part of aspnet/Universe#575
---
 .gitignore                                    |  1 -
 Directory.Build.props                         |  6 +--
 Directory.Build.targets                       | 17 ++-----
 NuGet.config                                  |  1 +
 build/dependencies.props                      | 46 +++++++++++++++++++
 build/repo.props                              |  8 +++-
 korebuild-lock.txt                            |  2 +
 korebuild.json                                |  4 ++
 samples/CookieSample/CookieSample.csproj      | 12 ++---
 .../CookieSessionSample.csproj                | 12 ++---
 .../JwtBearerSample/JwtBearerSample.csproj    | 12 ++---
 .../OpenIdConnect.AzureAdSample.csproj        | 14 +++---
 .../OpenIdConnectSample.csproj                | 18 ++++----
 samples/SocialSample/SocialSample.csproj      | 18 ++++----
 src/Directory.Build.props                     |  2 +-
 ...AspNetCore.Authentication.JwtBearer.csproj |  2 +-
 ...oft.AspNetCore.Authentication.OAuth.csproj |  2 +-
 ...etCore.Authentication.OpenIdConnect.csproj |  2 +-
 ...Microsoft.AspNetCore.Authentication.csproj | 16 +++----
 ...oft.AspNetCore.Authorization.Policy.csproj |  4 +-
 .../Microsoft.AspNetCore.Authorization.csproj |  4 +-
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |  4 +-
 .../Microsoft.Owin.Security.Interop.csproj    |  4 +-
 test/Directory.Build.props                    | 12 ++---
 ...soft.AspNetCore.Authentication.Test.csproj |  2 +-
 ...osoft.AspNetCore.Authorization.Test.csproj |  6 +--
 ....ChunkingCookieManager.Sources.Test.csproj |  2 +-
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |  4 +-
 ...icrosoft.Owin.Security.Interop.Test.csproj |  6 +--
 version.props                                 | 10 ++++
 version.xml                                   |  8 ----
 31 files changed, 155 insertions(+), 106 deletions(-)
 create mode 100644 build/dependencies.props
 create mode 100644 korebuild-lock.txt
 create mode 100644 korebuild.json
 create mode 100644 version.props
 delete mode 100644 version.xml

diff --git a/.gitignore b/.gitignore
index bac5b75057..d5717b3f3f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,4 +30,3 @@ project.lock.json
 /.vs/
 .vscode/
 global.json
-korebuild-lock.txt
diff --git a/Directory.Build.props b/Directory.Build.props
index 61b629ccce..d277ef8629 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,5 +1,6 @@
-<Project>
-  <Import Project="version.xml" />
+<Project>
+  <Import Project="version.props" />
+  <Import Project="build\dependencies.props" />
 
   <PropertyGroup>
     <Product>Microsoft ASP.NET Core</Product>
@@ -9,7 +10,6 @@
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)build\Key.snk</AssemblyOriginatorKeyFile>
     <SignAssembly>true</SignAssembly>
     <PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
-    <VersionSuffix Condition="'$(VersionSuffix)'!='' AND '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
 </Project>
diff --git a/Directory.Build.targets b/Directory.Build.targets
index bc118fd907..e83ff95e39 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -1,14 +1,5 @@
-<Project InitialTargets="EnsureKoreBuildRestored">
-  <Target Name="EnsureKoreBuildRestored" Condition=" '$(KoreBuildRestoreTargetsImported)' != 'true' AND '$(MSBuildProjectName)' != 'BenchmarkDotNet.Autogenerated'">
-    <PropertyGroup>
-      <_BootstrapperFile Condition=" $([MSBuild]::IsOSUnixLike()) ">build.sh</_BootstrapperFile>
-      <_BootstrapperFile Condition="! $([MSBuild]::IsOSUnixLike()) ">build.cmd</_BootstrapperFile>
-      <_BootstrapperError>
-        Package references have not been pinned. Run './$(_BootstrapperFile) /t:Pin'.
-        Also, you can run './$(_BootstrapperFile) /t:Restore' which will pin *and* restore packages. '$(_BootstrapperFile)' can be found in '$(MSBuildThisFileDirectory)'.
-      </_BootstrapperError>
-    </PropertyGroup>
-
-    <Error Code="KRB1001" Text="$(_BootstrapperError.Trim())" />
-  </Target>
+<Project>
+  <PropertyGroup>
+    <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
+  </PropertyGroup>
 </Project>
diff --git a/NuGet.config b/NuGet.config
index 20060c934e..4e8a1f6de1 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -3,6 +3,7 @@
   <packageSources>
     <clear />
     <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
+    <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
     <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
   </packageSources>
 </configuration>
diff --git a/build/dependencies.props b/build/dependencies.props
new file mode 100644
index 0000000000..13ed63da13
--- /dev/null
+++ b/build/dependencies.props
@@ -0,0 +1,46 @@
+<Project>
+  <PropertyGroup>
+    <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
+  </PropertyGroup>
+  <PropertyGroup Label="Package Versions">
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15550</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.1</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
+    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview1-408290725</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
+    <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
+    <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
+    <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
+    <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
+    <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
+    <NewtonsoftJsonPackageVersion>10.0.1</NewtonsoftJsonPackageVersion>
+    <XunitAnalyzersPackageVersion>0.7.0</XunitAnalyzersPackageVersion>
+    <XunitPackageVersion>2.3.0</XunitPackageVersion>
+    <XunitRunnerVisualStudioPackageVersion>2.3.0</XunitRunnerVisualStudioPackageVersion>
+  </PropertyGroup>
+  <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
+</Project>
diff --git a/build/repo.props b/build/repo.props
index 7866974bc2..598c7f5a31 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,7 +1,11 @@
 <Project>
   <ItemGroup>
     <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'" />
-    <PackageLineup Include="Internal.AspNetCore.Universe.Lineup" Version="2.1.0-*" />
-    <PackageLineup Include="Internal.AspNetCore.Partners.Lineup" Version="2.1.0-*" />
   </ItemGroup>
+
+  <PropertyGroup>
+    <!-- These properties are use by the automation that updates dependencies.props -->
+    <LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
+    <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json</LineupPackageRestoreSource>
+  </PropertyGroup>
 </Project>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
new file mode 100644
index 0000000000..36d8056037
--- /dev/null
+++ b/korebuild-lock.txt
@@ -0,0 +1,2 @@
+version:2.1.0-preview1-15550
+commithash:0dd080d0d87b4d1966ec0af9961dc8bacc04f84f
diff --git a/korebuild.json b/korebuild.json
new file mode 100644
index 0000000000..bd5d51a51b
--- /dev/null
+++ b/korebuild.json
@@ -0,0 +1,4 @@
+{
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
+  "channel": "dev"
+}
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index 34af273c47..d8ebc437e1 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -9,12 +9,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Hosting" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
+    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="$(MicrosoftAspNetCoreHostingPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(MicrosoftAspNetCoreDataProtectionPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index 6e6bd0e796..d480381765 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -9,12 +9,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
-    <PackageReference Include="Microsoft.Extensions.Caching.Memory" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(MicrosoftAspNetCoreDataProtectionPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="$(MicrosoftExtensionsCachingMemoryPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 2b3f9c3c98..2880ac9637 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -10,12 +10,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
-    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="$(MicrosoftAspNetCoreStaticFilesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(MicrosoftExtensionsConfigurationUserSecretsPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 64d90423ba..1e0a0f5e3f 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -11,13 +11,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
-    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(MicrosoftExtensionsConfigurationUserSecretsPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
+    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(MicrosoftIdentityModelClientsActiveDirectoryPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index bc54cbf3df..84fb99c7be 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -15,15 +15,15 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
-    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Debug" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(MicrosoftAspNetCoreServerKestrelHttpsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(MicrosoftExtensionsConfigurationUserSecretsPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(MicrosoftExtensionsFileProvidersEmbeddedPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(MicrosoftExtensionsLoggingDebugPackageVersion)" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index a1706f4d1f..7a8de5763d 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -22,15 +22,15 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" />
-    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" />
-    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(MicrosoftAspNetCoreDataProtectionPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(MicrosoftAspNetCoreServerKestrelHttpsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="$(MicrosoftExtensionsConfigurationUserSecretsPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(MicrosoftExtensionsFileProvidersEmbeddedPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Directory.Build.props b/src/Directory.Build.props
index 9d9a3de33a..1e0980f663 100644
--- a/src/Directory.Build.props
+++ b/src/Directory.Build.props
@@ -2,6 +2,6 @@
   <Import Project="..\Directory.Build.props" />
 
   <ItemGroup>
-    <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" />
+    <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" Version="$(InternalAspNetCoreSdkPackageVersion)" />
   </ItemGroup>
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 8526fcd397..e5bae5a3da 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -13,7 +13,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
index a7af0b7f3f..5c8a5e3a96 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
@@ -13,7 +13,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Newtonsoft.Json" />
+    <PackageReference Include="Newtonsoft.Json" Version="$(NewtonsoftJsonPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index a8f0077488..b7f4c1704a 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -13,7 +13,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index a156fa549f..7e3ce4eb39 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -9,14 +9,14 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Core" />
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection" />
-    <PackageReference Include="Microsoft.AspNetCore.Http" />
-    <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
-    <PackageReference Include="Microsoft.Extensions.Options" />
-    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.Extensions.WebEncoders" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(MicrosoftAspNetCoreAuthenticationCorePackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="$(MicrosoftAspNetCoreDataProtectionPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(MicrosoftAspNetCoreHttpPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(MicrosoftAspNetCoreHttpExtensionsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="$(MicrosoftExtensionsOptionsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" PrivateAssets="All" Version="$(MicrosoftExtensionsSecurityHelperSourcesPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(MicrosoftExtensionsWebEncodersPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
index 087645ee02..16e4aa2622 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
@@ -13,8 +13,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" />
-    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="$(MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" PrivateAssets="All" Version="$(MicrosoftExtensionsSecurityHelperSourcesPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
index 3b2ada85f9..ac4aa6c320 100644
--- a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
+++ b/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
@@ -13,8 +13,8 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
-    <PackageReference Include="Microsoft.Extensions.Options" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="$(MicrosoftExtensionsOptionsPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index c6021e012a..1a42b04dde 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Http" />
-    <PackageReference Include="Microsoft.Extensions.Options" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(MicrosoftAspNetCoreHttpPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Options" Version="$(MicrosoftExtensionsOptionsPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
index 67f8c94209..a12bc65637 100644
--- a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
+++ b/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
@@ -9,8 +9,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" />
-    <PackageReference Include="Microsoft.Owin.Security" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="$(MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion)" />
+    <PackageReference Include="Microsoft.Owin.Security" Version="$(MicrosoftOwinSecurityPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Directory.Build.props b/test/Directory.Build.props
index 724f34b0bb..19544e342c 100644
--- a/test/Directory.Build.props
+++ b/test/Directory.Build.props
@@ -2,11 +2,11 @@
   <Import Project="..\Directory.Build.props" />
 
   <ItemGroup>
-    <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" />
-    <PackageReference Include="Microsoft.AspNetCore.Testing" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" />
-    <PackageReference Include="xunit" />
-    <PackageReference Include="xunit.analyzers" />
-    <PackageReference Include="xunit.runner.visualstudio" />
+    <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" Version="$(InternalAspNetCoreSdkPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(MicrosoftAspNetCoreTestingPackageVersion)" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(MicrosoftNETTestSdkPackageVersion)" />
+    <PackageReference Include="xunit" Version="$(XunitPackageVersion)" />
+    <PackageReference Include="xunit.analyzers" Version="$(XunitAnalyzersPackageVersion)" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitRunnerVisualStudioPackageVersion)" />
   </ItemGroup>
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index ae8789e11b..2a43b216d0 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -18,7 +18,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(MicrosoftAspNetCoreTestHostPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index b133522f09..2b2cc69ba7 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -11,9 +11,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Http" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
-    <PackageReference Include="Microsoft.Extensions.Logging" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(MicrosoftAspNetCoreHttpPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(MicrosoftExtensionsDependencyInjectionPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="$(MicrosoftExtensionsLoggingPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index 49bbbd91fe..e6f0b22934 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -10,7 +10,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Http" />
+    <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(MicrosoftAspNetCoreHttpPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index 7d50d86a31..951dac0c51 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -11,8 +11,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(MicrosoftAspNetCoreTestHostPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="$(MicrosoftExtensionsDependencyInjectionPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
index 779d8c141f..f369f1f01a 100644
--- a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
+++ b/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
@@ -10,9 +10,9 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.TestHost" />
-    <PackageReference Include="Microsoft.Owin.Security.Cookies" />
-    <PackageReference Include="Microsoft.Owin.Testing" />
+    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="$(MicrosoftAspNetCoreTestHostPackageVersion)" />
+    <PackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(MicrosoftOwinSecurityCookiesPackageVersion)" />
+    <PackageReference Include="Microsoft.Owin.Testing" Version="$(MicrosoftOwinTestingPackageVersion)" />
   </ItemGroup>
 
 </Project>
diff --git a/version.props b/version.props
new file mode 100644
index 0000000000..5c4a7c32d1
--- /dev/null
+++ b/version.props
@@ -0,0 +1,10 @@
+<Project>
+  <PropertyGroup>
+    <VersionPrefix>2.1.0</VersionPrefix>
+    <VersionSuffix>preview1</VersionSuffix>
+    <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
+    <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
+    <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>
+    <VersionSuffix Condition="'$(VersionSuffix)' != '' And '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
+  </PropertyGroup>
+</Project>
diff --git a/version.xml b/version.xml
deleted file mode 100644
index 3c05022b7d..0000000000
--- a/version.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- This file may be overwritten by automation. -->
-<Project>
-  <PropertyGroup>
-    <KoreBuildChannel>dev</KoreBuildChannel>
-    <VersionPrefix>2.1.0</VersionPrefix>
-    <VersionSuffix>preview1</VersionSuffix>
-  </PropertyGroup>
-</Project>

From 1927f65e976a6d81d5ed1fe734833aca578cd166 Mon Sep 17 00:00:00 2001
From: Dominick Baier <dbaier@leastprivilege.com>
Date: Fri, 3 Nov 2017 16:55:42 +0100
Subject: [PATCH 824/900] Change LogLevel from Information to Debug (see #1517)

---
 src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
index 46223d6471..8cba6c0d5e 100644
--- a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
@@ -39,7 +39,7 @@ namespace Microsoft.Extensions.Logging
                 formatString: "{AuthenticationScheme} was not authenticated. Failure message: {FailureMessage}");
             _authSchemeAuthenticated = LoggerMessage.Define<string>(
                 eventId: 8,
-                logLevel: LogLevel.Information,
+                logLevel: LogLevel.Debug,
                 formatString: "AuthenticationScheme: {AuthenticationScheme} was successfully authenticated.");
             _authSchemeNotAuthenticated = LoggerMessage.Define<string>(
                 eventId: 9,

From 72e1cb1385c982e6dba90c839d1a1455e2813e6c Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Mon, 6 Nov 2017 14:16:57 -0800
Subject: [PATCH 825/900] Add VirtualSchemes

---
 .../AuthenticationBuilder.cs                  |  41 +-
 .../AuthenticationHandler.cs                  |  18 +-
 .../VirtualAuthenticationHandler.cs           |  71 +++
 .../VirtualSchemeOptions.cs                   |  33 ++
 .../GoogleTests.cs                            |  22 +-
 .../VirtualHandlerTests.cs                    | 525 ++++++++++++++++++
 6 files changed, 674 insertions(+), 36 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs

diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
index 3bce55ea10..7bf8fe96ee 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
@@ -25,18 +25,10 @@ namespace Microsoft.AspNetCore.Authentication
         /// </summary>
         public virtual IServiceCollection Services { get; }
 
-        /// <summary>
-        /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
-        /// </summary>
-        /// <typeparam name="TOptions">The <see cref="AuthenticationSchemeOptions"/> type to configure the handler."/>.</typeparam>
-        /// <typeparam name="THandler">The <see cref="AuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
-        /// <param name="authenticationScheme">The name of this scheme.</param>
-        /// <param name="displayName">The display name of this scheme.</param>
-        /// <param name="configureOptions">Used to configure the scheme options.</param>
-        /// <returns>The builder.</returns>
-        public virtual AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
-            where TOptions : AuthenticationSchemeOptions, new()
-            where THandler : AuthenticationHandler<TOptions>
+
+        private AuthenticationBuilder AddSchemeHelper<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+            where TOptions : class, new()
+            where THandler : class, IAuthenticationHandler
         {
             Services.Configure<AuthenticationOptions>(o =>
             {
@@ -53,6 +45,20 @@ namespace Microsoft.AspNetCore.Authentication
             return this;
         }
 
+        /// <summary>
+        /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
+        /// </summary>
+        /// <typeparam name="TOptions">The <see cref="AuthenticationSchemeOptions"/> type to configure the handler."/>.</typeparam>
+        /// <typeparam name="THandler">The <see cref="AuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="displayName">The display name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+            => AddSchemeHelper<TOptions, THandler>(authenticationScheme, displayName, configureOptions);
+
         /// <summary>
         /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
         /// </summary>
@@ -84,6 +90,17 @@ namespace Microsoft.AspNetCore.Authentication
             return AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureOptions: configureOptions);
         }
 
+        /// <summary>
+        /// Adds a <see cref="VirtualAuthenticationHandler"/> based authentication handler which can be used to 
+        /// redirect to other authentication schemes.
+        /// </summary>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="displayName">The display name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddVirtualScheme(string authenticationScheme, string displayName, Action<VirtualSchemeOptions> configureOptions)
+            => AddSchemeHelper<VirtualSchemeOptions, VirtualAuthenticationHandler>(authenticationScheme, displayName, configureOptions);
+
         // Used to ensure that there's always a default sign in scheme that's not itself
         private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
         {
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 9728e5ff05..ef4292100a 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -22,12 +22,12 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected HttpRequest Request
         {
-            get { return Context.Request; }
+            get => Context.Request;
         }
 
         protected HttpResponse Response
         {
-            get { return Context.Response; }
+            get => Context.Response;
         }
 
         protected PathString OriginalPath => Context.Features.Get<IAuthenticationFeature>()?.OriginalPath ?? Request.Path;
@@ -52,10 +52,7 @@ namespace Microsoft.AspNetCore.Authentication
 
         protected string CurrentUri
         {
-            get
-            {
-                return Request.Scheme + "://" + Request.Host + Request.PathBase + Request.Path + Request.QueryString;
-            }
+            get => Request.Scheme + "://" + Request.Host + Request.PathBase + Request.Path + Request.QueryString;
         }
 
         protected AuthenticationHandler(IOptionsMonitor<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
@@ -116,15 +113,10 @@ namespace Microsoft.AspNetCore.Authentication
         /// Called after options/events have been initialized for the handler to finish initializing itself.
         /// </summary>
         /// <returns>A task</returns>
-        protected virtual Task InitializeHandlerAsync()
-        {
-            return Task.CompletedTask;
-        }
+        protected virtual Task InitializeHandlerAsync() => Task.CompletedTask;
 
         protected string BuildRedirectUri(string targetPath)
-        {
-            return Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;
-        }
+            => Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;
 
         public async Task<AuthenticateResult> AuthenticateAsync()
         {
diff --git a/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs
new file mode 100644
index 0000000000..4a023bec2c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs
@@ -0,0 +1,71 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Forwards calls to another authentication scheme.
+    /// </summary>
+    public class VirtualAuthenticationHandler : IAuthenticationHandler, IAuthenticationSignInHandler
+    {
+        protected IOptionsMonitor<VirtualSchemeOptions> OptionsMonitor { get; }
+        public AuthenticationScheme Scheme { get; private set; }
+        public VirtualSchemeOptions Options { get; private set; }
+        protected HttpContext Context { get; private set; }
+
+        public VirtualAuthenticationHandler(IOptionsMonitor<VirtualSchemeOptions> options)
+        {
+            OptionsMonitor = options;
+        }
+
+        /// <summary>
+        /// Initialize the handler, resolve the options and validate them.
+        /// </summary>
+        /// <param name="scheme"></param>
+        /// <param name="context"></param>
+        /// <returns>A Task.</returns>
+        public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+        {
+            if (scheme == null)
+            {
+                throw new ArgumentNullException(nameof(scheme));
+            }
+            if (context == null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            Scheme = scheme;
+            Context = context;
+
+            Options = OptionsMonitor.Get(Scheme.Name) ?? new VirtualSchemeOptions();
+            Options.Validate();
+
+            return Task.CompletedTask;
+        }
+
+        protected virtual string ResolveTarget(string scheme)
+            => scheme ?? Options.DefaultSelector?.Invoke(Context) ?? Options.Default;
+
+        public virtual Task<AuthenticateResult> AuthenticateAsync()
+            => Context.AuthenticateAsync(ResolveTarget(Options.Authenticate));
+
+        public virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+            => Context.SignInAsync(ResolveTarget(Options.SignIn), user, properties);
+
+        public virtual Task SignOutAsync(AuthenticationProperties properties)
+            => Context.SignOutAsync(ResolveTarget(Options.SignOut), properties);
+
+        public virtual Task ChallengeAsync(AuthenticationProperties properties)
+            => Context.ChallengeAsync(ResolveTarget(Options.Challenge), properties);
+
+        public virtual Task ForbidAsync(AuthenticationProperties properties)
+            => Context.ForbidAsync(ResolveTarget(Options.Forbid), properties);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs
new file mode 100644
index 0000000000..38d819bf59
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs
@@ -0,0 +1,33 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Used to redirect authentication methods to another scheme
+    /// </summary>
+    public class VirtualSchemeOptions
+    {
+        public string Default { get; set; }
+
+        public string Authenticate { get; set; }
+        public string Challenge { get; set; }
+        public string Forbid { get; set; }
+        public string SignIn { get; set; }
+        public string SignOut { get; set; }
+
+        /// <summary>
+        /// Used to select a default scheme to target based on the request.
+        /// </summary>
+        public Func<HttpContext, string> DefaultSelector { get; set; }
+
+
+        /// <summary>
+        /// Check that the options are valid. Should throw an exception if things are not ok.
+        /// </summary>
+        public virtual void Validate() { }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 51bc67cc38..944a4827c3 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -990,7 +990,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
                         var res = context.Response;
                         if (req.Path == new PathString("/challenge"))
                         {
-                            await context.ChallengeAsync("Google");
+                            await context.ChallengeAsync();
                         }
                         else if (req.Path == new PathString("/challengeFacebook"))
                         {
@@ -1061,19 +1061,19 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 .ConfigureServices(services =>
                 {
                     services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
-                    services.AddAuthentication(o =>
-                    {
-                        o.DefaultScheme = TestExtensions.CookieAuthenticationScheme;
-                        o.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
-                    });
-                    services.AddAuthentication()
+                    services.AddAuthentication("Auth")
+                        .AddVirtualScheme("Auth", "Auth", o =>
+                        {
+                            o.Default = TestExtensions.CookieAuthenticationScheme;
+                            o.Challenge = GoogleDefaults.AuthenticationScheme;
+                        })
                         .AddCookie(TestExtensions.CookieAuthenticationScheme)
                         .AddGoogle(configureOptions)
                         .AddFacebook(o =>
-                    {
-                        o.AppId = "Test AppId";
-                        o.AppSecret = "Test AppSecrent";
-                    });
+                        {
+                            o.AppId = "Test AppId";
+                            o.AppSecret = "Test AppSecrent";
+                        });
                 });
             return new TestServer(builder);
         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs
new file mode 100644
index 0000000000..a43478c949
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs
@@ -0,0 +1,525 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class VirtualHandlerTests
+    {
+        [Fact]
+        public async Task CanDispatch()
+        {
+            var server = CreateServer(services =>
+            {
+                services.AddAuthentication(o =>
+                {
+                    o.AddScheme<TestHandler>("auth1", "auth1");
+                    o.AddScheme<TestHandler>("auth2", "auth2");
+                    o.AddScheme<TestHandler>("auth3", "auth3");
+                })
+                .AddVirtualScheme("policy1", "policy1", p =>
+                {
+                    p.Default = "auth1";
+                })
+                .AddVirtualScheme("policy2", "policy2", p =>
+                {
+                    p.Authenticate = "auth2";
+                });
+            });
+
+            var transaction = await server.SendAsync("http://example.com/auth/policy1");
+            Assert.Equal("auth1", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth1"));
+
+            transaction = await server.SendAsync("http://example.com/auth/auth1");
+            Assert.Equal("auth1", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth1"));
+
+            transaction = await server.SendAsync("http://example.com/auth/auth2");
+            Assert.Equal("auth2", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth2"));
+
+            transaction = await server.SendAsync("http://example.com/auth/auth3");
+            Assert.Equal("auth3", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth3"));
+
+            transaction = await server.SendAsync("http://example.com/auth/policy2");
+            Assert.Equal("auth2", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth2"));
+        }
+
+        [Fact]
+        public async Task DefaultTargetSelectorWinsOverDefaultTarget()
+        {
+            var services = new ServiceCollection().AddOptions();
+
+            services.AddAuthentication(o =>
+            {
+                o.AddScheme<TestHandler>("auth1", "auth1");
+                o.AddScheme<TestHandler2>("auth2", "auth2");
+            })
+            .AddVirtualScheme("forward", "forward", p => {
+                p.Default = "auth2";
+                p.DefaultSelector = ctx => "auth1";
+            });
+
+            var handler1 = new TestHandler();
+            services.AddSingleton(handler1);
+            var handler2 = new TestHandler2();
+            services.AddSingleton(handler2);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, handler1.AuthenticateCount);
+            Assert.Equal(0, handler1.ForbidCount);
+            Assert.Equal(0, handler1.ChallengeCount);
+            Assert.Equal(0, handler1.SignInCount);
+            Assert.Equal(0, handler1.SignOutCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+            Assert.Equal(0, handler2.ForbidCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+            Assert.Equal(0, handler2.SignInCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.AuthenticateAsync("forward");
+            Assert.Equal(1, handler1.AuthenticateCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+
+            await context.ForbidAsync("forward");
+            Assert.Equal(1, handler1.ForbidCount);
+            Assert.Equal(0, handler2.ForbidCount);
+
+            await context.ChallengeAsync("forward");
+            Assert.Equal(1, handler1.ChallengeCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+
+            await context.SignOutAsync("forward");
+            Assert.Equal(1, handler1.SignOutCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.SignInAsync("forward", new ClaimsPrincipal());
+            Assert.Equal(1, handler1.SignInCount);
+            Assert.Equal(0, handler2.SignInCount);
+        }
+
+        [Fact]
+        public async Task NullDefaultTargetSelectorFallsBacktoDefaultTarget()
+        {
+            var services = new ServiceCollection().AddOptions();
+
+            services.AddAuthentication(o =>
+            {
+                o.AddScheme<TestHandler>("auth1", "auth1");
+                o.AddScheme<TestHandler2>("auth2", "auth2");
+            })
+            .AddVirtualScheme("forward", "forward", p => {
+                p.Default = "auth1";
+                p.DefaultSelector = ctx => null;
+            });
+
+            var handler1 = new TestHandler();
+            services.AddSingleton(handler1);
+            var handler2 = new TestHandler2();
+            services.AddSingleton(handler2);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, handler1.AuthenticateCount);
+            Assert.Equal(0, handler1.ForbidCount);
+            Assert.Equal(0, handler1.ChallengeCount);
+            Assert.Equal(0, handler1.SignInCount);
+            Assert.Equal(0, handler1.SignOutCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+            Assert.Equal(0, handler2.ForbidCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+            Assert.Equal(0, handler2.SignInCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.AuthenticateAsync("forward");
+            Assert.Equal(1, handler1.AuthenticateCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+
+            await context.ForbidAsync("forward");
+            Assert.Equal(1, handler1.ForbidCount);
+            Assert.Equal(0, handler2.ForbidCount);
+
+            await context.ChallengeAsync("forward");
+            Assert.Equal(1, handler1.ChallengeCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+
+            await context.SignOutAsync("forward");
+            Assert.Equal(1, handler1.SignOutCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.SignInAsync("forward", new ClaimsPrincipal());
+            Assert.Equal(1, handler1.SignInCount);
+            Assert.Equal(0, handler2.SignInCount);
+        }
+
+        [Fact]
+        public async Task SpecificTargetAlwaysWinsOverDefaultTarget()
+        {
+            var services = new ServiceCollection().AddOptions();
+
+            services.AddAuthentication(o =>
+            {
+                o.AddScheme<TestHandler>("auth1", "auth1");
+                o.AddScheme<TestHandler2>("auth2", "auth2");
+            })
+            .AddVirtualScheme("forward", "forward", p => {
+                p.Default = "auth2";
+                p.DefaultSelector = ctx => "auth2";
+                p.Authenticate = "auth1";
+                p.SignIn = "auth1";
+                p.SignOut = "auth1";
+                p.Forbid = "auth1";
+                p.Challenge = "auth1";
+            });
+
+            var handler1 = new TestHandler();
+            services.AddSingleton(handler1);
+            var handler2 = new TestHandler2();
+            services.AddSingleton(handler2);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, handler1.AuthenticateCount);
+            Assert.Equal(0, handler1.ForbidCount);
+            Assert.Equal(0, handler1.ChallengeCount);
+            Assert.Equal(0, handler1.SignInCount);
+            Assert.Equal(0, handler1.SignOutCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+            Assert.Equal(0, handler2.ForbidCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+            Assert.Equal(0, handler2.SignInCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.AuthenticateAsync("forward");
+            Assert.Equal(1, handler1.AuthenticateCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+
+            await context.ForbidAsync("forward");
+            Assert.Equal(1, handler1.ForbidCount);
+            Assert.Equal(0, handler2.ForbidCount);
+
+            await context.ChallengeAsync("forward");
+            Assert.Equal(1, handler1.ChallengeCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+
+            await context.SignOutAsync("forward");
+            Assert.Equal(1, handler1.SignOutCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.SignInAsync("forward", new ClaimsPrincipal());
+            Assert.Equal(1, handler1.SignInCount);
+            Assert.Equal(0, handler2.SignInCount);
+        }
+
+        [Fact]
+        public async Task VirtualSchemeTargetsForwardWithDefaultTarget()
+        {
+            var services = new ServiceCollection().AddOptions();
+
+            services.AddAuthentication(o =>
+            {
+                o.AddScheme<TestHandler>("auth1", "auth1");
+                o.AddScheme<TestHandler2>("auth2", "auth2");
+            })
+            .AddVirtualScheme("forward", "forward", p => p.Default = "auth1");
+
+            var handler1 = new TestHandler();
+            services.AddSingleton(handler1);
+            var handler2 = new TestHandler2();
+            services.AddSingleton(handler2);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, handler1.AuthenticateCount);
+            Assert.Equal(0, handler1.ForbidCount);
+            Assert.Equal(0, handler1.ChallengeCount);
+            Assert.Equal(0, handler1.SignInCount);
+            Assert.Equal(0, handler1.SignOutCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+            Assert.Equal(0, handler2.ForbidCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+            Assert.Equal(0, handler2.SignInCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.AuthenticateAsync("forward");
+            Assert.Equal(1, handler1.AuthenticateCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+
+            await context.ForbidAsync("forward");
+            Assert.Equal(1, handler1.ForbidCount);
+            Assert.Equal(0, handler2.ForbidCount);
+
+            await context.ChallengeAsync("forward");
+            Assert.Equal(1, handler1.ChallengeCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+
+            await context.SignOutAsync("forward");
+            Assert.Equal(1, handler1.SignOutCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.SignInAsync("forward", new ClaimsPrincipal());
+            Assert.Equal(1, handler1.SignInCount);
+            Assert.Equal(0, handler2.SignInCount);
+        }
+
+        [Fact]
+        public async Task VirtualSchemeTargetsOverrideDefaultTarget()
+        {
+            var services = new ServiceCollection().AddOptions();
+
+            services.AddAuthentication(o =>
+            {
+                o.AddScheme<TestHandler>("auth1", "auth1");
+                o.AddScheme<TestHandler2>("auth2", "auth2");
+            })
+            .AddVirtualScheme("forward", "forward", p =>
+            {
+                p.Default = "auth1";
+                p.Challenge = "auth2";
+                p.SignIn = "auth2";
+            });
+
+            var handler1 = new TestHandler();
+            services.AddSingleton(handler1);
+            var handler2 = new TestHandler2();
+            services.AddSingleton(handler2);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, handler1.AuthenticateCount);
+            Assert.Equal(0, handler1.ForbidCount);
+            Assert.Equal(0, handler1.ChallengeCount);
+            Assert.Equal(0, handler1.SignInCount);
+            Assert.Equal(0, handler1.SignOutCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+            Assert.Equal(0, handler2.ForbidCount);
+            Assert.Equal(0, handler2.ChallengeCount);
+            Assert.Equal(0, handler2.SignInCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.AuthenticateAsync("forward");
+            Assert.Equal(1, handler1.AuthenticateCount);
+            Assert.Equal(0, handler2.AuthenticateCount);
+
+            await context.ForbidAsync("forward");
+            Assert.Equal(1, handler1.ForbidCount);
+            Assert.Equal(0, handler2.ForbidCount);
+
+            await context.ChallengeAsync("forward");
+            Assert.Equal(0, handler1.ChallengeCount);
+            Assert.Equal(1, handler2.ChallengeCount);
+
+            await context.SignOutAsync("forward");
+            Assert.Equal(1, handler1.SignOutCount);
+            Assert.Equal(0, handler2.SignOutCount);
+
+            await context.SignInAsync("forward", new ClaimsPrincipal());
+            Assert.Equal(0, handler1.SignInCount);
+            Assert.Equal(1, handler2.SignInCount);
+        }
+
+        [Fact]
+        public async Task CanDynamicTargetBasedOnQueryString()
+        {
+            var server = CreateServer(services =>
+            {
+                services.AddAuthentication(o =>
+                {
+                    o.AddScheme<TestHandler>("auth1", "auth1");
+                    o.AddScheme<TestHandler>("auth2", "auth2");
+                    o.AddScheme<TestHandler>("auth3", "auth3");
+                })
+                .AddVirtualScheme("dynamic", "dynamic", p =>
+                {
+                    p.DefaultSelector = c => c.Request.QueryString.Value.Substring(1);
+                });
+            });
+ 
+            var transaction = await server.SendAsync("http://example.com/auth/dynamic?auth1");
+            Assert.Equal("auth1", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth1"));
+            transaction = await server.SendAsync("http://example.com/auth/dynamic?auth2");
+            Assert.Equal("auth2", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth2"));
+            transaction = await server.SendAsync("http://example.com/auth/dynamic?auth3");
+            Assert.Equal("auth3", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth3"));
+        }
+
+        [Fact]
+        public async Task TargetsDefaultSchemeByDefault()
+        {
+            var server = CreateServer(services =>
+            {
+                services.AddAuthentication(o =>
+                {
+                    o.DefaultScheme = "default";
+                    o.AddScheme<TestHandler>("default", "default");
+                })
+                .AddVirtualScheme("virtual", "virtual", p => { });
+            });
+
+            var transaction = await server.SendAsync("http://example.com/auth/virtual");
+            Assert.Equal("default", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "default"));
+        }
+
+        [Fact]
+        public async Task TargetsDefaultSchemeThrowsWithNoDefault()
+        {
+            var server = CreateServer(services =>
+            {
+                services.AddAuthentication(o =>
+                {
+                    o.AddScheme<TestHandler>("default", "default");
+                })
+                .AddVirtualScheme("virtual", "virtual", p => { });
+            });
+
+            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/virtual"));
+            Assert.Contains("No authenticationScheme was specified", error.Message);
+        }
+
+        private class TestHandler : IAuthenticationSignInHandler
+        {
+            public AuthenticationScheme Scheme { get; set; }
+            public int SignInCount { get; set; }
+            public int SignOutCount { get; set; }
+            public int ForbidCount { get; set; }
+            public int ChallengeCount { get; set; }
+            public int AuthenticateCount { get; set; }
+
+            public Task<AuthenticateResult> AuthenticateAsync()
+            {
+                AuthenticateCount++;
+                var principal = new ClaimsPrincipal();
+                var id = new ClaimsIdentity();
+                id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
+                principal.AddIdentity(id);
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
+            }
+
+            public Task ChallengeAsync(AuthenticationProperties properties)
+            {
+                ChallengeCount++;
+                return Task.CompletedTask;
+            }
+
+            public Task ForbidAsync(AuthenticationProperties properties)
+            {
+                ForbidCount++;
+                return Task.CompletedTask;
+            }
+
+            public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+            {
+                Scheme = scheme;
+                return Task.CompletedTask;
+            }
+
+            public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+            {
+                SignInCount++;
+                return Task.CompletedTask;
+            }
+
+            public Task SignOutAsync(AuthenticationProperties properties)
+            {
+                SignOutCount++;
+                return Task.CompletedTask;
+            }
+        }
+
+        private class TestHandler2 : IAuthenticationSignInHandler
+        {
+            public AuthenticationScheme Scheme { get; set; }
+            public int SignInCount { get; set; }
+            public int SignOutCount { get; set; }
+            public int ForbidCount { get; set; }
+            public int ChallengeCount { get; set; }
+            public int AuthenticateCount { get; set; }
+
+            public Task<AuthenticateResult> AuthenticateAsync()
+            {
+                AuthenticateCount++;
+                var principal = new ClaimsPrincipal();
+                var id = new ClaimsIdentity();
+                id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
+                principal.AddIdentity(id);
+                return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
+            }
+
+            public Task ChallengeAsync(AuthenticationProperties properties)
+            {
+                ChallengeCount++;
+                return Task.CompletedTask;
+            }
+
+            public Task ForbidAsync(AuthenticationProperties properties)
+            {
+                ForbidCount++;
+                return Task.CompletedTask;
+            }
+
+            public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+            {
+                Scheme = scheme;
+                return Task.CompletedTask;
+            }
+
+            public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+            {
+                SignInCount++;
+                return Task.CompletedTask;
+            }
+
+            public Task SignOutAsync(AuthenticationProperties properties)
+            {
+                SignOutCount++;
+                return Task.CompletedTask;
+            }
+        }
+
+        private static TestServer CreateServer(Action<IServiceCollection> configure = null, string defaultScheme = null)
+        {
+            var builder = new WebHostBuilder()
+                .Configure(app =>
+                {
+                    app.UseAuthentication();
+                    app.Use(async (context, next) =>
+                    {
+                        var req = context.Request;
+                        var res = context.Response;
+                        if (req.Path.StartsWithSegments(new PathString("/auth"), out var remainder))
+                        {
+                            var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
+                            var result = await context.AuthenticateAsync(name);
+                            res.Describe(result?.Ticket?.Principal);
+                        }
+                        else
+                        {
+                            await next();
+                        }
+                    });
+                })
+                .ConfigureServices(services =>
+                {
+                    configure?.Invoke(services);
+                });
+            return new TestServer(builder);
+        }
+    }
+}

From 148aef110e647d02224a2b2a180917539a8beaa0 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Tue, 7 Nov 2017 17:30:50 -0800
Subject: [PATCH 826/900] Remove redundant ProjectReference's in
 Auth.Test.csproj

cref dotnet/sdk#1716
---
 .../Microsoft.AspNetCore.Authentication.Test.csproj             | 2 --
 1 file changed, 2 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 2a43b216d0..b49206567a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -12,8 +12,6 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
-    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.JwtBearer\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
   </ItemGroup>
 

From 5e51cb5c691eda23e965a57ac5d83c8497ff40d6 Mon Sep 17 00:00:00 2001
From: Mikael Frosthage <mikael.frosthage@gmail.com>
Date: Fri, 10 Nov 2017 17:46:12 +0100
Subject: [PATCH 827/900] Fixed summary tag on comment (#1535)

---
 .../OpenIdConnect/OpenIdConnectTests.cs                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
index 32be26d33e..da52e0e4cb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
@@ -27,7 +27,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
         /// <summary>
         /// Tests RedirectForSignOutContext replaces the OpenIdConnectMesssage correctly.
-        /// summary>
+        /// </summary>
         /// <returns>Task</returns>
         [Fact]
         public async Task SignOutSettingMessage()

From f8711a2da3fdf6b250d528136c6e9d8ecf78062b Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Mon, 13 Nov 2017 17:24:59 -0800
Subject: [PATCH 828/900] Update samples and tests to target netcoreapp2.1

---
 Directory.Build.props                                      | 4 ++++
 korebuild-lock.txt                                         | 4 ++--
 samples/CookieSample/CookieSample.csproj                   | 2 +-
 samples/CookieSessionSample/CookieSessionSample.csproj     | 2 +-
 samples/JwtBearerSample/JwtBearerSample.csproj             | 2 +-
 .../OpenIdConnect.AzureAdSample.csproj                     | 2 +-
 samples/OpenIdConnectSample/OpenIdConnectSample.csproj     | 2 +-
 samples/SocialSample/SocialSample.csproj                   | 2 +-
 test/Directory.Build.props                                 | 7 +++++++
 .../Microsoft.AspNetCore.Authentication.Test.csproj        | 3 +--
 .../OpenIdConnect/TestSettings.cs                          | 2 +-
 .../Microsoft.AspNetCore.Authorization.Test.csproj         | 3 +--
 ...ft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj | 3 +--
 .../Microsoft.AspNetCore.CookiePolicy.Test.csproj          | 3 +--
 14 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index d277ef8629..e6771f7a88 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -1,4 +1,8 @@
 <Project>
+  <Import
+    Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), AspNetCoreSettings.props))\AspNetCoreSettings.props"
+    Condition=" '$(CI)' != 'true' AND '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), AspNetCoreSettings.props))' != '' " />
+
   <Import Project="version.props" />
   <Import Project="build\dependencies.props" />
 
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 36d8056037..95f4613014 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15550
-commithash:0dd080d0d87b4d1966ec0af9961dc8bacc04f84f
+version:2.1.0-preview1-15567
+commithash:903e3104807b1bb8cddd28bdef205b1e2dc021d1
diff --git a/samples/CookieSample/CookieSample.csproj b/samples/CookieSample/CookieSample.csproj
index d8ebc437e1..193137b861 100644
--- a/samples/CookieSample/CookieSample.csproj
+++ b/samples/CookieSample/CookieSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/samples/CookieSessionSample/CookieSessionSample.csproj
index d480381765..6241edd667 100644
--- a/samples/CookieSessionSample/CookieSessionSample.csproj
+++ b/samples/CookieSessionSample/CookieSessionSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index 2880ac9637..84b436581a 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
     <UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
  </PropertyGroup>
 
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
index 1e0a0f5e3f..b14b9590f5 100644
--- a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
+++ b/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
index 84fb99c7be..23e87d4f2a 100644
--- a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
+++ b/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
     <UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
   </PropertyGroup>
 
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 7a8de5763d..a423ae21a3 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
     <UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
   </PropertyGroup>
 
diff --git a/test/Directory.Build.props b/test/Directory.Build.props
index 19544e342c..b842a48317 100644
--- a/test/Directory.Build.props
+++ b/test/Directory.Build.props
@@ -1,6 +1,13 @@
 <Project>
   <Import Project="..\Directory.Build.props" />
 
+  <PropertyGroup>
+    <DeveloperBuildTestTfms>netcoreapp2.1</DeveloperBuildTestTfms>
+    <StandardTestTfms>$(DeveloperBuildTestTfms)</StandardTestTfms>
+    <StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' ">$(StandardTestTfms);netcoreapp2.0</StandardTestTfms>
+    <StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' AND '$(OS)' == 'Windows_NT' ">$(StandardTestTfms);net461</StandardTestTfms>
+  </PropertyGroup>
+
   <ItemGroup>
     <PackageReference Include="Internal.AspNetCore.Sdk" PrivateAssets="All" Version="$(InternalAspNetCoreSdkPackageVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Testing" Version="$(MicrosoftAspNetCoreTestingPackageVersion)" />
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index b49206567a..57fed96c02 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -1,8 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index f174342aed..509b85e64e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -252,7 +252,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             ValidateParameter(OpenIdConnectParameterNames.State, ExpectedState, actualParams, errors, htmlEncoded);
 
         private void ValidateSkuTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
-#if NETCOREAPP2_0
+#if NETCOREAPP2_0 || NETCOREAPP2_1
             ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NETSTANDARD1_4", actualParams, errors, htmlEncoded);
 #elif NET461
             ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET451", actualParams, errors, htmlEncoded);
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
index 2b2cc69ba7..d4379c3aab 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -1,8 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
index e6f0b22934..20cd400ce7 100644
--- a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
+++ b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
@@ -1,8 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
index 951dac0c51..d7a42f3efb 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
@@ -1,8 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
-    <TargetFrameworks Condition=" '$(OS)' != 'Windows_NT' ">netcoreapp2.0</TargetFrameworks>
+    <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>

From 34083584a6593b636ed507c1b8e50570197ec2ad Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 17 Nov 2017 13:00:26 -0800
Subject: [PATCH 829/900] Use MicrosoftNETCoreApp21PackageVersion to determine
 the runtime framework in netcoreapp2.1

---
 Directory.Build.targets  | 1 +
 build/dependencies.props | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Directory.Build.targets b/Directory.Build.targets
index e83ff95e39..894b1d0cf8 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -1,5 +1,6 @@
 <Project>
   <PropertyGroup>
     <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
+    <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.1' ">$(MicrosoftNETCoreApp21PackageVersion)</RuntimeFrameworkVersion>
   </PropertyGroup>
 </Project>
diff --git a/build/dependencies.props b/build/dependencies.props
index 13ed63da13..7ef0a7cf7f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,4 +1,4 @@
-<Project>
+<Project>
   <PropertyGroup>
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
@@ -33,6 +33,7 @@
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.1</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview1-408290725</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-25907-02</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>

From 28aae41993ee31b66cff28c6b8590941560c57b3 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Mon, 20 Nov 2017 12:18:35 -0800
Subject: [PATCH 830/900] Use MSBuild to set NuGet feeds instead of
 NuGet.config

---
 Directory.Build.props |  1 +
 NuGet.config          |  4 +---
 build/sources.props   | 16 ++++++++++++++++
 3 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100644 build/sources.props

diff --git a/Directory.Build.props b/Directory.Build.props
index e6771f7a88..adbda10ef8 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -5,6 +5,7 @@
 
   <Import Project="version.props" />
   <Import Project="build\dependencies.props" />
+  <Import Project="build\sources.props" />
 
   <PropertyGroup>
     <Product>Microsoft ASP.NET Core</Product>
diff --git a/NuGet.config b/NuGet.config
index 4e8a1f6de1..e32bddfd51 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -2,8 +2,6 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="AspNetCore" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
-    <add key="AspNetCoreTools" value="https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json" />
-    <add key="NuGet" value="https://api.nuget.org/v3/index.json" />
+    <!-- Restore sources should be defined in build/sources.props. -->
   </packageSources>
 </configuration>
diff --git a/build/sources.props b/build/sources.props
new file mode 100644
index 0000000000..c03f3ddb60
--- /dev/null
+++ b/build/sources.props
@@ -0,0 +1,16 @@
+<Project>
+  <Import Project="$(DotNetRestoreSourcePropsPath)" Condition="'$(DotNetRestoreSourcePropsPath)' != ''"/>
+
+  <PropertyGroup Label="RestoreSources">
+    <RestoreSources>$(DotNetRestoreSources)</RestoreSources>
+    <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true' AND '$(AspNetUniverseBuildOffline)' != 'true' ">
+      $(RestoreSources);
+      https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json;
+      https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json;
+    </RestoreSources>
+    <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true'">
+      $(RestoreSources);
+      https://api.nuget.org/v3/index.json;
+    </RestoreSources>
+  </PropertyGroup>
+</Project>

From a9482d1d03fc22f62e42cf31b8adb32c5550835e Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 21 Nov 2017 15:48:55 -0800
Subject: [PATCH 831/900] Replace aspnetcore-ci-dev feed with aspnetcore-dev

---
 build/dependencies.props | 58 ++++++++++++++++++++--------------------
 build/repo.props         |  2 +-
 build/sources.props      |  2 +-
 korebuild-lock.txt       |  4 +--
 4 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 7ef0a7cf7f..e02aaa262c 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -1,37 +1,37 @@
-<Project>
+<Project>
   <PropertyGroup>
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15550</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27498</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27498</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15576</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.1</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
-    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview1-408290725</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
+    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-25907-02</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
diff --git a/build/repo.props b/build/repo.props
index 598c7f5a31..62f47b7a54 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -6,6 +6,6 @@
   <PropertyGroup>
     <!-- These properties are use by the automation that updates dependencies.props -->
     <LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
-    <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json</LineupPackageRestoreSource>
+    <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json</LineupPackageRestoreSource>
   </PropertyGroup>
 </Project>
diff --git a/build/sources.props b/build/sources.props
index c03f3ddb60..9feff29d09 100644
--- a/build/sources.props
+++ b/build/sources.props
@@ -5,7 +5,7 @@
     <RestoreSources>$(DotNetRestoreSources)</RestoreSources>
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true' AND '$(AspNetUniverseBuildOffline)' != 'true' ">
       $(RestoreSources);
-      https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json;
+      https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json;
       https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json;
     </RestoreSources>
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true'">
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 95f4613014..1a99066b7c 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15567
-commithash:903e3104807b1bb8cddd28bdef205b1e2dc021d1
+version:2.1.0-preview1-15576
+commithash:2f3856d2ba4f659fcb9253215b83946a06794a27

From e2f6ad6169e229c60cd8d3b6221bb43f66bcabea Mon Sep 17 00:00:00 2001
From: Muqeet Khan <muqeet-khan@users.noreply.github.com>
Date: Wed, 22 Nov 2017 13:04:54 -0600
Subject: [PATCH 832/900] Updated logging extension to remove the period on
 ValidationFailed

_tokenValidationFailed format string includes the JWT token followed by a period, which if a dev troubleshooting copies incorrectly to the EOL will make the JWT invalid.

Current: Failed to validate the token eyJhbGc.......HCwFmw.
Proposed: Failed to validate the token eyJhbGc.......HCwFmw
---
 .../LoggingExtensions.cs                                        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
index 008190f516..38a75fecaf 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
@@ -16,7 +16,7 @@ namespace Microsoft.Extensions.Logging
             _tokenValidationFailed = LoggerMessage.Define<string>(
                 eventId: 1,
                 logLevel: LogLevel.Information,
-                formatString: "Failed to validate the token {Token}.");
+                formatString: "Failed to validate the token {Token}");
             _tokenValidationSucceeded = LoggerMessage.Define(
                 eventId: 2,
                 logLevel: LogLevel.Information,

From e69d9e20635abcc8ae46970f819397b717b2527a Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 29 Nov 2017 14:09:30 -0800
Subject: [PATCH 833/900] Specify runtime versions to install

---
 build/repo.props | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/build/repo.props b/build/repo.props
index 62f47b7a54..541470c9f4 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,11 +1,17 @@
 <Project>
+  <Import Project="dependencies.props" />
+
   <ItemGroup>
     <ExcludeFromTest Include="$(RepositoryRoot)test\Microsoft.Owin.Security.Interop.Test\*.csproj" Condition="'$(OS)' != 'Windows_NT'" />
   </ItemGroup>
-
   <PropertyGroup>
     <!-- These properties are use by the automation that updates dependencies.props -->
     <LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
     <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json</LineupPackageRestoreSource>
   </PropertyGroup>
+
+  <ItemGroup>
+    <DotNetCoreRuntime Include="$(MicrosoftNETCoreApp20PackageVersion)" />
+    <DotNetCoreRuntime Include="$(MicrosoftNETCoreApp21PackageVersion)" />
+  </ItemGroup>
 </Project>

From c5307f9a7a809b2c640785ac7f271287f807524e Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Fri, 1 Dec 2017 10:27:12 -0800
Subject: [PATCH 834/900] Update bootstrappers

---
 run.ps1 | 17 +++++++++++------
 run.sh  | 30 +++++++++++++++++++-----------
 2 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/run.ps1 b/run.ps1
index 49c2899856..27dcf848f8 100644
--- a/run.ps1
+++ b/run.ps1
@@ -29,6 +29,9 @@ Updates KoreBuild to the latest version even if a lock file is present.
 .PARAMETER ConfigFile
 The path to the configuration file that stores values. Defaults to korebuild.json.
 
+.PARAMETER ToolsSourceSuffix
+The Suffix to append to the end of the ToolsSource. Useful for query strings in blob stores.
+
 .PARAMETER Arguments
 Arguments to be passed to the command
 
@@ -51,7 +54,7 @@ Example config file:
 #>
 [CmdletBinding(PositionalBinding = $false)]
 param(
-    [Parameter(Mandatory=$true, Position = 0)]
+    [Parameter(Mandatory = $true, Position = 0)]
     [string]$Command,
     [string]$Path = $PSScriptRoot,
     [Alias('c')]
@@ -63,6 +66,7 @@ param(
     [Alias('u')]
     [switch]$Update,
     [string]$ConfigFile,
+    [string]$ToolsSourceSuffix,
     [Parameter(ValueFromRemainingArguments = $true)]
     [string[]]$Arguments
 )
@@ -79,7 +83,7 @@ function Get-KoreBuild {
     $lockFile = Join-Path $Path 'korebuild-lock.txt'
 
     if (!(Test-Path $lockFile) -or $Update) {
-        Get-RemoteFile "$ToolsSource/korebuild/channels/$Channel/latest.txt" $lockFile
+        Get-RemoteFile "$ToolsSource/korebuild/channels/$Channel/latest.txt" $lockFile $ToolsSourceSuffix
     }
 
     $version = Get-Content $lockFile | Where-Object { $_ -like 'version:*' } | Select-Object -first 1
@@ -96,7 +100,7 @@ function Get-KoreBuild {
 
         try {
             $tmpfile = Join-Path ([IO.Path]::GetTempPath()) "KoreBuild-$([guid]::NewGuid()).zip"
-            Get-RemoteFile $remotePath $tmpfile
+            Get-RemoteFile $remotePath $tmpfile $ToolsSourceSuffix
             if (Get-Command -Name 'Expand-Archive' -ErrorAction Ignore) {
                 # Use built-in commands where possible as they are cross-plat compatible
                 Expand-Archive -Path $tmpfile -DestinationPath $korebuildPath
@@ -124,7 +128,7 @@ function Join-Paths([string]$path, [string[]]$childPaths) {
     return $path
 }
 
-function Get-RemoteFile([string]$RemotePath, [string]$LocalPath) {
+function Get-RemoteFile([string]$RemotePath, [string]$LocalPath, [string]$RemoteSuffix) {
     if ($RemotePath -notlike 'http*') {
         Copy-Item $RemotePath $LocalPath
         return
@@ -134,7 +138,7 @@ function Get-RemoteFile([string]$RemotePath, [string]$LocalPath) {
     while ($retries -gt 0) {
         $retries -= 1
         try {
-            Invoke-WebRequest -UseBasicParsing -Uri $RemotePath -OutFile $LocalPath
+            Invoke-WebRequest -UseBasicParsing -Uri $($RemotePath + $RemoteSuffix) -OutFile $LocalPath
             return
         }
         catch {
@@ -161,7 +165,8 @@ if (Test-Path $ConfigFile) {
             if (!($Channel) -and (Get-Member -Name 'channel' -InputObject $config)) { [string] $Channel = $config.channel }
             if (!($ToolsSource) -and (Get-Member -Name 'toolsSource' -InputObject $config)) { [string] $ToolsSource = $config.toolsSource}
         }
-    } catch {
+    }
+    catch {
         Write-Warning "$ConfigFile could not be read. Its settings will be ignored."
         Write-Warning $Error[0]
     }
diff --git a/run.sh b/run.sh
index c278423acc..834961fc3a 100755
--- a/run.sh
+++ b/run.sh
@@ -17,6 +17,7 @@ update=false
 repo_path="$DIR"
 channel=''
 tools_source=''
+tools_source_suffix=''
 
 #
 # Functions
@@ -29,13 +30,14 @@ __usage() {
     echo "    <Arguments>...         Arguments passed to the command. Variable number of arguments allowed."
     echo ""
     echo "Options:"
-    echo "    --verbose                                 Show verbose output."
-    echo "    -c|--channel <CHANNEL>                    The channel of KoreBuild to download. Overrides the value from the config file.."
-    echo "    --config-file <FILE>                      The path to the configuration file that stores values. Defaults to korebuild.json."
-    echo "    -d|--dotnet-home <DIR>                    The directory where .NET Core tools will be stored. Defaults to '\$DOTNET_HOME' or '\$HOME/.dotnet."
-    echo "    --path <PATH>                             The directory to build. Defaults to the directory containing the script."
-    echo "    -s|--tools-source|-ToolsSource <URL>      The base url where build tools can be downloaded. Overrides the value from the config file."
-    echo "    -u|--update                               Update to the latest KoreBuild even if the lock file is present."
+    echo "    --verbose                                             Show verbose output."
+    echo "    -c|--channel <CHANNEL>                                The channel of KoreBuild to download. Overrides the value from the config file.."
+    echo "    --config-file <FILE>                                  The path to the configuration file that stores values. Defaults to korebuild.json."
+    echo "    -d|--dotnet-home <DIR>                                The directory where .NET Core tools will be stored. Defaults to '\$DOTNET_HOME' or '\$HOME/.dotnet."
+    echo "    --path <PATH>                                         The directory to build. Defaults to the directory containing the script."
+    echo "    -s|--tools-source|-ToolsSource <URL>                  The base url where build tools can be downloaded. Overrides the value from the config file."
+    echo "    --tools-source-suffix|-ToolsSourceSuffix <SUFFIX>     The suffix to append to tools-source. Useful for query strings."
+    echo "    -u|--update                                           Update to the latest KoreBuild even if the lock file is present."
     echo ""
     echo "Description:"
     echo "    This function will create a file \$DIR/korebuild-lock.txt. This lock file can be committed to source, but does not have to be."
@@ -50,7 +52,7 @@ get_korebuild() {
     local version
     local lock_file="$repo_path/korebuild-lock.txt"
     if [ ! -f "$lock_file" ] || [ "$update" = true ]; then
-        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" "$lock_file"
+        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" "$lock_file" "$tools_source_suffix"
     fi
     version="$(grep 'version:*' -m 1 "$lock_file")"
     if [[ "$version" == '' ]]; then
@@ -66,7 +68,7 @@ get_korebuild() {
             local remote_path="$tools_source/korebuild/artifacts/$version/korebuild.$version.zip"
             tmpfile="$(mktemp)"
             echo -e "${MAGENTA}Downloading KoreBuild ${version}${RESET}"
-            if __get_remote_file "$remote_path" "$tmpfile"; then
+            if __get_remote_file "$remote_path" "$tmpfile" "$tools_source_suffix"; then
                 unzip -q -d "$korebuild_path" "$tmpfile"
             fi
             rm "$tmpfile" || true
@@ -98,6 +100,7 @@ __machine_has() {
 __get_remote_file() {
     local remote_path=$1
     local local_path=$2
+    local remote_path_suffix=$3
 
     if [[ "$remote_path" != 'http'* ]]; then
         cp "$remote_path" "$local_path"
@@ -106,14 +109,14 @@ __get_remote_file() {
 
     local failed=false
     if __machine_has wget; then
-        wget --tries 10 --quiet -O "$local_path" "$remote_path" || failed=true
+        wget --tries 10 --quiet -O "$local_path" "${remote_path}${remote_path_suffix}" || failed=true
     else
         failed=true
     fi
 
     if [ "$failed" = true ] && __machine_has curl; then
         failed=false
-        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "$remote_path" || failed=true
+        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "${remote_path}${remote_path_suffix}" || failed=true
     fi
 
     if [ "$failed" = true ]; then
@@ -164,6 +167,11 @@ while [[ $# -gt 0 ]]; do
             tools_source="${1:-}"
             [ -z "$tools_source" ] && __usage
             ;;
+        --tools-source-suffix|-ToolsSourceSuffix)
+            shift
+            tools_source_suffix="${1:-}"
+            [ -z "$tools_source_suffix" ] && __usage
+            ;;
         -u|--update|-Update)
             update=true
             ;;

From 4edc900dd89a0ad0a2244634764ac23696909f94 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 10 Dec 2017 13:47:31 -0800
Subject: [PATCH 835/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 62 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index e02aaa262c..450a5804b7 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,45 +3,45 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15576</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27644</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27644</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15618</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.1</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-25907-02</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-25915-01</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
     <NewtonsoftJsonPackageVersion>10.0.1</NewtonsoftJsonPackageVersion>
-    <XunitAnalyzersPackageVersion>0.7.0</XunitAnalyzersPackageVersion>
-    <XunitPackageVersion>2.3.0</XunitPackageVersion>
-    <XunitRunnerVisualStudioPackageVersion>2.3.0</XunitRunnerVisualStudioPackageVersion>
+    <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
+    <XunitPackageVersion>2.3.1</XunitPackageVersion>
+    <XunitRunnerVisualStudioPackageVersion>2.3.1</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
   <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
 </Project>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 1a99066b7c..e7cce93009 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15576
-commithash:2f3856d2ba4f659fcb9253215b83946a06794a27
+version:2.1.0-preview1-15618
+commithash:00ce1383114015fe89b221146036e59e6bc11219

From bd3c202fcd707fdb7ac583d466463007bd9137df Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Wed, 13 Dec 2017 21:42:05 +0000
Subject: [PATCH 836/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 450a5804b7..d98007d0ca 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,37 +3,37 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15618</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27773</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27773</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15626</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.1</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-25915-01</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26008-01</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index e7cce93009..8d52a6128c 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15618
-commithash:00ce1383114015fe89b221146036e59e6bc11219
+version:2.1.0-preview1-15626
+commithash:fd6410e9c90c428bc01238372303ad09cb9ec889

From 45ab9485d3116432d1235ba0f466ff5d69e21620 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Mon, 18 Dec 2017 17:56:00 -0800
Subject: [PATCH 837/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index d98007d0ca..9eca47a759 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,36 +4,36 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15626</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27807</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27807</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.1</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26008-01</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26016-05</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>

From f8b4f4c620e2faaeec262d302df143068c8d0b33 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 17 Nov 2017 15:08:30 -0800
Subject: [PATCH 838/900] Add consent to CookiePolicy #1561

---
 Security.sln                                  |  21 +-
 .../CookiePolicySample.csproj                 |  18 +
 samples/CookiePolicySample/Program.cs         |  26 +
 .../Properties/launchSettings.json            |  27 +
 samples/CookiePolicySample/Startup.cs         | 118 ++++
 .../ChunkingCookieManager.cs                  |   2 +
 .../CookieAuthenticationOptions.cs            |   1 +
 .../OpenIdConnectOptions.cs                   |   1 +
 .../TwitterOptions.cs                         |   1 +
 .../RemoteAuthenticationOptions.cs            |   1 +
 .../AppendCookieContext.cs                    |   3 +
 .../CookiePolicyMiddleware.cs                 | 151 +----
 .../CookiePolicyOptions.cs                    |  12 +
 .../DeleteCookieContext.cs                    |   3 +
 .../ResponseCookiesWrapper.cs                 | 220 +++++++
 .../CookieConsentTests.cs                     | 561 ++++++++++++++++++
 16 files changed, 1021 insertions(+), 145 deletions(-)
 create mode 100644 samples/CookiePolicySample/CookiePolicySample.csproj
 create mode 100644 samples/CookiePolicySample/Program.cs
 create mode 100644 samples/CookiePolicySample/Properties/launchSettings.json
 create mode 100644 samples/CookiePolicySample/Startup.cs
 create mode 100644 src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
 create mode 100644 test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs

diff --git a/Security.sln b/Security.sln
index f88d8576b3..543b3be264 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26730.10
+VisualStudioVersion = 15.0.27004.2002
 MinimumVisualStudioVersion = 15.0.26730.03
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 	ProjectSection(SolutionItems) = preProject
@@ -72,6 +72,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authorization.Policy", "src\Microsoft.AspNetCore.Authorization.Policy\Microsoft.AspNetCore.Authorization.Policy.csproj", "{58194599-F07D-47A3-9DF2-E21A22C5EF9E}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CookiePolicySample", "samples\CookiePolicySample\CookiePolicySample.csproj", "{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -462,6 +464,22 @@ Global
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x64.Build.0 = Release|Any CPU
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x86.ActiveCfg = Release|Any CPU
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E}.Release|x86.Build.0 = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|x64.Build.0 = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Debug|x86.Build.0 = Debug|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|x64.ActiveCfg = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|x64.Build.0 = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|x86.ActiveCfg = Release|Any CPU
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -491,6 +509,7 @@ Global
 		{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {ABF8089E-43D0-4010-84A7-7A9DCFE49357}
diff --git a/samples/CookiePolicySample/CookiePolicySample.csproj b/samples/CookiePolicySample/CookiePolicySample.csproj
new file mode 100644
index 0000000000..fb2e7d9172
--- /dev/null
+++ b/samples/CookiePolicySample/CookiePolicySample.csproj
@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.CookiePolicy\Microsoft.AspNetCore.CookiePolicy.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/CookiePolicySample/Program.cs b/samples/CookiePolicySample/Program.cs
new file mode 100644
index 0000000000..12fc8ff287
--- /dev/null
+++ b/samples/CookiePolicySample/Program.cs
@@ -0,0 +1,26 @@
+using System.IO;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Logging;
+
+namespace CookiePolicySample
+{
+    public static class Program
+    {
+        public static void Main(string[] args)
+        {
+            var host = new WebHostBuilder()
+                .ConfigureLogging(factory =>
+                {
+                    factory.AddConsole();
+                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                })
+                .UseKestrel()
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+    }
+}
diff --git a/samples/CookiePolicySample/Properties/launchSettings.json b/samples/CookiePolicySample/Properties/launchSettings.json
new file mode 100644
index 0000000000..38ca6fc37f
--- /dev/null
+++ b/samples/CookiePolicySample/Properties/launchSettings.json
@@ -0,0 +1,27 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:1788/",
+      "sslPort": 0
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "CookieSample": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "applicationUrl": "http://localhost:12345",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/CookiePolicySample/Startup.cs b/samples/CookiePolicySample/Startup.cs
new file mode 100644
index 0000000000..7ce9c2d2d2
--- /dev/null
+++ b/samples/CookiePolicySample/Startup.cs
@@ -0,0 +1,118 @@
+using System;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
+
+namespace CookiePolicySample
+{
+    public class Startup
+    {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
+                .AddCookie();
+            services.Configure<CookiePolicyOptions>(options =>
+            {
+                options.CheckConsentNeeded = context => context.Request.PathBase.Equals("/NeedsConsent");
+
+                options.OnAppendCookie = context => { };
+            });
+        }
+
+        public void Configure(IApplicationBuilder app)
+        {
+            app.UseCookiePolicy();
+            app.UseAuthentication();
+
+            app.Map("/NeedsConsent", NestedApp);
+            app.Map("/NeedsNoConsent", NestedApp);
+            NestedApp(app);
+        }
+
+        private void NestedApp(IApplicationBuilder app)
+        {
+            app.Run(async context =>
+            {
+                var path = context.Request.Path;
+                switch (path)
+                {
+                    case "/Login":
+                        var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") },
+                            CookieAuthenticationDefaults.AuthenticationScheme));
+                        await context.SignInAsync(user);
+                        break;
+                    case "/Logout":
+                        await context.SignOutAsync();
+                        break;
+                    case "/CreateTempCookie":
+                        context.Response.Cookies.Append("Temp", "1");
+                        break;
+                    case "/RemoveTempCookie":
+                        context.Response.Cookies.Delete("Temp");
+                        break;
+                    case "/GrantConsent":
+                        context.Features.Get<ITrackingConsentFeature>().GrantConsent();
+                        break;
+                    case "/WithdrawConsent":
+                        context.Features.Get<ITrackingConsentFeature>().WithdrawConsent();
+                        break;
+                }
+
+                // TODO: Debug log when cookie is suppressed
+
+                await HomePage(context);
+            });
+        }
+
+        private async Task HomePage(HttpContext context)
+        {
+            var response = context.Response;
+            var cookies = context.Request.Cookies;
+            response.ContentType = "text/html";
+            await response.WriteAsync("<html><body>\r\n");
+
+            await response.WriteAsync($"<a href=\"{context.Request.PathBase}/\">Home</a><br>\r\n");
+            await response.WriteAsync($"<a href=\"{context.Request.PathBase}/Login\">Login</a><br>\r\n");
+            await response.WriteAsync($"<a href=\"{context.Request.PathBase}/Logout\">Logout</a><br>\r\n");
+            await response.WriteAsync($"<a href=\"{context.Request.PathBase}/CreateTempCookie\">Create Temp Cookie</a><br>\r\n");
+            await response.WriteAsync($"<a href=\"{context.Request.PathBase}/RemoveTempCookie\">Remove Temp Cookie</a><br>\r\n");
+            await response.WriteAsync($"<a href=\"{context.Request.PathBase}/GrantConsent\">Grant Consent</a><br>\r\n");
+            await response.WriteAsync($"<a href=\"{context.Request.PathBase}/WithdrawConsent\">Withdraw Consent</a><br>\r\n");
+            await response.WriteAsync("<br>\r\n");
+            await response.WriteAsync($"<a href=\"/NeedsConsent{context.Request.Path}\">Needs Consent</a><br>\r\n");
+            await response.WriteAsync($"<a href=\"/NeedsNoConsent{context.Request.Path}\">Needs No Consent</a><br>\r\n");
+            await response.WriteAsync("<br>\r\n");
+
+            var feature = context.Features.Get<ITrackingConsentFeature>();
+            await response.WriteAsync($"Consent: <br>\r\n");
+            await response.WriteAsync($" - IsNeeded: {feature.IsConsentNeeded} <br>\r\n");
+            await response.WriteAsync($" - Has: {feature.HasConsent} <br>\r\n");
+            await response.WriteAsync($" - Can Track: {feature.CanTrack} <br>\r\n");
+            await response.WriteAsync("<br>\r\n");
+
+            await response.WriteAsync($"{cookies.Count} Request Cookies:<br>\r\n");
+            foreach (var cookie in cookies)
+            {
+                await response.WriteAsync($" - {cookie.Key} = {cookie.Value} <br>\r\n");
+            }
+            await response.WriteAsync("<br>\r\n");
+
+            var responseCookies = response.Headers[HeaderNames.SetCookie];
+            await response.WriteAsync($"{responseCookies.Count} Response Cookies:<br>\r\n");
+            foreach (var cookie in responseCookies)
+            {
+                await response.WriteAsync($" - {cookie} <br>\r\n");
+            }          
+
+            await response.WriteAsync("</body></html>");
+        }
+    }
+}
diff --git a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
index 7217e70d4f..42cc4e2f0f 100644
--- a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
+++ b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
@@ -285,6 +285,7 @@ namespace Microsoft.AspNetCore.Internal
                     Path = options.Path,
                     Domain = options.Domain,
                     SameSite = options.SameSite,
+                    IsEssential = options.IsEssential,
                     Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
                 });
 
@@ -299,6 +300,7 @@ namespace Microsoft.AspNetCore.Internal
                         Path = options.Path,
                         Domain = options.Domain,
                         SameSite = options.SameSite,
+                        IsEssential = options.IsEssential,
                         Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
                     });
             }
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 04c71ed1ef..35017f9c4d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -21,6 +21,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             SameSite = SameSiteMode.Lax,
             HttpOnly = true,
             SecurePolicy = CookieSecurePolicy.SameAsRequest,
+            IsEssential = true,
         };
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index a40d374356..cbf6e8eab6 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -74,6 +74,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 HttpOnly = true,
                 SameSite = SameSiteMode.None,
                 SecurePolicy = CookieSecurePolicy.SameAsRequest,
+                IsEssential = true,
             };
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 86919d0925..03396807ee 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -35,6 +35,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                 SecurePolicy = CookieSecurePolicy.SameAsRequest,
                 HttpOnly = true,
                 SameSite = SameSiteMode.Lax,
+                IsEssential = true,
             };
         }
 
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index daba1890fb..1bd3b210e5 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -29,6 +29,7 @@ namespace Microsoft.AspNetCore.Authentication
                 HttpOnly = true,
                 SameSite = SameSiteMode.None,
                 SecurePolicy = CookieSecurePolicy.SameAsRequest,
+                IsEssential = true,
             };
         }
 
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs b/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
index 1b13251f73..bbb4899c04 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
@@ -19,5 +19,8 @@ namespace Microsoft.AspNetCore.CookiePolicy
         public CookieOptions CookieOptions { get; }
         public string CookieName { get; set; }
         public string CookieValue { get; set; }
+        public bool IsConsentNeeded { get; internal set; }
+        public bool HasConsent { get; internal set; }
+        public bool IssueCookie { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index 92adac9677..b99fed2c3d 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
@@ -27,157 +26,21 @@ namespace Microsoft.AspNetCore.CookiePolicy
         public Task Invoke(HttpContext context)
         {
             var feature = context.Features.Get<IResponseCookiesFeature>() ?? new ResponseCookiesFeature(context.Features);
-            context.Features.Set<IResponseCookiesFeature>(new CookiesWrapperFeature(context, Options, feature));
+            var wrapper = new ResponseCookiesWrapper(context, Options, feature);
+            context.Features.Set<IResponseCookiesFeature>(new CookiesWrapperFeature(wrapper));
+            context.Features.Set<ITrackingConsentFeature>(wrapper);
+
             return _next(context);
         }
 
         private class CookiesWrapperFeature : IResponseCookiesFeature
         {
-            public CookiesWrapperFeature(HttpContext context, CookiePolicyOptions options, IResponseCookiesFeature feature)
+            public CookiesWrapperFeature(ResponseCookiesWrapper wrapper)
             {
-                Wrapper = new CookiesWrapper(context, options, feature);
+                Cookies = wrapper;
             }
 
-            public IResponseCookies Wrapper { get; }
-
-            public IResponseCookies Cookies
-            {
-                get
-                {
-                    return Wrapper;
-                }
-            }
-        }
-
-        private class CookiesWrapper : IResponseCookies
-        {
-            public CookiesWrapper(HttpContext context, CookiePolicyOptions options, IResponseCookiesFeature feature)
-            {
-                Context = context;
-                Feature = feature;
-                Policy = options;
-            }
-
-            public HttpContext Context { get; }
-
-            public IResponseCookiesFeature Feature { get; }
-
-            public IResponseCookies Cookies
-            {
-                get
-                {
-                    return Feature.Cookies;
-                }
-            }
-
-            public CookiePolicyOptions Policy { get; }
-
-            private bool PolicyRequiresCookieOptions()
-            {
-                return Policy.MinimumSameSitePolicy != SameSiteMode.None || Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != CookieSecurePolicy.None;
-            }
-
-            public void Append(string key, string value)
-            {
-                if (PolicyRequiresCookieOptions() || Policy.OnAppendCookie != null)
-                {
-                    Append(key, value, new CookieOptions());
-                }
-                else
-                {
-                    Cookies.Append(key, value);
-                }
-            }
-
-            public void Append(string key, string value, CookieOptions options)
-            {
-                if (options == null)
-                {
-                    throw new ArgumentNullException(nameof(options));
-                }
-
-                ApplyPolicy(options);
-                if (Policy.OnAppendCookie != null)
-                {
-                    var context = new AppendCookieContext(Context, options, key, value);
-                    Policy.OnAppendCookie(context);
-                    key = context.CookieName;
-                    value = context.CookieValue;
-                }
-                Cookies.Append(key, value, options);
-            }
-
-            public void Delete(string key)
-            {
-                if (PolicyRequiresCookieOptions() || Policy.OnDeleteCookie != null)
-                {
-                    Delete(key, new CookieOptions());
-                }
-                else
-                {
-                    Cookies.Delete(key);
-                }
-            }
-
-            public void Delete(string key, CookieOptions options)
-            {
-                if (options == null)
-                {
-                    throw new ArgumentNullException(nameof(options));
-                }
-
-                ApplyPolicy(options);
-                if (Policy.OnDeleteCookie != null)
-                {
-                    var context = new DeleteCookieContext(Context, options, key);
-                    Policy.OnDeleteCookie(context);
-                    key = context.CookieName;
-                }
-                Cookies.Delete(key, options);
-            }
-
-            private void ApplyPolicy(CookieOptions options)
-            {
-                switch (Policy.Secure)
-                {
-                    case CookieSecurePolicy.Always:
-                        options.Secure = true;
-                        break;
-                    case CookieSecurePolicy.SameAsRequest:
-                        options.Secure = Context.Request.IsHttps;
-                        break;
-                    case CookieSecurePolicy.None:
-                        break;
-                    default:
-                        throw new InvalidOperationException();
-                }
-                switch (Policy.MinimumSameSitePolicy)
-                {
-                    case SameSiteMode.None:
-                        break;
-                    case SameSiteMode.Lax:
-                        if (options.SameSite == SameSiteMode.None)
-                        {
-                            options.SameSite = SameSiteMode.Lax;
-                        }
-                        break;
-                    case SameSiteMode.Strict:
-                        options.SameSite = SameSiteMode.Strict;
-                        break;
-                    default:
-                        throw new InvalidOperationException($"Unrecognized {nameof(SameSiteMode)} value {Policy.MinimumSameSitePolicy.ToString()}");
-                }
-                switch (Policy.HttpOnly)
-                {
-                    case HttpOnlyPolicy.Always:
-                        options.HttpOnly = true;
-                        break;
-                    case HttpOnlyPolicy.None:
-                        break;
-                    default:
-                        throw new InvalidOperationException($"Unrecognized {nameof(HttpOnlyPolicy)} value {Policy.HttpOnly.ToString()}");
-                }
-            }
+            public IResponseCookies Cookies { get; }
         }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index 1e474bfe22..cc2deaa3aa 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -27,6 +27,18 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public CookieSecurePolicy Secure { get; set; } = CookieSecurePolicy.None;
 
+        public CookieBuilder ConsentCookie { get; set; } = new CookieBuilder()
+        {
+            Name = ".AspNet.Consent",
+            Expiration = TimeSpan.FromDays(90),
+            IsEssential = true,
+        };
+
+        /// <summary>
+        /// Checks if consent policies should be evaluated on this request. The default is false.
+        /// </summary>
+        public Func<HttpContext, bool> CheckConsentNeeded { get; set; }
+
         /// <summary>
         /// Called when a cookie is appended.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs b/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
index f0693bf71f..fd79ea8d4b 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
@@ -17,5 +17,8 @@ namespace Microsoft.AspNetCore.CookiePolicy
         public HttpContext Context { get; }
         public CookieOptions CookieOptions { get; }
         public string CookieName { get; set; }
+        public bool IsConsentNeeded { get; internal set; }
+        public bool HasConsent { get; internal set; }
+        public bool IssueCookie { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs b/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
new file mode 100644
index 0000000000..fa68a3cbea
--- /dev/null
+++ b/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
@@ -0,0 +1,220 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+
+namespace Microsoft.AspNetCore.CookiePolicy
+{
+    internal class ResponseCookiesWrapper : IResponseCookies, ITrackingConsentFeature
+    {
+        private const string ConsentValue = "yes";
+
+        private bool? _isConsentNeeded;
+        private bool? _hasConsent;
+
+        public ResponseCookiesWrapper(HttpContext context, CookiePolicyOptions options, IResponseCookiesFeature feature)
+        {
+            Context = context;
+            Feature = feature;
+            Options = options;
+        }
+
+        private HttpContext Context { get; }
+
+        private IResponseCookiesFeature Feature { get; }
+
+        private IResponseCookies Cookies => Feature.Cookies;
+
+        private CookiePolicyOptions Options { get; }
+
+        public bool IsConsentNeeded
+        {
+            get
+            {
+                if (!_isConsentNeeded.HasValue)
+                {
+                    _isConsentNeeded = Options.CheckConsentNeeded == null ? false
+                        : Options.CheckConsentNeeded(Context);
+                }
+
+                return _isConsentNeeded.Value;
+            }
+        }
+
+        public bool HasConsent
+        {
+            get
+            {
+                if (!_hasConsent.HasValue)
+                {
+                    var cookie = Context.Request.Cookies[Options.ConsentCookie.Name];
+                    _hasConsent = string.Equals(cookie, ConsentValue, StringComparison.Ordinal);
+                }
+
+                return _hasConsent.Value;
+            }
+        }
+
+        public bool CanTrack => !IsConsentNeeded || HasConsent;
+
+        public void GrantConsent()
+        {
+            if (!HasConsent && !Context.Response.HasStarted)
+            {
+                var cookieOptions = Options.ConsentCookie.Build(Context);
+                // Note policy will be applied. We don't want to bypass policy because we want HttpOnly, Secure, etc. to apply.
+                Append(Options.ConsentCookie.Name, ConsentValue, cookieOptions);
+            }
+            _hasConsent = true;
+        }
+
+        public void WithdrawConsent()
+        {
+            if (HasConsent && !Context.Response.HasStarted)
+            {
+                var cookieOptions = Options.ConsentCookie.Build(Context);
+                // Note policy will be applied. We don't want to bypass policy because we want HttpOnly, Secure, etc. to apply.
+                Delete(Options.ConsentCookie.Name, cookieOptions);
+            }
+            _hasConsent = false;
+        }
+
+        private bool CheckPolicyRequired()
+        {
+            return !CanTrack
+                || Options.MinimumSameSitePolicy != SameSiteMode.None
+                || Options.HttpOnly != HttpOnlyPolicy.None
+                || Options.Secure != CookieSecurePolicy.None;
+        }
+
+        public void Append(string key, string value)
+        {
+            if (CheckPolicyRequired() || Options.OnAppendCookie != null)
+            {
+                Append(key, value, new CookieOptions());
+            }
+            else
+            {
+                Cookies.Append(key, value);
+            }
+        }
+
+        public void Append(string key, string value, CookieOptions options)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            var issueCookie = CanTrack || options.IsEssential;
+            ApplyPolicy(options);
+            if (Options.OnAppendCookie != null)
+            {
+                var context = new AppendCookieContext(Context, options, key, value)
+                {
+                    IsConsentNeeded = IsConsentNeeded,
+                    HasConsent = HasConsent,
+                    IssueCookie = issueCookie,
+                };
+                Options.OnAppendCookie(context);
+
+                key = context.CookieName;
+                value = context.CookieValue;
+                issueCookie = context.IssueCookie;
+            }
+
+            if (issueCookie)
+            {
+                Cookies.Append(key, value, options);
+            }
+        }
+
+        public void Delete(string key)
+        {
+            if (CheckPolicyRequired() || Options.OnDeleteCookie != null)
+            {
+                Delete(key, new CookieOptions());
+            }
+            else
+            {
+                Cookies.Delete(key);
+            }
+        }
+
+        public void Delete(string key, CookieOptions options)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            // Assume you can always delete cookies unless directly overridden in the user event.
+            var issueCookie = true;
+            ApplyPolicy(options);
+            if (Options.OnDeleteCookie != null)
+            {
+                var context = new DeleteCookieContext(Context, options, key)
+                {
+                    IsConsentNeeded = IsConsentNeeded,
+                    HasConsent = HasConsent,
+                    IssueCookie = issueCookie,
+                };
+                Options.OnDeleteCookie(context);
+
+                key = context.CookieName;
+                issueCookie = context.IssueCookie;
+            }
+
+            if (issueCookie)
+            {
+                Cookies.Delete(key, options);
+            }
+        }
+
+        private void ApplyPolicy(CookieOptions options)
+        {
+            switch (Options.Secure)
+            {
+                case CookieSecurePolicy.Always:
+                    options.Secure = true;
+                    break;
+                case CookieSecurePolicy.SameAsRequest:
+                    options.Secure = Context.Request.IsHttps;
+                    break;
+                case CookieSecurePolicy.None:
+                    break;
+                default:
+                    throw new InvalidOperationException();
+            }
+            switch (Options.MinimumSameSitePolicy)
+            {
+                case SameSiteMode.None:
+                    break;
+                case SameSiteMode.Lax:
+                    if (options.SameSite == SameSiteMode.None)
+                    {
+                        options.SameSite = SameSiteMode.Lax;
+                    }
+                    break;
+                case SameSiteMode.Strict:
+                    options.SameSite = SameSiteMode.Strict;
+                    break;
+                default:
+                    throw new InvalidOperationException($"Unrecognized {nameof(SameSiteMode)} value {Options.MinimumSameSitePolicy.ToString()}");
+            }
+            switch (Options.HttpOnly)
+            {
+                case HttpOnlyPolicy.Always:
+                    options.HttpOnly = true;
+                    break;
+                case HttpOnlyPolicy.None:
+                    break;
+                default:
+                    throw new InvalidOperationException($"Unrecognized {nameof(HttpOnlyPolicy)} value {Options.HttpOnly.ToString()}");
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
new file mode 100644
index 0000000000..4e62d54a26
--- /dev/null
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
@@ -0,0 +1,561 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
+using Xunit;
+
+namespace Microsoft.AspNetCore.CookiePolicy.Test
+{
+    public class CookieConsentTests
+    {
+        [Fact]
+        public async Task ConsentChecksOffByDefault()
+        {
+            var httpContext = await RunTestAsync(options => { }, requestContext => { }, context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.False(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value");
+                return Task.CompletedTask;
+            });
+            Assert.Equal("Test=Value; path=/; samesite=lax", httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task ConsentEnabledForTemplateScenario()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { }, context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value");
+                return Task.CompletedTask;
+            });
+            Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task NonEssentialCookiesWithOptionsExcluded()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { }, context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value", new CookieOptions() { IsEssential = false });
+                return Task.CompletedTask;
+            });
+            Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task NonEssentialCookiesCanBeAllowedViaOnAppendCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+                options.OnAppendCookie = context =>
+                {
+                    Assert.True(context.IsConsentNeeded);
+                    Assert.False(context.HasConsent);
+                    Assert.False(context.IssueCookie);
+                    context.IssueCookie = true;
+                };
+            },
+            requestContext => { }, context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value", new CookieOptions() { IsEssential = false });
+                return Task.CompletedTask;
+            });
+            Assert.Equal("Test=Value; path=/; samesite=lax", httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task NeedsConsentDoesNotPreventEssentialCookies()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { }, context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value", new CookieOptions() { IsEssential = true });
+                return Task.CompletedTask;
+            });
+            Assert.Equal("Test=Value; path=/; samesite=lax", httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task EssentialCookiesCanBeExcludedByOnAppendCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+                options.OnAppendCookie = context =>
+                {
+                    Assert.True(context.IsConsentNeeded);
+                    Assert.True(context.HasConsent);
+                    Assert.True(context.IssueCookie);
+                    context.IssueCookie = false;
+                };
+            },
+            requestContext =>
+            {
+                requestContext.Request.Headers[HeaderNames.Cookie] = ".AspNet.Consent=yes";
+            },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value", new CookieOptions() { IsEssential = true });
+                return Task.CompletedTask;
+            });
+            Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task HasConsentReadsRequestCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext =>
+            {
+                requestContext.Request.Headers[HeaderNames.Cookie] = ".AspNet.Consent=yes";
+            },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value");
+                return Task.CompletedTask;
+            });
+            Assert.Equal("Test=Value; path=/; samesite=lax", httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task HasConsentIgnoresInvalidRequestCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext =>
+            {
+                requestContext.Request.Headers[HeaderNames.Cookie] = ".AspNet.Consent=IAmATeapot";
+            },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value");
+                return Task.CompletedTask;
+            });
+            Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task GrantConsentSetsCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                feature.GrantConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                context.Response.Cookies.Append("Test", "Value");
+                return Task.CompletedTask;
+            });
+
+            var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
+            Assert.Equal(2, cookies.Count);
+            var consentCookie = cookies[0];
+            Assert.Equal(".AspNet.Consent", consentCookie.Name);
+            Assert.Equal("yes", consentCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, consentCookie.SameSite);
+            Assert.NotNull(consentCookie.Expires);
+            var testCookie = cookies[1];
+            Assert.Equal("Test", testCookie.Name);
+            Assert.Equal("Value", testCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, testCookie.SameSite);
+            Assert.Null(testCookie.Expires);
+        }
+
+        [Fact]
+        public async Task GrantConsentAppliesPolicyToConsentCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+                options.MinimumSameSitePolicy = Http.SameSiteMode.Strict;
+                options.OnAppendCookie = context =>
+                {
+                    Assert.Equal(".AspNet.Consent", context.CookieName);
+                    Assert.Equal("yes", context.CookieValue);
+                    Assert.Equal(Http.SameSiteMode.Strict, context.CookieOptions.SameSite);
+                    context.CookieName += "1";
+                    context.CookieValue += "1";
+                };
+            },
+            requestContext => { },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                feature.GrantConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                return Task.CompletedTask;
+            });
+
+            var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
+            Assert.Equal(1, cookies.Count);
+            var consentCookie = cookies[0];
+            Assert.Equal(".AspNet.Consent1", consentCookie.Name);
+            Assert.Equal("yes1", consentCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Strict, consentCookie.SameSite);
+            Assert.NotNull(consentCookie.Expires);
+        }
+
+        [Fact]
+        public async Task GrantConsentWhenAlreadyHasItDoesNotSetCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext =>
+            {
+                requestContext.Request.Headers[HeaderNames.Cookie] = ".AspNet.Consent=yes";
+            },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                feature.GrantConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                context.Response.Cookies.Append("Test", "Value");
+                return Task.CompletedTask;
+            });
+
+            Assert.Equal("Test=Value; path=/; samesite=lax", httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task GrantConsentAfterResponseStartsSetsHasConsentButDoesNotSetCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { },
+            async context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                await context.Response.WriteAsync("Started.");
+
+                feature.GrantConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                Assert.Throws<InvalidOperationException>(() => context.Response.Cookies.Append("Test", "Value"));
+
+                await context.Response.WriteAsync("Granted.");
+            });
+
+            var reader = new StreamReader(httpContext.Response.Body);
+            Assert.Equal("Started.Granted.", await reader.ReadToEndAsync());
+            Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task WithdrawConsentWhenNotHasConsentNoOps()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                feature.WithdrawConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                context.Response.Cookies.Append("Test", "Value");
+                return Task.CompletedTask;
+            });
+
+            Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task WithdrawConsentDeletesCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext =>
+            {
+                requestContext.Request.Headers[HeaderNames.Cookie] = ".AspNet.Consent=yes";
+            },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value1");
+
+                feature.WithdrawConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                context.Response.Cookies.Append("Test", "Value2");
+                return Task.CompletedTask;
+            });
+
+            var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
+            Assert.Equal(2, cookies.Count);
+            var testCookie = cookies[0];
+            Assert.Equal("Test", testCookie.Name);
+            Assert.Equal("Value1", testCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, testCookie.SameSite);
+            Assert.Null(testCookie.Expires);
+            var consentCookie = cookies[1];
+            Assert.Equal(".AspNet.Consent", consentCookie.Name);
+            Assert.Equal("", consentCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, consentCookie.SameSite);
+            Assert.NotNull(consentCookie.Expires);
+        }
+
+        [Fact]
+        public async Task WithdrawConsentAppliesPolicyToDeleteCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+                options.MinimumSameSitePolicy = Http.SameSiteMode.Strict;
+                options.OnDeleteCookie = context =>
+                {
+                    Assert.Equal(".AspNet.Consent", context.CookieName);
+                    context.CookieName += "1";
+                };
+            },
+            requestContext =>
+            {
+                requestContext.Request.Headers[HeaderNames.Cookie] = ".AspNet.Consent=yes";
+            },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                feature.WithdrawConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                return Task.CompletedTask;
+            });
+
+            var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
+            Assert.Equal(1, cookies.Count);
+            var consentCookie = cookies[0];
+            Assert.Equal(".AspNet.Consent1", consentCookie.Name);
+            Assert.Equal("", consentCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Strict, consentCookie.SameSite);
+            Assert.NotNull(consentCookie.Expires);
+        }
+
+        [Fact]
+        public async Task WithdrawConsentAfterResponseHasStartedDoesNotDeleteCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext =>
+            {
+                requestContext.Request.Headers[HeaderNames.Cookie] = ".AspNet.Consent=yes";
+            },
+            async context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+                context.Response.Cookies.Append("Test", "Value1");
+
+                await context.Response.WriteAsync("Started.");
+
+                feature.WithdrawConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                // Doesn't throw the normal InvalidOperationException because the cookie is never written
+                context.Response.Cookies.Append("Test", "Value2");
+
+                await context.Response.WriteAsync("Withdrawn.");
+            });
+
+            var reader = new StreamReader(httpContext.Response.Body);
+            Assert.Equal("Started.Withdrawn.", await reader.ReadToEndAsync());
+            Assert.Equal("Test=Value1; path=/; samesite=lax", httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        [Fact]
+        public async Task DeleteCookieDoesNotRequireConsent()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+                context.Response.Cookies.Delete("Test");
+                return Task.CompletedTask;
+            });
+
+            var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
+            Assert.Equal(1, cookies.Count);
+            var testCookie = cookies[0];
+            Assert.Equal("Test", testCookie.Name);
+            Assert.Equal("", testCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, testCookie.SameSite);
+            Assert.NotNull(testCookie.Expires);
+        }
+
+        [Fact]
+        public async Task OnDeleteCookieCanSuppressCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+                options.OnDeleteCookie = context =>
+                {
+                    Assert.True(context.IsConsentNeeded);
+                    Assert.False(context.HasConsent);
+                    Assert.True(context.IssueCookie);
+                    context.IssueCookie = false;
+                };
+            },
+            requestContext => { },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+                context.Response.Cookies.Delete("Test");
+                return Task.CompletedTask;
+            });
+
+            Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
+        }
+
+        private Task<HttpContext> RunTestAsync(Action<CookiePolicyOptions> configureOptions, Action<HttpContext> configureRequest, RequestDelegate handleRequest)
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services =>
+                {
+                    services.Configure(configureOptions);
+                })
+                .Configure(app =>
+                {
+                    app.UseCookiePolicy();
+                    app.Run(handleRequest);
+                });
+            var server = new TestServer(builder);
+            return server.SendAsync(configureRequest);
+        }
+    }
+}
\ No newline at end of file

From 13e2a16b319b94918e626659ead4322737f58a8d Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Thu, 28 Dec 2017 11:52:47 -0800
Subject: [PATCH 839/900] Update dependencies for CookiePolicy

---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 9eca47a759..f145edd9ca 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,33 +4,33 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15626</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27849</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27849</MicrosoftExtensionsWebEncodersPackageVersion>
-    <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.1</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26016-05</MicrosoftNETCoreApp21PackageVersion>

From c67cc03b778afa28a3dafbfa7695650c4d9a70ff Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 31 Dec 2017 21:58:42 +0000
Subject: [PATCH 840/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index f145edd9ca..3540fc2315 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15626</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27918</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27918</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15651</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 8d52a6128c..7c2e97aa79 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15626
-commithash:fd6410e9c90c428bc01238372303ad09cb9ec889
+version:2.1.0-preview1-15651
+commithash:ebf2365121c2c6a6a0fbfa9b0f37bb5effc89323

From e13ceb690bfe2a534fa11720d75fd87b4e07d6b0 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 29 Dec 2017 15:59:34 -0800
Subject: [PATCH 841/900] Detect remote denails for Twitter accounts

---
 .../TwitterHandler.cs                                       | 6 ++++++
 .../TwitterTests.cs                                         | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index acfd765d9c..670e76f7e3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -60,6 +60,12 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 
             // REVIEW: see which of these are really errors
 
+            var denied = query["denied"];
+            if (!StringValues.IsNullOrEmpty(denied))
+            {
+                return HandleRequestResult.Fail("The user denied permissions.", properties);
+            }
+
             var returnedToken = query["oauth_token"];
             if (StringValues.IsNullOrEmpty(returnedToken))
             {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 735cb33146..2a63757b9a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -195,6 +195,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
                     OnRemoteFailure = context =>
                     {
                         Assert.NotNull(context.Failure);
+                        Assert.Equal("The user denied permissions.", context.Failure.Message);
                         Assert.NotNull(context.Properties);
                         Assert.Equal("testvalue", context.Properties.Items["testkey"]);
                         context.Response.StatusCode = StatusCodes.Status406NotAcceptable;
@@ -220,7 +221,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var setCookieValue = setCookieValues.Single();
             var cookie = new CookieHeaderValue(setCookieValue.Name, setCookieValue.Value);
 
-            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter");
+            var request = new HttpRequestMessage(HttpMethod.Get, "/signin-twitter?denied=ABCDEFG");
             request.Headers.Add(HeaderNames.Cookie, cookie.ToString());
             var client = server.CreateClient();
             var response = await client.SendAsync(request);

From da066d50e062b850b92606e4ee8673586ad0df07 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Thu, 4 Jan 2018 02:05:41 +0000
Subject: [PATCH 842/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 52 ++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 3540fc2315..cdb400f90f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,32 +4,32 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15651</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27942</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27942</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>

From 1f855f7b062a6870607a233b32a23cb65c2bee1c Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 5 Jan 2018 12:34:39 -0800
Subject: [PATCH 843/900] Implement
 ITrackingConsentFeature.CreateConsentCookie() #1590

---
 Security.sln                                  |  1 +
 .../ResponseCookiesWrapper.cs                 | 37 +++++++-
 .../CookieConsentTests.cs                     | 85 +++++++++++++++++++
 3 files changed, 119 insertions(+), 4 deletions(-)

diff --git a/Security.sln b/Security.sln
index 543b3be264..f598f34eb1 100644
--- a/Security.sln
+++ b/Security.sln
@@ -68,6 +68,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		build\Key.snk = build\Key.snk
 		NuGet.config = NuGet.config
 		build\repo.props = build\repo.props
+		build\sources.props = build\sources.props
 	EndProjectSection
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authorization.Policy", "src\Microsoft.AspNetCore.Authorization.Policy\Microsoft.AspNetCore.Authorization.Policy.csproj", "{58194599-F07D-47A3-9DF2-E21A22C5EF9E}"
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs b/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
index fa68a3cbea..e05cc9466f 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
@@ -82,6 +82,30 @@ namespace Microsoft.AspNetCore.CookiePolicy
             _hasConsent = false;
         }
 
+        // Note policy will be applied. We don't want to bypass policy because we want HttpOnly, Secure, etc. to apply.
+        public string CreateConsentCookie()
+        {
+            var key = Options.ConsentCookie.Name;
+            var value = ConsentValue;
+            var options = Options.ConsentCookie.Build(Context);
+            ApplyAppendPolicy(ref key, ref value, options);
+
+            var setCookieHeaderValue = new Net.Http.Headers.SetCookieHeaderValue(
+                Uri.EscapeDataString(key),
+                Uri.EscapeDataString(value))
+                {
+                    Domain = options.Domain,
+                    Path = options.Path,
+                    Expires = options.Expires,
+                    MaxAge = options.MaxAge,
+                    Secure = options.Secure,
+                    SameSite = (Net.Http.Headers.SameSiteMode)options.SameSite,
+                    HttpOnly = options.HttpOnly
+                };
+
+            return setCookieHeaderValue.ToString();
+        }
+
         private bool CheckPolicyRequired()
         {
             return !CanTrack
@@ -109,6 +133,14 @@ namespace Microsoft.AspNetCore.CookiePolicy
                 throw new ArgumentNullException(nameof(options));
             }
 
+            if (ApplyAppendPolicy(ref key, ref value, options))
+            {
+                Cookies.Append(key, value, options);
+            }
+        }
+
+        private bool ApplyAppendPolicy(ref string key, ref string value, CookieOptions options)
+        {
             var issueCookie = CanTrack || options.IsEssential;
             ApplyPolicy(options);
             if (Options.OnAppendCookie != null)
@@ -126,10 +158,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
                 issueCookie = context.IssueCookie;
             }
 
-            if (issueCookie)
-            {
-                Cookies.Append(key, value, options);
-            }
+            return issueCookie;
         }
 
         public void Delete(string key)
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
index 4e62d54a26..3cd018e570 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
@@ -542,6 +542,91 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             Assert.Empty(httpContext.Response.Headers[HeaderNames.SetCookie]);
         }
 
+        [Fact]
+        public async Task CreateConsentCookieMatchesGrantConsentCookie()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+            },
+            requestContext => { },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                feature.GrantConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                var cookie = feature.CreateConsentCookie();
+                context.Response.Headers["ManualCookie"] = cookie;
+
+                return Task.CompletedTask;
+            });
+
+            var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
+            Assert.Equal(1, cookies.Count);
+            var consentCookie = cookies[0];
+            Assert.Equal(".AspNet.Consent", consentCookie.Name);
+            Assert.Equal("yes", consentCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, consentCookie.SameSite);
+            Assert.NotNull(consentCookie.Expires);
+
+            Assert.Equal(httpContext.Response.Headers[HeaderNames.SetCookie], httpContext.Response.Headers["ManualCookie"]);
+        }
+
+        [Fact]
+        public async Task CreateConsentCookieAppliesPolicy()
+        {
+            var httpContext = await RunTestAsync(options =>
+            {
+                options.CheckConsentNeeded = context => true;
+                options.MinimumSameSitePolicy = Http.SameSiteMode.Strict;
+                options.OnAppendCookie = context =>
+                {
+                    Assert.Equal(".AspNet.Consent", context.CookieName);
+                    Assert.Equal("yes", context.CookieValue);
+                    Assert.Equal(Http.SameSiteMode.Strict, context.CookieOptions.SameSite);
+                    context.CookieName += "1";
+                    context.CookieValue += "1";
+                };
+            },
+            requestContext => { },
+            context =>
+            {
+                var feature = context.Features.Get<ITrackingConsentFeature>();
+                Assert.True(feature.IsConsentNeeded);
+                Assert.False(feature.HasConsent);
+                Assert.False(feature.CanTrack);
+
+                feature.GrantConsent();
+
+                Assert.True(feature.IsConsentNeeded);
+                Assert.True(feature.HasConsent);
+                Assert.True(feature.CanTrack);
+
+                var cookie = feature.CreateConsentCookie();
+                context.Response.Headers["ManualCookie"] = cookie;
+
+                return Task.CompletedTask;
+            });
+
+            var cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers[HeaderNames.SetCookie]);
+            Assert.Equal(1, cookies.Count);
+            var consentCookie = cookies[0];
+            Assert.Equal(".AspNet.Consent1", consentCookie.Name);
+            Assert.Equal("yes1", consentCookie.Value);
+            Assert.Equal(Net.Http.Headers.SameSiteMode.Strict, consentCookie.SameSite);
+            Assert.NotNull(consentCookie.Expires);
+
+            Assert.Equal(httpContext.Response.Headers[HeaderNames.SetCookie], httpContext.Response.Headers["ManualCookie"]);
+        }
+
         private Task<HttpContext> RunTestAsync(Action<CookiePolicyOptions> configureOptions, Action<HttpContext> configureRequest, RequestDelegate handleRequest)
         {
             var builder = new WebHostBuilder()

From 226b24060f72a7d63e6a6f8f3eaeb4dc5a909fe5 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Mon, 8 Jan 2018 09:11:13 -0800
Subject: [PATCH 844/900] Update deps

---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index cdb400f90f..bf30832e18 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,36 +4,36 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15651</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-27965</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-27965</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26016-05</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26102-01</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>

From dde7671c06da64e4a7a290c37ed86e9a9bdd0dd7 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Mon, 8 Jan 2018 09:23:06 -0800
Subject: [PATCH 845/900] OIDC: Use IdentityModel redirect form generator #1448

---
 .../OpenIdConnectHandler.cs                   | 44 +------------------
 1 file changed, 2 insertions(+), 42 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 7981cafd18..4f722323dc 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -16,7 +16,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@@ -30,23 +29,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
     public class OpenIdConnectHandler : RemoteAuthenticationHandler<OpenIdConnectOptions>, IAuthenticationSignOutHandler
     {
         private const string NonceProperty = "N";
-        private const string UriSchemeDelimiter = "://";
 
         private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT";
-        private const string InputTagFormat = @"<input type=""hidden"" name=""{0}"" value=""{1}"" />";
-        private const string HtmlFormFormat = @"<!doctype html>
-<html>
-<head>
-    <title>Please wait while you're being redirected to the identity provider</title>
-</head>
-<body>
-    <form name=""form"" method=""post"" action=""{0}"">
-        {1}
-        <noscript>Click here to finish the process: <input type=""submit"" /></noscript>
-    </form>
-    <script>document.form.submit();</script>
-</body>
-</html>";
 
         private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
 
@@ -241,19 +225,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
             else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
             {
-                var inputs = new StringBuilder();
-                foreach (var parameter in message.Parameters)
-                {
-                    var name = HtmlEncoder.Encode(parameter.Key);
-                    var value = HtmlEncoder.Encode(parameter.Value);
-
-                    var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
-                    inputs.AppendLine(input);
-                }
-
-                var issuer = HtmlEncoder.Encode(message.IssuerAddress);
-
-                var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
+                var content = message.BuildFormPost();
                 var buffer = Encoding.UTF8.GetBytes(content);
 
                 Response.ContentLength = buffer.Length;
@@ -422,19 +394,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
             }
             else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
             {
-                var inputs = new StringBuilder();
-                foreach (var parameter in message.Parameters)
-                {
-                    var name = HtmlEncoder.Encode(parameter.Key);
-                    var value = HtmlEncoder.Encode(parameter.Value);
-
-                    var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
-                    inputs.AppendLine(input);
-                }
-
-                var issuer = HtmlEncoder.Encode(message.IssuerAddress);
-
-                var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, issuer, inputs);
+                var content = message.BuildFormPost();
                 var buffer = Encoding.UTF8.GetBytes(content);
 
                 Response.ContentLength = buffer.Length;

From ba1eb281d135400436c52c17edc71307bc038ec0 Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 16 Jan 2018 11:40:05 -0800
Subject: [PATCH 846/900] Stop logging username/token

Fixes https://github.com/aspnet/Security/issues/1259
---
 .../JwtBearerHandler.cs                       |  2 +-
 .../LoggingExtensions.cs                      | 20 +++++---------
 .../DefaultAuthorizationService.cs            | 26 ++-----------------
 .../LoggingExtensions.cs                      | 24 +++++++----------
 4 files changed, 20 insertions(+), 52 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index f894a97d0c..6d5c7f5f5e 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -110,7 +110,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
                         }
                         catch (Exception ex)
                         {
-                            Logger.TokenValidationFailed(token, ex);
+                            Logger.TokenValidationFailed(ex);
 
                             // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
                             if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
index 38a75fecaf..5c6ca088a8 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
@@ -7,16 +7,16 @@ namespace Microsoft.Extensions.Logging
 {
     internal static class LoggingExtensions
     {
-        private static Action<ILogger, string, Exception> _tokenValidationFailed;
+        private static Action<ILogger, Exception> _tokenValidationFailed;
         private static Action<ILogger, Exception> _tokenValidationSucceeded;
         private static Action<ILogger, Exception> _errorProcessingMessage;
 
         static LoggingExtensions()
         {
-            _tokenValidationFailed = LoggerMessage.Define<string>(
+            _tokenValidationFailed = LoggerMessage.Define(
                 eventId: 1,
                 logLevel: LogLevel.Information,
-                formatString: "Failed to validate the token {Token}");
+                formatString: "Failed to validate the token.");
             _tokenValidationSucceeded = LoggerMessage.Define(
                 eventId: 2,
                 logLevel: LogLevel.Information,
@@ -27,19 +27,13 @@ namespace Microsoft.Extensions.Logging
                 formatString: "Exception occurred while processing message.");
         }
 
-        public static void TokenValidationFailed(this ILogger logger, string token, Exception ex)
-        {
-            _tokenValidationFailed(logger, token, ex);
-        }
+        public static void TokenValidationFailed(this ILogger logger, Exception ex)
+            => _tokenValidationFailed(logger, ex);
 
         public static void TokenValidationSucceeded(this ILogger logger)
-        {
-            _tokenValidationSucceeded(logger, null);
-        }
+            => _tokenValidationSucceeded(logger, null);
 
         public static void ErrorProcessingMessage(this ILogger logger, Exception ex)
-        {
-            _errorProcessingMessage(logger, ex);
-        }
+            => _errorProcessingMessage(logger, ex);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
index 9773ebbcc2..bc5d571c47 100644
--- a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
+++ b/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
@@ -98,37 +98,15 @@ namespace Microsoft.AspNetCore.Authorization
             var result = _evaluator.Evaluate(authContext);
             if (result.Succeeded)
             {
-                _logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
+                _logger.UserAuthorizationSucceeded();
             }
             else
             {
-                _logger.UserAuthorizationFailed(GetUserNameForLogging(user));
+                _logger.UserAuthorizationFailed();
             }
             return result;
         }
 
-        private string GetUserNameForLogging(ClaimsPrincipal user)
-        {
-            var identity = user?.Identity;
-            if (identity != null)
-            {
-                var name = identity.Name;
-                if (name != null)
-                {
-                    return name;
-                }
-                return GetClaimValue(identity, "sub")
-                    ?? GetClaimValue(identity, ClaimTypes.Name)
-                    ?? GetClaimValue(identity, ClaimTypes.NameIdentifier);
-            }
-            return null;
-        }
-
-        private static string GetClaimValue(IIdentity identity, string claimsType)
-        {
-            return (identity as ClaimsIdentity)?.FindFirst(claimsType)?.Value;
-        }
-
         /// <summary>
         /// Checks if a user meets a specific authorization policy.
         /// </summary>
diff --git a/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
index 1d524dd74e..386df85e09 100644
--- a/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
@@ -7,29 +7,25 @@ namespace Microsoft.Extensions.Logging
 {
     internal static class LoggingExtensions
     {
-        private static Action<ILogger, string, Exception> _userAuthorizationFailed;
-        private static Action<ILogger, string, Exception> _userAuthorizationSucceeded;
+        private static Action<ILogger, Exception> _userAuthorizationFailed;
+        private static Action<ILogger, Exception> _userAuthorizationSucceeded;
 
         static LoggingExtensions()
         {
-            _userAuthorizationSucceeded = LoggerMessage.Define<string>(
+            _userAuthorizationSucceeded = LoggerMessage.Define(
                 eventId: 1,
                 logLevel: LogLevel.Information,
-                formatString: "Authorization was successful for user: {UserName}.");
-            _userAuthorizationFailed = LoggerMessage.Define<string>(
+                formatString: "Authorization was successful.");
+            _userAuthorizationFailed = LoggerMessage.Define(
                 eventId: 2,
                 logLevel: LogLevel.Information,
-                formatString: "Authorization failed for user: {UserName}.");
+                formatString: "Authorization failed.");
         }
 
-        public static void UserAuthorizationSucceeded(this ILogger logger, string userName)
-        {
-            _userAuthorizationSucceeded(logger, userName, null);
-        }
+        public static void UserAuthorizationSucceeded(this ILogger logger)
+            => _userAuthorizationSucceeded(logger, null);
 
-        public static void UserAuthorizationFailed(this ILogger logger, string userName)
-        {
-            _userAuthorizationFailed(logger, userName, null);
-        }
+        public static void UserAuthorizationFailed(this ILogger logger)
+            => _userAuthorizationFailed(logger, null);
     }
 }

From c534335cb0b10b45708e2be2f94a94a86d6148a2 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 23 Jan 2018 15:32:49 -0800
Subject: [PATCH 847/900] Branching for 2.1.0-preview1

---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 build/repo.props         |  4 +--
 build/sources.props      |  4 +--
 korebuild-lock.txt       |  4 +--
 4 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index bf30832e18..1aaf7a18a2 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,37 +3,37 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15651</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15679</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26102-01</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26115-03</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/build/repo.props b/build/repo.props
index 541470c9f4..2ab5a2ae35 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,4 +1,4 @@
-<Project>
+<Project>
   <Import Project="dependencies.props" />
 
   <ItemGroup>
@@ -7,7 +7,7 @@
   <PropertyGroup>
     <!-- These properties are use by the automation that updates dependencies.props -->
     <LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
-    <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json</LineupPackageRestoreSource>
+    <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-release/api/v3/index.json</LineupPackageRestoreSource>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/build/sources.props b/build/sources.props
index 9feff29d09..5d66393335 100644
--- a/build/sources.props
+++ b/build/sources.props
@@ -1,11 +1,11 @@
-<Project>
+<Project>
   <Import Project="$(DotNetRestoreSourcePropsPath)" Condition="'$(DotNetRestoreSourcePropsPath)' != ''"/>
 
   <PropertyGroup Label="RestoreSources">
     <RestoreSources>$(DotNetRestoreSources)</RestoreSources>
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true' AND '$(AspNetUniverseBuildOffline)' != 'true' ">
       $(RestoreSources);
-      https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json;
+      https://dotnet.myget.org/F/aspnetcore-release/api/v3/index.json;
       https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json;
     </RestoreSources>
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true'">
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 7c2e97aa79..a474bc0e35 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15651
-commithash:ebf2365121c2c6a6a0fbfa9b0f37bb5effc89323
+version:2.1.0-preview1-15679
+commithash:5347461137cb45a77ddcc0b55b2478092de43338

From a940b6e3564c911dfdf96c850d78e9c785ade88e Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 24 Jan 2018 15:00:29 -0800
Subject: [PATCH 848/900] Updating version to preview2

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index 5c4a7c32d1..370d5ababd 100644
--- a/version.props
+++ b/version.props
@@ -1,7 +1,7 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>2.1.0</VersionPrefix>
-    <VersionSuffix>preview1</VersionSuffix>
+    <VersionSuffix>preview2</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
     <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>

From ab8328abcaceb4569bd8c3c1b3177a88f19a3489 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Thu, 25 Jan 2018 15:55:46 -0800
Subject: [PATCH 849/900] Raise the CookiePolicy consent cookie lifetime to one
 year #1589

---
 src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs    | 2 +-
 .../CookieConsentTests.cs                                       | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index cc2deaa3aa..32d047297a 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -30,7 +30,7 @@ namespace Microsoft.AspNetCore.Builder
         public CookieBuilder ConsentCookie { get; set; } = new CookieBuilder()
         {
             Name = ".AspNet.Consent",
-            Expiration = TimeSpan.FromDays(90),
+            Expiration = TimeSpan.FromDays(365),
             IsEssential = true,
         };
 
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
index 3cd018e570..4e35c165f4 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
@@ -221,6 +221,8 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             var consentCookie = cookies[0];
             Assert.Equal(".AspNet.Consent", consentCookie.Name);
             Assert.Equal("yes", consentCookie.Value);
+            Assert.True(consentCookie.Expires.HasValue);
+            Assert.True(consentCookie.Expires.Value > DateTimeOffset.Now + TimeSpan.FromDays(364));
             Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, consentCookie.SameSite);
             Assert.NotNull(consentCookie.Expires);
             var testCookie = cookies[1];

From 272aa16322f25f6c054598bdc06e7518ed0212fa Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 26 Jan 2018 11:46:35 -0800
Subject: [PATCH 850/900] Update JwtBearer sample error handling #1613

---
 samples/JwtBearerSample/Startup.cs | 44 ++++++++++--------------------
 1 file changed, 14 insertions(+), 30 deletions(-)

diff --git a/samples/JwtBearerSample/Startup.cs b/samples/JwtBearerSample/Startup.cs
index 6f2c5e2ecd..8c4a63cad6 100644
--- a/samples/JwtBearerSample/Startup.cs
+++ b/samples/JwtBearerSample/Startup.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Runtime.ExceptionServices;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
@@ -43,33 +44,13 @@ namespace JwtBearerSample
         // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
         public void ConfigureServices(IServiceCollection services)
         {
-            // This can be removed after https://github.com/aspnet/IISIntegration/issues/371
-            services.AddAuthentication(options =>
-            {
-                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-            }).AddJwtBearer(o =>
-            {
-                // You also need to update /wwwroot/app/scripts/app.js
-                o.Authority = Configuration["jwt:authority"];
-                o.Audience = Configuration["jwt:audience"];
-                o.Events = new JwtBearerEvents()
+            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                .AddJwtBearer(o =>
                 {
-                    OnAuthenticationFailed = c =>
-                    {
-                        c.NoResult();
-
-                        c.Response.StatusCode = 500;
-                        c.Response.ContentType = "text/plain";
-                        if (Environment.IsDevelopment())
-                        {
-                            // Debug only, in production do not share exceptions with the remote host.
-                            return c.Response.WriteAsync(c.Exception.ToString());
-                        }
-                        return c.Response.WriteAsync("An error occurred processing your authentication.");
-                    }
-                };
-            });
+                    // You also need to update /wwwroot/app/scripts/app.js
+                    o.Authority = Configuration["oidc:authority"];
+                    o.Audience = Configuration["oidc:clientid"];
+                });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -86,13 +67,16 @@ namespace JwtBearerSample
             app.Use(async (context, next) =>
             {
                 // Use this if there are multiple authentication schemes
-                // var user = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
-
-                var user = context.User; // We can do this because of there's only a single authentication scheme
-                if (user?.Identity?.IsAuthenticated ?? false)
+                var authResult = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+                if (authResult.Succeeded && authResult.Principal.Identity.IsAuthenticated)
                 {
                     await next();
                 }
+                else if (authResult.Failure != null)
+                {
+                    // Rethrow, let the exception page handle it.
+                    ExceptionDispatchInfo.Capture(authResult.Failure).Throw();
+                }
                 else
                 {
                     await context.ChallengeAsync();

From c729063c31d60753bc3bf08a91768a5de32e1f3d Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Tue, 30 Jan 2018 15:27:52 -0800
Subject: [PATCH 851/900] Fix flaky cookie policy tests #1629

---
 .../CookieConsentTests.cs                        | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
index 4e35c165f4..fffb8cc883 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
@@ -579,7 +579,13 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             Assert.Equal(Net.Http.Headers.SameSiteMode.Lax, consentCookie.SameSite);
             Assert.NotNull(consentCookie.Expires);
 
-            Assert.Equal(httpContext.Response.Headers[HeaderNames.SetCookie], httpContext.Response.Headers["ManualCookie"]);
+            cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers["ManualCookie"]);
+            Assert.Equal(1, cookies.Count);
+            var manualCookie = cookies[0];
+            Assert.Equal(consentCookie.Name, manualCookie.Name);
+            Assert.Equal(consentCookie.Value, manualCookie.Value);
+            Assert.Equal(consentCookie.SameSite, manualCookie.SameSite);
+            Assert.NotNull(manualCookie.Expires); // Expires may not exactly match to the second.
         }
 
         [Fact]
@@ -626,7 +632,13 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
             Assert.Equal(Net.Http.Headers.SameSiteMode.Strict, consentCookie.SameSite);
             Assert.NotNull(consentCookie.Expires);
 
-            Assert.Equal(httpContext.Response.Headers[HeaderNames.SetCookie], httpContext.Response.Headers["ManualCookie"]);
+            cookies = SetCookieHeaderValue.ParseList(httpContext.Response.Headers["ManualCookie"]);
+            Assert.Equal(1, cookies.Count);
+            var manualCookie = cookies[0];
+            Assert.Equal(consentCookie.Name, manualCookie.Name);
+            Assert.Equal(consentCookie.Value, manualCookie.Value);
+            Assert.Equal(consentCookie.SameSite, manualCookie.SameSite);
+            Assert.NotNull(manualCookie.Expires); // Expires may not exactly match to the second.
         }
 
         private Task<HttpContext> RunTestAsync(Action<CookiePolicyOptions> configureOptions, Action<HttpContext> configureRequest, RequestDelegate handleRequest)

From 088dc56f3daad861abbdd1ad665a85b99d65e848 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 31 Jan 2018 15:01:13 -0800
Subject: [PATCH 852/900] Update dependencies.props to 2.1.0-preview-28193,
 build tools to 2.1.0-preview1-1010 [ci skip]

Scripted changes:
- updated travis and appveyor.yml files to only build dev, ci, and release branches
- updated dependencies.props
- updated korebuild-lock.txt
- updated korebuild.json to release/2.1 channel
---
 .appveyor.yml            | 16 +++++-------
 .travis.yml              | 24 ++++++++---------
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 korebuild.json           |  4 +--
 5 files changed, 51 insertions(+), 53 deletions(-)

diff --git a/.appveyor.yml b/.appveyor.yml
index c7b6e34316..4eea96ab69 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -1,19 +1,17 @@
 init:
-  - git config --global core.autocrlf true
+- git config --global core.autocrlf true
 branches:
   only:
-    - master
-    - release
-    - dev
-    - /^(.*\/)?ci-.*$/
-    - /^rel\/.*/
+  - dev
+  - /^release\/.*$/
+  - /^(.*\/)?ci-.*$/
 build_script:
-  - ps: .\run.ps1 default-build
+- ps: .\run.ps1 default-build
 clone_depth: 1
 environment:
   global:
     DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
     DOTNET_CLI_TELEMETRY_OPTOUT: 1
-test: off
-deploy: off
+test: 'off'
+deploy: 'off'
 os: Visual Studio 2017
diff --git a/.travis.yml b/.travis.yml
index 6c59666f3a..64bdbb4441 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,25 +3,25 @@ sudo: false
 dist: trusty
 env:
   global:
-    - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
-    - DOTNET_CLI_TELEMETRY_OPTOUT: 1
+  - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+  - DOTNET_CLI_TELEMETRY_OPTOUT: 1
 mono: none
 os:
-  - linux
-  - osx
+- linux
+- osx
 osx_image: xcode8.2
 addons:
   apt:
     packages:
-      - libunwind8
+    - libunwind8
 branches:
   only:
-    - master
-    - release
-    - dev
-    - /^(.*\/)?ci-.*$/
-    - /^rel\/.*/
+  - dev
+  - /^release\/.*$/
+  - /^(.*\/)?ci-.*$/
 before_install:
-  - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
+- if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s
+  /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
+  /usr/local/lib/; fi
 script:
-  - ./build.sh
+- ./build.sh
diff --git a/build/dependencies.props b/build/dependencies.props
index 1aaf7a18a2..bd1daf187e 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,37 +3,37 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15679</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-28153</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-28153</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-1010</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-28193</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-28193</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26115-03</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26122-01</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index a474bc0e35..851bfbf203 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15679
-commithash:5347461137cb45a77ddcc0b55b2478092de43338
+version:2.1.0-preview1-1010
+commithash:75ca924dfbd673c38841025b04c4dcd93b84f56d
diff --git a/korebuild.json b/korebuild.json
index bd5d51a51b..678d8bb948 100644
--- a/korebuild.json
+++ b/korebuild.json
@@ -1,4 +1,4 @@
 {
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
-  "channel": "dev"
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/release/2.1/tools/korebuild.schema.json",
+  "channel": "release/2.1"
 }

From c1171cd3ff0de71e6ce3e100059fa0115ebb8ee1 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Thu, 1 Feb 2018 04:30:48 +0000
Subject: [PATCH 853/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index bf30832e18..c5a4ece3ce 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,37 +3,37 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview1-15651</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview1-28009</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview1-28009</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15692</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview1-26102-01</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26130-04</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 7c2e97aa79..232cb858c2 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview1-15651
-commithash:ebf2365121c2c6a6a0fbfa9b0f37bb5effc89323
+version:2.1.0-preview2-15692
+commithash:5d9f445ce3f8492451a6f461df7e739bbed6a7f8

From c0b8be58ba0ccdb3a4cd38825c30536f60ab99ce Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Thu, 1 Feb 2018 14:40:56 -0800
Subject: [PATCH 854/900] Add scheme forwarding (authN policies) (#1625)

---
 .../CookieAuthenticationHandler.cs            |  14 +
 .../OpenIdConnectHandler.cs                   |   7 +
 .../AuthenticationHandler.cs                  |  30 ++
 .../AuthenticationSchemeOptions.cs            |  53 +++
 .../CookieTests.cs                            | 412 ++++++++++++++++-
 .../FacebookTests.cs                          | 397 ++++++++++++++++
 .../GoogleTests.cs                            | 409 ++++++++++++++++-
 .../JwtBearerTests.cs                         | 399 ++++++++++++++++-
 .../MicrosoftAccountTests.cs                  | 395 ++++++++++++++++
 .../OAuthTests.cs                             | 422 +++++++++++++++++-
 .../OpenIdConnectConfigurationTests.cs        | 418 +++++++++++++++++
 .../TestHandlers.cs                           | 115 +++++
 .../TwitterTests.cs                           | 396 ++++++++++++++++
 13 files changed, 3441 insertions(+), 26 deletions(-)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 5d0afba46b..9a2fbfbc74 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -240,6 +240,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 throw new ArgumentNullException(nameof(user));
             }
 
+            var target = ResolveTarget(Options.ForwardSignIn);
+            if (target != null)
+            {
+                await Context.SignInAsync(target, user, properties);
+                return;
+            }
+
             properties = properties ?? new AuthenticationProperties();
 
             _signInCalled = true;
@@ -322,6 +329,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         public async virtual Task SignOutAsync(AuthenticationProperties properties)
         {
+            var target = ResolveTarget(Options.ForwardSignOut);
+            if (target != null)
+            {
+                await Context.SignOutAsync(target, properties);
+                return;
+            }
+
             properties = properties ?? new AuthenticationProperties();
 
             _signOutCalled = true;
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 4f722323dc..ce7494fb4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -155,6 +155,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <returns>A task executing the sign out procedure</returns>
         public async virtual Task SignOutAsync(AuthenticationProperties properties)
         {
+            var target = ResolveTarget(Options.ForwardSignOut);
+            if (target != null)
+            {
+                await Context.SignOutAsync(target, properties);
+                return;
+            }
+
             properties = properties ?? new AuthenticationProperties();
 
             Logger.EnteringOpenIdAuthenticationHandlerHandleSignOutAsync(GetType().FullName);
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index ef4292100a..4399ce5f74 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -118,8 +118,24 @@ namespace Microsoft.AspNetCore.Authentication
         protected string BuildRedirectUri(string targetPath)
             => Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;
 
+        protected virtual string ResolveTarget(string scheme)
+        {
+            var target = scheme ?? Options.ForwardDefaultSelector?.Invoke(Context) ?? Options.ForwardDefault;
+
+            // Prevent self targetting
+            return string.Equals(target, Scheme.Name, StringComparison.Ordinal)
+                ? null
+                : target;
+        }
+
         public async Task<AuthenticateResult> AuthenticateAsync()
         {
+            var target = ResolveTarget(Options.ForwardAuthenticate);
+            if (target != null)
+            {
+                return await Context.AuthenticateAsync(target);
+            }
+
             // Calling Authenticate more than once should always return the original value.
             var result = await HandleAuthenticateOnceAsync();
             if (result?.Failure == null)
@@ -200,6 +216,13 @@ namespace Microsoft.AspNetCore.Authentication
 
         public async Task ChallengeAsync(AuthenticationProperties properties)
         {
+            var target = ResolveTarget(Options.ForwardChallenge);
+            if (target != null)
+            {
+                await Context.ChallengeAsync(target, properties);
+                return;
+            }
+
             properties = properties ?? new AuthenticationProperties();
             await HandleChallengeAsync(properties);
             Logger.AuthenticationSchemeChallenged(Scheme.Name);
@@ -207,6 +230,13 @@ namespace Microsoft.AspNetCore.Authentication
 
         public async Task ForbidAsync(AuthenticationProperties properties)
         {
+            var target = ResolveTarget(Options.ForwardForbid);
+            if (target != null)
+            {
+                await Context.ForbidAsync(target, properties);
+                return;
+            }
+
             properties = properties ?? new AuthenticationProperties();
             await HandleForbiddenAsync(properties);
             Logger.AuthenticationSchemeForbidden(Scheme.Name);
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
index 18d4c97881..a547d203b4 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Authentication
 {
@@ -36,5 +37,57 @@ namespace Microsoft.AspNetCore.Authentication
         /// If set, will be used as the service type to get the Events instance instead of the property.
         /// </summary>
         public Type EventsType { get; set; }
+
+        /// <summary>
+        /// If set, this specifies a default scheme that authentication handlers should forward all authentication operations to
+        /// by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut 
+        /// setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result
+        /// will be used as the target scheme to forward to.
+        /// </summary>
+        public string ForwardDefault { get; set; }
+
+        /// <summary>
+        /// If set, this specifies the target scheme that this scheme should forward AuthenticateAsync calls to.
+        /// For example Context.AuthenticateAsync("ThisScheme") => Context.AuthenticateAsync("ForwardAuthenticateValue");
+        /// Set the target to the current scheme to disable forwarding and allow normal processing.
+        /// </summary>
+        public string ForwardAuthenticate { get; set; }
+
+        /// <summary>
+        /// If set, this specifies the target scheme that this scheme should forward ChallengeAsync calls to.
+        /// For example Context.ChallengeAsync("ThisScheme") => Context.ChallengeAsync("ForwardChallengeValue");
+        /// Set the target to the current scheme to disable forwarding and allow normal processing.
+        /// </summary>
+        public string ForwardChallenge { get; set; }
+
+        /// <summary>
+        /// If set, this specifies the target scheme that this scheme should forward ForbidAsync calls to.
+        /// For example Context.ForbidAsync("ThisScheme") => Context.ForbidAsync("ForwardForbidValue");
+        /// Set the target to the current scheme to disable forwarding and allow normal processing.
+        /// </summary>
+        public string ForwardForbid { get; set; }
+
+        /// <summary>
+        /// If set, this specifies the target scheme that this scheme should forward SignInAsync calls to.
+        /// For example Context.SignInAsync("ThisScheme") => Context.SignInAsync("ForwardSignInValue");
+        /// Set the target to the current scheme to disable forwarding and allow normal processing.
+        /// </summary>
+        public string ForwardSignIn { get; set; }
+
+        /// <summary>
+        /// If set, this specifies the target scheme that this scheme should forward SignOutAsync calls to.
+        /// For example Context.SignOutAsync("ThisScheme") => Context.SignInAsync("ForwardSignOutValue");
+        /// Set the target to the current scheme to disable forwarding and allow normal processing.
+        /// </summary>
+        public string ForwardSignOut { get; set; }
+
+        /// <summary>
+        /// Used to select a default scheme for the current request that authentication handlers should forward all authentication operations to
+        /// by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut 
+        /// setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result
+        /// will be used as the target scheme to forward to.
+        /// </summary>
+        public Func<HttpContext, string> ForwardDefaultSelector { get; set; }
+
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 789f5ede9c..b2726bac8c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -11,6 +10,7 @@ using System.Security.Principal;
 using System.Text;
 using System.Threading.Tasks;
 using System.Xml.Linq;
+using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -26,6 +26,416 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     {
         private TestClock _clock = new TestClock();
 
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddCookie(o => o.ForwardDefault = "auth1");
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, forwardDefault.SignOutCount);
+
+            await context.SignInAsync(new ClaimsPrincipal());
+            Assert.Equal(1, forwardDefault.SignInCount);
+        }
+
+        [Fact]
+        public async Task ForwardSignInWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardSignIn = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.SignInAsync(new ClaimsPrincipal());
+            Assert.Equal(1, specific.SignInCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignOutCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSignOutWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.SignOutAsync();
+            Assert.Equal(1, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, selector.SignOutCount);
+
+            await context.SignInAsync(new ClaimsPrincipal());
+            Assert.Equal(1, selector.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, forwardDefault.SignOutCount);
+
+            await context.SignInAsync(new ClaimsPrincipal());
+            Assert.Equal(1, forwardDefault.SignInCount);
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddCookie(o =>
+            {
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, specific.SignOutCount);
+
+            await context.SignInAsync(new ClaimsPrincipal());
+            Assert.Equal(1, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
         [Fact]
         public async Task VerifySchemeDefaults()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 2314b6b3c9..684482ed5b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -5,11 +5,13 @@ using System;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Security.Claims;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -24,6 +26,401 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 {
     public class FacebookTests
     {
+        private void ConfigureDefaults(FacebookOptions o)
+        {
+            o.AppId = "whatever";
+            o.AppSecret = "whatever";
+            o.SignInScheme = "auth1";
+        }
+
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+            });
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignInThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignOutThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = FacebookDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddFacebook(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
         [Fact]
         public async Task VerifySignInSchemeCannotBeSetToSelf()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 944a4827c3..8bfbaacde8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -10,6 +10,7 @@ using System.Text;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -24,6 +25,401 @@ namespace Microsoft.AspNetCore.Authentication.Google
 {
     public class GoogleTests
     {
+        private void ConfigureDefaults(GoogleOptions o)
+        {
+            o.ClientId = "whatever";
+            o.ClientSecret = "whatever";
+            o.SignInScheme = "auth1";
+        }
+
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+            });
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignInThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignOutThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = GoogleDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddGoogle(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
         [Fact]
         public async Task VerifySignInSchemeCannotBeSetToSelf()
         {
@@ -1061,18 +1457,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
                 .ConfigureServices(services =>
                 {
                     services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
-                    services.AddAuthentication("Auth")
-                        .AddVirtualScheme("Auth", "Auth", o =>
-                        {
-                            o.Default = TestExtensions.CookieAuthenticationScheme;
-                            o.Challenge = GoogleDefaults.AuthenticationScheme;
-                        })
-                        .AddCookie(TestExtensions.CookieAuthenticationScheme)
+                    services.AddAuthentication(TestExtensions.CookieAuthenticationScheme)
+                        .AddCookie(TestExtensions.CookieAuthenticationScheme, o => o.ForwardChallenge = GoogleDefaults.AuthenticationScheme)
                         .AddGoogle(configureOptions)
                         .AddFacebook(o =>
                         {
-                            o.AppId = "Test AppId";
-                            o.AppSecret = "Test AppSecrent";
+                            o.ClientId = "Test ClientId";
+                            o.ClientSecret = "Test AppSecrent";
                         });
                 });
             return new TestServer(builder);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index 97adb21054..b472a4162d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -11,14 +10,13 @@ using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
 using System.Xml.Linq;
+using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.AspNetCore.Testing.xunit;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using Xunit;
 
@@ -26,6 +24,401 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 {
     public class JwtBearerTests
     {
+        private void ConfigureDefaults(JwtBearerOptions o)
+        {
+        }
+
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+            });
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignInThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignOutThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.DefaultSignInScheme = "auth1";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.DefaultSignInScheme = "auth1";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.DefaultSignInScheme = "auth1";
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddJwtBearer(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
         [Fact]
         public async Task VerifySchemeDefaults()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index b2854e344e..480241d35b 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -27,6 +27,401 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
 {
     public class MicrosoftAccountTests
     {
+        private void ConfigureDefaults(MicrosoftAccountOptions o)
+        {
+            o.ClientId = "whatever";
+            o.ClientSecret = "whatever";
+            o.SignInScheme = "auth1";
+        }
+
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+            });
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignInThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignOutThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = MicrosoftAccountDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddMicrosoftAccount(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
         [Fact]
         public async Task VerifySignInSchemeCannotBeSetToSelf()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 65d865b941..9279f145b9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -4,20 +4,416 @@
 using System;
 using System.Collections.Generic;
 using System.Net;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
 {
     public class OAuthTests
     {
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.SignInScheme = "auth1";
+                o.ForwardDefault = "auth1";
+            });
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignInThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.SignInScheme = "auth1";
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignOutThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.SignInScheme = "auth1";
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.DefaultSignInScheme = "auth1";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.DefaultSignInScheme = "auth1";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.DefaultSignInScheme = "auth1";
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = "default";
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOAuth("default", o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
+
         [Fact]
         public async Task VerifySignInSchemeCannotBeSetToSelf()
         {
@@ -131,12 +527,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     "Weblie",
                     opt =>
                     {
-                        opt.ClientId = "Test Id";
-                        opt.ClientSecret = "secret";
-                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
-                        opt.TokenEndpoint = "https://example.com/provider/token";
-                        opt.CallbackPath = "/oauth-callback";
+                        ConfigureDefaults(opt);
                     }),
                 async ctx =>
                 {
@@ -162,12 +553,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                     "Weblie",
                     opt =>
                     {
-                        opt.ClientId = "Test Id";
-                        opt.ClientSecret = "secret";
-                        opt.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                        opt.AuthorizationEndpoint = "https://example.com/provider/login";
-                        opt.TokenEndpoint = "https://example.com/provider/token";
-                        opt.CallbackPath = "/oauth-callback";
+                        ConfigureDefaults(opt);
                         opt.CorrelationCookie.Path = "/";
                     }),
                 async ctx =>
@@ -186,6 +572,16 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Contains("path=/", correlation);
         }
 
+        private void ConfigureDefaults(OAuthOptions o)
+        {
+            o.ClientId = "Test Id";
+            o.ClientSecret = "secret";
+            o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+            o.AuthorizationEndpoint = "https://example.com/provider/login";
+            o.TokenEndpoint = "https://example.com/provider/token";
+            o.CallbackPath = "/oauth-callback";
+        }
+
         [Fact]
         public async Task RemoteAuthenticationFailed_OAuthError_IncludesProperties()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
index 69ba758292..ed368c1ef7 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
@@ -3,10 +3,13 @@
 
 using System;
 using System.Net;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Xunit;
@@ -15,6 +18,421 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 {
     public class OpenIdConnectConfigurationTests
     {
+        private void ConfigureDefaults(OpenIdConnectOptions o)
+        {
+            o.Authority = TestServerBuilder.DefaultAuthority;
+            o.ClientId = "Test Id";
+            o.ClientSecret = "Test Secret";
+            o.SignInScheme = "auth1";
+        }
+
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+            });
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, forwardDefault.SignOutCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignInThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignOutWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.SignOutAsync();
+            Assert.Equal(1, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, selector.SignOutCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, forwardDefault.SignOutCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddOpenIdConnect(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await context.SignOutAsync();
+            Assert.Equal(1, specific.SignOutCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
         [Fact]
         public async Task MetadataAddressIsGeneratedFromAuthorityWhenMissing()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs b/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
new file mode 100644
index 0000000000..cd9fe9fb1a
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
@@ -0,0 +1,115 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Tests
+{
+    public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>, IAuthenticationSignInHandler
+    {
+        public TestAuthHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+        { }
+
+        public int SignInCount { get; set; }
+        public int SignOutCount { get; set; }
+        public int ForbidCount { get; set; }
+        public int ChallengeCount { get; set; }
+        public int AuthenticateCount { get; set; }
+
+        protected override Task HandleChallengeAsync(AuthenticationProperties properties)
+        {
+            ChallengeCount++;
+            return Task.CompletedTask;
+        }
+
+        protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
+        {
+            ForbidCount++;
+            return Task.CompletedTask;
+        }
+
+        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            AuthenticateCount++;
+            var principal = new ClaimsPrincipal();
+            var id = new ClaimsIdentity();
+            id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
+            principal.AddIdentity(id);
+            return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
+        }
+
+        public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+        {
+            SignInCount++;
+            return Task.CompletedTask;
+        }
+
+        public Task SignOutAsync(AuthenticationProperties properties)
+        {
+            SignOutCount++;
+            return Task.CompletedTask;
+        }
+    }
+
+    public class TestHandler : IAuthenticationSignInHandler
+    {
+        public AuthenticationScheme Scheme { get; set; }
+        public int SignInCount { get; set; }
+        public int SignOutCount { get; set; }
+        public int ForbidCount { get; set; }
+        public int ChallengeCount { get; set; }
+        public int AuthenticateCount { get; set; }
+
+        public Task<AuthenticateResult> AuthenticateAsync()
+        {
+            AuthenticateCount++;
+            var principal = new ClaimsPrincipal();
+            var id = new ClaimsIdentity();
+            id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
+            principal.AddIdentity(id);
+            return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
+        }
+
+        public Task ChallengeAsync(AuthenticationProperties properties)
+        {
+            ChallengeCount++;
+            return Task.CompletedTask;
+        }
+
+        public Task ForbidAsync(AuthenticationProperties properties)
+        {
+            ForbidCount++;
+            return Task.CompletedTask;
+        }
+
+        public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+        {
+            Scheme = scheme;
+            return Task.CompletedTask;
+        }
+
+        public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+        {
+            SignInCount++;
+            return Task.CompletedTask;
+        }
+
+        public Task SignOutAsync(AuthenticationProperties properties)
+        {
+            SignOutCount++;
+            return Task.CompletedTask;
+        }
+    }
+
+    public class TestHandler2 : TestHandler
+    {
+    }
+
+    public class TestHandler3 : TestHandler
+    {
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
index 2a63757b9a..c1937d136c 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
@@ -7,6 +7,7 @@ using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Tests;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
@@ -19,6 +20,401 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
 {
     public class TwitterTests
     {
+        private void ConfigureDefaults(TwitterOptions o)
+        {
+            o.ConsumerKey = "whatever";
+            o.ConsumerSecret = "whatever";
+            o.SignInScheme = "auth1";
+        }
+
+        [Fact]
+        public async Task CanForwardDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("auth1", "auth1");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+            });
+
+            var forwardDefault = new TestHandler();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignInThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+        }
+
+        [Fact]
+        public async Task ForwardSignOutThrows()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardSignOut = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+        }
+
+        [Fact]
+        public async Task ForwardForbidWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ForbidAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(1, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardAuthenticateWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardAuthenticate = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(1, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardChallengeWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler>("specific", "specific");
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardChallenge = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.ChallengeAsync();
+            Assert.Equal(0, specific.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(1, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+        }
+
+        [Fact]
+        public async Task ForwardSelectorWinsOverDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, selector.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, selector.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, selector.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task NullForwardSelectorUsesDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => null;
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, forwardDefault.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, forwardDefault.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, forwardDefault.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+            Assert.Equal(0, specific.AuthenticateCount);
+            Assert.Equal(0, specific.ForbidCount);
+            Assert.Equal(0, specific.ChallengeCount);
+            Assert.Equal(0, specific.SignInCount);
+            Assert.Equal(0, specific.SignOutCount);
+        }
+
+        [Fact]
+        public async Task SpecificForwardWinsOverSelectorAndDefault()
+        {
+            var services = new ServiceCollection().AddLogging();
+            services.AddAuthentication(o =>
+            {
+                o.DefaultScheme = TwitterDefaults.AuthenticationScheme;
+                o.AddScheme<TestHandler2>("auth1", "auth1");
+                o.AddScheme<TestHandler3>("selector", "selector");
+                o.AddScheme<TestHandler>("specific", "specific");
+            })
+            .AddTwitter(o =>
+            {
+                ConfigureDefaults(o);
+                o.ForwardDefault = "auth1";
+                o.ForwardDefaultSelector = _ => "selector";
+                o.ForwardAuthenticate = "specific";
+                o.ForwardChallenge = "specific";
+                o.ForwardSignIn = "specific";
+                o.ForwardSignOut = "specific";
+                o.ForwardForbid = "specific";
+            });
+
+            var specific = new TestHandler();
+            services.AddSingleton(specific);
+            var forwardDefault = new TestHandler2();
+            services.AddSingleton(forwardDefault);
+            var selector = new TestHandler3();
+            services.AddSingleton(selector);
+
+            var sp = services.BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = sp;
+
+            await context.AuthenticateAsync();
+            Assert.Equal(1, specific.AuthenticateCount);
+
+            await context.ForbidAsync();
+            Assert.Equal(1, specific.ForbidCount);
+
+            await context.ChallengeAsync();
+            Assert.Equal(1, specific.ChallengeCount);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignOutAsync());
+            await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
+
+            Assert.Equal(0, forwardDefault.AuthenticateCount);
+            Assert.Equal(0, forwardDefault.ForbidCount);
+            Assert.Equal(0, forwardDefault.ChallengeCount);
+            Assert.Equal(0, forwardDefault.SignInCount);
+            Assert.Equal(0, forwardDefault.SignOutCount);
+            Assert.Equal(0, selector.AuthenticateCount);
+            Assert.Equal(0, selector.ForbidCount);
+            Assert.Equal(0, selector.ChallengeCount);
+            Assert.Equal(0, selector.SignInCount);
+            Assert.Equal(0, selector.SignOutCount);
+        }
+
         [Fact]
         public async Task VerifySignInSchemeCannotBeSetToSelf()
         {

From 29ed4ce9f64b6df26706f7e431ff815573004a49 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sat, 3 Feb 2018 03:03:01 +0000
Subject: [PATCH 855/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index c5a4ece3ce..b3ced86881 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15692</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-28215</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-28215</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15694</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 232cb858c2..6f294ef0e6 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15692
-commithash:5d9f445ce3f8492451a6f461df7e739bbed6a7f8
+version:2.1.0-preview2-15694
+commithash:f61af02b48e89592c9aadb7ebaebe84228666c3b

From 59c7cd0efe33687dcdc4f7701933b85dd89a340c Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Fri, 9 Feb 2018 12:00:17 -0800
Subject: [PATCH 856/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index b3ced86881..140d9ddbc2 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,35 +3,35 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15694</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30020</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30020</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15698</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
-    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0-preview2-41113220915</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
+    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26130-04</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 6f294ef0e6..3e2b56b91b 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15694
-commithash:f61af02b48e89592c9aadb7ebaebe84228666c3b
+version:2.1.0-preview2-15698
+commithash:7216e5068cb1957e09d45fcbe58a744dd5c2de73

From 5de25bb11cfb2bf60d05ea2be36e80d86b38d18b Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 11 Feb 2018 12:40:54 -0800
Subject: [PATCH 857/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 140d9ddbc2..7fcf154c23 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,32 +4,32 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15698</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30066</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30066</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
@@ -41,7 +41,7 @@
     <NewtonsoftJsonPackageVersion>10.0.1</NewtonsoftJsonPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
-    <XunitRunnerVisualStudioPackageVersion>2.3.1</XunitRunnerVisualStudioPackageVersion>
+    <XunitRunnerVisualStudioPackageVersion>2.4.0-beta.1.build3945</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
   <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
 </Project>

From f201a2b1708eda884f0b7309b89f18a07bc5fe89 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 18 Feb 2018 12:31:34 -0800
Subject: [PATCH 858/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 7fcf154c23..4edb3917cf 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,33 +3,33 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15698</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30077</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30077</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15707</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 3e2b56b91b..89d0ad3d15 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15698
-commithash:7216e5068cb1957e09d45fcbe58a744dd5c2de73
+version:2.1.0-preview2-15707
+commithash:e74e53f129ab34332947fea7ac7b7591b027cb22

From dda0921c0a2e3e341bbab2bcc083a2604aa6cc8e Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Wed, 21 Feb 2018 18:27:13 -0800
Subject: [PATCH 859/900] Use FeatureBranchVersionSuffix when generating
 VersionSuffix

---
 version.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/version.props b/version.props
index 370d5ababd..65c8a07e37 100644
--- a/version.props
+++ b/version.props
@@ -5,6 +5,7 @@
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
     <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>
+    <VersionSuffix Condition="'$(VersionSuffix)' != '' And '$(FeatureBranchVersionSuffix)' != ''">$(VersionSuffix)-$([System.Text.RegularExpressions.Regex]::Replace('$(FeatureBranchVersionSuffix)', '[^\w-]', '-'))</VersionSuffix>
     <VersionSuffix Condition="'$(VersionSuffix)' != '' And '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
   </PropertyGroup>
 </Project>

From 2b1dab2efed9d3ba74fa082d9f01ccbd1d05bd43 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Mon, 26 Feb 2018 11:15:31 -0800
Subject: [PATCH 860/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 4edb3917cf..ca0ede407e 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,38 +3,38 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15707</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30131</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30131</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15721</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26130-04</MicrosoftNETCoreApp21PackageVersion>
-    <MicrosoftNETTestSdkPackageVersion>15.3.0</MicrosoftNETTestSdkPackageVersion>
+    <MicrosoftNETTestSdkPackageVersion>15.6.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 89d0ad3d15..e6c7fddffa 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15707
-commithash:e74e53f129ab34332947fea7ac7b7591b027cb22
+version:2.1.0-preview2-15721
+commithash:f9bb4be59e39938ec59a6975257e26099b0d03c1

From d95109c96d6b92d04178dea004583796824072da Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Tue, 12 Sep 2017 16:28:07 -0700
Subject: [PATCH 861/900] #43 Add
 Microsoft.AspNetCore.Authentication.WsFederation, samples, and tests. #1443
 Block unsolicited wsfed logins by default. #1520 Update WsFed to use the 2.0
 event structure #1425 Implement WsFed remote signout cleanup Rework WsFed
 RemoteSignOutPath logic to work with ADFS #1581 Update versions,
 dependencies.

---
 Security.sln                                  |  40 +-
 build/dependencies.props                      |   2 +
 samples/WsFedSample/Program.cs                |  64 +++
 .../Properties/launchSettings.json            |  28 ++
 samples/WsFedSample/Startup.cs                | 168 +++++++
 samples/WsFedSample/WsFedSample.csproj        |  27 ++
 .../WsFedSample/compiler/resources/cert.pfx   | Bin 0 -> 2483 bytes
 .../Events/AuthenticationFailedContext.cs     |  35 ++
 .../Events/MessageReceivedContext.cs          |  33 ++
 .../Events/RedirectContext.cs                 |  44 ++
 .../Events/RemoteSignoutContext.cs            |  30 ++
 .../Events/SecurityTokenReceivedContext.cs    |  28 ++
 .../Events/SecurityTokenValidatedContext.cs   |  34 ++
 .../Events/WsFederationEvents.cs              |  74 +++
 .../LoggingExtensions.cs                      |  85 ++++
 ...NetCore.Authentication.WsFederation.csproj |  17 +
 .../Properties/Resources.Designer.cs          | 114 +++++
 .../Resources.resx                            | 138 ++++++
 .../WsFederationDefaults.cs                   |  26 +
 .../WsFederationExtensions.cs                 |  58 +++
 .../WsFederationHandler.cs                    | 425 +++++++++++++++++
 .../WsFederationOptions.cs                    | 180 +++++++
 .../WsFederationPostConfigureOptions.cs       |  89 ++++
 ...soft.AspNetCore.Authentication.Test.csproj |  19 +
 .../WsFederation/CustomStateDataFormat.cs     |  58 +++
 .../WsFederation/InvalidToken.xml             |  83 ++++
 .../WsFederation/TestSecurityToken.cs         |  27 ++
 .../TestSecurityTokenValidator.cs             |  31 ++
 .../WsFederation/ValidToken.xml               |  83 ++++
 .../WsFederation/WsFederationTest.cs          | 443 ++++++++++++++++++
 .../WsFederation/federationmetadata.xml       | 132 ++++++
 31 files changed, 2614 insertions(+), 1 deletion(-)
 create mode 100644 samples/WsFedSample/Program.cs
 create mode 100644 samples/WsFedSample/Properties/launchSettings.json
 create mode 100644 samples/WsFedSample/Startup.cs
 create mode 100644 samples/WsFedSample/WsFedSample.csproj
 create mode 100644 samples/WsFedSample/compiler/resources/cert.pfx
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml

diff --git a/Security.sln b/Security.sln
index f598f34eb1..3df759651b 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.27004.2002
+VisualStudioVersion = 15.0.27130.2027
 MinimumVisualStudioVersion = 15.0.26730.03
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
 	ProjectSection(SolutionItems) = preProject
@@ -75,6 +75,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Author
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CookiePolicySample", "samples\CookiePolicySample\CookiePolicySample.csproj", "{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.WsFederation", "src\Microsoft.AspNetCore.Authentication.WsFederation\Microsoft.AspNetCore.Authentication.WsFederation.csproj", "{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WsFedSample", "samples\WsFedSample\WsFedSample.csproj", "{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -481,6 +485,38 @@ Global
 		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|x64.Build.0 = Release|Any CPU
 		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|x86.ActiveCfg = Release|Any CPU
 		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E}.Release|x86.Build.0 = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|x64.Build.0 = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Debug|x86.Build.0 = Debug|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|x64.ActiveCfg = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|x64.Build.0 = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|x86.ActiveCfg = Release|Any CPU
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29}.Release|x86.Build.0 = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|x64.Build.0 = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Debug|x86.Build.0 = Debug|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|Any CPU.Build.0 = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|x64.ActiveCfg = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|x64.Build.0 = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|x86.ActiveCfg = Release|Any CPU
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -511,6 +547,8 @@ Global
 		{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
 		{58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
 		{24A28F5D-E5A9-4CA8-B0D2-924A1F8BE14E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
+		{B1FC6AAF-9BF2-4CDA-84A2-AA8BF7603F29} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
+		{5EC2E398-E46A-430D-8E4B-E91C8FC3E800} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {ABF8089E-43D0-4010-84A7-7A9DCFE49357}
diff --git a/build/dependencies.props b/build/dependencies.props
index ca0ede407e..4ccaf4fcbc 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -32,6 +32,7 @@
     <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
+    <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26130-04</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.0</MicrosoftNETTestSdkPackageVersion>
@@ -39,6 +40,7 @@
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
     <NewtonsoftJsonPackageVersion>10.0.1</NewtonsoftJsonPackageVersion>
+    <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
     <XunitRunnerVisualStudioPackageVersion>2.4.0-beta.1.build3945</XunitRunnerVisualStudioPackageVersion>
diff --git a/samples/WsFedSample/Program.cs b/samples/WsFedSample/Program.cs
new file mode 100644
index 0000000000..40e1945c69
--- /dev/null
+++ b/samples/WsFedSample/Program.cs
@@ -0,0 +1,64 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Reflection;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.FileProviders;
+using Microsoft.Extensions.Logging;
+
+namespace WsFedSample
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            var host = new WebHostBuilder()
+                .ConfigureLogging(factory =>
+                {
+                    factory.AddConsole();
+                    factory.AddDebug();
+                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                    factory.AddFilter("Debug", level => level >= LogLevel.Information);
+                })
+                .UseKestrel(options =>
+                {
+                    options.Listen(IPAddress.Loopback, 44307, listenOptions =>
+                    {
+                        // Configure SSL
+                        var serverCertificate = LoadCertificate();
+                        listenOptions.UseHttps(serverCertificate);
+                    });
+                })
+                .UseContentRoot(Directory.GetCurrentDirectory())
+                .UseIISIntegration()
+                .UseStartup<Startup>()
+                .Build();
+
+            host.Run();
+        }
+
+        private static X509Certificate2 LoadCertificate()
+        {
+            var assembly = typeof(Startup).GetTypeInfo().Assembly;
+            var embeddedFileProvider = new EmbeddedFileProvider(assembly, "WsFedSample");
+            var certificateFileInfo = embeddedFileProvider.GetFileInfo("compiler/resources/cert.pfx");
+            using (var certificateStream = certificateFileInfo.CreateReadStream())
+            {
+                byte[] certificatePayload;
+                using (var memoryStream = new MemoryStream())
+                {
+                    certificateStream.CopyTo(memoryStream);
+                    certificatePayload = memoryStream.ToArray();
+                }
+
+                return new X509Certificate2(certificatePayload, "testPassword");
+            }
+        }
+    }
+}
diff --git a/samples/WsFedSample/Properties/launchSettings.json b/samples/WsFedSample/Properties/launchSettings.json
new file mode 100644
index 0000000000..bdf80e2481
--- /dev/null
+++ b/samples/WsFedSample/Properties/launchSettings.json
@@ -0,0 +1,28 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "https://localhost:44307/",
+      "sslPort": 44318
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "https://localhost:44307/",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "WsFedSample": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "applicationUrl": "https://localhost:44307/",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/samples/WsFedSample/Startup.cs b/samples/WsFedSample/Startup.cs
new file mode 100644
index 0000000000..0fc32769e9
--- /dev/null
+++ b/samples/WsFedSample/Startup.cs
@@ -0,0 +1,168 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.WsFederation;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace WsFedSample
+{
+    public class Startup
+    {
+        public Startup(IConfiguration configuration)
+        {
+            Configuration = configuration;
+        }
+
+        public IConfiguration Configuration { get; }
+
+        // This method gets called by the runtime. Use this method to add services to the container.
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddAuthentication(sharedOptions =>
+            {
+                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
+            })
+            .AddWsFederation(options =>
+            {
+                options.Wtrealm = "https://Tratcheroutlook.onmicrosoft.com/WsFedSample";
+                options.MetadataAddress = "https://login.windows.net/cdc690f9-b6b8-4023-813a-bae7143d1f87/FederationMetadata/2007-06/FederationMetadata.xml";
+                // options.CallbackPath = "/";
+                // options.SkipUnrecognizedRequests = true;
+            })
+            .AddCookie();
+        }
+
+        public void Configure(IApplicationBuilder app)
+        {
+            app.UseDeveloperExceptionPage();
+            app.UseAuthentication();
+
+            app.Run(async context =>
+            {
+                if (context.Request.Path.Equals("/signedout"))
+                {
+                    await WriteHtmlAsync(context.Response, async res =>
+                    {
+                        await res.WriteAsync($"<h1>You have been signed out.</h1>");
+                        await res.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
+                    });
+                    return;
+                }
+
+                if (context.Request.Path.Equals("/signout"))
+                {
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await WriteHtmlAsync(context.Response, async res =>
+                    {
+                        await context.Response.WriteAsync($"<h1>Signed out {HtmlEncode(context.User.Identity.Name)}</h1>");
+                        await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
+                    });
+                    return;
+                }
+
+                if (context.Request.Path.Equals("/signout-remote"))
+                {
+                    // Redirects
+                    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+                    await context.SignOutAsync(WsFederationDefaults.AuthenticationScheme, new AuthenticationProperties()
+                    {
+                        RedirectUri = "/signedout"
+                    });
+                    return;
+                }
+
+                if (context.Request.Path.Equals("/Account/AccessDenied"))
+                {
+                    await WriteHtmlAsync(context.Response, async res =>
+                    {
+                        await context.Response.WriteAsync($"<h1>Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}'</h1>");
+                        await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/signout\">Sign Out</a>");
+                    });
+                    return;
+                }
+
+                // DefaultAuthenticateScheme causes User to be set
+                var user = context.User;
+
+                // This is what [Authorize] calls
+                // var user = await context.AuthenticateAsync();
+
+                // This is what [Authorize(ActiveAuthenticationSchemes = WsFederationDefaults.AuthenticationScheme)] calls
+                // var user = await context.AuthenticateAsync(WsFederationDefaults.AuthenticationScheme);
+
+                // Not authenticated
+                if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
+                {
+                    // This is what [Authorize] calls
+                    await context.ChallengeAsync();
+
+                    // This is what [Authorize(ActiveAuthenticationSchemes = WsFederationDefaults.AuthenticationScheme)] calls
+                    // await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
+
+                    return;
+                }
+
+                // Authenticated, but not authorized
+                if (context.Request.Path.Equals("/restricted") && !user.Identities.Any(identity => identity.HasClaim("special", "true")))
+                {
+                    await context.ForbidAsync();
+                    return;
+                }
+
+                await WriteHtmlAsync(context.Response, async response =>
+                {
+                    await response.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
+                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/restricted\">Restricted</a>");
+                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
+                    await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remote</a>");
+
+                    await response.WriteAsync("<h2>Claims:</h2>");
+                    await WriteTableHeader(response, new string[] { "Claim Type", "Value" }, context.User.Claims.Select(c => new string[] { c.Type, c.Value }));
+                });
+            });
+        }
+
+        private static async Task WriteHtmlAsync(HttpResponse response, Func<HttpResponse, Task> writeContent)
+        {
+            var bootstrap = "<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\" integrity=\"sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u\" crossorigin=\"anonymous\">";
+
+            response.ContentType = "text/html";
+            await response.WriteAsync($"<html><head>{bootstrap}</head><body><div class=\"container\">");
+            await writeContent(response);
+            await response.WriteAsync("</div></body></html>");
+        }
+
+        private static async Task WriteTableHeader(HttpResponse response, IEnumerable<string> columns, IEnumerable<IEnumerable<string>> data)
+        {
+            await response.WriteAsync("<table class=\"table table-condensed\">");
+            await response.WriteAsync("<tr>");
+            foreach (var column in columns)
+            {
+                await response.WriteAsync($"<th>{HtmlEncode(column)}</th>");
+            }
+            await response.WriteAsync("</tr>");
+            foreach (var row in data)
+            {
+                await response.WriteAsync("<tr>");
+                foreach (var column in row)
+                {
+                    await response.WriteAsync($"<td>{HtmlEncode(column)}</td>");
+                }
+                await response.WriteAsync("</tr>");
+            }
+            await response.WriteAsync("</table>");
+        }
+
+        private static string HtmlEncode(string content) =>
+            string.IsNullOrEmpty(content) ? string.Empty : HtmlEncoder.Default.Encode(content);
+    }
+}
diff --git a/samples/WsFedSample/WsFedSample.csproj b/samples/WsFedSample/WsFedSample.csproj
new file mode 100644
index 0000000000..bc3a59f10e
--- /dev/null
+++ b/samples/WsFedSample/WsFedSample.csproj
@@ -0,0 +1,27 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.WsFederation\Microsoft.AspNetCore.Authentication.WsFederation.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Https" Version="$(MicrosoftAspNetCoreServerKestrelHttpsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="$(MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.FileProviders.Embedded" Version="$(MicrosoftExtensionsFileProvidersEmbeddedPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(MicrosoftExtensionsLoggingDebugPackageVersion)" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <EmbeddedResource Include="compiler\resources\cert.pfx" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/WsFedSample/compiler/resources/cert.pfx b/samples/WsFedSample/compiler/resources/cert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..7118908c2d730670c16e9f8b2c532a262c951989
GIT binary patch
literal 2483
zcmaKuc|27A8pqF>IWr86E&Q@(n=B)p$ug!;QVB6xij*z;uPLG!yCz#DQB)+9G$9m9
zQU)=DWXU?*EZIw<WSLy<>G!+0d++P@yZ4Xhoagg?p6B~|Ue7tN=Ny=UD?x#1n1MTq
z#c9MHh+D#gd|(a(cN}8i91v^=GcdgW3SmA$49p~gM-dys3jVWdg8+!iVL)pz1LDE5
zSb=|G<ZvN~KSQ!Q?rxD74~61uhZs=bU|nHHhtzT%{?4gfkgeydWXp04c*|$}bPuHR
zd9|7E;X!^&{+qu^YbHy7k@TeBncU!-)SA=Ul}%hyl>An(@R=(Ux!MfS9@}sFu-xDd
zIt2+mqSq$glwy_6UNs<2?(<xC6Ykp~$VcCkmP5a+xjNXHmeRsK)ipX={rj--0f&zM
z?&IF}F4EZs>qERU!gJ;5j}Pp&6trxG=wi)=@k(w2+fJVnc+qvXV<ox4QF~W&d~evJ
z3iC`kffp++kAB#EK7XV{bW*$WU0=;+0fW{64=vwMBJT_FCfH=KWfzgI8Z&3qHE&u<
zxK54EW)>zy(>Om4;L|^)R`t*3nTpAmEmTl(#i!RV#a0t#u6>Q9mY`-Nmcs7$XjXT7
zUmCD`O~_j7!%R#I?cG-7C^hcH)@l?WC1vyw$FFu_(r)jhOq6p}W8sG7NO{YTy8tG4
zrb$tTkag*G?(7lfoGx$4YWui>{{@}-FB2ub=}RX{1zx?j)s-##J9|G7E1@-;7Nuln
z9MQoX7FJ76+D#XXT@ZZmLZCufIdf3@OigG6m8I7!GT=7VD|>?6e!z9=eT}*E_tSn6
zl+clHCZ-kcIR#gen#LjMJW8>0QtViaQB#FhqsCb0YPYr3;jRITl@V9Aph24D?r2d`
zetCyyCg<*O-u+<Rbhx`bB1^AkxSlF$vc*%fKJ;7AI=3`O<;s^qmdb3}BGI&$Js>M&
zW^ptmT|}p$VAOZpmbQ1{5fK-6ytEvre#Po}6c2URn`viQAF2+e?Z~PK2&pd>7=7)I
zTCYm)@3PFRu_6a6Kb)IpCzQ%e3l%O#SDA+$Pq{Dk{HCqi7z>qd{nVpebffL7h{c4(
zmhXn~G+C27S3(IfC)q2KON=YwqHXEo%zc40DgWLzF{%RIdr@RcLu90qMSHf!Y<pL%
z?`-+`Lf@hK-X5CBDo4Vt!S$$%hHYZVV0F<AZ#BivPyD%i!?QT;&+m2KGwDUg87**H
zXF%UhGM9Ubo!RO<{9bSirORDYnprG=e7AC;kw}|?rf9o{>}JaqP<={8_Rfe;ddR5=
zKEo;^Yip&^m((#{czE{kUga3-@`*;&EwO}Jt>QdURP2P>ob^j-A!qld-0S_pm)kjs
zkNo48oZnMt){W~o8g^f;4#?lRLr-T@f}wH1o~-Iq=NEVtTVEZ`vrW~!>2yh%;Bc~H
zHl&OK>n@d`*e19*9#v>zZpU?I);f7}IPIfSSk#N|ujE492Itg)l!)TJ19@FE^x|p=
zH16NC7OfK&|6_!AnWfTIf^YPOa&`|nbk3VR0vql6&s@y1V3QOU%(`Re+<LyvjlGl=
zz-XC#DU8*S{O-EKR8yaqb4=CEFOh7zHA#>kJgrz?r9!{^wOQ4W-eng23gc}f(LxIs
zH_Ls~5izbjcRQH#WH6s6hR;zn>j_R8aJ$A)6xNneu8UI-vWV8Z@HZu&WwvG5q{1ZS
zdZeVf{Pv5-u281~y;aJe*x%Uv0@biMZ$vPbKj}O`(SOWQc~kJX<h@14F)xzPwd%>`
zXR&d4DtA<BD(%~qyw0eqH)lIt!?oSyKE5$1&k-?oPkRD4S4AZ*Pe$iwT=ROd+=PP%
zESC05u~-{k`p#ONyM4~AOJ0Zc0j87AzlAscT9-Hp5*C6$003b7e?xJSx%>e@2RH$^
z0os5*;0eIUeJi3Uh`A%44x(XzjClG8BO~-r_A}odiRuHo2-86#`mhrgN5p~<$RLY?
zq(kynfF<CIBn1F|Kp<jXz*#^6utlyv$!WkFQ6`8V0{A1$577b0QT~9>A5{v#p+EA1
z5aoe1763EQHorRm`C&ktKn(OQ1n)$Q{GZz&jRb`eDEMpl<0O#+)DMV(T7ns<Z!iNK
z%0Z(*6iQ_KvpbsE4Z<Z<xqFIoF8(7h4vQfQp;2-e02U{S!6I1nVF<kuNAq)cqxtv+
zo`vOq!;^Gj3P}&v+fIThj)>IzCG{QuM->B9g7Lrl2SE&gW`M!~(un|y0fIn=b^6_$
z9{zEzgYI~39xn0ZP*9qBL%fg7rg$ttt&TOmvfNNO<6FT0ZavM$Y4CYLQGIcIYv9Y&
zBGPUh&QTfW;V2!)oIra@s&d968y-y}Y|ww(R$GzWS*V&)k@W0>Slem{|HdTCjm;_5
zwY*A8W3nUbemE^_f0ng$tbd<`sr?TO-_&VCw+F#7P@LkIl$1PzTBoPY1b88EIO>UO
zP-NK7+g2yD3U6g3i|iA6+su>54sf_Sk0F=)1|9odnCM4u2<cEM&<eQiZ&rr2JL>Rs
z=&Y?-V&VquSN%3FJ2~ZGweP~iLs|w=l@9yu$tj@}Dp?e-2JUsqOoswdXb=E%&0te_
zA2M+{5Hf-dqD7=yw*r@A*xkn(1IS~nfP}k}e?4Bt|9g(eph4hFX_|S6nj1&Sz9z^=
zRw~<&-9d@FzTn6S*RVE{Wj5lgLJr9HLB8S9CgOm*>XA8*y<ryV+pXFUF4;|A*HjRC
zgT5a$Vz2i)_sBuvMuMu=@gHK(uiWQerS=@Lw3Cx?ZrDe67lZ6I32Wuy-xZvzX6i^E
z_bkug(lkQX7KLL=l3hF~c&{7zDn%2KHgZ01>4`JE;^s$=bqD#U4;e5C&x&ggKIAVL
zrQ)Yd8|{>7Z(6*B&7&4&9(*vDOfHMuR-Dk1IZia*XM^EZUD^{?cWG>J>KrtElc*{K
zaVl(7SN2cH4I6Q$bZOpJ8e5LKaG7p;?tJ~#+9QrTYU@f#5`Vo7cEX!szCT}iX-K^2
w#3o+<vGdszOTfH?mwL2vCR+>=C+lQz2J+SOEzVX(eJ)e7=eicC{rr9U2VGDcdH?_b

literal 0
HcmV?d00001

diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
new file mode 100644
index 0000000000..f643fad97f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
@@ -0,0 +1,35 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// The context object used in for <see cref="WsFederationEvents.AuthenticationFailed"/>.
+    /// </summary>
+    public class AuthenticationFailedContext : RemoteAuthenticationContext<WsFederationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="scheme"></param>
+        /// <param name="options"></param>
+        public AuthenticationFailedContext(HttpContext context, AuthenticationScheme scheme, WsFederationOptions options)
+            : base(context, scheme, options, new AuthenticationProperties())
+        { }
+
+        /// <summary>
+        /// The <see cref="WsFederationMessage"/> from the request, if any.
+        /// </summary>
+        public WsFederationMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// The <see cref="Exception"/> that triggered this event.
+        /// </summary>
+        public Exception Exception { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
new file mode 100644
index 0000000000..4028fa5e3c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
@@ -0,0 +1,33 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// The context object used for <see cref="WsFederationEvents.MessageReceived"/>.
+    /// </summary>
+    public class MessageReceivedContext : RemoteAuthenticationContext<WsFederationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="scheme"></param>
+        /// <param name="options"></param>
+        /// <param name="properties"></param>
+        public MessageReceivedContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            WsFederationOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme, options, properties) { }
+
+        /// <summary>
+        /// The <see cref="WsFederationMessage"/> received on this request.
+        /// </summary>
+        public WsFederationMessage ProtocolMessage { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
new file mode 100644
index 0000000000..654037d0a8
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
@@ -0,0 +1,44 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// When a user configures the <see cref="WsFederationHandler"/> to be notified prior to redirecting to an IdentityProvider
+    /// an instance of <see cref="RedirectContext"/> is passed to the 'RedirectToAuthenticationEndpoint' or 'RedirectToEndSessionEndpoint' events.
+    /// </summary>
+    public class RedirectContext : PropertiesContext<WsFederationOptions>
+    {
+        /// <summary>
+        /// Creates a new context object.
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="scheme"></param>
+        /// <param name="options"></param>
+        /// <param name="properties"></param>
+        public RedirectContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            WsFederationOptions options,
+            AuthenticationProperties properties)
+            : base(context, scheme, options, properties) { }
+
+        /// <summary>
+        /// The <see cref="WsFederationMessage"/> used to compose the redirect.
+        /// </summary>
+        public WsFederationMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// If true, will skip any default logic for this redirect.
+        /// </summary>
+        public bool Handled { get; private set; }
+
+        /// <summary>
+        /// Skips any default logic for this redirect.
+        /// </summary>
+        public void HandleResponse() => Handled = true;
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
new file mode 100644
index 0000000000..8aec24a64e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
@@ -0,0 +1,30 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// An event context for RemoteSignOut.
+    /// </summary>
+    public class RemoteSignOutContext : RemoteAuthenticationContext<WsFederationOptions>
+    {
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="scheme"></param>
+        /// <param name="options"></param>
+        /// <param name="message"></param>
+        public RemoteSignOutContext(HttpContext context, AuthenticationScheme scheme, WsFederationOptions options, WsFederationMessage message)
+            : base(context, scheme, options, new AuthenticationProperties())
+            => ProtocolMessage = message;
+
+        /// <summary>
+        /// The signout message.
+        /// </summary>
+        public WsFederationMessage ProtocolMessage { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
new file mode 100644
index 0000000000..311f41515f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
@@ -0,0 +1,28 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// This Context can be used to be informed when an 'AuthorizationCode' is redeemed for tokens at the token endpoint.
+    /// </summary>
+    public class SecurityTokenReceivedContext : RemoteAuthenticationContext<WsFederationOptions>
+    {
+        /// <summary>
+        /// Creates a <see cref="SecurityTokenReceivedContext"/>
+        /// </summary>
+        public SecurityTokenReceivedContext(HttpContext context, AuthenticationScheme scheme, WsFederationOptions options, AuthenticationProperties properties)
+            : base(context, scheme, options, properties)
+        {
+        }
+
+        /// <summary>
+        /// The <see cref="WsFederationMessage"/> received on this request.
+        /// </summary>
+        public WsFederationMessage ProtocolMessage { get; set; }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
new file mode 100644
index 0000000000..1f32014b6c
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
@@ -0,0 +1,34 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// The context object used for <see cref="WsFederationEvents.SecurityTokenValidated"/>.
+    /// </summary>
+    public class SecurityTokenValidatedContext : RemoteAuthenticationContext<WsFederationOptions>
+    {
+        /// <summary>
+        /// Creates a <see cref="SecurityTokenValidatedContext"/>
+        /// </summary>
+        public SecurityTokenValidatedContext(HttpContext context, AuthenticationScheme scheme, WsFederationOptions options, ClaimsPrincipal principal, AuthenticationProperties properties)
+            : base(context, scheme, options, properties)
+            => Principal = principal;
+
+        /// <summary>
+        /// The <see cref="WsFederationMessage"/> received on this request.
+        /// </summary>
+        public WsFederationMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// The <see cref="SecurityToken"/> that was validated.
+        /// </summary>
+        public SecurityToken SecurityToken { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
new file mode 100644
index 0000000000..55c3936f9e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
@@ -0,0 +1,74 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// Specifies events which the <see cref="WsFederationHandler"></see> invokes to enable developer control over the authentication process. />
+    /// </summary>
+    public class WsFederationEvents : RemoteAuthenticationEvents
+    {
+        /// <summary>
+        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// </summary>
+        public Func<AuthenticationFailedContext, Task> OnAuthenticationFailed { get; set; } = context => Task.CompletedTask;
+
+        /// <summary>
+        /// Invoked when a protocol message is first received.
+        /// </summary>
+        public Func<MessageReceivedContext, Task> OnMessageReceived { get; set; } = context => Task.CompletedTask;
+
+        /// <summary>
+        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// </summary>
+        public Func<RedirectContext, Task> OnRedirectToIdentityProvider { get; set; } = context => Task.CompletedTask;
+
+        /// <summary>
+        /// Invoked when a wsignoutcleanup request is received at the RemoteSignOutPath endpoint.
+        /// </summary>
+        public Func<RemoteSignOutContext, Task> OnRemoteSignOut { get; set; } = context => Task.CompletedTask;
+
+        /// <summary>
+        /// Invoked with the security token that has been extracted from the protocol message.
+        /// </summary>
+        public Func<SecurityTokenReceivedContext, Task> OnSecurityTokenReceived { get; set; } = context => Task.CompletedTask;
+
+        /// <summary>
+        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        public Func<SecurityTokenValidatedContext, Task> OnSecurityTokenValidated { get; set; } = context => Task.CompletedTask;
+
+        /// <summary>
+        /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
+        /// </summary>
+        public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
+
+        /// <summary>
+        /// Invoked when a protocol message is first received.
+        /// </summary>
+        public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
+
+        /// <summary>
+        /// Invoked to manipulate redirects to the identity provider for SignIn, SignOut, or Challenge.
+        /// </summary>
+        public virtual Task RedirectToIdentityProvider(RedirectContext context) => OnRedirectToIdentityProvider(context);
+
+        /// <summary>
+        /// Invoked when a wsignoutcleanup request is received at the RemoteSignOutPath endpoint.
+        /// </summary>
+        public virtual Task RemoteSignOut(RemoteSignOutContext context) => OnRemoteSignOut(context);
+
+        /// <summary>
+        /// Invoked with the security token that has been extracted from the protocol message.
+        /// </summary>
+        public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) => OnSecurityTokenReceived(context);
+
+        /// <summary>
+        /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
+        /// </summary>
+        public virtual Task SecurityTokenValidated(SecurityTokenValidatedContext context) => OnSecurityTokenValidated(context);
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
new file mode 100644
index 0000000000..e28b7e15b0
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
@@ -0,0 +1,85 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, Exception> _signInWithoutWresult;
+        private static Action<ILogger, Exception> _signInWithoutToken;
+        private static Action<ILogger, Exception> _exceptionProcessingMessage;
+        private static Action<ILogger, string, Exception> _malformedRedirectUri;
+        private static Action<ILogger, Exception> _remoteSignOutHandledResponse;
+        private static Action<ILogger, Exception> _remoteSignOutSkipped;
+        private static Action<ILogger, Exception> _remoteSignOut;
+
+        static LoggingExtensions()
+        {
+            _signInWithoutWresult = LoggerMessage.Define(
+                eventId: 1,
+                logLevel: LogLevel.Debug,
+                formatString: "Received a sign-in message without a WResult.");
+            _signInWithoutToken = LoggerMessage.Define(
+                eventId: 2,
+                logLevel: LogLevel.Debug,
+                formatString: "Received a sign-in message without a token.");
+            _exceptionProcessingMessage = LoggerMessage.Define(
+                eventId: 3,
+                logLevel: LogLevel.Error,
+                formatString: "Exception occurred while processing message.");
+            _malformedRedirectUri = LoggerMessage.Define<string>(
+                eventId: 4,
+                logLevel: LogLevel.Warning,
+                formatString: "The sign-out redirect URI '{0}' is malformed.");
+            _remoteSignOutHandledResponse = LoggerMessage.Define(
+               eventId: 5,
+               logLevel: LogLevel.Debug,
+               formatString: "RemoteSignOutContext.HandledResponse");
+            _remoteSignOutSkipped = LoggerMessage.Define(
+               eventId: 6,
+               logLevel: LogLevel.Debug,
+               formatString: "RemoteSignOutContext.Skipped");
+            _remoteSignOut = LoggerMessage.Define(
+               eventId: 7,
+               logLevel: LogLevel.Information,
+               formatString: "Remote signout request processed.");
+        }
+
+        public static void SignInWithoutWresult(this ILogger logger)
+        {
+            _signInWithoutWresult(logger, null);
+        }
+
+        public static void SignInWithoutToken(this ILogger logger)
+        {
+            _signInWithoutToken(logger, null);
+        }
+
+        public static void ExceptionProcessingMessage(this ILogger logger, Exception ex)
+        {
+            _exceptionProcessingMessage(logger, ex);
+        }
+
+        public static void MalformedRedirectUri(this ILogger logger, string uri)
+        {
+            _malformedRedirectUri(logger, uri, null);
+        }
+
+        public static void RemoteSignOutHandledResponse(this ILogger logger)
+        {
+            _remoteSignOutHandledResponse(logger, null);
+        }
+
+        public static void RemoteSignOutSkipped(this ILogger logger)
+        {
+            _remoteSignOutSkipped(logger, null);
+        }
+
+        public static void RemoteSignOut(this ILogger logger)
+        {
+            _remoteSignOut(logger, null);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj b/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
new file mode 100644
index 0000000000..4edb55cb35
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware that enables an application to support the WsFederation authentication workflow.</Description>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore;authentication;security</PackageTags>
+  </PropertyGroup>
+
+
+  <ItemGroup>
+    <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.WsFederation" Version="$(MicrosoftIdentityModelProtocolsWsFederationPackageVersion)" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="$(SystemIdentityModelTokensJwtPackageVersion)" />
+  </ItemGroup>
+
+</Project>
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
new file mode 100644
index 0000000000..564e826a78
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
@@ -0,0 +1,114 @@
+// <auto-generated />
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    using System.Globalization;
+    using System.Reflection;
+    using System.Resources;
+
+    internal static class Resources
+    {
+        private static readonly ResourceManager _resourceManager
+            = new ResourceManager("Microsoft.AspNetCore.Authentication.WsFederation.Resources", typeof(Resources).GetTypeInfo().Assembly);
+
+        /// <summary>
+        /// The service descriptor is missing.
+        /// </summary>
+        internal static string Exception_MissingDescriptor
+        {
+            get => GetString("Exception_MissingDescriptor");
+        }
+
+        /// <summary>
+        /// The service descriptor is missing.
+        /// </summary>
+        internal static string FormatException_MissingDescriptor()
+            => GetString("Exception_MissingDescriptor");
+
+        /// <summary>
+        /// No token validator was found for the given token.
+        /// </summary>
+        internal static string Exception_NoTokenValidatorFound
+        {
+            get => GetString("Exception_NoTokenValidatorFound");
+        }
+
+        /// <summary>
+        /// No token validator was found for the given token.
+        /// </summary>
+        internal static string FormatException_NoTokenValidatorFound()
+            => GetString("Exception_NoTokenValidatorFound");
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string Exception_OptionMustBeProvided
+        {
+            get => GetString("Exception_OptionMustBeProvided");
+        }
+
+        /// <summary>
+        /// The '{0}' option must be provided.
+        /// </summary>
+        internal static string FormatException_OptionMustBeProvided(object p0)
+            => string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string Exception_ValidatorHandlerMismatch
+        {
+            get => GetString("Exception_ValidatorHandlerMismatch");
+        }
+
+        /// <summary>
+        /// An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.
+        /// </summary>
+        internal static string FormatException_ValidatorHandlerMismatch()
+            => GetString("Exception_ValidatorHandlerMismatch");
+
+        /// <summary>
+        /// The sign in message does not contain a required token.
+        /// </summary>
+        internal static string SignInMessageTokenIsMissing
+        {
+            get => GetString("SignInMessageTokenIsMissing");
+        }
+
+        /// <summary>
+        /// The sign in message does not contain a required token.
+        /// </summary>
+        internal static string FormatSignInMessageTokenIsMissing()
+            => GetString("SignInMessageTokenIsMissing");
+
+        /// <summary>
+        /// The sign in message does not contain a required wresult.
+        /// </summary>
+        internal static string SignInMessageWresultIsMissing
+        {
+            get => GetString("SignInMessageWresultIsMissing");
+        }
+
+        /// <summary>
+        /// The sign in message does not contain a required wresult.
+        /// </summary>
+        internal static string FormatSignInMessageWresultIsMissing()
+            => GetString("SignInMessageWresultIsMissing");
+
+        private static string GetString(string name, params string[] formatterNames)
+        {
+            var value = _resourceManager.GetString(name);
+
+            System.Diagnostics.Debug.Assert(value != null);
+
+            if (formatterNames != null)
+            {
+                for (var i = 0; i < formatterNames.Length; i++)
+                {
+                    value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
+                }
+            }
+
+            return value;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx b/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
new file mode 100644
index 0000000000..e2edafb671
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Exception_MissingDescriptor" xml:space="preserve">
+    <value>The service descriptor is missing.</value>
+  </data>
+  <data name="Exception_NoTokenValidatorFound" xml:space="preserve">
+    <value>No token validator was found for the given token.</value>
+  </data>
+  <data name="Exception_OptionMustBeProvided" xml:space="preserve">
+    <value>The '{0}' option must be provided.</value>
+  </data>
+  <data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
+    <value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
+  </data>
+  <data name="SignInMessageTokenIsMissing" xml:space="preserve">
+    <value>The sign in message does not contain a required token.</value>
+  </data>
+  <data name="SignInMessageWresultIsMissing" xml:space="preserve">
+    <value>The sign in message does not contain a required wresult.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
new file mode 100644
index 0000000000..3b97d995b5
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// Default values related to WsFederation authentication handler
+    /// </summary>
+    public static class WsFederationDefaults
+    {
+        /// <summary>
+        /// The default authentication type used when registering the WsFederationHandler.
+        /// </summary>
+        public const string AuthenticationScheme = "WsFederation";
+        
+        /// <summary>
+        /// The default display name used when registering the WsFederationHandler.
+        /// </summary>
+        public const string DisplayName = "WsFederation";
+
+        /// <summary>
+        /// Constant used to identify userstate inside AuthenticationProperties that have been serialized in the 'wctx' parameter.
+        /// </summary>
+        public static readonly string UserstatePropertiesKey = "WsFederation.Userstate";
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
new file mode 100644
index 0000000000..47091d58d5
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
@@ -0,0 +1,58 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.WsFederation;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+    /// <summary>
+    /// Extensions for registering the <see cref="WsFederationHandler"/>.
+    /// </summary>
+    public static class WsFederationExtensions
+    {
+        /// <summary>
+        /// Registers the <see cref="WsFederationHandler"/> using the default authentication scheme, display name, and options.
+        /// </summary>
+        /// <param name="builder"></param>
+        /// <returns></returns>
+        public static AuthenticationBuilder AddWsFederation(this AuthenticationBuilder builder)
+            => builder.AddWsFederation(WsFederationDefaults.AuthenticationScheme, _ => { });
+
+        /// <summary>
+        /// Registers the <see cref="WsFederationHandler"/> using the default authentication scheme, display name, and the given options configuration.
+        /// </summary>
+        /// <param name="builder"></param>
+        /// <param name="configureOptions">A delegate that configures the <see cref="WsFederationOptions"/>.</param>
+        /// <returns></returns>
+        public static AuthenticationBuilder AddWsFederation(this AuthenticationBuilder builder, Action<WsFederationOptions> configureOptions)
+            => builder.AddWsFederation(WsFederationDefaults.AuthenticationScheme, configureOptions);
+
+        /// <summary>
+        /// Registers the <see cref="WsFederationHandler"/> using the given authentication scheme, default display name, and the given options configuration.
+        /// </summary>
+        /// <param name="builder"></param>
+        /// <param name="authenticationScheme"></param>
+        /// <param name="configureOptions">A delegate that configures the <see cref="WsFederationOptions"/>.</param>
+        /// <returns></returns>
+        public static AuthenticationBuilder AddWsFederation(this AuthenticationBuilder builder, string authenticationScheme, Action<WsFederationOptions> configureOptions)
+            => builder.AddWsFederation(authenticationScheme, WsFederationDefaults.DisplayName, configureOptions);
+
+        /// <summary>
+        /// Registers the <see cref="WsFederationHandler"/> using the given authentication scheme, display name, and options configuration.
+        /// </summary>
+        /// <param name="builder"></param>
+        /// <param name="authenticationScheme"></param>
+        /// <param name="displayName"></param>
+        /// <param name="configureOptions">A delegate that configures the <see cref="WsFederationOptions"/>.</param>
+        /// <returns></returns>
+        public static AuthenticationBuilder AddWsFederation(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<WsFederationOptions> configureOptions)
+        {
+            builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<WsFederationOptions>, WsFederationPostConfigureOptions>());
+            return builder.AddRemoteScheme<WsFederationOptions, WsFederationHandler>(authenticationScheme, displayName, configureOptions);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
new file mode 100644
index 0000000000..e47f8431f9
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
@@ -0,0 +1,425 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// A per-request authentication handler for the WsFederation.
+    /// </summary>
+    public class WsFederationHandler : RemoteAuthenticationHandler<WsFederationOptions>, IAuthenticationSignOutHandler
+    {
+        private const string CorrelationProperty = ".xsrf";
+        private WsFederationConfiguration _configuration;
+
+        /// <summary>
+        /// Creates a new WsFederationAuthenticationHandler
+        /// </summary>
+        /// <param name="options"></param>
+        /// <param name="encoder"></param>
+        /// <param name="clock"></param>
+        /// <param name="logger"></param>
+        public WsFederationHandler(IOptionsMonitor<WsFederationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new WsFederationEvents Events
+        {
+            get { return (WsFederationEvents)base.Events; }
+            set { base.Events = value; }
+        }
+
+        /// <summary>
+        /// Creates a new instance of the events instance.
+        /// </summary>
+        /// <returns>A new instance of the events instance.</returns>
+        protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new WsFederationEvents());
+
+        /// <summary>
+        /// Overridden to handle remote signout requests
+        /// </summary>
+        /// <returns></returns>
+        public override Task<bool> HandleRequestAsync()
+        {
+            // RemoteSignOutPath and CallbackPath may be the same, fall through if the message doesn't match.
+            if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path && HttpMethods.IsGet(Request.Method)
+                && string.Equals(Request.Query[WsFederationConstants.WsFederationParameterNames.Wa],
+                    WsFederationConstants.WsFederationActions.SignOutCleanup, StringComparison.OrdinalIgnoreCase))
+            {
+                // We've received a remote sign-out request
+                return HandleRemoteSignOutAsync();
+            }
+
+            return base.HandleRequestAsync();
+        }
+
+        /// <summary>
+        /// Handles Challenge
+        /// </summary>
+        /// <returns></returns>
+        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
+        {
+            if (_configuration == null)
+            {
+                _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+            }
+
+            // Save the original challenge URI so we can redirect back to it when we're done.
+            if (string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                properties.RedirectUri = CurrentUri;
+            }
+
+            var wsFederationMessage = new WsFederationMessage()
+            {
+                IssuerAddress = _configuration.TokenEndpoint ?? string.Empty,
+                Wtrealm = Options.Wtrealm,
+                Wa = WsFederationConstants.WsFederationActions.SignIn,
+            };
+
+            if (!string.IsNullOrEmpty(Options.Wreply))
+            {
+                wsFederationMessage.Wreply = Options.Wreply;
+            }
+            else
+            {
+                wsFederationMessage.Wreply = BuildRedirectUri(Options.CallbackPath);
+            }
+
+            GenerateCorrelationId(properties);
+
+            var redirectContext = new RedirectContext(Context, Scheme, Options, properties)
+            {
+                ProtocolMessage = wsFederationMessage
+            };
+            await Events.RedirectToIdentityProvider(redirectContext);
+
+            if (redirectContext.Handled)
+            {
+                return;
+            }
+
+            wsFederationMessage = redirectContext.ProtocolMessage;
+
+            if (!string.IsNullOrEmpty(wsFederationMessage.Wctx))
+            {
+                properties.Items[WsFederationDefaults.UserstatePropertiesKey] = wsFederationMessage.Wctx;
+            }
+
+            wsFederationMessage.Wctx = Uri.EscapeDataString(Options.StateDataFormat.Protect(properties));
+
+            var redirectUri = wsFederationMessage.CreateSignInUrl();
+            if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+            {
+                Logger.MalformedRedirectUri(redirectUri);
+            }
+            Response.Redirect(redirectUri);
+        }
+
+        /// <summary>
+        /// Invoked to process incoming authentication messages.
+        /// </summary>
+        /// <returns></returns>
+        protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
+        {
+            WsFederationMessage wsFederationMessage = null;
+            AuthenticationProperties properties = null;
+
+            // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small.
+            if (HttpMethods.IsPost(Request.Method)
+              && !string.IsNullOrEmpty(Request.ContentType)
+              // May have media/type; charset=utf-8, allow partial match.
+              && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
+              && Request.Body.CanRead)
+            {
+                var form = await Request.ReadFormAsync();
+    
+                wsFederationMessage = new WsFederationMessage(form.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
+            }
+
+            if (wsFederationMessage == null || !wsFederationMessage.IsSignInMessage)
+            {
+                if (Options.SkipUnrecognizedRequests)
+                {
+                    // Not for us?
+                    return HandleRequestResult.SkipHandler();
+                }
+
+                return HandleRequestResult.Fail("No message.");
+            }
+            
+            try
+            {
+                // Retrieve our cached redirect uri
+                var state = wsFederationMessage.Wctx;
+                // WsFed allows for uninitiated logins, state may be missing. See AllowUnsolicitedLogins.
+                properties = Options.StateDataFormat.Unprotect(state);
+
+                if (properties == null)
+                {
+                    if (!Options.AllowUnsolicitedLogins)
+                    {
+                        return HandleRequestResult.Fail("Unsolicited logins are not allowed.");
+                    }
+                }
+                else
+                {
+                    // Extract the user state from properties and reset.
+                    properties.Items.TryGetValue(WsFederationDefaults.UserstatePropertiesKey, out var userState);
+                    wsFederationMessage.Wctx = userState;
+                }
+
+                var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options, properties)
+                {
+                    ProtocolMessage = wsFederationMessage
+                };
+                await Events.MessageReceived(messageReceivedContext);
+                if (messageReceivedContext.Result != null)
+                {
+                    return messageReceivedContext.Result;
+                }
+                wsFederationMessage = messageReceivedContext.ProtocolMessage;
+                properties = messageReceivedContext.Properties; // Provides a new instance if not set.
+
+                // If state did flow from the challenge then validate it. See AllowUnsolicitedLogins above.
+                if (properties.Items.TryGetValue(CorrelationProperty, out string correlationId)
+                    && !ValidateCorrelationId(properties))
+                {
+                    return HandleRequestResult.Fail("Correlation failed.", properties);
+                }
+
+                if (wsFederationMessage.Wresult == null)
+                {
+                    Logger.SignInWithoutWresult();
+                    return HandleRequestResult.Fail(Resources.SignInMessageWresultIsMissing, properties);
+                }
+
+                var token = wsFederationMessage.GetToken();
+                if (string.IsNullOrEmpty(token))
+                {
+                    Logger.SignInWithoutToken();
+                    return HandleRequestResult.Fail(Resources.SignInMessageTokenIsMissing, properties);
+                }
+
+                var securityTokenReceivedContext = new SecurityTokenReceivedContext(Context, Scheme, Options, properties)
+                {
+                    ProtocolMessage = wsFederationMessage
+                };
+                await Events.SecurityTokenReceived(securityTokenReceivedContext);
+                if (securityTokenReceivedContext.Result != null)
+                {
+                    return securityTokenReceivedContext.Result;
+                }
+                wsFederationMessage = securityTokenReceivedContext.ProtocolMessage;
+                properties = messageReceivedContext.Properties;
+
+                if (_configuration == null)
+                {
+                    _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+                }
+
+                // Copy and augment to avoid cross request race conditions for updated configurations.
+                var tvp = Options.TokenValidationParameters.Clone();
+                var issuers = new[] { _configuration.Issuer };
+                tvp.ValidIssuers = (tvp.ValidIssuers == null ? issuers : tvp.ValidIssuers.Concat(issuers));
+                tvp.IssuerSigningKeys = (tvp.IssuerSigningKeys == null ? _configuration.SigningKeys : tvp.IssuerSigningKeys.Concat(_configuration.SigningKeys));
+
+                ClaimsPrincipal principal = null;
+                SecurityToken parsedToken = null;
+                foreach (var validator in Options.SecurityTokenHandlers)
+                {
+                    if (validator.CanReadToken(token))
+                    {
+                        principal = validator.ValidateToken(token, tvp, out parsedToken);
+                        break;
+                    }
+                }
+
+                if (principal == null)
+                {
+                    throw new SecurityTokenException(Resources.Exception_NoTokenValidatorFound);
+                }
+
+                if (Options.UseTokenLifetime && parsedToken != null)
+                {
+                    // Override any session persistence to match the token lifetime.
+                    var issued = parsedToken.ValidFrom;
+                    if (issued != DateTime.MinValue)
+                    {
+                        properties.IssuedUtc = issued.ToUniversalTime();
+                    }
+                    var expires = parsedToken.ValidTo;
+                    if (expires != DateTime.MinValue)
+                    {
+                        properties.ExpiresUtc = expires.ToUniversalTime();
+                    }
+                    properties.AllowRefresh = false;
+                }
+
+                var securityTokenValidatedContext = new SecurityTokenValidatedContext(Context, Scheme, Options, principal, properties)
+                {
+                    ProtocolMessage = wsFederationMessage,
+                    SecurityToken = parsedToken,
+                };
+
+                await Events.SecurityTokenValidated(securityTokenValidatedContext);
+                if (securityTokenValidatedContext.Result != null)
+                {
+                    return securityTokenValidatedContext.Result;
+                }
+
+                // Flow possible changes
+                principal = securityTokenValidatedContext.Principal;
+                properties = securityTokenValidatedContext.Properties;
+
+                return HandleRequestResult.Success(new AuthenticationTicket(principal, properties, Scheme.Name));
+            }
+            catch (Exception exception)
+            {
+                Logger.ExceptionProcessingMessage(exception);
+
+                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                if (Options.RefreshOnIssuerKeyNotFound && exception.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
+                {
+                    Options.ConfigurationManager.RequestRefresh();
+                }
+
+                var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
+                {
+                    ProtocolMessage = wsFederationMessage,
+                    Exception = exception
+                };
+                await Events.AuthenticationFailed(authenticationFailedContext);
+                if (authenticationFailedContext.Result != null)
+                {
+                    return authenticationFailedContext.Result;
+                }
+
+                return HandleRequestResult.Fail(exception, properties);
+            }
+        }
+
+        /// <summary>
+        /// Handles Signout
+        /// </summary>
+        /// <returns></returns>
+        public async virtual Task SignOutAsync(AuthenticationProperties properties)
+        {
+            var target = ResolveTarget(Options.ForwardSignOut);
+            if (target != null)
+            {
+                await Context.SignOutAsync(target, properties);
+                return;
+            }
+
+            if (_configuration == null)
+            {
+                _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
+            }
+
+            var wsFederationMessage = new WsFederationMessage()
+            {
+                IssuerAddress = _configuration.TokenEndpoint ?? string.Empty,
+                Wtrealm = Options.Wtrealm,
+                Wa = WsFederationConstants.WsFederationActions.SignOut,
+            };
+
+            // Set Wreply in order:
+            // 1. properties.Redirect
+            // 2. Options.SignOutWreply
+            // 3. Options.Wreply
+            if (properties != null && !string.IsNullOrEmpty(properties.RedirectUri))
+            {
+                wsFederationMessage.Wreply = BuildRedirectUriIfRelative(properties.RedirectUri);
+            }
+            else if (!string.IsNullOrEmpty(Options.SignOutWreply))
+            {
+                wsFederationMessage.Wreply = BuildRedirectUriIfRelative(Options.SignOutWreply);
+            }
+            else if (!string.IsNullOrEmpty(Options.Wreply))
+            {
+                wsFederationMessage.Wreply = BuildRedirectUriIfRelative(Options.Wreply);
+            }
+
+            var redirectContext = new RedirectContext(Context, Scheme, Options, properties)
+            {
+                ProtocolMessage = wsFederationMessage
+            };
+            await Events.RedirectToIdentityProvider(redirectContext);
+
+            if (!redirectContext.Handled)
+            {
+                var redirectUri = redirectContext.ProtocolMessage.CreateSignOutUrl();
+                if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
+                {
+                    Logger.MalformedRedirectUri(redirectUri);
+                }
+                Response.Redirect(redirectUri);
+            }
+        }
+
+        /// <summary>
+        /// Handles wsignoutcleanup1.0 messages sent to the RemoteSignOutPath
+        /// </summary>
+        /// <returns></returns>
+        protected virtual async Task<bool> HandleRemoteSignOutAsync()
+        {
+            var message = new WsFederationMessage(Request.Query.Select(pair => new KeyValuePair<string, string[]>(pair.Key, pair.Value)));
+            var remoteSignOutContext = new RemoteSignOutContext(Context, Scheme, Options, message);
+            await Events.RemoteSignOut(remoteSignOutContext);
+
+            if (remoteSignOutContext.Result != null)
+            {
+                if (remoteSignOutContext.Result.Handled)
+                {
+                    Logger.RemoteSignOutHandledResponse();
+                    return true;
+                }
+                if (remoteSignOutContext.Result.Skipped)
+                {
+                    Logger.RemoteSignOutSkipped();
+                    return false;
+                }
+            }
+
+            Logger.RemoteSignOut();
+
+            await Context.SignOutAsync(Options.SignOutScheme);
+            return true;
+        }
+
+        /// <summary>
+        /// Build a redirect path if the given path is a relative path.
+        /// </summary>
+        private string BuildRedirectUriIfRelative(string uri)
+        {
+            if (string.IsNullOrEmpty(uri))
+            {
+                return uri;
+            }
+
+            if (!uri.StartsWith("/", StringComparison.Ordinal))
+            {
+                return uri;
+            }
+
+            return BuildRedirectUri(uri);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
new file mode 100644
index 0000000000..4e06126773
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
@@ -0,0 +1,180 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Tokens.Jwt;
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Tokens.Saml;
+using Microsoft.IdentityModel.Tokens.Saml2;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// Configuration options for <see cref="WsFederationHandler"/>
+    /// </summary>
+    public class WsFederationOptions : RemoteAuthenticationOptions
+    {
+        private ICollection<ISecurityTokenValidator> _securityTokenHandlers = new Collection<ISecurityTokenValidator>()
+        {
+            new Saml2SecurityTokenHandler(),
+            new SamlSecurityTokenHandler(),
+            new JwtSecurityTokenHandler()
+        };
+        private TokenValidationParameters _tokenValidationParameters = new TokenValidationParameters();
+
+        /// <summary>
+        /// Initializes a new <see cref="WsFederationOptions"/>
+        /// </summary>
+        public WsFederationOptions()
+        {
+            CallbackPath = "/signin-wsfed";
+            // In ADFS the cleanup messages are sent to the same callback path as the initial login.
+            // In AAD it sends the cleanup message to a random Reply Url and there's no deterministic way to configure it.
+            //  If you manage to get it configured, then you can set RemoteSignOutPath accordingly.
+            RemoteSignOutPath = "/signin-wsfed";
+            Events = new WsFederationEvents();
+        }
+
+        /// <summary>
+        /// Check that the options are valid.  Should throw an exception if things are not ok.
+        /// </summary>
+        public override void Validate()
+        {
+            base.Validate();
+
+            if (ConfigurationManager == null)
+            {
+                throw new InvalidOperationException($"Provide {nameof(MetadataAddress)}, "
+                + $"{nameof(Configuration)}, or {nameof(ConfigurationManager)} to {nameof(WsFederationOptions)}");
+            }
+        }
+
+        /// <summary>
+        /// Configuration provided directly by the developer. If provided, then MetadataAddress and the Backchannel properties
+        /// will not be used. This information should not be updated during request processing.
+        /// </summary>
+        public WsFederationConfiguration Configuration { get; set; }
+
+        /// <summary>
+        /// Gets or sets the address to retrieve the wsFederation metadata
+        /// </summary>
+        public string MetadataAddress { get; set; }
+
+        /// <summary>
+        /// Responsible for retrieving, caching, and refreshing the configuration from metadata.
+        /// If not provided, then one will be created using the MetadataAddress and Backchannel properties.
+        /// </summary>
+        public IConfigurationManager<WsFederationConfiguration> ConfigurationManager { get; set; }
+
+        /// <summary>
+        /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic
+        /// recovery in the event of a signature key rollover. This is enabled by default.
+        /// </summary>
+        public bool RefreshOnIssuerKeyNotFound { get; set; } = true;
+
+        /// <summary>
+        /// Indicates if requests to the CallbackPath may also be for other components. If enabled the handler will pass
+        /// requests through that do not contain WsFederation authentication responses. Disabling this and setting the
+        /// CallbackPath to a dedicated endpoint may provide better error handling.
+        /// This is disabled by default.
+        /// </summary>
+        public bool SkipUnrecognizedRequests { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="WsFederationEvents"/> to call when processing WsFederation messages.
+        /// </summary>
+        public new WsFederationEvents Events
+        {
+            get => (WsFederationEvents)base.Events;
+            set => base.Events = value;
+        }
+
+        /// <summary>
+        /// Gets or sets the collection of <see cref="ISecurityTokenValidator"/> used to read and validate the <see cref="SecurityToken"/>s.
+        /// </summary>
+        public ICollection<ISecurityTokenValidator> SecurityTokenHandlers
+        {
+            get
+            {
+                return _securityTokenHandlers;
+            }
+            set
+            {
+                _securityTokenHandlers = value ?? throw new ArgumentNullException(nameof(SecurityTokenHandlers));
+            }
+        }
+
+        /// <summary>
+        /// Gets or sets the type used to secure data handled by the middleware.
+        /// </summary>
+        public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
+
+        /// <summary>
+        /// Gets or sets the <see cref="TokenValidationParameters"/>
+        /// </summary>
+        /// <exception cref="ArgumentNullException"> if 'TokenValidationParameters' is null.</exception>
+        public TokenValidationParameters TokenValidationParameters
+        {
+            get
+            {
+                return _tokenValidationParameters;
+            }
+            set
+            {
+                _tokenValidationParameters = value ?? throw new ArgumentNullException(nameof(TokenValidationParameters));
+            }
+        }
+
+        /// <summary>
+        /// Gets or sets the 'wreply'. CallbackPath must be set to match or cleared so it can be generated dynamically.
+        /// This field is optional. If not set then it will be generated from the current request and the CallbackPath.
+        /// </summary>
+        public string Wreply { get; set; }
+
+        /// <summary>
+        /// Gets or sets the 'wreply' value used during sign-out.
+        /// If none is specified then the value from the Wreply field is used.
+        /// </summary>
+        public string SignOutWreply { get; set; }
+        
+        /// <summary>
+        /// Gets or sets the 'wtrealm'.
+        /// </summary>
+        public string Wtrealm { get; set; }
+
+        /// <summary>
+        /// Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token.
+        /// If the token does not provide lifetime information then normal session lifetimes will be used.
+        /// This is enabled by default.
+        /// </summary>
+        public bool UseTokenLifetime { get; set; } = true;
+
+        /// <summary>
+        /// Gets or sets if HTTPS is required for the metadata address or authority.
+        /// The default is true. This should be disabled only in development environments.
+        /// </summary>
+        public bool RequireHttpsMetadata { get; set; } = true;
+
+        /// <summary>
+        /// The Ws-Federation protocol allows the user to initiate logins without contacting the application for a Challenge first.
+        /// However, that flow is susceptible to XSRF and other attacks so it is disabled here by default.
+        /// </summary>
+        public bool AllowUnsolicitedLogins { get; set; }
+
+        /// <summary>
+        /// Requests received on this path will cause the handler to invoke SignOut using the SignOutScheme.
+        /// </summary>
+        public PathString RemoteSignOutPath { get; set; }
+
+        /// <summary>
+        /// The Authentication Scheme to use with SignOutAsync from RemoteSignOutPath. SignInScheme will be used if this
+        /// is not set.
+        /// </summary>
+        public string SignOutScheme { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
new file mode 100644
index 0000000000..62647d4fcd
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
@@ -0,0 +1,89 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Net.Http;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.WsFederation;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    /// <summary>
+    /// Used to setup defaults for all <see cref="WsFederationOptions"/>.
+    /// </summary>
+    public class WsFederationPostConfigureOptions : IPostConfigureOptions<WsFederationOptions>
+    {
+        private readonly IDataProtectionProvider _dp;
+
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="dataProtection"></param>
+        public WsFederationPostConfigureOptions(IDataProtectionProvider dataProtection)
+        {
+            _dp = dataProtection;
+        }
+
+        /// <summary>
+        /// Invoked to post configure a TOptions instance.
+        /// </summary>
+        /// <param name="name">The name of the options instance being configured.</param>
+        /// <param name="options">The options instance to configure.</param>
+        public void PostConfigure(string name, WsFederationOptions options)
+        {
+            options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
+
+            if (string.IsNullOrEmpty(options.SignOutScheme))
+            {
+                options.SignOutScheme = options.SignInScheme;
+            }
+
+            if (options.StateDataFormat == null)
+            {
+                var dataProtector = options.DataProtectionProvider.CreateProtector(
+                    typeof(WsFederationHandler).FullName, name, "v1");
+                options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+            }
+            
+            if (!options.CallbackPath.HasValue && !string.IsNullOrEmpty(options.Wreply) && Uri.TryCreate(options.Wreply, UriKind.Absolute, out var wreply))
+            {
+                // Wreply must be a very specific, case sensitive value, so we can't generate it. Instead we generate CallbackPath from it.
+                options.CallbackPath = PathString.FromUriComponent(wreply);
+            }
+            
+            if (string.IsNullOrEmpty(options.TokenValidationParameters.ValidAudience))
+            {
+                options.TokenValidationParameters.ValidAudience = options.Wtrealm;
+            }
+
+            if (options.Backchannel == null)
+            {
+                options.Backchannel = new HttpClient(options.BackchannelHttpHandler ?? new HttpClientHandler());
+                options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core WsFederation handler");
+                options.Backchannel.Timeout = options.BackchannelTimeout;
+                options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+            }
+
+            if (options.ConfigurationManager == null)
+            {
+                if (options.Configuration != null)
+                {
+                    options.ConfigurationManager = new StaticConfigurationManager<WsFederationConfiguration>(options.Configuration);
+                }
+                else if (!string.IsNullOrEmpty(options.MetadataAddress))
+                {
+                    if (options.RequireHttpsMetadata && !options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+                    {
+                        throw new InvalidOperationException("The MetadataAddress must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+                    }
+
+                    options.ConfigurationManager = new ConfigurationManager<WsFederationConfiguration>(options.MetadataAddress, new WsFederationConfigurationRetriever(),
+                        new HttpDocumentRetriever(options.Backchannel) { RequireHttps = options.RequireHttpsMetadata });
+                }
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 57fed96c02..469726690f 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -4,6 +4,24 @@
     <TargetFrameworks>$(StandardTestTfms)</TargetFrameworks>
   </PropertyGroup>
 
+  <ItemGroup>
+    <None Remove="WsFederation\federationmetadata.xml" />
+    <None Remove="WsFederation\InvalidToken.xml" />
+    <None Remove="WsFederation\ValidToken.xml" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Content Include="WsFederation\federationmetadata.xml">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </Content>
+    <Content Include="WsFederation\InvalidToken.xml">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </Content>
+    <Content Include="WsFederation\ValidToken.xml">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </Content>
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
@@ -12,6 +30,7 @@
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.MicrosoftAccount\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.OpenIdConnect\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Twitter\Microsoft.AspNetCore.Authentication.Twitter.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.WsFederation\Microsoft.AspNetCore.Authentication.WsFederation.csproj" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
new file mode 100644
index 0000000000..0de867d286
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
@@ -0,0 +1,58 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.IO;
+using System.Runtime.Serialization;
+using System.Text;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    public class CustomStateDataFormat : ISecureDataFormat<AuthenticationProperties>
+    {
+        public const string ValidStateData = "ValidStateData";
+
+        private string lastSavedAuthenticationProperties;
+        private DataContractSerializer serializer = new DataContractSerializer(typeof(AuthenticationProperties));
+
+        public string Protect(AuthenticationProperties data)
+        {
+            lastSavedAuthenticationProperties = Serialize(data);
+            return ValidStateData;
+        }
+
+        public string Protect(AuthenticationProperties data, string purpose)
+        {
+            return Protect(data);
+        }
+
+        public AuthenticationProperties Unprotect(string state)
+        {
+            return state == ValidStateData ? DeSerialize(lastSavedAuthenticationProperties) : null;
+        }
+
+        public AuthenticationProperties Unprotect(string protectedText, string purpose)
+        {
+            return Unprotect(protectedText);
+        }
+
+        private string Serialize(AuthenticationProperties data)
+        {
+            using (MemoryStream memoryStream = new MemoryStream())
+            {
+                serializer.WriteObject(memoryStream, data);
+                memoryStream.Position = 0;
+                return new StreamReader(memoryStream).ReadToEnd();
+            }
+        }
+
+        private AuthenticationProperties DeSerialize(string state)
+        {
+            var stateDataAsBytes = Encoding.UTF8.GetBytes(state);
+
+            using (var ms = new MemoryStream(stateDataAsBytes, false))
+            {
+                return (AuthenticationProperties)serializer.ReadObject(ms);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
new file mode 100644
index 0000000000..dfdb0d68d0
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
@@ -0,0 +1,83 @@
+<t:RequestSecurityTokenResponse Context="WsFedOwinState=AQAAANCMnd8BFdERjHoAwE_Cl-sBAAAAzaTmu3688ESVbKJen1i8YwAAAAACAAAAAAADZgAAwAAAABAAAADoUPrFjHqMTp30emvI0XZ_AAAAAASAAACgAAAAEAAAAGTBC8oT24BI8BSJf4SbwjowAAAAA4ip7JyKg6vyK-PtWTapIASA3XLOXiIj8KFO3cuSd4t4H4o-W_wnQl2FAKMOKNNrFAAAAEoWRHnCSYvPKPo0kU09EciG6TJS" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
+  <t:Lifetime>
+    <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-04-18T20:21:17.341Z</wsu:Created>
+    <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-04-19T08:21:17.341Z</wsu:Expires>
+  </t:Lifetime>
+  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+    <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+      <Address>http://automation1/</Address>
+    </EndpointReference>
+  </wsp:AppliesTo>
+  <t:RequestedSecurityToken>
+    <Assertion ID="_660ec874-f70a-4997-a9c4-bd591f1c7469" IssueInstant="2014-04-18T20:21:17.450Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
+      <Issuer>https://sts.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/</Issuer>
+      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:SignedInfo>
+          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+          <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
+          <ds:Reference URI="#_660ec874-f70a-4997-a9c4-bd591f1c7469">
+            <ds:Transforms>
+              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+            </ds:Transforms>
+            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+            <ds:DigestValue>Lkq0wTyTFxLUU2cyx0XybJqhka5RzRGj6kC4aIpFg+g=</ds:DigestValue>
+          </ds:Reference>
+        </ds:SignedInfo>
+        <ds:SignatureValue>bPwNswOB/B9xcdAljIkin9A2vjq+u94JdyvK03mf8vZFGUYNu9uN/Q6ims1DvW1FnP7SgFBwhIvW5OjZyW8fdYGhC2bq36izkxH6ulkWbciOcyELkyHDACLudvh8kP/Q+IwpicefKzAeI2Qu/5MFq16vFg5YgI+dovg8u1fYPPEPmmptW893RNTHWeh9mLRpLYnHyg7aLG6emNRkEu7w9rzeoICeMFybb9BvJl/q/8MFCW/Z5WemQhCi6YXFSEwCO6zJzCFi/3T6ChU/xYgXbFykDLqulsNOCQxdgutyqxJzugt+3PH5IKHHuoqe7UZNUIyELJ4BgwE1sXCGYIi24rg==</ds:SignatureValue>
+        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+          <X509Data>
+            <X509Certificate>MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng</X509Certificate>
+          </X509Data>
+        </KeyInfo>
+      </ds:Signature>
+      <Subject>
+        <NameID>t0ch1TsP0pi5VoW8q5CGWsCXVZoNtpsg0mbMZPOYb4I</NameID>
+        <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
+      </Subject>
+      <Conditions NotBefore="2014-04-18T20:21:17.341Z" NotOnOrAfter="2014-04-19T08:21:17.341Z">
+        <AudienceRestriction>
+          <Audience>http://Automation1</Audience>
+        </AudienceRestriction>
+      </Conditions>
+      <AttributeStatement>
+        <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
+          <AttributeValue>Test</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
+          <AttributeValue>Test</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
+          <AttributeValue>user1@praburajgmail.onmicrosoft.com</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
+          <AttributeValue>4afbc689-805b-48cf-a24c-d4aa3248a248</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
+          <AttributeValue>c2f0cd49-5e53-4520-8ed9-4e178dc488c5</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
+          <AttributeValue>https://sts.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/</AttributeValue>
+        </Attribute>
+      </AttributeStatement>
+      <AuthnStatement AuthnInstant="2014-04-18T20:21:14.000Z">
+        <AuthnContext>
+          <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
+        </AuthnContext>
+      </AuthnStatement>
+    </Assertion>
+  </t:RequestedSecurityToken>
+  <t:RequestedAttachedReference>
+    <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+      <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_660ec874-f70a-4997-a9c4-bd591f1c7469</KeyIdentifier>
+    </SecurityTokenReference>
+  </t:RequestedAttachedReference>
+  <t:RequestedUnattachedReference>
+    <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+      <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_660ec874-f70a-4997-a9c4-bd591f1c7469</KeyIdentifier>
+    </SecurityTokenReference>
+  </t:RequestedUnattachedReference>
+  <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+  <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
+  <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
+</t:RequestSecurityTokenResponse>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
new file mode 100644
index 0000000000..dfe8607242
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
@@ -0,0 +1,27 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    internal class TestSecurityToken : SecurityToken
+    {
+        public override string Id => "id";
+
+        public override string Issuer => "issuer";
+
+        public override SecurityKey SecurityKey => throw new NotImplementedException();
+
+        public override SecurityKey SigningKey
+        {
+            get => throw new NotImplementedException();
+            set => throw new NotImplementedException();
+        }
+
+        public override DateTime ValidFrom => new DateTime(2008, 3, 22);
+
+        public override DateTime ValidTo => new DateTime(2017, 3, 22);
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
new file mode 100644
index 0000000000..05882518f9
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
@@ -0,0 +1,31 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    internal class TestSecurityTokenValidator : ISecurityTokenValidator
+    {
+        public bool CanValidateToken => true;
+
+        public int MaximumTokenSizeInBytes { get; set; } = 1024 * 5;
+
+        public bool CanReadToken(string securityToken)
+        {
+            return true;
+        }
+
+        public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
+        {
+            if (!string.IsNullOrEmpty(securityToken) && securityToken.Contains("ThisIsAValidToken"))
+            {
+                validatedToken = new TestSecurityToken();
+                return new ClaimsPrincipal(new ClaimsIdentity("Test"));
+            }
+
+            throw new SecurityTokenException("The security token did not contain ThisIsAValidToken");
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
new file mode 100644
index 0000000000..2addae96c1
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
@@ -0,0 +1,83 @@
+<t:RequestSecurityTokenResponse Context="WsFedOwinState=AQAAANCMnd8BFdERjHoAwE_Cl-sBAAAAzaTmu3688ESVbKJen1i8YwAAAAACAAAAAAADZgAAwAAAABAAAADoUPrFjHqMTp30emvI0XZ_AAAAAASAAACgAAAAEAAAAGTBC8oT24BI8BSJf4SbwjowAAAAA4ip7JyKg6vyK-PtWTapIASA3XLOXiIj8KFO3cuSd4t4H4o-W_wnQl2FAKMOKNNrFAAAAEoWRHnCSYvPKPo0kU09EciG6TJS" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
+  <t:Lifetime>
+    <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-04-18T20:21:17.341Z</wsu:Created>
+    <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-04-19T08:21:17.341Z</wsu:Expires>
+  </t:Lifetime>
+  <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+    <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+      <Address>http://automation1/</Address>
+    </EndpointReference>
+  </wsp:AppliesTo>
+  <t:RequestedSecurityToken>
+    <Assertion ID="_660ec874-f70a-4997-a9c4-bd591f1c7469" IssueInstant="2014-04-18T20:21:17.450Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
+      <Issuer>https://sts.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/</Issuer>
+      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:SignedInfo>
+          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+          <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
+          <ds:Reference URI="#_660ec874-f70a-4997-a9c4-bd591f1c7469">
+            <ds:Transforms>
+              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+            </ds:Transforms>
+            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+            <ds:DigestValue>Lkq0wTyTFxLUU2cyx0XybJqhka5RzRGj6kC4aIpFg+g=</ds:DigestValue>
+          </ds:Reference>
+        </ds:SignedInfo>
+        <ds:SignatureValue>bPwNswOB/B9xcdAljIkin9A2vjq+u94JdyvK03mf8vZFGUYNu9uN/Q6ims1DvW1FnP7SgFBwhIvW5OjZyW8fdYGhC2bq36izkxH6ulkWbciOcyELkyHDACLudvh8kP/Q+IwpicefKzAeI2Qu/5MFq16vFg5YgI+dovg8u1fYPPEPmmptW893RNTHWeh9mLRpLYnHyg7aLG6emNRkEu7w9rzeoICeMFybb9BvJl/q/8MFCW/Z5WemQhCi6YXFSEwCO6zJzCFi/3T6ChU/xYgXbFykDLqulsNOCQxdgutyqxJzugt+3PH5IKHHuoqe7UZNUIyELJ4BgwE1sXCGYIi24rg==</ds:SignatureValue>
+        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+          <X509Data>
+            <X509Certificate>ThisIsAValidToken</X509Certificate>
+          </X509Data>
+        </KeyInfo>
+      </ds:Signature>
+      <Subject>
+        <NameID>t0ch1TsP0pi5VoW8q5CGWsCXVZoNtpsg0mbMZPOYb4I</NameID>
+        <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" />
+      </Subject>
+      <Conditions NotBefore="2014-04-18T20:21:17.341Z" NotOnOrAfter="2014-04-19T08:21:17.341Z">
+        <AudienceRestriction>
+          <Audience>http://Automation1</Audience>
+        </AudienceRestriction>
+      </Conditions>
+      <AttributeStatement>
+        <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
+          <AttributeValue>Test</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
+          <AttributeValue>Test</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
+          <AttributeValue>user1@praburajgmail.onmicrosoft.com</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
+          <AttributeValue>4afbc689-805b-48cf-a24c-d4aa3248a248</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
+          <AttributeValue>c2f0cd49-5e53-4520-8ed9-4e178dc488c5</AttributeValue>
+        </Attribute>
+        <Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
+          <AttributeValue>https://sts.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/</AttributeValue>
+        </Attribute>
+      </AttributeStatement>
+      <AuthnStatement AuthnInstant="2014-04-18T20:21:14.000Z">
+        <AuthnContext>
+          <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
+        </AuthnContext>
+      </AuthnStatement>
+    </Assertion>
+  </t:RequestedSecurityToken>
+  <t:RequestedAttachedReference>
+    <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+      <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_660ec874-f70a-4997-a9c4-bd591f1c7469</KeyIdentifier>
+    </SecurityTokenReference>
+  </t:RequestedAttachedReference>
+  <t:RequestedUnattachedReference>
+    <SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" xmlns:d3p1="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+      <KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_660ec874-f70a-4997-a9c4-bd591f1c7469</KeyIdentifier>
+    </SecurityTokenReference>
+  </t:RequestedUnattachedReference>
+  <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+  <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
+  <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
+</t:RequestSecurityTokenResponse>
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
new file mode 100644
index 0000000000..bc1ef757f1
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
@@ -0,0 +1,443 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Extensions;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.Net.Http.Headers;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.WsFederation
+{
+    public class WsFederationTest
+    {
+        [Fact]
+        public async Task VerifySchemeDefaults()
+        {
+            var services = new ServiceCollection();
+            services.AddAuthentication().AddWsFederation();
+            var sp = services.BuildServiceProvider();
+            var schemeProvider = sp.GetRequiredService<IAuthenticationSchemeProvider>();
+            var scheme = await schemeProvider.GetSchemeAsync(WsFederationDefaults.AuthenticationScheme);
+            Assert.NotNull(scheme);
+            Assert.Equal("WsFederationHandler", scheme.HandlerType.Name);
+            Assert.Equal(WsFederationDefaults.AuthenticationScheme, scheme.DisplayName);
+        }
+
+        [Fact]
+        public async Task MissingConfigurationThrows()
+        {
+            var builder = new WebHostBuilder()
+                .Configure(ConfigureApp)
+                .ConfigureServices(services =>
+                {
+                    services.AddAuthentication(sharedOptions =>
+                    {
+                        sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
+                    })
+                    .AddCookie()
+                    .AddWsFederation();
+                });
+            var server = new TestServer(builder);
+            var httpClient = server.CreateClient();
+
+            // Verify if the request is redirected to STS with right parameters
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => httpClient.GetAsync("/"));
+            Assert.Equal("Provide MetadataAddress, Configuration, or ConfigurationManager to WsFederationOptions", exception.Message);
+        }
+
+        [Fact]
+        public async Task ChallengeRedirects()
+        {
+            var httpClient = CreateClient();
+
+            // Verify if the request is redirected to STS with right parameters
+            var response = await httpClient.GetAsync("/");
+            Assert.Equal("https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/wsfed", response.Headers.Location.GetLeftPart(System.UriPartial.Path));
+            var queryItems = QueryHelpers.ParseQuery(response.Headers.Location.Query);
+
+            Assert.Equal("http://Automation1", queryItems["wtrealm"]);
+            Assert.True(queryItems["wctx"].ToString().Equals(CustomStateDataFormat.ValidStateData), "wctx does not equal ValidStateData");
+            Assert.Equal(httpClient.BaseAddress + "signin-wsfed", queryItems["wreply"]);
+            Assert.Equal("wsignin1.0", queryItems["wa"]);
+        }
+
+        [Fact]
+        public async Task MapWillNotAffectRedirect()
+        {
+            var httpClient = CreateClient();
+
+            // Verify if the request is redirected to STS with right parameters
+            var response = await httpClient.GetAsync("/mapped-challenge");
+            Assert.Equal("https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/wsfed", response.Headers.Location.GetLeftPart(System.UriPartial.Path));
+            var queryItems = QueryHelpers.ParseQuery(response.Headers.Location.Query);
+
+            Assert.Equal("http://Automation1", queryItems["wtrealm"]);
+            Assert.True(queryItems["wctx"].ToString().Equals(CustomStateDataFormat.ValidStateData), "wctx does not equal ValidStateData");
+            Assert.Equal(httpClient.BaseAddress + "signin-wsfed", queryItems["wreply"]);
+            Assert.Equal("wsignin1.0", queryItems["wa"]);
+        }
+
+        [Fact]
+        public async Task PreMappedWillAffectRedirect()
+        {
+            var httpClient = CreateClient();
+
+            // Verify if the request is redirected to STS with right parameters
+            var response = await httpClient.GetAsync("/premapped-challenge");
+            Assert.Equal("https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/wsfed", response.Headers.Location.GetLeftPart(System.UriPartial.Path));
+            var queryItems = QueryHelpers.ParseQuery(response.Headers.Location.Query);
+
+            Assert.Equal("http://Automation1", queryItems["wtrealm"]);
+            Assert.True(queryItems["wctx"].ToString().Equals(CustomStateDataFormat.ValidStateData), "wctx does not equal ValidStateData");
+            Assert.Equal(httpClient.BaseAddress + "premapped-challenge/signin-wsfed", queryItems["wreply"]);
+            Assert.Equal("wsignin1.0", queryItems["wa"]);
+        }
+
+        [Fact]
+        public async Task ValidTokenIsAccepted()
+        {
+            var httpClient = CreateClient();
+
+            // Verify if the request is redirected to STS with right parameters
+            var response = await httpClient.GetAsync("/");
+            var queryItems = QueryHelpers.ParseQuery(response.Headers.Location.Query);
+
+            var request = new HttpRequestMessage(HttpMethod.Post, queryItems["wreply"]);
+            CopyCookies(response, request);
+            request.Content = CreateSignInContent("WsFederation/ValidToken.xml", queryItems["wctx"]);
+            response = await httpClient.SendAsync(request);
+
+            Assert.Equal(HttpStatusCode.Found, response.StatusCode);
+
+            request = new HttpRequestMessage(HttpMethod.Get, response.Headers.Location);
+            CopyCookies(response, request);
+            response = await httpClient.SendAsync(request);
+
+            // Did the request end in the actual resource requested for
+            Assert.Equal(WsFederationDefaults.AuthenticationScheme, await response.Content.ReadAsStringAsync());
+        }
+
+        [Fact]
+        public async Task ValidUnsolicitedTokenIsRefused()
+        {
+            var httpClient = CreateClient();
+            var form = CreateSignInContent("WsFederation/ValidToken.xml", suppressWctx: true);
+            var exception = await Assert.ThrowsAsync<Exception>(() => httpClient.PostAsync(httpClient.BaseAddress + "signin-wsfed", form));
+            Assert.Contains("Unsolicited logins are not allowed.", exception.InnerException.Message);
+        }
+
+        [Fact]
+        public async Task ValidUnsolicitedTokenIsAcceptedWhenAllowed()
+        {
+            var httpClient = CreateClient(allowUnsolicited: true);
+
+            var form = CreateSignInContent("WsFederation/ValidToken.xml", suppressWctx: true);
+            var response = await httpClient.PostAsync(httpClient.BaseAddress + "signin-wsfed", form);
+
+            Assert.Equal(HttpStatusCode.Found, response.StatusCode);
+
+            var request = new HttpRequestMessage(HttpMethod.Get, response.Headers.Location);
+            CopyCookies(response, request);
+            response = await httpClient.SendAsync(request);
+
+            // Did the request end in the actual resource requested for
+            Assert.Equal(WsFederationDefaults.AuthenticationScheme, await response.Content.ReadAsStringAsync());
+        }
+
+        [Fact]
+        public async Task InvalidTokenIsRejected()
+        {
+            var httpClient = CreateClient();
+
+            // Verify if the request is redirected to STS with right parameters
+            var response = await httpClient.GetAsync("/");
+            var queryItems = QueryHelpers.ParseQuery(response.Headers.Location.Query);
+
+            var request = new HttpRequestMessage(HttpMethod.Post, queryItems["wreply"]);
+            CopyCookies(response, request);
+            request.Content = CreateSignInContent("WsFederation/InvalidToken.xml", queryItems["wctx"]);
+            response = await httpClient.SendAsync(request);
+
+            // Did the request end in the actual resource requested for
+            Assert.Equal("AuthenticationFailed", await response.Content.ReadAsStringAsync());
+        }
+
+        [Fact]
+        public async Task RemoteSignoutRequestTriggersSignout()
+        {
+            var httpClient = CreateClient();
+
+            var response = await httpClient.GetAsync("/signin-wsfed?wa=wsignoutcleanup1.0");
+            response.EnsureSuccessStatusCode();
+
+            var cookie = response.Headers.GetValues(HeaderNames.SetCookie).Single();
+            Assert.Equal(".AspNetCore.Cookies=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax", cookie);
+            Assert.Equal("OnRemoteSignOut", response.Headers.GetValues("EventHeader").Single());
+            Assert.Equal("", await response.Content.ReadAsStringAsync());
+        }
+
+        [Fact]
+        public async Task EventsResolvedFromDI()
+        {
+            var builder = new WebHostBuilder()
+                .ConfigureServices(services =>
+                {
+                    services.AddSingleton<MyWsFedEvents>();
+                    services.AddAuthentication(sharedOptions =>
+                    {
+                        sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
+                    })
+                    .AddCookie()
+                    .AddWsFederation(options =>
+                    {
+                        options.Wtrealm = "http://Automation1";
+                        options.MetadataAddress = "https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/federationmetadata/2007-06/federationmetadata.xml";
+                        options.BackchannelHttpHandler = new WaadMetadataDocumentHandler();
+                        options.EventsType = typeof(MyWsFedEvents);
+                    });
+                })
+                .Configure(app =>
+                {
+                    app.Run(context => context.ChallengeAsync());
+                });
+            var server = new TestServer(builder);
+
+            var result = await server.CreateClient().GetAsync("");
+            Assert.Contains("CustomKey=CustomValue", result.Headers.Location.Query);
+        }
+
+        private class MyWsFedEvents : WsFederationEvents
+        {
+            public override Task RedirectToIdentityProvider(RedirectContext context)
+            {
+                context.ProtocolMessage.SetParameter("CustomKey", "CustomValue");
+                return base.RedirectToIdentityProvider(context);
+            }
+        }
+
+        private FormUrlEncodedContent CreateSignInContent(string tokenFile, string wctx = null, bool suppressWctx = false)
+        {
+            var kvps = new List<KeyValuePair<string, string>>();
+            kvps.Add(new KeyValuePair<string, string>("wa", "wsignin1.0"));
+            kvps.Add(new KeyValuePair<string, string>("wresult", File.ReadAllText(tokenFile)));
+            if (!string.IsNullOrEmpty(wctx))
+            {
+                kvps.Add(new KeyValuePair<string, string>("wctx", wctx));
+            }
+            if (suppressWctx)
+            {
+                kvps.Add(new KeyValuePair<string, string>("suppressWctx", "true"));
+            }
+            return new FormUrlEncodedContent(kvps);
+        }
+
+        private void CopyCookies(HttpResponseMessage response, HttpRequestMessage request)
+        {
+            var cookies = SetCookieHeaderValue.ParseList(response.Headers.GetValues(HeaderNames.SetCookie).ToList());
+            foreach (var cookie in cookies)
+            {
+                if (cookie.Value.HasValue)
+                {
+                    request.Headers.Add(HeaderNames.Cookie, new CookieHeaderValue(cookie.Name, cookie.Value).ToString());
+                }
+            }
+        }
+
+        private HttpClient CreateClient(bool allowUnsolicited = false)
+        {
+            var builder = new WebHostBuilder()
+                .Configure(ConfigureApp)
+                .ConfigureServices(services =>
+                {
+                    services.AddAuthentication(sharedOptions =>
+                    {
+                        sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                        sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
+                    })
+                    .AddCookie()
+                    .AddWsFederation(options =>
+                    {
+                        options.Wtrealm = "http://Automation1";
+                        options.MetadataAddress = "https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/federationmetadata/2007-06/federationmetadata.xml";
+                        options.BackchannelHttpHandler = new WaadMetadataDocumentHandler();
+                        options.StateDataFormat = new CustomStateDataFormat();
+                        options.SecurityTokenHandlers = new List<ISecurityTokenValidator>() { new TestSecurityTokenValidator() };
+                        options.UseTokenLifetime = false;
+                        options.AllowUnsolicitedLogins = allowUnsolicited;
+                        options.Events = new WsFederationEvents()
+                        {
+                            OnMessageReceived = context =>
+                            {
+                                if (!context.ProtocolMessage.Parameters.TryGetValue("suppressWctx", out var suppress))
+                                {
+                                    Assert.True(context.ProtocolMessage.Wctx.Equals("customValue"), "wctx is not my custom value");
+                                }
+                                context.HttpContext.Items["MessageReceived"] = true;
+                                return Task.FromResult(0);
+                            },
+                            OnRedirectToIdentityProvider = context =>
+                            {
+                                if (context.ProtocolMessage.IsSignInMessage)
+                                {
+                                    // Sign in message
+                                    context.ProtocolMessage.Wctx = "customValue";
+                                }
+
+                                return Task.FromResult(0);
+                            },
+                            OnSecurityTokenReceived = context =>
+                            {
+                                context.HttpContext.Items["SecurityTokenReceived"] = true;
+                                return Task.FromResult(0);
+                            },
+                            OnSecurityTokenValidated = context =>
+                            {
+                                Assert.True((bool)context.HttpContext.Items["MessageReceived"], "MessageReceived notification not invoked");
+                                Assert.True((bool)context.HttpContext.Items["SecurityTokenReceived"], "SecurityTokenReceived notification not invoked");
+
+                                if (context.Principal != null)
+                                {
+                                    var identity = context.Principal.Identities.Single();
+                                    identity.AddClaim(new Claim("ReturnEndpoint", "true"));
+                                    identity.AddClaim(new Claim("Authenticated", "true"));
+                                    identity.AddClaim(new Claim(identity.RoleClaimType, "Guest", ClaimValueTypes.String));
+                                }
+
+                                return Task.FromResult(0);
+                            },
+                            OnAuthenticationFailed = context =>
+                            {
+                                context.HttpContext.Items["AuthenticationFailed"] = true;
+                                //Change the request url to something different and skip Wsfed. This new url will handle the request and let us know if this notification was invoked.
+                                context.HttpContext.Request.Path = new PathString("/AuthenticationFailed");
+                                context.SkipHandler();
+                                return Task.FromResult(0);
+                            },
+                            OnRemoteSignOut = context =>
+                            {
+                                context.Response.Headers["EventHeader"] = "OnRemoteSignOut";
+                                return Task.FromResult(0);
+                            }
+                        };
+                    });
+                });
+            var server = new TestServer(builder);
+            return server.CreateClient();
+        }
+
+        private void ConfigureApp(IApplicationBuilder app)
+        {
+            app.Map("/PreMapped-Challenge", mapped =>
+            {
+                mapped.UseAuthentication();
+                mapped.Run(async context =>
+                {
+                    await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
+                });
+            });
+
+            app.UseAuthentication();
+
+            app.Map("/Logout", subApp =>
+                {
+                    subApp.Run(async context =>
+                        {
+                            if (context.User.Identity.IsAuthenticated)
+                            {
+                                var authProperties = new AuthenticationProperties() { RedirectUri = context.Request.GetEncodedUrl() };
+                                await context.SignOutAsync(WsFederationDefaults.AuthenticationScheme, authProperties);
+                                await context.Response.WriteAsync("Signing out...");
+                            }
+                            else
+                            {
+                                await context.Response.WriteAsync("SignedOut");
+                            }
+                        });
+                });
+
+            app.Map("/AuthenticationFailed", subApp =>
+            {
+                subApp.Run(async context =>
+                {
+                    await context.Response.WriteAsync("AuthenticationFailed");
+                });
+            });
+
+            app.Map("/signout-wsfed", subApp =>
+            {
+                subApp.Run(async context =>
+                {
+                    await context.Response.WriteAsync("signout-wsfed");
+                });
+            });
+
+            app.Map("/mapped-challenge", subApp =>
+            {
+                subApp.Run(async context =>
+                {
+                    await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
+                });
+            });
+
+            app.Run(async context =>
+            {
+                var result = context.AuthenticateAsync();
+                if (context.User == null || !context.User.Identity.IsAuthenticated)
+                {
+                    await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
+                    await context.Response.WriteAsync("Unauthorized");
+                }
+                else
+                {
+                    var identity = context.User.Identities.Single();
+                    if (identity.NameClaimType == "Name_Failed" && identity.RoleClaimType == "Role_Failed")
+                    {
+                        context.Response.StatusCode = 500;
+                        await context.Response.WriteAsync("SignIn_Failed");
+                    }
+                    else if (!identity.HasClaim("Authenticated", "true") || !identity.HasClaim("ReturnEndpoint", "true") || !identity.HasClaim(identity.RoleClaimType, "Guest"))
+                    {
+                        await context.Response.WriteAsync("Provider not invoked");
+                        return;
+                    }
+                    else
+                    {
+                        await context.Response.WriteAsync(WsFederationDefaults.AuthenticationScheme);
+                    }
+                }
+            });
+        }
+
+        private class WaadMetadataDocumentHandler : HttpMessageHandler
+        {
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+            {
+                var metadata = File.ReadAllText(@"WsFederation/federationmetadata.xml");
+                var newResponse = new HttpResponseMessage() { Content = new StringContent(metadata, Encoding.UTF8, "text/xml") };
+                return Task.FromResult<HttpResponseMessage>(newResponse);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
new file mode 100644
index 0000000000..920ed66a4f
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<EntityDescriptor ID="_4d16ee22-bedb-4eca-a532-1e5551c7d66e" entityID="https://sts.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
+      <ds:Reference URI="#_4d16ee22-bedb-4eca-a532-1e5551c7d66e">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+        <ds:DigestValue>wFJy/A1QstqtLHauYGcqwwHvn3HUW25DcWI/XLOmXOM=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>R6fPw+BiFS9XYdkhwNJRjGxVftA2j9TdkF5d5jgR8uG1QMyuEA/Eizeq1HnnUj2Yi+sqNG+HzaZQclECeiJfi88Ry+keorDCo9KgdnjlZZc+WFzrJZeHjaDIvFD6B4OAN0mTq5kbpwr7+idzSbvyRXAnpvJxOrViZKE4HpwltGAZGDTkjsVkd8Z/wfoN7ehN4Ei7u/mOAiEU4FkWYFU/BfSVRVIUDyyQ7DGfQFJvCwHWFvsq+M1wfOUzQO5K+M9EU2m4VEP1qqbexXaZMAbcjqyUn4eN7doWjWE59jkXGbn+GR8qgCJqLOaYwXnH5XD0pMjy71aKGyLNaUb3wCwjkA==</ds:SignatureValue>
+    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+      <X509Data>
+        <X509Certificate>MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng</X509Certificate>
+      </X509Data>
+    </KeyInfo>
+  </ds:Signature>
+  <RoleDescriptor xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
+    <KeyDescriptor use="signing">
+      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <X509Data>
+          <X509Certificate>MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ</X509Certificate>
+        </X509Data>
+      </KeyInfo>
+    </KeyDescriptor>
+    <KeyDescriptor use="signing">
+      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <X509Data>
+          <X509Certificate>MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng</X509Certificate>
+        </X509Data>
+      </KeyInfo>
+    </KeyDescriptor>
+    <fed:ClaimTypesOffered>
+      <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>UPN</auth:DisplayName>
+        <auth:Description>UPN of the user</auth:Description>
+      </auth:ClaimType>
+      <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>Name</auth:DisplayName>
+        <auth:Description>The display name for the user</auth:Description>
+      </auth:ClaimType>
+      <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>Given Name</auth:DisplayName>
+        <auth:Description>First name of the user</auth:Description>
+      </auth:ClaimType>
+      <auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>Surname</auth:DisplayName>
+        <auth:Description>Last name of the user</auth:Description>
+      </auth:ClaimType>
+      <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>Authentication Instant</auth:DisplayName>
+        <auth:Description>The time (UTC) at which the user authenticated to the identity provider</auth:Description>
+      </auth:ClaimType>
+      <auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>Authentication Method</auth:DisplayName>
+        <auth:Description>The method of authentication used by the identity provider</auth:Description>
+      </auth:ClaimType>
+      <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/tenantid" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>TenantId</auth:DisplayName>
+        <auth:Description>Identifier for the user's tenant</auth:Description>
+      </auth:ClaimType>
+      <auth:ClaimType Uri="http://schemas.microsoft.com/identity/claims/identityprovider" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
+        <auth:DisplayName>IdentityProvider</auth:DisplayName>
+        <auth:Description>Identity provider for the user.</auth:Description>
+      </auth:ClaimType>
+    </fed:ClaimTypesOffered>
+    <fed:SecurityTokenServiceEndpoint>
+      <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+        <Address>https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/wsfed</Address>
+      </EndpointReference>
+    </fed:SecurityTokenServiceEndpoint>
+    <fed:PassiveRequestorEndpoint>
+      <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+        <Address>https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/wsfed</Address>
+      </EndpointReference>
+    </fed:PassiveRequestorEndpoint>
+  </RoleDescriptor>
+  <RoleDescriptor xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706">
+    <KeyDescriptor use="signing">
+      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <X509Data>
+          <X509Certificate>MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ</X509Certificate>
+        </X509Data>
+      </KeyInfo>
+    </KeyDescriptor>
+    <KeyDescriptor use="signing">
+      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <X509Data>
+          <X509Certificate>MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng</X509Certificate>
+        </X509Data>
+      </KeyInfo>
+    </KeyDescriptor>
+    <fed:TargetScopes>
+      <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+        <Address>https://sts.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/</Address>
+      </EndpointReference>
+    </fed:TargetScopes>
+    <fed:ApplicationServiceEndpoint>
+      <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+        <Address>https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/wsfed</Address>
+      </EndpointReference>
+    </fed:ApplicationServiceEndpoint>
+    <fed:PassiveRequestorEndpoint>
+      <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
+        <Address>https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/wsfed</Address>
+      </EndpointReference>
+    </fed:PassiveRequestorEndpoint>
+  </RoleDescriptor>
+  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <KeyDescriptor use="signing">
+      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <X509Data>
+          <X509Certificate>MIIDPjCCAiqgAwIBAgIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTQwMTAxMDcwMDAwWhcNMTYwMTAxMDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSCWg6q9iYxvJE2NIhSyOiKvqoWCO2GFipgH0sTSAs5FalHQosk9ZNTztX0ywS/AHsBeQPqYygfYVJL6/EgzVuwRk5txr9e3n1uml94fLyq/AXbwo9yAduf4dCHTP8CWR1dnDR+Qnz/4PYlWVEuuHHONOw/blbfdMjhY+C/BYM2E3pRxbohBb3x//CfueV7ddz2LYiH3wjz0QS/7kjPiNCsXcNyKQEOTkbHFi3mu0u13SQwNddhcynd/GTgWN8A+6SN1r4hzpjFKFLbZnBt77ACSiYx+IHK4Mp+NaVEi5wQtSsjQtI++XsokxRDqYLwus1I1SihgbV/STTg5enufuwIDAQABo2IwYDBeBgNVHQEEVzBVgBDLebM6bK3BjWGqIBrBNFeNoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQsRiM0jheFZhKk49YD0SK1TAJBgUrDgMCHQUAA4IBAQCJ4JApryF77EKC4zF5bUaBLQHQ1PNtA1uMDbdNVGKCmSf8M65b8h0NwlIjGGGy/unK8P6jWFdm5IlZ0YPTOgzcRZguXDPj7ajyvlVEQ2K2ICvTYiRQqrOhEhZMSSZsTKXFVwNfW6ADDkN3bvVOVbtpty+nBY5UqnI7xbcoHLZ4wYD251uj5+lo13YLnsVrmQ16NCBYq2nQFNPuNJw6t3XUbwBHXpF46aLT1/eGf/7Xx6iy8yPJX4DyrpFTutDz882RWofGEO5t4Cw+zZg70dJ/hH/ODYRMorfXEW+8uKmXMKmX2wyxMKvfiPbTy5LmAU8Jvjs2tLg4rOBcXWLAIarZ</X509Certificate>
+        </X509Data>
+      </KeyInfo>
+    </KeyDescriptor>
+    <KeyDescriptor use="signing">
+      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+        <X509Data>
+          <X509Certificate>MIIDPjCCAiqgAwIBAgIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAMC0xKzApBgNVBAMTImFjY291bnRzLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQwHhcNMTIwNjA3MDcwMDAwWhcNMTQwNjA3MDcwMDAwWjAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVwIDAQABo2IwYDBeBgNVHQEEVzBVgBCxDDsLd8xkfOLKm4Q/SzjtoS8wLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldIIQVWmXY/+9RqFA/OG9kFulHDAJBgUrDgMCHQUAA4IBAQAkJtxxm/ErgySlNk69+1odTMP8Oy6L0H17z7XGG3w4TqvTUSWaxD4hSFJ0e7mHLQLQD7oV/erACXwSZn2pMoZ89MBDjOMQA+e6QzGB7jmSzPTNmQgMLA8fWCfqPrz6zgH+1F1gNp8hJY57kfeVPBiyjuBmlTEBsBlzolY9dd/55qqfQk6cgSeCbHCy/RU/iep0+UsRMlSgPNNmqhj5gmN2AFVCN96zF694LwuPae5CeR2ZcVknexOWHYjFM0MgUSw0ubnGl0h9AJgGyhvNGcjQqu9vd1xkupFgaN+f7P3p3EVN5csBg5H94jEcQZT7EKeTiZ6bTrpDAnrr8tDCy8ng</X509Certificate>
+        </X509Data>
+      </KeyInfo>
+    </KeyDescriptor>
+    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/saml2" />
+    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/saml2" />
+  </IDPSSODescriptor>
+</EntityDescriptor>
\ No newline at end of file

From cc8acdff57a200966b6b695c7846dfde073cfe68 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Wed, 28 Feb 2018 09:48:07 -0800
Subject: [PATCH 862/900] Update facebook API version to 2.12 #1306

---
 .../FacebookDefaults.cs                                     | 6 +++---
 .../FacebookTests.cs                                        | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
index 6143a4f235..92d1d003e6 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
@@ -9,10 +9,10 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
 
         public static readonly string DisplayName = "Facebook";
 
-        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.6/dialog/oauth";
+        public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.12/dialog/oauth";
 
-        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.6/oauth/access_token";
+        public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.12/oauth/access_token";
 
-        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.6/me";
+        public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.12/me";
     }
 }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 684482ed5b..99177d66bb 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -585,7 +585,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/base/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.12/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
@@ -617,7 +617,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/login");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.12/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri="+ UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
@@ -652,7 +652,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var transaction = await server.SendAsync("http://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.AbsoluteUri;
-            Assert.Contains("https://www.facebook.com/v2.6/dialog/oauth", location);
+            Assert.Contains("https://www.facebook.com/v2.12/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
             Assert.Contains("redirect_uri=", location);

From 21acbf06e88a5f649e90b4a458b4341355791ac4 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Wed, 28 Feb 2018 10:01:09 -0800
Subject: [PATCH 863/900] Update google auth endpoint to v2 #1307

---
 .../GoogleDefaults.cs                                           | 2 +-
 test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
index e4bd666157..0428703180 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
@@ -12,7 +12,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
 
         public static readonly string DisplayName = "Google";
 
-        public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
+        public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth";
 
         public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v4/token";
 
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 8bfbaacde8..c3e80ef71a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -457,7 +457,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var transaction = await server.SendAsync("https://example.com/challenge");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var location = transaction.Response.Headers.Location.ToString();
-            Assert.Contains("https://accounts.google.com/o/oauth2/auth?response_type=code", location);
+            Assert.Contains("https://accounts.google.com/o/oauth2/v2/auth?response_type=code", location);
             Assert.Contains("&client_id=", location);
             Assert.Contains("&redirect_uri=", location);
             Assert.Contains("&scope=", location);

From 9839799645a1110990a5fa5fb8ce060566a0e39e Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 2 Mar 2018 09:53:03 -0800
Subject: [PATCH 864/900] Add CookiePolicy logging #1588

---
 samples/CookiePolicySample/Program.cs         |   2 +-
 .../CookiePolicyMiddleware.cs                 |  18 ++-
 .../LoggingExtensions.cs                      | 105 ++++++++++++++++++
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |   1 +
 .../ResponseCookiesWrapper.cs                 |  50 +++++++--
 .../CookiePolicyTests.cs                      |   2 +-
 6 files changed, 163 insertions(+), 15 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs

diff --git a/samples/CookiePolicySample/Program.cs b/samples/CookiePolicySample/Program.cs
index 12fc8ff287..3fc09a3db2 100644
--- a/samples/CookiePolicySample/Program.cs
+++ b/samples/CookiePolicySample/Program.cs
@@ -12,7 +12,7 @@ namespace CookiePolicySample
                 .ConfigureLogging(factory =>
                 {
                     factory.AddConsole();
-                    factory.AddFilter("Console", level => level >= LogLevel.Information);
+                    factory.AddFilter("Microsoft", LogLevel.Trace);
                 })
                 .UseKestrel()
                 .UseContentRoot(Directory.GetCurrentDirectory())
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index b99fed2c3d..1a810b7d55 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -1,10 +1,13 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.CookiePolicy
@@ -12,13 +15,20 @@ namespace Microsoft.AspNetCore.CookiePolicy
     public class CookiePolicyMiddleware
     {
         private readonly RequestDelegate _next;
+        private readonly ILogger _logger;
 
-        public CookiePolicyMiddleware(
-            RequestDelegate next,
-            IOptions<CookiePolicyOptions> options)
+        public CookiePolicyMiddleware(RequestDelegate next, IOptions<CookiePolicyOptions> options, ILoggerFactory factory)
+        {
+            Options = options.Value;
+            _next = next ?? throw new ArgumentNullException(nameof(next));
+            _logger = factory.CreateLogger<CookiePolicyMiddleware>();
+        }
+
+        public CookiePolicyMiddleware(RequestDelegate next, IOptions<CookiePolicyOptions> options)
         {
             Options = options.Value;
             _next = next;
+            _logger = NullLogger.Instance;
         }
 
         public CookiePolicyOptions Options { get; set; }
@@ -26,7 +36,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
         public Task Invoke(HttpContext context)
         {
             var feature = context.Features.Get<IResponseCookiesFeature>() ?? new ResponseCookiesFeature(context.Features);
-            var wrapper = new ResponseCookiesWrapper(context, Options, feature);
+            var wrapper = new ResponseCookiesWrapper(context, Options, feature, _logger);
             context.Features.Set<IResponseCookiesFeature>(new CookiesWrapperFeature(wrapper));
             context.Features.Set<ITrackingConsentFeature>(wrapper);
 
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs b/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
new file mode 100644
index 0000000000..21b04facc9
--- /dev/null
+++ b/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
@@ -0,0 +1,105 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, bool, Exception> _needsConsent;
+        private static Action<ILogger, bool, Exception> _hasConsent;
+        private static Action<ILogger, Exception> _consentGranted;
+        private static Action<ILogger, Exception> _consentWithdrawn;
+        private static Action<ILogger, string, Exception> _cookieSuppressed;
+        private static Action<ILogger, string, Exception> _deleteCookieSuppressed;
+        private static Action<ILogger, string, Exception> _upgradedToSecure;
+        private static Action<ILogger, string, string, Exception> _upgradedSameSite;
+        private static Action<ILogger, string, Exception> _upgradedToHttpOnly;
+
+        static LoggingExtensions()
+        {
+            _needsConsent = LoggerMessage.Define<bool>(
+                eventId: 1,
+                logLevel: LogLevel.Trace,
+                formatString: "Needs consent: {needsConsent}.");
+            _hasConsent = LoggerMessage.Define<bool>(
+                eventId: 2,
+                logLevel: LogLevel.Trace,
+                formatString: "Has consent: {hasConsent}.");
+            _consentGranted = LoggerMessage.Define(
+                eventId: 3,
+                logLevel: LogLevel.Debug,
+                formatString: "Consent granted.");
+            _consentWithdrawn = LoggerMessage.Define(
+                eventId: 4,
+                logLevel: LogLevel.Debug,
+                formatString: "Consent withdrawn.");
+            _cookieSuppressed = LoggerMessage.Define<string>(
+                eventId: 5,
+                logLevel: LogLevel.Debug,
+                formatString: "Cookie '{key}' suppressed due to consent policy.");
+            _deleteCookieSuppressed = LoggerMessage.Define<string>(
+                eventId: 6,
+                logLevel: LogLevel.Debug,
+                formatString: "Delete cookie '{key}' suppressed due to developer policy.");
+            _upgradedToSecure = LoggerMessage.Define<string>(
+                eventId: 7,
+                logLevel: LogLevel.Debug,
+                formatString: "Cookie '{key}' upgraded to 'secure'.");
+            _upgradedSameSite = LoggerMessage.Define<string, string>(
+                eventId: 8,
+                logLevel: LogLevel.Debug,
+                formatString: "Cookie '{key}' same site mode upgraded to '{mode}'.");
+            _upgradedToHttpOnly = LoggerMessage.Define<string>(
+                eventId: 9,
+                logLevel: LogLevel.Debug,
+                formatString: "Cookie '{key}' upgraded to 'httponly'.");
+        }
+
+        public static void NeedsConsent(this ILogger logger, bool needsConsent)
+        {
+            _needsConsent(logger, needsConsent, null);
+        }
+
+        public static void HasConsent(this ILogger logger, bool hasConsent)
+        {
+            _hasConsent(logger, hasConsent, null);
+        }
+
+        public static void ConsentGranted(this ILogger logger)
+        {
+            _consentGranted(logger, null);
+        }
+
+        public static void ConsentWithdrawn(this ILogger logger)
+        {
+            _consentWithdrawn(logger, null);
+        }
+
+        public static void CookieSuppressed(this ILogger logger, string key)
+        {
+            _cookieSuppressed(logger, key, null);
+        }
+
+        public static void DeleteCookieSuppressed(this ILogger logger, string key)
+        {
+            _deleteCookieSuppressed(logger, key, null);
+        }
+
+        public static void CookieUpgradedToSecure(this ILogger logger, string key)
+        {
+            _upgradedToSecure(logger, key, null);
+        }
+
+        public static void CookieSameSiteUpgraded(this ILogger logger, string key, string mode)
+        {
+            _upgradedSameSite(logger, key, mode, null);
+        }
+
+        public static void CookieUpgradedToHttpOnly(this ILogger logger, string key)
+        {
+            _upgradedToHttpOnly(logger, key, null);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
index 1a42b04dde..40f97633ae 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
+++ b/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
@@ -10,6 +10,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(MicrosoftAspNetCoreHttpPackageVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="$(MicrosoftExtensionsOptionsPackageVersion)" />
   </ItemGroup>
 
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs b/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
index e05cc9466f..126c4d7bd5 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
@@ -5,21 +5,23 @@ using System;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.Logging;
 
 namespace Microsoft.AspNetCore.CookiePolicy
 {
     internal class ResponseCookiesWrapper : IResponseCookies, ITrackingConsentFeature
     {
         private const string ConsentValue = "yes";
-
+        private readonly ILogger _logger;
         private bool? _isConsentNeeded;
         private bool? _hasConsent;
 
-        public ResponseCookiesWrapper(HttpContext context, CookiePolicyOptions options, IResponseCookiesFeature feature)
+        public ResponseCookiesWrapper(HttpContext context, CookiePolicyOptions options, IResponseCookiesFeature feature, ILogger logger)
         {
             Context = context;
             Feature = feature;
             Options = options;
+            _logger = logger;
         }
 
         private HttpContext Context { get; }
@@ -38,6 +40,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
                 {
                     _isConsentNeeded = Options.CheckConsentNeeded == null ? false
                         : Options.CheckConsentNeeded(Context);
+                    _logger.NeedsConsent(_isConsentNeeded.Value);
                 }
 
                 return _isConsentNeeded.Value;
@@ -52,6 +55,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
                 {
                     var cookie = Context.Request.Cookies[Options.ConsentCookie.Name];
                     _hasConsent = string.Equals(cookie, ConsentValue, StringComparison.Ordinal);
+                    _logger.HasConsent(_hasConsent.Value);
                 }
 
                 return _hasConsent.Value;
@@ -67,6 +71,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
                 var cookieOptions = Options.ConsentCookie.Build(Context);
                 // Note policy will be applied. We don't want to bypass policy because we want HttpOnly, Secure, etc. to apply.
                 Append(Options.ConsentCookie.Name, ConsentValue, cookieOptions);
+                _logger.ConsentGranted();
             }
             _hasConsent = true;
         }
@@ -78,6 +83,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
                 var cookieOptions = Options.ConsentCookie.Build(Context);
                 // Note policy will be applied. We don't want to bypass policy because we want HttpOnly, Secure, etc. to apply.
                 Delete(Options.ConsentCookie.Name, cookieOptions);
+                _logger.ConsentWithdrawn();
             }
             _hasConsent = false;
         }
@@ -137,12 +143,16 @@ namespace Microsoft.AspNetCore.CookiePolicy
             {
                 Cookies.Append(key, value, options);
             }
+            else
+            {
+                _logger.CookieSuppressed(key);
+            }
         }
 
         private bool ApplyAppendPolicy(ref string key, ref string value, CookieOptions options)
         {
             var issueCookie = CanTrack || options.IsEssential;
-            ApplyPolicy(options);
+            ApplyPolicy(key, options);
             if (Options.OnAppendCookie != null)
             {
                 var context = new AppendCookieContext(Context, options, key, value)
@@ -182,7 +192,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
 
             // Assume you can always delete cookies unless directly overridden in the user event.
             var issueCookie = true;
-            ApplyPolicy(options);
+            ApplyPolicy(key, options);
             if (Options.OnDeleteCookie != null)
             {
                 var context = new DeleteCookieContext(Context, options, key)
@@ -201,17 +211,30 @@ namespace Microsoft.AspNetCore.CookiePolicy
             {
                 Cookies.Delete(key, options);
             }
+            else
+            {
+                _logger.DeleteCookieSuppressed(key);
+            }
         }
 
-        private void ApplyPolicy(CookieOptions options)
+        private void ApplyPolicy(string key, CookieOptions options)
         {
             switch (Options.Secure)
             {
                 case CookieSecurePolicy.Always:
-                    options.Secure = true;
+                    if (!options.Secure)
+                    {
+                        options.Secure = true;
+                        _logger.CookieUpgradedToSecure(key);
+                    }
                     break;
                 case CookieSecurePolicy.SameAsRequest:
-                    options.Secure = Context.Request.IsHttps;
+                    // Never downgrade a cookie
+                    if (Context.Request.IsHttps && !options.Secure)
+                    {
+                        options.Secure = true;
+                        _logger.CookieUpgradedToSecure(key);
+                    }
                     break;
                 case CookieSecurePolicy.None:
                     break;
@@ -226,10 +249,15 @@ namespace Microsoft.AspNetCore.CookiePolicy
                     if (options.SameSite == SameSiteMode.None)
                     {
                         options.SameSite = SameSiteMode.Lax;
+                        _logger.CookieSameSiteUpgraded(key, "lax");
                     }
                     break;
                 case SameSiteMode.Strict:
-                    options.SameSite = SameSiteMode.Strict;
+                    if (options.SameSite != SameSiteMode.Strict)
+                    {
+                        options.SameSite = SameSiteMode.Strict;
+                        _logger.CookieSameSiteUpgraded(key, "strict");
+                    }
                     break;
                 default:
                     throw new InvalidOperationException($"Unrecognized {nameof(SameSiteMode)} value {Options.MinimumSameSitePolicy.ToString()}");
@@ -237,7 +265,11 @@ namespace Microsoft.AspNetCore.CookiePolicy
             switch (Options.HttpOnly)
             {
                 case HttpOnlyPolicy.Always:
-                    options.HttpOnly = true;
+                    if (!options.HttpOnly)
+                    {
+                        options.HttpOnly = true;
+                        _logger.CookieUpgradedToHttpOnly(key);
+                    }
                     break;
                 case HttpOnlyPolicy.None:
                     break;
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index 7c34f950a5..a2592e5575 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -102,7 +102,7 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
                         Assert.Equal("A=A; path=/; samesite=lax", transaction.SetCookie[0]);
                         Assert.Equal("B=B; path=/; samesite=lax", transaction.SetCookie[1]);
                         Assert.Equal("C=C; path=/; samesite=lax", transaction.SetCookie[2]);
-                        Assert.Equal("D=D; path=/; samesite=lax", transaction.SetCookie[3]);
+                        Assert.Equal("D=D; path=/; secure; samesite=lax", transaction.SetCookie[3]);
                     }),
                 new RequestTest("https://example.com/secureSame",
                     transaction =>

From 1df139eb6d8ef1c1e74a14dd20c9dd13eb6e0e23 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 2 Mar 2018 12:37:19 -0800
Subject: [PATCH 865/900] Clone tickets for sliding refresh #1607

---
 .../CookieAuthenticationHandler.cs            |  21 +++-
 .../CookieTests.cs                            | 116 +++++++++++++++++-
 2 files changed, 134 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 9a2fbfbc74..5993f75325 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -31,6 +31,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         private DateTimeOffset? _refreshExpiresUtc;
         private string _sessionKey;
         private Task<AuthenticateResult> _readCookieTask;
+        private AuthenticationTicket _refreshTicket;
 
         public CookieAuthenticationHandler(IOptionsMonitor<CookieAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
             : base(options, logger, encoder, clock)
@@ -99,9 +100,27 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 _refreshIssuedUtc = currentUtc;
                 var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
                 _refreshExpiresUtc = currentUtc.Add(timeSpan);
+                _refreshTicket = CloneTicket(ticket);
             }
         }
 
+        private AuthenticationTicket CloneTicket(AuthenticationTicket ticket)
+        {
+            var newPrincipal = new ClaimsPrincipal();
+            foreach (var identity in ticket.Principal.Identities)
+            {
+                newPrincipal.AddIdentity(identity.Clone());
+            }
+
+            var newProperties = new AuthenticationProperties();
+            foreach (var item in ticket.Properties.Items)
+            {
+                newProperties.Items[item.Key] = item.Value;
+            }
+
+            return new AuthenticationTicket(newPrincipal, newProperties, ticket.AuthenticationScheme);
+        }
+
         private async Task<AuthenticateResult> ReadCookieTicket()
         {
             var cookie = Options.CookieManager.GetRequestCookie(Context, Options.Cookie.Name);
@@ -190,7 +209,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 return;
             }
 
-            var ticket = (await HandleAuthenticateOnceSafeAsync())?.Ticket;
+            var ticket = _refreshTicket;
             if (ticket != null)
             {
                 var properties = ticket.Properties;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index b2726bac8c..945ec82ee6 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -515,8 +515,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         private Task SignInAsAlice(HttpContext context)
         {
+            var user = new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"));
+            user.AddClaim(new Claim("marker", "true"));
             return context.SignInAsync("Cookies",
-                new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
+                new ClaimsPrincipal(user),
                 new AuthenticationProperties());
         }
 
@@ -942,6 +944,61 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
+        [Fact]
+        public async Task CookieCanBeRenewedByValidatorWithModifiedProperties()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Events = new CookieAuthenticationEvents
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.ShouldRenew = true;
+                        var id = ctx.Principal.Identities.First();
+                        var claim = id.FindFirst("counter");
+                        if (claim == null)
+                        {
+                            id.AddClaim(new Claim("counter", "1"));
+                        }
+                        else
+                        {
+                            id.RemoveClaim(claim);
+                            id.AddClaim(new Claim("counter", claim.Value + "1"));
+                        }
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.NotNull(transaction2.SetCookie);
+            Assert.Equal("1", FindClaimValue(transaction2, "counter"));
+
+            _clock.Add(TimeSpan.FromMinutes(5));
+
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
+            Assert.NotNull(transaction3.SetCookie);
+            Assert.Equal("11", FindClaimValue(transaction3, "counter"));
+
+            _clock.Add(TimeSpan.FromMinutes(6));
+
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
+            Assert.NotNull(transaction4.SetCookie);
+            Assert.Equal("111", FindClaimValue(transaction4, "counter"));
+
+            _clock.Add(TimeSpan.FromMinutes(11));
+
+            var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
+            Assert.Null(transaction5.SetCookie);
+            Assert.Null(FindClaimValue(transaction5, "counter"));
+        }
+
         [Fact]
         public async Task CookieValidatorOnlyCalledOnce()
         {
@@ -1114,6 +1171,51 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Equal("Alice", FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
+        [Fact]
+        public async Task CookieIsRenewedWithSlidingExpirationWithoutTransformations()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.SlidingExpiration = true;
+                o.Events.OnValidatePrincipal = c =>
+                {
+                    // https://github.com/aspnet/Security/issues/1607
+                    // On sliding refresh the transformed principal should not be serialized into the cookie, only the original principal.
+                    Assert.Single(c.Principal.Identities);
+                    Assert.True(c.Principal.Identities.First().HasClaim("marker", "true"));
+                    return Task.CompletedTask;
+                };
+            },
+            SignInAsAlice,
+            claimsTransform: true);
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.Null(transaction2.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+
+            _clock.Add(TimeSpan.FromMinutes(4));
+
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.Null(transaction3.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
+
+            _clock.Add(TimeSpan.FromMinutes(4));
+
+            // transaction4 should arrive with a new SetCookie value
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.NotNull(transaction4.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
+
+            _clock.Add(TimeSpan.FromMinutes(4));
+
+            var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
+            Assert.Null(transaction5.SetCookie);
+            Assert.Equal("Alice", FindClaimValue(transaction5, ClaimTypes.Name));
+        }
+
         [Fact]
         public async Task CookieUsesPathBaseByDefault()
         {
@@ -1643,6 +1745,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
         {
             public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal p)
             {
+                var firstId = p.Identities.First();
+                if (firstId.HasClaim("marker", "true"))
+                {
+                    firstId.RemoveClaim(firstId.FindFirst("marker"));
+                }
+                // TransformAsync could be called twice on one request if you have a default scheme and also
+                // call AuthenticateAsync.
                 if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
                 {
                     var id = new ClaimsIdentity("xform");
@@ -1658,7 +1767,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             {
                 s.AddSingleton<ISystemClock>(_clock);
                 s.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(configureOptions);
-                s.AddSingleton<IClaimsTransformation, ClaimsTransformer>();
+                if (claimsTransform)
+                {
+                    s.AddSingleton<IClaimsTransformation, ClaimsTransformer>();
+                }
             }, testpath, baseAddress);
 
         private static TestServer CreateServerWithServices(Action<IServiceCollection> configureServices, Func<HttpContext, Task> testpath = null, Uri baseAddress = null)

From f5ea6944f0d501915a26a6c343eb67357bc6270a Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 6 Mar 2018 10:06:01 -0800
Subject: [PATCH 866/900] Use dotnet-core feed in repos

---
 build/sources.props | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/build/sources.props b/build/sources.props
index 9feff29d09..9215df9751 100644
--- a/build/sources.props
+++ b/build/sources.props
@@ -1,10 +1,11 @@
-<Project>
+<Project>
   <Import Project="$(DotNetRestoreSourcePropsPath)" Condition="'$(DotNetRestoreSourcePropsPath)' != ''"/>
 
   <PropertyGroup Label="RestoreSources">
     <RestoreSources>$(DotNetRestoreSources)</RestoreSources>
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true' AND '$(AspNetUniverseBuildOffline)' != 'true' ">
       $(RestoreSources);
+      https://dotnet.myget.org/F/dotnet-core/api/v3/index.json;
       https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json;
       https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json;
     </RestoreSources>

From 4e3e8bb109f3d1b3d95f7af4775a386d291c2b96 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Tue, 6 Mar 2018 10:06:01 -0800
Subject: [PATCH 867/900] Prepend FeatureBranchVersionPrefix if
 FeatureBranchVersionSuffix is specified

---
 version.props | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/version.props b/version.props
index 65c8a07e37..a11ea1ed52 100644
--- a/version.props
+++ b/version.props
@@ -5,7 +5,8 @@
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
     <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>
-    <VersionSuffix Condition="'$(VersionSuffix)' != '' And '$(FeatureBranchVersionSuffix)' != ''">$(VersionSuffix)-$([System.Text.RegularExpressions.Regex]::Replace('$(FeatureBranchVersionSuffix)', '[^\w-]', '-'))</VersionSuffix>
+    <FeatureBranchVersionPrefix Condition="'$(FeatureBranchVersionPrefix)' == ''">a-</FeatureBranchVersionPrefix>
+    <VersionSuffix Condition="'$(VersionSuffix)' != '' And '$(FeatureBranchVersionSuffix)' != ''">$(FeatureBranchVersionPrefix)$(VersionSuffix)-$([System.Text.RegularExpressions.Regex]::Replace('$(FeatureBranchVersionSuffix)', '[^\w-]', '-'))</VersionSuffix>
     <VersionSuffix Condition="'$(VersionSuffix)' != '' And '$(BuildNumber)' != ''">$(VersionSuffix)-$(BuildNumber)</VersionSuffix>
   </PropertyGroup>
 </Project>

From 41bcbd5f0b3fa8bf361cb4a1eae03861cd3841bb Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Thu, 8 Mar 2018 13:14:09 -0800
Subject: [PATCH 868/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 4ccaf4fcbc..d0cb88aa82 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,38 +3,38 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15721</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30187</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30187</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15728</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26130-04</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26225-03</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index e6c7fddffa..138d848db1 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15721
-commithash:f9bb4be59e39938ec59a6975257e26099b0d03c1
+version:2.1.0-preview2-15728
+commithash:393377068ddcf51dfee0536536d455f57a828b06

From 4103d47f0919f9e5b5804d6bd4ee33ad5bb77d15 Mon Sep 17 00:00:00 2001
From: Alexander Klingenbeck <mode7@gmx.net>
Date: Tue, 13 Mar 2018 18:57:36 +0100
Subject: [PATCH 869/900] Rename ns Microsoft.AspNetCore.Authroization.Test to
 Microsoft.AspNetCore.Authorization.Test (#1693)

---
 .../AuthorizationPolicyFacts.cs                                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
index 3eefb7af7b..143be1b9be 100644
--- a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
+++ b/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
@@ -9,7 +9,7 @@ using Microsoft.AspNetCore.Authorization.Infrastructure;
 using Microsoft.Extensions.Options;
 using Xunit;
 
-namespace Microsoft.AspNetCore.Authroization.Test
+namespace Microsoft.AspNetCore.Authorization.Test
 {
     public class AuthorizationPolicyFacts
     {

From bee77ebf911d477faed36a12bcc7369bf0005e1a Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Tue, 13 Mar 2018 11:09:43 -0700
Subject: [PATCH 870/900] Rename VirtualScheme => PolicyScheme (#1665)

* VirtualScheme => PolicyScheme

* Use SignInHandler base for cookies

* PolicySchemeHandlers throw NotImplemented by default

* Remove redundant interface
---
 .../CookieAuthenticationHandler.cs            |  23 +---
 .../breakingchanges.netcore.json              |   6 ++
 .../AuthenticationBuilder.cs                  |   6 +-
 .../AuthenticationHandler.cs                  |   1 -
 .../PolicySchemeHandler.cs                    |  36 +++++++
 .../PolicySchemeOptions.cs                    |  11 ++
 .../SignInAuthenticationHandler.cs            |  39 +++++++
 .../SignOutAuthenticationHandler.cs           |  36 +++++++
 .../VirtualAuthenticationHandler.cs           |  71 ------------
 .../VirtualSchemeOptions.cs                   |  33 ------
 ...{VirtualHandlerTests.cs => PolicyTests.cs} | 102 ++++++------------
 11 files changed, 166 insertions(+), 198 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
 create mode 100644 src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs
 delete mode 100644 src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs
 rename test/Microsoft.AspNetCore.Authentication.Test/{VirtualHandlerTests.cs => PolicyTests.cs} (85%)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 5993f75325..343cf1b3a7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -14,10 +14,7 @@ using Microsoft.Net.Http.Headers;
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    public class CookieAuthenticationHandler :
-        AuthenticationHandler<CookieAuthenticationOptions>,
-        IAuthenticationSignInHandler,
-        IAuthenticationSignOutHandler
+    public class CookieAuthenticationHandler : SignInAuthenticationHandler<CookieAuthenticationOptions>
     {
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT";
@@ -252,20 +249,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
         }
 
-        public async virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+        protected async override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            var target = ResolveTarget(Options.ForwardSignIn);
-            if (target != null)
-            {
-                await Context.SignInAsync(target, user, properties);
-                return;
-            }
-
             properties = properties ?? new AuthenticationProperties();
 
             _signInCalled = true;
@@ -346,15 +336,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Logger.SignedIn(Scheme.Name);
         }
 
-        public async virtual Task SignOutAsync(AuthenticationProperties properties)
+        protected async override Task HandleSignOutAsync(AuthenticationProperties properties)
         {
-            var target = ResolveTarget(Options.ForwardSignOut);
-            if (target != null)
-            {
-                await Context.SignOutAsync(target, properties);
-                return;
-            }
-
             properties = properties ?? new AuthenticationProperties();
 
             _signOutCalled = true;
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
new file mode 100644
index 0000000000..7673fc1a0e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
@@ -0,0 +1,6 @@
+  [
+    {
+      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler",
+      "Kind": "Removal"
+    }
+  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
index 7bf8fe96ee..401b1f488c 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
@@ -91,15 +91,15 @@ namespace Microsoft.AspNetCore.Authentication
         }
 
         /// <summary>
-        /// Adds a <see cref="VirtualAuthenticationHandler"/> based authentication handler which can be used to 
+        /// Adds a <see cref="PolicySchemeHandler"/> based authentication handler which can be used to 
         /// redirect to other authentication schemes.
         /// </summary>
         /// <param name="authenticationScheme">The name of this scheme.</param>
         /// <param name="displayName">The display name of this scheme.</param>
         /// <param name="configureOptions">Used to configure the scheme options.</param>
         /// <returns>The builder.</returns>
-        public virtual AuthenticationBuilder AddVirtualScheme(string authenticationScheme, string displayName, Action<VirtualSchemeOptions> configureOptions)
-            => AddSchemeHelper<VirtualSchemeOptions, VirtualAuthenticationHandler>(authenticationScheme, displayName, configureOptions);
+        public virtual AuthenticationBuilder AddPolicyScheme(string authenticationScheme, string displayName, Action<PolicySchemeOptions> configureOptions)
+            => AddSchemeHelper<PolicySchemeOptions, PolicySchemeHandler>(authenticationScheme, displayName, configureOptions);
 
         // Used to ensure that there's always a default sign in scheme that's not itself
         private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 4399ce5f74..5c9a6473f1 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -2,7 +2,6 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs b/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
new file mode 100644
index 0000000000..4dbbb7de2d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
@@ -0,0 +1,36 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// PolicySchemes are used to redirect authentication methods to another scheme.
+    /// </summary>
+    public class PolicySchemeHandler : SignInAuthenticationHandler<PolicySchemeOptions>
+    {
+        public PolicySchemeHandler(IOptionsMonitor<PolicySchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+        { }
+
+        protected override Task HandleChallengeAsync(AuthenticationProperties properties)
+            => throw new NotImplementedException();
+
+        protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
+            => throw new NotImplementedException();
+
+        protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+            => throw new NotImplementedException();
+
+        protected override Task HandleSignOutAsync(AuthenticationProperties properties)
+            => throw new NotImplementedException();
+
+        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+            => throw new NotImplementedException();
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
new file mode 100644
index 0000000000..1921c77ec8
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
@@ -0,0 +1,11 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Contains the options used by the <see cref="PolicySchemeHandler"/>.
+    /// </summary>
+    public class PolicySchemeOptions : AuthenticationSchemeOptions
+    { }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
new file mode 100644
index 0000000000..dbd612dc10
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
@@ -0,0 +1,39 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Adds support for SignInAsync
+    /// </summary>
+    public abstract class SignInAuthenticationHandler<TOptions> : SignOutAuthenticationHandler<TOptions>, IAuthenticationSignInHandler
+        where TOptions : AuthenticationSchemeOptions, new()
+    {
+        public SignInAuthenticationHandler(IOptionsMonitor<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+        { }
+
+        public virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+        {
+            var target = ResolveTarget(Options.ForwardSignIn);
+            return (target != null)
+                ? Context.SignInAsync(target, user, properties)
+                : HandleSignInAsync(user, properties ?? new AuthenticationProperties());
+        }
+
+        /// <summary>
+        /// Override this method to handle SignIn.
+        /// </summary>
+        /// <param name="user"></param>
+        /// <param name="properties"></param>
+        /// <returns>A Task.</returns>
+        protected abstract Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties);
+
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
new file mode 100644
index 0000000000..015cb39e05
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
@@ -0,0 +1,36 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    /// <summary>
+    /// Adds support for SignOutAsync
+    /// </summary>
+    public abstract class SignOutAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationSignOutHandler
+        where TOptions : AuthenticationSchemeOptions, new()
+    {
+        public SignOutAuthenticationHandler(IOptionsMonitor<TOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+        { }
+
+        public virtual Task SignOutAsync(AuthenticationProperties properties)
+        {
+            var target = ResolveTarget(Options.ForwardSignOut);
+            return (target != null)
+                ? Context.SignOutAsync(target, properties)
+                : HandleSignOutAsync(properties ?? new AuthenticationProperties());
+        }
+
+        /// <summary>
+        /// Override this method to handle SignOut.
+        /// </summary>
+        /// <param name="properties"></param>
+        /// <returns>A Task.</returns>
+        protected abstract Task HandleSignOutAsync(AuthenticationProperties properties);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs
deleted file mode 100644
index 4a023bec2c..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs
+++ /dev/null
@@ -1,71 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    /// <summary>
-    /// Forwards calls to another authentication scheme.
-    /// </summary>
-    public class VirtualAuthenticationHandler : IAuthenticationHandler, IAuthenticationSignInHandler
-    {
-        protected IOptionsMonitor<VirtualSchemeOptions> OptionsMonitor { get; }
-        public AuthenticationScheme Scheme { get; private set; }
-        public VirtualSchemeOptions Options { get; private set; }
-        protected HttpContext Context { get; private set; }
-
-        public VirtualAuthenticationHandler(IOptionsMonitor<VirtualSchemeOptions> options)
-        {
-            OptionsMonitor = options;
-        }
-
-        /// <summary>
-        /// Initialize the handler, resolve the options and validate them.
-        /// </summary>
-        /// <param name="scheme"></param>
-        /// <param name="context"></param>
-        /// <returns>A Task.</returns>
-        public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
-        {
-            if (scheme == null)
-            {
-                throw new ArgumentNullException(nameof(scheme));
-            }
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            Scheme = scheme;
-            Context = context;
-
-            Options = OptionsMonitor.Get(Scheme.Name) ?? new VirtualSchemeOptions();
-            Options.Validate();
-
-            return Task.CompletedTask;
-        }
-
-        protected virtual string ResolveTarget(string scheme)
-            => scheme ?? Options.DefaultSelector?.Invoke(Context) ?? Options.Default;
-
-        public virtual Task<AuthenticateResult> AuthenticateAsync()
-            => Context.AuthenticateAsync(ResolveTarget(Options.Authenticate));
-
-        public virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
-            => Context.SignInAsync(ResolveTarget(Options.SignIn), user, properties);
-
-        public virtual Task SignOutAsync(AuthenticationProperties properties)
-            => Context.SignOutAsync(ResolveTarget(Options.SignOut), properties);
-
-        public virtual Task ChallengeAsync(AuthenticationProperties properties)
-            => Context.ChallengeAsync(ResolveTarget(Options.Challenge), properties);
-
-        public virtual Task ForbidAsync(AuthenticationProperties properties)
-            => Context.ForbidAsync(ResolveTarget(Options.Forbid), properties);
-    }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs
deleted file mode 100644
index 38d819bf59..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication
-{
-    /// <summary>
-    /// Used to redirect authentication methods to another scheme
-    /// </summary>
-    public class VirtualSchemeOptions
-    {
-        public string Default { get; set; }
-
-        public string Authenticate { get; set; }
-        public string Challenge { get; set; }
-        public string Forbid { get; set; }
-        public string SignIn { get; set; }
-        public string SignOut { get; set; }
-
-        /// <summary>
-        /// Used to select a default scheme to target based on the request.
-        /// </summary>
-        public Func<HttpContext, string> DefaultSelector { get; set; }
-
-
-        /// <summary>
-        /// Check that the options are valid. Should throw an exception if things are not ok.
-        /// </summary>
-        public virtual void Validate() { }
-    }
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
similarity index 85%
rename from test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
index a43478c949..368026beb8 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
@@ -12,26 +12,26 @@ using Xunit;
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    public class VirtualHandlerTests
+    public class PolicyTests
     {
         [Fact]
         public async Task CanDispatch()
         {
             var server = CreateServer(services =>
             {
-                services.AddAuthentication(o =>
+                services.AddLogging().AddAuthentication(o =>
                 {
                     o.AddScheme<TestHandler>("auth1", "auth1");
                     o.AddScheme<TestHandler>("auth2", "auth2");
                     o.AddScheme<TestHandler>("auth3", "auth3");
                 })
-                .AddVirtualScheme("policy1", "policy1", p =>
+                .AddPolicyScheme("policy1", "policy1", p =>
                 {
-                    p.Default = "auth1";
+                    p.ForwardDefault = "auth1";
                 })
-                .AddVirtualScheme("policy2", "policy2", p =>
+                .AddPolicyScheme("policy2", "policy2", p =>
                 {
-                    p.Authenticate = "auth2";
+                    p.ForwardAuthenticate = "auth2";
                 });
             });
 
@@ -54,16 +54,15 @@ namespace Microsoft.AspNetCore.Authentication
         [Fact]
         public async Task DefaultTargetSelectorWinsOverDefaultTarget()
         {
-            var services = new ServiceCollection().AddOptions();
-
+            var services = new ServiceCollection().AddOptions().AddLogging();
             services.AddAuthentication(o =>
             {
                 o.AddScheme<TestHandler>("auth1", "auth1");
                 o.AddScheme<TestHandler2>("auth2", "auth2");
             })
-            .AddVirtualScheme("forward", "forward", p => {
-                p.Default = "auth2";
-                p.DefaultSelector = ctx => "auth1";
+            .AddPolicyScheme("forward", "forward", p => {
+                p.ForwardDefault= "auth2";
+                p.ForwardDefaultSelector = ctx => "auth1";
             });
 
             var handler1 = new TestHandler();
@@ -110,16 +109,15 @@ namespace Microsoft.AspNetCore.Authentication
         [Fact]
         public async Task NullDefaultTargetSelectorFallsBacktoDefaultTarget()
         {
-            var services = new ServiceCollection().AddOptions();
-
+            var services = new ServiceCollection().AddOptions().AddLogging();
             services.AddAuthentication(o =>
             {
                 o.AddScheme<TestHandler>("auth1", "auth1");
                 o.AddScheme<TestHandler2>("auth2", "auth2");
             })
-            .AddVirtualScheme("forward", "forward", p => {
-                p.Default = "auth1";
-                p.DefaultSelector = ctx => null;
+            .AddPolicyScheme("forward", "forward", p => {
+                p.ForwardDefault= "auth1";
+                p.ForwardDefaultSelector = ctx => null;
             });
 
             var handler1 = new TestHandler();
@@ -166,21 +164,20 @@ namespace Microsoft.AspNetCore.Authentication
         [Fact]
         public async Task SpecificTargetAlwaysWinsOverDefaultTarget()
         {
-            var services = new ServiceCollection().AddOptions();
-
+            var services = new ServiceCollection().AddOptions().AddLogging();
             services.AddAuthentication(o =>
             {
                 o.AddScheme<TestHandler>("auth1", "auth1");
                 o.AddScheme<TestHandler2>("auth2", "auth2");
             })
-            .AddVirtualScheme("forward", "forward", p => {
-                p.Default = "auth2";
-                p.DefaultSelector = ctx => "auth2";
-                p.Authenticate = "auth1";
-                p.SignIn = "auth1";
-                p.SignOut = "auth1";
-                p.Forbid = "auth1";
-                p.Challenge = "auth1";
+            .AddPolicyScheme("forward", "forward", p => {
+                p.ForwardDefault= "auth2";
+                p.ForwardDefaultSelector = ctx => "auth2";
+                p.ForwardAuthenticate = "auth1";
+                p.ForwardSignIn = "auth1";
+                p.ForwardSignOut = "auth1";
+                p.ForwardForbid = "auth1";
+                p.ForwardChallenge = "auth1";
             });
 
             var handler1 = new TestHandler();
@@ -227,14 +224,13 @@ namespace Microsoft.AspNetCore.Authentication
         [Fact]
         public async Task VirtualSchemeTargetsForwardWithDefaultTarget()
         {
-            var services = new ServiceCollection().AddOptions();
-
+            var services = new ServiceCollection().AddOptions().AddLogging();
             services.AddAuthentication(o =>
             {
                 o.AddScheme<TestHandler>("auth1", "auth1");
                 o.AddScheme<TestHandler2>("auth2", "auth2");
             })
-            .AddVirtualScheme("forward", "forward", p => p.Default = "auth1");
+            .AddPolicyScheme("forward", "forward", p => p.ForwardDefault= "auth1");
 
             var handler1 = new TestHandler();
             services.AddSingleton(handler1);
@@ -280,18 +276,17 @@ namespace Microsoft.AspNetCore.Authentication
         [Fact]
         public async Task VirtualSchemeTargetsOverrideDefaultTarget()
         {
-            var services = new ServiceCollection().AddOptions();
-
+            var services = new ServiceCollection().AddOptions().AddLogging();
             services.AddAuthentication(o =>
             {
                 o.AddScheme<TestHandler>("auth1", "auth1");
                 o.AddScheme<TestHandler2>("auth2", "auth2");
             })
-            .AddVirtualScheme("forward", "forward", p =>
+            .AddPolicyScheme("forward", "forward", p =>
             {
-                p.Default = "auth1";
-                p.Challenge = "auth2";
-                p.SignIn = "auth2";
+                p.ForwardDefault= "auth1";
+                p.ForwardChallenge = "auth2";
+                p.ForwardSignIn = "auth2";
             });
 
             var handler1 = new TestHandler();
@@ -346,9 +341,9 @@ namespace Microsoft.AspNetCore.Authentication
                     o.AddScheme<TestHandler>("auth2", "auth2");
                     o.AddScheme<TestHandler>("auth3", "auth3");
                 })
-                .AddVirtualScheme("dynamic", "dynamic", p =>
+                .AddPolicyScheme("dynamic", "dynamic", p =>
                 {
-                    p.DefaultSelector = c => c.Request.QueryString.Value.Substring(1);
+                    p.ForwardDefaultSelector = c => c.Request.QueryString.Value.Substring(1);
                 });
             });
  
@@ -360,39 +355,6 @@ namespace Microsoft.AspNetCore.Authentication
             Assert.Equal("auth3", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth3"));
         }
 
-        [Fact]
-        public async Task TargetsDefaultSchemeByDefault()
-        {
-            var server = CreateServer(services =>
-            {
-                services.AddAuthentication(o =>
-                {
-                    o.DefaultScheme = "default";
-                    o.AddScheme<TestHandler>("default", "default");
-                })
-                .AddVirtualScheme("virtual", "virtual", p => { });
-            });
-
-            var transaction = await server.SendAsync("http://example.com/auth/virtual");
-            Assert.Equal("default", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "default"));
-        }
-
-        [Fact]
-        public async Task TargetsDefaultSchemeThrowsWithNoDefault()
-        {
-            var server = CreateServer(services =>
-            {
-                services.AddAuthentication(o =>
-                {
-                    o.AddScheme<TestHandler>("default", "default");
-                })
-                .AddVirtualScheme("virtual", "virtual", p => { });
-            });
-
-            var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("http://example.com/auth/virtual"));
-            Assert.Contains("No authenticationScheme was specified", error.Message);
-        }
-
         private class TestHandler : IAuthenticationSignInHandler
         {
             public AuthenticationScheme Scheme { get; set; }

From 2fecba74511054290e90b88d1502048fc71fa452 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 16 Mar 2018 11:16:57 -0700
Subject: [PATCH 871/900] Branching for 2.1.0-preview2

---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 build/repo.props         |  4 +--
 build/sources.props      |  2 +-
 korebuild-lock.txt       |  4 +--
 4 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index d0cb88aa82..d0dfac301f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,38 +3,38 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15728</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15742</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26225-03</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26314-02</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.0</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/build/repo.props b/build/repo.props
index 541470c9f4..2ab5a2ae35 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,4 +1,4 @@
-<Project>
+<Project>
   <Import Project="dependencies.props" />
 
   <ItemGroup>
@@ -7,7 +7,7 @@
   <PropertyGroup>
     <!-- These properties are use by the automation that updates dependencies.props -->
     <LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
-    <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json</LineupPackageRestoreSource>
+    <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-release/api/v3/index.json</LineupPackageRestoreSource>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/build/sources.props b/build/sources.props
index 9215df9751..36045f12b5 100644
--- a/build/sources.props
+++ b/build/sources.props
@@ -6,7 +6,7 @@
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true' AND '$(AspNetUniverseBuildOffline)' != 'true' ">
       $(RestoreSources);
       https://dotnet.myget.org/F/dotnet-core/api/v3/index.json;
-      https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json;
+      https://dotnet.myget.org/F/aspnetcore-release/api/v3/index.json;
       https://dotnet.myget.org/F/aspnetcore-tools/api/v3/index.json;
     </RestoreSources>
     <RestoreSources Condition="'$(DotNetBuildOffline)' != 'true'">
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 138d848db1..e40ef6651b 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15728
-commithash:393377068ddcf51dfee0536536d455f57a828b06
+version:2.1.0-preview2-15742
+commithash:21fbb0f2c3fe4a9216e2d59632b98cfd7d685962

From 701c9f083f419354953726a0e1affd4eda87b3d5 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 16 Mar 2018 11:28:13 -0700
Subject: [PATCH 872/900] Update version prefix to preview3

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index a11ea1ed52..24f2b00a0a 100644
--- a/version.props
+++ b/version.props
@@ -1,7 +1,7 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>2.1.0</VersionPrefix>
-    <VersionSuffix>preview2</VersionSuffix>
+    <VersionSuffix>preview3</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
     <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>

From be3473914af496764d06069a0e516763cf604335 Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Fri, 16 Mar 2018 12:33:48 -0700
Subject: [PATCH 873/900] Update KoreBuild channel

---
 korebuild.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/korebuild.json b/korebuild.json
index bd5d51a51b..678d8bb948 100644
--- a/korebuild.json
+++ b/korebuild.json
@@ -1,4 +1,4 @@
 {
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
-  "channel": "dev"
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/release/2.1/tools/korebuild.schema.json",
+  "channel": "release/2.1"
 }

From 81fb221d9e1d08cdda8d1fabcb43f900848e4bdf Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Tue, 20 Mar 2018 12:42:16 -0700
Subject: [PATCH 874/900] Embed OIDC metadata and mock out the backchannel
 #1686

---
 ...soft.AspNetCore.Authentication.Test.csproj |  7 ++++
 .../OpenIdConnect/TestSettings.cs             | 40 ++++++++++++++++++-
 .../OpenIdConnect/wellknownconfig.json        | 23 +++++++++++
 .../OpenIdConnect/wellknownkeys.json          | 31 ++++++++++++++
 4 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index 469726690f..6c8d518ffa 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -5,6 +5,8 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <None Remove="OpenIdConnect\wellknownconfig.json" />
+    <None Remove="OpenIdConnect\wellknownkeys.json" />
     <None Remove="WsFederation\federationmetadata.xml" />
     <None Remove="WsFederation\InvalidToken.xml" />
     <None Remove="WsFederation\ValidToken.xml" />
@@ -22,6 +24,11 @@
     </Content>
   </ItemGroup>
 
+  <ItemGroup>
+    <EmbeddedResource Include="OpenIdConnect\wellknownconfig.json" />
+    <EmbeddedResource Include="OpenIdConnect\wellknownkeys.json" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index 509b85e64e..6bb5445dc6 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -4,10 +4,14 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
+using System.IO;
 using System.Linq;
+using System.Net.Http;
 using System.Reflection;
 using System.Text;
 using System.Text.Encodings.Web;
+using System.Threading;
+using System.Threading.Tasks;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.TestHost;
@@ -22,6 +26,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
     internal class TestSettings
     {
         private readonly Action<OpenIdConnectOptions> _configureOptions;
+        private OpenIdConnectOptions _options;
 
         public TestSettings() : this(configure: null)
         {
@@ -33,6 +38,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             {
                 configure?.Invoke(o);
                 _options = o;
+                _options.BackchannelHttpHandler = new MockBackchannel();
             };
         }
 
@@ -206,8 +212,6 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             }
         }
 
-        OpenIdConnectOptions _options = null;
-
         private void ValidateExpectedAuthority(string absoluteUri, ICollection<string> errors, OpenIdConnectRequestType requestType)
         {
             string expectedAuthority;
@@ -305,5 +309,37 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                 errors.Add($"Parameter {parameterName} is missing");
             }
         }
+
+        private class MockBackchannel : HttpMessageHandler
+        {
+            protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+            {
+                if (request.RequestUri.AbsoluteUri.Equals("https://login.microsoftonline.com/common/.well-known/openid-configuration"))
+                {
+                    return await ReturnResource("wellknownconfig.json");
+                }
+                if (request.RequestUri.AbsoluteUri.Equals("https://login.microsoftonline.com/common/discovery/keys"))
+                {
+                    return await ReturnResource("wellknownkeys.json");
+                }
+
+                throw new NotImplementedException();
+            }
+
+            private async Task<HttpResponseMessage> ReturnResource(string resource)
+            {
+                var resourceName = "Microsoft.AspNetCore.Authentication.Test.OpenIdConnect." + resource;
+                using (var stream = typeof(MockBackchannel).Assembly.GetManifestResourceStream(resourceName))
+                using (var reader = new StreamReader(stream))
+                {
+                    var body = await reader.ReadToEndAsync();
+                    var content = new StringContent(body, Encoding.UTF8, "application/json");
+                    return new HttpResponseMessage()
+                    {
+                        Content = content,
+                    };
+                }
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
new file mode 100644
index 0000000000..4d46a8cf0a
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
@@ -0,0 +1,23 @@
+{
+  "authorization_endpoint": "https://login.microsoftonline.com/common/oauth2/authorize",
+  "token_endpoint": "https://login.microsoftonline.com/common/oauth2/token",
+  "token_endpoint_auth_methods_supported": [ "client_secret_post", "private_key_jwt", "client_secret_basic" ],
+  "jwks_uri": "https://login.microsoftonline.com/common/discovery/keys",
+  "response_modes_supported": [ "query", "fragment", "form_post" ],
+  "subject_types_supported": [ "pairwise" ],
+  "id_token_signing_alg_values_supported": [ "RS256" ],
+  "http_logout_supported": true,
+  "frontchannel_logout_supported": true,
+  "end_session_endpoint": "https://login.microsoftonline.com/common/oauth2/logout",
+  "response_types_supported": [ "code", "id_token", "code id_token", "token id_token", "token" ],
+  "scopes_supported": [ "openid" ],
+  "issuer": "https://sts.windows.net/{tenantid}/",
+  "claims_supported": [ "sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "amr", "nonce", "email", "given_name", "family_name", "nickname" ],
+  "microsoft_multi_refresh_token": true,
+  "check_session_iframe": "https://login.microsoftonline.com/common/oauth2/checksession",
+  "userinfo_endpoint": "https://login.microsoftonline.com/common/openid/userinfo",
+  "tenant_region_scope": null,
+  "cloud_instance_name": "microsoftonline.com",
+  "cloud_graph_host_name": "graph.windows.net",
+  "msgraph_host": "graph.microsoft.com"
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
new file mode 100644
index 0000000000..77cc5562af
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
@@ -0,0 +1,31 @@
+{
+  "keys": [
+    {
+      "kty": "RSA",
+      "use": "sig",
+      "kid": "SSQdhI1cKvhQEDSJxE2gGYs40Q0",
+      "x5t": "SSQdhI1cKvhQEDSJxE2gGYs40Q0",
+      "n": "pJUB90EMxiNjgkVz5CLLUuG5bYwirL2LXfVsq_nnY686WzbinkvFnNs6LvrJ6DWD5NV1-0Tq2eZj7WU8H9ytmDPsRnJ0b49gRCJYOg6-SdOe9Tl0lB0IBJE1aWh3OdCVrZLE4LH4-LGIDrkwnCV8dKFkO3EIUYPaEysL4g4wLx-TCfpMWE37XC09P-nBRVkRNcihrzY38_MC42NkRdDwByZemXkQKddnn5Y5o4rVzPGqQy3vjmTjKolYEIBYa7n3yF0848MG0k338bjnyceJgmZzjxttkWTVDikQXSldbu3QCrCAlipbWPUAXaZK8buY8LP80G4U_wx4LuZ_Krq5OQ",
+      "e": "AQAB",
+      "x5c": [ "MIIDBTCCAe2gAwIBAgIQHJ7yHxNEM7tBeqcRTMBhhTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE4MDEwODAwMDAwMFoXDTIwMDEwOTAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKSVAfdBDMYjY4JFc+Qiy1LhuW2MIqy9i131bKv552OvOls24p5LxZzbOi76yeg1g+TVdftE6tnmY+1lPB/crZgz7EZydG+PYEQiWDoOvknTnvU5dJQdCASRNWlodznQla2SxOCx+PixiA65MJwlfHShZDtxCFGD2hMrC+IOMC8fkwn6TFhN+1wtPT/pwUVZETXIoa82N/PzAuNjZEXQ8AcmXpl5ECnXZ5+WOaOK1czxqkMt745k4yqJWBCAWGu598hdPOPDBtJN9/G458nHiYJmc48bbZFk1Q4pEF0pXW7t0AqwgJYqW1j1AF2mSvG7mPCz/NBuFP8MeC7mfyq6uTkCAwEAAaMhMB8wHQYDVR0OBBYEFFVWt/4iTcBiWk+EX1dCKZGoAlBQMA0GCSqGSIb3DQEBCwUAA4IBAQCJrLUiCfldfDFhZLG08DpLcwpn8Mvhm61ZpPANyCawRgaoBOsxFJew1qpC2wfXh3yUwJEIkkTGXAsiWENkeqmjd2XXQwZuIHIo5/KyZLfo2m1CmEH/QXL6uRx1f8liPr4efC8H+7/sduf6nPfk0UpNsAHA6RxJFy2jg2wHU+Ux4jK4Gc5d/rJPhJhvyS9Zax1hbTlf+N32ZvS780VMDb/nf2LdtACL0ya/+KSDGVXS3GhS9FLEXrBNjq921ghVIFJhPzm54yfeupIwz+zfISoTHIYw37i7iNUbkvDrm14a27pwLS/tfSuJHKcGPt1sjMu6SS/pf1BlvdoFkKdLLaUb" ]
+    },
+    {
+      "kty": "RSA",
+      "use": "sig",
+      "kid": "FSimuFrFNoC0sJXGmv13nNZceDc",
+      "x5t": "FSimuFrFNoC0sJXGmv13nNZceDc",
+      "n": "yCYaJF8uHoV2L31cjZUDdcodK1Y1EsTLkDD-DEXFyGeHaQ92T9t6MU6zazBzHvJRarG6OMI1GwsFxZ9opSVOeuRjuL3H2ehmUyuKOAnL8uT4cfkdfbg9AIN_63COccfFn0br_xUszZ7lkF5mb63sze-G66YQcbdTCWgsXpxR6491b57Gc4HVTV8cEgU4byezhJIiirrPDmt23QJIjr6XtvUMSNW88u0kX7PKOUnVCns2AG8DB2I-JExTiXwhFVu5JUqgpgmjIngvd5eyNzOgFJMnpWNXabKDP3oMLvQxjdq9xwWuTu0IQLpmUxEF9jVc8vKV1Pu2xHcS7ON5xJrUzw",
+      "e": "AQAB",
+      "x5c": [ "MIIDBTCCAe2gAwIBAgIQev76BWqjWZxChmKkGqoAfDANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTE4MDIxODAwMDAwMFoXDTIwMDIxOTAwMDAwMFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMgmGiRfLh6Fdi99XI2VA3XKHStWNRLEy5Aw/gxFxchnh2kPdk/bejFOs2swcx7yUWqxujjCNRsLBcWfaKUlTnrkY7i9x9noZlMrijgJy/Lk+HH5HX24PQCDf+twjnHHxZ9G6/8VLM2e5ZBeZm+t7M3vhuumEHG3UwloLF6cUeuPdW+exnOB1U1fHBIFOG8ns4SSIoq6zw5rdt0CSI6+l7b1DEjVvPLtJF+zyjlJ1Qp7NgBvAwdiPiRMU4l8IRVbuSVKoKYJoyJ4L3eXsjczoBSTJ6VjV2mygz96DC70MY3avccFrk7tCEC6ZlMRBfY1XPLyldT7tsR3EuzjecSa1M8CAwEAAaMhMB8wHQYDVR0OBBYEFIks1srixjpSLXeiR8zES5cTY6fBMA0GCSqGSIb3DQEBCwUAA4IBAQCKthfK4C31DMuDyQZVS3F7+4Evld3hjiwqu2uGDK+qFZas/D/eDunxsFpiwqC01RIMFFN8yvmMjHphLHiBHWxcBTS+tm7AhmAvWMdxO5lzJLS+UWAyPF5ICROe8Mu9iNJiO5JlCo0Wpui9RbB1C81Xhax1gWHK245ESL6k7YWvyMYWrGqr1NuQcNS0B/AIT1Nsj1WY7efMJQOmnMHkPUTWryVZlthijYyd7P2Gz6rY5a81DAFqhDNJl2pGIAE6HWtSzeUEh3jCsHEkoglKfm4VrGJEuXcALmfCMbdfTvtu4rlsaP2hQad+MG/KJFlenoTK34EMHeBPDCpqNDz8UVNk" ]
+    },
+    {
+      "kty": "RSA",
+      "use": "sig",
+      "kid": "2S4SCVGs8Sg9LS6AqLIq6DpW-g8",
+      "x5t": "2S4SCVGs8Sg9LS6AqLIq6DpW-g8",
+      "n": "oZ-QQrNuB4ei9ATYrT61ebPtvwwYWnsrTpp4ISSp6niZYb92XM0oUTNgqd_C1vGN8J-y9wCbaJWkpBf46CjdZehrqczPhzhHau8WcRXocSB1u_tuZhv1ooAZ4bAcy79UkeLiG60HkuTNJJC8CfaTp1R97szBhuk0Vz5yt4r5SpfewIlBCnZUYwkDS172H9WapQu-3P2Qjh0l-JLyCkdrhvizZUk0atq5_AIDKRU-A0pRGc-EZhUL0LqUMz6c6M2s_4GnQaScv44A5iZUDD15B6e8Apb2yARohkWmOnmRcTVfes8EkfxjzZEzm3cNkvP0ogILyISHKlkzy2OmlU6iXw",
+      "e": "AQAB",
+      "x5c": [ "MIIDKDCCAhCgAwIBAgIQBHJvVNxP1oZO4HYKh+rypDANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwHhcNMTYxMTE2MDgwMDAwWhcNMTgxMTE2MDgwMDAwWjAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChn5BCs24Hh6L0BNitPrV5s+2/DBhaeytOmnghJKnqeJlhv3ZczShRM2Cp38LW8Y3wn7L3AJtolaSkF/joKN1l6GupzM+HOEdq7xZxFehxIHW7+25mG/WigBnhsBzLv1SR4uIbrQeS5M0kkLwJ9pOnVH3uzMGG6TRXPnK3ivlKl97AiUEKdlRjCQNLXvYf1ZqlC77c/ZCOHSX4kvIKR2uG+LNlSTRq2rn8AgMpFT4DSlEZz4RmFQvQupQzPpzozaz/gadBpJy/jgDmJlQMPXkHp7wClvbIBGiGRaY6eZFxNV96zwSR/GPNkTObdw2S8/SiAgvIhIcqWTPLY6aVTqJfAgMBAAGjWDBWMFQGA1UdAQRNMEuAEDUj0BrjP0RTbmoRPTRMY3WhJTAjMSEwHwYDVQQDExhsb2dpbi5taWNyb3NvZnRvbmxpbmUudXOCEARyb1TcT9aGTuB2Cofq8qQwDQYJKoZIhvcNAQELBQADggEBAGnLhDHVz2gLDiu9L34V3ro/6xZDiSWhGyHcGqky7UlzQH3pT5so8iF5P0WzYqVtogPsyC2LPJYSTt2vmQugD4xlu/wbvMFLcV0hmNoTKCF1QTVtEQiAiy0Aq+eoF7Al5fV1S3Sune0uQHimuUFHCmUuF190MLcHcdWnPAmzIc8fv7quRUUsExXmxSX2ktUYQXzqFyIOSnDCuWFm6tpfK5JXS8fW5bpqTlrysXXz/OW/8NFGq/alfjrya4ojrOYLpunGriEtNPwK7hxj1AlCYEWaRHRXaUIW1ByoSff/6Y6+ZhXPUe0cDlNRt/qIz5aflwO7+W8baTS4O8m/icu7ItE=" ]
+    }
+  ]
+}
\ No newline at end of file

From 46e62b2b673a8d11b65b5a443715927097138d4f Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Wed, 14 Mar 2018 15:35:22 -0700
Subject: [PATCH 875/900] Set 2.0 baselines

---
 build/dependencies.props                      |    2 +-
 korebuild-lock.txt                            |    4 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     | 1314 +++++++++++++++++
 .../baseline.netcore.json                     |   47 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netcore.json                     |    2 +-
 .../baseline.netframework.json                |    2 +-
 16 files changed, 1330 insertions(+), 61 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json

diff --git a/build/dependencies.props b/build/dependencies.props
index d0dfac301f..d80ecef5ae 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,7 +3,7 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15742</InternalAspNetCoreSdkPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15744</InternalAspNetCoreSdkPackageVersion>
     <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
     <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
     <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index e40ef6651b..f531e7b0f7 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15742
-commithash:21fbb0f2c3fe4a9216e2d59632b98cfd7d685962
+version:2.1.0-preview2-15744
+commithash:9e15cb6062ab5b9790d3fa699e018543a6950713
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
index 1f1115460b..52fa29be91 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.CookieExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
index 82a48a6bf4..2500e5fb5e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.FacebookAuthenticationOptionsExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
index 61aae649d3..edaade3267 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.GoogleExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
index 997cf7bdf1..44fc928cac 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.JwtBearerExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
index 5791297b27..966f7e1b1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.MicrosoftAccountExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
index ffda3cbafe..142e37c6bd 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.OAuthExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
index 9623b214e8..a57e2eb872 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.OpenIdConnectExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
index b577f07eb1..196b85372d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.TwitterExtensions",
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
new file mode 100644
index 0000000000..5a8110fbce
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
@@ -0,0 +1,1314 @@
+{
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.WsFederation, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "Types": [
+    {
+      "Name": "Microsoft.Extensions.DependencyInjection.WsFederationExtensions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "AddWsFederation",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddWsFederation",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddWsFederation",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AddWsFederation",
+          "Parameters": [
+            {
+              "Name": "builder",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder"
+            },
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.AuthenticationFailedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Exception",
+          "Parameters": [],
+          "ReturnType": "System.Exception",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Exception",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.MessageReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.RedirectContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.PropertiesContext<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Handled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleResponse",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.RemoteSignOutContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions"
+            },
+            {
+              "Name": "message",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenReceivedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenValidatedContext",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationContext<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_ProtocolMessage",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ProtocolMessage",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationMessage"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityToken",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.SecurityToken",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityToken",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.SecurityToken"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Http.HttpContext"
+            },
+            {
+              "Name": "scheme",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationScheme"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions"
+            },
+            {
+              "Name": "principal",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationEvents",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationEvents",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_OnAuthenticationFailed",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.AuthenticationFailedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnAuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.AuthenticationFailedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnMessageReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.MessageReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnMessageReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.MessageReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRedirectToIdentityProvider",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.RedirectContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.RedirectContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnRemoteSignOut",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.RemoteSignOutContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnRemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.RemoteSignOutContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSecurityTokenReceived",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenReceivedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSecurityTokenReceived",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenReceivedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSecurityTokenValidated",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenValidatedContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSecurityTokenValidated",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenValidatedContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "AuthenticationFailed",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.AuthenticationFailedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MessageReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.MessageReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RedirectToIdentityProvider",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.RedirectContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "RemoteSignOut",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.RemoteSignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SecurityTokenReceived",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenReceivedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SecurityTokenValidated",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.SecurityTokenValidatedContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationDefaults",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "Static": true,
+      "Sealed": true,
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Field",
+          "Name": "UserstatePropertiesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AuthenticationScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"WsFederation\""
+        },
+        {
+          "Kind": "Field",
+          "Name": "DisplayName",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": [],
+          "Constant": true,
+          "Literal": "\"WsFederation\""
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationEvents",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SignOutAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteSignOutAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Validate",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Configuration",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Configuration",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_MetadataAddress",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MetadataAddress",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ConfigurationManager",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConfigurationManager",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Protocols.IConfigurationManager<Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RefreshOnIssuerKeyNotFound",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RefreshOnIssuerKeyNotFound",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SkipUnrecognizedRequests",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SkipUnrecognizedRequests",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationEvents",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SecurityTokenHandlers",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<Microsoft.IdentityModel.Tokens.ISecurityTokenValidator>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SecurityTokenHandlers",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Collections.Generic.ICollection<Microsoft.IdentityModel.Tokens.ISecurityTokenValidator>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_StateDataFormat",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_StateDataFormat",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.ISecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationProperties>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_TokenValidationParameters",
+          "Parameters": [],
+          "ReturnType": "Microsoft.IdentityModel.Tokens.TokenValidationParameters",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_TokenValidationParameters",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.IdentityModel.Tokens.TokenValidationParameters"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Wreply",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Wreply",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignOutWreply",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignOutWreply",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Wtrealm",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Wtrealm",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_UseTokenLifetime",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_UseTokenLifetime",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RequireHttpsMetadata",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RequireHttpsMetadata",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_AllowUnsolicitedLogins",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AllowUnsolicitedLogins",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_RemoteSignOutPath",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.PathString",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_RemoteSignOutPath",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.PathString"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_SignOutScheme",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_SignOutScheme",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationPostConfigureOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "ImplementedInterfaces": [
+        "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "PostConfigure",
+          "Parameters": [
+            {
+              "Name": "name",
+              "Type": "System.String"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Sealed": true,
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.Extensions.Options.IPostConfigureOptions<Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "dataProtection",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    }
+  ]
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
index 6db7d2c81d..a6082e8c46 100644
--- a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
@@ -2508,51 +2508,6 @@
       ],
       "GenericParameters": []
     },
-    {
-      "Name": "Microsoft.AspNetCore.Authentication.Internal.RequestPathBaseCookieBuilder",
-      "Visibility": "Public",
-      "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Http.CookieBuilder",
-      "ImplementedInterfaces": [],
-      "Members": [
-        {
-          "Kind": "Method",
-          "Name": "get_AdditionalPath",
-          "Parameters": [],
-          "ReturnType": "System.String",
-          "Virtual": true,
-          "Visibility": "Protected",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Build",
-          "Parameters": [
-            {
-              "Name": "context",
-              "Type": "Microsoft.AspNetCore.Http.HttpContext"
-            },
-            {
-              "Name": "expiresFrom",
-              "Type": "System.DateTimeOffset"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Http.CookieOptions",
-          "Virtual": true,
-          "Override": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Constructor",
-          "Name": ".ctor",
-          "Parameters": [],
-          "Visibility": "Public",
-          "GenericParameter": []
-        }
-      ],
-      "GenericParameters": []
-    },
     {
       "Name": "Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions",
       "Visibility": "Public",
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json b/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
index 0bad3ed62c..a2a971f826 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization.Policy, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization.Policy, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.AspNetCore.Authorization.Policy.IPolicyEvaluator",
diff --git a/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json b/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
index 6108db6d29..9910c93f6a 100644
--- a/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions",
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
index 97da7ea5c6..050546810f 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions",
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
index a55bf8f339..65256bed6f 100644
--- a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
+++ b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Owin.Security.Interop.AspNetTicketDataFormat",

From 90064ce9dfc79d13058fbd6ec9092bf0f6124449 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 2 Feb 2018 10:53:51 -0800
Subject: [PATCH 876/900] Add ClaimActions for bulk add and remove. #1609

---
 samples/OpenIdConnectSample/Startup.cs        |  7 +++
 .../ClaimActionCollectionMapExtensions.cs     | 39 +++++++++++++
 .../Claims/MapAllClaimsAction.cs              | 42 ++++++++++++++
 .../ClaimActionTests.cs                       | 57 +++++++++++++++++++
 4 files changed, 145 insertions(+)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index c05bc8b522..82bfdf54f1 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Globalization;
+using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Net.Http;
 using System.Text.Encodings.Web;
@@ -44,6 +45,8 @@ namespace OpenIdConnectSample
 
         public void ConfigureServices(IServiceCollection services)
         {
+            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+
             services.AddAuthentication(sharedOptions =>
             {
                 sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
@@ -56,9 +59,13 @@ namespace OpenIdConnectSample
                 o.ClientId = Configuration["oidc:clientid"];
                 o.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
                 o.Authority = Configuration["oidc:authority"];
+
                 o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
                 o.SaveTokens = true;
                 o.GetClaimsFromUserInfoEndpoint = true;
+
+                o.ClaimActions.MapAllExcept("aud", "iss", "iat", "nbf", "exp", "aio", "c_hash", "uti", "nonce");
+
                 o.Events = new OpenIdConnectEvents()
                 {
                     OnAuthenticationFailed = c =>
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
index f3fee6a229..5a178957a0 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
@@ -87,6 +87,27 @@ namespace Microsoft.AspNetCore.Authentication
             collection.Add(new CustomJsonClaimAction(claimType, valueType, resolver));
         }
 
+        /// <summary>
+        /// Clears any current ClaimsActions and maps all values from the json user data as claims, excluding duplicates.
+        /// </summary>
+        /// <param name="collection"></param>
+        public static void MapAll(this ClaimActionCollection collection)
+        {
+            collection.Clear();
+            collection.Add(new MapAllClaimsAction());
+        }
+
+        /// <summary>
+        /// Clears any current ClaimsActions and maps all values from the json user data as claims, excluding the specified types.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="exclusions"></param>
+        public static void MapAllExcept(this ClaimActionCollection collection, params string[] exclusions)
+        {
+            collection.MapAll();
+            collection.DeleteClaims(exclusions);
+        }
+
         /// <summary>
         /// Delete all claims from the given ClaimsIdentity with the given ClaimType.
         /// </summary>
@@ -96,5 +117,23 @@ namespace Microsoft.AspNetCore.Authentication
         {
             collection.Add(new DeleteClaimAction(claimType));
         }
+
+        /// <summary>
+        /// Delete all claims from the ClaimsIdentity with the given claimTypes.
+        /// </summary>
+        /// <param name="collection"></param>
+        /// <param name="claimTypes"></param>
+        public static void DeleteClaims(this ClaimActionCollection collection, params string[] claimTypes)
+        {
+            if (claimTypes == null)
+            {
+                throw new ArgumentNullException(nameof(claimTypes));
+            }
+
+            foreach (var claimType in claimTypes)
+            {
+                collection.Add(new DeleteClaimAction(claimType));
+            }
+        }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
new file mode 100644
index 0000000000..b3bf5d99f1
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
@@ -0,0 +1,42 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth.Claims
+{
+    /// <summary>
+    /// A ClaimAction that selects all top level values from the json user data and adds them as Claims.
+    /// This excludes duplicate sets of names and values.
+    /// </summary>
+    public class MapAllClaimsAction : ClaimAction
+    {
+        public MapAllClaimsAction() : base("All", ClaimValueTypes.String)
+        {
+        }
+
+        public override void Run(JObject userData, ClaimsIdentity identity, string issuer)
+        {
+            if (userData == null)
+            {
+                return;
+            }
+            foreach (var pair in userData)
+            {
+                var claimValue = userData.TryGetValue(pair.Key, out var value) ? value.ToString() : null;
+
+                // Avoid adding a claim if there's a duplicate name and value. This often happens in OIDC when claims are
+                // retrieved both from the id_token and from the user-info endpoint.
+                var duplicate = identity.FindFirst(c => string.Equals(c.Type, pair.Key, StringComparison.OrdinalIgnoreCase)
+                        && string.Equals(c.Value, claimValue, StringComparison.Ordinal)) != null;
+
+                if (!duplicate)
+                {
+                    identity.AddClaim(new Claim(pair.Key, claimValue, ClaimValueTypes.String, issuer));
+                }
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
index 541e1edf28..b083e9d76d 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
@@ -51,5 +51,62 @@ namespace Microsoft.AspNetCore.Authentication
             Assert.Equal("role", roleClaims[1].Type);
             Assert.Equal("role2", roleClaims[1].Value);
         }
+
+        [Fact]
+        public void MapAllSucceeds()
+        {
+            var userData = new JObject
+            {
+                ["name0"] = "value0",
+                ["name1"] = "value1",
+            };
+
+            var identity = new ClaimsIdentity();
+            var action = new MapAllClaimsAction();
+            action.Run(userData, identity, "iss");
+
+            Assert.Equal("name0", identity.FindFirst("name0").Type);
+            Assert.Equal("value0", identity.FindFirst("name0").Value);
+            Assert.Equal("name1", identity.FindFirst("name1").Type);
+            Assert.Equal("value1", identity.FindFirst("name1").Value);
+        }
+
+        [Fact]
+        public void MapAllAllowesDulicateKeysWithUniqueValues()
+        {
+            var userData = new JObject
+            {
+                ["name0"] = "value0",
+                ["name1"] = "value1",
+            };
+
+            var identity = new ClaimsIdentity();
+            identity.AddClaim(new Claim("name0", "value2"));
+            identity.AddClaim(new Claim("name1", "value3"));
+            var action = new MapAllClaimsAction();
+            action.Run(userData, identity, "iss");
+
+            Assert.Equal(2, identity.FindAll("name0").Count());
+            Assert.Equal(2, identity.FindAll("name1").Count());
+        }
+
+        [Fact]
+        public void MapAllSkipsDuplicateValues()
+        {
+            var userData = new JObject
+            {
+                ["name0"] = "value0",
+                ["name1"] = "value1",
+            };
+
+            var identity = new ClaimsIdentity();
+            identity.AddClaim(new Claim("name0", "value0"));
+            identity.AddClaim(new Claim("name1", "value1"));
+            var action = new MapAllClaimsAction();
+            action.Run(userData, identity, "iss");
+
+            Assert.Single(identity.FindAll("name0"));
+            Assert.Single(identity.FindAll("name1"));
+        }
     }
 }

From d24fddcf596a705f480a6ca6e43446838a4af2fe Mon Sep 17 00:00:00 2001
From: Patrick Westerhoff <PatrickWesterhoff@gmail.com>
Date: Mon, 19 Mar 2018 22:19:57 +0100
Subject: [PATCH 877/900] Clean up tests

- Make Facebook test server asynchronous to avoid having to
  block for the result.
- Clean up some formatting.
---
 .../FacebookTests.cs                          | 52 +++++++++----------
 .../GoogleTests.cs                            | 34 ++++++------
 2 files changed, 40 insertions(+), 46 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 99177d66bb..4ee9117f95 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -426,15 +426,15 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddAuthentication().AddFacebook(o => {
+                services => services.AddAuthentication().AddFacebook(o =>
+                {
                     o.AppId = "whatever";
                     o.AppSecret = "whatever";
                     o.SignInScheme = FacebookDefaults.AuthenticationScheme;
                 }),
-                context => 
+                async context =>
                 {
-                    // Gross
-                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    await context.ChallengeAsync("Facebook");
                     return true;
                 });
             var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
@@ -446,14 +446,14 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddAuthentication(o => o.DefaultScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o => {
+                services => services.AddAuthentication(o => o.DefaultScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o =>
+                {
                     o.AppId = "whatever";
                     o.AppSecret = "whatever";
                 }),
-                context =>
+                async context =>
                 {
-                    // Gross
-                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    await context.ChallengeAsync("Facebook");
                     return true;
                 });
             var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
@@ -465,14 +465,14 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
         {
             var server = CreateServer(
                 app => { },
-                services => services.AddAuthentication(o => o.DefaultSignInScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o => {
+                services => services.AddAuthentication(o => o.DefaultSignInScheme = FacebookDefaults.AuthenticationScheme).AddFacebook(o =>
+                {
                     o.AppId = "whatever";
                     o.AppSecret = "whatever";
                 }),
-                context =>
+                async context =>
                 {
-                    // Gross
-                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    await context.ChallengeAsync("Facebook");
                     return true;
                 });
             var error = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync("https://example.com/challenge"));
@@ -498,10 +498,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var server = CreateServer(
                 app => { },
                 services => services.AddAuthentication().AddFacebook(o => o.SignInScheme = "Whatever"),
-                context =>
+                async context =>
                 {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("AppId", () => context.ChallengeAsync("Facebook").GetAwaiter().GetResult());
+                    await Assert.ThrowsAsync<ArgumentException>("AppId", () => context.ChallengeAsync("Facebook"));
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -514,10 +513,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             var server = CreateServer(
                 app => { },
                 services => services.AddAuthentication().AddFacebook(o => o.AppId = "Whatever"),
-                context =>
+                async context =>
                 {
-                    // REVIEW: Gross.
-                    Assert.Throws<ArgumentException>("AppSecret", () => context.ChallengeAsync("Facebook").GetAwaiter().GetResult());
+                    await Assert.ThrowsAsync<ArgumentException>("AppSecret", () => context.ChallengeAsync("Facebook"));
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -550,10 +548,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                         };
                     });
                 },
-                context =>
+                async context =>
                 {
-                    // REVIEW: Gross.
-                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    await context.ChallengeAsync("Facebook");
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -620,7 +617,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             Assert.Contains("https://www.facebook.com/v2.12/dialog/oauth", location);
             Assert.Contains("response_type=code", location);
             Assert.Contains("client_id=", location);
-            Assert.Contains("redirect_uri="+ UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
+            Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
             Assert.Contains("scope=", location);
             Assert.Contains("state=", location);
         }
@@ -643,10 +640,9 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                         o.AppSecret = "Test App Secret";
                     });
                 },
-                context =>
+                async context =>
                 {
-                    // REVIEW: gross
-                    context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+                    await context.ChallengeAsync("Facebook");
                     return true;
                 });
             var transaction = await server.SendAsync("http://example.com/challenge");
@@ -672,7 +668,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                 {
                     services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                         .AddCookie()
-                        .AddFacebook(o => 
+                        .AddFacebook(o =>
                     {
                         o.AppId = "Test App Id";
                         o.AppSecret = "Test App Secret";
@@ -728,7 +724,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             Assert.Contains("&access_token=", finalUserInfoEndpoint);
         }
 
-        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
+        private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, Task<bool>> handler)
         {
             var builder = new WebHostBuilder()
                 .Configure(app =>
@@ -736,7 +732,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
                     configure?.Invoke(app);
                     app.Use(async (context, next) =>
                     {
-                        if (handler == null || !handler(context))
+                        if (handler == null || !await handler(context))
                         {
                             await next();
                         }
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index c3e80ef71a..d9af959360 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -551,28 +551,26 @@ namespace Microsoft.AspNetCore.Authentication.Google
             {
                 o.ClientId = "Test Id";
                 o.ClientSecret = "Test Secret";
-                //AutomaticChallenge = true
             },
             context =>
+            {
+                var req = context.Request;
+                var res = context.Response;
+                if (req.Path == new PathString("/challenge2"))
                 {
-                    var req = context.Request;
-                    var res = context.Response;
-                    if (req.Path == new PathString("/challenge2"))
+                    return context.ChallengeAsync("Google", new AuthenticationProperties(new Dictionary<string, string>()
                     {
-                        return context.ChallengeAsync("Google", new AuthenticationProperties(
-                            new Dictionary<string, string>()
-                            {
-                                { "scope", "https://www.googleapis.com/auth/plus.login" },
-                                { "access_type", "offline" },
-                                { "approval_prompt", "force" },
-                                { "prompt", "consent" },
-                                { "login_hint", "test@example.com" },
-                                { "include_granted_scopes", "false" }
-                            }));
-                    }
+                        { "scope", "https://www.googleapis.com/auth/plus.login" },
+                        { "access_type", "offline" },
+                        { "approval_prompt", "force" },
+                        { "prompt", "consent" },
+                        { "login_hint", "test@example.com" },
+                        { "include_granted_scopes", "false" }
+                    }));
+                }
 
-                    return Task.FromResult<object>(null);
-                });
+                return Task.FromResult<object>(null);
+            });
             var transaction = await server.SendAsync("https://example.com/challenge2");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
             var query = transaction.Response.Headers.Location.Query;
@@ -1501,4 +1499,4 @@ namespace Microsoft.AspNetCore.Authentication.Google
             }
         }
     }
-}
+}
\ No newline at end of file

From 06c93669d617fec50bf411c0c53d672019adf9df Mon Sep 17 00:00:00 2001
From: Patrick Westerhoff <PatrickWesterhoff@gmail.com>
Date: Fri, 23 Mar 2018 02:09:05 +0100
Subject: [PATCH 878/900] Allow overwriting parameters on challenge requests

Add a way to overwrite query arguments that are passed as part of the
challenge request to the external authentication provider in OAuth-based
authentication providers, including OpenID Connect.

This uses the new `AuthenticationProperties.Parameters` collection to
pass parameters to the authentication handler which will then look for
special items within that property bag, overwriting previously
configured values within the authentication options.

This can be used for example to overwrite the OAuth scopes that are
requested from an authentication provider, or to explicitly trigger a
reauthentication by requiring a login prompt with OpenID Connect. By
being able to specify this on individual challenge requests (using
`HttpContext.ChallengeAsync`), this is independent from the global
scheme configuration.

Custom ~ChallengeProperties types, e.g. `OAuthChallengeProperties` for
OAuth-based authentication providers, provide assistance in setting the
challenge request parameters but are not required to make the handlers
use the overwritten values.

- Adjust authentication handlers to respect the custom parameters, and
  add ~ChallengeProperties types.
- Introduce `OAuthHandler.FormatScope(IEnumerable<string>)` to format a
  custom set of scopes. Subclasses requiring a different scope format
  should override this method instead of the parameterless overload.
  Overriding just `FormatScope()` will prevent handlers from supporting
  overwriting the OAuth `scope` in a challenge request.
- Refactor GoogleHandler to support parameterization through both the
  `Parameters` and the `Items` collection (former is preferred) to keep
  compatibility with the old behavior.
- Add an OpenIdConnect sample to overwrite the prompt argument in a
  challenge request.
- Add extensive tests.
---
 samples/OpenIdConnectSample/Startup.cs        |  17 ++
 .../FacebookHandler.cs                        |   8 +-
 .../GoogleChallengeProperties.cs              |  89 ++++++++++
 .../GoogleHandler.cs                          |  61 ++++---
 .../OAuthChallengeProperties.cs               |  41 +++++
 .../OAuthHandler.cs                           |  23 ++-
 .../OpenIdConnectChallengeProperties.cs       |  49 ++++++
 .../OpenIdConnectHandler.cs                   |  11 +-
 .../FacebookTests.cs                          |  91 ++++++++++
 .../GoogleTests.cs                            | 138 ++++++++++++++-
 .../MicrosoftAccountTests.cs                  |  63 +++++++
 .../OAuthChallengePropertiesTest.cs           | 149 ++++++++++++++++
 .../OAuthTests.cs                             |  82 +++++++++
 .../OpenIdConnectChallengeTests.cs            | 166 +++++++++++++++++-
 .../OpenIdConnect/TestSettings.cs             |   6 +
 15 files changed, 944 insertions(+), 50 deletions(-)
 create mode 100644 src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
 create mode 100644 src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
 create mode 100644 test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs

diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 82bfdf54f1..1aa7625cb0 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -225,11 +225,28 @@ namespace OpenIdConnectSample
                     return;
                 }
 
+                if (context.Request.Path.Equals("/login-challenge"))
+                {
+                    // Challenge the user authentication, and force a login prompt by overwriting the
+                    // "prompt". This could be used for example to require the user to re-enter their
+                    // credentials at the authentication provider, to add an extra confirmation layer.
+                    await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new OpenIdConnectChallengeProperties()
+                    {
+                        Prompt = "login",
+
+                        // it is also possible to specify different scopes, e.g.
+                        // Scope = new string[] { "openid", "profile", "other" }
+                    });
+
+                    return;
+                }
+
                 await WriteHtmlAsync(response, async res =>
                 {
                     await res.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
                     await res.WriteAsync("<a class=\"btn btn-default\" href=\"/refresh\">Refresh tokens</a>");
                     await res.WriteAsync("<a class=\"btn btn-default\" href=\"/restricted\">Restricted</a>");
+                    await res.WriteAsync("<a class=\"btn btn-default\" href=\"/login-challenge\">Login challenge</a>");
                     await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
                     await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remote</a>");
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 0f83c17196..eb42511431 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Collections.Generic;
 using System.Globalization;
 using System.Net.Http;
 using System.Security.Claims;
@@ -65,12 +66,15 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             }
         }
 
-        protected override string FormatScope()
+        protected override string FormatScope(IEnumerable<string> scopes)
         {
             // Facebook deviates from the OAuth spec here. They require comma separated instead of space separated.
             // https://developers.facebook.com/docs/reference/dialogs/oauth
             // http://tools.ietf.org/html/rfc6749#section-3.3
-            return string.Join(",", Options.Scope);
+            return string.Join(",", scopes);
         }
+
+        protected override string FormatScope()
+            => base.FormatScope();
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
new file mode 100644
index 0000000000..714df45655
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
@@ -0,0 +1,89 @@
+using System.Collections.Generic;
+using Microsoft.AspNetCore.Authentication.OAuth;
+
+namespace Microsoft.AspNetCore.Authentication.Google
+{
+    public class GoogleChallengeProperties : OAuthChallengeProperties
+    {
+        /// <summary>
+        /// The parameter key for the "access_type" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string AccessTypeKey = "access_type";
+
+        /// <summary>
+        /// The parameter key for the "approval_prompt" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string ApprovalPromptKey = "approval_prompt";
+
+        /// <summary>
+        /// The parameter key for the "include_granted_scopes" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string IncludeGrantedScopesKey = "include_granted_scopes";
+
+        /// <summary>
+        /// The parameter key for the "login_hint" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string LoginHintKey = "login_hint";
+
+        /// <summary>
+        /// The parameter key for the "prompt" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string PromptParameterKey = "prompt";
+
+        public GoogleChallengeProperties()
+        { }
+
+        public GoogleChallengeProperties(IDictionary<string, string> items)
+            : base(items)
+        { }
+
+        public GoogleChallengeProperties(IDictionary<string, string> items, IDictionary<string, object> parameters)
+            : base(items, parameters)
+        { }
+
+        /// <summary>
+        /// The "access_type" parameter value being used for a challenge request.
+        /// </summary>
+        public string AccessType
+        {
+            get => GetParameter<string>(AccessTypeKey);
+            set => SetParameter(AccessTypeKey, value);
+        }
+
+        /// <summary>
+        /// The "approval_prompt" parameter value being used for a challenge request.
+        /// </summary>
+        public string ApprovalPrompt
+        {
+            get => GetParameter<string>(ApprovalPromptKey);
+            set => SetParameter(ApprovalPromptKey, value);
+        }
+
+        /// <summary>
+        /// The "include_granted_scopes" parameter value being used for a challenge request.
+        /// </summary>
+        public bool? IncludeGrantedScopes
+        {
+            get => GetParameter<bool?>(IncludeGrantedScopesKey);
+            set => SetParameter(IncludeGrantedScopesKey, value);
+        }
+
+        /// <summary>
+        /// The "login_hint" parameter value being used for a challenge request.
+        /// </summary>
+        public string LoginHint
+        {
+            get => GetParameter<string>(LoginHintKey);
+            set => SetParameter(LoginHintKey, value);
+        }
+
+        /// <summary>
+        /// The "prompt" parameter value being used for a challenge request.
+        /// </summary>
+        public string Prompt
+        {
+            get => GetParameter<string>(PromptParameterKey);
+            set => SetParameter(PromptParameterKey, value);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 091896f7cf..88d48d4467 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -57,12 +57,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
             queryStrings.Add("client_id", Options.ClientId);
             queryStrings.Add("redirect_uri", redirectUri);
 
-            AddQueryString(queryStrings, properties, "scope", FormatScope());
-            AddQueryString(queryStrings, properties, "access_type", Options.AccessType);
-            AddQueryString(queryStrings, properties, "approval_prompt");
-            AddQueryString(queryStrings, properties, "prompt");
-            AddQueryString(queryStrings, properties, "login_hint");
-            AddQueryString(queryStrings, properties, "include_granted_scopes");
+            AddQueryString(queryStrings, properties, GoogleChallengeProperties.ScopeKey, FormatScope, Options.Scope);
+            AddQueryString(queryStrings, properties, GoogleChallengeProperties.AccessTypeKey, Options.AccessType);
+            AddQueryString(queryStrings, properties, GoogleChallengeProperties.ApprovalPromptKey);
+            AddQueryString(queryStrings, properties, GoogleChallengeProperties.PromptParameterKey);
+            AddQueryString(queryStrings, properties, GoogleChallengeProperties.LoginHintKey);
+            AddQueryString(queryStrings, properties, GoogleChallengeProperties.IncludeGrantedScopesKey, v => v?.ToString().ToLower(), (bool?)null);
 
             var state = Options.StateDataFormat.Protect(properties);
             queryStrings.Add("state", state);
@@ -71,29 +71,38 @@ namespace Microsoft.AspNetCore.Authentication.Google
             return authorizationEndpoint;
         }
 
-        private static void AddQueryString(
+        private void AddQueryString<T>(
+            IDictionary<string, string> queryStrings,
+            AuthenticationProperties properties,
+            string name,
+            Func<T, string> formatter,
+            T defaultValue)
+        {
+            string value = null;
+            var parameterValue = properties.GetParameter<T>(name);
+            if (parameterValue != null)
+            {
+                value = formatter(parameterValue);
+            }
+            else if (!properties.Items.TryGetValue(name, out value))
+            {
+                value = formatter(defaultValue);
+            }
+
+            // Remove the parameter from AuthenticationProperties so it won't be serialized into the state
+            properties.Items.Remove(name);
+
+            if (value != null)
+            {
+                queryStrings[name] = value;
+            }
+        }
+
+        private void AddQueryString(
             IDictionary<string, string> queryStrings,
             AuthenticationProperties properties,
             string name,
             string defaultValue = null)
-        {
-            string value;
-            if (!properties.Items.TryGetValue(name, out value))
-            {
-                value = defaultValue;
-            }
-            else
-            {
-                // Remove the parameter from AuthenticationProperties so it won't be serialized to state parameter
-                properties.Items.Remove(name);
-            }
-
-            if (value == null)
-            {
-                return;
-            }
-
-            queryStrings[name] = value;
-        }
+            => AddQueryString(queryStrings, properties, name, x => x, defaultValue);
     }
 }
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
new file mode 100644
index 0000000000..fc768a8ac8
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
@@ -0,0 +1,41 @@
+using System.Collections.Generic;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth
+{
+    public class OAuthChallengeProperties : AuthenticationProperties
+    {
+        /// <summary>
+        /// The parameter key for the "scope" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string ScopeKey = "scope";
+
+        public OAuthChallengeProperties()
+        { }
+
+        public OAuthChallengeProperties(IDictionary<string, string> items)
+            : base(items)
+        { }
+
+        public OAuthChallengeProperties(IDictionary<string, string> items, IDictionary<string, object> parameters)
+            : base(items, parameters)
+        { }
+
+        /// <summary>
+        /// The "scope" parameter value being used for a challenge request.
+        /// </summary>
+        public ICollection<string> Scope
+        {
+            get => GetParameter<ICollection<string>>(ScopeKey);
+            set => SetParameter(ScopeKey, value);
+        }
+
+        /// <summary>
+        /// Set the "scope" parameter value.
+        /// </summary>
+        /// <param name="scopes">List of scopes.</param>
+        public virtual void SetScope(params string[] scopes)
+        {
+            Scope = scopes;
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index 80680a7cf8..808e0f9039 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -209,7 +209,8 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
 
         protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
         {
-            var scope = FormatScope();
+            var scopeParameter = properties.GetParameter<ICollection<string>>(OAuthChallengeProperties.ScopeKey);
+            var scope = scopeParameter != null ? FormatScope(scopeParameter) : FormatScope();
 
             var state = Options.StateDataFormat.Protect(properties);
             var parameters = new Dictionary<string, string>
@@ -223,10 +224,20 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters);
         }
 
+        /// <summary>
+        /// Format a list of OAuth scopes.
+        /// </summary>
+        /// <param name="scopes">List of scopes.</param>
+        /// <returns>Formatted scopes.</returns>
+        protected virtual string FormatScope(IEnumerable<string> scopes)
+            => string.Join(" ", scopes); // OAuth2 3.3 space separated
+
+        /// <summary>
+        /// Format the <see cref="OAuthOptions.Scope"/> property.
+        /// </summary>
+        /// <returns>Formatted scopes.</returns>
+        /// <remarks>Subclasses should rather override <see cref="FormatScope(IEnumerable{string})"/>.</remarks>
         protected virtual string FormatScope()
-        {
-            // OAuth2 3.3 space separated
-            return string.Join(" ", Options.Scope);
-        }
+            => FormatScope(Options.Scope);
     }
-}
\ No newline at end of file
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
new file mode 100644
index 0000000000..0ced488deb
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
@@ -0,0 +1,49 @@
+using System;
+using System.Collections.Generic;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
+{
+    public class OpenIdConnectChallengeProperties : OAuthChallengeProperties
+    {
+        /// <summary>
+        /// The parameter key for the "max_age" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string MaxAgeKey = OpenIdConnectParameterNames.MaxAge;
+
+        /// <summary>
+        /// The parameter key for the "prompt" argument being used for a challenge request.
+        /// </summary>
+        public static readonly string PromptKey = OpenIdConnectParameterNames.Prompt;
+
+        public OpenIdConnectChallengeProperties()
+        { }
+
+        public OpenIdConnectChallengeProperties(IDictionary<string, string> items)
+            : base(items)
+        { }
+
+        public OpenIdConnectChallengeProperties(IDictionary<string, string> items, IDictionary<string, object> parameters)
+            : base(items, parameters)
+        { }
+
+        /// <summary>
+        /// The "max_age" parameter value being used for a challenge request.
+        /// </summary>
+        public TimeSpan? MaxAge
+        {
+            get => GetParameter<TimeSpan?>(MaxAgeKey);
+            set => SetParameter(MaxAgeKey, value);
+        }
+
+        /// <summary>
+        /// The "prompt" parameter value being used for a challenge request.
+        /// </summary>
+        public string Prompt
+        {
+            get => GetParameter<string>(PromptKey);
+            set => SetParameter(PromptKey, value);
+        }
+    }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index ce7494fb4a..029cf541b7 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -329,15 +329,16 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
                 RedirectUri = BuildRedirectUri(Options.CallbackPath),
                 Resource = Options.Resource,
                 ResponseType = Options.ResponseType,
-                Prompt = Options.Prompt,
-                Scope = string.Join(" ", Options.Scope)
+                Prompt = properties.GetParameter<string>(OpenIdConnectParameterNames.Prompt) ?? Options.Prompt,
+                Scope = string.Join(" ", properties.GetParameter<ICollection<string>>(OpenIdConnectParameterNames.Scope) ?? Options.Scope),
             };
 
             // Add the 'max_age' parameter to the authentication request if MaxAge is not null.
             // See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
-            if (Options.MaxAge.HasValue)
+            var maxAge = properties.GetParameter<TimeSpan?>(OpenIdConnectParameterNames.MaxAge) ?? Options.MaxAge;
+            if (maxAge.HasValue)
             {
-                message.MaxAge = Convert.ToInt64(Math.Floor((Options.MaxAge.Value).TotalSeconds))
+                message.MaxAge = Convert.ToInt64(Math.Floor((maxAge.Value).TotalSeconds))
                     .ToString(CultureInfo.InvariantCulture);
             }
 
@@ -783,7 +784,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// <param name="properties">The authentication properties.</param>
         /// <returns><see cref="HandleRequestResult"/> which is used to determine if the remote authentication was successful.</returns>
         protected virtual async Task<HandleRequestResult> GetUserInformationAsync(
-            OpenIdConnectMessage message, JwtSecurityToken jwt, 
+            OpenIdConnectMessage message, JwtSecurityToken jwt,
             ClaimsPrincipal principal, AuthenticationProperties properties)
         {
             var userInfoEndpoint = _configuration?.UserInfoEndpoint;
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 4ee9117f95..b909be9fdc 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -559,6 +559,97 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
             Assert.Contains("custom=test", query);
         }
 
+        [Fact]
+        public async Task ChallengeWillIncludeScopeAsConfigured()
+        {
+            var server = CreateServer(
+                app => app.UseAuthentication(),
+                services =>
+                {
+                    services.AddAuthentication().AddFacebook(o =>
+                    {
+                        o.AppId = "Test App Id";
+                        o.AppSecret = "Test App Secret";
+                        o.Scope.Clear();
+                        o.Scope.Add("foo");
+                        o.Scope.Add("bar");
+                    });
+                },
+                async context =>
+                {
+                    await context.ChallengeAsync(FacebookDefaults.AuthenticationScheme);
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=foo,bar", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task ChallengeWillIncludeScopeAsOverwritten()
+        {
+            var server = CreateServer(
+                app => app.UseAuthentication(),
+                services =>
+                {
+                    services.AddAuthentication().AddFacebook(o =>
+                    {
+                        o.AppId = "Test App Id";
+                        o.AppSecret = "Test App Secret";
+                        o.Scope.Clear();
+                        o.Scope.Add("foo");
+                        o.Scope.Add("bar");
+                    });
+                },
+                async context =>
+                {
+                    var properties = new OAuthChallengeProperties();
+                    properties.SetScope("baz", "qux");
+                    await context.ChallengeAsync(FacebookDefaults.AuthenticationScheme, properties);
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=baz,qux", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task ChallengeWillIncludeScopeAsOverwrittenWithBaseAuthenticationProperties()
+        {
+            var server = CreateServer(
+                app => app.UseAuthentication(),
+                services =>
+                {
+                    services.AddAuthentication().AddFacebook(o =>
+                    {
+                        o.AppId = "Test App Id";
+                        o.AppSecret = "Test App Secret";
+                        o.Scope.Clear();
+                        o.Scope.Add("foo");
+                        o.Scope.Add("bar");
+                    });
+                },
+                async context =>
+                {
+                    var properties = new AuthenticationProperties();
+                    properties.SetParameter(OAuthChallengeProperties.ScopeKey, new string[] { "baz", "qux" });
+                    await context.ChallengeAsync(FacebookDefaults.AuthenticationScheme, properties);
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=baz,qux", res.Headers.Location.Query);
+        }
+
         [Fact]
         public async Task NestedMapWillNotAffectRedirect()
         {
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index d9af959360..511a658ff4 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -16,6 +16,7 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Newtonsoft.Json;
@@ -545,12 +546,65 @@ namespace Microsoft.AspNetCore.Authentication.Google
         }
 
         [Fact]
-        public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
+        public async Task ChallengeWillUseAuthenticationPropertiesParametersAsQueryArguments()
         {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
             var server = CreateServer(o =>
             {
                 o.ClientId = "Test Id";
                 o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+            },
+            context =>
+            {
+                var req = context.Request;
+                var res = context.Response;
+                if (req.Path == new PathString("/challenge2"))
+                {
+                    return context.ChallengeAsync("Google", new GoogleChallengeProperties
+                    {
+                        Scope = new string[] { "openid", "https://www.googleapis.com/auth/plus.login" },
+                        AccessType = "offline",
+                        ApprovalPrompt = "force",
+                        Prompt = "consent",
+                        LoginHint = "test@example.com",
+                        IncludeGrantedScopes = false,
+                    });
+                }
+
+                return Task.FromResult<object>(null);
+            });
+            var transaction = await server.SendAsync("https://example.com/challenge2");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+
+            // verify query arguments
+            var query = QueryHelpers.ParseQuery(transaction.Response.Headers.Location.Query);
+            Assert.Equal("openid https://www.googleapis.com/auth/plus.login", query["scope"]);
+            Assert.Equal("offline", query["access_type"]);
+            Assert.Equal("force", query["approval_prompt"]);
+            Assert.Equal("consent", query["prompt"]);
+            Assert.Equal("false", query["include_granted_scopes"]);
+            Assert.Equal("test@example.com", query["login_hint"]);
+
+            // verify that the passed items were not serialized
+            var stateProperties = stateFormat.Unprotect(query["state"]);
+            Assert.DoesNotContain("scope", stateProperties.Items.Keys);
+            Assert.DoesNotContain("access_type", stateProperties.Items.Keys);
+            Assert.DoesNotContain("include_granted_scopes", stateProperties.Items.Keys);
+            Assert.DoesNotContain("approval_prompt", stateProperties.Items.Keys);
+            Assert.DoesNotContain("prompt", stateProperties.Items.Keys);
+            Assert.DoesNotContain("login_hint", stateProperties.Items.Keys);
+        }
+
+        [Fact]
+        public async Task ChallengeWillUseAuthenticationPropertiesItemsAsParameters()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
             },
             context =>
             {
@@ -573,13 +627,79 @@ namespace Microsoft.AspNetCore.Authentication.Google
             });
             var transaction = await server.SendAsync("https://example.com/challenge2");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            var query = transaction.Response.Headers.Location.Query;
-            Assert.Contains("scope=" + UrlEncoder.Default.Encode("https://www.googleapis.com/auth/plus.login"), query);
-            Assert.Contains("access_type=offline", query);
-            Assert.Contains("approval_prompt=force", query);
-            Assert.Contains("prompt=consent", query);
-            Assert.Contains("include_granted_scopes=false", query);
-            Assert.Contains("login_hint=" + UrlEncoder.Default.Encode("test@example.com"), query);
+
+            // verify query arguments
+            var query = QueryHelpers.ParseQuery(transaction.Response.Headers.Location.Query);
+            Assert.Equal("https://www.googleapis.com/auth/plus.login", query["scope"]);
+            Assert.Equal("offline", query["access_type"]);
+            Assert.Equal("force", query["approval_prompt"]);
+            Assert.Equal("consent", query["prompt"]);
+            Assert.Equal("false", query["include_granted_scopes"]);
+            Assert.Equal("test@example.com", query["login_hint"]);
+
+            // verify that the passed items were not serialized
+            var stateProperties = stateFormat.Unprotect(query["state"]);
+            Assert.DoesNotContain("scope", stateProperties.Items.Keys);
+            Assert.DoesNotContain("access_type", stateProperties.Items.Keys);
+            Assert.DoesNotContain("include_granted_scopes", stateProperties.Items.Keys);
+            Assert.DoesNotContain("approval_prompt", stateProperties.Items.Keys);
+            Assert.DoesNotContain("prompt", stateProperties.Items.Keys);
+            Assert.DoesNotContain("login_hint", stateProperties.Items.Keys);
+        }
+
+        [Fact]
+        public async Task ChallengeWillUseAuthenticationPropertiesItemsAsQueryArgumentsButParametersWillOverwrite()
+        {
+            var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.StateDataFormat = stateFormat;
+            },
+            context =>
+            {
+                var req = context.Request;
+                var res = context.Response;
+                if (req.Path == new PathString("/challenge2"))
+                {
+                    return context.ChallengeAsync("Google", new GoogleChallengeProperties(new Dictionary<string, string>
+                    {
+                        ["scope"] = "https://www.googleapis.com/auth/plus.login",
+                        ["access_type"] = "offline",
+                        ["include_granted_scopes"] = "false",
+                        ["approval_prompt"] = "force",
+                        ["prompt"] = "login",
+                        ["login_hint"] = "this-will-be-overwritten@example.com",
+                    })
+                    {
+                        Prompt = "consent",
+                        LoginHint = "test@example.com",
+                    });
+                }
+
+                return Task.FromResult<object>(null);
+            });
+            var transaction = await server.SendAsync("https://example.com/challenge2");
+            Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
+
+            // verify query arguments
+            var query = QueryHelpers.ParseQuery(transaction.Response.Headers.Location.Query);
+            Assert.Equal("https://www.googleapis.com/auth/plus.login", query["scope"]);
+            Assert.Equal("offline", query["access_type"]);
+            Assert.Equal("force", query["approval_prompt"]);
+            Assert.Equal("consent", query["prompt"]);
+            Assert.Equal("false", query["include_granted_scopes"]);
+            Assert.Equal("test@example.com", query["login_hint"]);
+
+            // verify that the passed items were not serialized
+            var stateProperties = stateFormat.Unprotect(query["state"]);
+            Assert.DoesNotContain("scope", stateProperties.Items.Keys);
+            Assert.DoesNotContain("access_type", stateProperties.Items.Keys);
+            Assert.DoesNotContain("include_granted_scopes", stateProperties.Items.Keys);
+            Assert.DoesNotContain("approval_prompt", stateProperties.Items.Keys);
+            Assert.DoesNotContain("prompt", stateProperties.Items.Keys);
+            Assert.DoesNotContain("login_hint", stateProperties.Items.Keys);
         }
 
         [Fact]
@@ -1499,4 +1619,4 @@ namespace Microsoft.AspNetCore.Authentication.Google
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
index 480241d35b..e2e13f270e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -525,6 +525,57 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
             Assert.Contains("state=", location);
         }
 
+        [Fact]
+        public async Task ChallengeWillIncludeScopeAsConfigured()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.Scope.Clear();
+                o.Scope.Add("foo");
+                o.Scope.Add("bar");
+            });
+            var transaction = await server.SendAsync("http://example.com/challenge");
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=foo%20bar", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task ChallengeWillIncludeScopeAsOverwritten()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.Scope.Clear();
+                o.Scope.Add("foo");
+                o.Scope.Add("bar");
+            });
+            var transaction = await server.SendAsync("http://example.com/challengeWithOtherScope");
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task ChallengeWillIncludeScopeAsOverwrittenWithBaseAuthenticationProperties()
+        {
+            var server = CreateServer(o =>
+            {
+                o.ClientId = "Test Id";
+                o.ClientSecret = "Test Secret";
+                o.Scope.Clear();
+                o.Scope.Add("foo");
+                o.Scope.Add("bar");
+            });
+            var transaction = await server.SendAsync("http://example.com/challengeWithOtherScopeWithBaseAuthenticationProperties");
+            var res = transaction.Response;
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
+        }
+
         [Fact]
         public async Task AuthenticatedEventCanGetRefreshToken()
         {
@@ -608,6 +659,18 @@ namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
                         {
                             await context.ChallengeAsync("Microsoft");
                         }
+                        else if (req.Path == new PathString("/challengeWithOtherScope"))
+                        {
+                            var properties = new OAuthChallengeProperties();
+                            properties.SetScope("baz", "qux");
+                            await context.ChallengeAsync("Microsoft", properties);
+                        }
+                        else if (req.Path == new PathString("/challengeWithOtherScopeWithBaseAuthenticationProperties"))
+                        {
+                            var properties = new AuthenticationProperties();
+                            properties.SetParameter(OAuthChallengeProperties.ScopeKey, new string[] { "baz", "qux" });
+                            await context.ChallengeAsync("Microsoft", properties);
+                        }
                         else if (req.Path == new PathString("/me"))
                         {
                             res.Describe(context.User);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
new file mode 100644
index 0000000000..c359bb0e8c
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
@@ -0,0 +1,149 @@
+using System;
+using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Test
+{
+    public class OAuthChallengePropertiesTest
+    {
+        [Fact]
+        public void ScopeProperty()
+        {
+            var properties = new OAuthChallengeProperties
+            {
+                Scope = new string[] { "foo", "bar" }
+            };
+            Assert.Equal(new string[] { "foo", "bar" }, properties.Scope);
+            Assert.Equal(new string[] { "foo", "bar" }, properties.Parameters["scope"]);
+        }
+
+        [Fact]
+        public void ScopeProperty_NullValue()
+        {
+            var properties = new OAuthChallengeProperties();
+            properties.Parameters["scope"] = new string[] { "foo", "bar" };
+            Assert.Equal(new string[] { "foo", "bar" }, properties.Scope);
+
+            properties.Scope = null;
+            Assert.Null(properties.Scope);
+        }
+
+        [Fact]
+        public void SetScope()
+        {
+            var properties = new OAuthChallengeProperties();
+            properties.SetScope("foo", "bar");
+            Assert.Equal(new string[] { "foo", "bar" }, properties.Scope);
+            Assert.Equal(new string[] { "foo", "bar" }, properties.Parameters["scope"]);
+        }
+
+        [Fact]
+        public void OidcMaxAge()
+        {
+            var properties = new OpenIdConnectChallengeProperties()
+            {
+                MaxAge = TimeSpan.FromSeconds(200)
+            };
+            Assert.Equal(TimeSpan.FromSeconds(200), properties.MaxAge);
+        }
+
+        [Fact]
+        public void OidcMaxAge_NullValue()
+        {
+            var properties = new OpenIdConnectChallengeProperties();
+            properties.Parameters["max_age"] = TimeSpan.FromSeconds(500);
+            Assert.Equal(TimeSpan.FromSeconds(500), properties.MaxAge);
+
+            properties.MaxAge = null;
+            Assert.Null(properties.MaxAge);
+        }
+
+        [Fact]
+        public void OidcPrompt()
+        {
+            var properties = new OpenIdConnectChallengeProperties()
+            {
+                Prompt = "login"
+            };
+            Assert.Equal("login", properties.Prompt);
+            Assert.Equal("login", properties.Parameters["prompt"]);
+        }
+
+        [Fact]
+        public void OidcPrompt_NullValue()
+        {
+            var properties = new OpenIdConnectChallengeProperties();
+            properties.Parameters["prompt"] = "consent";
+            Assert.Equal("consent", properties.Prompt);
+
+            properties.Prompt = null;
+            Assert.Null(properties.Prompt);
+        }
+
+        [Fact]
+        public void GoogleProperties()
+        {
+            var properties = new GoogleChallengeProperties()
+            {
+                AccessType = "offline",
+                ApprovalPrompt = "force",
+                LoginHint = "test@example.com",
+                Prompt = "login",
+            };
+            Assert.Equal("offline", properties.AccessType);
+            Assert.Equal("offline", properties.Parameters["access_type"]);
+            Assert.Equal("force", properties.ApprovalPrompt);
+            Assert.Equal("force", properties.Parameters["approval_prompt"]);
+            Assert.Equal("test@example.com", properties.LoginHint);
+            Assert.Equal("test@example.com", properties.Parameters["login_hint"]);
+            Assert.Equal("login", properties.Prompt);
+            Assert.Equal("login", properties.Parameters["prompt"]);
+        }
+
+        [Fact]
+        public void GoogleProperties_NullValues()
+        {
+            var properties = new GoogleChallengeProperties();
+            properties.Parameters["access_type"] = "offline";
+            properties.Parameters["approval_prompt"] = "force";
+            properties.Parameters["login_hint"] = "test@example.com";
+            properties.Parameters["prompt"] = "login";
+            Assert.Equal("offline", properties.AccessType);
+            Assert.Equal("force", properties.ApprovalPrompt);
+            Assert.Equal("test@example.com", properties.LoginHint);
+            Assert.Equal("login", properties.Prompt);
+
+            properties.AccessType = null;
+            Assert.Null(properties.AccessType);
+
+            properties.ApprovalPrompt = null;
+            Assert.Null(properties.ApprovalPrompt);
+
+            properties.LoginHint = null;
+            Assert.Null(properties.LoginHint);
+
+            properties.Prompt = null;
+            Assert.Null(properties.Prompt);
+        }
+
+        [Fact]
+        public void GoogleIncludeGrantedScopes()
+        {
+            var properties = new GoogleChallengeProperties()
+            {
+                IncludeGrantedScopes = true
+            };
+            Assert.True(properties.IncludeGrantedScopes);
+            Assert.Equal(true, properties.Parameters["include_granted_scopes"]);
+
+            properties.IncludeGrantedScopes = false;
+            Assert.False(properties.IncludeGrantedScopes);
+            Assert.Equal(false, properties.Parameters["include_granted_scopes"]);
+
+            properties.IncludeGrantedScopes = null;
+            Assert.Null(properties.IncludeGrantedScopes);
+        }
+    }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
index 9279f145b9..4b822b611f 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
@@ -572,6 +572,88 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
             Assert.Contains("path=/", correlation);
         }
 
+        [Fact]
+        public async Task RedirectToAuthorizeEndpoint_HasScopeAsConfigured()
+        {
+            var server = CreateServer(
+                s => s.AddAuthentication().AddOAuth(
+                    "Weblie",
+                    opt =>
+                    {
+                        ConfigureDefaults(opt);
+                        opt.Scope.Clear();
+                        opt.Scope.Add("foo");
+                        opt.Scope.Add("bar");
+                    }),
+                async ctx =>
+                {
+                    await ctx.ChallengeAsync("Weblie");
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("https://www.example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=foo%20bar", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task RedirectToAuthorizeEndpoint_HasScopeAsOverwritten()
+        {
+            var server = CreateServer(
+                s => s.AddAuthentication().AddOAuth(
+                    "Weblie",
+                    opt =>
+                    {
+                        ConfigureDefaults(opt);
+                        opt.Scope.Clear();
+                        opt.Scope.Add("foo");
+                        opt.Scope.Add("bar");
+                    }),
+                async ctx =>
+                {
+                    var properties = new OAuthChallengeProperties();
+                    properties.SetScope("baz", "qux");
+                    await ctx.ChallengeAsync("Weblie", properties);
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("https://www.example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task RedirectToAuthorizeEndpoint_HasScopeAsOverwrittenWithBaseAuthenticationProperties()
+        {
+            var server = CreateServer(
+                s => s.AddAuthentication().AddOAuth(
+                    "Weblie",
+                    opt =>
+                    {
+                        ConfigureDefaults(opt);
+                        opt.Scope.Clear();
+                        opt.Scope.Add("foo");
+                        opt.Scope.Add("bar");
+                    }),
+                async ctx =>
+                {
+                    var properties = new AuthenticationProperties();
+                    properties.SetParameter(OAuthChallengeProperties.ScopeKey, new string[] { "baz", "qux" });
+                    await ctx.ChallengeAsync("Weblie", properties);
+                    return true;
+                });
+
+            var transaction = await server.SendAsync("https://www.example.com/challenge");
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
+        }
+
         private void ConfigureDefaults(OAuthOptions o)
         {
             o.ClientId = "Test Id";
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index 7ab81c9dd4..cbafc46223 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -51,14 +51,14 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
         [Fact]
         public async Task AuthorizationRequestDoesNotIncludeTelemetryParametersWhenDisabled()
         {
-            var setting = new TestSettings(opt =>
+            var settings = new TestSettings(opt =>
             {
                 opt.ClientId = "Test Id";
                 opt.Authority = TestServerBuilder.DefaultAuthority;
                 opt.DisableTelemetry = true;
             });
 
-            var server = setting.CreateTestServer();
+            var server = settings.CreateTestServer();
             var transaction = await server.SendAsync(ChallengeEndpoint);
 
             var res = transaction.Response;
@@ -425,6 +425,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
             var res = transaction.Response;
 
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
             settings.ValidateChallengeRedirect(
                 res.Headers.Location,
                 OpenIdConnectParameterNames.MaxAge);
@@ -446,9 +447,170 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
 
             var res = transaction.Response;
 
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
             settings.ValidateChallengeRedirect(
                 res.Headers.Location,
                 OpenIdConnectParameterNames.MaxAge);
         }
+
+        [Fact]
+        public async Task Challenge_HasExpectedPromptParam()
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.Prompt = "consent";
+            });
+
+            var server = settings.CreateTestServer();
+            var transaction = await server.SendAsync(ChallengeEndpoint);
+
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            settings.ValidateChallengeRedirect(res.Headers.Location, OpenIdConnectParameterNames.Prompt);
+            Assert.Contains("prompt=consent", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task Challenge_HasOverwrittenPromptParam()
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.Prompt = "consent";
+            });
+            var properties = new OpenIdConnectChallengeProperties()
+            {
+                Prompt = "login",
+            };
+
+            var server = settings.CreateTestServer(properties);
+            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
+
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            settings.ValidateChallengeRedirect(res.Headers.Location);
+            Assert.Contains("prompt=login", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task Challenge_HasOverwrittenPromptParamFromBaseAuthenticationProperties()
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.Prompt = "consent";
+            });
+            var properties = new AuthenticationProperties();
+            properties.SetParameter(OpenIdConnectChallengeProperties.PromptKey, "login");
+
+            var server = settings.CreateTestServer(properties);
+            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
+
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            settings.ValidateChallengeRedirect(res.Headers.Location);
+            Assert.Contains("prompt=login", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task Challenge_HasOverwrittenScopeParam()
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.Scope.Clear();
+                opt.Scope.Add("foo");
+                opt.Scope.Add("bar");
+            });
+            var properties = new OpenIdConnectChallengeProperties();
+            properties.SetScope("baz", "qux");
+
+            var server = settings.CreateTestServer(properties);
+            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
+
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            settings.ValidateChallengeRedirect(res.Headers.Location);
+            Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task Challenge_HasOverwrittenScopeParamFromBaseAuthenticationProperties()
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.Scope.Clear();
+                opt.Scope.Add("foo");
+                opt.Scope.Add("bar");
+            });
+            var properties = new AuthenticationProperties();
+            properties.SetParameter(OpenIdConnectChallengeProperties.ScopeKey, new string[] { "baz", "qux" });
+
+            var server = settings.CreateTestServer(properties);
+            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
+
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            settings.ValidateChallengeRedirect(res.Headers.Location);
+            Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task Challenge_HasOverwrittenMaxAgeParam()
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.MaxAge = TimeSpan.FromSeconds(500);
+            });
+            var properties = new OpenIdConnectChallengeProperties()
+            {
+                MaxAge = TimeSpan.FromSeconds(1234),
+            };
+
+            var server = settings.CreateTestServer(properties);
+            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
+
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            settings.ValidateChallengeRedirect(res.Headers.Location);
+            Assert.Contains("max_age=1234", res.Headers.Location.Query);
+        }
+
+        [Fact]
+        public async Task Challenge_HasOverwrittenMaxAgeParaFromBaseAuthenticationPropertiesm()
+        {
+            var settings = new TestSettings(opt =>
+            {
+                opt.ClientId = "Test Id";
+                opt.Authority = TestServerBuilder.DefaultAuthority;
+                opt.MaxAge = TimeSpan.FromSeconds(500);
+            });
+            var properties = new AuthenticationProperties();
+            properties.SetParameter(OpenIdConnectChallengeProperties.MaxAgeKey, TimeSpan.FromSeconds(1234));
+
+            var server = settings.CreateTestServer(properties);
+            var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties);
+
+            var res = transaction.Response;
+
+            Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
+            settings.ValidateChallengeRedirect(res.Headers.Location);
+            Assert.Contains("max_age=1234", res.Headers.Location.Query);
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
index 6bb5445dc6..a1e0233f3a 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
@@ -206,6 +206,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
                     case OpenIdConnectParameterNames.MaxAge:
                         ValidateMaxAge(actualValues, errors, htmlEncoded);
                         break;
+                    case OpenIdConnectParameterNames.Prompt:
+                        ValidatePrompt(actualValues, errors, htmlEncoded);
+                        break;
                     default:
                         throw new InvalidOperationException($"Unknown parameter \"{paramToValidate}\".");
                 }
@@ -284,6 +287,9 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
             }
         }
 
+        private void ValidatePrompt(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
+            ValidateParameter(OpenIdConnectParameterNames.Prompt, _options.Prompt, actualParams, errors, htmlEncoded);
+
         private void ValidateParameter(
             string parameterName,
             string expectedValue,

From 405e7bce54b021ee18070d3cf40b25d4dab27870 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Fri, 23 Mar 2018 14:55:41 -0700
Subject: [PATCH 879/900] Update dependencies

---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index d80ecef5ae..90c4b74144 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,42 +4,42 @@
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
     <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15744</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30355</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30355</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26314-02</MicrosoftNETCoreApp21PackageVersion>
-    <MicrosoftNETTestSdkPackageVersion>15.6.0</MicrosoftNETTestSdkPackageVersion>
+    <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
-    <NewtonsoftJsonPackageVersion>10.0.1</NewtonsoftJsonPackageVersion>
+    <NewtonsoftJsonPackageVersion>11.0.1</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>

From bbff105e4dd5105722159fe792c17b2b39baaea3 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 25 Mar 2018 15:54:30 -0700
Subject: [PATCH 880/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 60 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index d0cb88aa82..23bd79dbc3 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,43 +3,43 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15728</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30272</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30272</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview3-17001</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26225-03</MicrosoftNETCoreApp21PackageVersion>
-    <MicrosoftNETTestSdkPackageVersion>15.6.0</MicrosoftNETTestSdkPackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26314-02</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
-    <NewtonsoftJsonPackageVersion>10.0.1</NewtonsoftJsonPackageVersion>
+    <NewtonsoftJsonPackageVersion>11.0.1</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 138d848db1..3a326c7d58 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15728
-commithash:393377068ddcf51dfee0536536d455f57a828b06
+version:2.1.0-preview3-17001
+commithash:dda68c56abf0d3b911fe6a2315872c446b314585

From 0d0f703e3e074fe60b8e9fc3846ce03547022305 Mon Sep 17 00:00:00 2001
From: "Nate McMaster (automated)" <nate.mcmaster@microsoft.com>
Date: Wed, 28 Mar 2018 11:03:00 -0700
Subject: [PATCH 881/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 58 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 90c4b74144..303f56bca8 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,43 +3,43 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15744</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30433</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30433</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview2-15749</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview2-30478</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview2-30478</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26314-02</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26326-03</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
-    <NewtonsoftJsonPackageVersion>11.0.1</NewtonsoftJsonPackageVersion>
+    <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index f531e7b0f7..b8e036fe2c 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview2-15744
-commithash:9e15cb6062ab5b9790d3fa699e018543a6950713
+version:2.1.0-preview2-15749
+commithash:5544c9ab20fa5e24b9e155d8958a3c3b6f5f9df9

From e98a0d243a7a5d8076ab85c3438739118cdd53ff Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Tue, 3 Apr 2018 22:41:47 +0000
Subject: [PATCH 882/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 58 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 23bd79dbc3..fabe537925 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,43 +3,43 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview3-17001</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview3-32037</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview3-32037</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview3-17002</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview2-26314-02</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview3-26331-01</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
-    <NewtonsoftJsonPackageVersion>11.0.1</NewtonsoftJsonPackageVersion>
+    <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 3a326c7d58..b3af0b8bce 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview3-17001
-commithash:dda68c56abf0d3b911fe6a2315872c446b314585
+version:2.1.0-preview3-17002
+commithash:b8e4e6ab104adc94c0719bb74229870e9b584a7f

From ec5d71d2dcd77e969a29f13137f8ce337a3d4b92 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 15 Apr 2018 14:25:39 -0700
Subject: [PATCH 883/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index fabe537925..9f302ba91c 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,38 +3,38 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview3-17002</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview3-32110</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview3-32110</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview3-17018</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview3-26331-01</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview3-26413-05</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index b3af0b8bce..b419d767b9 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview3-17002
-commithash:b8e4e6ab104adc94c0719bb74229870e9b584a7f
+version:2.1.0-preview3-17018
+commithash:af264ca131f212b5ba8aafbc5110fc0fc510a2be

From 30493e2fd63907d0484b940c069d681dcb962591 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Mon, 16 Apr 2018 17:02:13 -0700
Subject: [PATCH 884/900] Branching for 2.1.0-rc1

---
 build/repo.props | 3 ++-
 korebuild.json   | 4 ++--
 version.props    | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/build/repo.props b/build/repo.props
index 541470c9f4..a4f86fb2f6 100644
--- a/build/repo.props
+++ b/build/repo.props
@@ -1,4 +1,4 @@
-<Project>
+<Project>
   <Import Project="dependencies.props" />
 
   <ItemGroup>
@@ -7,6 +7,7 @@
   <PropertyGroup>
     <!-- These properties are use by the automation that updates dependencies.props -->
     <LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
+    <LineupPackageVersion>2.1.0-rc1-*</LineupPackageVersion>
     <LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json</LineupPackageRestoreSource>
   </PropertyGroup>
 
diff --git a/korebuild.json b/korebuild.json
index bd5d51a51b..678d8bb948 100644
--- a/korebuild.json
+++ b/korebuild.json
@@ -1,4 +1,4 @@
 {
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
-  "channel": "dev"
+  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/release/2.1/tools/korebuild.schema.json",
+  "channel": "release/2.1"
 }
diff --git a/version.props b/version.props
index 24f2b00a0a..e27532787e 100644
--- a/version.props
+++ b/version.props
@@ -1,7 +1,7 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>2.1.0</VersionPrefix>
-    <VersionSuffix>preview3</VersionSuffix>
+    <VersionSuffix>rc1</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
     <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>

From 5e8f54a55fcf77fe20f1ca8c466b4cc60f366352 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 19 Apr 2018 16:44:34 -0700
Subject: [PATCH 885/900] Set NETStandardImplicitPackageVersion via
 dependencies.props

---
 Directory.Build.targets  | 1 +
 build/dependencies.props | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Directory.Build.targets b/Directory.Build.targets
index 894b1d0cf8..53b3f6e1da 100644
--- a/Directory.Build.targets
+++ b/Directory.Build.targets
@@ -2,5 +2,6 @@
   <PropertyGroup>
     <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
     <RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.1' ">$(MicrosoftNETCoreApp21PackageVersion)</RuntimeFrameworkVersion>
+    <NETStandardImplicitPackageVersion Condition=" '$(TargetFramework)' == 'netstandard2.0' ">$(NETStandardLibrary20PackageVersion)</NETStandardImplicitPackageVersion>
   </PropertyGroup>
 </Project>
diff --git a/build/dependencies.props b/build/dependencies.props
index 9f302ba91c..4dc778d54a 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -36,6 +36,7 @@
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview3-26413-05</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
+    <NETStandardLibrary20PackageVersion>2.0.1</NETStandardLibrary20PackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>

From f3fc9c714829edadd8e7d7b6000fee1c6a5b5ef1 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Thu, 19 Apr 2018 22:35:33 -0700
Subject: [PATCH 886/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 58 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 4dc778d54a..2cb9387b7a 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,43 +3,43 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-preview3-17018</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-preview3-32233</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-preview3-32233</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-rc1-15774</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-preview3-26413-05</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-rc1-26419-02</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
-    <NETStandardLibrary20PackageVersion>2.0.1</NETStandardLibrary20PackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
+    <NETStandardLibrary20PackageVersion>2.0.1</NETStandardLibrary20PackageVersion>
     <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index b419d767b9..9d4ef8c888 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-preview3-17018
-commithash:af264ca131f212b5ba8aafbc5110fc0fc510a2be
+version:2.1.0-rc1-15774
+commithash:ed5ca9de3c652347dbb0158a9a65eff3471d2114

From 3cc514c875512c1426f7ae07d4a8e36ffcbbfb30 Mon Sep 17 00:00:00 2001
From: "Nate McMaster (automated)" <nate.mcmaster@microsoft.com>
Date: Mon, 30 Apr 2018 14:51:45 -0700
Subject: [PATCH 887/900] Bump version to 2.1.0-rtm

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index e27532787e..b9552451d8 100644
--- a/version.props
+++ b/version.props
@@ -1,7 +1,7 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>2.1.0</VersionPrefix>
-    <VersionSuffix>rc1</VersionSuffix>
+    <VersionSuffix>rtm</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
     <BuildNumber Condition="'$(BuildNumber)' == ''">t000</BuildNumber>

From 4dbcfa5e508221b3d71a2ff7d66979282dacee33 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Fri, 4 May 2018 07:50:04 -0700
Subject: [PATCH 888/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 58 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 2cb9387b7a..d55f378cce 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,43 +3,43 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-rc1-15774</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-rc1-30613</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-rc1-30613</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.0-rtm-15783</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-rc1-26419-02</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0-rtm-26502-02</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
     <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
-    <NETStandardLibrary20PackageVersion>2.0.1</NETStandardLibrary20PackageVersion>
+    <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
     <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
     <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
     <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 9d4ef8c888..3673744db9 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-rc1-15774
-commithash:ed5ca9de3c652347dbb0158a9a65eff3471d2114
+version:2.1.0-rtm-15783
+commithash:5fc2b2f607f542a2ffde11c19825e786fc1a3774

From 9ee5ed4bf908bf09fce2d4d4797a908cc927b72c Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 23 May 2018 15:35:23 -0700
Subject: [PATCH 889/900] Bumping version from 2.1.0 to 2.1.1

---
 version.props | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/version.props b/version.props
index b9552451d8..669c874829 100644
--- a/version.props
+++ b/version.props
@@ -1,6 +1,6 @@
-<Project>
+<Project>
   <PropertyGroup>
-    <VersionPrefix>2.1.0</VersionPrefix>
+    <VersionPrefix>2.1.1</VersionPrefix>
     <VersionSuffix>rtm</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>

From e538375c443a11d96370eb767fce7bb559e00dc9 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Tue, 29 May 2018 09:52:21 -0700
Subject: [PATCH 890/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 56 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index d55f378cce..7d3788a5bc 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,38 +3,38 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.0-rtm-15783</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0-rtm-30721</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0-rtm-30721</MicrosoftExtensionsWebEncodersPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.1-rtm-15790</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.1.0</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.0</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.0</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0-rtm-26502-02</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.0</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 3673744db9..cd5b409a1e 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.0-rtm-15783
-commithash:5fc2b2f607f542a2ffde11c19825e786fc1a3774
+version:2.1.1-rtm-15790
+commithash:274c65868e735f29f4078c1884c61c4371ee1fc0

From ac1a9ef6d183a94646a4b5e57b7be1c6e53b5605 Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Tue, 12 Jun 2018 19:33:42 +0000
Subject: [PATCH 891/900] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 54 ++++++++++++++++++++--------------------
 korebuild-lock.txt       |  4 +--
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 7d3788a5bc..6fd8fd0995 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,38 +3,38 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.1-rtm-15790</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.0</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.0</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.0</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
-    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.0</MicrosoftAspNetCoreDataProtectionPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.0</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.1.0</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.0</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.1.0</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.0</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.0</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.0</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.0</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.0</MicrosoftAspNetCoreTestHostPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.1.1-rtm-15793</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.1</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
+    <MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.1</MicrosoftAspNetCoreDataProtectionPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.1</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.1.1</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.1</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.1.1</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.1</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.1</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.1</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.1</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.1.1</MicrosoftAspNetCoreTestHostPackageVersion>
     <MicrosoftAspNetCoreTestingPackageVersion>2.1.0</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.0</MicrosoftExtensionsCachingMemoryPackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.0</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.0</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.0</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.0</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.0</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.0</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.0</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.1.0</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.1.0</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.0</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.0</MicrosoftExtensionsWebEncodersPackageVersion>
+    <MicrosoftExtensionsCachingMemoryPackageVersion>2.1.1</MicrosoftExtensionsCachingMemoryPackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.1</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.1</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.1</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.1</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.1</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.1.1</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.1.1</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.1.1</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.1.1</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.1</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersPackageVersion>2.1.1</MicrosoftExtensionsWebEncodersPackageVersion>
     <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.0</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.1</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index cd5b409a1e..bc84e0cd53 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.1-rtm-15790
-commithash:274c65868e735f29f4078c1884c61c4371ee1fc0
+version:2.1.1-rtm-15793
+commithash:988313f4b064d6c69fc6f7b845b6384a6af3447a

From aa24887d4371660fdf1e2100a0c1d9957d42fb63 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Thu, 14 Jun 2018 10:30:43 -0700
Subject: [PATCH 892/900] Set 2.1 baselines

---
 .../baseline.netcore.json                     |  20 +-
 .../breakingchanges.netcore.json              |   6 -
 .../baseline.netcore.json                     |  84 ++-
 .../baseline.netcore.json                     | 278 ++++++-
 .../baseline.netcore.json                     |  96 ++-
 .../baseline.netcore.json                     |  59 +-
 .../baseline.netcore.json                     | 202 +++++-
 .../baseline.netcore.json                     | 208 +++++-
 .../baseline.netcore.json                     | 128 +++-
 .../baseline.netcore.json                     |  24 +-
 .../baseline.netcore.json                     | 682 ++++++++++++++++--
 .../baseline.netcore.json                     |   2 +-
 .../baseline.netcore.json                     | 138 +++-
 .../baseline.netframework.json                |   2 +-
 14 files changed, 1815 insertions(+), 114 deletions(-)
 delete mode 100644 src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
index 52fa29be91..b218669b76 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Cookies, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.CookieExtensions",
@@ -239,10 +239,8 @@
       "Name": "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
-      "ImplementedInterfaces": [
-        "Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler"
-      ],
+      "BaseType": "Microsoft.AspNetCore.Authentication.SignInAuthenticationHandler<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>",
+      "ImplementedInterfaces": [],
       "Members": [
         {
           "Kind": "Method",
@@ -306,7 +304,7 @@
         },
         {
           "Kind": "Method",
-          "Name": "SignInAsync",
+          "Name": "HandleSignInAsync",
           "Parameters": [
             {
               "Name": "user",
@@ -319,13 +317,13 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler",
-          "Visibility": "Public",
+          "Override": true,
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "SignOutAsync",
+          "Name": "HandleSignOutAsync",
           "Parameters": [
             {
               "Name": "properties",
@@ -334,8 +332,8 @@
           ],
           "ReturnType": "System.Threading.Tasks.Task",
           "Virtual": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler",
-          "Visibility": "Public",
+          "Override": true,
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
deleted file mode 100644
index 7673fc1a0e..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json
+++ /dev/null
@@ -1,6 +0,0 @@
-  [
-    {
-      "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>, Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler",
-      "Kind": "Removal"
-    }
-  ]
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
index 2500e5fb5e..5d95efca6f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Facebook, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.FacebookAuthenticationOptionsExtensions",
@@ -160,6 +160,88 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateTicketAsync",
+          "Parameters": [
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "FormatScope",
+          "Parameters": [
+            {
+              "Name": "scopes",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "FormatScope",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.Facebook.FacebookOptions",
       "Visibility": "Public",
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
index edaade3267..0a623b3b85 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Google, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.GoogleExtensions",
@@ -97,6 +97,206 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleChallengeProperties",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_AccessType",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_AccessType",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ApprovalPrompt",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ApprovalPrompt",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_IncludeGrantedScopes",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.Boolean>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_IncludeGrantedScopes",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Nullable<System.Boolean>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_LoginHint",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_LoginHint",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Prompt",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Prompt",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "items",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "items",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.String>"
+            },
+            {
+              "Name": "parameters",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.Object>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "AccessTypeKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "ApprovalPromptKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "IncludeGrantedScopesKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "LoginHintKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "PromptParameterKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleDefaults",
       "Visibility": "Public",
@@ -160,6 +360,82 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<Microsoft.AspNetCore.Authentication.Google.GoogleOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateTicketAsync",
+          "Parameters": [
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "BuildChallengeUrl",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "redirectUri",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.Google.GoogleOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.Google.GoogleHelper",
       "Visibility": "Public",
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
index 44fc928cac..d3839022b5 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.JwtBearerExtensions",
@@ -609,6 +609,100 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "dataProtection",
+              "Type": "Microsoft.AspNetCore.DataProtection.IDataProtectionProvider"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions",
       "Visibility": "Public",
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
index 966f7e1b1f..877e9035ac 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.MicrosoftAccount, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.MicrosoftAccountExtensions",
@@ -160,6 +160,63 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "CreateTicketAsync",
+          "Parameters": [
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "tokens",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.OAuthTokenResponse"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountOptions",
       "Visibility": "Public",
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
index 142e37c6bd..9c23947049 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OAuth, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.OAuthExtensions",
@@ -417,6 +417,41 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "MapAll",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "MapAllExcept",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "exclusions",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "DeleteClaim",
@@ -435,6 +470,26 @@
           "Extension": true,
           "Visibility": "Public",
           "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "DeleteClaims",
+          "Parameters": [
+            {
+              "Name": "collection",
+              "Type": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimActionCollection"
+            },
+            {
+              "Name": "claimTypes",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Static": true,
+          "Extension": true,
+          "Visibility": "Public",
+          "GenericParameter": []
         }
       ],
       "GenericParameters": []
@@ -697,6 +752,97 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Scope",
+          "Parameters": [],
+          "ReturnType": "System.Collections.Generic.ICollection<System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Scope",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Collections.Generic.ICollection<System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SetScope",
+          "Parameters": [
+            {
+              "Name": "scopes",
+              "Type": "System.String[]",
+              "IsParams": true
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "items",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "items",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.String>"
+            },
+            {
+              "Name": "parameters",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.Object>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "ScopeKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.OAuth.OAuthDefaults",
       "Visibility": "Public",
@@ -848,6 +994,20 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "FormatScope",
+          "Parameters": [
+            {
+              "Name": "scopes",
+              "Type": "System.Collections.Generic.IEnumerable<System.String>"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "FormatScope",
@@ -1605,6 +1765,46 @@
         }
       ],
       "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OAuth.Claims.MapAllClaimsAction",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.Claims.ClaimAction",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Run",
+          "Parameters": [
+            {
+              "Name": "userData",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            },
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "issuer",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
     }
   ]
 }
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
index a57e2eb872..d5c10d18db 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.OpenIdConnectExtensions",
@@ -637,6 +637,27 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_OnSignedOutCallbackRedirect",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_OnSignedOutCallbackRedirect",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext, System.Threading.Tasks.Task>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_OnRemoteSignOut",
@@ -791,6 +812,20 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "SignedOutCallbackRedirect",
+          "Parameters": [
+            {
+              "Name": "context",
+              "Type": "Microsoft.AspNetCore.Authentication.OpenIdConnect.RemoteSignOutContext"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "RemoteSignOut",
@@ -1265,6 +1300,113 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectChallengeProperties",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.OAuth.OAuthChallengeProperties",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_MaxAge",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.TimeSpan>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MaxAge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Nullable<System.TimeSpan>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Prompt",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Prompt",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "items",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.String>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "items",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.String>"
+            },
+            {
+              "Name": "parameters",
+              "Type": "System.Collections.Generic.IDictionary<System.String, System.Object>"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "MaxAgeKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Field",
+          "Name": "PromptKey",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Static": true,
+          "ReadOnly": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults",
       "Visibility": "Public",
@@ -1347,6 +1489,17 @@
         "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler"
       ],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_Backchannel",
@@ -1394,17 +1547,6 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "HandleRemoteSignOutAsync",
@@ -1748,6 +1890,27 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_MaxAge",
+          "Parameters": [],
+          "ReturnType": "System.Nullable<System.TimeSpan>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_MaxAge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Nullable<System.TimeSpan>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_ProtocolValidator",
@@ -1916,6 +2079,27 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_Prompt",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Prompt",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_Scope",
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
index 196b85372d..03ee645623 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.Twitter, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.TwitterExtensions",
@@ -600,6 +600,122 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Events",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Events",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.TwitterEvents"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateEventsAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Object>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleRemoteAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.HandleRequestResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "CreateTicketAsync",
+          "Parameters": [
+            {
+              "Name": "identity",
+              "Type": "System.Security.Claims.ClaimsIdentity"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            },
+            {
+              "Name": "token",
+              "Type": "Microsoft.AspNetCore.Authentication.Twitter.AccessToken"
+            },
+            {
+              "Name": "user",
+              "Type": "Newtonsoft.Json.Linq.JObject"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticationTicket>",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.Twitter.TwitterOptions",
       "Visibility": "Public",
@@ -741,6 +857,16 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "Validate",
+          "Parameters": [],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
index 5a8110fbce..41150cbc09 100644
--- a/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.WsFederation, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication.WsFederation, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Extensions.DependencyInjection.WsFederationExtensions",
@@ -765,6 +765,17 @@
         "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler"
       ],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleRequestAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
+          "Virtual": true,
+          "Override": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_Events",
@@ -796,17 +807,6 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
-        {
-          "Kind": "Method",
-          "Name": "HandleRequestAsync",
-          "Parameters": [],
-          "ReturnType": "System.Threading.Tasks.Task<System.Boolean>",
-          "Virtual": true,
-          "Override": true,
-          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationRequestHandler",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
         {
           "Kind": "Method",
           "Name": "HandleChallengeAsync",
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
index a6082e8c46..08eeb5e7b2 100644
--- a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authentication, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
@@ -126,6 +126,28 @@
             }
           ]
         },
+        {
+          "Kind": "Method",
+          "Name": "AddPolicyScheme",
+          "Parameters": [
+            {
+              "Name": "authenticationScheme",
+              "Type": "System.String"
+            },
+            {
+              "Name": "displayName",
+              "Type": "System.String"
+            },
+            {
+              "Name": "configureOptions",
+              "Type": "System.Action<Microsoft.AspNetCore.Authentication.PolicySchemeOptions>"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationBuilder",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -338,6 +360,20 @@
           "Visibility": "Protected",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "ResolveTarget",
+          "Parameters": [
+            {
+              "Name": "scheme",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.String",
+          "Virtual": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "AuthenticateAsync",
@@ -545,6 +581,20 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "Validate",
+          "Parameters": [
+            {
+              "Name": "scheme",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_ClaimsIssuer",
@@ -608,6 +658,153 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_ForwardDefault",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ForwardDefault",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ForwardAuthenticate",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ForwardAuthenticate",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ForwardChallenge",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ForwardChallenge",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ForwardForbid",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ForwardForbid",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ForwardSignIn",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ForwardSignIn",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ForwardSignOut",
+          "Parameters": [],
+          "ReturnType": "System.String",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ForwardSignOut",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_ForwardDefaultSelector",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Http.HttpContext, System.String>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ForwardDefaultSelector",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Http.HttpContext, System.String>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -1752,6 +1949,27 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_Properties",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.AuthenticationProperties",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_Properties",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -1965,6 +2183,135 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "get_Handled",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_Skipped",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Success",
+          "Parameters": [
+            {
+              "Name": "ticket",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failure",
+              "Type": "System.Exception"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failureMessage",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Fail",
+          "Parameters": [
+            {
+              "Name": "failureMessage",
+              "Type": "System.String"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "Handle",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "SkipHandler",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+          "Static": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.ISystemClock",
       "Visibility": "Public",
@@ -1982,6 +2329,131 @@
       ],
       "GenericParameters": []
     },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.PolicySchemeHandler",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.SignInAuthenticationHandler<Microsoft.AspNetCore.Authentication.PolicySchemeOptions>",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "HandleChallengeAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleForbiddenAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignInAsync",
+          "Parameters": [
+            {
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleAuthenticateAsync",
+          "Parameters": [],
+          "ReturnType": "System.Threading.Tasks.Task<Microsoft.AspNetCore.Authentication.AuthenticateResult>",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.PolicySchemeOptions>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.PolicySchemeOptions",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
+      "ImplementedInterfaces": [],
+      "Members": [
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": []
+    },
     {
       "Name": "Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<T0>",
       "Visibility": "Public",
@@ -2156,6 +2628,21 @@
       "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions",
       "ImplementedInterfaces": [],
       "Members": [
+        {
+          "Kind": "Method",
+          "Name": "Validate",
+          "Parameters": [
+            {
+              "Name": "scheme",
+              "Type": "System.String"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Virtual": true,
+          "Override": true,
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "Validate",
@@ -2387,97 +2874,164 @@
       "GenericParameters": []
     },
     {
-      "Name": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
+      "Name": "Microsoft.AspNetCore.Authentication.SignInAuthenticationHandler<T0>",
       "Visibility": "Public",
       "Kind": "Class",
-      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticateResult",
-      "ImplementedInterfaces": [],
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.SignOutAuthenticationHandler<T0>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler"
+      ],
       "Members": [
         {
           "Kind": "Method",
-          "Name": "get_Handled",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "get_Skipped",
-          "Parameters": [],
-          "ReturnType": "System.Boolean",
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Success",
+          "Name": "SignInAsync",
           "Parameters": [
             {
-              "Name": "ticket",
-              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationTicket"
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
-          "Static": true,
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler",
           "Visibility": "Public",
           "GenericParameter": []
         },
         {
           "Kind": "Method",
-          "Name": "Fail",
+          "Name": "HandleSignInAsync",
           "Parameters": [
             {
-              "Name": "failure",
-              "Type": "System.Exception"
-            }
-          ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Fail",
-          "Parameters": [
+              "Name": "user",
+              "Type": "System.Security.Claims.ClaimsPrincipal"
+            },
             {
-              "Name": "failureMessage",
-              "Type": "System.String"
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
             }
           ],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "Handle",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
-          "Static": true,
-          "Visibility": "Public",
-          "GenericParameter": []
-        },
-        {
-          "Kind": "Method",
-          "Name": "SkipHandler",
-          "Parameters": [],
-          "ReturnType": "Microsoft.AspNetCore.Authentication.HandleRequestResult",
-          "Static": true,
-          "Visibility": "Public",
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
           "GenericParameter": []
         },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
-          "Parameters": [],
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<T0>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
           "Visibility": "Public",
           "GenericParameter": []
         }
       ],
-      "GenericParameters": []
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
+    },
+    {
+      "Name": "Microsoft.AspNetCore.Authentication.SignOutAuthenticationHandler<T0>",
+      "Visibility": "Public",
+      "Kind": "Class",
+      "Abstract": true,
+      "BaseType": "Microsoft.AspNetCore.Authentication.AuthenticationHandler<T0>",
+      "ImplementedInterfaces": [
+        "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler"
+      ],
+      "Members": [
+        {
+          "Kind": "Method",
+          "Name": "SignOutAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "ImplementedInterface": "Microsoft.AspNetCore.Authentication.IAuthenticationSignOutHandler",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "HandleSignOutAsync",
+          "Parameters": [
+            {
+              "Name": "properties",
+              "Type": "Microsoft.AspNetCore.Authentication.AuthenticationProperties"
+            }
+          ],
+          "ReturnType": "System.Threading.Tasks.Task",
+          "Virtual": true,
+          "Abstract": true,
+          "Visibility": "Protected",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptionsMonitor<T0>"
+            },
+            {
+              "Name": "logger",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            },
+            {
+              "Name": "encoder",
+              "Type": "System.Text.Encodings.Web.UrlEncoder"
+            },
+            {
+              "Name": "clock",
+              "Type": "Microsoft.AspNetCore.Authentication.ISystemClock"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        }
+      ],
+      "GenericParameters": [
+        {
+          "ParameterName": "TOptions",
+          "ParameterPosition": 0,
+          "New": true,
+          "BaseTypeOrInterfaces": [
+            "Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions"
+          ]
+        }
+      ]
     },
     {
       "Name": "Microsoft.AspNetCore.Authentication.SystemClock",
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json b/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
index a2a971f826..e8708538d3 100644
--- a/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization.Policy, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.Authorization.Policy, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.AspNetCore.Authorization.Policy.IPolicyEvaluator",
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
index 050546810f..01a16c57a9 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
+++ b/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.AspNetCore.CookiePolicy, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions",
@@ -116,6 +116,48 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_ConsentCookie",
+          "Parameters": [],
+          "ReturnType": "Microsoft.AspNetCore.Http.CookieBuilder",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_ConsentCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "Microsoft.AspNetCore.Http.CookieBuilder"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_CheckConsentNeeded",
+          "Parameters": [],
+          "ReturnType": "System.Func<Microsoft.AspNetCore.Http.HttpContext, System.Boolean>",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_CheckConsentNeeded",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Func<Microsoft.AspNetCore.Http.HttpContext, System.Boolean>"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Method",
           "Name": "get_OnAppendCookie",
@@ -232,6 +274,43 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_IsConsentNeeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HasConsent",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_IssueCookie",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_IssueCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -299,6 +378,26 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Constructor",
+          "Name": ".ctor",
+          "Parameters": [
+            {
+              "Name": "next",
+              "Type": "Microsoft.AspNetCore.Http.RequestDelegate"
+            },
+            {
+              "Name": "options",
+              "Type": "Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Builder.CookiePolicyOptions>"
+            },
+            {
+              "Name": "factory",
+              "Type": "Microsoft.Extensions.Logging.ILoggerFactory"
+            }
+          ],
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
@@ -361,6 +460,43 @@
           "Visibility": "Public",
           "GenericParameter": []
         },
+        {
+          "Kind": "Method",
+          "Name": "get_IsConsentNeeded",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_HasConsent",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "get_IssueCookie",
+          "Parameters": [],
+          "ReturnType": "System.Boolean",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
+        {
+          "Kind": "Method",
+          "Name": "set_IssueCookie",
+          "Parameters": [
+            {
+              "Name": "value",
+              "Type": "System.Boolean"
+            }
+          ],
+          "ReturnType": "System.Void",
+          "Visibility": "Public",
+          "GenericParameter": []
+        },
         {
           "Kind": "Constructor",
           "Name": ".ctor",
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
index 65256bed6f..bfc0c0076d 100644
--- a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
+++ b/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
@@ -1,5 +1,5 @@
 {
-  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=2.0.3.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
+  "AssemblyIdentity": "Microsoft.Owin.Security.Interop, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
   "Types": [
     {
       "Name": "Microsoft.Owin.Security.Interop.AspNetTicketDataFormat",

From 26fbad061475e4cf8d27d0e364048a924ead953b Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 27 Jun 2018 13:39:51 -0700
Subject: [PATCH 893/900] Bumping version from 2.1.1 to 2.1.2

---
 version.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.props b/version.props
index 669c874829..478dfd16ed 100644
--- a/version.props
+++ b/version.props
@@ -1,6 +1,6 @@
 <Project>
   <PropertyGroup>
-    <VersionPrefix>2.1.1</VersionPrefix>
+    <VersionPrefix>2.1.2</VersionPrefix>
     <VersionSuffix>rtm</VersionSuffix>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
     <PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>

From d2a8d3a61c4f393170be4f6e49b287d0f3a4d96d Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Wed, 11 Jul 2018 13:14:51 -0700
Subject: [PATCH 894/900] Fix cookie regression (#1811)

---
 .../CookieAuthenticationHandler.cs            | 11 +--
 .../CookieTests.cs                            | 84 +++++++++++++++++++
 2 files changed, 90 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 343cf1b3a7..b77a51ef4f 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -85,7 +85,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             }
         }
 
-        private void RequestRefresh(AuthenticationTicket ticket)
+        private void RequestRefresh(AuthenticationTicket ticket, ClaimsPrincipal replacedPrincipal = null)
         {
             var issuedUtc = ticket.Properties.IssuedUtc;
             var expiresUtc = ticket.Properties.ExpiresUtc;
@@ -97,14 +97,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
                 _refreshIssuedUtc = currentUtc;
                 var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
                 _refreshExpiresUtc = currentUtc.Add(timeSpan);
-                _refreshTicket = CloneTicket(ticket);
+                _refreshTicket = CloneTicket(ticket, replacedPrincipal);
             }
         }
 
-        private AuthenticationTicket CloneTicket(AuthenticationTicket ticket)
+        private AuthenticationTicket CloneTicket(AuthenticationTicket ticket, ClaimsPrincipal replacedPrincipal)
         {
+            var principal = replacedPrincipal ?? ticket.Principal;
             var newPrincipal = new ClaimsPrincipal();
-            foreach (var identity in ticket.Principal.Identities)
+            foreach (var identity in principal.Identities)
             {
                 newPrincipal.AddIdentity(identity.Clone());
             }
@@ -183,7 +184,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
             if (context.ShouldRenew)
             {
-                RequestRefresh(result.Ticket);
+                RequestRefresh(result.Ticket, context.Principal);
             }
 
             return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name));
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index 945ec82ee6..766d1e2e53 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -900,6 +900,80 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             Assert.Null(FindClaimValue(transaction5, ClaimTypes.Name));
         }
 
+        [Fact]
+        public async Task CookieCanBeReplacedByValidator()
+        {
+            var server = CreateServer(o =>
+            {
+                o.Events = new CookieAuthenticationEvents
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        ctx.ShouldRenew = true;
+                        ctx.ReplacePrincipal(new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice2", "Cookies2"))));
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.NotNull(transaction2.SetCookie);
+            Assert.Equal("Alice2", FindClaimValue(transaction2, ClaimTypes.Name));
+        }
+
+        [Fact]
+        public async Task CookieCanBeUpdatedByValidatorDuringRefresh()
+        {
+            var replace = false;
+            var server = CreateServer(o =>
+            {
+                o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+                o.Events = new CookieAuthenticationEvents
+                {
+                    OnValidatePrincipal = ctx =>
+                    {
+                        if (replace)
+                        {
+                            ctx.ShouldRenew = true;
+                            ctx.ReplacePrincipal(new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice2", "Cookies2"))));
+                            ctx.Properties.Items["updated"] = "yes";
+                        }
+                        return Task.FromResult(0);
+                    }
+                };
+            },
+            context =>
+                context.SignInAsync("Cookies",
+                    new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+            var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+            var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+
+            var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+            Assert.Null(FindPropertiesValue(transaction3, "updated"));
+
+            replace = true;
+
+            var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+            Assert.NotNull(transaction4.SetCookie);
+            Assert.Equal("Alice2", FindClaimValue(transaction4, ClaimTypes.Name));
+            Assert.Equal("yes", FindPropertiesValue(transaction4, "updated"));
+
+            replace = false;
+
+            var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
+            Assert.Equal("Alice2", FindClaimValue(transaction5, ClaimTypes.Name));
+            Assert.Equal("yes", FindPropertiesValue(transaction4, "updated"));
+        }
+
         [Fact]
         public async Task CookieCanBeRenewedByValidatorWithSlidingExpiry()
         {
@@ -1730,6 +1804,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
             return claim.Attribute("value").Value;
         }
 
+        private static string FindPropertiesValue(Transaction transaction, string key)
+        {
+            var property = transaction.ResponseElement.Elements("extra").SingleOrDefault(elt => elt.Attribute("type").Value == key);
+            if (property == null)
+            {
+                return null;
+            }
+            return property.Attribute("value").Value;
+        }
+
         private static async Task<XElement> GetAuthData(TestServer server, string url, string cookie)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, url);

From c9122a842847974fb58eebf13acc88c2d090c6e1 Mon Sep 17 00:00:00 2001
From: Tim Hess <tim.hess@gmail.com>
Date: Wed, 23 May 2018 10:25:19 -0500
Subject: [PATCH 895/900] Include AuthenticationTicket.Properties in
 AuthenticationTicket success result handling #1765 (#1767)

---
 src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs b/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
index 3f6c2d9177..da9b6ea01c 100644
--- a/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
+++ b/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
@@ -33,7 +33,7 @@ namespace Microsoft.AspNetCore.Authentication
             {
                 throw new ArgumentNullException(nameof(ticket));
             }
-            return new HandleRequestResult() { Ticket = ticket };
+            return new HandleRequestResult() { Ticket = ticket, Properties = ticket.Properties };
         }
 
         /// <summary>

From 47caa67a65b1f3f4f48607c39ff1caa2676cfe01 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Wed, 16 May 2018 15:41:01 -0700
Subject: [PATCH 896/900] Rewrite JwtBearer token test #640

---
 .../JwtBearerTests.cs                         | 33 +++++++++++++++----
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index b472a4162d..20d625d314 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -432,19 +433,37 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Null(scheme.DisplayName);
         }
 
-        [ConditionalFact(Skip = "Need to remove dependency on AAD since the generated tokens will expire")]
-        [FrameworkSkipCondition(RuntimeFrameworks.Mono)]
-        // https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/179
+        [Fact]
         public async Task BearerTokenValidation()
         {
+            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(new string('a', 128)));
+            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
+
+            var claims = new[]
+            {
+                new Claim(ClaimTypes.NameIdentifier, "Bob")
+            };
+
+            var token = new JwtSecurityToken(
+                issuer: "issuer.contoso.com",
+                audience: "audience.contoso.com",
+                claims: claims,
+                expires: DateTime.Now.AddMinutes(30),
+                signingCredentials: creds);
+
+            var tokenText = new JwtSecurityTokenHandler().WriteToken(token);
+
             var server = CreateServer(o =>
             {
-                o.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
-                o.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
-                o.TokenValidationParameters.ValidateLifetime = false;
+                o.TokenValidationParameters = new TokenValidationParameters()
+                {
+                    ValidIssuer = "issuer.contoso.com",
+                    ValidAudience = "audience.contoso.com",
+                    IssuerSigningKey = key,
+                };
             });
 
-            var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
+            var newBearerToken = "Bearer " + tokenText;
             var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
         }

From aef7ff7959817fcc7bbd440dbc5eb1c7f7d98af0 Mon Sep 17 00:00:00 2001
From: "Chris Ross (ASP.NET)" <chrross@microsoft.com>
Date: Thu, 12 Jul 2018 14:13:25 -0700
Subject: [PATCH 897/900] Add JwtBearer test for SaveToken #1768

---
 .../JwtBearerTests.cs                         | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index 20d625d314..d7fcdb4cad 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -468,6 +468,43 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
             Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
         }
 
+        [Fact]
+        public async Task SaveBearerToken()
+        {
+            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(new string('a', 128)));
+            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
+
+            var claims = new[]
+            {
+                new Claim(ClaimTypes.NameIdentifier, "Bob")
+            };
+
+            var token = new JwtSecurityToken(
+                issuer: "issuer.contoso.com",
+                audience: "audience.contoso.com",
+                claims: claims,
+                expires: DateTime.Now.AddMinutes(30),
+                signingCredentials: creds);
+
+            var tokenText = new JwtSecurityTokenHandler().WriteToken(token);
+
+            var server = CreateServer(o =>
+            {
+                o.SaveToken = true;
+                o.TokenValidationParameters = new TokenValidationParameters()
+                {
+                    ValidIssuer = "issuer.contoso.com",
+                    ValidAudience = "audience.contoso.com",
+                    IssuerSigningKey = key,
+                };
+            });
+
+            var newBearerToken = "Bearer " + tokenText;
+            var response = await SendAsync(server, "http://example.com/token", newBearerToken);
+            Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
+            Assert.Equal(tokenText, await response.Response.Content.ReadAsStringAsync());
+        }
+
         [Fact]
         public async Task SignInThrows()
         {
@@ -1140,6 +1177,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
 
                             await context.Response.WriteAsync(identifier.Value);
                         }
+                        else if (context.Request.Path == new PathString("/token"))
+                        {
+                            var token = await context.GetTokenAsync("access_token");
+                            await context.Response.WriteAsync(token);
+                        }
                         else if (context.Request.Path == new PathString("/unauthorized"))
                         {
                             // Simulate Authorization failure 

From d8e10d087040adeadc677528eaeb0c04b76ee506 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Wed, 11 Jul 2018 18:49:48 -0700
Subject: [PATCH 898/900] Updating dependencies to 2.1.2 and adding a section
 for pinned variable versions

---
 build/dependencies.props | 17 ++++++++++++-----
 korebuild-lock.txt       |  4 ++--
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 6fd8fd0995..5e6f87963d 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -2,8 +2,10 @@
   <PropertyGroup>
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
-  <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.1.1-rtm-15793</InternalAspNetCoreSdkPackageVersion>
+
+  <!-- These package versions may be overridden or updated by automation. -->
+  <PropertyGroup Label="Package Versions: Auto" />
+    <InternalAspNetCoreSdkPackageVersion>2.1.3-rtm-15802</InternalAspNetCoreSdkPackageVersion>
     <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
     <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
     <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.1</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
@@ -13,8 +15,8 @@
     <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.1</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
     <MicrosoftAspNetCoreHttpPackageVersion>2.1.1</MicrosoftAspNetCoreHttpPackageVersion>
     <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.1</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.1</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.1</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.2</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.2</MicrosoftAspNetCoreServerKestrelPackageVersion>
     <MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.1</MicrosoftAspNetCoreStaticFilesPackageVersion>
     <MicrosoftAspNetCoreTestHostPackageVersion>2.1.1</MicrosoftAspNetCoreTestHostPackageVersion>
     <MicrosoftAspNetCoreTestingPackageVersion>2.1.0</MicrosoftAspNetCoreTestingPackageVersion>
@@ -34,7 +36,7 @@
     <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
     <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.1</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.2</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
     <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
@@ -46,5 +48,10 @@
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
     <XunitRunnerVisualStudioPackageVersion>2.4.0-beta.1.build3945</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
+
+  <!-- This may import a generated file which may override the variables above. -->
   <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
+
+  <!-- These are package versions that should not be overridden or updated by automation. -->
+  <PropertyGroup Label="Package Versions: Pinned" />
 </Project>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index bc84e0cd53..251c227c83 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.1.1-rtm-15793
-commithash:988313f4b064d6c69fc6f7b845b6384a6af3447a
+version:2.1.3-rtm-15802
+commithash:a7c08b45b440a7d2058a0aa1eaa3eb6ba811976a

From 930ed239e41d7547edf06f31efa3461d1a2c6bad Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Thu, 12 Jul 2018 11:58:34 -0700
Subject: [PATCH 899/900] Pin version variables to the ASP.NET Core 2.1.2
 baseline

This reverts our previous policy of cascading versions on all servicing updates.
This moves variables into the 'pinned' section, and points them to the latest
stable release (versions that were used at the time of the 2.1.2 release).
---
 build/dependencies.props | 47 ++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 23 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 5e6f87963d..828f9c7ab2 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -4,8 +4,30 @@
   </PropertyGroup>
 
   <!-- These package versions may be overridden or updated by automation. -->
-  <PropertyGroup Label="Package Versions: Auto" />
+  <PropertyGroup Label="Package Versions: Auto">
     <InternalAspNetCoreSdkPackageVersion>2.1.3-rtm-15802</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
+    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
+    <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
+    <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
+    <MicrosoftNETCoreApp21PackageVersion>2.1.2</MicrosoftNETCoreApp21PackageVersion>
+    <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
+    <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
+    <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
+    <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
+    <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
+    <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
+    <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
+    <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
+    <XunitPackageVersion>2.3.1</XunitPackageVersion>
+    <XunitRunnerVisualStudioPackageVersion>2.4.0-beta.1.build3945</XunitRunnerVisualStudioPackageVersion>
+  </PropertyGroup>
+
+  <!-- This may import a generated file which may override the variables above. -->
+  <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
+
+  <!-- These are package versions that should not be overridden or updated by automation. -->
+  <PropertyGroup Label="Package Versions: Pinned">
     <MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
     <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
     <MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.1</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
@@ -32,26 +54,5 @@
     <MicrosoftExtensionsOptionsPackageVersion>2.1.1</MicrosoftExtensionsOptionsPackageVersion>
     <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.1</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
     <MicrosoftExtensionsWebEncodersPackageVersion>2.1.1</MicrosoftExtensionsWebEncodersPackageVersion>
-    <MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
-    <MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
-    <MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
-    <MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
-    <MicrosoftNETCoreApp21PackageVersion>2.1.2</MicrosoftNETCoreApp21PackageVersion>
-    <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
-    <MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
-    <MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
-    <MicrosoftOwinTestingPackageVersion>3.0.1</MicrosoftOwinTestingPackageVersion>
-    <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
-    <NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
-    <SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
-    <XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
-    <XunitPackageVersion>2.3.1</XunitPackageVersion>
-    <XunitRunnerVisualStudioPackageVersion>2.4.0-beta.1.build3945</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
-
-  <!-- This may import a generated file which may override the variables above. -->
-  <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
-
-  <!-- These are package versions that should not be overridden or updated by automation. -->
-  <PropertyGroup Label="Package Versions: Pinned" />
-</Project>
+</Project>
\ No newline at end of file

From f7b51eeddaadd67296edcdb64470ad162401bf16 Mon Sep 17 00:00:00 2001
From: Ryan Brandenburg <rybrande@microsoft.com>
Date: Wed, 21 Nov 2018 15:12:11 -0800
Subject: [PATCH 900/900] Reorganize source code in preparation to move into
 aspnet/AspNetCore Prior to reorganization, this source code was found in
 https://github.com/aspnet/Security/tree/930ed239e41d7547edf06f31efa3461d1a2c6bad

---
 .appveyor.yml                                 |  17 --
 .gitattributes                                |  51 ----
 .travis.yml                                   |  27 --
 CONTRIBUTING.md                               |   4 -
 LICENSE.txt                                   |  14 --
 NuGet.config                                  |   7 -
 build.cmd                                     |   2 -
 build.sh                                      |   8 -
 korebuild-lock.txt                            |   2 -
 korebuild.json                                |   4 -
 run.cmd                                       |   2 -
 run.ps1                                       | 196 ---------------
 run.sh                                        | 231 ------------------
 .gitignore => src/Security/.gitignore         |   0
 .../Security/Directory.Build.props            |   0
 .../Security/Directory.Build.targets          |   0
 .../Security/NuGetPackageVerifier.json        |   0
 README.md => src/Security/README.md           |   0
 Security.sln => src/Security/Security.sln     |   0
 {build => src/Security/build}/Key.snk         | Bin
 .../Security/build}/dependencies.props        |   0
 {build => src/Security/build}/repo.props      |   0
 {build => src/Security/build}/sources.props   |   0
 .../CookiePolicySample.csproj                 |   0
 .../samples}/CookiePolicySample/Program.cs    |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/CookiePolicySample/Startup.cs    |   0
 .../samples}/CookieSample/CookieSample.csproj |   0
 .../Security/samples}/CookieSample/Program.cs |   0
 .../Properties/launchSettings.json            |   0
 .../Security/samples}/CookieSample/Startup.cs |   0
 .../CookieSessionSample.csproj                |   0
 .../MemoryCacheTicketStore.cs                 |   0
 .../samples}/CookieSessionSample/Program.cs   |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/CookieSessionSample/Startup.cs   |   0
 .../JwtBearerSample/JwtBearerSample.csproj    |   0
 .../samples}/JwtBearerSample/Program.cs       |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/JwtBearerSample/Startup.cs       |   0
 .../Security/samples}/JwtBearerSample/Todo.cs |   0
 .../wwwroot/App/Scripts/app.js                |   0
 .../wwwroot/App/Scripts/homeCtrl.js           |   0
 .../wwwroot/App/Scripts/indexCtrl.js          |   0
 .../wwwroot/App/Scripts/todoListCtrl.js       |   0
 .../wwwroot/App/Scripts/todoListSvc.js        |   0
 .../wwwroot/App/Scripts/userDataCtrl.js       |   0
 .../wwwroot/App/Views/Home.html               |   0
 .../wwwroot/App/Views/TodoList.html           |   0
 .../wwwroot/App/Views/UserData.html           |   0
 .../JwtBearerSample/wwwroot/index.html        |   0
 .../AuthPropertiesTokenCache.cs               |   0
 .../OpenIdConnect.AzureAdSample.csproj        |   0
 .../OpenIdConnect.AzureAdSample/Program.cs    |   0
 .../Properties/launchSettings.json            |   0
 .../OpenIdConnect.AzureAdSample/Readme.md     |   0
 .../OpenIdConnect.AzureAdSample/Startup.cs    |   0
 .../OpenIdConnectSample.csproj                |   0
 .../samples}/OpenIdConnectSample/Program.cs   |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/OpenIdConnectSample/Readme.md    |   0
 .../samples}/OpenIdConnectSample/Startup.cs   |   0
 .../compiler/resources/cert.pfx               | Bin
 .../Security/samples}/SocialSample/Program.cs |   0
 .../Properties/launchSettings.json            |   0
 .../samples}/SocialSample/SocialSample.csproj |   0
 .../Security/samples}/SocialSample/Startup.cs |   0
 .../SocialSample/compiler/resources/cert.pfx  | Bin
 .../Security/samples}/SocialSample/web.config |   0
 .../Security/samples}/WsFedSample/Program.cs  |   0
 .../Properties/launchSettings.json            |   0
 .../Security/samples}/WsFedSample/Startup.cs  |   0
 .../samples}/WsFedSample/WsFedSample.csproj   |   0
 .../WsFedSample/compiler/resources/cert.pfx   | Bin
 .../ChunkingCookieManager.cs                  |   0
 src/{ => Security/src}/Directory.Build.props  |   0
 .../Constants.cs                              |   0
 .../CookieAppBuilderExtensions.cs             |   0
 .../CookieAuthenticationDefaults.cs           |   0
 .../CookieAuthenticationHandler.cs            |   0
 .../CookieAuthenticationOptions.cs            |   0
 .../CookieExtensions.cs                       |   0
 .../Events/CookieAuthenticationEvents.cs      |   0
 .../Events/CookieSignedInContext.cs           |   0
 .../Events/CookieSigningInContext.cs          |   0
 .../Events/CookieSigningOutContext.cs         |   0
 .../Events/CookieValidatePrincipalContext.cs  |   0
 .../ICookieManager.cs                         |   0
 .../ITicketStore.cs                           |   0
 .../LoggingExtensions.cs                      |   0
 ...t.AspNetCore.Authentication.Cookies.csproj |   0
 ...ostConfigureCookieAuthenticationOptions.cs |   0
 .../baseline.netcore.json                     |   0
 .../FacebookAppBuilderExtensions.cs           |   0
 .../FacebookDefaults.cs                       |   0
 .../FacebookExtensions.cs                     |   0
 .../FacebookHandler.cs                        |   0
 .../FacebookOptions.cs                        |   0
 ....AspNetCore.Authentication.Facebook.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../GoogleAppBuilderExtensions.cs             |   0
 .../GoogleChallengeProperties.cs              |   0
 .../GoogleDefaults.cs                         |   0
 .../GoogleExtensions.cs                       |   0
 .../GoogleHandler.cs                          |   0
 .../GoogleHelper.cs                           |   0
 .../GoogleOptions.cs                          |   0
 ...ft.AspNetCore.Authentication.Google.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../Events/AuthenticationFailedContext.cs     |   0
 .../Events/JwtBearerChallengeContext.cs       |   0
 .../Events/JwtBearerEvents.cs                 |   0
 .../Events/MessageReceivedContext.cs          |   0
 .../Events/TokenValidatedContext.cs           |   0
 .../JwtBearerAppBuilderExtensions.cs          |   0
 .../JwtBearerDefaults.cs                      |   0
 .../JwtBearerExtensions.cs                    |   0
 .../JwtBearerHandler.cs                       |   0
 .../JwtBearerOptions.cs                       |   0
 .../JwtBearerPostConfigureOptions.cs          |   0
 .../LoggingExtensions.cs                      |   0
 ...AspNetCore.Authentication.JwtBearer.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 ...ore.Authentication.MicrosoftAccount.csproj |   0
 .../MicrosoftAccountAppBuilderExtensions.cs   |   0
 .../MicrosoftAccountDefaults.cs               |   0
 .../MicrosoftAccountExtensions.cs             |   0
 .../MicrosoftAccountHandler.cs                |   0
 .../MicrosoftAccountOptions.cs                |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../Claims/ClaimAction.cs                     |   0
 .../Claims/ClaimActionCollection.cs           |   0
 .../ClaimActionCollectionMapExtensions.cs     |   0
 .../Claims/CustomJsonClaimAction.cs           |   0
 .../Claims/DeleteClaimAction.cs               |   0
 .../Claims/JsonKeyClaimAction.cs              |   0
 .../Claims/JsonSubKeyClaimAction.cs           |   0
 .../Claims/MapAllClaimsAction.cs              |   0
 .../Events/OAuthCreatingTicketContext.cs      |   0
 .../Events/OAuthEvents.cs                     |   0
 ...oft.AspNetCore.Authentication.OAuth.csproj |   0
 .../OAuthAppBuilderExtensions.cs              |   0
 .../OAuthChallengeProperties.cs               |   0
 .../OAuthDefaults.cs                          |   0
 .../OAuthExtensions.cs                        |   0
 .../OAuthHandler.cs                           |   0
 .../OAuthOptions.cs                           |   0
 .../OAuthPostConfigureOptions.cs              |   0
 .../OAuthTokenResponse.cs                     |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../ClaimActionCollectionUniqueExtensions.cs  |   0
 .../Claims/UniqueJsonKeyClaimAction.cs        |   0
 .../Events/AuthenticationFailedContext.cs     |   0
 .../AuthorizationCodeReceivedContext.cs       |   0
 .../Events/MessageReceivedContext.cs          |   0
 .../Events/OpenIdConnectEvents.cs             |   0
 .../Events/RedirectContext.cs                 |   0
 .../Events/RemoteSignoutContext.cs            |   0
 .../Events/TokenResponseReceivedContext.cs    |   0
 .../Events/TokenValidatedContext.cs           |   0
 .../Events/UserInformationReceivedContext.cs  |   0
 .../LoggingExtensions.cs                      |   0
 ...etCore.Authentication.OpenIdConnect.csproj |   0
 .../OpenIdConnectAppBuilderExtensions.cs      |   0
 .../OpenIdConnectChallengeProperties.cs       |   0
 .../OpenIdConnectDefaults.cs                  |   0
 .../OpenIdConnectExtensions.cs                |   0
 .../OpenIdConnectHandler.cs                   |   0
 .../OpenIdConnectOptions.cs                   |   0
 .../OpenIdConnectPostConfigureOptions.cs      |   0
 .../OpenIdConnectRedirectBehavior.cs          |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../Events/TwitterCreatingTicketContext.cs    |   0
 .../Events/TwitterEvents.cs                   |   0
 .../LoggingExtensions.cs                      |   0
 .../Messages/AccessToken.cs                   |   0
 .../Messages/RequestToken.cs                  |   0
 .../Messages/RequestTokenSerializer.cs        |   0
 ...t.AspNetCore.Authentication.Twitter.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../TwitterAppBuilderExtensions.cs            |   0
 .../TwitterDefaults.cs                        |   0
 .../TwitterExtensions.cs                      |   0
 .../TwitterHandler.cs                         |   0
 .../TwitterOptions.cs                         |   0
 .../TwitterPostConfigureOptions.cs            |   0
 .../baseline.netcore.json                     |   0
 .../Events/AuthenticationFailedContext.cs     |   0
 .../Events/MessageReceivedContext.cs          |   0
 .../Events/RedirectContext.cs                 |   0
 .../Events/RemoteSignoutContext.cs            |   0
 .../Events/SecurityTokenReceivedContext.cs    |   0
 .../Events/SecurityTokenValidatedContext.cs   |   0
 .../Events/WsFederationEvents.cs              |   0
 .../LoggingExtensions.cs                      |   0
 ...NetCore.Authentication.WsFederation.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../WsFederationDefaults.cs                   |   0
 .../WsFederationExtensions.cs                 |   0
 .../WsFederationHandler.cs                    |   0
 .../WsFederationOptions.cs                    |   0
 .../WsFederationPostConfigureOptions.cs       |   0
 .../baseline.netcore.json                     |   0
 .../AuthAppBuilderExtensions.cs               |   0
 .../AuthenticationBuilder.cs                  |   0
 .../AuthenticationHandler.cs                  |   0
 .../AuthenticationMiddleware.cs               |   0
 .../AuthenticationSchemeOptions.cs            |   0
 ...thenticationServiceCollectionExtensions.cs |   0
 .../Data/IDataSerializer.cs                   |   0
 .../Data/ISecureDataFormat.cs                 |   0
 .../Data/PropertiesDataFormat.cs              |   0
 .../Data/PropertiesSerializer.cs              |   0
 .../Data/SecureDataFormat.cs                  |   0
 .../Data/TextEncoder.cs                       |   0
 .../Data/TicketDataFormat.cs                  |   0
 .../Data/TicketSerializer.cs                  |   0
 .../Events/BaseContext.cs                     |   0
 .../Events/HandleRequestContext.cs            |   0
 .../Events/PrincipalContext.cs                |   0
 .../Events/PropertiesContext.cs               |   0
 .../Events/RedirectContext.cs                 |   0
 .../Events/RemoteAuthenticationContext.cs     |   0
 .../Events/RemoteAuthenticationEvents.cs      |   0
 .../Events/RemoteFailureContext.cs            |   0
 .../Events/ResultContext.cs                   |   0
 .../Events/TicketReceivedContext.cs           |   0
 .../HandleRequestResult.cs                    |   0
 .../ISystemClock.cs                           |   0
 .../Internal/RequestPathBaseCookieBuilder.cs  |   0
 .../LoggingExtensions.cs                      |   0
 ...Microsoft.AspNetCore.Authentication.csproj |   0
 .../PolicySchemeHandler.cs                    |   0
 .../PolicySchemeOptions.cs                    |   0
 .../Properties/Resources.Designer.cs          |   0
 .../RemoteAuthenticationHandler.cs            |   0
 .../RemoteAuthenticationOptions.cs            |   0
 .../Resources.resx                            |   0
 .../SignInAuthenticationHandler.cs            |   0
 .../SignOutAuthenticationHandler.cs           |   0
 .../SystemClock.cs                            |   0
 .../baseline.netcore.json                     |   0
 .../IPolicyEvaluator.cs                       |   0
 ...oft.AspNetCore.Authorization.Policy.csproj |   0
 .../PolicyAuthorizationResult.cs              |   0
 .../PolicyEvaluator.cs                        |   0
 .../PolicyServiceCollectionExtensions.cs      |   0
 .../baseline.netcore.json                     |   0
 .../AllowAnonymousAttribute.cs                |   0
 .../AuthorizationFailure.cs                   |   0
 .../AuthorizationHandler.cs                   |   0
 .../AuthorizationHandlerContext.cs            |   0
 .../AuthorizationOptions.cs                   |   0
 .../AuthorizationPolicy.cs                    |   0
 .../AuthorizationPolicyBuilder.cs             |   0
 .../AuthorizationResult.cs                    |   0
 ...uthorizationServiceCollectionExtensions.cs |   0
 .../AuthorizationServiceExtensions.cs         |   0
 .../AuthorizeAttribute.cs                     |   0
 .../DefaultAuthorizationEvaluator.cs          |   0
 ...faultAuthorizationHandlerContextFactory.cs |   0
 .../DefaultAuthorizationHandlerProvider.cs    |   0
 .../DefaultAuthorizationPolicyProvider.cs     |   0
 .../DefaultAuthorizationService.cs            |   0
 .../IAllowAnonymous.cs                        |   0
 .../IAuthorizationEvaluator.cs                |   0
 .../IAuthorizationHandler.cs                  |   0
 .../IAuthorizationHandlerContextFactory.cs    |   0
 .../IAuthorizationHandlerProvider.cs          |   0
 .../IAuthorizationPolicyProvider.cs           |   0
 .../IAuthorizationRequirement.cs              |   0
 .../IAuthorizationService.cs                  |   0
 .../IAuthorizeData.cs                         |   0
 .../Infrastructure/AssertionRequirement.cs    |   0
 .../ClaimsAuthorizationRequirement.cs         |   0
 .../DenyAnonymousAuthorizationRequirement.cs  |   0
 .../NameAuthorizationRequirement.cs           |   0
 .../OperationAuthorizationRequirement.cs      |   0
 .../PassThroughAuthorizationHandler.cs        |   0
 .../RolesAuthorizationRequirement.cs          |   0
 .../LoggingExtensions.cs                      |   0
 .../Microsoft.AspNetCore.Authorization.csproj |   0
 .../Properties/Resources.Designer.cs          |   0
 .../Resources.resx                            |   0
 .../baseline.netcore.json                     |   0
 .../AppendCookieContext.cs                    |   0
 .../CookiePolicyAppBuilderExtensions.cs       |   0
 .../CookiePolicyMiddleware.cs                 |   0
 .../CookiePolicyOptions.cs                    |   0
 .../DeleteCookieContext.cs                    |   0
 .../HttpOnlyPolicy.cs                         |   0
 .../LoggingExtensions.cs                      |   0
 .../Microsoft.AspNetCore.CookiePolicy.csproj  |   0
 .../ResponseCookiesWrapper.cs                 |   0
 .../baseline.netcore.json                     |   0
 .../AspNetTicketDataFormat.cs                 |   0
 .../AspNetTicketSerializer.cs                 |   0
 .../ChunkingCookieManager.cs                  |   0
 .../Constants.cs                              |   0
 .../DataProtectorShim.cs                      |   0
 .../Microsoft.Owin.Security.Interop.csproj    |   0
 .../Properties/AssemblyInfo.cs                |   0
 .../baseline.netframework.json                |   0
 .../Security/test}/Directory.Build.props      |   0
 .../AuthenticationMiddlewareTests.cs          |   0
 .../Base64UrlTextEncoderTests.cs              |   0
 .../ClaimActionTests.cs                       |   0
 .../CookieTests.cs                            |   0
 .../DynamicSchemeTests.cs                     |   0
 .../FacebookTests.cs                          |   0
 .../GoogleTests.cs                            |   0
 .../JwtBearerTests.cs                         |   0
 ...soft.AspNetCore.Authentication.Test.csproj |   0
 .../MicrosoftAccountTests.cs                  |   0
 .../OAuthChallengePropertiesTest.cs           |   0
 .../OAuthTests.cs                             |   0
 .../OpenIdConnect/MockOpenIdConnectMessage.cs |   0
 .../OpenIdConnectChallengeTests.cs            |   0
 .../OpenIdConnectConfigurationTests.cs        |   0
 .../OpenIdConnect/OpenIdConnectEventTests.cs  |   0
 .../OpenIdConnect/OpenIdConnectTests.cs       |   0
 .../OpenIdConnect/TestServerBuilder.cs        |   0
 .../OpenIdConnect/TestServerExtensions.cs     |   0
 .../OpenIdConnect/TestSettings.cs             |   0
 .../OpenIdConnect/TestTransaction.cs          |   0
 .../OpenIdConnect/wellknownconfig.json        |   0
 .../OpenIdConnect/wellknownkeys.json          |   0
 .../PolicyTests.cs                            |   0
 .../SecureDataFormatTests.cs                  |   0
 .../TestClock.cs                              |   0
 .../TestExtensions.cs                         |   0
 .../TestHandlers.cs                           |   0
 .../TestHttpMessageHandler.cs                 |   0
 .../TicketSerializerTests.cs                  |   0
 .../TokenExtensionTests.cs                    |   0
 .../Transaction.cs                            |   0
 .../TwitterTests.cs                           |   0
 .../WsFederation/CustomStateDataFormat.cs     |   0
 .../WsFederation/InvalidToken.xml             |   0
 .../WsFederation/TestSecurityToken.cs         |   0
 .../TestSecurityTokenValidator.cs             |   0
 .../WsFederation/ValidToken.xml               |   0
 .../WsFederation/WsFederationTest.cs          |   0
 .../WsFederation/federationmetadata.xml       |   0
 .../katanatest.redmond.corp.microsoft.com.cer | Bin
 .../selfSigned.cer                            | Bin
 .../AuthorizationPolicyFacts.cs               |   0
 .../DefaultAuthorizationServiceTests.cs       |   0
 ...osoft.AspNetCore.Authorization.Test.csproj |   0
 .../PolicyEvaluatorTests.cs                   |   0
 .../CookieChunkingTests.cs                    |   0
 ....ChunkingCookieManager.Sources.Test.csproj |   0
 .../CookieConsentTests.cs                     |   0
 .../CookiePolicyTests.cs                      |   0
 ...rosoft.AspNetCore.CookiePolicy.Test.csproj |   0
 .../TestExtensions.cs                         |   0
 .../Transaction.cs                            |   0
 .../CookieInteropTests.cs                     |   0
 ...icrosoft.Owin.Security.Interop.Test.csproj |   0
 .../TicketInteropTests.cs                     |   0
 version.props => src/Security/version.props   |   0
 375 files changed, 565 deletions(-)
 delete mode 100644 .appveyor.yml
 delete mode 100644 .gitattributes
 delete mode 100644 .travis.yml
 delete mode 100644 CONTRIBUTING.md
 delete mode 100644 LICENSE.txt
 delete mode 100644 NuGet.config
 delete mode 100644 build.cmd
 delete mode 100755 build.sh
 delete mode 100644 korebuild-lock.txt
 delete mode 100644 korebuild.json
 delete mode 100644 run.cmd
 delete mode 100644 run.ps1
 delete mode 100755 run.sh
 rename .gitignore => src/Security/.gitignore (100%)
 rename Directory.Build.props => src/Security/Directory.Build.props (100%)
 rename Directory.Build.targets => src/Security/Directory.Build.targets (100%)
 rename NuGetPackageVerifier.json => src/Security/NuGetPackageVerifier.json (100%)
 rename README.md => src/Security/README.md (100%)
 rename Security.sln => src/Security/Security.sln (100%)
 rename {build => src/Security/build}/Key.snk (100%)
 rename {build => src/Security/build}/dependencies.props (100%)
 rename {build => src/Security/build}/repo.props (100%)
 rename {build => src/Security/build}/sources.props (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/CookiePolicySample.csproj (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/Program.cs (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/CookiePolicySample/Startup.cs (100%)
 rename {samples => src/Security/samples}/CookieSample/CookieSample.csproj (100%)
 rename {samples => src/Security/samples}/CookieSample/Program.cs (100%)
 rename {samples => src/Security/samples}/CookieSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/CookieSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/CookieSessionSample.csproj (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/MemoryCacheTicketStore.cs (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/Program.cs (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/CookieSessionSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/JwtBearerSample.csproj (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Program.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/Todo.cs (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/app.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Views/Home.html (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Views/TodoList.html (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/App/Views/UserData.html (100%)
 rename {samples => src/Security/samples}/JwtBearerSample/wwwroot/index.html (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Program.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Readme.md (100%)
 rename {samples => src/Security/samples}/OpenIdConnect.AzureAdSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/OpenIdConnectSample.csproj (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Program.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Readme.md (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/OpenIdConnectSample/compiler/resources/cert.pfx (100%)
 rename {samples => src/Security/samples}/SocialSample/Program.cs (100%)
 rename {samples => src/Security/samples}/SocialSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/SocialSample/SocialSample.csproj (100%)
 rename {samples => src/Security/samples}/SocialSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/SocialSample/compiler/resources/cert.pfx (100%)
 rename {samples => src/Security/samples}/SocialSample/web.config (100%)
 rename {samples => src/Security/samples}/WsFedSample/Program.cs (100%)
 rename {samples => src/Security/samples}/WsFedSample/Properties/launchSettings.json (100%)
 rename {samples => src/Security/samples}/WsFedSample/Startup.cs (100%)
 rename {samples => src/Security/samples}/WsFedSample/WsFedSample.csproj (100%)
 rename {samples => src/Security/samples}/WsFedSample/compiler/resources/cert.pfx (100%)
 rename {shared => src/Security/shared}/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs (100%)
 rename src/{ => Security/src}/Directory.Build.props (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/ISystemClock.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/SystemClock.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authentication/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/Resources.resx (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.Authorization/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs (100%)
 rename src/{ => Security/src}/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/Constants.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/DataProtectorShim.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs (100%)
 rename src/{ => Security/src}/Microsoft.Owin.Security.Interop/baseline.netframework.json (100%)
 rename {test => src/Security/test}/Directory.Build.props (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestClock.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/Transaction.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs (100%)
 rename {test => src/Security/test}/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs (100%)
 rename {test => src/Security/test}/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs (100%)
 rename {test => src/Security/test}/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj (100%)
 rename {test => src/Security/test}/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs (100%)
 rename version.props => src/Security/version.props (100%)

diff --git a/.appveyor.yml b/.appveyor.yml
deleted file mode 100644
index 4eea96ab69..0000000000
--- a/.appveyor.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-init:
-- git config --global core.autocrlf true
-branches:
-  only:
-  - dev
-  - /^release\/.*$/
-  - /^(.*\/)?ci-.*$/
-build_script:
-- ps: .\run.ps1 default-build
-clone_depth: 1
-environment:
-  global:
-    DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
-    DOTNET_CLI_TELEMETRY_OPTOUT: 1
-test: 'off'
-deploy: 'off'
-os: Visual Studio 2017
diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index 97b827b758..0000000000
--- a/.gitattributes
+++ /dev/null
@@ -1,51 +0,0 @@
-*.doc  diff=astextplain
-*.DOC	diff=astextplain
-*.docx	diff=astextplain
-*.DOCX	diff=astextplain
-*.dot	diff=astextplain
-*.DOT	diff=astextplain
-*.pdf	diff=astextplain
-*.PDF	diff=astextplain
-*.rtf	diff=astextplain
-*.RTF	diff=astextplain
-
-*.jpg  	binary
-*.png 	binary
-*.gif 	binary
-
-*.cs text=auto diff=csharp 
-*.vb text=auto
-*.resx text=auto
-*.c text=auto
-*.cpp text=auto
-*.cxx text=auto
-*.h text=auto
-*.hxx text=auto
-*.py text=auto
-*.rb text=auto
-*.java text=auto
-*.html text=auto
-*.htm text=auto
-*.css text=auto
-*.scss text=auto
-*.sass text=auto
-*.less text=auto
-*.js text=auto
-*.lisp text=auto
-*.clj text=auto
-*.sql text=auto
-*.php text=auto
-*.lua text=auto
-*.m text=auto
-*.asm text=auto
-*.erl text=auto
-*.fs text=auto
-*.fsx text=auto
-*.hs text=auto
-
-*.csproj text=auto
-*.vbproj text=auto
-*.fsproj text=auto
-*.dbproj text=auto
-*.sln text=auto eol=crlf
-*.sh eol=lf
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 64bdbb4441..0000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-language: csharp
-sudo: false
-dist: trusty
-env:
-  global:
-  - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
-  - DOTNET_CLI_TELEMETRY_OPTOUT: 1
-mono: none
-os:
-- linux
-- osx
-osx_image: xcode8.2
-addons:
-  apt:
-    packages:
-    - libunwind8
-branches:
-  only:
-  - dev
-  - /^release\/.*$/
-  - /^(.*\/)?ci-.*$/
-before_install:
-- if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s
-  /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib
-  /usr/local/lib/; fi
-script:
-- ./build.sh
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
deleted file mode 100644
index 64ff041d5c..0000000000
--- a/CONTRIBUTING.md
+++ /dev/null
@@ -1,4 +0,0 @@
-Contributing
-======
-
-Information on contributing to this repo is in the [Contributing Guide](https://github.com/aspnet/Home/blob/dev/CONTRIBUTING.md) in the Home repo.
diff --git a/LICENSE.txt b/LICENSE.txt
deleted file mode 100644
index 7b2956ecee..0000000000
--- a/LICENSE.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-Copyright (c) .NET Foundation and Contributors
-
-All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License"); you may not use
-this file except in compliance with the License. You may obtain a copy of the
-License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software distributed
-under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-CONDITIONS OF ANY KIND, either express or implied. See the License for the
-specific language governing permissions and limitations under the License.
diff --git a/NuGet.config b/NuGet.config
deleted file mode 100644
index e32bddfd51..0000000000
--- a/NuGet.config
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <packageSources>
-    <clear />
-    <!-- Restore sources should be defined in build/sources.props. -->
-  </packageSources>
-</configuration>
diff --git a/build.cmd b/build.cmd
deleted file mode 100644
index c0050bda12..0000000000
--- a/build.cmd
+++ /dev/null
@@ -1,2 +0,0 @@
-@ECHO OFF
-PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0run.ps1' default-build %*; exit $LASTEXITCODE"
diff --git a/build.sh b/build.sh
deleted file mode 100755
index 98a4b22765..0000000000
--- a/build.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-# Call "sync" between "chmod" and execution to prevent "text file busy" error in Docker (aufs)
-chmod +x "$DIR/run.sh"; sync
-"$DIR/run.sh" default-build "$@"
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
deleted file mode 100644
index 251c227c83..0000000000
--- a/korebuild-lock.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-version:2.1.3-rtm-15802
-commithash:a7c08b45b440a7d2058a0aa1eaa3eb6ba811976a
diff --git a/korebuild.json b/korebuild.json
deleted file mode 100644
index 678d8bb948..0000000000
--- a/korebuild.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/release/2.1/tools/korebuild.schema.json",
-  "channel": "release/2.1"
-}
diff --git a/run.cmd b/run.cmd
deleted file mode 100644
index d52d5c7e68..0000000000
--- a/run.cmd
+++ /dev/null
@@ -1,2 +0,0 @@
-@ECHO OFF
-PowerShell -NoProfile -NoLogo -ExecutionPolicy unrestricted -Command "[System.Threading.Thread]::CurrentThread.CurrentCulture = ''; [System.Threading.Thread]::CurrentThread.CurrentUICulture = '';& '%~dp0run.ps1' %*; exit $LASTEXITCODE"
diff --git a/run.ps1 b/run.ps1
deleted file mode 100644
index 27dcf848f8..0000000000
--- a/run.ps1
+++ /dev/null
@@ -1,196 +0,0 @@
-#!/usr/bin/env powershell
-#requires -version 4
-
-<#
-.SYNOPSIS
-Executes KoreBuild commands.
-
-.DESCRIPTION
-Downloads korebuild if required. Then executes the KoreBuild command. To see available commands, execute with `-Command help`.
-
-.PARAMETER Command
-The KoreBuild command to run.
-
-.PARAMETER Path
-The folder to build. Defaults to the folder containing this script.
-
-.PARAMETER Channel
-The channel of KoreBuild to download. Overrides the value from the config file.
-
-.PARAMETER DotNetHome
-The directory where .NET Core tools will be stored.
-
-.PARAMETER ToolsSource
-The base url where build tools can be downloaded. Overrides the value from the config file.
-
-.PARAMETER Update
-Updates KoreBuild to the latest version even if a lock file is present.
-
-.PARAMETER ConfigFile
-The path to the configuration file that stores values. Defaults to korebuild.json.
-
-.PARAMETER ToolsSourceSuffix
-The Suffix to append to the end of the ToolsSource. Useful for query strings in blob stores.
-
-.PARAMETER Arguments
-Arguments to be passed to the command
-
-.NOTES
-This function will create a file $PSScriptRoot/korebuild-lock.txt. This lock file can be committed to source, but does not have to be.
-When the lockfile is not present, KoreBuild will create one using latest available version from $Channel.
-
-The $ConfigFile is expected to be an JSON file. It is optional, and the configuration values in it are optional as well. Any options set
-in the file are overridden by command line parameters.
-
-.EXAMPLE
-Example config file:
-```json
-{
-  "$schema": "https://raw.githubusercontent.com/aspnet/BuildTools/dev/tools/korebuild.schema.json",
-  "channel": "dev",
-  "toolsSource": "https://aspnetcore.blob.core.windows.net/buildtools"
-}
-```
-#>
-[CmdletBinding(PositionalBinding = $false)]
-param(
-    [Parameter(Mandatory = $true, Position = 0)]
-    [string]$Command,
-    [string]$Path = $PSScriptRoot,
-    [Alias('c')]
-    [string]$Channel,
-    [Alias('d')]
-    [string]$DotNetHome,
-    [Alias('s')]
-    [string]$ToolsSource,
-    [Alias('u')]
-    [switch]$Update,
-    [string]$ConfigFile,
-    [string]$ToolsSourceSuffix,
-    [Parameter(ValueFromRemainingArguments = $true)]
-    [string[]]$Arguments
-)
-
-Set-StrictMode -Version 2
-$ErrorActionPreference = 'Stop'
-
-#
-# Functions
-#
-
-function Get-KoreBuild {
-
-    $lockFile = Join-Path $Path 'korebuild-lock.txt'
-
-    if (!(Test-Path $lockFile) -or $Update) {
-        Get-RemoteFile "$ToolsSource/korebuild/channels/$Channel/latest.txt" $lockFile $ToolsSourceSuffix
-    }
-
-    $version = Get-Content $lockFile | Where-Object { $_ -like 'version:*' } | Select-Object -first 1
-    if (!$version) {
-        Write-Error "Failed to parse version from $lockFile. Expected a line that begins with 'version:'"
-    }
-    $version = $version.TrimStart('version:').Trim()
-    $korebuildPath = Join-Paths $DotNetHome ('buildtools', 'korebuild', $version)
-
-    if (!(Test-Path $korebuildPath)) {
-        Write-Host -ForegroundColor Magenta "Downloading KoreBuild $version"
-        New-Item -ItemType Directory -Path $korebuildPath | Out-Null
-        $remotePath = "$ToolsSource/korebuild/artifacts/$version/korebuild.$version.zip"
-
-        try {
-            $tmpfile = Join-Path ([IO.Path]::GetTempPath()) "KoreBuild-$([guid]::NewGuid()).zip"
-            Get-RemoteFile $remotePath $tmpfile $ToolsSourceSuffix
-            if (Get-Command -Name 'Expand-Archive' -ErrorAction Ignore) {
-                # Use built-in commands where possible as they are cross-plat compatible
-                Expand-Archive -Path $tmpfile -DestinationPath $korebuildPath
-            }
-            else {
-                # Fallback to old approach for old installations of PowerShell
-                Add-Type -AssemblyName System.IO.Compression.FileSystem
-                [System.IO.Compression.ZipFile]::ExtractToDirectory($tmpfile, $korebuildPath)
-            }
-        }
-        catch {
-            Remove-Item -Recurse -Force $korebuildPath -ErrorAction Ignore
-            throw
-        }
-        finally {
-            Remove-Item $tmpfile -ErrorAction Ignore
-        }
-    }
-
-    return $korebuildPath
-}
-
-function Join-Paths([string]$path, [string[]]$childPaths) {
-    $childPaths | ForEach-Object { $path = Join-Path $path $_ }
-    return $path
-}
-
-function Get-RemoteFile([string]$RemotePath, [string]$LocalPath, [string]$RemoteSuffix) {
-    if ($RemotePath -notlike 'http*') {
-        Copy-Item $RemotePath $LocalPath
-        return
-    }
-
-    $retries = 10
-    while ($retries -gt 0) {
-        $retries -= 1
-        try {
-            Invoke-WebRequest -UseBasicParsing -Uri $($RemotePath + $RemoteSuffix) -OutFile $LocalPath
-            return
-        }
-        catch {
-            Write-Verbose "Request failed. $retries retries remaining"
-        }
-    }
-
-    Write-Error "Download failed: '$RemotePath'."
-}
-
-#
-# Main
-#
-
-# Load configuration or set defaults
-
-$Path = Resolve-Path $Path
-if (!$ConfigFile) { $ConfigFile = Join-Path $Path 'korebuild.json' }
-
-if (Test-Path $ConfigFile) {
-    try {
-        $config = Get-Content -Raw -Encoding UTF8 -Path $ConfigFile | ConvertFrom-Json
-        if ($config) {
-            if (!($Channel) -and (Get-Member -Name 'channel' -InputObject $config)) { [string] $Channel = $config.channel }
-            if (!($ToolsSource) -and (Get-Member -Name 'toolsSource' -InputObject $config)) { [string] $ToolsSource = $config.toolsSource}
-        }
-    }
-    catch {
-        Write-Warning "$ConfigFile could not be read. Its settings will be ignored."
-        Write-Warning $Error[0]
-    }
-}
-
-if (!$DotNetHome) {
-    $DotNetHome = if ($env:DOTNET_HOME) { $env:DOTNET_HOME } `
-        elseif ($env:USERPROFILE) { Join-Path $env:USERPROFILE '.dotnet'} `
-        elseif ($env:HOME) {Join-Path $env:HOME '.dotnet'}`
-        else { Join-Path $PSScriptRoot '.dotnet'}
-}
-
-if (!$Channel) { $Channel = 'dev' }
-if (!$ToolsSource) { $ToolsSource = 'https://aspnetcore.blob.core.windows.net/buildtools' }
-
-# Execute
-
-$korebuildPath = Get-KoreBuild
-Import-Module -Force -Scope Local (Join-Path $korebuildPath 'KoreBuild.psd1')
-
-try {
-    Set-KoreBuildSettings -ToolsSource $ToolsSource -DotNetHome $DotNetHome -RepoPath $Path -ConfigFile $ConfigFile
-    Invoke-KoreBuildCommand $Command @Arguments
-}
-finally {
-    Remove-Module 'KoreBuild' -ErrorAction Ignore
-}
diff --git a/run.sh b/run.sh
deleted file mode 100755
index 834961fc3a..0000000000
--- a/run.sh
+++ /dev/null
@@ -1,231 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-#
-# variables
-#
-
-RESET="\033[0m"
-RED="\033[0;31m"
-YELLOW="\033[0;33m"
-MAGENTA="\033[0;95m"
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-[ -z "${DOTNET_HOME:-}" ] && DOTNET_HOME="$HOME/.dotnet"
-verbose=false
-update=false
-repo_path="$DIR"
-channel=''
-tools_source=''
-tools_source_suffix=''
-
-#
-# Functions
-#
-__usage() {
-    echo "Usage: $(basename "${BASH_SOURCE[0]}") command [options] [[--] <Arguments>...]"
-    echo ""
-    echo "Arguments:"
-    echo "    command                The command to be run."
-    echo "    <Arguments>...         Arguments passed to the command. Variable number of arguments allowed."
-    echo ""
-    echo "Options:"
-    echo "    --verbose                                             Show verbose output."
-    echo "    -c|--channel <CHANNEL>                                The channel of KoreBuild to download. Overrides the value from the config file.."
-    echo "    --config-file <FILE>                                  The path to the configuration file that stores values. Defaults to korebuild.json."
-    echo "    -d|--dotnet-home <DIR>                                The directory where .NET Core tools will be stored. Defaults to '\$DOTNET_HOME' or '\$HOME/.dotnet."
-    echo "    --path <PATH>                                         The directory to build. Defaults to the directory containing the script."
-    echo "    -s|--tools-source|-ToolsSource <URL>                  The base url where build tools can be downloaded. Overrides the value from the config file."
-    echo "    --tools-source-suffix|-ToolsSourceSuffix <SUFFIX>     The suffix to append to tools-source. Useful for query strings."
-    echo "    -u|--update                                           Update to the latest KoreBuild even if the lock file is present."
-    echo ""
-    echo "Description:"
-    echo "    This function will create a file \$DIR/korebuild-lock.txt. This lock file can be committed to source, but does not have to be."
-    echo "    When the lockfile is not present, KoreBuild will create one using latest available version from \$channel."
-
-    if [[ "${1:-}" != '--no-exit' ]]; then
-        exit 2
-    fi
-}
-
-get_korebuild() {
-    local version
-    local lock_file="$repo_path/korebuild-lock.txt"
-    if [ ! -f "$lock_file" ] || [ "$update" = true ]; then
-        __get_remote_file "$tools_source/korebuild/channels/$channel/latest.txt" "$lock_file" "$tools_source_suffix"
-    fi
-    version="$(grep 'version:*' -m 1 "$lock_file")"
-    if [[ "$version" == '' ]]; then
-        __error "Failed to parse version from $lock_file. Expected a line that begins with 'version:'"
-        return 1
-    fi
-    version="$(echo "${version#version:}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-    local korebuild_path="$DOTNET_HOME/buildtools/korebuild/$version"
-
-    {
-        if [ ! -d "$korebuild_path" ]; then
-            mkdir -p "$korebuild_path"
-            local remote_path="$tools_source/korebuild/artifacts/$version/korebuild.$version.zip"
-            tmpfile="$(mktemp)"
-            echo -e "${MAGENTA}Downloading KoreBuild ${version}${RESET}"
-            if __get_remote_file "$remote_path" "$tmpfile" "$tools_source_suffix"; then
-                unzip -q -d "$korebuild_path" "$tmpfile"
-            fi
-            rm "$tmpfile" || true
-        fi
-
-        source "$korebuild_path/KoreBuild.sh"
-    } || {
-        if [ -d "$korebuild_path" ]; then
-            echo "Cleaning up after failed installation"
-            rm -rf "$korebuild_path" || true
-        fi
-        return 1
-    }
-}
-
-__error() {
-    echo -e "${RED}error: $*${RESET}" 1>&2
-}
-
-__warn() {
-    echo -e "${YELLOW}warning: $*${RESET}"
-}
-
-__machine_has() {
-    hash "$1" > /dev/null 2>&1
-    return $?
-}
-
-__get_remote_file() {
-    local remote_path=$1
-    local local_path=$2
-    local remote_path_suffix=$3
-
-    if [[ "$remote_path" != 'http'* ]]; then
-        cp "$remote_path" "$local_path"
-        return 0
-    fi
-
-    local failed=false
-    if __machine_has wget; then
-        wget --tries 10 --quiet -O "$local_path" "${remote_path}${remote_path_suffix}" || failed=true
-    else
-        failed=true
-    fi
-
-    if [ "$failed" = true ] && __machine_has curl; then
-        failed=false
-        curl --retry 10 -sSL -f --create-dirs -o "$local_path" "${remote_path}${remote_path_suffix}" || failed=true
-    fi
-
-    if [ "$failed" = true ]; then
-        __error "Download failed: $remote_path" 1>&2
-        return 1
-    fi
-}
-
-#
-# main
-#
-
-command="${1:-}"
-shift
-
-while [[ $# -gt 0 ]]; do
-    case $1 in
-        -\?|-h|--help)
-            __usage --no-exit
-            exit 0
-            ;;
-        -c|--channel|-Channel)
-            shift
-            channel="${1:-}"
-            [ -z "$channel" ] && __usage
-            ;;
-        --config-file|-ConfigFile)
-            shift
-            config_file="${1:-}"
-            [ -z "$config_file" ] && __usage
-            if [ ! -f "$config_file" ]; then
-                __error "Invalid value for --config-file. $config_file does not exist."
-                exit 1
-            fi
-            ;;
-        -d|--dotnet-home|-DotNetHome)
-            shift
-            DOTNET_HOME="${1:-}"
-            [ -z "$DOTNET_HOME" ] && __usage
-            ;;
-        --path|-Path)
-            shift
-            repo_path="${1:-}"
-            [ -z "$repo_path" ] && __usage
-            ;;
-        -s|--tools-source|-ToolsSource)
-            shift
-            tools_source="${1:-}"
-            [ -z "$tools_source" ] && __usage
-            ;;
-        --tools-source-suffix|-ToolsSourceSuffix)
-            shift
-            tools_source_suffix="${1:-}"
-            [ -z "$tools_source_suffix" ] && __usage
-            ;;
-        -u|--update|-Update)
-            update=true
-            ;;
-        --verbose|-Verbose)
-            verbose=true
-            ;;
-        --)
-            shift
-            break
-            ;;
-        *)
-            break
-            ;;
-    esac
-    shift
-done
-
-if ! __machine_has unzip; then
-    __error 'Missing required command: unzip'
-    exit 1
-fi
-
-if ! __machine_has curl && ! __machine_has wget; then
-    __error 'Missing required command. Either wget or curl is required.'
-    exit 1
-fi
-
-[ -z "${config_file:-}" ] && config_file="$repo_path/korebuild.json"
-if [ -f "$config_file" ]; then
-    if __machine_has jq ; then
-        if jq '.' "$config_file" >/dev/null ; then
-            config_channel="$(jq -r 'select(.channel!=null) | .channel' "$config_file")"
-            config_tools_source="$(jq -r 'select(.toolsSource!=null) | .toolsSource' "$config_file")"
-        else
-            __warn "$config_file is invalid JSON. Its settings will be ignored."
-        fi
-    elif __machine_has python ; then
-        if python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'))" >/dev/null ; then
-            config_channel="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['channel'] if 'channel' in obj else '')")"
-            config_tools_source="$(python -c "import json,codecs;obj=json.load(codecs.open('$config_file', 'r', 'utf-8-sig'));print(obj['toolsSource'] if 'toolsSource' in obj else '')")"
-        else
-            __warn "$config_file is invalid JSON. Its settings will be ignored."
-        fi
-    else
-        __warn 'Missing required command: jq or pyton. Could not parse the JSON file. Its settings will be ignored.'
-    fi
-
-    [ ! -z "${config_channel:-}" ] && channel="$config_channel"
-    [ ! -z "${config_tools_source:-}" ] && tools_source="$config_tools_source"
-fi
-
-[ -z "$channel" ] && channel='dev'
-[ -z "$tools_source" ] && tools_source='https://aspnetcore.blob.core.windows.net/buildtools'
-
-get_korebuild
-set_korebuildsettings "$tools_source" "$DOTNET_HOME" "$repo_path" "$config_file"
-invoke_korebuild_command "$command" "$@"
diff --git a/.gitignore b/src/Security/.gitignore
similarity index 100%
rename from .gitignore
rename to src/Security/.gitignore
diff --git a/Directory.Build.props b/src/Security/Directory.Build.props
similarity index 100%
rename from Directory.Build.props
rename to src/Security/Directory.Build.props
diff --git a/Directory.Build.targets b/src/Security/Directory.Build.targets
similarity index 100%
rename from Directory.Build.targets
rename to src/Security/Directory.Build.targets
diff --git a/NuGetPackageVerifier.json b/src/Security/NuGetPackageVerifier.json
similarity index 100%
rename from NuGetPackageVerifier.json
rename to src/Security/NuGetPackageVerifier.json
diff --git a/README.md b/src/Security/README.md
similarity index 100%
rename from README.md
rename to src/Security/README.md
diff --git a/Security.sln b/src/Security/Security.sln
similarity index 100%
rename from Security.sln
rename to src/Security/Security.sln
diff --git a/build/Key.snk b/src/Security/build/Key.snk
similarity index 100%
rename from build/Key.snk
rename to src/Security/build/Key.snk
diff --git a/build/dependencies.props b/src/Security/build/dependencies.props
similarity index 100%
rename from build/dependencies.props
rename to src/Security/build/dependencies.props
diff --git a/build/repo.props b/src/Security/build/repo.props
similarity index 100%
rename from build/repo.props
rename to src/Security/build/repo.props
diff --git a/build/sources.props b/src/Security/build/sources.props
similarity index 100%
rename from build/sources.props
rename to src/Security/build/sources.props
diff --git a/samples/CookiePolicySample/CookiePolicySample.csproj b/src/Security/samples/CookiePolicySample/CookiePolicySample.csproj
similarity index 100%
rename from samples/CookiePolicySample/CookiePolicySample.csproj
rename to src/Security/samples/CookiePolicySample/CookiePolicySample.csproj
diff --git a/samples/CookiePolicySample/Program.cs b/src/Security/samples/CookiePolicySample/Program.cs
similarity index 100%
rename from samples/CookiePolicySample/Program.cs
rename to src/Security/samples/CookiePolicySample/Program.cs
diff --git a/samples/CookiePolicySample/Properties/launchSettings.json b/src/Security/samples/CookiePolicySample/Properties/launchSettings.json
similarity index 100%
rename from samples/CookiePolicySample/Properties/launchSettings.json
rename to src/Security/samples/CookiePolicySample/Properties/launchSettings.json
diff --git a/samples/CookiePolicySample/Startup.cs b/src/Security/samples/CookiePolicySample/Startup.cs
similarity index 100%
rename from samples/CookiePolicySample/Startup.cs
rename to src/Security/samples/CookiePolicySample/Startup.cs
diff --git a/samples/CookieSample/CookieSample.csproj b/src/Security/samples/CookieSample/CookieSample.csproj
similarity index 100%
rename from samples/CookieSample/CookieSample.csproj
rename to src/Security/samples/CookieSample/CookieSample.csproj
diff --git a/samples/CookieSample/Program.cs b/src/Security/samples/CookieSample/Program.cs
similarity index 100%
rename from samples/CookieSample/Program.cs
rename to src/Security/samples/CookieSample/Program.cs
diff --git a/samples/CookieSample/Properties/launchSettings.json b/src/Security/samples/CookieSample/Properties/launchSettings.json
similarity index 100%
rename from samples/CookieSample/Properties/launchSettings.json
rename to src/Security/samples/CookieSample/Properties/launchSettings.json
diff --git a/samples/CookieSample/Startup.cs b/src/Security/samples/CookieSample/Startup.cs
similarity index 100%
rename from samples/CookieSample/Startup.cs
rename to src/Security/samples/CookieSample/Startup.cs
diff --git a/samples/CookieSessionSample/CookieSessionSample.csproj b/src/Security/samples/CookieSessionSample/CookieSessionSample.csproj
similarity index 100%
rename from samples/CookieSessionSample/CookieSessionSample.csproj
rename to src/Security/samples/CookieSessionSample/CookieSessionSample.csproj
diff --git a/samples/CookieSessionSample/MemoryCacheTicketStore.cs b/src/Security/samples/CookieSessionSample/MemoryCacheTicketStore.cs
similarity index 100%
rename from samples/CookieSessionSample/MemoryCacheTicketStore.cs
rename to src/Security/samples/CookieSessionSample/MemoryCacheTicketStore.cs
diff --git a/samples/CookieSessionSample/Program.cs b/src/Security/samples/CookieSessionSample/Program.cs
similarity index 100%
rename from samples/CookieSessionSample/Program.cs
rename to src/Security/samples/CookieSessionSample/Program.cs
diff --git a/samples/CookieSessionSample/Properties/launchSettings.json b/src/Security/samples/CookieSessionSample/Properties/launchSettings.json
similarity index 100%
rename from samples/CookieSessionSample/Properties/launchSettings.json
rename to src/Security/samples/CookieSessionSample/Properties/launchSettings.json
diff --git a/samples/CookieSessionSample/Startup.cs b/src/Security/samples/CookieSessionSample/Startup.cs
similarity index 100%
rename from samples/CookieSessionSample/Startup.cs
rename to src/Security/samples/CookieSessionSample/Startup.cs
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/src/Security/samples/JwtBearerSample/JwtBearerSample.csproj
similarity index 100%
rename from samples/JwtBearerSample/JwtBearerSample.csproj
rename to src/Security/samples/JwtBearerSample/JwtBearerSample.csproj
diff --git a/samples/JwtBearerSample/Program.cs b/src/Security/samples/JwtBearerSample/Program.cs
similarity index 100%
rename from samples/JwtBearerSample/Program.cs
rename to src/Security/samples/JwtBearerSample/Program.cs
diff --git a/samples/JwtBearerSample/Properties/launchSettings.json b/src/Security/samples/JwtBearerSample/Properties/launchSettings.json
similarity index 100%
rename from samples/JwtBearerSample/Properties/launchSettings.json
rename to src/Security/samples/JwtBearerSample/Properties/launchSettings.json
diff --git a/samples/JwtBearerSample/Startup.cs b/src/Security/samples/JwtBearerSample/Startup.cs
similarity index 100%
rename from samples/JwtBearerSample/Startup.cs
rename to src/Security/samples/JwtBearerSample/Startup.cs
diff --git a/samples/JwtBearerSample/Todo.cs b/src/Security/samples/JwtBearerSample/Todo.cs
similarity index 100%
rename from samples/JwtBearerSample/Todo.cs
rename to src/Security/samples/JwtBearerSample/Todo.cs
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/app.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/app.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/app.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/app.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/homeCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/indexCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/todoListSvc.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js b/src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Scripts/userDataCtrl.js
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/Home.html b/src/Security/samples/JwtBearerSample/wwwroot/App/Views/Home.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Views/Home.html
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Views/Home.html
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html b/src/Security/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Views/TodoList.html
diff --git a/samples/JwtBearerSample/wwwroot/App/Views/UserData.html b/src/Security/samples/JwtBearerSample/wwwroot/App/Views/UserData.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/App/Views/UserData.html
rename to src/Security/samples/JwtBearerSample/wwwroot/App/Views/UserData.html
diff --git a/samples/JwtBearerSample/wwwroot/index.html b/src/Security/samples/JwtBearerSample/wwwroot/index.html
similarity index 100%
rename from samples/JwtBearerSample/wwwroot/index.html
rename to src/Security/samples/JwtBearerSample/wwwroot/index.html
diff --git a/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs b/src/Security/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
rename to src/Security/samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs
diff --git a/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj b/src/Security/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
rename to src/Security/samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj
diff --git a/samples/OpenIdConnect.AzureAdSample/Program.cs b/src/Security/samples/OpenIdConnect.AzureAdSample/Program.cs
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Program.cs
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Program.cs
diff --git a/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json b/src/Security/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Properties/launchSettings.json
diff --git a/samples/OpenIdConnect.AzureAdSample/Readme.md b/src/Security/samples/OpenIdConnect.AzureAdSample/Readme.md
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Readme.md
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Readme.md
diff --git a/samples/OpenIdConnect.AzureAdSample/Startup.cs b/src/Security/samples/OpenIdConnect.AzureAdSample/Startup.cs
similarity index 100%
rename from samples/OpenIdConnect.AzureAdSample/Startup.cs
rename to src/Security/samples/OpenIdConnect.AzureAdSample/Startup.cs
diff --git a/samples/OpenIdConnectSample/OpenIdConnectSample.csproj b/src/Security/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
similarity index 100%
rename from samples/OpenIdConnectSample/OpenIdConnectSample.csproj
rename to src/Security/samples/OpenIdConnectSample/OpenIdConnectSample.csproj
diff --git a/samples/OpenIdConnectSample/Program.cs b/src/Security/samples/OpenIdConnectSample/Program.cs
similarity index 100%
rename from samples/OpenIdConnectSample/Program.cs
rename to src/Security/samples/OpenIdConnectSample/Program.cs
diff --git a/samples/OpenIdConnectSample/Properties/launchSettings.json b/src/Security/samples/OpenIdConnectSample/Properties/launchSettings.json
similarity index 100%
rename from samples/OpenIdConnectSample/Properties/launchSettings.json
rename to src/Security/samples/OpenIdConnectSample/Properties/launchSettings.json
diff --git a/samples/OpenIdConnectSample/Readme.md b/src/Security/samples/OpenIdConnectSample/Readme.md
similarity index 100%
rename from samples/OpenIdConnectSample/Readme.md
rename to src/Security/samples/OpenIdConnectSample/Readme.md
diff --git a/samples/OpenIdConnectSample/Startup.cs b/src/Security/samples/OpenIdConnectSample/Startup.cs
similarity index 100%
rename from samples/OpenIdConnectSample/Startup.cs
rename to src/Security/samples/OpenIdConnectSample/Startup.cs
diff --git a/samples/OpenIdConnectSample/compiler/resources/cert.pfx b/src/Security/samples/OpenIdConnectSample/compiler/resources/cert.pfx
similarity index 100%
rename from samples/OpenIdConnectSample/compiler/resources/cert.pfx
rename to src/Security/samples/OpenIdConnectSample/compiler/resources/cert.pfx
diff --git a/samples/SocialSample/Program.cs b/src/Security/samples/SocialSample/Program.cs
similarity index 100%
rename from samples/SocialSample/Program.cs
rename to src/Security/samples/SocialSample/Program.cs
diff --git a/samples/SocialSample/Properties/launchSettings.json b/src/Security/samples/SocialSample/Properties/launchSettings.json
similarity index 100%
rename from samples/SocialSample/Properties/launchSettings.json
rename to src/Security/samples/SocialSample/Properties/launchSettings.json
diff --git a/samples/SocialSample/SocialSample.csproj b/src/Security/samples/SocialSample/SocialSample.csproj
similarity index 100%
rename from samples/SocialSample/SocialSample.csproj
rename to src/Security/samples/SocialSample/SocialSample.csproj
diff --git a/samples/SocialSample/Startup.cs b/src/Security/samples/SocialSample/Startup.cs
similarity index 100%
rename from samples/SocialSample/Startup.cs
rename to src/Security/samples/SocialSample/Startup.cs
diff --git a/samples/SocialSample/compiler/resources/cert.pfx b/src/Security/samples/SocialSample/compiler/resources/cert.pfx
similarity index 100%
rename from samples/SocialSample/compiler/resources/cert.pfx
rename to src/Security/samples/SocialSample/compiler/resources/cert.pfx
diff --git a/samples/SocialSample/web.config b/src/Security/samples/SocialSample/web.config
similarity index 100%
rename from samples/SocialSample/web.config
rename to src/Security/samples/SocialSample/web.config
diff --git a/samples/WsFedSample/Program.cs b/src/Security/samples/WsFedSample/Program.cs
similarity index 100%
rename from samples/WsFedSample/Program.cs
rename to src/Security/samples/WsFedSample/Program.cs
diff --git a/samples/WsFedSample/Properties/launchSettings.json b/src/Security/samples/WsFedSample/Properties/launchSettings.json
similarity index 100%
rename from samples/WsFedSample/Properties/launchSettings.json
rename to src/Security/samples/WsFedSample/Properties/launchSettings.json
diff --git a/samples/WsFedSample/Startup.cs b/src/Security/samples/WsFedSample/Startup.cs
similarity index 100%
rename from samples/WsFedSample/Startup.cs
rename to src/Security/samples/WsFedSample/Startup.cs
diff --git a/samples/WsFedSample/WsFedSample.csproj b/src/Security/samples/WsFedSample/WsFedSample.csproj
similarity index 100%
rename from samples/WsFedSample/WsFedSample.csproj
rename to src/Security/samples/WsFedSample/WsFedSample.csproj
diff --git a/samples/WsFedSample/compiler/resources/cert.pfx b/src/Security/samples/WsFedSample/compiler/resources/cert.pfx
similarity index 100%
rename from samples/WsFedSample/compiler/resources/cert.pfx
rename to src/Security/samples/WsFedSample/compiler/resources/cert.pfx
diff --git a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/src/Security/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
similarity index 100%
rename from shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
rename to src/Security/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
diff --git a/src/Directory.Build.props b/src/Security/src/Directory.Build.props
similarity index 100%
rename from src/Directory.Build.props
rename to src/Security/src/Directory.Build.props
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Constants.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ICookieManager.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/ITicketStore.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Cookies/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Facebook/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleChallengeProperties.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Google/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.JwtBearer/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollection.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/ClaimActionCollectionMapExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/CustomJsonClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/DeleteClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonKeyClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/JsonSubKeyClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Claims/MapAllClaimsAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthCreatingTicketContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Events/OAuthEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Microsoft.AspNetCore.Authentication.OAuth.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthChallengeProperties.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthTokenResponse.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OAuth/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/ClaimActionCollectionUniqueExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Claims/UniqueJsonKeyClaimAction.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectChallengeProperties.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectRedirectBehavior.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterCreatingTicketContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/AccessToken.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestToken.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Messages/RequestTokenSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.Twitter/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/AuthenticationFailedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/MessageReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RedirectContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/RemoteSignoutContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/SecurityTokenValidatedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Events/WsFederationEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Microsoft.AspNetCore.Authentication.WsFederation.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationDefaults.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/WsFederationPostConfigureOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication.WsFederation/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/HandleRequestContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/PrincipalContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/PropertiesContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RedirectContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/RemoteFailureContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/ResultContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/HandleRequestResult.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/ISystemClock.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Internal/RequestPathBaseCookieBuilder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Security/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authentication/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authentication/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs b/src/Security/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/SystemClock.cs
rename to src/Security/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authentication/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/IPolicyEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/Microsoft.AspNetCore.Authorization.Policy.csproj
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyAuthorizationResult.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/PolicyServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authorization.Policy/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AllowAnonymousAttribute.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationFailure.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationHandlerContext.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationOptions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicy.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationPolicyBuilder.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationResult.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizationServiceExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/AuthorizeAttribute.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerContextFactory.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationHandlerProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationPolicyProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAllowAnonymous.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerContextFactory.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationHandlerProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationPolicyProvider.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizationService.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/IAuthorizeData.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/AssertionRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/ClaimsAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/DenyAnonymousAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/NameAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/OperationAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/PassThroughAuthorizationHandler.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Infrastructure/RolesAuthorizationRequirement.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj b/src/Security/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Microsoft.AspNetCore.Authorization.csproj
diff --git a/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs b/src/Security/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Properties/Resources.Designer.cs
diff --git a/src/Microsoft.AspNetCore.Authorization/Resources.resx b/src/Security/src/Microsoft.AspNetCore.Authorization/Resources.resx
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/Resources.resx
rename to src/Security/src/Microsoft.AspNetCore.Authorization/Resources.resx
diff --git a/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.Authorization/baseline.netcore.json
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/AppendCookieContext.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/DeleteCookieContext.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/HttpOnlyPolicy.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/LoggingExtensions.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/Microsoft.AspNetCore.CookiePolicy.csproj
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/ResponseCookiesWrapper.cs
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json b/src/Security/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
similarity index 100%
rename from src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
rename to src/Security/src/Microsoft.AspNetCore.CookiePolicy/baseline.netcore.json
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs b/src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketDataFormat.cs
diff --git a/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs b/src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/AspNetTicketSerializer.cs
diff --git a/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs b/src/Security/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/ChunkingCookieManager.cs
diff --git a/src/Microsoft.Owin.Security.Interop/Constants.cs b/src/Security/src/Microsoft.Owin.Security.Interop/Constants.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/Constants.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/Constants.cs
diff --git a/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs b/src/Security/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/DataProtectorShim.cs
diff --git a/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj b/src/Security/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
rename to src/Security/src/Microsoft.Owin.Security.Interop/Microsoft.Owin.Security.Interop.csproj
diff --git a/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs b/src/Security/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
rename to src/Security/src/Microsoft.Owin.Security.Interop/Properties/AssemblyInfo.cs
diff --git a/src/Microsoft.Owin.Security.Interop/baseline.netframework.json b/src/Security/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
similarity index 100%
rename from src/Microsoft.Owin.Security.Interop/baseline.netframework.json
rename to src/Security/src/Microsoft.Owin.Security.Interop/baseline.netframework.json
diff --git a/test/Directory.Build.props b/src/Security/test/Directory.Build.props
similarity index 100%
rename from test/Directory.Build.props
rename to src/Security/test/Directory.Build.props
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/ClaimActionTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthChallengePropertiesTest.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OAuthTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/MockOpenIdConnectMessage.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectConfigurationTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectEventTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerBuilder.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestServerExtensions.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestSettings.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/TestTransaction.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownconfig.json
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/wellknownkeys.json
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/SecureDataFormatTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestClock.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestExtensions.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHandlers.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TestHttpMessageHandler.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TicketSerializerTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TokenExtensionTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/Transaction.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/TwitterTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/CustomStateDataFormat.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/InvalidToken.xml
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityToken.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/TestSecurityTokenValidator.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/ValidToken.xml
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/WsFederationTest.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/WsFederation/federationmetadata.xml
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/katanatest.redmond.corp.microsoft.com.cer
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer b/src/Security/test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
rename to src/Security/test/Microsoft.AspNetCore.Authentication.Test/selfSigned.cer
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/AuthorizationPolicyFacts.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/Microsoft.AspNetCore.Authorization.Test.csproj
diff --git a/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs b/src/Security/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
rename to src/Security/test/Microsoft.AspNetCore.Authorization.Test/PolicyEvaluatorTests.cs
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs b/src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
rename to src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj b/src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test.csproj
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookieConsentTests.cs
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Microsoft.AspNetCore.CookiePolicy.Test.csproj
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/TestExtensions.cs
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs b/src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
rename to src/Security/test/Microsoft.AspNetCore.CookiePolicy.Test/Transaction.cs
diff --git a/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs b/src/Security/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
similarity index 100%
rename from test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
rename to src/Security/test/Microsoft.Owin.Security.Interop.Test/CookieInteropTests.cs
diff --git a/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj b/src/Security/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
similarity index 100%
rename from test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
rename to src/Security/test/Microsoft.Owin.Security.Interop.Test/Microsoft.Owin.Security.Interop.Test.csproj
diff --git a/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs b/src/Security/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
similarity index 100%
rename from test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
rename to src/Security/test/Microsoft.Owin.Security.Interop.Test/TicketInteropTests.cs
diff --git a/version.props b/src/Security/version.props
similarity index 100%
rename from version.props
rename to src/Security/version.props